Friday, 14 December

01:00

00:42

A Christmastime Blast From Waaaaaay Back In The Past [Whatever]

An airband competition from my high school back in 1986, in which roughly half the school is up there lip-syncing to “Do They Know It’s Christmas?” If you’re wondering which one I am, look for the kid air-drumming. That’s me!

Thursday, 13 December

22:49

Friday Squid Blogging: More Problems with the Squid Emoji [Schneier on Security]

Piling on from last week's post, the squid emoji's siphon is in the wrong place.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

22:42

22:07

Terrible Rectangles [Scenes From A Multiverse]

Hey! You there! Do you need to buy gifts for a person? Why not buy some of these things I sell and then you can use those things as the gifts! I think that’s a pretty good idea.

21:21

Spammed Bomb Threat Hoax Demands Bitcoin [Krebs on Security]

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day.

Sources at multiple U.S. based financial institutions reported receiving the threats, which included the subject line, “I advise you not to call the police.”

The email reads:

My man carried a bomb (Hexogen) into the building where your company is located. It is constructed under my direction. It can be hidden anywhere because of its small size, it is not able to damage the supporting building structure, but in the case of its detonation you will get many victims.

My mercenary keeps the building under the control. If he notices any unusual behavior or emergency he will blow up the bomb.

I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat -I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.

Here is my Bitcoin address : 1GHKDgQX7hqTM7mMmiiUvgihGMHtvNJqTv

You have to solve problems with the transfer by the end of the workday. If you are late with the money explosive will explode.

This is just a business, if you don’t send me the money and the explosive device detonates, other commercial enterprises will transfer me more money, because this isnt a one-time action.

I wont visit this email. I check my Bitcoin wallet every 35 min and after seeing the money I will order my recruited person to get away.

If the explosive device explodes and the authorities notice this letter:
We are not terrorists and dont assume any responsibility for explosions in other buildings.

The bitcoin address included in the email was different in each message forwarded to KrebsOnSecurity. In that respect, this scam is reminiscent of the various email sextortion campaigns that went viral earlier this year, which led with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid.

I could see this spam campaign being extremely disruptive in the short run. There is little doubt that some businesses receiving this extortion email will treat it as a credible threat. This is exactly what happened today at one of the banks that forwarded me their copy of this email. Also, KrebsOnSecurity has received reports that numerous school districts across the country have closed schools early today in response to this hoax email threat.

“There are several serious legal problems with this — people will be calling the police, and they cannot ignore even a known hoax,” said Jason McNew, CEO and founder of Stronghold Cyber Security, a consultancy based in Gettysburg, Pa.

This is a developing story, and may be updated throughout the day.

Update: 4:46 p.m. ET: Added bit about school closings.

20:21

LEGO The Hobbit for FREE, right now!It’s an unexpected... [Humble Bundle Blog]



LEGO The Hobbit for FREE, right now!

It’s an unexpected party! Get LEGO The Hobbit for FREE right now in the Humble Store, while supplies last! 

Plus, save up to 75% in our WB Games Sale. Pick up Hitman 2, Middle-earth: Shadow of War, Batman: Arkham Knight and more!

Nintendo Targets Sellers of Pirated Switch Games in Court [TorrentFreak]

At the start of the year the infamous hacking group Team Xecutor announced an ‘unstoppable’ Nintendo Switch hack.

This made it possible to load pirated games onto the popular console, an opportunity many people have taken advantage of.

Some have taken it a step further by offering Nintendo Switch “modifications” for sale, specifically mentioning the Team Xecuter hack. This is what California resident Mikel Euskaldunak did, according to Nintendo.

In a complaint filed at a federal court this week, Nintendo of America accuses the man and several unnamed accomplices of various counts of copyright and trademark infringement.

The defendants allegedly offered modification devices and physical chips for the Nintendo Switch which bypass Nintendo’s anti-piracy protections.

“This modification is installed in a user’s Nintendo Switch in the form of a circumvention tool along with unauthorized custom firmware. This exploit allows the playing of pirated Nintendo Console Games,” the company writes.

Euskaldunak sold the mods in public through a profile at OfferUp.com. According to the advert, the Team Xecuter mod would allow buyers to play any Switch games they want.

“Just load and play!” In connection with the purchase of “Nintendo Switch Mod Play Switch Games Team Xecuter”, Defendants will “give [the buyer] a free game of [his or her] choice,” it reads.

In addition, the defendant also offered a 64GB SD card containing pirated games which could be loaded through Team Xecuter’s dongle.

“These SD cards will come with any 4-6 (depending on the game size) released Nintendo Switch games of your choice. That is less than the price of a single Switch game.”

The defendant’s OfferUp offer

Nintendo believes that the defendants modified more than 100 Switch game systems. In addition, they are suspected of having access to a large library of Switch games, including dozens of titles that haven’t been released in the US yet.

Interestingly, the sellers are aware that pirating games does not come without challenges. They explicitly warn that games downloaded from the Internet might be tracked and banned by Nintendo.

“Defendants inform customers that Nintendo Console Games can be downloaded from the Internet, but that downloading from the Internet is not recommended because NOA can track the downloaded game and ban the user automatically when going online to play the game,” the complaint reads.

In addition to Nintendo Switch mods and games, the defendants are also accused of selling a modified version of Nintendo’s NES Classic Edition with over 800 games.

In its complaint, Nintendo of America asks the California federal court for an injunction to stop the infringing activity and destroy all pirates games and modded consoles.

On top, the game giant requests damages to compensate the company’s claimed losses.

A copy of Nintendo of America’s complaint, obtained by TorrentFreak, is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Molly de Blanc: The OSD and user freedom [Planet Debian]

Some background reading

The relationship between open source and free software is fraught with people arguing about meanings and value. In spite of all the things we’ve built up around open source and free software, they reduce down to both being about software freedom.

Open source is about software freedom. It has been the case since “open source” was created.

In 1986 the Four Freedoms of Free Software (4Fs) were written. In 1998 Netscape set its source code free. Later that year a group of people got together and Christine Peterson suggested that, to avoid ambiguity, there was a “need for a better name” than free software. She suggested open source after open source intelligence. The name stuck and 20 years later we argue about whether software freedom matters to open source, because too many global users of the term have forgotten (or never knew) that some people just wanted another way to say software that ensures the 4Fs.

Once there was a term, the term needed a formal definition: how to we describe what open source is? That’s where the Open Source Definition (OSD) comes in.

The OSD is a set of ten points that describe what an open source license looks like. The OSD came from the Debian Free Software Guidelines. The DFSG themselves were created to “determine if a work is free” and ought to be considered a way of describing the 4Fs.

Back to the present

I believe that the OSD is about user freedom. This is an abstraction from “open source is about free software.” As I eluded to earlier, this is an intuition I have, a thing I believe, and an argument I’m have a very hard time trying to make.

I think of free software as software that exhibits or embodies software freedom — it’s software created using licenses that ensure the things attached to them protect the 4Fs. This is all a tool, a useful tool, for protecting user freedom.

The line that connects the OSD and user freedom is not a short one: the OSD defines open source -> open source is about software freedom -> software freedom is a tool to protect user freedom. I think this is, however, a very valuable reduction we can make. The OSD is another tool in our tool box when we’re trying to protect the freedom of users of computers and computing technology.

Why does this matter (now)?

I would argue that this has always mattered, and we’ve done a bad job of talking about it. I want to talk about this now because its become increasingly clear that people simply never understood (or even heard of) the connection between user freedom and open source.

I’ve been meaning to write about this for a while, and I think it’s important context for everything else I say and write about in relation to the philosophy behind free and open source software (FOSS).

FOSS is a tool. It’s not a tool about developmental models or corporate enablement — though some people and projects have benefited from the kinds of development made possible through sharing source code, and some companies have created very financially successful models based on it as well. In both historical and contemporary contexts, software freedom is at the heart of open source. It’s not about corporate benefit, it’s not about money, and it’s not even really about development. Methods of development are tools being used to protect software freedom, which in turn is a tool to protect user freedom. User freedom, and what we get from that, is what’s valuable.

Side note

At some future point, I’ll address why user freedom matters, but in the mean time, here are some talks I gave (with Karen Sandler) on the topic.

19:35

18:21

Paper Girls 5: fate and free will (and dinosaurs and monsters) [Cory Doctorow – Boing Boing]

For two years now, Brian K Vaughan and Cliff Chiang have been knocking my socks off with their Paper Girls graphic novel, a mysterious, all-girl, Stranger-Things-esque romp through 1980s pop culture, time travel, conspiracies, clones, paradoxes, and you know, all that amazing coming-of-age/friendship-is-magic jazz. Now, the pair have released the fifth collection, and it's a doozy.

Every volume of Paper Girls has been marked by outstanding dialog, incredible, likeable characters, and art worthy of the magnificent Fiona Staples, whose work on Saga has revived a kind of Jack Kirby/Canteen on Mos Eisley comic surrealism that Chiang is definitely dabbling in here.

In this fifth volume, we follow the paper girls into a distant-future, shiny dystopian Cleveland, where police-state surveillance rubs shoulders with flying cars and a cure for cancer. The girls are grappling with the prophecies and other shenanigans that have given them glimpses of their own futures and the futures of other versions of themselves, and this classic time-travel dilemma of free will versus predetermination makes for a great driver for a tour of Chiang's fantastic art and Vaughan's outstanding writing.

Along with Saga, Paper Girls marks out Image as the comics publisher of the moment, an undeniable example of the power of allowing creators to own their comics and take them in places where increasingly cautious comics publishers (embedded in massive media empires) dare not go.

Paper Girls 5 [Brian K Vaughan and Cliff Chiang/Image]

Previous reviews:

* Volumes 1/2

* Volume 3

* Volume 4

The strange and complex world of flame-effect LED bulbs [Cory Doctorow – Boing Boing]

To my delight and awe, I have discovered a whole, new-to-me universe of "realistic flame" effect LED lightbulbs, which produce the illusion that you have a goblet of raging flame sticking out of your lightsocket: the bulbs come in a wide variety of shapes and sizes (and can also be had in fanciful colors, for about $6-8/bulb (via Red Ferret)

18:00

17:42

Today in GPF History for Thursday, December 13, 2018 [General Protection Fault: The Comic Strip]

"Nega-Nick's" alien cohort warns him not to underestimate Trudy...

17:35

[$] Linux in mixed-criticality systems [LWN.net]

The Linux kernel is generally seen as a poor fit for safety-critical systems; it was never designed to provide realtime response guarantees or to be certifiable for such uses. But the systems that can be used in such settings lack the features needed to support complex applications. This problem is often solved by deploying a mix of computers running different operating systems. But what if you want to support a mixture of tasks, some safety-critical and some not, on the same system? At a talk given at LinuxLab 2018, Claudio Scordino described an effort to support this type of mixed-criticality system.

Ships are just giant floating computers, filled with ransomware, BadUSB, and worms [Cory Doctorow – Boing Boing]

A coalition of shipping industry associations has published The Guidelines on Cyber Security Onboard Ships, laying out best practices for the giant ships that ply the seas, and revealing that these behemoths are routinely infected with worms, ransomware, and malware spread by infected USB devices.

The document recounts incidents in which infected ships were stranded because malware caused their computerized navigation to fail, and there were no paper charts to fall back on; incidents where fleet owners paid off ransomware demands to keep ships at sea safe, and where the entire digital infrastructure of a ship at sea failed due to malware that spread thanks to weak passwords.

The report includes details of two incidents where USB thumb drives have led to a cyber-security incident, delays, and financial damage.

1) A dry bulk ship in port had just completed bunkering operations. The bunker surveyor boarded the ship and requested permission to access a computer in the engine control room to print documents for signature. The surveyor inserted a USB drive into the computer and unwittingly introduced malware onto the ship's administrative network. The malware went undetected until a cyber assessment was conducted on the ship later, and after the crew had reported a "computer issue" affecting the business networks. This emphasises the need for procedures to prevent or restrict the use of USB devices onboard, including those belonging to visitors.

2) A ship was equipped with a power management system that could be connected to the internet for software updates and patching, remote diagnostics, data collection, and remote operation. The ship was built recently, but this system was not connected to the internet by design. The company's IT department made the decision to visit the ship and performed vulnerability scans to determine if the system had evidence of infection and to determine if it was safe to connect. The team discovered a dormant worm that could have activated itself once the system was connected to the internet and this would have had severe consequences. The incident emphasizes that even air gapped systems can be compromised and underlines the value of proactive cyber risk management. The shipowner advised the producer about the discovery and requested procedures on how to erase the worm. The shipowner stated that before the discovery, a service technician had been aboard the ship. It was believed that the infection could potentially have been caused by the technician. The worm spread via USB devices into a running process, which executes a program into the memory. This program was designed to communicate with its command and control server to receive its next set of instructions. It could even create files and folders. The company asked cyber security professionals to conduct forensic analysis and remediation. It was determined that all servers associated with the equipment were infected and that the virus had been in the system undiscovered for 875 days. Scanning tools removed the virus. An analysis proved that the service provider was indeed the source and that the worm had introduced the malware into the ship's system via a USB flash drive during a software installation. Analysis also proved that this worm operated in the system memory and actively called out to the internet from the server. Since the worm was loaded into memory, it could affect the performance of the server and systems connected to the internet.

The Guidelines on Cyber Security Onboard Ships [International Chamber of Shipping et al]

Ships infected with ransomware, USB malware, worms [Catalin Cimpanu/Zdnet]

16:49

A set of stable kernels [LWN.net]

Greg Kroah-Hartman has released stable kernels 4.19.9, 4.14.88, 4.9.145, 4.4.167, and 3.18.129. They all contain important fixes and users should upgrade.

Security updates for Thursday [LWN.net]

Security updates have been issued by Debian (firefox-esr), Fedora (singularity), openSUSE (compat-openssl098, cups, firefox, mozilla-nss, and xen), and SUSE (cups, exiv2, ghostscript, and git).

Ajit Pai killed Net Neutrality and Trump gave away a huge tax break; Verizon got billions and killed 10,000 jobs [Cory Doctorow – Boing Boing]

When Trump's FCC Chairman Ajit Pai killed Net Neutrality (by illegally ignoring legitimate comments in support of it in favor of millions of anti-Net Neutrality comments sent by identity-stealing bots), he promised that it would spur growth in the telcoms sector -- and of course, he should know, because he used to be a Verizon exec. Verizon agreed: they objected to Obama-era Neutrality orders by saying the measures would "severely curtail job growth."

Then Trump handed out trillions in tax-breaks for the super rich and giant corporations, insisting that this would spur job growth and investment.

Alas, reality has a well-known left-wing bias.

Verizon has responded to this government largesse by killing 10,000 jobs, 7% of its workforce, to "optimize growth opportunities" and "better serve customers with more agility, speed and flexibility."

The cuts are allegedly "voluntary," but employees report that their managers are finding pretenses to write them up and then forcing them to accept the "voluntary" severance.

Verizon's take home from Trump is large: the company saved $4 billion in 2018 alone, and will reap a further $17 billion off its deferred taxes.

When contacted, Verizon denied there was any disconnect between the company’s promises and its actual delivery.

“Through the first 3 quarters of 2018, the company has reduced debt by $4.2 billion, and made discretionary contributions of $1.7 billion to employee benefit programs,” Verizon told Motherboard. “We've also returned $7.3 billion to shareowners in dividends, and continued to invest heavily in our networks.”

But former FCC lawyer Gig Sohn says the cycle of giving telecom giants tens of billions in subsidies, tax breaks and regulatory favors—then getting notably less or nothing at all in return—is a game we’ve been playing in the United States for the better part of a generation.

Verizon Trims 10,000 Employees Despite Billions in Tax Cuts and Government Favors [Karl Bode/Motherboard]

(Image: Michael Rivera, CC-BY-SA)

16:14

Link [Scripting News]

iOS 12 problem. On a phone call, after a few minutes the volume drops until I can't hear the other party. When I call back the volume goes back to normal. Happens with several numbers, so it's on my end not theirs. New iPhone XS. Any help appreciated.

15:56

What I published in 2018 [Charlie's Diary]

It's that time of year again, when some authors remind everyone that they're eligible for various awards for fiction published in 2018.

My total publications for 2018 consisted of: two novels and one novelette.

You probably haven't read the novelette because it's published in an anthology— Knaves over Queens, the first British-set collection in the Wild Cards series, a sequence of shared-universe stories edited by George R. R. Martin and Melinda Snodgrass. My story, "Police on my Back", is published in Knaves over Queens, which is currently only available in the UK (first US publication isn't until next year). (Amazon.co.uk link.)

As for the novels, these are Dark State (Tor, UK and USA: January 2018), the second Empire Games book (or eighth Merchant Princes novel, depending on how you count them), and "The Labyrinth Index" (US Amazon link, UK Amazon link), published by Tor.com Publishing (in the USA) and Orbit (in the UK). And that's the ninth book in the Laundry Files, or maybe the tenth (if you count "Equoid" as a really short novel rather than a novella) or eleventh (if you also factor in the really short short story collection Tor.com published as an ebook).


As for awards eligibility ...

I would like to note that in addition to the aforementioned stories, I'm eligible for the Hugo award for Best Series, both the Merchant Princes and the Laundry Files.

Now, I am not here to tout for your nominations.

However, if you are planning to nominate me for a best series Hugo award, please bear in mind the following...

  • If you nominate more than one item in a category, the value of your nomination is reduced. (See the World Science Fiction Society Constitution, section 3.9.1, wherein the process for counting nominations is described.)

  • "Invisible Sun" (Merchant Princes #9/Empire Games #3) will be published in fall 2019. But there will almost certainly be no Laundry Files book in 2019.

  • It follows that both series are eligible for the 2019 Hugo award for best series, but the Merchant Princes will also be eligible in 2020, and the Laundry files will not be eligible in 2020. (See WSFS constitution 3.3.5.)

So: if you want to nominate both these series for a Hugo award for best series, rather than voting for them both in 2019, please consider nominating the Laundry Files in 2019 (i.e. for the Dublin worldcon), and the Merchant Princes in 2020.


Postscript: if you're a writer and you've published something in 2018 that is eligible for the Hugo, Nebula, BSFA, Clarke, or other awards in the SF/F field, and you want to get the word out, you're very welcome to post a comment here (preferably including links to the work in question).

Thanks!

15:42

How can I programmatically wait until the taskbar has finished booting completely before I create my notification icon? [The Old New Thing]

A customer found that sometimes their program starts up too soon, and when it tried to create its taskbar notification icon, the call to Shell_Notify­Icon fails. The customer wanted to know whether there was a signal they could listen for to tell them that the taskbar has finished booting completely and is ready to accept notification icons. They noticed that the system puts up an hourglass cursor, and they wondered if perhaps there was a way to monitor the system cursor and wait for it to change to something other than an hourglass.

You can listen for the Taskbar­Created message, which the taskbar sends when the taskbar has been created. Upon receipt of that message, you can try to create your icon again.

The customer asked, "Okay, that's great. But sometimes our program runs after the taskbar has been created. How can I tell whether the taskbar has been created, so I know that I shouldn't sit around and wait for the Taskbar­Created message?"

If the taskbar has already been created, then your call to Shell_Notify­Icon will succeed (assuming you didn't mess up and pass invalid parameters), at which point you don't need to wait for the Taskbar­Created message because you already created your notification icon.

Monitoring the system cursor is the wrong approach because the system cursor can be an hourglass for other reasons, and it can be an arrow even though the taskbar isn't ready.

15:21

Company behind the Grenfell Tower fire says it could have been put out with a simple fire extinguisher [Cory Doctorow – Boing Boing]

It's been a year and a half since London's Grenfell Tower burned and at least 72 people died.

The fire's deadliness was attributed to a combination to a combination of bad advice once the fire broke out and renovations to the building to sheathe it in Reynobond aluminum composite cladding from Arconic, a measure that was taken to make the building more attractive to people in nearby luxury towers.

Now, Arconic's lawyer has told a Parliamentary committee that the panels were not to blame: he says the fire was so deadly because the building had been renovated with PVC windows, synthetic insulation, and different decorative panels used elsewhere in the building.

He claimed that "a simple fire extinguisher in his hands would have made a big difference to the outcome."

Hockman said: “The external spread of flame was substantially exacerbated by combining ACM PE with combustible PIR [polyisocyanurate] insulation without any horizontal or vertical bands of non-combustible material to limit spread.

“The PIR insulation ensured the fire would spread to new portions of the building.”

He said this “meant that not only did the fire exit from the flat much more quickly than anyone would have expected, but it contributed to an increase in temp within the cladding system cavity.” If the insulation foam had been non-combustible, the London fire brigade might have been able to put it out, he said.

Arconic also argued that if internal features had been different, including fire doors, lack of sprinklers, the ventilation system, “then the fire would have penetrated the building much less rapidly and thus all or at least much of the tragic loss of life would have been spared”.

Hockman said: “The tragedy at Grenfell Tower shows the awful consequences which can arise when combustible materials are used in a particular combination. However, that does not show that the use of ACM panels in itself would have given rise to a risk to health and safety.”

Grenfell cladding firm: 'fire could have been put out with simple extinguisher' [Robert Booth/Guardian]

15:07

Peak Brexit [Charlie's Diary]

Just popping in to note that, in the wake of the failed ERG leadership challenge against Theresa May, Brexit hysteria has escalated so far that mainstream political pundits in major newspapers are invoking Cthulhu in print. Words fail me. I really, truly, cannot cope with this shit: the Laundry Files are satire, dammit, not a political documentary!

(Normal blogging might resume whenever I manage to stop gibbering in a closet.)

You can use the comments here as a continuation of the last-but-one thread, now that one has burned past a thousand and is kinda slow to load.

14:56

Joachim Breitner: Thoughts on bootstrapping GHC [Planet Debian]

I am returning from the reproducible builds summit 2018 in Paris. The latest hottest thing within the reproducible-builds project seems to be bootstrapping: How can we build a whole operating system from just and only source code, using very little, or even no, binary seeds or auto-generated files. This is actually concern that is somewhat orthogonal to reproducibility: Bootstrappable builds help me in trusting programs that I built, while reproducible builds help me in trusting programs that others built.

And while they make good progress bootstrapping a full system from just a C compiler written in Scheme, and a Scheme interpreter written in C, that can build each other (Janneke’s mes project), and there are plans to build that on top of stage0, which starts with a 280 bytes of binary, the situation looks pretty bad when it comes to Haskell.

Unreachable GHC

The problem is that contemporary Haskell has only one viable implementation, GHC. And GHC, written in contemporary Haskell, needs GHC to be build. So essentially everybody out there either just downloads a binary distribution of GHC. Or they build GHC from source, using a possibly older (but not much older) version of GHC that they already have. Even distributions like Debian do nothing different: When they build the GHC package, the builders use, well, the GHC package.

There are other Haskell implementations out there. But if they are mature and active developed, then they are implemented in Haskell themselves, often even using advanced features that only GHC provides. And even those are insufficient to build GHC itself, let alone the some old and abandoned Haskell implementations.

In all these cases, at some point an untrusted binary is used. This is very unsatisfying. What can we do? I don’t have the answers, but please allow me to outline some venues of attack.

Retracing history

Obviously, even GHC does not exist since the beginning of time, and the first versions surely were built using something else than GHC. The oldest version of GHC for which we can find a release on the GHC web page is version 0.29 from July 1996. But the installation instructions write:

GHC 0.26 doesn't build with HBC. (It could, but we haven't put in the effort to maintain it.)

GHC 0.26 is best built with itself, GHC 0.26. We heartily recommend it. GHC 0.26 can certainly be built with GHC 0.23 or 0.24, and with some earlier versions, with some effort.

GHC has never been built with compilers other than GHC and HBC.

HBC is a Haskell compiler where we find the sources of one random version only thanks to archive.org. It is written in C, so that should be the solution: Compile HBC, use it to compile GHC-0.29, and then step for step build every (major) version of GHC until today.

The problem is that it is non-trivial to build software from the 90s using today's compilers. I briefly looked at the HBC code base, and had to change some files from using varargs.h to stdargs.v, and this is surely just one of many similar stumbling blocks trying to build that tools. Oh, and even the hbc source state

# To get everything done: make universe
# It is impossible to make from scratch.
# You must have a running lmlc, to
# recompile it (of course).

At this point I ran out of time.

Going back, but doing it differently

Another approach is to go back in time, to some old version of GHC, but maybe not all the way to the beginning, and then try to use another, officially unsupported, Haskell compiler to build GHC. This is what rekado tried to do in 2017: He use the most contemporary implementation of Haskell in C, the Hugs interpreter. Using this, he compiled nhc98 (yet another abandoned Haskell implementation), with the hope of building GHC with nhc98. He made impressive progress back then, but ran into a problem where the runtime crashed. Maybe someone is interested in picking up up from there?

Removing, simplifying, extending, in the present.

Both approaches so far focus on building an old version of GHC. This adds complexity: other tools (the shell, make, yacc etc.) may behave different now in a way that causes hard to debug problems. So maybe it is more fun and more rewarding to focus on today’s GHC? (At this point I am starting to hypothesize).

I said before that no other existing Haskell implementation can compile today’s GHC code base, because of features like mutually recursive modules, the foreign function interface etc. And also other existing Haskell implementations often come with a different, smaller set of standard libraries, but GHC assumes base, so we would have to build that as well...

But we don’t need to build it all. Surely there is much code in base that is not used by GHC. Also, much code in GHC that we do not need to build GHC, and . So by removing that, we reduce the amount of Haskell code that we need to feed to the other implementation.

The remaining code might use some features that are not supported by our bootstrapping implementation. Mutually recursive module could be manually merged. GADTs that are only used for additional type safety could be replaced by normal ones, which might make some pattern matches incomplete. Syntactic sugar can be desugared. By simplifying the code base in that way, one might be able a fork of GHC that is within reach of the likes of Hugs or nhc98.

