Sunday, 26 January


Indonesia Faces Call for US Trade Sanctions over Online Piracy [TorrentFreak]

Indonesia has been very active on the anti-piracy front in recent months, with the government ordering Internet providers to block hundreds of pirate sites.

Despite these enforcement efforts, several high profile US entertainment industry groups see room for improvement in the Asian country.

The International Intellectual Property Alliance (IIPA), which includes a wide range of copyright groups including the MPA, RIAA, and ESA, made this clear in a recent submission to the US Trade Representative.

IIPA advises the U.S. government to suspend Indonesia’s GSP trade benefits if the country fails to do more to protect the interests of US copyright holders. With many millions of dollars at stake, this is a serious threat.

In their submission, IIPA acknowledges that the Indonesian government has recently taken “significant strides” to combat piracy. However, it also adds that “more should be done.”

The group notes that the movie and music industries “worked” with the government to block hundreds of websites. This resulted in some success stories, such as the recent decision by pirate site IndoXXI to voluntarily shut down.

However, blockades are not always effective. In many cases, the initial drops in traffic that occur after a blockade are undone when sites move to new domain names.

“[T]hese drops in traffic are intermittent as most well-known piracy sites employ a strategy of domain hopping—redirecting domains to circumvent the results of site-blocking efforts,” IIPA writes.

The Indonesian government has already responded to this by blocking new domains as well, but IIPA sees room for improvement on this front.

“The government should streamline the process for rights holders to ensure access to infringing sites is disabled and to deal efficiently with the problem of domain hopping,” the group writes.

These demands are clear but it remains odd to see calls for these types of drastic measures from US companies that have yet to take any action to block a single pirate site in the US itself.

IIPA’s demands don’t end there either – the copyright holders have more suggestions. For example, Indonesia should prioritize enforcement efforts against illegal camcording in theaters as well as live streaming piracy.

“The government should issue clear guidelines and regulations on illegal camcording and live streaming piracy, and take the initiative to reduce instances of these illegal activities as a priority,” IIPA writes.

In addition, piracy apps and the distribution points for piracy-enabling set-top boxes should be dealt with as well.

“IIPA encourages the Indonesian Government to take steps to crack down on piracy apps and on device retailers who preload the devices with apps that facilitate infringement, and take action against key distribution points for devices that are being used illegally.”

This is just a small selection of the demands which also include a repeal of certain copyright exceptions and an extension of the copyright term to the life of the author plus 70 years.

According to IIPA, Indonesia was on the right track but in 2019 progress stalled and even regressed. The organization hopes that by listing a wide variety of improvement opportunities, perhaps with a nudge from the US government, progress can continue.

If the US Government doesn’t see any improvement, it should suspend (some of) the existing trade benefits for the country, the rightsholder groups conclude.

“If, at the conclusion of the review, the Government of Indonesia has not made adequate progress remedying the deficiencies outlined above, IIPA requests that the Committee suspend or withdraw Indonesia’s GSP benefits, in whole or in part,” IIPA writes.

This type of pressure is not new. In 2017 the US Government sanctioned Ukraine following a similar referral from the IIPA. This triggered a wave of copyright-related actions in the country, with President Trump deciding to lift the sanctions a few months ago.

IIPA’s full submission to the US Trade Representative is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Movie & TV Show Database Bombards Google With Bizarre Takedown Notices [TorrentFreak]

First launched in 1993, France-based company AlloCiné aims to support the entertainment industries by providing information on movies and TV shows.

The company operates a portal located at where users can research movies, TV series, actors and view a wide range of additional information such as release dates, for example. While less well-known than iMDb, for example, is a huge draw with more than 46 million visits per month.

During December 2019 and for reasons that remain unclear, a new wave of DMCA takedown notices began appearing on Google’s Transparency Report, reportedly sent by AlloCiné and targeting a broad range of sites. All told and from a standing start, the company appears to have requested the removal of more than 6,300 URLs from third-party sites, claiming that they infringe AlloCiné’s rights.

Determining whether that’s actually the case is not easy since the notices submitted to Google don’t include links where original content can be found. The first notice, dated December 16, 2019, seems to target sites that give the impression of being streaming portals. They bear no close resemblance to AlloCiné and Google eventually rejected every single request.

This pattern largely continues across many copyright claims targeting thousands of URLs but then even more glaring errors start to appear.

While similar to those that preceded it, this notice asks Google to delete a page on rival entertainment database JustWatch featuring Game of Thrones. It also demands that a link to a Rotten Tomatoes page detailing The Mandalorian is deleted, just one of many targeting the site in the days that followed.

For reasons unknown, this notice targets the History Channel while another attempts to delist a Harley Quinn article published by Newsweek.

With Google refusing to take action for almost all URLs thus far, another notice persists by demanding the takedown of an information page relating to the TV series Asylum City published on the CanalPlus website. Another targets pages on both MetaCritic and Decider after they covered the Disney show The Imagineers.

Things only go down from here, with another notice targeting four more Rotten Tomatoes URLs, one belonging to Hulu, plus one owned by Paramount Network. Just a day later, another notice swooped back for another bite at Hulu (it is targeted in several notices) plus an attack on the site While this might sound like a TV show platform, it is in fact a BMW-focused sales and repairs company in the UK.

Sadly, subsequent notices don’t offer any improvement, with one in particular standing out after targeting news site Le Parisien for writing about Netflix, for reporting on The Witcher, and Vulture for recapping The Mandalorian.

Quite what AlloCiné is trying to achieve here isn’t clear but the very same notice also targets the New York Times, Netflix, KickStarter, IGN,, and, Wikipedia and – for good measure – AlloCiné’s very own domain.

TorrentFreak’s request for comment from AlloCiné remains unanswered.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Internet Provider RCN Asks Court to Dismiss Piracy Liability Lawsuit [TorrentFreak]

Last summer several major music companies filed a lawsuit against Internet provider RCN. Helped by the RIAA, they argued that the ISP turned a blind eye to pirating subscribers.

The lawsuit is in many regards similar to the ones against other ISPs, such as Cox, Grande, and Charter, which were all accused of failing to terminate the accounts of repeat infringers.

According to the labels, RCN knew that some of its subscribers were frequently distributing copyrighted material, but failed to take any meaningful action in response. To compensate for this alleged inaction the music companies demand damages.

Last month we saw that the stakes are high in these cases. Following a two week trial, Cox was found guilty with the jury awarding a billion dollars in damages. This is something RCN wants to avoid.

Fighting back, the company submitted a motion to dismiss the lawsuit at the New Jersey federal court this week.

RCN starts by pointing out that the music companies don’t accuse it of hosting any infringing material. Nor do they argue that the ISP promoted its service to illegally share content.

“Instead, the thrust of Plaintiffs’ case is that RCN is secondarily liable because it did not terminate the internet access of subscribers accused of copyright infringement,” RCN writes.

The use of the term “accused” is important here. These accusations come from third-party outfit Rightscorp which sent huge amounts of infringement notifications bundled with settlement requests.

According to RCN, Rightscorp used the threat of legal action to extract settlements from subscribers. With this business model, more notices would generally result in more revenue.

“This means that Rightscorp is incentivized to send huge volumes of infringement accusations, without regard to the amount or frequency of any actual copyright infringement,” the ISP notes.

The music companies don’t claim that they used Rightscorp’s services themselves. Instead, RCN believes that the rightsholders acquired Rightscorp’s data after the fact, to pursue legal campaigns against ISPs.

In any case, the ISP has very little faith in the accuracy of Rightscorp’s piracy notifications and clearly disregards them as credible evidence.

“No reasonable ISP would accept Rightscorp’s copyright infringement allegations as credible, much less actionable. Rightscorp does not provide any evidence whatsoever demonstrating that a given internet user possessed or shared the copyrighted content in question,” RCN writes.

Continuing its motion, RCN explains step by step why the music companies’ claims don’t hold up, starting with the accusation of contributory infringement.

Liability for contributory infringement can only take place if an ISP is aware of direct copyright infringements and actively encourages or induces this activity. That’s not the case, according to RCN, as Rightcorp’s notices are not evidence of direct infringement.

“Rightscorp’s conclusory email allegations cannot confer knowledge of copyright infringement because they are unsupported and unverifiable,” RCN writes.

The ISP also emphasizes that Rightcorp’s notices are not DMCA compliant. They don’t provide sufficient information to disable or remove infringing content, nor do they properly identify the works, as there is no mention of copyright registration numbers.

In addition, RCN points out that its Internet service has substantial non-infringing uses, adding that the music companies failed to show that the ISP promoted or contributed to any infringing uses of its network.

“Plaintiffs only allege that RCN provided the alleged direct infringers with internet access. This is far too attenuated from the infringing conduct to constitute material contribution,” RCN adds.

The claim of liability for vicarious copyright infringement also falls flat, RCN argues. The ISP says doesn’t profit from any of the alleged infringing activity nor does it have the ability to control it.

Finally, the music companies’ claim of liability for direct infringement can’t be proven either, simply because there’s no hard evidence that any RCN subscribers engaged in piracy.

“Taking Plaintiffs’ allegations as true, they cannot show that any infringing content was unlawfully obtained over RCN’s network, or that any user of RCN’s engaged in conduct directly infringing Plaintiffs’ distribution rights,” RCN notes.

According to the ISP, the music companies failed to state a proper claim so it, therefore, asks the court to dismiss the complaint.

The music companies still have the option to reply to RCN’s arguments after which the court will rule on the matter.

In related cases, other ISPs have submitted similar motions, with some being more successful than others. Grande managed to have the vicarious infringement claim dropped, for example, but Cox’s attempt to do the same failed.

A copy of RCN’s motion to dismiss the music companies’ complaint is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Rivendell Has Now Sent Half a Billion DMCA Takedown Requests to Google [TorrentFreak]

DMCA notices or their equivalents can be filed against websites, hosts, ISPs and other services almost anywhere in the world, with the majority of entities taking some action in response.

At Google, for example, the company receives DMCA notices requesting that allegedly-infringing URLs are delisted from search results and at this company alone, the scale is astonishing. At the time of writing, Google has processed requests to remove 4.43 billion URLs from its indexes across 2.77 million domains. These were filed by more than 196,100 copyright holders and 186,100 reporting organizations, which includes anti-piracy groups.

This week, one of those anti-piracy groups reached a historic milestone. French anti-piracy group Rivendell sent its 500 millionth URL delisting request to Google, breaking the half-a-billion barrier for a single reporting entity for the first time.

Hervé Lemaire is the owner of Rivendell’s sister company LeakID, a company he formed in 2006 after he left EMI/Virgin as Head of Digital. Speaking with TorrentFreak this week, he explained that Rivendell was launched in 2013 with a key focus to prevent unlicensed content appearing in Google’s indexes.

Lemaire didn’t provide specific details on Rivendell’s top clients but a cursory view of Google’s report shows many familiar names from the world of entertainment, including what recently appears to be a strong focus on sports content owned by the Premier League and Italy’s Serie A.

In common with all anti-piracy companies, Rivendell isn’t keen to give away its secrets. Lemaire did confirm however that patroling Google’s indexes is only part of the puzzle and that scanning piracy platforms to identify infringing material quickly plays a big part.

When it comes to dealing with Google itself, Lemaire bucks the trend by complimenting (rather than criticizing) the company for its anti-piracy work.

“We work closely with the Google team and we are very happy with them,” he told TF. “They are very cooperative and when we have a problem with a link we always have an answer and a solution from them.”

Google doesn’t impose any reporting limits on Rivendell either, with Lemaire noting that all Google wants is to work with “serious companies doing a serious job.”

While the sending of more than half-a-billion URL reports is certainly remarkable, it’s worth breaking down what type of action was taken in response to them. The image below shows what action Google took, with just under three-quarters of URL requests resulting in immediate removal.

That raises the question of why 25% of Rivendell’s URL reports failed to result in content being removed.

The red category – almost 20% – indicates content that didn’t actually exist in Google’s indexes at the time it was detected by Rivendell. The company suggests that because it acts so quickly, it can detect content before it appears in Google’s results.

“If you search the links only on Google, you have nothing to do with the protection of content,” Lemaire says.

“We do not expect Google to show us the pirated links [immediately]. To be effective we must go to where content is found before it appears on the search engine, especially for live content.”

This type of proactive takedown isn’t a problem for Google. As previously revealed, the company is happy to receive the URLs for content it hasn’t yet indexed for action when they do eventually appear.

“We accept notices for URLs that are not even in our index in the first place. That way, we can collect information even about pages and domains we have not yet crawled,” Google copyright counsel Caleb Donaldson previously explained.

“We process these URLs as we do the others. Once one of these not-in-index URLs is approved for takedown, we prophylactically block it from appearing in our Search results.”

Lemaire also has straightforward explanations for the other categories too. Requests labeled as ‘duplicate’ by Google have already been targeted by other anti-piracy companies while the 1% marked “No Action” can be the result of several issues including a lack of evidence, a homepage delisting request, hidden content, or even a ‘fake’ pirate website.

The big question, however, is whether all of these delisting efforts actually have any serious impact on the volumes of pirated content being consumed. Lemaire is clear: “It works.”

“For live events like football we were the first to work on removing links before, during and after matches. This is why several European leagues trust us in particular on this subject,” he says.

“In general, the removal of illegal links allows legal offers to occupy the top places in search results. There are still improvements to be made regarding the pagerank of illegal sites, however.”

Lemaire is brief when questioned on what measures are taken to avoid erroneous takedowns, stating that all domains are validated before they are notified to Google. Finally, he also appears to recognize the resourcefulness of his adversaries but says that countering them is enjoyable.

“Pirates are not stupid and are constantly finding new solutions. It’s up to us to work to outsmart them .. we love it,” he concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Swedish Court Issues ‘Dynamic’ Pirate Bay Blocking Order [TorrentFreak]

In recent years, Swedish movie outfits and Hollywood studios, including Disney, Paramount Pictures and Warner Bros, have been working hard to get local ISPs to block The Pirate Bay.

The first success came a few years ago when a blocking order was issued against local Internet provider Bredbandsbolaget. This was later followed by an interim order against Telia, Sweden’s largest ISP, which was struck down on appeal and sent back to the lower court.

During the second try of the case movie companies again requested a blocking order against The Pirate Bay, as well as three other sites, Dreamfilm, FMovies, and NyaFilmer.

Last month this case was decided in favor of the rightsholders, with the court not only issuing a blocking injunction but also one that can be extended

The Swedish Patent and Market Court ordered Telia to block access to the four pirate sites to prevent these from facilitating further copyright infringement. In addition, the rightsholders are also allowed to add new domain names and IP-addresses going forward.

The movie companies requested this expansion option since blocking orders are often circumvented through new domains and proxy sites. Telia objected to the request for such a “dynamic” blocking order, but the court sided with the copyright holders.

“It is clear that the services change domain names and URLs and that this is a quick, easy and inexpensive way to bypass the effect of a blocking procedure,” the court writes.

“A blocking injunction should, therefore, in order to effectively serve the rights holders’ interest in preventing infringements, not merely target specified domain names and URLs,” the order adds.

This effectively means that Telia must update its blocklist when it’s made aware of changes. Any new URLs and IP-addresses have to provide access to any of the four pirate sites, including The Pirate Bay.

Telia also objected to the general blocking order and questioned whether the rightsholders had shown any proof of infringement. However, the court refuted these arguments and stressed that, under EU law, ISP can be ordered to stop pirating subscribers.

The case resulted in a clash between several rights that are defined in the Charter of Fundamental Rights of the European Union. In this instance, the property rights of the movie companies weigh stronger than Telia’s right to entrepreneurial freedom.

Hans Eriksson, Senior Associate at the law firm  Westerberg & Partners, highlighted the case at IPKat, believes that dynamic injunctions, which can be updated regularly, will become more and more common.

“Dynamic injunctions like this one are likely to be the future for blocking injunctions in Europe,” Eriksson tells TorrentFreak.

The Market Court’s injunction is valid for three years. If Telia fails to properly implement the blockades, it risks a penalty of 500,000 Swedish Krona (€47,500). Telia is not happy with the outcome, however, and has already filed an appeal.

A copy of the Patent and Market Court’s order, in Swedish, is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Link [Scripting News]

Continue to be impressed with Brian Lehrer's Impeachment podcast. Highly recommend this episode with Susan Hennessey and Benjamin Wittes of Lawfare. I was going to ask Lehrer to do a show on what the US will be like after a Trump acquittal. This episode is a good start. Before watching another hour of CNN or MSNBC, listen to this. You'll learn a lot more.


Link [Scripting News]

Amy Klobuchar is like a homemade chicken pot pie on a cold winter's day. I think after all the rock and roll the flyover folk would like a little peace and quiet. That's what I want. Not to have to worry about the US govt blowing the world up.

Today in GPF History for Sunday, January 26, 2020 [General Protection Fault: The Comic Strip]

Harry Barker and Don blackmail Professor Deadlock into helping them...


Two years after a federal law banning shackling women during childbirth was passed, prisoners in America are still giving birth in chains [Cory Doctorow – Boing Boing]

In 2010, the UN adopted a rule regarding incarcerated pregnant women: "instruments of restraint shall never be used … during labour, during birth and immediately after birth." In 2018, the Federal First Step Act banned shackling pregnant women, women giving birth, and women caring for newborns; but the law does not extend to local and state jails, where 85% of the incarcerated women in America are locked up.

As a result, the practice of shackling women before, during and after childbirth is rampant across America, and in the majority (61%) of these circumstances, the women are shackled not because of any specific danger, but because the facility has a policy that insists that they be in chains. The US government does not require state or local lockups to maintain statistics on pregnancy among inmates, and a bill to require this data collection has languished in Congress since September 2018.

Incarcerated women are disproportionately likely to have experienced violent trauma, especially sexual trauma, and the women who have given birth in restraints describe how the experience triggered their post-traumatic stress from these incidents.

Lori Yearwood's Guardian story on the practice is heartbreaking, tracing how the trauma of giving birth in chains can redound for decades after.

Harriette Davis, 64, once an inmate at the California Institute for Women in Corona, is now an anti-shackling advocate and remembers well the trauma of being handcuffed to a hospital bed before giving birth to her daughter 36 years ago. The attending doctor told the guard to remove the shackles, Davis says, so that Davis could move freely, helping her baby travel more easily down the birth canal.

“She’s not going anywhere,” Davis says the doctor assured the guard.

In the final hour before her daughter was born, the guard finally removed the restraints.

Davis bursts into tears as she speaks by telephone from her home in Berkeley, California. “It’s inhuman and it’s not necessary and it’s emotionally and mentally unhealthy,” she says.

Pregnant and shackled: why inmates are still giving birth cuffed and bound [Lori Teresa Yearwood/The Guardian]

(Thanks, Fipi Lele!)

(Image: mbreton, CC BY-SA, modified)


Link [Scripting News]

When SNL said the devil invented podcasting.


Andrew Cuomo's naked hostility drives out MTA president Andy Byford, the "Train Daddy" who has transformed the world's rail systems [Cory Doctorow – Boing Boing]

Andy Byford comes from generations of public transportation workers and worked his way from a London Underground platform supervisor to running multiple British rail lines; then went to Australia where he oversaw Railcorp in NSW; then to Toronto, where he ran a successful five-year initiative that turned the TTC into the American Public Transportation Association's Outstanding Transit System of the Year -- and then he moved to New York City, to turn around the ailing MTA.

Byford is a legend among transit workers; last week in Toronto I had dinner with a friend whose partner drives a TTC subway who spontaneously started singing Byford's praises -- he spent his time out in the system, talking to drivers and passengers, and understood it from top to bottom, which allowed him to intervene in the system in compassionate and effective ways.

But since Byford's arrival in NYC, he's been at loggerheads with Governor Andrew Cuomo, who fancies himself a latter-day Robert Moses, and who did everything in his power to thwart Byford's work. The final straw was redefining Byford's job so that he would only do day-to-day management, with no responsibility for improvements. Cuomo accomplished this by paying the consultancy Alixpartners $4m to produce a report that recommended a sharply constrained role for Byford.

Byford has resigned, as has Pete Tomlin, a trusted and much-sought-after lieutenant whom Byford brought with him from the TTC.

“Out-of-town MTA executive managers always come and go,” says retired Federal Transit Administration Region 2 New York Office administrator and Railway Age opinion columnist Larry Penner. “Give Governor Cuomo, who enjoys micromanaging the MTA, NYC Transit, LIRR and Metro-North, credit for Byford’s departure. Just how much could anyone put up with Cuomo’s interference? He never travels to and from Albany via Amtrak. When in New York City, he travels around town by car with a driver and police security detail, rather than a bus or subway. Unlike the millions of New Yorkers, he doesn’t own a Metro Card or use public transportation on a daily basis. His motto is ‘do as I say, not as I do.’

“If Cuomo believes he could have done a better job than Byford, there is a simple solution. In his last act, appoint himself NYC Transit President and resign as Governor.

“It will continue to be disappointing for MTA employees, along with riders, advocates, taxpayers and other funding agency partners, if the MTA continues this pattern of bringing in out-of-town talent that comes and goes. There are many experienced internal MTA candidates who are qualified to fill the vacancy of NYC Transit President. Successful organizations groom, train and promote from within.

You Blew It, Andrew Cuomo [William C. Vantuono/Railway Age]

Fatal car wrecks are correlated with stock-market fluctuations [Cory Doctorow – Boing Boing]

Writing in The Journal of Health Economics, three economists claim (Sci Hub mirror) that "a one standard deviation reduction in daily stock market returns is associated with a 0.6% increase in fatal car accidents that happen after the stock market opening" and that this is robust across "a battery of falsification tests."

They examined data from the Fatality Analysis Reporting System from 1990-2015, and conclude that this "might just be the tip of the iceberg" because most car accidents are not fatal and thus not reflected in their data-set. Moreover, the correlation between fatal wrecks and stock fluctuations underwent a sudden, persistent increase in the mid-nineties, when 401(k)s exposed millions of households' finances to the stock market for the first time.

They recommend public information campaigns to warn people that they might drive worse after their pensions are wiped out. Though, of course, from a neoliberal perspective, this could just be the incredible serendipity of self-correcting markets: when pensions are wiped out by financial engineering, people fatally wreck their cars, circumventing the future pain of not having any pension savings. Capitalism works!

When the market drives you crazy: Stock market returns and fatal car accidents [Corrado Giulietti, Mirco Tonin and Michael Vlassopoulos/The Journal of Health Economics] (Sci-Hub Mirror)

(via Marginal Revolution)


Joe Marshall: The pros and cons of Agile [Planet Lisp]

Agile methodology is currently the popular way of attempting to develop commodity software in a factory-like manner.  It's a little hard to define what exactly is Agile and what is not.  I've worked in several companies and with several groups in companies that all claim to be Agile, yet they did things in very different ways.  But they all seemed to agree on a few things, and this I suppose could be the spirit of Agile, if not the letter.

