as Paul McDonnell noted: this one line tells you everything you need to know about DCC’s ability to enforce the rules: ‘in some of the bags inspected previously issued litter fines were found’. Pathetic
This conceptual collection consists of eight 6:1 scale versions of classic LEGO bricks, each fully functional in one way or the other. Including eight matching photo montages, a homage to the box cover art for the classic “Legoland Space” line. Hultén – “Like most people, I was raised by Lego. For this project, I chose to work with a set of decorated bricks from the iconic 79-87 “Legoland Space” line. These were bricks that would trigger my imagination as a child. 25 years have passed, and they still trigger”ERMAHGERD (faints)
interesting, although they punt to Ceph for storage and miss out the chance to make a CRDT
I am honestly amazed the US banking system still works this way, after over a decade of rampant identity theft:
I cannot count the number of times I’ve freely given out my routing and account numbers—in emails, in webforms, in paperwork. This is because it’s necessary for other people to know my routing number and account number in order for them to send me money. But apparently, with that same information, they can also snatch money straight from my account. What kind of insane system is this? There’s two factor authentication, there’s one factor authentication, and then there’s this, which I think I can call zero factor authentication.
Cropping, scaling, and resizing images on the fly, for free, with GAE. Great service, wish AWS had something similar
App Engine API has a very useful function to extract a magic URL for serving the images when uploaded into the Cloud Storage. get_serving_url() returns a URL that serves the image in a format that allows dynamic resizing and cropping, so you don’t need to store different image sizes on the server. Images are served with low latency from a highly optimized, cookieless infrastructure.
Oh man. This is so sad:
Soriano, who had travelled to Ireland from Bogota via Panama and Paris, told customs officials that a red bag he was carrying contained a gift for banking officials which would facilitate the transfer of a $2.3m inheritance from a long-lost relative he had never heard of until recently. He was very co-operative with the officials and agreed to allow them x-ray and examine the bag. It was found to contain 1.86kg of cocaine in three packets. Sgt Finnegan said gardaí were initially sceptical that Soriano could have fallen for the scam but, as interviews went on, they became aware that there were underlying issues. Gardaí found documentation that Soriano had printed out about other phishing scams. He said that he knew they were scams but he was lonely and would respond to them for “a little bit of fun”. Sgt Finnegan said that, despite this, he remained adamant that the inheritance was still due to be claimed.Bizarrely not the first prominent surgeon to fall victim to 419 scammers.
The Wikimedia Foundation told me last month that it has been aware of people using Wikipedia Zero for file sharing for about a year, and says that there are no plans to pull out of any countries because of piracy. But that hasn’t stopped rogue Wiki users from suggesting it anyway, and members of the task force have gotten Wikimedia Bangladesh to plead with the pirates to stop contributing to an “increasingly negative perception of Bangladesh in many different sectors.”
from Peter Bourgon. Looks like a good list of what to do and what to avoid
NetHogs is a small ‘net top’ tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.
The presence of a first-class cabin, and having to walk through it to get to economy, is a triggering factor for “air rage” incidents:
As lead researcher Katherine DeCelles explained to Gizmodo, airplanes are like a miniature version of class-based society. “It’s a small world of the greater society that we live in, though one that’s greatly concentrated,” she said. Traveling by plane is stressful enough, but DeCelles believes that seating inequality on airplanes often serves as “the straw that breaks the camel’s back,” and that air rage can be partly explained and understood through the lens of social inequality.
Some good advice on Docker metadata/config from Gareth Rushgrove
Ooh, this is a great plan. :applause:
Enabling GIFEE — Google Infrastructure for Everyone Else — is a primary mission at CoreOS, and open source is key to that goal. [....] Prometheus was initially created to handle monitoring and alerting in modern microservice architectures. It steadily grew to fit the wider idea of cloud native infrastructure. Though it was not intentional in the original design, Prometheus and Kubernetes conveniently share the key concept of identifying entities by labels, making the semantics of monitoring Kubernetes clusters simple. As we discussed previously on this blog, Prometheus metrics formed the basis of our analysis of Kubernetes scheduler performance, and led directly to improvements in that code. Metrics are essential not just to keep systems running, but also to analyze and improve application behavior. All things considered, Prometheus was an obvious choice for the next open source project CoreOS wanted to support and improve with internal developers committed to the code base.
This is a great idea. I miss eating out, and this is why:
Throughout our three-hour meal, babies cried, mothers nursed, toddlers shrieked and farro grains flew, but the atmosphere was surprisingly leisurely. There was no reason to be self-conscious about a crying-nursing-dancing child because everyone knew every other parent was in the same boat. Or would be in a few seconds. So we relaxed and ate. This is not fine dining as I once knew it, and that’s O.K. That’s what date night is for. But my daughter got her first lesson in how to behave at a fancy restaurant. And I got to finish a delicious meal while it was still warm, toddler in tow.
Why do so many startups fail? Why are all the hosts on CouchSurfing male? Are we going to be tweeting for the rest of our lives? Why do Silicon Valley billionaires choose average-looking wives? What makes a startup ecosystem thrive? What do people plan to do once they’re over 35? Is an income of $160K enough to survive? What kind of car does Mark Zuckerberg drive? Are the real estate prices in Palo Alto crazy? Do welfare programs make poor people lazy? What are some of the biggest lies ever told? How do I explain Bitcoin to a 6-year-old? Why is Powdered Alcohol not successful so far? How does UberX handle vomiting in the car? Is being worth $10 million considered ‘rich’? What can be causing my upper lip to twitch? Why has crowdfunding not worked for me? Is it worth pre-ordering a Tesla Model 3? How is Clinkle different from Venmo and Square? Can karma, sometimes, be unfair? Why are successful entrepreneurs stereotypically jerks? Which Silicon Valley company has the best intern perks? What looks easy until you actually try it? How did your excretions change under a full Soylent diet? What are alternatives to online dating? Is living in small apartments debilitating? Why don’t more entrepreneurs focus on solving world hunger? What do you regret not doing when you were younger?
