The Snooping Dragon : awesome, if terrifying research from Shishir Nagaraja and Ross Anderson on Chinese cyber-surveillance of the Tibetan movement. ‘we described how agents of the Chinese government compromised the computing infrastructure of the Office of His Holiness the Dalai Lama. They used social phishing to install rootkits on a number of machines and then downloaded sensitive data. People in Tibet may have died as a result.’
(tags: phishing social-phishing dalai-lama security surveillance privacy law china ross-anderson research papers windows microsoft)
Month: March 2009
German Police Raid Homes of Wikileaks.de Domain Owner : “what the Australian government’s secret ACMA internet censorship blacklist has to do with Germany is a mystery. This case is a prime example of multiple governments collaborating in support of censorship.” worrying.
(tags: censorship germany legal police wikileaks brbfbi privacy)Fast polling using C, memcached, nginx and libevent : well-written worked-through example of a classic memcached-backed libevent front-end caching system
(tags: http memcached caching optimization scalability plurk libevent nginx polling c)“The Powers That Be Want Action Taken” : ‘Gardai were in the [Today FM] offices yesterday looking for email communications between the team and the artist. According to D’Arcy the team were told [..] that “the powers that be want action takenâ€.” ffs! how’s about taking action against the fraudsters who’ve bankrupted our country instead? appalling diversionary tactics
(tags: diversions gardai picturegate brian-cowan art pranks today-fm ray-darcy censorship)AWS Toolkit for Eclipse : ‘Eclipse extensions automatically configure remote debugger connections for diagnosing problems and debugging software run in the cloud’ — ie. you can set a breakpoint on code running remotely, at EC2. that’s pretty awesome (via Steve Loughran)
(tags: via:steveloughran aws ec2 programming java plugins development eclipse cloudcomputing tomcat)Ask a Flowchart: Which Blowhard Am I? : YES
(tags: blowhards funny internet web2.0 magazines wired flowcharts dave-winer)Zooko laid off by AllMyData.com : looks like AllMyData are facing a money crunch (“focussed on keeping costs down”). hopefully this isn’t bad news for Tahoe, the fault-tolerant open-source distributed filesystem — or indeed for Zooko himself
(tags: allmydata zooko money tahoe filesystems storage fault-tolerance funding open-source distributed scalability)RTE Apologise to Brian Cowen for Nudie Pics Report : the national broadcaster apologises, on air, for a news story covering the ‘paintings of an Taoiseach in the nude’ prank. wtf!
(tags: rte television freedom-of-speech censorship satire wtf apologies soft weakness)
Australian ISP abandons blocking : “We are not able to reconcile participation in the trial with our corporate social responsibility, our customer service objectives and our public position on censorship,†iiNet managing director Michael Malone said. “It became increasingly clear that the trial was not simply about restricting child pornography or other such illegal material, but a much wider range of issues including what the Government simply describes as ‘unwanted material’ without an explanation of what that includes.â€
(tags: australia freedom censorship iinet blocking filtering acma)Akamai have developed a parallel internet : and, most surprising of all, it _works_. holy crap. (thanks Antoin!)
(tags: ip-application-accelerator akamai internet routing speed network networking ip latency joelonsoftware copilot via:antoin)Guerilla artist hangs nude Cowen paintings : some prankster put up rather disturbing paintings of Ireland’s taoiseach in the National Gallery and Royal Hibernian Academy. “‘It’s reasonably well painted. It’s not the worst thing I’ve ever seen,’ conceded James O’Halloran of Adam’s Fine Art Auctioneers & Valuers.”
(tags: painting pranks ireland galleries brian-cowan politics funny)
New Zealand Halts Internet Copyright Law Changes : excellent. good result from their blackout, then
(tags: new-zealand copyright p2p technology freedom politics internet copyfight blackouts protests)Jungle Disk/Cloud Files scalability woes : Rackspace had to firefight over the weekend to deal with scaling issues with JungleDisk users backing up to their Mosso Cloud Files service. now fixed with a JungleDisk upgrade (2.60c): http://blog.jungledisk.com/2009/03/23/jungle-disk-260c-released-cloud-files-access-restored/
(tags: jungledisk ouch mosso cloud-files scaling online-backup backup caching s3 storage)Puppets, chefs, and community competition : open source intra-project poaching between the Puppet and Chef deployment automation projects
(tags: lwn puppet chef open-source poaching staff contributors developers coding)Creator of Cyc reviews Wolfram Alpha : the hand-curation of its source knowledge base sounds incredibly labour-intensive (and expensive)
(tags: cyc wolfram wolframalpha ai search data ontology semantic-web via:yoz)interview with a 419er : ‘i know my God will forgive because i pray to him to replenish the pockets of my clients [read: victims] with double of whatever they loss’
(tags: security spam chat scam 419 fraud chat-log religion via:waxy)
On Monday April 20th, the Heritage Society of Engineers Ireland, in association with The Irish Computer Society, and the ICT and Electronic and Electrical Divisions of Engineers Ireland, will be hosting an evening lecture: ‘Reminiscences of Early days of Computing in Ireland’:
In 1957 the Irish Sugar Company installed the first stored program computer in Ireland. Other large organisations slowly followed suit.
