Skip to content

Author: dailylinks

Links for 2017-10-09

Published October 9, 2017

Links for 2017-10-06

Published October 6, 2017

  • The world's first cyber-attack, on the Chappe telegraph system, in Bordeaux in 1834

    The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements. Some tried using messengers and carrier pigeons, but the Blanc brothers found a way to use the telegraph line instead. They bribed the telegraph operator in the city of Tours to introduce deliberate errors into routine government messages being sent over the network. The telegraph’s encoding system included a “backspace” symbol that instructed the transcriber to ignore the previous character. The addition of a spurious character indicating the direction of the previous day’s market movement, followed by a backspace, meant the text of the message being sent was unaffected when it was written out for delivery at the end of the line. But this extra character could be seen by another accomplice: a former telegraph operator who observed the telegraph tower outside Bordeaux with a telescope, and then passed on the news to the Blancs. The scam was only uncovered in 1836, when the crooked operator in Tours fell ill and revealed all to a friend, who he hoped would take his place. The Blanc brothers were put on trial, though they could not be convicted because there was no law against misuse of data networks. But the Blancs’ pioneering misuse of the French network qualifies as the world’s first cyber-attack.

    (tags: bordeaux hacking history security technology cyber-attacks telegraph telegraphes-chappe)

  • Slack 103: Communication and culture

    Interesting note on some emergent Slack communications systems using emoji: "redirect raccoon", voting, and "I'm taking a look at this"

    (tags: slack communications emojis emoji online talk chat)

  • This Future Looks Familiar: Watching Blade Runner in 2017

    I told a lot of people that I was going to watch Blade Runner for the first time, because I know that people have opinions about Blade Runner. All of them gave me a few watery opinions to keep in mind going in—nothing that would spoil me, but things that would help me understand what they assured me would be a Very Strange Film. None of them told me the right things, though.

    (tags: culture movies film blade-runner politics slavery replicants)

  • poor man's profiler

    'Sampling tools like oprofile or dtrace's profile provider don't really provide methods to see what [multithreaded] programs are blocking on - only where they spend CPU time. Though there exist advanced techniques (such as systemtap and dtrace call level probes), it is overkill to build upon that. Poor man doesn't have time. Poor man needs food.' Basically periodically grabbing stack traces from running processes using gdb.

    (tags: gdb profiling linux unix mark-callaghan stack-traces performance)

Links for 2017-10-03

Published October 3, 2017

  • Intel pcj library for persistent memory-oriented data structures

    This is a "pilot" project to develop a library for Java objects stored in persistent memory. Persistent collections are being emphasized because many applications for persistent memory seem to map well to the use of collections. One of this project's goals is to make programming with persistent objects feel natural to a Java developer, for example, by using familiar Java constructs when incorporating persistence elements such as data consistency and object lifetime. The breadth of persistent types is currently limited and the code is not performance-optimized. We are making the code available because we believe it can be useful in experiments to retrofit existing Java code to use persistent memory and to explore persistent Java programming in general.
    (via Mario Fusco)

    (tags: persistent-memory data-structures storage persistence java coding future)

  • Google and Facebook Have Failed Us - The Atlantic

    There’s no hiding behind algorithms anymore. The problems cannot be minimized. The machines have shown they are not up to the task of dealing with rare, breaking news events, and it is unlikely that they will be in the near future. More humans must be added to the decision-making process, and the sooner the better.

    (tags: algorithms facebook google las-vegas news filtering hoaxes 4chan abuse breaking-news responsibility silicon-valley)

Links for 2017-10-02

Published October 2, 2017

Links for 2017-09-29

Published September 29, 2017

  • The Israeli Digital Rights Movement's campaign for privacy | Internet Policy Review

    This study explores the persuasion techniques used by the Israeli Digital Rights Movement in its campaign against Israel’s biometric database. The research was based on analysing the movement's official publications and announcements and the journalistic discourse that surrounded their campaign within the political, judicial, and public arenas in 2009-2017. The results demonstrate how the organisation navigated three persuasion frames to achieve its goals: the unnecessity of a biometric database in democracy; the database’s ineffectiveness; and governmental incompetence in securing it. I conclude by discussing how analysing civil society privacy campaigns can shed light over different regimes of privacy governance. [....] 1. Why the database should be abolished: because it's not necessary - As the organisation highlighted repeatedly throughout the campaign with the backing of cyber experts, there is a significant difference between issuing smart documents and creating a database. Issuing smart documents effectively solves the problem of stealing and forging official documents, but does it necessarily entail the creation of a database? The activists’ answer is no: they declared that while they do support the transition to smart documents (passports and ID cards) for Israeli citizens, they object to the creation of a database due to its violation of citizens' privacy. 2. Why the database should be abolished: because it's ineffective; [...] 3. Why the database should be abolished: because it will be breached - The final argument was that the database should be abolished because the government would not be able to guarantee protection against security breaches, and hence possible identity theft.

    (tags: digital-rights privacy databases id-cards israel psc drm identity-theft security)

Links for 2017-09-28

Published September 28, 2017

Links for 2017-09-27

Published September 27, 2017

Links for 2017-09-25

Published September 25, 2017

  • Legendary aquarium "piscamel" thread from the GotMead forums

    I thought I had detected a studied disinterest for my March 28 questions about raising fish and making mead in the same aquarium --- now I realize that you mazers probably thought I was drunk. My hypothesis was that fish manures would provide valuable fertilizer to the yeast, the aquarium bubbler would keep O2 levels high, and the fish would get a nice honey drink. The result, instead, was 3 "piscamels" flavored by rotting fish.
    This sounds utterly revolting. Mead made with biohazard waste. Those poor fish! (via John Looney)

    (tags: via:johnlooney biohazard mead fish aquarium gotmead forums brewing disgusting)

  • Relicensing React, Jest, Flow, and Immutable.js | Engineering Blog | Facebook Code

    This decision comes after several weeks of disappointment and uncertainty for our community. Although we still believe our BSD + Patents license provides some benefits to users of our projects, we acknowledge that we failed to decisively convince this community.

    (tags: facebook opensource react patents swpats bsd licensing)

  • 'Monitoring Cloudflare's planet-scale edge network with Prometheus' (preso)

    from SRECon EMEA 2017; how Cloudflare are replacing Nagios with Prometheus and grafana

    (tags: metrics monitoring alerting prometheus grafana nagios)

  • European Commission study finds no link between piracy and lower sales of digital content

    According to the report, an average of 51% of adults and 72% of minors in the EU have pirated digital content, with Poland and Spain averaging the highest rates of all countries surveyed. Nevertheless, displacement rates (the impact of piracy on legitimate sales) were found to be negligible or non-existent for music, books and games, while rates for films and TV were in line with previous digital piracy studies. Most interesting is the fact that the study found that illegal game downloads actually lead to an increase in legal purchases. The report concludes that tactics like video game microtransactions are proving effective in converting illegal users to paying users. The full report goes in-depth regarding potential factors influencing piracy and the challenges of accurately tracking its impact on legitimate sales, but the researchers ultimately conclude that there is no robust statistical evidence that illegal downloads reduce legal sales. That's big news, which makes it all the more troubling that the EU effectively buried it for two years.

    (tags: piracy eu studies downloads ec games movies books content)

  • Understanding Uber: It's Not About The App

    the next time you see a link to a petition or someone raging about this decision being ‘anti-innovation’, remember Greyball. Remember the Metropolitan Police letter [regarding several sexual assaults which Uber didn't report to police]. Remember that this is about holding ULL, as a company, to the same set of standards to which every other mini-cab operator in London already complies. Most of all though remember: it is not about the app.

    (tags: uber ull safety crime london assault greyball taxis cabs apps)

Links for 2017-09-21

Published September 21, 2017

Links for 2017-09-20

Published September 20, 2017

  • Locking, Little's Law, and the USL

    Excellent explanatory mailing list post by Martin Thompson to the mechanical-sympathy group, discussing Little's Law vs the USL:

    Little's law can be used to describe a system in steady state from a queuing perspective, i.e. arrival and leaving rates are balanced. In this case it is a crude way of modelling a system with a contention percentage of 100% under Amdahl's law, in that throughput is one over latency. However this is an inaccurate way to model a system with locks. Amdahl's law does not account for coherence costs. For example, if you wrote a microbenchmark with a single thread to measure the lock cost then it is much lower than in a multi-threaded environment where cache coherence, other OS costs such as scheduling, and lock implementations need to be considered. Universal Scalability Law (USL) accounts for both the contention and the coherence costs. http://www.perfdynamics.com/Manifesto/USLscalability.html When modelling locks it is necessary to consider how contention and coherence costs vary given how they can be implemented. Consider in Java how we have biased locking, thin locks, fat locks, inflation, and revoking biases which can cause safe points that bring all threads in the JVM to a stop with a significant coherence component.

    (tags: usl scaling scalability performance locking locks java jvm amdahls-law littles-law system-dynamics modelling systems caching threads schedulers contention)

  • "HTML email, was that your fault?"

    jwz may indeed have invented this feature way back in Netscape Mail. FWIW I think he's right -- Netscape Mail was the first usage of HTML email I recall

    (tags: netscape history html email smtp mime mozilla jwz)

Links for 2017-09-19

Published September 19, 2017

  • Undercover operation 'Close Pass' reduced cyclist injuries by 20% in a year

    An initiative to protect cyclists from dangerous overtaking has been praised, after reducing the amount of cyclists killed or seriously injured on the roads by 20% over the last year. Operation 'Close Pass' was devised by West Midlands Police as a low cost way of preventing accidents caused by motorists who are driving too close for comfort.
    (Via Tony Finch)

    (tags: cycling via:fanf safety overtaking roads bikes)

  • Normietivity: A Review of Angela Nagle's Kill all Normies

    Due to a persistent vagueness in targets and refusal to respond to the best arguments presented by those she loosely groups together, Nagle does not provide the thoroughgoing and immanent treatment of the left which would be required to achieve the profound intervention she clearly intended. Nor does she grapple with the difficult implications figures like Greer (with her transphobic campaign against a vulnerable colleague) and Milo (with his direct advocacy for the nativist and carceral state) present for free speech absolutists. And indeed, the blurring their specifically shared transphobia causes for distinguishing between left and right wing social analysis. In genre terms, Nagle’s writing is best described as travel writing for internet culture. Kill All Normies provides a string of curios and oddities (from neo-nazi cults, to inscrutably gendered teenagers) to an audience expected to find them unfamiliar, and titillating. Nagle attempts to cast herself as an aloof and wry explorer, but at various points her commitments become all too clear. Nagle implicitly casts her reader as the eponymous normies, overlooking those of us who live through lives with transgenders, in the wake of colonialism, despite invisible disabilities (including depression), and all the rest. This is both a shame and a missed opportunity, because the deadly violence the Alt-Right has proven itself capable of is in urgent need of evaluation, but so too are the very real dysfunctions which afflict the left (both online and IRL). After this book patient, discerning, explanatory, and immanent readings of internet culture remain sorely needed. The best that can be said for Kill All Normies is, as the old meme goes, “An attempt was made.”

