Tuesday, 15 October

18:42

1 in 14 Trump appointees is a former lobbyist, four times the rate under Obama [Cory Doctorow – Boing Boing]

Trump Town is a Propublica/Columbia Journalism Investigations interactive database of everyone working in the Trump administration; the latest revision reveals that Trump has hired 281 former lobbyists to regulate the industries that used to sign their paychecks.

That's one in every 14 political appointments, quadruple the peak rate of lobbyist hiring under Obama, which arrived six years into his presidency.

In many cases, these lobbyists are working directly in senior oversight roles for the industries they once represented: Colin Roskey spent two decades repping the health care industry, and now he's deputy secretary for legislation for mandatory health in Trump's Department of Health and Human Services. His recusals are confidential, but prior to his appointment, he was working for the price-gouging dialysis giant Fresenius Medical Care, which made more than a third of a billion a year from Medicare. That was just one of 27 clients he lobbied for before he entered Trump's HHS.

But don't worry, Roskey's not overseeing the health care industry anymore. He quit government service and was immediately rehired by the health industry lobbying firm he'd worked for prior to his government service, Lincoln Policy Group.

And while Trump has dismantled the Obama ethics rule that lobbyists from working in government, Obama's former appointees are not shy about taking lobbying work. For example, Bridgett Taylor -- who was deputy secretary for legislation for mandatory health in Obama's Department of Health and Human Services -- now lobbies for PHRMA, the lobbying arm of the price-gouging, monopolistic, murderous pharmaceutical industry. She, too, works for Lincoln, alongside her Trump-era successor.

Other swamp creatures who've done a turn in the Trump admin only to return to K-Street:

* Laura Kemper, a former lobbyist who joined Trump's HHS, now vice president for government affairs at Fresenius.

* Geoffrey Burr, a former lobbyist who did a spin through Trump's Department of Labor, then as chief of staff to Transportation Secretary Elaine Chao, now policy director at one of the nation’s largest lobbying firms.

* Rebecca Wood, formerly of Trump's FDA, now leader of food and drug practice at Sidley Austin, a powerful law/lobbying firm with business before the FDA.

* Brooke Appleton, once director of public policy for the National Corn Growers Association, then, after a spin in Trump's Ag Department, she's back with the National Corn Growers with a promotion to VP, overseeing a team of six who lobby her former Ag colleagues.

One is Laura Kemper, a former HHS senior official who, within days of leaving her post in March, was hired by Fresenius. Now vice president for government affairs, Kemper heads the company’s policy group. According to lobbying records, she is listed among the in-house lobbyists who have visited Congress, the White House and HHS since March, pushing everything from reimbursement for dialysis services to home dialysis. The records show Fresenius shelled out more than $2.2 million for lobbying activities during the first half of the year.

Kemper had also spent years lobbying Congress and federal agencies on behalf of health care companies before joining HHS in March 2017.

Her pass through the revolving door tests the boundaries of ethics rules. Indeed, Trump’s pledge prohibits staffers-turned-registered lobbyists from advocating for the special interests of their corporate bosses before the agencies where they used to work for at least five years. It also restricts former employees from behind-the-scenes lobbying with any senior federal official for the remainder of Trump’s presidency. Kemper signed that pledge.

Update: We Found a “Staggering” 281 Lobbyists Who’ve Worked in the Trump Administration [David Mora/Propublica and Columbia Journalism Investigations]

(Image: H. Michael Karshis, CC BY,modified)

18:35

News Post: Fanart [Penny Arcade]

Gabe: I’ve been trying to take more time to draw for fun recently and here is the result. I’m 100% hooked on Destiny again and it feels great to be back on the moon kicking ass. If you’ve been away for a while I recommend jumping back in and giving Shadowkeep a try. -Gabe out

17:49

Link [Scripting News]

Little Outliner is an easy to learn, entry-level outliner that runs in a web browser. It's written in JavaScript.

17:14

Another WOMAN Ride [Nina Paley]

Notice the W (8 miles) connects to the O (10 miles!! because of displaced retracing) at the top, rather than the bottom. This spared me 2 miles of gravel retracing on County Road 100 E, although I wouldn’t have minded them since I was on Connie, my big thick-tired steel Tour Easy, rather than Silver, my small skinny-tired aluminum Gold Rush.

As I wrote on Strava yesterday:

This is actually a really nice route, so I did it again (with a slight variation from before: see https://blog.ninapaley.com/2019/09/17/strava-vs-women/ ). This time I brought a gravel-appropriate bike. Note that Prospect, on the last leg of the “N”, is under major construction; I carefully rode along the dirt next to the partially-paved road-in-progress, but it is hazardous.

With the ride to the start and home from the finish, it’s a little more than 100 km.

Scenery and gravel on County Road 100 E, the right leg of the W.
Typical Champaign County view.
My magnificent, gravel-appropriate steed.
Road construction on Prospect, the right leg of the N. Up ahead was a lot of active heavy machinery, and a justifiably concerned worker warning me to “be careful” as I slowly pedaled along the dirt.

Related: Strava vs. Women

Perl 6 renamed to Raku [LWN.net]

The pull request changing the name of Perl 6 to Raku has been merged. See the full text for more information. "This document describes the steps to be taken to effectuate a rename of 'Perl 6' to 'Raku', as described in issue #81. It does not pretend to be complete in scope or in time. To change a name of a project that has been running for 19+ years will take time, a lot of effort and a lot of cooperation. It will affect people in foreseen and unforeseen ways." (Thanks to Sean Whitton)

The first-ever mandatory California drug price report reveals Big Pharma's farcical price-gouging [Cory Doctorow – Boing Boing]

In 2017, California passed a state law mandating disclosure of wholesale drug prices, something the Big Pharma companies fought tooth and nail. Now, the first of those disclosures has taken place, and it reveals spectacular levels of price-gouging from the pharmaceutical industry's greediest monopolists: an overall rise of 25.8% in the median drug price since 2017.

But the median obscures the incredible increases in the prices at the top end: generic liquid Prozac went up by 667%, generic ADHD meds went up more than 200%, and so on. The companies behind these increases cite nebulous and improbable causes like "market conditions" and (hilariously) "manufacturing costs" for the hikes.

PHRMA, the lobbying body for Big Pharma, says there's nothing to see here, because these prices "do not reflect discounts and rebates for insurers and pharmacy benefit managers."

PHRMA is suing to overturn the law.

California’s new drug law requires companies to report drug price increases quarterly. Only companies that met certain standards — they raised the price of a drug within the first quarter and the price had risen by at least 16% since January 2017 — had to submit data. The companies that met the standards were required to provide pricing data for the previous five years. In its initial report, the state focused its analysis on drug-pricing trends for about 1,000 products from January 2017 through March 2019.

California’s transparency law also requires drugmakers to state why they are raising prices. Over time, that information, in addition to cost disclosures, could create “one of the more comprehensive and official drug databases on prices that we have nationwide,” Wright said. “That, in itself, is progress, so that we can get better information on the rationale for drug price increases.”

California’s New Transparency Law Reveals Steep Rise In Wholesale Drug Prices [Barbara Feder Ostrov and Harriet Blair Rowan/California Health Online]

(via Naked Capitalism)

17:07

Link [Scripting News]

I come from a time when there was no advertising in software. Perhaps that's why I think this way?

Link [Scripting News]

I foresee a day when we'll have writing collectives on the web. Small groups of people striving for excellence in thought and expression, as a collection. I already know two people I'd like to write with.

Link [Scripting News]

When the Democrats debate tonight, I hope they remember there are people listening. Try to make us see how things would be different and better if you were president. I really don't care if you can show one of your rivals to be wrong.

Cracking the Passwords of Early Internet Pioneers [Schneier on Security]

Lots of them weren't very good:

BSD co-inventor Dennis Ritchie, for instance, used "dmac" (his middle name was MacAlistair); Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose "bourne"; Eric Schmidt, an early developer of Unix software and now the executive chairman of Google parent company Alphabet, relied on "wendy!!!" (the name of his wife); and Stuart Feldman, author of Unix automation tool make and the first Fortran compiler, used "axolotl" (the name of a Mexican salamander).

Weakest of all was the password for Unix contributor Brian W. Kernighan: "/.,/.," representing a three-character string repeated twice using adjacent keys on a QWERTY keyboard. (None of the passwords included the quotation marks.)

I don't remember any of my early passwords, but they probably weren't much better.

16:28

Security updates for Tuesday [LWN.net]

Security updates have been issued by Debian (sudo and xtrlock), openSUSE (sudo), Red Hat (Single Sign-On), Slackware (sudo), SUSE (binutils, dhcp, ffmpeg, kernel, kubernetes-salt, sudo, and tcpdump), and Ubuntu (sudo).

16:07

Dissolvable PVA support [RevK®'s rants]

The TAZ Pro has two extruders which allows me to try and use dissolvable PVA support. Support is simple enough but hard to remove from the print cleanly, so using PVA allows extra options - just dissolve it!

I have had to play with the Simpify3D settings a bit as the settings for the TAZ 6 did not quite work. I am not sure if the bed is different, the nozzle, or what but my prints were almost welded to the bed. I have tweak the settings for nice clean prints with nGen now. The next challenge was settings for PVA supports.

I ordered some from RS (yes, the price was not silly, strangely), part 174-0082. Well, actually I ordered from someone else, and realised wrong diameter, after opening it, D'Oh, but now I have the right stuff I googled a bit to find temperature.

It is funny stuff, and I ended up printing at 205C which is apparently on the high side. I could also see from simply feeding the filament that it came out thick and slow (around 1mm).

The key setting needed to stop it just curling up was speed - it needs to be very slow. In the end I ran with 2x multiplier, 1mm wide, 20% print speed, and that actually worked. Well, mostly (the eyes went a tad wonky, but worked).


For a start, the PVA comes away from the model really easily, so that is a good start.


Then, put in warm water for a while to remove the last bits, and yay, it worked.


Now to try something more complex with enclosed parts that simply could not have been printed before.

15:35

Link [Scripting News]

A new 11.5 mile rail trail is opening in the area on Friday.

Navigating the archive [Scripting News]

A reader asks how to find posts from previous months. I explained.

  • I've used a lot of different content management systems over the years, so the archives work differently.
  • For example, this is the archive page for September of 2018.
  • Some are in this form, for example July 2012.
  • For most months it's one or the other.

15:28

How should I create controls on my dialog box that has a tab control? [The Old New Thing]

The tab control from the shell common controls provides the tab selector control that is popular in tabbed dialogs. You’d be tempted to create the content of the tab control’s display area as children of the tab control, but that’s the wrong thing to do.

You should create them as siblings of the tab control.

What you want to do is create your tab control to cover the portion of the dialog box that you want to be tabbed. You then use the TCM_ADJUST­RECT message (or the equivalent TabCtrl_AdjustRect macro) to determine the display area of the tab control. Inside that display area, you can place your content, but do it with the dialog box as the parent, not the tab control.

  Dialog  
   
       
Tab control   Content 1   Content 2

Depending on which tab in the tab control is selected, you show exactly one of the content windows and hide the others.

If you think about how focus works in dialog boxes, you’ll realize that it has to be this way.

The tab control itself is focusable, and presumably you want to be able to put focus on your content, too. Now consider what happens if you create the content as children of the tab control:

  Dialog  
   
  Tab control  
   
           
  Content 1   Content 2  

By default, the tab order in a dialog box follows the dialog box’s immediate children. In this case, it means that the tab control can receive focus, but the content cannot, since they are not immediate children of the dialog box.

You can alter this behavior with the WS_EX_CONTROL­PARENT extended window style, which means “I’m just a container. My children are the things that can get focus, not me.” So let’s try that and put the WS_EX_CONTROL­PARENT extended window style on the tab control.

  Dialog  
   
  Tab control  
   
           
  Content 1   Content 2  

This time, the tab control drops out of the tab order, and its children, the content controls, join in.

With this window hierarchy, no amount of fiddling with the WS_EX_CONTROL­PARENT extended window style will allow the tab control and its children to all be part of the tab order. Because a window and its children cannot both be part of the tab order.

The only solution is to move the content controls out, so they aren’t children of the tab control. Making them siblings of the tab control, as they are in the original diagram, allows all three to participate in the tab order.

Bonus chatter: The content windows are typically nested dialogs which are marked with the WS_EX_CONTROL­PARENT extended window style. This permits the children of the nested dialogs to participate in the tab order, but keeping them inside a nested dialog lets you hide and show the controls in bulk by hiding and showing the nested dialog.

The post How should I create controls on my dialog box that has a tab control? appeared first on The Old New Thing.

15:21

Halloween Pindemonium [Diesel Sweeties webcomic by rstevens]

Miracle of Satanic miracles, my Halloween pins showed up before The Dark Day.

I've got special black edition pixel skulls and hearts, as well as some pumpkin-orange hearts. There are about 25 of each.

HAVE AT THEE

black-skull-pin1600_1024x1024

black-orange-pins1600_1024x1024

kitty-butt-pin-combo1600_1024x1024

14:56

KDE Plasma 5.17 released [LWN.net]

The KDE project has announced the release of version 5.17 of the Plasma desktop environment. "Night Color, the color-grading system that relaxes your eyes when the sun sets, has landed for X11. Your Plasma desktop also recognizes when you are giving a presentation, and stops messages popping up in the middle of your slideshow. If you are using Wayland, Plasma now comes with fractional scaling, which means that you can adjust the size of all your desktop elements, windows, fonts and panels perfectly to your HiDPI monitor."

The far right is dominating the information wars through "keyword signaling" [Cory Doctorow – Boing Boing]

It's an old story: someone searches Google for a common keyword -- "jews," "women," "black people" -- and gets back a bunch of far-right conspiracist/genocidal garbage; Google gets embarrassed, twiddles some search-weighting knobs, and the results change.

This is a problem, if you're a dark search-engine optimizer trying to hasten the end-times race-war. You put all this effort into link-farming and other sleazy tactics, only to have your work wiped out at the stroke of a keyboard.

But there's a more enduring way to dominate the information landscape: "keyword signaling." That's when you dream up a conspiratorial term that no one else is using (think: "crisis actor") and then totally own the information space around that term, so that anyone who searches on it finds your confirming information. Then you get your media-political machine to spread the term around -- say, by getting Devin Nunes or Sean Hannity to talk it up -- and the potential supporters for your conspiracy who are downstream of their rhetoric search for the term and only find information that bolsters their case. In the absence of disconfirming information, their theories seem credible. And since the "reality-based community" isn't bothering to search on these nonsense terms, they rarely, if ever, generate the kind of PR crisis that will prompt Google to put its thumb on the search-results scales to change the kinds of results those terms generate.

The far right is locked in an information-domination Cold War with the big platforms. From Boris Johnson's tactical use of nonsense to push down unflattering search results to gaming the refs at Facebook, the right understands that making their fringe ideology seem central requires the successful domination of the information sphere. After all, people who believe that the vast majority of the world deserve to be subjugated are always going to be in a minority (by definition!), so you need a lot of sock puppets to complement your network of dark-money thinktanks and blitzvertising to make yourself seem numerous enough to be relevant.

Francesca Tripodi form Data & Society studies the use of keyword signaling by the right, and has published the definitive research on the subject.

In a Wired op-ed, Tripodi shows how current events are being shaped by this simple tactic, whose practitioners are firmly entrenched in right wing media, Congress, the Senate and the White House itself.

To demonstrate how this works in politics, I Googled a few key phrases used in both of Nunes’ speeches. The results demonstrate how politicians and pundits can exploit data voids to create ideological information silos. During each hearing, Nunes describes “the Russia collusion hoax.” When you search for “collusion hoax,” the links returned support the position that investigations into the president are bogus. The top links are from a story in The New York Post published just last week that Dems are trying to block Barr’s probe into the “Russian collusion hoax” and a link to Amazon to purchase a book titled The Russia Hoax: The Illicit Scheme to Clear Hillary Clinton and Frame Donald Trump, by Fox News legal analyst Gregg Jarrett.

Strategic signaling also drew attention to what the Mueller report did not focus on. On June 12, Nunes noted that the report had not procured any “useful information on figures who played key roles in the investigation such as Joseph Mifsud,” a Maltese academic and figure in the George Papadopoulos case, “or the Democrat paid operative, former spy Christopher Steele,” the British intelligence officer behind the now notorious pee tape allegations. In the days following Nunes’ remarks, the search returns were primarily conservative content published anywhere between two weeks to 12 minutes before Nunes’ speech. In addition to traditional conservative sources like Fox News, Washington Examiner, and National Review, there are also digital-first sources like the Daily Caller and the Daily Wire, as well as stories posted from more dubious publications like the Epoch Times.

Devin Nunes and the Power of Keyword Signaling [Francesca Tripodi/Wired]

14:49

Link [Scripting News]

Francis Ford Coppola on Ari Melber last night. I'd love to hear FFC talk for hours about whatever he wants to talk about.

14:14

Medallion Status: comparison is the thief of joy, and John Hodgman is the thief-taker [Cory Doctorow – Boing Boing]

John Hodgman's last book, Vacationland, was a kind of absurdist memoir of a weird kid who'd grown up to the kind of self-aware grownup who really wanted to dig into how he got to where he was, with bone-dry wit and real heart (I compared it to Steve Martin's Cruel Shoes, but for adults who'd outgrown it); in his new book, Medallion Status: True Stories from Secret Rooms, Hodgman offers something much more uncomfortable (if no less funny), a series of vignettes that explore the hollowness of privilege, the toxicity of comparison, and the melancholy of accomplishment.

Medallion Status tells the story of Hodgman's post-TV life. After lucking into a role in a series of Apple TV ads, Hodgman went on to semi-regular stints on The Daily Show under Jon Stewart and a series of medium-sized parts on well-regarded sitcoms, but these have dwindled, and while Hodgman has many other claims to accomplishment and fame, they're not TV fame (and arguably, as Hodgman points out, even TV fame isn't TV fame anymore in our fractured world of streaming services). TV fame is a weird kind of fame, a stopped-in-the-street kind of fame, a fly from New York to LA every week and stay at the Chateau Marmont kind of fame. It's the kind of fame that gets you invited into the swag room at awards-shows where you can be measured for complementary custom-made leather shoes or take home a really amazing pair of jeans.

For Hodgman, as riven with insecurity as the next person (especially if the next person is a white, straight dude from a middle-class background who has a keen appreciation that he's living life on the lowest difficulty setting and is likely being serviced and fawned over by people who work harder and are more talented than he is), the gradual withdrawal of the trappings of privilege are a constant, nagging confirmation that every jolt of impostor syndrome you've ever felt was fully deserved.

This becomes the basis for an extended meditation on the many ways in which privilege feels gross and upsetting for the privileged: the systems around you are designed to tempt you to strive harder to attain the next level of privilege, where, you are assured, you can rest up from your anxious climb and enjoy the summit. But each summit reveals another summit, and higher, more promising, more tantalizing summits you can attain.

This is both the literal and metaphorical life of a frequent flier, of course: each tier in the airlines' customer loyalty program is designed to remind you of how terrible things are on the tier below you and how marvellous things would be if you could only rise up by one more level. And each tier is designed to panic you as the year progresses and you realize that you might not re-establish your status. And it is status, exclusivity, a secret society for one percenters, celebs and looters, all rubbing shoulders and eating chef-prepared meals and drinking free whiskey at 30,000 feet in a lie-flat bed.

At this point, you might be thinking that if being privileged is such a burden, you should try having no privilege at all. Hodgman agrees with you: indeed, the story of Medallion Status is about how badly this works out for everyone.

From his perch on the middle tiers of celebrity, Hodgman is able to compare himself to people who are in much smaller cohorts than his own: if he's in the 15% of people-on-TV, he's comparing himself to people in the 5% or even 1%, and yet, whenever he comes close enough to tug at those tailored and exclusive shirt-tails, he realizes that those people are every bit as miserable and insecure as he is.

And therein lies the message of Medallion Status, latent amidst the very funny jokes and the charming asides and the disarming honesty: that the whole system of privilege and inequality isn't serving anyone: it makes you miserable to be at the bottom, sure, but it also makes you miserable to be at the top.

And worse: as Hodgman travels through, and finds some accomodation within, these rarified heights, he sees how privilege turns the privileged into monsters, including Hodgman himself, whose impulses are warped and stunted under its ferocious gravity. As funny as Hodgman is -- and he's very, very funny -- there is a kind of horror in this book, something appropriately Lovecraftian (given both Hodgman's dedication to New England and Lovecraft's revolting worship of elitism). What Hodgman describes is a horror-movie form of compartmentalization, in which the protagonist finds themself committing terrible acts, knowing that they are terrible, unable to stop themselves.

My absolute favorite mode of humor is "ha ha only serious." One of Hodgman's anxieties is that he's not serious enough to be a comedian: that making a career out of inventing untrue facts about orchestral instruments or being the straight man on The Daily Show makes you funny, but not a comedian -- not someone using humor to disarm power so that it can have truth spoken to it.

But Hodgman is speaking truth to power here: he's spilling the rich, white guy tea, which is that they're absolutely miserable. Not that the wealthy and powerful deserve our sympathy -- but it's important to understand that the system is frailer than you think, because the only reason its supporters defend it is because they're afraid that if they're not defending the hierarchy, they'll end up on the bottom of the pyramid.

This is the moment for that message, with an election only days away and the most egregious example of self-parodying, useless and overprivileged whiteness in the White House. Trump's whole "poor person's idea of a rich person" schtick is the living embodiment of the idea that comparison is the thief of joy. Trump is insecurity manifest, a would-be dictator whose manifesto could easily be titled Mein Angst.

The difference between a monster and a mensch is self-awareness. Hodgman's Medallion Status is the opposite of narcissism: it's an honest and terribly funny peek into a world that very few of us will get to see, one that is frank enough to admit that the only thing the people in that world enjoy about it is that we're not allowed in it.

Medallion Status: True Stories from Secret Rooms [John Hodgman/Viking]

14:07

Four short links: 15 October 2019 [Radar]

  1. NSA Cybersecurity DirectorateThe command center is staffed 24/7, and teams cycle in every 12 hours to monitor real-time internet activity and cyber threats as they unfold over the world. Its connectivity with global intelligence partners ensures immediate communication over global cyber crises. The article has a lot of “cyber” and uses phrases like “souped-up computers,” but the shape of the NSA’s approach is apparent and interesting, especially Neuberger said one of her new directorate’s goals is to provide more actionable threat intelligence at the unclassified level so that partners, customers, and private sector firms can actually reap benefits in real time. Weird to think of a spook shop as having “customers” beyond, say, the President.
  2. CerealBara two-person collaborative game. We built CerealBar to study natural language understanding in collaborative interactions.
  3. TiltonAt this point, I should have noticed that this language was going to be inexcusably ugly, but astonishingly, I did not notice at the time. I kept pushing on, inspired by better languages like TRAC and LISP. I determined that this was the wrong approach for dealing with browser incompatibility, but I completed the language anyway. I named it Tilton after Robert Tilton, a television faith healer and speaker of tongues. I believe that Tilton is the ugliest programming language that was not intended to be an ugly programming language.
  4. Computer Files Are Going Extinctyears ago, websites were made of files; now they are made of dependencies.

13:56

13:49

Today: Call Congress and Tell Them Not to Let a Quasi-Court Bankrupt Internet Users [EFF Action Center]

The CASE Act has been voted out of committee in the House and the Senate, meaning that the next step is full votes by both chambers. We need to stop it now, and Congress being back in session makes this a perfect day to call and let them know not to pass the CASE Act.

The CASE Act’s advocates continually describe it as “voluntary” because you can “opt out.” But the reality is that regular people are likely to ignore a notice from an obscure board telling them to respond or be subject to its decisions. The ones opting out are going to be the ones that the bill’s supporters truly want in the system: companies, organizations, and people who infringe on a large and repeated scale. And the CASE Act compounds this injustice by making it difficult to appeal to a real judge in a real court.

During a hearing in the House Judiciary Committee, Representative Doug Collins of Georgia said that $30,000—the maximum amount that the CASE Act would enable this board to award—is a “truly small” claim. Almost 40% of Americans can’t come up with $400 in an emergency, let alone $30,000. Damages awards granted under the CASE Act could ruin people’s lives.

Copyright law does need changing. But a confusing system that empowers an obscure governmental body to levy large penalties against people who don’t show up is not the solution. This isn’t a way for small creators to recoup small claims from serial infringers. This is a system where the big players get to go free and regular people could end up owing life-changing sums of money. Today, tell Congress to vote “no” on the CASE Act.