Gordon Clarke will discuss how the early computers enhanced the electro-mechanical systems that had developed over the previous 60 years. He will talk about their specifications, a few of the first applications and tell the story of the very early years of designing and developing computer based systems.
All Welcome. Admission Free. No booking required. This event will be web-cast
For Details: www.engineersireland.ie, or Con Kehely: (01) 6860113 (con.kehely /at/ dublincity.ie)
Location: Engineers Ireland, 22 Clyde Road D4
Sounds great! Thanks to Frank Duignan on the ILUG list for forwarding the notice.
Election Officials Arrested, Charged With ‘Changing Votes at E-Voting Machines’ : the circuit court judge, the county clerk, and election officers of Clay County,KY were all arrested and indicted for ‘changing the votes at the voting machine’, and showing others how to do it, over the course of 2002-2006; they’d send the voters away at the confirmation screen, then go back and change their votes
(tags: politics fraud e-voting elections corruption kentucky)
In the comments to this unremarkable story about 4chan’s Boxxy fad, I came across this gem from CSClark:
I don’t know why I didn’t think to see if this sort of phenomenon was covered in Extraordinary Popular Delusions… Of course, it is.Walk where we will, we cannot help hearing from every side a phrase repeated with delight, and received with laughter, by men with hard hands and dirty faces, by saucy butcher lads and errand-boys, by loose women, by hackney coachmen, cabriolet-drivers, and idle fellows who loiter at the corners of streets. Not one utters this phrase without producing a laugh from all within hearing. It seems applicable to every circumstance, and is the universal answer to every question; in short, it is the favourite slang phrase of the day, a phrase that, while its brief season of popularity lasts, throws a dash of fun and frolicsomeness over the existence of squalid poverty and ill-requited labour, and gives them reason to laugh as well as their more fortunate fellows in a higher stage of society.
Wherein we also learn that the FAIL of the day was Quoz:
I’m also sure I’ve read of a fad – Greek, Roman, 18th century, something like that – where a group of young (aristocratic?) men who would suddenly grab a common woman and proclaim her Helen and make her their queen and swear to die for her and so on. And the tearing down of such idols could be seen, if you were wont to be pretentious like me, as part of Frazer’s Golden Bough’s Sacrificial King idea, although I’m not sure script kiddies care if the crops grow. (One other problem with that is that Frazer was romancing; but so are the more literal memecists, so yah!)When a disputant was desirous of throwing a doubt upon the veracity of his opponent, and getting summarily rid of an argument which he could not overturn, he uttered the word Quoz, with a contemptuous curl of his lip, and an impatient shrug of his shoulders. The universal monosyllable conveyed all his meaning, and not only told his opponent that he lied, but that he erred egregiously if he thought that any one was such a nincompoop as to believe him.
