Witney Seibold watches all the Academy Award Best Picture winners
Myself and the missus are in the process of doing this right now!
(tags: nerdist witney-seibold academy-awards best-picture awards movies)
-
it’s 2017, and spam has clawed itself back from the grave. It shows up on social media and dating sites as bots hoping to lure you into downloading malware or clicking an affiliate link. It creeps onto your phone as text messages and robocalls that ring you five times a day about luxury cruises and fictitious tax bills. Networks associated with the buzzy new cryptocurrency system Ethereum have been plagued with spam. Facebook recently fought a six-month battle against a spam operation that was administering fake accounts in Bangladesh, Indonesia, Saudi Arabia, and other countries. Last year, a Chicago resident sued the Trump campaign for allegedly sending unsolicited text message spam; this past November, ZDNet reported that voters were being inundated with political text messages they never signed up for. Apps can be horrid spam vectors, too — TechCrunch writer Jordan Crook wrote in April about how she idly downloaded an app called Gather that promptly spammed everyone in her contact list. Repeated mass data breaches that include contact information, such as the Yahoo breach in which 3 billion user accounts were exposed, surely haven’t helped. Meanwhile, you, me, and everyone we know is being plagued by robocalls. “There is no recourse for me,” lamented Troy Doliner, a student in Boston who gets robocalls every day. “I am harassed by a faceless entity that I cannot track down.” “I think we had a really unique set of circumstances that created this temporary window where spam was in remission,” said Finn Brunton, an assistant professor at NYU who wrote Spam: A Shadow History of the Internet, “and now we’re on the other side of that, with no end in sight.”
(via Boing Boing)(tags: spam privacy email social-media web robocalls phone ethereum texts abuse)
Category: Uncategorized
S3 Inventory Adds Apache ORC output format and Amazon Athena Integration
Interesting to see Amazon are kind of putting their money behind ORC as a new public data interchange format with this
Spot Fleet now supports Target Tracking
Awesome, nice feature
(tags: spot-fleet spot-instances ec2 amazon aws scaling ops architecture)
IBM urged to avoid working on 'extreme vetting' of U.S. immigrants
ICE wants to use machine learning technology and social media monitoring to determine whether an individual is a “positively contributing member of society,” according to documents published on federal contracting websites. More than 50 civil society groups and more than 50 technical experts sent separate letters on Thursday to the Department of Homeland Security saying the vetting program as described was “tailor-made for discrimination” and contending artificial intelligence was unable to provide the information ICE desired.
(tags: civil-rights politics usa trump ice ibm civil-liberties immigration discrimination racism social-media)
Cordyceps even creepier than at first thought
Hughes’s team found that fungal cells infiltrate the ant’s entire body, including its head, but they leave its brain untouched. There are other parasites that manipulate their hosts without destroying their brains, says Kelly Weinersmith from Rice University. For example, one flatworm forms a carpet-like layer over the brain of the California killifish, leaving the brain intact while forcing the fish to behave erratically and draw the attention of birds—the flatworm’s next host. “But manipulation of ants by Ophiocordyceps is so exquisitely precise that it is perhaps surprising that the fungus doesn't invade the brain of its host,” Weinersmith says. [....] So what we have here is a hostile takeover of a uniquely malevolent kind. Enemy forces invading a host’s body and using that body like a walkie-talkie to communicate with each other and influence the brain from afar. Hughes thinks the fungus might also exert more direct control over the ant’s muscles, literally controlling them “as a puppeteer controls as a marionette doll.” Once an infection is underway, he says, the neurons in the ant’s body—the ones that give its brain control over its muscles—start to die. Hughes suspects that the fungus takes over. It effectively cuts the ant’s limbs off from its brain and inserts itself in place, releasing chemicals that force the muscles there to contract. If this is right, then the ant ends its life as a prisoner in its own body. Its brain is still in the driver’s seat, but the fungus has the wheel.
(tags: biology gross cordyceps fungi fungus ants zombies infection brain parasites)
-
'I think you want a Unicomp [...] They bought the old IBM model M factory line, it's a model M with USB' -- a classic IBM-style clacky full size keyboard -- https://twitter.com/SwartzCr/status/932678394021535751
Tech Leaders Dismayed by Weaponization of Social Media - IEEE Spectrum
“We have passed the fail-safe point,” McNamee said. “I don’t think we can get back to the Silicon Valley that I loved. At this point we just have to save America.”
(tags: propaganda fake-news facebook twitter social-media us-politics brexit internet russia silicon-valley usa)
How to ensure Presto scalability ?in multi user case
Good preso from Treasure Data on multi-user Presto usage
(tags: presto presentations slides storage databases)
Why is this company tracking where you are on Thanksgiving?
Creepy:
To do this, they tapped a company called SafeGraph that provided them with 17 trillion location markers for 10 million smartphones. The data wasn’t just staggering in sheer quantity. It also appears to be extremely granular. Researchers “used this data to identify individuals' home locations, which they defined as the places people were most often located between the hours of 1 and 4 a.m.,” wrote The Washington Post. [....] This means SafeGraph is looking at an individual device and tracking where its owner is going throughout their day. A common defense from companies that creepily collect massive amounts of data is that the data is only analyzed in aggregate; for example, Google’s database BigQuery, which allows organizations to upload big data sets and then query them quickly, promises that all its public data sets are “fully anonymized” and “contain no personally-identifying information.” In multiple press releases from SafeGraph’s partners, the company’s location data is referred to as “anonymized,” but in this case they seem to be interpreting the concept of anonymity quite liberally given the specificity of the data. Most people probably don’t realize that their Thanksgiving habits could end up being scrutinized by strangers. It’s unclear if users realize that their data is being used this way, but all signs point to no. (SafeGraph and the researchers did not immediately respond to questions.) SafeGraph gets location data from “from numerous smartphone apps,” according to the researchers.
(tags: safegraph apps mobile location tracking surveillance android iphone ios smartphones big-data)
-
Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy. Security: Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against the IBM X-Force threat intelligence database of over 40 billion analyzed web pages and images. Quad9 also taps feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike. Performance: Quad9 systems are distributed worldwide in more than 70 locations at launch, with more than 160 locations in total on schedule for 2018. These servers are located primarily at Internet Exchange points, meaning that the distance and time required to get answers is lower than almost any other solution. These systems are distributed worldwide, not just in high-population areas, meaning users in less well-served areas can see significant improvements in speed on DNS lookups. The systems are “anycast” meaning that queries will automatically be routed to the closest operational system. Privacy: No personally-identifiable information is collected by the system. IP addresses of end users are not stored to disk or distributed outside of the equipment answering the query in the local data center. Quad9 is a nonprofit organization dedicated only to the operation of DNS services. There are no other secondary revenue streams for personally-identifiable data, and the core charter of the organization is to provide secure, fast, private DNS
Awesome!(tags: quad9 resolvers dns anycast ip networking privacy security)
Continuous self-testing at Hosted Graphite
'why we send external canaries, every second'
(tags: graphite hostedgraphite monitoring canaries udp alerting ops)
'STELLA Report from the SNAFUcatchers Workshop on Coping With Complexity', March 14-16 2017
'A consortium workshop of high end techs reviewed postmortems to better understand how engineers cope with the complexity of anomalies (SNAFU and SNAFU catching episodes) and how to support them. These cases reveal common themes regarding factors that produce resilient performances. The themes that emerge also highlight opportunities to move forward.' The 'Dark debt' concept is interesting here.
(tags: complexity postmortems dark-debt technical-debt resilience reliability systems snafu reports toread stella john-allspaw)
Driverless shuttle in Las Vegas gets in fender bender within an hour
Like any functioning autonomous vehicle, the shuttle can avoid obstacles and stop in a hurry if needed. What it apparently can’t do is move a couple feet out of the way when it looks like a 20-ton truck is going to back into it. A passenger interviewed by KSNV shared her frustration: The shuttle just stayed still and we were like, ‘oh my gosh, it’s gonna hit us, it’s gonna hit us!’ and then.. it hit us! And the shuttle didn’t have the ability to move back, either. Like, the shuttle just stayed still.
(tags: ai driverless-cars driving cars las-vegas aaa navya keolis)
The naked truth about Facebook’s revenge porn tool
This is absolutely spot on.
If Facebook wanted to implement a truly trusted system for revenge porn victims, they could put the photo hashing on the user side of things -- so only the hash is transferred to Facebook. To verify the claim that the image is truly a revenge porn issue, the victim could have the images verified through a trusted revenge porn advocacy organization. Theoretically, the victim then would have a verified, privacy-safe version of the photo, and a hash that could be also sent to Google and other sites.
(tags: facebook privacy hashing pictures images revenge-porn abuse via:jwz)
20 Benefits that speed up hiring and 5 that slow it down
But that isn’t to say work-life balance isn’t important. It’s just job seekers are looking for balance outside of work. Three of the five benefits that sped up time to hire were related to giving more opportunities to leave work: Caregiver leave Adoption leave On site gym Performance based incentives Family leave
(tags: hiring benefits text-analysis pto holidays vacation leave gyms work family-leave)
Facebook asks users for nude photos in project to combat revenge porn
The photos are hashed, server-side, using the PhotoDNA hashing algorithm. This would have been way way better if it ran locally, on user's phones, instead though. Interesting to note that PhotoDNA claims to have a "1 in 10 billion" false positive rate according to https://www.itu.int/en/cop/case-studies/Documents/ICMEC_PhotoDNA.PDF
(tags: photodna hashing images facebook revenge-porn messenger nudes photos)
-
The newly deployed contract, 0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4, contains a vulnerability where its owner was uninitialized. Although, the contract is a library it was possible for devops199 to turn it into a regular multi-sig wallet since for Ethereum there is no real distinction between accounts, libraries, and contracts. The event occurred in two transactions, a first one to take over the library and a second one to kill the library?—?which was used by all multi-sig wallets created after the 20th of July. Since by design smart-contracts themselves can’t be patched easily, this make dependancies on third party libraries very lethal if a mistake happens. The fact that libraries are global is also arguable, this would be shocking if it was how our daily use Operating Systems would work.
How Facebook Figures Out Everyone You've Ever Met
Oh god this is so creepy.
Facebook’s machinery operates on a scale far beyond normal human interactions. And the results of its People You May Know algorithm are anything but obvious. In the months I’ve been writing about PYMK, as Facebook calls it, I’ve heard more than a hundred bewildering anecdotes: A man who years ago donated sperm to a couple, secretly, so they could have a child—only to have Facebook recommend the child as a person he should know. He still knows the couple but is not friends with them on Facebook. A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information. A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later. An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”
(tags: facebook privacy surveillance security creepy phones contacts pymk)
-
In short, I am in support of Naomi Wu. Rather than let the Internet speculate on why, I am sharing my perspectives on the situation preemptively. As with most Internet controversies, it’s messy and emotional. I will try my best to outline the biases and issues I have observed. Of course, everyone has their perspective; you don’t have to agree with mine. And I suspect many of my core audience will dislike and disagree with this post. However, the beginning of healing starts with sharing and listening. I will share, and I respectfully request that readers read the entire content of this post before attacking any individual point out of context. The key forces I see at play are: Prototype Bias – how assumptions based on stereotypes influence the way we think and feel Idol Effect – the tendency to assign exaggerated capabilities and inflated expectations upon celebrities Power Asymmetry – those with more power have more influence, and should be held to a higher standard of accountability Guanxi Bias – the tendency to give foreign faces more credibility than local faces in China All these forces came together in a perfect storm this past week.
(tags: culture engineering maker naomi-wu women stereotypes bias idols power china bunnie)
-
That doesn't mean Polvi is a fan. "Lambda and serverless is one of the worst forms of proprietary lock-in that we've ever seen in the history of humanity," said Polvi, only partly in jest, referring to the most widely used serverless offering, AWS Lambda. "It's seriously as bad as it gets." He elaborated: "It's code that tied not just to hardware – which we've seen before – but to a data center, you can't even get the hardware yourself. And that hardware is now custom fabbed for the cloud providers with dark fiber that runs all around the world, just for them. So literally the application you write will never get the performance or responsiveness or the ability to be ported somewhere else without having the deployment footprint of Amazon."
Absolutely agreed...(tags: lambda amazon aws containers coreos deployment lockin proprietary serverless alex-polvi kubernetes)
AWS switching hypervisor from Xen to KVM
interesting
(tags: aws kvm xen virtualization)
How to effectively complain to an Irish broadcaster about a public affairs show
Simon McGarr: "If you think that a public affairs show has failed to address a matter with proper balance, you can (Tweet) say it to the breeze or complain. There is a process to follow to make an effective complaint 1) complain to broadcaster 2) complain to BAI if unhappy with response." Thread with more details, and yet more at https://twitter.com/IrishTV_films/status/927172642544783360
(tags: complaining complaints rte bai ireland current-affairs)
The 10 Top Recommendations for the AI Field in 2017 from the AI Now Institute
I am 100% behind this. There's so much potential for hidden bias and unethical discrimination in careless AI/ML deployment.