And if there are features that are hard to remove, maybe we can extend the bootstrapping compiler or interpreter to support them? For example, it was mostly trivial to extend Hugs with support for the # symbol in names -- and we can be pragmatic and just allow it always, since we don’t need a standards conforming implementation, but merely one that works on the GHC code base. But how much would we have to implement? Probably this will be more fun in Haskell than in C, so maybe extending nhc98 would be more viable?

Help from beyond Haskell?

Or maybe it is time to create a new Haskell compiler from scratch, written in something other than Haskell? Maybe some other language that is reasonably pleasant to write a compiler in (Ocaml? Scala?), but that has the bootstrappability story already sorted out somehow.

But in the end, all variants come down to the same problem: Writing a Haskell compiler for full, contemporary Haskell as used by GHC is hard and really a lot of work -- if it were not, there would at least be implementations in Haskell out there. And as long as nobody comes along and does that work, I fear that we will continue to be unable to build our nice Haskell ecosystem from scratch. Which I find somewhat dissatisfying.

13:56

Link [Scripting News]

Baratunde says that a movement is a “group of people working together to advance their shared political, social, or artistic ideas.” That's a good definition. When I think of a movement I think of the civil rights movement of the 1960s, or the anti-war movement that protested the Vietnam war. I do not think The Correspondent which is a for-profit business deserves to use that term. I certainly do not like them saying that I am a member of such a "movement." As I said in my writeup, "the only movement I would be part of is one that doesn't distinguish between reporters and members, that has a level playing field. I think that's the only way journalism can scale to meet our needs and avoid the kinds of disasters journalism has led us to."

13:07

Link [Scripting News]

Yesterday I asked the braintrust of this blog to help me understand Kubernetes. Turns out I did not understand it. You all are the smartest most generous people I know. Thanks! 💥

Marriott Hack Reported as Chinese State-Sponsored [Schneier on Security]

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true.

Reuters:

Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to discuss the company's private probe into the attack.

That suggests that Chinese hackers may have been behind a campaign designed to collect information for use in Beijing's espionage efforts and not for financial gain, two of the sources said.

While China has emerged as the lead suspect in the case, the sources cautioned it was possible somebody else was behind the hack because other parties had access to the same hacking tools, some of which have previously been posted online.

Identifying the culprit is further complicated by the fact that investigators suspect multiple hacking groups may have simultaneously been inside Starwood's computer networks since 2014, said one of the sources.

I used to have opinions about whether these attributions are true or not. These days, I tend to wait and see.

12:35

Junichi Uekawa: Already December. [Planet Debian]

Already December. Nice. I tried using tramp for a while but I am back to mosh. tramp is not usable when ssh connection is not reliable.

12:28

Feeds | Some software should be sustained, and some shouldn’t. But how can we choose, what is the cost of sustaining it, and what is the cost of letting it pass away? [Planet GridPP]

Some software should be sustained, and some shouldn’t. But how can we choose, what is the cost of sustaining it, and what is the cost of letting it pass away? s.aragon 13 December 2018 - 10:00am

By Andrew Edmondson​​​​​​​, Mike Zentner, and Cristian A. Marocico. We’re writing this blog from the perspective of people who are responsible for helping researchers in our institutions develop their own software for their own research purposes. We want to help our communities to make the right decisions about the sustainability of their software – and therefore about their time and money.

12:21

Four short links: 13 December 2018 [All - O'Reilly Media]

CS Ethics, Insect IoT, Glitch Showcase, and SQL Repos

  1. Embedded Ethics -- Harvard project that integrates ethics modules into courses across the standard computer science curriculum. Those modules are straightforward, online, and open access.
  2. Living IOT: A Flying Wireless Platform on Live Insects -- We develop and deploy our platform on bumblebees which includes backscatter communication, low-power self-localization hardware, sensors, and a power source. We show that our platform is capable of sensing, backscattering data at 1 kbps when the insects are back at the hive, and localizing itself up to distances of 80 m from the access points, all within a total weight budget of 102 mg. (via BoingBoing)
  3. Looky What We Made -- showcase of Glitch apps.
  4. Git Your SQL Together -- why I recommend tracking SQL queries in git: 1. You will *always* need that query again. 2. Queries are living artifacts that change over time. 3. If it’s useful to you, it’s useful to others (and vice versa)

Continue reading Four short links: 13 December 2018.

12:07

Politics Rules! Common Sense Drools! [The Daily WTF]

As programmers, we all need to fix bugs. As experienced programmers, we recognize that sometimes, the ability to fix one bug depends upon first fixing another bug. Managers, on the other hand,...

11:21

Respect difficult problems [Seth's Blog]

They’re difficult because they resist simple solutions. Glib answers and over-simplication have been tried before, and failed.

People have tried all of the obvious solutions. They haven’t worked. That’s why we’ve resorted to calling them difficult problems.

Difficult problems require emotional labor, approaches that feel risky and methods that might not work. They reward patience, nuance and guts, and they will fight off brute force all day long.

11:00

DoJ Indicts Five Men For Pre-Release Movie & TV Show Piracy [TorrentFreak]

Public sharing of movies and TV shows before their commercial release is considered to be one of the most damaging types of piracy.

With no official copies on the market, entertainment companies are unable to compete in what would ordinarily be the most profitable window of opportunity for sales. That’s why, year after year, individuals who leak content early become targets for law enforcement.

Yesterday the Department of Justice revealed that a federal grand jury has indicted five men in four countries on charges that they distributed or offered for sale hundreds of movies and TV shows in advance of their official release. It appears to be one of the most important prosecutions in recent memory.

Malik Luqman Farooq, 30, of the UK, is alleged to have sold access to more than a dozen “stolen pre-release or contemporaneous-release films” over a period of two years. He is alleged to have used online aliases including dark999, codex, and Lucky.

Aditya Raj, an assumed resident of India, allegedly released pirated movies online and was involved in ‘camming’ in India.

Sam Nhance, believed to live in Dubai, United Arab Emirates, allegedly maintained a server on which other members of the group “stored and manipulated” videos for distribution. He used online aliases including SamNhaNc3

Ghobhirajah Selvarajah, who is claimed to live in Malaysia, owned a PayPal account which was used to accept payments from people accessing the movies and to pay server bills. He used aliases including Hunter and Hunter X.

Jitesh Jadhav, another presumed resident of India, was allegedly involved in camcording films in India, including The Amazing Spider-Man 2, X-Men: Days of Future Past, and Dawn of the Planet of the Apes.

Of the five indicted men, only one – Malik Luqman Farooq – has been physically detained by authorities. He was reportedly arrested by City of London Police and is currently awaiting trial in the UK.

None are in U.S. custody but face a seven-count indictment listing conspiracy to commit computer fraud, unauthorized access to a computer, aggravated identity theft, and copyright infringement.

According to the indictment, the group began offending prior to May 5, 2013 and continued to May 20, 2015.

It’s alleged that Farooq, Raj, Nhance, and Selvarajah rented servers from companies including OVH which they used to store pirated copies of movies which had been illegally obtained from servers operated by movie, distribution, and other third-party companies.

Farooq and Jadhav are further accused of obtaining ‘cammed’ copies of first-run movies and acquiring and distributing ‘screener’ copies of movies not intended for public consumption. These and other titles were then offered for sale and also uploaded to the wider Internet.

Details released in the indictment indicate that the authorities gained access to the group’s supposedly private conversations.

In May 2013, for example, it’s alleged that during an online chat, Farooq asked Raj to put him in touch with someone who could camcord the movie The Great Gatsby in India.

During the same month, it’s alleged that Farooq paid an “unindicted co-conspirator” for access to a torrent tracker which was used to obtain pirate copies of copyrighted content.

In June that same year, it’s claimed that Farooq accessed a server in Los Angeles belonging to a movie production and distribution company to obtain trailers for the movie The Wolverine and Turbo, prior to the movies’ official release.

During August 2013, someone illegally camcorded The Smurfs 2 at a cinema in Bhopal, India. The next day, Farooq sold access to that movie to an individual who he believed to be a ‘pirate’ customer. In fact, the person was an investigator for an anti-piracy firm hired by the MPAA.

Months later, between April and July 2014, it’s alleged that Farooq and other co-conspirators accessed the California-based servers of a content-management services company which was used to store and distribute motion picture assets.

From there, using TOR, they downloaded approximately 142 files including the movies Divergent, Godzilla, Seventh Son, Jane Got a Gun, Mortdecai, and the first five episodes of season five of The Walking Dead, all prior to their official release.

Interestingly, the indictment also details how Farooq (or another co-conspirator) obtained a copy of The Expendables 3 prior to its official release. As previously reported, the movie leaked online during July 2014.

The indictment claims the copy was obtained from the previously-mentioned
content-management services company and downloaded via TOR. The copy was then stored on an OVH server with Farooq quickly selling it to the MPAA’s anti-piracy investigator. Many other movies were also sold by Farooq to the investigator, with some of the proceeds ending up in his own PayPal account.

In November 2014, City of London Police announced they had arrested two men in the UK in connection with The Expendables 3 being leaked online. The pair, then aged 36 and 33, are considerably older than Farooq who is reportedly just 30.

However, in April 2015, City of London Police arrested a 26-year-old man at his workplace in Leeds. He was taken to a local police station for questioning, suspected of leaking The Expendables 3. Sylvester Stallone took time out to thank police for their efforts.

“This case is being investigated by U.S. Immigration and Customs Enforcement’s Homeland Security Investigations, which received substantial assistance from the Police Intellectual Property Crime Unit of the City of London Police. U.S. authorities received cooperation from French and Canadian authorities in obtaining evidence stored abroad,” the Department of Justice notes.

The indictment, which details 106 “overt acts”, can be obtained here (pdf) (via Variety)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

09:49

Feeds | Tech Writing 101 at Collaborations Workshop 2019 [Planet GridPP]

Tech Writing 101 at Collaborations Workshop 2019 s.aragon 13 December 2018 - 9:28am

By Raniere Silva, Community Officer, Software Sustainability Institute. We are delighted to announce that Sarah Maddox and Sharif Salah will be running a session called "Tech Writing 101" at the Collaborations Workshop 2019.

Oobleck [QC RSS]

that postscript pun is the greatest thing I have ever written

08:42

Keith Packard: newt [Planet Debian]

Newt: A Tiny Embeddable Python Subset

I've been helping teach robotics programming to students in grades 5 and 6 for a number of years. The class uses Lego models for the mechanical bits, and a variety of development environments, including Robolab and Lego Logo on both Apple ][ and older Macintosh systems. Those environments are quite good, but when the Apple ][ equipment died, I decided to try exposing the students to an Arduino environment so that they could get another view of programming languages.

The Arduino environment has produced mixed results. The general nature of a full C++ compiler and the standard Arduino libraries means that building even simple robots requires a considerable typing, including a lot of punctuation and upper case letters. Further, the edit/compile/test process is quite long making fixing errors slow. On the positive side, many of the students have gone on to use Arduinos in science research projects for middle and upper school (grades 7-12).

In other environments, I've seen Python used as an effective teaching language; the direct interactive nature invites exploration and provides rapid feedback for the students. It seems like a pretty good language to consider for early education -- "real" enough to be useful in other projects, but simpler than C++/Arduino has been. However, I haven't found a version of Python that seems suitable for the smaller microcontrollers I'm comfortable building hardware with.

How Much Python Do We Need?

Python is a pretty large language in embedded terms, but there's actually very little I want to try and present to the students in our short class (about 6 hours of language introduction and another 30 hours or so of project work). In particular, all we're using on the Arduino are:

  • Numeric values
  • Loops and function calls
  • Digital and analog I/O

Remembering my childhood Z-80 machine with its BASIC interpreter, I decided to think along those lines in terms of capabilities. I think I can afford more than 8kB of memory for the implementation, and I really do want to have "real" functions, including lexical scoping and recursion.

I'd love to make this work on our existing Arduino Duemilanove compatible boards. Those have only 32kB of flash and 2kB of RAM, so that might be a stretch...

What to Include

Exploring Python, I think there's a reasonable subset that can be built here. Included in that are:

  • Lists, numbers and string types
  • Global functions
  • For/While/If control structures.

What to Exclude

It's hard to describe all that hasn't been included, but here's some major items:

  • Objects, Dictionaries, Sets
  • Comprehensions
  • Generators (with the exception of range)
  • All numeric types aside from single-precision float

Implementation

Newt is implemented in C, using flex and bison. It includes the incremental mark/sweep compacting GC system I developed for my small scheme interpreter last year. That provides a relatively simple to use and efficient memory system.

The Newt “Compiler”

Instead of directly executing a token stream as my old BASIC interpreter did, Newt is compiling to a byte coded virtual machine. Of course, we have no memory, so we don't generate a parse tree and perform optimizations on that. Instead, code is generated directly in the grammar productions.

The Newt “Virtual Machine”

With the source compiled to byte codes, execution is pretty simple -- read a byte code, execute some actions related to it. To keep things simple, the virtual machine has a single accumulator register and a stack of other values.

Global and local variables are stored in 'frames', with each frame implemented as a linked list of atom/value pairs. This isn't terribly efficient in space or time, but was quick to implement the required Python semantics for things like 'global'.

Lists and tuples are simple arrays in memory, just like C Python. I use the same sizing heuristic for lists that Python does; no sense inventing something new for that. Strings are C strings.

When calling a non-builtin function, a new frame is constructed that includes all of the formal names. Those get assigned values from the provided actuals and then the instructions in the function are executed. As new locals are discovered, the frame is extended to include them.

Testing

Any new language implementation really wants to have a test suite to ensure that the desired semantics are implemented correctly. One huge advantage for Newt is that we can cross-check the test suite by running it with Python.

Current Status

I think Newt is largely functionally complete at this point; I just finished adding the limited for statement capabilities this evening. I'm sure there are a lot of bugs to work out, and I expect to discover additional missing functionality as we go along.

I'm doing all of my development and testing on my regular x86 laptop, so I don't know how big the system will end up on the target yet.

I've written 4836 lines of code for the implementation and another 65 lines of Python for simple test cases. When compiled -Os for x86_64, the system is about 36kB of text and another few bytes of initialized data.

Links

The source code is available from my server at https://keithp.com/cgit/newt.git/, and also at github https://github.com/keith-packard/newt. It is licensed under the GPLv2 (or later version).

07:56

1252 [LFG Comics]

The post 1252 appeared first on Looking For Group.

1251 [LFG Comics]

The post 1251 appeared first on Looking For Group.

1249 [LFG Comics]

The post 1249 appeared first on Looking For Group.

The Vidja Games [LFG Comics]

I have been fortunate of late, in that I have had some of what the ancient scholars referred to as ‘free time’ and have been able to vidja game (translation: video game). I’ve always been very peculiar in what I […]

The post The Vidja Games appeared first on Looking For Group.

Black Friday is Live! [LFG Comics]

All right friends, everything is up in the store for Black Friday and Cyber Monday! I won’t bore you with the thrilling details again, so click through and enjoy! These are limited offers, so don’t wait!

The post Black Friday is Live! appeared first on Looking For Group.

05:21

Unintended Consequences [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Tonight's comic contains the solution to loneliness.

01:28

Compiz: Ubuntu Desktop's little known best friend [OSNews]

Compiz can quickly get you the desktop you deserve: a desktop with a very high degree of customizability, on top of being faster than the default GNOME Shell, and (as far as I can tell) faster than Mac or Windows. The best part is that it takes no time at all to get up and running! I'll show you how to transform Ubuntu into a desktop that is functionally similar to Mac.

I doubt any of this is news to many OSNews readers, but it's still a nice introduction into the functionality offered by Compiz.

Windows Server 2019 includes OpenSSH [OSNews]

The OpenSSH client and server are now available as a supported Feature-on-Demand in Windows Server 2019 and Windows 10 1809! The Win32 port of OpenSSH was first included in the Windows 10 Fall Creators Update and Windows Server 1709 as a pre-release feature. In the Windows 10 1803 release, OpenSSH was released as a supported feature on-demand component, but there was not a supported release on Windows Server until now.

01:14

[$] LWN.net Weekly Edition for December 13, 2018 [LWN.net]

The LWN.net Weekly Edition for December 13, 2018 is available.

Clash of the corporate titans: Who's spending what in Europe's Copyright Directive battle [Cory Doctorow – Boing Boing]

There's been a lot of money thrown around to determine the future of the Internet in the EU, but despite the frequent assertion that every opponent of the new Copyright Directive is a paid puppet for Google, the numbers tell a different story: according to the watchdog Corporate Europe Observatory (CEO), the entertainment industry are the biggest spenders by far, and they have obscured that fact by using dodgy accounting to make it look like Google is buying out the European Parliament.

The fight over the European Copyright in the Single Digital Market Directive has been a long one, but it boiled over last spring, when control over the Directive passed into the hands of the German MEP Axel Voss, who reversed his predecessor's decision to drop one of the Directive's most controversial clauses (Article 11, the "link tax" that forced publishers to charge for licenses to include more than a word or two in links to their news stories) and jettisoned the compromise work on the other controversial clause (Article 13, which makes online platforms liable if their users post anything that infringes copyright, even for an instant, which will require expensive black-box algorithmic censorship to accommodate).

Since then, the lobbying and public debate has been fierce. Roughly speaking, there are three sides:

  1. Large corporate rightsholder organisations and collecting societies, often allied with creators' rights groups, who are largely in favour of Voss's version of the Directive (though a large group of powerful corporate rightsholders completely hate it;
  2. The tech sector, a mix of smaller EU tech companies that couldn't afford to comply with Articles 11 and 13, and US "Big Tech" platforms, who largely oppose it (though YouTube isn't actually that worried, because they're closer to having a filter than any of their competitors); and
  3. Unaffiliated civil society groups: 70 of the world's top tech experts (including the "Father of the Internet" and the inventor of the World Wide Web); a diverse coalition of human rights groups, academics, journalists, scientists, and others; legal and economic scholars; leading academics; Europe's library associations; free press advocates; the UN's special rapporteur on free expression, and of course, those four million Europeans who signed the Change.org petition against it.

Amazingly, Group 1 -- the entertainment lobby -- has spent much of this debate insisting that the third group doesn't exist: that everyone who opposes the directive is directly or indirectly working for the big tech companies. This is the European Copyright version of insisting that everyone who disagrees with you is actually being paid by George Soros to get in your way.

What's more, Group 1's contention has been that Google has lavished incredible sums of money and despatched an army of lobbyists to Brussels and Strasbourg to influence the outcome of the debate.

Luckily, there's no need to argue about this question: we can just refer to the data, which CEO has handily published all in one place.

The picture that emerges from the CEO data is one where the entertainment industry completely dominates the spending and lobbying on the new Directive (unsurprisingly, as they've been at it longer and have deeper ties to MEPs, Commissioners and other officials who deal with copyright). Google and its fellows in the tech industry have also spent and lobbied a lot, but the entertainment sector lobbied a whole tonne.

What's more, the entertainment industry's own strategic plans turned on creating the false perception that the opposition to the Directive was just Google's influence campaign writ large ("From the music side, this week’s lobbying is focused around two points: convincing politicians of Article 13’s necessity on one hand, and criticising Google’s lobbying on the other").

The false narrative about Google's big spending was bolstered by bad accounting: the UK Music Industry body accused Google of spending €31m on the Copyright Directive. But they arrived at that figure by adding the €6m that Google spent on all of its EU lobbying, on every issue, and adding it to the total budgets of every organisation and coalition that Google belonged to. As is so often the case, an imaginary number multiplied by a very large number produced an even larger number, but that didn't make it a real number.

Between the entertainment industry's blitz and the more fumbling lobbying attempts from Big Tech, it's no wonder that staffers for Green MEP Max Andersson called the Copyright Directive the "most intense lobby effort so far."

Given the big noise that corporate money was making in the debate, it was hard for civil society voices to be heard. This was worsened by the entertainment industry figures' insistence that the flood of emails from their constituents was a kind of attack. For instance, an editorial by Volker Reiker (owner of File Defender, a company that "helps clients to receive copyright remuneration for their work") denounced the letter-writing campaign sponsored by Copyright for Creativity, a coalition of which Google is a member (along with numerous co-equal civil society groups who often oppose Google in regulatory and policy matters). He wrote multiple editorials accusing Google of being civil society's puppetmaster, which entertainment and publishing industry groups translated and circulated.

While these libels were without merit, there's some irony here in that the only vocal player in this fight whose financial backing is not disclosed, and whose lobbying activity is not registered: "Netopia," fronted by Swedish gaming industry lobbyist Per Strömbäck. Despite its extensive activities, Netopia is not registered with the EU's Transparency Register, and the source of the dark money that paid for things like a €50,000+ campaign by the lobbying firm MSL Brussels is a mystery. Even more ironic: Netopia is the most vocal proponent of conspiracy theories that accuse civil society organisations of being secretly funded by the tech lobby to carry water for it.

The EU is at a crossroads: eurosceptic movements are on the rise, and their stock-in-trade is the accusation that the EU is a tool of corporate money, unresponsive to the needs of Europeans. The EU has not helped itself in this regard: its transparency rules are wildly imperfect, making it difficult to get a full picture of who spent what in this record-setting lobbying cycle.

But Group 3 -- the experts, the academics, the civil society groups, the four million Europeans -- are the people whom eurosceptics say the EU ignores. It can ill afford to do so this time.

Wednesday, 12 December

23:56

FreeBSD 12.0 released [OSNews]

The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 12.0-RELEASE. This is the first release of the stable/12 branch.

The full release notes have all the details.

The future of Core, Intel GPUs, 10nm, and Hybrid x86 [OSNews]

It has been hard to miss the fact that Intel has been vacuuming up a lot of industry talent, which brings with them a lot of experience. Renduchintala, Koduri, Keller, Hook, and Carvill, are just to name a few. This new crew has decided to break Intel out of its shell for the first time in a while, holding the first in a new tradition of Intel Architecture Days. Through the five hours of presentations, Intel lifted the lid on the CPU core roadmaps through 2021, the next generation of integrated graphics, the future of Intel's graphics business, new chips built on 3D packaging technologies, and even parts of the microarchitecture for the 2019 consumer processors. In other words, it's many of the things we've been missing out on for years. And now that Intel is once again holding these kinds of disclosures, there's a lot to dig in to.

AnandTech's coverage of the event.

Linux kernel developers discuss dropping x32 support [OSNews]

It was just several years ago that the open-source ecosystem began supporting the x32 ABI, but already kernel developers are talking of potentially deprecating the support and for it to be ultimately removed. The Linux x32 ABI as a reminder requires x86_64 processors and is engineered to support the modern x86_64 features but with using 32-bit pointers rather than 64-bit pointers. The x32 ABI allows for making use of the additional registers and other features of x86_64 but with just 32-bit pointers in order to provide faster performance when 64-bit pointers are unnecessary.

This headline confused me for a second, because at first I thought the Linux team was removing 32 bit support - which obviously made little sense to me. As the quoted blurb explains, that's not the case.

Archiving C64 tapes correctly [OSNews]

It's pretty simple to archive Commodore 64 tapes, but it's hard if you want to do it right. Creating the complete archive of the German "INPUT 64" magazine was not as easy as getting one copy of each of the 32 tapes and reading them. The tapes are over 30 years old by now, and many of them are hardly readable any more.

Tell the Senate Not to Make the Register of Copyrights a Presidential Pawn [EFF Action Center]

The Register of Copyrights has two important, apolitical jobs: registering copyrightable works and providing information on copyright law to the government. Neither of these jobs is best served by a Register that is subject to the President’s agenda.

We’ve seen what results from a more politicized Copyright Office. Former register Maria Pallante ignored the Constitutional purpose of copyright—“to promote the progress of science and useful arts”—by proclaiming that “Copyright is for the author first and the nation second.” Pallante’s Copyright Office also supported the Stop Online Privacy Act (SOPA), which would have created an online blacklist and been a disaster for free speech online. More recently, heavy lobbying by the MPAA lead the Copyright Office to undermine the FCC’s plan to bring competition to the cable box market.

A Register that is appointed by the President will be more influenced by politics, not less. It can be more easily controlled by media and entertainment companies that want to radically change how the Internet works and mandate things like the EU’s copyright filters. The Copyright Office could be used to have an enormous impact on how we interact with copyrighted works—music, movies, books, and the technology we now use to access them---it’s important that the Register remains a truly public servant.

The House of Representatives already passed the Register of Copyrights Selection and Accountability Act. So it’s up to the Senate to say no. Tell your Senators not to turn the Register into a political appointee.

22:21

22:14

Adam Ruins Big Tech: how monopolies, DRM, EULAs, and predatory tactics have delivered our dystopian future [Cory Doctorow – Boing Boing]

The latest episode of the always-outstanding Adam Ruins Everything (previously) is my favorite yet: a wide-ranging look at the way that tech has exploited policy loopholes to monopolize control over repairs, features, parts and consumables; to spy on users; to use predatory pricing to crush competitors; to avoid taxation; and to become a force for oligarchic control.

But it's not a counsel of despair! Adam and his guests discuss how Big Tech can be cut down to size, using traditional tools like antitrust law, which will not make tech's leaders any less prone to evil fantasied -- but it will limit their ability to turn those bad impulses into bad deeds.

You can see the whole episode if you're a Trutv subscriber, but in the meantime, the production has published a couple of great clips.

Disclosure: I'm proud to say I pitched this to Adam and his team, and I'm delighted to see how it turned out!

21:35

Page 3 [Flipside]

Page 3 is done.

Link [Scripting News]

What a thrill to see NakedJen in the Likes here. 💥

Link [Scripting News]

Response from Baratunde on Twitter.

20:49

20:42

Canal+ commits copyfraud, gets Banksy's painting-shredding video removed from Youtube [Cory Doctorow – Boing Boing]

In October, a delightful prank by the artist Banksy involved a painting of his shredding itself shortly after a Sotheby's bidder committed to spending £1.04m to buy it.

