Yes, bacon really is killing us - The Guardian Long Read
Nooooo!
Since we eat with our eyes, the main way we judge the quality of cured meats is pinkness. Yet it is this very colour that we should be suspicious of, as the French journalist Guillaume Coudray explains in a book published in France last year called Cochonneries, a word that means both “piggeries” and “rubbish” or “junk food”. The subtitle is “How Charcuterie Became a Poison”. Cochonneries reads like a crime novel, in which the processed meat industry is the perpetrator and ordinary consumers are the victims. The pinkness of bacon – or cooked ham, or salami – is a sign that it has been treated with chemicals, more specifically with nitrates and nitrites. It is the use of these chemicals that is widely believed to be the reason why “processed meat” is much more carcinogenic than unprocessed meat. Coudray argues that we should speak not of “processed meat” but “nitro-meat”. [...] When nitrates interact with certain components in red meat (haem iron, amines and amides), they form N-nitroso compounds, which cause cancer. The best known of these compounds is nitrosamine. This, as Guillaume Coudray explained to me in an email, is known to be “carcinogenic even at a very low dose”. Any time someone eats bacon, ham or other processed meat, their gut receives a dose of nitrosamines, which damage the cells in the lining of the bowel, and can lead to cancer. You would not know it from the way bacon is sold, but scientists have known nitrosamines are carcinogenic for a very long time. More than 60 years ago, in 1956, two British researchers called Peter Magee and John Barnes found that when rats were fed dimethyl nitrosamine, they developed malignant liver tumours. By the 1970s, animal studies showed that small, repeated doses of nitrosamines and nitrosamides – exactly the kind of regular dose a person might have when eating a daily breakfast of bacon – were found to cause tumours in many organs including the liver, stomach, oesophagus, intestines, bladder, brain, lungs and kidneys.
But there IS some good news for Parma ham and sausages:In 1993, Parma ham producers in Italy made a collective decision to remove nitrates from their products and revert to using only salt, as in the old days. For the past 25 years, no nitrates or nitrites have been used in any Prosciutto di Parma. Even without nitrate or nitrite, the Parma ham stays a deep rosy-pink colour. We now know that the colour in Parma ham is totally harmless, a result of the enzyme reactions during the ham’s 18-month ageing process. [...] the average British sausage – as opposed to a hard sausage like a French saucisson – is not cured, being made of nothing but fresh meat, breadcrumbs, herbs, salt and E223, a preservative that is non-carcinogenic. After much questioning, two expert spokespeople for the US National Cancer Institute confirmed to me that “one might consider” fresh sausages to be “red meat” and not processed meat, and thus only a “probable” carcinogen.
(tags: bacon sausages meat parma-ham ham food cancer carcinogens big-meat nitrates nitrites)
Category: Uncategorized
30 kWh Leaf Nissan Connect Issues
seems there's some kind of firmware/importation issue with the Nissan Leaf app integration.... bit of a mess
Palantir has secretly been using New Orleans to test its predictive policing technology - The Verge
Predictive policing technology has proven highly controversial wherever it is implemented, but in New Orleans, the program escaped public notice, partly because Palantir established it as a philanthropic relationship with the city through Mayor Mitch Landrieu’s signature NOLA For Life program. Thanks to its philanthropic status, as well as New Orleans’ “strong mayor” model of government, the agreement never passed through a public procurement process. In fact, key city council members and attorneys contacted by The Verge had no idea that the city had any sort of relationship with Palantir, nor were they aware that Palantir used its program in New Orleans to market its services to another law enforcement agency for a multimillion-dollar contract. Even James Carville, the political operative instrumental in bringing about Palantir’s collaboration with NOPD, said that the program was not public knowledge. “No one in New Orleans even knows about this, to my knowledge,” Carville said.
(tags: palantir creepy surveillance crime forecasting precrime new-orleans us-politics privacy)
Huy Fong sriracha hot sauce label - Fonts In Use
The fonts of the iconic sriracha bottle, analysed. Interestingly, the Chinese serif text is typeset in a universally-reviled font, PMingLiu:
For East Asian designers, PMingLiu was probably as despicable as Papyrus. Many have publicly voiced their disdain for PMingLiu, and some even see the elimination of PMingLiu from public sight as a career goal. Julius Hui, then consultant for Commercial Type, exclaims: PMingLiu inhibits the type business, maims the public’s aesthetic judgment, and puts a bad face on the Minch? genre. As long as the public have not harbored a deep hatred against PMingLiu, it is futile to completely eliminate it from the world.
(tags: typography packaging sriracha pmingliu mincho fonts type food labels)
-
Some gripes about Go from this blog, specifically around developer ergonomics (syntax highlighting and language-inherent error detection), politics, packaging and distribution, GOPATH, and the tuple-oriented error handling idiom. As R. I. Pienaar noted, the Go community seems full of "at-Google-wes", which is an excellent way of putting it.
(tags: golang go criticism blogs syntax-highlighting coding languages google at-google-we)
-
In 2013, €100,000 was like a king’s ransom to most businesses in the Irish construction industry. Now clients approach us with budgets at this level and are shocked when we tell them how little can be achieved with such a large sum of money. We have decided to tackle this issue with a clear worked example. In 2018, rates for some types of construction have increased 50% since the recession, client expectations have increased, there is a shortage of competent construction workers, and subcontractors are now more accountable for quality. These pressures have inflated the many expenses which make up a typical renovation budget. Even the most seasoned commercial clients are struggling to achieve tenable construction prices, and first time buyers must understand the financial risk of buying a home in need of complete renovation.
whoa.(tags: renovation homes architecture houses building)
Artificial intelligence is going to supercharge surveillance - The Verge
What happens when governments can track huge numbers of people using CCTV? When police can digitally tail you around a city just by uploading your mugshot into a database?
Or, indeed, when CCTV combined with AI and big data is routinely tracking everybody all the time?(tags: ai surveillance privacy cctv big-data government big-brother anpr)
-
"There are a thousand ways to use containers" -- broken down into Development, Distribution and Runtime Patterns (via Tony Finch)
(tags: docker containers design-patterns coding packaging deployment via:fanf)
-
'The intro of Tubular Bells played three times with slight delays so it takes 40 minutes to sync AND... randomly generated visual loops from the Exorcist. That's what I've made happen tonight. No video editor, no music editor - all code. And it's a trip.'
(tags: tubular-bells the-exorcist video art delay hacks trippy)
[Changelog] Republic of Ireland Patch notes for version 2.0.4.0 : ireland
Hello and welcome, I’m Leo Varadkar, lead developer of the MMO “Republic of Ireland”, which currently has 4,700,000+ players, and today we’ll be discussing changes coming eventually with the new 2.0.4.0 patch.
-- genius
He Predicted The 2016 Fake News Crisis. Now He's Worried About An Information Apocalypse.
“In the next two, three, four years we’re going to have to plan for hobbyist propagandists who can make a fortune by creating highly realistic, photo realistic simulations,” Justin Hendrix, the executive director of NYC Media Lab, told BuzzFeed News. “And should those attempts work, and people come to suspect that there's no underlying reality to media artifacts of any kind, then we're in a really difficult place. It'll only take a couple of big hoaxes to really convince the public that nothing’s real.”
(tags: fake-news reality news ai propaganda future black-mirror media hoaxes dystopia)
New DNA nanorobots successfully target and kill off cancerous tumors
This is amazing.
“Using tumor-bearing mouse models, we demonstrate that intravenously injected DNA nanorobots deliver thrombin specifically to tumor-associated blood vessels and induce intravascular thrombosis, resulting in tumor necrosis and inhibition of tumor growth,” the paper explains. DNA nanorobots are a somewhat new concept for drug delivery. They work by getting programmed DNA to fold into itself like origami and then deploying it like a tiny machine, ready for action.
Single Trapped Atom Captures Science Photography Competition's top prize - EPSRC website
An image of a single positively-charged strontium atom, held near motionless by electric fields, has won the overall prize in a national science photography competition, organised by the Engineering and Physical Sciences Research Council (EPSRC). ‘Single Atom in an Ion Trap’, by David Nadlinger, from the University of Oxford, shows the atom held by the fields emanating from the metal electrodes surrounding it. The distance between the small needle tips is about two millimetres. When illuminated by a laser of the right blue-violet colour the atom absorbs and re-emits light particles sufficiently quickly for an ordinary camera to capture it in a long exposure photograph. The winning picture was taken through a window of the ultra-high vacuum chamber that houses the ion trap.
Thousands of websites hijacked by hidden crypto-mining code after Browsealoud hacked
The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people. This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud. For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper. A list of 4,200-plus affected websites can be found here: they include The City University of New York (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe. Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on.
(tags: browsealoud accessibility http sri coinhive monero hacks ico nhs)
-
"Sometimes it was really easy to find cheats, because the code was very straightforward, and sometimes it was a massive pain in the arse," recalls Jon. "In simple terms, if a game started you with three lives I'd set up the logic analyser to stop when it found the value three being written to RAM. Then I'd use the Game Genie to change that 3 to say a 5, reboot the game and see if I started with 5 lives. If not, then I'd let it find the next time it wrote 3 into RAM and try that. "Infinite lives codes were always the best. Once I'd found where in RAM the lives value was stored I'd then monitor when it got decremented. What I was looking for was where the game's original coder used -most likely - the DEC A (&H3D) instruction after reading the lives value from RAM, and then storing it back into RAM. If I found this then all I had to do was swap out the DEC A (&H3D) decrement operation with a NOP (&H00), which performed no operation. So the lives value would be left as-is and voila the player had infinite lives."
(tags: games gameboy game-genie via:its logic-analysers reverse-engineering history hacking)
Last orders: Ireland's vanishing 'quirky' shopfronts – in pictures | Cities | The Guardian
Graphic designer Trevor Finnegan spent seven years documenting traditional shopfronts throughout Ireland.
Lovely examples of a vanishing vernacular style.(tags: architecture ireland rural shopfronts signs history)
Russia Did It, Y’all. And Nobody Fucking Cares.
That’s right, that’s CRAZY LIBERAL CONSPIRACY THEORIST George W. Bush [...] saying it’s still an open question whether Russia actually successfully rigged the 2016 election. What a Code Pink Occupy Democracy Now liberal George W. Bush is being, to even ask that question!
(tags: wonkette elections donald-trump 2016 us-politics george-w-bush hacking)
-
Modern cars are more computerized than ever. Infotainment and navigation systems, Wi-Fi, automatic software updates, and other innovations aim to make driving more convenient. But vehicle technologies haven't kept pace with today's more hostile security environment, leaving millions vulnerable to attack. The Car Hacker's Handbook will give you a deeper understanding of the computer systems and embedded software in modern vehicles. It begins by examining vulnerabilities and providing detailed explanations of communications over the CAN bus and between devices and systems. Then, once you have an understanding of a vehicle's communication network, you'll learn how to intercept data and perform specific hacks to track vehicles, unlock doors, glitch engines, flood communication, and more.
Creative Commons Attribution-Noncommercial-ShareAlike license.
Pubs reveal drinks firms' exclusive deals
'You could be offered €100,000 - it's big money': Pubs reveal drinks firms' exclusive deals; Heineken has already been accused of using its clout to squeeze out rivals.
Horslips respond angrily to xenophobic #irexit use of their hit "Dearg Doom"
Some of you may have spotted that the saddos in the Eirexit conference had the feckin' temerity to use Dearg Doom as a soundtrack and to show the image of the album cover on the big screen. Needless to say, they didn't ask us. If they had, we'd have pointed out that we wouldn't piss on them if they were on fire -which they're unlikely to be, anytime soon. Five hundred damp, self regarding eejits being patronised by the Crazy Frog lookalike Nigel Farage ... isn't going to set the heather blazing in the near future. Horslips stood for a hopeful, outward looking, inclusive vision of Ireland with plenty of drink and a Blue Range Rover. This lot stand for a diminished, fearful, xenophobic state. Little Irelanders. Checking out whether we can do them for copyright infringement. We'll keep you posted.Feel free to share.
legends.why Cheddar Man was dark skinned
'But why should that be surprising? He's over 10,000 years old, while mutations that led to white skin [the depigmentation gene SLC24A5] only began to spread widely [across Europe] 5,800 years old!'
(tags: europe history prehistory skin-colour cheddar-man race skin slc24a5 genetics david-grimes)
'Fiction is outperforming reality': how YouTube's algorithm distorts truth
"no matter which political side the researcher started from, the platform pushed pro-Trump, anti-Clinton videos."
(tags: youtube truth fake-news conspiracy-theories google algorithms politics brexit trump)
Amazon Aurora Parallel Query is Available for Preview
Looks very nifty (at least once it's GA)
Parallel Query improves the performance of large analytic queries by pushing processing down to the Aurora storage layer, spreading processing across hundreds of nodes. With Parallel Query, you can run sophisticated analytic queries on Aurora tables with an order of magnitude performance improvement over serial query processing, in many cases. Parallel Query currently pushes down predicates used to filter tables and hash joins.
(tags: parallel aurora amazon mysql sql performance joins architecture data-model)
How $800k Evaporated from the PoWH Coin Ponzi Scheme Overnight
'In 282 lines of code, PoWH Coin managed to give away $800,000 in Etherium.'
(tags: etherium blockchain coding powh 4chan fail fraud cryptocurrency javascript)
airlift/aircompressor: A port of Snappy, LZO and LZ4 to Java
This library contains implementations of LZ4, Snappy, and LZO written in pure Java. They are typically 10-40% faster than the JNI wrapper for the native libraries.