Bug in the “veth” driver skips TCP checksums. Reminder: app-level checksums are important
good tips from Camille Fournier
local landmark and significant chunk of Dublin history. I like this one:
Another odd thing was that people from Dublin had to be buried before noon. This was due to the fact that many funerals stopping at the gate would end up so late in the pub the gates would be closed. A number of times the sextant would open up in the morning to find a coffin or two aganst the gates. For years I thought this was made up but it turns out to be true. A friend had a copy of the cemetary bye laws from (I think) around 1908 and it was in there. I think the rule was if you lived within 7 miles of the GPO you had to be buried before 12 noon.
Results: We obtained 20?882 survey responses (94?606 preferences) from 27 EU member countries. Respondents recognized the benefits of storing electronic health information, with 75.5%, 63.9%, and 58.9% agreeing that storage was important for improving treatment quality, preventing epidemics, and reducing delays, respectively. Concerns about different levels of access by third parties were expressed by 48.9% to 60.6% of respondents. On average, compared to devices or systems that only store basic health status information, respondents preferred devices that also store identification data (coefficient/relative preference 95% CI?=?0.04 [0.00-0.08], P?=?0.034) and information on lifelong health conditions (coefficient?=?0.13 [0.08 to 0.18], P?< ?0.001), but there was no evidence of this for devices with information on sensitive health conditions such as mental and sexual health and addictions (coefficient?=??0.03 [?0.09 to 0.02], P?=?0.24). Respondents were averse to their immediate family (coefficient?=??0.05 [?0.05 to ?0.01], P?=?0.011) and home care nurses (coefficient?=??0.06 [?0.11 to ?0.02], P?=?0.004) viewing this data, and strongly averse to health insurance companies (coefficient?=??0.43 [?0.52 to 0.34], P?0.001), private sector pharmaceutical companies (coefficient?=??0.82 [?0.99 to ?0.64], P?0.001), and academic researchers (coefficient?=??0.53 [?0.66 to ?0.40], P?0.001) viewing the data. Conclusions: Storing more detailed electronic health data was generally preferred, but respondents were averse to wider access to and sharing of this information. When developing frameworks for the use of electronic health data, policy makers should consider approaches that both highlight the benefits to the individual and minimize the perception of privacy risks.Via Antoin.
Michael “evertype” Everson in the news!
man, I wish I had this 30 years ago. now I know what stuff I need to get to make my occasional solders less of a PITA
“SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions’ back-offices, PCs or workstations connected to their local interface to the SWIFT network,” the group warned customers on Monday in a notice seen by Reuters.Ouch. They seem to be indicating that they’re all phishing/impersonation-based attacks.
I have two cyborg implants. One is in my hand, and it lets my unlock phones and doors by waving at them. The other is in my uterus, and it lets me control my own fertility.
Amazing deep dive into the graphic design of 1980s sci-fi classic, Alien, in particular Ron Cobb’s_Semiotic Standard For All Commercial Trans-Stellar Utility Lifter And Heavy Element Transport Spacecraft_ and its application aboard the Weylan-Yutani Nostromo
As I’ll explain, messenger apps’ apparent success in fulfilling such a surprising array of tasks does not owe to the triumph of “conversational UI.” What they’ve achieved can be much more instructively framed as an adept exploitation of Silicon Valley phone OS makers’ growing failure to fully serve users’ needs, particularly in other parts of the world. Chat apps have responded by evolving into “meta-platforms.” Many of the platform-like aspects they’ve taken on to plaster over gaps in the OS actually have little to do with the core chat functionality. Not only is “conversational UI” a red herring, but as we look more closely, we’ll even see places where conversational UI has breached its limits and broken down.
Great writeup of a practical pen test. Those crappy proprietary appliances that get set up “so the CEO can read his email on the road” etc. are always a weak spot
EC up to its old anti-competitive tricks:
The European Commission is surprisingly coy about what exactly ['open'] means in this context. It is only on the penultimate page of the ICT Standardisation Priorities document that we finally read the following key piece of information: “ICT standardisation requires a balanced IPR [intellectual property rights] policy, based on FRAND licensing terms.” It’s no surprise that the Commission was trying to keep that particular detail quiet, because FRAND licensing—the acronym stands for “fair, reasonable, and non-discriminatory”—is incompatible with open source, which will therefore find itself excluded from much of the EU’s grand new Digital Single Market strategy. That’s hardly a “balanced IPR policy.”
Great, great post from Amilia St. John, responding to the offensive sexist crap spewed by her father, Alex St. John
The history of this is fascinating:
Today’s pirate libraries have their roots in the work of Russian academics to digitize texts in the 1990s. Scholars in that part of the world had long had a thriving practice of passing literature and scientific information underground, in opposition to government censorship—part of the samizdat culture, in which banned documents were copied and passed hand to hand through illicit channels. Those first digital collections were passed freely around, but when their creators started running into problems with copyright, their collections “retreated from the public view,” writes Balázs Bodó, a piracy researcher based at the University of Amsterdam. “The text collections were far too valuable to simply delete,” he writes, and instead migrated to “closed, membership-only FTP servers.” [....] There’s always been osmosis within the academic community of copyrighted materials from people with access to scholar without. “Much of the life of a research academic in Kazakhstan or Iran or Malaysia involves this informal diffusion of materials across the gated walls of the top universities,” he says.