13:29

Thug shooting a woman in her home [Richard Stallman's Political Notes]

A thug was sent to check on why a black woman's front door was left open. He shot her dead through the window, with no effort to find out what the situation was.

Is it possible to teach thugs to think before they shoot?

Duterte thugs and drug [Richard Stallman's Political Notes]

Duterte's chief of national thugs (including their death squads) has resigned due to accusations of involvement in drug dealing.

Apple spying for China [Richard Stallman's Political Notes]

Apple's nonfree Safari browser spies on users for the Chinese company Tencent.

Urgent: ban facial recognition government use [Richard Stallman's Political Notes]

US citizens: call on Congress to ban government use of facial recognition.

This is not enough, but it's a good start.

If you call, please spread the word!

Urgent: stop funding war in Yemen [Richard Stallman's Political Notes]

US citizens: call on Congress to end all funding for the war in Yemen.

If you call, please spread the word!

Government post qualification [Richard Stallman's Political Notes]

Preet Bharara: Congress should formalize the former unwritten rules about who is qualified for appointed government executive posts.

Urgent: block plan to reject most immigrants [Richard Stallman's Political Notes]

US citizens: call on Congress to block the bully's plan to reject most immigrants.

If you call, please spread the word!

Rejection of authoritarian in Hungary [Richard Stallman's Political Notes]

Hungarians showed their mounting dissatisfaction with the authoritarian Fidesz party by defeating it in significant local elections.

This is a step towards removing it from power, but that won't be easy because of the grip it has given itself over other institutions.

Syrian Kurds and Assad [Richard Stallman's Political Notes]

The Syrian Kurds have allied with Assad to resist the invasion from Turkey, and turned over two border cities to Assad in exchange.

If Rojava can peacefully reconcile with Assad, perhaps recognizing his suzerainty but without submitting to the tyranny of his regime, it would be a step forward — as long as Assad allows it to continue.

However, the fighting between Assad and Turkey could lead to fighting between Russia and Turkey. That is potentially dangerous.

PISSI escape [Richard Stallman's Political Notes]

A deal permitted hundreds of PISSI fighters to escape from Raqqa, along with thousands of people in their families, in order to end the fighting to capture that city.

700 more supporters of PISSI have now escaped from prison as a consequence of Turkey's attack, as the Kurds had to move their forces to oppose Turkey.

Unlawful campaign financing [Richard Stallman's Political Notes]

Federal prosecutors charged two men (who work with Giuliani) with transferring foreign funds to the cheater's campaign.

This might be part of a broader scheme that could be managed by Giuliani.

Ties to China [Richard Stallman's Political Notes]

When multinational companies depend on a relationship with China, either for manufacturing or sales, China can force them to support its repression.

Friendship with political opponents [Richard Stallman's Political Notes]

We should not reject friendship with people who disagree with us on important political issues.

I won't condemn Ellen DeGeneres for being friends with Dubya. I've called for prosecuting him for war crimes since the time he was in office, but I don't condemn her for not thinking so.

I bring up my politics so often that I might find it difficult to be friends with right-wing people, but that's just me.

Confederate war slaves [Richard Stallman's Political Notes]

Some Confederate officers brought family slaves with them to the army. Subsequently, apologists for slavery have pretended that those blacks were Confederate soldiers.

Turkey murders Kurdish civilians [Richard Stallman's Political Notes]

Turkey's proxy forces are murdering selected Kurdish civilians.

Poverty sentence [Richard Stallman's Political Notes]

US sanctions are driving Cuba into poverty because no ships can transport Venezuelan oil to Cuba.

It surprises me that Russia or China or Iran doesn't send ships to do this.

Britons taxes [Richard Stallman's Political Notes]

Britons complain their taxes are too high, but they are less than in 1970 — especially for the rich.

12:42

“BriansClub” Hack Rescues 26M Stolen Cards [Krebs on Security]

BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

An ad for BriansClub has been using my name and likeness for years to peddle millions of stolen credit cards.

Last month, KrebsOnSecurity was contacted by a source who shared a plain text file containing what was claimed to be the full database of cards for sale both currently and historically through BriansClub[.]at, a thriving fraud bazaar named after this author. Imitating my site, likeness and namesake, BriansClub even dubiously claims a copyright with a reference at the bottom of each page: “© 2019 Crabs on Security.”

Multiple people who reviewed the database shared by my source confirmed that the same credit card records also could be found in a more redacted form simply by searching the BriansClub Web site with a valid, properly-funded account.

All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground.

The leaked data shows that in 2015, BriansClub added just 1.7 million card records for sale. But business would pick up in each of the years that followed: In 2016, BriansClub uploaded 2.89 million stolen cards; 2017 saw some 4.9 million cards added; 2018 brought in 9.2 million more.

Between January and August 2019 (when this database snapshot was apparently taken), BriansClub added roughly 7.6 million cards.

Most of what’s on offer at BriansClub are “dumps,” strings of ones and zeros that — when encoded onto anything with a magnetic stripe the size of a credit card — can be used by thieves to purchase electronics, gift cards and other high-priced items at big box stores.

As shown in the table below (taken from this story), many federal hacking prosecutions involving stolen credit cards will for sentencing purposes value each stolen card record at $500, which is intended to represent the average loss per compromised cardholder.

The black market value, impact to consumers and banks, and liability associated with different types of card fraud.

STOLEN BACK FAIR AND SQUARE

An extensive analysis of the database indicates BriansClub holds approximately $414 million worth of stolen credit cards for sale, based on the pricing tiers listed on the site. That’s according to an analysis by Flashpoint, a security intelligence firm based in New York City.

Allison Nixon, the company’s director of security research, said Flashpoint had help from numerous parties in crunching the numbers from the massive leaked database.

Nixon said the data suggests that between 2015 and August 2019, BriansClub sold roughly 9.1 million stolen credit cards, earning the site $126 million in sales (all sales are transacted in bitcoin).

If we take just the 9.1 million cards that were confirmed sold through BriansClub, we’re talking about $2.27 billion in likely losses at the $500 average loss per card figure from the Justice Department.

Also, it seems likely the total number of stolen credit cards for sale on BriansClub and related sites vastly exceeds the number of criminals who will buy such data. Shame on them for not investing more in marketing!

There’s no easy way to tell how many of the 26 million or so cards for sale at BriansClub are still valid, but the closest approximation of that — how many unsold cards have expiration dates in the future — indicates more than 14 million of them could still be valid.

The archive also reveals the proprietor(s) of BriansClub frequently uploaded new batches of stolen cards — some just a few thousand records, and others tens of thousands.

That’s because like many other carding sites, BriansClub mostly resells cards stolen by other cybercriminals — known as resellers or affiliates — who earn a percentage from each sale. It’s not yet clear how that revenue is shared in this case, but perhaps this information will be revealed in further analysis of the purloined database.

BRIANS CHAT

In a message titled “Your site is hacked,’ KrebsOnSecurity requested comment from BriansClub via the “Support Tickets” page on the carding shop’s site, informing its operators that all of their card data had been shared with the card-issuing banks.

I was surprised and delighted to receive a polite reply a few hours later from the site’s administrator (“admin”):

“No. I’m the real Brian Krebs here 🙂

Correct subject would be the data center was hacked.

Will get in touch with you on jabber. Should I mention that all information affected by the data-center breach has been since taken off sales, so no worries about the issuing banks.”

Flashpoint’s Nixon said a spot check comparison between the stolen card database and the card data advertised at BriansClub suggests the administrator is not being truthful in his claims of having removed the leaked stolen card data from his online shop.

The admin hasn’t yet responded to follow-up questions, such as why BriansClub chose to use my name and likeness to peddle millions of stolen credit cards.

Almost certainly, at least part of the appeal is that my surname means “crab” (or cancer), and crab is Russian hacker slang for “carder,” a person who engages in credit card fraud.

Many of the cards for sale on BriansClub are not visible to all customers. Those who wish to see the “best” cards in the shop need to maintain certain minimum balances, as shown in this screenshot.

HACKING BACK?

Nixon said breaches of criminal website databases often lead not just to prevented cybercrimes, but also to arrests and prosecutions.

“When people talk about ‘hacking back,’ they’re talking about stuff like this,” Nixon said. “As long as our government is hacking into all these foreign government resources, they should be hacking into these carding sites as well. There’s a lot of attention being paid to this data now and people are remediating and working on it.”

By way of example on hacking back, she pointed to the 2016 breach of vDOS — at the time the largest and most powerful service for knocking Web sites offline in large-scale cyberattacks.

Soon after vDOS’s database was stolen and leaked to this author, its two main proprietors were arrested. Also, the database added to evidence of criminal activity for several other individuals who were persons of interest in unrelated cybercrime investigations, Nixon said.

“When vDOS got breached, that basically reopened cases that were cold because [the leak of the vDOS database] supplied the final piece of evidence needed,” she said.

THE TARGET BREACH OF THE UNDERGROUND?

After many hours spent poring over this data, it became clear I needed some perspective on the scope and impact of this breach. As a major event in the cybercrime underground, was it somehow the reverse analog of the Target breach — which negatively impacted tens of millions of consumers and greatly enriched a large number of bad guys? Or was it more prosaic, like a Jimmy Johns-sized debacle?

For that insight, I spoke with Gemini Advisory, a New York-based company that works with financial institutions to monitor dozens of underground markets trafficking in stolen card data.

Andrei Barysevich, co-founder and CEO at Gemini, said the breach at BriansClub is certainly significant, given that Gemini currently tracks a total of 87 million credit and debit card records for sale across the cybercrime underground.

Gemini is monitoring most underground stores that peddle stolen card data — including such heavy hitters as Joker’s StashTrump’s Dumps, and BriansDump.

Contrary to popular belief, when these shops sell a stolen credit card record, that record is then removed from the inventory of items for sale. This allows companies like Gemini to determine roughly how many new cards are put up for sale and how many have sold.

Barysevich said the loss of so many valid cards may well impact how other carding stores compete and price their products.

“With over 78% of the illicit trade of stolen cards attributed to only a dozen of dark web markets, a breach of this magnitude will undoubtedly disturb the underground trade in the short term,” he said. “However, since the demand for stolen credit cards is on the rise, other vendors will undoubtedly attempt to capitalize on the disappearance of the top player.”

Liked this story and want to learn more about how carding shops operate? Check out Peek Inside a Professional Carding Shop. Want to help this site continue to produce useful, impactful journalism? Consider donating!

12:07

Julien Danjou: Sending Emails in Python — Tutorial with Code Examples [Planet Debian]

Sending Emails in Python — Tutorial with Code Examples

What do you need to send an email with Python? Some basic programming and web knowledge along with the elementary Python skills. I assume you’ve already had a web app built with this language and now you need to extend its functionality with notifications or other emails sending. This tutorial will guide you through the most essential steps of sending emails via an SMTP server:

  1. Configuring a server for testing (do you know why it’s important?)
  2. Local SMTP server
  3. Mailtrap test SMTP server
  4. Different types of emails: HTML, with images, and attachments
  5. Sending multiple personalized emails (Python is just invaluable for email automation)
  6. Some popular email sending options like Gmail and transactional email services

Served with numerous code examples written and tested on Python 3.7!

Sending an email using an SMTP

The first good news about Python is that it has a built-in module for sending emails via SMTP in its standard library. No extra installations or tricks are required. You can import the module using the following statement:

import smtplib

To make sure that the module has been imported properly and get the full description of its classes and arguments, type in an interactive Python session:

help(smtplib)

At our next step, we will talk a bit about servers: choosing the right option and configuring it.

An SMTP server for testing emails in Python

When creating a new app or adding any functionality, especially when doing it for the first time, it’s essential to experiment on a test server. Here is a brief list of reasons:

  1. You won’t hit your friends’ and customers’ inboxes. This is vital when you test bulk email sending or work with an email database.
  2. You won’t flood your own inbox with testing emails.
  3. Your domain won’t be blacklisted for spam.

Local SMTP server

If you prefer working in the local environment, the local SMTP debugging server might be an option. For this purpose, Python offers an smtpd module. It has a DebuggingServer feature, which will discard messages you are sending out and will print them to stdout. It is compatible with all operations systems.

Set your SMTP server to localhost:1025

python -m smtpd -n -c DebuggingServer localhost:1025

In order to run SMTP server on port 25, you’ll need root permissions:

sudo python -m smtpd -n -c DebuggingServer localhost:25

It will help you verify whether your code is working and point out the possible problems if there are any. However, it won’t give you the opportunity to check how your HTML email template is rendered.

Fake SMTP server

Fake SMTP server imitates the work of a real 3rd party web server. In further examples in this post, we will use Mailtrap. Beyond testing email sending, it will let us check how the email will  be rendered and displayed, review the message raw data as well as will provide us with a spam report. Mailtrap is very easy to set up: you will need just copy the credentials generated by the app and paste them into your code.

Sending Emails in Python — Tutorial with Code Examples

Here is how it looks in practice:

import smtplib

port = 2525
smtp_server = "smtp.mailtrap.io"
login = "1a2b3c4d5e6f7g" # your login generated by Mailtrap
password = "1a2b3c4d5e6f7g" # your password generated by Mailtrap

Mailtrap makes things even easier. Go to the Integrations section in the SMTP settings tab and get the ready-to-use template of the simple message, with your Mailtrap credentials in it. It is the most basic option of instructing your Python script on who sends what to who is the sendmail() instance method:

Sending Emails in Python — Tutorial with Code Examples

The code looks pretty straightforward, right? Let’s take a closer look at it and add some error handling (see the comments in between). To catch errors, we use the try and except blocks.

# The first step is always the same: import all necessary components:
import smtplib
from socket import gaierror

# Now you can play with your code. Let’s define the SMTP server separately here:
port = 2525
smtp_server = "smtp.mailtrap.io"
login = "1a2b3c4d5e6f7g" # paste your login generated by Mailtrap
password = "1a2b3c4d5e6f7g" # paste your password generated by Mailtrap

# Specify the sender’s and receiver’s email addresses:
sender = "from@example.com"
receiver = "mailtrap@example.com"

# Type your message: use two newlines (\n) to separate the subject from the message body, and use 'f' to  automatically insert variables in the text
message = f"""\
Subject: Hi Mailtrap
To: {receiver}
From: {sender}
This is my first message with Python."""

try:
  # Send your message with credentials specified above
  with smtplib.SMTP(smtp_server, port) as server:
    server.login(login, password)
    server.sendmail(sender, receiver, message)
except (gaierror, ConnectionRefusedError):
  # tell the script to report if your message was sent or which errors need to be fixed
  print('Failed to connect to the server. Bad connection settings?')
except smtplib.SMTPServerDisconnected:
  print('Failed to connect to the server. Wrong user/password?')
except smtplib.SMTPException as e:
  print('SMTP error occurred: ' + str(e))
else:
  print('Sent')

Once you get the Sent result in Shell, you should see your message in your Mailtrap inbox:

Sending Emails in Python — Tutorial with Code Examples

Sending emails with HTML content

In most cases, you need to add some formatting, links, or images to your email notifications. We can simply put all of these with the HTML content. For this purpose, Python has an email package.

We will deal with the MIME message type, which is able to combine HTML and plain text. In Python, it is handled by the email.mime module.

It is better to write a text version and an HTML version separately, and then merge them with the MIMEMultipart("alternative") instance. It means that such a message has two rendering options accordingly. In case an HTML isn’t be rendered successfully for some reason, a text version will still be available.

import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart

port = 2525
smtp_server = "smtp.mailtrap.io"
login = "1a2b3c4d5e6f7g" # paste your login generated by Mailtrap
password = "1a2b3c4d5e6f7g" # paste your password generated by Mailtrap

sender_email = "mailtrap@example.com"
receiver_email = "new@example.com"

message = MIMEMultipart("alternative")
message["Subject"] = "multipart test"
message["From"] = sender_email
message["To"] = receiver_email
# Write the plain text part
text = """\ Hi, Check out the new post on the Mailtrap blog: SMTP Server for Testing: Cloud-based or Local? https://blog.mailtrap.io/2018/09/27/cloud-or-local-smtp-server/ Feel free to let us know what content would be useful for you!"""

# write the HTML part
html = """\ <html> <body> <p>Hi,<br> Check out the new post on the Mailtrap blog:</p> <p><a href="https://blog.mailtrap.io/2018/09/27/cloud-or-local-smtp-server">SMTP Server for Testing: Cloud-based or Local?</a></p> <p> Feel free to <strong>let us</strong> know what content would be useful for you!</p> </body> </html> """

# convert both parts to MIMEText objects and add them to the MIMEMultipart message
part1 = MIMEText(text, "plain")
part2 = MIMEText(html, "html")
message.attach(part1)
message.attach(part2)

# send your email
with smtplib.SMTP("smtp.mailtrap.io", 2525) as server:
  server.login(login, password)
  server.sendmail( sender_email, receiver_email, message.as_string() )

print('Sent')
Sending Emails in Python — Tutorial with Code ExamplesThe resulting output

Sending Emails with Attachments in Python

The next step in mastering sending emails with Python is attaching files. Attachments are still the MIME objects but we need to encode them with the base64 module. A couple of important points about the attachments:

  1. Python lets you attach text files, images, audio files, and even applications. You just need to use the appropriate email class like email.mime.audio.MIMEAudio or email.mime.image.MIMEImage. For the full information, refer to this section of the Python documentation.
  2. Remember about the file size: sending files over 20MB is a bad practice.

In transactional emails, the PDF files are the most frequently used: we usually get receipts, tickets, boarding passes, order confirmations, etc. So let’s review how to send a boarding pass as a PDF file.

import smtplib
from email import encoders
from email.mime.base import MIMEBase
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText

port = 2525
smtp_server = "smtp.mailtrap.io"
login = "1a2b3c4d5e6f7g" # paste your login generated by Mailtrap
password = "1a2b3c4d5e6f7g" # paste your password generated by Mailtrap

subject = "An example of boarding pass"
sender_email = "mailtrap@example.com"
receiver_email = "new@example.com"

message = MIMEMultipart()
message["From"] = sender_email
message["To"] = receiver_email
message["Subject"] = subject

# Add body to email
body = "This is an example of how you can send a boarding pass in attachment with Python"
message.attach(MIMEText(body, "plain"))

filename = "yourBP.pdf"
# Open PDF file in binary mode
# We assume that the file is in the directory where you run your Python script from
with open(filename, "rb") as attachment:
# The content type "application/octet-stream" means that a MIME attachment is a binary file
part = MIMEBase("application", "octet-stream")
part.set_payload(attachment.read())
# Encode to base64
encoders.encode_base64(part)
# Add header
part.add_header("Content-Disposition", f"attachment; filename= {filename}")
# Add attachment to your message and convert it to string
message.attach(part)

text = message.as_string()
# send your email
with smtplib.SMTP("smtp.mailtrap.io", 2525) as server:
  server.login(login, password)
  server.sendmail(sender_email, receiver_email, text)

print('Sent')
Sending Emails in Python — Tutorial with Code ExamplesThe received email with your PDF

To attach several files, you can call the message.attach() method several times.

How to send an email with image attachment

Images, even if they are a part of the message body, are attachments as well. There are three types of them: CID attachments (embedded as a MIME object), base64 images (inline embedding), and linked images.

For adding a CID attachment, we will create a MIME multipart message with MIMEImage component:

import smtplib
from email.mime.text import MIMEText
from email.mime.image import MIMEImage
from email.mime.multipart import MIMEMultipart

port = 2525
smtp_server = "smtp.mailtrap.io"
login = "1a2b3c4d5e6f7g" # paste your login generated by Mailtrap
password = "1a2b3c4d5e6f7g" # paste your password generated by Mailtrap

sender_email = "mailtrap@example.com"
receiver_email = "new@example.com"

message = MIMEMultipart("alternative")
message["Subject"] = "CID image test"
message["From"] = sender_email
message["To"] = receiver_email

# write the HTML part
html = """\
<html>
<body>
<img src="cid:myimage">
</body>
</html>
"""
part = MIMEText(html, "html")
message.attach(part)

# We assume that the image file is in the same directory that you run your Python script from
with open('mailtrap.jpg', 'rb') as img:
  image = MIMEImage(img.read())
# Specify the  ID according to the img src in the HTML part
image.add_header('Content-ID', '<myimage>')
message.attach(image)

# send your email
with smtplib.SMTP("smtp.mailtrap.io", 2525) as server:
  server.login(login, password)
  server.sendmail(sender_email, receiver_email, message.as_string())

print('Sent')
Sending Emails in Python — Tutorial with Code ExamplesThe received email with CID image

The CID image is shown both as a part of the HTML message and as an attachment. Messages with this image type are often considered spam: check the Analytics tab in Mailtrap to see the spam rate and recommendations on its improvement. Many email clients — Gmail in particular — don’t display CID images in most cases. So let’s review how to embed a base64 encoded image instead.

Here we will use base64 module and experiment with the same image file:

import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
import base64

port = 2525
smtp_server = "smtp.mailtrap.io"
login = "1a2b3c4d5e6f7g" # paste your login generated by Mailtrap
password = "1a2b3c4d5e6f7g" # paste your password generated by Mailtrap
sender_email = "mailtrap@example.com"
receiver_email = "new@example.com"

message = MIMEMultipart("alternative")
message["Subject"] = "inline embedding"
message["From"] = sender_email
message["To"] = receiver_email

# We assume that the image file is in the same directory that you run your Python script from
with open("image.jpg", "rb") as image:
  encoded = base64.b64encode(image.read()).decode()

html = f"""\
<html>
<body>
<img src="data:image/jpg;base64,{encoded}">
</body>
</html>
"""
part = MIMEText(html, "html")
message.attach(part)

# send your email
with smtplib.SMTP("smtp.mailtrap.io", 2525) as server:
  server.login(login, password)
  server.sendmail(sender_email, receiver_email, message.as_string())

print('Sent')
Sending Emails in Python — Tutorial with Code ExamplesA base64 encoded image

Now the image is embedded into the HTML message and is not available as an attached file. Python has encoded our JPEG image, and if we go to the HTML Source tab, we will see the long image data string in the img src attribute.

How to Send Multiple Emails

Sending multiple emails to different recipients and making them personal is the special thing about emails in Python.

To add several more recipients, you can just type their addresses in separated by a comma, add Cc and Bcc. But if you work with a bulk email sending, Python will save you with loops.

One of the options is to create a database in a CSV format (we assume it is saved to the same folder as your Python script).

We often see our names in transactional or even promotional examples. Here is how we can make it with Python.

Let’s organize the list in a simple table with just two columns: name and email address. It should look like the following example:

#name,email
John Johnson,john@johnson.com
Peter Peterson,peter@peterson.com

The code below will open the file and loop over its rows line by line, replacing the {name} with the value from the “name” column.

import csv
import smtplib

port = 2525
smtp_server = "smtp.mailtrap.io"
login = "1a2b3c4d5e6f7g" # paste your login generated by Mailtrap
password = "1a2b3c4d5e6f7g" # paste your password generated by Mailtrap

message = """Subject: Order confirmation
To: {recipient}
From: {sender}
Hi {name}, thanks for your order! We are processing it now and will contact you soon"""
sender = "new@example.com"
with smtplib.SMTP("smtp.mailtrap.io", 2525) as server:
  server.login(login, password)
  with open("contacts.csv") as file:
  reader = csv.reader(file)
  next(reader)  # it skips the header row
  for name, email in reader:
    server.sendmail(
      sender,
      email,
      message.format(name=name, recipient=email, sender=sender),
    )
    print(f'Sent to {name}')

In our Mailtrap inbox, we see two messages: one for John Johnson and another for Peter Peterson, delivered simultaneously:

Sending Emails in Python — Tutorial with Code Examples


Sending emails with Python via Gmail

When you are ready for sending emails to real recipients, you can configure your production server. It also depends on your needs, goals, and preferences: your localhost or any external SMTP.

One of the most popular options is Gmail so let’s take a closer look at it.

We can often see titles like “How to set up a Gmail account for development”. In fact, it means that you will create a new Gmail account and will use it for a particular purpose.

To be able to send emails via your Gmail account, you need to provide access to it for your application. You can Allow less secure apps or take advantage of the OAuth2 authorization protocol. It’s a way more difficult but recommended due to the security reasons.