(tags: lz4 lzo lzop snappy java libraries airlift compression performance)
Playboy is suing Boing Boing - but linking is not copyright infringement
Boing Boing linked to a an imgur archive of all Playboy centerfolds, and Playboy is suing them:
Playboy’s lawsuit is based on an imaginary (and dangerous) version of US copyright law that bears no connection to any US statute or precedent. Playboy -- once legendary champions for the First Amendment -- now advances a fringe copyright theory: that it is illegal to link to things other people have posted on the web, on pain of millions in damages -- the kinds of sums that would put us (and every other small publisher in America) out of business.
(tags: intellectual-property copyright playboy boing-boing centerfolds porn history linking web)
Key metrics for RabbitMQ monitoring
Good suggestions from Datadog
Amazing thread from @gavinsblog on the Strava leak
'This often led to the same results you see with Strava. In low population countries, or countries with low smartphone penetration, it was often easy to detect Westerners (usually soldiers) in remote areas. this usually led to being able to identify bases and other types of things based solely on social data. Iraq, Afghanistan = always easy to find US troops (Instagram being a common sharing tool). Same true of IDF troops in staging areas before invasion of Gaza in 2014. and the same true in 2014 with Russian troops in Ukraine. All too easy. Of course the other thing you might be nosey about [is] known military facilities. Social geotagging can give you staff/visitor lists if you persist long enough. the difference between this technique and Strava was you could usually quickly deduce first name/last name if you wanted, and infer other social profiles eg LinkedIn -> FB -> FB friends -> work colleagues. Not only that but it was possible to automate.'
(tags: strava privacy military security geotagging geodata gavin-sheridan)
My £300 32Amp Charging Station Install
good writeup of a DIY EV car charger install
(tags: ev cars diy car-chargers home)
Strava app gives away location of secret US army bases
This is a privacy nightmare. Even with anonymized userids the data was far too user-specific.
The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.
'A Look into 30 Years of Malware Development from a Software Metrics Perspective'
'During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today’s cyber attacks and has consolidated as a commodity in the underground economy. In this work, we analyze the evolution of malware since the early 1980s to date from a software engineering perspective. We analyze the source code of 151 malware samples and obtain measures of their size, code quality, and estimates of the development costs (effort, time, and number of people). Our results suggest an exponential increment of nearly one order of magnitude per decade in aspects such as size and estimated effort, with code quality metrics similar to those of regular software. Overall, this supports otherwise confirmed claims about the increasing complexity of malware and its production progressively becoming an industry.'
(tags: malware coding metrics software history complexity arms-race)
Rocket Lab secretly launched a disco ball satellite on its latest test flight - The Verge
I'm quite conflicted about this -- I think I like it:
Shaped a bit like a disco ball, the Humanity Star is a 3-foot-wide carbon fiber sphere, made up of 65 panels that reflect the Sun’s light. The satellite is supposed to spin in space, too, so it’s constantly bouncing sunlight. In fact, the probe is so bright that people can see it with the naked eye. The Humanity Star’s orbit also takes it all over Earth, so the satellite will be visible from every location on the planet at different times. Rocket Lab has set up a website that gives real-time updates about the Humanity Star’s location. People can find out when the satellite will be closest to them, and then go outside to look for it. The goal of the project is to create “a shared experience for all of humanity,” according to Rocket Lab.
(tags: rocket-lab disco-balls satellites humanity-star orbit space)
-
oh my.
(tags: 3d-printing art history british-museum models cool)
'DolphinAttack: Inaudible Voice Commands' [pdf]
'Speech recognition (SR) systems such as Siri or Google Now have become an increasingly popular human-computer interaction method, and have turned various systems into voice controllable systems(VCS). Prior work on attacking VCS shows that the hidden voice commands that are incomprehensible to people can control the systems. Hidden voice commands, though hidden, are nonetheless audible. In this work, we design a completely inaudible attack, DolphinAttack, that modulates voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve inaudibility. By leveraging the nonlinearity of the microphone circuits, the modulated low frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the speech recognition systems. We validate DolphinAttack on popular speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa. By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile. We propose hardware and software defense solutions. We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice controllable systems to be resilient to inaudible voice command attacks.' via Zeynep (https://twitter.com/zeynep/status/956520320504123392)
(tags: alexa siri attacks security exploits google-now speech-recognition speech audio acm papers cortana)
Targeted Audio Adversarial Examples
This is phenomenal:
We have constructed targeted audio adversarial examples on speech-to-text transcription neural networks: given an arbitrary waveform, we can make a small perturbation that when added to the original waveform causes it to transcribe as any phrase we choose. In prior work, we constructed hidden voice commands, audio that sounded like noise but transcribed to any phrases chosen by an adversary. With our new attack, we are able to improve this and make an arbitrary waveform transcribe as any target phrase.
The audio examples on this page are impressive -- a little bit of background noise, such as you might hear on a telephone call with high compression, hard to perceive if you aren't listening out for it. Paper here: https://arxiv.org/abs/1801.01944 (Via Parker Higgins, https://twitter.com/xor )(tags: papers audio adversarial-classification neural-networks speech-to-text speech recognition voice attacks exploits via:xor)
Remote Code Execution on the Smiths Medical Medfusion 4000 Infusion Pump
'Between March and June of 2017 I spent around 400 hours of personal time analyzing the Smiths Medical Medfusion 4000 infusion pump for security vulnerabilities. The devices analyzed had software versions 1.1.2 and 1.5.0. The flaws discovered (the most critical of which was a DHCP buffer overflow in the MQX operating system used) were disclosed in a coordinated fashion and are detailed by ICS-CERT in ICSMA-250-02A and CERT in VU#590639. The goal of this exercise was to help protect patients that rely on therapy provided by the pump, to raise awareness of the risk present in unpatched versions of the device, and, finally, to contribute to the corpus of embedded/IoT security research.'
(tags: medical infusion-pumps security iot safety exploits embedded-systems reversing)
-
Writeup of one of the classic tape loaders used on the ZX Spectrum, both for fast loading and piracy protection
(tags: piracy reverse-engineering history zx-spectrum tape loaders gremlin)
The 29 Stages Of A Twitterstorm In 2018
'14. Then suddenly there are Nazis everywhere.'
(tags: twitter twitterstorms funny 2018 nazis alt-right memes)
OpenCensus: A Stats Collection and Distributed Tracing Framework
Google open sourcing their internal Census lib for service metrics and distributed tracing
(tags: google monitoring service-metrics metrics census opencensus open-source tracing zipkin prometheus)
Securing Docker Containers on AWS | nearForm
'On most projects at nearForm we are deploying our solutions within Docker containers. There are tasks that are repeated on each project to secure and harden off those deployments and we built this packer template to produce a quick and easy way for you to spin up an AWS AMI that passes the Docker-Bench-Security script. The Docker-Bench-Security repo is a work product of the above mentioned consolidation efforts by the Docker team.'
(tags: docker aws security nearform containers linux packer)
-
Another docker security checklist
(tags: docker security containers linux hardening)
Boost your immunity: Cold and flu treatments suppress innate immune system
The next time you feel a cold coming on, maybe what you really want is just a little teensy bit of innate immune suppression, not an immunity boost. Over-the-counter medications like ibuprofen and antihistamines should help you feel better. Meanwhile, sit back while your acquired B and T cells do the rest. And if you aren't yet sick, stay up-to-date on your vaccines, including the yearly influenza vaccine. Most importantly, practice vigorous hand washing — after all, the skin is also a component of your natural defenses and one that actually can be enhanced by good hygiene. Take care of yourself by keeping a balanced diet, maintaining good sleep habits, and minimizing stress. These are interventions that have been shown to help keep your immune system at its best. These alone can "boost" your odds of staving off an infection this cold season.
(tags: immunity health immune-system colds b-cells t-cells flu)
Sarah Jeong's hilarious Twitter thread on Bitcoin
"People are sick of the Federal Reserve, sick of bailouts, sick of inflation. You know what we need? Internet money with the usability of PGP and the reliability of BART" and much, much more
(tags: bitcoin funny sarah-jeong comedy lols pgp twitter threads)
How To Measure the Working Set Size on Linux
A nifty metric:
The Working Set Size (WSS) is how much memory an application needs to keep working. Your app may have populated 100 Gbytes of main memory, but only uses 50 Mbytes each second to do its job. That's the working set size. It is used for capacity planning and scalability analysis. You may never have seen WSS measured by any tool (I haven't either). OSes usually show you virtual memory and resident memory, shown as the "VIRT" and "RES" columns in top. Resident memory is real memory: main memory that has been allocated and page mapped. But we don't know how much of that is in heavy use, which is what WSS tells us. In this post I'll introduce some new things I've developed for WSS estimation: two Linux tools, and WSS profile charts. The tools use either the referenced or the idle page flags to measure a page-based WSS, and were developed out of necessity for another performance problem.
(via Amy Tobey)(tags: via:amytobey memory linux rss wss proc ps processes metrics working-set-size ram)
Actual screenshot of the broken UX of the Hawaii ballistic missile alert system
"This is the screen that set off the ballistic missile alert on Saturday. The operator clicked the PACOM (CDW) State Only link. The drill link is the one that was supposed to be clicked."
This is terrible, terrible UX.
-
@supersat on Twitter: "In case you're curious what Hawaii's EAS/WEA interface looks like, I believe it's similar to this. Hypothesis: they test their EAS authorization codes at the beginning of each shift and selected the wrong option." This is absolutely classic enterprisey, government-standard web UX -- a dropdown template selection and an easily-misclicked pair of tickboxes to choose test or live mode.
(tags: testing ux user-interfaces fail eas hawaii false-alarms alerts nuclear early-warning human-error)
The Death of Microservice Madness in 2018
Quite a good set of potential gotchas, which I've run into myself, including: 'Real world systems often have poorly defined boundaries' 'The complexities of state are often ignored' 'The complexitities of communication are often ignored' 'Versioning can be hard' 'Microservices can be monoliths in disguise'
(tags: architecture devops microservices services soa coding monoliths state systems)
Do algorithms reveal sexual orientation or just expose our stereotypes?
'A study claiming that artificial intelligence can infer sexual orientation from facial images caused a media uproar in the Fall of 2017. [...] Michal Kosinski, who co-authored the study with fellow researcher Yilun Wang, initially expressed surprise, calling the critiques “knee-jerk” reactions. However, he then proceeded to make even bolder claims: that such AI algorithms will soon be able to measure the intelligence, political orientation, and criminal inclinations of people from their facial images alone.' 'In [this paper], we have shown how the obvious differences between lesbian or gay and straight faces in selfies relate to grooming, presentation, and lifestyle? — ?that is, differences in culture, not in facial structure. [...] We’ve demonstrated that just a handful of yes/no questions about these variables can do nearly as good a job at guessing orientation as supposedly sophisticated facial recognition AI. Therefore?—?at least at this point?—?it’s hard to credit the notion that this AI is in some way superhuman at “outing” us based on subtle but unalterable details of our facial structure.'
(tags: culture facial-recognition ai papers facial-structure sexual-orientation lgbt computer-vision)
Shanzhai ?? China & its Contents
As he drinks Sino-coffee for around RMB 10, Comrade X might well be wearing the latest ‘ZARE’ couture while watching the TV news streaming on his HiPhone.[2] Back in Guangdong, his girlfriend — a sales consultant at a small stall in one of Shenzhen’s many wholesale electronics markets — sports a ‘high-end replica’ ?? Louis Vuitton bag and makes a living selling ‘domestically produced’ ?? and ‘smuggled’ ?? smartphones. The imitation products that festoon the couple’s lives are part of ‘shanzhai ?? China’. Shanzhai, the word means roughly ‘mass-produced imitation goods’, has created a Chinese landscape that is littered with products derided by the media, Chinese and international, as ‘copycat’, ‘guerrilla counterfeits’ and ‘knockoffs’, all the work of thieves.[3] Those who feel that their intellectual property and copyright has been infringed by shanzhai producers describe the products as ‘rubbish’, ‘piracy in disguise’ and ‘hooligan’.[4] Regardless of such righteous outrage, shanzhai — the producers, the products and the mentality — continues to flourish as an essential, quasi-legitimate shadow dimension of the Chinese economy. And, in practical terms, shanzhai products give disenfranchised ‘non-consumers’ of the orthodox economy — that is, people who would like to own but can’t afford the ‘original’ products — cut-price access to high-end technologies, as well as offering aspirational shoppers consumer satisfaction.
(tags: shanzai china fakes consumerism hiphone smartphones copycat knockoffs imitation consumption)
Don Norman on "Human Error", RISKS Digest Volume 23 Issue 07 2003
It is far too easy to blame people when systems fail. The result is that over 75% of all accidents are blamed on human error. Wake up people! When the percentage is that high, it is a signal that something else is at fault -- namely, the systems are poorly designed from a human point of view. As I have said many times before (even within these RISKS mailings), if a valve failed 75% of the time, would you get angry with the valve and simply continual to replace it? No, you might reconsider the design specs. You would try to figure out why the valve failed and solve the root cause of the problem. Maybe it is underspecified, maybe there shouldn't be a valve there, maybe some change needs to be made in the systems that feed into the valve. Whatever the cause, you would find it and fix it. The same philosophy must apply to people.
(tags: don-norman ux ui human-interface human-error errors risks comp.risks failures)
‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown
“Our first priority has been to have a complete mitigation in place,” said Intel’s Parker. “We’ve delivered a solution.” Some in the cybersecurity community aren’t so sure. Kocher, who helped discover Spectre, thinks this is just the beginning of the industry’s woes. Now that new ways to exploit chips have been exposed, there’ll be more variations and more flaws that will require more patches and mitigation. "This is just like peeling the lid off the can of worms," he said.