Clumping the data from all six heights together, the Dyson produced 60 times more plaques than the warm air dryer and 1,300 times more than paper towels. Of the viruses launched by the jet dryer, 70 percent were at the height of a small child’s face.(vomit)
The original post is pretty mediocre — a search engine which handles a corpus of “thousands” of plasmids from “a scientist’s personal library”, and which doesn’t handle fuzzy matches? I think that’s called grep — but the HN comments are good
Prepaid talk+text+data or data-only mobile SIM cards, delivered to your home or hotel, prior to visiting the US. great service for temporary US business visits
The better solution is never to pipe untrusted data streams into bash. If you still want to run untrusted bash scripts a better approach is to pipe the contents of URL into a file, review the contents on disk and only then execute it.
Fascinating article on lullabies:
One way a mother might bond with a newborn is by sharing her joy; another way is by sharing her grief or frustration. We see this in songs across time. A 200-year-old Arabic lullaby still sung today goes: I am a stranger, and my neighbors are strangers; I have no friends in this world. Winter night and the husband is absent. And an old Spanish lullaby from Asturias, written down by the poet Federico García Lorca, goes: This little boy clinging so Is from a lover, Vitorio, May God, who gave, end my woe, Take this Vitorio clinging so. We assume the sound of these songs is sweet, as no lullaby endures without being effective at putting babies to sleep. Think of ‘‘Rock-a-bye Baby,’’ the way it tenderly describes an infant and its cradle falling to the ground: The singer gets to speak a fear, the baby gets to rest; the singer tries to accommodate herself to a possible loss that has for most of human history been relatively common, and the baby gets attentive care. In the Arabic and Spanish lullabies, the singers get to say something to the one being — their new burden, their new love — who can’t and won’t judge or discipline them for saying it. When even relatively happy, well-supported people become the primary caretaker of a very small person, they tend to find themselves eddied out from the world of adults. They are never alone — there is always that tiny person — and yet they are often lonely. Old songs let us feel the fellowship of these other people, across space and time, also holding babies in dark rooms.
lovely art via This Is Colossal
The AWS edge network has points of presence in more than 50 locations. Today, it is used to distribute content via Amazon CloudFront and to provide rapid responses to DNS queries made to Amazon Route 53. With today’s announcement, the edge network also helps to accelerate data transfers in to and out of Amazon S3. It will be of particular benefit to you if you are transferring data across or between continents, have a fast Internet connection, use large objects, or have a lot of content to upload. You can think of the edge network as a bridge between your upload point (your desktop or your on-premises data center) and the target bucket. After you enable this feature for a bucket (by checking a checkbox in the AWS Management Console), you simply change the bucket’s endpoint to the form BUCKET_NAME.s3-accelerate.amazonaws.com. No other configuration changes are necessary! After you do this, your TCP connections will be routed to the best AWS edge location based on latency. Transfer Acceleration will then send your uploads back to S3 over the AWS-managed backbone network using optimized network protocols, persistent connections from edge to origin, fully-open send and receive windows, and so forth.
Earlier this year, I asked a question on Stack Overflow about a data structure for loaded dice. Specifically, I was interested in answering this question: “You are given an n-sided die where side i has probability pi of being rolled. What is the most efficient data structure for simulating rolls of the die?” This data structure could be used for many purposes. For starters, you could use it to simulate rolls of a fair, six-sided die by assigning probability 1616 to each of the sides of the die, or a to simulate a fair coin by simulating a two-sided die where each side has probability 1212 of coming up. You could also use this data structure to directly simulate the total of two fair six-sided dice being thrown by having an 11-sided die (whose faces were 2, 3, 4, …, 12), where each side was appropriately weighted with the probability that this total would show if you used two fair dice. However, you could also use this data structure to simulate loaded dice. For example, if you were playing craps with dice that you knew weren’t perfectly fair, you might use the data structure to simulate many rolls of the dice to see what the optimal strategy would be. You could also consider simulating an imperfect roulette wheel in the same way. Outside the domain of game-playing, you could also use this data structure in robotics simulations where sensors have known failure rates. For example, if a range sensor has a 95% chance of giving the right value back, a 4% chance of giving back a value that’s too small, and a 1% chance of handing back a value that’s too large, you could use this data structure to simulate readings from the sensor by generating a random outcome and simulating the sensor reading in that case. The answer I received on Stack Overflow impressed me for two reasons. First, the solution pointed me at a powerful technique called the alias method that, under certain reasonable assumptions about the machine model, is capable of simulating rolls of the die in O(1)O(1) time after a simple preprocessing step. Second, and perhaps more surprisingly, this algorithm has been known for decades, but I had not once encountered it! Considering how much processing time is dedicated to simulation, I would have expected this technique to be better- known. A few quick Google searches turned up a wealth of information on the technique, but I couldn’t find a single site that compiled together the intuition and explanation behind the technique.(via Marc Brooker)
Paraphrasing: “I have made a massive mess of US foreign policy and the whole world is falling apart. Have you fixed it for me yet?” Right in the middle of the biggest Middle Eastern shitstorm ever created, April 7, 2003. Heck of a job, Rummie
The new password may have been used elsewhere, and attackers can exploit this too. The new password is also more likely to be written down, which represents another vulnerability. New passwords are also more likely to be forgotten, and this carries the productivity costs of users being locked out of their accounts, and service desks having to reset passwords. It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack. What appeared to be a perfectly sensible, long-established piece of advice doesn’t, it turns out, stand up to a rigorous, whole-system analysis. CESG now recommend organisations do not force regular password expiry.
good rules of thumb for variable naming, from ex-coworker Jacob Gabrielson
According to technical reports by the Royal Canadian Mounted Police that were filed in court, law enforcement intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe. The report doesn’t disclose exactly where the key — effectively a piece of code that could break the encryption on virtually any BlackBerry message sent from one device to another — came from. But, as one police officer put it, it was a key that could unlock millions of doors. Government lawyers spent almost two years fighting in a Montreal courtroom to keep this information out of the public record.