The basic characteristic of Agile is that you break down the software into smaller and smaller tasks until you reach those tasks that can be comfortably handled by a small (2-8 person) team of engineers to complete in a small (1-2 week) time frame.  Then at the end of the time frame, you supposedly have some software that "works" in some sense of the word.  It exhibits basic functionality and the general gist of what the customer wanted, if not satisfying all the requirements for the entire project. Then over the next several time periods of development, the software is iteratively improved by fleshing out remaining requirements, adding needed functionality, hooking components together, etc. During this time, the customer is involved to make sure that what is being delivered is actually what is needed.

Some projects I worked on did this formally by a book and followed strict guidelines for the methodology, others just winged it, but all had the basic characteristics above.

One of the primary advantages of Agile is its use to management.  By having the large problem broken down into team-size, biweekly pieces, management can easily allocate and track resources usage and progress.  They can treat a team as a black box of software development and assign tasks as they arise.  Management can attempt to measure the performance of a team and see whether it is increasing, decreasing, or remaining steady.  Teams are what managers like to manage.

Another advantage is frequent feedback from the customer.  Since after each time period, a somewhat working version of some fragment of the product is available for demonstration, the customer can give feedback as to how and whether this seems to meet his needs.  He can offer suggestions about what might be improved, what features he needs to make the product at least minimally useful to him, and prevent development from getting off track.

But Agile is not a panacea.  There is still a significant amount of software produced with the traditional “waterfall” methodology with specification completed before coding begins and integration done as a final step in coding and only then releasing to the customer.  There is also a fair amount of software written “artistically”. I would define artistic software as that written by a single developer working alone over a period of several months. Frequently, such a project never gets beyond the hobbyist stage, and as such it is a risky approach to writing production code. But on occasion, an artistic project can turn into something novel and useful. It more often exhibits a unity of vision and coherence that is harder to find in software written by groups of people. (Which isn't to say that small groups cannot write software with unity of vision and coherence, it's just harder. Or they'll have one particular person in the group that has more insight than the others.)

Managers aren't as useful to artistic developers. Artistic developers tend to manage themselves. And you cannot swap out one developer for another without swapping out the entire project with him. A manager can work with an artistic developer as a peer, and help manage the project, but cannot manage the developer.

Frequently involving customers has its pros and cons as well. Often customers have difficulty imagining anything beyond incremental improvements to the current ways of doing things. They'll want a UI widget that will make some task slightly easier, but not think of automating the task altogether. They'll want to automate a series of inefficient tasks when a different viewpoint of the end result might make those intermediate tasks irrelevant. Customers are not impressed with changes to the code that don't produce visible effects. You may have spent a week refactoring in order to make it trivial to add new commands and new outputs, but customers don't care. Customers don't care about potential use cases, they care about their specific use case to the exclusion of everything else. This can be discouraging to developers.

Because Agile is so useful to managers, big and intermediate sized companies will continue to use it to develop commodity software in a factory-like style. It isn't going to be replaced any time soon. But there is still ample room in the market for small companies and individuals with vision to carve out niches that Agile methodologies will overlook and find tricky to fill.

(But I'm a romantic at heart, and I like the image of the lone hacker crafting software on his home computer in his room late at night. If only it were easy to make a living that way.)


Link [Scripting News]

Video demo of a new LO2 feature Doc asked for. Put the cursor in the middle of a paragraph. Press cmd-return to split the paragraph at the cursor position, creating two headlines. Simple, I do this manually all the time, with copy-paste which is more tedious and error-prone. Also going to do the inverse, cmd-backspace to merge two headlines.

Link [Scripting News]

I never saw this SNL parody of a 2016 HRC commercial.


Banks have returned to the pre-2008 world of automatic credit-limit increases for credit cards used by already indebted people [Cory Doctorow – Boing Boing]

"Proactive credit line increases" (PCLIs) are when your credit card company increases your credit limit without your asking for it; it was very common prior to the 2008 crisis, but the post-crisis rules largely put a stop to it. Now, banks have figured out regulatory loopholes that allow them to throw PCLIs at their most vulnerable customers, leading to record-high national levels of credit-card debt of $880b as of last September, higher than the pre-crisis high.

Credit cards are the most profitable loans that the finance industry originates, and 2019 was the best-ever year for the banks' profits from credit cards, with interest rates soaring to a 20-year peak. The US banks made $179b in credit card fees and interest in 2019, and 2020 is projected to be even better. Credit-card debt is the fastest-growing form of debt in the USA.

Much of this PCLI activity is subprime -- extending credit to people who are already overburdened by debt and who will likely miss payments, leading to high penalties, which are extremely profitable for banks.

The number of people aged 19-29 in the USA who are more than 90 days late on their card payments just reached a ten-year high.

But after the stock slipped in 2017, [Capital One] executives came under pressure to show they could meet growth targets. They eventually tweaked their models to offer increases to more customers, betting on a quirk in human behavior, according to the person with knowledge of the decision, who asked not to be named discussing the talks. The firm’sanalyses showed people tended to keep their card utilization steady, even after line increases. In other words, someone who used 80% of their credit line before the boost, would typically use the same percentage afterward, generating more revenue.

Other researchers had come to similar conclusions. For consumers who carry balances on their cards, “nearly 100% of an increase in credit limits eventually becomes an increase in debts,” according to a working paper by Scott Fulford and Scott Schuh for the Federal Reserve Bank of Boston. About half of U.S. credit card accounts carry a balance each month, the CFPB said.

Banks Are Handing Out Beefed-Up Credit Lines No One Asked For [Michelle Davis/Bloomberg]

(via Naked Capitalism)


2018 mattered [Scripting News]

A debating point I wish the Dems would use.

  1. Repubs say Dems have been trying to impeach Trump since the beginning to overturn the 2016 election.
  2. Not quite. Trump lost the 2018 election. The voters wanted Trump impeached.


Link [Scripting News]

Journalism is partisan now. Can’t help it. Just being ethical and educated is now a partisan position. We weren’t raised to believe that, but it’s the new reality.

Link [Scripting News]

The credulous boomer rube demo that backs Donald Trump: "Donald Trump's the smart one, y'all elitists are dummmmb." There's more. This is the new mode for CNN. Laugh at the credulous boomer snowflakes that are wrecking the world.

Testing is needed [Scripting News]

Andy Sylvester asked yesterday what can he do to help. Here's one thing that really holds back progress. When I ship a new version of a piece of software, test it. If you don't know how to do software testing, learn. This is a real problem.

I'm going to release a new version of LO2 soon, maybe today or tomorrow. I will have verified it works on my machine, for what I use it for. But there may be deal stoppers for others.

These days, even experienced developers write ridiculous bug reports. One guy sent me an email saying he couldn't unsub from the nightly email. No clue as to what he did, or what happened. He just said it didn't work and asked if I knew what the problem was. There's nothing I can do for him.

20-plus years ago we had a community that tested the new stuff, and gave us good bug reports. Then we could get some work done. One of them, Terry Teague, was a one-man QA department. He worked for Apple doing testing, but volunteered for community projects like ours, in his spare time, out of the goodness of his heart.

When I release the new version of LO2, I will write up the changes, here, on the blog, and provide a thread on GitHub for problem reports. I will be listening.

See also: Professional users.


Bits from Debian: New Debian Developers and Maintainers (November and December 2019) [Planet Debian]

The following contributors got their Debian Developer accounts in the last two months:

  • Louis-Philippe Véronneau (pollo)
  • Olek Wojnar (olek)
  • Sven Eckelmann (ecsv)
  • Utkarsh Gupta (utkarsh)
  • Robert Haist (rha)

The following contributors were added as Debian Maintainers in the last two months:

  • Denis Danilov
  • Joachim Falk
  • Thomas Perret
  • Richard Laager



Cars, houses and TVs [Seth's Blog]

Compare 1960 to today:

Cars are a bit faster, a bit safer, higher in quality and a lot more expensive.

Houses are much bigger, a bit more efficient and enormously more expensive.

TVs on the other hand, are dramatically bigger, dramatically more efficient, dramatically more powerful, significantly more reliable and way cheaper. For $300, you can buy a 49 inch TV that would have cost a million dollars in 1960.

What happened?

Cars, with the exception of new electric drivetrains, are basically the same thing they were, except designed with computers and assembled by robots.

Houses, with the exception of some prefab edge cases, are still assembled by hand, on location, by skilled workers. And they went up in scale because real estate prices and income inequality went up even more.

But TVs–they made a leap. A leap from analog to digital, a leap from tubes to solid-state. Moore’s Law is at work on your television, but it’s been largely shut out of the two largest purchases most people make.

When you see computers and networks show up in an industry, it’s easy to predict what will happen next.


Wouter Verhelst: SReview kubernetes update [Planet Debian]

About a week and a half ago, I mentioned that I'd been working on making SReview, my AGPLv3 video review and transcode system work from inside a Kubernetes cluster. I noted at the time that while I'd made it work inside minikube, it couldn't actually be run from within a real Kubernetes cluster yet, mostly because I misunderstood how Kubernetes works, and assumed you could just mount the same Kubernetes volume from multiple pods, and share data that way (answer: no you can't).

The way to fix that is to share the data not through volumes, but through something else. That would require that the individual job containers download and upload files somehow.

I had a look at how the Net::Amazon::S3 perl module works (answer: it's very simple really) and whether it would be doable to add a transparent file access layer to SReview which would access files either on the local file system, or an S3 service (answer: yes).

So, as of yesterday or so, SReview supports interfacing with an S3 service (only tested with MinIO for now) rather than "just" files on the local file system. As part of that, I also updated the code so it would not re-scan all files every time the sreview-detect job for detecting new files runs, but only when the "last changed" time (or mtime for local file system access) has changed -- otherwise it would download far too many files every time.

This turned out to be a lot easier than I anticipated, and I have now successfully managed, using MinIO, to run a full run of a review cycle inside Kubernetes, without using any volumes except for the "ReadWriteOnce" ones backing the database and MinIO containers.

Additionally, my kubernetes configuration files are now split up a bit (so you can apply the things that make sense for your configuration somewhat more easily), and are (somewhat) tested.

If you want to try out SReview and you've already got Kubernetes up and running, this may be for you! Please give it a try and don't forget to send some feedback my way.


Hey, Kickstarter Sketches [Skin Horse]

Shaenon: More sketches for Kickstarter backers. Tigerlily and Dr. Lee were the most popular requests this time around.

Channing: Gotta say, that is a very lovely-looking Tip. Well done, requestor!


[1092] Old Plans Reawakened [Twokinds]

Comic for January 25, 2020

Saturday, 25 January


Link [Scripting News]

Video of Trump dinner where he orders Lev and friends to "take out" the Ukrainian ambassador.


Joey Hess: announcing arduino-copilot [Planet Debian]

arduino-copilot, released today, makes it easy to use Haskell to program an Arduino. It's a FRP style system, and uses the Copilot DSL to generate embedded C code.

gotta blink before you can run

To make your arduino blink its LED, you only need 4 lines of Haskell:

import Copilot.Arduino
main = arduino $ do
    led =: blinking
    delay =: constant 100

Running that Haskell program generates an Arduino sketch in an .ino file, which can be loaded into the Arduino IDE and uploaded to the Arduino the same as any other sketch. It's also easy to use things like Arduino-Makefile to build and upload sketches generated by arduino-copilot.

shoulders of giants

Copilot is quite an impressive embedding of C in Haskell. It was developed for NASA by Galois and is intended for safety-critical applications. So it's neat to be able to repurpose it into hobbyist microcontrollers. (I do hope to get more type safety added to Copilot though, currently it seems rather easy to confuse eg miles with kilometers when using it.)

I'm not the first person to use Copilot to program an Arduino. Anthony Cowley showed how to do it in Abstractions for the Functional Roboticist back in 2013. But he had to write a skeleton of C code around the C generated by Copilot. Amoung other features, arduino-copilot automates generating that C skeleton. So you don't need to remember to enable GPIO pin 13 for output in the setup function; arduino-copilot sees you're using the LED and does that for you.

frp-arduino was a big inspiration too, especially how easy it makes it to generate an Arduino sketch withough writing any C. The "=:" operator in copilot-arduino is copied from it. But ftp-arduino contains its own DSL, which seems less capable than Copilot. And when I looked at using frp-arduino for some real world sensing and control, it didn't seem to be possible to integrate it with existing Arduino libraries written in C. While I've not done that with arduino-copilot yet, I did design it so it should be reasonably easy to integrate it with any Arduino library.

a more interesting example

Let's do something more interesting than flashing a LED. We'll assume pin 12 of an Arduino Uno is connected to a push button. When the button is pressed, the LED should stay lit. Otherwise, flash the LED, starting out flashing it fast, but flashing slower and slower over time, and then back to fast flashing.

{-# LANGUAGE RebindableSyntax #-}
import Copilot.Arduino.Uno

main :: IO ()
main = arduino $ do
        buttonpressed <- readfrom pin12
        led =: buttonpressed || blinking
        delay =: longer_and_longer * 2

This is starting to use features of the Copilot DSL; "buttonpressed || blinking" combines two FRP streams together, and "longer_and_longer * 2" does math on a stream. What a concise and readable implementation of this Arduino's behavior!

Finishing up the demo program is the implementation of longer_and_longer. This part is entirely in the Copilot DSL, and actually I lifted it from some Copilot example code. It gives a reasonable flavor of what it's like to construct streams in Copilot.

longer_and_longer :: Stream Int16
longer_and_longer = counter true $ counter true false `mod` 64 == 0

counter :: Stream Bool -> Stream Bool -> Stream Int16
counter inc reset = cnt
        cnt = if reset then 0 else if inc then z + 1 else z
        z = [0] ++ cnt

This whole example turns into just 63 lines of C code, which compiles to a 1248 byte binary, so there's plenty of room left for larger, more complex programs.

simulating an Arduino

One of Copilot's features is it can interpret code, without needing to run it on the target platform. So the Arduino's behavior can be simulated, without ever generating C code, right at the console!

But first, one line of code needs to be changed, to provide some button states for the simulation:

        buttonpressed <- readfrom' pin12 [False, False, False, True, True]

Now let's see what it does:

# runghc demo.hs -i 5
delay:         digitalWrite: 
(2)            (13,false)    
(4)            (13,true)     
(8)            (13,false)    
(16)           (13,true)     
(32)           (13,true)     

Which is exactly what I described it doing! To prove that it always behaves correctly, you could use copilot-theorem.

peek at C

Let's look at the C code that is generated by the first example, of blinking the LED.

This is not the generated code, but a representation of how the C compiler sees it, after constant folding, and some very basic optimisation. This compiles to the same binary as the generated code.

void setup() {
      pinMode(13, OUTPUT);
void loop(void) {
      digitalWrite(13, s0[s0_idx]);
      s0_idx = (++s0_idx) % 2;

If you compare this with hand-written C code to do the same thing, this is pretty much optimal!

Looking at the C code generated for the more complex example above, you'll see few unnecessary double computations. That's all I've found to complain about with the generated code. And no matter what you do, Copilot will always generate code that runs in constant space, and constant time.

Development of arduino-copilot was sponsored by Trenton Cronholm and Jake Vosloo on Patreon.


Andy's voicemailcast [Scripting News]

Andy Sylvester, a longtime user of my stuff, recorded a voicemailcast. He did an outline too. My comments follow.

Andy, thanks for the voicemailcast. We've only met once face to face that I know of, and that was in a noisy place (in Portland), and there were a lot of other people there.

This voicemailcast multiplied my understanding of who you are.

Anyway, it is hard to collaborate with me on the actual code, because of the way I work, and that's not likely to change any time soon. Also coding has not been the limiting factor for a long time. It's how to attract writers and thinkers in all fields. I have a massive body of working code. As I said in the podcast, from this point it's about selecting bits to integrate into the current writing environment. With LO2, people will be using the same blogging environment I use. So we can evolve together.

  • BTW, I used for a few years, it's what I switched from in 2017 when I decided to go back to the way I blogged before Twitter, Facebook, RSS, etc.

Also if Wordpress works for you, that's great. It just isn't fluid enough for me. And btw, Doc has shown me how to make the outliner even more fluid. I haven't implemented his request yet, but now I see how much it would help. More on that later.

There are ways to collaborate. For example, Andrew Shell has been developing and managing the rssCloud server functionality. Perfect because we have a well-defined API for how our software interacts. He tells me he's doing a new release. So helping him might be an option, if he needs help.

But here's my number one request of the world -- what I want most that other people could create, is a Linux version of Frontier. I am in a precarious place on the Mac. The version of Frontier that I use as a code-writing and devops tool does not run on the latest Mac OS. We knew this was coming. I bought a super hot iMac Pro just before their OS switch, so I'm good as long as this machine continues to run, and the backup machines I have which are older continue to run. But I'm three hardware failures away from having no way forward. That's not good.

And Linux is great. All my servers run Ubuntu now, all my server code is in Node.js. Imagine how smooth it would be to have my development environment run there too. Lots of synergies, and safety. Ted Howard is the main guy on that stuff. Without his work I would have lost use of Frontier a long time ago. BTW this is a project I personally would put money into. You talk about the economics of software, there is a new bit of info on the economics.

Also next time you do a voicemailcast please send me a link via email. I almost didn't see this, and that would have been a shame. 😄


Stripping of nationality [Richard Stallman's Political Notes]

Australia has stripped a woman (perhaps a supporter of PISSI) in Syria of her Australian citizenship.

The Australian government backdated the penalty so that her last two children, born in Syria, will not be Australian citizens either. They are, apparently, stateless.

Falling birth rate [Richard Stallman's Political Notes]

China's birth rate continues to fall. This will be inconvenient in the next few decades, then tremendously beneficial in the long term for China's land, water and air, and may enable the smaller number of Chinese to escape with less damage through a smaller global disaster.

AirBnB sexual ban [Richard Stallman's Political Notes]

AirBnB is canceling customers' accounts for engaging in certain kinds of sexual activities not carried out in an AirBnB room.

This is a little taste of the developing US social credit system. We must protect anonymity.

Buying squatted home [Richard Stallman's Political Notes]

California's governor intervened so that the homeless mothers (with their families) who squatted in a house in Oakland will be allowed to buy it.

Fixing one instance of bullying by a company is nice, but what we really need is to prevent such situations from arising again.

Useless gas projects [Richard Stallman's Political Notes]

*The European Union risks wasting €29bn of taxpayers’ money … in gas projects which will be unnecessary under Europe's climate action plans.*

I wish this were nothing worse than a waste of money.

Guantanamo effects [Richard Stallman's Political Notes]

Operating the Guantanamo prison has perverted the US military and legal system in ways that have spread beyond Guantanamo.

You may enjoy my song parody, Guantanamero.

The skill of listening [Richard Stallman's Political Notes]

On learning the skill of listening.

The article advertises a book. If you want to buy it, please defend the right of anonymity by buying it anonymously with cash.

Indigenous controlled burns [Richard Stallman's Political Notes]

Indigenous Australians propose to use their traditional fire management technique — small controlled burns — to prevent large fires. The problem is that global heating effects make that harder to do.

Before English colonization, the aboriginals kept forests much thinner using fire. It was easy to walk through the forests in those days, with spaces between trees and little underbrush.

Country can't refuse pipeline [Richard Stallman's Political Notes]

Canada's Supreme Court ruled that the province of British Columbia cannot block the Trans Mountain planet-roaster pipeline. Canada agreed to a business-supremacy treaty with China that requires building the Unkinder Morgan pipeline. The penalty for not doing so could be even more billions than the cost of building the pipeline, and the government might pay it secretly.


Link [Scripting News]

The Dems should embrace the Repubs-with-heads-on-spike meme. They would be doing the Repubs a favor actually because even if they deny it, we know that some of their heads will be on spikes before long. Let's debate that on CNN.


Vincent Bernat: ThinkPad X1 Carbon 2014: 5 years later [Planet Debian]

I have recently replaced my ThinkPad X1 Carbon 2014 (second generation). I have kept it for more than five years, using it every day and carrying it everywhere. The expected lifetime of a laptop is always an unknown. Let me share my feedback.

ThinkPad X1 Carbon with the lid closed
ThinkPad X1 Carbon 20A7 with its lid closed

My configuration embeds an Intel vPro Core i7-4600U, 8 Gib of RAM, a 256 Gib SATA SSD, a matte WQHD display and a WWAN LTE card. I got it in June 2014. It has spent these years running Debian Sid, starting from Linux 3.14 to Linux 5.4.

Inside the X1 Carbon
The inside is still quite dust-free! In the bottom left, there is the Intel WLAN card, the Sierra WWAN card as well as the SSD.

This generation of ThinkPad X1 Carbon has been subject to a variety of experiences around the keyboard. We are still hunting the culprits. The layout is totally messed up, with many keys displaced.1 I have remapped most of them. It also lacks physical function keys: they have been replaced by a non-customizable touch bar. I do not like it due to absence of tactile feedback and it is quite easy to hit a key by mistake. I would recommend to not buy this generation as a second-hand device because of this.

ThinkPad X1 Carbon keyboard with an odd layout and a touch bar
The keyboard layout is madening: check the “Home”, “End”, “Esc” and “Backspace” keys. The backquote key is between “AltGr” and right “Ctrl” while it should be where the “Esc” is. The touch bar is not very usable and shows significant signs of wear.

The screen is a WQHD display 2560x1440 (210 DPI). In 2014, Linux HiDPI support was in its infancy. This has not changed that much for X11 and the 1.5× factor is still a challenge: fonts can be scaled correctly, but many applications won’t adapt their interfaces. However, my most used applications are a terminal, Emacs, and Firefox. They handle this fractional factor without issue. As the power usage of a 4K display is significantly higher, in my opinion, a WQHD screen still is the perfect balance for a laptop: you get crisp texts while keeping power usage low.

After two or three years, white spots have started appearing on the screen. They are noticeable when displaying an uniform color. This seems a common problem due to pressure when the laptop sits closed in a bag. Most of the time, I don’t pay attention to this defect. Lenovo did not really acknowledge this issue but agrees to replace the screen under warranty.

ThinkPad X1 Carbon screen with a regular image on left and blank background on right
After several years, the screen exhibits several white spots. The effect is not as strong when sitting just in front and hardly noticeable when not displaying a solid color.

The battery was replaced three years ago as a precautionary measure. I am still able to get around four hours from it despite its wear—65% of its design capacity. During the years, Linux became more power-efficient. At the beginning, powertop was reporting around 10 W of power usage when the screen brightness is at 20%, with Emacs, Firefox and a few terminals running. With a 5.4 kernel, I now get around 7 W in the same conditions.