    (tags: angela-nagle normies books reading transphobia germaine-greer milo alt-right politics internet 4chan)

Links for 2017-09-18

Published September 18, 2017

  • Native Memory Tracking

    Java 8 HotSpot feature to monitor and diagnose native memory leaks

    (tags: java jvm memory native-memory malloc debugging coding nmt java-8 jcmd)

  • This Heroic Captain Defied His Orders and Stopped America From Starting World War III

    Captain William Bassett, a USAF officer stationed at Okinawa on October 28, 1962, can now be added alongside Stanislav Petrov to the list of people who have saved the world from WWIII:

    By [John] Bordne’s account, at the height of the Cuban Missile Crisis, Air Force crews on Okinawa were ordered to launch 32 missiles, each carrying a large nuclear warhead. [...] The Captain told Missile Operations Center over the phone that he either needed to hear that the threat level had been raised to DEFCON 1 and that he should fire the nukes, or that he should stand down. We don’t know exactly what the Missile Operations Center told Captain Bassett, but they finally received confirmation that they should not launch their nukes. After the crisis had passed Bassett reportedly told his men: “None of us will discuss anything that happened here tonight, and I mean anything. No discussions at the barracks, in a bar, or even here at the launch site. You do not even write home about this. Am I making myself perfectly clear on this subject?”

    (tags: wwiii history nukes cuban-missile-crisis 1960s usaf okinawa missiles william-bassett)

  • malware piggybacking on CCleaner

    On September 13, 2017 while conducting customer beta testing of our new exploit detection technology, Cisco Talos identified a specific executable which was triggering our advanced malware protection systems. Upon closer inspection, the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers. Talos began initial analysis to determine what was causing this technology to flag CCleaner. We identified that even though the downloaded installation executable was signed using a valid digital signature issued to Piriform, CCleaner was not the only application that came with the download. During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner's download server as recently as September 11, 2017.

    (tags: ccleaner malware avast piriform windows security)

Links for 2017-09-15

Published September 15, 2017

  • Malicious typosquatting packages in PyPI

    skcsirt-sa-20170909-pypi vulnerability announcement from SK-CSIRT:

    SK-CSIRT identified malicious software libraries in the official Python package repository, PyPI, posing as well known libraries. A prominent example is a fake package urllib-1.21.1.tar.gz, based upon a well known package urllib3-1.21.1.tar.gz. Such packages may have been downloaded by unwitting developer or administrator by various means, including the popular “pip” utility (pip install urllib). There is evidence that the fake packages have indeed been downloaded and incorporated into software multiple times between June 2017 and September 2017.

    (tags: pypi python typos urllib security malware)

Links for 2017-09-14

Published September 14, 2017

  • London police’s use of AFR facial recognition falls flat on its face

    A “top-of-the-line” automated facial recognition (AFR) system trialled for the second year in a row at London’s Notting Hill Carnival couldn’t even tell the difference between a young woman and a balding man, according to a rights group worker invited to view it in action. Because yes, of course they did it again: London’s Met police used controversial, inaccurate, largely unregulated automated facial recognition (AFR) technology to spot troublemakers. And once again, it did more harm than good. Last year, it proved useless. This year, it proved worse than useless: it blew up in their faces, with 35 false matches and one wrongful arrest of somebody erroneously tagged as being wanted on a warrant for a rioting offense. [...] During a recent, scathing US House oversight committee hearing on the FBI’s use of the technology, it emerged that 80% of the people in the FBI database don’t have any sort of arrest record. Yet the system’s recognition algorithm inaccurately identifies them during criminal searches 15% of the time, with black women most often being misidentified.

    (tags: face-recognition afr london notting-hill-carnival police liberty met-police privacy data-privacy algorithms)

Links for 2017-09-13

Published September 13, 2017

Links for 2017-09-12

Published September 12, 2017

  • "You Can't Stay Here: The Efficacy of Reddit’s 2015 Ban Examined Through Hate Speech"

    In 2015, Reddit closed several subreddits—foremost among them r/fatpeoplehate and r/CoonTown—due to violations of Reddit’s anti-harassment policy. However, the effectiveness of banning as a moderation approach remains unclear: banning might diminish hateful behavior, or it may relocate such behavior to different parts of the site. We study the ban of r/fatpeoplehate and r/CoonTown in terms of its effect on both participating users and affected subreddits. Working from over 100M Reddit posts and comments, we generate hate speech lexicons to examine variations in hate speech usage via causal inference methods. We find that the ban worked for Reddit. More accounts than expected discontinued using the site; those that stayed drastically decreased their hate speech usage—by at least 80%. Though many subreddits saw an influx of r/fatpeoplehate and r/CoonTown “migrants,” those subreddits saw no significant changes in hate speech usage. In other words, other subreddits did not inherit the problem. We conclude by reflecting on the apparent success of the ban, discussing implications for online moderation, Reddit and internet communities more broadly.
    (Via Anil Dash)

    (tags: abuse reddit research hate-speech community moderation racism internet)

  • The Immortal Myths About Online Abuse – Humane Tech – Medium

    After building online communities for two decades, we’ve learned how to fight abuse. It’s a solvable problem. We just have to stop repeating the same myths as excuses not to fix things.
    Here are the 8 myths Anil Dash picks out: 1. False: You can’t fix abusive behavior online. 2. False: Fighting abuse hurts free speech! 3. False: Software can detect abuse using simple rules. 4. False: Most people say “abuse” when they just mean criticism. 5. False: We just need everybody to use their “real” name. 6. False: Just charge a dollar to comment and that’ll fix things. 7. False: You can call the cops! If it’s not illegal, it’s not harmful. 8. False: Abuse can be fixed without dedicated resources.

    (tags: abuse comments community harassment racism reddit anil-dash free-speech)

  • 'Let’s all survive the GDPR'

    Simon McGarr and John Looney's slides from their SRECon '17 presentation

    (tags: simon-mcgarr data-privacy privacy data-protection gdpr slides presentations)

Links for 2017-09-11

Published September 11, 2017

  • The React license for founders and CTOs – James Ide – Medium

    Decent explanation of _why_ Facebook came up with the BSD+Patents license: "Facebook’s patent grant is about sharing its code while preserving its ability to defend itself against patent lawsuits."

    The difficulty of open sourcing code at Facebook, including React in 2013, was one of the reasons the company’s open-source contributions used to be a fraction of what they are today. It didn’t use to have a strong reputation as an open-source contributor to front-end technologies. Facebook wanted to open source code, though; when it grew communities for projects like React, core contributors emerged to help out and interview candidates often cited React and other Facebook open source as one of the reasons they were interested in applying. People at Facebook wanted to make it easier to open source code and not worry as much about patents. Facebook’s solution was the Facebook BSD+Patents license.

    (tags: facebook bsd licenses licensing asf patents swpats react license software-patents open-source rocksdb)

  • HN thread on the new Network Load Balancer AWS product

    looks like @colmmacc works on it. Lots and lots of good details here

    (tags: nlb aws load-balancing ops architecture lbs tcp ip)

  • Java Flame Graphs Introduction: Fire For Everyone!

    lots of good detail on flame graph usage in Java, and the Honest Profiler (honest because it's safepoint-free)

    (tags: profiling java safepoints jvm flame-graphs perf measurement benchmarking testing)

  • Teaching Students to Code - What Works

    Lynn Langit describing her work as part of Microsoft Digigirlz and TKP to teach thousands of kids worldwide to code. Describes a curriculum from "K" (4-6-year olds) learning computational thinking with a block-based programming environment like Scratch, up to University level, solving problems with public clouds like AWS' free tier.

    (tags: education learning coding teaching tkp lynn-langit scratch kids)

  • So much for that Voynich manuscript “solution”

    boo.

    The idea that the book is a medical treatise on women's health, however, might turn out to be correct. But that wasn't Gibbs' discovery. Many scholars and amateur sleuths had already reached that conclusion, using the same evidence that Gibbs did. Essentially, Gibbs rolled together a bunch of already-existing scholarship and did a highly speculative translation, without even consulting the librarians at the institute where the book resides. Gibbs said in the TLS article that he did his research for an unnamed "television network." Given that Gibbs' main claim to fame before this article was a series of books about how to write and sell television screenplays, it seems that his goal in this research was probably to sell a television screenplay of his own. In 2015, Gibbs did an interview where he said that in five years, "I would like to think I could have a returnable series up and running." Considering the dubious accuracy of many History Channel "documentaries," he might just get his wish.

    (tags: crypto history voynich-manuscript historians tls)

  • How to Optimize Garbage Collection in Go

    In this post, we’ll share a few powerful optimizations that mitigate many of the performance problems common to Go’s garbage collection (we will cover “fun with deadlocks” in a follow-up). In particular, we’ll share how embedding structs, using sync.Pool, and reusing backing arrays can minimize memory allocations and reduce garbage collection overhead.

    (tags: garbage performance gc golang go coding)

Links for 2017-09-09

Published September 9, 2017

  • Firms involved in biometric database in India contracted by Irish government

    Two tech firms – one owned by businessman Dermot Desmond – involved in the creation of a controversial biometric database in India, are providing services for the Government’s public services card and passports. Known as the Aadhaar project, the Indian scheme is the world’s largest ever biometric database involving 1.2 billion citizens. Initially voluntary, it became mandatory for obtaining state services, for paying taxes and for opening a bank account. [...] Dermot Casey, a former chief technology officer of Storyful, said that if the Daon system was used to store the data and carry out the facial matching then the Government “appears to have purchased a biometric database system which can be extended to include voice, fingerprint and iris identification at a moment’s notice”. Katherine O’Keefe, a data protection consultant with Castlebridge, said if the departments were using images of people’s faces to single out or identify an individual, they were “by legal definition processing biometric data”.

    (tags: biometrics databases aadhar id-cards ireland psc daon morpho)

Links for 2017-09-08

Published September 8, 2017

Links for 2017-08-30

Published August 30, 2017

  • Comment: 'Mandatory but not compulsory' - what exactly is the justification for the Public Services Card? - Independent.ie

    TJ McIntyre nails the problem here:

    'Mandatory but not compulsory". This ill-judged hair-splitting seems likely to stick to Social Protection Minister Regina Doherty in the same way that "an Irish solution to an Irish problem" and "on mature recollection" did to politicians before her. The minister used that phrase to defend against the criticism that the public services card (PSC) is being rolled out as a national ID card by stealth, without any clear legal basis or public debate. She went on to say that the PSC is not compulsory as "nobody will drag you kicking and screaming to have a card". This is correct, but irrelevant. The Government's strategy is one of making the PSC effectively rather than legally compulsory - by cutting off benefits such as pensions and refusing driving licences and passports unless a person registers. Whether or not the PSC is required by law is immaterial if you cannot function in society without it.

    (tags: psc id-cards ireland social-welfare id privacy data-protection)

Links for 2017-08-28

Published August 28, 2017

Links for 2017-08-24

Published August 24, 2017

Links for 2017-08-21

Published August 21, 2017

  • 48 Hours In Dublin

    good set of tourist tips for a foodie Dublin weekender

    (tags: dublin tourism food eating dining restaurants tips weekend)

  • Linux Load Averages: Solving the Mystery

    Nice bit of OS archaeology by Brendan Gregg.