While AI holds significant promise, we’re seeing significant challenges in the rapid push to integrate these systems into high stakes domains. In criminal justice, a team at Propublica, and multiple academics since, have investigated how an algorithm used by courts and law enforcement to predict recidivism in criminal defendants may be introducing significant bias against African Americans. In a healthcare setting, a study at the University of Pittsburgh Medical Center observed that an AI system used to triage pneumonia patients was missing a major risk factor for severe complications. In the education field, teachers in Texas successfully sued their school district for evaluating them based on a ‘black box’ algorithm, which was exposed to be deeply flawed. This handful of examples is just the start?—?there’s much more we do not yet know. Part of the challenge is that the industry currently lacks standardized methods for testing and auditing AI systems to ensure they are safe and not amplifying bias. Yet early-stage AI systems are being introduced simultaneously across multiple areas, including healthcare, finance, law, education, and the workplace. These systems are increasingly being used to predict everything from our taste in music, to our likelihood of experiencing mental illness, to our fitness for a job or a loan.
(tags: ai algorithms machine-learning ai-now ethics bias racism discrimination)
Something is wrong on the internet – James Bridle – Medium
'an essay on YouTube, children's videos, automation, abuse, and violence, which crystallises a lot of my current feelings about the internet through a particularly unpleasant example from it. [...] What we’re talking about is very young children [..] being deliberately targeted with content which will traumatise and disturb them, via networks which are extremely vulnerable to exactly this form of abuse. It’s not about trolls, but about a kind of violence inherent in the combination of digital systems and capitalist incentives. It’s down to that level of the metal.'
(tags: internet youtube children web automation violence horror 4chan james-bridle)
Inside The Great Poop Emoji Feud
PILE_OF_POO in the news!
The debate appears to be between some of Unicode’s most prolific contributors and typographers (Unicode was initially established to develop standards for translating alphabets into code that can be read across all computers and operating systems), and those in the consortium who focus primarily on the evolution of emojis. The two chief critics — Michael Everson and Andrew West, both typographers — say that the emoji proposal process has become too commercial and frivolous, thereby cheapening the Unicode Consortium’s long body of work. Their argument centers around “Frowning Pile Of Poo,” one of the emojis under consideration for the June 2018 class. In an Oct. 22 memo to the Unicode Technical Committee, Everson tore into the committee over the submission calling it “damaging ... to the Unicode standard.”
(tags: pile-of-poo emoji funny michael-everson unicode frowning-poo poo shit)
newrelic/sidecar: Gossip-based service discovery. Docker native, but supports static discovery, too.
An AP gossip-based service-discovery sidecar process.
Services communicate to each other through an HAproxy instance on each host that is itself managed and configured by Sidecar. It is inspired by Airbnb's SmartStack. But, we believe it has a few advantages over SmartStack: Native support for Docker (works without Docker, too!); No dependence on Zookeeper or other centralized services; Peer-to-peer, so it works on your laptop or on a large cluster; Static binary means it's easy to deploy, and there is no interpreter needed; Tiny memory usage (under 20MB) and few execution threads means its very light weight
(tags: clustering docker go service-discovery ap sidecar haproxy discovery architecture)
-
'A vault for securely storing and accessing AWS credentials in development environments'. Scott Piper says: 'You should not use the AWS CLI with MFA without aws-vault, and probably should not use the CLI at all without aws-vault, because of it's benefit of storing your keys outside of ~/.aws/credentials (since every once in a while a developer will decide to upload all their dot-files in their home directory to github so they can use the same .vimrc and .bashrc aliases everywhere, and will end up uploading their AWS creds).'
(tags: aws vault security cli development coding dotfiles credentials mfa)
-
57.10 Acceptable Use; Safety-Critical Systems. Your use of the Lumberyard Materials must comply with the AWS Acceptable Use Policy. The Lumberyard Materials are not intended for use with life-critical or safety-critical systems, such as use in operation of medical equipment, automated transportation systems, autonomous vehicles, aircraft or air traffic control, nuclear facilities, manned spacecraft, or military use in connection with live combat. However, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization.
Seems fair enough.(tags: aws zombies funny t-and-cs legal civilization just-in-case)
How the Guardian found 800,000 paying readers
The strategy to rescue the Guardian from financial oblivion has attained a landmark position by increasing its revenue from readers to a point where it now outweighs the paper’s income from advertising. This significant shift in the Guardian’s business model, making it less dependent on a highly challenging advertising market for media companies, results largely from a quadrupling in the number of readers making monthly payments under the title’s membership scheme, which has grown from 75,000 to 300,000 members in the past year.
Wow. Good job Guardian!(tags: guardian journalism subscriptions newspapers future membership donations)
How to make the function keys the default Touch Bar display
Gonna need this for the new work laptop
(tags: touchbar apple ui function-keys keyboard usability it-just-works)
20 Touch Bar Tips & Tricks for the New MacBook Pro - YouTube
another set of touchbar tips
Fooling Neural Networks in the Physical World with 3D Adversarial Objects · labsix
This is amazingly weird stuff. Fooling NNs with adversarial objects:
Here is a 3D-printed turtle that is classified at every viewpoint as a “rifle” by Google’s InceptionV3 image classifier, whereas the unperturbed turtle is consistently classified as “turtle”. We do this using a new algorithm for reliably producing adversarial examples that cause targeted misclassification under transformations like blur, rotation, zoom, or translation, and we use it to generate both 2D printouts and 3D models that fool a standard neural network at any angle. Our process works for arbitrary 3D models - not just turtles! We also made a baseball that classifies as an espresso at every angle! The examples still fool the neural network when we put them in front of semantically relevant backgrounds; for example, you’d never see a rifle underwater, or an espresso in a baseball mitt.
(tags: ai deep-learning 3d-printing objects security hacking rifles models turtles adversarial-classification classification google inceptionv3 images image-classification)
Rich "Lowtax" Kyanka on Twitter's abuse/troll problem
how did you solve this problem at Something Awful? You said you wrote a bunch of rules but internet pedants will always find ways to get around them. The last rule says we can ban you for any reason. It's like the catch-all. We can ban you if it's too hot in the room, we can ban you if we had a bad day, we can ban you if our finger slips and hits the ban button. And that way people know that if they're doing something and it's not technically breaking any rules but they're obviously trying to push shit as far as they can, we can still ban them. But, unlike Twitter, we actually have what's called the Leper's Colony, which says what they did and has their track record. Twitter just says, “You're gone.”
(tags: twitter communication discussion history somethingawful lowtax)
Here's A List Of The Darkest, Strangest Scientific Paper Titles Of All Time | IFLScience
some great papers here (via Emilie)
(tags: via:emilie funny papers science titles)
Yonatan Zunger's twitter thread on Twitter's problem with policy issues
'I worked on policy issues at G+ and YT for years. It was *painfully* obvious that Twitter never took them seriously.' This thread is full of good information on "free speech", nazis, Trump, Gamergate and Twitter's harrassment problem. (Via Peter Bourgon)
(tags: via:peterbourgon harrassment twitter gamergate threads youtube google-plus policy abuse bullying free-speech engagement)
What To Do When Your Daughter Is the Mean Girl | Psychology Today
Bookmarking -- just in case. hopefully it won't be necessary... good site for parenting advice along these lines.
I knew this day would come. I was, of course, hoping it never would-hoping that my daughter would never be mean to someone else's daughter-but as they say, I wrote the book on girl bullying in elementary school, so I knew that there was a pretty good chance that despite all of my best efforts, one of these days, my girl was gonna act like the mean one. This morning, she told me about it.
MaxMind DB File Format Specification
An interesting data structure format -- 'the MaxMind DB file format is a database format that maps IPv4 and IPv6 addresses to data records using an efficient binary search tree.'
(tags: maxmind databases storage ipv4 ipv6 addresses bst binary-search-trees trees data-structures)
IBM broke its cloud by letting three domain names expire - The Register
“multiple domain names were mistakenly allowed to expire and were in hold status.”
Open-sourcing RacerD: Fast static race detection at scale | Engineering Blog | Facebook Code
At Facebook we have been working on automated reasoning about concurrency in our work with the Infer static analyzer. RacerD, our new open source race detector, searches for data races — unsynchronized memory accesses, where one is a write — in Java programs, and it does this without running the program it is analyzing. RacerD employs symbolic reasoning to cover many paths through an app, quickly.
This sounds extremely interesting...(tags: racerd race-conditions data-races thread-safety static-code-analysis coding testing facebook open-source infer)
-
Fascinating stuff -- from Felix Cohen's excellent twitter thread.
Solera is a process for aging liquids such as wine, beer, vinegar, and brandy, by fractional blending in such a way that the finished product is a mixture of ages, with the average age gradually increasing as the process continues over many years. The purpose of this labor-intensive process is the maintenance of a reliable style and quality of the beverage over time. Solera means literally "on the ground" in Spanish, and it refers to the lower level of the set of barrels or other containers used in the process; the liquid (traditionally transferred from barrel to barrel, top to bottom, the oldest mixtures being in the barrel right "on the ground"), although the containers in today's process are not necessarily stacked physically in the way that this implies, but merely carefully labeled. Products which are often solera aged include Sherry, Madeira, Lillet, Port wine, Marsala, Mavrodafni, Muscat, and Muscadelle wines; Balsamic, Commandaria, some Vins doux naturels, and Sherry vinegars; Brandy de Jerez; beer; rums; and whiskies. Since the origin of this process is undoubtedly out of the Iberian peninsula, most of the traditional terminology was in Spanish, Portuguese, or Catalan.
(tags: wine aging solera sherry muscat vinegar brandy beer rum whiskey whisky brewing spain)
The Best Way to Sous Vide Is to Shut Up About It
lol
(tags: sous-vide gadgets kitchen bros cooking cookery funny)
"1 like = 1 delicious cocktail recipe or booze fact."
Great cocktail factoid thread from Manhattans Project/Every Cloud's Felix Cohen
Alarm systems alarmingly insecure. Oh the irony | Pen Test Partners
Some absolutely abysmal security practices used in off-the-shelf self-installed wireless home alarm systems -- specifically the Yale HSA6400. Simple replay attacks of the unlock PIN message, for instance
What Parents Can Do When Bullying is Downplayed at School | Psychology Today
Despite the "Bully-Free Zone" posters that line the school cafeteria walls and the Zero-Tolerance policy that was boasted about during last September's Back-to-School night, your experience is that the school would rather not address the problem at all. The responses you get from your child's teacher include bland lip service [...]
Good advice for this nasty situation -- I'm thankfully not facing it myself, but bookmarking just in case...(tags: bullying kids school education psychology children parenting)
Cyclists: Let's Talk About Shoaling
You're stopped at a red light with a bunch of folks on bikes, when someone who's just arrived sails past everyone, right to the head of the class. It's a lot like seeing somebody in the Whole Foods express lane with too many things. In other words, it's the kind of behavior that triggers toothy-toddler rages in otherwise emotionally competent adults.
Oh god. This drives me nuts. (via Mark)(tags: shoaling cycling commuting bikes red-lights commute rage)
Commodore 64 Raspberry Pi Case with working power LED
3D-printed retro-pi cases (via Oisin)
(tags: via:oisin 3d-printing retropi cases raspberry-pi hardware cute)
-
'AWS Lambda cheatsheet' -- a quick ref card for Lambda users
(tags: aws lambda ops serverless reference quick-references)
Turtle Bunbury - THE NIGHT OF THE BIG WIND, 1839 (Reprise)
The Night of the Big Wind was the most devastating storm ever recorded in Irish history. Known in As Gaeilge as ‘Oiche na Gaoithe Moire’, the hurricane of 6th and 7th January 1839 made more people homeless in a single night than all the sorry decades of eviction that followed it.
(tags: 1839 1830s 19th-century ireland turtle-bunbury history storms weather hurricanes)
One person’s history of Twitter, from beginning to end – Mike Monteiro
Twitter, which was conceived and built by a room of privileged white boys (some of them my friends!), never considered the possibility that they were building a bomb. To this day, Jack Dorsey doesn’t realize the size of the bomb he’s sitting on. Or if he does, he believes it’s metaphorical. It’s not. He is utterly unprepared for the burden he’s found himself responsible for. The power of Oppenheimer-wide destruction is in the hands of entitled men-children, cuddled runts, who aim not to enhance human communication, but to build themselves a digital substitute for physical contact with members of the species who were unlike them. And it should scare you.
(tags: politics twitter mike-monteiro history silicon-valley trump)
A history of the neural net/tank legend in AI, and other examples of reward hacking
@gwern: "A history of the neural net/tank legend in AI: https://t.co/2s4AOGMS3a (Feel free to suggest more sightings or examples of reward hacking!)"