Banksy shot his own video of the stunt and posted it to Youtube. The video was widely reused by news networks in their coverage of the prank, including by the French giant Canal+.

Canal+ didn't just make a fair use of Banksy's video, though: they also fraudulently claimed copyright over his footage with Youtube's ContentID filter, resulting in his video being censored.

Youtube eventually restored the video: Banksy is famous, and the video is famous, so Youtube presumably bumped this dispute to the front of the queue. But Canal+ will face no penalties for committing copyfraud: it will still enjoy the privilege of being able to use Youtube's ContentID system to arbitrarily censor works based on evidence-free claims of copyright.

If you think this is unfair, strap in: tomorrow, we'll learn whether the European Union will proceed with the new Copyright Directive, and with it, Article 13, which will require all platforms to create ContentID-style copyright filters that anyone can add anything to, with impunity, to censor anything on the internet merely by making unsubstantiated copyright claims.

Apparently, the French media giant Canal+ used the material as well. However, they went a step further and have claimed it as their own, asking YouTube to remove the original, which it did.

“Video unavailable This video contains content from Canal Plus, who has blocked it on copyright grounds,” a message now reads instead.

Banksy’s Own Video Shredded By YouTube Following Canal+ Copyright Claim (Update) [Ernesto/TorrentFreak]

20:00

Tech Giants Warn US Govt. Against EU’s ‘Article 13’ Plans [TorrentFreak]

Under President Trump, the United States has worked hard to put several new trade deals in place.

The administration is also working on a new trade agreement with the EU for which the US Trade Representative recently asked the public for input.

This week the Computer & Communications Industry Association (CCIA), which includes Amazon, Cloudflare, Facebook, and Google as members, sent in its thoughts.

The submission includes a stark warning against the EU’s proposed copyright reform plans, including Article 13, which could open the door to upload filtering.

It’s no secret that the proposal is a topic of intense debate within the EU. The tech companies, however, warn the US Government that its effects may hurt the US economy as well.

The CCIA cautions that the proposed changes could increase liability for large Internet services by weakening the safe harbor protections provided by current EU law. At the same time, it will be at odds with the DMCA’s safe harbor provisions.

“The proposed Copyright Directive disrupts settled law protecting intermediaries by weakening established protections from U.S. Internet services in the 2000 EU E-Commerce Directive, and by imposing an unworkable filtering mandate on hosting providers that would require automated ‘notice-and-stay-down’ for a wide variety of copyrighted works.

“If adopted, the Directive would dramatically weaken these long-standing liability protections, which suggests that most modern service providers may be ineligible for its protections,” the CCIA says.

The tech companies note that EU officials have identified US companies as the intended targets of these proposals. They fear that the plans will result in implicit upload filter requirements.

“Under Article 13 of the proposal, the Directive now implies that online services must procure or develop and implement content recognition technology. The decision to compel affirmative filtering of all Internet content, including audiovisual works, images, and text, based on that content’s copyright status, is alarming and profoundly misguided.”

According to the latest proposals, Article 13 would not impose a general monitoring requirement. However, it may require Internet services to ensure that infringing content is not reuploaded, which is hard to achieve without automated filters.

The CCIA points out the lack of specifics as another concern. It’s not clear what measures hosting providers and other services will have to implement in order to be safe, they argue.

This uncertainty and the incompatibility with US law is troublesome for the tech companies. They hope that the US Government will keep these concerns in mind while negotiating a new trade deal.

The final text of Article 13 is still being drafted. The latest trilogue meeting will take place later this week. The CCIA cautions the US to keep these developments in mind, noting that they have the potential to harm the US economy.

“The text is currently under negotiation in trilogue. If the final EU reform does include these provisions, there would likely be a corresponding increase in risk for U.S. platforms doing business in the EU, resulting in significant economic consequences for the U.S. digital economy, which depends on the EU market.

“Furthermore, there is likely to be a ripple effect on the rest of the world, given the EU’s international influence,” the CCIA submission adds.

This is only one side of the argument, of course. The RIAA also submitted comments to the US Trade Representative, presenting a different picture.

While the music group doesn’t mention Article 13, it does caution against “overbroad provisions on copyright safe harbors” and the “lack of online platform accountability,” two issues the EU’s copyright reforms aim to address.

A copy of the CCIA submission is available here (pdf), and the RIAA’s submission can be found here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

19:56

Scanning for Flaws, Scoring for Security [Krebs on Security]

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. What’s remarkable is how many organizations don’t make an effort to view their public online assets as the rest of the world sees them — until it’s too late.

Image: US Chamber of Commerce.

For years, potential creditors have judged the relative risk of extending credit to consumers based in part on the applicant’s credit score — the most widely used being the score developed by FICO, previously known as Fair Isaac Corporation. Earlier this year, FICO began touting its Cyber Risk Score (PDF), which seeks to measure an organization’s chances of experiencing a data breach in the next 12 months, based on a variety of measurements tied to the company’s public-facing online assets.

In October, FICO teamed up with the U.S. Chamber of Commerce to evaluate more than 2,500 U.S. companies with the Cyber Risk Score, and then invited these companies to sign up and see how their score compares with that of other organizations in their industry. The stated use cases for the Cyber Risk Score include the potential for cyber insurance pricing and underwriting, and evaluating supply chain risk (i.e., the security posture of vendor partners).

The company-specific scores are supposed to be made available only to vetted people at the organization who go through FICO’s signup process. But in a marketing email sent to FICO members on Tuesday advertising its new benchmarking feature, FICO accidentally exposed the FICO Cyber Risk Score of energy giant ExxonMobil.

The marketing email was quickly recalled and reissued in a redacted version, but it seems ExxonMobil’s score of 587 puts it in the “elevated” risk category and somewhat below the mean score among large companies in the Energy and Utilities sector, which was 637. The October analysis by the Chamber and FICO gives U.S. businesses an overall score of 687 on a scale of 300-850.

Data accidentally released by FICO about the Cyber Risk Score for ExxonMobil.

How useful is such a score? Mike Lloyd, chief technology officer at RedSeal, was quoted as saying a score “taken from the outside looking in is similar to rating the fire risk to a building based on a photograph from across the street.”

“You can, of course, establish some important things about the quality of a building from a photograph, but it’s no substitute for really being able to inspect it from the inside,” Lloyd told Dark Reading regarding the Chamber/FICO announcement in October.

Naturally, combining external scans with internal vulnerability probes and penetration testing engagements can provide organizations with a much more holistic picture of their security posture. But when a major company makes public, repeated and prolonged external security foibles, it’s difficult to escape the conclusion that perhaps it isn’t looking too closely at its internal security either.

ENTIRELY, CERTIFIABLY PREVENTABLE

Too bad the errant FICO marketing email didn’t expose the current cyber risk score of big-three consumer credit bureau Equifax, which was relieved of personal and financial data on 148 million Americans last year after the company failed to patch one of its Web servers and then failed to detect an intrusion into its systems for months.

A 96-page report (PDF) released this week by a House oversight committee found the Equifax breach was “entirely preventable.” For 76 days beginning mid May 2017, the intruders made more than 9,000 queries on 48 Equifax databases.

According to the report, the attackers were able to move the data off of Equifax’s network undetected thanks to an expired security certificate. Specifically, “while Equifax had installed a tool to inspect network traffic for evidence of malicious activity, the expired certificate prevented that tool from performing its intended function of detecting malicious traffic.”

Expired certificates aren’t particularly rare or noteworthy, but when they persist in publicly-facing Web servers for days or weeks on end, it raises the question: Is anyone at the affected organization paying attention at all to security?

Given how damaging it was for Equifax to have an expired certificate, you might think the company would have done everything in its power to ensure this wouldn’t happen again. But it would happen again — on at least two occasions earlier this year.

In April 2018, KrebsOnSecurity pointed out that the Web site Equifax makes available for consumers who wish to freeze their credit files was using an expired certificate, causing the site to throw up a dire red warning page that almost certainly scared countless consumers away from securing their credit files.

It took Equifax two weeks to fix that expired cert. A week later, I found another expired certificate on the credit freeze Web portal for the National Consumer Telecommunications and Utilities Exchange — a consumer credit bureau operated by Equifax.

ARE YOU EXPERIANSED?

One has to wonder what the median FICO Cyber Risk Score is for the credit bureau industry, because whatever Equifax’s score is it can’t be too different from that of its top competitor — Experian, which is no stranger to data breaches.

On Tuesday, security researcher @notdan tweeted about finding a series of open directories on Experian’s Web site. Open directories, in which files and folders on a Web server are listed publicly and clickable down to the last file, aren’t terribly uncommon to find exposed on smaller Web sites, but they’re not the sort of oversight you’d expect to see at a company with the size and sensitivity of Experian.

A directory listing that exposed a number of files on an Experian server.

Included in one of the exposed directories on the Experian server were dozens of files that appeared to be digital artifacts left behind by a popular Web vulnerability scanner Burp Suite. It’s unclear whether those files were the result of scans run by someone within the company, or if they were the product of an unauthorized security probe by would-be intruders that somehow got indexed by Experian’s servers (the latter possibility being far more concerning).

Experian did not respond to requests for comment, and the company disabled public access to the directories shortly after other researchers on Twitter began piling on to @notdan’s findings with their own discoveries.

Evidence of data left behind by a Burp Suite Web vulnerability scan run against an Experian server.

As I noted in last week’s story on the 4-year-long breach at Marriott that exposed personal and financial data on some 500 million guests, companies that have their heads screwed on correctly from an information security standpoint are run by leaders who are expecting the organization will get breached constantly through vulnerabilities, phishing and malware attacks.

They’re continuously testing their own internal networks and employees for weaknesses, and regularly drilling their breach response preparedness (much like a fire drill). They are finding creative ways to cut down on the volume of sensitive data that they need to store and protect. And they are segmenting their networks like watertight compartments in a ship, so that a breach in one part of the organization’s digital hull can’t spread to the rest of the vessel and sink the whole ship (it’s worth noting the House oversight report observed that the lack of network segmentation was a major contributor to the Equifax breach).

But companies with advanced “security maturity” also are regularly taking a hard look at what their outward-facing security posture says to the rest of the world, fully cognizant that appearances matter — particularly to ne’er-do-wells who tend to view public security weaknesses like broken windows, and as an invitation to mischief.

19:14

The Humble Book Bundle: Games & Puzzles by Wiley! Game for a... [Humble Bundle Blog]



The Humble Book Bundle: Games & Puzzles by Wiley! 

Game for a new ebook bundle? We’ve teamed up with Wiley to bring you a library of good fun with titles like Dungeon Master For Dummies, Casino Gambling For Dummies, Dungeons and Dragons 4th Edition For Dummies, The Poker Face of Wall Street, and more.


Assets for Press and Partners

18:28

Link [Scripting News]

I just got an email from @baratunde about The Correspondent once again saying I'm part of a movement. No. They haven't done anything to justify that. They are a for-profit company. They make it sound like a charity. Tone it down.

Link [Scripting News]

The tech industry used to have rollouts like the one The Correspondent is doing. A new company wants to enter a market with a few well-known products. So they claim, on rollout, to have some new feature, usually hard to explain or obscured, that made their product revolutionary. The old products are old. Legacy. Roadkill. Since the press didn't care much for facts, and wanted to report on wars, they would run with the hype. A few years later the new technology is known not to be revolutionary. And the new company either gained entry or didn't. The incumbent products are still there. An example was "object oriented" in the early 90s. We now fully grok what it is, it's another way of factoring. Useful for sure, sometimes. But not game-changing.

News Post: The Orb In All Of Us [Penny Arcade]

Tycho: We were watching some high level tournament play for Smash, as one does, and while I’ve played tons of it I got the sense like I did with its predecessor: there is a whole other game here that I didn’t know about, and may not even be able to see. It exists in a visual band I need a fanciful visor to perceive.  I’ve played it the same way you would Theatre Sports or something - Whose Line Is It Anyway, let’s say, against a backdrop of brutal slapstick.  Literal props, many of them hilarious, fall from the sky to spice up each scene.  That’s…

17:42

Link [Scripting News]

So if Michael Cohen committed crimes that result in a 3 year sentence, I guess Trump should go to jail for 3 years too.

17:28

Today in GPF History for Wednesday, December 12, 2018 [General Protection Fault: The Comic Strip]

Trudy decides its finally time to set the record straight between her, Nick, and Ki...

16:56

[$] DMA and get_user_pages() [LWN.net]

In the RDMA microconference of the 2018 Linux Plumbers Conference (LPC), John Hubbard, Dan Williams, and Matthew Wilcox led a discussion on the problems surrounding get_user_pages() (and friends) and the interaction with DMA. It is not the first time the topic has come up, there was also a discussion about it at the Linux Storage, Filesystem, and Memory-Management Summit back in April. In a nutshell, the problem is that multiple parts of the kernel think they have responsibility for the same chunk of memory, but they do not coordinate their activities; as might be guessed, mayhem can sometimes ensue.

The x32 subarchitecture may be removed [LWN.net]

The x32 subarchitecture is a software variant of x86-64; it runs the processor in the 64-bit mode, but uses 32-bit pointers and arithmetic. The idea is to get the advantages of x86-64 without the extra memory usage that goes along with it. It seems, though, that x32 is not much appreciated; few distributions support it and the number of users appears to be small. So now Andy Lutomirski is proposing its eventual removal:

I propose that we make CONFIG_X86_X32 depend on BROKEN for a release or two and then remove all the code if no one complains. If anyone wants to re-add it, IMO they're welcome to do so, but they need to do it in a way that is maintainable.

If there are x32 users out there, now would be a good time for them to speak up.

Link [Scripting News]

Trump's hands are truly offensive. I hate the way he puts his hand in the face of people to hold the floor so he can repeat the same horseshit over and over. You could see it as he tried to talk over Nancy Pelosi. He did it with Hillary Clinton. He does it when an interview isn't going the way he likes. It's nasty. Second point. When he threatens a revolt if he's impeached, that itself is cause to be removed from office. The president swears an oath to uphold the Constitution. Impeachment and removal are in the Constitution. Really it has to be the most impeachable offense there is.

1148: The Rainbow Rejection [Order of the Stick]

http://www.GiantITP.com/comics/oots1148.html

Theresa May faces a no confidence vote today [Cory Doctorow – Boing Boing]

Today, in a debate scheduled to run between 18h-20h GMT (10AM-12PM Pacific), Theresa May's Conservative Party will vote on whether she will remain leader of the party and thus Prime Minister.

If May loses (technically if 158 or more MPs vote against her, but practically speaking it's likely she'll step down if it's at all close), Conservative Party members will vote on the next PM; the frontrunners are Boris Johnson, Michael Gove, Amber Rudd, Andrea Leadsome, Jeremy Hunt and Sajid Javid.

The hardline Brexit Leave campaign has been urging its supporters to join the Conservative Party in anticipation of this vote, so there's a real chance that the next PM will be a pro-Brexit "ultra" like Johnson.

Naked Capitalism has an excellent roundup of analysis of the likely outcomes, and the comments are especially good today.

The assumption above is that the party will gravitate around a centrist, which is how May had positioned herself, and reject Boris. I believe Gove has tried to position himself that way, so I am not sure he should be written off so quickly, particularly since he has more Cabinet experience than Javid, who is still pretty wet behind the ears.

Financiers and businessmen on the whole presumably prefer Remain, but that does not make them representative of the members of the party. And as the comment above indicated, the Tories have not yet come to grips with the idea that there isn’t even time for a referendum, even if the EU were to give an extension to the end of June, the longest time that multiple sources have said they’d be willing to offer. And due to continued terrible press reporting, they may fall for a leader selling the unicorn of “Norway plus”.

And we have the wee complicating factor that if a leadership contest is on, this chews up time while the Brexit clock is ticking.

Brexit: Tories Launch No Confidence Vote Against May [Yves Smith/Naked Capitalism]

(Image: Donkey Hotey, CC-BY)

16:14

Security updates for Wednesday [LWN.net]

Security updates have been issued by Arch Linux (chromium, firefox, lib32-openssl, lib32-openssl-1.0, openssl, openssl-1.0, texlive-bin, and wireshark-cli), Fedora (perl), openSUSE (pdns), Oracle (kernel), Red Hat (kernel), Slackware (mozilla), SUSE (kernel, postgresql10, qemu, and xen), and Ubuntu (firefox, freerdp, freerdp2, pixman, and poppler).

15:28

Link [Scripting News]

Braintrust query: I keep reading about Kubernetes and how it's taking over the world, but every piece also says it's very complicated. Why? Heroku set the initial prior art in this area. It's easy to get started with. Here we are many years later, it seems we are going the wrong way. Or am I missing the point. Isn't Kubernetes trying to solve the same problem as Heroku? In any case an open source user-deployable Heroku would be very welcome. Update: Digital Ocean introduced a simplified Kubernetes service yesterday. I had no idea. Also, Dokku was recommended.

Link [Scripting News]

I'm making a purchase that requires a credit check, and in the process, the lender said I needed to unfreeze my records at the three credit rating services. At first I didn't remember freezing them, but then on a bit of investigation I recalled that when Experian had their breach they offered to do the freeze and also monitor my credit for free. So now I had to figure out how to unfreeze the accounts. The bank gave me phone numbers. But all they can do is send you a credit report. Some are pretty humiliating about it. After much navigation, searching and puzzling I figured out how to turn off two of the three, but Experian, in trying to validate me, asked "security questions" that I answered correctly but they rejected. In the process I learned that apparently I had taken out an auto loan in 2017, a year that I didn't even own a car and most certainly didn't purchase one. So now I have another problem. But I guess it's their system that's fucked up, because if someone used my credit to buy a car, apparently they are making the payments, so wtf. This system is so broken, it's amazing we haven't yet had a total meltdown. Or maybe we have and we're living in its aftermath.

One Weird Trick… – DORK TOWER 29.11.18 [Dork Tower]

HEY THERE! Dork Tower has a Patreon campaign going, with amazing backers who help there here webstrips happen. And there’s bonus comics, bonus content, and swag! Sweet, sweet SWAG!We’re trying to reach the three comics a week tier!  Check it out, why don’t you? 

New Australian Backdoor Law [Schneier on Security]

Last week, Australia passed a law giving the government the ability to demand backdoors in computers and communications systems. Details are still to be defined, but it's really bad.

Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things. And two, there's nothing I can say that I haven't said many times before.

If there are more good links or commentary, please post them in the comments.

EDITED TO ADD (12/13): The Australian government response is kind of embarrassing.

15:21

How can I programmatically wait until the system has finished booting completely before doing my own computations? [The Old New Thing]

A customer wanted to know how they could have their program wait until the system has finished booting completely. Their program runs in the Startup group, but they found that there is so much activity during startup that when their program displays a prompt to the user, it often gets covered by other things that run at startup. They want to wait until the system has finished booting and become idle, and then they can start their work.

The customer wanted to know whether there was a signal they could listen for to tell them that the system has finished booting.

Well, if such a signal existed, it would be a lie.

This program is going to wait for the system to go idle, and then start doing stuff. Which means that the system is no longer idle and hasn't finished booting. So the signal was premature.

The customer has created a philosophical deadlock. They want their code to run after the system has finished starting up, but the system won't be finished starting up until after they run their code.

This also suffers from the What if two programs did this? problem: Suppose two programs waited for the signal. Then they both try to do work, and they are now competing with each other, even though they were trying to wait until there was no contention for resources.

The customer explained that they are willing to do something hacky, because they got so many client complaints that their program was slow, that they felt they had to do something. They ended up polling the system for CPU usage, and waiting for the CPU usage to remain low for 10 seconds. (I don't know what they do if the CPU simply never reaches that state, say, because it's a multi-user system, or because the client has another program in their Startup group that uses a lot of CPU.)

Virtue Signaling eBook Now Available (and Hardcover Almost Sold Out!) [Whatever]

In case you missed the announcement on Twitter yesterday, the eBook version of Virtue Signaling is now out in the world and available, both from Subterranean Press directly, and also from other eBook retailers. The eBook edition is just $4.99, which makes it a perfect “splurge” purchase for you or the people you love, who also love eBooks. Get two! Or six! They’re cheap!

(If you’d prefer the signed, limited hardcover, there are a few copies left — and I do mean a few, we’re down to the last couple dozen. Go here to get one. After those are gone, they’re gone forever.)

No matter how you get this book, it’s a pretty good one. I’m proud of it, and happy it’s out a little early so you can enjoy it before the end of the year. Happy reading!

14:42

Link [Scripting News]

I noted early this morning tweets from Phil Windley and Chris Allen about a conference in Switzerland where they have an easy way of explaining a new "self-sovereign" identity system. At some point I want to ask the question about how we can adapt the code we have working with Twitter as an identity system with this new system. It's important that for application developers it be as easy or easier than the currently available systems.

12:42

Climate change - 12 years [Tales From the Riverbank]

 We have to cut our carbon emissions by 45% in the next twelve years to avoid catastrophic (and probably irreversible) climate change.

This isn't some dim, distant future: it's happening now.  This is my lifetime, my children's lifetime, and all of my granddaughter's lifetime.

It's hard for many people to know what they can do to make a difference, so I'm going to try posting regularly on the subject. (I find it difficult to post much about climate change because so many people are in denial, and even people who understand the problem still tend to say "But I can't give up 'x', and the rest just move onto the next post because it's less stressful to read about cats....  But we have to take action, or we lose everything.)

It's hard to visualise what the effects of climate change are. We're already seeing the droughts,storms,  floods and fires, but there is far more to it than that. eg. by 2050, the area where coffee is grown is expected to halve, as the climate becomes unsuitable for growing coffee.

So, what can you do?  Because there are things you can do, and you CAN make a difference.

The big issues are:

Heat
Travel
Meat


Let's look at meat.  Beef and lamb are the biggies here. Cows and sheep both fart methane, which is a very powerful greenhouse gas.  The ideal solution is to go vegetarian, but you don't have to do that to make a significant difference.  We don't eat meat more than once a day, and there are usually several days a week in which we don't have any meat at all.  My son's fiancee is vegan, and that's given us a real motivation to find interesting meals that contain no meat or dairy at all.  

I've made the decision to cut out beef and lamb entirely and only eat pork, venison and poultry from now on.  Venison where I live comes from non-native sika deer that over-graze the vegetation in nature reserves and have to be shot for pest control (as they have no natural predators).  That's definitely environmentally friendly meat!  

In a nutshell, cut out beef and lamb. Eat pork and poultry, and if you're an Aussie, eat rabbit and kangaroo. This entry was originally posted on Dreamwidth where it has comment count unavailable comments.

12:28

Four short links: 12 December 2018 [All - O'Reilly Media]

Render as Comic, Notebook to Production, Population Visualization, and Location Privacy

  1. Comixify -- render video as comics.
  2. How to Grow Neat Software Architecture out of Jupyter Notebooks -- everyone's coding in notebooks as a sweet step up from the basic one-command REPL loop. Here's some good advice on how to grow these projects without creating a spaghetti monster.
  3. City 3D -- This project wields data from the Global Human Settlement Layer, which uses “satellite imagery, census data, and volunteered geographic information” to create population density maps. Best visualization I've seen in a very long time.
  4. Your Apps Know Where You Were Last Night, and They're Not Keeping It Secret (NY Times) -- At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information. They claim 200M mobile devices, with updates as often as every six seconds. These companies sell, use, or analyze the data to cater to advertisers, retail outlets, and even hedge funds seeking insights into consumer behavior. [...] An app may tell users that granting access to their location will help them get traffic information, but not mention that the data will be shared and sold. That disclosure is often buried in a vague privacy policy.

Continue reading Four short links: 12 December 2018.

Climate change - 12 years [Judith Proctor's Journal]

 We have to cut our carbon emissions by 45% in the next twelve years to avoid catastrophic (and probably irreversible) climate change.

This isn't some dim, distant future: it's happening now.  This is my lifetime, my children's lifetime, and all of my granddaughter's lifetime.

It's hard for many people to know what they can do to make a difference, so I'm going to try posting regularly on the subject. (I find it difficult to post much about climate change because so many people are in denial, and even people who understand the problem still tend to say "But I can't give up 'x', and the rest just move onto the next post because it's less stressful to read about cats....  But we have to take action, or we lose everything.)

It's hard to visualise what the effects of climate change are. We're already seeing the droughts,storms,  floods and fires, but there is far more to it than that. eg. by 2050, the area where coffee is grown is expected to halve, as the climate becomes unsuitable for growing coffee.

So, what can you do?  Because there are things you can do, and you CAN make a difference.

The big issues are:

Heat
Travel
Meat


Let's look at meat.  Beef and lamb are the biggies here. Cows and sheep both fart methane, which is a very powerful greenhouse gas.  The ideal solution is to go vegetarian, but you don't have to do that to make a significant difference.  We don't eat meat more than once a day, and there are usually several days a week in which we don't have any meat at all.  My son's fiancee is vegan, and that's given us a real motivation to find interesting meals that contain no meat or dairy at all.  

I've made the decision to cut out beef and lamb entirely and only eat pork, venison and poultry from now on.  Venison where I live comes from non-native sika deer that over-graze the vegetation in nature reserves and have to be shot for pest control (as they have no natural predators).  That's definitely environmentally friendly meat!  

In a nutshell, cut out beef and lamb. Eat pork and poultry, and if you're an Aussie, eat rabbit and kangaroo.

comment count unavailable comments

11:56

CodeSOD: Identify Yourself [The Daily WTF]

Brian B stumbled across a bit of code to generate UUIDs. Seeing that tag-line, I was worried that they invented their own UUID generator. The good news, is that they just use java.util.UUID. The bad...

11:49

Quilts [Tales From the Riverbank]

 I know several of you found it very interesting when I posted a while back about some of my sister's antique quilts.