    In 1993, a Linux engineer found a nonintuitive case with load averages, and with a three-line patch changed them forever from "CPU load averages" to what one might call "system load averages." His change included tasks in the uninterruptible state, so that load averages reflected demand for disk resources and not just CPUs. These system load averages count the number of threads working and waiting to work, and are summarized as a triplet of exponentially-damped moving sum averages that use 1, 5, and 15 minutes as constants in an equation. This triplet of numbers lets you see if load is increasing or decreasing, and their greatest value may be for relative comparisons with themselves.

    (tags: load monitoring linux unix performance ops brendan-gregg history cpu)

  • Distilled Identity

    Gabriel recently bought a distillery in Barbados, where he says the majority of his team is of African descent. “The sugar industry is a painful past for them, but my understanding, from my team, is that they do see it as the past,” Gabriel explained. “There was great suffering, but their take is like, ‘We built this island.’ They are reclaiming it, and we are seeing that in efforts to preserve farming land and not let it all go to tourism.” I rather liked this narrative, or at least the potential of it. Slavery was appalling across the board, but countries and cultures throughout the African Diaspora have managed their paths forward in ways that don’t mimic the American aftermath. A plurality of narratives was possible here, which was thrilling to me. I am often disappointed by the mainstream perception of one-note blackness. One could easily argue the root of colonization is far from removed in the Caribbean. But if I understood Gabriel, and if he accurately captured the sentiments of his Barbadian colleagues, plantation sugarcane offered career opportunities to some, and was perhaps not solely a distressing connection to a shared global history. We chewed on this thought, together, in silence.

    (tags: history distilling rum barbados african-diaspora slavery american-history booze language etymology)

  • cristim/autospotting

    'Easy to use tool that automatically replaces some or even all on-demand AutoScaling group members with similar or larger identically configured spot instances in order to generate significant cost savings on AWS EC2, behaving much like an AutoScaling-backed spot fleet.'

    (tags: asg autoscaling ec2 aws spot-fleet spot-instances cost-saving scaling)

  • Going Multi-Cloud with AWS and GCP: Lessons Learned at Scale

    Metamarkets splits across AWS and GCP, going into heavy detail here

    (tags: aws gcp google ops hosting multi-cloud)

Links for 2017-08-20

Published August 20, 2017

Links for 2017-08-17

Published August 17, 2017

  • NASA's Sound Suppression Water System

    If you’ve ever watched a rocket launch, you’ve probably noticed the billowing clouds around the launch pad during lift-off. What you’re seeing is not actually the rocket’s exhaust but the result of a launch pad and vehicle protection system known in NASA parlance as the Sound Suppression Water System. Exhaust gases from a rocket typically exit at a pressure higher than the ambient atmosphere, which generates shock waves and lots of turbulent mixing between the exhaust and the air. Put differently, launch ignition is incredibly loud, loud enough to cause structural damage to the launchpad and, via reflection, the vehicle and its contents. To mitigate this problem, launch operators use a massive water injection system that pours about 3.5 times as much water as rocket propellant per second. This significantly reduces the noise levels on the launchpad and vehicle and also helps protect the infrastructure from heat damage.

    (tags: water rockets launch nasa space sound-suppression sound science)

  • The White Lies of Craft Culture - Eater

    Besides field laborers, [Southern US] planter and urban communities both depended on proficient carpenters, blacksmiths, gardeners, stable hands, seamstresses, and cooks; the America of the 1700s and 1800s was literally crafted by people of color. Part of this hidden history includes the revelation that six slaves were critical to the operation of George Washington’s distillery, and that the eponymous Jack Daniel learned to make whiskey from an enslaved black man named Nathan “Nearest” Green. As Clay Risen reported for the New York Times last year, contrary to the predominant narrative that views whiskey as an ever “lily-white affair,” black men were the minds and hands behind American whiskey production. “In the same way that white cookbook authors often appropriated recipes from their black cooks, white distillery owners took credit for the whiskey,” he writes. Described as “the best whiskey maker that I know of” by his master, Dan Call, Green taught young Jack Daniel how to run a whiskey still. When Daniel later opened his own distillery, he hired two of Green’s sons. The popular image of moonshine is a product of the white cultural monopoly on all things ‘country’ Over time, that legacy was forgotten, creating a gap in knowledge about American distilling traditions — while English, German, Scottish, and Irish influences exist, that combination alone cannot explain the entirely of American distilling. As bourbon historian Michael Veach suggests, slave culture pieces together an otherwise puzzling intellectual history.

    (tags: history craft-beer craft-culture food drink whiskey distilling black-history jack-daniels nathan-nearest-green)

  • Meet the Espresso Tonic, Iced Coffee's Bubbly New Cousin

    Bit late on this one but YUM

    To make the drink, Box Kite baristas simply load a glass with ice, fill it about three quarters of the way with chilled tonic, and then top it off with an espresso shot — typically from roasters like Madcap (MI) and Ritual (SF). Often, baristas pull the espresso shot directly on top of the tonic and ice mixture, forgoing the process of first pulling it into a cup and then pouring the espresso from cup to glass.

    (tags: tonic-water recipes espresso coffee drinks cocktails)

Links for 2017-08-16

Published August 16, 2017

  • Fsq.io

    Foursquare's open source repo, where they extract reusable components for open sourcing -- I like the approach of using a separate top level module path for OSS bits

    (tags: open-source oss foursquare libraries maintainance coding git monorepos)

  • GTK+ switches build from Autotools to Meson

    'The main change is that now GTK+ takes about ? of the time to build compared to the Autotools build, with likely bigger wins on older/less powerful hardware; the Visual Studio support on Windows should be at least a couple of orders of magnitude easier (shout out to Fan Chun-wei for having spent so, so many hours ensuring that we could even build on Windows with Visual Studio and MSVC); and maintaining the build system should be equally easier for everyone on any platform we currently support.' Looking at http://mesonbuild.com/ it appears to be Python-based and AL2-licensed open source. On the downside, though, the Meson file is basically a Python script, which is something I'm really not fond of :( more details at http://taint.org/2011/02/18/001527a.html .

    (tags: meson build coding dev autotools gtk+ python)

  • Matt Haughey ???????? on Twitter: "high quality LED light tape for bikes and wheels is ridiculously cheap these days"

    good thread on fitting out a bike with crazy LED light tape; see also EL string. Apparently it'll run off a 4.5V (3xAAA) battery pack nowadays which makes it pretty viable!

    (tags: bikes cycling safety led-lights el-tape led-tape hacks via:mathowie)

  • M00N

    a beautifully-glitched photo of the moon by Giacomo Carmagnola; more on his art at http://www.bleaq.com/2015/giacomo-carmagnola . (Via Archillect)

    (tags: via:archillect art giacomo-carmagnola glitch-art moon glitch images)

  • How to shop on AliExpress

    From the aptly-named Aliholic.com. Thanks, Elliot -- the last thing I needed was something to feed my addiction to cheap tat from China!

    (tags: china aliexpress dealextreme gearbest gadgets buying tat aliholic stuff)

  • TIL you shouldn’t use conditioner if you get nuked

    If you shower carefully with soap and shampoo, Karam says [Andrew Karam, radiation expert], the radioactive dust should wash right out. But hair conditioner has particular compounds called cationic surfactants and polymers. If radioactive particles have drifted underneath damaged scales of hair protein, these compounds can pull those scales down to create a smooth strand of hair. "That can trap particles of contamination inside of the scale," Karam says. These conditioner compounds are also oily and have a positive charge on one end that will make them stick to negatively charged sections of a strand of hair, says Perry Romanowski, a cosmetics chemist who has developed personal hygiene formulas and now hosts "The Beauty Brains" podcast on cosmetics chemistry. "Unlike shampoo, conditioners are meant to stay behind on your hair," Romanowski says. If the conditioner comes into contact with radioactive material, these sticky, oily compounds can gum radioactive dust into your hair, he says.

    (tags: factoids conditioner surfactants nuclear-bombs fallout hair bizarre til via:boingboing)

Links for 2017-08-15

Published August 15, 2017

  • Allen curve - Wikipedia

    During the late 1970s, [Professor Thomas J.] Allen undertook a project to determine how the distance between engineers’ offices affects the frequency of technical communication between them. The result of that research, produced what is now known as the Allen Curve, revealed that there is a strong negative correlation between physical distance and the frequency of communication between work stations. The finding also revealed the critical distance of 50 meters for weekly technical communication. With the fast advancement of internet and sharp drop of telecommunication cost, some wonder the observation of Allen Curve in today's corporate environment. In his recently co-authored book, Allen examined this question and the same still holds true. He says[2] "For example, rather than finding that the probability of telephone communication increases with distance, as face-to-face probability decays, our data show a decay in the use of all communication media with distance (following a "near-field" rise)." [p. 58]
    Apparently a few years back in Google, some staff mined the promotion data, and were able to show a Allen-like curve that proved a strong correlation between distance from Jeff Dean's desk, and time to getting promoted.

    (tags: jeff-dean google history allen-curve work communication distance offices workplace teleworking remote-work)

  • Arq Backs Up To B2!

    Arq backup for OSX now supports B2 (as well as S3) as a storage backend. "it’s a super-cheap option ($.005/GB per month) for storing your backups." (that is less than half the price of $0.0125/GB for S3's Infrequent Access class)

    (tags: s3 storage b2 backblaze backups arq macosx ops)

  • After Charlottesville, I Asked My Dad About Selma

    Dad told me that he didn’t think I was going to have to go through what he went through, but now he can see that he was wrong. “This fight is a never-ending fight,” he said. “There’s no end to it. I think after the ‘60s, the whole black revolution, Martin Luther King, H. Rap Brown, Stokely Carmichael and all the rest of the people, after that happened, people went to sleep,” he said. “They thought, ‘this is over.’”

    (tags: selma charlottesville racism nazis america race history civil-rights 1960s)

Links for 2017-08-14

Published August 14, 2017

Links for 2017-08-13

Published August 13, 2017

Links for 2017-08-12

Published August 12, 2017

  • Hyperscan

    a high-performance multiple regex matching library. It follows the regular expression syntax of the commonly-used libpcre library, yet functions as a standalone library with its own API written in C. Hyperscan uses hybrid automata techniques to allow simultaneous matching of large numbers (up to tens of thousands) of regular expressions, as well as matching of regular expressions across streams of data. Hyperscan is typically used in a DPI library stack. Hyperscan began in 2008, and evolved from a commercial closed-source product 2009-2015. First developed at Sensory Networks Incorporated, and later acquired and released as open source software by Intel in October 2015.  Hyperscan is under a 3-clause BSD license. We welcome outside contributors.
    This is really impressive -- state of the art in parallel regexp matching has improved quite a lot since I was last looking at it. (via Tony Finch)

    (tags: via:fanf regexps regular-expressions text matching pattern-matching intel open-source bsd c dpi scanning sensory-networks)

Links for 2017-08-08

Published August 8, 2017

  • Beard vs Taleb: Scientism and the Nature of Historical Inquiry

    The most interesting aspect of this Twitter war is that it is representative of a malaise that has stricken a good chunk of academics (mostly scientists, with a peppering of philosophers) and an increasing portion of the general public: scientism. I have co-edited an entire book, due out soon, on the topic, which features authors who are pro, con, and somewhere in the middle. Scientism is defined as the belief that the assumptions, methods of research, etc., of the natural sciences are the only ways to gather valuable knowledge or to answer meaningful questions. Everything else, to paraphrase Taleb, is bullshit. Does Taleb engage in scientism? Indubitably. I have already mentioned above his generalization from what one particular historian (Beard) said to “historians” tout court. But there is more, from his Twitter feed: “there is this absence of intellectual rigor in humanities.” “Are historians idiots? Let’s be polite and say that they are in the majority no rocket scientists and operate under a structural bias. It looks like an empirically rigorous view of historiography is missing.”