(tags: gwern history ai machine-learning ml genetic-algorithms neural-networks perceptron learning training data reward-hacking)
-
I want to talk about why this vulnerability continues to exist so many years after WPA was standardized. And separately, to answer a question: how did this attack slip through, despite the fact that the 802.11i handshake was formally proven secure?
Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
This is the most amazing hack.
Upon successful execution, the exploit exposes APIs to read and write the host’s physical memory directly over-the-air, by mapping in any requested address to the controlled DART L2 translation table, and issuing DMA accesses to the corresponding mapped IO-Space addresses.
(tags: hacks exploits security ios wifi apple iphone kernel)
How to operate reliable AWS Lambda applications in production
running a reliable Lambda application in production requires you to still follow operational best practices. In this article I am including some recommendations, based on my experience with operations in general as well as working with AWS Lambda.
Amazon Shipping Filter - Chrome Web Store
a user script to determine when Amazon.{com,co.uk,fr,de,it,etc} will not deliver to your chosen delivery address, which is a common risk for Irish users
(tags: ireland shipping amazon buying extensions chrome userscripts shopping)
Spotify’s Discover Weekly: How machine learning finds your new music
Not sure how accurate this is (it's not written by a Spotify employee), but seems pretty well researched -- according to this Discover Weekly is a mix of 3 different algorithms
(tags: discover-weekly spotify nlp music ai ml machine-learning)
Study: wearing hi-viz clothing does not reduce risk of collision for cyclists
Journal of Transport & Health, 22 March 2017:
This study found no evidence that cyclists using conspicuity aids were at reduced risk of a collision crash compared to non-users after adjustment for confounding, but there was some evidence of an increase in risk. Bias and residual confounding from differing route selection and cycling behaviours in users of conspicuity aids are possible explanations for these findings. Conspicuity aids may not be effective in reducing collision crash risk for cyclists in highly-motorised environments when used in the absence of other bicycle crash prevention measures such as increased segregation or lower motor vehicle speeds.
(tags: health safety hi-viz clothing cycling commute visibility collision crashes papers)
-
Not a very good review of Hazelcast's CAP behaviour from Aphyr. see also https://twitter.com/MarcJBrooker/status/917437286639329280 for more musings from Marc Brooker on the topic ("PA/EC is a confusing and dangerous behaviour for many cases")
(tags: jepsen aphyr testing hazelcast cap-theorem reliability partitions network pacelc marc-brooker)
House Six, the Heartbeat of Student Life – The University Times
Dilapidated but beloved, House Six shapes student life in Trinity and has for decades been the backdrop to changes in Irish society.
Ah, memories -- in my case mostly of all-night Civ games in Publications(tags: history tcd trinity house-six csc tcdsu dublin buildings landmarks)
London's Hidden Tunnels Revealed In Amazing Cutaways | Londonist
these really are remarkable. I love the Renzo Picassos in particular
(tags: design history london 3d cutaways diagrams comics mid-century)
Kremlin info-ops measured to have a total reach of 340 million with dark, divisive ads
when the virality and resharing is measured, it's far higher than previously estimated, according to this Washington Post article
-
This week I took a crack at writing a branchless UTF-8 decoder: a function that decodes a single UTF-8 code point from a byte stream without any if statements, loops, short-circuit operators, or other sorts of conditional jumps. [...] Why branchless? Because high performance CPUs are pipelined. That is, a single instruction is executed over a series of stages, and many instructions are executed in overlapping time intervals, each at a different stage.
Neat hack (via Tony Finch)(tags: algorithms optimization unicode utf8 branchless coding c via:fanf)
Internet speed guarantees must be realistic, says Ofcom | Hacker News
Good news from the UK. Hope this comes to Ireland soon, too
"Why We Built Our Own Distributed Column Store" (video)
"Why We Built Our Own Distributed Column Store" by Sam Stokes of Honeycomb.io -- Retriever, inspired by Facebook's Scuba
(tags: scuba retriever storage data-stores columnar-storage honeycomb.io databases via:charitymajors)
-
A deep dive on how we were using our existing databases revealed that they were frequently not used for their relational capabilities. About 70 percent of operations were of the key-value kind, where only a primary key was used and a single row would be returned. About 20 percent would return a set of rows, but still operate on only a single table. With these requirements in mind, and a willingness to question the status quo, a small group of distributed systems experts came together and designed a horizontally scalable distributed database that would scale out for both reads and writes to meet the long-term needs of our business. This was the genesis of the Amazon Dynamo database. The success of our early results with the Dynamo database encouraged us to write Amazon's Dynamo whitepaper and share it at the 2007 ACM Symposium on Operating Systems Principles (SOSP conference), so that others in the industry could benefit. The Dynamo paper was well-received and served as a catalyst to create the category of distributed database technologies commonly known today as "NoSQL."
That's not an exaggeration. Nice one Werner et al!(tags: dynamo history nosql storage databases distcomp amazon papers acm data-stores)
The world's first cyber-attack, on the Chappe telegraph system, in Bordeaux in 1834
The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements. Some tried using messengers and carrier pigeons, but the Blanc brothers found a way to use the telegraph line instead. They bribed the telegraph operator in the city of Tours to introduce deliberate errors into routine government messages being sent over the network. The telegraph’s encoding system included a “backspace” symbol that instructed the transcriber to ignore the previous character. The addition of a spurious character indicating the direction of the previous day’s market movement, followed by a backspace, meant the text of the message being sent was unaffected when it was written out for delivery at the end of the line. But this extra character could be seen by another accomplice: a former telegraph operator who observed the telegraph tower outside Bordeaux with a telescope, and then passed on the news to the Blancs. The scam was only uncovered in 1836, when the crooked operator in Tours fell ill and revealed all to a friend, who he hoped would take his place. The Blanc brothers were put on trial, though they could not be convicted because there was no law against misuse of data networks. But the Blancs’ pioneering misuse of the French network qualifies as the world’s first cyber-attack.
(tags: bordeaux hacking history security technology cyber-attacks telegraph telegraphes-chappe)
Slack 103: Communication and culture
Interesting note on some emergent Slack communications systems using emoji: "redirect raccoon", voting, and "I'm taking a look at this"
This Future Looks Familiar: Watching Blade Runner in 2017
I told a lot of people that I was going to watch Blade Runner for the first time, because I know that people have opinions about Blade Runner. All of them gave me a few watery opinions to keep in mind going in—nothing that would spoil me, but things that would help me understand what they assured me would be a Very Strange Film. None of them told me the right things, though.
(tags: culture movies film blade-runner politics slavery replicants)
-
'Sampling tools like oprofile or dtrace's profile provider don't really provide methods to see what [multithreaded] programs are blocking on - only where they spend CPU time. Though there exist advanced techniques (such as systemtap and dtrace call level probes), it is overkill to build upon that. Poor man doesn't have time. Poor man needs food.' Basically periodically grabbing stack traces from running processes using gdb.
(tags: gdb profiling linux unix mark-callaghan stack-traces performance)
Report an Issue Online | Dublin City Council
handy self-service issue report portal, more direct possibly than FixMyStreet.ie
(tags: dcc dublin city council reporting civic traffic-lights roads paths)
Intel pcj library for persistent memory-oriented data structures
This is a "pilot" project to develop a library for Java objects stored in persistent memory. Persistent collections are being emphasized because many applications for persistent memory seem to map well to the use of collections. One of this project's goals is to make programming with persistent objects feel natural to a Java developer, for example, by using familiar Java constructs when incorporating persistence elements such as data consistency and object lifetime. The breadth of persistent types is currently limited and the code is not performance-optimized. We are making the code available because we believe it can be useful in experiments to retrofit existing Java code to use persistent memory and to explore persistent Java programming in general.
(via Mario Fusco)(tags: persistent-memory data-structures storage persistence java coding future)
Google and Facebook Have Failed Us - The Atlantic
There’s no hiding behind algorithms anymore. The problems cannot be minimized. The machines have shown they are not up to the task of dealing with rare, breaking news events, and it is unlikely that they will be in the near future. More humans must be added to the decision-making process, and the sooner the better.
(tags: algorithms facebook google las-vegas news filtering hoaxes 4chan abuse breaking-news responsibility silicon-valley)
the execution of James Connolly in cake form
As depicted in the Decobake 1916 commemorative cake competition. Amazing scenes of edible history
(tags: odd funny decobake 1916 history ireland republican nationalism james-connolly executions omgwtf cake)
Cashing in on ATM Malware - A Comprehensive Look at Various Attack Types
rather unnerving report from Trend Micro / Europol. 'As things stand, it looks like different criminal groups have already graduated from physical to virtual skimming via malware, thanks to the lack of security measures implemented by commercial banks worldwide. This is common in Latin America and Eastern Europe, but these criminals are exporting the technique and have started to victimize other countries.'
(tags: atms banking security trend-micro banks europol exploits)
Your Morning Sucks. Here’s How to Create a Dream Morning Routine.
this is fucking hilarious
(tags: funny self-parody morning routines via:dorothy hydration trampolines wtf manic)
The copyright implications of a publicly curated online archive of Oireachtas debates
"a publicly curated online archive of Oireachtas debates is so obviously in the public interest that copyright law should not prevent it." (via Aileen)
(tags: via:aileen copyright oireachtas debates ireland parliament archival history)
Share scripts that have dependencies with Nix
Nice approach to one-liner packaging invocations using nix-shell
In 1973, I invented a ‘girly drink’ called Baileys
The creation of the iconic booze:
'We bought a small bottle of Jamesons Irish Whiskey and a tub of single cream and hurried back. It was a lovely May morning. 1973. Underdogs Sunderland had just won the FA Cup. We mixed the two ingredients in our kitchen, tasted the result and it was certainly intriguing, but in reality bloody awful. Undaunted, we threw in some sugar and it got better, but it still missed something. We went back to the store, searching the shelves for something else, found our salvation in Cadbury’s Powdered Drinking Chocolate and added it to our formula. Hugh and I were taken by surprise. It tasted really good. Not only this, but the cream seemed to have the effect of making the drink taste stronger, like full-strength spirit. It was extraordinary.'
(tags: whiskey cream booze drinks baileys 1970s history 1973 chocolate cocktails)
-
restore a versioned S3 bucket to the state it was at at a specific point in time
(tags: ops s3 restore backups versioning history tools scripts unix)
-
Importing an EV from the UK into Ireland (specifically the Nissan Leaf). A little dated (2013) but possibly useful all the same
The Israeli Digital Rights Movement's campaign for privacy | Internet Policy Review
This study explores the persuasion techniques used by the Israeli Digital Rights Movement in its campaign against Israel’s biometric database. The research was based on analysing the movement's official publications and announcements and the journalistic discourse that surrounded their campaign within the political, judicial, and public arenas in 2009-2017. The results demonstrate how the organisation navigated three persuasion frames to achieve its goals: the unnecessity of a biometric database in democracy; the database’s ineffectiveness; and governmental incompetence in securing it. I conclude by discussing how analysing civil society privacy campaigns can shed light over different regimes of privacy governance. [....] 1. Why the database should be abolished: because it's not necessary - As the organisation highlighted repeatedly throughout the campaign with the backing of cyber experts, there is a significant difference between issuing smart documents and creating a database. Issuing smart documents effectively solves the problem of stealing and forging official documents, but does it necessarily entail the creation of a database? The activists’ answer is no: they declared that while they do support the transition to smart documents (passports and ID cards) for Israeli citizens, they object to the creation of a database due to its violation of citizens' privacy. 2. Why the database should be abolished: because it's ineffective; [...] 3. Why the database should be abolished: because it will be breached - The final argument was that the database should be abolished because the government would not be able to guarantee protection against security breaches, and hence possible identity theft.
(tags: digital-rights privacy databases id-cards israel psc drm identity-theft security)
-
Unroll a long twitter thread with a single tweet. I like it
-
a new common C++ library from Google, Apache-licensed.
(tags: c++ coding abseil google commons libraries open-source asl2 c++17)
Anthony Levandowski has founded an AI religion
In September 2015, the multi-millionaire engineer at the heart of the patent and trade secrets lawsuit between Uber and Waymo, Google’s self-driving car company, founded a religious organization called Way of the Future. Its purpose, according to previously unreported state filings, is nothing less than to “develop and promote the realization of a Godhead based on Artificial Intelligence.”
this article is full of bananas.(tags: google crazy uber waymo self-driving-cars cars religion way-of-the-future ai god)
LambCI — a serverless build system
Run CI builds on Lambda:
LambCI is a tool I began building over a year ago to run tests on our pull requests and branches at Uniqlo Mobile. Inspired at the inaugural ServerlessConf a few weeks ago, I recently put some work into hammering it into shape for public consumption. It was borne of a dissatisfaction with the two current choices for automated testing on private projects. You can either pay for it as a service (Travis, CircleCI, etc)?—?where 3 developers needing their own build containers might set you back a few hundred dollars a month. Or you can setup a system like Jenkins, Strider, etc and configure and manage a database, a web server and a cluster of build servers . In both cases you’ll be under- or overutilized, waiting for servers to free up or paying for server power you’re not using. And this, for me, is where the advantage of a serverless architecture really comes to light: 100% utilization, coupled with instant invocations.