Further, to use a Gmail server, you need to know:

  • the server name = smtp.gmail.com
  • port = 465 for SSL/TLS connection (preferred)
  • or port = 587 for STARTTLS connection
  • username = your Gmail email address
  • password = your password
import smtplib
import ssl

port = 465
password = input("your password")
context = ssl.create_default_context()

with smtplib.SMTP_SSL("smtp.gmail.com", port, context=context) as server:
  server.login("my@gmail.com", password)

If you tend to simplicity, then you can use Yagmail, the dedicated Gmail/SMTP. It makes email sending really easy. Just compare the above examples with these several lines of code:

import yagmail

yag = yagmail.SMTP()
contents = [
"This is the body, and here is just text http://somedomain/image.png",
"You can find an audio file attached.", '/local/path/to/song.mp3'
]
yag.send('to@someone.com', 'subject', contents)

Next steps with Python

Those are just basic options of sending emails with Python. To get great results, review the Python documentation and experiment with your own code!

There are a bunch of various Python frameworks and libraries, which make creating apps more elegant and dedicated. In particular, some of them can help improve your experience with building emails sending functionality:

The most popular frameworks are:

  1. Flask, which offers a simple interface for email sending: Flask Mail.
  2. Django, which can be a great option for building HTML templates.
  3. Zope comes in handy for a website development.
  4. Marrow Mailer is a dedicated mail delivery framework adding various helpful configurations.
  5. Plotly and its Dash can help with mailing graphs and reports.

Also, here is a handy list of Python resources sorted by their functionality.

Good luck and don’t forget to stay on the safe side when sending your emails!

This article was originally published at Mailtrap’s blog: Sending emails with Python

11:56

CodeSOD: Cast Away [The Daily WTF]

The accountants at Gary's company had a problem: sometimes, when they wanted to check the price to ship a carton of product, that price was zero. No one had, as of yet, actually shipped product...

11:28

Twitter Suspends Trump Meme Creator…But Not For the ‘Kingsman’ Bloodbath Video [TorrentFreak]

There was uproar in the media this past weekend after a violent video meme was reportedly shown at a pro-Trump conference.

The video, a doctored version of the famous church scene from the movie Kingsman, depicts Trump killing his critics, from both the media and politics.

The video was made by TheGeekzTeam, an entity that creates content for a website run by Carpe Donktum, a prolific pro-Trump supporter and meme-maker. During the fallout on Monday, Carpe Donktum’s Twitter account was suspended, an event which led various media outlets to connect the events of the weekend with the suspension.

A Twitter spokesperson effectively confirmed that the suspension was DMCA related, noting that it responds to “valid copyright complaints sent us by a copyright owner or their authorized representatives.”

Twitter made no mention of which content had caused the suspension but the actual DMCA notice obtained by TorrentFreak confirms it had nothing to do with the ‘Kingsman’ meme published over the weekend.

The DMCA notice, served not only against Carpe Donktum’s Twitter account but also around two dozen others, was actually filed by Universal Music Group. The offending Twitter URL is highlighted below.

The Tweet in question dates back to February 5, 2018, and remains online, along with the text “In case you missed the T-Mobile Superbowl Commercial. Here it is!” However, the embedded video has been removed, indicating that this was the source of the DMCA complaint.

Comparing uploads on Carpe Donktum’s YouTube account on the very same day we find a video entitled “T-Mobile Superbowl Commercial Fixed“, which is a doctored version of T-Mobile’s official Superbowl commercial.

It’s pretty clear why Carpe Donktum’s video was taken down. While it contains other copyrighted music throughout not contained in the original video (a lullaby rendition of Nirvana’s ‘All Apologies’ according to Shazam), it’s the last 14 seconds of the 80-second video causing the problems.

With Trump wearing a ‘Thug Life’ hat, obligatory sunglasses and sporting a huge joint in his mouth, the track ‘Ultimate’ by Denzel Curry booms from the video. This isn’t what Universal Music wanted and judging by comments made by Curry in 2017, it probably isn’t what he wanted either.

“I felt like I was part of the problem honestly. Being disillusioned and thinking, ‘nah, that’s not gonna happen, this nigga ain’t gonna be president.’ Then this nigga became president. So what the fuck just happened? I don’t get all the choices I want, but I definitely didn’t want this nigga to be my president,” Curry said.

One copyright complaint isn’t usually enough for Twitter to suspend an account but Carpe Donktum now has at least three against his. In addition to the notice sent Monday, two others are on record, one sent in April and another in June. Only the one sent by Universal Music has a listed sender, the other two have their details redacted.

Carpe Donktum’s Twitter account has now been restored but for how long remains open to question and probably dictated by future conduct.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

09:28

Freelancing is a brave act [Seth's Blog]

When I quit my job in 1986 and went out on my own, it was shortly after my picture had appeared in a small feature in a national magazine. My grandmother proudly kept a copy of the magazine (not the article, the entire magazine) on her coffee table, proudly telling anyone who stopped by that her grandson was now a “FREE lancer.” Not sure what that meant, she had a hunch that it wasn’t nearly as stable, easy or prestigious as having an actual job.

Freelancers show up in the world without a safety net, offering to do their best. Freelancers rarely get the credit they deserve for the work they do.

Freelancers aren’t always sure of what’s next, and freelancers often get the wrong end of the stick.

But it’s about a pure a craft as most of us can find. You’re your own boss, most of the time, and figuring out a way to become better at being the boss of you is a worthwhile investment of effort.

I’m so pleased with the results we’ve achieved with The Freelancer’s Workshop. It’s a straightforward approach to the biggest problem most freelancers have: Finding better clients.

Our new session begins signups today, and I hope you’ll check it out (click to find the disappearing purple circle discount). It’s the last session of 2019.

Better clients demand more, pay more and talk about your work. Better clients make it easier for you to level up, and better clients challenge you to dig deeper and do what you’re capable of.

You don’t do better by working more hours. You can’t work more hours. You do better by finding better clients.

I’m delighted that so many freelancers read this blog, and proud to be, on my best days, a freelancer.

Join me at 1 pm ET today, Tuesday to talk about freelancing and how to level up. I’ll be taking your questions on my FB and Insta pages.

Now might be the time to be seen as the professional you’re capable of becoming.

09:00

Raphaël Hertzog: Freexian’s report about Debian Long Term Support, September 2019 [Planet Debian]

A Debian LTS logo
Like each month, here comes a report about
the work of paid contributors
to Debian LTS.

Individual reports

In September, 212.75 work hours have been dispatched among 12 paid contributors. Their reports are available:

  • Adrian Bunk did nothing (and got no hours assigned), but has been carrying 26h from August to October.
  • Ben Hutchings did 20h (out of 20h assigned).
  • Brian May did 10h (out of 10h assigned).
  • Chris Lamb did 18h (out of 18h assigned).
  • Emilio Pozuelo Monfort did 30h (out of 23.75h assigned and 5.25h from August), thus anticipating 1h from October.
  • Hugo Lefeuvre did nothing (out of 23.75h assigned), thus is carrying over 23.75h for October.
  • Jonas Meurer did 5h (out of 10h assigned and 9.5h from August), thus carrying over 14.5h to October.
  • Markus Koschany did 23.75h (out of 23.75h assigned).
  • Mike Gabriel did 11h (out of 12h assigned + 0.75h remaining), thus carrying over 1.75h to October.
  • Ola Lundqvist did 2h (out of 8h assigned and 8h from August), thus carrying over 14h to October.
  • Roberto C. Sánchez did 16h (out of 16h assigned).
  • Sylvain Beucler did 23.75h (out of 23.75h assigned).
  • Thorsten Alteholz did 23.75h (out of 23.75h assigned).

Evolution of the situation

September was more like a regular month again, though two contributors were not able to dedicate any time to LTS work.

For October we are welcoming Utkarsh Gupta as a new paid contributor. Welcome to the team, Utkarsh!

This month, we’re glad to announce that Cloudways is joining us as a new silver level sponsor ! With the reduced involvment of another long term sponsor, we are still at the same funding level (roughly 216 hours sponsored by month).

The security tracker currently lists 32 packages with a known CVE and the dla-needed.txt file has 37 packages needing an update.

Thanks to our sponsors

New sponsors are in bold.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

08:28

My Road To Sterilization by AyCee [Oh Joy Sex Toy]

My Road To Sterilization by AyCee

I ran into some of AyCee’s comic work a few years ago and instantly fell in love. They have such a lovely style and their characters feel rich and fun. Not safe for work Table for Three and Safeword are especially fantastic. We’re lucky enough to have AyCee here on OJST with this amazing comic […]

08:21

Top 10 Most Pirated Movies of The Week on BitTorrent – 10/14/19 [TorrentFreak]

This week we have three newcomers in our chart.

The Lion King is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the articles of the recent weekly movie download charts.

This week’s most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (…) The Lion King 7.1 / trailer
2 (1) Fast & Furious Presents: Hobbs & Shaw 6.7 / trailer
3 (3) Toy Story 4 8.1 / trailer
4 (7) Dark Phoenix 6.0 / trailer
5 (4) Spider-Man: Far from Home 7.8 / trailer
6 (2) It: Chapter Two 6.9 / trailer
7 (…) Joker (HDCam) 8.1 / trailer
8 (7) Crawl 6.4 / trailer
9 (…) El Camino: A Breaking Bad Movie 7.7 / trailer
10 (9) John Wick: Chapter 3 – Parabellum 7.8 / trailer

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

06:49

Feeds | What do you want to know about research software? [Planet GridPP]

What do you want to know about research software? g.law 15 October 2019 - 6:21am

It is reasonably well known at this point that research software has value and should be treated as a citable output in research but how much software is actually cited and how does it relate to other types of research output? These are just a couple of questions which the Persistent Identifier (PID) Graph can help to answer.

06:42

Norbert Preining: State of Calibre in Debian [Planet Debian]

To counter some recent FUD spread about Calibre in general and Calibre in Debian in particular, here a concise explanation of the current state.

Many might have read my previous post on Calibre as a moratorium, but that was not my intention. Development of Calibre in Debian is continuing, despite the current stall.

Since it seems to be unclear what the current blockers are, there are two orthogonal problems regarding recent Calibre in Debian: One is the update to version 4 and the switch to qtwebengine, one is the purge of Python 2 from Debian.

Current state

Debian sid and testing currently hold Calibre 3.48 based on Python 2. Due to the ongoing purge, necessary modules (in particular python-cherrypy3) have been removed from Debian/sid, making the current Calibre package RC buggy (see this bug report). That means, that within reasonable time frame, Calibre will be removed from testing.


Now for the two orthogonal problems we are facing:

Calibre 4 packaging

Calibre 4 is already packaged for Debian (see the master-4.0 branch in the git repository). Uploading was first blocked due to a disappearing python-pyqt5.qwebengine which was extracted from PyQt5 package into its own. Thanks to the maintainers we now have a Python2 version build from the qtwebengine-opensource-src package.

But that still doesn’t cut it for Calibre 4, because it requires Qt 5.12, but Debian still carries 5.11 (released 1.5 years ago).

So the above mentioned branch is ready for upload as soon as Qt 5.12 is included in Debian.

Python 3

The other big problem is the purge of Python 2 from Debian. Upstream Calibre already supports building Python 3 versions since some months, with ongoing bug fixes. But including this into Debian poses some problems: The first stumbling block was a missing Python3 version of mechanize, which I have adopted after a 7 years hiatus, updated to the newest version and provided Python 3 modules for it.

Packaging for Debian is done in the experimental branch of the git repository, and is again ready to be uploaded to unstable.

But the much bigger concern here is that practically none of the external plugins of Calibre is ready for Python 3. Paired with the fact that probably most users of Calibre are using one or the other external plugin (just to mention Kepub plugin, DeDRM, …), uploading a Python 3 based version of Calibre would break usage for practically all users.


Since I put our (Debian’s) users first, I have thus decided to keep Calibre based on Python 2 as long as Debian allows. Unfortunately the overzealous purge spree has already introduced RC bugs, which means I am now forced to decide whether I upload a version of Calibre that breaks most users, or I don’t upload and see Calibre removed from testing. Not an easy decision.

Thus, my original plan was to keep Calibre based on Python 2 as long as possible, and hope that upstream switches to Python 3 in time before the next Debian release. This would trigger a continuous update of most plugins and would allow users in Debian to have a seamless transition without complete breakage. Unfortunately, this plan seems to be not actually executable.

Now let us return to the FUD spread:

  • Calibre is actively developed upstream
  • Calibre in Debian is actively maintained
  • Calibre is Python 3 ready, but the plugins are not
  • Calibre 4 is ready for Debian as soon as the dependencies are updated
  • Calibre/Python3 is ready for upload to Debian, but breaks practically all users

Hope that helps everyone to gain some understanding about the current state of Calibre in Debian.

Sergio Durigan Junior: Installing Gerrit and Keycloak for GDB [Planet Debian]

Back in September, we had the GNU Tools Cauldron in the gorgeous city of Montréal (perhaps I should write a post specifically about it...). One of the sessions we had was the GDB BoF, where we discussed, among other things, how to improve our patch review system.

I have my own personal opinions about the current review system we use (mailing list-based, in a nutshell), and I haven't felt very confident to express it during the discussion. Anyway, the outcome was that at least 3 global maintainers have used or are currently using the Gerrit Code Review system for other projects, are happy with it, and that we should give it a try. Then, when it was time to decide who wanted to configure and set things up for the community, I volunteered. Hey, I'm already running the Buildbot master for GDB, what is the problem to manage yet another service? Oh, well.

Before we dive into the details involved in configuring and running gerrit in a machine, let me first say that I don't totally support the idea of migrating from mailing list to gerrit. I volunteered to set things up because I felt the community (or at least the its most active members) wanted to try it out. I don't necessarily agree with the choice.

Ah, and I'm writing this post mostly because I want to be able to close the 300+ tabs I had to open on my Firefox during these last weeks, when I was searching how to solve the myriad of problems I faced during the set up!

The initial plan

My very initial plan after I left the session room was to talk to the sourceware.org folks and ask them if it would be possible to host our gerrit there. Surprisingly, they already have a gerrit instance up and running. It's been set up back in 2016, it's running an old version of gerrit, and is pretty much abandoned. Actually, saying that it has been configured is an overstatement: it doesn't support authentication, user registration, barely supports projects, etc. It's basically what you get from a pristine installation of the gerrit RPM package in RHEL 6.

I won't go into details here, but after some discussion it was clear to me that the instance on sourceware would not be able to meet our needs (or at least what I had in mind for us), and that it would be really hard to bring it to the quality level I wanted. I decided to go look for other options.

The OSCI folks

Have I mentioned the OSCI project before? They are absolutely awesome. I really love working with them, because so far they've been able to meet every request I made! So, kudos to them! They're the folks that host our GDB Buildbot master. Their infrastructure is quite reliable (I never had a single problem), and Marc Dequénes (Duck) is very helpful, friendly and quick when replying to my questions :-).

So, it shouldn't come as a surprise the fact that when I decided to look for other another place to host gerrit, they were my first choice. And again, they delivered :-).

Now, it was time to start thinking about the gerrit set up.

User registration?

Over the course of these past 4 weeks, I had the opportunity to learn a bit more about how gerrit does things. One of the first things that negatively impressed me was the fact that gerrit doesn't handle user registration by itself. It is possible to have a very rudimentary user registration "system", but it relies on the site administration manually registering the users (via htpasswd) and managing everything by him/herself.

It was quite obvious to me that we would need some kind of access control (we're talking about a GNU project, with a copyright assignment requirement in place, after all), and the best way to implement it is by having registered users. And so my quest for the best user registration system began...

Gerrit supports some user authentication schemes, such as OpenID (not OpenID Connect!), OAuth2 (via plugin) and LDAP. I remembered hearing about FreeIPA a long time ago, and thought it made sense using it. Unfortunately, the project's community told me that installing FreeIPA on a Debian system is really hard, and since our VM is running Debian, it quickly became obvious that I should look somewhere else. I felt a bit sad at the beginning, because I thought FreeIPA would really be our silver bullet here, but then I noticed that it doesn't really offer a self-service user registration.

After exchanging a few emails with Marc, he told me about Keycloak. It's a full-fledged Identity Management and Access Management software, supports OAuth2, LDAP, and provides a self-service user registration system, which is exactly what we needed! However, upon reading the description of the project, I noticed that it is written in Java (JBOSS, to be more specific), and I was afraid that it was going to be very demanding on our system (after all, gerrit is also a Java program). So I decided to put it on hold and take a look at using LDAP...

Oh, man. Where do I start? Actually, I think it's enough to say that I just tried installing OpenLDAP, but gave up because it was too cumbersome to configure. Have you ever heard that LDAP is really complicated? I'm afraid this is true. I just didn't feel like wasting a lot of time trying to understand how it works, only to have to solve the "user registration" problem later (because of course, OpenLDAP is just an LDAP server).

OK, so what now? Back to Keycloak it is. I decided that instead of thinking that it was too big, I should actually install it and check it for real. Best decision, by the way!

Setting up Keycloak

It's pretty easy to set Keycloak up. The official website provides a .tar.gz file which contains the whole directory tree for the project, along with helper scripts, .jar files, configuration, etc. From there, you just need to follow the documentation, edit the configuration, and voilà.

For our specific setup I chose to use PostgreSQL instead of the built-in database. This is a bit more complicated to configure, because you need to download the JDBC driver, and install it in a strange way (at least for me, who is used to just editing a configuration file). I won't go into details on how to do this here, because it's easy to find on the internet. Bear in mind, though, that the official documentation is really incomplete when covering this topic! This is one of the guides I used, along with this other one (which covers MariaDB, but can be adapted to PostgreSQL as well).

Another interesting thing to notice is that Keycloak expects to be running on its own virtual domain, and not under a subdirectory (e.g, https://example.org instead of https://example.org/keycloak). For that reason, I chose to run our instance on another port. It is supposedly possible to configure Keycloak to run under a subdirectory, but it involves editing a lot of files, and I confess I couldn't make it fully work.

A last thing worth mentioning: the official documentation says that Keycloak needs Java 8 to run, but I've been using OpenJDK 11 without problems so far.

Setting up Gerrit

The fun begins now!

The gerrit project also offers a .war file ready to be deployed. After you download it, you can execute it and initialize a gerrit project (or application, as it's called). Gerrit will create a directory full of interesting stuff; the most important for us is the etc/ subdirectory, which contains all of the configuration files for the application.

After initializing everything, you can try starting gerrit to see if it works. This is where I had my first trouble. Gerrit also requires Java 8, but unlike Keycloak, it doesn't work out of the box with OpenJDK 11. I had to make a small but important addition in the file etc/gerrit.config:

[container]
    ...
    javaOptions = "--add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED"
    ...

After that, I was able to start gerrit. And then I started trying to set it up for OAuth2 authentication using Keycloak. This took a very long time, unfortunately. I was having several problems with Gerrit, and I wasn't sure how to solve them. I tried asking for help on the official mailing list, and was able to make some progress, but in the end I figured out what was missing: I had forgotten to add the AddEncodedSlashes On in the Apache configuration file! This was causing a very strange error on Gerrit (as you can see, a java.lang.StringIndexOutOfBoundsException!), which didn't make sense. In the end, my Apache config file looks like this:

<VirtualHost *:80>
    ServerName gnutoolchain-gerrit.osci.io

    RedirectPermanent / https://gnutoolchain-gerrit.osci.io/r/
</VirtualHost>

<VirtualHost *:443>
    ServerName gnutoolchain-gerrit.osci.io

    RedirectPermanent / /r/

    SSLEngine On
    SSLCertificateFile /path/to/cert.pem
    SSLCertificateKeyFile /path/to/privkey.pem
    SSLCertificateChainFile /path/to/chain.pem

    # Good practices for SSL
    # taken from: <https://mozilla.github.io/server-side-tls/ssl-config-generator/>

    # intermediate configuration, tweak to your needs
    SSLProtocol             all -SSLv3
    SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    SSLHonorCipherOrder     on
    SSLCompression          off
    SSLSessionTickets       off

    # OCSP Stapling, only in httpd 2.3.3 and later
    #SSLUseStapling          on
    #SSLStaplingResponderTimeout 5
    #SSLStaplingReturnResponderErrors off
    #SSLStaplingCache        shmcb:/var/run/ocsp(128000)

    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
    Header always set Strict-Transport-Security "max-age=15768000"

    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On
    <Proxy *>
        Require all granted
    </Proxy>

    AllowEncodedSlashes On
        ProxyPass /r/ http://127.0.0.1:8081/ nocanon
        #ProxyPassReverse /r/ http://127.0.0.1:8081/r/
</VirtualHost>

I confess I was almost giving up Keycloak when I finally found the problem...

Anyway, after that things went more smoothly. I was finally able to make the user authentication work, then I made sure Keycloak's user registration feature also worked OK...

Ah, one interesting thing: the user logout wasn't really working as expected. The user was able to logout from gerrit, but not from Keycloak, so when the user clicked on "Sign in", Keycloak would tell gerrit that the user was already logged in, and gerrit would automatically log the user in again! I was able to solve this by redirecting the user to Keycloak's logout page, like this:

[auth]
    ...
    logoutUrl = https://keycloak-url:port/auth/realms/REALM/protocol/openid-connect/logout?redirect_uri=https://gerrit-url/
    ...

After that, it was already possible to start worrying about configure gerrit itself. I don't know if I'll write a post about that, but let me know if you want me to.

Conclusion

If you ask me if I'm totally comfortable with the way things are set up now, I can't say that I am 100%. I mean, the set up seems robust enough that it won't cause problems in the long run, but what bothers me is the fact that I'm using technologies that are alien to me. I'm used to setting up things written in Python, C, C++, with very simple yet powerful configuration mechanisms, and an easy to discover what's wrong when something bad happens.

I am reasonably satisfied with the Keycloak logs things, but Gerrit leaves a lot to be desired in that area. And both projects are written in languages/frameworks that I am absolutely not comfortable with. Like, it's really tough to debug something when you don't even know where the code is or how to modify it!

All in all, I'm happy that this whole adventure has come to an end, and now all that's left is to maintain it. I hope that the GDB community can make good use of this new service, and I hope that we can see a positive impact in the quality of the whole patch review process.

My final take is that this is all worth as long as the Free Software and the User Freedom are the ones who benefit.

P.S.: Before I forget, our gerrit instance is running at https://gnutoolchain-gerrit.osci.io.

03:42

The Dark Side [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Tonight's comic didn't mean to hurt your feelings.

02:58

A Brief Glimpse Into the Inexpressible Glamor of My Life [Whatever]

I have a non-trivial case of tendonitis in my left shoulder and my doctor’s advice for it is mild stretching, Aleve for the inflammation, and an ice pack to deal with swelling. The ice pack I’ve been using: A bag of frozen peas, because it’s conveniently sized for my shoulder and because the frozen peas are cold without melting on me and/or giving me frostbite.

With that said, the regular thawing and refreezing of the peas in question are likely reducing their usefulness as actual foodstuffs, so we’ve marked the particular bag of peas I’m using as “shoulder peas” to make sure no one opens up the bag and tries to, you know, eat the things. Please never eat the shoulder peas, folks. I know where they’ve been. On my shoulder. Over and over again.

Also, tendonitis sucks, and I don’t recommend it to you. Especially if you’ve gotten it the way I have, which is to sleep on your arm wrong. Aging sucks, y’all.

02:00

Chris Lamb: Tour d'Orwell: The River Orwell [Planet Debian]

Continuing my Orwell-themed peregrination, a certain Eric Blair took his pen name "George Orwell" because of his love for a certain river just south of Ipswich, Suffolk. With sheepdog trials being undertaken in the field underneath, even the concrete Orwell Bridge looked pretty majestic from the garden centre — cum — food hall.

Flash is responsible for the internet’s most creative era [OSnews]

These days, our web browsers—whether on mobile or desktop—are highly functional and can do all sorts of things that we could only dream of a decade prior. But despite that, one could argue that the web has actually gotten less creative over time, not more. This interpretation of events is a key underpinning of Web Design: The Evolution of the Digital World 1990-Today (Taschen, $50), a new visual-heavy book from author Rob Ford and editor Julius Wiedemann that does something that hasn’t been done on the broader internet in quite a long time: It praises the use of Flash as a creative tool, rather than a bloated malware vessel, and laments the ways that visual convention, technical shifts, and walled gardens have started to rein in much of this unvarnished creativity. This is a realm where small agencies supporting big brands, creative experimenters with nothing to lose, and teenage hobbyists could stand out simply by being willing to try something risky. It was a canvas with a built-in distribution model. What wasn’t to like, besides a whole host of malware? I don’t think you can argue that the the Flash era yielded more creativity than, say, the whole of YouTube, but if you restrict the internet to just actual websites, there may be something to be said for this. I remember so many cool and amazing – at the time – Flash projects that you’d stumble across back when Flash was a normal, accepted thing, and those things have gone away, replaced not by cool HTML5 equivalents – as was promised – but by bland samey-samey websites, with far less creativity. I surely don’t mourn the loss of Flash, but it also wasn’t all bad.