The laptop contains a Sierra Wireless EM7345 4G LTE WWAN card. It is supported by Modem Manager when operating as a MBIM device. In the early days, the card dropped the network every 20 minutes. A firmware upgrade solved this reliability issue. This is not an easy task as you need to find the right firmware for your card and the right tool to flash it. At the time, I was only able to do that with Windows. I don’t recommend using a WWAN card anymore. They are black boxes with unreliable firmwares. I had the same kind of issues with the Qualcomm Gobi 2000 WWAN card present in my previous ThinkPad laptop. Lenovo switched from Sierra to Fibocom for the recent generations of ThinkPad and they are even more difficult to use with Linux, despite being manufactured by Intel. It is less trouble using a phone as a wireless hotspot.

At work, I was plugging the laptop to a dock, a ThinkPad OneLink Pro Dock. The proprietary connector for the dock combines power, USB3 and DisplayPort. The dock features both a DisplayPort and a DVI-I connector and acts as an MST hub. The support of such a configuration was pretty recent in Linux since it has been added in version 3.17 (October 2014). Along the years, I didn’t run into much trouble with this dock.

Rear face of the ThinkPad OneLink Pro Dock
Here is the rear face of the ThinkPad OneLink Pro Dock, featuring two USB3 ports, two USB2 ports, one Ethernet port, one DisplayPort and a DVI-I connector. The front face features two USB3 ports and an audio jack.

In summary, after five years of daily use, the laptop is still in good working condition. Only the screen and the touch bar show major signs of wear. Therefore, Lenovo keeps my trust for building durable and reliable laptops. I have replaced it with another ThinkPad X1 Carbon.

  1. The Swiss German layout may not help, but I didn’t care much about what is written on the keycaps. ↩︎


Link [Scripting News]

Republican senators should watch this scene from Game of Thrones. You see that guy Joffrey, the guy talking about "putting a son" in the attractive woman -- he's a lot like your leader (except he has nice hair). Wait for the punchline. You're going to love it!

Link [Scripting News]

My mother was a beauty. Always I had the most beautiful mother in school. The other kids said that. I was proud. She married a man, my father, who was not beautiful. I found myself wishing the other day that she had married a beautiful man, then I would be as beautiful as she was. But then I thought, then, I would not be me. Or would I? I have no idea. I'm going to try to get some work done now.


Cheating term-paper-for-pay businesses recruited customers through subsidized on-campus parties [Cory Doctorow – Boing Boing]

Companies like Edubirdie offer platforms for academic cheating, connecting freelance essay-writers with desperate students who pay hundreds of dollars to have their academic papers ghostwritten for them. Edubirdie has recruited customers with on-campus "epic parties" which offered organizers $250, along with branded cups and a standee with the company's mascot, in exchange for posting five or more photos of students posed with the standee and hashtagged with #EduBirdieParty. The organizer whose party that received the most attention would get $3,000 and a 2-hour DJ set.

It's just one of the many techniques used by the cheating platforms to drum up business, including running deceptive "study groups": a recruiter posing as a student will post notices offering a "study group" for people struggling with an assignment, and when students call in to join, they're given a hard-sell to pay for ghostwritten essays.

Some students are offered major discounts on cheating services in exchange for providing a photo or screenshot of their class email lists.

One former ghostwriter who spoke to Ed Surge says that the majority of his customers were not spoiled rich kids (he says these were 15% of his business), but rather struggling students, especially adults who had returned to university, or foreign students with poor English language skills.

Edubirdie claims it doesn't facilitate cheating, but the testimonials on its site come from customers who describe how cheating with Edubirdie freelancers saved their grades.

Morgan, the spokesperson for EduBirdie, says the company no longer sponsors parties, but she defended the practice. “We sponsored a few parties in the past, but have moved on to focus on other efforts,” she says. “We do not believe that this is an aggressive service. There is no requirement for students to use the platform, but instead gives students an opportunity to have fun while they are young and in college, while merely educating them about EduBirdie’s services, which can be helpful in proofreading especially during busy seasons like midterms and finals.”

Just last year the company posted a job ad for an employee who would be in charge of social-media outreach and for hosting events at colleges to raise awareness of the essay-writing service. The job title was “Glory Days Conservation Specialist,” and the ad apparently sought someone who wanted to relive their party days of college in a full-time job, according to an article in CNBC.

How the ‘Contract Cheating’ Industry Has Gotten More Aggressive in Recruiting Students [Jeffrey R Young/Ed Surge]

(Thanks, Jeff!)

(Image: Edubirdie)


Link [Scripting News]

Here's what my day's been like so far. Woke up at 9:30AM. Made some breakfast, turned on WNYC on my Alexa. Listened to their summary of the previous days' impeachment speeches, no mention of Pikes and how angry Republican senators were (thanks for that), then at 10AM they started broadcasting the speech by the White House counsel (who, I thought was supposed to represent the office of the president, not the president in person, but what of it) and he started into the lying and deception. I couldn't handle it. Told Alexa to stop. Finished my orange juice and skipped the coffee and went upstairs and back to bed. Woke up at about 1PM. Guess I needed the sleep. Would you believe it's raining in January. I moved my car out of the carport and into the rain, it could use a wash, totally mud-covered. I feel depressed. I think we're over the edge again, about to free-fall into another worst thing in the world. God please help America. Your devoted servant, Admiral Davey.


The cum-ex scam stole $60b from European tax authorities: it's monumentally boring, complicated, and very, very important [Cory Doctorow – Boing Boing]

Cum-ex (previously) is a technical, boring financial engineering technique that lets fraudsters file multiple tax-refund claims for the same stock transactions (they called it "dividend arbitrage"); from 2006-2011, the EU's largest, most respectable banks, law firms, and investors used the scam to steal $60,000,000,000.

Cum-ex is the kind of scam that the finance sector excels at: a socially useless financial engineering marvel that makes staggeringly rich people much richer, protected by a thicket of dull, deliberately complexified terminology and tactics that exist solely to obfuscate the obvious fraud underway.

A few bankers have gone on trial for criminal fraud for their role in cum-ex, but so far most of the perpetrators have gotten away with it, keeping the money (one trader, Sanjay Shah, relocated from London to Dubai and bought a $1.3m yacht he calls the Cum-Ex).

But German prosecutors have embarked on an aggressive program of prosecutions for everyone who profited from cum-ex, including the prominent lawyers who wrote legal opinions arguing that cum-ex was legal. They are launching 400 prosecutions stemming from 56 investigations. Among those is Hanno Berger, a former German state tax auditor who switched sides and became a key player in the theft.

Berger is a revered European finance law scholar, and his work was key to conferring a halo of lawfulness to the otherwise obvious scam. In private, Berger was more frank. One of the lawyers who worked with him says that he told the lawyers he supervised that they should quit if they didn't have the stomach for raiding the German state's coffers: "Whoever has a problem with the fact that because of our work there are fewer kindergartens being built, here’s the door."

The masterminds of the scam have roots in New York finance, but their perpetrated their crimes in the EU, where they believed that regulators would be less diligent and also less vengeful, should they get caught out.

The worst of the cum-ex raids took place immediately after the 2008 crash, when the same institutions that were stealing billions from national treasuries were also relying on those treasuries for massive bailouts that kept them from going bankrupt.

The lawyers who backed these firms threatened tax-inspectors who flagged their transactions: one clerk in the Bonn Federal Tax Office was threatened with "criminal, disciplinary and liability law" if she pursued her complaint.

Many of the banks that participated are now out of business, others are cooperating with authorities.

“Anyone who stood in the way of this trade was swept aside, and those who enabled it were promoted,” the whistle-blower said in a follow-up phone call. “But it was widely regarded as insanity inside the bank for it to be extracting money from sovereign treasuries, particularly after the entire sector had been supported by the public purse.”

American banks conducted their cum-ex trades overseas, rather than at home, out of fear, the whistle-blower said. Specifically, he mentioned a 2008 Senate investigation into “dividend tax abuse” that found it was depriving the Treasury of $100 billion every year. The report led to a ban on dividend arbitrage tied to stock in United States corporations.

But nothing prevented American bankers from conducting such trades with foreign companies on foreign soil.

It May Be the Biggest Tax Heist Ever. And Europe Wants Justice. [David Segal/New York Times]

(Image: Adam Smith, CC BY-SA)

Chicago PD's predictive policing tool has been shut down after 8 years of catastrophically bad results [Cory Doctorow – Boing Boing]

In 2012, Chicago PD collaborated with the RAND Corporation and the Illinois Institute of Technology to automatically generate "risk scores" for people they arrested, which were supposed to predict the likelihood that the person would be a "party to violence" in the future (this program was called "TRAP" -- Targeted Repeat-Offender Apprehension Program" -- seemingly without a shred of irony). Now, that program has been shut down, and the City of Chicago's Office of the Inspector General has published a damning report on its eight-year reign, revealing the ways in which the program discriminated against the people ensnared in it, without reducing violent crime.

Jail abolition lawyer Shakeer Rahman has published an excellent Twitter thread going through the report's highlights. A few of the points he makes:

* People who were assigned high risk scores by TRAP were subjected to "enhanced prosecutions"

* Routine traffic stops and other activities that pose a high risk for racial profiling were pretenses for generating TRAP scores

* Your TRAP score went up even if were acquitted or had your case dismissed (Rahman: "In other words, police run arrest people on racist/arbitrary whims, and then those arrests become 'data' showing you should be targeted again")

* Cops could access TRAP scores at will, and routinely violated the rules about sharing these scores outside of policing/criminal justice contexts

(via Naked Capitalism)

The answer to the Clearview AI scandal is better privacy laws, not anti-scraping laws [Cory Doctorow – Boing Boing]

Clearview AI (previously) is a grifty facial recognition company that sells untested, secretive tools to police departments, claiming that they can identify people from security camera footage by matching the pictures those scraped from big social media sites.

It turns out -- unsurprisingly -- that Clearview's marketing copy is not a reliable source of impartial evidence about the quality of its products, and neither are the testimonials of the cops who urged their bosses to buy Clearview products.

Nevertheless, Clearview is a creepy, grifty, privacy-invading toolsmith serving authoritarians, getting rich by covertly supplying its overhyped tools, and, unsurprisingly, lots of people (including me) want structural changes to make Clearview cut it out and prevent future Clearviews from emerging.

However, the remedy that's favored by the Big Tech monopolists that Clearview used for raw materials is to ban scraping, something that Big Tech has been aggressively seeking to criminalize. The problems with this is that scraping bans represent the best hope monopolists have for maintaining their monopolies: if it's against the law to extract your own data from a Facebook walled garden, then Facebook doesn't need to fear that a competitor will create a tool that will let you stay in touch with your Facebook friends without using Facebook (by logging into Facebook as you, scraping your waiting messages, and letting you reply without touching Facebook yourself).

The Computer Fraud and Abuse Act -- a federal hacking statute from 1986! -- is the preferred tool for blocking scraping (it's the law that was used to threaten Aaron Swartz with a long prison sentence after he wrote a tool that mass-downloaded scientific articles he was entitled to read from MIT's network). It's a dumpster fire of a law, passed in a moral panic engendered by the 1984 Matthew Broderick movie Wargames (I'm not making this up!), which has grown more dangerous and less relevant with every year since.

If we want to protect privacy, we should pass a federal privacy law -- something Big Tech has fought tooth and nail -- that regulates what you do with scraped data, without criminalizing an activity that is key to competition, user empowerment, academic and security research.

The CFFA is one of few options available to companies who want to stop scrapers, which is part of the problem. “It’s a 1986, pre-internet statute,” says WIlliams. “If that’s the best we can do to protect our privacy with these very complicated, very modern problems, then I think we’re screwed.”

Civil liberties groups and technology companies both have been calling for a federal law that would establish Americans’ right to privacy in the digital era. Clearview, and companies like it, make the matter that much more urgent. “We need a comprehensive privacy statute that covers biometric data,” says Williams.

Right now, there’s only a patchwork of state regulations that potentially provide those kinds of protections. The California Consumer Privacy Act, which went into effect this month, gives state residents the right to ask companies like Clearview to delete data it collects about them. Other regulations, like the Illinois Biometric Information Privacy Act, require corporations to obtain consent before collecting biometric data, including faces. A class action lawsuit filed earlier this week accuses Clearview of violating that law. Texas and Washington have similar regulations on the books, but don’t allow for private lawsuits; California’s law also doesn’t allow for private right of action.

Scraping the Web Is a Powerful Tool. Clearview AI Abused It [Louise Matsakis/Wired]

(Image: MGM/UA)

I reviewed William Gibson's novel "Agency" for today's LA Times [Cory Doctorow – Boing Boing]

My latest LA Times review is for William Gibson's new novel Agency, sequel to his outstanding 2014 novel "The Peripheral," which marked his return to explicitly futuristic science fiction after his amazing and audacious "Pattern Recognition" novels, which treated the recent past as though it was a speculative future setting.

"Agency" returns to the world of "The Peripheral," in which far future plutocrats reach back into the past using a mysterious network technology to create alternate universes that they toy with in sadistic and violent ways -- in this case, it's an alternate version of our present day, in which Trump lost the 2016 election, but in which the world is now hovering on the brink of nuclear apocalypse.

The McGuffin of "Agency" is an AI that the good guys from the future set free to use as their point-person in saving the world, which is basically a mirror image of the plot of 1984's "Neuromancer," Gibson's first novel.

I loved this book so very, very much -- read my LAT piece for more.

Writers who manage big, showy debuts are often one-trick ponies, but Gibson has an inexhaustible supply of tricks, new stories and new ways of telling them that make him the most consistent predictor of our present, contextualizer of our pasts and presager of our possible futures.

Review: William Gibson's time-twisting 'Agency' imagines a Trump-less present [Cory Doctorow/LA Times]


Today in GPF History for Saturday, January 25, 2020 [General Protection Fault: The Comic Strip]

Being on friendly terms with a group of spies can be a mixed blessing...


Awareness vs. experience [Seth's Blog]

We are more aware than ever before. More aware of victims of violence, or a natural disaster. More aware of insane wealth or grinding poverty. It gets beamed to us, regularly.

We’re even more often exposed to social hijinks, sports stars or business moguls.

We’re aware that people run a marathon, or fast for a week. That they start a business or meditate every day. They know how to code, or to take pictures.

But there’s a difference between hearing about it and experiencing it.

There’s no excuse for being uninformed. But when it matters, there’s also no good reason for being inexperienced.

There’s often a piece of glass between us and the world as it’s delivered to us. That glass magnifies awareness, but it doesn’t have the same impact as experience does. It can’t.

Our awareness has been stretched wider than ever in history, but often at the cost of taking away a lifetime of experiences.


Dirk Eddelbuettel: RcppArmadillo 0.9.800.4.0 [Planet Debian]

armadillo image

Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 680 other packages on CRAN.

A second small Armadillo bugfix upstream update 9.800.4 came out yesterday for the 9.800.* series, following a similar bugfix release 9.800.3 in December. This time just one file was changed (see below).

Changes in RcppArmadillo version 0.9.800.4.0 (2020-20-24)

  • Upgraded to Armadillo release 9.800.4 (Horizon Scraper)

    • fixes for incorrect type promotion in normpdf()

Courtesy of CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


Google acknowledges the controversial redesign of its search results on desktop [OSnews]

A couple of weeks back, Google redesigned the search results for its desktop website. According to the firm, the new layout was meant to mimic the ordering of search results on the mobile version of the website. Most significantly, the changes allowed the inclusion of favicons next to display results and the removal of color overlays. This meant that advertisements and traditional search results were displayed inline with little to distinguish between the two. And now Google is backpedaling. As a DDG user, this thing kind of passed me by, but upon checking Google, I have to say I agree that this feels so off. You’d think adding favicons to search results wouldn’t make a big difference, but it really does – and not for the better.

Phoenix: a lightweight macOS window and app manager scriptable with JavaScript [OSnews]

A lightweight macOS window and app manager scriptable with JavaScript. You can also easily use languages which compile to JavaScript such as CoffeeScript. Phoenix aims for efficiency and a very small footprint. If you like the idea of scripting your own window or app management toolkit with JavaScript, Phoenix is probably going to give you the things you want. With Phoenix you can bind keyboard shortcuts and system events, and use these to interact with macOS. Pretty cool.


Norbert Preining: Let’s Encrypt on Debian/Buster: switching from acmetool to certbot [Planet Debian]

I have been using acmetool on my Buster server for quite some time. When choosing a client I liked that it is written in Go, that it is small and not overboarding with features, thus I had decided against Certbot and in favor of acmetool. Unfortunately, times are changing and the Let’s Encrypt v1 protocol will be discontinued in June 2020, and in preparation for this I have switched to certbot.

Certbot is somehow the default choice, proposed by Let’s Encrypt and developed by the Electronic Frontier Foundation (EFF). Acmetool is a personal project. Both program versions are quite old in Buster (acmetool 0.0.62-3+b11 and certbot0.31.0-1), while the latest releases are 0.0.67 and 1.1.0 (though I have to say that there are no functional changes in the acmetool releases). Acmetool has a beta version supporting the v2 protocol, but I wasn’t convinced I want to try that out.

So I turned to certbot, and first of all did update the packaging of python3-acme and certbot in Debian to the latest released version 1.1.0. These package can be installed on Debian Buster, testing, and sid:

deb buster main
deb-src buster main

My git updates are available at github: acme-debian and certbot-debian, based on the official (but outdated and broken due to missing pushes in the pristine-tar branch) repositories on Salsa.

The new protocol version of Let’s Encrypt also support wildcard certificates, so I thought I opt for that, but DNS authentication is necessary for that, so I needed a plugin for my DNS registrar, which is Gandi. Fortunately, there is a third-party plugin certbot-plugin-gandi that can do that trick. After installing the package with

pip3 install certbot-plugin-gandi

as root, and saving the API key into /etc/letsencrypt/gandi.ini, a call to

certbot certonly --certbot-plugin-gandi:dns-credential /etc/letsencrypt/gandi.ini -d,*

gave new certificates in /etc/letsencrypt/live/

What remained is updating the location of keys and certificates in all the domains hosted here, as well as the certificate for the imap server. All in all very painless and quick. Finally, a purge of acmetool package and removing the according cron job finalized the switch. The certbot package already installs a systemd timer and cron job (which is not run if systemd is used) so updates should be automatized.


Several things felt a bit painful with the switch to certbot:

  • The version in Debian/Buster and sid is too old, and I am not sure whether it would work with the external plugin for gandi. Furthermore, with items like certificates I prefer latest versions incorporating fixes.
  • Certbot itself has the problem that one cannot configure external plugins in the configuration file cli.ini, see here and here. As seen above, the configuration needs colons in the keys (certbot-plugin-gandi:dns-credential) but colons are not allowed in keys in the used Python module for config file reading. This is known since 1.5 years (or longer) and unfortunately no progress.
  • Certbot development seems to be stuck or frozen with respect to external plugin support: About a year ago there was the announcement that the inclusion of plugins will be frozen to clarify the interface etc, but since then no changes.

I can only hope that over time the issues with such an important piece of software will be resolved positively, and I a looking forward to see updates to certbot and friends in Debian.


Warner claims ownership over the numbers 36 and 50, and demonetizes Youtube videos that incorporate them [Cory Doctorow – Boing Boing]

Warner subsidiary Otter Media has a division called Fullscreen ("a social content company for talent and brands") that has been demonetizing Youtubers' videos that use the numbers 36 and 50 (and possibly other numbers, for all we know), claiming that their use of these integers is a copyright violation. Doing so allows Warner to steal the money that these Youtubers' videos would otherwise earn.

Youtube operates a filter called Content ID that allows rightsholders to automatically claim control over user-created videos that contain materials that are the rightsholders' copyrighted works. This system has no checks and balances and virtually no penalties for abuse, and users who complain can attract "copystrikes" -- three of these, and you lose your account and your videos, permanently, with no appeal.

Filter systems like Content ID are now mandatory for all types of online communications services in the EU thanks to last year's Copyright Directive, and, unfortunately, European lawmakers deliberately chose not to including protections from this kind of bad-faith censorship and theft, despite repeated warnings.

AnneMunition hit with bizarre copyright strike for using random numbers [Andrew Amos/Dexerto]

(via Techdirt)

Friday, 24 January


Librem 5 phone hands-on: open source phone shows the cost of being different [OSnews]

I wonder about the approach Purism took with the Librem 5. The company chose to do everything all at once by building a new smartphone OS and a new hardware supply chain. For a customer receiving a Librem 5 today, you’re getting an unfinished operating system and rough, gen-one open source hardware. That’s a bunch of compromises to accept for $750. A more reserved approach would have been to build an open source GNU/Linux-based OS on closed source hardware first and then make the difficult jump to custom hardware when the OS was in a more complete state. The Librem 5 is a tough sell, even for people who value the open source nature of the device. That’s simply too much money for such an outdated, unfinished device.


Friday Squid Blogging: More on the Giant Squid's DNA [Schneier on Security]

Following on from last week's post, here's more information on sequencing the DNA of the giant squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.


Librem 5 phone hands-on—Open source phone shows the cost of being different (Ars Technica) []

Ars Technica reviews the Purism Librem 5 smartphone, which is made from open-source software and (mostly) open hardware. It is clearly not there yet as a replacement for the phone in our pockets, but it would seem to be on the right path. "The thing to keep in mind here is that Purism has taken on an absolutely gargantuan task. It somehow scraped together a new supply chain of mostly open source components, it came up with a smartphone design from scratch, and it is building its own smartphone distribution of Linux. Two years is not enough time to do this. The OS and app package is not nearly finished, and it lacks basic smartphone functionality. The hardware is nearly finished, but you'll have a hard time taking advantage of it right now since the power management isn't really implemented, and support for things like the cameras are non-existent. If you really want open source smartphones to be a thing, though, this is where you need to start. The Librem 5 is a proof of concept."


In Defense of Books [Nina Paley]

A year or two ago my friend Brewster Kahle told me he had been asking people, “when is the last time you read a book? Cover to cover?” Predictably, the answers were discouraging. In the age of the Internet, people still talk about books, praise books, and condemn books; but actually reading books is rare.

When I first heard of feminist author Andrea Dworkin, in the early 1990’s, I was told she said all heterosexual sex is rape. In popular discourse, “het sex is rape” was considered the gist of her work.

Well, I could easily form an opinion about that, and I did. Of course all heterosexual sex isn’t rape! What a dumb idea. I didn’t have to read any books to know that! So I didn’t.

It was a few decades before I finally read Dworkin’s Intercourse. I had been reading endless condemnations of “TERF”s – “Trans-Exclusionary Radical Feminists” – online, and was constantly admonished to “educate myself” because I had asserted that transwomen are male. Since I had spent my 20’s and 30’s immersed in San Francisco Sex-Positive and Kink and LGBT culture, and therefore had known many transwomen (including a few lovers), I wondered where my education was lacking. I was well versed in Queer Theory, but I realized then I had never actually read one of these “radical feminists.”