-
Later, in clinic, I see patients ranging from a stoical university student to a devastated father to the frail octogenarian who can’t remember the day, let alone that he has cancer – each patient an illustration of a recent Macmillan Cancer Support UK finding that it is more common for an individual to be diagnosed with cancer than to get married or have a first child. One in two people will encounter a cancer diagnosis in their lifetime, which is why the report says that, alongside marriage, parenthood, retirement and the death of a parent, cancer is now “a common life milestone”.
-
looks like a nice web-based database, FileMaker Pro-style
(tags: filemaker collaboration database tools web sharing teams)
-
occupants in open-plan offices (>6 persons) had 62% more days of sickness absence (RR 1.62, 95% CI 1.30-2.02).
(tags: health office workplace data sickness open-plan work offices)
Legendary aquarium "piscamel" thread from the GotMead forums
I thought I had detected a studied disinterest for my March 28 questions about raising fish and making mead in the same aquarium --- now I realize that you mazers probably thought I was drunk. My hypothesis was that fish manures would provide valuable fertilizer to the yeast, the aquarium bubbler would keep O2 levels high, and the fish would get a nice honey drink. The result, instead, was 3 "piscamels" flavored by rotting fish.
This sounds utterly revolting. Mead made with biohazard waste. Those poor fish! (via John Looney)(tags: via:johnlooney biohazard mead fish aquarium gotmead forums brewing disgusting)
Relicensing React, Jest, Flow, and Immutable.js | Engineering Blog | Facebook Code
This decision comes after several weeks of disappointment and uncertainty for our community. Although we still believe our BSD + Patents license provides some benefits to users of our projects, we acknowledge that we failed to decisively convince this community.
(tags: facebook opensource react patents swpats bsd licensing)
'Monitoring Cloudflare's planet-scale edge network with Prometheus' (preso)
from SRECon EMEA 2017; how Cloudflare are replacing Nagios with Prometheus and grafana
(tags: metrics monitoring alerting prometheus grafana nagios)
European Commission study finds no link between piracy and lower sales of digital content
According to the report, an average of 51% of adults and 72% of minors in the EU have pirated digital content, with Poland and Spain averaging the highest rates of all countries surveyed. Nevertheless, displacement rates (the impact of piracy on legitimate sales) were found to be negligible or non-existent for music, books and games, while rates for films and TV were in line with previous digital piracy studies. Most interesting is the fact that the study found that illegal game downloads actually lead to an increase in legal purchases. The report concludes that tactics like video game microtransactions are proving effective in converting illegal users to paying users. The full report goes in-depth regarding potential factors influencing piracy and the challenges of accurately tracking its impact on legitimate sales, but the researchers ultimately conclude that there is no robust statistical evidence that illegal downloads reduce legal sales. That's big news, which makes it all the more troubling that the EU effectively buried it for two years.
(tags: piracy eu studies downloads ec games movies books content)
Understanding Uber: It's Not About The App
the next time you see a link to a petition or someone raging about this decision being ‘anti-innovation’, remember Greyball. Remember the Metropolitan Police letter [regarding several sexual assaults which Uber didn't report to police]. Remember that this is about holding ULL, as a company, to the same set of standards to which every other mini-cab operator in London already complies. Most of all though remember: it is not about the app.
(tags: uber ull safety crime london assault greyball taxis cabs apps)
-
"in iOS 11 and later, when you toggle the Wi-Fi or Bluetooth buttons in Control Center, your device will immediately disconnect from Wi-Fi and Bluetooth accessories. Both Wi-Fi and Bluetooth will continue to be available." That is because Apple wants the iPhone to be able to continue using AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and other features, according to the documentation.
(tags: wifi bluetooth iphone ios security fail off-means-off)
Wiggle | Panaracer RibMo Folding City Tyre | City Tyres
Recommended for city commuting by a couple of ppl on ITS
Gas Pump Skimmers - learn.sparkfun.com
For those who don’t want to read through the gritty details here’s the summary: These skimmers are cheap and are becoming more common and more of a nuisance across north america. The skimmer broadcasts over bluetooth as HC-05 with a password of 1234. If you happen to be at a gas pump and happen to scan for bluetooth devices and happen to see an HC-05 listed as an available connection then you probably don’t want to use that pump. The bluetooth module used on these skimmers is extremely common and used on all sorts of legitimate products end educational kits. If you detect one in the field you can confirm that it is a skimmer (and not some other device) by sending the character ‘P’ to the module over a terminal. If you get a ’M' in response then you have likely found a skimmer and you should contact your local authorities.
(tags: crime hardware bluetooth security electronics skimmers gas-stations usa petrol-stations hc-05)
Locking, Little's Law, and the USL
Excellent explanatory mailing list post by Martin Thompson to the mechanical-sympathy group, discussing Little's Law vs the USL:
Little's law can be used to describe a system in steady state from a queuing perspective, i.e. arrival and leaving rates are balanced. In this case it is a crude way of modelling a system with a contention percentage of 100% under Amdahl's law, in that throughput is one over latency. However this is an inaccurate way to model a system with locks. Amdahl's law does not account for coherence costs. For example, if you wrote a microbenchmark with a single thread to measure the lock cost then it is much lower than in a multi-threaded environment where cache coherence, other OS costs such as scheduling, and lock implementations need to be considered. Universal Scalability Law (USL) accounts for both the contention and the coherence costs. http://www.perfdynamics.com/Manifesto/USLscalability.html When modelling locks it is necessary to consider how contention and coherence costs vary given how they can be implemented. Consider in Java how we have biased locking, thin locks, fat locks, inflation, and revoking biases which can cause safe points that bring all threads in the JVM to a stop with a significant coherence component.
(tags: usl scaling scalability performance locking locks java jvm amdahls-law littles-law system-dynamics modelling systems caching threads schedulers contention)
"HTML email, was that your fault?"
jwz may indeed have invented this feature way back in Netscape Mail. FWIW I think he's right -- Netscape Mail was the first usage of HTML email I recall
Undercover operation 'Close Pass' reduced cyclist injuries by 20% in a year
An initiative to protect cyclists from dangerous overtaking has been praised, after reducing the amount of cyclists killed or seriously injured on the roads by 20% over the last year. Operation 'Close Pass' was devised by West Midlands Police as a low cost way of preventing accidents caused by motorists who are driving too close for comfort.
(Via Tony Finch)Normietivity: A Review of Angela Nagle's Kill all Normies
Due to a persistent vagueness in targets and refusal to respond to the best arguments presented by those she loosely groups together, Nagle does not provide the thoroughgoing and immanent treatment of the left which would be required to achieve the profound intervention she clearly intended. Nor does she grapple with the difficult implications figures like Greer (with her transphobic campaign against a vulnerable colleague) and Milo (with his direct advocacy for the nativist and carceral state) present for free speech absolutists. And indeed, the blurring their specifically shared transphobia causes for distinguishing between left and right wing social analysis. In genre terms, Nagle’s writing is best described as travel writing for internet culture. Kill All Normies provides a string of curios and oddities (from neo-nazi cults, to inscrutably gendered teenagers) to an audience expected to find them unfamiliar, and titillating. Nagle attempts to cast herself as an aloof and wry explorer, but at various points her commitments become all too clear. Nagle implicitly casts her reader as the eponymous normies, overlooking those of us who live through lives with transgenders, in the wake of colonialism, despite invisible disabilities (including depression), and all the rest. This is both a shame and a missed opportunity, because the deadly violence the Alt-Right has proven itself capable of is in urgent need of evaluation, but so too are the very real dysfunctions which afflict the left (both online and IRL). After this book patient, discerning, explanatory, and immanent readings of internet culture remain sorely needed. The best that can be said for Kill All Normies is, as the old meme goes, “An attempt was made.”
(tags: angela-nagle normies books reading transphobia germaine-greer milo alt-right politics internet 4chan)
-
Java 8 HotSpot feature to monitor and diagnose native memory leaks
(tags: java jvm memory native-memory malloc debugging coding nmt java-8 jcmd)
This Heroic Captain Defied His Orders and Stopped America From Starting World War III
Captain William Bassett, a USAF officer stationed at Okinawa on October 28, 1962, can now be added alongside Stanislav Petrov to the list of people who have saved the world from WWIII:
By [John] Bordne’s account, at the height of the Cuban Missile Crisis, Air Force crews on Okinawa were ordered to launch 32 missiles, each carrying a large nuclear warhead. [...] The Captain told Missile Operations Center over the phone that he either needed to hear that the threat level had been raised to DEFCON 1 and that he should fire the nukes, or that he should stand down. We don’t know exactly what the Missile Operations Center told Captain Bassett, but they finally received confirmation that they should not launch their nukes. After the crisis had passed Bassett reportedly told his men: “None of us will discuss anything that happened here tonight, and I mean anything. No discussions at the barracks, in a bar, or even here at the launch site. You do not even write home about this. Am I making myself perfectly clear on this subject?”
(tags: wwiii history nukes cuban-missile-crisis 1960s usaf okinawa missiles william-bassett)
malware piggybacking on CCleaner
On September 13, 2017 while conducting customer beta testing of our new exploit detection technology, Cisco Talos identified a specific executable which was triggering our advanced malware protection systems. Upon closer inspection, the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers. Talos began initial analysis to determine what was causing this technology to flag CCleaner. We identified that even though the downloaded installation executable was signed using a valid digital signature issued to Piriform, CCleaner was not the only application that came with the download. During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner's download server as recently as September 11, 2017.
Malicious typosquatting packages in PyPI
skcsirt-sa-20170909-pypi vulnerability announcement from SK-CSIRT:
SK-CSIRT identified malicious software libraries in the official Python package repository, PyPI, posing as well known libraries. A prominent example is a fake package urllib-1.21.1.tar.gz, based upon a well known package urllib3-1.21.1.tar.gz. Such packages may have been downloaded by unwitting developer or administrator by various means, including the popular “pip” utility (pip install urllib). There is evidence that the fake packages have indeed been downloaded and incorporated into software multiple times between June 2017 and September 2017.
London police’s use of AFR facial recognition falls flat on its face
A “top-of-the-line” automated facial recognition (AFR) system trialled for the second year in a row at London’s Notting Hill Carnival couldn’t even tell the difference between a young woman and a balding man, according to a rights group worker invited to view it in action. Because yes, of course they did it again: London’s Met police used controversial, inaccurate, largely unregulated automated facial recognition (AFR) technology to spot troublemakers. And once again, it did more harm than good. Last year, it proved useless. This year, it proved worse than useless: it blew up in their faces, with 35 false matches and one wrongful arrest of somebody erroneously tagged as being wanted on a warrant for a rioting offense. [...] During a recent, scathing US House oversight committee hearing on the FBI’s use of the technology, it emerged that 80% of the people in the FBI database don’t have any sort of arrest record. Yet the system’s recognition algorithm inaccurately identifies them during criminal searches 15% of the time, with black women most often being misidentified.
(tags: face-recognition afr london notting-hill-carnival police liberty met-police privacy data-privacy algorithms)
Universal adversarial perturbations
in today’s paper Moosavi-Dezfooli et al., show us how to create a _single_ perturbation that causes the vast majority of input images to be misclassified.
(tags: adversarial-classification spam image-recognition ml machine-learning dnns neural-networks images classification perturbation papers)
"Use trees. Not too deep. Mostly ensembles."
snarky summary of 'Data-driven Advice for Applying Machine Learning to Bioinformatics Problems', a recent analysis paper of ML algorithms
(tags: algorithms machine-learning bioinformatics funny advice classification)
"You Can't Stay Here: The Efficacy of Reddit’s 2015 Ban Examined Through Hate Speech"
In 2015, Reddit closed several subreddits—foremost among them r/fatpeoplehate and r/CoonTown—due to violations of Reddit’s anti-harassment policy. However, the effectiveness of banning as a moderation approach remains unclear: banning might diminish hateful behavior, or it may relocate such behavior to different parts of the site. We study the ban of r/fatpeoplehate and r/CoonTown in terms of its effect on both participating users and affected subreddits. Working from over 100M Reddit posts and comments, we generate hate speech lexicons to examine variations in hate speech usage via causal inference methods. We find that the ban worked for Reddit. More accounts than expected discontinued using the site; those that stayed drastically decreased their hate speech usage—by at least 80%. Though many subreddits saw an influx of r/fatpeoplehate and r/CoonTown “migrants,” those subreddits saw no significant changes in hate speech usage. In other words, other subreddits did not inherit the problem. We conclude by reflecting on the apparent success of the ban, discussing implications for online moderation, Reddit and internet communities more broadly.