(tags: meltdown spectre speculative-execution security exploits intel amd cpus)
google/highwayhash: Fast strong hash functions: SipHash/HighwayHash
HighwayHash: 'We have devised a new way of mixing inputs with AVX2 multiply and permute instructions. The multiplications are 32x32 -> 64 bits and therefore infeasible to reverse. Permuting equalizes the distribution of the resulting bytes. The internal state occupies four 256-bit AVX2 registers. Due to limitations of the instruction set, the registers are partitioned into two 512-bit halves that remain independent until the reduce phase. The algorithm outputs 64 bit digests or up to 256 bits at no extra cost. In addition to high throughput, the algorithm is designed for low finalization cost. The result is more than twice as fast as SipTreeHash. We also provide an SSE4.1 version (80% as fast for large inputs and 95% as fast for short inputs), an implementation for VSX on POWER and a portable version (10% as fast). A third-party ARM implementation is referenced below. Statistical analyses and preliminary cryptanalysis are given in https://arxiv.org/abs/1612.06257.' (via Tony Finch)
(tags: siphash highwayhash via:fanf hashing hashes algorithms mac google hash)
Brain Cells Share Information With Virus-Like Capsules - The Atlantic
...a gene called Arc which is active in neurons, and plays a vital role in the brain. A mouse that’s born without Arc can’t learn or form new long-term memories. If it finds some cheese in a maze, it will have completely forgotten the right route the next day. “They can’t seem to respond or adapt to changes in their environment,” says Shepherd, who works at the University of Utah, and has been studying Arc for years. “Arc is really key to transducing the information from those experiences into changes in the brain.” Despite its importance, Arc has been a very difficult gene to study. Scientists often work out what unusual genes do by comparing them to familiar ones with similar features—but Arc is one-of-a-kind. Other mammals have their own versions of Arc, as do birds, reptiles, and amphibians. But in each animal, Arc seems utterly unique—there’s no other gene quite like it. And Shepherd learned why when his team isolated the proteins that are made by Arc, and looked at them under a powerful microscope. He saw that these Arc proteins assemble into hollow, spherical shells that look uncannily like viruses. “When we looked at them, we thought: What are these things?” says Shepherd. They reminded him of textbook pictures of HIV, and when he showed the images to HIV experts, they confirmed his suspicions. That, to put it bluntly, was a huge surprise. “Here was a brain gene that makes something that looks like a virus,” Shepherd says. That’s not a coincidence. The team showed that Arc descends from an ancient group of genes called gypsy retrotransposons, which exist in the genomes of various animals, but can behave like their own independent entities.* They can make new copies of themselves, and paste those duplicates elsewhere in their host genomes. At some point, some of these genes gained the ability to enclose themselves in a shell of proteins and leave their host cells entirely. That was the origin of retroviruses—the virus family that includes HIV.
(tags: brain evolution retroviruses viruses genes arc gag proteins memory biology)
[1801.02780] Rogue Signs: Deceiving Traffic Sign Recognition with Malicious Ads and Logos
Well, so much for that idea.
We propose a new real-world attack against the computer vision based systems of autonomous vehicles (AVs). Our novel Sign Embedding attack exploits the concept of adversarial examples to modify innocuous signs and advertisements in the environment such that they are classified as the adversary's desired traffic sign with high confidence. Our attack greatly expands the scope of the threat posed to AVs since adversaries are no longer restricted to just modifying existing traffic signs as in previous work. Our attack pipeline generates adversarial samples which are robust to the environmental conditions and noisy image transformations present in the physical world. We ensure this by including a variety of possible image transformations in the optimization problem used to generate adversarial samples. We verify the robustness of the adversarial samples by printing them out and carrying out drive-by tests simulating the conditions under which image capture would occur in a real-world scenario. We experimented with physical attack samples for different distances, lighting conditions, and camera angles. In addition, extensive evaluations were carried out in the virtual setting for a variety of image transformations. The adversarial samples generated using our method have adversarial success rates in excess of 95% in the physical as well as virtual settings.
(tags: signs road-safety roads traffic self-driving-cars cars avs security machine-learning computer-vision ai)
The Stress of Remote Working – Martin De Wulf – Medium
There is a lot of good to say about remote working, and I see a lot of rabid defence of the practice. That said, I have been working remotely for a little more than 5 years now, and I now must acknowledge that it does not come without stress. This might come as a surprise for some, but in the end, I think that remote working has taken some toll on me over the last two years, especially when I went almost fully remote for a year.
I have to say, I agree with this 100% -- I spent a few years remote working full time, and by the end of it I was absolutely delighted to return to a mainly office-based job.(tags: business work life coding teleworking remote-work stress anxiety mental-health)
Best way designing a GDPR compliant datalake using AWS services : aws
interesting thread at Reddit
Collision Course: Why This Type Of Road Junction Will Keep Killing Cyclists
This aspect of road design had never occurred to me, but once explained it makes sense. Great article on the design of an oblique crossroads junction and how it's unexpectedly dangerous due to human factors and car design.
“Human error” may be real, but so are techniques to mitigate or eliminate its effects — and driver training is poor when it comes to equipping people with those techniques, let alone habituating them. (And let alone reviewing knowledge of those techniques every few years.)
(tags: cars cycling road-safety safety accidents traffic junctions road-design design human-error human-factors)
Post-apocalyptic life in American health care
My god, this is so dysfunctional. 'I observe that American health care organizations can no longer operate systematically, so participants are forced to act in the communal mode, as if in the pre-modern world. Health care is one leading edge of a general breakdown in systematicity — while, at the same time, employing sophisticated systematic technologies. For complex health care problems, I recommend hiring a consultant to provide administrative (not medical!) guidance.' via Craig.
(tags: bureaucracy healthcare health systems us-politics insurance medicine dysfunctional fail fiasco via:craig)
-
Some tips about RNGs and their usage (via Tony Finch)
(tags: coding random math rngs prngs statistics distributions)
Nicole Perlroth's roundup on the Spectre and Meltdown security holes
Excellent roundup -- this really is amazingly bad news for CPU performance and fixability
(tags: meltdown spectre nicole-perlroth security cpu performance speculative-execution intel amd arm)
These stickers make AI hallucinate things that aren’t there - The Verge
The sticker “allows attackers to create a physical-world attack without prior knowledge of the lighting conditions, camera angle, type of classifier being attacked, or even the other items within the scene.” So, after such an image is generated, it could be “distributed across the Internet for other attackers to print out and use.” This is why many AI researchers are worried about how these methods might be used to attack systems like self-driving cars. Imagine a little patch you can stick onto the side of the motorway that makes your sedan think it sees a stop sign, or a sticker that stops you from being identified up by AI surveillance systems. “Even if humans are able to notice these patches, they may not understand the intent [and] instead view it as a form of art,” the researchers write.
(tags: self-driving cars ai adversarial-classification security stickers hacks vision surveillance classification)
Notes from the Intelpocalypse [LWN.net]
What emerges is a picture of unintended processor functionality that can be exploited to leak arbitrary information from the kernel, and perhaps from other guests in a virtualized setting. If these vulnerabilities are already known to some attackers, they could have been using them to attack cloud providers for some time now. It seems fair to say that this is one of the most severe vulnerabilities to surface in some time. The fact that it is based in hardware makes things significantly worse. We will all be paying the performance penalties associated with working around these problems for the indefinite future. For the owners of vast numbers of systems that cannot be updated, the consequences will be worse: they will remain vulnerable to a set of vulnerabilities with known exploits. This is not a happy time for the computing industry.
Aadhaar’s Dirty Secret Is Out, Anyone Can Be Added as a Data Admin
If you think your Aadhaar data is only in the hands of those authorised to access the official [Indian national] Aadhaar database, think again. Following up on an investigation by The Tribune, The Quint found that completely random people like you and me, with no official credentials, can access and become admins of the official Aadhaar database (with names, mobile numbers, addresses of every Indian linked to the UIDAI scheme). But that’s not even the worst part. Once you are an admin, you can make ANYONE YOU CHOOSE an admin of the portal. You could be an Indian, you could be a foreign national, none of it matters – the Aadhaar database won’t ask. A person of your choosing would then have access to the data of all 119,22,59,062 Aadhaar cardholders.
(tags: aadhaar security fail vulnerabilities privacy)
My bedroom lights turn on when my blood sugar goes low! (Dexcom, Nightscout and IFTTT) : diabetes
Now this is a great idea -- IOT to the rescue
(tags: iot via:fp via:eatpaste blood health diabetes monitoring home)
-
An online doctor appointment -- you fill out a questionnaire, are interviewed via VC, and receive any prescription you need. Recommended by devxda on the ITC slack
The mysterious case of the Linux Page Table Isolation patches | Hacker News
good HN comments on the horrible security bug du jour -- Intel CPUs potentially allowing privileged data leaks cross-VM and cross-process
These experts figured out why so many bogus patents get approved | Ars Technica
A recent paper published by the Brookings Institution offers fascinating insights into this question. Written by legal scholars Michael Frakes and Melissa Wasserman, the paper identifies three ways the patent process encourages approval of low-quality patents: The United States Patent and Trademark Office (USPTO) is funded by fees—and the agency gets more fees if it approves an application. Unlimited opportunities to refile rejected applications means sometimes granting a patent is the only way to get rid of a persistent applicant. Patent examiners are given less time to review patent applications as they gain seniority, leading to less thorough reviews. None of these observations is entirely new. For example, we have covered the problems created by unlimited re-applications in the past. But what sets Frakes and Wasserman's work apart is that they have convincing empirical evidence for all three theories.
(tags: patents uspto swpats brookings-institution patenting law)
SE Asia travel pro-tip from Naomi Wu
Naomi Wu on Twitter: "Honestly Saccharomyces boulardii solves the problem [of dodgy tummy] for most people, it's what I take when I travel to SE Asia"
(tags: food diarrhoea s-boulardii bacterica digestion health travel se-asia tips)
-
When you engineer a system for deployment you build it to meet certain real-world goals. You may find that there are tradeoffs, and that you can't achieve all of your goals, but that's normal; as I've remarked, "engineering is the art of picking the right trade-off in an overconstrained environment". For any computer-based financial system, one crucial parameter is the transaction rate. For a system like Bitcoin, another goal had to be avoiding concentrations of power. And of course, there's transaction privacy. There are less obvious factors, too. These days, "mining" for Bitcoins requires a lot of computations, which translates directly into electrical power consumption. One estimate is that the Bitcoin network uses up more electricity than many countries. There's also the question of governance: who makes decisions about how the network should operate? It's not a question that naturally occurs to most scientists and engineers, but production systems need some path for change. In all of these, Bitcoin has failed. The failures weren't inevitable; there are solutions to these problems in the acdemic literature. But Bitcoin was deployed by enthusiasts who in essence let experimental code escape from a lab to the world, without thinking about the engineering issues—and now they're stuck with it. Perhaps another, better cryptocurrency can displace it, but it's always much harder to displace something that exists than to fill a vacuum.
(tags: steven-bellovin bitcoin tech software systems engineering deployment cryptocurrency cypherpunks)
RFC 2322: Management of IP numbers by peg-dhcp
This RFC describes a protocol to dynamically hand out ip-numbers on field networks and small events that don't necessarily have a clear organisational body.
ie. using clothes pegs!(tags: pegs dhcp hacks rfcs hip97 hip protocols clothespegs)
Learning to operate Kubernetes reliably
A very solid writeup from Julia "b0rk" Evans at Stripe
(tags: stripe kubernetes cron distributed-cron jobs docker containers ops julia-evans)
-
pretty cool stuff from Google, has to be said
How Syria's White Helmets became victims of an online propaganda machine | World news | The Guardian
The way the Russian propaganda machine has targeted the White Helmets is a neat case study in the prevailing information wars. It exposes just how rumours, conspiracy theories and half-truths bubble to the top of YouTube, Google and Twitter search algorithms. “This is the heart of Russian propaganda. In the old days they would try and portray the Soviet Union as a model society. Now it’s about confusing every issue with so many narratives that people can’t recognise the truth when they see it,” said David Patrikarakos, author of War in 140 Characters: How Social Media is Reshaping Conflict in the 21st Century.
(tags: propaganda white-helmets russia disinfo syria facebook assad google youtube fud algorithms)
-
some design principles behind Circonus' time series data store
(tags: circonus time-series irondb databases storage architecture coding)
What Gamergate should have taught us about the 'alt-right'
Spot on, from a year ago:
Prominent critics of the Trump administration need to learn from Gamergate. They need to be prepared for abuse, for falsified concerns, invented grassroots campaigns designed specifically to break, belittle, or disgrace. Words and concepts will be twisted, repackaged and shared across forums, stripping them of meaning. Gamergate painted critics as censors, the far-right movement claims critics are the real racists. Perhaps the true lesson of Gamergate was that the media is culturally unequipped to deal with the forces actively driving these online movements. The situation was horrifying enough two years ago, it is many times more dangerous now.
(tags: politics fascism gamergate history alt-right milo fake-news propaganda nazis racism misogyny)
Google Thinks I’m Dead - The New York Times
jesus, Google, this is a shambles
(tags: google data correctness bugs errors data-cleanliness accuracy)
-
'Simple uptime monitoring: distributed, self-hosted health checks and status pages' -- stores in S3
(tags: go ops monitoring uptime health-checks status-pages status golang s3)
The Real Danger To Civilization Isn’t AI. It’s Runaway Capitalism
The idea of superintelligence is such a poorly defined notion that one could envision it taking almost any form with equal justification: a benevolent genie that solves all the world’s problems, or a mathematician that spends all its time proving theorems so abstract that humans can’t even understand them. But when Silicon Valley tries to imagine superintelligence, what it comes up with is no-holds-barred capitalism. [....] I realized that we are already surrounded by machines that demonstrate a complete lack of insight, we just call them corporations. Corporations don’t operate autonomously, of course, and the humans in charge of them are presumably capable of insight, but capitalism doesn’t reward them for using it. On the contrary, capitalism actively erodes this capacity in people by demanding that they replace their own judgment of what “good” means with “whatever the market decides.”