Here's a talk she gave on wholecloth quilts.  These are quilts that involve no patchwork, but just decorative stitching through the wadding to create a pattern.




If you'd like to see photos and discussion of her quilt collection, then go here.

This entry was originally posted on Dreamwidth where it has comment count unavailable comments.

11:42

Quilts [Judith Proctor's Journal]

 I know several of you found it very interesting when I posted a while back about some of my sister's antique quilts.

Here's a talk she gave on wholecloth quilts.  These are quilts that involve no patchwork, but just decorative stitching through the wadding to create a pattern.




If you'd like to see photos and discussion of her quilt collection, then go here.



comment count unavailable comments

09:56

Bell & Videotron File Criminal Complaint Against IPTV Provider [TorrentFreak]

While regular torrent and streaming sites are still a big hit with online pirates, dedicated IPTV services are becoming increasingly popular with consumers.

These services, which can be difficult to tell apart from official offerings, typically supply access to hundreds of otherwise premium channels at a knockdown price. This disruption is something that broadcasters and rightsholders all over the world are keen to bring to an end.

In particular, there have been many raids around Europe but news is now surfacing of action in Canada, featuring two of the country’s most powerful media companies and what appears to be an unlicensed IPTV provider.

On an unspecified date, Bell and Videotron filed a criminal complaint against IPTV provider Cielo 4K. A website featuring that branding is available here, offering around 250 channels including PPV and adult content while recommending its offer “especially for the residents of the province of Quebec-Canada.”

On October 11, 2018, the Royal Canadian Mounted Police (RCMP) reportedly conducted a search at the residence of a former employee of a Videotron subcontractor in Boisbriand, Montreal. LaPresse reports that dozens of computers and modems plus Bell, Videotron, Roku and DirecTV receivers were seized, totaling some 150 items of hardware.

According to the news outlet, the four people listed as defendants in court documents are not yet facing criminal charges since the RCMP investigation is still ongoing. However, the quartet is suspected of using three Videotron and Bell accounts to receive, capture, and redistribute channels to the public.

“This kind of use makes us believe that the service installed at this residence is used to power an IPTV network broadcasting unauthorized television content,” the plaintiffs state in their claim.

It’s further alleged that the streams were sent to servers operated by OVH Hosting Services, from where they were distributed to the public.

“OVH is also recognized by the telecommunications industry for hosting the majority of IPTV services offering unauthorized television content,” the court documents note, citing a Videotron investigation.

When approached for comment, OVH said it does not discuss the activities of its customers, insisting that as a cloud infrastructure provider it does not have access to customers’ data.

This latest action against Cielo 4K comes as both Bell and Videotron remain embroiled in legal action against Kodi add-on repository TVAddons. It’s been almost 18 months since representatives of the company entered the home of operator Adam Lackman in a search for evidence to support their copyright infringement lawsuit.

This June, bailiffs for the company returned again, looking to seize goods to the value of CAD$50,000 to pay for attorney’s fees.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

09:35

Feeds | What it’s like to be a Fellow if your background is in humanities [Planet GridPP]

What it’s like to be a Fellow if your background is in humanities s.aragon 12 December 2018 - 9:14am

By Iza Romanowska, Barcelona Supercomputing Center. If someone told me five years ago that I would be a Fellow of any organisation with the word ‘software’ in it, I’d just laugh. Yet, it turns out being a diehard humanities person does not save you from the academic inevitability of engaging with research software.

09:28

Git 2.20.0 released [LWN.net]

Git 2.20.0 is out. Changes include interdiff generation support in git format-patch, an improved ability to cope with corrupted patches in git am, a number of performance and usability improvements, and more.

“I didn’t do the reading…” [Seth's Blog]

This is a brave and generous thing to say.

If you’re not able (or committed enough) to do the reading before you give your opinion, please have the guts to point that out.

“I didn’t read the proposal, but my bias is…”

We’re winging it. All of us. The world goes faster and faster, and so people are finding themselves unable to read the bill before they vote on it, listen to the entire album before they review it or keep up with the best in the field before they do their work.

That’s not always a good idea.

Winging it is a fine way to start a conversation or get back to first principles. If you’re clear about your background and your focus, you can add a lot of value without doing the reading.

But doing the reading matters. It’s the shortcut to being better at your craft. And it’s respectful to those you’re working with, the ones who cared enough to allocate the time.

But… if you’re not going to do the reading, at least let us know so we can process your input in a useful way instead of assuming that you’re doing the analysis wrong.

08:42

Release Window [Ctrl+Alt+Del Comic]

So, hey, if you’re sitting around trying to decide what you want to get me for Christmas, your support on Patreon is what I’d really like under my tree this year!

I try not to be constantly posting reminders, but putting out comics three days a week for 16 years doesn’t happen without the continued support from our readers. Patreon has become one of the primary methods of keeping this site going and I’d love for you to check it out, and let me give you some bonus comics to boot. Our Patreon has currently amassed over 100 Patron Cameo comics, over 40 exclusive Ethan and Lucas one-shots, and nearly 30 new Chef Brian strips, with more each month. Plus, if you’re a Patron, you won’t have to feel guilty if you’re blocking our ads (the other primary method of support that allows us to continue to offer free comics here each week).

So if you like what we do here, I hope you’ll consider throwing a pledge our way. Even just a $1 a month (I put up 12 comics a month here for free, on average; so that’s like $0.08 a comic!) helps pay the bills. And if we get enough support to push us over our next milestone, all Patrons will get an extra Ethan and Lucas comic each month!

The post Release Window appeared first on Ctrl+Alt+Del Comic.

Comic: The Orb In All Of Us [Penny Arcade]

New Comic: The Orb In All Of Us

07:35

252 [LFG Comics]

The post 252 appeared first on Tiny Dick Adventures.

06:49

Petter Reinholdtsen: Non-blocking bittorrent plugin for vlc [Planet Debian]

A few hours ago, a new and improved version (2.4) of the VLC bittorrent plugin was uploaded to Debian. This new version include a complete rewrite of the bittorrent related code, which seem to make the plugin non-blocking. This mean you can actually exit VLC even when the plugin seem to be unable to get the bittorrent streaming started. The new version also include support for filtering playlist by file extension using command line options, if you want to avoid processing audio, video or images. The package is currently in Debian unstable, but should be available in Debian testing in two days. To test it, simply install it like this:

apt install vlc-plugin-bittorrent

After it is installed, you can try to use it to play a file downloaded live via bittorrent like this:

vlc https://archive.org/download/Glass_201703/Glass_201703_archive.torrent

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Girl Genius for Wednesday, December 12, 2018 [Girl Genius]

The Girl Genius comic for Wednesday, December 12, 2018 has been posted.

05:14

Poop and Taxes [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Tonight's comic heard that you think you're special.

01:21

Matthew Palmer: Falsehoods Programmers Believe About Pagination [Planet Debian]

The world needs it, so I may as well write it.

  • The number of items on a page is fixed for all time.
  • The number of items on a page is fixed for one user.
  • The number of items on a page is fixed for one result set.
  • The pages are only browsed in one direction.
  • No item will be added to the result set during retrieval.
  • No item will be removed from the result set during retrieval.
  • Item sort order is stable.
  • Only one page of results will be retrieved at one time.
  • Pages will be retrieved in order.
  • Pages will be retrieved in a timely manner.

00:35

Savage Love [The Stranger, Seattle's Only Newspaper: Savage Love]

His brother "stumbled over" his Tumblr sex blog and shared it with their parents. by Dan Savage

Straight and married but not boring, and heading to my parents' house for our first family Christmas since my asshole MAGA brother "stumbled over" the Tumblr blog where the wife and I posted about our sexual adventures. (Pics of MMF threesomes and cross-dressing/pegging sessions, plus some dirty "true enough" stories.) My brother has always been an angry screwup, so he leapt on the chance to make me look bad by sending the link to my parents, siblings, and even some close family friends. Our Tumblr blog is still up because we aren't ashamed. Any advice?

Totally Uncool Malicious Bastard's Lame Reveal

Your Tumblr blog isn't going to be up for much longer, TUMBLR, as the company that owns Tumblr—Verizon—is ashamed of your blog and the millions of others like it. Tumblr announced last week that all "adult" content is banned as of December 17. And the definition of "adult content" is pretty broad: "photos, videos, and GIFs of human genitalia, female-presenting nipples, and any media involving sex acts, including illustrations," although they will allow genitals and those wicked "female-presenting nipples" in images of classical art. (No contemporary junk or lady nips allowed.)

This is not just a blow to people who use Tumblr for porn—and that's most people who use Tumblr—but also to the sex work community. Sex workers had already been driven off most other online platforms by anti-sex-work crusaders, and now sex workers are being driven off Tumblr as well. Forcing sex workers off the internet won't end sex work, the stated goal of anti-sex-work crusaders, but it will make sex work more dangerous—which tells us everything we need to know about the motives of anti-sex-work crusaders. While they claim to oppose sex work because it's dangerous, they push policies that make sex work more dangerous. Sex workers weren't just advertising online, they were organizing—in addition to honing and making the political argument for decriminalizing sex work, they were screening potential clients and sharing information with each other about dangerous clients. Just like anti-choice/anti-abortion crusaders, anti-sex-work crusaders don't want to "protect" women; they want to punish women for making choices they disapprove of. (As a general rule: If what you're doing makes people less safe, you don't get to claim you're trying to protect anyone—it's like claiming you only set houses on fire to drive home the importance of smoke alarms.)

Anyway, fuck your sex-shaming/smut-shaming brother, TUMBLR. As for the rest of your family, you and the wife should slap smiles on your faces and act like you've done nothing wrong—because you haven't done anything wrong. Your asshole brother is the bad guy, and any family members who wish to discuss how offended they were by your Tumblr blog should be directed to speak with your brother, as he's the one who showed it to them.


How can I explain to my sisters that although I am a free sexual woman, I still prefer men as sexual partners? My sisters are both involved with women and they cannot understand how, with all the awful sexual inequality in the world, I can still be primarily attracted to men. Sometimes I even imagine my sexuality as a gay man's sexuality in a woman's body, and I try to explain it to them in this way. I'm not a secret right-winger or someone kidding around by asking this question. This is a real issue.

Give It To Me Straight

P.S. I have a straight male friend who says he's a lesbian trapped in a man's body. What do you think of this?

People don't choose to be straight—some poor motherfuckers are born that way—any more than hetero-romantic bisexuals choose to be hetero-romantic bisexuals. You can't help who you're attracted to, GITMS, primarily or otherwise, and the contempt of family members can't change a person's sexual or romantic orientation. Your sisters should understand that, since they most likely wouldn't be with women if the contempt of family members had that kind of power.

As for describing yourself as a gay man trapped in a woman's body and your straight male friend describing himself as a lesbian trapped in a man's body... Unless the two of you are trans—in which case, you could be homos trapped in the wrong bodies—your friend is just another straight guy mortified by the mess straight people (mostly white, mostly men) have made of the world. You're also mortified by straightness, GITMS, or at least the sexual inequality that often comes bundled with it. But instead of your straight male friend opting out of heterosexuality (which he can't do) or you framing your attraction to men as a gay thing to get your sisters off your back (which you shouldn't have to do), your friend should identify as straight (because he is) and you should identify as someone who doesn't give a shit what her sisters think (because you shouldn't).

If good straight guys and "free sexual women" in opposite-sex relationships don't identify with heterosexuality and/or hetero-romantic orientations, GITMS, all the shitty straight people will conclude that they get to define heterosexuality (which they don't).


I'm a gay man in my mid 20s, and I'm getting more serious with a guy I met a few months ago. I was surprised to eventually learn that "Michael" is in his late 30s, since he easily passes for my age. I'm comfortable with the age gap, but I'm struggling with how to present this to my parents. Religious and conservative, they were cordial but distant with the last guy I dated (who was my age). I'm afraid the age gap with my new boyfriend will create even more discomfort for them and that Michael will sense it when he comes along to visit for the holidays. I'm considering lying to my parents if Michael's age comes up. I've challenged my parents' attitudes for many years—but at this point, I'm willing to trade honesty for the chance to be treated even a little bit more like a "normal couple" at Christmas. Is it selfish to ask Michael for permission to lie about his age? I'm nervous to even share my feelings with him, for fear it will give the impression I'm embarrassed by him.

Awkward Gatherings Expected Given Age Peculiarity

Tell one lie to make your relationship seem more acceptable to your parents, and you'll be tempted to tell them more lies—and I don't know about you, AGEGAP, but not having to lie to mommy and daddy anymore was one of the reasons I came out of the closet. And if you want your parents to be comfortable with Michael, if you don't want them to think there's anything wrong with their son dating an older man, deceiving your parents about Michael's age is a terrible first move. That says you think there's something wrong it—and you won't just be saying that to your parents, AGEGAP, you'll be saying it to Michael as well.

And let's say things work out with Michael. The lie you told that first Christmas will only serve to make things more awkward after you finally tell them the truth about your boyfriend's age. And if your parents are like other mildly or wildly homophobic parents, i.e., if they're inclined to regard the man who sodomizes their son as a negative influence in his life, they may not believe the lie was your idea. They'll think this creepily youthful older man—this man who showed up in their home wearing a suit made out of the skins of younger gay men—encouraged their son to lie to them so they wouldn't object to the relationship in the early stages, when their objections might have had the ability to derail it.

Finally, AGEGAP, if your older boyfriend is concerned you may be too immature for him—not all young people are immature and not all immature people are young, but this shit does correlate—telling him you're still in the lie-to-mommy-and-daddy stage might prompt him to end this relationship.


On the Lovecast: RealDoll brothels?! Listen at savagelovecast.com.

mail@savagelove.net

@fakedansavage on Twitter

ITMFA.org

[ Comment on this story ]

[ Subscribe to the comments on this story ]

Tuesday, 11 December

23:56

23:49

Louis-Philippe Véronneau: Montreal Bug Squashing Party - Jan 19th & 20th 2019 [Planet Debian]

We are organising a BSP in Montréal in January! Unlike the one we organised for the Stretch release, this one will be over a whole weekend so hopefully folks from other provinces in Canada and from the USA can come.

So yeah, come and squash bugs with us! Montreal in January can be cold, but it's usually snowy and beautiful too.

A picture of Montréal during the winter

As always, the Debian Project is willing to reimburse 100 USD (or equivalent) of expenses to attend Bug Squashing Parties. If you can find a cheap flight or want to car pool with other people that are interested, going to Montréal for a weekend doesn't sound that bad, eh?

When: January 19th and 20th 2019

Where: Montréal, Eastern Bloc

Why: to squash bugs!

23:28

Link [Scripting News]

President Covfefe hits the wall.

22:14

Louis-Philippe Véronneau: Razer Deathadder Elite Review [Planet Debian]

After more than 10 years of use and abuse, my old Microsoft IntelliMouse died a few months ago. The right click had been troublesome for a while, but it became so broken I couldn't reliably drag and drop anymore.

It's the first mouse I kill and I don't know if I have to feel proud or troubled by that fact. I guess I'm getting old enough that saying I've used the same mouse for 10 years strait sounds reasonable?

I considered getting a new IntelliMouse, as Microsoft is reviving the brand, but at the price the 3.0 model was selling in August (~70 CAD), better options were available.

Picture of the mouse

After shopping online for a while, I ended up buying the Razer Dethadder Elite. Despite the very gamer oriented branding, I decided to get this one for its size and its build quality. I have very large hands and although I'm more of a "Tip Grip" type of person, I occasionally enjoy a "Palm Grip".

I have been using the mouse for around 3 months now and the only thing I really dislike is its default DPI and RGB settings. To me the DPI buttons were basically useless since anything beyond the lowest level was set too high.

The mouse also has two separate RGB zones for the scroll wheel and the Razer logo and I couldn't care less. As they are annoyingly set to a rainbow-colored shuffle by default, I turned them off.

Although Razer's program to modify mouse settings like DPI levels and RGB colors doesn't support Linux, the mouse is supported by OpenRazer. Settings are stored in the mouse directly, so you can setup OpenRazer in a throwaway VM, get the mouse the way you want and never think about that ever again.

Let's hope this one lasts another 10 years!

21:28

Patch Tuesday, December 2018 Edition [Krebs on Security]

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications. Adobe has issued security fixes for its Acrobat and PDF Reader products, and has a patch for yet another zero-day flaw in Flash Player that is already being exploited in the wild.

At least nine of the bugs in the Microsoft patches address flaws the company deems “critical,” meaning they can be exploited by malware or ne’er-do-wells to install malicious software with little or no help from users, save for perhaps browsing to a hacked or booby-trapped site.

Microsoft patched a zero-day flaw that is already being exploited (CVE-2018-8611) and allows an attacker to elevate his privileges on a host system. The weakness, which is present on all supported versions of Windows, is tagged with the less severe “important” rating by Microsoft mainly because it requires an attacker to be logged on to the system first.

According to security firm Rapid7, other notable vulnerabilities this month are in Internet Explorer (CVE-2018-8631) and Edge (CVE-2018-8624), both of which Microsoft considers most likely to be exploited. Similarly, CVE-2018-8628 is flaw in all supported versions of PowerPoint which is also likely to be used by attackers.

It generally can’t hurt for Windows users to wait a day or two after Microsoft releases monthly security updates before installing the fixes; occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out. Also, it’s a good idea to get in the habit of backing up your data before installing Windows updates.

Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update.

For its part, Adobe’s got new versions of Adobe Reader and Adobe Acrobat that plug dozens of security holes in the programs. Also, last week Adobe issued an emergency patch to fix a zero-day flaw in Flash Player that bad guys are now using in active attacks.

Fortunately, the most popular Web browser by a long shot — Google Chrome — auto-updates Flash but also is now making users explicitly enable Flash every time they want to use it (Microsoft also bundles Flash with IE/Edge and updates it whenever Windows systems install monthly updates). By the summer of 2019 Google will make Chrome users go into their settings to enable it every time they want to run it.

Firefox also forces users with the Flash add-on installed to click in order to play Flash content; instructions for disabling or removing Flash from Firefox are here. Adobe will stop supporting Flash at the end of 2020.

As always, if you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips.

Further reading:

Ask Woody’s summary.

Ghacks writeup on December 2018 Patch Tuesday.

Qualys’s take.

Ivanti Patch Tuesday Webinar, 11 a.m. ET, Dec. 12.

19:56

Firefox 64 released [LWN.net]

The Mozilla Blog takes a look at the Contextual Feature Recommender (CFR) in Firefox 64. "Aimed at people who are looking to get more out of their online experience or ways to level up. CFR is a system that proactively recommends Firefox features and add-ons based on how you use the web. For example, if you open multiple tabs and repeatedly use these tabs, we may offer a feature called “Pinned Tabs” and explain how it works. Firefox curates the suggested features and notifies you. With today’s release, we will start to rollout with three recommended extensions which include: Facebook Container, Enhancer for YouTube and To Google Translate. This feature is available for US users in regular browsing mode only. They will not appear in Private Browsing mode. Also, Mozilla does NOT receive a copy of your browser history. The entire process happens locally in your copy of Firefox." The release notes contain more details about this release.

[$] Large files with Git: LFS and git-annex [LWN.net]

Git does not handle large files very well. While there is work underway to handle large repositories through the commit graph work, Git's internal design has remained surprisingly constant throughout its history, which means that storing large files into Git comes with a significant and, ultimately, prohibitive performance cost. Thankfully, other projects are helping Git address this challenge. This article compares how Git LFS and git-annex address this problem and should help readers pick the right solution for their needs.

19:42

Four short links: 11 December 2018 [All - O'Reilly Media]

Can We Stop?, Everything Breaks, Edge Cloud, and Molly Guard

  1. The Seductive Diversion of Solving Bias in Artificial Intelligence -- provocative title, but the point is that the preoccupation with narrow computational puzzles distracts us from the far more important issue of the colossal asymmetry between societal cost and private gain in the rollout of automated systems. It also denies us the possibility of asking: should we be building these systems at all? The expected value of pursuing this line of thinking is pretty low because there's a vanishingly small probability that we can coordinate activity globally to prevent something bad from happening. Exhibit A: climate change.
  2. Everything Breaks (Michael Lopp) -- Humans will greatly benefit from a clear explanation of the rules of the game. The rules need to evolve in unexpected ways to account for the arrival of more humans. The only way to effectively learn to what is going to break is keeping playing...and learning. See also lessons learned from scaling Stripe's engineering team.
  3. Terrarium (Fastly) -- an interesting glimpse at a possible future for web apps, where your CDN (which you need to have anyway if you're publishing anything remotely contentious or interesting) blurs with your hosting infrastructure provider. Terrarium is a multi-language deployment platform based on WebAssembly. Think of it as a playground for experimenting with edge-side WebAssembly. Being one of the first Fastly Labs projects, you can also think of it as our way of publicly experimenting with what the future of real highly performant edge computing could look like.
  4. molly-guard -- protects machines from accidental shutdowns/reboots. Etymology of the name: originally a Plexiglas cover improvised for the Big Red Switch on an IBM 4341 mainframe after a programmer's toddler daughter (named Molly) tripped it twice in one day. Later generalized to covers over stop/reset switches on disk drives and networking equipment. (via Mike Forbes)

Continue reading Four short links: 11 December 2018.

19:35

The Humble Software Bundle: VEGAS Pro Even More Creative... [Humble Bundle Blog]



The Humble Software Bundle: VEGAS Pro Even More Creative Freedom! 

We’re bringing the Magix back with another VEGAS Pro bundle! Get applications like VEGAS Pro 15 Edit, SOUND FORGE Audio Studio 12, HitFilm Movie Essentials, and more.


Assets for Press and Partners

19:14

Verizon writes down its Yahoo/AOL assets by $4.6 billion [Cory Doctorow – Boing Boing]

A friend who works in ad-tech tells me that Verizon's datasets from its Yahoo/AOL assets are "the creepiest" in the industry, but even with every dirty trick and every stupid, harebrained scheme, the companies formerly known as Oath (because everything Verizon did made their users swear uncontrollably) are basically worthless.

Verizon's $4.6 billion markdown slices the book-value of services like AOL and Tumblr in half. There will be more blood before this is over.

The episode offered a silver lining for investors. Rather than attempt a megadeal like AT&T Inc.’s $85 billion acquisition of Time Warner Inc., Verizon only spent about $9.5 billion in the past three years buying fading web giants. Though the bet hasn’t paid off, it at least stumbled on a smaller scale.

The revision of the Oath division’s accounting leaves its goodwill balance -- a measure of the intangible value of an acquisition -- at about $200 million, Verizon said in a filing Tuesday. The unit still has about $5 billion of assets remaining.

Oath was the vision of former Verizon executive Tim Armstrong, who had pursued a turnaround at AOL before the telecommunications giant acquired the business. But Armstrong stepped down from his position as CEO of Oath in October, shortly after Hans Vestberg became chief executive officer of Verizon.

Verizon Admits Defeat With $4.6 Billion AOL-Yahoo Writedown [Scott Moritz/Bloomberg]

(via Beyond the Beyond)

Small Massachusetts town decides to spend $1.4m building its own fiber, rather than paying Comcast $500K for shitty broadband [Cory Doctorow – Boing Boing]

Comcast offered to get internet service to (96% of) the good people of Charlemont, Mass in exchange for a $462,123 subsidy; instead, the town of 1300 voted to reject the offer and spend $1.4M to build their own super-fast fiber network.

The town will charge $79/month for symmetrical gigabit access with no data-caps, and people can add phone and TV service for an extra payment.

If enough townspeople sign up, there will be no extra taxes levied for the network rollout as they will be able to cover the whole costs through subscription fees.

Go Charlemont! Today, you are the smartest people in America.

An increase in property taxes would cover the construction cost. But the town would also bring in revenue from selling broadband service, and potentially break even, making the project less expensive than Comcast's offer.

"With 59 percent of households taking broadband service, the tax hike would be 29 cents [per $1,000 of assessed home value], similar to that for Comcast," a Recorder article last month said. "But if 72 percent or more of households subscribe to the municipal-owned network, there is no tax impact, because subscriber fees would pay for it."

Comcast rejected by small town—residents vote for municipal fiber instead [Jon Brodkin/Ars Technica]

Shitty Tumblr pornbot inception [Cory Doctorow – Boing Boing]

It started when Tumblr flagged one of my retrospective posts (a five year old post about the right of British schoolkids to opt out of fingerprinting) as porn.

So I made another post, making fun of the pornbot's shitty judgment. It got flagged.

Undaunted, I made another post complaining about the pornbot's shitty judgment about its own shitty judgment. Guess what happened?

Naturally, I couldn't let that slide. YOU WON'T EVER GUESS WHAT HAPPENED NEXT!

I can keep this up all day, you know!

Who says you can't win an argument with a computer?

19:07

18:28

Surveillance libraries in common smartphone apps have amassed dossiers on the minute-to-minute movements of 200 million+ Americans [Cory Doctorow – Boing Boing]

An investigation by the New York Times into the shadowy world of location-data brokerages found a whole menagerie of companies from IBM, Foursquare and the Weather Channel to obscure players like Groundtruth, Fysical and Safegraph, who pay app vendors to include their tracking code in common apps.

These apps sometimes disclose that they will track your location for ad personalization or to "improve service," but they don't generally reveal that they are beaconing your location to ad brokers you've never heard of, sometimes as often as once a minute, and that this data can be easily traced back to individuals (say, by looking for phones that go from your home address to your job five days a week), and that it is sometimes retained indefinitely.

The Times found evidence of children, public officials, and people with sensitive addiction, health, and employment situations being tracked in fine detail by these ad brokers.

For their part, the brokers say that this is merely service being traded for data, and blame users for not realizing that all this secretive, creepy shit is happening all the time.