(Via Anil Dash)(tags: abuse reddit research hate-speech community moderation racism internet)
The Immortal Myths About Online Abuse – Humane Tech – Medium
After building online communities for two decades, we’ve learned how to fight abuse. It’s a solvable problem. We just have to stop repeating the same myths as excuses not to fix things.
Here are the 8 myths Anil Dash picks out: 1. False: You can’t fix abusive behavior online. 2. False: Fighting abuse hurts free speech! 3. False: Software can detect abuse using simple rules. 4. False: Most people say “abuse” when they just mean criticism. 5. False: We just need everybody to use their “real” name. 6. False: Just charge a dollar to comment and that’ll fix things. 7. False: You can call the cops! If it’s not illegal, it’s not harmful. 8. False: Abuse can be fixed without dedicated resources.(tags: abuse comments community harassment racism reddit anil-dash free-speech)
-
Simon McGarr and John Looney's slides from their SRECon '17 presentation
(tags: simon-mcgarr data-privacy privacy data-protection gdpr slides presentations)
The React license for founders and CTOs – James Ide – Medium
Decent explanation of _why_ Facebook came up with the BSD+Patents license: "Facebook’s patent grant is about sharing its code while preserving its ability to defend itself against patent lawsuits."
The difficulty of open sourcing code at Facebook, including React in 2013, was one of the reasons the company’s open-source contributions used to be a fraction of what they are today. It didn’t use to have a strong reputation as an open-source contributor to front-end technologies. Facebook wanted to open source code, though; when it grew communities for projects like React, core contributors emerged to help out and interview candidates often cited React and other Facebook open source as one of the reasons they were interested in applying. People at Facebook wanted to make it easier to open source code and not worry as much about patents. Facebook’s solution was the Facebook BSD+Patents license.
(tags: facebook bsd licenses licensing asf patents swpats react license software-patents open-source rocksdb)
HN thread on the new Network Load Balancer AWS product
looks like @colmmacc works on it. Lots and lots of good details here
(tags: nlb aws load-balancing ops architecture lbs tcp ip)
Java Flame Graphs Introduction: Fire For Everyone!
lots of good detail on flame graph usage in Java, and the Honest Profiler (honest because it's safepoint-free)
(tags: profiling java safepoints jvm flame-graphs perf measurement benchmarking testing)
Teaching Students to Code - What Works
Lynn Langit describing her work as part of Microsoft Digigirlz and TKP to teach thousands of kids worldwide to code. Describes a curriculum from "K" (4-6-year olds) learning computational thinking with a block-based programming environment like Scratch, up to University level, solving problems with public clouds like AWS' free tier.
(tags: education learning coding teaching tkp lynn-langit scratch kids)
So much for that Voynich manuscript “solution”
boo.
The idea that the book is a medical treatise on women's health, however, might turn out to be correct. But that wasn't Gibbs' discovery. Many scholars and amateur sleuths had already reached that conclusion, using the same evidence that Gibbs did. Essentially, Gibbs rolled together a bunch of already-existing scholarship and did a highly speculative translation, without even consulting the librarians at the institute where the book resides. Gibbs said in the TLS article that he did his research for an unnamed "television network." Given that Gibbs' main claim to fame before this article was a series of books about how to write and sell television screenplays, it seems that his goal in this research was probably to sell a television screenplay of his own. In 2015, Gibbs did an interview where he said that in five years, "I would like to think I could have a returnable series up and running." Considering the dubious accuracy of many History Channel "documentaries," he might just get his wish.
(tags: crypto history voynich-manuscript historians tls)
How to Optimize Garbage Collection in Go
In this post, we’ll share a few powerful optimizations that mitigate many of the performance problems common to Go’s garbage collection (we will cover “fun with deadlocks” in a follow-up). In particular, we’ll share how embedding structs, using sync.Pool, and reusing backing arrays can minimize memory allocations and reduce garbage collection overhead.
Firms involved in biometric database in India contracted by Irish government
Two tech firms – one owned by businessman Dermot Desmond – involved in the creation of a controversial biometric database in India, are providing services for the Government’s public services card and passports. Known as the Aadhaar project, the Indian scheme is the world’s largest ever biometric database involving 1.2 billion citizens. Initially voluntary, it became mandatory for obtaining state services, for paying taxes and for opening a bank account. [...] Dermot Casey, a former chief technology officer of Storyful, said that if the Daon system was used to store the data and carry out the facial matching then the Government “appears to have purchased a biometric database system which can be extended to include voice, fingerprint and iris identification at a moment’s notice”. Katherine O’Keefe, a data protection consultant with Castlebridge, said if the departments were using images of people’s faces to single out or identify an individual, they were “by legal definition processing biometric data”.
(tags: biometrics databases aadhar id-cards ireland psc daon morpho)
-
racist tries to make a "Blue Lives Matter" tee shirt as gaeilge, accidentally writes "Black Lives Matter" instead. perfect
(tags: racists duh stupid translation fail daoine-gorme irish blm cops funny)
New Network Load Balancer – Effortless Scaling to Millions of Requests per Second | AWS Blog
Looks like the EC2 Networking team got their way and got to rewrite LBs in AWS
(tags: load-balancing aws elb alb nlb networking ec2 ops architecture)
The solution to the Voynich manuscript
To those who have studied medieval medicine, and possess a good knowledge of its origins, the classical physicians Galen (AD 129–210), Hippocrates (460–370 BC) and Soranus (AD 98–138) among them, the Voynich manuscript’s incorporation of an illustrated herbarium (collection of plant remedies), Zodiac charts, instructions on thermae (baths) and a diagram showing the influence of the Pleiades side by side will not be surprising. They are all in tune with contemporary medical treatises, part and parcel of the medieval world of health and healing. Bathing as a remedy is a time-honoured tradition: practised by the Greeks and the Romans, advocated by the classical physicians, and sustained during the Middle Ages. The central theme of the Voynich manuscript is just such an activity, and one of its chief characteristics is the presence of naked female figures immersed in some concoction or other. Classical and medieval medicine had separate divisions devoted to the complaints and diseases of women, mostly but not exclusively in the area of gynaecology, and covered other topics such as hygiene, food, purgatives, bloodletting, fumigations, tonics, tinctures and even cosmetics and perfumes: all involved “taking the waters”, by bathing or ingesting.
(tags: history voynich-manuscript codes medieval-medicine thermae herbaria)
-
You do not need to be a Stanford student or faculty or staff member to access the vast treasures of the Rumsey Map collection, nor do you need to visit the university or its new Center. Since 1996, the Rumsey collection’s online database has been open to all, currently offering anyone with an internet connection access to 67,000 maps from all over the globe, spanning five centuries of cartography.
(via Oisin)(tags: via:oisin maps art graphics open-access mapping history david-rumsey collections)
-
TJ McIntyre nails the problem here:
'Mandatory but not compulsory". This ill-judged hair-splitting seems likely to stick to Social Protection Minister Regina Doherty in the same way that "an Irish solution to an Irish problem" and "on mature recollection" did to politicians before her. The minister used that phrase to defend against the criticism that the public services card (PSC) is being rolled out as a national ID card by stealth, without any clear legal basis or public debate. She went on to say that the PSC is not compulsory as "nobody will drag you kicking and screaming to have a card". This is correct, but irrelevant. The Government's strategy is one of making the PSC effectively rather than legally compulsory - by cutting off benefits such as pensions and refusing driving licences and passports unless a person registers. Whether or not the PSC is required by law is immaterial if you cannot function in society without it.
(tags: psc id-cards ireland social-welfare id privacy data-protection)
The data for the Irish theory driving test is stored in the US
Prometric is the company which adminsters the test and they appear to store it on US-based servers
(tags: prometric data privacy data-protection driving-test ireland theory-test)
-
'It is our intention to open source all of Basho's products and all of the source code that they have been working on. We'll do this as quickly as we are able to organise it, and we would appreciate some input from the community on how you would like this done.'
Britta Blvd - The Marauders' Map
lovely bit of papercraft
(tags: harry-potter papercraft origami kids)
How to Easily Unsubscribe from Bulk Emails in Gmail - Unroll.me Alternative
nice Google Script which runs in the background and scrapes out unsubscribe links. I'm drowning in single-opt-in mainsleaze newsletters at this stage so this is very welcome
(tags: mainsleaze unsubscribe spam gmail google email one-bite-of-the-apple)
-
Log analyser and visualiser for the HotSpot JIT compiler. Inspect inlining decisions, hot methods, bytecode, and assembly. View results in the JavaFX user interface.
(tags: analysis java jvm performance tools debugging optimization jit)
-
'Reviews of U2F [Universal Second Factor] devices' -- ie. Yubico keys et al.
(tags: u2f totp oath otp one-time-passwords authentication devices gadgets security 2fa)
-
good set of tourist tips for a foodie Dublin weekender
(tags: dublin tourism food eating dining restaurants tips weekend)
Linux Load Averages: Solving the Mystery
Nice bit of OS archaeology by Brendan Gregg.
In 1993, a Linux engineer found a nonintuitive case with load averages, and with a three-line patch changed them forever from "CPU load averages" to what one might call "system load averages." His change included tasks in the uninterruptible state, so that load averages reflected demand for disk resources and not just CPUs. These system load averages count the number of threads working and waiting to work, and are summarized as a triplet of exponentially-damped moving sum averages that use 1, 5, and 15 minutes as constants in an equation. This triplet of numbers lets you see if load is increasing or decreasing, and their greatest value may be for relative comparisons with themselves.
(tags: load monitoring linux unix performance ops brendan-gregg history cpu)
-
Gabriel recently bought a distillery in Barbados, where he says the majority of his team is of African descent. “The sugar industry is a painful past for them, but my understanding, from my team, is that they do see it as the past,” Gabriel explained. “There was great suffering, but their take is like, ‘We built this island.’ They are reclaiming it, and we are seeing that in efforts to preserve farming land and not let it all go to tourism.” I rather liked this narrative, or at least the potential of it. Slavery was appalling across the board, but countries and cultures throughout the African Diaspora have managed their paths forward in ways that don’t mimic the American aftermath. A plurality of narratives was possible here, which was thrilling to me. I am often disappointed by the mainstream perception of one-note blackness. One could easily argue the root of colonization is far from removed in the Caribbean. But if I understood Gabriel, and if he accurately captured the sentiments of his Barbadian colleagues, plantation sugarcane offered career opportunities to some, and was perhaps not solely a distressing connection to a shared global history. We chewed on this thought, together, in silence.
(tags: history distilling rum barbados african-diaspora slavery american-history booze language etymology)
-
'Easy to use tool that automatically replaces some or even all on-demand AutoScaling group members with similar or larger identically configured spot instances in order to generate significant cost savings on AWS EC2, behaving much like an AutoScaling-backed spot fleet.'
(tags: asg autoscaling ec2 aws spot-fleet spot-instances cost-saving scaling)
Going Multi-Cloud with AWS and GCP: Lessons Learned at Scale
Metamarkets splits across AWS and GCP, going into heavy detail here
Cycling to work: major new study suggests health benefits are staggering
We found that cycling to work was associated with a 41% lower risk of dying overall compared to commuting by car or public transport. Cycle commuters had a 52% lower risk of dying from heart disease and a 40% lower risk of dying from cancer. They also had 46% lower risk of developing heart disease and a 45% lower risk of developing cancer at all.
(tags: cycling transport health medicine science commuting life statistics)
NASA's Sound Suppression Water System
If you’ve ever watched a rocket launch, you’ve probably noticed the billowing clouds around the launch pad during lift-off. What you’re seeing is not actually the rocket’s exhaust but the result of a launch pad and vehicle protection system known in NASA parlance as the Sound Suppression Water System. Exhaust gases from a rocket typically exit at a pressure higher than the ambient atmosphere, which generates shock waves and lots of turbulent mixing between the exhaust and the air. Put differently, launch ignition is incredibly loud, loud enough to cause structural damage to the launchpad and, via reflection, the vehicle and its contents. To mitigate this problem, launch operators use a massive water injection system that pours about 3.5 times as much water as rocket propellant per second. This significantly reduces the noise levels on the launchpad and vehicle and also helps protect the infrastructure from heat damage.
(tags: water rockets launch nasa space sound-suppression sound science)
The White Lies of Craft Culture - Eater
Besides field laborers, [Southern US] planter and urban communities both depended on proficient carpenters, blacksmiths, gardeners, stable hands, seamstresses, and cooks; the America of the 1700s and 1800s was literally crafted by people of color. Part of this hidden history includes the revelation that six slaves were critical to the operation of George Washington’s distillery, and that the eponymous Jack Daniel learned to make whiskey from an enslaved black man named Nathan “Nearest” Green. As Clay Risen reported for the New York Times last year, contrary to the predominant narrative that views whiskey as an ever “lily-white affair,” black men were the minds and hands behind American whiskey production. “In the same way that white cookbook authors often appropriated recipes from their black cooks, white distillery owners took credit for the whiskey,” he writes. Described as “the best whiskey maker that I know of” by his master, Dan Call, Green taught young Jack Daniel how to run a whiskey still. When Daniel later opened his own distillery, he hired two of Green’s sons. The popular image of moonshine is a product of the white cultural monopoly on all things ‘country’ Over time, that legacy was forgotten, creating a gap in knowledge about American distilling traditions — while English, German, Scottish, and Irish influences exist, that combination alone cannot explain the entirely of American distilling. As bourbon historian Michael Veach suggests, slave culture pieces together an otherwise puzzling intellectual history.