And so I learned Dworkin never wrote “all heterosexual intercourse is rape.” Her thoughts about sex were a lot more nuanced. I was surprised by how passionately and sensitively she wrote about it; clearly she was heterosexual, in spite of (or along with) declaring herself a Political Lesbian in her activist years. I was also persuaded by many of her other radical feminist ideas. Dworkin had been unfairly maligned, and because I fell for it, I had missed out.


I am part of the moderation team of Spinster, a woman-centered, radical-feminist-leaning social media platform founded half a year ago, in August 2019. A few weeks after our small team had formed, one of the moderators started denouncing Lesbian Feminist author Sheila Jeffreys, and publicly wishing her harm. She explained it was because Jeffreys advocated Political Lesbianism. A young lesbian, this mod considered Political Lesbianism lesbophobic, homophobic, and dangerous. As far as she was concerned, Jeffreys said sexual orientation is a choice, making her no different from fundamentalist Christians and conversion therapy advocates.

Well, I could easily form an opinion about that, and I did. Of course sexual orientation isn’t a choice! What a dumb idea. I didn’t have to read any books to know that!

Over the next couple days, the young moderator accused Spinster’s founders, other mods, and many of its members of “lesbophobia.” If one doesn’t vocally condemn Jeffreys and Political Lesbianism, the logic went, one supports it, and therefore hates lesbians. She was joined by others, and a rift formed, with some Spinster users canceling their accounts in protest.

Time has taught me to be skeptical of the condemnation of authors and their ideas, so it was only a few weeks before I read Jeffrey’s The Lesbian Heresy. Just as Dworkin never said all het sex is rape, Jeffreys never said sexual orientation is a choice. I was especially surprised – and moved – that so much of The Lesbian Heresy was about the very same Sex-Positive and Kink and LGBT worlds I had been immersed in in my youth. Jeffreys helped me piece together events of the 1980’s and 90’s I had never connected; connections that help explain the condemnation of Andrea Dworkin, the replacement of Radical Feminism with Liberal Feminism, the academic acceptance and promotion of porn, and the near extinction of Lesbian Feminism.

That left me with a different understanding of Political Lesbianism and the movement from whence it arose, Lesbian Feminism. I could not in good faith condemn it. I recommended The Lesbian Heresy on Spinster, where arguments about Political Lesbianism rage on. As far as I know, no one condemning it has actually read The Lesbian Heresy; and by the logic of Social Media, or social groups in general, they don’t have to, because the issue has already been summarized for them as Political Lesbianism = Sexual Orientation Is A Choice = Homophobia.

The fact that I had read and was recommending a book angered some women even more. “Oh she read a book and now she’s straightsplaining lesbianism to lesbians!” I was surprised to be resented for reading, and wanting to discuss, a Lesbian Feminist book. I am surprised that Sheila Jeffreys, as lesbian as any lesbian who ever lesbianed, and an excellent writer to boot, is so maligned by women who haven’t actually read her words.

I am open to nuanced arguments, but those don’t happen on social media. Everything gets distilled into soundbites, phrases like “born that way” and “trans women are women!” These thought-terminating memes are effective political cudgels, but anathema to understanding reality. Good books are the opposite.

There are also bad books. I recently read one called The 57 Bus, which resembles an extended Tumblr. But even it was more nuanced than online discourse. I read it for a nonfiction book group I’m part of. I found it agonizingly sexist, and it made me angry; I read it anyway, because I am a grown-up and capable of reading things I disagree with. And it wasn’t completely without merit: it discussed some important issues, in spite of being spun for exactly the white Liberal virtue-signalers my book group is largely comprised of. Reading the whole book allowed me to make reasoned arguments, and better understand the intellectual pablum that is the main diet of schools right now.

Some books are overlong. Some books contain important information, but are poorly written. We can’t read everything, certainly not every book that is recommended to us.

But perhaps we can acknowledge that Internet memes, denunciations, and simple summaries of entire books might be missing a world of nuance.

I recently recommended Lierre Keith’s book The Vegetarian Myth to a couple vegan friends, because they told me they’d never heard even one reasonable argument in favor of carnivorism. I personally don’t eat birds or mammals, and I very much appreciate vegans, and I don’t want to convert anyone; but The Vegetarian Myth makes compelling arguments, and expanded my ideas about eating, life, death, and my own motivations for eschewing meat. (The book had no effect on my dietary choices, proving that it is possible to appreciate arguments without capitulating to them.) Still, my friends refuse to read it because they are certain they already have already heard anything it could contain, plus they read a Wikipedia summary which was easy to condemn. They told me they won’t read the book, but invited me to sum it up for them in a sentence or two. I said I’d try.

But I can’t. The reason good books exist is some things can’t be summed up in a sentence. Or even a paragraph. Or even an entire blog post. 

I used to pride myself on being able to distill complex ideas into simple one-liners, an essential skill for a cartoonist. Refining messages into easily digestible memes is a crucial tool of propaganda and advertising, and I’ve employed my talents in many an ideological battle. Increasingly, though, I don’t want to do battle. I just want to have a conversation. I am lonely, I am tired, and I want to discuss the world, not argue you into compliance, or dazzle you with my clever memes.

Eh, I’m gonna go read a book.






When Computer Crimes Are Used To Silence Journalists: Why EFF Stands Against the Prosecution of Glenn Greenwald []

The Electronic Frontier Foundation (EFF) has put out a statement in support of journalist Glenn Greenwald whose "prosecution is an attempt to use computer crime law to silence an investigative reporter who exposed deep-seated government corruption". Greenwald is being charged in Brazil, where he reported on corruption within the government of that country. While the EFF said that it has seen "no actions detailed in the criminal complaint that violate Brazilian law", its main concern is the use of ill-defined "cybercrime" laws. "Around the world, cybercrime laws are notoriously hazy. This is in part because it’s challenging to write good cybercrime laws: technology evolves quickly, our language for describing certain digital actions may be imprecise, and lawmakers may not always imagine how laws will later be interpreted. And while the laws are hazy, the penalties are often severe, which makes them a dangerously big stick in the hands of prosecutors. Prosecutors can and do take advantage of this disconnection, abusing laws designed to target criminals who break into computers for extortion or theft to prosecute those engaged in harmless activities, or research—or, in this case, journalists communicating with their sources."

Jamie Dimon is a (highly selective) socialist [Cory Doctorow – Boing Boing]

Jamie Dimon (previously) is the Jpmorganchase CEO who committed a $13b mortgage fraud and whose company received $25B in TARP bailout money, $500B in low-cost federal loans, and billions more through the bailout of their insurer, AIG.

He's been talking a lot of shit about how bad socialism is for the world, but as Matt Stoller (previously) points out, Dimon is a very selective form of socialism, who wants a command economy where he does the commanding and where there is no state intervention in the market except when it benefits him.

Stoller's in excellent form in this clip and well worth watching.

(via Naked Capitalism)

(Thumbnail image: Presidencia de la República Mexicana, CC BY, modified)


Link [Scripting News]

Here's a great Bloomberg ad about Trump and the military. If the Dems had run ads like this in 2016, Trump would be a Fox News analyst today, like Sarah Palin.


New Books and ARCs, 1/24/20 [Whatever]

Friday again, and time for another eclectic stack of new book and ARCs that have come to the Scalzi Compound. What here is speaking to you as we head into the weekend? Tell us in the comments?


Link [Scripting News]

My least favorite thing is people explaining why they unsub from your feed. I don't care. I have a motto. "Don't slam the door on the way out." That way you know you really are going in peace, vs the passive-aggressive control freakery you're actually practicing. Now suppose for the sake of argument, I try to make you happy and dump every political idea I have. Great. You're happy. You feel powerful. But then someone else wants me to stop writing about tech ideas that come to me, because it makes them feel inferior because last week I posted one they didn't understand. Keep going, eventually there's nothing left here. So, I've been doing this for over 25 years. By now I've heard from every control freak on the planet. Heh probably not, but it feels that way.

Only two permanent Olympic venues [Scripting News]

We, as a world, should build one great venue for summer olympics and one for winter. Why? Mostly symbolic. To say to the world, to ourselves, decisively, that we can work together, and compromise, for the benefit of humanity and the planet.

Think about it this way, we don't build a new United Nations every four years.

Further, no more spectacular displays of carbon consumption. Those made sense 127 years ago, at the dawn of electricity tech. Now it's rubbing salt in the wound. And it makes clear that we can and will sacrifice for our survival.

Specifically, no more Christmas trees. And turn down the lights in Times Square. You can't air condition the outdoors. (In NYC amazingly, there are places that do.)

Symbolism first, change the way people think, shock people out of their sense of normalcy, then rebuild our civilization around the new low-carbon-emission ethos. You can tell your children and grandchildren that you remember a day when we built a new temporary city every two years for a two week athletic competition, and never used it again.

News Post: Record Holder [Penny Arcade]

Tycho: I’m not ready to talk about records yet.  There’s a lot I don’t understand about it, it’s not mine yet, and if I’m going to address it I need to approach that space and the topic mindfully.  But I’m definitely starting to get weird about it.  Weirder.  I mean, think about my baseline. Fanbyte had a really great article up showcasing a bunch of indie radness at PAX South, and so did USgamer.  It really did my heart good.  You would think that making something cool would be the hard part, but it doesn’t seem to be. …


Girls Inc. Charity | Humble Bundle [Humble Bundle Blog]

This month we’re on a mission to help girls. For our second month of Humble Choice, we’ve partnered with Girls

Continue reading

The post Girls Inc. Charity | Humble Bundle appeared first on Humble Bundle Blog.


Mainstream biases against progressives [Richard Stallman's Political Notes]

Seven questions expose the ways mainstream media implement their bias against progressives.

The mainstream media are big corporations owned by giant corporations. Naturally they support the policies that serve giant corporations, on the issues that those care about.

Shipment of animals [Richard Stallman's Political Notes]

Shipment of live animals between countries is dangerous for everyone — many bring infections with them.

Still emitting [Richard Stallman's Political Notes]

China ended manufacture of the greenhouse gas HFC-23, but emissions have increased despite that.

An empty world [Richard Stallman's Political Notes]

*Humans risk living in an empty world, warns UN biodiversity chief.*

I think that is an exaggeration. Surely some weeds and cockroaches will survive.

Secure exploitation [Richard Stallman's Political Notes]

The Tory victory is rapidly increasing the price of housing. Rich people now feel secure that they will be able to exploit the poor with high rents.

Sad poisoners [Richard Stallman's Political Notes]

Scientists at the Environmental Poisoning Agency say that the Republican officials at the top have excluded them from the process of developing new rules to facilitate poisoning the US.

I wish that statement were satire, but it is true.

Object rights [Richard Stallman's Political Notes]

Many museums are changing to expose children to new kinds of joy via learning and exploring,

However, I am not taken with the child's idea that "objects have rights"; it seems to be an instance of the childish mistake of personifying everything.

Objects cannot have rights because they are unable to exercise any rights. To do that requires feelings, wishes, preferences, and a way to express them. If we can ever make objects which have those faculties, such as are familiar in science fiction, they might deserve to be considered persons — but they don't exist now.

This is an instance of a gratuitous conceptual rigidity, according to which the only way to conclude that a non-person ought to be protected somehow is to say it has rights. Thus, we can't simply protect a river from pollution, we would have to say the river "has rights."

Experience shows that laws against polluting rivers will do the job, given political will to uphold them. Absent that will, defining that protection as "rights of rivers" won't help much; governments that don't value justice often allow the rights of human beings to be trampled.

Facial recognition for everyone [Richard Stallman's Political Notes]

A company plans to track people on streets all around the world by facial recognition.

The article mentions secondary ways this could be used to oppress and mistreat people, by stalkers and foreign governments. It tiptoes around the biggest threats: that companies and your own government could do this.

My recommendations would make this system's operation illegal.

Tech Sovereignty [Richard Stallman's Political Notes]

DiEM25 members are voting on a proposal regarding "Tech Sovereignty".

The proposal is inadequate because it fails to tackle the crucial issues: moving government agencies to free software and stopping the collection of data.


[$] The rapid growth of io_uring []

One year ago, the io_uring subsystem did not exist in the mainline kernel; it showed up in the 5.1 release in May 2019. At its core, io_uring is a mechanism for performing asynchronous I/O, but it has been steadily growing beyond that use case and adding new capabilities. Herein we catch up with the current state of io_uring, where it is headed, and an interesting question or two that will come up along the way.

Howto: roleplay a suit of armor filled with bees [Cory Doctorow – Boing Boing]

Snickelsox's guide to playing animated armor that is full of bees is full of surprisingly well-thought-through advice for anyone who should be tempted to role-play such a thing, despite their protestations that "this is dumb."

(via Super Punch)

Wells Fargo's ex-CEO will pay $17.5m in fines and never work in banking again (but he is still very, very rich) [Cory Doctorow – Boing Boing]

When John Stumpf (previously) was CEO of Wells Fargo, he oversaw a string of scandals including literally millions of acts of bank fraud, and still managed to walk out of the business with millions in bonuses and no criminal prosecutions.

He remains a multi-multi-multi-millionaire, but will have to surrender $17.5m in fines for his role in the scandals and is barred for life from working in banking. Many of his accomplices from Wells Fargo's C-suite are facing their own fines and restrictions on future involvement in the industry.

Much of the activity occurred because employees faced "unreasonable pressure" to achieve sales goals, leading to widespread instances of unethical and illegal behavior, the OCC alleged Thursday in legal documents.

Stumpf, the agency said, "was frequently informed by leaders" of the company's Community Bank division of the behavior but was told it was isolated and not systemic. He notably did not hold the head of the Community Bank division, Carrie Tolstedt, accountable and failed to take other actions "to prevent the Bank from recklessly engaging in unsafe or unsound practices," the OCC alleged.

Stumpf earlier already agreed to relinquish about $70 million in compensation, including stock awards, because of the scandal.

Ex-Wells Fargo CEO banned from banking, must pay $17.5M fine for role in fake-accounts scandal [Nathan Bomey/USA Today]

Does Your Domain Have a Registry Lock? [Krebs on Security]

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it. Even so, most major Web site owners aren’t taking full advantage of the security tools available to protect their domains from being hijacked. Here’s the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.

On December 23, 2019, unknown attackers began contacting customer support people at OpenProvider, a popular domain name registrar based in The Netherlands. The scammers told the customer representatives they had just purchased from the original owner the domain — which is part of a service that helps Web sites detect and block fraud — and that they were having trouble transferring the domain from OpenProvider to a different registrar.

The real owner of is Raymond Dijkxhoorn, a security expert and entrepreneur who has spent much of his career making life harder for cybercrooks and spammers. Dijkxhoorn and E-HAWK’s CEO Peter Cholnoky had already protected their domain with a “registrar lock,” a service that requires the registrar to confirm any requested changes with the domain owner via whatever communications method is specified by the registrant.

In the case of, however, the scammers managed to trick an OpenProvider customer service rep into transferring the domain to another registrar with a fairly lame social engineering ruse — and without triggering any verification to the real owners of the domain.

Specifically, the thieves contacted OpenProvider via WhatsApp, said they were now the rightful owners of the domain, and shared a short screen grab video showing the registrar’s automated system blocking the domain transfer (see video below).

“The support agent helpfully tried to verify if what the [scammers] were saying was true, and said, ‘Let’s see if we can move from here to check if that works’,” Dijkxhoorn said. “But a registrar should not act on instructions coming from a random email address or other account that is not even connected to the domain in question.”

Dijkxhoorn shared records obtained from OpenProvider showing that on Dec. 23, 2019, the domain was transferred to a reseller account within OpenProvider. Just three days later, that reseller account moved to another registrar — Public Domain Registry (PDR).

“Due to the previously silent move to another reseller account within OpenProvider, we were not notified by the registrar about any changes,” Dijkxhoorn said. “This fraudulent move was possible due to successful social engineering towards the OpenProvider support team. We have now learned that after the move to the other OpenProvider account, the fraudsters could silently remove the registrar lock and move the domain to PDR.”


Dijkxhoorn said one security precaution his company had not taken with their domain prior to the fraudulent transfer was a “registry lock,” a more stringent, manual (and sometimes offline) process that effectively neutralizes any attempts by fraudsters to social engineer your domain registrar.

With a registry lock in place, your registrar cannot move your domain to another registrar on its own. Doing so requires manual contact verification by the appropriate domain registry, such as Verisign — which is the authoritative registry for all domains ending in .com, .net, .name, .cc, .tv, .edu, .gov and .jobs. Other registries handle locks for specific top-level or country-code domains, including Nominet (for or .uk domains), EURID (for .eu domains), CNNIC for (for .cn) domains, and so on.

According to data provided by digital brand protection firm CSC, while domains created in the top three most registered top-level domains (.com, .jp and .cn) are eligible for registry locks, just 22 percent of domain names tracked in Forbes’ list of the World’s Largest Public Companies have secured registry locks.

Unfortunately, not all registrars support registry locks (a list of top-level domains that do allow registry locks is here, courtesy of CSC). But as we’ll see in a moment, there are other security precautions that can and do help if your domain somehow ends up getting hijacked.

Dijkxhoorn said his company first learned of the domain theft on Jan. 13, 2020, which was the date the fraudsters got around to changing the domain name system (DNS) settings for That alert was triggered by systems E-HAWK had previously built in-house that continually monitor their stable of domains for any DNS changes.

By the way, this continuous monitoring of one’s DNS settings is a powerful approach to help blunt attacks on your domains and DNS infrastructure. Anyone curious about why this might be a good approach should have a look at this deep-dive from 2019 on “DNSpionage,” the name given to the exploits of an Iranian group that has successfully stolen countless passwords and VPN credentials from major companies via DNS-based attacks.


Shortly after pointing’s DNS settings to a server they controlled, the attackers were able to obtain at least one encryption certificate for the domain, which could have allowed them to intercept and read encrypted Web and email communications tied to

But that effort failed because E-HAWK’s owners also had enabled DNSSEC for their domains (a.k.a. “DNS Security Extensions”), which protects applications from using forged or manipulated DNS data by requiring that all DNS queries for a given domain or set of domains be digitally signed.

With DNSSEC properly enabled, if a name server determines that the address record for a given domain has not been modified in transit, it resolves the domain and lets the user visit the site. If, however, that record has been modified in some way or doesn’t match the domain requested, the name server blocks the user from reaching the fraudulent address.

While fraudsters who have hijacked your domain and/or co-opted access to your domain registrar can and usually will try to remove any DNSSEC records associated with the hijacked domain, it generally takes a few days for these updated records to be noticed and obeyed by the rest of the Internet.

As a result, having DNSSEC enabled for its domains bought E-HAWK an additional 48 hours or so with which to regain control over its domain before any encrypted traffic to and from could have been intercepted.

In the end, E-HAWK was able to wrest back its hijacked domain in less than 48 hours, but only because its owners are on a first-name basis with many of the companies that manage the Internet’s global domain name system. Perhaps more importantly, they happened to know key people at PDR — the registrar to which the thieves moved the stolen domain.

Dijkxhoorn said without that industry access, E-HAWK probably would still be waiting to re-assume control over its domain.

“This process is normally not that quick,” he said, noting that most domains can’t be moved for at least 60 days after a successful transfer to another registrar.

In an interview with KrebsOnSecurity, OpenProvider CEO and Founder Arno Vis said said OpenProvider is reviewing its procedures and building systems to prevent support employees from overriding security checks that come with a registrar lock.

“We are building an extra layer of approval for things that support engineers shouldn’t be doing in the first place,” Vis said. “As far as I know, this is the first time something like this has happened to us.”

As in this case, crooks who specialize in stealing domains often pounce during holidays, when many registrars are short on well-trained staff. But Vis said the attack against E-HAWK targeted the company’s most senior support engineer.

“This is why social engineering is such a tricky thing, because in the end you still have a person who has to make a decision about something and in some cases they don’t make the right decision,” he said.


To recap, for maximum security on your domains, consider adopting some or all of the following best practices:

-Use registration features like Registry Lock that can help protect domain name records from being changed. Note that this may increase the amount of time it takes going forward to make key changes to the locked domain (such as DNS changes).

-Use DNSSEC (both signing zones and validating responses).

-Use access control lists for applications, Internet traffic and monitoring.

-Use 2-factor authentication, and require it to be used by all relevant users and subcontractors.

-In cases where passwords are used, pick unique passwords and consider password managers.

-Review the security of existing accounts with registrars and other providers, and make sure you have multiple notifications in place when and if a domain you own is about to expire.

-Monitor the issuance of new SSL certificates for your domains by monitoring, for example, Certificate Transparency Logs.

Today in GPF History for Friday, January 24, 2020 [General Protection Fault: The Comic Strip]

The gang discovers that someone has been stalking Fred's movement and activities for years...


Youtube's Content ID has become the tool of choice for grifty copyfraudsters who steal from artists [Cory Doctorow – Boing Boing]

Last year's EU Copyright Directive will require online services to install upload filters similar to Youtube's Content ID system, a $100m, voluntary tool that allows rightsholders to claim video and audio and either censor or earn money from any user videos that matches their claims.

At the time, opponents of this "filternet" proposal pointed out that Youtube's Content ID had some glaring issues that made it unsuitable as a model for expansion into all services and all types of media (written words, code, images, videos, sound). First among these was that the system has virtually no protections against "copyfraud," in which people claim the rights to others' creations, either through carelessness, or because by so doing, they can misappropriate others' income, censor their critics, or blackmail them by threatening to "copystrike" their work (if a Youtuber receives three copyright complaints, they can lose their channels and all their videos, forever, with no appeal).

In the months since the Directive passed in the EU (it squeaked through by a mere five votes, and then, immediately after, ten MEPs said they'd gotten confused and pushed the wrong button), Content ID has become even more toxic and hospitable to copyfraudsters.

For example, a company called Studio 71 has bulk-submitted claims to Content ID that allowed it steal the revenues from whole genres of Youtubers, and has thus far paid no penalty.

As bad as the situation is with Youtube and Content ID, it will be far, far worse under the Copyright Directive.

The Directive establishes penalties for platforms that permit copyrighted work to be uploaded by users after that work has been claimed by a rightsholder, and makes no exceptions for claims by rightsholders who have made many false claims in the past.

So if a troll uploads 10,000,000 works they don't own to, say, WordPress, someone at WordPress will have to remove all 10,000,000 of those database entries by hand, and then the troll could reupload them the same day.

But WordPress can't just say, "OK, troll, this bullshit stops now, you are no longer allowed to use our automated takedown system -- the next time you have a copyright claim, you can go to court and get a court order after showing evidence."

If they do this, and a single work that the troll does own goes live on any WordPress-hosted site, WordPress is now liable to stiff penalties under the directive.

In other words, the Directive sets up a system that automatically and permanently polices the speech of people who are accused of copyright infringement, but actually prohibits any policing of those who abuse this system to steal from artists or commit acts of censorship on a continent-wide scale.