In an accompanying guide to reducing location tracking, the Times suggests going through app-by-app location permissions but also points out that this kind of data marketplace is essentially unregulated.

Companies that use location data say that people agree to share their information in exchange for customized services, rewards and discounts. Ms. Magrin, the teacher, noted that she liked that tracking technology let her record her jogging routes.

Brian Wong, chief executive of Kiip, a mobile ad firm that has also sold anonymous data from some of the apps it works with, says users give apps permission to use and share their data. “You are receiving these services for free because advertisers are helping monetize and pay for it,” he said, adding, “You would have to be pretty oblivious if you are not aware that this is going on.”

But Ms. Lee, the nurse, had a different view. “I guess that’s what they have to tell themselves,” she said of the companies. “But come on.”

Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret [Jennifer Valentino-DeVries, Natasha Singer, Michael H. Keller and Aaron Krolik/New York Times]

(Thanks, Fipi Lele!)

(Image: Michael H. Keller/New York Times]

17:49

Today in GPF History for Tuesday, December 11, 2018 [General Protection Fault: The Comic Strip]

Ki hits a few speed bumps adjusting to Nick's parents' sense of humor...

17:42

Congressional Republicans say Equifax breach was "entirely preventable," blames "aggressive growth strategy" but reject measures to prevent future breaches [Cory Doctorow – Boing Boing]

Equifax doxed 145 million Americans, dumping their most sensitive financial data into the world forever, with repercussions that will be felt for decades to come.

A Congressional panel convened to evaluate the causes of the breach has published its majority report, endorsed by the Republicans on the committee: Equifax, in a drive to attain fast growth, acquired companies at a rate that exceeded its ability to securely integrate them; it neglected its IT, resulting in a critical vulnerability remaining unpatched for 145 days; it did not engage in basic preparation like a breach notification procedure. In other words, this catastrophe was the result of greed triumphing over good management, and was thus "entirely preventable."

However, the Committee's Republican members refused to sign onto the very modest recommendations proposed by Democrats on the committee. These recommendations included "';requiring federal financial regulatory agencies to report their efforts to protect consumers from cybertheft and identify areas Congress could enhance agencies' authorities to achieve that goal,' guidelines for federal contractors to comply with established cybersecurity standards, a comprehensive notification law that dictates how victims of a victim breach must be notified and an amended Federal Trade Commission Act to 'strengthen civil penalties for private sector violations of consumer data security requirements.'"

Equifax released a statement complaining that they weren't given enough time prior to the committee report to prepare their spin.

"We are deeply disappointed that the Committee chose not to provide us with adequate time to review and respond to a 100-page report consisting of highly technical and important information. During the few hours we were given to conduct a preliminary review we identified significant inaccuracies and disagree with many of the factual findings," Equifax said.

"Equifax has worked in good faith for nearly 15 months with the Committee to be transparent, cooperative and shed light on our learnings from the incident in order to enrich the cybersecurity community," it added. "While we believe that factual errors serve to undermine the content of the report, we are generally supportive of many of the recommendations the Committee laid out for the government and private industry to better protect consumers, and have already made significant strides in many of these areas."

House panel issues scathing report on 'entirely preventable' Equifax data breach [Olivia Beavers/The Hill]

17:35

Google Gets a Slap on the Wrist For Site-Blocking Failures [TorrentFreak]

Last year, Russian introduced new legislation that can see search engines fined for offering links to VPNs and other anonymizers that have been banned in the country. Fines can also be issued to search engines that fail to connect to a resource offering up-to-date information on what domains should be rendered inaccessible.

This database (known as FGIS), should have been utilized by Google, but for reasons that remain unclear, the US-based search giant didn’t want to play ball.

Several weeks ago, local telecoms watchdog Roscomnadzor contacted Google with a demand that it should immediately connect to the FGIS blacklist. Google still did not comply, placing the company in breach of federal law.

That left Google exposed to a potential administrative fine of between 500,000 and 700,000 rubles (US$7,545 to US$10,563). A further demand insisted that it should connect to the FGIS database by today.

Despite a meeting between Deputy Head of Roscomnadzor Vadim Subbotin and Doron Avni, Google’s Director of Public Policy & Government Relations for Europe, Middle East & Africa Emerging Markets, which took place in Moscow last month, today’s deadline wasn’t met.

Roscomnadzor announced this morning that as a result of the continued breach, it had considered the merits of an administrative violation against Google. Since the company had not responded as required, despite having the rules “repeatedly explained”, a fine had been imposed.

“Failure to comply with these requirements constitutes an administrative offense (Part 1 of Article 13.40 of the Administrative Code of the Russian Federation). The sanction of this article provides for a legal fine in the amount of from 500 to 700 thousand rubles,” a Roscomnadzor statement reads.

While fines are never welcome, the watchdog fined Google just 500,000 rubles (US$7,545). This is the lowest amount that can be handed down under existing laws.

While the dispute was ongoing, Google said that it was in constant contact with Roscomnadzor and was ready for discussion and negotiation, including action to ensure it complies with Russian legal requirements moving forward. Why connecting to Russia’s FGIS database didn’t happen as required remains unclear.

Early November, major rightsholders and tech companies in Russia signed a memorandum of cooperation to deal with the issue of online piracy. Google was not a signatory although there are some suggestions that it could join at some point in the future.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Reproducible builds folks: Reproducible Builds: Weekly report #189 [Planet Debian]

Here’s what happened in the Reproducible Builds effort between Sunday December 2 and Saturday December 8 2018:

Packages reviewed and fixed, and bugs filed

Test framework development

There were a number of updates to our Jenkins-based testing framework that powers tests.reproducible-builds.org this week, including:

  • Chris Lamb:
    • Re-add support for calculating a PureOS package set. (MR: 115)
    • Support arbitrary package filters when generating deb822 output. (MR: 22)
    • Add missing DBDJSON_PATH import. (MR: 21)
    • Correct Tails’ build manifest URL. (MR: 20)
  • Holger Levsen:
    • Ignore disk full false-positives building the GNU C Library. []
    • Various node maintenance. (eg. [], [], etc.)
    • Exclusively use the database to track blacklisted packages in Arch Linux. []

This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, Muz & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

17:21

Quicklisp news: December 2018 Quicklisp dist update now available [Planet Lisp]

New projects:

  • agutil — A collection of utility functions not found in other utility libraries. — MIT
  • aserve — AllegroServe, a web server written in Common Lisp — LLGPL 
  • cl-batis — SQL Mapping Framework for Common Lisp — MIT
  • cl-dbi-connection-pool — CL-DBI-Connection-Pool - connection pool for CL-DBI — LLGPL
  • cl-json-pointer — A JSON Pointer (RFC6901) implementation for Common Lisp. — MIT
  • cl-punch — Scala-like anonymous lambda literal — MIT
  • definitions-systems — Provides a simple unified extensible way of processing named definitions. — Public Domain
  • easy-bind — Easy-bind - easy local binding for Common Lisp — MIT
  • first-time-value — Returns the result of evaluating a form in the current lexical and dynamic context the first time it's encountered, and the cached result of that computation on subsequent evaluations. — Public Domain
  • hyperspec — A simple library for looking up common-lisp symbols in the hyperspec. — LLGPLv3+
  • its — Provides convenient access to multiple values of an object in a concise, explicit and efficient way. — Public Domain
  • mra-wavelet-plot — Plot MRA-based wavelets (scaling function and mother wavelet) with given coefficients of the dilation equation — 2-clause BSD
  • openid-key — Get OpenID keys from issuer. — MIT
  • pjlink — A library for communicating with PJLink-compatible projectors over TCP/IP. see https://pjlink.jbmia.or.jp/english/ for information on PJLink and compatible devices. — CC0 1.0 Universal
  • poler — Infix notation macro generator — LLGPL
  • rpcq — Message and RPC specifications for Rigetti Quantum Cloud Services. — Apache 2
  • shadowed-bindings — Establishes a new lexical context within which specified bindings are explicitly shadowed, making it clear that they are not referenced within, thereby reducing cognitive load. — Public Domain
  • static-dispatch — Static generic function dispatch for Common Lisp. — MIT
  • trivial-jumptables — Provides efficient O(1) jumptables on supported Common Lisp implementations and falls back to O(log(n)) on others. — Public Domain
  • trivial-sockets — trivial-sockets — MIT
  • utility — A collection of useful functions and macros. — MIT
  • wild-package-inferred-system — Introduces the wildcards `*' and `**' into package-inferred-system — MIT
Updated projectsalexandriaaprilarchitecture.builder-protocolarchitecture.hooksasdf-vizbstcamblcari3scarriercavemancffichronicitycl-anacl-bibtexcl-cffi-gtkcl-charmscl-cognitocl-collidercl-conllucl-dbicl-digraphcl-environmentscl-epochcl-hamcrestcl-json-helpercl-ledgercl-markdowncl-patternscl-pythoncl-quickcheckcl-strcl-tetris3dcl-tiledcl-tomlcl-unificationclazyclipcloser-mopclxcodexcovercroatoandbusde.setf.wilburdefinitionsdocparserdufyeclectorevent-emitterf2clfemlispfiascoflarefloat-featuresfunction-cachefxmlgamebox-mathgendlgenhashglsl-toolkitgolden-utilsharmonyhelambdaphttp-bodyhu.dwim.web-serverip-interfacesironcladjonathanjsonrpclacklisp-binarylisp-chatlocal-timemaidenmcclimmmapopticloverlordparachuteparenscriptparser.common-rulespetalisppgloaderplexippus-xpathplumpplump-sexppostmodernprotestprotobufqbase64qlotquriracerregular-type-expressionsafety-paramssc-extensionsserapeumshadowsimple-tasksslysnakessnoozestaplestealth-mixinstefilstumpwmthe-cost-of-nothingtime-intervaltrivial-benchmarktrivial-utilitiesumbrautilities.binary-dumpvgplotwebsocket-driverwith-c-syntaxwoozacl.

To get this update, use (ql:update-dist "quicklisp")

Enjoy!

16:56

Security updates for Tuesday [LWN.net]

Security updates have been issued by Debian (php7.0), Fedora (keepalived, kernel, kernel-headers, kernel-tools, mingw-uriparser, and uriparser), openSUSE (pdns-recursor), Oracle (kernel), SUSE (compat-openssl098, glibc, java-1_8_0-ibm, kernel, opensc, python, python-base, python-cryptography, python-pyOpenSSL, samba, and soundtouch), and Ubuntu (cups).

16:28

Brief Administrative Note [Whatever]

This Friday is basically my last working day of the year, so if you want/need something from me in 2018, you should contact me about it real soon. Like, uh, by Friday.

That’s all.

(PS: If you’ve requested a January Big Idea, don’t panic, I’ll be processing those soon(ish).)

15:35

The Big Idea: Chad Orzel [Whatever]

I liked Breakfast With Einstein so much I gave it a blurb, which you can see in the image above. But why did I like it? Because it explores the esoteric realm of quantum physics — here in the everyday world. Here’s the author, Chad Orzel, to dig deeper into it all.

(PS: The UK edition of this book made the Sunday Times list for Best Books of the Year, 2018. Not bad!)

CHAD ORZEL:

Quantum mechanics is one of the most amazing theories in all of science, full of stuff that captures the imagination: zombie cats, divine dice-rolling, spooky actions over vast distances. Maybe the single most amazing thing about it, though, is that we think it’s weird.

That probably seems a strange thing to say, because quantum physics is so weird, but that’s exactly the point. These are the fundamental principles governing the behavior of everything in the universe, and yet they run completely counter to our intuition about how the world works. If these are the basic rules underlying everything, shouldn’t they make sense? How can the entire universe behave according to strictly quantum laws, and yet we’re not intuitively aware of it?

The answer is that quantum behaviors only become obvious when you’re looking at really small things: the behavior of electrons within atoms, say, or smallish groups of atoms moving slowly. As the things you’re looking at get bigger, their quantum-ness sort of blurs out, and we’re left with objects that, to an excellent approximation, behave according to the rules of Newtonian physics. The everyday, human-scale world, is just too big for us to see quantum physics in action.

At least, that’s what we think. If you know where to look, though, you can find hints of quantum physics absolutely everywhere, even in the most mundane of activities. The process of getting up in the morning and getting ready for work or school is absolutely full of phenomena and technologies with quantum roots.

Quantum physics got its start in an attempt to explain the red glow of a hot object like the heating element in the toaster you use to make breakfast — to explain that color, you need light to behave like a particle. Quantum physics determines the time on the alarm clock that wakes you up, through the cesium atomic clocks that we use to define the second — to make that connection, you need electrons to behave like waves. Quantum physics enables the sensors in the digital cameras your friends use to take cat photos, the semiconductor computer chips used to process them, and the lasers that carry them over fiber-optic telecommunications lines for you to stare blearily at as you sip your morning beverage of choice.

At the deepest level, the universe really does behave according to quantum mechanics, and while the huge size of the human-scale world mostly blurs out quantum phenomena, there are subtle hints left behind. That’s how we know about quantum physics, after all– from the work of scientists who spotted those little clues in the behavior of human-scale objects, and doggedly followed them to uncover the fundamental rules that we find so weird.

Breakfast with Einstein is a book about those clues, about how quantum phenomena manifest in everything that we do. It explains the quantum rules that govern everything, and how those rules applied to huge numbers of atoms combine to produce the world that we see. And it tells you where to look to see quantum physics in your daily routine. It probably won’t make you a morning person, but it might help make your mornings a little more amazing.

—-

Breakfast With Einstein: Amazon|Barnes & Noble|Indiebound|One World Publications (UK)

Visit Orzel’s writing for Forbes. See his personal blog. Follow him on Twitter.

15:28

[$] Measuring container security [LWN.net]

There are a lot of claims regarding the relative security of containers versus virtual machines (VMs), but there has been little in the way of actually trying to measure those differences. James Bottomley gave a talk in the refereed track of the 2018 Linux Plumbers Conference (LPC) that described work that targets filling in that gap. He and his colleagues have come up with a measure that, while not perfect, gives a starting point for further efforts.

15:14

Why doesn’t my lock screen image change after I replace the image file? [The Old New Thing]

A customer was using the group policy "Force a specific default lock screen and logon image" to set the lock screen image to their company's logo, pointing it to a path on the local computer. The company recently redesigned their logo, and they updated the image file on the computer, but the lock screen continued to show the old image. The customer wanted to know how to get the image to update.

When the lock screen image is set, the system uses a low-privilege process to decode the image. That way, if someone passes an image that exploits a previously-unknown defect in the image processing library, only a low-privilege process is compromised. The result is then re-encoded and saved in a protected location.

It is this sanitized version of the image that is used on the lock screen and logon screen. This avoids the problems that could occur if an untrusted image were decoded by a high-privilege process.

When you select an image to use as your lock screen image, the system takes a snapshot of that image, and it is the snapshot that is used on the lock screen. Any changes to the original image are ignored. You could even delete the original.

If you want to update the image, you need to go through the process of setting it. You can't just smash the file that you specified as the lock screen image; the system doesn't care about that file once it has been captured.

In the case of group policy, there's another wrinkle: If you choose to deploy a new image and it has the same name as the old image, then the new file must have a timestamp newer than the timestamp of the old file, so that the code realizes that it needs to go sanitize the new image. Easier is to just give the new file a new name.

14:42

The EU says it wants Europeans to engage with it: now that 4 MILLION of them have opposed mass censorship through #Article13, will they listen? [Cory Doctorow – Boing Boing]

Today, activists delivered more than 4,000,000 Europeans' signatures opposing the inclusion of an automated censorship system in the new Copyright Directive to the European officials in Strasbourg who are negotiating the final form of the Directive before the next vote.

It's hard to recall any EU initiative that was this unpopular, and nothing the negotiators have done since they slipped behind closed doors more than three months ago has improved it. Instead, they've added an incoherent slaw of contradictory subrules to the proposal that can't possibly be honoured, none of which alter the incontrovertible fact that Article 13 (which required algorithmic copyright censorship bots from the very start) will inevitably lead to AI filters making billions of judgments a day about what Europeans may and may not say.

At this point, it's safe to say that nearly everybody hates this rule: the largest movie companies and sports leagues in Europe have asked the EU to remove their content from the scope of Article 13; the world's preeminent internet technologists have warned that it could wreck the internet, and millions of Europeans agree.

The EU is in a crisis, with Eurosceptic movements on the rise in almost every member-state. To counter this, the EU has promoted the idea that it is an evidence-based, neutral policymaker, devoted to promoting the interests of all 500,000,000 people under its jurisdiction. It has called on Europeans to strengthen their relationship with the EU by engaging more in European policy questions.

European experts and the European people have spoken, and overwhelmingly what they have said is that Article 13 is unsalvageable. If the EU has a hope of remaining credible, it has to do more than say it wants to listen to the European people, it has to do more than say it wants to make evidence-based policy for the good of the region: it has to do so.

Four million Europeans' signatures opposing Article 13 have been delivered to the European Parliament [Cory Doctorow/EFF Deeplinks]

14:14

Followup on The Correspondent [Scripting News]

I asked a bunch of questions about The Correspondent yesterday and got answers from the anonymous account of the company, and from one of the founders, Ernst Pfauth, on Twitter. He posted a link to a Medium piece about how their rolodex feature works. Below are the questions and answers.

  • Is the rolodex up and running yet?
    • Yes.
  • Is it a benefit of membership?
    • Yes
  • Do you have to pay to be in the rolodex?
    • You have to be a member to be in there. But when we invite people to join a discussion, we give them a one month membership.
  • What if a "reader" gets an idea for a story?
    • All our correspondent's email addresses are visible on the site.
  • Can readers enlist the expertise of other members?
    • Not Yet. We really want to introduce this asap.
  • Is it a non-profit?
    • No. But it is limited-profit. [What this means isn't clear. They have said it means that the partners will not draw out more than 5 percent of the revenue for themselves, putting all the remaining profit back into the company. At least one commenter in the thread thinks this is not straight.]
  • Will you have a public editor? If so, will be it be a member of the public or a journalist?
    • As far as I can see this one was not answered.

Since being in the rolodex requires membership, I signed up, giving $25. The next page after signing up offered ways to give more money or help them promote membership. They really sell hard. There was a huge iconic image of Jay Rosen on the page. I found this very disturbing. I actually edited the DOM tree to make his image invisible. Then I gave them the money.

I asked a bunch of other questions, trying to understand where their reporters will come from and how they will assure that these reporters care about members more than most American reporters. I got a vague answer about that, from which I concluded their reporters will be like every other reporter, and the idea that they will be engaged with readers is either hype or snake oil, or good intentions, but they don't have any magic that turns reporters into community-minded people.

I am not part of their "movement," even though they accuse me of that in all their communication. I don't like this company. I like them less than the typical journalistic venture that doesn't pretend to give a shit about readers, because they're using our good nature, and desire to believe in something to get money out of us. The limited role of members is, to me, unacceptable. We certainly don't get a chance to participate at the same level as the paid journalists. Consider the answer to the question as to whether members can start new investigations -- you can pitch an idea to a reporter via email. That is a terrible answer.

The only movement I would be part of is one that doesn't distinguish between reporters and members, that has a level playing field. I think that's the only way journalism can scale to meet our needs and avoid the kinds of disasters journalism has led us to.

Since the rolodex is online, I thought I should try to find it, and enter my information. I tried a search, but it led me to the home page, and a pitch to give money. I went to their FAQ page and searched for the word "rolodex" -- there were no matches. I looked for a Members link on their website, if it was there I didn't see it. The rolodex may be online, but apparently it's not available to members yet.

  • Update: The rolodex exists in Dutch but hasn't been localized yet.

Observation: The rolodex is a good idea, but why shouldn't there be a global index available to all reporters and sources, not just those who give money to Pfauf and company? Why would I want to limit my usefulness to just their reporters?

Net-net: They're doing a great job of raising money. They promise to start a very different journalistic enterprise. When I asked Scripting News readers in the Netherlands what they thought of their Dutch effort there was a generally positive response. That's where we are now.

PS: I forgot to ask if there will be RSS feeds.

PPS: I also forgot to ask if there's a paywall.

12:56

Dirk Eddelbuettel: RQuantLib 0.4.7: Now with corrected Windows library [Planet Debian]

A new version 0.4.7 of RQuantLib reached CRAN and Debian. Following up on the recent 0.4.6 release post which contained a dual call for help: RQuantLib was (is !!) still in need of a macOS library build, but also experienced issues on Windows.

Since then we set up a new (open) mailing list for RQuantLib and, I am happy to report, sorted that Windows issue out! In short, with the older g++ 4.9.3 imposed for R via Rtools, we must add an explicit C++11 flag at configuration time. Special thanks to Josh Ulrich for tireless and excellent help with testing these configurations, and to everybody else on the list!

QuantLib is a very comprehensice free/open-source library for quantitative finance, and RQuantLib connects it to the R environment and language.

This release re-enable most examples and tests that were disabled when Windows performance was shaky (due to, as we now know, as misconfiguration of ours for the windows binary library used). With the exception of the AffineSwaption example when running Windows i386, everything is back!

The complete set of changes is listed below:

Changes in RQuantLib version 0.4.7 (2018-12-10)

  • Changes in RQuantLib tests:

    • Thanks to the updated #rwinlib/quantlib Windows library provided by Josh, all tests that previously exhibited issues have been re-enabled (Dirk in #126).
  • Changes in RQuantLib documentation:

    • The CallableBonds example now sets an evaluation date (#124).

    • Thanks to the updated #rwinlib/quantlib Windows library provided by Josh, examples that were set to dontrun are re-activated (Dirk in #126). AffineSwaption remains the sole holdout.

  • Changes in RQuantLib build system:

    • The src/Makevars.win file was updated to reflect the new layout used by the upstream build.

    • The -DBOOST_NO_AUTO_PTR compilation flag is now set.

As stated above, we are still looking for macOS help though. Please get in touch on-list if you can help build a library for Simon’s recipes repo.

Courtesy of CRANberries, there is also a diffstat report for the this release. As always, more detailed information is on the RQuantLib page. Questions, comments etc should go to the new rquantlib-devel mailing list. Issue tickets can be filed at the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

12:07

Bits from Debian: Debian Cloud Sprint 2018 [Planet Debian]

The Debian Cloud team held a sprint for the third time, hosted by Amazon at its Seattle offices from October 8th to October 10th, 2018.

We discussed the status of images on various platforms, especially in light of moving to FAI as the only method for building images on all the cloud platforms. The next topic was building and testing workflows, including the use of Debian machines for building, testing, storing, and publishing built images. This was partially caused by the move of all repositories to Salsa, which allows for better management of code changes, especially reviewing new code.

Recently we have made progress supporting cloud usage cases; grub and kernel optimised for cloud images help with reducing boot time and required memory footprint. There is also growing interest in non-x86 images, and FAI can now build such images.

Discussion of support for LTS images, which started at the sprint, has now moved to the debian-cloud mailing list). We also discussed providing many image variants, which requires a more advanced and automated workflow, especially regarding testing. Further discussion touched upon providing newer kernels and software like cloud-init from backports. As interest in using secure boot is increasing, we might cooperate with other team and use work on UEFI to provide images signed boot loader and kernel.

Another topic of discussion was the management of accounts used by Debian to build and publish Debian images. SPI will create and manage such accounts for Debian, including user accounts (synchronised with Debian accounts). Buster images should be published using those new accounts. Our Cloud Team delegation proposal (prepared by Luca Fillipozzi) was accepted by the Debian Project Leader. Sprint minutes are available, including a summary and a list of action items for individual members.

Group photo of the participants in the Cloud Team Sprint

11:49

CodeSOD: Strongly Unrecommended [The Daily WTF]

Asynchronous programming is hard. Because it’s so difficult, developers are constantly trying to find ways to make it simpler, whether it’s promises or callbacks, or the async/await pattern. It gets...

11:00

Where’s your Reckless Daughter? [Seth's Blog]

Joni Mitchell was one of a kind. A sensation. A record-selling machine, with legions of fans.

And then she made Don Juan’s Reckless Daughter. A personal, idiosyncratic album that marked the final gold record of her bestselling streak.

She knew exactly what she was doing. She knew that the crowd wasn’t going to follow her, just as Dylan knew what would happen when he went electric, then gospel.

She had a choice: to make the records her fans had decided in advance that they wanted to hear, or to make the music that she was proud of.

After this, she was free.

Free to make the music she heard in her head, the music she wanted to share.

In a post-Top 40 world, the irony is clear: your Reckless Daughter might very well be the breakthrough you need to reach your true audience and to do the work you’re most proud to do.

The challenge is in accepting that the masses might not cheer you on.

10:35

Activists to Deliver 4 Million Anti ‘Article 13’ Signatures to EU Parliament [TorrentFreak]

In a plenary vote in September, the European Parliament backed the controversial Article 13 proposal, which is part of the EU’s copyright reform plans.

Since then, the proposal has been tweaked in an attempt to gain broader support, but thus far the critics have yet to be silenced. That includes rightsholders as well.

Most opposition is generated by anti upload filter activists though. They rallied support from the public through various online campaigns, including a prominent petition hosted on Change.org.

Yesterday the “Stop the censorship-machinery! Save the Internet!” petition passed four million signatures, making it one of the largest to be hosted on the platform. With these impressive numbers activists behind the SaveTheInternet campaign hope to make a change.

Tomorrow the SafeTheInternet team will hand over the signatures to copyright rapporteur Axel Voss at the European Parliament in Strasbourg. The activists tried to do the same in July when the petition had roughly one million signees. At the time Voss wasn’t willing to accept them, but he has agreed to do so tomorrow.

The timing of the handover is not a mere coincidence. It’s scheduled a day ahead of the final trilogue meeting, during which lawmakers will try to reach agreement on the final test of Article 13 and other copyright reform proposals.

With the petition, the activists call on Members of the European Parliament to decide against directives such as Article 13 which may hamper freedom of information.