(tags: history craft-beer craft-culture food drink whiskey distilling black-history jack-daniels nathan-nearest-green)
Meet the Espresso Tonic, Iced Coffee's Bubbly New Cousin
Bit late on this one but YUM
To make the drink, Box Kite baristas simply load a glass with ice, fill it about three quarters of the way with chilled tonic, and then top it off with an espresso shot — typically from roasters like Madcap (MI) and Ritual (SF). Often, baristas pull the espresso shot directly on top of the tonic and ice mixture, forgoing the process of first pulling it into a cup and then pouring the espresso from cup to glass.
(tags: tonic-water recipes espresso coffee drinks cocktails)
-
Foursquare's open source repo, where they extract reusable components for open sourcing -- I like the approach of using a separate top level module path for OSS bits
(tags: open-source oss foursquare libraries maintainance coding git monorepos)
GTK+ switches build from Autotools to Meson
'The main change is that now GTK+ takes about ? of the time to build compared to the Autotools build, with likely bigger wins on older/less powerful hardware; the Visual Studio support on Windows should be at least a couple of orders of magnitude easier (shout out to Fan Chun-wei for having spent so, so many hours ensuring that we could even build on Windows with Visual Studio and MSVC); and maintaining the build system should be equally easier for everyone on any platform we currently support.' Looking at http://mesonbuild.com/ it appears to be Python-based and AL2-licensed open source. On the downside, though, the Meson file is basically a Python script, which is something I'm really not fond of :( more details at http://taint.org/2011/02/18/001527a.html .
-
good thread on fitting out a bike with crazy LED light tape; see also EL string. Apparently it'll run off a 4.5V (3xAAA) battery pack nowadays which makes it pretty viable!
(tags: bikes cycling safety led-lights el-tape led-tape hacks via:mathowie)
-
a beautifully-glitched photo of the moon by Giacomo Carmagnola; more on his art at http://www.bleaq.com/2015/giacomo-carmagnola . (Via Archillect)
(tags: via:archillect art giacomo-carmagnola glitch-art moon glitch images)
-
From the aptly-named Aliholic.com. Thanks, Elliot -- the last thing I needed was something to feed my addiction to cheap tat from China!
(tags: china aliexpress dealextreme gearbest gadgets buying tat aliholic stuff)
TIL you shouldn’t use conditioner if you get nuked
If you shower carefully with soap and shampoo, Karam says [Andrew Karam, radiation expert], the radioactive dust should wash right out. But hair conditioner has particular compounds called cationic surfactants and polymers. If radioactive particles have drifted underneath damaged scales of hair protein, these compounds can pull those scales down to create a smooth strand of hair. "That can trap particles of contamination inside of the scale," Karam says. These conditioner compounds are also oily and have a positive charge on one end that will make them stick to negatively charged sections of a strand of hair, says Perry Romanowski, a cosmetics chemist who has developed personal hygiene formulas and now hosts "The Beauty Brains" podcast on cosmetics chemistry. "Unlike shampoo, conditioners are meant to stay behind on your hair," Romanowski says. If the conditioner comes into contact with radioactive material, these sticky, oily compounds can gum radioactive dust into your hair, he says.
(tags: factoids conditioner surfactants nuclear-bombs fallout hair bizarre til via:boingboing)
-
During the late 1970s, [Professor Thomas J.] Allen undertook a project to determine how the distance between engineers’ offices affects the frequency of technical communication between them. The result of that research, produced what is now known as the Allen Curve, revealed that there is a strong negative correlation between physical distance and the frequency of communication between work stations. The finding also revealed the critical distance of 50 meters for weekly technical communication. With the fast advancement of internet and sharp drop of telecommunication cost, some wonder the observation of Allen Curve in today's corporate environment. In his recently co-authored book, Allen examined this question and the same still holds true. He says[2] "For example, rather than finding that the probability of telephone communication increases with distance, as face-to-face probability decays, our data show a decay in the use of all communication media with distance (following a "near-field" rise)." [p. 58]
Apparently a few years back in Google, some staff mined the promotion data, and were able to show a Allen-like curve that proved a strong correlation between distance from Jeff Dean's desk, and time to getting promoted.(tags: jeff-dean google history allen-curve work communication distance offices workplace teleworking remote-work)
-
Arq backup for OSX now supports B2 (as well as S3) as a storage backend. "it’s a super-cheap option ($.005/GB per month) for storing your backups." (that is less than half the price of $0.0125/GB for S3's Infrequent Access class)
After Charlottesville, I Asked My Dad About Selma
Dad told me that he didn’t think I was going to have to go through what he went through, but now he can see that he was wrong. “This fight is a never-ending fight,” he said. “There’s no end to it. I think after the ‘60s, the whole black revolution, Martin Luther King, H. Rap Brown, Stokely Carmichael and all the rest of the people, after that happened, people went to sleep,” he said. “They thought, ‘this is over.’”
(tags: selma charlottesville racism nazis america race history civil-rights 1960s)
Computer says no: Irish vet fails oral English test needed to stay in Australia
An Irish veterinarian with degrees in history and politics has been unable to convince a machine she can speak English well enough to stay in Australia. Louise Kennedy is a native English speaker, has excellent grammar and a broad vocabulary. She holds two university degrees – both obtained in English – and has been working in Australia as an equine vet on a skilled worker visa for the past two years. But she is now scrambling for other visa options after a computer-based English test – scored by a machine – essentially handed her a fail in terms of convincing immigration officers she can fluently speak her own language.
This is idiotic. Computer-based voice recognition is in no way reliable enough for this kind of job. It's automated Kafkaesque bureaucracy -- "computer says no". Shame on Oz (via James Kelleher)(tags: via:etienneshrdlu kafkaesque bureaucracy computer-says-no voice-recognition australia immigration english voice testing)
-
'By All Means, Compare These Shitheads to the Nazis'
(tags: mike-godwin nazis shitheads funny godwins-law internet)
-
produces a randomized permutation of a list, with exactly one cycle (which guarantees that we will reach every element of the list even though we’re traversing it in random order)
(tags: algorithms lists permutation random randomization cycles)
Working with multiple AWS accounts at Ticketea
AWS STS/multiple account best practice described
A general purpose counting filter
This paper introduces a new AMQ data structure, a Counting Quotient Filter, which addresses all of these shortcomings and performs extremely well in both time and space: CQF performs in-memory inserts and queries up to an order of magnitude faster than the original quotient filter structure from which it takes its inspiration, several times faster than a Bloom filter, and similarly to a cuckoo filter. The CQF structure is comparable or more space efficient than all of them too. Moreover, CQF does all of this while supporting counting, outperforming all of the other forms in both dimensions even though they do not. In short, CQF is a big deal!
(tags: cqf counting-quotient-filters data-structures via:acolyer coding approximate bloom-filters)
consistent hashing with bounded loads
'an algorithm that combined consistent hashing with an upper limit on any one server’s load, relative to the average load of the whole pool.' Lovely blog post from Vimeo's eng blog on a new variation on consistent hashing -- incorporating a concept of overload-avoidance -- and adding it to HAProxy and using it in production in Vimeo. All sounds pretty nifty! (via Toby DiPasquale)
(tags: via:codeslinger algorithms networking performance haproxy consistent-hashing load-balancing lbs vimeo overload load)
AWS Lambda Deployment using Terraform – Build ACL – Medium
Fairly persuasive that production usage of Lambda is much easier if you go full Terraform to manage and deploy.
A complete picture of what it takes to deploy your Lambda function to production with the same diligence you apply to any other codebase using Terraform. [...] There are many cases where frameworks such as SAM or Serverless are not enough. You need more than that for a highly integrated Lambda function. In such cases, it’s easier to simply use Terraform.
(tags: infrastructure aws lambda serverless ops terraform sam)
GitHub - jorgebastida/awslogs: AWS CloudWatch logs for Humans™
This feature alone is a bit of a killer app:
$ awslogs get /var/log/syslog ip-10-1.* --start='2h ago' | grep ERROR
Nice.
-
a high-performance multiple regex matching library. It follows the regular expression syntax of the commonly-used libpcre library, yet functions as a standalone library with its own API written in C. Hyperscan uses hybrid automata techniques to allow simultaneous matching of large numbers (up to tens of thousands) of regular expressions, as well as matching of regular expressions across streams of data. Hyperscan is typically used in a DPI library stack. Hyperscan began in 2008, and evolved from a commercial closed-source product 2009-2015. First developed at Sensory Networks Incorporated, and later acquired and released as open source software by Intel in October 2015. Hyperscan is under a 3-clause BSD license. We welcome outside contributors.
This is really impressive -- state of the art in parallel regexp matching has improved quite a lot since I was last looking at it. (via Tony Finch)(tags: via:fanf regexps regular-expressions text matching pattern-matching intel open-source bsd c dpi scanning sensory-networks)
Beard vs Taleb: Scientism and the Nature of Historical Inquiry
The most interesting aspect of this Twitter war is that it is representative of a malaise that has stricken a good chunk of academics (mostly scientists, with a peppering of philosophers) and an increasing portion of the general public: scientism. I have co-edited an entire book, due out soon, on the topic, which features authors who are pro, con, and somewhere in the middle. Scientism is defined as the belief that the assumptions, methods of research, etc., of the natural sciences are the only ways to gather valuable knowledge or to answer meaningful questions. Everything else, to paraphrase Taleb, is bullshit. Does Taleb engage in scientism? Indubitably. I have already mentioned above his generalization from what one particular historian (Beard) said to “historians” tout court. But there is more, from his Twitter feed: “there is this absence of intellectual rigor in humanities.” “Are historians idiots? Let’s be polite and say that they are in the majority no rocket scientists and operate under a structural bias. It looks like an empirically rigorous view of historiography is missing.”
(tags: history science scientism nassim-taleb argument debate proof romans britain mary-beard)
-
A workplace-discrimination lawyer writes:
Stray remarks are not enough. But a widespread workplace discussion of whether women engineers are biologically capable of performing at the same level as their male counterparts could suffice to create a hostile work environment. As another example, envision the racial hostility of a workplace where employees, as Google put it, “feel safe” to espouse their “alternative view” that their African-American colleagues are not well-represented in management positions because they are not genetically predisposed for leadership roles. In short, a workplace where people “feel safe sharing opinions” based on gender (or racial, ethnic or religious) stereotypes may become so offensive that it legally amounts to actionable discrimination.
(tags: employment sexism workplace discrimination racism misogyny women beliefs)
a list of all the nuclear war scenarios stored in the W.O.P.R. computer
For fans of the movie WARGAMES: a list of all the nuclear war scenarios stored in the W.O.P.R. computer. (self.movies)
(via burritojustice)(tags: via:burritojustice wargames movies wopr global-thermonuclear-war wwiii)
Nextflow - A DSL for parallel and scalable computational pipelines
Data-driven computational pipelines Nextflow enables scalable and reproducible scientific workflows using software containers. It allows the adaptation of pipelines written in the most common scripting languages. Its fluent DSL simplifies the implementation and the deployment of complex parallel and reactive workflows on clouds and clusters.
GPLv3 licensed, open source(tags: computation workflows pipelines batch docker ops open-source)
BinaryAlert: Serverless, Real-time & Retroactive Malware Detection
This is a serverless stack built on AWS, deployed with Terraform. Not sure what to think about this -- it still makes me shudder a little
(tags: aws serverless lambda airbnb malware yara binaryalert architecture)
-
The node.js packaging system is being exploited by bad guys to steal auth tokens at build time. This is the best advice they can come up with:
Always check the name of packages you’re installing. You can look at the downloads number: if a package is popular but the downloads number is low, something is wrong.
:facepalm: What a mess. Security needs to become a priority....(tags: javascript security npm node packaging packages fail)
-
“’Just culture’ as a term emerged from air traffic control in the late 1990s, as concern was mounting that air traffic controllers were unfairly cited or prosecuted for incidents that happened to them while they were on the job,” Sidney Dekker, a professor, writer, and director of the Safety Science Innovation Lab at Griffith University in Australia, explains to Quartz in an email. Eurocontrol, the intergovernmental organization that focuses on the safety of airspace across Europe, has “adopted a harmonized ‘just culture’ that it encourages all member countries and others to apply to their air traffic control organizations.” [...] One tragic example of what can happen when companies don’t create a culture where employees feel empowered to raise questions or admit mistakes came to light in 2014, when an investigation into a faulty ignition switch that caused more than 100 deaths at GM Motors revealed a toxic culture of denying errors and deflecting blame within the firm. The problem was later attributed to one engineer who had not disclosed an obvious issue with the flawed switch, but many employees spoke of extreme pressure to put costs and delivery times before all other considerations, and to hide large and small concerns.