Ouch, multi-region outage:
At 14:50 Pacific Time on April 11th, our engineers removed an unused GCE IP block from our network configuration, and instructed Google’s automated systems to propagate the new configuration across our network. By itself, this sort of change was harmless and had been performed previously without incident. However, on this occasion our network configuration management software detected an inconsistency in the newly supplied configuration. The inconsistency was triggered by a timing quirk in the IP block removal – the IP block had been removed from one configuration file, but this change had not yet propagated to a second configuration file also used in network configuration management. In attempting to resolve this inconsistency the network management software is designed to ‘fail safe’ and revert to its current configuration rather than proceeding with the new configuration. However, in this instance a previously-unseen software bug was triggered, and instead of retaining the previous known good configuration, the management software instead removed all GCE IP blocks from the new configuration and began to push this new, incomplete configuration to the network. One of our core principles at Google is ‘defense in depth’, and Google’s networking systems have a number of safeguards to prevent them from propagating incorrect or invalid configurations in the event of an upstream failure or bug. These safeguards include a canary step where the configuration is deployed at a single site and that site is verified to still be working correctly, and a progressive rollout which makes changes to only a fraction of sites at a time, so that a novel failure can be caught at an early stage before it becomes widespread. In this event, the canary step correctly identified that the new configuration was unsafe. Crucially however, a second software bug in the management software did not propagate the canary step’s conclusion back to the push process, and thus the push system concluded that the new configuration was valid and began its progressive rollout.
Rendezvous or Highest Random Weight (HRW) hashing is an algorithm that allows clients to achieve distributed agreement on a set of k options out of a possible set of n options. A typical application is when clients need to agree on which sites (or proxies) objects are to assigned to. When k is 1, it subsumes the goals of consistent hashing, using an entirely different method.
[LinkedIn] are proud to announce today that we are open sourcing Dr. Elephant, a powerful tool that helps users of Hadoop and Spark understand, analyze, and improve the performance of their flows.neat, although I’ve been bitten too many times by LinkedIn OSS release quality at this point to jump in….
Foursquare on hiring. ‘we forgo technical phone interviews whenever possible. They’re typically unpleasant for everyone involved and we felt like the environment of a phone screen wasn’t conducive to learning about a candidate’s abilities comprehensively. Instead we give out a take-home exercise that takes about three hours.’
‘AWS Assume Made Awesome’ — ‘Here are Trek10, we work with many clients, and thus work with multiple AWS accounts on a regular (daily) basis. We needed a way to make managing all our different accounts easier. We create a standard Trek10 administrator role in our clients’ accounts that we can assume. For security we require that the role assumer have multifactor authentication enabled.’
‘I would strongly encourage you to avoid repeating the mistakes of testing methodologies that focus entirely on max achievable throughput and then report some (usually bogus) latency stats at those max throughout modes. The techempower numbers are a classic example of this in play, and while they do provide some basis for comparing a small aspect of behavior (what I call the “how fast can this thing drive off a cliff” comparison, or “pedal to the metal” testing), those results are not very useful for comparing load carrying capacities for anything that actually needs to maintain some form of responsiveness SLA or latency spectrum requirements.’ Some excellent advice here on how to measure and represent stack performance. Also: ‘DON’T use or report standard deviation for latency. Ever. Except if you mean it as a joke.’
Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC). While initial reports have downplayed the impact of the leak, our investigations showed a huge number of sensitive personally identifiable information (PII)–including passport information and fingerprint data–were included in the data dump. [....] Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible to everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and a list of people running for office since the 2010 elections. In addition, among the data leaked were files on all candidates running on the election with the filename VOTESOBTAINED. Based on the filename, it reflects the number of votes obtained by the candidate. Currently, all VOTESOBTAINED file are set to have NULL as figure.
Excellent data on abusive commenters
The saddest superhero ever
Legendary Mulley tweetstorm on startup culture
voluminous! still looks great, looking forward to reading our copy (via Tony Finch)
‘Koyannistocksi is a shot-by-shot remake of the trailer for Godfrey Reggio’s Koyaanisqatsi using only stock footage. A testament to Reggio’s influence on contemporary motion photography, and the appropriation of his aesthetic by others for commercial means.’ Nailed it. This is why I find it hard to watch Koyaanisqatsi nowadays — its imagery and style have been stolen by so many other filmmakers.
A forensic examination found that the generator had code that was installed after the machine had been audited by a security firm that directed the generator not to produce random numbers on three particular days of the year if two other conditions were met. Numbers on those days would be drawn by an algorithm that Tipton could predict [...] All six prizes linked to Tipton were drawn on either Nov. 23 or Dec. 29 between 2005 and 2011.
I would only recommend 3d printing to someone who wanted a hobby, and wanted that hobby to be 3d printing, not “having parts made on a 3d printer”. The printing itself is the activity. If you have any other primary motivation your parts will fail more often than they’ll succeed.(via burritojustice)
I think this a bit of a legal issue for MaxMind:
The trouble for the Taylor farm started in 2002, when a Massachusetts-based digital mapping company called MaxMind decided it wanted to provide “IP intelligence” to companies who wanted to know the geographic location of a computer to, for example, show the person using it relevant ads or to send the person a warning letter if they were pirating music or movies.
GCHQ barged in after spooks cast their eyes over the plans and realised that power companies were proposing to use a single decryption key for communications from the 53 million smart meters that will eventually be installed in the UK.holy crap.
The breach, which allowed registered users to view names, addresses, email addresses and phone numbers of other people registered on the site, was brought to the attention of the authority on Sunday night. In a statement to TheJournal.ie, the IAA revealed it was aware of four users who downloaded the file.
Advantages/disavantages section right at the bottom is good.