    (tags: history science scientism nassim-taleb argument debate proof romans britain mary-beard)

  • Google’s Response to Employee’s Anti-Diversity Manifesto Ignores Workplace Discrimination Law – Medium

    A workplace-discrimination lawyer writes:

    Stray remarks are not enough. But a widespread workplace discussion of whether women engineers are biologically capable of performing at the same level as their male counterparts could suffice to create a hostile work environment. As another example, envision the racial hostility of a workplace where employees, as Google put it, “feel safe” to espouse their “alternative view” that their African-American colleagues are not well-represented in management positions because they are not genetically predisposed for leadership roles. In short, a workplace where people “feel safe sharing opinions” based on gender (or racial, ethnic or religious) stereotypes may become so offensive that it legally amounts to actionable discrimination.

    (tags: employment sexism workplace discrimination racism misogyny women beliefs)

  • a list of all the nuclear war scenarios stored in the W.O.P.R. computer

    For fans of the movie WARGAMES: a list of all the nuclear war scenarios stored in the W.O.P.R. computer. (self.movies)
    (via burritojustice)

    (tags: via:burritojustice wargames movies wopr global-thermonuclear-war wwiii)

  • Nextflow - A DSL for parallel and scalable computational pipelines

    Data-driven computational pipelines Nextflow enables scalable and reproducible scientific workflows using software containers. It allows the adaptation of pipelines written in the most common scripting languages. Its fluent DSL simplifies the implementation and the deployment of complex parallel and reactive workflows on clouds and clusters.
    GPLv3 licensed, open source

    (tags: computation workflows pipelines batch docker ops open-source)

Links for 2017-08-02

Published August 2, 2017

  • Malicious packages in npm

    The node.js packaging system is being exploited by bad guys to steal auth tokens at build time. This is the best advice they can come up with:

    Always check the name of packages you’re installing. You can look at the downloads number: if a package is popular but the downloads number is low, something is wrong.
    :facepalm: What a mess. Security needs to become a priority....

    (tags: javascript security npm node packaging packages fail)

Links for 2017-08-01

Published August 1, 2017

  • Air Canada near-miss: Air traffic controllers make split-second decisions in a culture of "psychological safety" — Quartz

    “’Just culture’ as a term emerged from air traffic control in the late 1990s, as concern was mounting that air traffic controllers were unfairly cited or prosecuted for incidents that happened to them while they were on the job,” Sidney Dekker, a professor, writer, and director of the Safety Science Innovation Lab at Griffith University in Australia, explains to Quartz in an email. Eurocontrol, the intergovernmental organization that focuses on the safety of airspace across Europe, has “adopted a harmonized ‘just culture’ that it encourages all member countries and others to apply to their air traffic control organizations.” [...] One tragic example of what can happen when companies don’t create a culture where employees feel empowered to raise questions or admit mistakes came to light in 2014, when an investigation into a faulty ignition switch that caused more than 100 deaths at GM Motors revealed a toxic culture of denying errors and deflecting blame within the firm. The problem was later attributed to one engineer who had not disclosed an obvious issue with the flawed switch, but many employees spoke of extreme pressure to put costs and delivery times before all other considerations, and to hide large and small concerns.
    (via JG)

    (tags: just-culture atc air-traffic-control management post-mortems outages reliability air-canada disasters accidents learning psychological-safety work)

  • Dark forces, Brexit and Irexit

    The EU have made it clear, as they have to, that there will be no frictionless borders between the union and the UK. Brexit will be dislocative.  As smaller irish companies start to go to the wall post Brexit expect the calls for “something to be done” to start to include Irexit [an Irish exit from the EU a la Brexit]. But this way madness lies. [...] we export more in education services than in beverages ; we exportthree times or more manufactured goods than food; we export six times more in chemicals and related; value added by industry or by distribution and transport is more than 10 times that of agriculture. Seeking Irexit on the basis that it would be good for agribusiness is seeking to amputate a hand for a broken finger.

    (tags: agribusiness ireland irexit brexit economics eu politics)

  • APOLLO 13 EARTH ORBITAL CHART | Artsy

    Some nice catalogue details around this Apollo 13 AEO:

    Apollo Earth Orbit Chart (AEO), Apollo Mission 13 for April 1970 Launch Date. March 3, 1970. Color Earth map, first edition. 13 by 42 inches. From the Catalogue: SIGNED and INSCRIBED: “JAMES LOVELL, Apollo 13 CDR and FRED HAISE, Apollo 13 LMP." Additionally INSCRIBED by HAISE with mission events: "Launch at 2:13 pm EST, April 11, 1970" and "Splash – April 17, 1970." He has marked the splashdown area with an "X." Circular plots in black represent the ground station communication coverage areas with the red circle being the tracking ship Vanguard in the Atlantic Ocean. Orbital paths show the full launch range azimuths of 72 to 108 degrees. The first orbit is plotted in light blue with the second orbit in dark blue. The planned TLI (TransLunar Injection) burn occurred on time during the mission and is plotted with a red dashed line. The point above the Earth as Apollo 13 headed toward the Moon is shown with a brown line and continues for 24 hours of mission elapsed time. This line moves over the Pacific Ocean and into the continental United States. Then it moves backwards (relative to the Earth’s rotation) over the Pacific Ocean and ends near the west coast of Africa. The Service Module explosion occurred some 32 hours after end point of the TLI brown line tracking plot.

    (tags: aeo apollo history spaceflight collectibles antiques james-lovell fred-haise 1970 apollo-13 charts)

Links for 2017-07-27

Published July 27, 2017

Links for 2017-07-26

Published July 26, 2017

Links for 2017-07-24

Published July 24, 2017

Links for 2017-07-21

Published July 21, 2017

  • awslabs/aws-ec2rescue-linux

    Amazon Web Services Elastic Compute Cloud (EC2) Rescue for Linux is a python-based tool that allows for the automatic diagnosis of common problems found on EC2 Linux instances.
    Most of the modules appear to be log-greppers looking for common kernel issues.

    (tags: ec2 aws kernel linux ec2rl ops)

Links for 2017-07-20

Published July 20, 2017

Links for 2017-07-17

Published July 17, 2017

Links for 2017-07-13

Published July 13, 2017

  • Novartis CAR-T immunotherapy strongly endorsed by FDA advisory panel

    This is very exciting stuff, cytokine release syndrome risks notwithstanding.

    The new treatment is known as CAR-T cell immunotherapy. It works by removing key immune system cells known as T cells from the patient so scientists can genetically modify them to seek out and attack only cancer cells. That's why some scientists refer to this as a "living drug." Doctors then infuse millions of the genetically modified T cells back into the patient's body so they can try to obliterate the cancer cells and hopefully leave healthy tissue unscathed. "It's truly a paradigm shift," said Dr. David Lebwohl, who heads the CAR-T Franchise Global Program at the drug company Novartis, which is seeking the FDA's approval for the treatment. "It represents a new hope for patients." The drug endorsed by the advisory panel is known as CTL019 or tisagenlecleucel. It was developed to treat children and young adults ages 3 to 25 who have relapsed after undergoing standard treatment for B cell acute lymphoblastic leukemia, which is the most common childhood cancer in the United States. While this blood cell cancer can be highly curable, some patients fail to respond to standard treatments; and a significant proportion of patients experience relapses that don't respond to follow-up therapies. "There is a major unmet medical need for treatment options" for these patients, Dr. Stephen Hunger, who helped study at the Children's Hospital of Philadelphia, told the committee. In the main study that the company submitted as evidence in seeking FDA approval, doctors at 25 sites in 11 countries administered the treatment to 88 patients. The patients, ages 3 to 23, had failed standard treatment or experienced relapses and failed to respond to follow-up standard treatment. CTL019 produced remissions in 83 percent of patients, the company told the committee.

    (tags: car-t immunotherapy cancer novartis trials fda drugs t-cells immune-system medicine leukemia ctl019)

  • Chris's Wiki :: blog/sysadmin/UnderstandingIODNSIssue

    On the ns-a1.io security screwup for the .io CCTLD:

    Using data from glue records instead of looking things up yourself is common but not mandatory, and there are various reasons why a resolver would not do so. Some recursive DNS servers will deliberately try to check glue record information as a security measure; for example, Unbound has the harden-referral-path option (via Tony Finch). Since the original article reported seeing real .io DNS queries being directed to Bryant's DNS server, we know that a decent number of clients were not using the root zone glue records. Probably a lot more clients were still using the glue records, through.
    (via Tony Finch)

    (tags: via:fanf dns security dot-io cctlds glue-records delegation)

Links for 2017-07-12

Published July 12, 2017

  • DoppioJVM

    'A Java Virtual Machine written in 100% JavaScript.' Wrapping outbound TCP traffic in websockets, mad stuff

    (tags: jvm java javascript js hacks browser emulation websockets)

  • One Man's Plan to Make Sure Gene Editing Doesn't Go Haywire - The Atlantic

    Open science - radical transparency where gene-editing and CRISPR is involved. Sounds great.

    “For gene drive, the closed-door model is morally unacceptable. You don’t have the right to go into your lab and build something that is ineluctably designed to affect entire ecosystems. If it escapes into the wild, it would be expected to spread and affect people’s lives in unknown ways. Doing that in secret denies people a voice.”
    Also this is a little scary:
    in 2015, he was shocked to read a paper, due to be published in ... Science, in which Californian researchers had inadvertently created a gene drive in fruit flies, without knowing what gene drives are. They developed it as a research tool for spreading a trait among lab populations, and had no ambitions to alter wild animals. And yet, if any of their insects had escaped, that’s what would have happened.

    (tags: science openness open-source visibility transparency crispr gene-editing mice nantucket gene-drive)

Links for 2017-07-11

Published July 11, 2017

Links for 2017-07-10

Published July 10, 2017

Links for 2017-07-06

Published July 6, 2017

  • The Guardian view on patient data: we need a better approach | Editorial | Opinion | The Guardian

    The use of privacy law to curb the tech giants in this instance, or of competition law in the case of the EU’s dispute with Google, both feel slightly maladapted. They do not address the real worry. It is not enough to say that the algorithms DeepMind develops will benefit patients and save lives. What matters is that they will belong to a private monopoly which developed them using public resources. If software promises to save lives on the scale that drugs now can, big data may be expected to behave as big pharma has done. We are still at the beginning of this revolution and small choices now may turn out to have gigantic consequences later. A long struggle will be needed to avoid a future of digital feudalism. Dame Elizabeth’s report is a welcome start.
    Hear hear.