As We Get Closer And Closer To The EU Requiring ContentID Everywhere, More Abuses Of ContentID Exposed [Mike Masnick/Techdirt]

(Image: Valerie Lawson, CC BY-SA, modified)

The Guardian has outed the true identity of the mysterious founder of the Base, a white nationalist terror group [Cory Doctorow – Boing Boing]

The Base is a white nationalist terror group that made the news when three of its members were arrested and accused of planning to start a civil war at this week's gun rally in Virginia by murdering cops and opening fire on the pro-gun protesters.

The group has a "culture of secrecy" and its members know its founder by aliases like "Norman Spear" and "Roman Wolf." But The Guardian has uncovered his true identity, using a combination of insider leaks and public records requests. According to the newspaper, "Norman Spear" is Rinaldo Nazzaro, a 46-year-old American from New Jersey whose personal history includes many extravagant claims of providing intelligence and security contracting to governments.

Apart from this, Nazzaro has very little social media presence, but his biographic details and images of him line up with what is know of "Spear."

It's not clear where Nazzaro lives; his wife is Russian and his image appears in advertisements for English language tutoring services in St Petersburg. He also owns an apartment in New Jersey.

Nazzaro owns a consulting company called "OSI LLC" whose offices -- on Fifth Ave in NYC, K-Street in DC, etc -- are all virtual offices, private mailbox services that offer phone reception and mail forwarding.

Nazzaro's proclaimed background in counterintelligence and government services, combined with any visible past history in white nationalist causes, has caused some white nationalists to accuse him of being a government operative running a honeypot to identify and neutralize Nazis (this is a common accusation and longrunning fear within the far-right).

According to an internally placed source, the only people within the movement who vouched for “Spear” were connected to the Northwest Front (NWF). The NWF founder, Harold Covington, was himself the subject of persistent rumors within the white nationalist movement that he was a federal informant, and that NWF was itself a honeypot – a front organization routinely used by US law enforcement in order to entrap people.

“Norman Spear” has told Base members that he remains in Russia. Law enforcement sources have indicated on background that Nazzaro is believed by some agencies to be working for the Russian government.

Revealed: the true identity of the leader of an American neo-Nazi terror group [Jason Wilson/The Guardian]

(Thanks, Kathy Padilla!)

The case for replacing air travel with high-speed sleeper trains [Cory Doctorow – Boing Boing]

One of the best work trips I ever took was the overnight train from London King's Cross to Edinburgh: I had a comfortable berth, went from city centre to city centre, arrived rested and refreshed, and did not have to endure the indignities and discomforts of air travel.

University of Westminster Senior Lecturer in Transport Planning Enrica Papa's editorial on the glories and possibilities of overnight rail as an alternative for many air journeys describes how the phenomenon of flygskam (Swedish: "flight shame") is giving rise to an overnight rail renaissance, with many European rail services reinstating and improving their overnight rail service -- for example, in 2022 you'll be able to take a sleeper car from Malmo to London, departing after dinner and arriving before lunch.

A recent study from the Netherlands found that passengers who travel for leisure purposes seem to be most attracted to the option of night trains. It’s possible that night train services could simply generate new demand from these customers instead of substituting existing airline passengers. The researchers found that 40% of business travellers still opted to fly the day before and stay in a hotel instead, though many thought the relative comfort of sleeper trains was appealing.

Could sleeper trains replace international air travel? [Enrica Papa/The Conversation]

(via Naked Capitalism)

Canadian "protesters" at Huawei extradition hearing say they were tricked, thought they were in a music video [Cory Doctorow – Boing Boing]

The idea of paid protesters is a favorite of the right, though as always, the thing you accuse your opponents of inevitably turns out to be the thing you're doing yourself (Trump paid actors to cheer his presidential campaign announcement and big industry groups pay actors to protest regulations that undermine their profits).

The Trump administration has been seeking to extradite Huawei heiress/exec Meng Wanzhou since they had her arrested by Canadian authorities in late 2018.

This week saw a crucial juncture in that legal wrangle, when Meng Wanzhou faced a judge over her objections to her extradition. Cameras were barred from the courtroom, but outside of it there was a lively demonstration of pro-Huawei/pro-China protesters, with a very different makeup to the usual protesters who have taken up Ms Weng's cause, who are primarily mainland Chinese students who are studying in Canada.

By contrast, these protesters were primarily not of Chinese origin, and they all sported red, homemade protest signs decrying the Trump administration, calling for "equal justice," and seeking the return of "Michael" (two Canadians, both named Michael, have been detained by Chinese authorities in retaliation for Meng's arrest).

Bob Mackin of The Breaker attended the protest and talked to these protesters and found them both curiously reticent to speak about their cause, and also singularly ignorant about the cause they were supporting. Mackin asked several of the protesters if they'd been paid to attend the event, but none admitted it at the time.

Subsequently, some of the protesters have contacted Mackin to say that they were paid to be there, and moreover, that they believed they were performing as extras in a music video. One told Mackin that they were confused when he started questioning them because no one had shouted "action." They also say they were never paid their promised $100.

The protesters say they were hired through an obfuscated chain of recruiters and producers. The video of the protesters did not play prominently in US and Canadian news, but it was featured heavily on Chinese state media, where it was used as evidence that everyday Canadians were outraged that their justice system had been hijacked by the Trump regime.

Mackin discusses the story in detail on the latest Canadaland podcast, where host Jesse Brown makes the excellent point that this illustrates just how difficult it is to field convincing paid protesters that stand up to even cursory scrutiny.

The video itself is a hilarious, sad pantomime wherein the protesters are seriously confused and increasingly alarmed as they realize what's going on.

“That was the promise [$100 to be in a music video], and then it was like, when there was all these cameras, for a long time I believed it was filming a scene where someone was coming out of a car,” he said. “So I was genuinely like, OK, fine to do this. Then reporters start showing up and, I don’t feel great about this anymore. I haven’t done anything wrong.”

Exclusive: Man says he was tricked to be in pro-Meng Wanzhou protest [Bob Mackin/The Breaker]

(Image: thumbnail from a photo by Bob Mackin)

London cops announce citywide facial recognition cameras [Cory Doctorow – Boing Boing]

In 2018, London's Metropolitan Police Force announced trials of a facial recognition system that could be married to the city's legendarily invasive CCTV thicket; the tests failed 98% of the time and led to arrests of people who opted out by covering their faces.

Based on that dismal performance, and perhaps emboldened by the coming Brexit and its liberation from EU privacy rules, the Met have announced that they are rolling out permanent, citywide facial recognition. The system will use "bespoke" watchlists whose criteria are not disclosed, though they will include people "wanted for serious and violent offences."

The cameras will be placed in popular tourist and shopping spots.

When the camera flags an individual, police officers will approach and ask them to verify their identity. If they’re on the watch list, they’ll be arrested. “This is a system which simply gives police officers a ‘prompt’, suggesting ‘that person over there may be the person you’re looking for,’” said the Metropolitan police in a press release.

Operational use of the cameras will only last for five or six hours at a time, says BBC News, but the Met makes clear that the use of this technology is to be the new normal in London.

London police to deploy facial recognition cameras across the city [James Vincent/The Verge]

(Image: Cryteria, CC-BY, modified)


Link [Scripting News]

I just learned about the Dunning-Kruger effect.



Looking back at Y2K from the Trump Era [I, Cringely]

Recently I came across an old column I wrote a decade ago on the 10th anniversary of Y2K. You can find it in my archive along with a thousand more, but I am also reproducing it, below. For those who have forgotten Y2K or are too young to remember it, the crisis was Climate Change for an earlier era. It was a very real global problem that turned out to be anticlimactic only because we as a society took heroic efforts to handle it. We should be so lucky today.

The column holds up fairly well, I think, and its major lessons are worth remembering. If anything, it’s even more relevant today because we are living in the Trump era of bombast and willful ignorance.

Those people who threatened my life 20 years ago, I wonder where they are today? What are they worried about now?

Tonight marks the 10th anniversary of Y2K, so I’m using it as an excuse to look back at lessons learned and not learned from that experience. The greatest lessons had to do with psychology, not technology.

Y2K was no surprise to me. I wrote a chapter on it in my book Accidental Empires back in 1991 — fully nine years before the actual deadline. To my knowledge that was the first in-depth explanation of Y2K in the mass media. I explained how the problem came to be, how it could be solved, and predicted that doing so would cost a lot of money and force a transition on the way corporations and governments used technology.

In early 1999 someone at PBS came up with the bright idea that I do a TV special about Y2K to run that October, setting audience expectations about what was to come. Going into that project I remember the producers expected it to be about all the stuff that was likely to go wrong. After all, I had written eight years before that we were in peril. But when I jumped into the research in 1999 I found that Y2K remediation, as it was called, seemed to be going well. I also found that systems weren’t as inter-connected or dependent as many of us had thought — that the world simply wasn’t as much at risk as we feared. I had to fight for this position, but ultimately that was the more conservative story we told two months before the actual event. And we were right.

PBS, to its credit, was the only U. S. television network with the guts to do such a show in primetime or anytime. We took a position — a controversial one it turned out — and justified it with research. Other networks preferred to play the doom card over and over again.

Y2K remediation cost $50-100 billion for the U. S. alone. Probably half of that money would have been spent on IT improvements anyway, but an extra 25-50 billion 1999 dollars is still a lot of dough. Much of it was spent on Y2K-related issues but a lot of it was spent on this-and-that. Y2K was such an arcane problem and so far above the heads of typical CEOs that it was viewed by IT departments as a chance to buy all the cool stuff they never could before. A lot of cool stuff was bought on top of all the other cool stuff being bought because this was also the time of the dot-com Internet Bubble.

I have wondered how much of the economic downturn in 2000 and 2001 – the collapse of the Internet Bubble — was actually due to the passage of Y2K with its excessive IT purchasing and labor costs.

While making that TV special I spent weeks interviewing experts and self-proclaimed experts including survivalists. What I learned then was a story that I don’t think ever really came out. It consists of three parts:

1)  Desire: the people warning the loudest about Y2K, those hoarding lentils and suggesting the end of the world was coming, really wanted to be right. They not only thought Y2K was going to be a disaster, they wanted it to be a disaster.

2)  Paranoia: the people who were so upset about Y2K — the survivalists and others who headed to the mountains and other sparsely-populated areas — didn’t go to the country because they thought the cities would collapse. They thought the rule of law would collapse and there would be Mad Maxian mass civil unrest. And all that unrest would be aimed squarely at them — the arrogant and narcissistic survivalist leaders. They just assumed that all the other folks who stupidly hadn’t been hoarding lentils would want their lentils and would be coming for them, possibly armed. They expected that Y2K would not only delay Social Security checks, it would lead to armed insurrection aimed at they and their lentils. I am not making this up.

3)  Disappointment: When the worst didn’t happen and these same folks found themselves in the middle nowhere with half a ton of lentils, they were disappointed the world hadn’t fallen apart after all.  Some of those people still haven’t recovered.

When Y2K: The Winter of Our Disconnect? aired that October (pre-Y2K), it produced the greatest e-mail response of any show I ever made — almost 3,000 messages in the first week. Most of those messages were negative, some extremely so. Many viewers saw me as irresponsible. They claimed that my irresponsible actions would lead to the deaths of hundreds — perhaps thousands — of PBS viewers, lulled into inaction by my false reassurances. Some viewers said I deserved to die for making the show. A few suggested they would kill me themselves.

It reminded me to a certain extent of the minor firestorm a couple weeks ago over my Christmas card, though at least that one produced no death threats.

So I was Public Enemy Number One in October, 1999 for suggesting that Y2K would turn out to be no big deal. And what happened in January, when it became clear that my show was 100 percent correct? Nothing. Not a single e-mail came to me from any of those people.

Audiences: you can’t live with them, you can’t live without them.

Happy New Year.

Digital Branding
Web Design Marketing


Security updates for Friday []

Security updates have been issued by Debian (git and python-apt), Oracle (openslp), Red Hat (chromium-browser and ghostscript), SUSE (samba, slurm, and tomcat), and Ubuntu (clamav, gnutls28, and python-apt).


Catch Your Inner Pokemon [Looking For Group]

Lar clearly doesn’t get Pokemon. You’re supposed to Catch’Em All, but he keeps releasing new ones! May 3rd is the MS Walk for a Cure, the annual fundraiser for Multiple Sclerosis that Lar and his wife are raising money for […]

The post Catch Your Inner Pokemon appeared first on Looking For Group.

Peeking inside C++/CX delegates [The Old New Thing]

Let’s hope you never need to do this, but if you are forced to debug code written in C++/CX, and you have a C++/CX delegate and want to know what it is, well, here goes.

0:005> dps 0x00000295`0d3a0ab0
00000295`0d3a0ab0  00007ff9`c0238fd8 contoso!RoutedEventHandler::`vftable'
00000295`0d3a0ab8  00007ff9`c0238f98 contoso!RoutedEventHandler::`vftable'
00000295`0d3a0ac0  00007ff9`c0238f68 contoso!RoutedEventHandler::`vftable'
00000295`0d3a0ac8  00000295`7d9f8ee0
00000295`0d3a0ad0  ffffffff`ffffffff
00000295`0d3a0ad8  00007ff9`c0252f08 contoso!`RoutedEventHandler<Widget,
                                      void (Widget::*)(Object ^,RoutedEventArgs ^)>'::
00000295`0d3a0ae0  00000295`469826e0
00000295`0d3a0ae8  00007ff9`bfff2e80 contoso!Widget::OnColorChanged

The object starts with some vtables and other bookkeeping. But the interesting thing is the next vtable, because that one tells you what kind of delegate you have.

In this case, it’s a vtable for a “pointer to member weak ref capture”, which tells us that our delegate is a weak pointer plus a pointer to member function.

The next two pointers are the weak reference and the member function pointer.

Most C++/CX delegates are of the “weak pointer plus method pointer” variety, but the other flavor is the “functor”, where the handler is an arbitrary object that supports the function call operator.

For example, a delegate that refers to a static method looks like this:

0:000> dps 08062190
08062190  0116a2f4 contoso!RoutedEventHandler::`vftable'
08062194  0116a310 contoso!RoutedEventHandler::`vftable'
08062198  0116a334 contoso!RoutedEventHandler::`vftable'
0806219c  08068a10
080621a0  ffffffff
080621a4  0116a378 contoso!__abi_FunctorCapture<
                   void (__cdecl*)(Object ^,RoutedEventArgs ^),
                   Object ^,
                   RoutedEventArgs ^>::`vftable'
080621a8  00f9371c contoso!OnColorChanged

The vtable in position 5 says that this is a functor that captured a plain old function pointer, and the plain old function pointer comes immediately after: It’s contoso!OnColorChanged.

For a class that supports the function call operator, you get a customized function for that class. In this example, the class is a lambda:

08062240  0116a2f4 contoso!RoutedEventHandler::`vftable'
08062244  0116a310 contoso!RoutedEventHandler::`vftable'
08062248  0116a334 contoso!RoutedEventHandler::`vftable'
0806224c  080689b0
08062250  ffffffff
08062254  0116a388 contoso!__abi_FunctorCapture<
                   Object ^,
                   RoutedEventArgs ^>::`vftable'
08062258  08053480 // lambda contents start here
0806225c  00000000

If the lambda is large (bigger than than 16 pointers), then it is stored in a separate memory allocation. You can find a pointer to the wrapper for the captured lambda 16 pointers later:

07a2c2f0  00e57324 contoso!RoutedEventHandler::`vftable'
07a2c2f4  00e57340 contoso!RoutedEventHandler::`vftable'
07a2c2f8  00e57364 contoso!RoutedEventHandler::`vftable'
07a2c2fc  07a36278
07a2c300  ffffffff
07a2c304  00000000 (unused slot 0)
07a2c308  00000000 (unused slot 1)
07a2c30c  00000000 (unused slot 2)
07a2c310  00000000 (unused slot 3)
07a2c314  00000000 (unused slot 4)
07a2c318  00000000 (unused slot 5)
07a2c31c  00000000 (unused slot 6)
07a2c320  00000000 (unused slot 7)
07a2c324  00000000 (unused slot 8)
07a2c328  00000000 (unused slot 9)
07a2c32c  00000000 (unused slot 10)
07a2c330  00000000 (unused slot 11)
07a2c334  00000000 (unused slot 12)
07a2c338  00000000 (unused slot 13)
07a2c33c  00000000 (unused slot 14)
07a2c340  00000000 (unused slot 15)
07a2c344  01212a48 // pointer to functor

01212a48  00e57388 contoso!__abi_FunctorCapture<
                   Object ^,
                   RoutedEventArgs ^>::`vftable'
01212a4c  07a1f3d0 // lambda contents start here
01212a50  00000000

The post Peeking inside C++/CX delegates appeared first on The Old New Thing.


Technical Report of the Bezos Phone Hack [Schneier on Security]

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman.

...investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that "appears to be an Arabic language promotional film about telecommunications."

That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented "study of the code delivered along with the video."

Investigators determined the video or downloader were suspicious only because Bezos' phone subsequently began transmitting large amounts of data. "[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos' phone began, continuing and escalating for months thereafter," the report states.

"The amount of data being transmitted out of Bezos' phone changed dramatically after receiving the WhatsApp video file and never returned to baseline. Following execution of the encrypted downloader sent from MBS' account, egress on the device immediately jumped by approximately 29,000 percent," it notes. "Forensic artifacts show that in the six (6) months prior to receiving the WhatsApp video, Bezos' phone had an average of 430KB of egress per day, fairly typical of an iPhone. Within hours of the WhatsApp video, egress jumped to 126MB. The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data."

The Motherboard article also quotes forensic experts on the report:

A mobile forensic expert told Motherboard that the investigation as depicted in the report is significantly incomplete and would only have provided the investigators with about 50 percent of what they needed, especially if this is a nation-state attack. She says the iTunes backup and other extractions they did would get them only messages, photo files, contacts and other files that the user is interested in saving from their applications, but not the core files.

"They would need to use a tool like Graykey or Cellebrite Premium or do a jailbreak to get a look at the full file system. That's where that state-sponsored malware is going to be found. Good state-sponsored malware should never show up in a backup," said Sarah Edwards, an author and teacher of mobile forensics for the SANS Institute.

"The full file system is getting into the device and getting every single file on there­ -- the whole operating system, the application data, the databases that will not be backed up. So really the in-depth analysis should be done on that full file system, for this level of investigation anyway. I would have insisted on that right from the start."

The investigators do note on the last page of their report that they need to jailbreak Bezos's phone to examine the root file system. Edwards said this would indeed get them everything they would need to search for persistent spyware like the kind created and sold by the NSO Group. But the report doesn't indicate if that did get done.


Link [Scripting News]

I got a couple of reports from people who use the Mail app on iPhones to read the nightly email. The contents of the mail only fills a portion of the window horizontally. I am able to reproduce the problem here. Apparently previously it filled the space. I've started a thread to gather info about this. I don't know how to debug this, but I will try.

Link [Scripting News]

Yesterday, I included the video of Dale Bumpers' speech at the Clinton impeachment trial in 1999, but it wasn't displayed by some of the email clients. Here's a link to the video on C-SPAN.


Four short links: 24 January 2020 [Radar]

  1. China Open Sourcing the Wuhan Coronaviruses Genomes (Twitter) — fast-tracking research.
  2. kube-scanOctarine k8s cluster risk assessment tool.
  3. Copyright is in Crisis (Cory Doctorow) — excellent excoriation of the state of the creative industries, where consolidation and regulation work against the creators and for the middlemen.
  4. Validating Startup IdeasOur goal in publishing this is to help other founders think about how to do early validation the way that we do inside the studio.


Error'd: Amazon Deal or No Deal [The Daily WTF]

"Hey Alexa, can you help Amazon with their math?" Timothy W. wrote.   "Name my %1$s so I can identify it later? How about 'Placeholder Text Goes Here'?" writes Vladimír...


Russia’s Anti-Piracy Deal to Delete Content From Search Engines Extended Until 2021 [TorrentFreak]

When leading content companies and distributors plus Yandex, Rambler Group, Mail.Ru Group, vKontakte, and RuTube signed up to a landmark anti-piracy memorandum in 2018, new ground was broken in Russia.

Assisted by the creation of a centralized database of allegedly-infringing content, Internet platforms agreed to voluntarily query the resource in near real-time before deleting content from their search indexes. The plan was to make pirated content harder for users to find and within months, hundreds of thousands of links were being purged.

The end-game was to have the terms of the agreement written into local law but as some expected, things didn’t run entirely to plan. Early October 2019, with the memorandum a year old, it effectively timed out. Negotiations ensued and a short extension was agreed but a deadline of end October came and went without a draft being presented to parliament.

With another deadline missed, an automatic extension to end December 2019 came into play but it’s now clear that the plan to formalize the agreement in law is still a very long way off.

During a meeting at the Media and Communications Union, the industry association formed by the largest media companies and telecom industry players, the parties – with assistance from telecoms watchdog Roscomnadzor – have now agreed to another extension. The voluntary agreement will now continue for at least another year, the clearest indication yet that this isn’t a straightforward matter.

According to industry sources cited by Vedomosti (paywall), the decision not to push ahead now towards legislation was taken jointly by the signatories and Roscomnadzor.

While many specifics aren’t being made public, sources indicate that the mechanism for resolving disputes between the copyright holders and Internet platforms has proven complex. Another area of disagreement centers around demands from rightsholders and content companies to have sites delisted on a permanent basis, if they are repeatedly flagged as offering links to infringing content.

Another key issue is that under the current system there is a clear bias towards video content and the largest copyright holders, while others have to take a back seat or are left out altogether. It will take a considerable period of time to overcome these hurdles, a situation that isn’t helped by a reported lack of time in the State Duma to deal with the legislation.

As a result, the memorandum will now be extended to the end of January 2021, to allow the parties and the government to come up with a credible framework before writing it into law.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Steve Kemp: procmail for gmail? [Planet Debian]

After 10+ years I'm in the process of retiring my mail-host. In the future I'll no longer be running exim4/dovecot/similar, and handling my own mail. Instead it'll all go to a (paid) Google account.

It feels like the end of an era, as it means a lot of my daily life will not be spent inside a single host no longer will I run:


I'm still within my Gsuite trial, but I've mostly finished importing my vast mail archive, via mbsync.

The only outstanding thing I need is some scripting for the mail. Since my mail has been self-hosted I've evolved a large and complex procmail configuration file which sorted incoming messages into Maildir folders.

Having a quick look around last night I couldn't find anything similar for the brave new world of Google Mail. So I hacked up a quick script which will automatically add labels to new messages that don't have any.

Finding messages which are new/unread and which don't have labels is a matter of searching for:

is:unread -has:userlabels

From there adding labels is pretty simple, if you decide what you want. For the moment I'm keeping it simple:

  • If a message comes from "Bob Smith" <>
    • I add the label "bob.smith".
    • I add the label "".