“This form of censorship could very soon destroy the cultural normatives of the internet as we know it. The blocking of uploads, in combination with faulty algorithms, will result in so called overblocking lead by the platforms, so that they can avoid legal violations,” the campaign website warns.

The latest Article 13 proposal, published by Politico this week, shows that the proposed language has been tweaked further still. Any references to upload filters were long gone, and it’s now clarified that Article 13 does not impose any monitoring obligation.

In addition, it suggests that platforms will be held liable if they fail to remove content following reports from copyright holders. Optionally, platforms may also be required to “make best efforts” to prevent these files from being uploaded. A so-called takedown and staydown policy.

From the latest proposal

In what appears to be a response to concerns from the public, the proposal also clarifies that enforcement measures should not prevent the availability of legitimate content. This includes fair use uploads for the purpose of criticism, review or parody.

While that sounds like good news, not everyone is convinced that this will work.

“This is the ‘nerd harder’ approach to regulating. It is magic wand regulating: make the bad stuff go away, and magically don’t have any collateral damage,” Techdirt’s Masnick comments.

That’s a fair point since large platforms simply can’t identify fair use content through algorithms. There is bound to be some collateral damage, which is already quite common as things stand today.

Responding to concerns from rightsholders in the audiovisual sector, the legislators clarified that they shouldn’t be worse off under Article 13 than they currently are.

It’s clear that the lawmakers are trying to appease both rightsholders and the public at large. The question remains, however, whether anyone will be truly pleased with the outcome of the negotiations.

The SafeTheInternet team remains on course though. They hope that the four million signatures will help to convince Members of Parliament to remain vigilant and ensure that their views are heard.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Julien Danjou: Podcast.__init__: Gnocchi, a Time Series Database for your Metrics [Planet Debian]

Podcast.__init__: Gnocchi, a Time Series Database for your Metrics

A few weeks ago, Tobias Macey contacted me as he wanted to talk about Gnocchi, the time series database I've been working on for the last few years.

It was a great opportunity to talk about the project, so I jumped on it! We talk about how Gnocchi came to life, how we built its architecture, the challenges we met, what kind of trade-off we made, etc.

You can list to this episode here.

09:56

Feeds | Checklist for a Software Management Plan 1.0 released [Planet GridPP]

Checklist for a Software Management Plan 1.0 released m.jackson 11 December 2018 - 4:41pm

By Mike Jackson, Research Software Engineer. When developing research software, we need to know what we are going to write, who it is for (even if this is just us), how we will get it to them, how it will help them, and how we will evaluate whether it has helped them. A Software Management Plan (SMP) can help us think about these and decide upon the processes we will use when developing our software. To help write SMPs, we have now published version 1.0 of our Checklist for a Software Management Plan.

09:49

Masayuki Hatta: Good ciphers in OpenJDK 10 [Planet Debian]

Until recently, I didn't know the list of supported Cipher Suites in OpenJDK is widely different between JDK versions. I used getSupportedCipherSuites() on OpenJDK 10 to get the following list, and check the strength of encryption.

My criteria is:

  1. At least 128bit.
  2. No NULL ciphers.
  3. No anonymous auth ciphers.

Then I got the following. The red ones are supposed to be weak.

Name Encryption Mode
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256bit
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128bit
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256bit
TLS_RSA_WITH_AES_256_GCM_SHA384 256bit
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 256bit
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 256bit
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256bit
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 256bit
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128bit
TLS_RSA_WITH_AES_128_GCM_SHA256 128bit
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 128bit
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 128bit
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128bit
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 128bit
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256bit
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256bit
TLS_RSA_WITH_AES_256_CBC_SHA256 256bit
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 256bit
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 256bit
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256bit
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 256bit
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256bit
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256bit
TLS_RSA_WITH_AES_256_CBC_SHA 256bit
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 256bit
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 256bit
TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256bit
TLS_DHE_DSS_WITH_AES_256_CBC_SHA 256bit
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128bit
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128bit
TLS_RSA_WITH_AES_128_CBC_SHA256 128bit
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 128bit
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 128bit
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128bit
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 128bit
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128bit
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128bit
TLS_RSA_WITH_AES_128_CBC_SHA 128bit
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 128bit
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 128bit
TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128bit
TLS_DHE_DSS_WITH_AES_128_CBC_SHA 128bit
TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0bit
TLS_DH_anon_WITH_AES_256_GCM_SHA384 256bit anon
TLS_DH_anon_WITH_AES_128_GCM_SHA256 128bit anon
TLS_DH_anon_WITH_AES_256_CBC_SHA256 256bit anon
TLS_ECDH_anon_WITH_AES_256_CBC_SHA 256bit anon
TLS_DH_anon_WITH_AES_256_CBC_SHA 256bit anon
TLS_DH_anon_WITH_AES_128_CBC_SHA256 128bit anon
TLS_ECDH_anon_WITH_AES_128_CBC_SHA 128bit anon
TLS_DH_anon_WITH_AES_128_CBC_SHA 128bit anon
SSL_RSA_WITH_DES_CBC_SHA 56bit
SSL_DHE_RSA_WITH_DES_CBC_SHA 56bit
SSL_DHE_DSS_WITH_DES_CBC_SHA 56bit
SSL_DH_anon_WITH_DES_CBC_SHA 56bit anon
TLS_RSA_WITH_NULL_SHA256 0bit null
TLS_ECDHE_ECDSA_WITH_NULL_SHA 0bit null
TLS_ECDHE_RSA_WITH_NULL_SHA 0bit null
SSL_RSA_WITH_NULL_SHA 0bit null
TLS_ECDH_ECDSA_WITH_NULL_SHA 0bit null
TLS_ECDH_RSA_WITH_NULL_SHA 0bit null
TLS_ECDH_anon_WITH_NULL_SHA 0bit null
SSL_RSA_WITH_NULL_MD5 0bit null
TLS_KRB5_WITH_DES_CBC_SHA 56bit
TLS_KRB5_WITH_DES_CBC_MD5 56bit

09:00

Masayuki Hatta: Good ciphers in OpenJDK [Planet Debian]

Until recently, I didn't know the list of supported Cipher Suites in OpenJDK is widely different between JDK versions. I used getSupportedCipherSuites() on OpenJDK 10 to get the following list, and check the strength of encryption.

Name Encryption Mode
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 256bit
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 128bit
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256bit
TLS_RSA_WITH_AES_256_GCM_SHA384 256bit
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 256bit
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 256bit
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256bit
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 256bit
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128bit
TLS_RSA_WITH_AES_128_GCM_SHA256 128bit
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 128bit
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 128bit
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128bit
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 128bit
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 256bit
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256bit
TLS_RSA_WITH_AES_256_CBC_SHA256 256bit
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 256bit
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 256bit
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256bit
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 256bit
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 256bit
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256bit
TLS_RSA_WITH_AES_256_CBC_SHA 256bit
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 256bit
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 256bit
TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256bit
TLS_DHE_DSS_WITH_AES_256_CBC_SHA 256bit
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 128bit
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128bit
TLS_RSA_WITH_AES_128_CBC_SHA256 128bit
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 128bit
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 128bit
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128bit
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 128bit
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 128bit
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128bit
TLS_RSA_WITH_AES_128_CBC_SHA 128bit
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 128bit
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 128bit
TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128bit
TLS_DHE_DSS_WITH_AES_128_CBC_SHA 128bit
TLS_EMPTY_RENEGOTIATION_INFO_SCSV 0bit
TLS_DH_anon_WITH_AES_256_GCM_SHA384 256bit anon
TLS_DH_anon_WITH_AES_128_GCM_SHA256 128bit anon
TLS_DH_anon_WITH_AES_256_CBC_SHA256 256bit anon
TLS_ECDH_anon_WITH_AES_256_CBC_SHA 256bit anon
TLS_DH_anon_WITH_AES_256_CBC_SHA 256bit anon
TLS_DH_anon_WITH_AES_128_CBC_SHA256 128bit anon
TLS_ECDH_anon_WITH_AES_128_CBC_SHA 128bit anon
TLS_DH_anon_WITH_AES_128_CBC_SHA 128bit anon
SSL_RSA_WITH_DES_CBC_SHA 56bit
SSL_DHE_RSA_WITH_DES_CBC_SHA 56bit
SSL_DHE_DSS_WITH_DES_CBC_SHA 56bit
SSL_DH_anon_WITH_DES_CBC_SHA 56bit anon
TLS_RSA_WITH_NULL_SHA256 0bit null
TLS_ECDHE_ECDSA_WITH_NULL_SHA 0bit null
TLS_ECDHE_RSA_WITH_NULL_SHA 0bit null
SSL_RSA_WITH_NULL_SHA 0bit null
TLS_ECDH_ECDSA_WITH_NULL_SHA 0bit null
TLS_ECDH_RSA_WITH_NULL_SHA 0bit null
TLS_ECDH_anon_WITH_NULL_SHA 0bit null
SSL_RSA_WITH_NULL_MD5 0bit null
TLS_KRB5_WITH_DES_CBC_SHA 56bit
~~TLS_KRB5_WITH_DES_CBC_MD5~~ 56bit

08:42

Nextcloud 15 released [LWN.net]

Version 15 of the Nextcloud productivity and communications platform is out. New features include Mastodon integration, two-factor authentication, a number of user-interface improvements, and more.

Hutterer: Understanding HID report descriptors [LWN.net]

For those who would like a deeper understanding of how the human interface device (HID) protocol works, Peter Hutterer has posted a detailed overview. "Originally HID was designed to work over USB. But just like Shrek the technology world is obsessed with layers so these days HID works over different transport layers. HID over USB is what your mouse uses, HID over i2c may be what your touchpad uses. HID works over Bluetooth and it's celebrity-diet version BLE. Somewhere, someone out there is very slowly moving a mouse pointer by sending HID over carrier pigeons just to prove a point. Because there's always that one guy."

08:14

Letters For Lucardo [Oh Joy Sex Toy]

We’ve been so excited to share this book with you all and have been waiting for the second book’s Kickstarter to go live, which it did yesterday! It’ll be running from now till December 28th– this’ll be one you’ll want to getttttt.

While the character setup in book one wasn’t quite enough for me, Otava seems to address it all in book two.

Matt wasn’t as smitten with the subject matter as I was, but I chalk that up to him not being a big vampire fan. Personally? I found it all fun. Check it out!

04:21

03:35

03:14

DELICIOUS MADNESS [Whatever]

This happened tonight.

How was it? Everything you would imagine it would be. I will note the tortilla, with the pie inside, was fried in butter and topped with cinnamon and sugar. I ate half of it and am this close to a sugar-induced coma. It is glorious.

I REGRET NOTHING.

Now if you’ll excuse me, I have to go sweat butter for a while.

Monday, 10 December

22:56

Beautiful papercraft retrocomputing models to print and love and hang from your tree [Cory Doctorow – Boing Boing]

Rocky Bergen creates gorgeous, downloadable papercraft models of retro PCs, from the Commodore 64 to the Apple ][+ to the Amstrad, with different screens to print celebrating classic 8-bit games, and accessories like tiny floppies in tiny paper sleeves. As Waxy points out, these would make stunning Christmas ornaments.

21:56

New Book and ARCs, 12/10/18 [Whatever]

They keep coming! Here’s the latest stack of new books and ARCs that have arrived at the Scalzi Compound. What here is something you’d enjoy having in your own hot little hands? Tell us all in the comments.

21:28

How Internet Savvy are Your Leaders? [Krebs on Security]

Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d never heard of. But it wasn’t until the past week that it become clear how many organizations — including towns, cities and political campaigns — actually have fallen for this brazen scam.

Image: Better Business Bureau.

The letter I tweeted about was from a company called Web Listings Inc., and it said I should pay a $85 charge for an “annual web site search engine” service.

The first clue that this was probably a scam was the letter said halfway down in capital letters “THIS IS NOT A BILL,” although it sure was made to look like one. Also, the domain it referenced was “fuckbriankrebs.com,” which was indeed registered using my street address but certainly not by me.

The sad truth is plenty of organizations *are* paying the people behind this charade, which is probably why Web Listings has been running it continuously for more than a decade. Most likely that’s because some percentage of recipients confuse this notice with a warning about a domain name they own that is about to expire and needs to be renewed.

We know plenty of people are getting snookered thanks to searchable online records filed by a range of political campaigns, towns, cities and municipalities — all of which are required to publicly report how they spend their money (or at least that of their constituents).

According to a statement filed with the Federal Election Commission, one of the earliest public records involving a payment to Web Listings dates back to 2008 and comes from none other than the the 2008 Hillary Clinton for President fund.

The documents unearthed in this story all came compliments of Ron Guilmette, a most dogged and intrepid researcher who usually spends his time tracking down and suing spammers. Guilmette said most of the public references he found regarding payments to Web Services Inc. are from political campaigns and small towns.

“Which naturally raises the question: Should we really be trusting these people with our money?” Guilmette said. “What kind of people or organizations are most likely to pay a bill that is utterly phony baloney, and that actually isn’t due and payable? The answer is people and organizations that are not spending their own money.”

Also paying $85 (PDF) to Web Listings was the 2015 campaign for Democrat Jim Kenney, the current mayor of Philadelphia.

A fund for the New York City Council campaign of Zead Ramadan (D) forked over $85 to Web Listings in 2013.

Also in 2013, the Committee to Elect Judge Victor Heutsche (D) paid $85 to keep his Web site in good standing with Web Listings. Paul T. Davis, a former Democratic state representative from Kansas handed $85 (PDF) to Web Listings in 2012.

Image: Better Business Bureau.

Lest anyone think that somehow Democratic candidates for office are more susceptible to these types of schemes, a review of the publicly-searchable campaign payments to Web Listings Inc. uncovered by Guilmette shows a majority of them were for Web sites supporting Republican candidates.

The Friends of Mike Turzai committee spent $65 in 2010 on the GOP Representative from Pennsylvania.

The fundraising committee for Republican Dick Black‘s 2012 campaign for the Virginia Senate also paid Web Listings Inc. $85. The campaign to elect Ben Chafin as a Republican delegate in Virginia in 2013 also paid out

Robert Montgomery, a former GOP state representative in Kansas, paid $85 (PDF) to Web Listings in 2012.

Those in charge of the purse strings for the “Friends of GOP New York State Senator Tom Croci” fund paid $65 in 2011 to keep his political Web site full of search engine goodness.

Paying $85 each to Web Listings in 2012 were the judicial campaigns for Louisiana GOP Judge John Slattery, and Lynn Donald Stewart, who successfully got re-elected to the Nevada state assembly that year.

Perhaps the most reliable customers of Web Listings’ dubious services have been cities, towns and municipalities across the United States. Somehow, the people in charge of the purse strings for Simpson County, Kentucky paid $85 notices from Web Listings Inc. three years in a row (2016, 2017 and 2018).

Other state and local governments that paid Web Listings for their imaginary services include El Paso County in Texas; the city council of Watertown, S.D.; the City of Cudahy, Wisconsin; the Village of Bedford Park in Cook County, Illinois; the city council in Osawatomie, Kansas; the board of supervisors in Clarke County, Iowa; Lake County, Colorado; the Morenci Areas Schools in Morenci, Michigan. 

Guilmette even found a number of bankruptcy cases where a creditor named “Web Listings, Inc.” was listed, with an amount owed being either the old price of $65.00 or else the new price of $85.00, including a creditor in the University General Health System, Inc. et. al. bankruptcy (PDF); Blue Ridge Wood Products Inc.; and an organization called Advanced Solids Control LLC (PDF). 

A review of the complaints about Web Listings Inc. left over the past few years at the Better Business Bureau suggests that many recipients of this scam are confusing the mailer with a late payment notice from their domain registrar. As such, it’s likely this phony company has scammed a ridiculous number of consumers over the years, Guilmette observed.

“I’m sure they’ve conned a zillion other people who were spending their own money,” he said. “These are only the ones for which public records are available online.”

Stay tuned for Part Two of this story, which will look at some clues about who may be responsible for this long-running racket.

19:56

The Humble Book Bundle: Product Management & Design by... [Humble Bundle Blog]



The Humble Book Bundle: Product Management & Design by O'Reilly! 

However will you manage? O'Reilly, as usual, has the answers. Get a library of business and design ebooks, including Designing Products People Love, Product Leadership, Design Sprint, Articulating Design Decisions, and Emotionally Intelligent Design.


Assets for Press and Partners

Page 2 [Flipside]

Page 2 is done.

Me, Myself and Microbes: the relationship between microbes, brains and behaviors [Cory Doctorow – Boing Boing]

Leon Hong writes, "I made this science-y animation for my wife Elaine Hsiao's research — with the hopes that people will learn something new about how all the microbes that live in and on us affect our brains and behavior."

Professor Elaine Hsiao heads the Hsiao Lab in the Department of Integrative Biology & Physiology at UCLA where she teaches the class “Me, Myself, and Microbes”. Her lab researches how microbes affect our brains and behavior. Elaine received her bachelor's in Microbiology, Immunology, and Molecular Genetics at UCLA and her PhD in Neurobiology at Caltech.

Me, Myself & Microbes — A short story on how microbes affect our brains and behavior [Elaine Hsiao and Leon Hong]

19:49

How Doug Engelbart pulled off the Mother of all Demos [OSNews]

Doug Engelbart was the first to actually build a computer that might seem familiar to us, today. He came to Silicon Valley after a stint in the Navy as a radar technician during World War II. Engelbart was, in his own estimation, a "naive drifter", but something about the Valley inspired him to think big. Engelbart's idea was that computers of the future should be optimized for human needs - communication and collaboration. Computers, he reasoned, should have keyboards and screens instead of punch cards and printouts. They should augment rather than replace the human intellect. And so he pulled a team together and built a working prototype: the oN‑Line System. Unlike earlier efforts, the NLS wasn't a military supercalculator. It was a general‑purpose tool designed to help knowledge workers perform better and faster, and that was a controversial idea. Letting non-engineers interact directly with a computer was seen as harebrained, utopian - subversive, even. And then people saw the demo.
Engelbart is one of the greatest visionaries of this industry.

How a major bug in the October 2018 Update slipped past Microsoft [OSNews]

Last week, Microsoft began the relaunch of the Windows 10 October 2018 Update after pulling it more than a month ago due to a file deletion bug that somehow crept into the shipping build. While Microsoft has since gone into extensive detail as to how it's making sure something like this doesn't happen again, it's still unclear how such an issue made its way into the final release. So I did some digging.

Short version: Microsoft conflated two different bugs.

19:07

News Post: Acute Inflation [Penny Arcade]

Tycho: It’s quite true, unfortunately.  I stuffed my Switch full of rad shit to play, but then I ended up reading the Kill Team manual the whole way, dreaming of ways in which I could better serve our twisted Patriarch as five long hours evaporated.  Shortly thereafter, I left the row and also left the Goddamn Switch in there, which burns us. I have a lot of technology that can execute and subsequently display entertainment software, but there’s no device that has accomplished what the Switch has in my family.  My teenager sulks with it.  My daughter and I play…

News Post: Symmetra! [Penny Arcade]

Gabe: I got the opportunity to help announce a new Overwatch skin over the weekend and I’m still giddy about it. Put your enemies on ice.Rise up the rinks as FIGURE SKATER SYMMETRA (Legendary)! ⛸️Overwatch Winter Wonderland begins Dec 11. pic.twitter.com/fI3QQusPi9— Overwatch (@PlayOverwatch) December 9, 2018 I drew some art inspired by Symmetra’s new figure skater skin and I’m super proud of how it came out. It’s true that I had some issues when the Symmetra rework a while back but I stuck with her and eventually came to love the changes. In fact I managed to pull off my…

18:28

[$] A filesystem corruption bug breaks loose [LWN.net]

Kernel bugs can have all kinds of unfortunate consequences, from inconvenient crashes to nasty security vulnerabilities. Some of the most feared bugs, though, are those that corrupt data in filesystems. The losses imposed on users can be severe, and the resulting problems may not be noticed for a long time, making recovery difficult. Filesystem developers, knowing that they will have to face their users in the real world, go to considerable effort to prevent this kind of bug from finding its way into a released kernel. A recent failure in that regard raises a number of interesting questions about how kernel development is done.

Syndicated columnist censored for writing about the risks of hedge funds and billionaires buying papers [Cory Doctorow – Boing Boing]

Jim Hightower is a longstanding, respected columnist distributed by Creators Syndicate -- but Creators refused to distribute his latest column, "Free the Free Press from Wall Street Plunderers," which warns about Wall Street vultures like Digital First Media and GateHouse Media buying up newspapers, including the Austin Statesman.

The Austin Chronicle reports that Creators wouldn't distribute the column because it feared retribution from the Wall Street firms; Creators managing editor Simone Slykhous told the Chronicle that "We have more than 200 columnists and cartoonists, and our job is to make sure that our actions do not negatively impact them."

Thankfully, the Texas Observer has run Hightower's column, the story of which is perhaps more persuasive on the risks that Hightower warns against than his column itself.

The buyers are hedge-fund scavengers with names like Digital First and GateHouse. They know nothing about journalism and care less, for they’re ruthless Wall Street profiteers out to grab big bucks fast by slashing the journalistic and production staffs of each paper, voiding all employee benefits (from pensions to free coffee in the breakroom), shriveling the paper’s size and news content, selling the presses and other assets, tripling the price of their inferior product – then declaring bankruptcy, shutting down the paper, and auctioning off the bones before moving on to plunder another town’s paper.

By 2014, America’s two largest media chains were not venerable publishers who believe that a newspaper’s mission includes a commitment to truth and a civic responsibility, but GateHouse and Digital First, whose managers believe that good journalism is measured by the personal profit they can squeeze from it. As revealed last year in an American Prospect article, GateHouse executives had demanded that its papers cut $27 million from their operating expenses. Thousands of newspaper employees suffered that $27 million cut in large part because one employee – the hedge fund’s CEO – had extracted $54 million in personal pay from the conglomerate, including an $11 million bonus.

To these absentee owners and operators, our newspapers are just mines, entitling them to extract enormous financial wealth and social well-being from our communities.

The Jim Hightower Column They Don’t Want You to Read [Jim Hightower/Texas Observer]

(Thanks, Deanna!)

(Image: Raskin Fans, CC-BY-SA)

Outstanding podcast on the Canadian government's plan drop $600m on a bailout for the national press [Cory Doctorow – Boing Boing]

The latest installment of the Canadaland media criticism podcast (MP3) (previously) features an outstanding and nuanced discussion between host Jesse Brown and NYU journalism professor Jay Rosen (previously), regarding the Trudeau government's plan to hand Canada's press a $600 million bailout, with large tranches of that money to be funneled to billionaire media barons who ran their businesses into the ground by loading them up with predatory debt while mass-firing their newsrooms and paying themselves millions in bonuses -- Brown and Rosen don't just discuss the merits and demerits of this proposal, but get into a fascinating debate/discussion about what a better version of this would look like.

Rhode Island lawsuit argues that the Constitution guarantees a right to sufficient education to be an informed citizen [Cory Doctorow – Boing Boing]

In 1973, the Supreme Court ruled that the Constitution does not guarantee Americans "equal" education (which would require similar per-student funding in both rich and poor neighborhoods), merely "adequate" education.

Even that adequacy standard has weakened over the years, as right-wing governments have systematically gutted education budgets, and in 20 states, the state supreme court will not hear challenges to education cuts that argue that these cuts undermine an "adequate" education.

Now, a suit in Rhode Island is asking the state court to rule that underfunded education is unconstitutional because it denies pupils the opportunity to be sufficiently well-educated to be citizens in a democracy, something the framers of the Constitution were very explicit about.

The case just filed in Rhode Island seeks to avoid that trap by doing something completely new. It focuses on the civics knowledge and skills that our democratic form of government demands of citizens – a topic with deep historical roots. My recent research demonstrated that our founders intended public education to be a core aspect of the “republican form of government” that our federal Constitution demands.

Our republican form of government began as an experiment in the idea that everyday citizens could govern themselves. But our founders – people like George Washington, John Adams and Thomas Jefferson – emphasized that public education was necessary for those governments to work. In legislation that would dictate how the western territory would be divided up and later become states, Congress in the Northwest Ordinances of 1785 and 1787 mandated that each township reserve a central lot for public schools and that the states use their public resources to “forever encourage” those schools.

Fight for federal right to education takes a new turn [Derek W. Black/The Conversation]

(via Naked Capitalism)

Superb makeup transformation from young woman to elderly genius [Cory Doctorow – Boing Boing]

Frustratingly, this video has no data about the identity of the incredible genius featured therein. Who is she?

This girl's transformation to... from r/Damnthatsinteresting

17:42

Costa Rica abolished its army in 1949 and thereafter enjoyed the best per-capita GDP growth in the region [Cory Doctorow – Boing Boing]

In 1948, Costa Rica weathered a civil war, and in 1949, they abolished their military. Since then, Costa Rica has emerged as the Central American success story, more politically stable and richer than its neighbors.

In a research paper, researchers from the Universidad de Costa Rica Observatorio de Desarrollo deploy "synthetic control estimates" to try to see how much of Costa Rica's growth can be attributed to eliminating military spending: they find that between 1950-2010, annual growth increased from 1.42% to 2.28%, leading to a doubling in per-capita GDP every 30 years instead of every 39, and that this freed up capital for national spending on development goals that have provided long-run advantages to the country and its people.

Some confounding factors to note: Costa Rica received a lot of US aid during the "dirty wars" where the CIA was bent on overthrowing democratically elected socialist governments in the region. Much like West Berlin, Costa Rica was meant to serve as a beacon of the benefits of "free market" systems, and to attain this showroom status, the US government spent lavishly to show how great things were under small government.

Also: while Costa Rica doesn't have an army, it has had rural police forces that wore paramilitary uniforms, carried automatic weapons, slept in barracks, etc -- think "National Guard on high alert." This isn't an army per se, but it's also not what we think of when we think of "police."