(tags: capitalism silicon-valley ai superintelligence future ted-chiang sf)
It's official, ADSL works over wet string
So, there you go, ADSL over 2m of literal "wet string". Well done all for testing this. It shows the importance of handling faults that seem to just be "low speed".
extremely detailed writeup on a secondhand Nissan LEAF
'2015 Nissan LEAF, 24kWh Acenta model' -- with specifics of cost, usage in Ireland, charging times, etc. Super-detailed!
The Mirai Botnet Was Part of a College Student Minecraft Scheme
The truth, as made clear in that Alaskan courtroom Friday — and unsealed by the Justice Department on Wednesday—was even stranger: The brains behind Mirai were a 21-year-old Rutgers college student from suburban New Jersey and his two college-age friends from outside Pittsburgh and New Orleans. All three—Paras Jha, Josiah White, and Dalton Norman, respectively—admitted their role in creating and launching Mirai into the world. Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft. “They didn’t realize the power they were unleashing,” says FBI supervisory special agent Bill Walton. "This was the Manhattan Project."
(via Nelson)AWS re:Invent 2017 slides: CMP301 - Deep Dive on Amazon EC2 Instances
useful session from re:Invent this year
AWS re:Invent 2017 slides: DAT302 - Deep Dive on Amazon Relational Database Service (RDS)
useful session from re:Invent this year
AWS re:Invent 2017 slides: STG306 - Deep Dive on Amazon EBS
useful session from re:Invent this year
Wishlist: A Tiny Museum for Your Mantle - Atlas Obscura
the Mini Museum. back on sale at Amazon and absolutely amazing
(tags: museum stuff toget want atlas-obscura history science fossils collectibles)
AWS CodeBuild Plugin - Jenkins - Jenkins Wiki
Trigger AWS CodeBuild jobs as build steps for a Jenkins project. :thinking_face_emoji:
-
'The missing link between AWS AutoScaling Groups and Route53 [...] solves the issue of keeping a route53 zone up to date with the changes that an autoscaling group might face.'
(tags: auto53 route-53 dns aws amazon ops hostnames asg autoscaling)
The Case for Learned Index Structures
'Indexes are models: a B-Tree-Index can be seen as a model to map a key to the position of a record within a sorted array, a Hash-Index as a model to map a key to a position of a record within an unsorted array, and a BitMap-Index as a model to indicate if a data record exists or not. In this exploratory research paper, we start from this premise and posit that all existing index structures can be replaced with other types of models, including deep-learning models, which we term learned indexes. The key idea is that a model can learn the sort order or structure of lookup keys and use this signal to effectively predict the position or existence of records. We theoretically analyze under which conditions learned indexes outperform traditional index structures and describe the main challenges in designing learned index structures. Our initial results show, that by using neural nets we are able to outperform cache-optimized B-Trees by up to 70% in speed while saving an order-of-magnitude in memory over several real-world data sets. More importantly though, we believe that the idea of replacing core components of a data management system through learned models has far reaching implications for future systems designs and that this work just provides a glimpse of what might be possible.' Excellent follow-up thread from Henry Robinson: https://threadreaderapp.com/thread/940344992723120128 'The fact that the learned representation is more compact is very neat. But also it's not really a surprise that, given the entire dataset, we can construct a more compact function than a B-tree which is *designed* to support efficient updates.' [...] 'given that the model performs best when trained on the whole data set - I strongly doubt B-trees are the best we can do with the current state-of-the art.'
(tags: data-structures ml google b-trees storage indexes deep-learning henry-robinson)
Internet protocols are changing
per @mnot. HTTP/2; TLS 1.3; QUIC and UDP; and DOH (DNS over HTTP!)
(tags: crypto encryption http https protocols http2 tls quic udp tcp dns tunnelling)
Canarytokens.org - Quick, Free, Detection for the Masses
similar to honeytokens -- detect breaches by access attempts to unique addresses
(tags: security honeypots honeytokens canary canarytokens)
In first, 3-D printed objects connect to WiFi without electronics
This. is. magic.
Physical motion—pushing a button, laundry soap flowing out of a bottle, turning a knob, removing a hammer from a weighted tool bench—triggers gears and springs elsewhere in the 3-D printed object that cause a conductive switch to intermittently connect or disconnect with the antenna and change its reflective state. Information—in the form of 1s and 0s—is encoded by the presence or absence of the tooth on a gear. Energy from a coiled spring drives the gear system, and the width and pattern of gear teeth control how long the backscatter switch makes contact with the antenna, creating patterns of reflected signals that can be decoded by a WiFi receiver.
(tags: magic wifi whoa 3d-printing objects plastic gears springs)
AMERICAN AIRLINES 737MAX8: “LIKE A FLYING PRISON”
Quite unusual to see an honest review of travelling coach-class on an internal US flight. This is a massive stinker: “I admit American isn’t my favourite airline, but this has made me seriously re-evaluate ever travelling on them again. And it won’t be economy. If this is Americans idea of their future standards, they can keep it. Aviation enthusiasts might find it really interesting- I felt like I was in a flying prison”.
Using AWS Batch to Generate Mapzen Terrain Tiles · Mapzen
Using this setup on AWS Batch, we are able to generate more than 3.75 million tiles per minute and render the entire world in less than a week! These pre-rendered tiles get stored in S3 and are ready to use by anyone through the AWS Public Dataset or through Mapzen’s Terrain Tiles API.
Theresa May's Blue Monday -- Fintan O’Toole
Having backed down, May was then peremptorily informed that she was not even allowed to back down. She left her lunch with the president of the European Commission, Jean-Claude Juncker, to take a phone call from the DUP’s Arlene Foster, who told her that the deal she had just made was unacceptable. May then had to go back in and tell Juncker that she could not agree to what she had just agreed to. It is a scarcely credible position for a once great state to find itself in: its leader does not even have the power to conduct a dignified retreat.
(tags: eu ireland brexit uk theresa-may dup politics ec fintan-otoole)
Handling GDPR: How to make Kafka Forget
How do you delete (or redact) data from Kafka? The simplest way to remove messages from Kafka is to simply let them expire. By default Kafka will keep data for two weeks and you can tune this as required. There is also an Admin API that lets you delete messages explicitly if they are older than some specified time or offset. But what if we are keeping data in the log for a longer period of time, say for Event Sourcing use cases or as a source of truth? For this you can make use of Compacted Topics, which allow messages to be explicitly deleted or replaced by key.
Similar applies to Kinesis I would think.
Bella Caledonia: A Wake-Up Call
Swathes of the British elite appeared ignorant of much of Irish history and the country’s present reality. They seemed to have missed that Ireland’s economic dependence on exports to its neighbour came speedily to an end after both joined the European Economic Community in 1973. They seemed unacquainted with Ireland’s modern reality as a confident, wealthy, and internationally-oriented nation with overwhelming popular support for EU membership. Repeated descriptions of the border as a “surprise” obstacle to talks betrayed that Britain had apparently not listened, or had dismissed, the Irish government’s insistence in tandem with the rest of the EU since April that no Brexit deal could be agreed that would harden the border between Ireland and Northern Ireland. The British government failed to listen to Ireland throughout history, and it was failing to listen still.
(tags: europe ireland brexit uk ukip eu northern-ireland border history)
AWS re:invent 2017: Advanced Design Patterns for Amazon DynamoDB (DAT403) - YouTube
Video of one of the more interesting sessions from this year's Re:invent
-
Another re:Invent highlight to watch -- ECS' new native container networking model explained
(tags: reinvent aws containers docker ecs networking sdn ops)
VLC in European Parliament's bug bounty program
This was not something I expected:
The European Parliament has approved budget to improve the EU’s IT infrastructure by extending the free software security audit programme (FOSSA) and by including a bug bounty approach in the programme. The Commission intends to conduct a small-scale "bug bounty" activity on open-source software with companies already operating in the market. The scope of this action is to: Run a small-scale "bug bounty" activity for open source software project or library for a period of up to two months maximum; The purpose of the procedure is to provide the European institutions with open source software projects or libraries that have been properly screened for potential vulnerabilities; The process must be fully open to all potential bug hunters, while staying in-line with the existing Terms of Service of the bug bounty platform.
(tags: vlc bug-bounties security europe europarl eu ep bugs oss video open-source)
-
newsgroup/torrent TV PVR automation. looks neat
(tags: pvr tv automation usenet bittorrent)
South Pole Ice Tunnels – Antarctica - Atlas Obscura
'One of the strangest of these monuments consists of the body of an atrophied White Sturgeon and a handwritten account of its journey. The fish had arrived in 1992 at McMurdo Station (a US base located at the edge of Antarctica and the Ross Sea) and had been destined for a remote Russian station called Vostok. However, the Russians gifted the sturgeon to American scientists who later discarded it after it had languished uneaten in a freezer for several months. It was from the trash dump that a garbage processing crew reclaimed the sturgeon, and it then made its way from location to location across Antarctica. It finally became enshrined in the tunnels beneath the South Pole where it greets visitors from a ledge chiseled in the ice.'
(tags: south-pole pole big-dead-place shrines funny sturgeons antarctica amundsen-scott-station mcmurdo vostok)
Introducing the Amazon Time Sync Service
Well overdue; includes Google-style leap smearing
The Impenetrable Program Transforming How Courts Treat DNA Evidence | WIRED
'So the lab turned to TrueAllele, a program sold by Cybergenetics, a small company dedicated to helping law enforcement analyze DNA where regular lab tests fail. They do it with something called probabilistic genotyping, which uses complex mathematical formulas to examine the statistical likelihood that a certain genotype comes from one individual over another. It’s a type of DNA testing that’s becoming increasingly popular in courtrooms. ' [...] 'But now legal experts, along with Johnson’s advocates, are joining forces to argue to a California court that TrueAllele—the seemingly magic software that helped law enforcement analyze the evidence that tied Johnson to the crimes—should be forced to reveal the code that sent Johnson to prison. This code, they say, is necessary in order to properly evaluate the technology. In fact, they say, justice from an unknown algorithm is no justice at all.'
(tags: law justice trueallele software dna evidence statistics probability code-review auditing)
Meet the man who deactivated Trump’s Twitter account
Legend!
His last day at Twitter was mostly uneventful, he says. There were many goodbyes, and he worked up until the last hour before his computer access was to be shut off. Near the end of his shift, the fateful alert came in. This is where Trump’s behavior intersects with Duysak’s work life. Someone reported Trump’s account on Duysak’s last day; as a final, throwaway gesture, he put the wheels in motion to deactivate it. Then he closed his computer and left the building.
Fine Art Prints – The Public Domain Review
This is amazing -- "museum quality" prints of favourites from the PDR archives, featuring Paul Klee, William Blake, ukiyo-e from Hiroshige, Goya, and even Athanasius Kircher
(tags: prints to-get fine-art public-domain art william-blake ukiyo-e hiroshige goya klee)
Introducing AWS Fargate – Run Containers without Managing Infrastructure
now that's a good announcement. Available right away running atop ECS; EKS in 2018
creepy fake motion-detector cameras in AirBnBs
Jason Scott on Twitter: "In "oh, that's a thing now" news, a colleague of mine thought it odd that there was a single "motion detector" in his AirBNB in the bedroom and voila, it's an IP camera connected to the web. (He left at 3am, reported, host is suspended, colleague got refund.)"
(tags: airbnb motion-detectors cameras surveillance creepy privacy)
Parental Controls & Internet Filtering — Circle
this looks interesting; internet time limits and per-user/per-device content filtering, for kids
(tags: apps kids android ios circle filtering family parenting)
-
'A book about London's gorgeous, brutalist architecture includes dainty DIY papercraft models to make yourself' -- awesome
(tags: brutalist architecture london papercraft models barbican)
UK government planning to require age verification for access to porn
This thread has pointed out the unintentional side effect which I hadn't considered: this database of user auth info and their porn habits will be an incredibly valuable target for foreign governments and hackers, and a single foreign porn company owns the AV service they are potentially planning to use for it. "if they can't find a way to de-link identities from usage, this is a monumental national security risk and it's beyond insane they're even considering it. "Sorry Prime Minister, Russia now knows what porn every MP, civil servant and clearance holder watches and when, and we don't know how much of it they've given to Wikileaks. In retrospect, having the world's most obvious SIGINT target built in PHP and hosted in the Cayman Islands by an uncleared foreign 25 year old working for a porn company probably wasn't the best idea".'
(tags: age verification porn uk politics censorship security national-security wikileaks russia)
How to configure Backblaze B2 with Duplicity on Linux
sorry S3, Backblaze is cheaper nowadays!
(tags: duplicity backups linux ops security b2 s3 storage home)
-
/tan?sple?n/ - verb informal - (of a British journalist or political type) explaining Irish history and politics to an Irish person, in a manner regarded as condescending, patronizing, and often incorrect.
(tags: politics lols funny tansplaining black-and-tans history uk brexit dictionary neologisms)
Ordering a new EV ? what are your 181 options ?
(thinking face)
Witney Seibold watches all the Academy Award Best Picture winners
Myself and the missus are in the process of doing this right now!