ECS, believe it or not, is one of the simplest Schedulers out there. Most of the other alternatives I’ve tried offer all sorts of fancy bells & whistles, but they are either significantly more complicated to understand (lots of new concepts), take too much effort to set up (lots of new technologies to install and run), are too magical (and therefore impossible to debug), or some combination of all three. That said, ECS also leaves a lot to be desired.
up to 2 years imprisonment for use of apps for encrypted communication
we have now about 100 salt-minions which are installed in remote areas with 3G and satellite connections. We loose connectivity with all of those minions in about 1-2 days after installation, with test.ping reporting “minion did not return”. The state was each time that the minions saw an ESTABLISHED TCP connection, while on the salt-master there were no connection listed at all. (Yes that is correct). Tighter keepalive settings were tried with no result. (OS is linux) Each time, restarting the salt-minion fixes the problem immediately. Obviously the connections are transparently proxied someplace, (who knows what happens with those SAT networks) so the whole tcp-keepalive mechanism of 0mq fails.Also notes in the thread that the default TCP timeout for Azure Load Balancer is 4 minutes: https://azure.microsoft.com/en-us/blog/new-configurable-idle-timeout-for-azure-load-balancer/ . The default Linux TCP keepalive doesn’t send until 2 hours after last connection use, and it’s a system-wide sysctl (/proc/sys/net/ipv4/tcp_keepalive_time). Further, http://networkengineering.stackexchange.com/questions/7207/why-bgp-implements-its-own-keepalive-instead-of-using-tcp-keepalive notes “some firewalls filter TCP keepalives”.
Whenever I’ve had to talk about bias in algorithms, I’ve tried be careful to emphasize that it’s not that we shouldn’t use algorithms in search, recommendation and decision making. It’s that we often just don’t know how they’re making their decisions to present answers, make recommendations or arrive at conclusions, and it’s this lack of transparency that’s worrisome. Remember, algorithms aren’t just code. What’s also worrisome is the amplifier effect. Even if “all an algorithm is doing” is reflecting and transmitting biases inherent in society, it’s also amplifying and perpetuating them on a much larger scale than your friendly neighborhood racist. And that’s the bigger issue. [...] even if the algorithm isn’t creating bias, it’s creating a feedback loop that has powerful perception effects.
More adventures in debugging the Linux kernel:
You can’t have a very large number of bound TCP sockets and we learned that the hard way. We learned a bit about the Linux networking stack: the fact that LHTABLE is fixed size and is hashed by destination port only. Once again we showed a couple of powerful of System Tap scripts.
git for Cloud Storage. Create distributed, decentralized and versioned repositories that scale infinitely to 100s of millions of files and PBs of storage. Huge repos can be cloned on your local SSD for making changes, committing and pushing back. Oh yeah, and it dedupes too due to BLAKE2 Tree hashing. http://s3git.org
‘We present the cryptographic hash function BLAKE2, an improved version of the SHA-3 finalist BLAKE optimized for speed in software. Target applications include cloud storage, intrusion detection, or version control systems. BLAKE2 comes in two main flavors: BLAKE2b is optimized for 64-bit platforms, and BLAKE2s for smaller architectures. On 64-bit platforms, BLAKE2 is often faster than MD5, yet provides security similar to that of SHA-3. We specify parallel versions BLAKE2bp and BLAKE2sp that are up to 4 and 8 times faster, by taking advantage of SIMD and/or multiple cores. BLAKE2 has more benefits than just speed: BLAKE2 uses up to 32% less RAM than BLAKE, and comes with a comprehensive tree-hashing mode as well as an efficient MAC mode.’
HubSpot’s CEO and co-founder, Brian Halligan, explained to the New York Times that this age imbalance was not something he wanted to remedy, but in fact something he had actively cultivated. HubSpot was “trying to build a culture specifically to attract and retain Gen Y’ers,” because, “in the tech world, gray hair and experience are really overrated,” Halligan said. I gasped when I read that. Could anyone really believe this? Even if you did believe this, what CEO would be foolish enough to say it out loud? It was akin to claiming that you prefer to hire Christians, or heterosexuals, or white people. I assumed an uproar would follow. As it turned out, nobody at HubSpot saw this as a problem. Halligan didn’t apologize for his comments or try to walk them back. The lesson I learned is that when it comes to race and gender bias, the people running Silicon Valley at least pay lip service to wanting to do better — but with age discrimination they don’t even bother to lie.
FFS. Fine Gael government sells off more of our national assets for cheap:
Mr John O’Sullivan, chief executive of Bioatlantis Ltd in Co Kerry called on the Oireachtas environment committee to investigate the sale, or ask the Oireachtas public accounts committee to do so. Mr O’Sullivan said that his company had made a bid of €5.7 million for Arramara, comprising €1.5 million initially and €4.2 million in the post-investment phase, and had been given just 12 days to prepare the bid. He understood that two foreign companies – the Canadian Acadian Seaplants and French company Setalg – had been given over a year to prepare their bids. He said that Acadian’s bid was €1.8 million, and the French bid was €2 million, for initial purchase, and that the rating was “changed” when the final bids were in. No details had been released and the lack of transparency was “frightening” in relation to the final sale, he said.
Comprehensive surveillance appears as seemingly inexpensive because it is a solution that scales thanks to technology: troubleshooting at the press of a button. Directly linked with the aim of saving more and more, just as with the State in general. But classic investigative work, which is proven to work, is expensive and labor intensive. This leads to a failure by the authorities because of a faith in technology that is driven by economics.
A really excellent list of stuff to do/see/eat/drink in Ireland, from Colin @ 3FE. top notch recommendations! (also, god I need to get out more)
EFF weigh in on the internet of shit:
Customers likely didn’t expect that, 18 months after the last Revolv Hubs were sold, instead of getting more upgrades, the device would be intentionally, permanently, and completely disabled. …. Nest Labs and Google are both subsidiaries of Alphabet, Inc., and bricking the Hub sets a terrible precedent for a company with ambitions to sell self-driving cars, medical devices, and other high-end gadgets that may be essential to a person’s livelihood or physical safety.