(via JG)(tags: just-culture atc air-traffic-control management post-mortems outages reliability air-canada disasters accidents learning psychological-safety work)
Dark forces, Brexit and Irexit
The EU have made it clear, as they have to, that there will be no frictionless borders between the union and the UK. Brexit will be dislocative. As smaller irish companies start to go to the wall post Brexit expect the calls for “something to be done” to start to include Irexit [an Irish exit from the EU a la Brexit]. But this way madness lies. [...] we export more in education services than in beverages ; we exportthree times or more manufactured goods than food; we export six times more in chemicals and related; value added by industry or by distribution and transport is more than 10 times that of agriculture. Seeking Irexit on the basis that it would be good for agribusiness is seeking to amputate a hand for a broken finger.
(tags: agribusiness ireland irexit brexit economics eu politics)
APOLLO 13 EARTH ORBITAL CHART | Artsy
Some nice catalogue details around this Apollo 13 AEO:
Apollo Earth Orbit Chart (AEO), Apollo Mission 13 for April 1970 Launch Date. March 3, 1970. Color Earth map, first edition. 13 by 42 inches. From the Catalogue: SIGNED and INSCRIBED: “JAMES LOVELL, Apollo 13 CDR and FRED HAISE, Apollo 13 LMP." Additionally INSCRIBED by HAISE with mission events: "Launch at 2:13 pm EST, April 11, 1970" and "Splash – April 17, 1970." He has marked the splashdown area with an "X." Circular plots in black represent the ground station communication coverage areas with the red circle being the tracking ship Vanguard in the Atlantic Ocean. Orbital paths show the full launch range azimuths of 72 to 108 degrees. The first orbit is plotted in light blue with the second orbit in dark blue. The planned TLI (TransLunar Injection) burn occurred on time during the mission and is plotted with a red dashed line. The point above the Earth as Apollo 13 headed toward the Moon is shown with a brown line and continues for 24 hours of mission elapsed time. This line moves over the Pacific Ocean and into the continental United States. Then it moves backwards (relative to the Earth’s rotation) over the Pacific Ocean and ends near the west coast of Africa. The Service Module explosion occurred some 32 hours after end point of the TLI brown line tracking plot.
(tags: aeo apollo history spaceflight collectibles antiques james-lovell fred-haise 1970 apollo-13 charts)
-
"pipelint.sh" -- command line Jenkins pipeline linting
Rule that patients must finish antibiotics course is wrong, study says
Patients have traditionally been told that they must complete courses of antibiotics, the theory being that taking too few tablets will allow the bacteria causing their disease to mutate and become resistant to the drug. But Martin Llewelyn, a professor in infectious diseases at Brighton and Sussex medical school, and colleagues claim that this is not the case. In an analysis in the British Medical Journal, the experts say “the idea that stopping antibiotic treatment early encourages antibiotic resistance is not supported by evidence, while taking antibiotics for longer than necessary increases the risk of resistance”.
(tags: health medicine antibiotics bmj bacteria)
Repair a Road or Footpath - Dublin City Council
how to report a pothole or other problem with a road or cycle path online. Keeping for future use
How the coffee-machine took down a factories control room : talesfromtechsupport
A coffee machine was plugged into both a secure network and also connected to the main wifi network, and became a vector for malware to take down the factory's control room. Security is hard
(tags: coffee-machines fail security networking wifi)
Ireland's staggering hypocrisy on climate change | Environment | The Guardian
The national climate policy is a greenwash – the country is certain to miss its 2020 emissions target and still handing out drilling licences
(tags: guardian green greenwashing ireland politics energy future climate-change nmp oil fossil-fuels)
EBS gp2 I/O BurstBalance exhaustion
when EBS volumes in EC2 exhaust their "burst" allocation, things go awry very quickly
(tags: performance aws ebs ec2 burst-balance ops debugging)
Breaking open the MtGox case, part 1
Earlier today news broke of an arrest in Greece of a Russian national suspected of running a large-scale money laundering operation focused on Bitcoin. The man has since been publicly identified as Alexander Vinnik, 38, and over $4 billion USD is said to have been trafficked through the operation since 2011. We won't beat around the bush with it: Vinnik is [WizSec's] chief suspect for involvement in the MtGox theft (or the laundering of the proceeds thereof).
The 38 Essential Dublin Restaurants
Irish Times resto reviewer @catherineeats with her 38 top recommendations for Dublin. a solid list
Kubernetes Best Practices // Speaker Deck
A lot of these are general Docker/containerisation best practices, too. (via Devops Weekly)
(tags: k8s kubernetes devops ops containers docker best-practices tips packaging)
terrible review for Solidity as a programming environment in HN
"Solidity/EVM is by far the worst programming environment I have ever encountered. It would be impossible to write even toy programs correctly in this language, yet it is literally called "Solidity" and used to program a financial system that manages hundreds of millions of dollars."
Via Tony Finch(tags: blockchain ethereum programming coding via:fanf funny fail floating-point money json languages bugs reliability)
"This War of Mine" review by survivor of the siege of Sarajevo
'Big Kudos to designers of this game. I can't imagine how much research it was for them to make this. It is as if they were in Sarajevo during whole Siege of Sarajevo, and they weren't doing anything else but taking notes. Will you like this game? Well, I do not know. If you want to know how a siege works, then YES. If you want to play great game with theme that is a bit dark, YES. If you want to play amazingly heavy solo or coop game, YES. But, also, I can see why someone would never play this game. My board game collection, before This war of mine, was just “The wall of fun”, and now, amongst other boxes, there is this one that is also fun, but different than any other. This is one really unique game.'
(tags: reviews siege sarajevo history war boardgames this-war-of-mine heavy)
Decoding the Enigma with Recurrent Neural Networks
I am blown away by this -- given that Recurrent Neural Networks are Turing-complete, they can actually automate cryptanalysis given sufficient resources, at least to the degree of simulating the internal workings of the Enigma algorithm given plaintext, ciphertext and key:
The model needed to be very large to capture all the Enigma’s transformations. I had success with a single-celled LSTM model with 3000 hidden units. Training involved about a million steps of batched gradient descent: after a few days on a k40 GPU, I was getting 96-97% accuracy!
(tags: machine-learning deep-learning rnns enigma crypto cryptanalysis turing history gpus gradient-descent)
-
Amazon Web Services Elastic Compute Cloud (EC2) Rescue for Linux is a python-based tool that allows for the automatic diagnosis of common problems found on EC2 Linux instances.
Most of the modules appear to be log-greppers looking for common kernel issues.
SECURITY ALERT - Critical bug in Parity's MultiSig-Wallet
'Together, we were able to determine that malicious actors had exploited a flaw in the Parity Multisig code, which allowed a known party to steal over 153,000 ETH from several projects including Edgeless Casino, Aeternity, and Swarm City.' by leaving "internal" (a visibility restricting keyword) off of the wallet contract, it was possible for attackers to steal millions from a "secure" multi-sig wallet in Ethereum: https://press.swarm.city/parity-multisig-wallet-exploit-hits-swarm-city-funds-statement-by-the-swarm-city-core-team-d1f3929b4e4e https://twitter.com/ncweaver/status/887821804038873088 : 'Time from "OMFG there is a bug" to "geez, someone steal $16M"? 2 hours. Gotta love JavaScript FunBukx, err Ethereum'
timeX.google.com provide non standard time · Issue #437 · systemd/systemd
Google ask systemd not to use timeX.google.com due to nonstandard ticking behaviour; systemd dev tells them to FO. lovely
-
Another systemd shitfest; 69 seconds to view the current boot log from a cold cache.
(tags: systemd systemdsucks logs fail bugs journald logging)
-
'AP Placement - A Job For the Work Experience Kid? | Scott Stapleton | WLPC EU Budapest 2016'
Xiaomi Mi robot vacuum cleaner
sounds like a decent enough vac at a low price point, word of mouth is good
Amazon Global Product Price Check
price compare across global Amazon sites, by ASIN. there are some major differences
(tags: prices amazon via:its price-check comparison shopping eu uk asin)
[LEGAL-303] ASF, RocksDB, and Facebook's BSD+patent grant licensing
Facebook's licensing includes a "nuclear option" if a user acts in a way interpreted by Facebook as competing with them; the ASF has marked the license as "Category-X", and may not be included in Apache projects as a result. Looks like RocksDB are going to relicense as dual GPLv2/ASL2 to clear this up, but React.js has not shown any plans to do so yet
(tags: react rocksdb licensing asl2 apache asf facebook open-source patents)
Will the last person at Basho please turn out the lights? • The Register
Basho, once a rising star of the NoSQL database world, has faded away to almost nothing [...] According to sources, the company, which developed the Riak distributed database, has been shedding engineers for months, and is now operating as a shadow of its former self, as at least one buy-out has fallen through.
Developer Experience Lessons Operating a Serverless-like Platform at Netflix
Very interesting writeup on how Netflix are finding operating a serverless scripting system; they offer scriptability in their backend and it's used heavily by devs to provide features. Lots of having to reinvent the wheel on packaging, deployment, versioning, and test/staging infrastructure
(tags: serverless dependencies packaging deployment versioning devex netflix developer-experience dev testing staging scripting)
OVH suffer 24-hour outage (The Register)
Choice quotes: ‘At 6:48pm, Thursday, June 29, in Room 3 of the P19 datacenter, due to a crack on a soft plastic pipe in our water-cooling system, a coolant leak causes fluid to enter the system'; ‘This process had been tested in principle but not at a 50,000-website scale’
(tags: postmortems ovh outages liquid-cooling datacenters dr disaster-recovery ops)
-
"With a sufficient number of users of an API, it doesn't matter what you promised in the contract, all observable behaviours of your interface will be depended upon by somebody."
(tags: laws funny apis reliability hyrum-wright hyrums-law compatibilty interfaces)
-
good tip for "aws s3 sync" performance
Novartis CAR-T immunotherapy strongly endorsed by FDA advisory panel
This is very exciting stuff, cytokine release syndrome risks notwithstanding.
The new treatment is known as CAR-T cell immunotherapy. It works by removing key immune system cells known as T cells from the patient so scientists can genetically modify them to seek out and attack only cancer cells. That's why some scientists refer to this as a "living drug." Doctors then infuse millions of the genetically modified T cells back into the patient's body so they can try to obliterate the cancer cells and hopefully leave healthy tissue unscathed. "It's truly a paradigm shift," said Dr. David Lebwohl, who heads the CAR-T Franchise Global Program at the drug company Novartis, which is seeking the FDA's approval for the treatment. "It represents a new hope for patients." The drug endorsed by the advisory panel is known as CTL019 or tisagenlecleucel. It was developed to treat children and young adults ages 3 to 25 who have relapsed after undergoing standard treatment for B cell acute lymphoblastic leukemia, which is the most common childhood cancer in the United States. While this blood cell cancer can be highly curable, some patients fail to respond to standard treatments; and a significant proportion of patients experience relapses that don't respond to follow-up therapies. "There is a major unmet medical need for treatment options" for these patients, Dr. Stephen Hunger, who helped study at the Children's Hospital of Philadelphia, told the committee. In the main study that the company submitted as evidence in seeking FDA approval, doctors at 25 sites in 11 countries administered the treatment to 88 patients. The patients, ages 3 to 23, had failed standard treatment or experienced relapses and failed to respond to follow-up standard treatment. CTL019 produced remissions in 83 percent of patients, the company told the committee.
(tags: car-t immunotherapy cancer novartis trials fda drugs t-cells immune-system medicine leukemia ctl019)
Chris's Wiki :: blog/sysadmin/UnderstandingIODNSIssue
On the ns-a1.io security screwup for the .io CCTLD:
Using data from glue records instead of looking things up yourself is common but not mandatory, and there are various reasons why a resolver would not do so. Some recursive DNS servers will deliberately try to check glue record information as a security measure; for example, Unbound has the harden-referral-path option (via Tony Finch). Since the original article reported seeing real .io DNS queries being directed to Bryant's DNS server, we know that a decent number of clients were not using the root zone glue records. Probably a lot more clients were still using the glue records, through.
(via Tony Finch)(tags: via:fanf dns security dot-io cctlds glue-records delegation)
-
'A Java Virtual Machine written in 100% JavaScript.' Wrapping outbound TCP traffic in websockets, mad stuff
(tags: jvm java javascript js hacks browser emulation websockets)
One Man's Plan to Make Sure Gene Editing Doesn't Go Haywire - The Atlantic
Open science - radical transparency where gene-editing and CRISPR is involved. Sounds great.