Since then however, it appears that “quoz” has entirely flipped meaning, according to UrbanDictionary:
slang for quality, a cockney term for something good. usually accompanied with a hand action of slaping ur index finger against the stationary thumb and middle finger. ‘thats quoz man! propa quoz.’ finger slappy hand thingy
cloudkick : “the easiest way to manage the cloud”. supports EC2 and slicehost servers, provides metrics, graphing, and basic monitoring. looks very nice! (via JK)
(tags: via:jkeyes amazon aws ec2 hosting scalability sysadmin deployment management server slicehost vps cloudkick)AnandTech: The SSD Anthology: Understanding SSDs and New Drives from OCZ : SSDs lose performance noticeably after an initial honeymoon period, once their block map starts to contain previously-allocated blocks. benchmarks for this factor will be critical in SSD measurement
(tags: ssds storage intel anandtech reviews benchmarks speed disk hardware flash solid-state)
Using Btrfs with Multiple Devices : cool. looking forward to this settling down so I can play with it
(tags: btrfs filesystems raid storage linux disks mkfs)ClamAV now supports Google’s Safe Browsing blocklist : ‘treat such data as a potential risk, that is a suspicious source of malware.’ ‘mainly targeted at people who are using ClamAV to filter web traffic.’ (via fanf)
(tags: via:fanf security clamav antivirus antiphishing google safe-browsing blocklists)Alexander Larsson summarises ext4 vs fsync : good writeup of the current state of play
(tags: fsync ext3 ext4 filesystems linux sync crash-recovery safety reliability)more “top”-like utilities : htop (top with a fancy UI), iftop (top for IPs on the network) and iotop (top for per-process I/O statistics). hadn’t heard of htop or iotop, so this is useful. all are “apt-get”able on 8.10. (update: Craig reminded me of “atop” — another great util, with excellent historical process monitoring ability)
(tags: htop iotop via:wmf iftop top processes unix sysadmin performance profiling commandline ubuntu)
Killer presentation — “RPC And Its Offspring: Convenient, Yet Fundamentally Flawed” from Steve Vinoski, who presented it at QCon London last week. It’s full of reminders of the mid-90’s, hacking away on CORBA technology — Steve was one of the key players at Iona while I was there.
But never mind where we’ve been; let me hit you with the summary slide to show where Steve’s going:
RPC is a convenient but flawed accident of history
- 1980s research focused on monoliths of programming languages, distributed applications, and operating systems
- each computer vendor of the time owned their own full stack, from language to hardware and network, and you used what they gave you
- imperative languages won back then simply because of their superior performance at that time
It’s almost 2010, folks — we can do WAY better
- pull your head from the imperative language sand and learn functional programming
- the world is many-core and highly distributed, and the old ways aren’t going to keep working much longer
Awesome ;)
Mosso Cloud Servers : very interesting! lowest price is $0.015/hr, ie. $10/month; quite a lot cheaper than the EC2 option. no equivalent to S3 though
(tags: ec2 s3 virtualization rackspace mosso hosting scalability servers cloud grid server)RTÉ Storyland : vote for my mate Luke’s film: “Psych Ward”. it’s great!
(tags: ireland tv film rte movies)Concurrence : impressive libevent-based Python async-I/O framework. looks like it hides async code’s complexity nicely (via SimonW)
(tags: web via:simonw stackless framework asynchronous concurrence async libevent messaging concurrency python scalability performance)Ts’o: Delayed allocation and the zero-length file problem [LWN.net] : epic LWN thread on this ext4 misfeature. I’m ambivalent: it’s perfectly POSIXly-compliant for ext4 to do this, but it _will_ cause data loss for me. I’ll be using ‘nodelalloc’ if this is still in a released version
(tags: data-loss crash ubuntu linux ext3 ext4 fsync sync filesystems reliability durability lwn nodelalloc)
how to create a tmpfs ramdisk which “spills over” onto a disk filesystem at a certain size : neato LVM hack
(tags: tmpfs disk speed lvm ext2 filesystems linux performance)how useful are the new SEI grants for green upgrades to Irish homes? : doesn’t sound great. this site reckons it’d take 21 years to break even on your investment if you chose external wall insulation
(tags: insulation green environment house home sei ireland builders)
TechWire: ISPs’ reaction to Eircom/IRMA deal: too little, too late : ‘What it does not say is that Irish ISPs will fight any attempt by the music industry to coerce them into blocking websites of Irma’s choice. It could have said this. But it deliberately didn’t. Because ISPs will not rule this course of action out.’
(tags: ireland isps privacy copyright irma ifpi eircom ispai)
I just made a loan using Kiva.org to a weaver in Nepal and a group of Vietnamese broom makers.
You can go to Kiva’s website and lend to someone in the developing world who needs a loan for their business. Each loan has a picture of the entrepreneur, a description of their business and how they plan to use the loan so you know exactly how your money is being spent — and you get updates letting you know how the entrepreneur is going.
The best part is, when the entrepreneur pays back their loan you get your money back – and Kiva’s loans are managed by microfinance institutions on the ground who have a lot of experience doing this, so you can trust that your money is being handled responsibly.
Kiva’s microfinancing seems like a nice way of helping the developing world, and I’ve heard good things about it. Here’s hoping it works out well for my two recipients!