Ever since the introduction of the Primary Online Database of schoolchildren by the Department of Education, the Department and its Minister have been eager to point out that any parent who refused to allow a child’s data to be transferred would see that child’s education defunded. Well, for all children other than this week’s crop of new Junior Infants, that threat has now collapsed. This is despite the Minister and her department having claimed that the drastic threat of defunding was because it simply wasn’t possible to give grants without a child’s full data being transferred. [...] Oddly, as the prospect of defunding the education of 30% of the nation’s children in the run up to an election loomed large, the Department discovered it could, after all, pay for a child’s education without all its POD data.
“Site Reliability Engineering: How Google Runs Production Systems”, by Chris Jones, Betsy Beyer, Niall Richard Murphy, Jennifer Petoff. Go Niall!
Google is making customers’ existing devices useless, less than 2 years after the devices were available for sale, with only 2 months warning. This is one of the reasons I won’t spend money on the Internet Of Things shitshow. ‘”Which hardware will Google choose to intentionally brick next?” asks Arlo Gilbert. “If they stop supporting Android will they decide that the day after warranty expires that your phone will go dark? Is your Nexus device safe? What about your Nest fire alarm? What about your Dropcam? What about your Chromecast device?”‘
“A command injection vulnerability exists in this function due to a lack of any sanitisation on the user-supplied input that is fed to the system() call,” Lawshae says.:facepalm:
whoa, pretty heavily engineered scalable counting system with Kafka, RocksDB and Kubernetes
wow, looks like Nest is fucked:
As a Nest engineer, I won’t say any numbers that aren’t public, but this company is already on deathwatch. Once that happens, most people will quickly have shiny paperweights because it’s a constant firefight keeping these systems up. We have $340M in revenue, not profit, against a ~$500M budget. No new products since the purchase, and sales/growth numbers are dire. Our budget deal expires soon, and all the good engineers on my teams have discreetly indicated they are going to flee once their golden handcuffs unlock (many have already left despite sacrificing a lot of money to do so). Tony and his goons demand crazy timelines so much that “crunch time” has basically lost meaning. Just when your labor bears fruit, they swoop in, 180 the specs you just delivered on, then have the gall to call your team “incompetent” for not reading their mind and delivering on these brand-new specs. I waste most of my time in pointless meetings, or defending my teams so they don’t flip their desks and walk out. People fall asleep in corners and cry in the bathrooms, health and marriages are suffering. Already the churn is insane, close to half the company if not more. Skilled engineers can tell the environment is toxic, so we’re filling vacancies with mostly sub-par talent.
Publish JVM and Android libraries direct from github — it’ll build and package a lib on the fly, caching them via CDN
ughh. The latest scourge is Zopiclone, “zimmos”, which are being dealt openly due to a bureaucratic loophole in enforcement.
Mind = blown.
MIT biological engineers have created a programming language that allows them to rapidly design complex, DNA-encoded circuits that give new functions to living cells. Using this language, anyone can write a program for the function they want, such as detecting and responding to certain environmental conditions. They can then generate a DNA sequence that will achieve it. “It is literally a programming language for bacteria,” says Christopher Voigt, an MIT professor of biological engineering. “You use a text-based language, just like you’re programming a computer. Then you take that text and you compile it and it turns it into a DNA sequence that you put into the cell, and the circuit runs inside the cell.”
yay. On the other hand — http://www.thecaucus.net/#/content/caucus/tech_blog/516 is a good explanation of why not to adopt it. Pity GitHub haven’t made it a per-review option…
Dynamic tracing tools for Linux, a la dtrace, ktrace, etc. Built using BPF, using kernel features in the 4.x kernel series, requiring at least version 4.1 of the kernel
Wow, this is significant:
At the end of last week, the White House published a draft for a Source Code Policy. The policy requires every public agency to publish their custom-build software as Free Software for other public agencies as well as the general public to use, study, share and improve the software. At the Free Software Foundation Europe (FSFE) we believe that the European Union, and European member states should implement similar policies. Therefore we are interested in your feedback to the US draft.
‘used most commonly when coding integers whose upper-bound cannot be determined beforehand.’
The big thing that can be gleaned from the latest paper out of Google on its container controllers is that the shift from bare metal to containers is a profound one – something that may not be obvious to everyone seeking containers as a better way – and we think cheaper way – of doing server virtualization and driving up server utilization higher. Everything becomes application-centric rather than machine-centric, which is the nirvana that IT shops have been searching for. The workload schedulers, cluster managers, and container controllers work together to get the right capacity to the application when it needs it, whether it is a latency-sensitive job or a batch job that has some slack in it, and all that the site recovery engineers and developers care about is how the application is performing and they can easily see that because all of the APIs and metrics coming out of them collect data at the application level, not on a per-machine basis. To do this means adopting containers, period. There is no bare metal at Google, and let that be a lesson to HPC shops or other hyperscalers or cloud builders that think they need to run in bare metal mode.
It turns out that you’ll get wet 3 times more often if you’re a Galway cyclist when compared to a Dubliner. Dublin is Ireland’s driest cycling city.Some good data and visualization on this extremely important issue
It not only runs over HTTP, it also sends your password to a bunch of third-party ad trackers. omgwtfbbqfail
‘First published 50 years ago, this first-hand account by the father of the future taoiseach Garrett FitzGerald created a storm by claiming that the rebel leaders sympathetically discussed the likelihood of the Germans putting a prince of their own on the Irish throne.’ This is amazing — the dispair and confusion is palpable. This is the first realistic-sounding account of what went on inside the GPO during the Easter Rising I’ve read, and the “German prince” gambit is pretty astonishing too.
neat trick — using DD-WRT’s arp tables and a cron job to detect presence of wifi devices (e.g. phones) and take action based on that. By using https://ifttt.com/maker , it should be feasible to wire up any IFTTT action when a device connects to my home wifi…
quite a reasonable position, I think
DST strikes again:
The failure of the ParkbyText system, operated by National Controlled Parking Systems (NCPS), was described by one employee contacted by a midlands motorist unable to pay for his parking at a train station as a “Y2K moment”. The system failure caused early morning panic for thousands of drivers who tried unsuccessfully to use text messages or an app to pay for their parking ahead of returning to work after the bank holiday weekend.Impact was that they had to stop enforcement until the day passed, I think.