    (tags: privacy law uk nhs data google deepmind healthcare tech open-source)

  • Why People With Brain Implants Are Afraid to Go Through Automatic Doors

    In 2009, Gary Olhoeft walked into a Best Buy to buy some DVDs. He walked out with his whole body twitching and convulsing. Olhoeft has a brain implant, tiny bits of microelectronic circuitry that deliver electrical impulses to his motor cortex in order to control the debilitating tremors he suffers as a symptom of Parkinson’s disease. It had been working fine. So, what happened when he passed through those double wide doors into consumer electronics paradise? He thinks the theft-prevention system interfered with his implant and turned it off. Olhoeft’s experience isn’t unique. According to the Food and Drug Administration’s MAUDE database of medical device reports, over the past five years there have been at least 374 cases where electromagnetic interference was reportedly a factor in an injury involving medical devices including neural implants, pacemakers and insulin pumps. In those reports, people detailed experiencing problems with their devices when going through airport security, using massagers or simply being near electrical sources like microwaves, cordless drills or “church sound boards.”

    (tags: internet-of-things iot best-buy implants parkinsons-disease emi healthcare devices interference)

  • Undefined Behavior in 2017

    This is an extremely detailed post on the state of dynamic checkers in C/C++ (via the inimitable Marc Brooker):

    Recently we’ve heard a few people imply that problems stemming from undefined behaviors (UB) in C and C++ are largely solved due to ubiquitous availability of dynamic checking tools such as ASan, UBSan, MSan, and TSan. We are here to state the obvious — that, despite the many excellent advances in tooling over the last few years, UB-related problems are far from solved — and to look at the current situation in detail.

    (tags: via:marc-brooker c c++ coding testing debugging dynamic-analysis valgrind asan ubsan tsan)

  • Talos Intelligence review of Nyetya and the M.E.Doc compromise

    Our Threat Intelligence and Interdiction team is concerned that the actor in question burned a significant capability in this attack.  They have now compromised both their backdoor in the M.E.Doc software and their ability to manipulate the server configuration in the update server. In short, the actor has given up the ability to deliver arbitrary code to the 80% of UA businesses that use M.E.Doc as their accounting software, along with any multinational corporations that leveraged the software.  This is a significant loss in operational capability, and the Threat Intelligence and Interdiction team assesses with moderate confidence that it is unlikely that they would have expended this capability without confidence that they now have or can easily obtain similar capability in target networks of highest priority to the threat actor.

    (tags: security malware nyetya notpetya medoc talos ransomware)

  • Use AWS WAF to Mitigate OWASP’s Top 10 Web Application Vulnerabilities

    'describes how you can use AWS WAF, a web application firewall, to address the top application security flaws as named by the Open Web Application Security Project (OWASP). Using AWS WAF, you can write rules to match patterns of exploitation attempts in HTTP requests and block requests from reaching your web servers. This whitepaper discusses manifestations of these security vulnerabilities, AWS WAF–based mitigation strategies, and other AWS services or solutions that can help address these threats.'

    (tags: security waf aws http owasp filtering)

  • welcome datacomp

    Some Mac third party keyboards used to (or maybe still do for all I know) have a little feature where if you didn't type anything for a while they would themselves type 'welcome datacomp'.
    (via RobS)

    (tags: via:rsynnott funny welcome-datacomp keyboards hardware fail ghost-typing haunted)

  • La història del gran tauró blanc de Tossa de Mar

    Amazing pic and newspaper report regarding a great white shark which washed up on the beach at Tossa de Mar in the Costa Brava in the 1980s

    (tags: tossa-de-mar costa-brava spain sharks nature great-white-shark 1980s history photos wildlife)

Links for 2017-07-05

Published July 5, 2017

  • Why did Apple, Amazon, Google stocks crash to the same price today?

    Nasdaq said in a statement that "certain third parties improperly propagated test data that was distributed as part of the normal evening test procedures." "For July 3, 2017, all production data was completed by 5:16 PM as expected per the early close of the markets," the statement continued. "Any data messages received post 5:16 PM should be deemed as test data and purged from direct data recipient's databases. UTP (Unlisted Trading Privileges) is asking all third parties to revert to Nasdaq Official Closing Prices effective at 5:16 PM."

    (tags: testing fail stock-markets nasdaq test-data test production integration-testing test-in-prod)

  • Exactly-once Support in Apache Kafka – Jay Kreps

    If you’re one of the people who think [exactly-once support is impossible], I’d ask you to take an actual look at what we actually know to be possible and impossible, and what has been built in Kafka, and hopefully come to a more informed opinion. So let’s address this in two parts. First, is exactly-once a theoretical impossibility? Second, how does Kafka support it.

    (tags: exactly-once-delivery distributed kafka distcomp jay-kreps coding broadcast)

  • Letters and Liquor

    These are lovely! (via Ben)

    Letters and Liquor illustrates the history of lettering associated with cocktails. From the 1690s to the 1990s, I’ve selected 52 of the most important drinks in the cocktail canon and rendered their names in period-inspired design. I post a new drink each week with history, photos and recipes. Don’t want to miss a single cocktail? Click here for email updates.

    (tags: cocktails text letters typography graphics history booze)

Links for 2017-07-03

Published July 3, 2017

Links for 2017-06-30

Published June 30, 2017

  • Don't Settle For Eventual Consistency

    Quite an argument. Not sure I agree, but worth a bookmark anyway...

    With an AP system, you are giving up consistency, and not really gaining anything in terms of effective availability, the type of availability you really care about.  Some might think you can regain strong consistency in an AP system by using strict quorums (where the number of nodes written + number of nodes read > number of replicas).  Cassandra calls this “tunable consistency”.  However, Kleppmann has shown that even with strict quorums, inconsistencies can result.10  So when choosing (algorithmic) availability over consistency, you are giving up consistency for not much in return, as well as gaining complexity in your clients when they have to deal with inconsistencies.

    (tags: cap-theorem databases storage cap consistency cp ap eventual-consistency)

  • Delivering Billions of Messages Exactly Once · Segment Blog

    holy crap, this is exactly the wrong way to build a massive-scale deduplication system -- with a monster random-access "is this random UUID in the db" lookup

    (tags: deduping architecture horror segment messaging kafka)

Links for 2017-06-28

Published June 28, 2017

  • Mozilla Employee Denied Entry to the United States

    Ugh. every non-USian tech worker's nightmare. curl developer Daniel Stenberg:

    “I can’t think of a single valid reason why they would deny me travel, so what concerns me is that somehow someone did and then I’m worried that I’ll get trouble fixing that issue,” Stenberg said. “I’m a little worried since border crossings are fairly serious matters and getting trouble to visit the US in the future would be a serious blowback for me, both personally with friends and relatives there, and professionally with conferences and events there.”

    (tags: curl travel mozilla esta us-politics usa immigration flying)

Links for 2017-06-27

Published June 27, 2017

  • RIPE Atlas Probes

    Interesting! We discussed similar ideas in $prevjob, good to see one hitting production globally.

    RIPE Atlas probes form the backbone of the RIPE Atlas infrastructure. Volunteers all over the world host these small hardware devices that actively measure Internet connectivity through ping, traceroute, DNS, SSL/TLS, NTP and HTTP measurements. This data is collected and aggregated by the RIPE NCC, which makes the data publicly available. Network operators, engineers, researchers and even home users have used this data for a wide range of purposes, from investigating network outages to DNS anycasting to testing IPv6 connectivity. Anyone can apply to host a RIPE Atlas probe. If your application is successful (based on your location), we will ship you a probe free of charge. Hosts simply need to plug their probe into their home (or other) network. Probes are USB-powered and are connected to an Ethernet port on the host’s router or switch. They then automatically and continuously perform active measurements about the Internet’s connectivity, and this data is sent to the RIPE NCC, where it is aggregated and made publicly available. We also use this data to create several Internet maps and data visualisations. [....] The hardware of the first and second generation probes is a Lantronix XPort Pro module with custom powering and housing built around it. The third generation probe is a modified TP-Link wireless router (model TL-MR 3020) with a small USB thumb drive in it, but this probe does not support WiFi.
    (via irldexter)

    (tags: via:irldexter ripe ncc probing active-monitoring networking ping traceroute dns testing http ipv6 anycast hardware devices isps)

  • "BBC English" was invented by a small team in the 1920s & 30s

    Excellent twitter thread:

    Today we speak of "BBC English" as a standard form of the language, but this form had to be invented by a small team in the 1920s & 30s. 1/ It turned out even within the upper-class London accent that became the basis for BBC English, many words had competing pronunciations. 2/ Thus in 1926, the BBC's first managing director John Reith established an "Advisory Committee on Spoken English" to sort things out. 3/ The committee was chaired by Irish playwright George Bernard Shaw, and also included American essayist Logan Pearsall Smith, 4/ novelist Rose Macaulay, lexicographer (and 4th OED editor) C.T. Onions, art critic Kenneth Clark, journalist Alistair Cooke, 5/ ghost story writer Lady Cynthia Asquith, and evolutionary biologist and eugenicist Julian Huxley. 6/ The 20-person committee held fierce debates, and pronunciations now considered standard were often decided by just a few votes.

    (tags: bbc language english history rp received-pronunciation pronunciation john-reith)

Links for 2017-06-26

Published June 26, 2017

Links for 2017-06-22

Published June 22, 2017

Links for 2017-06-21

Published June 21, 2017

Links for 2017-06-20

Published June 20, 2017

Links for 2017-06-16

Published June 16, 2017

Links for 2017-06-15

Published June 15, 2017

  • Screen time guidelines need to be built on evidence, not hype | Science | The Guardian

    An open letter signed by about 100 scientists 'from different countries and academic fields with research expertise and experience in screen time, child development and evidence-based policy.'

    If the government were to implement guidelines on screen-based technology at this point, as the authors of the letter suggest, this would be on the basis of little to no evidence. This risks the implementation of unnecessary, ineffective or even potentially harmful policies. For guidelines to have a meaningful impact, they need to be grounded in robust research evidence and acknowledge that children’s health and wellbeing is a complex issue affected by many other factors, such as socioeconomic status, relational poverty, and family environment – all of which are likely to be more relevant for children’s health and well-being than screens. For example, there is no consistent evidence that more screen time leads to less outdoor play; if anything the evidence indicates that screen time and physical outdoor activity are unrelated, and reductions in average time spent in outdoor play over time seem to be driven by other factors. Policy efforts to increase outdoor play that focus on screen time are therefore likely to be ineffective.
    (via Damien Mulley)

    (tags: via:damienmulley science children psychology screens screen-time childhood development evidence policy health open-letters)

Links for 2017-06-14

Published June 14, 2017

Links for 2017-06-09

Published June 9, 2017

  • How Turla hackers (ab)used satellites to stay under the radar | Ars Technica

    A very nifty hack. DVB-S broadcasts a subset of unencrypted IP traffic across a 600-mile radius:

    The Turla attackers listen for packets coming from a specific IP address in one of these classes. When certain packets—say, a TCP/IP SYN packet—are identified, the hackers spoof a reply to the source using a conventional Internet line. The legitimate user of the link just ignores the spoofed packet, since it goes to an otherwise unopened port, such as port 80 or 10080. With normal Internet connections, if a packet hits a closed port, the end user will normally send the ISP some indication that something went wrong. But satellite links typically use firewalls that drop packets to closed ports. This allows Turla to stealthily hijack the connections. The hack allowed computers infected with Turla spyware to communicate with Turla C&C servers without disclosing their location. Because the Turla attackers had their own satellite dish receiving the piggybacked signal, they could be anywhere within a 600-mile radius. As a result, researchers were largely stopped from shutting down the operation or gaining clues about who was carrying it out. "It's probably one of the most effective methods of ensuring their operational security, or that nobody will ever find out the physical location of their command and control server," Tanase told Ars. "I cannot think of a way of identifying the location of a command server. It can be anywhere in the range of the satellite beam."