MetaSVM SpamAssassin plugin : a new alternative scoring plugin — learn mail classification (ham or spam) based on an SVM applied to the SpamAssassin rules hit, instead of the static “additive scores with 5-point threshold” model. very nifty!
(tags: spamassassin plugins scoring metasvm svm classification classifiers machine-learning anti-spam)Did BBC break the law by using a botnet to send spam? : Graham Cluley of Sophos weighs in
(tags: bbc security spam graham-cluley sophos botnets ddos)BBC programme broke law with botnets, says lawyer : upcoming Beeb program demonstrates the use of a 22000-node botnet to send spam and DDOS-attack a host, and one lawyer asserts that their programme-makers’ actions were illegal
(tags: law botnets security bbc tv out-law legal ddos spam)
Erlangst : ‘Erlangst (n): The fear that (subject) is not smart enough to program in, or even comprehend, the Erlang programming language.’
(tags: funny erlang via:janl angst coding software languages)Startup Ireland : ‘designed to provide a home for all information that an entrepreneur might find useful when starting a company in Ireland.’. Good idea Joe!
(tags: ireland startup irish joe-drumgoole business entrepreneurs)Amazon EC2 Reserved Instances : bulk-buy EC2 instance-hours in advance; either 1 year for $325 or 3 years for $500. great news, much more competitive now against a dedicated colo server
(tags: amazon ec2 aws colo servers)
SSL session resumption is essential : something worth checking if you admin an SSL site; “Session ID Length” == 0 is the tell-tale
(tags: sessions tls ssl https sysadmin)kids are starting to prefer MP3s to artifact-free music : ‘Jonathan Berger, professor of music at Stanford [.. notes that] students [..] prefer “sizzle sounds” that MP3s bring to music. It is a sound they are familiar with.’
(tags: music mp3 sound compression audio students psychology quality perception artifacts via:slashdot)Building a 1.8 exabyte data center : ‘Building an exabyte data center is feasible. All it takes is money – $400 million with all the goodies – and power. Time to readjust the mental model of storage possibility. Other than the NSA’s acres of disk at Fort Meade though, I’m not aware of any exabyte data centers.’
(tags: ouch exabyte datacenters storage disk hardware provisioning nsa racks planning petabytes)
So, if you use Google Reader, read your news with the “All items” page, and are subscribed to hundreds of feeds, it can be pretty overwhelming. I’ve found a better way to deal with this.
Select a ‘most important’ subset of feeds. For each of those, click through to the feed details page, hit the “Feed Settings…” menu, and select “Change folders…“. Put the feed into a new “top” folder (creating it if necessary).
Now go to “Settings” -> “Preferences” and check out the “Start page” preference. By default, it’s set to “Home“; change it to “Folders and Tags: top“.
Hey presto — now, when you load Google Reader, it’ll come up with your “top” items. You can get through those quickly enough, and get on to other more important tasks. When you’re bored and need something to read, though, just hit “Navigation” -> “All items” (or even just type ‘ga’), and every other feed is now there for your delectation. Sweet!
Dustin Kirkland: When is Amazon’s EC2 appropriate for your workload? : a little helper app for Ubuntu. cute (via Danny)
(tags: ec2 linux via:danny ubuntu screen amazon aws costing)SpamAssassin running off the grid : powered by a wind generator and some solar panels, to be exact, in the remote northwest of Scotland (plenty of wind there!)
(tags: scotland wind-power spamassassin linux servers electricity power)HubLog: Making a Lucene index of Wikipedia for MoreLikeThis queries : nice contextual hack
(tags: context wikipedia search bbc lucene solr indexing freebase hublog php)SUB-MIT: The Great McMurdo Jello-Wrestling All-Hands Meeting : pen-pushing on the polar frontier
(tags: bureaucracy denver funny mcmurdo south-pole jello jello-wrestling wtf all-hands meetings pen-pushers bigdeadplace)pHash – the open source perceptual hash library : ‘a fingerprint of an audio, video or image file that is mathematically based on the audio or visual content contained within. Unlike cryptographic hash functions which rely on the avalanche effect of small changes in input leading to drastic changes in the output, perceptual hashes are “close” to one another if the inputs are visually or auditorily similar.’
(tags: video audio open-source sound signature search hashing algorithms fingerprint phash perceptual hash similarity)
Telenor shuns IFPI’s ‘block Pirate Bay’ demands • The Register : ‘”Asking an ISP to control and assess what internet users can and cannot download is just as wrong as asking the post office to open and read letters and decide what should and should not be delivered,” said Telenor.’