Apple of 2019 is the Linux of 2000 [OSnews]

After my blood pressure dropped to healthier levels I got the strangest feeling of déjà vu. This felt exactly like using Linux in the early 2000s. Things break at random for reasons you can’t understand and the only way to fix it is to find terminal commands from discussion forums, type them in and hope for the best. Then it hit me. This was not an isolated incidence. The parallels are everywhere. I certainly wouldn’t go that far, but there’s definitely a kernel of truth to the perception that macOS just doesn’t feel as polished and effortless as it once was, during the Leopard days.

01:28

Podcast: False Flag [Cory Doctorow – Boing Boing]

In my latest podcast (MP3), I read my Green European Journal short story about the terrible European Copyright Directive which passed last March, False Flag. Published in December 2018, the story highlights the ways in which this badly considered law creates unlimited opportunities for abuse, especially censorship by corporations who've been embarassed by whistleblowers and activists.

The crew couldn’t even supply their videos to friendly journalists to rebut the claims from the big corporate papers. Just *linking* to a major newspaper required a paid license, and while the newspapers licensed to one another so they could reference articles in rival publications, the kinds of dissident, independent news outlets that had once provided commentary and analysis of what went into the news and what didn’t had all disappeared once the news corporations had refused to license the right to link to them.

Agata spoke with a lawyer she knew, obliquely, in guarded hypotheticals, and the lawyer confirmed what she’d already intuited.

“Your imaginary friend has no hope. They’d have to out themselves in order to file a counterclaim, tell everyone their true identity and reveal that they were behind the video. Even so, it would take six months to get the platforms to hear their case, and by then the whole story would have faded from the public eye. And if they *did* miraculously get people to pay attention again? Well, the fakers would just get the video taken offline again. It takes an instant for a bot to file a fake copyright claim. It takes months for humans to get the claim overturned. It’s asymmetrical warfare, and you’ll always be on the losing side.”

MP3

01:00

False Flag [Cory Doctorow's craphound.com]

In my latest podcast (MP3), I read my Green European Journal short story about the terrible European Copyright Directive which passed last March, False Flag. Published in December 2018, the story highlights the ways in which this badly considered law creates unlimited opportunities for abuse, especially censorship by corporations who’ve been embarassed by whistleblowers and activists.

The crew couldn’t even supply their videos to friendly journalists to rebut the claims from the big corporate papers. Just *linking* to a major newspaper required a paid license, and while the newspapers licensed to one another so they could reference articles in rival publications, the kinds of dissident, independent news outlets that had once provided commentary and analysis of what went into the news and what didn’t had all disappeared once the news corporations had refused to license the right to link to them.

Agata spoke with a lawyer she knew, obliquely, in guarded hypotheticals, and the lawyer confirmed what she’d already intuited.

“Your imaginary friend has no hope. They’d have to out themselves in order to file a counterclaim, tell everyone their true identity and reveal that they were behind the video. Even so, it would take six months to get the platforms to hear their case, and by then the whole story would have faded from the public eye. And if they *did* miraculously get people to pay attention again? Well, the fakers would just get the video taken offline again. It takes an instant for a bot to file a fake copyright claim. It takes months for humans to get the claim overturned. It’s asymmetrical warfare, and you’ll always be on the losing side.”

MP3

00:28

Debian XMPP Team: New Dino in Debian [Planet Debian]

Dino (dino-im in Debian), the modern and beautiful chat client for the desktop, has some nice, new features. Users of Debian testing (bullseye) might like to try them:

  • XEP-0391: Jingle Encrypted Transports (explained here)
  • XEP-0402: Bookmarks 2 (explained here)

Note, that users of Dino on Debian 10 (buster) should upgrade to version 0.0.git20181129-1+deb10u1, because of a number of security issues, that have been found (CVE-2019-16235, CVE-2019-16236, CVE-2019-16237).

There have been other XMPP related updates in Debian since release of buster, among them:

You might be interested in the Octobers XMPP newsletter, also available in German.

Monday, 14 October

23:56

Python 3.8.0 released [LWN.net]

Version 3.8.0 of the Python language has been released. New features include the controversial assignment expressions, positional-only arguments, the Vectorcall mechanism, and more; see the what's new in Python 3.8 document for more information.

22:07

If You See a Prude Eating Ass In a Sex Club Are You Obligated To Keep Quiet About It? [The Stranger, Seattle's Only Newspaper: Savage Love]

Savage Love Letter of the Day by Dan Savage

1548976856-savage-letter-of-the-day-stamp-2019.jpg

This question concerns both sex and etiquette: How much privacy can one reasonably expect while engaging in consensual sex in a sex club? While visiting one of those open-to-the-public establishments that cater to men who want to get off with other men, I saw an uptight but openly gay prig who is a member of my social circle. I shared this fact with a straight-but-gay-friendly woman while dishing the dirt over cocktails. She blabbed it to others.

This issue has turned a group of adult men and women into a squabbling mob of kids at recess. Three camps have formed on our little playground: (1) There is some kind of fag code of honor that nobody ever told me about that says that whatever deeds take place in these establishments stay there. (This is Mr. Prig's position.) (2) One is free to talk about what one sees in a sex club but one should be discreet when sharing that information. (Telling a straight woman, for example, would be out of bounds.) (3) If you choose to rim one man while being sucked by another in full view of 30 people in a quasi-public place in New York City, well, you've really blown any expectation of anonymity. (This is my view.)

Your input as an expert on sex and manners would be greatly appreciated.

Blabber Mouth

I forwarded your letter to Judith Martin, a.k.a. Miss Manners, who regularly tackles etiquette questions in her very fine advice column. Alas, gentle reader, Miss Manners has not, as of this writing, done me the courtesy of responding. Therefore I shall, with your kind indulgence, wing it:

The gay man who cultivates a priggish persona—the type who makes an elaborate show of disgust when he hears of other gay men's feats of sexual daring-do—must never allow himself to be seen in public engaged in a sex act that requires more than two dozen syllables and four languages to accurately catalogue, e.g., an exhibitionist homosexual ménage à trois featuring analingus and fellatio.

As for the amount of privacy a person can "reasonably expect" in a sex club, a prig may desire privacy in a public sex environment, hoping that others present will be as discreet as the prig is being indiscreet, but there's nothing reasonable about that expectation. In fact, it's thoroughly irrational. As for the first camp's position—"[there's a] fag code of honor... that says that whatever deeds take place in [sex clubs] stay there"—that's news to me. Most gay men, as most gay men will tell you, are terrible gossips. If you don't want gay men gossiping about your sex life, don't have sex in front of a crowd of gay men. Likewise, the second camp's position—gay men, as a rule, should be discreet—isn't grounded in reality. If discretion is a "rule," well, it's one that gay men flout as aggressively as we do those "sexual conduct strictly prohibited" signs posted in the locker rooms of better health clubs everywhere.

While most gay men regard rimming and sucking as relatively vanilla, performing both at once in front of 30 men is a remarkably sleazy thing to do—and it's Mr. Prig's own fault his sex-club tableau was so remarkable. Had Mr. Prig refrained from misrepresenting himself to his social circle, then there wouldn't have been anything remarkable about spotting him in a sex club with his tongue wedged in a strange man's rump. If your friends knew him for an ass-eating sleaze-o-rama, you wouldn't have had the dirt on him. That Mr. Prig's public sexual conduct conflicted with his publicly stated beliefs about sex made his behavior remarkable and blabworthy. Mr. Prig is a hypocrite, now unmasked, with no one to blame but himself for his humiliation.

Finally, let me remind my gentle readers that rimming is not a first-date activity. While low-risk for HIV, rimming is high-risk for everything else, and if you don't know how recently your companion has showered, rimming is in terribly poor taste. I believe Judith Martin disagrees on this point, but Miss Manners takes a more permissive position on oral-anal contact than I, which is her prerogative as a lady.

Originally published March 22, 2001.



••••••••••••••••••••••••••••

Listen to my podcast, the Savage Lovecast, at www.savagelovecast.com.

Impeach the motherfucker already! Get your ITMFA buttons, t-shirts, hats and lapel pins and coffee mugs at www.ITMFA.org!

Tickets to HUMP 2019 are on sale now! Get them here!

[ Comment on this story ]

[ Subscribe to the comments on this story ]

21:56

Page 1 [Flipside]

Page 1 is done.

21:14

The Humble Book Bundle: Before 9, After 5 [Humble Bundle Blog]

Before nine, after five. Whether you want to learn a new skill or brush up on an existing one, this

Continue reading

The post The Humble Book Bundle: Before 9, After 5 appeared first on Humble Bundle Blog.

The Humble Software Bundle: RPG Maker Returns [Humble Bundle Blog]

Unleash the magic of RPG Maker. Degica returns to Humble with a bundle of software, music packs, tilesets, and resource

Continue reading

The post The Humble Software Bundle: RPG Maker Returns appeared first on Humble Bundle Blog.

The Humble Book Bundle: Computer Productivity & Coding by Mercury Learning [Humble Bundle Blog]

Work smarter, not harder. Get productive in front of the screen with this bundle from Mercury Learning! Get over $941

Continue reading

The post The Humble Book Bundle: Computer Productivity & Coding by Mercury Learning appeared first on Humble Bundle Blog.

Get Call of Duty: WWII, Crash Bandicoot, & Spyro with November 2019 Humble Monthly [Humble Bundle Blog]

Hey Gamers, We’ve got HUGE news this month. We’re revealing not one but THREE games early this month for November

Continue reading

The post Get Call of Duty: WWII, Crash Bandicoot, & Spyro with November 2019 Humble Monthly appeared first on Humble Bundle Blog.

October 2019’s Humble Monthly Games [Humble Bundle Blog]

Hey there Humble Monthly subscribers, We’ve got great news! October 2019’s Humble Monthly subscription games are ready for you to

Continue reading

The post October 2019’s Humble Monthly Games appeared first on Humble Bundle Blog.

The Humble Make Your Card Game! Bundle [Humble Bundle Blog]

Play your cards right. REXARD is back with a bundle full of assets perfect for creating the card game of

Continue reading

The post The Humble Make Your Card Game! Bundle appeared first on Humble Bundle Blog.

The Humble Book Bundle: Bundle of Bundles by Open Road Media [Humble Bundle Blog]

Bundles within a bundle. Bundleception is upon us with a bundle filled with over $561 worth of ebook bundles! Humble

Continue reading

The post The Humble Book Bundle: Bundle of Bundles by Open Road Media appeared first on Humble Bundle Blog.

The Humble One Special Day Bundle 2019 [Humble Bundle Blog]

It’s everyone’s turn to play video games. We’ve teamed up with awesome game developers and publishers once again to support

Continue reading

The post The Humble One Special Day Bundle 2019 appeared first on Humble Bundle Blog.

The Humble Book Bundle: Linux & UNIX by O’Reilly [Humble Bundle Blog]

The power of open source. We’ve teamed up with No Starch Press and O’Reilly for our newest bundle! Get $652+

Continue reading

The post The Humble Book Bundle: Linux & UNIX by O’Reilly appeared first on Humble Bundle Blog.

Be the Match Helps Patients with Leukemia [Humble Bundle Blog]

Be The Match helps patients with leukemia, lymphoma and other diseases who need a marrow or umbilical cord blood transplant.

Continue reading

The post Be the Match Helps Patients with Leukemia appeared first on Humble Bundle Blog.

20:56

Kickstarting a deluxe "Dracula" edition in a suitcase full of "primary source materials" from the novel [Cory Doctorow – Boing Boing]

Josh O'Neill writes, "We're doing a box set edition of Dracula in which we reconstitute the novel into the primary source documents from which it's drawn: Mina's diary, Lucy's letters, Dailygraph newspaper clippings, even an actual phonograph record from Dr. Seward. It comes in a suitcase. Or a wooden casket or stone crypt, depending on the edition."

Josh is from Beehive Books, who've produced some of the loveliest limited editions we've featured over the past three years, and they've got an excellent track record when it comes to delivering on these crowdfunded editions.

Dracula itself is a remarkable text, a combination of epistolary novel and assemblage of clippings and other fragments, still modern-seeming after all these years (which is fitting, given the extent to which it is at root a parable about the power of modernity -- lights, telegraphs, science -- to defeat superstition).

$25 gets you a PDF, $100 gets you the record with its jacket and accompanying textual material as well as a map, $350 gets you a suitcase with all the materials, $800 gets you a limited version with bonus materials, $2000 gets you the "Entombed Edition" with a letter from Dacre Stoker (Bram's grand-nephew), handmade items, and a special case ("a stone vault").

It's all scheduled to ship in Oct 2021.

Beehive ends its pitch by supporting the unionization drive by Kickstarter workers, noting that the workers have not called for a boycott while they seek recognition for their union.

We will produce twenty-six premium editions, each lettered A-Z and signed and personally inscribed to you or an individual of your choosing by Dacre Stoker. The contents will be presented in an engraved stone vault. Includes all contents of the ARCHIVE and IMMORTAL editions, plus a number of to-be-determined unique, hand-made items inserted into each ENTOMBED Edition, including:

* pressed flowers slipped into Mina's journal

* skeleton keys to Carfax Abbey

* the double-disc gatefold record set (see THE PHONOGRAPH below)

* a vessel of actual Transylvanian soil

* partially burnt documents

* unique handwritten (not printed) documents

* actual communion wafers

* ...and more.

DRACULA: The Evidence [Beehive Books/Kickstarter]

What it would cost to build Trump's snake-and-alligator border moat [Cory Doctorow – Boing Boing]

Earlier this month, we learned that one of the most enduring frustrations of Trump's presidency is that no one will take his suggestion of building a moat filled with man-eating alligators and poisonous snakes along the US border (something he's been talking up for at least 35 years!).

The editorial staff of Defenseone, presumably still stinging from being accused of being anti-Trump propagandists by a belligerent CBP officer at Dulles Airport, have decided to give Trump a little help by costing out the total budget for such a project.

They have to make some assumptions, of course -- such as a minimum of 10 gators and 1,000 snakes per moat-mile -- and they also count on making some cost savings by sourcing cheap gators from police auctions.

Here's the bottom line, though: 19,450 border gators will run $40.4m, including shipping. 1,954,000 snakes, meanwhile, will cost $683.9m, a cost that must be reupped every seven years, due to the regrettably short lifespans of coral snakes and water moccasins.

Then there's the feed issue: if the snakes and gators work, there will be a shortage of human border-crossers for them to eat, so that's $291m/year for frozen rats and gator pellets. The accompanying zoologists will cost $135.7m/year.

Then there are the medical costs for border crossers who are injured but not killed by the moat-dwellers, ballparked at $1.3b/year (much of that is price-gouging by monopolistic pharma companies who have giant markups on their antivenom).

The total bill? $2.5b to set up and $1.8b/year to operate. But that's before the beltway bandits get a chance to put in their no-bid, cost-plus contracts, so probably safe to quintuple that.

This budget estimate, of course, does not include the cost of building the actual moat into which the guard force would be deployed. Here we can draw upon the past precedent of diverting $3.6 billion from the U.S. military construction budgets towards border wall repairs. While there has not been a single terrorist attack over the last 15 years linked to illegal immigrants, we can make the case that the alligator and snake moat is a far better national security investment than new military housing for our troops, repairs of base schools for their families, or training ranges and command and control facilities to allow them to win any future wars.

In conclusion, the multi-billion dollar costs of a snake-and-alligator filled moat along the U.S. border are a major commitment. But what better way to show President Trump’s own commitment to American values than by putting tens of thousands of dangerous animals right alongside its citizens?

The Snake-And-Alligator Border Moat: A Budget Analysis [Peter W. Singer/Defenseone]

(via Lowering the Bar)

German bank robber staged a 5-day fillibuster with his legally guaranteed right to a post-sentencing "final word" [Cory Doctorow – Boing Boing]

German law allows convicted criminals to deliver a "final word" ("Schlusswort") in court after their sentencing; this right is typically waived or used to deliver a few words of apology and remorse, but when a Hamburg court sentenced 71-year-old bank robber Michael Jauernik to 12 years in jail, he used his "final word" to speak for five solid days.

The speech included sharp criticisms of his counsel and the police investigators, as well as boasts about Jauernik's own legal expertise. Jauernik already served lengthy sentences for bank robberies in the 1970s and 1980s.

Jauernik appears to have an affinity for five-day criminal justice system spectacles, having led a five-day prison riot in Fuhlsbüttel prison in 1990.

Jauernik, who attended court in sunglasses, ranted about allegedly incompetent investigators and claimed he had more legal knowledge than his lawyers, CNN affiliate RTL reported. Jauernik's speech spanned five days, a source in the court press office confirmed.

As the verdict was delivered, the 71-year-old continually interrupted the judge, RTL said.

Convicted bank robber makes 5-day closing speech to court [Amy Woodyatt and Stephanie Halasz/CNN]

(via Lowering the Bar)

20:14

PyPy 7.2 released [LWN.net]

Version 7.2 of PyPy, an implementation of the Python language, is out. With this release, Python 3.6 support is deemed ready: "This release removes the 'beta' tag from PyPy3.6. While there may still be some small corner-case incompatibilities (around the exact error messages in exceptions and the handling of faulty codec errorhandlers) we are happy with the quality of the 3.6 series and are looking forward to working on a Python 3.7 interpreter."

Apple told TV Plus showrunners to avoid plots that might upset Chinese officials [Cory Doctorow – Boing Boing]

In early 2018, Apple SVP of internet software and services Eddy Cue and SVP of internet software and services Morgan Wandell instructed TV creators it had commissioned to produce content for Apple TV Plus to avoid plots and scenarios that held China and the Chinese state up in a critical light.

Buzzfeed quotes an anonymous showrunner who says this is common practice in all of Hollywood's streaming giants, who fear that upsetting the Chinese state could result in a blockade of all their offerings (China permanently blocked Apple's Ibooks and Itunes Movies in 2016 over similar concerns).

These were hardly the first of their kind. In the second half of 2018, Apple challenged or rejected just two of 56 app takedown requests from China, removing 517 apps at the government’s behest, according to the company’s transparency report. Apple said the vast majority of these apps were for porn and gambling, but it has also removed an unspecified number of virtual private networking and news apps. Apple provided customer data to the Chinese government 96% of the time when it asked about a device, and 98% of the time when it asked about an account. In the US, those numbers were around 80% and the US government did not make any app removal requests.

In September, Apple seemed to brush off the seriousness of an exploit attack directed at the Uighur ethnic minority. “The sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse,’” Apple said in a blog post acknowledging the attack. “The attack affected fewer than a dozen websites that focus on content related to the Uighur community.”

Apple Told Some Apple TV+ Show Developers Not To Anger China [Alex Kantrowitz and John Paczkowski/Buzzfeed]

(via /.)

19:28

[$] Finding race conditions with KCSAN [LWN.net]

Race conditions can be some of the trickiest bugs to find. The resulting problems can be subtle, and reproducing the problem in order to track it down can be difficult or impossible; often code inserted to narrow down a race condition will cause it to stop manifesting entirely. A tool that can find race conditions automatically would thus be a valuable thing for the kernel community to have. In late September, Marco Elver announced a tool called KCSAN (the Kernel Concurrency Sanitizer) that does exactly that — and which has already found a number of real problems.

China's new cybersecurity rules ban foreign companies from using VPNs to phone home [Cory Doctorow – Boing Boing]

For decades, it was a commonplace in western business that no one could afford to ignore China: whatever problems a CEO might have with China's human rights record could never outweigh the profits to be had by targeting the growing Chinese middle-class.

Businesses tied themselves in knots trying to reconcile this. Exactly 15 years ago, I challenged the Chairman of Google's Board at the Web 2.0 Conference over his company's decision to censor its search-results to help the Chinese state suppress political dissidence (his excuse: censoring search results delivered a "superior user experience" because including sites blocked by the Great Firewall in search results would just frustrate Chinese users who tried to click on them). The real reason? Yahoo was in China, and in 2004, if you wanted to get Google to do something stupid, all you needed to do was get Yahoo to do it first.

Two years later, we learned that Yahoo had secured their commercial future in China by helping the Chinese state target dissidents' Yahoo Mail inboxes, so that Yahoo's users could be kidnapped and tortured for their political activities.

Five years after that, Google disclosed that Chinese spies had hacked Gmail in order to continue their surveillance of pro-democracy activists, and revealed that this was the reason the company had pulled out of China altogether. Google co-founder Sergey Brin, a Soviet refugee, could not stomach being a party to repressive state surveillance.

But since then, Google has embarked upon a secret project to re-introduce a censored/surveilling search tool to the Chinese market.

Google's not alone. Apple is totally dependent on China, both for customers and for manufacturing, which is why it agreed to remove all functional VPNs from its App Store, leaving only those that had backdoors for Chinese spies.

Now, with the Hong Kong uprising in full swing, Apple has caved in and blocked an app that let Hong Kongers avoid the city-state's murderous police thugs.

Not just Apple, either: basketball fans have been disgusted to watch the NBA (also totally dependent on China for broadcasting fees and merch sales) censor its fans and owners who voiced support for Hong Kong's pro-democracy movement.

All along, businesses have insisted that if only we were patient and allowed them to make billions from China, China would "westernize" and embrace an open and free political model that would justify all those petty and gross human rights abuses that western companies profited from.

The tacit quid-pro-quo for that support was that China would leave its western collaborators alone, at least outside of China. That's what made the Gmail hacks so shocking, after all -- breaking into Google's servers was a violation of the unspoken deal between China and Google. Likewise the outrage over the NBA censoring American fans and owners -- it's one thing to sanitize your in-China offerings to appease the murdering autocrats of China, but another thing entirely to allow those war-criminals to reach into America and decide who may speak and what they may say.

But China was always going to embrace-and-extend its reach over western companies, and this is just the beginning.

The latest move is the long-threatened extension of Chinese spying powers over foreign companies, whose employees are to be prohibited from using working VPNs to communicate with their non-Chinese offices. These employees will now be left to use the same censored internet as Chinese citizens, and every trade secret and confidential communique they transmit to their home offices will be open to capture, inspection and use by Chinese authorities and the state industries they have long supported by funneling proprietary foreign corporate data to domestic competitors.

The Chinese "Cybersecurity Law" enables Chinese authorities to access any data on any server or personal computer, even those used by foreign firms. Moreover, a new Foreign Investment Law that takes effect in 2020 will eliminate any special dispensations currently enjoyed by foreign firms (for example, foreign firms are presently exempt from rules that allow the Chinese state to insert political appointees within the executive ranks of companies to monitor their operations -- this will no longer be the case as of Jan 1).

As Steve Dickinson points out on the China Law Blog, the ability of Chinese firms to spy on all communications between Chinese and offshore offices of US firms compromises US companies' ability to comply with US laws restricting the export of "sensitive technologies" -- the fact that the Chinese state can simply plunder these technologies from US companies' servers means that whether or not the US companies turn their trade secrets over, they can still be presumed to be in the hands of the Chinese state and military and the Chinese companies that are closely aligned with them.

Under the new Chinese system, trade secrets are not permitted. This means that U.S. and EU companies operating in China will now need to assume any “secret” they seek to maintain on a server or network in China will automatically become available to the Chinese government and then to all of their Chinese government controlled competitors in China, including the Chinese military. This includes phone calls, emails, WeChat messages and any other form of electronic communication. Since no company can reasonably assume its trade secrets will remain secret once transmitted into China over a Chinese controlled network, they are at great risk of having their trade secret protections outside China evaporating as well.

The U.S. or EU company may have an enforceable agreement with the Chinese recipient of its confidential information. So trade secrecy is protected with respect to that authorized recipient. But if the secret is easily available to the Chinese government, there is no real trade secret protection.

By giving the Chinese government and its cronies full access to its data, the U.S. or EU company may very well be deemed to have illegally exported technology to China and it could face millions of dollars in fines and even prison sentences for some of its officers and directors. There is an inherent conflict between foreign laws mandating a company not transfer its technology and China’s laws which effectively mandate that transfer.

China's New Cybersecurity Program: NO Place to Hide [Steve Dickinson/China Law Blog]

(via Four Short Links)

19:00

Arturo Borrero González: What to expect in Debian 11 Bullseye for nftables/iptables [Planet Debian]

Logo

Debian 11 codename Bullseye is already in the works. Is interesting to make decision early in the development cycle to give people time to accommodate and integrate accordingly, and this post brings you the latest update on the plans for Netfilter software in Debian 11 Bullseye. Mind that Bullseye is expected to be released somewhere in 2021, so still plenty of time ahead.