This article estimates the causal long-term developmental effects of Costa Rica’s constitutional abolishment of its army in 1949 after the 1948 civil war.

This is done by performing synthetic control estimates and analyzing the political history of Costa Rica in the 1940s and 1950s. We find that upon the abolishment of the army, Costa Rica’s annual average per capita GDP growth increased from 1.42% to 2.28% in the 1950-2010 period relative to a counterfactual Costa Rica that did not abolish its army. This implies that Costa Rica doubled its per capita GDP every 30 years rather than every 49. These estimates are robust to different model specifications and we show that this shock is exclusive to Costa Rica in Latin America. Furthermore, we provide evidence that the positive effects associated with this increase in the per capita GDP growth rates have endured over time; namely because the abolition of the army granted a political and institutional context that allowed the country to devote more resources to public spending, which in turn contributed to its long run development. Our case study findings are evidence that committing to peace and democracy pays off in the long run.

A farewell to arms: The Long run developmental effects of Costa Rica’s army abolishment [Alejandro Abarca and Suráyabi Ramírez/Universidad de Costa Rica]

(Image: Kansas Photo, CC-BY)

How Doonesbury helped turn George HW Bush into a mass-murdering war criminal [Cory Doctorow – Boing Boing]

George HW Bush was a mass murderer and a war criminal and now he is dead.

In some ways, Bush I was fated to be a terrible person. His family fortune sprang from his father's willingness to cozy up to Hitler and sell him the steel he needed to re-arm Nazi Germany. As a young man, Bush I distinguished himself by desecrating indigenous graves.

But it was when Bush I's national political career took off in earnest, first as Reagan's VP and then as a presidential hopeful and finally as a one-term, failed president that he began to performatively inflict cruelty upon innocents, lying to the American people, victimizing people both retail and wholesale, all in the service of shaking off his media image as a "wimp."

Matt Taibbi (previously) is in characteristically fine form in tracing the path to dishonor pursued by George Herbert Walker Bush, the petty, spiteful campaigns he waged after being stung by mockery in the panels of Doonesbury (reminding us on the way of the enormous political power Garry Trudeau has quietly wielded down through the years, including the infliction of much-deserved psychic trauma on Trumplethinskin himself). Multiple sources, including George W Bush, have stated that Jeb Bush was so enraged by the toll this mockery took on "Poppy" that he vowed to go to New York City and kick Garry Trudeau's ass.

But Bush I's pricked ego didn't stop at stewing over Garry Trudeau. He and his team entrapped a young Black man into trying to sell crack in front of the White House, merely so he could go on TV and complain about the crack epidemic getting so bad that someone had been arrested for selling crack outside of the White House. The young man, an 18-year-old called Keith Jackson, went to prison for 8 years. Bush I didn't pardon Jackson on the way out: instead, he pardoned the Iran-Contra conspirators who ran huge quantities of cocaine to finance weapons for terrorists and training for murderous death squads.

The hagiography of Bush I before and after his death often compares him favorably to Trump, but the reality is that unless Trump launches a nuclear war, Bush I killed more people than Trump could ever be organized enough to kill, and did so for reasons of petty ego, American exceptionalism, racism and personal gain.

Even within his own party, Bush was still getting it, even after Panama. In 1990, columnist George Will accused the Bush administration of “intellectual and moral flaccidity” and worried about “the sagging of America into a peripheral role abroad.”

George Will using the words “flaccid” and “sagging” is about as profane as country club Republicanism used to get. In a later insult, Will’s brother-by-another-overused-Thesaurus, William Safire, ripped an insufficiently aggressive Bush address about the collapse of the Soviet Union as the “Chicken Kiev” speech.

Bush then invaded Iraq. In an act of breathtaking pettiness and self-involvement, he chose Newsweek as the venue to explain to Americans why their sons and daughters were being sent to get shot halfway around the world. “Why We Are In The Gulf,” was published in November 1990, about 10 months after George Will metaphorically accused him of having a soft penis.

About half-a-year later, the president appeared at the Malibu home of Jerry Weintraub, producer of The Karate Kid. He also played a round of golf that day with his ex-boss Reagan at the Sherwood Country Club, where, as the Times noted, “the tee markers are little brass archers.” After the game, he told reporters he was still pissed about the Newsweek thing.

“You’re talking to the ‘wimp,’” he said. “You’re talking to the guy that had a cover of a national magazine, that I’ll never forgive, put that label on me.”

In the end, Bush finally got some pop culture credit for being a mean dirtbag. The Simpsons had him wrestling Homer in a drain pipe, with Bush saying: “If he thinks George Bush will stay out of the sewer, he doesn’t know George Bush!”

A Brief History of Everything That Happened Because of George H.W. Bush’s Insecurity [Matt Taibbi/Rolling Stone]

(via Naked Capitalism)

17:35

Link [Scripting News]

I had a short podcast here earlier, but decided to take it down. I didn't like how it told the story. Not focused enough. Sorry. Will try again. 💥

17:28

UK Govt. Backs Anti-Piracy Campaign With £2 Million in Funding [TorrentFreak]

Four years ago, copyright indistry groups and Internet providers teamed up to fight online piracy in the UK.

Backed by the Government, they launched several educational campaigns under the “Get it Right” banner.

Under the program, ISPs send out piracy warnings to subscribers whose accounts are used to share copyright-infringing material. This started early last year and has been ongoing since.

There haven’t been any official updates in a while, nor is it known how many alerts are going out on a monthly basis. However, it appears that copyright holders and the UK Government are happy with the progress thus far.

Late last week the Government announced that it will continue its support for the ‘Get it Right’ campaign. It will allocate £2 million in funding as part of a £20 million boost to the UK’s creative industries.

“This package will take the sector from strength to strength by arming the next generation of creatives with the necessary skills and giving businesses in the sector the support they need to succeed,” says Margot James, Minister for the Creative Industries.

It’s unclear what the future plans are. The official ‘Get It Right’ page hasn’t changed much in recent years. However, it’s expected that the email warning program, targeted at alleged pirates, will continue.

We are not aware of any public reports on the effectiveness of the campaign. However, Ian Moss, Public Affairs director at the music industry group BPI, suggests that there is data suggesting that it works.

“The research into the campaign has shown it really makes a difference and that a positive campaign that is relevant to fans can help change the way people think about accessing content online,” Moss says.

“The Government’s continuing commitment to the successful campaign is warmly welcomed.”

This isn’t the first time that the UK Government has financially supported the ‘Get it Right’ campaign. It also contributed £3.5 million to the program at the start.

While it’s hard to measure a direct return on investment, the Government previously justified the spending with an expected increase in sales tax. This would be achieved by converting pirates into legitimate customers.

The Governments official announcement is available here. Via gamesindustry.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

16:14

Security updates for Monday [LWN.net]

Security updates have been issued by Debian (chromium-browser and lxml), Fedora (cairo, hadoop, and polkit), Mageia (tomcat), openSUSE (apache2-mod_jk, Chromium, dom4j, ImageMagick, libgit2, messagelib, ncurses, openssl-1_0_0, otrs, pam, php5, php7, postgresql10, rubygem-activejob-5_1, tiff, and tomcat), Red Hat (chromium-browser and rh-git218-git), Slackware (php), SUSE (audiofile, cri-o and kubernetes packages, cups, ImageMagick, libwpd, SMS3.2, and systemd), and Ubuntu (lxml).

2018 Annual Report from AI Now [Schneier on Security]

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them.

This is related, and also worth reading.

16:00

Link [Scripting News]

Another academic journalist who I respect endorsed The Correspondent this morning, urging others to contribute money to the cause. I don't understand why. I can see studying them, learning from their mistakes, which they are sure to make, but an up front unconditional endorsement? Maybe they know a lot more than the rest of us? I asked a bunch of questions of TheC. To their credit they are trying to answer them. Still I haven't seen any reporting on this effort that isn't a rewrite of their press release. There are serious questions to ask about this. Who else is asking them?

Link [Scripting News]

Civil was a recent example of an effort to launch a new model for journalism that received a lot of hype and unconditional endorsements. But the journalists who were supposed to be paid say they aren't being paid. And the investors who were hoping to support journalism and were motivated by greed (investor greed is perfectly appropriate) aren't happy either. Tech is never a panacea. If people are hyping a technology as one, they're selling snake oil, and you should keep your hand on your wallet.

Link [Scripting News]

As more journalism companies launch tech products, they're starting to behave more like tech companies, and that's not good. The transparency is gone. If you're creating a silo, you have an obligation to say so, esp if your product is primarily journalism. I'm not talking about The Correspondent here, it's too early to say how much lock-in there is in their product. But all of them have the same basic defect imho. The paid professionals are over here and the members of the community are over there. There's a clear line of separation. I understand why this is in the interest of the reporters, but I strongly believe it is against the interest of news. And if the mission of a news org isn't news, what is it?

Link [Scripting News]

I see the danger we're in, politically and physically (climate change) are a result of the corruption of our news system. Really nothing short of corruption. They see fascism as a good business model. Trump is great click-bait. Some of them even have the honesty to say so directly. So if we're going to dig out of the mess, we're going to have to take control of the news. Not simply be bystanders. And any new journalism venture that isn't structured around that idea is not only not the answer, it's in the way of us formulating the answer. That's why I am not an enthusiastic supporter of The Correspondent. If their intentions are good, and I see no reason to assume they're not, they are not moving fast enough to embrace the change we need to happen merely to survive. Good ideas are not what's needed. Change is what's needed. Radical change.

15:56

Jonathan Dowland: Game Engine Black Book: DOOM [Planet Debian]

Fabien's proof copies

Fabien's proof copies

*proud smug face*

proud smug face

Today is Doom's' 25th anniversary. To mark the occasion, Fabien Sanglard has written and released a book, Game Engine Black Book: DOOM.

It's a sequel of-sorts to "Game Engine Black Book: Wolfenstein 3D", which was originally published in August 2017 and has now been fully revised for a second edition.

I had the pleasure of proof-reading an earlier version of the Doom book and it's a real treasure. It goes into great depth as to the designs, features and limitations of PC hardware of the era, from the 386 that Wolfenstein 3D targetted to the 486 for Doom, as well as the peripherals available such as sound cards. It covers NeXT computers in similar depth. These were very important because Id Software made the decision to move all their development onto NeXT machines instead of developing directly on PC. This decision had some profound implications on the design of Doom as well as the speed at which they were able to produce it. I knew very little about the NeXTs and I really enjoyed the story of their development.

Detailed descriptions of those two types of personal computer set the scene at the start of the book, before Doom itself is described. The point of this book is to focus on the engine and it is explored sub-system by sub-system. It's fair to say that this is the most detailed description of Doom's engine that exists anywhere outside of its own source code. Despite being very familiar with Doom's engine, having worked on quite a few bits of it, I still learned plenty of new things. Fabien made special modifications to a private copy of Chocolate Doom in order to expose how various phases of the renderer worked. The whole book is full of full colour screenshots and illustrations.

The main section of the book closes with some detailed descriptions of the architectures of various home games console systems of the time to which Doom was ported, as well as describing the fate of that particular version of Doom: some were impressive technical achievements, some were car-crashes.

I'm really looking forward to buying a hard copy of the final book. I would recommend this to anyone has fond memories of that era, or is interested to know more about the low level voodoo that was required to squeeze every ounce of performance possible out of the machines from the time.

Edit: Fabien has now added a "pay what you want" option for the ebook. If the existing retailer prices were putting you off, now you can pay him for his effort at a level you feel is reasonable. The PDF is also guaranteed not to be mangled by Google Books or anyone else.

15:07

When a customer asks for something unsupported, and they promise not to get upset when it stops working, don’t believe them [The Old New Thing]

A customer wanted to know how to do something extreme. Let's say for the sake of example that they wanted to disable clicking on things in Explorer. They understood that it might very well not be supported, but "they are fine with an unsupported way."

I asked why they wanted to disable clicking on things in Explorer, especially since clicking on things is one of the most common things people do with Explorer.

The customer liaison explained that the customer didn't want users clicking on one specific icon, so they just want to disable clicking.

I suggested that the customer was trying to kill a fly with a bazooka. If they don't want users clicking on one specific icon, then they can look for a policy to disable that one specific icon.

The customer liaison replied that the customer already did that, but they want to disable clicking on anything, just to make sure. The customer liaison reiterated that the customer would be fine with an unsupported technique, and that the liaison would apply all applicable disclaimers when providing the information.

In practice, these disclaimers have no value. I've seen it happen. A customer does some unsupported thing, and it works for a while. And then it stops working. And then they come back and say, "Hi, you helped us do this unsupported thing, and it worked great for a while, but it recently stopped working. Can you help us get it working again?" In other words, they are asking for support for the unsupported thing.

After all, the fact that we gave them an unsupported thing in the past proves that giving people unsupported things is one of the things we do. Which means that it becomes de facto supported.

Don't fall into this trap. If somebody asks for something unsupported, even if they say, "Yes, we understand that it's not supported," they will treat it as supported. Because their understanding is not "And we promise not to ask for help when it stops working." Their understanding is "We understand that this is something devious that you're giving us, and we appreciate your continuing assistance."

12:07

Four short links: 10 December 2018 [All - O'Reilly Media]

Language Zoo, VS AI, Advertising Plus, and Minecraft Scripting

  1. The Programming Languages Zoo -- a collection of miniature programming languages that demonstrates various concepts and techniques used in programming language design and implementation.
  2. AI in Visual Studio Code -- good to see IDEs getting AI-powered features to augment coders. In some small way, Doug Engelbart would be proud.
  3. Outgrowing Advertising: Multimodal Business Models as a Product Strategy -- business models from Chinese companies that are augmenting advertising with other revenue streams.
  4. Minecraft Scripting API in Public Beta -- The Minecraft Script Engine uses the JavaScript language. Scripts can be written and bundled with Behaviour Packs to listen and respond to game events, get (and modify) data in components that entities have, and affect different parts of the game.

Continue reading Four short links: 10 December 2018.

11:49

CodeSOD: The Key to Using Dictionaries [The Daily WTF]

It's easy to use dictionaries/maps to solve the wrong kinds of problems, but deep down, what's more elegant than a simple hashed map structure? If you have the key, fetching the associated...

10:14

Topping off the tank [Seth's Blog]

As the fossil fuel era comes to an end, gas station attendants (those few that remain, as well as the unpaid pumpers who are filling their own tanks) persist in topping off the tank.

After the automatic switch senses the tank is full, they add ten or twenty cents more gas, to reach a round number.

Why?

It’s not faster. It takes time to manually do this.

It’s not more profitable. The extra ten cents on a $40 tank is hardly worth the time.

It’s not more efficient. The number of miles before the next fill-up as a result is tiny.

It’s not even easier. Most people are paying with a credit card, so rounding up does no good.

And…

It’s way more likely to damage the car (gas on the auto body) and hurt the health of the pumper (fumes).

So, why do it?

Three reasons:

  1. Tradition.
  2. Showing the boss and the customer that you’re working hard.
  3. The appearance of control.

It’s the third that’s the real lesson. Human beings trade enormous amounts of agency in exchange for convenience. But not too much agency. Too much agency makes us feel like automatons. Even (especially) when working with cars, those symbols of freedom and control.

What else are we busy topping off?

09:42

Top 10 Most Pirated Movies of The Week on BitTorrent – 12/10/18 [TorrentFreak]

This week we have two newcomers in our chart.

Venom is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the articles of the recent weekly movie download charts.

This week’s most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (1) Venom 7.0 / trailer
2 (7) Smallfoot 6.7 / trailer
3 (2) The Predator 5.6 / trailer
4 (…) Mowgli: Legend of the Jungle 6.8 / trailer
5 (4) The Nun 5.5 / trailer
6 (3) The House with a Clock in Its Walls 6.1 / trailer
7 (5) Mission: Impossible – Fallout 8.0 / trailer
8 (6) Peppermint 6.5 / trailer
9 (8) The Equalizer 2 6.9 / trailer
10 (…) 2.0 7.5 / trailer

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

08:35

All Good Things [Ctrl+Alt+Del Comic]

Me likey.

The post All Good Things appeared first on Ctrl+Alt+Del Comic.

08:21

Comic: Acute Inflation [Penny Arcade]

New Comic: Acute Inflation

07:56

Kernel prepatch 4.20-rc6 [LWN.net]

The 4.20-rc6 kernel prepatch is out for testing. "Most of it looks pretty small and normal. Would I have preferred for there to be less churn? Yes. But it's certainly smaller than rc5 was, so we're moving in the right direction, and we have at least one more rc to go."

05:49

New EU Piracy Watchlist Targets Key Pirate Sites and Cloudflare [TorrentFreak]

In recent years the Office of the US Trade Representative (USTR) has released several reports detailing “notorious markets” that contribute to large volumes of copyright infringement worldwide.

The annual reports are aimed at guiding the U.S. Government’s position towards foreign countries where these sites and services are located. With a focus overseas, US-based platforms are not included.

Earlier this year the EU announced that it would be following the example set by the United States by producing a similar report of its own.

“The list will identify and describe the most problematic marketplaces – with special focus on online marketplaces – in order to encourage their operators and owners as well as the responsible local authorities and governments to take the necessary actions and measures to reduce the availability of IPR infringing goods or services,” the EU noted in January.

Almost 11 months later the EU has published its debut ‘Counterfeit and Piracy Watch List’ based on consultations with stakeholders, decisions handed down against sites by national courts, the UK’s Police Intellectual Property Crime Unit’s infringing website list, Google’s Transparency Report, plus various Europol assessments.

As promised, it lists sites, services, and other players who allegedly engage in, facilitate or benefit from counterfeiting and piracy, with the aim of placing pressure on the platforms themselves as well as those in power.

For inclusion in the report, the owner of allegedly-infringing platforms must be believed to reside outside the EU, whether or not the platforms themselves have connections inside due to domain registrations or web hosting, for example.

Perhaps unsurprisingly, the majority of the 70 responses received during the consultation phase mentioned cyberlockers and BitTorrent sites, followed by stream-ripping, linking sites, and unlicensed pay-per-download sites. Also under the spotlight are hosting providers, domain registries and registrars, plus ad-networks generating profit from ‘pirate’ sites.

Cyberlockers

Given its appearance in several earlier US ‘watch list’ documents, the inclusion of Rapidgator in the brand new EU report was perhaps a given. Supposedly hosted in Switzerland but operated from Russia, the platform is accused of hosting a wide range of infringing content while encouraging uploaders with monetary rewards and affiliate schemes.

“The total number of visits of rapidgrator.net between April 2017 and March 2018 was around 635.7 million. The average website rank worldwide was 1184 in this period. 34% of the visits came from the EU, 66% from non-EU countries,” the report notes.

Uploaded.net, a site that has lost legal cases in Germany during the past two years, also makes an appearance.

Reportedly operated from Switzerland (a country placed geographically in Europe but outside the EU), Uploaded is also accused of incentivizing users to upload popular content by paying out cash rewards.

“The total number of visits of Uploaded.net between April 2017 and March 2018 was around 856 million. The average website rank worldwide was 1140 in this period. 39% of the visits came from the EU, 61% from non-EU countries. Courts in Germany, India and Italy have issued blocking orders against the site,” the report adds.

As reported earlier last year, Uploaded implemented a repeat infringer policy but this doesn’t appear to have quietened rightsholders.

Openload, a file-hosting site that was recently revealed to generate more traffic than Hulu or HBO Go, is similarly accused of hosting large quantities of infringing traffic while paying rewards to uploaders.

The report makes no attempt to reveal where its operator is based but says that its hosting provider “is not revealed by a service provider registered in the US”, which could be a reference to Cloudflare.

After its appearance in the USTR’s ‘notorious markets’ report earlier this year, 4shared is now also featuring in the EU’s variant.

Accused of hosting ‘pirate’ content and rewarding uploaders, the EU report notes that 4shared has more unique visitors than any similar platform. Interestingly it is said to be hosted in the US, which raises the question why the US Government hasn’t done something about it rather than simply adding it to a ‘rogue’ list.

“The total number of visits of 4shared.com between April 2017 and March 2018 was
around 721 million. The average rank worldwide was 639 in this period. 10% of the visits came from the EU, 90% from non-EU countries,” the report states.

In the same section, Sci-Hub is noted as “one of the most problematic online actors for book and scholarly publishers according to the European publishing industry.”

The report claims that the infamous ‘Pirate Bay of Science’ obtains its content by using “compromised user credentials obtained via phishing scams”, something the site’s operator denies. It’s claimed that file-hosting site Libgen.io gets most of its content from Sci-Hub.

Stream-ripping

Recently labeled as the number one threat to the music industry, stream-ripping platforms make a prominent appearance in the EU report. H2converter.com is said to be hosted in the US and operated from Vietnam, generating around 312 million visits per year. Again, a US presence doesn’t appear to be an immediate risk to the platform.

Downvids.net is reportedly hosted in France while its operator is “presumed” to be outside the EU. That site is said to have around 107 million visits per year, making it “one of the most popular stream-ripping services globally”.

Linking and referrer websites

As defined by the EU report, these sites “aggregate, categorize, organize and index links to media content that is stored on hosting websites, cyberlockers or other kinds of sites allegedly containing pirated content.”

Hosted in Turkey, Fullhdfilmizlesene.org is said to be one of the most popular with around 451 million visits per year. Russia-hosted Seasonvar.ru is also listed, with an estimated 1.1 billion visits per year. Dwatchseries.to, 1channel.ch and music-focused platform RnbXclusive.review complete the list.

Torrent sites

Previously listed as some of the top targets for rightsholders and law enforcement, torrent sites appear lower down in the EU’s report than one might expect. However, it’s no surprise that the super-resilient The Pirate Bay is presented as the number one threat with an estimated 3.1 billion visits between April 2017 and March 2018.

Next up is popular torrent platform RARBG. Hosted outside the EU in Bosnia and Herzegovina, RARBG is reported as responsive to takedown notices but with content rapidly reappearing again shortly after.

“The total number of visits of Rarbg.to between April 2017 and March 2018 was around 1.371 billion. The average rank worldwide was 304. 31% of the visits came from the EU, 69% from non-EU countries,” the report notes.

“Rarbg.to reportedly generates income from advertisements and a pay-per-install distribution model for potential malware. The website and its variants have been subject to blocking orders in Australia, Denmark, Finland, Ireland, Italy, Portugal and the United Kingdom.”

Three other torrent giants round up the list. With an alleged 968.1 million visitors per year, Russia’s RuTracker is reported as the largest of the trio. In second place with almost 958 million visits is 1337x.to, a site that’s supposedly hosted in the United States, although the USTR states it’s an overseas player. Meta-search engine Torrentz2, with almost 712 million visits per year, completes the lineup.

Hosting providers

In common with the USTR’s report, the EU’s variant calls out various hosting providers and services that “allegedly do not follow due diligence when opening accounts for websites to prevent illegal sites from using their services and do not cooperate with copyright holders in removing or blocking access to pirate content.”

US-based Cloudflare is accused of offering services to approximately 40% of the world’s pirate sites, helping to anonymize their operators and hide sites’ true hosts.

“[C]loudFlare’s cooperation with the rightholders, including CloudFlare’s responsiveness to infringement notices should be improved (i.e. disabling access to its services and terminating accounts). Stakeholders also urge CloudFlare to follow due diligence when opening accounts for websites to prevent illegal sites from using its services and to strengthen its repeat infringer policy,” the report notes.

While Cloudflare avoided being called out in the USTR’s report, both the US and EU are agreed that Switzerland-based Private Layer is a serious problem.

“Private Layer provides anonymity to the owners and operators of the websites that use its services, which makes them very attractive also for pirate sites. Private Layer is reported by the creative industries for hosting many IP infringing websites and for not having an effective policy to handle IP infringements,” the EU says.

The full Counterfeit and Piracy Watch List can be download here (pdf) Note: the PDF triggers a warning from Avast and AVG, suggesting that it contains a blacklisted URL. The pdf comes directly from the EU website and we don’t see anything wrong with it.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Girl Genius for Monday, December 10, 2018 [Girl Genius]

The Girl Genius comic for Monday, December 10, 2018 has been posted.

You Want It Darker? [George Monbiot]

The remarkable story of how the hard-right Koch brothers funded a Trotskyite splinter group.

By George Monbiot, published in the Guardian 7th November 2018

 

Dark money is among the greatest current threats to democracy. It means money spent below the public radar, that seeks to change political outcomes. It enables very rich people and corporations to influence politics without showing their hands.

Among the world’s biggest political spenders are Charles and David Koch, co-owners of Koch Industries, a vast private conglomerate of oil pipelines and refineries, chemicals, timber and paper companies, commodity trading firms and cattle ranches. If their two fortunes were rolled into one, Charles David Koch, with $120bn, would be the richest man on Earth.

In a rare public statement – an essay published in 1978 – Charles Koch explained his objective. “Our movement must destroy the prevalent statist paradigm.” As Jane Mayer records in her book Dark Money, the Kochs’ ideology – lower taxes and looser regulations – and their business interests “dovetailed so seamlessly it was difficult to distinguish one from the other.”

Over the years, she notes, “the company developed a stunning record of corporate malfeasance”. Koch Industries paid massive fines for oil spills, illegal benzene emissions and ammonia pollution. In 1999, a jury found that it had knowingly using a corroded pipeline to carry butane, which caused an explosion in which two people died. Company Town, a film released last year, tells the story of local people’s long fight against pollution from a huge papermill owned by the Koch brothers.

The Koch’s chief political lieutenant, Richard Fink, developed what he called a three-stage model of social change. Universities would produce “the intellectual raw materials”. Think tanks would transform them into “a more practical or useable form”. Then “citizen activist” groups would “press for the implementation of policy change.”