Lovely Bootstrap-based UI, easy to install (via Mark Kenny)
Allegedly, Truecrypt, the disk encryption tool, was written by a multi-millionaire international arms dealer and criminal kingpin. Hell of an assertion, this!
This is excellent research, spot on.
Elizabeth Stoycheff, lead researcher of the study and assistant professor at Wayne State University, is disturbed by her findings. “So many people I’ve talked with say they don’t care about online surveillance because they don’t break any laws and don’t have anything to hide. And I find these rationales deeply troubling,” she said. She said that participants who shared the “nothing to hide” belief, those who tended to support mass surveillance as necessary for national security, were the most likely to silence their minority opinions. “The fact that the ‘nothing to hide’ individuals experience a significant chilling effect speaks to how online privacy is much bigger than the mere lawfulness of one’s actions. It’s about a fundamental human right to have control over one’s self-presentation and image, in private, and now, in search histories and metadata,” she said.
pretty sure I had this bookmarked previously, but this is the current URL — SSL/TLS quality report
Interesting to me mainly for this tidbit which makes my own prejudices:
“Pull” vs “push” in metrics collection: At the time of our previous blog post, all our metrics were collected by “pulling” from our collection agents. We discovered two main issues: * There is no easy way to differentiate service failures from collection agent failures. Service response time out and missed collection request are both manifested as empty time series. * There is a lack of service quality insulation in our collection pipeline. It is very difficult to set an optimal collection time out for various services. A long collection time from one single service can cause a delay for other services that share the same collection agent. In light of these issues, we switched our collection model from “pull” to “push” and increased our service isolation. Our collection agent on each host only collects metrics from services running on that specific host. Additionally, each collection agent sends separate collection status tracking metrics in addition to the metrics emitted by the services. We have seen a significant improvement in collection reliability with these changes. However, as we moved to self service push model, it becomes harder to project the request growth. In order to solve this problem, we plan to implement service quota to address unpredictable/unbounded growth.
Pat McKenzie’s name is too long to fit in Japanese database schemas; Janice Keihanaikukauakahihulihe’ekahaunaele’s name was too long for US schemas; and Jennifer Null suffers from the obvious problem
We’ve recently added video streaming service to Mail.Ru Cloud. Development started with contemplating the new feature as an all-purpose “Swiss Army knife” that would both play files of any format and work on any device with the Cloud available. Video content uploaded to the Cloud mostly falls into one of the two categories: “movies/series” and “users’ videos”. The latter are the videos that users shoot with their phones and cameras, and these videos are most versatile in terms of formats and codecs. For many reasons, it is often a problem to watch these videos on other end-user devices without prior normalization: a required codec is missing, or the file size is too big to download, or whatever.Mainly around using HLS (HTTP Live Streaming).
The international impact of the Easter Rising has rarely been acknowledged. This rebellion did not only rattle British rule in Ireland — it inspired radical movements in Britain itself and across the globe, and it shook colonial rulers and states worldwide.
nice java impl of this efficient data structure, broken out from Project Reactor
hand-injecting an entirely different game into Super Mario World on the SNES by exploiting buffer overflows BY HAND. this is legendary behaviour
built-in support for CI/CD deployment pipelines, driven from a checked-in DSL file. great stuff, very glad to see them going this direction. (via Eric)
All machine learning algorithms strive to exaggerate and perpetuate the past. That is, after all, what they are learning from. The fundamental assumption of every machine learning algorithm is that the past is correct, and anything coming in the future will be, and should be, like the past. This is a fine assumption to make when you are Netflix trying to predict what movie you’ll like, but is immoral when applied to many other situations. For bots like mine and Microsoft’s, built for entertainment purposes, it can lead to embarrassment. But AI has started to be used in much more meaningful ways: predictive policing in Chicago, for example, has already led to widespread accusations of racial profiling. This isn’t a little problem. This is a huge problem, and it demands a lot more attention then it’s getting now, particularly in the community of scientists and engineers who design and apply these algorithms. It’s one thing to get cursed out by an AI, but wholly another when one puts you in jail, denies you a mortgage, or decides to audit you.
But ECDSA private keys don’t trigger the same protective instincts that we’d apply to, say, a bar of gold. One sequence of 256 random bits looks just as worthless as any other. And the cold hard unforgeability of these keys means we can’t rely upon other humans to get our money back when we lose them. Plus, we have no experience at all with things that grow in value by four orders of magnitude, without any attention, in just three years. So we have a cryptocurrency-tool UX task in front of us: to avoid mistakes like the one we made, we must to either move these digital assets into solid-feeling physical containers, or retrain our perceptions to attach value to the key strings themselves.
useful bookmark to have (via Nelson)
Neat manual timing attack.
An investigator for the Connecticut Lottery determined that terminal operators could slow down their lottery machines by requesting a number of database reports or by entering several requests for lottery game tickets. While those reports were being processed, the operator could enter sales for 5 Card Cash tickets. Before the tickets would print, however, the operator could see on a screen if the tickets were instant winners. If tickets were not winners, the operator could cancel the sale before the tickets printed.
A microservice saviour appears! In order to prevent such a terrible tragedy from occurring ever again during our lifetimes, `left-pad.io` has been created to provide all the functionality of `left-pad` AND the overhead of a TLS handshake and an HTTP request. Less code is better code, leave the heavy lifting to `left-pad.io`, The String Experts™.