Both labels will be created if they don't already exist, and the actual coding part was pretty simple. To be more complex/flexible I would probably need to integrate a scripting language (oh, I have one of those), and let the user decide what to do for each message.

The biggest annoyance is setting up the Google project, and all the OAUTH magic. I've documented briefly what I did but I don't actually know if anybody else could run the damn thing - there's just too much "magic" involved in these APIs.

Anyway procmail-lite for gmail. Job done.


Extremophiles [George Monbiot]

Anyone seeking to defend life on Earth is now labelled an extremist. Yet the real extremists are those in power.

By George Monbiot, published in the Guardian 22nd January 2020

It’s not an “error” or an “accident”, as the police now claim. It’s a pattern. First, the Guardian revealed that counterterrorism police in south-east England have listed Extinction Rebellion (XR) and the youth climate strikes as forms of “ideological extremism”. Then teachers and officials around the country reported that they had been told, in briefings by the anti-radicalisation Prevent programme, to look out for people expressing support for XR and Greenpeace.

Then the Guardian found a guide by Counter Terrorism Policing to the signs and symbols used by various groups. Alongside terrorists and violent extremist organisations, the guide listed Greenpeace, XR, People for the Ethical Treatment of Animals, CND, the Socialist Party, Stop the War and other peaceful green and left organisations. Then the newspaper discovered that City of London Police had listed XR as a “key threat” in its counterterrorism assessment.

There’s a long history in the UK of attempts to associate peaceful protest with extremism or terrorism. In 2008, for example, the Association of Chief Police Officers (ACPO) produced a list of “domestic extremists”. Among them was Dr Peter Harbour, a retired physicist and university lecturer, who had committed the cardinal sin of marching and petitioning against an attempt by the energy company RWE npower to drain a beautiful local lake and fill it with pulverised fly ash. ACPO sought to smear peace campaigners, Greenpeace and Climate Camp with the same charge.

The police have always protected established power against those who challenge it, regardless of the nature of that challenge. And they have long sought to criminalise peaceful dissent. Part of the reason is ideological: illiberal and undemocratic attitudes infest policing in this country. Part of it is empire building: if police units can convince the government and the media of imminent threats that only they can contain, they can argue for more funding.

But there’s another reason, which is arguably even more dangerous: the nexus of state and corporate power. All over the world, corporate lobbyists seek to brand opponents of their industries as extremists and terrorists, and some governments and police forces are prepared to listen. A recent article in The Intercept sought to discover why the US Justice Department and the FBI had put much more effort into chasing mythical “ecoterrorists” than pursuing real, far-right terrorism. A former official explained, “you don’t have a bunch of companies coming forward saying ‘I wish you’d do something about these right-wing extremists’.” By contrast, there is constant corporate pressure to “do something” about environmental campaigners and animal rights activists.

We feel this pressure in the UK. In July last year, the lobby group Policy Exchange published a report  claiming that XR is led by dangerous extremists. Policy Exchange is an opaque organisation that refuses to disclose its donors. But an investigation by Vice magazine revealed it has received funding from the power company Drax, the trade association Energy UK and the gas companies E.On and Cadent.

One of the two authors of the Policy Exchange report, Richard Walton, is a former police commander. A report by the Independent Police Complaints Commission said he would have had a misconduct case to answer, had he not retired. The case concerned allegations about his role in the spying by undercover police on the family of the murdered black teenager Stephen Lawrence. The purpose of the spying operation, according to one of the police officers involved, was to seek “disinformation” and “dirt” on the family, and stop their campaign for justice “in its tracks.”

The Home Secretary, Priti Patel, has defended the inclusion of XR on the police list of extremist ideologies. But it seems to me that people like Patel and Richard Walton pose much greater threats to the nation, the state and our welfare than any green campaigners. Before she became an MP, she worked for the company Weber Shandwick, as a lobbyist for British American Tobacco. Among her tasks was to campaign against the European tobacco control directive, whose purpose was to protect public health. A BAT memo complained that the Weber Shandwick team as a whole “does not actually feel comfortable or happy working for BAT.” But it was pleased to note that two of its members “seem quite relaxed working with us”. One of them was Priti Patel.

In her previous government role, as secretary of state for international development, Patel held unauthorised and undisclosed meetings with Israeli officials, after which she broached the possibility of her department channelling British aid money through the Israeli army, in the occupied Golan Heights. After she was less than candid with the prime minister, Theresa May, about further undisclosed meetings, she was forced to resign. But she was reinstated, in a far more powerful role, by Boris Johnson.

Our government is helping propel us towards a catastrophe on a scale humankind has never encountered before: the collapse of our life support systems. It does so in support of certain ideologies – consumerism, neoliberalism, capitalism – and on behalf of powerful industries. This, apparently, meets the definition of moderation. Seeking to prevent this catastrophe is extremism. If you care about other people, you go on the list. If you couldn’t give a damn about humankind and the rest of life on Earth, the police and the government will leave you alone. You might even get appointed to high office.

It is hard to think of any successful campaign for democracy, justice, or human rights that would not now be classed by police forces and the government as an extremist ideology. Without extremists such as Emmeline Pankhurst, who maintained that “the argument of the broken window pane is the most valuable argument in modern politics”, Priti Patel would not be an MP. Only men with a certain amount of property would be permitted to vote. There would be no access to justice, no rights for workers, no defence against hunger and destitution, no weekends.

In his Letter from Birmingham Jail, Martin Luther King, subjected to smears very similar to those now directed against XR and other environmental groups, noted “the question is not whether we will be extremists, but what kind of extremists we will be. Will we be extremists for hate or for love? Will we be extremists for the preservation of injustice or for the extension of justice?”

Good citizens cannot meekly accept the death of the living planet, as corporations rip it apart for profit. The moderation demanded of us is, in reality, extremism: acceptance of an economic and political model driving us towards unprecedented disaster. If seeking to defend life on Earth defines us as extremists, we have no choice but to own the label. We are extremists for the extension of justice and the perpetuation of life.


Bdale Garbee: Digital Photo Creation Dates [Planet Debian]

I learned something new yesterday, that probably shouldn't have shocked me as much as it did. For legacy reasons, the "creation time" in the Exif metadata attached to digital camera pictures is not expressed in absolute time, but rather in some arbitrary expression of "local" time! This caused me to spend a long evening learning how to twiddle Exif data, and then how to convince Piwigo to use the updated metadata. In case I or someone else need to do this in the future, it seems worth taking the time to document what I learned and what I did to "make things right".

The reason photo creation time matters to me is that my wife Karen and I are currently in the midst of creating a "best of" subset of photos taken on our recently concluded family expedition to Antarctica and Argentina. Karen loves taking (sometimes award-winning) nature photos, and during this trip she took thousands of photos using her relatively new Nikon COOLPIX P900 camera. At the same time, both of us and our kids also took many photos using the cameras built into our respective Android phones. To build our "best of" list, we wanted to be able to pick and choose from the complete set of photos taken, so I started by uploading all of them to the Piwigo instance I host on a virtual machine on behalf of the family, where we assigned a new tag for the subset and started to pick photos to include.

Unfortunately, to our dismay, we noted that all the photos taken on the P900 weren't aligning correctly in the time-line. This was completely unexpected, since one of the features of the P900 is that it includes a GPS chip and adds geo-tags to every photo taken, including a GPS time stamp.


We've grown accustomed to the idea that our phones always know the correct time due to their behavior on the mobile networks around the world. And for most of us, the camera in our phone is probably the best camera we own. Naively, my wife and I assumed the GPS time stamps on the photos taken by the P900 would allow it to behave similarly and all our photos would just automatically align in time... but that's not how it worked out!

The GPS time stamp implemented by Nikon is included as an Exif extension separate from the "creation time", which is expressed in the local time known by the camera. While my tiny little mind revolts at this and thinks all digital photos should just have a GPS-derived UTC creation time whenever possible... after thinking about it for a while, I think I understand how we got here.

In the early days of Exif, most photos were taken using chemical processes and any associated metadata was created and added manually after the photo existed. That's probably why there are separate tags for creation time and digitization time, for example. As cameras went digital and got clocks, it became common to expect the photographer to set the date and time in their camera, and of course most people would choose the local time since that's what they knew.

With the advent of GPS chips in cameras, the hardware now has access to an outstanding source of "absolute time". But the Nikon guys aren't actually using that directly to set image creation time. Instead, they still assume the photographer is going to manually set the local time, but added a function buried in one of the setup menus to allow a one-time set of the camera's clock from GPS satellite data.

So, what my wife needs to do in the future is remember at the start of any photo shooting period where time sync of her photos with those of others is important, she needs to make sure her camera's time is correctly set, taking advantage of the function that allows here to set the local time from the GPS time. But of course, that only helps future photos...

How I fixed the problem

So the problem in front of me was several thousand images taken with the camera's clock "off" by 15 hours and 5 minutes. We figured that out by a combinaton of noting the amount the camera's clock skewed by when we used the GPS function to set the clock, then noticing that we still had to account for the time zone to make everything line up right. As far as I can tell, 12 hours of that was due to AM vs PM confusion when my wife originally set the time by hand, less 1 hour of daylight savings time not accounted for, plus 4 time zones from home to where the photos were taken. And the remaining 5 minutes probably amount to some combination of imprecision when the clock was originally set by hand, and drift of the camera's clock in the many months since then.

I thought briefly about hacking Piwigo to use the GPS time stamps, but quickly realized that wouldn't actually solve the problem, since they're in UTC and the pictures from our phone cameras were all using local time. There's probably a solution lurking there somewhere, but just fixing up the times in the photo files that were wrong seemed like an easier path forward.

A Google search or two later, and I found jhead, which fortunately was already packaged for Debian. It makes changing Exif timestamps of an on-disk Jpeg image file really easy. Highly recommended!

Compounding my problem was that my wife had already spent many hours tagging her photos in the Piwigo web GUI, so it really seemed necessary to fix the images "in place" on the Piwigo server. The first problem with that is that as you upload photos to the server, they are assigned unique filenames on disk based on the upload date and time plus a random hash, and the original filename becomes just an element of metadata in the Piwigo database. Piwigo scans the Exif data at image import time and stuffs the database with a number of useful values from there, including the image creation time that is fundamental to aligning images taken by different cameras on a timeline.

I could find no Piwigo interface to easily extract the on-disk filenames for a given set of photos, so I ended up playing with the underlying database directly. The Piwigo source tree contains a file piwigo_structure-mysql.sql used in the installation process to set up the database tables that served as a handy reference for figuring out the database schema. Looking at the piwigo_categories table, I learned that the "folder" I had uploaded all of the raw photos from my wife's camera to was category 109. After a couple hours of re-learning mysql/mariadb query semantics and just trying things against the database, this is the command that gave me the list of all the files I wanted:

select piwigo_images.path into outfile '/tmp/imagefiles' from piwigo_image_category, piwigo_images where piwigo_image_category.category_id=109 and piwigo_images.date_creation >= '2019-12-14' and;

That gave me a list of the on-disk file paths (relative to the Piwigo installation root) of images uploaded from my wife's camera since the start of this trip in a file. A trivial shell script loop using that list of paths quickly followed:

        cd /var/www/html/piwigo
        for i in `cat /tmp/imagefiles`
                echo $i
                sudo -u www-data jhead -ta+15:05 $i

At this point, all the files on disk were updated, as a little quick checking with exif and exiv2 at the command line confirmed. But my second problem was figuring out how to get Piwigo to notice and incorporate the changes. That turned out to be easier than I thought! Using the admin interface to go into the photos batch manager, I was able to select all the photos in the folder we upload raw pictures from Karen's camera to that were taken in the relevant date range (which I expressed as taken:2019-12-14..2021), then selected all photos in the resulting set, and performed action "synchronize metadata". All the selected image files were rescanned, the database got updated...

Voila! Happy wife!


Obese dogs [Seth's Blog]

Dogs aren’t supposed to have willpower, that’s what they have us for.

Marketing changes culture and culture changes us. And then we end up changing the world around us. Not just the dogs, but all of it.

It’s probably a mistake for us to wait until profit-driven corporations start to worry about side effects on their own. But the moment we start voting with our attention and our dollars, they’ll begin to respond.

We get what we pay for. And sometimes, we pay for what we get.


Comic: Record Holder [Penny Arcade]

New Comic: Record Holder


Girl Genius for Friday, January 24, 2020 [Girl Genius]

The Girl Genius comic for Friday, January 24, 2020 has been posted.


Arizona HOA threatens residents with fines for posting critical comments about its board [Cory Doctorow – Boing Boing]

The Homeowners' Association in Val Vista Lakes -- a private community in Gilbert, Arizona -- has threatened at least 11 residents with fines of $250 each if they do not delete Facebook posts that are critical of the HOA and its board, thereby demonstrating the case for criticizing the HOA and its board.

The controversial posts relate to a recent, contentious board election, and involve candidates for board seats.

“Compared to what you see on the national level, it was pretty moderate,” said Keith Faber, a former board member who participated in some of the discussion.

He was among residents to receive a letter from the HOA attorney.

“The comments you have posted specifically defame and negatively impact others in the community,” the letter to Faber reads. “The Association demands that you cease posting any disparaging, speculative, or defaming comments that negatively impact specific individuals in the Association or on the Board.”

Gilbert HOA board may fine Val Vista Lakes residents $250 per day over critical social media posts [Alison Steinbach/Arizona Central]

(Thanks, Rick!)

(Image: Val Vista Lakes)


Any Computer Without Internet Counts as Self-Care [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Tonight's comic is about distraction-free computing devices.


Bipartisan consensus is emerging on reining in Big Tech [Cory Doctorow – Boing Boing]

House Antitrust chairman David Cicilline's interview with The Verge's Nilay Patel reveals the exciting shifts in how Congress thinks about Big Tech's monopolies.

Cicilline doesn't think Congress can break up Big Tech, though he moots passing a "Glass-Steagall for tech" that makes tech companies engage in "structural separation" -- for example, platform companies would not be allowed to compete with the companies that use their platforms. And he wants to do a lot more scrutiny of mergers in the future, which is an outstanding idea.

I'm worried, though, that if they start blocking future mergers but don't unwind past mergers, they'll just lock in the monopolies of the companies that did their merging in the past -- for example, if future Google competitors can't buy ad-tech companies but Google gets to keep Doubleclick, it basically guarantees Google's eternal dominance. I'm not saying we should allow future search companies to buy ad-tech companies, rather, advocating for breaking Google up on structural lines.

Also notably absent from the conversation: breakups of other industries, like ISPs, entertainment conglomerates, banks, etc, etc.

But I do think that the other suggestion that Sen. Warren has made is a really interesting one and something I think about a lot: the notion of “You can be either a platform or you can be a manufacturer or a producer of services, but you can’t do both.” Sort of the Glass-Steagall of the internet. It’s kind of an interesting idea because people go to a platform thinking, somehow, when they do a search, there’s some neutral way that evidence is reviewed, and you’re provided with a result from that search.

Well, we know that that is not the case, the way items get into the Amazon buy box. And Amazon used its own private label to promote it or promotes its own goods. It creates sort of an inherent conflict. You know, you’re both a platform and a manufacturer of goods. And so it’s kind of an interesting idea to think: should you at least separate out those functions and say you can be one or the other, but you can’t be both?

I think these companies are too big, and we’ve allowed them to exercise monopoly power. We have to figure out how to correct that. I’m looking at kind of what are the current antitrust tools that are available to antitrust enforcers, and how we might use those to promote competition. But there is not a mechanism that I can think of that would allow us, as Congress, to go and break up a particular company. I think we can do a lot of things to correct the absence of competition in that space. Everything is on the table, in my view. But I have to think long and hard about how we could, in a congressional enactment, actually break up a company.

Tech companies are "too big," says House Antitrust chairman David Cicilline [Nilay Patel/The Verge]


US insurers, sick of being gouged by Big Pharma, will develop cheap generics [Cory Doctorow – Boing Boing]

The US health insurance industry resents being on the receiving end of surprise bills and price-gouging, so Blue Cross/Blue Shield are spending $55m to have the nonprofit Civica Rx tool up to make generics of off-patent drugs whose sole manufacturers are shkreliing the prices into the stratosphere.

Civica already supplies drugs to 1,200 hospitals.

Drugmakers hiked prices 1,000% in massive price-fixing scheme, states allege In an interview with The New York Times, Civica board chairman Dan Liljenquist said that the new venture “will not solve all the problems of the world, but we do know that 90 percent of prescriptions are generic, and there are certain parts of the generic markets that are not functioning like competitive markets should. And we intend to compete in those markets.”

Sick of Big Pharma’s pricing, health insurers pledge $55M for cheap generics [Beth Mole/Ars Technica]

Thursday, 23 January


[$] How to contribute to kernel documentation []

Some years back, I was caught in a weak moment and somehow became the kernel documentation maintainer. More recently, I've given a few talks on the state of kernel documentation and the sort of work that needs to be done to make things better. A key part of getting that work done is communicating to potential contributors the tasks that they might helpfully take on — a list that was, naturally, entirely undocumented. To that end, a version of the following document is currently under review and headed for the mainline. Read on to see how you, too, can help to make the kernel's documentation better.


Link [Scripting News]

So far people seem to like the RSS version of the nightly email. I don't like the way it looks in readers, and I want more features, but if that's where some people want to read my stuff, of course I'm happy. The important thing is that you read, listen and watch (and think of course).

Link [Scripting News]

An idea for a recurring sketch on a comedy show. Two actors, one plays a Trump supporter. Someone who speaks like an actual Trumper, who says things that echo what's said on Fox. Vary the gender, where they're from, etc. Each time, they discuss current events with an actor who is not a Trump supporter, serious, plays it straight. Now here's where it gets interesting. The Trump supporter realizes how wrong it was to support Trump. They do something to demonstrate that they see the light. Remember, they're actors. It's scripted. So the outcome is always the same. I would love to watch this, just for the release. Also it would really piss off Trump supporters, which is an extra bonus. Worth trying maybe on SNL or the Daily Show.


Not dead yet! What Bob Cringely has been up to… [I, Cringely]

A few days ago I tweeted something and a reader reacted, saying about Cringely, “I thought he was dead!” Not dead yet, but I should probably explain my disappearance a few months ago from life in print. I’ve just been too busy working for a living. How does a 67-year-old hack with three minor children recover from going blind, losing his home and business in a horrible fire (like 2,000 others, we are still fighting with insurance companies), while appeasing an angry crowd of Kickstarter supporters armed with pitchforks and shovels? In my case, I went looking for venture money to recapitalize MineServer and I simultaneously started a satellite launch company to fund my eventual retirement.

I am not making this up.

MineServer found a VC in Beverly Hills, not Menlo Park. He’s that rare VC who wants to be a partner in the business. But this VC is also no fool, so he wants a co-investor to share the risk. I haven’t yet found that co-investor. Plenty of my old friends from the game sector have been willing to offer advice to MineServer, but nobody wants to write a check. So unless YOU want to step up, that means I will have to earn the matching money on my own, which is what I have been trying to do with my other startup, Eldorado Space.

Eldorado will later this year begin launching into low earth orbit CubeSats up to 12 kilograms in weight. Doing a space startup may seem like the stupidest, highest-risk way to go about restarting a career, but I thought it would be fun and it has been. Fortunately, we found a visionary billionaire to be our seed investor. We will shortly close our Series A round with most of that money already committed.

Space tech is exciting but it is also a Wild West, filled with crazy ideas and bullshit. We chose to stand out from the crowd by actually meeting our deadlines and inventing NOTHING.

Every space startup begins with an invention, you see, and inventions are risky. Space launch startups typically begin by inventing yet another liquid-fuel propulsion system, probably because the dilithium crystals were all taken. We already have plenty of liquid rocket engines, thank you. Inventing yet another liquid-fueled rocket in 2021 is an exercise in vanity.

So for Eldorado, we (which means my co-founder Tomas Svitek — a real rocket scientist who used to report directly to Jeff Bezos at Blue Origin — seven engineers and me) pledged to invent nothing and to avoid liquid fuels if possible. We took 50-year-old ammonium perchlorate composite propellant (the same solid fuel used in the Space Shuttle’s strap-on boosters) and improved it using modern materials, processes, and some common sense. NO 3D printing! The result is a cheaper rocket that can sit on the shelf for years then be launched as-needed within hours.

For example, the national security market is lately interested in rapid response launches, which to them means putting little satellites into precision orbits on 24-hour notice. That’s not so difficult, but few companies can then launch a second rocket 24 hours after the first. In contrast, we’ve offered to launch on FOUR hours notice and then launch again every TWO hours after that until they tell us to stop. So if Bond villain Ernst Blofeld, for example, figured out a way to take down the GPS system, we could replace the whole constellation in less than a day, then do it all over again as often as needed. That would probably deter Dr. Evil from even trying his trick in the first place.

Key to this is a combination of solid rockets and air-launching. All we need is a runway, no launchpad.

But there are right ways and wrong ways to do air launching. Richard Branson’s Virgin Orbit drops its rocket horizontally from a Boeing 747 flying at 35,000 feet going Mach 0.7. We “toss” our rocket while flying in a 45-degree climb at 78,000 feet going Mach 2.2, which is much more exciting. You can see the curvature of the Earth.

Launching higher, faster, and at the proper angle lets us use a smaller cheaper rocket on a smaller cheaper aircraft for a lower launch price. Virgin charges $12 million per launch while we charge $1 million for up to 12U into any orbit.

The smallest rocket so far to put a satellite into orbit from a ground launch was the JAXA SS-520-5 that launched a 3 kg CubeSat for the Japanese government in 2018. That SS-520 used the same solid fuel as our Veloce 17 rocket which makes comparing the two very easy. Our rocket is shorter (4.15 meters compared to 9.65 meters), lighter (1050 kg compared to 2600 kg), and yet our payload is four times as large (12 kg compared to three kg). Our rocket is eight times more efficient than the SS-520 and the ONLY difference is air launching. With continued solid fuel development we confidently expect our 1050 kg rocket to eventually put 40 kg in orbit — 27 times more efficient than the $4.4 million SS-520-5.

As payloads get heavier, Reynolds numbers increase and there comes a point when ground-launching becomes superior, but for CubeSats (that’s all we do) air-launching is always better.

Yes, but…

There is always a but, isn’t there? In this case, the but usually comes down to “But how do you protect your business if you aren’t inventing anything? Where is your intellectual property? Where is your defensive moat?”

There’s actually plenty of clever IP inside Eldorado, but what mainly keeps another startup from just copying our work is the required fleet of Mach 2.2+ launch aircraft. We bought all of them, you see… all of them on the planet.

Digital Branding
Web Design Marketing


Link [Scripting News]

A third version of For No One, this time in the studio.