To these ends the Kochs set up bodies in all three categories themselves, such as the Mercatus Center at George Mason University, the Cato Institute and the “citizens’ group” Americans for Prosperity. But for the most part they funded existing organisations that met their criteria. They have poured hundreds of millions of dollars into a network of academic departments, thinktanks, journals and movements. And they appear to have been remarkably successful.

As researchers at Harvard and Columbia universities have found, Americans for Prosperity alone now rivals the Republican party in terms of size, staffing and organisational capacity. It has pulled ”the Republican party to the far-right on economic, tax, and regulatory issues.” It was crucial to the success of the Tea Party Movement, the ousting of Democrats from Congress, and the staffing of Trump’s transition team. The Koch network has helped secure massive tax cuts, the smashing of trade unions and the dismantling of environmental legislation.

But their hands, for the most part, remain invisible. A Republican consultant who has worked for Charles and David Koch told Jane Mayer that “to call them under the radar is an understatement. They are underground.”

Until now, there has been no evidence that Charles and David Koch have directly funded organisations based in the UK. But a few weeks ago, a reader pointed me to one line he found in a form submitted to the US government by the Charles Koch Foundation, which showed money transferred to a company that appears to be the US funding arm of a UK organisation. Once I had grasped its significance, I set up a collaboration with the investigative group DeSmog UK. We could scarcely believe what we were seeing.

The organisation the Charles Koch Foundation has chosen to fund is at first sight astounding: a US organisation established by an obscure magazine run by former members of a tiny Trotskyite splinter group. Some of its core contributors still describe themselves as Marxists or Bolsheviks. But the harder you look at it, the more sense the Koch donations appear to make.

The name of the magazine is Spiked. It emerged from a group with a comical history of left factionalism. In 1974, the International Socialists split after a dispute over arithmetic in Volume 3 of Das Kapital. One of the new factions formed the Revolutionary Communist Group. In 1976, it split again, and one of the splinters became the Revolutionary Communist Tendency. It was led by a sociologist at the University of Kent called Frank Furedi. In 1981 it changed its name to the Revolutionary Communist Party.

In 1988, the party launched a magazine called Living Marxism (later LM). By then, it had abandoned many of its former convictions. Among the few discernible traces of its revolutionary past was an enthusiasm for former communists in the Balkans, such as Slobodan Milošević. In 2000, it closed after losing a libel case: it falsely claimed that ITN had fabricated evidence of Serb atrocities against Bosnian Muslims. But as soon as the magazine folded, a network of new groups, with the same cast of characters – Frank Furedi, Claire Fox, Mick Hume, Brendan O’Neill, James Heartfield, Michael Fitzpatrick, James Woudhuysen – sprang up to replace it. Among these organisations were the Institute of ideas, the Academy of Ideas, the Manifesto Club and a new magazine, Spiked. It had the same editor as LM (Mick Hume) and most of the same contributors.

We found three payments over the past two years from the Charles Koch Foundation. They amount to $170,000, earmarked for “general operating support”. The payments were made to Spiked US Inc. On Spiked’s “Donate” page is a button that says “In the US? Donate here”. It takes you to the PayPal link for “Spiked US, Inc”. Spiked US, in other words, appears to be its American funding arm. Beyond a postal address is Hoboken, New Jersey, it is hard to see what presence it has in the US. It appears to have been established in 2016, the year in which the Koch donations began.

When I asked Spiked what the money was for and whether there had been any other payments, its managing editor, Viv Regan, told me that the Charles Koch Foundation has now given Spiked US a total of $300,000, “to produce public debates in the US about free speech, as part of its charitable activities.” She claims the foundation supports projects “on both the left and the right”. The Koch Foundation has funded “a free-speech oriented programme of public debates on campus titled the Unsafe Space Tour” and four live events, the first of which is titled ‘Should we be free to hate?’. She told me “We’re very proud of our work on free speech and tolerance, and we are proud to be part of the programme.”

But I have been unable to find any public acknowledgement of this funding. Neither on the videos of the debates, in the posters advertising them or in reports of the events in Spiked magazine is there any mention of the Charles Koch Foundation. From what I could see of the title slides in the videos, they acknowledged an organisation called the Institute for Humane Studies, but not the Foundation. Spiked has yet to reply to my questions on this matter.

The Koch brothers are famously careful with their money. According to Jane Mayer, they exert “unusually tight personal control over their philanthropic endeavours”. David Koch told a sympathetic journalist, “If we’re going to give a lot of money, we’ll make darn sure they spend it in a way that goes along with our intent. And if they make a wrong turn and start doing things we don’t agree with, we withdraw funding.” So what might have attracted them to this obscure organisation?

Spiked magazine, now edited by Brendan O’Neill, appears to hate left-wing politics. It inveighs against the welfare state, against regulation, the Occupy movement, anti-capitalists, Jeremy Corbyn, George Soros, #MeToo, “black privilege” and Black Lives Matter. It does so in the name of the “ordinary people”, whom, it claims, are oppressed by the “anti-Trump and anti-Brexit cultural elites”, “feministic elites”, “green elites” and “cosmopolitan politicians”.

It repeatedly defends figures on the hard right or far right: Katie Hopkins, Nigel Farage, Alex Jones, the Democratic Football Lads’ Alliance, Tommy Robinson, Toby Young, Arron Banks, Brett Kavanaugh, Viktor Orban. They are portrayed as victims of “McCarthyites” trying to suppress free speech. It demands the hardest of possible Brexits, insisting that “No Deal is nothing to fear”, as it would allow the UK to scrap EU regulations.

But what it appears to hate most is environmentalism. It rails against “climate scaremongering”, and has called for fracking and coal production to be ramped up. It blames the Grenfell Tower disaster on “the moral fervour of the climate change campaign”. It mocks the idea that air pollution is dangerous and has proposed abolishing the planning system. “We need to conquer nature, not bow to it,” it contends. “Let’s make the ‘human footprint’ even bigger”.

Spiked’s writers rage against exposures of dark money. It calls the Observer’s Carole Cadwalladr, who has won a string of prizes for exposing the opaque spending surrounding the Brexit vote, the closest thing the mainstream British media has to an out-and-out conspiracy theorist”. It carries numerous articles by writers from the obscurely-funded Institute of Economic Affairs and from the Cato Institute, that was founded by Charles Koch. Its editor, Brendan O’Neill, also writes for Reason Magazine, owned by the Reason Foundation, which has received $1 million from the Charles Koch Foundation over the past two years.

Bizarrely, Spiked still uses Leon Trotsky to justify its positions. It claims to have built its philosophy on his objective of “increasing the power of man over nature and … the abolition of the power of man over man”. This means, it says, that “we should fight for greater human dominion over the natural world”, and that regulatory power should not be used to prevent anyone from exercising their agency. The result appears to turn Trotsky’s objective on its head: without constraint, those with the greatest agency can exercise uninhibited power over others.

Its enthusiasm for Trotsky is highly selective. As one of Spiked’s writers noted in 2002, his central message was that “the retreat behind national boundaries is a recipe for reaction”. Yet the magazine’s defence of both Brexit and Viktor Orban, Hungary’s right-wing prime minister, is founded on the notion of national sovereignty. Spiked seems to have remembered everything Leon Trotsky wrote that could be recruited to the cause of corporate capital and the hard right, and forgotten all his, shall we say, less enthusiastic musings about those forces.

Above all, its positions are justified with the claim to support free speech. But the freedom all seems to tend in one direction: freedom to lambast vulnerable people. The Unsafe Space tour that the Charles Koch Foundation financed was heavily slanted towards this line. Yet, when I exercised my freedom of speech in sending my questions to Spiked, I was denounced on the front page of the magazine as a “McCarthyite”. This is its favourite insult, which it uses prolifically to dismiss legitimate inquiries and critiques. The usual term for asking awkward questions about powerful interests is journalism. Open information and transparency are crucial to free speech: the more we know, the freer we become. Spiked has also called for schools, universities and governments to be “cleansed” of “the malign influence” of green NGOs, which it denounces as “the environmentalist enemy within.” Some friends of free speech, these.

The Kochs are mentioned in several Spiked articles, but no corresponding interests are declared. An article in 2016, when Spiked received $170,000 from the Charles Koch Foundation, attacked the Standing Rock protests against the Dakota Access Pipeline, in which the Koch brothers have a major interest.

Is this the extent of the Koch brothers’ funding of groups based in the UK? Who knows? I have not yet had a response from the Charles Koch Foundation. But I see these payments as part of a wider pattern of undisclosed funding. Democracy without transparency is not democracy.

www.monbiot.com

05:00

World Meditation Champion [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Indie Rock Pete: the world's most competitive meditator.

00:35

Link [Scripting News]

Just got home. Amazing connections on arriving. New concourse at Penn Station, very confusing. Followed one of the paths, was hoping to get on the 1 train uptown, but the concourse took me right to the platform for the A train. WTF. So I went upstairs, and as I was reaching the platform an uptown A pulls in. I get on. A seat is waiting for me. I get off the train, walk to my building and an elevator opens, I get in and it takes me right up to my apartment. From the Acela to my living room, about 10 minutes. Couldn't possibly have happened any faster. Sometimes, rarely, NYC "just works" as we say in the software biz.

Sunday, 09 December

21:14

Scammers Use Facebook and Google to Spread Malicious ‘Pirate’ Files [TorrentFreak]

Last weekend we reported how scammers were sending DMCA notices to downrank game piracy sites.

Presumably, this was done to give their malware-infested pirate sites a better ranking in search results.

While our previous article focused on the abuse of takedown notices, the problem is much broader. In addition to removing content, scammers are also spamming many sites with messages that link people to their dubious pirate sites.

We spoke to a source who has followed this activity for quite a while and actively reported spam he found on medium.com, change.org, wattpad.com, github.com, bitly.com, deviantart.com, zendesk.com, soundcloud.com, ghost.org, hashnode.com, and elsewhere.

Most of these sites were very cooperative and cleaned up the mess soon after they were alerted.

“The list is really long, but what was great is that all these services immediately responded to my reports. Some of them implemented spam filters and medium.com even sent a t-shirt to thank me,” says our source, who prefers to remain anonymous.

Zendesk’s response

With any type of spam, it’s impossible to eliminate the problem completely. However, our source says that some platforms are more receptive to reports than others. At Facebook and Google, this didn’t go so easily.

For months, scammers have used Facebook events to promote their malware or trojan links out in the open, through numerous accounts. In some cases, these events have been online for months, such as with this Fix Problem account.

This account lists many hundreds of events, which presumably link to pirated software, games, and other content. There are no events of course, but these listings help to increase SEO and give the associated sites a boost in traffic as well.

Fix problem?

The problem is rather persistent. Our source says that he reported the issue in detail to Facebook, but that there’s been little improvement. Many of the reported events are still online today, and new ones keep appearing too.

A targeted search for “Just Cause” Facebook events created over the past week, shows dozens of results.

Targeted Google search

Initially, the Facebook posts linked directly to the sites where the malware-content could be downloaded, but more recently they switched to Google groups. Perhaps because these links are harder to detect automatically.

People who follow these links don’t get a copy of free software, games, or movies. Instead, they’re downloading malware-infested files, although the landing page suggests otherwise.

A Just Cause landing page

Facebook events appears to be one of the favorite spamming tools, but Google groups are also frequently used. This issue was brought to Google’s attention weeks ago, in a rather detailed post in the webmaster help forum.

For weeks, many of the reported groups remained online and some still are at the time of writing. New ones are still appearing too, as shown below.

Just Cause?

More recently, Google has flagged several postings but instead of removing them entirely, Google added a warning message.

TorrentFreak followed a few of the links that were provided in these spam posts and these indeed point to suspicious malware files, or worse. While this type of spamming activity is not new, Google, Facebook and others may want to take a closer look at how this can be dealt with properly.

Our source has made it somewhat of a personal crusade to go after the scammers. As he runs a pirate site of his own, he a has stake in the matter. Previousy his own links were taken down from Google and, as reported last week, he believes that this was a targeted action by the scammers.

A very detailed accounting of evidence and other information, shared with us, suggests that’s indeed the case, at least in some instances. It could of course be that there are more rogue actors.

In the background, this takedown issue has added fuel to a rivalry between ‘real’ pirate sites. Accusations were made back and forth, which resulted in one site shutting down and much more drama on top.

It’s impossible to verify any of the claims or accusations and there may be more things going on at once. What we can say, however, is that our source directly linked the takedown efforts to the type of scamming activity on Google, Facebook, and other sites.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Feeds

FeedRSSLast fetchedNext fetched after
XML 04:07, Friday, 14 December 04:48, Friday, 14 December
a bag of four grapes XML 03:42, Friday, 14 December 04:24, Friday, 14 December
A Smart Bear: Startups and Marketing for Geeks XML 04:07, Friday, 14 December 04:48, Friday, 14 December
All - O'Reilly Media XML 03:42, Friday, 14 December 04:24, Friday, 14 December
Anarcho's blog XML 04:07, Friday, 14 December 04:51, Friday, 14 December
Ansible XML 04:07, Friday, 14 December 04:47, Friday, 14 December
Bad Science XML 04:14, Friday, 14 December 05:03, Friday, 14 December
Black Doggerel XML 04:07, Friday, 14 December 04:48, Friday, 14 December
Blog – Official site of Stephen Fry XML 04:14, Friday, 14 December 05:03, Friday, 14 December
Broodhollow XML 04:07, Friday, 14 December 04:48, Friday, 14 December
Charlie Brooker | The Guardian XML 03:42, Friday, 14 December 04:24, Friday, 14 December
Charlie's Diary XML 04:14, Friday, 14 December 05:02, Friday, 14 December
Chasing the Sunset - Comics Only XML 04:14, Friday, 14 December 05:03, Friday, 14 December
Clay Shirky XML 04:07, Friday, 14 December 04:51, Friday, 14 December
Coding Horror XML 04:14, Friday, 14 December 05:01, Friday, 14 December
Cory Doctorow – Boing Boing XML 04:07, Friday, 14 December 04:48, Friday, 14 December
Cory Doctorow's craphound.com XML 03:42, Friday, 14 December 04:24, Friday, 14 December
Ctrl+Alt+Del Comic XML 04:14, Friday, 14 December 05:02, Friday, 14 December
Cyberunions XML 04:14, Friday, 14 December 05:03, Friday, 14 December
David Mitchell | The Guardian XML 04:07, Friday, 14 December 04:50, Friday, 14 December
Debian GNU/Linux System Administration Resources XML 04:07, Friday, 14 December 04:48, Friday, 14 December
Deeplinks XML 04:07, Friday, 14 December 04:51, Friday, 14 December
Diesel Sweeties webcomic by rstevens XML 04:07, Friday, 14 December 04:50, Friday, 14 December
Dork Tower XML 03:42, Friday, 14 December 04:24, Friday, 14 December
Edmund Finney's Quest to Find the Meaning of Life XML 04:07, Friday, 14 December 04:50, Friday, 14 December
Eerie Cuties XML 04:14, Friday, 14 December 05:01, Friday, 14 December
EFF Action Center XML 04:07, Friday, 14 December 04:50, Friday, 14 December
Enspiral Tales - Medium XML 04:07, Friday, 14 December 04:52, Friday, 14 December
Erin Dies Alone XML 04:14, Friday, 14 December 05:01, Friday, 14 December
Events XML 04:14, Friday, 14 December 05:02, Friday, 14 December
Falkvinge on Liberty XML 04:14, Friday, 14 December 05:02, Friday, 14 December
Flipside XML 03:42, Friday, 14 December 04:24, Friday, 14 December
Free software jobs XML 04:07, Friday, 14 December 04:47, Friday, 14 December
Full Frontal Nerdity by Aaron Williams XML 04:14, Friday, 14 December 05:02, Friday, 14 December
General Protection Fault: The Comic Strip XML 04:14, Friday, 14 December 05:02, Friday, 14 December
George Monbiot XML 04:07, Friday, 14 December 04:50, Friday, 14 December
Girl Genius XML 04:07, Friday, 14 December 04:50, Friday, 14 December
God Hates Astronauts XML 04:14, Friday, 14 December 05:02, Friday, 14 December
Graeme Smith XML 04:07, Friday, 14 December 04:51, Friday, 14 December
Groklaw XML 04:14, Friday, 14 December 05:02, Friday, 14 December
Hackney Anarchist Group XML 04:14, Friday, 14 December 05:03, Friday, 14 December
http://cashing-knowledge.jp/?feed=rss2 XML 04:07, Friday, 14 December 04:47, Friday, 14 December
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 04:07, Friday, 14 December 04:52, Friday, 14 December
http://eng.anarchoblogs.org/feed/atom/ XML 03:49, Friday, 14 December 04:35, Friday, 14 December
http://feed43.com/3874015735218037.xml XML 03:49, Friday, 14 December 04:35, Friday, 14 December
http://feeds2.feedburner.com/GeekEtiquette?format=xml XML 04:07, Friday, 14 December 04:50, Friday, 14 December
http://fulltextrssfeed.com/feeds2.feedburner.com/uclick/doonesbury?format=xml XML 04:07, Friday, 14 December 04:50, Friday, 14 December
http://london.indymedia.org/articles.rss XML 04:14, Friday, 14 December 05:01, Friday, 14 December
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&_render=rss XML 03:49, Friday, 14 December 04:35, Friday, 14 December
http://the-programmers-stone.com/feed/ XML 04:14, Friday, 14 December 05:01, Friday, 14 December
http://thecommune.co.uk/feed/ XML 04:07, Friday, 14 December 04:52, Friday, 14 December
http://ubuntuweblogs.org/atom.xml XML 03:49, Friday, 14 December 04:35, Friday, 14 December
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 04:14, Friday, 14 December 05:03, Friday, 14 December
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 04:07, Friday, 14 December 04:51, Friday, 14 December
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 03:42, Friday, 14 December 04:24, Friday, 14 December
http://www.amongruins.org/?feed=atom XML 04:14, Friday, 14 December 05:02, Friday, 14 December
http://www.baen.com/baenebooks XML 04:07, Friday, 14 December 04:51, Friday, 14 December
http://www.dcscience.net/feed/medium.co XML 04:14, Friday, 14 December 05:03, Friday, 14 December
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 04:07, Friday, 14 December 04:51, Friday, 14 December
http://www.freedompress.org.uk/news/feed/ XML 04:14, Friday, 14 December 05:02, Friday, 14 December
http://www.goblinscomic.com/category/comics/feed/ XML 04:07, Friday, 14 December 04:47, Friday, 14 December
http://www.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 04:07, Friday, 14 December 04:47, Friday, 14 December
http://www.steampunkmagazine.com/inside/feed/ XML 04:07, Friday, 14 December 04:48, Friday, 14 December
http://www.tinycat.co.uk/feed/ XML 04:07, Friday, 14 December 04:47, Friday, 14 December
https://hackbloc.org/rss.xml XML 04:07, Friday, 14 December 04:48, Friday, 14 December
https://kajafoglio.livejournal.com/data/atom/ XML 04:14, Friday, 14 December 05:03, Friday, 14 December
https://kimmo.suominen.com/stuff/dilbert-daily.xml XML 04:14, Friday, 14 December 05:03, Friday, 14 December
https://philfoglio.livejournal.com/data/atom/ XML 04:14, Friday, 14 December 05:01, Friday, 14 December
https://studiofoglio.livejournal.com/data/atom/ XML 03:49, Friday, 14 December 04:35, Friday, 14 December
https://twitter.com/statuses/user_timeline/22724360.rss XML 04:07, Friday, 14 December 04:47, Friday, 14 December
https://web.randi.org/?format=feed&type=rss XML 04:07, Friday, 14 December 04:50, Friday, 14 December
https://www.hackneysolidarity.info/rss.xml XML 04:07, Friday, 14 December 04:52, Friday, 14 December
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 04:07, Friday, 14 December 04:48, Friday, 14 December
https://www.patreon.com/graveyardgreg/posts/comic.rss XML 04:14, Friday, 14 December 05:01, Friday, 14 December
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 04:07, Friday, 14 December 04:50, Friday, 14 December
Humble Bundle Blog XML 04:14, Friday, 14 December 05:01, Friday, 14 December
I, Cringely XML 04:14, Friday, 14 December 05:02, Friday, 14 December
Irregular Webcomic! XML 04:07, Friday, 14 December 04:48, Friday, 14 December
Joel on Software XML 03:49, Friday, 14 December 04:35, Friday, 14 December
Judith Proctor's Journal XML 04:07, Friday, 14 December 04:47, Friday, 14 December
Krebs on Security XML 04:07, Friday, 14 December 04:48, Friday, 14 December
Lambda the Ultimate - Programming Languages Weblog XML 04:07, Friday, 14 December 04:47, Friday, 14 December
LFG Comics XML 04:07, Friday, 14 December 04:51, Friday, 14 December
LLVM Project Blog XML 04:07, Friday, 14 December 04:52, Friday, 14 December
Loomio Blog XML 03:49, Friday, 14 December 04:35, Friday, 14 December
LWN.net XML 04:07, Friday, 14 December 04:48, Friday, 14 December
Menage a 3 XML 04:07, Friday, 14 December 04:51, Friday, 14 December
Mimi and Eunice XML 04:07, Friday, 14 December 04:52, Friday, 14 December
Neil Gaiman's Journal XML 04:07, Friday, 14 December 04:47, Friday, 14 December
Nina Paley's Blog XML 04:14, Friday, 14 December 05:01, Friday, 14 December
O Abnormal – Scifi/Fantasy Artist XML 04:07, Friday, 14 December 04:52, Friday, 14 December
Oglaf! -- Comics. Often dirty. XML 04:14, Friday, 14 December 05:02, Friday, 14 December
Oh Joy Sex Toy XML 04:07, Friday, 14 December 04:51, Friday, 14 December
Order of the Stick XML 04:07, Friday, 14 December 04:51, Friday, 14 December
Original Fiction – Tor.com XML 03:42, Friday, 14 December 04:24, Friday, 14 December
OSNews XML 04:07, Friday, 14 December 04:52, Friday, 14 December
Paul Graham: Unofficial RSS Feed XML 04:07, Friday, 14 December 04:52, Friday, 14 December
Penny Arcade XML 03:42, Friday, 14 December 04:24, Friday, 14 December
Penny Red XML 04:07, Friday, 14 December 04:52, Friday, 14 December
PHD Comics XML 04:14, Friday, 14 December 05:03, Friday, 14 December
Phil's blog XML 04:14, Friday, 14 December 05:02, Friday, 14 December
Planet Debian XML 04:07, Friday, 14 December 04:52, Friday, 14 December
Planet GridPP XML 04:14, Friday, 14 December 05:01, Friday, 14 December
Planet Lisp XML 04:14, Friday, 14 December 05:03, Friday, 14 December
Property is Theft! XML 04:07, Friday, 14 December 04:47, Friday, 14 December
QC RSS XML 04:14, Friday, 14 December 05:01, Friday, 14 December
Scenes From A Multiverse XML 04:14, Friday, 14 December 05:01, Friday, 14 December
Schneier on Security XML 04:07, Friday, 14 December 04:47, Friday, 14 December
SCHNEWS.ORG.UK XML 04:07, Friday, 14 December 04:51, Friday, 14 December
Scripting News XML 03:42, Friday, 14 December 04:24, Friday, 14 December
Seth's Blog XML 03:49, Friday, 14 December 04:35, Friday, 14 December
Skin Horse XML 03:42, Friday, 14 December 04:24, Friday, 14 December
Starslip by Kris Straub XML 03:42, Friday, 14 December 04:24, Friday, 14 December
Tales From the Riverbank XML 04:14, Friday, 14 December 05:03, Friday, 14 December
The Adventures of Dr. McNinja XML 04:07, Friday, 14 December 04:52, Friday, 14 December
The Bumpycat sat on the mat XML 04:07, Friday, 14 December 04:47, Friday, 14 December
The Command Line XML 03:49, Friday, 14 December 04:35, Friday, 14 December
The Daily WTF XML 03:49, Friday, 14 December 04:35, Friday, 14 December
The Monochrome Mob XML 04:07, Friday, 14 December 04:48, Friday, 14 December
The Non-Adventures of Wonderella XML 04:07, Friday, 14 December 04:50, Friday, 14 December
The Old New Thing XML 04:07, Friday, 14 December 04:51, Friday, 14 December
The Open Source Grid Engine Blog XML 04:14, Friday, 14 December 05:01, Friday, 14 December
The Phoenix Requiem XML 04:07, Friday, 14 December 04:47, Friday, 14 December
The Rogues Gallery XML 04:14, Friday, 14 December 05:02, Friday, 14 December
The Stranger, Seattle's Only Newspaper: Savage Love XML 04:07, Friday, 14 December 04:52, Friday, 14 December
TorrentFreak XML 04:07, Friday, 14 December 04:50, Friday, 14 December
towerhamletsalarm XML 03:49, Friday, 14 December 04:35, Friday, 14 December
Twokinds XML 03:42, Friday, 14 December 04:24, Friday, 14 December
UK Indymedia Features XML 03:42, Friday, 14 December 04:24, Friday, 14 December
Uploads from ne11y XML 03:49, Friday, 14 December 04:35, Friday, 14 December
Uploads from piasladic XML 04:07, Friday, 14 December 04:50, Friday, 14 December
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 03:49, Friday, 14 December 04:35, Friday, 14 December
What If? XML 04:07, Friday, 14 December 04:48, Friday, 14 December
Whatever XML 04:14, Friday, 14 December 05:03, Friday, 14 December
Whitechapel Anarchist Group XML 04:14, Friday, 14 December 05:03, Friday, 14 December
WIL WHEATON dot NET XML 04:07, Friday, 14 December 04:51, Friday, 14 December
wish XML 04:07, Friday, 14 December 04:52, Friday, 14 December
xkcd.com XML 04:07, Friday, 14 December 04:50, Friday, 14 December