Now this is a BIG thumbs up:
‘Prometheus has been known to us for a while, and we have been tracking it and reading about the active development, and at a point (a few months back) we decided to start evaluating it for production use. The PoC results were incredible. The monitoring coverage of MySQL was amazing, and we also loved the JMX monitoring for Cassandra, which had been sorely lacking in the past.’
‘if you tell her “repeat after me” she will parrot back whatever you say, allowing you to put words into her mouth.’what. the. fuck. Microsoft.
If you have a million npm dependencies, distribute them in the dist package; aka. omnibus packages for JS
Based on the pain we’ve had trying to bring our Rails services up to the quality levels required, this looks pretty accurate in many respects. I’d augment this advice by saying: avoid RVM; use Docker.
‘VPC is the future and it is awesome, and unless you have some VERY SPECIFIC AND CONVINCING reasons to do otherwise, you should be spinning up a VPC per environment with orchestration and prob doing it from CI on every code commit, almost like it’s just like, you know, code.’
Wikimedia and Facebook have given Angolans free access to their websites, but not to the rest of the internet. So, naturally, Angolans have started hiding pirated movies and music in Wikipedia articles and linking to them on closed Facebook groups, creating a totally free and clandestine file sharing network in a country where mobile internet data is extremely expensive.
This is a great point, and one I’ll be quoting:
Any design that is hard to test is crap. Pure crap. Why? Because if it’s hard to test, you aren’t going to test it well enough. And if you don’t test it well enough, it’s not going to work when you need it to work. And if it doesn’t work when you need it to work the design is crap.Amen!
Radiocarbon dating shows that the bones discovered at McCuaig’s go back to about 2000 B.C. That makes them hundreds of years older than the oldest artifacts generally considered to be Celtic — relics unearthed from Celt homelands of continental Europe, most notably around Switzerland, Austria and Germany. For a group of scholars who in recent years have alleged that the Celts, beginning from the middle of Europe, may never have reached Ireland, the arrival of the DNA evidence provides the biological certitude that the science has sometimes brought to criminal trials. “With the genetic evidence, the old model [of Celtic colonisation of Ireland] is completely shot,” John Koch, a linguist at the Center for Advanced Welsh and Celtic Studies at the University of Wales.
Good to know:
‘GCM delivery receipts don’t have an SLA at this time. Having your connection open longer will increase the odds that delivery receipts will arrive. 10 seconds seems a bit short. I’m glad it works. I would recommend longer like 10 min or an hour. The real design of this system is for persistent connections, hence connections that setup and tear down frequently will have difficulty receiving delivery receipts.’
Basic phishing: ‘Collins hacked over 100 people by sending emails that looked like they came from Apple and Google, such as [email protected],” [email protected],” and [email protected] According to the government, Collins asked for his victims’ iCloud or Gmail usernames and passwords and “because of the victims’ belief that the email had come from their [Internet Service Providers], numerous victims responded by giving [them].”’
The Internet is structured to be an open communications medium. This openness is one of the key underpinnings of Internet innovation, but it can also allow communications that may be viewed as undesirable by certain parties. Thus, as the Internet has grown, so have mechanisms to limit the extent and impact of abusive or objectionable communications. Recently, there has been an increasing emphasis on “blocking” and “filtering”, the active prevention of such communications. This document examines several technical approaches to Internet blocking and filtering in terms of their alignment with the overall Internet architecture. When it is possible to do so, the approach to blocking and filtering that is most coherent with the Internet architecture is to inform endpoints about potentially undesirable services, so that the communicants can avoid engaging in abusive or objectionable communications. We observe that certain filtering and blocking approaches can cause unintended consequences to third parties, and we discuss the limits of efficacy of various approaches.(via Tony Finch)
‘There are three easy to make mistakes in go. I present them here in the way they are often found in the wild, not in the way that is easiest to understand. All three of these mistakes have been made in Kubernetes code, getting past code review at least once each that I know of.’
This study found that purebred dogs have a significantly greater risk of developing many of the hereditary disorders examined in this study. No, mixed breed dogs are not ALWAYS healthier than purebreds; and also, purebreds are not “as healthy” as mixed breed dogs. The results of this study will surprise nobody who understands the basics of Mendelian inheritance. Breeding related animals increases the expression of genetic disorders caused by recessive mutations, and it also increases the probability of producing offspring that will inherit the assortment of genes responsible for a polygenic disorder.In conclusion, go mutts.
Good interview with Demis Hassabis on DeepMind, AlphaGo and AI:
I’d like to see AI-assisted science where you have effectively AI research assistants that do a lot of the drudgery work and surface interesting articles, find structure in vast amounts of data, and then surface that to the human experts and scientists who can make quicker breakthroughs. I was giving a talk at CERN a few months ago; obviously they create more data than pretty much anyone on the planet, and for all we know there could be new particles sitting on their massive hard drives somewhere and no-one’s got around to analyzing that because there’s just so much data. So I think it’d be cool if one day an AI was involved in finding a new particle.
Good post on Dublin City Council’s atrociously revisionist 1916-commemoration banner, celebrating Henry Grattan, Daniel O’Connell, Charles Stewart Parnell and John Redmond:
The banner is not showing parliamentary nationalists who might be included in a history of 1916 (Redmond might have been joined by John Dillon and Tom Kettle, for instance), but displaying the parliamentarian tradition in Irish political history. The people chosen all worked for change via political means, whether obtaining an independent Irish parliament from 1782-1801 (Grattan), working for Catholic Emancipation (Grattan and O’Connell), land reform (Parnell), or trying to repeal the Act of Union and obtain Home Rule (O’Connell, Parnell, Redmond). All were MPs in Westminster at some point. None openly espoused physical force. None aimed at establishing an independent Irish Republic. Putting the history of parliamentarianism on a banner labelled 1916 suggests that 1916 was in the parliamentarian tradition. That suggestion is very far from the truth.