(tags: nerdist witney-seibold academy-awards best-picture awards movies)
-
it’s 2017, and spam has clawed itself back from the grave. It shows up on social media and dating sites as bots hoping to lure you into downloading malware or clicking an affiliate link. It creeps onto your phone as text messages and robocalls that ring you five times a day about luxury cruises and fictitious tax bills. Networks associated with the buzzy new cryptocurrency system Ethereum have been plagued with spam. Facebook recently fought a six-month battle against a spam operation that was administering fake accounts in Bangladesh, Indonesia, Saudi Arabia, and other countries. Last year, a Chicago resident sued the Trump campaign for allegedly sending unsolicited text message spam; this past November, ZDNet reported that voters were being inundated with political text messages they never signed up for. Apps can be horrid spam vectors, too — TechCrunch writer Jordan Crook wrote in April about how she idly downloaded an app called Gather that promptly spammed everyone in her contact list. Repeated mass data breaches that include contact information, such as the Yahoo breach in which 3 billion user accounts were exposed, surely haven’t helped. Meanwhile, you, me, and everyone we know is being plagued by robocalls. “There is no recourse for me,” lamented Troy Doliner, a student in Boston who gets robocalls every day. “I am harassed by a faceless entity that I cannot track down.” “I think we had a really unique set of circumstances that created this temporary window where spam was in remission,” said Finn Brunton, an assistant professor at NYU who wrote Spam: A Shadow History of the Internet, “and now we’re on the other side of that, with no end in sight.”
(via Boing Boing)(tags: spam privacy email social-media web robocalls phone ethereum texts abuse)
S3 Inventory Adds Apache ORC output format and Amazon Athena Integration
Interesting to see Amazon are kind of putting their money behind ORC as a new public data interchange format with this
Spot Fleet now supports Target Tracking
Awesome, nice feature
(tags: spot-fleet spot-instances ec2 amazon aws scaling ops architecture)
IBM urged to avoid working on 'extreme vetting' of U.S. immigrants
ICE wants to use machine learning technology and social media monitoring to determine whether an individual is a “positively contributing member of society,” according to documents published on federal contracting websites. More than 50 civil society groups and more than 50 technical experts sent separate letters on Thursday to the Department of Homeland Security saying the vetting program as described was “tailor-made for discrimination” and contending artificial intelligence was unable to provide the information ICE desired.
(tags: civil-rights politics usa trump ice ibm civil-liberties immigration discrimination racism social-media)
Cordyceps even creepier than at first thought
Hughes’s team found that fungal cells infiltrate the ant’s entire body, including its head, but they leave its brain untouched. There are other parasites that manipulate their hosts without destroying their brains, says Kelly Weinersmith from Rice University. For example, one flatworm forms a carpet-like layer over the brain of the California killifish, leaving the brain intact while forcing the fish to behave erratically and draw the attention of birds—the flatworm’s next host. “But manipulation of ants by Ophiocordyceps is so exquisitely precise that it is perhaps surprising that the fungus doesn't invade the brain of its host,” Weinersmith says. [....] So what we have here is a hostile takeover of a uniquely malevolent kind. Enemy forces invading a host’s body and using that body like a walkie-talkie to communicate with each other and influence the brain from afar. Hughes thinks the fungus might also exert more direct control over the ant’s muscles, literally controlling them “as a puppeteer controls as a marionette doll.” Once an infection is underway, he says, the neurons in the ant’s body—the ones that give its brain control over its muscles—start to die. Hughes suspects that the fungus takes over. It effectively cuts the ant’s limbs off from its brain and inserts itself in place, releasing chemicals that force the muscles there to contract. If this is right, then the ant ends its life as a prisoner in its own body. Its brain is still in the driver’s seat, but the fungus has the wheel.
(tags: biology gross cordyceps fungi fungus ants zombies infection brain parasites)
-
'I think you want a Unicomp [...] They bought the old IBM model M factory line, it's a model M with USB' -- a classic IBM-style clacky full size keyboard -- https://twitter.com/SwartzCr/status/932678394021535751
Tech Leaders Dismayed by Weaponization of Social Media - IEEE Spectrum
“We have passed the fail-safe point,” McNamee said. “I don’t think we can get back to the Silicon Valley that I loved. At this point we just have to save America.”
(tags: propaganda fake-news facebook twitter social-media us-politics brexit internet russia silicon-valley usa)
How to ensure Presto scalability ?in multi user case
Good preso from Treasure Data on multi-user Presto usage
(tags: presto presentations slides storage databases)
Why is this company tracking where you are on Thanksgiving?
Creepy:
To do this, they tapped a company called SafeGraph that provided them with 17 trillion location markers for 10 million smartphones. The data wasn’t just staggering in sheer quantity. It also appears to be extremely granular. Researchers “used this data to identify individuals' home locations, which they defined as the places people were most often located between the hours of 1 and 4 a.m.,” wrote The Washington Post. [....] This means SafeGraph is looking at an individual device and tracking where its owner is going throughout their day. A common defense from companies that creepily collect massive amounts of data is that the data is only analyzed in aggregate; for example, Google’s database BigQuery, which allows organizations to upload big data sets and then query them quickly, promises that all its public data sets are “fully anonymized” and “contain no personally-identifying information.” In multiple press releases from SafeGraph’s partners, the company’s location data is referred to as “anonymized,” but in this case they seem to be interpreting the concept of anonymity quite liberally given the specificity of the data. Most people probably don’t realize that their Thanksgiving habits could end up being scrutinized by strangers. It’s unclear if users realize that their data is being used this way, but all signs point to no. (SafeGraph and the researchers did not immediately respond to questions.) SafeGraph gets location data from “from numerous smartphone apps,” according to the researchers.
(tags: safegraph apps mobile location tracking surveillance android iphone ios smartphones big-data)
-
Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy. Security: Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against the IBM X-Force threat intelligence database of over 40 billion analyzed web pages and images. Quad9 also taps feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike. Performance: Quad9 systems are distributed worldwide in more than 70 locations at launch, with more than 160 locations in total on schedule for 2018. These servers are located primarily at Internet Exchange points, meaning that the distance and time required to get answers is lower than almost any other solution. These systems are distributed worldwide, not just in high-population areas, meaning users in less well-served areas can see significant improvements in speed on DNS lookups. The systems are “anycast” meaning that queries will automatically be routed to the closest operational system. Privacy: No personally-identifiable information is collected by the system. IP addresses of end users are not stored to disk or distributed outside of the equipment answering the query in the local data center. Quad9 is a nonprofit organization dedicated only to the operation of DNS services. There are no other secondary revenue streams for personally-identifiable data, and the core charter of the organization is to provide secure, fast, private DNS
Awesome!(tags: quad9 resolvers dns anycast ip networking privacy security)
Continuous self-testing at Hosted Graphite
'why we send external canaries, every second'
(tags: graphite hostedgraphite monitoring canaries udp alerting ops)
'STELLA Report from the SNAFUcatchers Workshop on Coping With Complexity', March 14-16 2017
'A consortium workshop of high end techs reviewed postmortems to better understand how engineers cope with the complexity of anomalies (SNAFU and SNAFU catching episodes) and how to support them. These cases reveal common themes regarding factors that produce resilient performances. The themes that emerge also highlight opportunities to move forward.' The 'Dark debt' concept is interesting here.
(tags: complexity postmortems dark-debt technical-debt resilience reliability systems snafu reports toread stella john-allspaw)
Driverless shuttle in Las Vegas gets in fender bender within an hour
Like any functioning autonomous vehicle, the shuttle can avoid obstacles and stop in a hurry if needed. What it apparently can’t do is move a couple feet out of the way when it looks like a 20-ton truck is going to back into it. A passenger interviewed by KSNV shared her frustration: The shuttle just stayed still and we were like, ‘oh my gosh, it’s gonna hit us, it’s gonna hit us!’ and then.. it hit us! And the shuttle didn’t have the ability to move back, either. Like, the shuttle just stayed still.
(tags: ai driverless-cars driving cars las-vegas aaa navya keolis)
The naked truth about Facebook’s revenge porn tool
This is absolutely spot on.
If Facebook wanted to implement a truly trusted system for revenge porn victims, they could put the photo hashing on the user side of things -- so only the hash is transferred to Facebook. To verify the claim that the image is truly a revenge porn issue, the victim could have the images verified through a trusted revenge porn advocacy organization. Theoretically, the victim then would have a verified, privacy-safe version of the photo, and a hash that could be also sent to Google and other sites.
(tags: facebook privacy hashing pictures images revenge-porn abuse via:jwz)
20 Benefits that speed up hiring and 5 that slow it down
But that isn’t to say work-life balance isn’t important. It’s just job seekers are looking for balance outside of work. Three of the five benefits that sped up time to hire were related to giving more opportunities to leave work: Caregiver leave Adoption leave On site gym Performance based incentives Family leave
(tags: hiring benefits text-analysis pto holidays vacation leave gyms work family-leave)
Facebook asks users for nude photos in project to combat revenge porn
The photos are hashed, server-side, using the PhotoDNA hashing algorithm. This would have been way way better if it ran locally, on user's phones, instead though. Interesting to note that PhotoDNA claims to have a "1 in 10 billion" false positive rate according to https://www.itu.int/en/cop/case-studies/Documents/ICMEC_PhotoDNA.PDF
(tags: photodna hashing images facebook revenge-porn messenger nudes photos)
-
The newly deployed contract, 0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4, contains a vulnerability where its owner was uninitialized. Although, the contract is a library it was possible for devops199 to turn it into a regular multi-sig wallet since for Ethereum there is no real distinction between accounts, libraries, and contracts. The event occurred in two transactions, a first one to take over the library and a second one to kill the library?—?which was used by all multi-sig wallets created after the 20th of July. Since by design smart-contracts themselves can’t be patched easily, this make dependancies on third party libraries very lethal if a mistake happens. The fact that libraries are global is also arguable, this would be shocking if it was how our daily use Operating Systems would work.
How Facebook Figures Out Everyone You've Ever Met
Oh god this is so creepy.
Facebook’s machinery operates on a scale far beyond normal human interactions. And the results of its People You May Know algorithm are anything but obvious. In the months I’ve been writing about PYMK, as Facebook calls it, I’ve heard more than a hundred bewildering anecdotes: A man who years ago donated sperm to a couple, secretly, so they could have a child—only to have Facebook recommend the child as a person he should know. He still knows the couple but is not friends with them on Facebook. A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information. A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later. An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”
(tags: facebook privacy surveillance security creepy phones contacts pymk)
-
In short, I am in support of Naomi Wu. Rather than let the Internet speculate on why, I am sharing my perspectives on the situation preemptively. As with most Internet controversies, it’s messy and emotional. I will try my best to outline the biases and issues I have observed. Of course, everyone has their perspective; you don’t have to agree with mine. And I suspect many of my core audience will dislike and disagree with this post. However, the beginning of healing starts with sharing and listening. I will share, and I respectfully request that readers read the entire content of this post before attacking any individual point out of context. The key forces I see at play are: Prototype Bias – how assumptions based on stereotypes influence the way we think and feel Idol Effect – the tendency to assign exaggerated capabilities and inflated expectations upon celebrities Power Asymmetry – those with more power have more influence, and should be held to a higher standard of accountability Guanxi Bias – the tendency to give foreign faces more credibility than local faces in China All these forces came together in a perfect storm this past week.
(tags: culture engineering maker naomi-wu women stereotypes bias idols power china bunnie)
-
That doesn't mean Polvi is a fan. "Lambda and serverless is one of the worst forms of proprietary lock-in that we've ever seen in the history of humanity," said Polvi, only partly in jest, referring to the most widely used serverless offering, AWS Lambda. "It's seriously as bad as it gets." He elaborated: "It's code that tied not just to hardware – which we've seen before – but to a data center, you can't even get the hardware yourself. And that hardware is now custom fabbed for the cloud providers with dark fiber that runs all around the world, just for them. So literally the application you write will never get the performance or responsiveness or the ability to be ported somewhere else without having the deployment footprint of Amazon."
Absolutely agreed...(tags: lambda amazon aws containers coreos deployment lockin proprietary serverless alex-polvi kubernetes)
AWS switching hypervisor from Xen to KVM
interesting
(tags: aws kvm xen virtualization)
How to effectively complain to an Irish broadcaster about a public affairs show
Simon McGarr: "If you think that a public affairs show has failed to address a matter with proper balance, you can (Tweet) say it to the breeze or complain. There is a process to follow to make an effective complaint 1) complain to broadcaster 2) complain to BAI if unhappy with response." Thread with more details, and yet more at https://twitter.com/IrishTV_films/status/927172642544783360
(tags: complaining complaints rte bai ireland current-affairs)
The 10 Top Recommendations for the AI Field in 2017 from the AI Now Institute
I am 100% behind this. There's so much potential for hidden bias and unethical discrimination in careless AI/ML deployment.
While AI holds significant promise, we’re seeing significant challenges in the rapid push to integrate these systems into high stakes domains. In criminal justice, a team at Propublica, and multiple academics since, have investigated how an algorithm used by courts and law enforcement to predict recidivism in criminal defendants may be introducing significant bias against African Americans. In a healthcare setting, a study at the University of Pittsburgh Medical Center observed that an AI system used to triage pneumonia patients was missing a major risk factor for severe complications. In the education field, teachers in Texas successfully sued their school district for evaluating them based on a ‘black box’ algorithm, which was exposed to be deeply flawed. This handful of examples is just the start?—?there’s much more we do not yet know. Part of the challenge is that the industry currently lacks standardized methods for testing and auditing AI systems to ensure they are safe and not amplifying bias. Yet early-stage AI systems are being introduced simultaneously across multiple areas, including healthcare, finance, law, education, and the workplace. These systems are increasingly being used to predict everything from our taste in music, to our likelihood of experiencing mental illness, to our fitness for a job or a loan.