    (tags: turla hacks satellite security dvb dvb-s tcpip command-and-control syn)

Links for 2017-06-07

Published June 7, 2017

Links for 2017-06-06

Published June 6, 2017

Links for 2017-05-31

Published May 31, 2017

  • EpiBone Grows New Bones Using Stem Cells

    To grow EpiBone, Tandon explained, scientists take a CT scan of the bone they’ll need to engineer. This helps them create a 3D model. Then, from the model, a 3D printer produces a scaffold (this can be made out of protein and collagen from animal bones or synthetic material). After that, they take stem cells from the patient out of their fat, and those cells are put into the scaffold and then incubated. They regenerate, and form around the bone. This process results in a bone that the body will recognize as the patient’s. The crazy part is that it only takes three weeks to grow a bone that’s personalized to the individual patient.

    (tags: stem-cells epibone bone body healing health medicine 3d-printing)

  • WHAT WENT WRONG IN BRITISH AIRWAYS DATACENTER IN MAY 2017?

    A SPOF UPS. There was a similar AZ-wide outage in one of the Amazon DUB datacenters with a similar root cause, if I recall correctly -- supposedly redundant dual UPS systems were in fact interdependent, in that case, and power supply switchover wasn't clean enough to avoid affecting the servers.

    Minutes later power was restored was resumed in what one source described as “uncontrolled fashion.” Instead of gradual restore, all power was restored at once resulting in a power surge.   BA CEO Cruz told BBC Radio this power surge  caused network hardware to fail. Also server hardware was damaged because of the power surge. It seems as if the UPS was the single point of failure for power feed of the IT equipment in Boadicea House . The Times is reporting that the same UPS was powering both Heathrow based datacenters. Which could be a double single point of failure if true (I doubt it is) The broken network  stopped the exchange of messages between different BA systems and application. Without messaging, there is no exchange of information between various applications. BA is using Progress Software’s Sonic [enterprise service bus].
    (via Tony Finch)

    (tags: postmortems ba airlines outages fail via:fanf datacenters ups power progress esb j2ee)

  • GDPR Advisors and Consultants - Data Compliance Europe

    Simon McGarr's new consultancy:

    Our consultancy helps our clients understand how EU privacy law applies to their organisations; delivers the practical and concrete steps needed to achieve legal compliance; and helps them manage their continuing obligations after GDPR comes into force. Our structured approach to GDPR provides a long-term data compliance framework to minimise the ongoing risk of potential fines for data protection breaches. Our continuing partnership provides regulator liaison, advisory consultancy, and external Data Protection Officer services.

    (tags: gdpr simon-mcgarr law privacy eu europe data-protection regulation data)

Links for 2017-05-29

Published May 29, 2017

Links for 2017-05-26

Published May 26, 2017

Links for 2017-05-25

Published May 25, 2017

  • 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy by Daniel J. Solove :: SSRN

    In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument. When asked about government surveillance and data mining, many people respond by declaring: "I've got nothing to hide." According to the nothing to hide argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The nothing to hide argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings.
    Via Fred Logue

    (tags: law philosophy privacy security essay papers daniel-solove surveillance snooping)

  • Enough with the microservices

    Good post!

    Much has been written on the pros and cons of microservices, but unfortunately I’m still seeing them as something being pursued in a cargo cult fashion in the growth-stage startup world. At the risk of rewriting Martin Fowler’s Microservice Premium article, I thought it would be good to write up some thoughts so that I can send them to clients when the topic arises, and hopefully help people avoid some of the mistakes I’ve seen. The mistake of choosing a path towards a given architecture or technology on the basis of so-called best practices articles found online is a costly one, and if I can help a single company avoid it then writing this will have been worth it.

    (tags: architecture design microservices coding devops ops monolith)

Links for 2017-05-24

Published May 24, 2017

  • Skot Olsen -- Blessed Saint Architeuthis

    Classic piece of freaky squid-related art, now purchaseable on giclee for $200! (very tempted)

    Saint Architeuthis is the patron saint of doomed sailors. While the origins of the saint remain unclear, it's recent history and worship are well documented. Whalers who turned their attention to catching giant squid and sea serpents in the 19th century, began asking Saint Architeuthis for mercy whenever a hunt would go awry, which was fairly frequent. When hunting for such animals, one would sometimes be thrown over board or a boat would sink exposing the men to whatever was in the water at the time. A sailor would ask Saint Architeuthis for the quick and relatively painless death of drowning, rather than the hideous demise of being ripped apart by the beak of the squid or chewed up in the sea serpent's hideous maw. Often, men would have visions of Saint Architeuthis who would appear before them in the form of a gigantic, yet benevolent squid wearing a bishop's mitre and carrying tools of the squid hunter's trade.

    (tags: art squid skot-olsen prints giclees toget weird)

Links for 2017-05-23

Published May 23, 2017

  • U.S. top court tightens patent suit rules in blow to 'patent trolls'

    This is excellent news, and a death knell for the East Texas patent troll court (cf https://motherboard.vice.com/en_us/article/the-small-town-judge-who-sees-a-quarter-of-the-nations-patent-cases ):

    The U.S. Supreme Court on Monday tightened rules for where patent lawsuits can be filed in a decision that may make it harder for so-called patent "trolls" to launch sometimes dodgy patent cases in friendly courts, a major irritant for high-tech giants like Apple and Alphabet Inc's Google. In a decision that upends 27 years of law governing patent infringement cases, the justices sided with beverage flavoring company TC Heartland LLC in its legal battle with food and beverage company Kraft Heinz Co (KHC.O). The justices ruled 8-0 that patent suits can be filed only in courts located in the jurisdiction where the targeted company is incorporated.
    via Brad Fitzgerald

    (tags: via:bradfitz patents swpats east-texas law trolls supreme-court infringement)

Links for 2017-05-22

Published May 22, 2017

Links for 2017-05-20

Published May 20, 2017

Links for 2017-05-18

Published May 18, 2017

  • Spotting a million dollars in your AWS account · Segment Blog

    You can easily split your spend by AWS service per month and call it a day. Ten thousand dollars of EC2, one thousand to S3, five hundred dollars to network traffic, etc. But what’s still missing is a synthesis of which products and engineering teams are dominating your costs.  Then, add in the fact that you may have hundreds of instances and millions of containers that come and go. Soon, what started as simple analysis problem has quickly become unimaginably complex.  In this follow-up post, we’d like to share details on the toolkit we used. Our hope is to offer up a few ideas to help you analyze your AWS spend, no matter whether you’re running only a handful of instances, or tens of thousands.

    (tags: segment money costs billing aws ec2 ecs ops)

Links for 2017-05-17

Published May 17, 2017

  • Seeking medical abortions online is safe and effective, study finds | World news | The Guardian

    Of the 1,636 women who were sent the drugs between the start of 2010 and the end of 2012, the team were able to analyse self-reported data from 1,000 individuals who confirmed taking the pills. All were less than 10 weeks pregnant. The results reveal that almost 95% of the women successfully ended their pregnancy without the need for surgical intervention. None of the women died, although seven women required a blood transfusion and 26 needed antibiotics. Of the 93 women who experienced symptoms for which the advice was to seek medical attention, 95% did so, going to a hospital or clinic. “When we talk about self-sought, self-induced abortion, people think about coat hangers or they think about tables in back alleys,” said Aiken. “But I think this research really shows that in 2017 self-sourced abortion is a network of people helping and supporting each other through what’s really a safe and effective process in the comfort of their own homes, and I think is a huge step forward in public health.”

    (tags: health medicine abortion pro-choice data women-on-web ireland law repealthe8th)

Links for 2017-05-15

Published May 15, 2017

  • The World Is Getting Hacked. Why Don’t We Do More to Stop It? - The New York Times

    Zeynep Tufekci is (as usual!) on the money with this op-ed. I strongly agree with the following:

    First, companies like Microsoft should discard the idea that they can abandon people using older software. The money they made from these customers hasn’t expired; neither has their responsibility to fix defects. Besides, Microsoft is sitting on a cash hoard estimated at more than $100 billion (the result of how little tax modern corporations pay and how profitable it is to sell a dominant operating system under monopolistic dynamics with no liability for defects). At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, “pay extra money to us or we will withhold critical security updates” can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more. Microsoft should spend more of that $100 billion to help institutions and users upgrade to newer software, especially those who run essential services on it. This has to be through a system that incentivizes institutions and people to upgrade to more secure systems and does not force choosing between privacy and security. Security updates should only update security, and everything else should be optional and unbundled.
    More on this twitter thread: https://twitter.com/zeynep/status/863734133188681732

    (tags: security microsoft upgrades windows windows-xp zeynep-tufekci worms viruses malware updates software)

  • Fireside Chat with Vint Cerf & Marc Andreessen (Google Cloud Next '17) - YouTube

    In which Vint Cerf calls for regulatory oversight of software engineering. "It's a serious issue now"

    (tags: vint-cerf gcp regulation oversight politics law reliability systems)

  • don't use String.intern() in Java

    String.intern is the gateway to native JVM String table, and it comes with caveats: throughput, memory footprint, pause time problems will await the users. Hand-rolled deduplicators/interners to reduce memory footprint are working much more reliably, because they are working on Java side, and also can be thrown away when done. GC-assisted String deduplication does alleviate things even more. In almost every project we were taking care of, removing String.intern from the hotpaths was the very profitable performance optimization. Do not use it without thinking, okay?

    (tags: strings interning java performance tips)

  • Moom removed from sale due to patent violation claim | Hacker News

    Well this sucks. Some scumbag applied for a patent on tiling window management in 2008, and it's been granted. I use Moom every day :(

    (tags: moom patents bullshit swpat software window-management osx)

  • V2V and the challenge of cooperating technology

    A great deal of effort and attention has gone into a mobile data technology that you may not be aware of. This is "Vehicle to Vehicle" (V2V) communication designed so that cars can send data to other cars. There is special spectrum allocated at 5.9ghz, and a protocol named DSRC, derived from wifi, exists for communications from car-to-car and also between cars and roadside transmitters in the infrastructure, known as V2I. This effort has been going on for some time, but those involved have had trouble finding a compelling application which users would pay for. Unable to find one, advocates hope that various national governments will mandate V2V radios in cars in the coming years for safety reasons. In December 2016, the U.S. Dept. of Transportation proposed just such a mandate. [....] "Connected Autonomous Vehicles -- Pick 2."

    (tags: cars self-driving autonomous-vehicles v2v wireless connectivity networking security)

  • _Amazon Aurora: Design Considerations for High Throughput Cloud-Native Relational Databases_

    'Amazon Aurora is a relational database service for OLTP workloads offered as part of Amazon Web Services (AWS). In this paper, we describe the architecture of Aurora and the design considerations leading to that architecture. We believe the central constraint in high throughput data processing has moved from compute and storage to the network. Aurora brings a novel architecture to the relational database to address this constraint, most notably by pushing redo processing to a multi-tenant scale-out storage service, purpose-built for Aurora. We describe how doing so not only reduces network traffic, but also allows for fast crash recovery, failovers to replicas without loss of data, and fault-tolerant, self-healing storage. We then describe how Aurora achieves consensus on durable state across numerous storage nodes using an efficient asynchronous scheme, avoiding expensive and chatty recovery protocols. Finally, having operated Aurora as a production service for over 18 months, we share the lessons we have learnt from our customers on what modern cloud applications expect from databases.'