The situation with the release of Debian 10 Buster is that iptables was using by default the -nft backend and one must explicitly select -legacy in the alternatives system in case of any problem. That was intended to help people migrate from iptables to nftables. Now the question is what to do next.

Back in July 2019, I started an email thread in the debian-devel@lists.debian.org mailing lists looking for consensus on lowering the archive priority of the iptables package in Debian 11 Bullseye. My proposal is to drop iptables from Priority: important and promote nftables instead.

In general, having such a priority level means the package is installed by default in every single Debian installation. Given that we aim to deprecate iptables and that starting with Debian 10 Buster iptables is not even using the x_tables kernel subsystem but nf_tables, having such priority level seems pointless and inconsistent. There was agreement, and I already made the changes to both packages.

This is another step in deprecating iptables and welcoming nftables. But it does not mean that iptables won’t be available in Debian 11 Bullseye. If you need it, you will need to use aptitude install iptables to download and install it from the package repository.

The second part of my proposal was to promote firewalld as the default ‘wrapper’ for firewaling in Debian. I think this is in line with the direction other distros are moving. It turns out firewalld integrates pretty well with the system, includes a DBus interface and many system daemons (like libvirt) already have native integration with firewalld. Also, I believe the days of creating custom-made scripts and hacks to handle the local firewall may be long gone, and firewalld should be very helpful here too.

18:42

Orban humiliated: Hungary's crypto-fascist Fidesz party suffers string of municipal election defeats [Cory Doctorow – Boing Boing]

Viktor Orban and his far-right, xenophobic, conspiratorial Fidesz party have led Hungary through a string of catastrophes, from its handling of Middle Eastern migrants to its ouster of the internationally famous Central European University to the passage of a slave labor bill that allowed employers to require hundreds of hours of mandatory overtime that needn't be paid for for years to the creation of a parallel system of partisan "administrative courts" to investigate government corruption and electoral fraud.

Despite widespread opposition to Orban and Fidesz's program, they continued to win supermajorities in national elections, allowing them to ram their agenda (proudly described as "illiberal" by the party itself) through (it didn't help that opposition politicians who spoke against Fidesz's legislation were dragged out of TV stations and administered savage beatings by goon-squads).

Finally, the dam is breaking: a "unity" coalition of both right- and left-wing parties backed a slate of candidates in Hungarian municipal elections, winning not just in Budapest, but in 10 of the 23 largest cities in Hungary. The electoral victory was enabled in part by a sex-scandal in Fidesz, but it also overcame promises by Orban to use his office to punish any precincts that voted against Fidesz.

There are real parallels between the urban-led repudiation of Orban and the recent, repeated humiliations for Turkey's fascist Recep Tayyip Erdogan suffered in Turkey's municipal elections. It maps to a global pattern (alive and well in the USA, of course) of dense urban centers swinging for progressive candidates, but being swamped by the dwindling cohort of rural, low-density voters whose votes count for much more than those of urbanites (see also: Toronto).

The elections were seen as a rare chance for the beleaguered opposition to roll back the power of Fidesz, which also hold a supermajority in parliament, and Orbán who has boasted about building an “illiberal state”.

Parties from left to right joined forces in an effort to wrest control of Fidesz-held municipalities and prevent an electoral rout for the first time in almost a decade. In many municipalities just one opposition challenger lined up against Fidesz.

Polls had still forecast only slight gains nationwide for the opposition outside the capital, but in another surprise it won 10 of 23 of Hungary’s main cities.

The vote was seen as a litmus test for its new strategy of cooperation, which could offer a route to mount a serious challenge to Orbán at the next general election in 2022.

Blow for Hungary PM Orbán as opposition wins Budapest mayoral race [AFP/The Guardian]

(via Metafilter)

(Image: EPP, CC BY, modified)

18:00

Quicklisp news: October 2019 Quicklisp dist update now available [Planet Lisp]

New projects:

  • 3bz — deflate decompressor — MIT
  • bp — Bitcoin Protocol components in Common Lisp — MIT
  • cardiogram — Simple test framework — MIT
  • cesdi — Provides a compute-effective-slot-definition-initargs generic function that allows for more ergonomic initialization of effective slot definition objects. — Unlicense
  • chameleon — Configuration management facilities for Common Lisp with multiple profile support. — MIT
  • ci-utils — A set of tools for using CI platforms — MIT
  • cl-clsparse — Common Lisp bindings for clSPARSE — Apache License, Version 2.0
  • cl-ecma-48 — This package exports a macro for defining ECMA-48 control functions and the 162 functions defined by this. — AGPLv3
  • cl-flat-tree — A flat-tree implementation in Common Lisp. — MIT
  • cl-kraken — A Common Lisp API client for the Kraken exchange — MIT
  • cl-naive-store — This is a naive, persisted, in memory (lazy loading) data store for Common Lisp. — MIT
  • cl-shlex — Lexical analyzer for simple shell-like syntax. — MIT
  • cl-smt-lib — SMT object supporting SMT-LIB communication over input and output streams — BSD-3-Clause
  • cl-wadler-pprint — An implementation of A Prettier Printer in Common Lisp. — Apache-2.0/MIT
  • classowary — An implementation of the Cassowary linear constraint solver toolkit — zlib
  • clsql-local-time — Allows the use of local-time:timestamp objects in CLSQL models and queries — MIT license
  • datamuse — Common Lisp library for accessing the Datamuse word-finding API — MIT
  • date-calc — Package for simple date calculation — GPL or Artistic
  • font-discovery — Find system font files matching a font spec. — zlib
  • horse-html — Parenscript/HTML done better — MIT
  • hunchentoot-multi-acceptor — Multiple domain support under single hunchentoot acceptor — Apache License, Version 2.0
  • lila — a cleaner language based on Common Lisp — MIT
  • linear-programming — A library for solving linear programming problems — MIT
  • lsx — Embeddable HTML templating engine with JSX-like syntax — BSD 2-Clause
  • markup — markup provides a reader-macro to read HTML/XML tags inside of Common Lisp code — Apache License, Version 2.0
  • num-utils — Numerical utilities for Common Lisp — Boost Software License - Version 1.0
  • orizuru-orm — An ORM for Common Lisp and PostgreSQL. — GPLv3
  • paren6 — Paren6 is a set of ES6 macros for Parenscript — Apache License, version 2.0
  • pngload-fast — A reader for the PNG image format. — MIT
  • polisher — Infix notation to S-expression translator — MIT
  • select — DSL for array slices. — Boost
  • simple-parallel-tasks — Evaluate forms in parallel — GPL-3
  • stripe — A client for the Stripe payment API. — MIT
  • trivial-extensible-sequences — Portability library for the extensible sequences protocol. — zlib
  • trivial-package-local-nicknames — Portability library for package-local nicknames — Public domain
  • uax-14 — Implementation of the Unicode Standards Annex #14's line breaking algorithm — zlib
  • uax-9 — Implementation of the Unicode Standards Annex #9's bidirectional text algorithm — zlib
  • with-output-to-stream — Provides a simple way of directing output to a stream according to the concise and intuitive semantics of FORMAT's stream argument. — Public Domain
  • ziz — An ad hoc Quicklisp distribution. — MIT
Updated projects: 3d-matricesalso-alsaanaphoraantikaprilarchitecture.service-providerasdf-encodingsasteroidsatomicsbikebinary-iobinfixbknr-datastoreblack-tiebodge-chipmunkbodge-glfwbodge-nanovgbodge-nuklearbodge-odebodge-openalbodge-sndfilecavemanceplcl+sslcl-algebraic-data-typecl-amqpcl-change-casecl-collidercl-cookiecl-coverallscl-cudacl-dbicl-digikar-utilitiescl-fadcl-fondcl-freetype2cl-geocodecl-hamcrestcl-ipfs-api2cl-kanrencl-ledgercl-lexercl-lzlibcl-mangocl-marklesscl-mssqlcl-openstack-clientcl-patternscl-pdfcl-permutationcl-pythoncl-qrencodecl-rdkafkacl-readlinecl-satcl-sat.glucosecl-sat.minisatcl-sdl2cl-sqlitecl-strcl-tiledcl-yesqlclackclack-errorscloser-mopclxcoleslawcommand-line-argumentscommon-lisp-jupyterconcrete-syntax-treecroatoandata-lensdatum-commentsdefinitionsdeploydexadordrakmadufyeasy-routeseclectorecoenvyeruditeesrapesrap-pegfare-scriptsfast-httpfast-websocketfemlispfiascofloat-featuresflowfolio2fxmlgendlglsl-specglsl-toolkitgolden-utilsgraphhelambdaphermetichttp-bodyironcladjsonrpcjsownkenzolacklastfmlisp-binaryliterate-lisplog4cllucernemagiclmaidenmatlispmcclimmitoninevehninglenodguioriginoverlordparachuteparseparser.common-rulespatchworkpetalisppiggyback-parameterspjlinkpngloadportableaservepostmodernproc-parseprometheus.clpy4clqlotquilcquriqvmrandomratifyrereplicrestasroverpcqrtg-mathrutilssc-extensionsscalplselserapeumshadowshould-testsimplified-typesslyspinneretstaplestumpwmswank-clienttriviatrivial-continuationtrivial-hashtable-serializetrivial-indenttrivial-json-codectrivial-left-padtrivial-monitored-threadtrivial-object-locktrivial-pooled-databasetrivial-timertrivial-utilitiestrivial-variable-bindingstype-iumbrauri-templateutilities.print-itemsvarjoverbosevernacularwoozs3.

To get this update, use (ql:update-dist "quicklisp").

If you get a "badly sized local archive" error during the update, you can also safely use the DELETE-AND-RETRY restart to proceed. This error was introduced by a metadata problem on my end. Sorry about that!

17:42

Today in GPF History for Monday, October 14, 2019 [General Protection Fault: The Comic Strip]

Mischief struggles to fix Pandemonium's chaos as Todd and the Gamester watch helplessly...

17:35

DISH Threatens to Sue IPTV Subscribers Because Suppliers Are Snitching [TorrentFreak]

When they don’t use protection such as VPNs, pirates who use BitTorrent-like peer-to-peer systems are relatively easy to track down. Their IP addresses are publicly viewable meaning that one subpoena later, content companies can obtain their names and addresses from ISPs.

The situation is quite different when it comes to users of regular ‘pirate’ IPTV services. Their IP addresses and personal details are usually only known to their provider, so proving infringement is more difficult. Of course, if the IPTV provider itself is targeted by a company like DISH, it may decide to squeal to lessen the pain of its own demise.

In the summer it was revealed that NagraStar had been sending out settlement letters to people it accused of pirating DISH and Bell content using pirate IPTV services. The company reportedly asked for around $3,500 in compensation to make a potential lawsuit disappear.

Now, according to sources cited by CordCutters News, NagraStar and DISH are upping the tempo by threatening yet more IPTV users with lawsuits.

The publication says that it has received multiple reports of people who have been tracked down and provided with copies of their PayPal transactions which showed they purchased a subscription from illicit IPTV services.

Which IPTV services are involved this time around isn’t currently public knowledge but a user of RocketIPTV was previously forced to apologize on NagraStar’s website as part of a settlement.

Sorry…

None of this should come as a surprise. There are plenty of stories from users around the web indicating that NagraStar has obtained their records from a ‘pirate’ supplier, whether that was an IPTV provider or, more commonly, someone dealing in Internet Key Sharing (IKS) servers or codes.

In fact, when examining some of DISH’s ongoing lawsuits last week, TF noticed a statement from the broadcaster clearly indicating that it had obtained business records from a company called Digital TV that was helping it to sue. An excerpt from the case (pdf), filed on October 1, 2019, provides the details.

Achievement unlocked: Business Records

While this is a new case, other cases involving DISH, NagraStar, NFusion Private Server, and its resellers have been ongoing for a very long time.

One case, which dates back six years, shows that handing over information to NagraStar is part of the plan and that the company is very thorough in chasing people right down the chain.

More records obtained…

While obtaining satellite programming using IKS was once rampant and is still an issue for broadcasters, IPTV is arguably a bigger problem today. With that in mind, it shouldn’t come as a surprise that DISH and its partners are branching out to target customers of IPTV services in the same manner.

And with IPTV resellers being asked to pay around $7,500 in settlements, it shouldn’t come as a surprise when they hand over subscribers’ personal details either. After all, the skin-saving game is hardly new when people are faced with damages claims in the hundreds of thousands of dollars.

TorrentFreak was previously informed that most providers rarely care whether people supply their correct information when signing up for a service. But when PayPal addresses are involved, in most cases DISH is already too close to home.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

17:28

Link [Scripting News]

I figured out why the Breaking Bad movie is so unsatisfying. I watched it, I liked it, but it didn't get me excited and interested like the series did. I decided to re-watch the last season to see what the difference was. There are many great things about the show. The use of music, the weird camera shots that are integrated with the plot. It's artistically ecelectic in so many ways. But it's also slow. Things develop very very slowly. But there's no space in a 2-hour single-episode show to develop the puzzling intrigue of the series. No time to spread out, relax, take your time, go slow. So not much happens, and then it's over. It's not really Breaking Bad, it's a 2-hour movie with the characters of Breaking Bad. That was the same problem with the Deadwood movie. The only thing that could work is another 10-episode season, played out over 10 weeks.

Link [Scripting News]

And Succession. It had one of the all-time great season finales last night. No spoilers here, except to point to a video that HBO produced that summarizes the deliciousness of the end, do not watch it if you haven't seen the whole season. It really would spoil it.

16:28

Security updates for Monday [LWN.net]

Security updates have been issued by Arch Linux (chromium, sdl, and unbound), Debian (clamav, libdatetime-timezone-perl, openssl, tcpdump, and tzdata), Fedora (cutter-re, jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-parent, libapreq2, ming, opendmarc, radare2, and thunderbird), openSUSE (chromium), Oracle (kernel), and SUSE (axis, jakarta-commons-fileupload, kernel, sles12sp3-docker-image, sles12sp4-image, system-user-root, and webkit2gtk3).

16:14

It’s Time For My Annual Non-Solicited Endorsement of WordPress Hosting [Whatever]

Around this time 11 years ago, I switched Whatever to hosting on WordPress, after a couple of years of struggling to keep the site up and running on days when lots of people came to it to read what I had to say. I made the switchover, and guess what happened? Nothing! Which is to say, in all the time since, I’ve never had to worry if the site was up, or handling the load of a rush of visitors, or otherwise happily chugging along. It’s been 11 years of that not worrying, and I gotta tell you, that’s a pretty good feeling. I have WordPress hosting to thank for that.

Also, in a larger and more philosophical sense, if you are a person who is doing creative things, I really recommend keeping and maintaining your own personal site, even if it’s just a simple, humble blog. Social media sites come and go (when Whatever switched over to WordPress hosting, MySpace was the king of the mountain, for example), but a personal site can be a permanent place for fans, clients and peers to find you and engage with your work and thoughts.

WordPress has a number of plans to accommodate your needs as a creative person and a business, up to and including its comprehensive VIP service. I use WordPress, and I recommend it. WordPress never asks me to post this annual endorsement, but I do it anyway, because I appreciate more than a decade of uninterrupted service, and because I think it’s been a good company to work with and to host my words on. If you need a Web site, or if you have a web site and are looking for a simpler and more reliable way of keeping it online, then consider WordPress for your site needs. It’ll do the job.

Finally, thank you to all the folks at WordPress who keep Whatever up and running and accessible. I appreciate it more than you know, even with this annual unsolicited endorsement. Y’all are pretty great.

15:42

Proof-of-concept supply-chain poisoning: tiny, undetectable hardware alterations could compromise corporate IT [Cory Doctorow – Boing Boing]

A little over a year ago, Bloomberg stunned the world with a report that claimed that Chinese intelligence services had figured out how to put undetectable, rice-grain-sized hardware implants into servers headed for the biggest US cloud and enterprise IT firms, and that when some of the victims discovered this fact, they quietly ripped out whole data-centers and replaced all their servers.

The story was all the more infamous because it prompted rare, detailed denials from the companies involved, like Apple, who have historically dealt with bad news and leaks with parsimonious, closed-lipped denials. Then came the hardware experts and security experts who delved deep into the implausibility of Bloomberg's story, though some highly reputable experts did admit that supply chain attacks were a grossly underrated risk with potentially catastrophic outcomes.

A year later, we still don't know what happened: how did all those nameless senior officials and ex-officials from big IT/tech companies end up telling Bloomberg the same story, especially if that story turns out to be false? The idea that a bunch of rival tech execs would cook up a conspiracy to defraud Bloomberg is, if anything, even weirder and more implausible than the idea that Chinese spooks were poisoning Supermicro's servers and raiding data from Big Tech's supposedly impregnable data-vaults.

That kind of Kremlinology is hard to investigate: all the facts are held by secretive giants (and maybe Chinese spies). Barring leaks, we're just left proffering unfalsifiable theories about which conspiracy took place.

On the other hand, the plausibility of a hardware implant is much easier to investigate. Security researchers have been building proof-of-concept hardware implants for enterprise hardware and presenting them at security conferences. Late last year, Trammell Hudson presented a Supermicro implant at Germany's Chaos Communications Congress, revealing a spot on Supermicro's board where you could swap out a tiny resistor and replace it with an FPGA that could compromise the remote administration capabilities of the baseboard management controller.

Now, Foxguard's Monta Elkins is about to present further work at the CS3sthlm conference in Stockholm, demonstrating a hardware implant on an enterprise Cisco firewall, using a 5mm ATtiny85 controller he removed from a $2Digispark Arduino board. The implant fits neatly -- and very inconspicuously -- on the mainboard of a Cisco ASA 5505 firewall. Moreover, Elkins says he deliberately made choices that could compromise the implant, for the sake of easy presentation: if he'd hidden the chip inside a radio-shielding can, it would have been even harder to detect -- likewise, he could have used an even smaller controller, but it would have been harder to program.

Elkins's implant uses the board's serial port to recover the firewall's password, login as its admin, and open a pathway for a hacker's intrusion to the network. And as both Elkins and Hudson have pointed out, this is with stock hardware: a custom chip designed for this kind of thing would be much smaller and more powerful.

Neither researcher claims to have validated Bloomberg's article, but both have demonstrated that supply chain attacks are certainly possible and potentially catastrophic.

Elkins and Hudson both emphasize that their work isn't meant to validate Bloomberg's tale of widespread hardware supply chain attacks with tiny chips planted in devices. They don't even argue that it's likely to be a common attack in the wild; both researchers point out that traditional software attacks can often give hackers just as much access, albeit not necessarily with the same stealth.

But both Elkins and Hudson argue that hardware-based espionage via supply-chain hijacking is nonetheless a technical reality, and one that may be easier to accomplish than many of the world's security administrators realize. "What I want people to recognize is that chipping implants are not imaginary. They’re relatively straightforward," says Elkins. "If I can do this, someone with hundreds of millions in their budget has been doing this for a while."

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200 [Andy Greenberg/Wired]

(Image: Monta Elkins)

15:21

Rugby: The rules for the casual viewer [The Old New Thing]

The “minimum you need to know about a sport in order to watch a match and not be completely confused” mini-series continues with rugby, whose World Cup is currently under way.

First of all, there are two flavors of rugby: Rugby league and rugby union. The one being contested at the World Cup right now is rugby union, and that’s the one I’ll cover here.

  • The playing area (pitch) has a lot of lines. Don’t worry about most of them. The touch lines run along the sides, goal lines are at the ends, and and dead ball lines are beyond the goal lines. The touch lines and dead ball lines form the playing boundary. The lines themselves are considered out of play.
  • A team consists of 15 players, with 8 substitutions permitted. A player who is replaced may not return, with exceptions for temporary injuries.
  • The game consists of two 40-minute halves, plus stoppage time. If time expires while play is active, the play is allowed to run its course, plus any penalties that may ensue. Games can end in a draw.
  • The team with the ball may run with it or kick it. The ball may be thrown sideways or backward, but not forward.
  • The defense stops the advance by tackling the player with the ball. Players who jump into the air and catch the ball are safe from being tackled until they land.
  • The offense may not obstruct the defense’s path to the ball. (No blocking.)
  • A tackled ball carrier must get rid of the ball immediately.
  • A ball carrier on the ground (not yet tackled) must get up or get rid of the ball.
  • If three or more players contest a ball while standing, it is a maul. If three or more players contest a ball on the ground, it is a ruck, and the ball must be played with the feet. In both cases, players must remain standing.
  • A player who announces “mark” and catches the ball behind their own 22-meter line is awarded a free kick from the point of catch. (Marks may not be called during the kick-off.)

Scoring: There are two basic categories of scoring: The try and the kick. Kicks must go through the goal posts.

  • try: 5 points for touching the ball to the ground beyond the opponent’s goal line. After a try, the scoring team attempts a conversion kick.
  • conversion kick: 2 points, taken in line with the point the try was made, from any distance. (Tries closer to the center of the goal line therefore make for easier conversions.)
  • drop kick: 3 points for kicks from the field.
  • penalty kick: 3 points for kicks from a penalty kick.

The line-out

  • If the ball or ball carrier touches the ground out of bounds, a line-out is awarded to the team that did not last touch the ball.
  • The position of the line-out is generally the point the ball left the field, with adjustments if it is close to a goal line. Some situations result in a line-out at the point of kick.
  • Both teams line up perpendicular to the touch line. The defense may not line up more players than the throwing team.
  • The rules on where players may stand are complicated. Let’s just assume that they are standing in the right place.
  • The ball is thrown perpendicular to the touch line.
  • Players are permitted to lift teammates to reach the ball.
  • A team may perform a quick throw-in if the defense is slow to form a line-out.

The scrum

  • The scrum is perhaps one of the iconic elements of rugby. It is used to restart play after a minor infringement, such as throwing the ball forward. It is also used if the ball is trapped in a maul or ruck.
  • Eight players from each team form a carefully architected huddle, and the team awarded the ball rolls it into the tunnel.
  • Each team attempts to push the other team backward so that a designated player (the hooker) can kick the ball backward to a teammate.

Fouls

  • Fouls include obstruction, violent play, intentionally collapsing a maul or ruck, and improper tackles.
  • The offside rule is complicated, but basically you may not be ahead of the ball and participate in the play. For a maul, ruck, or scrum, players who are not contesting the ball must remain behind those who are.
  • The referee may decline to enforce a foul if they feel the offended team has the advantage.
  • When a penalty kick is awarded, the opposing team must yield 10 meters.
  • A team may elect to restart with a scrum rather than a penalty kick.
  • For serious fouls, the referee issues a yellow card, and the player must sit out for ten minutes, leaving the team shorthanded.

The open-field portion of rugby is pretty easy to figure out after watching it for a little while. The most confusing part is when there’s a crowd around the ball, because you can’t see what’s going on or what they’re trying to do.

 

The post Rugby: The rules for the casual viewer appeared first on The Old New Thing.

A common mistake when you try to create a C++ class that wraps a window procedure: Saving the window handle too late [The Old New Thing]

A common mistake when you try to create a C++ class that wraps a window procedure is saving the window handle too late.

// Code in italics is wrong.
class MyWindowClass
{
private:
 HWND m_hwnd = nullptr;

 static LRESULT CALLBACK StaticWndProc(
    HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
  MyWindowClass *self;
  if (uMsg == WM_NCCREATE) {
   LPCREATESTRUCT lpcs = reinterpret_cast<LPCREATESTRUCT>(lParam);
   self = static_cast<MyWindowClass*>(lpcs->lpCreateParams);
   SetWindowLongPtr(hwnd, GWLP_USERDATA,
                    reinterpret_cast<LONG_PTR>(self));
  } else {
   self = reinterpret_cast<MyWindowClass*>(
               GetWindowLongPtr(hwnd, GWLP_USERDATA));
  }
  if (self) {
   return self->WndProc(uMsg, wParam, lParam);
  }
  return DefWindowProc(hwnd, uMsg, wParam, lParam);
 }

 LRESULT WndProc(UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
   switch (uMsg) {
   ...
   default:
    return DefWindowProc(m_hwnd, uMsg, wParam, lParam);
   }
 }

public:
 void CreateTheWindow()
 {
   ... RegisterClass() ...
   m_hwnd = CreateWindowEx(..., this);
 }
};

This code follows the usual pattern for a window procedure wrapper: The this pointer is passed as the creation parameter, and the WM_NC­CREATE message handler stashes the creation parameter in the window extra bytes, thereby allowing the this pointer to be recovered from the window handle when handling future messages.

However, there’s a problem with the above code. Can you spot it?

The problem is that it sets the m_hwnd member variable too late.