(tags: telenor norway isps ifpi filesharing privacy internet)
SmartBear CodeCollaborator : very nifty-looking code-review tool. supports R-T-C and C-T-R, lots of subscription/notification options, real-time web-based inline chat, open data store, and custom script triggers (via Henning on ASF members list)
(tags: via:henning code-review coding programming review tools agie smartbear c-t-r svn p4 git)Using Hadoop to fight spam : Mark Risher and Jay Pujara @Y! Mail talk about their use of Hadoop’s Pig and Streaming products in anti-spam number-crunching
(tags: mark-risher jay-pujara yahoo yahoo-mail anti-spam hadoop pig stream video)Simon Wistow bemoans git’s tendency to permit siloing : the ruby-oauth gem now has 27 forks on github. ffs
(tags: ruby git forking github dvcs forks open-source hazards moan siloing)
“Try again. Fail again. Fail better.”
— Samuel Beckett, via Alyssa Henry
Reminder — Ireland’s Blackout Week starts tomorrow:
Take part in Blackout Week
- To demonstrate your feelings about [IRMA’s censorship demands], you can make your avatar black on any websites you have a presence on.
- This is inspired by Creative Freedom New Zealand’s blackout campaign.
- From Black Thursday on the 5th of March, for one week, set your picture on sites like Facebook, Bebo, Twitter, MSN, etc black to raise awareness for Blackout Ireland.
- On that Thursday we encourage you to express yourself publicly about this issue, whether by blog posts, letters to newspapers or any form of communication you can think of.
Locale : ‘Locale allows you to create Situations, which specify Conditions under which your Settings should change; e.g. your “At Work” situation might notice when your location condition is “1600 Amphitheatre Parkway,” and trigger your ringer to vibrate.’ in essence, rule-based AI for your phone. want it! and the phone too while I’m at it!
(tags: want android phone apps google location mapping)
Here’s a great idea from a thread on the SpamAssassin users list, from Roger Marquis:
Karsten Bräckelmann [questioning the utility of a mechanism to dump the entire contents of the SpamAssassin configuration database]:
‘postconf’ without the handy -n switch dumps about 500 lines. The equivalent dump for SA including the rules is about 6000 lines. And that’s a plain dump, without following and unfolding meta rules or anything.
Whether 6K or 60K would not necessarily make a difference to how I would like to use an SA ‘postconf -n’ equivalent. That use is change management. The intent is not in the full report itself but in its deltas.
As full time mail/systems admins we get invaluable data from tripwire/integrit, ‘postconf -n’, dconf, ‘rpm -qa’, ‘dpkg -l *’, ‘pkg_info -a’, … whose output is checked in to RCS daily. This provides a nice configuration snapshot and historical record but its real usefulness comes from rcsdiff piped into a daily report. These are (usually) relatively concise, and IMO, absolutely essential for monitoring production Unix/Linux systems.
I like it! I think I’d check it into a git repo, though. The concept of applying VC smarts to traditional sysadmin tasks is definitely a meme on the way up — see also etckeeper.
LightCloud – Distributed and persistent key-value store : built on Tokyo Tyrant, performance comparable to memcached, scale by adding nodes, supports hot backup/restore, used in production by Plurk.com, mixi.jp and scribd.com. interesting
(tags: plurk python scaling storage databases scalability memcached distributed dht db persistent tokyotyrant lightcloud tokyocabinet via:joshua)10 Papers Every Programmer Should Read (At Least Twice) : actually a very good list. some interesting papers here I hadn’t heard of, particularly _ An Experimental Evaluation of The Assumption of Independence in Multi-Version Programming_ (1986)
(tags: coding history programming papers toread education academia cs)/~colmmacc/ – Optimising strlen() : good post on various approaches to code optimization of a particularly common C idiom — strlen(). I’d never seen the glibc “add to unsigned long to detect zeroes” trick before — very nifty!
(tags: zero c optimisation coding c++ strlen strings)
Bord Gáis Energy – The BIG Switch tariffs : hmm. a lot of PR spooge, but not a very good deal; Airtricity are 8.4% cheaper per kWh and 11% cheaper than ESB
(tags: electricity ireland consumer bord-gais airtricity prices savings)
(UPDATE: I was wrong! Airtricity are quoting ex-VAT. see comments below.)