Raphaël Hertzog: Freexian’s report about Debian Long Term Support, December 2019 [Planet Debian]

A Debian LTS logo Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In December, 208.00 work hours have been dispatched among 14 paid contributors. Their reports are available:

Evolution of the situation

Though December was as quiet as to be expected due to the holiday season, the usual amount of security updates were still released by our contributors.
We currently have 59 LTS sponsors each month sponsoring 219h. Still, as always we are welcoming new LTS sponsors!

The security tracker currently lists 34 packages with a known CVE and the dla-needed.txt file has 33 packages needing an update.

Thanks to our sponsors

New sponsors are in bold.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.


Link [Scripting News]

A Trump unencumbered by the Constitution could make this happen very quickly imho.


Establishment has failed them [Richard Stallman's Political Notes]

Sanders tells New York Times editorial board: *Trump's Racist Demagoguery Only Works Because Too Many Americans Feel Establishment Has 'Failed Them',*

History found again [Richard Stallman's Political Notes]

A stolen Afghan statue from the 2th century AD has been found. It will be returned to the museum in Kabul to await destruction by the Taliban.

War growth [Richard Stallman's Political Notes]

The US Space Force represents an eager plan to extend war into more theaters rather than try to limit space arms.

Misogyny [Richard Stallman's Political Notes]

(satire) *"This new evidence proves beyond a doubt that Bernie Sanders strongly wants to lead a nation that has repeatedly enabled, supported, and encouraged misogyny …"

(satire) *Stephen Miller Hurt At Being Passed Over For Job Stalking Female Ambassador.*

Thug murder charges backed by grand jury [Richard Stallman's Political Notes]

*Grand Jury Backs Murder Charges Against Houston [thug] Who Lied to Justify a Deadly Drug Raid.*

Other thugs may be charged too.

Inappropriate censorship [Richard Stallman's Political Notes]

*The Missouri Library Association says it is monitoring a bill put forward in the state House by a Republican lawmaker, which, if passed, could create committees across the state with the power to jail librarians for distributing material the panels deem "inappropriate."*

This is an example of the general conclusion that "inappropriate" describes a judgment call, so we must not use that as grounds to punish or restrict anyone.

New NAFTA [Richard Stallman's Political Notes]

Public Citizen: The New NAFTA isn't very good, but it is a lot less bad than the old one.

In my view, in order for a trade treaty to avoid being a business-supremacy treaty, it would need to avoid helping companies become larger and develop more political power.

Denying kids their potential [Richard Stallman's Political Notes]

*Montessori education could reduce the advantage gap between rich and poor, but it's only available to the rich.*

Society should make sure every child gets the education and other requisites to realize per potential. Denying this to anyone is not only unfair, it's a waste.

Equal Rights Amendment [Richard Stallman's Political Notes]

Virginia's new Democratic legislature voted to ratify the Equal Rights Amendment, but it is not effective because the deadline passed in 1982. The process will have to start over again in Congress, and that will require taking control of the Senate.

Ecological disconnect [Richard Stallman's Political Notes]

Leatherback turtles, pikas, monarch butterflies, puffins, polar bears: each of those species is falling victim to an ecological disconnect that puts its survival at risk.

Exposure to sugar [Richard Stallman's Political Notes]

Exposure to sugar caused changes in pigs' brains similar to those caused by opioids.

It would be harmful to ban sugar — just as it is harmful to ban other recreational drugs — but it could be helpful to change social systems to reduce the social pressure to use them.

Long term fire fighting [Richard Stallman's Political Notes]

Australian planners recommend buying the land from people whose isolated houses in the forest were burned.

This will surely reduce property damage and deaths from future fires. It may also make containing those fires a little easier, as fire-fighting will not be complicated by the wish to save houses where there are no houses.

However, over the decades as the fires get ever worse, that won't make a noticeable difference. Short-term improvements are good, but we must not let them steal the show from what we need for the long term: to curb global heating.


Link [Scripting News]

I am watching the trial, hoping for a moment like this.

Link [Scripting News]

I keep hearing that the outcome of The Trial of Trump is either acquit or remove, but there's a third possibility that we should prepare for. He might not be removed but is not acquitted either. Say the vote is 55 to convict vs 45 to acquit. He remains president, but a majority of the Senate voted to remove him. That's not a win. It shakes his tree. "Keep fucking with us and maybe lose some more support in the Senate and maybe next time we have enough votes to put you out." Before you say that's not going to happen, it might. The Repubs are at least as savvy as we are (heh, we're babes in the woods compared to McConnell), and know that some of their senators come from purple states like Maine, Colorado and Arizona. And there may be other senators who may want to vote to convict because they're more independent, like Romney, Murkowski and Alexander, for example. The Repubs have room to help some of those senators without giving up ten more months of stacking the courts with unqualified Republicans. They might want to send a signal to El Presidenté that the US isn't quite his banana republic yet. It's not an impossible outcome. It's all negotiable in politics.

Dale Bumpers' speech [Scripting News]

Have you ever seen the closing argument in the Clinton impeachment by former Senator Dale Bumpers? If not it's a treat, you deserve it, it gives an idea of how trials bring out amazing things in people.

Having served jury duty twice, once through deliberations to a verdict, I was really impressed at how deep random people from all walks of life can go, given an opportunity to get immersed in understanding other humans. I sense a bit of that starting to happen here. It's not imho in any way a foregone conclusion what will come out of this.

It's also interesting, listening to the Bumpers speech, I hadn't listened to it in a a long time, how much this impeachment must hurt for Hillary Clinton. No one gave a shit about her in the Clinton impeachment, yet Bumpers does touch on it. And now she's a subject of controversy again because she dared to say what she actually thinks about Bernie Sanders.

A longtime friend Dan Conover isn't watching the impeachment, arguing basically there's no new information, but I think he's making a mistake. You could say the same about going to see a historic play like Hamilton. You know the outcome, so why pay the huge price in money and time to go see it. Because something other than information is transmitted.


Unauthorized Charcoal: GE fridges won't dispense ice or water unless your filter authenticates as an official ($55!) component [Cory Doctorow – Boing Boing]

@ShaneMorris: "My fridge has an RFID chip in the water filter, which means the generic water filter I ordered for $19 doesn't work. My fridge will literally not dispense ice, or water. I have to pay @generalelectric $55 for a water filter from them."

Sound familiar?

(Image: GE, Cryteria, CC-BY, modified)


Link [Scripting News]

I just did a transition on Complete rewrite of the server from top to bottom. I want to do a bunch of development work here, so I had to have a clean foundation. The previous version was last updated in 2016, so it was using the old technology. If you published an outline in the last few days, I might have lost the link to it. It shouldn't have happened but it did. And thanks again to Doc Searls for helping be the other side of users and developers party together. It's the formula that works.


Today in GPF History for Thursday, January 23, 2020 [General Protection Fault: The Comic Strip]

Nick, Ki, Fooker, and Dwayne watch helplessly as the GPF building is engulfed in flames...


Uncovering two lost comedy albums from cult comic Dick Davy, who once championed civil rights and antiracism [Cory Doctorow – Boing Boing]

Jason Klamm from the Comedy on Vinyl podcast (previously) writes, "In late 2018, I uncovered the true identity of comic Dick Davy. Since starting his archive, I've come across some real gems, but in August, one find took the cake. His niece, Sharon, mailed me two records that had been sitting in a box, and it turns out these are unreleased acetates of material no one has heard in almost sixty years. I had Firesign Theatre archivist Taylor Jessen transfer and do a quick clean-up of them. This episode discusses their contents and what their future might be." (MP3)


Mystery as PortalRoms Disappears Leaving 4 Million Gaming Visitors in the Dark [TorrentFreak]

In Internet ‘piracy’ years, is pretty old domain, having first appeared as a very basic ROM download site way back in 2004, possibly even earlier.

Over the years it has undergone various transformations and possibly ownership changes too. Its now-dormant Twitter account was created back in 2010 but behind the scenes and after fairly slow initial growth, the last decade saw the site grow negligible traffic to become a decent-sized ROM, retro, and emulator player.

Up until just a few days ago, users of PortalRoms – who between them have been generating around four million visits per month – were able to download ROMs covering everything from arcade games to Dreamcast to Nintendo Switch. Rather than store this content on restrictive file-hosting platforms, PortalRoms created torrents instead, a rare move for a site of this type.

Right from the very beginning, PortalRoms operated from However, for reasons that are not clear, last September or October the site made a surprise switch to the Swiss-based domain. As data from SimilarWeb shows, most traffic managed to transfer to the new domain, with little to no disruption.

The same cannot be said of the past few days. With no public announcements to indicate the cause, PortalRoms went dark, leaving millions of users (especially in South America where the site was very popular) without their favorite download portal to fall back on.

When trying to determine the cause of the downtime, the site’s domain entries aren’t particularly useful.

TorrentFreak contacted the registrar in control of the .ch domain but the company advised us that the domain is actually controlled by one of their resellers – 1337 Services LLC. This is the business name of Njalla, the domain company connected to Pirate Bay co-founder Peter Sunde, a company that strives to give up no useful information on any domain.

It remains possible that PortalRoms is experiencing yet another bout of domain problems but whether they are copyright-related is open to question. Indeed, one of the curious things about and is that considering its extensive library and visitor count, anti-piracy groups working for gaming companies like Nintendo or Sony seem to be pretty disinterested.

Google’s Transparency Report reveals that received only 55 complaints targeting 115 URLs when it was in operation. Companies like EA, Rockstar, THQ and Activision got involved but never on any scale. For comparison, the relatively new domain received only four complaints but those contained just over 1,000 URLs. All but a handful were filed by the Entertainment Software Association.

While it remains to be seen whether PortalRoms will ever return, it’s worth noting that its chosen method of content distribution (torrents, in this case) means that people will still be sharing the ROM and emulator files during the downtime. Indeed, a basic search for ‘portalroms’ on various meta-search engines reveals many active torrents with the phrase “visit for more games _.url” in their file lists.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Link [Scripting News]

BTW, to Wikipedia's mistaken claim that a columnist gave podcasting its name, look at this Google Trends graph. See where the graph starts to climb? That's Sept 2004, when we gave what we were doing the name podcasting.

Link [Scripting News]

Opening presentation at Trump's trial by Adam Schiff.

Link [Scripting News]

I hear that some Republican senators actually listened to the evidence against the president yesterday.

16:28 Berlin Lispers Meetup, Monday, 27th January 2020 [Planet Lisp]

We meet again on Monday 8pm, 27th January. Our host this time is James Anderson (

Berlin Lispers is about all flavors of Lisp including Common Lisp, Emacs Lisp and MacLisp.

Jörg Preisendörfer will talk about the Ion serialization format and Common Lisp. Ion is represented by either a human-readable text form or a compact binary form. The text form is a superset of JSON. [1]

We will also talk about the upcoming Lisp-related conferences in 2020.


We meet in the Taut-Haus at Engeldamm 70 in Berlin-Mitte, the bell is "James Anderson". It is located in 10min walking distance from U Moritzplatz or U Kottbusser Tor or Ostbahnhof. In case of questions call Christian +49 1578 70 51 61 4.


Microsoft employs a giant plush Clippy whose performer has a large Clippy tattoo [Cory Doctorow – Boing Boing]

@radmint tweeted a photo from her Microsoft New Employee orientation in which she is posed with a "celebrity Clippy"; the eagle-eyed Kristen Seversky noted that the forearm of the actor in the Clippy suit is adorned with a seemingly permanent, very prominent Clippy tattoo.

From the Wikipedia entry for "Office Assistant", AKA Clippy: "The default assistant Clippit has been heavily mocked in popular culture, being parodied, appearing in memes, and even being made fun of by Microsoft themselves from 2001 onwards."

(via Super Punch)

German proposal to control links to news stories: headlines, 3s of video, 128 pixel thumbnails [Cory Doctorow – Boing Boing]

One of the two very controversial proposals in last year's EU Copyright Directive fight was the "link tax," which would require licenses for links to news-sites that contained even a few consecutive words from the article or headline -- links and excerpts that would otherwise be considered fair dealing under EU law.

The rule squeaked into law last March by five votes (and later, ten MEPs said they'd been confused and had pressed the wrong buttons). Now, the EU member-states have to turn the rule into domestic law, and thus far, it's a shitshow.

The latest installment comes from Germany, which was also where the proposal for a ban on linking without permission originated, courtesy of Germany's aristocratic newspaper families, who wield enormous political influence.

The proposed German implementation would limit links to news sites to quoting the headline alone, accompanied by a maximum of 3 seconds of video and/or a 128px x 128px thumbnail. This would apply to memes, mashups, and summaries of the article in directories such as Google News or websites like this one.

This is likely to be enforced by mandatory upload filters, which are required under Article 17 of the Directive, and the German rules are likely to end up being EU-wide, given the complexity of setting up country-by-country filter rules.

You can send comments on this proposal to (the deadline is Jan 31).

The proposal states that the new ancillary copyright does not apply to hyperlinks, or to "private or non-commercial use" of press publishers' materials by a single user. However, as we know from the tortured history of the Creative Commons "non-commercial" license, it is by no means clear what "non-commercial" means in practice. Press publishers are quite likely to insist that posting memes on YouTube, Facebook or Twitter -- all undoubtedly commercial in nature -- is not allowed in general under the EU Copyright Directive. We won't know until top EU courts rule on the details, which will take years. In the meantime, online services will doubtless prefer to err on the side of caution, keen to avoid the risk of heavy fines. It is likely they will configure their automated filters to block any use of press publishers' material that goes beyond the extremely restrictive limits listed above. Moreover, this will probably apply across the EU, not just in Germany, since setting up country-by-country upload filters is more expensive. Far easier to roll out the most restrictive rules across the whole region.

Germany Wants To Limit Memes And Mashups Derived From Press Publishers' Material To 128-by-128 Pixels In Resolution, And Three Seconds In Length [Glyn Moody/Techdirt]



Link [Scripting News]

Hacker News thread on re-thinking RSS. Here's my comment.


Off to Chicago; Here’s a Cat [Whatever]

I’ll be in Chicago over the next few days to hang out with friends and do a little business so updates here may be sporadic. Please accept this cat as compensation for my likely mostly absence through Monday. It’s a fair trade.


Five new stable kernels []

Greg Kroah-Hartman has announced the release of the 4.4.211, 4.9.211, 4.14.167, 4.19.98, and 5.4.14 stable kernels. As usual, these contain important fixes throughout the kernel tree; users should upgrade.


The only one who has heard all of it [Seth's Blog]

…is you.

Jerry Garcia performed thousands of times, and he was the only one who heard every performance.

The same is true for the work you’ve created, the writing you’ve done, the noise in your head–you’re the only person who has heard every bit of it.

Tell us what we need to know. Not because you need to hear yourself repeat it, but because you believe we need to hear it.

Take your time and lay it out for us, without worrying about whether or not we’ve heard you say it before. We probably haven’t.


CREATORS: I hope you’ll check out the newest Akimbo workshop. I’ve been working on it for nearly a year. It’s built for people with a craft–for artists, writers, musicians and anyone who has something that they’d like to more effectively share with the world. It’s a modern writer’s workshop, for more than writers, and it happens worldwide.

Sign up for more info–we launch in two weeks.


Windows Runtime delegates and object lifetime in C++/CX, redux [The Old New Thing]

One thing to watch out for when using delegates in C++/CX is that invoking a delegate can raise Platform::Disconnected­Exception. If the delegate is inside a C++/CX event, then the runtime will do the work of catching the Platform::Disconnected­Exception exception, but if you are invoking the delegate manually, then it falls to you to deal with the possibility that the delegate’s object no longer exists.

public delegate void MenuItemInvoked();
ref class CustomMenuItem
  CustomMenuItem(MenuItemInvoked^ handler) :
    m_handler(handler) { }

  MenuItemInvoked^ m_handler;

  void NotifyClientThatItemWasInvoked()
     if (m_handler) m_handler();

When the item is invoked, we invoke the handler, but it’s possible that the object that was supposed to handle the event has already been destroyed. In that case, the runtime will fail to resolve the weak reference to a strong reference, and it will raise the Platform::Disconnected­Exception. The above code doesn’t handle that exception, so it will crash.

What you should do is catch the Platform::Disconnected­Exception and use that as a signal that the handler is no longer any good and shouldn’t be invoked any more.

  void NotifyClientThatItemWasInvoked()
       if (m_handler) m_handler();
     catch (Platform::DisconnectedException^)
       // Handler is no good.
       // Don't bother invoking it any more.
       m_handler = nullptr;

The post Windows Runtime delegates and object lifetime in C++/CX, redux appeared first on The Old New Thing.


Security updates for Thursday []

Security updates have been issued by openSUSE (chromium, libredwg, and thunderbird), Oracle (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, and python-reportlab), Red Hat (kernel), Scientific Linux (apache-commons-beanutils, libarchive, and openslp), SUSE (java-11-openjdk), and Ubuntu (e2fsprogs, graphicsmagick, python-apt, and zlib).

A sober look at kratom, a psychoactive plant that has many claimed benefits, and has also inspired a moral panic [Cory Doctorow – Boing Boing]

Kratom (previously) is a plant that grows wild in Malaysia, Thailand, Indonesia, Myanmar, and Papua New Guinea, and is a relative of the coffee plant. For centuries, people have chewed or drunk teas brewed from its leaves for a mildly euphoric effect, and recently, the plant has come to the US, prompting many stories of incredible benefits in fighting opioid addiction and treating chronic pain, as well as some non-credible claims about curing cancer or producing morphine-like highs, as well as a moral panic that has led the FDA to (unsuccessfully) class it as a Schedule A narcotic, with no medical benefits.

The research on kratom is disappointingly thin, so it's hard to say empirically what's going on with people who ingest it. The plant is legal in most of the USA, and can be readily obtained at low costs over the internet, though many of the firms that sell the plant adulterate it with a range of substances, some of them dangerous in and of themselves. Kratom has been implicated in a smattering of overdose deaths, but it's not clear what the causal relationship is in these (as a remedy for addiction, it's possible that opioid overdosers had ingested kratom in a bid to help wean themselves off of their addictions).

As Emma Grey Ellis notes in her excellent Wired story, kratom is remarkable because it is a drug that sparked a moral panic that fizzled out. Unlike other drug-related panics that saw the possible therapeutic uses of drugs ignored in rush to prohibit them, the effort to ban kratom at the FDA died in the face of evidence about possible benefits from the substance, proffered by people who pointed out the lack of evidence for the supposed dangers of kratom use (this is reminiscent of the attempt by California authorities to ban salvia divinorum, a powerful psychedelic that was ably defended by the MAPS project, whose scientists made a compelling case for salvia's therapeutic uses, including helping people safely stop taking opioids).

Kratom's detractors are one problem, but its boosters are another. Hucksters sell kratom with a variety of unsubstantiated and dangerous claims, notably that it can cure cancer. Between this and the adulterants they add to their supply, taking kratom can be a crapshoot in which users have to take it on faith that they're getting a product that's safe and in a known dose.

Ellis hangs her Wired story off the personal journey of Faith Day, a recovered addict who credits kratom with helping her kick her habit. Day, having observed that Portland, OR, leads the nation in searches for "kratom," moved there and opened a boutique kratom dispensary, and began to advocate for regulation of kratom to make it a safe and reliable product. This has attracted much harassment and even death-threats from some kratom sellers and users.

So the DEA and FDA’s worries aren’t unwarranted. “They are rightly concerned about any substance that they have very little control over that patients and consumers are using to self-treat medical conditions,” the University of Florida's Grundmann says. “When you talk about withdrawal, depression, anxiety—that usually belongs in the hands of a medical professional.” Few seem to think that calls for a ban, though. “If we completely cut off any legal way for those consumers to get kratom, then we don’t have any oversight left.”

Instead, it might be more helpful to consider what kratom’s widespread use says about where our culture around drugs and medicine is now. “Many kratom users I’ve talked to don’t feel comfortable interacting with doctors, which is to their detriment,” the University of Rochester's Swogger says. “But we can’t pretend like the medicines we’re providing are getting to everyone. They’re not.” While not everyone who takes a kratom supplement has a story as dramatic as Day’s—from homeless substance abuser to business owner and mother—it’s clearly filling a need for millions of people. The need to regulate, but not ban, kratom use is already being acknowledged on the state level: The Kratom Consumer Protection Act has been passed in Arizona, Georgia, and Utah, and is pending in Oregon.

“If it was as dangerous as the media says, I don’t think that would be happening. Nobody’s passing a heroin consumer protection bill,” Day adds. “It’s just weird.” You probably know how Portland feels about weird. The place plans on keeping it.

Release the Kratom: Inside America's Hottest New Drug Culture [Emma Grey Ellis/Wired]

(Image: Clean Kratom Portland)


You can read the forensics report that suggests Prince Mohammad Bin Salman Al Saud hacked Jeff Bezos's phone [Cory Doctorow – Boing Boing]

Motherboard has obtained and published a copy of the forensics report that suggests that Jeff Bezos's phone was hacked by Prince Mohammad Bin Salman Al Saud, possibly in a scheme to obtain kompromat that could be used as leverage to prevent the Washington Post of reporting on the death of Jamal Khashoggi, who was murdered and mutilated by agents of the prince.

The report explains how the attribution was made, and describes the mechanism by which Bezos's phone was likely compromised, and references the NSO Group's notorious Whatsapp malware, which bears similarities to the tool seemingly used to attack Bezos's phone.

Motherboard consulted Sarah Edwards from the SANS Institute to assess the forensics work and she was lukewarm, calling the report "significantly incomplete," explaining that because the experts hadn't jailbroken Bezos's phone, they weren't able to access its full filesystem.

The forensic investigators encountered at least two obstacles in conducting their exam of Bezos's phone. The first related to the encrypted downloader. Farrante’s team first examined the attachment alone before deciding they needed to do a full forensic imaging and analysis of the phone’s contents and traffic. They used a tool from Cellebrite (Cellebrite UFED 4PC Ultimate and Physical Analyzer) to grab forensic images from the phone and set up a secure makeshift lab to do the forensics over two days.

They did not find any malicious code embedded in the video file, but discovered that the video was delivered via an encrypted downloader hosted on WhatsApp’s media server.

“Due to end-to-end encryption employed by WhatsApp, it is impossible to decrypt the contents of the downloader to determine if it contained any malicious code in addition to the delivered video,” the investigators found.

Here Is the Technical Report Suggesting Saudi Arabia’s Prince Hacked Jeff Bezos’ Phone [David Gilbert/Motherboard]

White nationalists planned to murder cops and pro-gun protesters in Virginia [Cory Doctorow – Boing Boing]

From the bail hearings of three men arrested on gun charges, whom police claim were members of the white nationalist group The Base: the men planned on using the gun rally in Virginia to start a civil war by gunning down their fellow pro-gun demonstrators, and they discussed murdering police officers in order to obtain arms and tactical equipment.

The three men -- Brian Lemley, Jr., William Garfield Bilbrough IV and Patrik Jordan Mathews (a Canadian who apparently crossed illegally into the USA) -- were arrested four days before the rally. At their bail hearing, prosecutors entered evidence from a "sneak-and-peek" raid on the Delaware house that Lemley and Mathews share, including recordings made by hidden cameras and mics planted by officers during the raid.