As written, the code doesn’t set the m_hwnd member variable until the Create­Window­Ex function returns. But creating a window involves sending many messages.

For every message received during window creation, The WndProc member function runs with a null m_hwnd. This means that when it calls Def­Window­Proc(m_hwnd, ...), it’s passing an invalid parameter.

Many of the messages sent during window creation are kind of important to pass through to Def­Window­Proc. For example, if you neglect to pass WM_NC­CREATE to Def­Window­Proc, your window will not be properly initialized.

The solution is to set m_hwnd as soon as you learn what the window handle is.

  if (uMsg == WM_NCCREATE) {
   LPCREATESTRUCT lpcs = reinterpret_cast<LPCREATESTRUCT>(lParam);
   self = static_cast<MyWindowClass*>(lpcs->lpCreateParams);
   self->m_hwnd = hwnd; // save the window handle too!
   SetWindowLongPtr(hwnd, GWLP_USERDATA,
                    reinterpret_cast<LONG_PTR>(self));
  } 

Don’t wait for Create­Window­Ex to return. By then, it’s too late.

 

The post A common mistake when you try to create a C++ class that wraps a window procedure: Saving the window handle too late appeared first on The Old New Thing.

15:14

Customized searching [Scripting News]

I've been emailing with my old friend Dave Carlick about customized searching. I've also been writing about it here. I'm not sure I've made my point, but now I have an excellent example that might shed some light. Dave, take note.

  • I just searched Google for Old School.
  • It came back with pointers to a 2003 movie. A Facebook group. A dictionary definition. The urban dictionary version. And on and on.
  • But I have a product named Old School. I've written about it on my blog a bunch of times. If Google knew I was the author of this blog, it would also know that when I search for Old School, I want to see my product first, because in all likelihood that's what I'm looking for.

That's what I mean about associating the searcher with the searcher's blog. Think of it as SEO for a person.

PS: Here's another one. I just searched for Dave Carlick. Google asks if I meant Dave Carlock. That's crazy. I've been friends with Dave Carlick for 30-plus years. If it read my blog it would know that. It's so wrong. In fact, if I type Carlock it should know I meant Carlick.

PPS: Google is so crazy that when I restict the search to my site, it still asks if I meant Carlock, even though there are references to Carlick on the site I'm searching going back to the 1990s. And the only refs to Carlock are this post. That is just plain wrong.

Stories on GitHub [Scripting News]

Over the weekend I tried out an idea. It's a little Node app that runs on the same server as the CMS that builds this blog. Every minute it looks at today's posts, for those that have titles (like the post your'e reading now), it checks if it changed, and if so it renders it as Markdown and uploads it to GitHub in a calendar-based structure, along-side all the other parts of the blog I maintain automatically on GitHub. I like using GitHub this way, I have a feeling it'd make a good shared object database.

I've been hand-generating links to the GitHub version to get you all thinking about this idea, like this.

  • As an experiment this story is archived on GitHub.

I did this based on an assumption that I would be able to figure out a way to make it possible for any of my posts to become a sub-project on GitHub. I'm not saying any of them would become projects, only now it would be possible. I thought this might work well with the new email distribution system which has stimulated so much discussion.

I'm not sure how this is going to work, or if it will work, I'm just trying an idea out. 🚀

14:56

Kernel prepatch 5.4-rc3 [LWN.net]

The 5.4-rc3 kernel prepatch is out for testing. "Things continue to look fairly normal, with rc3 being larger than rc2, as people are starting to find more regressions, but 5.4 so far remains on the smaller side of recent releases."

13:35

Hong Kong Anthem [Richard Stallman's Political Notes]

Hong Kong now has an unofficial national anthem, which protesters sing at every protest.

The video linked in the article — which you can view and hear without nonfree software by using Icecat, or the Viewtube extension for Firefox — makes me cry because of their heroism against all odds.

Warren and Facebook [Richard Stallman's Political Notes]

Senator Warren gave Facebook a taste of its own medicine with a political ad that said Zuckerberg supported the bullshitter — then said that wasn't really so and Facebook shouldn't allow ads with lies.

UN secretary general Hammarskjöld death [Richard Stallman's Political Notes]

MI6 is under pressure to publish its secret files about the plane crash that killed UN Secretary General Dag Hammarskjöld in 1961.

This could confirm or refute the theory that the plane was shot down.

Fossil holding [Richard Stallman's Political Notes]

The companies BlackRock, Vanguard and State Street together own 300 billion dollars of fossil fuel investments.

Turkey in Rojava [Richard Stallman's Political Notes]

Turkey's Arab proxy army is advancing into Rojava against hard resistance.

Rojava is rather thin, from North to South, so it can easily be cut in two. Turkey may aim to conquer it entirely.

Likenesses [Richard Stallman's Political Notes]

(satire) … the NCAA announced a new rule Thursday forcing athletes to remove all facial features to prevent them from profiting off their likenesses.

Fossil fuel firms hypocrisy [Richard Stallman's Political Notes]

Fossil fuel firms spend millions on social media ads against climate regulations while portraying selves as green heroes.

Google and global-heating denialists [Richard Stallman's Political Notes]

Google donates to quite a few right-wing think tanks, some of which are global-heating denialists.

Google said a few years ago that it wouldn't do this any more.

Some of those groups do other bad things as well. Early this century, some of them spread FUD about the GNU GPL. I doubt it was Google that funded that campaign.

13:21

Factoring 2048-bit Numbers Using 20 Million Qubits [Schneier on Security]

This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk.

We know from Shor's Algorithm that both factoring and discrete logs are easy to solve on a large, working quantum computer. Both of those are currently beyond our technological abilities. We barely have quantum computers with 50 to 100 qubits. Extending this requires advances not only in the number of qubits we can work with, but in making the system stable enough to read any answers. You'll hear this called "error rate" or "coherence" -- this paper talks about "noise."

Advances are hard. At this point, we don't know if they're "send a man to the moon" hard or "faster-than-light travel" hard. If I were guessing, I would say they're the former, but still harder than we can accomplish with our current understanding of physics and technology.

I write about all this generally, and in detail, here. (Short summary: Our work on quantum-resistant algorithms is outpacing our work on quantum computers, so we'll be fine in the short run. But future theoretical work on quantum computing could easily change what "quantum resistant" means, so it's possible that public-key cryptography will simply not be possible in the long run. That's not terrible, though; we have a lot of good scalable secret-key systems that do much the same things.)

12:57

Four short links: 14 October 2019 [Radar]

  1. FaceForensics++: Learning to Detect Manipulated Facial ImagesThis paper examines the realism of state-of-the-art image manipulations, and how difficult it is to detect them, either automatically or by humans. To standardize the evaluation of detection methods, we propose an automated benchmark for facial manipulation detection. (GitHub)
  2. CS 230My twin brother Afshine and I created this set of illustrated deep learning cheat sheets covering the content of the CS 230 class, which I TA-ed in Winter 2019 at Stanford. They can (hopefully!) be useful to all future students of this course as well as to anyone else interested in deep learning.
  3. China’s New Cybersecurity Program: NO Place to HideThis system will apply to foreign owned companies in China on the same basis as to all Chinese persons, entities, or individuals. No information contained on any server located within China will be exempted from this full coverage program. No communication from or to China will be exempted. There will be no secrets. No VPNs. No private or encrypted messages. No anonymous online accounts. No trade secrets. No confidential data. Any and all data will be available and open to the Chinese government.
  4. Noriaa new streaming dataflow system designed to act as a fast storage back end for read-heavy web applications. […] It acts like a database, but precomputes and caches relational query results so that reads are blazingly fast. Noria automatically keeps cached results up to date as the underlying data, stored in persistent base tables, change. Noria uses partially stateful dataflow to reduce memory overhead, and supports dynamic, runtime dataflow and query change.

News Post: The Big Day [Penny Arcade]

Tycho: This was the fortieth PAX, which means it was my fortieth PAX.  A couple things about that. First, I think I’ve never actually written out or maybe even said “fortierth” before.  It sure as shit doesn’t look like “fortieth.”  It looks like it says “for Teeth.”  I don’t think I like that.  Second, Kiko and I are now the only people who have been to every PAX.  They can’t mint anymore of us.  Because every PAX started in a different year, I haven’t had a robust way of keeping track of my score…

11:42

CodeSOD: I See What Happened [The Daily WTF]

Graham picked up a ticket regarding their password system. It seemed that several users had tried to put in a perfectly valid password, according to the rules, but it was rejected. Graham's...

11:28

MPAA and RIAA’s Megaupload Lawsuits Remain on Hold, Perhaps For Years [TorrentFreak]

In 2012, Microsoft first released its operating system Windows 8, Apple came out with the iPhone 5, and Google’s Sergey Brin showed off a Google Glass prototype in the wild.

It was also the year when armed police officers swarmed Kim Dotcom’s mansion in a military-style-raid while his hosting service Megaupload was being taken down.

It was the beginning of the largest copyright infringement case the U.S. Government had ever launched and one that was far from straightforward.

While the earlier mentioned technology continued to progress, the Megaupload case has barely moved. In New Zealand, lawyers have been very busy with the extradition proceedings against Dotcom, but it could be years before that battle ends. This means that the criminal case against Megaupload and several former employees is in limbo.

The same is true for the civil cases the RIAA and MPAA filed back in 2014. Since the civil cases may influence the criminal proceedings, Megaupload’s legal team previously managed to put these cases on hold, and last week they requested another extension.

In line with other recent requests, the RIAA and MPAA didn’t object to the request. As a result, the court swiftly agreed to issue yet another extension, putting the cases on hold until the spring of next year. However, it would be no surprise if more delays followed in the future.

Earlier this year Megaupload founder Kim Dotcom predicted that he will lose his extradition battle at the Supreme Court. That’s not going to be the end of the line though. Using all legal options available, it might take more than five years before the extradition saga ends.

Meanwhile, copies of Megaupload’s servers, containing vast amounts of data from millions of users, remain locked up as evidence. Initially, there were some attempts to reunite former users with their personal files, but these appeared to have died off.

Interestingly, the most recent mention of any Megaupload ‘data’ came from Kim Dotcom himself. “Still waiting to get access to your Megaupload files?” he wrote, adding that he will email 30 million former US Megaupload users a video link in 2020 explaining how Joe Biden destroyed the site.

Apparently, Dotcom still has access to email and IP-addresses of Megaupload users, which he might put to use.

In recent weeks, the New Zealand entrepreneur shifted his focus to a service that was once billed as Megaupload 2. This project, now known as K.im, will, in fact, be quite different from its predecessor. While Dotcom is the founder, he no longer has an official position, but acts as its evangelist, helping to raise money through a token sale.

When we last covered the project its expected release date was around 2018, but there have been some delays here as well. The latest roadmap indicates that the platform will launch in the third quarter of 2020. By then, we expect that the RIAA and MPAA lawsuits will still be pending.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

11:14

Ritesh Raj Sarraf: Bpfcc New Release [Planet Debian]

BPF Compiler Collection 0.11.0

bpfcc version 0.11.0 has been uploaded to Debian Unstable and should be accessible in the repositories by now. After the 0.8.0 release, this has been the next one uploaded to Debian.

Multiple source respositories

This release brought in dependencies to another set of sources from the libbpf project. In the upstream repo, this is still a topic of discussion on how to release tools where one depends on another, in unison. Right now, libbpf is configured as a git submodule in the bcc repository. So anyone using the upstream git repoistory should be able to build it.

Multiple source archive for a Debian package

So I had read in the past about Multiple source tarballs for a single package in Debian but never tried it because I wasn’t maintaining anything in Debian which was such. With bpfcc it was now a good opportunity to try it out. First, I came across this post from RaphaĂŤl Hertzog which gives a good explanation of what all has been done. This article was very clear and concise on the topic

Git Buildpackage

gbp is my tool of choice for packaging in Debian. So I did a quick look to check how gbp would take care of it. And everything was in place and Just Worked

rrs@priyasi:~/rrs-home/Community/Packaging/bpfcc (master)$ gbp buildpackage --git-component=libbpf
gbp:info: Creating /home/rrs/NoBackup/Community/Packaging/bpfcc_0.11.0.orig.tar.gz
gbp:info: Creating /home/rrs/NoBackup/Community/Packaging/bpfcc_0.11.0.orig-libbpf.tar.gz
gbp:info: Performing the build
dpkg-checkbuilddeps: error: Unmet build dependencies: arping clang-format cmake iperf libclang-dev libedit-dev libelf-dev libzip-dev llvm-dev libluajit-5.1-dev luajit python3-pyroute2
W: Unmet build-dependency in source
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying fix-install-path.patch
dh clean --buildsystem=cmake --with python3 --no-parallel
   dh_auto_clean -O--buildsystem=cmake -O--no-parallel
   dh_autoreconf_clean -O--buildsystem=cmake -O--no-parallel
   dh_clean -O--buildsystem=cmake -O--no-parallel
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building bpfcc using existing ./bpfcc_0.11.0.orig-libbpf.tar.gz
dpkg-source: info: building bpfcc using existing ./bpfcc_0.11.0.orig.tar.gz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: warning: ignoring deletion of directory src/cc/libbpf
dpkg-source: info: building bpfcc in bpfcc_0.11.0-1.debian.tar.xz
dpkg-source: info: building bpfcc in bpfcc_0.11.0-1.dsc
I: Generating source changes file for original dsc
dpkg-genchanges: info: including full source code in upload
dpkg-source: info: unapplying fix-install-path.patch
ERROR: ld.so: object 'libeatmydata.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
W: cgroups are not available on the host, not using them.
I: pbuilder: network access will be disabled during build
I: Current time: Sun Oct 13 19:53:57 IST 2019
I: pbuilder-time-stamp: 1570976637
I: Building the build Environment
I: extracting base tarball [/var/cache/pbuilder/sid-amd64-base.tgz]
I: copying local configuration
I: mounting /proc filesystem
I: mounting /sys filesystem
I: creating /{dev,run}/shm
I: mounting /dev/pts filesystem
I: redirecting /dev/ptmx to /dev/pts/ptmx
I: Mounting /var/cache/apt/archives/
I: policy-rc.d already exists
W: Could not create compatibility symlink because /tmp/buildd exists and it is not a directory
I: using eatmydata during job
I: Using pkgname logfile
I: Current time: Sun Oct 13 19:54:04 IST 2019
I: pbuilder-time-stamp: 1570976644
I: Setting up ccache
I: Copying source file
I: copying [../bpfcc_0.11.0-1.dsc]
I: copying [../bpfcc_0.11.0.orig-libbpf.tar.gz]
I: copying [../bpfcc_0.11.0.orig.tar.gz]
I: copying [../bpfcc_0.11.0-1.debian.tar.xz]
I: Extracting source
dpkg-source: warning: extracting unsigned source package (bpfcc_0.11.0-1.dsc)
dpkg-source: info: extracting bpfcc in bpfcc-0.11.0
dpkg-source: info: unpacking bpfcc_0.11.0.orig.tar.gz
dpkg-source: info: unpacking bpfcc_0.11.0.orig-libbpf.tar.gz
dpkg-source: info: unpacking bpfcc_0.11.0-1.debian.tar.xz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying fix-install-path.patch
I: Not using root during the build.

10:56

“This is mediocre” [Seth's Blog]

Large organizations seek to decrease variability.

Starbucks wants the very best latte you buy from them to be exactly the same as the worst one.

If you define a spec and work hard to meet it, you can make it so that most things are within a reasonable distance of that spec. Which means that most of what you make is average.

If an entire industry is busy seeking to meet that average, we can define that work as mediocre. Not horrible, but certainly not exceptional (because ‘exception’ -al is self-explanatory).

When you go out to buy aluminum siding, copywriting or consulting services, you have a choice: You can demand that the work meets the industry spec, a fair product at a fair price. Or, you can seek something better than average, something worth paying extra for.

Most TV ads, most car services, most airplane flights–they’re mediocre. That’s a choice.

If you want to buy creative work that’s exceptional, you’ll need to pay for it (and accept the risk that it might not work out as planned).

08:21

Girl Genius for Monday, October 14, 2019 [Girl Genius]

The Girl Genius comic for Monday, October 14, 2019 has been posted.

Urgent: Call on Facebook to ban lies in political ads [Richard Stallman's Political Notes]

Everyone: call on Facebook to ban lies in political ads.

If you sign, please spread the word!

Comic: The Big Day [Penny Arcade]

New Comic: The Big Day

08:07

The Future Is Now [Ctrl+Alt+Del Comic]

There is actually some science behind this… but “Negative Latency” was just too much fun to not to play with it.

The post The Future Is Now appeared first on Ctrl+Alt+Del Comic.

06:49

1339 [Looking For Group]

The post 1339 appeared first on Looking For Group.

05:28

03:49

Link [Scripting News]

OMG the Succession theme song has lyrics. Who knew!

Link [Scripting News]

A perfect example of what's wrong with everything public. A senator feels a constituent who asks obvious questions is being rude. So he asked the questions again in a full page ad which was published on Twitter. We have the tools to create the political system we want.

03:07

Haitians impoverished by "free trade" [Richard Stallman's Political Notes]

The US has impoverished most Haitians by applying neoliberal "free trade"; Haitian farmers could not compete with subsidized US megafarms.

The US tendency to impose large aid projects without verifying they will be useful occurs here as it did in Afghanistan.

Sunday, 13 October

22:49

Apple Safari browser sends some user IP addresses to Chinese conglomerate Tencent by default [OSnews]

During the last week, the reality that US companies often bend the knee to China has been thrown into the spotlight. Apple, one of the biggest US tech companies, has appeased China by hiding the Taiwan flag emoji and ignoring US lawmakers when choosing to ban a Hong Kong protest safety app. Now it’s been discovered that Apple, which often positions itself as a champion of privacy and human rights, is sending some IP addresses from users of its Safari browser on iOS to Chinese conglomerate Tencent – a company with close ties to the Chinese Communist Party. Apple admits that it sends some user IP addresses to Tencent in the “About Safari & Privacy” section of its Safari settings which can be accessed on an iOS device by opening the Settings app and then selecting “Safari > About Privacy & Security.” I’m sure the genocidal totalitarian surveillance state that is China won’t be abuse this information at all. They pinky-promised to Tim Cook, who was busy telling his company not to make any TV shows critical of China – in line with the rest of Hollywood.

21:28

MPA Adds 1XBET and Baidu to Latest Piracy Threat Report [TorrentFreak]

Alongside other entertainment industry groups, the Motion Picture Association (MPA) sends a yearly overview of notorious foreign piracy markets to the US Trade Representative.

These annual submissions help to guide the U.S. Government’s position toward foreign countries when it comes to copyright enforcement.

We previously covered the submissions from the RIAA and ESA, which both listed a wide variety of pirate sites including torrent, streaming, MP3-downloaders, and ROM archives.

The MPA’s submission was published later than the others but is worth highlighting nonetheless. In recent years it has solely focused on online threats with familiar names such as The Pirate Bay, Openload, and Fmovies reappearing time and again.

This year is no different. Many of the threats the MPA highlights are identical to last year. Aside from traditional pirate sites, this includes mobile apps, unauthorized IPTV services, and hosting companies. While not a foreign company, CDN provider Cloudflare is repeatedly mentioned as well, as it has many piracy sites as customers.

“The Pirate Bay, and other notorious pirate sites, remain Cloudflare customers despite repeated notices of infringement to Cloudflare,” the MPA notes.

A complete list of all the identified notorious markets is listed below, but we will zoom in on two entities added as new entries this year.

The first one is 1XBET, a gambling company known for its advertising appearing in ‘cam’ copies of movies. The casino, whose ads appear on more than a thousand pirate sites, is well known among people who frequent these platforms. Now, it’s on the MPA’s radar as well.

“1XBET is a Russian gambling site that has started to support some of the
earliest releases of infringing theatrical camcords and infringing streams of live television broadcasts. It has become the third most active online advertiser in Russia,” the MPA informs the USTR.

The MPA’s report cites research from Mediascope which found that only Google and PepsiCo ads are more prevalent online in Russia. While that covers all publications, the movie industry group draws specific attention to the embedded ads that appear in popular pirate movie releases as well as their titles.

“Reportedly, the online casino pays to insert visual and audio advertisements into new piracy content sources incentivizing camcord and livestreaming piracy. 1XBET’s watermark with promotion codes is ‘burned’ into the video files of infringing camcord recordings. Thus, piracy is used as a vehicle to support this online gambling giant,” the MPA notes.

What’s not mentioned by the MPA is that 1XBET also sponsored several major UK football clubs and Italian football league Serie A. Responding to some earlier controversy, a 1XBET spokesperson said that it takes the piracy advertising allegations very seriously.

Another newcomer in the MPA’s list of notorious markets is Baidu Pan, the file-hosting service operated by the largest search engine in China. According to the movie industry group, it’s often used to share copyright-infringing material.

“Large quantities of infringing content are stored on Baidu Pan with
links disseminated through popular Chinese social media platforms and piracy linking sites,” the MPA writes in its submission.

The MPA points out that Baidu has a market share of over 75 percent in China, which makes it the second-largest search engine in the world. As such, it is vitally important that the company has rigorous content protection standards and that it cooperates with rightsholders, the group notes.

Baidu has made some progress in recent years when it comes to its takedown tools, but takedown rates and timeframes remain inconsistent or too long, the MPA says.

“Baidu should be encouraged to do more, including improve implementation of its takedown tools, apply rigorous filtering technology to identify infringing content, and take more effective action to suspend or terminate repeat infringers to ensure all rights holders are treated equally and infringing content and links are removed expeditiously,” the submission reads.

The MPA hopes that its recommendations will be helpful to the US Government, but whether adding 1XBET and Baidu Pan will have any effect has yet to be seen.

The MPA’s full report is available here (pdf). The USTR will use this input to make up its own list of notorious markets. This will help to identify current threats and call on foreign governments to take appropriate action.



List of all the sites and services the MPAA identified as notorious markets.
Linking / Streaming
  • B9good.com
  • CB01
  • Cda.pl
  • Cimaclub.com & cima4u.tv
  • Cinecalidad.to
  • Dytt8.net and Dy2018.com
  • Fmovies.is/.to (formerly .se)
  • “Indo 21” (Indoxxi) and many related domains
  • Movie2free.com
  • MrPiracy.site and .xyz
  • Phimmoi.net
  • Seasonvar.ru
Cyberlockers / video hosting
  • 1fichier.com
  • Baidu Pan
  • Clipwatching.com
  • Gounlimited.to
  • Netu.tv
  • Openload.co/oload.tv
  • Rapidgator.net
  • Rapidvideo.com
  • Streamango.com
  • Uploaded.net
  • Uptobox.com
  • Verystream.com
  • VK.com
Illegal IPTV
  • BestBuyIPTV.com
  • Buy-IPTV.com
  • GenIPTV
  • ThePK.tv
  • TVMucho.com
Apps
  • RenRen Shi Pin
  • ShowBox
  • Unblock Tech (unblocktech.com)
P2P sites
  • 1337x.to
  • Rarbg.to
  • Rutracker.org
  • Tamilrockers.ws
  • ThePirateBay.org
  • Torrentz2.eu
  • Zooqle.com
Hosting services
  • Fishnet Communications LLC
  • M247
  • Network Dedicated SAS
  • Private Layer
Advertising
  • 1XBET





Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

21:14

Utkarsh Gupta: Joining Debian LTS! [Planet Debian]

Hey,

(DPL Style):
TL;DR: I joined Debian LTS as a trainee in July (during DebConf) and finally as a paid contributor from this month onward! :D


Here’s something interesting that happened last weekend!
Back during the good days of DebConf19, I finally got a chance to meet Holger! As amazing and inspiring a person he is, it was an absolute pleasure meeting him and also, I got a chance to talk about Debian LTS in more detail.

I was introduced to Debian LTS by Abhijith during his talk in MiniDebConf Delhi. And since then, I’ve been kinda interested in that project!
But finally it was here that things got a little “official” and after a couple of mail exchanges with Holger and Raphael, I joined in as a trainee!

I had almost no idea what to do next, so the next month I stayed silent, observing the workflow as people kept committing and announcing updates.
And finally in September, I started triaging and fixing the CVEs for Jessie and Stretch (mostly the former).

Thanks to Abhijith who explained the basics of what DLA is and how do we go about fixing bugs and then announcing them.

With that, I could fix a couple of CVEs and thanks to Holger (again) for reviewing and sponsoring the uploads! :D

I mostly worked (as a trainee) on:

  • CVE-2019-10751, affecting httpie, and
  • CVE-2019-16680, affecting file-roller.