    (tags: via:rbranson aurora aws amazon databases storage papers architecture)

  • Hello Sandwich Tokyo Guide

    a guide for people who like travelling like a local and visiting hidden places off the beaten track. There are tips on where to rent a bike, the best bike path, the best coffee, the best craft shops, the coolest shops, the cheapest drinks, the most delicious pizza, the best izakaya, the cutest cafes, the best rooftop bar, the coolest hotels (and the cheap and cheerful hotels), the loveliest parks and soooo much more. It's a list of all of the places I frequent, making it a local insiders guide to Tokyo. Also included in the Hello Sandwich Tokyo Guide are language essentials and travel tips. It's the bloggers guide to Tokyo and if you'd like to visit the places seen on Hello Sandwich, then this guide is the zine for you.

    (tags: shops tourism japan tokyo guidebooks)

  • jantman/awslimitchecker

    A script and python module to check your AWS service limits and usage, and warn when usage approaches limits. Users building out scalable services in Amazon AWS often run into AWS' service limits - often at the least convenient time (i.e. mid-deploy or when autoscaling fails). Amazon's Trusted Advisor can help this, but even the version that comes with Business and Enterprise support only monitors a small subset of AWS limits and only alerts weekly. awslimitchecker provides a command line script and reusable package that queries your current usage of AWS resources and compares it to limits (hard-coded AWS defaults that you can override, API-based limits where available, or data from Trusted Advisor where available), notifying you when you are approaching or at your limits.
    (via This Week in AWS)

    (tags: aws amazon limits scripts ops)

Links for 2017-05-13

Published May 13, 2017

Links for 2017-05-12

Published May 12, 2017

Links for 2017-05-11

Published May 11, 2017

  • Uuni

    "The world's best portable wood-fired oven". Fergal has one and loves it. $299

    (tags: uuni pizza oven outdoor food cooking gadgets)

  • Repair and Leasing Scheme - Peter Mc Verry Trust

    Minister Simon Coveney and the Department of Housing have provided funding of €32 million in 2017 for the Repair and Leasing Programme and set a target of 800 units to be delivered this year (2017). A total of €140 million has been allocated to the repair and leasing scheme over the lifetime of Rebuilding Ireland. The Repair and Leasing Scheme at a Glance: Targets Properties Empty or Derelict for 1 Year or more Grants to Property owners of up to €40,000 to get properties back into use Lease Terms of 10, 15 or 20 Years State Guaranteed Rental Income for Duration of Lease Property and Tenants Managed by Approved Housing Bodies [the Peter McVerry Trust in D1, D3, D7 and D9]

    (tags: peter-mcverry homelessness dublin housing repair derelict-buildings homes ireland property)

  • iKydz

    'Total Parent Control' for kids internet access at home. Dublin-based product, dedicated wifi AP with lots of child-oriented filtering capabilities

    (tags: filtering security ikydz kids children internet wifi ap hardware blocking)

  • _Optimal Probabilistic Cache Stampede Prevention_ [pdf]

    'When a frequently-accessed cache item expires, multiple requests to that item can trigger a cache miss and start regenerating that same item at the same time. This phenomenon, known as cache stampede, severely limits the performance of databases and web servers. A natural countermeasure to this issue is to let the processes that perform such requests to randomly ask for a regeneration before the expiration time of the item. In this paper we give optimal algorithms for performing such probabilistic early expirations. Our algorithms are theoretically optimal and have much better performances than other solutions used in real-world applications.' (via Marc Brooker)

    (tags: via:marcbrooker caching caches algorithm probabilistic expiration vldb papers expiry cache-miss stampedes)

Links for 2017-05-09

Published May 9, 2017

Links for 2017-05-08

Published May 8, 2017

  • The great British Brexit robbery: how our democracy was hijacked | Technology | The Guardian

    A map shown to the Observer showing the many places in the world where SCL and Cambridge Analytica have worked includes Russia, Lithuania, Latvia, Ukraine, Iran and Moldova. Multiple Cambridge Analytica sources have revealed other links to Russia, including trips to the country, meetings with executives from Russian state-owned companies, and references by SCL employees to working for Russian entities. Article 50 has been triggered. AggregateIQ is outside British jurisdiction. The Electoral Commission is powerless. And another election, with these same rules, is just a month away. It is not that the authorities don’t know there is cause for concern. The Observer has learned that the Crown Prosecution Service did appoint a special prosecutor to assess whether there was a case for a criminal investigation into whether campaign finance laws were broken. The CPS referred it back to the electoral commission. Someone close to the intelligence select committee tells me that “work is being done” on potential Russian interference in the referendum. Gavin Millar, a QC and expert in electoral law, described the situation as “highly disturbing”. He believes the only way to find the truth would be to hold a public inquiry. But a government would need to call it. A government that has just triggered an election specifically to shore up its power base. An election designed to set us into permanent alignment with Trump’s America. [....] This isn’t about Remain or Leave. It goes far beyond party politics. It’s about the first step into a brave, new, increasingly undemocratic world.

    (tags: elections brexit trump cambridge-analytica aggregateiq scary analytics data targeting scl ukip democracy grim-meathook-future)

  • Online security won’t improve until companies stop passing the buck to the customer

    100% agreed!

    Giving good security advice is hard because very often individuals have little or no effective control over their security. The extent to which a customer is at risk of being defrauded largely depends on how good their bank’s security is, something customers cannot know. Similarly, identity fraud is the result of companies doing a poor job at verifying identity. If a criminal can fraudulently take out a loan using another’s name, address, and date of birth from the public record, that’s the fault of the lender – not, as Cifas, a trade organisation for lenders, claims, because customers “don’t take the same care to protect our most important asset – our identities”.

    (tags: cifas uk passwords security regulation banking ncsc riscs advice)

  • Backdooring an AWS account

    eek. Things to look out for on your AWS setup:

    So you’ve pwned an AWS account?—?congratulations?—?now what? You’re eager to get to the data theft, amirite? Not so fast whipper snapper, have you disrupted logging? Do you know what you have? Sweet! Time to get settled in. Maintaining persistence in AWS is only limited by your imagination but there are few obvious and oft used techniques everyone should know and watch for.

    (tags: aws security hacks iam sts)

Links for 2017-05-07

Published May 7, 2017

Links for 2017-05-04

Published May 4, 2017

  • The Dark Secret at the Heart of AI - MIT Technology Review

    'The mysterious mind of [NVidia's self-driving car, driven by machine learning] points to a looming issue with artificial intelligence. The car’s underlying AI technology, known as deep learning, has proved very powerful at solving problems in recent years, and it has been widely deployed for tasks like image captioning, voice recognition, and language translation. There is now hope that the same techniques will be able to diagnose deadly diseases, make million-dollar trading decisions, and do countless other things to transform whole industries. But this won’t happen—or shouldn’t happen—unless we find ways of making techniques like deep learning more understandable to their creators and accountable to their users. Otherwise it will be hard to predict when failures might occur—and it’s inevitable they will. That’s one reason Nvidia’s car is still experimental. Already, mathematical models are being used to help determine who makes parole, who’s approved for a loan, and who gets hired for a job. If you could get access to these mathematical models, it would be possible to understand their reasoning. But banks, the military, employers, and others are now turning their attention to more complex machine-learning approaches that could make automated decision-making altogether inscrutable. Deep learning, the most common of these approaches, represents a fundamentally different way to program computers. “It is a problem that is already relevant, and it’s going to be much more relevant in the future,” says Tommi Jaakkola, a professor at MIT who works on applications of machine learning. “Whether it’s an investment decision, a medical decision, or maybe a military decision, you don’t want to just rely on a ‘black box’ method.”'

    (tags: ai algorithms ml machine-learning legibility explainability deep-learning nvidia)

Links for 2017-05-03

Published May 3, 2017

  • Prior Exposure Increases Perceived Accuracy of Fake News

    In other words, repeated exposure to fake news renders it believable. Pennycook, Gordon and Cannon, Tyrone D and Rand, David G., _Prior Exposure Increases Perceived Accuracy of Fake News_ (April 30, 2017):

    Collectively, our results indicate familiarity is used heuristically to infer accuracy. Thus, the spread of fake news is supported by persistent low-level cognitive processes that make even highly implausible and partisan claims more believable with repetition. Our results suggest that political echo chambers not only isolate one from opposing views, but also help to create incubation chambers for blatantly false (but highly salient and politicized) fake news stories.
    (via Zeynep Tufekci) See also: http://www.rand.org/content/dam/rand/pubs/perspectives/PE100/PE198/RAND_PE198.pdf , _The Russian "Firehose of Falsehood" Propaganda Model_, from RAND.

    (tags: propaganda psychology fake-news belief facebook echo-chambers lies truth media)

  • How your selfie could affect your life insurance

    Noping so hard. Imagine the levels of algorithmic discrimination inherent in this shit.

    "Your face is something you wear all your life, and it tells a very unique story about you," says Karl Ricanek Jr., co-founder and chief data scientist at Lapetus Solutions Inc. in Wilmington, N.C. Several life insurance companies are testing Lapetus technology that uses facial analytics and other data to estimate life expectancy, he says. (Lapetus would not disclose the names of companies testing its product.) Insurers use life expectancy estimates to make policy approval and pricing decisions. Lapetus says its product, Chronos, would enable a customer to buy life insurance online in as little as 10 minutes without taking a life insurance medical exam.

    (tags: discrimination computer-says-no algorithms selfies face lapetus photos life-insurance life-expectancy)

  • After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts • The Register

    Experts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other. [...] O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7. In other words, thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers, allowing them to empty their accounts. The thefts occurred over the past few months, according to multiple sources.

    (tags: o2 telefonica germany ss7 mobile 2fa security hacks cellphones)

Links for 2017-05-02

Published May 2, 2017

  • explainshell.com

    This is pretty excellent work -- paste a UNIX command line and it'll contextually inline manual page snippets to match, highlighting the matching part of the command line.

    (tags: cli unix documentation explainshell shell scripting syntax manual-pages)

  • Sufjan Stevens - Carrie & Lowell Live on Vimeo

    the entire concert set. This was the highlight concert for me in 2015

    (tags: music video sufjan-stevens concerts 2015)

  • Exclusive: The Leaked Fyre Festival Pitch Deck Is Beyond Parody | Vanity Fair

    This is the worst future ever.

    As the pitch deck claims, within the first 48 hours of the social-media blitz, the Fyre Starters had reached “300 million social impressions”—impressions being the kind of dumb synonym one uses instead of the word “people,” in the same way someone at a bar tries to sound smart by saying he is “inebriated” instead of “drunk.” (And to be fair, an impression isn’t even a sentient person. It’s essentially reaching a person when they aren’t paying attention.) To pull off the 300 million impressions, McFarland and Ja Rule partnered with a P.R. agency, a creative agency, and Elliot Tebele, a once-random nobody who has created a social-media empire by siphoning other people’s jokes into the Instagram account @FuckJerry. One of the biggest deceits of the entire media campaign was that almost all of the 400 influencers who shared the promotional videos and photos never noted they were actually advertising something for someone else, which the Federal Trade Commission requires. This kind of advertising has been going on for years, and while the F.T.C. has threatened to crack down on online celebrities and influencers deceitfully failing to disclose that they are paid to post sponsorships, so far those threats have been completely ignored.