(tags: ai algorithms machine-learning ai-now ethics bias racism discrimination)
Something is wrong on the internet – James Bridle – Medium
'an essay on YouTube, children's videos, automation, abuse, and violence, which crystallises a lot of my current feelings about the internet through a particularly unpleasant example from it. [...] What we’re talking about is very young children [..] being deliberately targeted with content which will traumatise and disturb them, via networks which are extremely vulnerable to exactly this form of abuse. It’s not about trolls, but about a kind of violence inherent in the combination of digital systems and capitalist incentives. It’s down to that level of the metal.'
(tags: internet youtube children web automation violence horror 4chan james-bridle)
Inside The Great Poop Emoji Feud
PILE_OF_POO in the news!
The debate appears to be between some of Unicode’s most prolific contributors and typographers (Unicode was initially established to develop standards for translating alphabets into code that can be read across all computers and operating systems), and those in the consortium who focus primarily on the evolution of emojis. The two chief critics — Michael Everson and Andrew West, both typographers — say that the emoji proposal process has become too commercial and frivolous, thereby cheapening the Unicode Consortium’s long body of work. Their argument centers around “Frowning Pile Of Poo,” one of the emojis under consideration for the June 2018 class. In an Oct. 22 memo to the Unicode Technical Committee, Everson tore into the committee over the submission calling it “damaging ... to the Unicode standard.”
(tags: pile-of-poo emoji funny michael-everson unicode frowning-poo poo shit)
newrelic/sidecar: Gossip-based service discovery. Docker native, but supports static discovery, too.
An AP gossip-based service-discovery sidecar process.
Services communicate to each other through an HAproxy instance on each host that is itself managed and configured by Sidecar. It is inspired by Airbnb's SmartStack. But, we believe it has a few advantages over SmartStack: Native support for Docker (works without Docker, too!); No dependence on Zookeeper or other centralized services; Peer-to-peer, so it works on your laptop or on a large cluster; Static binary means it's easy to deploy, and there is no interpreter needed; Tiny memory usage (under 20MB) and few execution threads means its very light weight
(tags: clustering docker go service-discovery ap sidecar haproxy discovery architecture)
-
'A vault for securely storing and accessing AWS credentials in development environments'. Scott Piper says: 'You should not use the AWS CLI with MFA without aws-vault, and probably should not use the CLI at all without aws-vault, because of it's benefit of storing your keys outside of ~/.aws/credentials (since every once in a while a developer will decide to upload all their dot-files in their home directory to github so they can use the same .vimrc and .bashrc aliases everywhere, and will end up uploading their AWS creds).'
(tags: aws vault security cli development coding dotfiles credentials mfa)
-
57.10 Acceptable Use; Safety-Critical Systems. Your use of the Lumberyard Materials must comply with the AWS Acceptable Use Policy. The Lumberyard Materials are not intended for use with life-critical or safety-critical systems, such as use in operation of medical equipment, automated transportation systems, autonomous vehicles, aircraft or air traffic control, nuclear facilities, manned spacecraft, or military use in connection with live combat. However, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization.
Seems fair enough.(tags: aws zombies funny t-and-cs legal civilization just-in-case)
How the Guardian found 800,000 paying readers
The strategy to rescue the Guardian from financial oblivion has attained a landmark position by increasing its revenue from readers to a point where it now outweighs the paper’s income from advertising. This significant shift in the Guardian’s business model, making it less dependent on a highly challenging advertising market for media companies, results largely from a quadrupling in the number of readers making monthly payments under the title’s membership scheme, which has grown from 75,000 to 300,000 members in the past year.
Wow. Good job Guardian!(tags: guardian journalism subscriptions newspapers future membership donations)
How to make the function keys the default Touch Bar display
Gonna need this for the new work laptop
(tags: touchbar apple ui function-keys keyboard usability it-just-works)
20 Touch Bar Tips & Tricks for the New MacBook Pro - YouTube
another set of touchbar tips
Fooling Neural Networks in the Physical World with 3D Adversarial Objects · labsix
This is amazingly weird stuff. Fooling NNs with adversarial objects:
Here is a 3D-printed turtle that is classified at every viewpoint as a “rifle” by Google’s InceptionV3 image classifier, whereas the unperturbed turtle is consistently classified as “turtle”. We do this using a new algorithm for reliably producing adversarial examples that cause targeted misclassification under transformations like blur, rotation, zoom, or translation, and we use it to generate both 2D printouts and 3D models that fool a standard neural network at any angle. Our process works for arbitrary 3D models - not just turtles! We also made a baseball that classifies as an espresso at every angle! The examples still fool the neural network when we put them in front of semantically relevant backgrounds; for example, you’d never see a rifle underwater, or an espresso in a baseball mitt.
(tags: ai deep-learning 3d-printing objects security hacking rifles models turtles adversarial-classification classification google inceptionv3 images image-classification)
Rich "Lowtax" Kyanka on Twitter's abuse/troll problem
how did you solve this problem at Something Awful? You said you wrote a bunch of rules but internet pedants will always find ways to get around them. The last rule says we can ban you for any reason. It's like the catch-all. We can ban you if it's too hot in the room, we can ban you if we had a bad day, we can ban you if our finger slips and hits the ban button. And that way people know that if they're doing something and it's not technically breaking any rules but they're obviously trying to push shit as far as they can, we can still ban them. But, unlike Twitter, we actually have what's called the Leper's Colony, which says what they did and has their track record. Twitter just says, “You're gone.”
(tags: twitter communication discussion history somethingawful lowtax)
Here's A List Of The Darkest, Strangest Scientific Paper Titles Of All Time | IFLScience
some great papers here (via Emilie)
(tags: via:emilie funny papers science titles)
Yonatan Zunger's twitter thread on Twitter's problem with policy issues
'I worked on policy issues at G+ and YT for years. It was *painfully* obvious that Twitter never took them seriously.' This thread is full of good information on "free speech", nazis, Trump, Gamergate and Twitter's harrassment problem. (Via Peter Bourgon)
(tags: via:peterbourgon harrassment twitter gamergate threads youtube google-plus policy abuse bullying free-speech engagement)
What To Do When Your Daughter Is the Mean Girl | Psychology Today
Bookmarking -- just in case. hopefully it won't be necessary... good site for parenting advice along these lines.
I knew this day would come. I was, of course, hoping it never would-hoping that my daughter would never be mean to someone else's daughter-but as they say, I wrote the book on girl bullying in elementary school, so I knew that there was a pretty good chance that despite all of my best efforts, one of these days, my girl was gonna act like the mean one. This morning, she told me about it.
MaxMind DB File Format Specification
An interesting data structure format -- 'the MaxMind DB file format is a database format that maps IPv4 and IPv6 addresses to data records using an efficient binary search tree.'
(tags: maxmind databases storage ipv4 ipv6 addresses bst binary-search-trees trees data-structures)
IBM broke its cloud by letting three domain names expire - The Register
“multiple domain names were mistakenly allowed to expire and were in hold status.”
Open-sourcing RacerD: Fast static race detection at scale | Engineering Blog | Facebook Code
At Facebook we have been working on automated reasoning about concurrency in our work with the Infer static analyzer. RacerD, our new open source race detector, searches for data races — unsynchronized memory accesses, where one is a write — in Java programs, and it does this without running the program it is analyzing. RacerD employs symbolic reasoning to cover many paths through an app, quickly.
This sounds extremely interesting...(tags: racerd race-conditions data-races thread-safety static-code-analysis coding testing facebook open-source infer)
-
Fascinating stuff -- from Felix Cohen's excellent twitter thread.
Solera is a process for aging liquids such as wine, beer, vinegar, and brandy, by fractional blending in such a way that the finished product is a mixture of ages, with the average age gradually increasing as the process continues over many years. The purpose of this labor-intensive process is the maintenance of a reliable style and quality of the beverage over time. Solera means literally "on the ground" in Spanish, and it refers to the lower level of the set of barrels or other containers used in the process; the liquid (traditionally transferred from barrel to barrel, top to bottom, the oldest mixtures being in the barrel right "on the ground"), although the containers in today's process are not necessarily stacked physically in the way that this implies, but merely carefully labeled. Products which are often solera aged include Sherry, Madeira, Lillet, Port wine, Marsala, Mavrodafni, Muscat, and Muscadelle wines; Balsamic, Commandaria, some Vins doux naturels, and Sherry vinegars; Brandy de Jerez; beer; rums; and whiskies. Since the origin of this process is undoubtedly out of the Iberian peninsula, most of the traditional terminology was in Spanish, Portuguese, or Catalan.
(tags: wine aging solera sherry muscat vinegar brandy beer rum whiskey whisky brewing spain)
The Best Way to Sous Vide Is to Shut Up About It
lol
(tags: sous-vide gadgets kitchen bros cooking cookery funny)
"1 like = 1 delicious cocktail recipe or booze fact."
Great cocktail factoid thread from Manhattans Project/Every Cloud's Felix Cohen
Alarm systems alarmingly insecure. Oh the irony | Pen Test Partners
Some absolutely abysmal security practices used in off-the-shelf self-installed wireless home alarm systems -- specifically the Yale HSA6400. Simple replay attacks of the unlock PIN message, for instance
What Parents Can Do When Bullying is Downplayed at School | Psychology Today
Despite the "Bully-Free Zone" posters that line the school cafeteria walls and the Zero-Tolerance policy that was boasted about during last September's Back-to-School night, your experience is that the school would rather not address the problem at all. The responses you get from your child's teacher include bland lip service [...]
Good advice for this nasty situation -- I'm thankfully not facing it myself, but bookmarking just in case...(tags: bullying kids school education psychology children parenting)
Cyclists: Let's Talk About Shoaling
You're stopped at a red light with a bunch of folks on bikes, when someone who's just arrived sails past everyone, right to the head of the class. It's a lot like seeing somebody in the Whole Foods express lane with too many things. In other words, it's the kind of behavior that triggers toothy-toddler rages in otherwise emotionally competent adults.
Oh god. This drives me nuts. (via Mark)(tags: shoaling cycling commuting bikes red-lights commute rage)
Commodore 64 Raspberry Pi Case with working power LED
3D-printed retro-pi cases (via Oisin)
(tags: via:oisin 3d-printing retropi cases raspberry-pi hardware cute)
-
'AWS Lambda cheatsheet' -- a quick ref card for Lambda users
(tags: aws lambda ops serverless reference quick-references)
Turtle Bunbury - THE NIGHT OF THE BIG WIND, 1839 (Reprise)
The Night of the Big Wind was the most devastating storm ever recorded in Irish history. Known in As Gaeilge as ‘Oiche na Gaoithe Moire’, the hurricane of 6th and 7th January 1839 made more people homeless in a single night than all the sorry decades of eviction that followed it.
(tags: 1839 1830s 19th-century ireland turtle-bunbury history storms weather hurricanes)
One person’s history of Twitter, from beginning to end – Mike Monteiro
Twitter, which was conceived and built by a room of privileged white boys (some of them my friends!), never considered the possibility that they were building a bomb. To this day, Jack Dorsey doesn’t realize the size of the bomb he’s sitting on. Or if he does, he believes it’s metaphorical. It’s not. He is utterly unprepared for the burden he’s found himself responsible for. The power of Oppenheimer-wide destruction is in the hands of entitled men-children, cuddled runts, who aim not to enhance human communication, but to build themselves a digital substitute for physical contact with members of the species who were unlike them. And it should scare you.
(tags: politics twitter mike-monteiro history silicon-valley trump)
A history of the neural net/tank legend in AI, and other examples of reward hacking
@gwern: "A history of the neural net/tank legend in AI: https://t.co/2s4AOGMS3a (Feel free to suggest more sightings or examples of reward hacking!)"
(tags: gwern history ai machine-learning ml genetic-algorithms neural-networks perceptron learning training data reward-hacking)
-
I want to talk about why this vulnerability continues to exist so many years after WPA was standardized. And separately, to answer a question: how did this attack slip through, despite the fact that the 802.11i handshake was formally proven secure?
Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
This is the most amazing hack.
Upon successful execution, the exploit exposes APIs to read and write the host’s physical memory directly over-the-air, by mapping in any requested address to the controlled DART L2 translation table, and issuing DMA accesses to the corresponding mapped IO-Space addresses.
(tags: hacks exploits security ios wifi apple iphone kernel)
How to operate reliable AWS Lambda applications in production
running a reliable Lambda application in production requires you to still follow operational best practices. In this article I am including some recommendations, based on my experience with operations in general as well as working with AWS Lambda.
Amazon Shipping Filter - Chrome Web Store
a user script to determine when Amazon.{com,co.uk,fr,de,it,etc} will not deliver to your chosen delivery address, which is a common risk for Irish users
(tags: ireland shipping amazon buying extensions chrome userscripts shopping)
Spotify’s Discover Weekly: How machine learning finds your new music
Not sure how accurate this is (it's not written by a Spotify employee), but seems pretty well researched -- according to this Discover Weekly is a mix of 3 different algorithms
(tags: discover-weekly spotify nlp music ai ml machine-learning)
Study: wearing hi-viz clothing does not reduce risk of collision for cyclists
Journal of Transport & Health, 22 March 2017:
This study found no evidence that cyclists using conspicuity aids were at reduced risk of a collision crash compared to non-users after adjustment for confounding, but there was some evidence of an increase in risk. Bias and residual confounding from differing route selection and cycling behaviours in users of conspicuity aids are possible explanations for these findings. Conspicuity aids may not be effective in reducing collision crash risk for cyclists in highly-motorised environments when used in the absence of other bicycle crash prevention measures such as increased segregation or lower motor vehicle speeds.