The evidence included the parts to make a fully automatic assault rife as well as 15,000 rounds of ammo; literature from the Base; and Mathews' videos which "espouse violent, anti-Semitic, and racist language." It also included a video Mathews made in which he exhorts the viewer to commit acts of mass murder, including derailing trains and poisoning the water supply, concluding that "If you want the white race to survive, you're going to have to do your fucking part." In the video, Mathews wears a gas-mask that hides his features and distorts his voice.

The hidden camera recordings captured Mathews and Lemley fantasizing about murdering people, with Lemley telling Mathews that "I literally need, I need to claim my first victim." Lemley mooted ambushing and murdering police officers in order to steal their weapons and tactical gear, using language reminiscent of someone narrating a playthrough of Grand Theft Auto ("If there's like a PoPo cruiser parked on the street and he doesn't have backup, I can execute him at a whim and just take his stuff ... He literally has zero chance of not being ganked").

They were also recorded planning acts of violence calculated to create the conditions for civil war, including opening fire on the heavily armed attendees at the rally, which Mathews asserted "kick off the economic collapse of the US within a week." The men discussed "literally hunting people" in the crowd.

William Bilbrough was recorded comparing the Base to al Qaeda, and boasting that the Base was more militant and dangerous than ISIS.

"Here's the thing to, you want to create f***ing some instability, while the Virginia situation is happening, make other things happen, derail some rail lines, f***ing like shut down the highways, oh road block, great lets [sic] shut down the rest of the roads, you know, you can kick off the economic collapse of the U.S. within a week," Mathews allegedly told Lemley on December 21.

"I need to claim my first victim": Alleged white supremacists hoped Virginia rally would spark civil war, documents allege [Victoria Albert and Clare Hymes/CBS]

That Pro-Gun Rally in Virginia Wasn’t Exactly “Peaceful” [Talia Lavin/GQ]

(via Naked Capitalism)


Four short links: 23 January 2020 [Radar]

  1. The Business Case for Formal Methodsa short explanation, a list of benefits and case studies, and a demo. Everything’s in TLA+, but the arguments apply equally well to Alloy, B, statecharts, etc. (Via Lobsters)
  2. Backend LoreFrom late 2012 to the present I have been writing backends (server-side code) for web applications. This document summarizes many aspects of how I write these pieces of code.
  3. float-toy — play with the binary representation of IEEE floats.
  4. matterbridge[chat] bridge between mattermost, IRC, gitter, xmpp, slack, discord, telegram,, steam, twitch, ssh-chat, zulip, whatsapp, keybase, matrix, and more with REST API (mattermost not required!)

The Girlfriend’s Guide to Gods [Original Fiction –]

Gods won’t save you. Gods will break you. Nevertheless, you will persist, and become anew.


This is the first myth: that your boyfriend from when you were fifteen will come and get you out of hell. He might come, but he won’t get you. You will never have an interesting conversation with him, though his haircut will suggest that he should be interesting. He’ll buy you a book of poetry called Love is a Dog from Hell, and this will convince you temporarily that he understands your transgressive nature. Later, you’ll parse that title. You’ll wait for him to become what he is destined to become, which means you’ll sit around for a year on couches in basements, watching his band get stoned. He will know two chords, then three. He will know nothing about laundry, nor birth control. All his songs will be about the girl before you, who’ll wear leather pants and also turn out to be his babysitter.

He will learn how to drive, and you’ll find yourself sitting in the backseat while his best friend rides shotgun. He will ferry you to a field to watch the Fourth of July. You’ll be on your back on a blanket. There will be a rattlesnake. It will smile at you, and you’ll think, Shit. I’m a goner.

You’ll be gone awhile.

You will eventually find yourself standing on a long dark staircase, dress wet, underwear in your purse, your boyfriend walking in front of you. He will step out into the sun, breaking the rules as he does, turning around to turn you into salt. You will protest that you’re not Lot’s wife, but Orpheus’s girlfriend, that your name, in case he’s forgotten it, is Eurydice.

“Everything’s always drama with you,” your boyfriend will say.

You will be the cold French fry left in the basket as everyone else in your group leaves to find someone to buy them beer.

Here’s the reality, girl, girlfriend, goddess, goddamn goner: You’re gonna have to get out of hell all by yourself.

This is the second myth: that your boyfriend from freshman year of college will teach you how to fly. The only way to learn to fly anything, you’ll know by now, is by getting on it. Magic carpet. Pegasus. Dragon of darkness. It’s all the same old shit.

You’re still trying to get out of hell, and it’s a long climb. You’ll think flight may be the answer, but you don’t learn to skateboard by watching boys on the half-pipe, and you don’t learn to fly by watching boys jump off cliffs, shirtless, skinny, while you hold the car keys.

You’ll ignore what you know, and get it on with Icarus in an extra-long single dorm bed. When he rolls off, there will not be any room for you on the mattress, so you’ll sleep on the floor. He’ll be super sweet though. When you wake up, he’ll give you half a protein bar and take you to the free screening of Satyricon.

You’ll meet his father. He’ll have a lot of money. You’ll sit at dinner saying nothing while they talk about pilot’s licenses and charter planes. None of the boys you date will ever have mothers, but they will all have mother issues.

“He takes after me,” your boyfriend’s father will say. “I used to date girls like you.”

Then, to his son, “I get it, man, I feel you.”

You will find yourself standing on a rocky beach, while Icarus and his dad are up in the sky, barely visible. You’ll aim the camera at them, taking footage for the documentary your boyfriend will have already managed, through paternal connections, to get accepted into Sundance.

Icarus will be dead by the time the film screens.

You’ll flunk out of college due to spending a season in the dark, cutting the footage into a documentary that will win an Oscar. You’ll edit Icarus into a generous genius. The moments involving hot wax and feathers? The one where he gave you chlamydia, for sure, despite denying it? You will delete those moments from the footage, as well as the moment when your boyfriend on purpose collided with the sun.

At the funeral, his father will embrace you, grab your ass, and lift you off the ground. This is not the same as flying.

Your name will appear in the credits under Special Thanks.


This is the third myth: that the man you marry in your twenties will let you rule alongside him. You’ll walk up the long staircase out of hell in a white dress, and then you’ll walk down an aisle. You’ll get a ring forged at Tiffany. When you fuck him, it’ll be thunder and lightning.

You’ll think that marrying Zeus will fix your problems, but shocker, spoiler alert, hello woe, it won’t.

He’ll be newly divorced from a wife who has a long history of turning his girlfriends into cows. You’ll live in fear of horns, but she won’t turn you into anything. This will be your punishment. You’ll remain uncomfortably human.

You’ll vow fidelity, and you’ll sit on top of your mountain, looking down at the green, cloud-dappled world. You will be missing some information.

Your husband will have an office with a door that locks. He’ll sit in there, talking to oracles on Facetime all day long, but the door will be soundproofed, so you’ll only hear mumbles.

When you mention that maybe you’d like to go down the mountain and grab a drink with a friend, he will bring you a bottle of wine, and tell you it’s made of grapes from the vine of life, and then he will say “nbd,” in the way that someone a few thousand years old would try to use the language of the kids.

When you mention you might like to go out for dinner, he’ll take you to a molecular gastronomy restaurant where there’s a dish called Haruspicy. It will be gold-leafed guts inside of balloons spun of bird’s eye chilies. Your husband will explain the pun to you. You will, by this point, have a classics degree, which, hey, is an attempt at getting yourself stealth to therapy. There will be a specialist sommelier who’ll come out and read your fate before you take the first bite.

This will not go well.

Zeus will ignore the fact that you’re a vegetarian. “You just haven’t had the right meat,” he’ll say, and offer you a slice of something that is part goat, part fish. “That’s pescatarian,” he’ll say, pointing at the tail.

He will have a closet in which hundreds of sex toys are alphabetized, mounted on pegboard and outlined in black Sharpie, as though they are tools in a home carpentry workshop. You will, the day you open it, see a silhouette of a Zeus-sized swan suit, complete with beak, but the suit itself will be missing.

Your husband will travel without you. He’ll take flights that leave when it’s still dark out. You’ll take his kids to school. There will be an unlikely number of babies, showing up at the door, in baskets, in shoeboxes, in giant eggs. When you ask your husband where they came from, he’ll shrug, and say “Women, lol.”

“No one says that anymore,” you’ll tell him.

Zeus will still have an AOL account.

You’ll drive all the kids around in a minivan with a trailer attached. You’ll bring a salad of canned mandarin oranges, shredded coconut, and marshmallows to potlucks and call it ambrosia.

You’ll run into his ex-wife on the stairs from soccer to Olympus and beg her to make you into something, anything, better than this. A bird. A star. A tree, even, just a basic little tree?

“Who are you again?” Hera will ask. “Oh, right. The nympho.”

“Nymph,” you’ll say, but she’ll already be two flights above you, her gown billowing, her pedicure perfect.

A few years in, your husband will have an affair with someone younger than you. She’ll be made of sunlight, and all the sex toys in his closet will start to glow so brightly under the door you will not be able to avoid knowing all about it.

You will step backward down the staircase. You’ll taste salt.


This is the fourth myth, unwritten in the larger canon, but it goes like this: You will be the woman who finally walks back into the place everyone else calls hell, and you’ll stay there.

You will wander the darkness until you know every inch of it. You will be unexpectedly good at winter. You will not be lonely alone.

You’ll bed down in an abandoned underworld, gutting fish from Styx and cooking them over the fire you make of the books bad boyfriends bought you. You’ll blaze the Bukowski, and fling the Fellini into Phlegethon. You’ll melt down your old wedding ring, and forge it into a claw.

You will not just be gone, but goner. Everyone you ever knew will wonder what the hell became of you, and you will not feel like being in touch.

You’ll write your own books. You’ll make your own films. You’ll paint your own portrait. You’ll be the leader of your own band.

You’ll fall in love again. You’ll fall out. You will not await anyone else’s version of salvation.

This myth will not be recorded, but it will be yours. You will not shrink until your body is invisible. You will not become a whisper, a breath, a beast. You will not be the tears that salt the earth.

You will not, in the end, be broken by this history of hell, these hurts, these old boyfriends and husbands and rapists and forget-me-nots.

You’ll forget those fuckers, those fucks, those fields other than Elysian.

You will be on your back on a picnic blanket in your own kingdom, with Echo between your thighs, and your phone will rattle, and a smiley face will appear on the screen. You’ll throw the thing into Lethe, get up, and walk.

This is the fifth myth, the one they name after you, and you alone, the one that gets written down in blood and scratched into cave walls, the one that women see when they look up at the sky and consider trying to live through this and make it to their futures.

You stand at the mouth of your own cave, looking out over your own kingdom. You step off the cliff when you feel like it, and you spread your wings and soar.

How many times can you be shattered in the toasting, a champagne flute lifted and listing? How many times will you survive, a woman made of her own history, and more than it? How many times can you put your heart back together?

As many times as you need to. You can make it through this.

That’s what you’ll whisper when they pray to you, asking for ways to leave their own disasters, asking for methods, begging for the lineage of the living.

You will be wounded, you’ll tell them, those who ask for clarity, those who want to know how to keep themselves out of hell, but your wounds will not kill what you were. You will be injured, but your injuries, even if they are fatal, will not erase you. You will make yourself again out of the ashes, and

you will be loved

you will love

you will be loved

you will love

you will be loved

you will love.

Now you’re the one who pours it out and fills it up, and now you’re the one who knows what love is worth, who knows what it costs.

They didn’t give you this knowledge. You gave it to yourself. You made your own heart, and you made your own mind. You are the divine result of crumpled receipts and pretzel salt, of expired condoms and forgotten phone numbers, of lipstick and longing, of hands opened and spread out, of dogs running and of trucks on the highway, of cheap champagne and of diner coffee, of address books thrown out the window, of paperbacks and of pregnancies, of crow’s feet and of silver streaks in the dark night of your hair.

You are made of rolling over to make love at four in the morning and you are made of walking barefoot through the kitchen, heating croissants for the one you’ve left sleeping. You are made of wild strawberries too small to see until you step on them, of roses smashed at the end of a bodega day, of funerals where you wore your wedding ring and of weddings where you knew that one day, one of you would die first. You are made of road trips and radios, of reading aloud, of hotel rooms in cities neither of you have been to before, of permission, of oysters on platters full of ice made of water from the beginning of the world, of cowboy boots and belt buckles, of blood on thighs, of words written in ink and spit and wine.

You are the one who receives the tributes, the love letters and the text messages from strangers who’ve fallen for their biggest dreams, the dick pics and the tits and the toasts at all the ceremonies.

You’re the one who watches over those who wish for companions, and the ones who are lonely, and the ones who are holding hands right now, fingers laced to those of their beloveds. You are made of deserts and of phone calls, of emojis shaped like things that look like love to no one but you and them.

You are the one who listens. You are the one who climbed up here, skirt torn and rumpled, legs covered in scars from thorns and barbed wire, skinned knees, toenails polished, and you are the one who’s on this mountain now, looking down at everyone living. You are still trying to learn how to give it up in the entirety, and you’re doing it with the rest of everyone, because hello heart, hello hope, this is how motherfucking goddesses of love get made. Out of smashed things and blasted things and things burnt and blistered, out of old bad knowledge and out of making your way through the holy impossible.

You’ll open your hands and from them will fall hotel keys and kissed papers, first dances and worn out high heels, flowers and honey and bees drunk on desire, snakes looking for throats, your boyfriend from when you were fifteen, and all the songs he played you when you were both so young you didn’t know how to get old.

They used to call you by another name, but now they’ll call you Aphrodite. The job of love goddess is a rotating one. You get it when you get there. You used to be the girl in the dark, but now there’s light. That’s how the story goes; that’s how morning happens.


“The Girlfriend’s Guide to Gods” copyright © 2020 by Maria Dahvana Headley
Art copyright © 2020 by Wesley Allsbrook


Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained [Schneier on Security]

This is new from Reuters:

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

In private talks with Apple soon after, representatives of the FBI's cyber crime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means for gaining evidence against iPhone-using suspects, the government sources said.

When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources. Reuters could not determine why exactly Apple dropped the plan.


Representative Line: A Short Year [The Daily WTF]

Are we sick of of year rollover bugs yet? Well, let’s just agree that people aren’t sick of making these kinds of bugs. A long time ago, someone at Oleksandr’s company needed to write a Python...


Popcorn Time Domain Suspension Was Triggered by Falsified Court Document (Updated) [TorrentFreak]

Earlier this week registrar 101domain suspended the domain name.

The grounds for the suspension initially remained unclear. However, after asking for clarification, 101domain explained to the site operator that it had received an injunction from a US court.

The injunction in question appeared to have been sent by the Motion Picture Association (MPA). It was signed by a federal judge at the US District Court for the District of Columbia and indeed targeted

Since the MPA had gone after various Popcorn Time forks in the past, this sounded somewhat plausible. However, the document clearly isn’t real.

At TorrentFreak, we received a copy of the same injunction two weeks ago. It was sent in by an anonymous tipster who urged us to report on it. While the story made some sense, on closer inspection we found that the injunction was obviously falsified.

For example, the court stamp and the signed date are from May 2019 while the document itself was filed in November 2019, according to the header. The case reference number also identifies a completely unrelated lawsuit and the paperwork shows several other signs of tampering.

Most telling, perhaps, is that the associated injunction is supposed to prevent “the immediate and irreparable harm will result to Microsoft.” Microsoft?

Some more digging showed that, while there is no such filing from the MPA, there is an almost identical order from last May in a case between Microsoft and several John Does who operated domains such as

This case has nothing to do with Popcorn Time. Someone simply took the document and changed several details, making it look as if it came from the MPA targeting

Use slider to compare the original (pdf) and fake (pdf)

Although this didn’t take much effort for us to uncover, the fabricated document was apparently sufficient to convince 101domain to suspend the domain. Popcorn Time shared a copy of the response it received from the registrar’s abuse team, which attached the falsified document.

We reached out to the registrar to verify this and also pointed out our suspicions but unfortunately, we didn’t hear back. Interestingly, a few hours later 101domain suddenly realized that the document was fabricated.

A Popcorn Time representative informs TorrentFreak that the domain suspension was lifted after 101domain confirmed with the US District Court that the injunction wasn’t legitimate.

While this is good news for Popcorn Time, it may never have happened if people had started asking questions sooner.

Perhaps surprisingly, 101domain was not the only registrar to fall for the falsified court document either. When Popcorn Time had its .sh domain suspended it switched to, a domain they registered through 1API.

It didn’t take long before that registrar received a similarly altered ‘injunction’ (pdf). The same Microsoft order was used as the basis again, but this time targeted the new domain

In an email, which the Popcorn Time representative shared with TorrentFreak, 1API explained that Popcorn Time had 48 hours to respond, adding that the domain name may eventually be put on hold.

1API also revealed the request from the original complainant, which was sent from a address, supposedly by a member of MPA’s legal team named ‘John Gibetstan’.

“Hello 1API, I am a representative of the MPA’s Legal Team. We have obtained an injunction to take control of a domain under your system. The domain in question would be You have 5 business days to take action on the injunction,” it reads.

Aside from the various flaws in the underlying document, this email doesn’t appear to be very professional. The MPA doesn’t use Protonmail addresses either, and there’s not even a John Gibetstan working there.

For now, the domain remains available but 1API’s 48-hour window hasn’t expired yet. We reached out to 1API requesting additional details and comment on the issue but, at the time of writing, we have yet to hear back.

All in all the whole episode shows that it’s surprisingly easy for malicious actors to fool some domain registrars, at least initially. Who the fake complainant is and why he or she wants Popcorn Time offline, remains a mystery.

Update: 1API informs us that it forwarded the notice as part of standard policy and that it wouldn’t take any further action without a legitimate (German naturalized) court order. In this case, no action will be taken.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Urgent: Defund bully's border wall [Richard Stallman's Political Notes]

US citizens: call on Congress to defund the bully's border wall.

If you sign, please spread the word!

Urgent: Preserve the right to encryption [Richard Stallman's Political Notes]

US citizens: call on lawmakers to preserve the right to encryption.

If you sign, please spread the word!


1368 [Looking For Group]

The post 1368 appeared first on Looking For Group.


Business to Business – DORK TOWER 21.01.20 [Dork Tower]


Dork Tower is 100% reader supported.  Join the Army of Dorkness today, and help bring more Dork Tower to the world! By becoming a Dork Tower Patreon backer, you get John’s everlasting gratitude (and also swag, commentary, bonus strips, and more swag), but, critically, you’ll help us reach our next goal – three comics a week!


Artoo Date You [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Who's the most desirable droid in the galaxy? I feel like you know the answer.


FeedRSSLast fetchedNext fetched after
XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
a bag of four grapes XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
A Smart Bear: Startups and Marketing for Geeks XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
Anarcho's blog XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
Ansible XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January
Bad Science XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
Black Doggerel XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
Blog – Official site of Stephen Fry XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
Broodhollow XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
Charlie Brooker | The Guardian XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
Charlie's Diary XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
Chasing the Sunset - Comics Only XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
Clay Shirky XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
Coding Horror XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January
Cory Doctorow – Boing Boing XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
Cory Doctorow's XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
Ctrl+Alt+Del Comic XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
Cyberunions XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
David Mitchell | The Guardian XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January
Debian GNU/Linux System Administration Resources XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
Deeplinks XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
Diesel Sweeties webcomic by rstevens XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January
Dilbert XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
Dork Tower XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
Edmund Finney's Quest to Find the Meaning of Life XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January
Eerie Cuties XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January
EFF Action Center XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January
Enspiral Tales - Medium XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January
Erin Dies Alone XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January
Events XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
Falkvinge on Liberty XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
Flipside XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
Free software jobs XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January
Full Frontal Nerdity by Aaron Williams XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
General Protection Fault: The Comic Strip XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
George Monbiot XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January
Girl Genius XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January
God Hates Astronauts XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
Graeme Smith XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
Groklaw XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
Hackney Anarchist Group XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January;_render=rss XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January
Humble Bundle Blog XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January
I, Cringely XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
Irregular Webcomic! XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
Joel on Software XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January
Judith Proctor's Journal XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January
Krebs on Security XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
Kubet24h XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
Lambda the Ultimate - Programming Languages Weblog XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January
LLVM Project Blog XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January
Looking For Group XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
Loomio Blog XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
Menage a 3 XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
Mimi and Eunice XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January
Neil Gaiman's Journal XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January
Nina Paley XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January
O Abnormal – Scifi/Fantasy Artist XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January
Oglaf! -- Comics. Often dirty. XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
Oh Joy Sex Toy XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
Order of the Stick XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
Original Fiction – XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
OSnews XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January
Paul Graham: Unofficial RSS Feed XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January
Penny Arcade XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
Penny Red XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January
PHD Comics XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
Phil's blog XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
Planet Debian XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January
Planet GridPP XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January
Planet Lisp XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
Property is Theft! XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January
PS238 by Aaron Williams XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
QC RSS XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January
Radar XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
RevK®'s rants XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January
Richard Stallman's Political Notes XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
Scenes From A Multiverse XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January
Schneier on Security XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January
SCHNEWS.ORG.UK XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
Scripting News XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
Seth's Blog XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January
Skin Horse XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
Starslip by Kris Straub XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
Tales From the Riverbank XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
The Adventures of Dr. McNinja XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January
The Bumpycat sat on the mat XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January
The Command Line XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January
The Daily WTF XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January
The Monochrome Mob XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
The Non-Adventures of Wonderella XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January
The Old New Thing XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
The Open Source Grid Engine Blog XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January
The Phoenix Requiem XML 22:35, Sunday, 26 January 23:15, Sunday, 26 January
The Rogues Gallery XML 23:07, Sunday, 26 January 23:55, Sunday, 26 January
The Stranger, Seattle's Only Newspaper: Savage Love XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January
TorrentFreak XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January
towerhamletsalarm XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January
Twokinds XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
UK Indymedia Features XML 23:07, Sunday, 26 January 23:49, Sunday, 26 January
Uploads from ne11y XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January
Uploads from piasladic XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January
Use Sword on Monster XML 23:07, Sunday, 26 January 23:54, Sunday, 26 January
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 22:28, Sunday, 26 January 23:14, Sunday, 26 January
What If? XML 22:56, Sunday, 26 January 23:37, Sunday, 26 January
Whatever XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
Whitechapel Anarchist Group XML 22:49, Sunday, 26 January 23:38, Sunday, 26 January
WIL WHEATON dot NET XML 23:14, Sunday, 26 January 23:58, Sunday, 26 January
wish XML 23:14, Sunday, 26 January 23:59, Sunday, 26 January XML 23:14, Sunday, 26 January 23:57, Sunday, 26 January