    (tags: fyre fail grim influencers instagram ftc pr advertising festivals)

  • Towards true continuous integration – Netflix TechBlog – Medium

    Netflix discuss how they handle the eternal dependency-management problem which arises with lots of microservices:

    Using the monorepo as our requirements specification, we began exploring alternative approaches to achieving the same benefits. What are the core problems that a monorepo approach strives to solve? Can we develop a solution that works within the confines of a traditional binary integration world, where code is shared? Our approach, while still experimental, can be distilled into three key features: Publisher feedback?—?provide the owner of shared code fast feedback as to which of their consumers they just broke, both direct and transitive. Also, allow teams to block releases based on downstream breakages. Currently, our engineering culture puts sole responsibility on consumers to resolve these issues. By giving library owners feedback on the impact they have to the rest of Netflix, we expect them to take on additional responsibility. Managed source?—?provide consumers with a means to safely increment library versions automatically as new versions are released. Since we are already testing each new library release against all downstreams, why not bump consumer versions and accelerate version adoption, safely. Distributed refactoring?—?provide owners of shared code a means to quickly find and globally refactor consumers of their API. We have started by issuing pull requests en masse to all Git repositories containing a consumer of a particular Java API. We’ve run some early experiments and expect to invest more in this area going forward.
    What I find interesting is that Amazon dealt effectively with the first two many years ago, in the form of their "Brazil" build system, and Google do the latter (with Refaster?). It would be amazing to see such a system released into an open source form, but maybe it's just too heavyweight for anyone other than a giant software company on the scale of a Google, Netflix or Amazon.

    (tags: brazil amazon build microservices dependencies coding monorepo netflix google refaster)

  • acksin/seespot: AWS Spot instance health check with termination and clean up support

    When a Spot Instance is about to terminate there is a 2 minute window before the termination actually happens. SeeSpot is a utility for AWS Spot instances that handles the health check. If used with an AWS ELB it also handles cleanup of the instance when a Spot Termination notice is sent.

    (tags: aws elb spot-instances health-checks golang lifecycle ops)

  • cristim/autospotting: Pay up to 10 times less on EC2 by automatically replacing on-demand AutoScaling group members with similar or larger identically configured spot instances.

    A simple and easy to use tool designed to significantly lower your Amazon AWS costs by automating the use of the spot market. Once enabled on an existing on-demand AutoScaling group, it launches an EC2 spot instance that is cheaper, at least as large and configured identically to your current on-demand instances. As soon as the new instance is ready, it is added to the group and an on-demand instance is detached from the group and terminated. It continuously applies this process, gradually replacing any on-demand instances with spot instances until the group only consists of spot instances, but it can also be configured to keep some on-demand instances running.

    (tags: aws golang ec2 autoscaling asg spot-instances ops)

  • Rule by Nobody

    'Algorithms update bureaucracy’s long-standing strategy for evasion.'

    The need to optimize yourself for a network of opaque algorithms induces a sort of existential torture. In The Utopia of Rules: On Technology, Stupidity, and the Secret Joys of Bureaucracy, anthropologist David Graeber suggests a fundamental law of power dynamics: “Those on the bottom of the heap have to spend a great deal of imaginative energy trying to understand the social dynamics that surround them — including having to imagine the perspectives of those on top — while the latter can wander about largely oblivious to much of what is going on around them. That is, the powerless not only end up doing most of the actual, physical labor required to keep society running, they also do most of the interpretive labor as well.” This dynamic, Graeber argues, is built into all bureaucratic structures. He describes bureaucracies as “ways of organizing stupidity” — that is, of managing and reproducing these “extremely unequal structures of imagination” in which the powerful can disregard the perspectives of those beneath them in various social and economic hierarchies. Employees need to anticipate the needs of bosses; bosses need not reciprocate. People of color are forced to learn to accommodate and anticipate the ignorance and hostility of white people. Women need to be acutely aware of men’s intentions and feelings. And so on. Even benevolent-seeming bureaucracies, in Graeber’s view, have the effect of reinforcing “the highly schematized, minimal, blinkered perspectives typical of the powerful” and their privileges of ignorance and indifference toward those positioned as below them.

    (tags: algorithms bureaucracy democracy life society via:raycorrigan technology power)

  • Reverse engineering the 76477 "Space Invaders" sound effect chip from die photos

    Now _this_ is reversing:

    Remember the old video game Space Invaders? Some of its sound effects were provided by a chip called the 76477 Complex Sound Generation chip. While the sound effects1 produced by this 1978 chip seem primitive today, it was used in many video games, pinball games. But what's inside this chip and how does it work internally? By reverse-engineering the chip from die photos, we can find out. (Photos courtesy of Sean Riddle.) In this article, I explain how the analog circuits of this chip works and show how the hundreds of transistors on the silicon die form the circuits of this complex chip.

    (tags: space-invaders games history reverse-engineering chips analog sound-effects)

Links for 2017-04-28

Published April 28, 2017

Links for 2017-04-26

Published April 26, 2017

  • Put Down the Pink Dumbbell

    So, ladies, let’s first put down the two-pound, pink dumbbells. We have been sold a false story about fitness, health (and its connection to weight loss). I was exercised by wolves. And I’m going to tell you all the secrets and tricks I learned by avoiding the fitness-industrial complex. Most of what I’ll say applies to men, but I have discovered that most of the outrageously wrong advice is given to women. [...] So, here: truth number one. Very few of us consider strength-training as essential exercise, but it is. It is especially crucial as one ages, because a natural part of the aging process is losing muscle. Women, especially, need to lift weights, and the trick to lifting weights is stressing muscles. And that weight has to be a real weight, progressively increased, and barring health issues, an average woman should not even bother with two pound weights because that won’t stress your muscles enough to benefit you. Exercise industry is surely partially to blame for why people don’t exercise regularly: they promise the wrong thing (weight loss) and then don’t push/guide people to do the right thing.

    (tags: exercise health fitness weight-loss zeynep-tufekci strength aging weights training)

  • ECJ rules sale of multimedia player enabling streaming of illegal content onto TV screen breaches copyright

    via Simon McGarr

    (tags: via:tupp_ed piracy streaming dodgyboxes tv ecj eu)

Links for 2017-04-25

Published April 25, 2017

  • Ireland’s Content Pool

    Bring your content to life with our free resource for positive tourism related purposes. Our image, video and copy collections show people, landscapes and the Irish lifestyle across a range of experiences including festivals, activities, cities, rural life and food.
    Interesting idea -- but the licensing terms aren't 100% clear. This would have been much easier if it was just CC licensed!

    (tags: open-data licensing ireland tourism via:damienmulley landscapes photos pictures content failte-ireland)

  • Here’s Why Juicero’s Press is So Expensive – Bolt Blog

    Our usual advice to hardware founders is to focus on getting a product to market to test the core assumptions on actual target customers, and then iterate. Instead, Juicero spent $120M over two years to build a complex supply chain and perfectly engineered product that is too expensive for their target demographic. Imagine a world where Juicero raised only $10M and built a product subject to significant constraints. Maybe the Press wouldn’t be so perfectly engineered but it might have a fewer features and cost a fraction of the original $699. Or maybe with a more iterative approach, they would have quickly found that customers vary greatly in their juice consumption patterns, and would have chosen a per-pack pricing model rather than one-size-fits-all $35/week subscription. Suddenly Juicero is incredibly compelling as a product offering, at least to this consumer.

    (tags: juicero design electronics hardware products startups engineering teardowns)

  • AWS Greengrass

    AWS Greengrass is software that lets you run local compute, messaging & data caching for connected devices in a secure way. With AWS Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet. Using AWS Lambda, Greengrass ensures your IoT devices can respond quickly to local events, operate with intermittent connections, and minimize the cost of transmitting IoT data to the cloud. AWS Greengrass seamlessly extends AWS to devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With Greengrass, you can use familiar languages and programming models to create and test your device software in the cloud, and then deploy it to your devices. AWS Greengrass can be programmed to filter device data and only transmit necessary information back to the cloud. AWS Greengrass authenticates and encrypts device data at all points of connection using AWS IoT’s security and access management capabilities. This way data is never exchanged between devices when they communicate with each other and the cloud without proven identity.

    (tags: aws cloud iot lambda devices offline synchronization architecture)

  • Immunotherapy Pioneer James Allison Has Unfinished Business with Cancer - MIT Technology Review

    On the discovery and history of ipilimumab (trade named Yervoy), one of the first immunotherapy drugs

    (tags: ipilimumab cancer yervoy immunotherapy medicine melanoma)

  • FactCheck: No, the reported side effects of the HPV vaccine do NOT outweigh the proven benefits

    The Journal FactCheck team take a shortcut through Regret.ie's bullshit

    (tags: hpv antivaxxers gardasil safety vaccination health medicine fact-checking)

Links for 2017-04-24

Published April 24, 2017

  • Unroll.me sold your data to Uber

    'Uber devoted teams to so-called competitive intelligence, purchasing data from Slice Intelligence, which collected customers' emailed Lyft receipts via Unroll.me and sold the data to Uber'. Also: 'Unroll.me allegedly "kept a copy of every single email that you sent or received" in "poorly secured S3 buckets"': https://news.ycombinator.com/item?id=14180463 Unroll.me CEO: 'felt bad “to see that some of our users were upset to learn about how we monetise our free service”.' https://www.theguardian.com/technology/2017/apr/24/unrollme-mail-unsubscription-service-heartbroken-sells-user-inbox-data-slice

    (tags: uber unroll.me gmail google privacy data-protection lyft scumbags slice-intelligence)

  • Capturing all the flags in BSidesSF CTF by pwning Kubernetes/Google Cloud

    good exploration of the issues with running a CTF challenge (or any other secure infrastructure!) atop Kubernetes and a cloud platform like GCE

    (tags: gce google-cloud kubernetes security docker containers gke ctf hacking exploits)

  • How To Add A Security Key To Your Gmail (Tech Solidarity)

    Excellent how-to guide for Yubikey usage on gmail

    (tags: gmail yubikey security authentication google)

  • Ethics - Lyrebird

    'Lyrebird is the first company to offer a technology to reproduce the voice of someone as accurately and with as little recorded audio. [..] Voice recordings are currently considered as strong pieces of evidence in our societies and in particular in jurisdictions of many countries. Our technology questions the validity of such evidence as it allows to easily manipulate audio recordings. This could potentially have dangerous consequences such as misleading diplomats, fraud and more generally any other problem caused by stealing the identity of someone else. By releasing our technology publicly and making it available to anyone, we want to ensure that there will be no such risks. We hope that everyone will soon be aware that such technology exists and that copying the voice of someone else is possible. More generally, we want to raise attention about the lack of evidence that audio recordings may represent in the near future.'

    (tags: lyrebird audio technology scary ethics)

Links for 2017-04-21

Published April 21, 2017