And finally this happened:
Commit that mattered!
(Though there’s a little hiccup that happened there, but that’s something we can ignore!)

So finally, I’ll be working with the team from this month on!
As Holger says, very much yay! :D

Until next time.
:wq for today.

20:28

Iustin Pop: Actually fixing a bug [Planet Debian]

One of the outcomes of my recent (last few years) sports ramp-up is that my opensource work is almost entirely left aside. Having an office job makes it very hard to spend more time sitting at the computer at home too…

So even my travis dashboard was red for a while now, but I didn’t look into it until today. Since I didn’t change anything recently, just travis builds started to fail, I was sure it’s just environment changes that need to be taken into account.

And indeed it was so, for two out of three projects. The third one… I actually got to fix a bug, introduced at the beginning of the year, but for which gcc (same gcc that originally passed) started to trip on a while back. I even had to read the man page of snprintf! Was fun ☺, too bad I don’t have enough time to do this more often…

My travis dashboard is green again, and “test suite” (if you can call it that) is expanded to explicitly catch this specific problem in the future.

18:49

Link [Scripting News]

Pro tip for podcasters. In your RSS feed, each <item> should set the <link> element to point at the landing page for the episode. Otherwise the only way to share your podcast is with a link to the MP3 which isn't good for you or them. You can see dozens of these items in my podc account on Twitter.

17:21

Link [Scripting News]

I saw a casual comment somewhere (sorry I forgot where) that creating and editing a template in Wordpress still requires PHP skills. I wondered if this was true. Editing a site template should be a matter of editing HTML only. It can and should be easy. (Update: Apparently it is still that hard.)

17:14

Today in GPF History for Sunday, October 13, 2019 [General Protection Fault: The Comic Strip]

Valerie Smith expresses her interest in a new cryptocurrency called "shadowCoin"...

16:35

Politics has a long way to go [Scripting News]

If I put the name of a company in a tweet with a problem with their product, in 2019 there's a pretty good chance a support rep will respond and try to help. The quality of the help varies, but they do try.

But in all the years I've been blogging, or tweeting, or whatever, the only response I've gotten from a political campaign was to add me to their donor list.

It happened with Obama, Hillary Clinton. It was really humiliating because in both cases, I passionately wanted them to win, but not just the way Obama did, rather in a way that would lead to effective permanent organization of the electorate using networks. Every emailed request for money reminded me of what they thought of me. Give us money. Give us money. And give us money.

So far Warren has just ignored what I've said, even though imho it's been good advice. I think today's piece, especially, is make-or-break for her campaign. To be doing so well up to this point and have the problem show up this early, is scary. I'm not sure that even if she wins, it'll be any better than Trump. That's how serious it is.

Politics is like public radio. They say they're doing it for the people but in the end what they want is donations. At some point we'll have a campaign that embraces the people, and learns how to use networks to organize us. But it hasn't happened yet.

As an experiment this story is archived on GitHub.

15:49

Link [Scripting News]

A lot of other people, including Republicans, have picked up on Elizabeth Warren's unfortunate putdown of people who think that marriage is between one woman and one man. We have to have a serious talk about this, because it reveals a side of Warren that is divisive and unacceptable. I'm sick of electing presidents who divide us into evil and not-evil. It's the sickness of our country. Honestly I don't care about marriage, anyone's marriage. I think marriage is an awful institution. It wrecked the family I grew up in. So no one has the high ground here as far as I'm concerned. And while I think Warren is the best candidate we have now, I think she needs to do some soul searching on this. If she is elected, it would be tragic if she does the same kind of BS that the Republicans do, and tries to make some Americans outcasts. After all, the question she was asked was about other people's beliefs, not their actions. And as president, her job would be to safeguard their rights, along with those of people she agrees with. As faculty at Harvard Law School I would think she would be steeped in that understanding, that it would run in her blood. The Constitution isn't just for people we agree with.

15:00

Link [Scripting News]

A very nice piece about the 25th anniversary of blogging from John Naughton at the Guardian.

Link [Scripting News]

Here's the Yovanovich statement, not behind a paywall, free to download.

Link [Scripting News]

You know how we worried what would happen when Trump's incompetence resulted in an international disaster. I think we've arrived at that point with the Turks and the Kurds.

Link [Scripting News]

I had a dream last night I was forming a new tech startup with Eric Schmidt, former CEO of Google. At one point I explained to a government clerk that Schmidt is a billionaire so it seems likely we’ll get funded. She was saying maybe we should recruit a better CEO and CTO.

It's Trump v the Constitution [Scripting News]

News reports everything as Democrats vs Republicans. This makes me angry, because some things, like the president ignoring the Constitution, are not partisan issues. Yes, the Democrats are on the right side of this one, but so are honorable Republicans.

I used to call for tech boot camps for reporters, to help them get the basic facts right, and avoiding But Her Emails type tragedies. It seems they need legal boot camps too, so they can understand (and report) better on how our constitutional government works.

As an experiment this story is archived on GitHub.

14:49

Arrests in Hong Kong [Richard Stallman's Political Notes]

Hong Kong thugs have arrested around 2400 protesters, of who 750 were minors.

I doubt that any of them were children, though.

Hunter Biden [Richard Stallman's Political Notes]

Hunter Biden's career, whether or not it involves crimes, is payback for political favors. It reflects systemic corruption.

Kurds' bombardment [Richard Stallman's Political Notes]

Syrian Kurds retaliated for Turkish bombardment by bombarding a Turkish border town.

I don't think that can be militarily justified — it sounds like a war crime. Meanwhile, arousing resentment among Turks will strengthen Erdoğan.

Al-Soufi remains open [Richard Stallman's Political Notes]

The Al-Soufi Syrian restaurant in Toronto will remain open, defying right-wing death threats.

I wish I could go to Toronto and give my support by eating there.

Thinktank undermining climate science [Richard Stallman's Political Notes]

Revealed: Top UK thinktank spent decades undermining climate science.

Global heating wiping birds out [Richard Stallman's Political Notes]

3C of global heating could wipe out two-thirds of bird species in North America.

Lead pipes [Richard Stallman's Political Notes]

The sabotage US government updated the regulations for lead in water supplies to _slow down_ the replacement of lead pipes.

Protests in Ecuador [Richard Stallman's Political Notes]

Protesters in Ecuador have taken over Quito and captured some state thugs.

Some protesters are looking for targets for violence; others try to prevent violence. It is crucial that the movement reject violence (except in defense) in a very clear way.

President Moreno certainly ought to be replaced, but the fact that the opposition to him is based mainly on a demand for cheap fossil fuels is very sad. It is an example of the foolish short-term thinking that impedes defense of Earth's climate. The survival of civilization, and millions of species of life, depends on overcoming that foolish way of thinking.

Paris carbon targets in Australia [Richard Stallman's Political Notes]

For Australia to meet its weak Paris carbon targets, it needs to apply a carbon tax of more than USD 75 per ton of CO2 or equivalent.

10:07

Open the cookies [Seth's Blog]

Put a bag of cookies in the break room and it might sit for days.

Open the bag and leave it out, and within an hour, all the cookies will be gone.

We are happy to take a tiny slice off the thing that’s being shared, but we hesitate to open the bag.

The same is true with all of the initiatives in our culture. Design, movements and ideas are all trapped, waiting to be opened, and then the rest of us will happily pile on.

Open the bag.

09:49

Battle Against IPTV Continues As MPA & ACE Take Over Four More Domains [TorrentFreak]

If the figures that were cited following the recent international police operation against Xtream Codes are any yardstick, providers and sellers of ‘pirate’ IPTV providers currently number in their thousands.

While there are relatively few sources at the very top of the pyramid, there could be in excess of 5,000 players selling IPTV subscriptions to the public, which by recent estimates could dwarf even the five million accounts cited by the authorities.

In common with the task of removing every torrent, streaming and similar site from the Internet, the possibility of handing a death blow to the entire IPTV industry seems a distant dream for content providers. But that doesn’t mean incremental efforts aren’t underway.

As previously documented, the massive Alliance for Creativity and Entertainment, which comprises dozens of the world’s largest content companies, is quietly taking down sellers and providers of IPTV. Today we can reveal that another four have had their domains commandeered by MPA America, the organization previously known as the MPAA.

VStreamTV.com first appeared to gain traction back in 2015, selling an inconspicuous set-top box to the public. Promising no contract and no monthly fees, the $349 device boasted 100,000 movies and TV shows, plus 1,000 channels of live entertainment.

Also say ‘Yes’ to an ACE takeover, apparently….

By 2019, the site was offering its latest ‘VS4+’ device, promising unlimited entertainment to customers looking to permanently cut the cord. Then, a few weeks ago, it all came to an end. The site shut down without notice after its domain was taken over by the MPA. Like many before it, it now directs to the anti-piracy portal operated by ACE.

According to web records, MaxTVLive.com only appeared on the scene in 2018. Among other things, the site seems to have offered a custom Android APK to be installed on users’ own devices. For the price of $25 per month, Max TV users could enjoy live TV and other content on a single device, with extra devices costing an extra $5 per month.

However in common with VStreamTV, a few weeks ago the party came to an abrupt end. It seems likely that ACE came knocking with demands to shut down the business as the service’s website is now owned by the MPA and redirects to the ACE portal.

What ultimately happened with MyIQXTV.com isn’t in question – it was taken over by the MPA and now redirects to the ACE portal. We weren’t able to recover a copy of the operation’s website but if it was in any way connected to the IXQtv service (note subtle difference in spelling), it’s no surprise it appeared on the MPA/ACE radar.

IXQtv shut down August 1st and was no ordinary operation. While many IPTV providers operate via resellers, IXQtv operated a ridiculously full-blown multi-level-marketing (MLM) scheme which paid affiliates not only on sales of streaming packages but also commissions for recruiting yet more affiliates. Think Amway for IPTV.

Finally, the obviously-named JailbrokenBlackBox.co takes last place on today’s update of recent domain takeovers. Information on precisely what packages, services or tools the site offered isn’t clear but like the others, it clearly attracted the negative attention of the world’s biggest entertainment companies.

Details of earlier domain takeovers carried out by ACE and the MPA against IPTV-related operations can be found here (1,2,3,4)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

06:07

Nicotine addiction [Richard Stallman's Political Notes]

Young people often become addicted to nicotine even from smoking once per month.

Don't take the risk of using nicotine even once.

If your friends pressure you to do things that are bad for you, such as smoking tobacco (even if mixed with marijuana) or playing nonfree games together, find some new friends — true friends.

Emperor penguins vulnerable to extinction [Richard Stallman's Political Notes]

Emperor penguins are vulnerable to extinction due to melting of the sea ice they depend on. The only way to protect their habitat is by curbing global heating — exactly what we need to protect everything else.

Extreme weather and extinction [Richard Stallman's Political Notes]

The extra-powerful hurricanes that result from global heating do lots of short-term damage, which can be repaired if there is enough money. They can also cause extinction of species, especially those that live only in limited areas near the Florida or the Caribbean.

India plans nationwide face-tracking [Richard Stallman's Political Notes]

India plans to follow China's example, with a nationwide system of face-tracking surveillance cameras.

Don't be distracted by the discussion of data protection laws. If India had them, they would make little difference to the injustice that such a system would enable.

05:14

More Super Old Thumbnails [Skin Horse]

Shaenon: More Nick and Dr. Lee strips I wrote a million years ago and finally got to draw.

Channing: The situation in which these strips aired is somewhat different than the one Shaenon originally envisioned all those years ago, but I hope that the alternative route I took getting there was close enough that they still felt like they fit.

03:14

Human Reproductive Systems [Nina Paley]

Female (front)
Male (front)
Male (side)

00:42

More stable kernels [LWN.net]

The 5.3.6, 4.19.79, and 4.14.149 stable kernel updates have been released; each contains another set of important updates.

00:14

Shirish Agarwal: Social media, knowledge and some history of Banking [Planet Debian]

First of all Happy Dusshera to everybody. While Dusshera is India is a symbol of many things, it is a symbol of forgiveness and new beginnings. While I don’t know about new beginnings I do feel there is still lot of baggage which needs to be left I would try to share some insights I uncovered over last few months and few realizations I came across.

First of all thank you to the Debian-gnome-team to keep working at new version of packages. While there are still a bunch of bugs which need to be fixed especially #895990 and #913978 among others, still kudos for working at it. Hopefully, those bugs and others will be fixed soon so we could install gnome without a hiccup. I have not been on IRC because my riot-web has been broken for several days now. Also most of the IRC and telegram channels at least related to Debian become mostly echo chambers one way or the other as you do not get any serious opposition. On twitter, while it’s highly toxic, you also get the urge to fight the good fight when either due to principles or for some other reason (usually paid trolls) people fight, While I follow my own rules on twitter apart from their TOS, I feel at least new people who are going on social media in India or perhaps elsewhere as well could use are –

  1. It is difficult to remain neutral and stick to the facts. If you just stick to the facts, you will be branded as urban naxal or some such names.
  2. I find many times, if you are calm and don’t react, many a times, they are curious and display ignorance of knowledge which you thought everyone knew is not there. Now whether that is due to either due to lack of education, lack of knowledge or pretensions, although if its pretentious, you are caught sooner or later.
  3. Be civil at all times, if somebody harassess you, calls you names, report them and block them, although twitter still needs to fix the reporting thing a whole lot more. Although, when even somebody like me (bit of understanding of law, technology, language etc.) had a hard time figuring out twitter’s reporting ways, I dunno how many people would be able to use it successfully ? Maybe they make it so unhelpful so the traffic flows no matter what. I do realize they still haven’t figured out their business model but that’s a question for another day. In short, they need to make it far more simpler than it is today.
  4. You always have an option to block people but it has its own consequences.
  5. Be passive-aggressive if the situation demands it.
  6. Most importantly though, if somebody starts making jokes about you or start abusing you, it is sure that the person on the other side doesn’t have any more arguments and you have won.

Banking

Before I start, let me share why I am putting a blog post on the topic. The reason is pretty simple. It seems a huge number of Indians don’t either know the history of how banking started, the various turns it took and so on and so forth. In fact, nowadays history is being so hotly contested and perhaps even being re-written. Hence for some things I would be sharing some sources but even within them, there is possibiity of contestations. One of the contestations for a long time is when ancient coinage and the technique of smelting, flattening came to India. Depending on whom you ask, you have different answers. Lot of people are waiting to get more insight from the Keezhadi excavation which may also give some insight to the topic as well. There are rumors that the funding is being stopped but hope that isn’t true and we gain some more insight in Indian history. In fact, in South India, there seems to be lot of curiousity and attraction towards the site. It is possible that the next time I get a chance to see South India, I may try to see if there is a chance to see this unique location if a museum gets built somewhere nearby. Sorry from deviating from the topic, but it seems that ancient coinage started anywhere between 1st millenium BCE to 6th century BCE so it could be anywhere between 1500 – 2000 years old in India. While we can’t say anything for sure, but it’s possible that there was barter before that. There has also been some history about sharing tokens in different parts of the world as well. The various timelines get all jumbled up hence I would suggest people to use the wikipedia page of History of Money as a starting point. While it may not be give a complete, it would probably broaden the understanding a little bit. One of the reasons why history is so hotly contested could also perhaps lie because of the destruction of the Ancient Library of Alexandria. Who knows what more we would have known of our ancients if it was not destroyed 😦

Hundi (16th Centry)

I am jumping to 16th century as it is more closer to today’s modern banking otherwise the blog post would be too long. Now Hundi was a financial instrument which was used from 16th century onwards. This could be as either a forbearer of a cheque or a Traveller’s cheque. There doesn’t seem to be much in way of information, whether this was introduced by the Britishers or before by the Portugese when they came to India in via when the Portugese came when they came to India or was it in prevelance before. There is a fascinating in-depth study of Hundi though between 1858-1978 done by Marina Bernadette for London School of Economics as her dissertion paper.

Banias and Sarafs

As I had shared before, history in India is intertwined with mythology and history. While there is possibility of a lot of history behind this is documented somewhere I haven’t been able to find it. As I come from Bania , I had learnt lot of stories about both the migratory strain that Banias had as well as how banias used to split their children in adjoining states. Before the Britishers ruled over India, popular history tells us that it was Mughal emprire that ruled over us. What it doesn’t tell us though that both during the Mughal empire as well as Britishers, Banias and Sarafs who were moneylenders and bullion traders respectively hedged their bets. More so, if they were in royal service or bound to be close to the power of administration of the state/mini-kingdom/s . What they used to do is make sure that one of the sons would obey the king here while the other son may serve the muslim ruler. The idea behind that irrespective of whoever wins, the banias or sarafs would be able to continue their traditions and it was very much possible that the other brother would not be killed or even if he was, any or all wealth will pass to the victorious brother and the family name will live on. If I were to look at that, I’m sure I’ll find the same not only in Banias and Sarafs but perhaps other castes and communities as well. Modern history also tells of Rothschilds who did and continue to be an influence on the world today.

As to why did I share about how people acted in their self-interest because nowadays in the Indian social media, it is because many people chose to believe a very simplistic black and white narrative and they are being fed that by today’s dominant political party in power. What I’m trying to simply say is that history is much more complex than that. While you may choose to believe either of the beliefs, it might open a window in at least some Indian’s minds that there is possibility of another way things were done and ways in which people acted then what is being perceived today. It is also possible it may be contested today as lot of people would like to appear in the ‘right side’ of history as it seems today.

Banking in British Raj till nationalization

When the Britishers came, they bought the modern Banking system with them. These lead to creation of various banks like Bank of Bengal, Bank of Bombay and Bank of Madras which was later subsumed under Imperial Bank of India which later became State Bank of India in 1955. While I will not go into details, I do have curiousity so if life has, would surely want to visit either the Banca Monte dei Paschi di Siena S.p.A of Italy or the Berenberg Bank both of which probably has lot of history than what is written on their wikipedi pages. Soon, other banks. Soon there was whole clutch of banks which will continue to facilitate the British till independance and leak money overseas even afterwards till the Banks were nationalized in 1956 due to the ‘Gorwala Committee’ which recommended. Apart from the opaqueness of private banking and leakages, there was non provision of loans to priority sector i.e. farming in India, A.D. Gorawala recommended nationalization to weed out both issues in a single solution. One could debate efficacy of the same, but history has shown us that privatization in financial sector has many a times been costly to depositors. The financial Crisis of 2008 and the aftermath in many of the financial markets, more so private banks is a testament to it. Even the documentary Plenary’s Men gives whole lot of insight in the corruption that Private banks do today.

The plenary’s men on Youtube at least to my mind is evidence enough that at least India should be cautious in dealings with private banks.

Co-operative banks and their Rise

The Co-operative banks rise in India was largely in part due to rise of co-operative societies. While the co-operative Societies Act was started in 1904 itself. While there were quite a few co-operative societies and banks, arguably the real filip to Co-operative Banking was done by Amul when it started in 1946 and the milk credit society it started with it. I dunno how many people saw ‘Manthan‘ which chronicled the story and bought the story of both the co-operative societies and co-operative banks to millions of India. It is a classic movie which lot of today’s youth probably doesn’t know and even if he would would take time to identify with, although people of my generation the earlier generations do get it. One of the things that many people don’t get is that for lot of people even today, especially for marginal farmers and such in rural areas, co-operative banks are still the only solution. While in recent times, the Govt. of the day has tried something called Jan Dhan Yojana it hasn’t been as much a success as they were hoping to. While reams of paper have been written about it, like most policies it didn’t deliver to the last person which such inclusion programs try. Issues from design to implementation are many but perhaps some other time. I am sharing about Co-operative banks as a recent scam took place in one of the banks, probably one of the most respected and widely held co-operative banks. I would rather share sucheta dalal’s excellent analysis done on the PMC bank crisis which is 1unfolding and perhaps continue to unfold in days to come.

Conclusion

At the end I have to admit I took a lot of short-cuts to reach till here. There is possibility that there may be details people might want me to incorporate, if so please let me know and would try and add that. I did try to compress as much as possible while trying to be as exhaustive as possible. I also haven’t used any data as I wanted to keep the explanations as simple as possible and try not to have as little of politics as possible even though biases which are there, are there.

Saturday, 12 October

23:28

Louis-Philippe Véronneau: Alpine MusicSafe Classic Hearing Protection Review [Planet Debian]

Yesterday, I went to a punk rock show and had tons of fun. One of the bands playing (Jeunesse Apatride) hadn't played in 5 years and the crowd was wild. The other bands playing were also great. Here's a few links if you enjoy Oi! and Ska:

Sadly, those kind of concerts are always waaaaayyyyy too loud. I mostly go to small venue concerts and for some reason the sound technicians think it's a good idea to make everyone's ears bleed. You really don't need to amplify the drums when the whole concert venue is 50m²...

So I bough hearing protection. It was the first time I wore earplugs at a concert and it was great! I can't really compare the model I got (Alpine MusicSafe Classic earplugs) to other brands since it's the only one I tried out, but:

  • They were very comfortable. I wore them for about 5 hours and didn't feel any discomfort.

  • They came with two sets of plastic tips you insert in the silicone earbuds. I tried the -17db ones but I decided to go with the -18db inserts as it was still freaking loud.

  • They fitted very well in my ears even tough I was in the roughest mosh pit I've ever experienced (and I've seen quite a few). I was sweating profusely from all the heavy moshing and never once I feared loosing them.

  • My ears weren't ringing when I came back home so I guess they work.

  • The earplugs didn't distort sound, only reduce the volume.

  • They came with a handy aluminium carrying case that's really durable. You can put it on your keychain and carry them around safely.

  • They only cost me ~25 CAD with taxes.

The only thing I disliked was that I found it pretty much impossible to sing while wearing them. as I couldn't really hear myself. With a bit of practice, I was able to sing true but it wasn't great :(

All in all, I'm really happy with my purchase and I don't think I'll ever go to another concert without earplugs.

22:14

Urgent: Stop "vulture" hedge funds [Richard Stallman's Political Notes]

US citizens: call on Democrats in Congress to fight the hedge funds that control Puerto Rico.

Instead of fighting them over and over, why not change the law to chop down the hedge?

If you sign, please spread the word!

21:28

Link [Scripting News]

New header graphic, autumn in the mountains. Previous was a scene from King Kong.

21:21

Thoughts on Gemini Man, and its High Frame Rate [Whatever]

My daughter asked me if I wanted to go see Gemini Man with her last night, and I did, not because I thought it would be gripping action film with just a tinge of science fiction (which is what it’s promoted as), but because I’m a cinema nerd and director Ang Lee shot the film at 120 frames a second, i.e., a much higher rate than the standard 24-frames-per-second that is used for the usual cinematic outing. I wanted to see what it looked like, and whether it would add anything to the experience.

The personal answer to this question: well, I thought it looked cool, anyway; and no, not really.

I’ll get to that in a minute, but first, the story: Will Smith is a 51-year-old assassin who feels he’s lost a step and wants to retire, but of course when you’re a professional assassin you can’t just retire, so the government, in the form of Clive Own sends an assassin to take him out, an assassin who just happens to be a clone of Smith’s character (this is not a spoiler, it’s all over the trailers and posters). Action scenes and bog standard plot twists ensue, and Mary Elizabeth Winstead and Benedict Wong are along for sidekick and comic relief duties respectively.

It’s fine. Director Ang Lee works beneath his level, but since his level is “two-time Oscar winner” it’s all still perfectly competent. The script has major holes in it but the movie doesn’t slow down to let you think about them, so that’s well enough, and the action scenes move along at an agreeable clip. Smith, Winstead, Wong and Owen are all attractive presences on screen, and the CGI’d younger version of Smith is credible enough both in physical detail and performance not to be distracting. It’s fine. Fine is fine. I don’t know that I will remember this movie a week from now, but while I was watching it I was reasonably entertained. Fair enough.

But for me, the thing I wanted to see was the high frame rate, and how it contributed (or didn’t) to the movie. There are purists who dislike movies being screened at higher than 24 frames a second because they think that 24fps is an essential part of cinematic grammar — it’s what gives cinema its “feel,” and higher frame rates make everything feel like a cheap soap opera. Personally, I’m meh on this; 24fps is a historical artifact, and there’s no particular reason to be tied to it these days, when nearly all theater projectors are digital and movies can be recorded and shown in higher film rates if the filmmakers want. Moreover, I’m pretty sure that younger people don’t see high frame rates as a negative; if they see something at 60fps or above, they don’t think “soap opera” — a reference which doesn’t mean anything to them since soap operas mostly don’t exist anymore — they think “video games.” And in video games, the higher the fps, the better. Why not the same in movies?