(tags: health safety hi-viz clothing cycling commute visibility collision crashes papers)
-
Not a very good review of Hazelcast's CAP behaviour from Aphyr. see also https://twitter.com/MarcJBrooker/status/917437286639329280 for more musings from Marc Brooker on the topic ("PA/EC is a confusing and dangerous behaviour for many cases")
(tags: jepsen aphyr testing hazelcast cap-theorem reliability partitions network pacelc marc-brooker)
House Six, the Heartbeat of Student Life – The University Times
Dilapidated but beloved, House Six shapes student life in Trinity and has for decades been the backdrop to changes in Irish society.
Ah, memories -- in my case mostly of all-night Civ games in Publications(tags: history tcd trinity house-six csc tcdsu dublin buildings landmarks)
London's Hidden Tunnels Revealed In Amazing Cutaways | Londonist
these really are remarkable. I love the Renzo Picassos in particular
(tags: design history london 3d cutaways diagrams comics mid-century)
Kremlin info-ops measured to have a total reach of 340 million with dark, divisive ads
when the virality and resharing is measured, it's far higher than previously estimated, according to this Washington Post article
-
This week I took a crack at writing a branchless UTF-8 decoder: a function that decodes a single UTF-8 code point from a byte stream without any if statements, loops, short-circuit operators, or other sorts of conditional jumps. [...] Why branchless? Because high performance CPUs are pipelined. That is, a single instruction is executed over a series of stages, and many instructions are executed in overlapping time intervals, each at a different stage.
Neat hack (via Tony Finch)(tags: algorithms optimization unicode utf8 branchless coding c via:fanf)
Internet speed guarantees must be realistic, says Ofcom | Hacker News
Good news from the UK. Hope this comes to Ireland soon, too
"Why We Built Our Own Distributed Column Store" (video)
"Why We Built Our Own Distributed Column Store" by Sam Stokes of Honeycomb.io -- Retriever, inspired by Facebook's Scuba
(tags: scuba retriever storage data-stores columnar-storage honeycomb.io databases via:charitymajors)
-
A deep dive on how we were using our existing databases revealed that they were frequently not used for their relational capabilities. About 70 percent of operations were of the key-value kind, where only a primary key was used and a single row would be returned. About 20 percent would return a set of rows, but still operate on only a single table. With these requirements in mind, and a willingness to question the status quo, a small group of distributed systems experts came together and designed a horizontally scalable distributed database that would scale out for both reads and writes to meet the long-term needs of our business. This was the genesis of the Amazon Dynamo database. The success of our early results with the Dynamo database encouraged us to write Amazon's Dynamo whitepaper and share it at the 2007 ACM Symposium on Operating Systems Principles (SOSP conference), so that others in the industry could benefit. The Dynamo paper was well-received and served as a catalyst to create the category of distributed database technologies commonly known today as "NoSQL."
That's not an exaggeration. Nice one Werner et al!(tags: dynamo history nosql storage databases distcomp amazon papers acm data-stores)
The world's first cyber-attack, on the Chappe telegraph system, in Bordeaux in 1834
The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements. Some tried using messengers and carrier pigeons, but the Blanc brothers found a way to use the telegraph line instead. They bribed the telegraph operator in the city of Tours to introduce deliberate errors into routine government messages being sent over the network. The telegraph’s encoding system included a “backspace” symbol that instructed the transcriber to ignore the previous character. The addition of a spurious character indicating the direction of the previous day’s market movement, followed by a backspace, meant the text of the message being sent was unaffected when it was written out for delivery at the end of the line. But this extra character could be seen by another accomplice: a former telegraph operator who observed the telegraph tower outside Bordeaux with a telescope, and then passed on the news to the Blancs. The scam was only uncovered in 1836, when the crooked operator in Tours fell ill and revealed all to a friend, who he hoped would take his place. The Blanc brothers were put on trial, though they could not be convicted because there was no law against misuse of data networks. But the Blancs’ pioneering misuse of the French network qualifies as the world’s first cyber-attack.
(tags: bordeaux hacking history security technology cyber-attacks telegraph telegraphes-chappe)
Slack 103: Communication and culture
Interesting note on some emergent Slack communications systems using emoji: "redirect raccoon", voting, and "I'm taking a look at this"
This Future Looks Familiar: Watching Blade Runner in 2017
I told a lot of people that I was going to watch Blade Runner for the first time, because I know that people have opinions about Blade Runner. All of them gave me a few watery opinions to keep in mind going in—nothing that would spoil me, but things that would help me understand what they assured me would be a Very Strange Film. None of them told me the right things, though.
(tags: culture movies film blade-runner politics slavery replicants)
-
'Sampling tools like oprofile or dtrace's profile provider don't really provide methods to see what [multithreaded] programs are blocking on - only where they spend CPU time. Though there exist advanced techniques (such as systemtap and dtrace call level probes), it is overkill to build upon that. Poor man doesn't have time. Poor man needs food.' Basically periodically grabbing stack traces from running processes using gdb.
(tags: gdb profiling linux unix mark-callaghan stack-traces performance)
Report an Issue Online | Dublin City Council
handy self-service issue report portal, more direct possibly than FixMyStreet.ie
(tags: dcc dublin city council reporting civic traffic-lights roads paths)
Intel pcj library for persistent memory-oriented data structures
This is a "pilot" project to develop a library for Java objects stored in persistent memory. Persistent collections are being emphasized because many applications for persistent memory seem to map well to the use of collections. One of this project's goals is to make programming with persistent objects feel natural to a Java developer, for example, by using familiar Java constructs when incorporating persistence elements such as data consistency and object lifetime. The breadth of persistent types is currently limited and the code is not performance-optimized. We are making the code available because we believe it can be useful in experiments to retrofit existing Java code to use persistent memory and to explore persistent Java programming in general.
(via Mario Fusco)(tags: persistent-memory data-structures storage persistence java coding future)
Google and Facebook Have Failed Us - The Atlantic
There’s no hiding behind algorithms anymore. The problems cannot be minimized. The machines have shown they are not up to the task of dealing with rare, breaking news events, and it is unlikely that they will be in the near future. More humans must be added to the decision-making process, and the sooner the better.
(tags: algorithms facebook google las-vegas news filtering hoaxes 4chan abuse breaking-news responsibility silicon-valley)
the execution of James Connolly in cake form
As depicted in the Decobake 1916 commemorative cake competition. Amazing scenes of edible history
(tags: odd funny decobake 1916 history ireland republican nationalism james-connolly executions omgwtf cake)
Cashing in on ATM Malware - A Comprehensive Look at Various Attack Types
rather unnerving report from Trend Micro / Europol. 'As things stand, it looks like different criminal groups have already graduated from physical to virtual skimming via malware, thanks to the lack of security measures implemented by commercial banks worldwide. This is common in Latin America and Eastern Europe, but these criminals are exporting the technique and have started to victimize other countries.'
(tags: atms banking security trend-micro banks europol exploits)
Your Morning Sucks. Here’s How to Create a Dream Morning Routine.
this is fucking hilarious
(tags: funny self-parody morning routines via:dorothy hydration trampolines wtf manic)
The copyright implications of a publicly curated online archive of Oireachtas debates
"a publicly curated online archive of Oireachtas debates is so obviously in the public interest that copyright law should not prevent it." (via Aileen)
(tags: via:aileen copyright oireachtas debates ireland parliament archival history)
Share scripts that have dependencies with Nix
Nice approach to one-liner packaging invocations using nix-shell
In 1973, I invented a ‘girly drink’ called Baileys
The creation of the iconic booze:
'We bought a small bottle of Jamesons Irish Whiskey and a tub of single cream and hurried back. It was a lovely May morning. 1973. Underdogs Sunderland had just won the FA Cup. We mixed the two ingredients in our kitchen, tasted the result and it was certainly intriguing, but in reality bloody awful. Undaunted, we threw in some sugar and it got better, but it still missed something. We went back to the store, searching the shelves for something else, found our salvation in Cadbury’s Powdered Drinking Chocolate and added it to our formula. Hugh and I were taken by surprise. It tasted really good. Not only this, but the cream seemed to have the effect of making the drink taste stronger, like full-strength spirit. It was extraordinary.'
(tags: whiskey cream booze drinks baileys 1970s history 1973 chocolate cocktails)
-
restore a versioned S3 bucket to the state it was at at a specific point in time
(tags: ops s3 restore backups versioning history tools scripts unix)
-
Importing an EV from the UK into Ireland (specifically the Nissan Leaf). A little dated (2013) but possibly useful all the same
The Israeli Digital Rights Movement's campaign for privacy | Internet Policy Review
This study explores the persuasion techniques used by the Israeli Digital Rights Movement in its campaign against Israel’s biometric database. The research was based on analysing the movement's official publications and announcements and the journalistic discourse that surrounded their campaign within the political, judicial, and public arenas in 2009-2017. The results demonstrate how the organisation navigated three persuasion frames to achieve its goals: the unnecessity of a biometric database in democracy; the database’s ineffectiveness; and governmental incompetence in securing it. I conclude by discussing how analysing civil society privacy campaigns can shed light over different regimes of privacy governance. [....] 1. Why the database should be abolished: because it's not necessary - As the organisation highlighted repeatedly throughout the campaign with the backing of cyber experts, there is a significant difference between issuing smart documents and creating a database. Issuing smart documents effectively solves the problem of stealing and forging official documents, but does it necessarily entail the creation of a database? The activists’ answer is no: they declared that while they do support the transition to smart documents (passports and ID cards) for Israeli citizens, they object to the creation of a database due to its violation of citizens' privacy. 2. Why the database should be abolished: because it's ineffective; [...] 3. Why the database should be abolished: because it will be breached - The final argument was that the database should be abolished because the government would not be able to guarantee protection against security breaches, and hence possible identity theft.
(tags: digital-rights privacy databases id-cards israel psc drm identity-theft security)
-
Unroll a long twitter thread with a single tweet. I like it
-
a new common C++ library from Google, Apache-licensed.
(tags: c++ coding abseil google commons libraries open-source asl2 c++17)
Anthony Levandowski has founded an AI religion
In September 2015, the multi-millionaire engineer at the heart of the patent and trade secrets lawsuit between Uber and Waymo, Google’s self-driving car company, founded a religious organization called Way of the Future. Its purpose, according to previously unreported state filings, is nothing less than to “develop and promote the realization of a Godhead based on Artificial Intelligence.”
this article is full of bananas.(tags: google crazy uber waymo self-driving-cars cars religion way-of-the-future ai god)
LambCI — a serverless build system
Run CI builds on Lambda:
LambCI is a tool I began building over a year ago to run tests on our pull requests and branches at Uniqlo Mobile. Inspired at the inaugural ServerlessConf a few weeks ago, I recently put some work into hammering it into shape for public consumption. It was borne of a dissatisfaction with the two current choices for automated testing on private projects. You can either pay for it as a service (Travis, CircleCI, etc)?—?where 3 developers needing their own build containers might set you back a few hundred dollars a month. Or you can setup a system like Jenkins, Strider, etc and configure and manage a database, a web server and a cluster of build servers . In both cases you’ll be under- or overutilized, waiting for servers to free up or paying for server power you’re not using. And this, for me, is where the advantage of a serverless architecture really comes to light: 100% utilization, coupled with instant invocations.
-
Later, in clinic, I see patients ranging from a stoical university student to a devastated father to the frail octogenarian who can’t remember the day, let alone that he has cancer – each patient an illustration of a recent Macmillan Cancer Support UK finding that it is more common for an individual to be diagnosed with cancer than to get married or have a first child. One in two people will encounter a cancer diagnosis in their lifetime, which is why the report says that, alongside marriage, parenthood, retirement and the death of a parent, cancer is now “a common life milestone”.
-
looks like a nice web-based database, FileMaker Pro-style
(tags: filemaker collaboration database tools web sharing teams)
-
occupants in open-plan offices (>6 persons) had 62% more days of sickness absence (RR 1.62, 95% CI 1.30-2.02).
(tags: health office workplace data sickness open-plan work offices)
Legendary aquarium "piscamel" thread from the GotMead forums
I thought I had detected a studied disinterest for my March 28 questions about raising fish and making mead in the same aquarium --- now I realize that you mazers probably thought I was drunk. My hypothesis was that fish manures would provide valuable fertilizer to the yeast, the aquarium bubbler would keep O2 levels high, and the fish would get a nice honey drink. The result, instead, was 3 "piscamels" flavored by rotting fish.
This sounds utterly revolting. Mead made with biohazard waste. Those poor fish! (via John Looney)(tags: via:johnlooney biohazard mead fish aquarium gotmead forums brewing disgusting)
Relicensing React, Jest, Flow, and Immutable.js | Engineering Blog | Facebook Code
This decision comes after several weeks of disappointment and uncertainty for our community. Although we still believe our BSD + Patents license provides some benefits to users of our projects, we acknowledge that we failed to decisively convince this community.
(tags: facebook opensource react patents swpats bsd licensing)
'Monitoring Cloudflare's planet-scale edge network with Prometheus' (preso)
from SRECon EMEA 2017; how Cloudflare are replacing Nagios with Prometheus and grafana
(tags: metrics monitoring alerting prometheus grafana nagios)
European Commission study finds no link between piracy and lower sales of digital content
According to the report, an average of 51% of adults and 72% of minors in the EU have pirated digital content, with Poland and Spain averaging the highest rates of all countries surveyed. Nevertheless, displacement rates (the impact of piracy on legitimate sales) were found to be negligible or non-existent for music, books and games, while rates for films and TV were in line with previous digital piracy studies. Most interesting is the fact that the study found that illegal game downloads actually lead to an increase in legal purchases. The report concludes that tactics like video game microtransactions are proving effective in converting illegal users to paying users. The full report goes in-depth regarding potential factors influencing piracy and the challenges of accurately tracking its impact on legitimate sales, but the researchers ultimately conclude that there is no robust statistical evidence that illegal downloads reduce legal sales. That's big news, which makes it all the more troubling that the EU effectively buried it for two years.