With that said, if you’re going to go out of your way to record your movie at a higher film rate, I think it helps to have a reason. I’m not tied to the 24 frame per second rate, but there’s nothing wrong with it, either. If you’re going to deviate from it — and call attention to that deviation — it’s worth it to have a good reason for doing so.

As far as I can see, there wasn’t any particularly good reason to go with the higher frame rate for Gemini Man. Yes, everything on screen moved more smoothly, and if you’re not used to higher frame rates, it can give the illusion of hyper reality. But the novelty of that wears off quickly enough, and then it becomes a question of whether the additional frames help with cinematography, or action sequences or special effects or anything else. And here, it didn’t, really. The action sequences, in particular, were not so complicated or choreographed that a higher frame rate added clarity to their execution; I suspect they would be have been equally effective at 24fps. I was aware of the additional smoothness in these scenes (especially the slow motion bits), but I wasn’t seeing how it mattered, aesthetically or functionally.

So, in the end, the higher frame rate of Gemini Man was… fine. The movie worked fine with it, and it would have worked just fine without it. It neither harmed nor added real value to the movie or the story. Does it make think that high frame rate movies are the wave of the future? Not really, no. It also doesn’t argue against the idea, either. It’s now just another tool in the filmmaker toolbox. Something they can do, if they want to, or not if they don’t. Like 3D, which, incidentally, I saw Gemini Man in, and which, like the high frame rate, neither added nor detracted from this particular movie and story.

This is the second film I’ve seen in theaters at a higher frame rate; the first was The Hobbit, which I went out of my way to see in “48HFR,” as it was advertised at the time. I liked it there and thought it suited the movie, but then I saw the subsequent Hobbit installments in regular 24fps and did not feel the lack of frame rate in any particular way. I’m still waiting for the movie for which a higher frame rate is actually critical for the cinematic experience. Maybe the upcoming Avatar sequels? Say what you will about Avatar, but for my money there was a distinct differential in experience between the 2D and 3D versions of that movie, and the 3D version was noticeably more affecting. I understand Cameron is shooting the sequels at 60fps, and if there’s any filmmaker who can make those higher frame rates pay off, it’s probably him. We’ll see.

In the meantime: Gemini Man is a perfectly adequate way to burn off two hours in the theatre. If you like Will Smith, it’s very Will Smithy. There are worse things.

19:49

Ebook Piracy Grows, Contrary to The Trend [TorrentFreak]

Piracy statistics can be tricky. Trends often go in different directions, depending on the region, the type of media, as well as the research timeframe.

One of the most elaborate datasets collected in recent years comes from the University of Amsterdam.

Among other things, it suggested that legal options are a better way to beat piracy than enforcement.

The underlying data forms the basis of a new research article where two nearly identical piracy surveys from 2012 and 2017 were compared. This allowed the researchers to look at changes in media consumption and piracy habits among the Dutch public over the years.

The respondents were asked about both legal and unauthorized consumption of music, movies and TV, games, and books. One of the overall findings was that between 2012 and 2017 the interest in physical goods plummeted.

For example, the number of people who bought physical music carriers was slashed in half to 20% and for movies/TV the decline was even more pronounced, falling from 45% to 20%. Physical books saw the smallest drop, with 60% still buying real books, down from 69%.

This trend coincides with a massive boost in digital sales. The number of people who bought digital entertainment increased across all categories, nearly tripling for movies and TV, which is likely due to Netflix. That’s a positive sign for the entertainment industries, which is also reflected in the piracy frequencies.

Results, in Dutch

The survey found that the percentage of people who still download or stream content from unauthorized sources decreased for nearly every category. This effect is most significant for music and games, while movie and TV piracy remained relatively stable.

The only category for which the piracy rate went up was Ebooks. Between 2012 and 2017 the number of Ebook pirates increased from 6.3% to 7.7%, which is marginally significant.

According to the researchers, this shows that these book pirates are missing something in the current legal offering. A good subscription service for example, where people can access an unlimited number of books for a fixed price.

“Looking at the other markets, access-based subscriptions appear to be the most promising, where a large increase in the number of transactions compensates a lower average return per transaction,” the researchers write.

While not mentioned in the article, the massive increase in Ebook consumers may also play a role in the increased piracy rate. The number of people who bought Ebooks, and thus have e-readers, increased by 80% between 2012 and 2017.

Part of this new e-reader userbase apparently showed an interest in pirated books as well, which likely impacted the piracy rate. With that in mind, the piracy increase is relatively modest.

The research also looked at various pirate demographics and how these changed over time. This shows that between 2012 and 2017, women started to pirate more books and fewer games and music. These changes are more pronounced than for men.

In addition, the data reveal that, overall, less educated people pirate less. This is the case across all categories but the biggest difference can be found in the books category.

If anything, the findings show that generic statements about piracy rates and the average pirate are relatively meaningless. It is the finer detail that helps us to understand what’s really happening.

The present survey data shows that physical media is quickly losing popularity as more people consume legal content digitally. At the same time, piracy rates are dropping significantly for music and games, at least in the Netherlands, while Ebook piracy slowly increases.

A copy of the paper (in Dutch) titled “Polderpiraten voor anker” written by Joost Poort, Martin van der Ende, and Anastasia Yagafarova is available here.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

17:56

AT&T hikes business customers' bills by up to 7%, charging them to recoup its own property taxes [Cory Doctorow – Boing Boing]

AT&T business customers, including those who've been promised a locked-in rate inclusive of all taxes and fees, are finding "property tax" surcharges on their bills of up to 7%. These charges represent an attempt by AT&T to pass on the property taxes it pays on its own offices and other facilities to its customers.

Moreover, these "property tax" charges are subject to sudden, ballooning changes -- one customer reported at 335% increase in the "property tax" charge over the space of a single billing cycle.

Most companies would consider property taxes one of the costs of doing business, and they'd simply factor the taxes into their advertised prices instead of deceiving customers by listing one price in an order and then charging a higher one. At the risk of giving AT&T's billing department more ideas, why stop at property taxes? Why not charge customers separate fees for AT&T's water and electricity bills, too?

"I pay my own property tax, don't want to pay theirs!" one customer wrote in an AT&T support forum in July 2017. "Can a doctor add a property tax to their bill for services, or a bank? Why not just raise the rates if it is part of their business?"

AT&T raises prices 7% by making its customers pay AT&T’s property taxes [Jon Brodkin/Ars Technica]

(via /.)

Google continues to funnel vast sums to notorious climate deniers [Cory Doctorow – Boing Boing]

Google and the other big tech companies are some of the most lavish funders of climate denial "think tanks" and lobbying groups, something they've been at continuously for more than six years, without interruption.

Google doesn't fund these lobbyists because they're climate deniers, nor because they're indifferent to climate change and its human costs.

Google funds these lobbyists and astroturf operations because they also lobby for lax tax enforcement, lax labor laws, lax privacy laws, and so on. The fact that these groups also lobby for the right of corporations to render our planet uninhabitable (as well as against the rights of LGBTQ people, against reproductive freedom for women, etc) is merely an acceptable cost of greasing the skids to allow Big Tech to seek profits at the expense of their workers, suppliers, customers and society.

The latest round of revelations about Google's contribution to climate deniers comes from Google's list of "politically-engaged trade associations, independent third-party organizations and other tax-exempt groups that receive the most substantial contributions from Google’sU.S. Government Affairs and Public Policy team."

It includes the Competitive Enterprise Institute, who claimed responsibility for getting Trump to pull out of the Paris Accord (CEI is also pro-monopoly, anti-Net Neutrality, pro-binding arbitration, anti-Obamacare, anti-Consumer Financial Protection Board, and fronts for the monopolists who dominate oil, tobacco, and alcohol).

Other recipients of "substantial contributions" from Google include the State Policy Network, who front for The Heartland Institute, a radical climate-science denial thinktank with major Koch funding. SPN's actively solicits signatures for a "climate pledge" that holds that "our natural environment is getting better...there is no climate crisis."

Google "substantially contributes" to the American Conservative Union (led by a Koch operative who takes credit for the climate gridlock in DC), the American Enterprise Institute (another prominent, lavish climate denial spender) and the Americans for Tax Reform whose radical anti-taxation agenda also includes condemnation of climate action as "corporate welfare."

Google funds the Heritage Foundation, the Cato Institute, the Mercatus Center, and Heritage Action, all of whom have led on climate denial.

Google defends itself by saying that it only supports the CEI and SPN work that enriches Google's shareholders, and not the policies that doom us all to a horrible death when the only known planet capable of sustaining human life is rendered uninhabitable.

A Google spokesman also pointed out that other Big Tech companies send millions to these organizations, so when your house burns down in a wildfire or you die in a pandemic, the blame will not be Google's alone. Amazon will also be at fault, as will Microsoft and the other tech monopolists.

Bill McKibben, a prominent environmentalist who has been on the frontline of the climate crisis for decades, said Google and other companies were engaged in a “functional greenwashing” given the contradiction in their public pronouncements and private donations. He said Google and other technology companies had also not used their own lobbyists to advocate for change on climate.

“Sometimes I’ll talk to companies and they will be going on and on about their renewable server farm or natural gas delivery, and I say thank you, but what we really need is for your lobbying shop in Washington to put serious muscle behind it. And they never do,” McKibben said. “They want some tax break or some regulations switch and they never devote the slightest muscle behind the most important issue of our time or any time.”

A spokesperson for Google said: “We’ve been extremely clear that Google’s sponsorship doesn’t mean that we endorse that organisation’s entire agenda – we may disagree strongly on some issues.

“Our position on climate change is similarly clear. Since 2007, we have operated as a carbon neutral company and for the second year in a row, we reached 100% renewable energy for our global operations.”

Revealed: Google made large contributions to climate change deniers [Stephanie Kirchgaessner/The Guardian]

(via /.)

(Image: John Marino, CC BY-SA, modified)

17:42

Status of State and Justice [Scripting News]

Not only can Barr and Pompeo be impeached, they can also be indicted, tried, convicted and imprisoned. It has happened before to Nixon's Attorney General, John Mitchell.

It's worth noting this because they know it too.

Both are doubling-down on the obstruction.

And they have a lot of power.

However the SDNY investigation of Giuliani says Barr isn't in complete control of DoJ yet.

And people from State are giving public testimony.

17:35

Today in GPF History for Saturday, October 12, 2019 [General Protection Fault: The Comic Strip]

Deep beneath Nerdvana, Ki and Fooker are about to cross paths unexpectedly...

17:14

Mayor accused of failing to fullfil road maintenance promises is dragged through the streets by angry voters [Cory Doctorow – Boing Boing]

Jorge Luis Escandón Hernández was elected mayor of Las Margaritas, Chiapas after he promised to repair city's rural roads, in a chaotic campaign that included accusations of a "brawl" with his opponent's supporters.

Local police have arrested 11 locals, identified by the BBC as farmers angry that he had not made good on his roadworks promises, for kidnapping Escandón from his office, tying him to the back of a pickup truck, and publicly dragging him through the streets of the Santa Rita district. Escandón did not sustain serious injuries, but has indicated his intention to seek criminal charges for abduction and attempted murder.

The public spectacle was ended when "dozens" of police officers managed to stop the truck and arrest the accused, after "scuffles" that resulted in multiple injuries.

The dragging marks the escalation of hostilities by farmers angry about the failed road maintenance promise -- four months ago, Escandón's office was vandalized over the issue.

Mayors and local politicians in Mexico are often targeted by drug gangs when they refuse to cooperate with their criminal schemes but it is less common for them to be attacked over their campaign promises.

Mexico mayor tied to car and dragged along by angry locals [BBC]

(via Naked Capitalism)

17:07

Dirk Eddelbuettel: GitHub Streak: Round Six [Planet Debian]

Five ago I referenced the Seinfeld Streak used in an earlier post of regular updates to to the Rcpp Gallery:

This is sometimes called Jerry Seinfeld’s secret to productivity: Just keep at it. Don’t break the streak.

and then showed the first chart of GitHub streaking

github activity october 2013 to october 2014github activity october 2013 to october 2014

And four year ago a first follow-up appeared in this post:

github activity october 2014 to october 2015github activity october 2014 to october 2015

And three years ago we had a followup

github activity october 2015 to october 2016github activity october 2015 to october 2016

And two years ago we had another one

github activity october 2016 to october 2017github activity october 2016 to october 2017

And last year another one

github activity october 2017 to october 2018github activity october 2017 to october 2018

As today is October 12, here is the newest one from 2018 to 2019:

github activity october 2018 to october 2019github activity october 2018 to october 2019

Again, special thanks go to Alessandro Pezzè for the Chrome add-on GithubOriginalStreak.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

16:14

Running Unix apps in background [Scripting News]

For an application I'm developing I need to run it in the background, yet easily stop and relaunch it. So this is what I do.

  1. At the command line type nohup node app.js & and press Return.
  2. You can see the output of the app by pressing Ctl-C then tail -f nohup.out. It creates this file in the directory the app was run from.
  3. To kill the node process and any other node processes it might have launched, enter killall -i node. The -i flag means that it will confirm before killing each process.

I put these notes in my blog so I can find them again, easily, and don't have to figure it out ever time. Also so people who know more than I do about this topic can tell me better ways to do this. :orange:

As an experiment, I'm mirroring this post over on GitHub.

14:43

Link [Scripting News]

I didn’t like Elizabeth Warren's bit about marriage, even though I agree with the idea behind it, I don’t think presidents can put down people like that and not have it blow back on them, and us. Remember Obama’s roast of Trump. I felt the same way about that. It was both funny and infuriating. And the blowback has been epic.

13:56

El Camino was unnecessary [Scripting News]

Of course I watched El Camino, the new Breaking Bad movie on Netflix. It wasn't really a movie or an episode of Breaking Bad. It was more like a few scenes from a Breaking Bad episode with brief appearances by many of the characters from the series, looking much older than they did at the end of the last episode (which aired six years ago).

It was a lot like the Deadwood movie, a series that was cut short and should have been allowed to finish. The real town of Deadwood had a climax that was never part of the TV series. The movie was basically plotless, it was a series of cameos by the stars of the original series, the actors looking much older, in some cases not recognizable, saying a few things, not to be seen again. For a show that had such gravitas, was so daring and unprecedented, it was a kind of humiliation. Yet it got good reviews. I don't understand why.

Spoiler alert -- yes there are spoilers below.

Nothing much happens in El Camino. As we know from the end of the series, the protagonist, Jesse Pinkman, survives and escapes. He hooks up with his old friends, remembers some scenes from the past, has to solve a problem, kills a few people and rides off into the sunset.

Okay it was fun to watch, but I hoped for much more. If you loved Breaking Bad as I did, you should watch it. But all this show does, imho, is set the stage for yet another pointless encore. There's a lot to be said for an edgy show like Breaking Bad leaving you at the edge without telling you what happens next.

12:49

International Day Against DRM 2019 Focuses on Education [TorrentFreak]

The Free Software Foundation’s Defective by Design campaign International Day Against Digital Restrictions Management is here again.

It’s been 12 months since the campaign celebrated the 12th anniversary of its quest to prompt, pressure and prevent companies from restricting what we can do with legitimately bought content and products.

This year the main focus is perhaps the noblest to date – the right to an education.

“Defective by Design is calling on you to stand up against Digital Restrictions Management (DRM) on the International Day Against DRM (IDAD) on October 12th, 2019,” the campaign site reads.

“This year we will be focusing specifically on everyone’s right to read, particularly by urging publishers to free students and educators from the unnecessary and cumbersome restrictions that make their access to necessary course materials far more difficult.”

The campaign homes-in on publishers including Pearson, which individually stands accused of placing “digital handcuffs” on students with a “Netflix-like” textbook model that requires constant Internet connections to validate purchases, limits how many pages of a title that can be read at a time, and monitors reading habits.

Defective By Design wants publishers to remove every piece of DRM from their educational materials, a lofty but particularly noble aim. There can be few students or educators out there who still believe that locking up papers, studies and similar material is the best way to impart knowledge and as a result, improve society.

Only time will tell whether that particular quest will bear fruit but reading the campaign’s notes one can’t help but feel there’s a mountain to climb in respect of the broader picture. While those with plenty of energy are invited to join in the chorus or even stage their own events, the section detailing how people can offer basic support is unintentionally depressing.

“The easiest way to participate is to join us in going a Day Without DRM, and resolve to spend an entire day (or longer!) without Netflix, Hulu, and other restricted services to show your support of the movement,” it reads.

“Document your experiences on social media using the tags ‘#idad’ or ‘#dbd,’ and let us know at info@defectivebydesign.org if you have a special story you’d like us to share.”

While a day without Netflix should be achievable, the site lists plenty of other companies that should be avoided, if one wants to seriously protest the spread of DRM. Doing without all of them will be a herculean task for any digital native.

For example, the black hole left by Netflix abstinence cannot be filled by listening to Spotify or Amazon Music, which are labeled by the campaign as “worst offenders” when it comes to DRM. Even with the benefit of music-free silence, people are encouraged not to use Amazon’s Kindle either.

It’s at this point you begin to realize how deeply entrenched DRM is and how difficult it will be to extract ourselves from it. The situation is further compounded when the list reveals that we should avoid using an iPad or indeed any Apple or Microsoft products.

Considering most desktop users are running Windows and millions of mobile users are Apple-based, spreading the hashtags ‘#idad’ or ‘#dbd’ on social media while strictly following the “boycott if possible” rules could rule out millions of participants. That is not what is needed today but so compromises will have to be made.

The moderately good news is that Android isn’t on the list as a “worst offender” but unfortunately it still incorporates DRM. And its developer, Google, has a page all of its own on the Defective By Design site, called out for being a promoter of DRM and for lobbying in favor of restrictive web standards.

We wish the International Day Against Digital Restrictions Management every success because very few people are still fighting this battle and the education element, in particular, is hard to understate. But in a world where profit trumps moral ideals at every turn, this war becomes more difficult to win with every passing year.

And in many cases, it’s arguably our own fault.

Support the 2019 campaign by visiting Defective By Design here

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

11:08

“I’m sorry” takes guts [Seth's Blog]

I recently saw two men arguing about who got to use the urinal next.

As a result, neither got what he wanted, and neither could honestly say that his day got better.

The need to win every interaction, the inability to apologize, the short-term over the long-term–this isn’t a sign of strength, it’s a symptom of immaturity and weakness that almost always leads to suboptimal results.

If apologizing engages the network and makes it more likely that we can stay in sync, it pays for itself many times over.

06:28

UK government investing in gas [Richard Stallman's Political Notes]

As Climate Rebellion Spreads, UK Govt Risks "Carbon Blowout" By Investing in Gas.

US prosecuting alleged whistleblower [Richard Stallman's Political Notes]

The US is prosecuting an alleged whistleblower, Henry Kyle Frese. He is accused of spying on behalf of the public.

Leveraged buyouts killing newspapers [Richard Stallman's Political Notes]

Leveraged buyouts are killing America's remaining newspapers. (As well as many other businesses.)

What I wonder is, if the debt gets dumped on a company that is likely to go bankrupt, does that mean the bank that lent the money never gets repaid? If so, why don't banks refuse to lend for these transactions?

Quit ICE [Richard Stallman's Political Notes]

If you work for the deportation thugs, you can quit.

Feeds

FeedRSSLast fetchedNext fetched after
XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
a bag of four grapes XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
A Smart Bear: Startups and Marketing for Geeks XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
Anarcho's blog XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
Ansible XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
Bad Science XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
Black Doggerel XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
Blog – Official site of Stephen Fry XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
Broodhollow XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
Charlie Brooker | The Guardian XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
Charlie's Diary XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
Chasing the Sunset - Comics Only XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
Clay Shirky XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
Coding Horror XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
Cory Doctorow – Boing Boing XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
Cory Doctorow's craphound.com XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
Ctrl+Alt+Del Comic XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
Cyberunions XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
David Mitchell | The Guardian XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
Debian GNU/Linux System Administration Resources XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
Deeplinks XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
Diesel Sweeties webcomic by rstevens XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
Dilbert XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
Dork Tower XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
Edmund Finney's Quest to Find the Meaning of Life XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
Eerie Cuties XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
EFF Action Center XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
Enspiral Tales - Medium XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
Erin Dies Alone XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
Events XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
Falkvinge on Liberty XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
Flipside XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
Free software jobs XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
Full Frontal Nerdity by Aaron Williams XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
General Protection Fault: The Comic Strip XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
George Monbiot XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
Girl Genius XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
God Hates Astronauts XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
Graeme Smith XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
Groklaw XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
Hackney Anarchist Group XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
http://cashing-knowledge.jp/?feed=rss2 XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
http://eng.anarchoblogs.org/feed/atom/ XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
http://feed43.com/3874015735218037.xml XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
http://feeds2.feedburner.com/GeekEtiquette?format=xml XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
http://fulltextrssfeed.com/feeds2.feedburner.com/uclick/doonesbury?format=xml XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
http://london.indymedia.org/articles.rss XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
http://the-programmers-stone.com/feed/ XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
http://thecommune.co.uk/feed/ XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
http://ubuntuweblogs.org/atom.xml XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
http://www.amongruins.org/?feed=atom XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
http://www.baen.com/baenebooks XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
http://www.dcscience.net/feed/medium.co XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
http://www.freedompress.org.uk/news/feed/ XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
http://www.goblinscomic.com/category/comics/feed/ XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
http://www.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
http://www.steampunkmagazine.com/inside/feed/ XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
http://www.tinycat.co.uk/feed/ XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
https://hackbloc.org/rss.xml XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
https://kajafoglio.livejournal.com/data/atom/ XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
https://philfoglio.livejournal.com/data/atom/ XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
https://studiofoglio.livejournal.com/data/atom/ XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
https://twitter.com/statuses/user_timeline/22724360.rss XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
https://web.randi.org/?format=feed&type=rss XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
https://www.hackneysolidarity.info/rss.xml XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
https://www.patreon.com/graveyardgreg/posts/comic.rss XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
Humble Bundle Blog XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
I, Cringely XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
Irregular Webcomic! XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
Joel on Software XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
Judith Proctor's Journal XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
Krebs on Security XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
Lambda the Ultimate - Programming Languages Weblog XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
LLVM Project Blog XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
Looking For Group XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
Loomio Blog XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
LWN.net XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
Menage a 3 XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
Mimi and Eunice XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
Neil Gaiman's Journal XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
Nina Paley XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
O Abnormal – Scifi/Fantasy Artist XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
Oglaf! -- Comics. Often dirty. XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
Oh Joy Sex Toy XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
Order of the Stick XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
Original Fiction – Tor.com XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
OSnews XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
Paul Graham: Unofficial RSS Feed XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
Penny Arcade XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
Penny Red XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
PHD Comics XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
Phil's blog XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
Planet Debian XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
Planet GridPP XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
Planet Lisp XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
Property is Theft! XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
PS238 by Aaron Williams XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
QC RSS XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
Radar XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
RevK®'s rants XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
Richard Stallman's Political Notes XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
Scenes From A Multiverse XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
Schneier on Security XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
SCHNEWS.ORG.UK XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
Scripting News XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
Seth's Blog XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
Skin Horse XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
Starslip by Kris Straub XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
Tales From the Riverbank XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
The Adventures of Dr. McNinja XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
The Bumpycat sat on the mat XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
The Command Line XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
The Daily WTF XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
The Monochrome Mob XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
The Non-Adventures of Wonderella XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
The Old New Thing XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
The Open Source Grid Engine Blog XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
The Phoenix Requiem XML 18:35, Tuesday, 15 October 19:15, Tuesday, 15 October
The Rogues Gallery XML 18:14, Tuesday, 15 October 19:02, Tuesday, 15 October
The Stranger, Seattle's Only Newspaper: Savage Love XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
TorrentFreak XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
towerhamletsalarm XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
Twokinds XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
UK Indymedia Features XML 18:35, Tuesday, 15 October 19:17, Tuesday, 15 October
Uploads from ne11y XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
Uploads from piasladic XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October
Use Sword on Monster XML 18:07, Tuesday, 15 October 18:54, Tuesday, 15 October
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 18:42, Tuesday, 15 October 19:28, Tuesday, 15 October
What If? XML 18:42, Tuesday, 15 October 19:23, Tuesday, 15 October
Whatever XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
Whitechapel Anarchist Group XML 18:42, Tuesday, 15 October 19:31, Tuesday, 15 October
WIL WHEATON dot NET XML 18:35, Tuesday, 15 October 19:19, Tuesday, 15 October
wish XML 18:22, Tuesday, 15 October 19:07, Tuesday, 15 October
xkcd.com XML 18:28, Tuesday, 15 October 19:11, Tuesday, 15 October