(tags: piracy eu studies downloads ec games movies books content)
Understanding Uber: It's Not About The App
the next time you see a link to a petition or someone raging about this decision being ‘anti-innovation’, remember Greyball. Remember the Metropolitan Police letter [regarding several sexual assaults which Uber didn't report to police]. Remember that this is about holding ULL, as a company, to the same set of standards to which every other mini-cab operator in London already complies. Most of all though remember: it is not about the app.
(tags: uber ull safety crime london assault greyball taxis cabs apps)
-
"in iOS 11 and later, when you toggle the Wi-Fi or Bluetooth buttons in Control Center, your device will immediately disconnect from Wi-Fi and Bluetooth accessories. Both Wi-Fi and Bluetooth will continue to be available." That is because Apple wants the iPhone to be able to continue using AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and other features, according to the documentation.
(tags: wifi bluetooth iphone ios security fail off-means-off)
Wiggle | Panaracer RibMo Folding City Tyre | City Tyres
Recommended for city commuting by a couple of ppl on ITS
Gas Pump Skimmers - learn.sparkfun.com
For those who don’t want to read through the gritty details here’s the summary: These skimmers are cheap and are becoming more common and more of a nuisance across north america. The skimmer broadcasts over bluetooth as HC-05 with a password of 1234. If you happen to be at a gas pump and happen to scan for bluetooth devices and happen to see an HC-05 listed as an available connection then you probably don’t want to use that pump. The bluetooth module used on these skimmers is extremely common and used on all sorts of legitimate products end educational kits. If you detect one in the field you can confirm that it is a skimmer (and not some other device) by sending the character ‘P’ to the module over a terminal. If you get a ’M' in response then you have likely found a skimmer and you should contact your local authorities.
(tags: crime hardware bluetooth security electronics skimmers gas-stations usa petrol-stations hc-05)
Locking, Little's Law, and the USL
Excellent explanatory mailing list post by Martin Thompson to the mechanical-sympathy group, discussing Little's Law vs the USL:
Little's law can be used to describe a system in steady state from a queuing perspective, i.e. arrival and leaving rates are balanced. In this case it is a crude way of modelling a system with a contention percentage of 100% under Amdahl's law, in that throughput is one over latency. However this is an inaccurate way to model a system with locks. Amdahl's law does not account for coherence costs. For example, if you wrote a microbenchmark with a single thread to measure the lock cost then it is much lower than in a multi-threaded environment where cache coherence, other OS costs such as scheduling, and lock implementations need to be considered. Universal Scalability Law (USL) accounts for both the contention and the coherence costs. http://www.perfdynamics.com/Manifesto/USLscalability.html When modelling locks it is necessary to consider how contention and coherence costs vary given how they can be implemented. Consider in Java how we have biased locking, thin locks, fat locks, inflation, and revoking biases which can cause safe points that bring all threads in the JVM to a stop with a significant coherence component.
(tags: usl scaling scalability performance locking locks java jvm amdahls-law littles-law system-dynamics modelling systems caching threads schedulers contention)
"HTML email, was that your fault?"
jwz may indeed have invented this feature way back in Netscape Mail. FWIW I think he's right -- Netscape Mail was the first usage of HTML email I recall
Undercover operation 'Close Pass' reduced cyclist injuries by 20% in a year
An initiative to protect cyclists from dangerous overtaking has been praised, after reducing the amount of cyclists killed or seriously injured on the roads by 20% over the last year. Operation 'Close Pass' was devised by West Midlands Police as a low cost way of preventing accidents caused by motorists who are driving too close for comfort.
(Via Tony Finch)Normietivity: A Review of Angela Nagle's Kill all Normies
Due to a persistent vagueness in targets and refusal to respond to the best arguments presented by those she loosely groups together, Nagle does not provide the thoroughgoing and immanent treatment of the left which would be required to achieve the profound intervention she clearly intended. Nor does she grapple with the difficult implications figures like Greer (with her transphobic campaign against a vulnerable colleague) and Milo (with his direct advocacy for the nativist and carceral state) present for free speech absolutists. And indeed, the blurring their specifically shared transphobia causes for distinguishing between left and right wing social analysis. In genre terms, Nagle’s writing is best described as travel writing for internet culture. Kill All Normies provides a string of curios and oddities (from neo-nazi cults, to inscrutably gendered teenagers) to an audience expected to find them unfamiliar, and titillating. Nagle attempts to cast herself as an aloof and wry explorer, but at various points her commitments become all too clear. Nagle implicitly casts her reader as the eponymous normies, overlooking those of us who live through lives with transgenders, in the wake of colonialism, despite invisible disabilities (including depression), and all the rest. This is both a shame and a missed opportunity, because the deadly violence the Alt-Right has proven itself capable of is in urgent need of evaluation, but so too are the very real dysfunctions which afflict the left (both online and IRL). After this book patient, discerning, explanatory, and immanent readings of internet culture remain sorely needed. The best that can be said for Kill All Normies is, as the old meme goes, “An attempt was made.”
(tags: angela-nagle normies books reading transphobia germaine-greer milo alt-right politics internet 4chan)
-
Java 8 HotSpot feature to monitor and diagnose native memory leaks
(tags: java jvm memory native-memory malloc debugging coding nmt java-8 jcmd)
This Heroic Captain Defied His Orders and Stopped America From Starting World War III
Captain William Bassett, a USAF officer stationed at Okinawa on October 28, 1962, can now be added alongside Stanislav Petrov to the list of people who have saved the world from WWIII:
By [John] Bordne’s account, at the height of the Cuban Missile Crisis, Air Force crews on Okinawa were ordered to launch 32 missiles, each carrying a large nuclear warhead. [...] The Captain told Missile Operations Center over the phone that he either needed to hear that the threat level had been raised to DEFCON 1 and that he should fire the nukes, or that he should stand down. We don’t know exactly what the Missile Operations Center told Captain Bassett, but they finally received confirmation that they should not launch their nukes. After the crisis had passed Bassett reportedly told his men: “None of us will discuss anything that happened here tonight, and I mean anything. No discussions at the barracks, in a bar, or even here at the launch site. You do not even write home about this. Am I making myself perfectly clear on this subject?”
(tags: wwiii history nukes cuban-missile-crisis 1960s usaf okinawa missiles william-bassett)
malware piggybacking on CCleaner
On September 13, 2017 while conducting customer beta testing of our new exploit detection technology, Cisco Talos identified a specific executable which was triggering our advanced malware protection systems. Upon closer inspection, the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers. Talos began initial analysis to determine what was causing this technology to flag CCleaner. We identified that even though the downloaded installation executable was signed using a valid digital signature issued to Piriform, CCleaner was not the only application that came with the download. During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner's download server as recently as September 11, 2017.
Malicious typosquatting packages in PyPI
skcsirt-sa-20170909-pypi vulnerability announcement from SK-CSIRT:
SK-CSIRT identified malicious software libraries in the official Python package repository, PyPI, posing as well known libraries. A prominent example is a fake package urllib-1.21.1.tar.gz, based upon a well known package urllib3-1.21.1.tar.gz. Such packages may have been downloaded by unwitting developer or administrator by various means, including the popular “pip” utility (pip install urllib). There is evidence that the fake packages have indeed been downloaded and incorporated into software multiple times between June 2017 and September 2017.
London police’s use of AFR facial recognition falls flat on its face
A “top-of-the-line” automated facial recognition (AFR) system trialled for the second year in a row at London’s Notting Hill Carnival couldn’t even tell the difference between a young woman and a balding man, according to a rights group worker invited to view it in action. Because yes, of course they did it again: London’s Met police used controversial, inaccurate, largely unregulated automated facial recognition (AFR) technology to spot troublemakers. And once again, it did more harm than good. Last year, it proved useless. This year, it proved worse than useless: it blew up in their faces, with 35 false matches and one wrongful arrest of somebody erroneously tagged as being wanted on a warrant for a rioting offense. [...] During a recent, scathing US House oversight committee hearing on the FBI’s use of the technology, it emerged that 80% of the people in the FBI database don’t have any sort of arrest record. Yet the system’s recognition algorithm inaccurately identifies them during criminal searches 15% of the time, with black women most often being misidentified.
(tags: face-recognition afr london notting-hill-carnival police liberty met-police privacy data-privacy algorithms)
Universal adversarial perturbations
in today’s paper Moosavi-Dezfooli et al., show us how to create a _single_ perturbation that causes the vast majority of input images to be misclassified.
(tags: adversarial-classification spam image-recognition ml machine-learning dnns neural-networks images classification perturbation papers)
"Use trees. Not too deep. Mostly ensembles."
snarky summary of 'Data-driven Advice for Applying Machine Learning to Bioinformatics Problems', a recent analysis paper of ML algorithms
(tags: algorithms machine-learning bioinformatics funny advice classification)
"You Can't Stay Here: The Efficacy of Reddit’s 2015 Ban Examined Through Hate Speech"
In 2015, Reddit closed several subreddits—foremost among them r/fatpeoplehate and r/CoonTown—due to violations of Reddit’s anti-harassment policy. However, the effectiveness of banning as a moderation approach remains unclear: banning might diminish hateful behavior, or it may relocate such behavior to different parts of the site. We study the ban of r/fatpeoplehate and r/CoonTown in terms of its effect on both participating users and affected subreddits. Working from over 100M Reddit posts and comments, we generate hate speech lexicons to examine variations in hate speech usage via causal inference methods. We find that the ban worked for Reddit. More accounts than expected discontinued using the site; those that stayed drastically decreased their hate speech usage—by at least 80%. Though many subreddits saw an influx of r/fatpeoplehate and r/CoonTown “migrants,” those subreddits saw no significant changes in hate speech usage. In other words, other subreddits did not inherit the problem. We conclude by reflecting on the apparent success of the ban, discussing implications for online moderation, Reddit and internet communities more broadly.
(Via Anil Dash)(tags: abuse reddit research hate-speech community moderation racism internet)
The Immortal Myths About Online Abuse – Humane Tech – Medium
After building online communities for two decades, we’ve learned how to fight abuse. It’s a solvable problem. We just have to stop repeating the same myths as excuses not to fix things.
Here are the 8 myths Anil Dash picks out: 1. False: You can’t fix abusive behavior online. 2. False: Fighting abuse hurts free speech! 3. False: Software can detect abuse using simple rules. 4. False: Most people say “abuse” when they just mean criticism. 5. False: We just need everybody to use their “real” name. 6. False: Just charge a dollar to comment and that’ll fix things. 7. False: You can call the cops! If it’s not illegal, it’s not harmful. 8. False: Abuse can be fixed without dedicated resources.(tags: abuse comments community harassment racism reddit anil-dash free-speech)
-
Simon McGarr and John Looney's slides from their SRECon '17 presentation
(tags: simon-mcgarr data-privacy privacy data-protection gdpr slides presentations)
The React license for founders and CTOs – James Ide – Medium
Decent explanation of _why_ Facebook came up with the BSD+Patents license: "Facebook’s patent grant is about sharing its code while preserving its ability to defend itself against patent lawsuits."
The difficulty of open sourcing code at Facebook, including React in 2013, was one of the reasons the company’s open-source contributions used to be a fraction of what they are today. It didn’t use to have a strong reputation as an open-source contributor to front-end technologies. Facebook wanted to open source code, though; when it grew communities for projects like React, core contributors emerged to help out and interview candidates often cited React and other Facebook open source as one of the reasons they were interested in applying. People at Facebook wanted to make it easier to open source code and not worry as much about patents. Facebook’s solution was the Facebook BSD+Patents license.
(tags: facebook bsd licenses licensing asf patents swpats react license software-patents open-source rocksdb)
HN thread on the new Network Load Balancer AWS product
looks like @colmmacc works on it. Lots and lots of good details here
(tags: nlb aws load-balancing ops architecture lbs tcp ip)
Java Flame Graphs Introduction: Fire For Everyone!
lots of good detail on flame graph usage in Java, and the Honest Profiler (honest because it's safepoint-free)
(tags: profiling java safepoints jvm flame-graphs perf measurement benchmarking testing)
Teaching Students to Code - What Works
Lynn Langit describing her work as part of Microsoft Digigirlz and TKP to teach thousands of kids worldwide to code. Describes a curriculum from "K" (4-6-year olds) learning computational thinking with a block-based programming environment like Scratch, up to University level, solving problems with public clouds like AWS' free tier.
(tags: education learning coding teaching tkp lynn-langit scratch kids)
So much for that Voynich manuscript “solution”
boo.
The idea that the book is a medical treatise on women's health, however, might turn out to be correct. But that wasn't Gibbs' discovery. Many scholars and amateur sleuths had already reached that conclusion, using the same evidence that Gibbs did. Essentially, Gibbs rolled together a bunch of already-existing scholarship and did a highly speculative translation, without even consulting the librarians at the institute where the book resides. Gibbs said in the TLS article that he did his research for an unnamed "television network." Given that Gibbs' main claim to fame before this article was a series of books about how to write and sell television screenplays, it seems that his goal in this research was probably to sell a television screenplay of his own. In 2015, Gibbs did an interview where he said that in five years, "I would like to think I could have a returnable series up and running." Considering the dubious accuracy of many History Channel "documentaries," he might just get his wish.
(tags: crypto history voynich-manuscript historians tls)
How to Optimize Garbage Collection in Go
In this post, we’ll share a few powerful optimizations that mitigate many of the performance problems common to Go’s garbage collection (we will cover “fun with deadlocks” in a follow-up). In particular, we’ll share how embedding structs, using sync.Pool, and reusing backing arrays can minimize memory allocations and reduce garbage collection overhead.