“For gene drive, the closed-door model is morally unacceptable. You don’t have the right to go into your lab and build something that is ineluctably designed to affect entire ecosystems. If it escapes into the wild, it would be expected to spread and affect people’s lives in unknown ways. Doing that in secret denies people a voice.”
Also this is a little scary:in 2015, he was shocked to read a paper, due to be published in ... Science, in which Californian researchers had inadvertently created a gene drive in fruit flies, without knowing what gene drives are. They developed it as a research tool for spreading a trait among lab populations, and had no ambitions to alter wild animals. And yet, if any of their insects had escaped, that’s what would have happened.
(tags: science openness open-source visibility transparency crispr gene-editing mice nantucket gene-drive)
AI Movie Posters - mickstorm.com
Neural-network generative movie posters. "What would you do to gave you?"
(tags: fun generators neural-networks funny movies posters)
Scheduled Tasks (cron) - Amazon EC2 Container Service
ECS now does cron jobs. But where does AWS Batch fit in? confusing
(tags: aws batch ecs cron scheduling recurrence ops)
-
Eater.com posts comically misinformed video about some kind of imaginary brit comfort food. John Gallagher's response thread is a virtuoso performance
(tags: mince-on-toast disgusting food funny wtf twitter)
Here’s every total solar eclipse happening in your lifetime
Excellent infographic (sadly, none in Ireland for the rest of my lifetime)
(tags: eclipse space maps science infographic solar-eclipse sun)
When Will Climate Change Make the Earth Too Hot For Humans?
The Earth has experienced five mass extinctions before the one we are living through now, each so complete a slate-wiping of the evolutionary record it functioned as a resetting of the planetary clock, and many climate scientists will tell you they are the best analog for the ecological future we are diving headlong into. Unless you are a teenager, you probably read in your high-school textbooks that these extinctions were the result of asteroids. In fact, all but the one that killed the dinosaurs were caused by climate change produced by greenhouse gas. The most notorious was 252 million years ago; it began when carbon warmed the planet by five degrees, accelerated when that warming triggered the release of methane in the Arctic, and ended with 97 percent of all life on Earth dead. We are currently adding carbon to the atmosphere at a considerably faster rate; by most estimates, at least ten times faster.
(tags: climate future grim climate-change extinction earth carbon anthropocene)
Burning Fossil Fuels Almost Ended All Life on Earth - The Atlantic
“what I like to talk about is ‘the Great Weirding’ and not just the Great Dying because the Great Dying seems to have been a relatively quick event at the very end. But if you just talk about the Great Dying you’re missing all of this other crazy stuff that led up to it,” he said. “The Earth was getting really weird in the Permian. So we’re getting these huge lakes with these negative pHs, which is really weird, we don’t know why that happened. Another thing is that the whole world turned red. Everything got red. You walk around today and you’re like, ‘Hey, there’s a red bed, I bet it’s Permian or Triassic.’ The planet started looking like Mars. So that’s really weird. We don’t know why it turned red. Then you have a supercontinent, which is weird in the first place. Plate tectonics has to be acting strangely when you have all the continents together. Eventually it rifts apart and we go back into normal plate tectonics mode, but during the Permian-Triassic everything’s jammed together. So there has to be something strange going on. And then at the end, the Earth opens up and there’s all these volcanoes. But we’re not talking about normal volcanoes, we’re talking about weird volcanoes.”
(tags: extinction history geology permian-era earth climate-change carbon-dioxide scary pangaea)
EU Prepares "Right to Repair" Legislation to Fight Short Product Lifespans
I 100% support this
(tags: right-to-repair repair eu law hacking planned-obsolescence hardware consumer)
Everybody lies: how Google search reveals our darkest secrets | Technology | The Guardian
What can we learn about ourselves from the things we ask online? US data scientist Seth Stephens?Davidowitz analysed anonymous Google search results, uncovering disturbing truths about [America's] desires, beliefs and prejudices
Fascinating. I find it equally interesting how flawed the existing methodologies for polling and surveying are, compared to Google's data, according to this(tags: science big-data google lying surveys polling secrets data-science america racism searching)
mozilla/sops: Secrets management stinks, use some sops!
sops is an editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP.
(tags: secrets encryption security kms pgp gpg editors configuration)
-
Some decent benchmark data on SQS:
We were looking at four values in the tests: total number of messages sent per second (by all nodes) total number of messages received per second 95th percentile of message send latency (how fast a message send call completes) 95th percentile of message processing latency (how long it takes between sending and receiving a message)
(tags: sqs benchmarking measurement aws latency)
The Guardian view on patient data: we need a better approach | Editorial | Opinion | The Guardian
The use of privacy law to curb the tech giants in this instance, or of competition law in the case of the EU’s dispute with Google, both feel slightly maladapted. They do not address the real worry. It is not enough to say that the algorithms DeepMind develops will benefit patients and save lives. What matters is that they will belong to a private monopoly which developed them using public resources. If software promises to save lives on the scale that drugs now can, big data may be expected to behave as big pharma has done. We are still at the beginning of this revolution and small choices now may turn out to have gigantic consequences later. A long struggle will be needed to avoid a future of digital feudalism. Dame Elizabeth’s report is a welcome start.
Hear hear.(tags: privacy law uk nhs data google deepmind healthcare tech open-source)
Why People With Brain Implants Are Afraid to Go Through Automatic Doors
In 2009, Gary Olhoeft walked into a Best Buy to buy some DVDs. He walked out with his whole body twitching and convulsing. Olhoeft has a brain implant, tiny bits of microelectronic circuitry that deliver electrical impulses to his motor cortex in order to control the debilitating tremors he suffers as a symptom of Parkinson’s disease. It had been working fine. So, what happened when he passed through those double wide doors into consumer electronics paradise? He thinks the theft-prevention system interfered with his implant and turned it off. Olhoeft’s experience isn’t unique. According to the Food and Drug Administration’s MAUDE database of medical device reports, over the past five years there have been at least 374 cases where electromagnetic interference was reportedly a factor in an injury involving medical devices including neural implants, pacemakers and insulin pumps. In those reports, people detailed experiencing problems with their devices when going through airport security, using massagers or simply being near electrical sources like microwaves, cordless drills or “church sound boards.”
(tags: internet-of-things iot best-buy implants parkinsons-disease emi healthcare devices interference)
-
This is an extremely detailed post on the state of dynamic checkers in C/C++ (via the inimitable Marc Brooker):
Recently we’ve heard a few people imply that problems stemming from undefined behaviors (UB) in C and C++ are largely solved due to ubiquitous availability of dynamic checking tools such as ASan, UBSan, MSan, and TSan. We are here to state the obvious — that, despite the many excellent advances in tooling over the last few years, UB-related problems are far from solved — and to look at the current situation in detail.
(tags: via:marc-brooker c c++ coding testing debugging dynamic-analysis valgrind asan ubsan tsan)
Talos Intelligence review of Nyetya and the M.E.Doc compromise
Our Threat Intelligence and Interdiction team is concerned that the actor in question burned a significant capability in this attack. They have now compromised both their backdoor in the M.E.Doc software and their ability to manipulate the server configuration in the update server. In short, the actor has given up the ability to deliver arbitrary code to the 80% of UA businesses that use M.E.Doc as their accounting software, along with any multinational corporations that leveraged the software. This is a significant loss in operational capability, and the Threat Intelligence and Interdiction team assesses with moderate confidence that it is unlikely that they would have expended this capability without confidence that they now have or can easily obtain similar capability in target networks of highest priority to the threat actor.
(tags: security malware nyetya notpetya medoc talos ransomware)
Use AWS WAF to Mitigate OWASP’s Top 10 Web Application Vulnerabilities
'describes how you can use AWS WAF, a web application firewall, to address the top application security flaws as named by the Open Web Application Security Project (OWASP). Using AWS WAF, you can write rules to match patterns of exploitation attempts in HTTP requests and block requests from reaching your web servers. This whitepaper discusses manifestations of these security vulnerabilities, AWS WAF–based mitigation strategies, and other AWS services or solutions that can help address these threats.'
-
Some Mac third party keyboards used to (or maybe still do for all I know) have a little feature where if you didn't type anything for a while they would themselves type 'welcome datacomp'.
(via RobS)(tags: via:rsynnott funny welcome-datacomp keyboards hardware fail ghost-typing haunted)
La història del gran tauró blanc de Tossa de Mar
Amazing pic and newspaper report regarding a great white shark which washed up on the beach at Tossa de Mar in the Costa Brava in the 1980s
(tags: tossa-de-mar costa-brava spain sharks nature great-white-shark 1980s history photos wildlife)
Why did Apple, Amazon, Google stocks crash to the same price today?
Nasdaq said in a statement that "certain third parties improperly propagated test data that was distributed as part of the normal evening test procedures." "For July 3, 2017, all production data was completed by 5:16 PM as expected per the early close of the markets," the statement continued. "Any data messages received post 5:16 PM should be deemed as test data and purged from direct data recipient's databases. UTP (Unlisted Trading Privileges) is asking all third parties to revert to Nasdaq Official Closing Prices effective at 5:16 PM."
(tags: testing fail stock-markets nasdaq test-data test production integration-testing test-in-prod)
Exactly-once Support in Apache Kafka – Jay Kreps
If you’re one of the people who think [exactly-once support is impossible], I’d ask you to take an actual look at what we actually know to be possible and impossible, and what has been built in Kafka, and hopefully come to a more informed opinion. So let’s address this in two parts. First, is exactly-once a theoretical impossibility? Second, how does Kafka support it.
(tags: exactly-once-delivery distributed kafka distcomp jay-kreps coding broadcast)
-
These are lovely! (via Ben)
Letters and Liquor illustrates the history of lettering associated with cocktails. From the 1690s to the 1990s, I’ve selected 52 of the most important drinks in the cocktail canon and rendered their names in period-inspired design. I post a new drink each week with history, photos and recipes. Don’t want to miss a single cocktail? Click here for email updates.
(tags: cocktails text letters typography graphics history booze)
Exactly-once Semantics is Possible: Here's How Apache Kafka Does it
How does this feature work? Under the covers it works in a way similar to TCP; each batch of messages sent to Kafka will contain a sequence number which the broker will use to dedupe any duplicate send. Unlike TCP, though—which provides guarantees only within a transient in-memory connection—this sequence number is persisted to the replicated log, so even if the leader fails, any broker that takes over will also know if a resend is a duplicate. The overhead of this mechanism is quite low: it’s just a few extra numeric fields with each batch of messages. As you will see later in this article, this feature add negligible performance overhead over the non-idempotent producer.
(tags: kafka sequence-numbers dedupe deduplication unique architecture distcomp streaming idempotence)
Top 5 ways to improve your AWS EC2 performance
A couple of bits of excellent advice from Datadog (although this may be a slightly old post, from Oct 2016): 1. Unpredictable EBS disk I/O performance. Note that gp2 volumes do not appear to need as much warmup or priming as before. 2. EC2 Instance ECU Mismatch and Stolen CPU. advice: use bigger instances The other 3 ways are a little obvious by comparison, but worth bookmarking for those two anyway.
(tags: ops ec2 performance datadog aws ebs stolen-cpu virtualization metrics tips)
Can The Best Financial Tips Fit On An Index Card? : All Tech Considered : NPR
'A couple of years ago, University of Chicago professor Harold Pollack did an online video chat with personal finance writer Helaine Olen. The topic was how regular people get steered into bad investments by financial advisers. Pollack said that the best personal finance advice "can fit on a 3-by-5 index card, and is available for free in the library — so if you're paying someone for advice, almost by definition, you're probably getting the wrong advice, because the correct advice is so straightforward." After they posted the video, the emails started pouring in — people wanted to know, where could they get this index card? What was this fantastic yet simple advice for managing their money?' These seem like pretty solid tips, and relatively portable to the Irish markets too. I need to take a look at this stuff...
(tags: finance money advice npr 401k pensions financial-advisors)
"Galway, the graveyard of ambition"
The etymology of this odd little phrase
(tags: galway ambition career life etymology phrases ireland)
swill’s tech leadership essentials – Medium
very useful tips and advice from Stephanie Williams (nee Dean), who was instrumental in setting up the ops teams in Amazon Dublin, by all accounts
(tags: management stephanie-dean stephanie-williams managing teams work hiring)
Don't Settle For Eventual Consistency
Quite an argument. Not sure I agree, but worth a bookmark anyway...
With an AP system, you are giving up consistency, and not really gaining anything in terms of effective availability, the type of availability you really care about. Some might think you can regain strong consistency in an AP system by using strict quorums (where the number of nodes written + number of nodes read > number of replicas). Cassandra calls this “tunable consistency”. However, Kleppmann has shown that even with strict quorums, inconsistencies can result.10 So when choosing (algorithmic) availability over consistency, you are giving up consistency for not much in return, as well as gaining complexity in your clients when they have to deal with inconsistencies.
(tags: cap-theorem databases storage cap consistency cp ap eventual-consistency)
Delivering Billions of Messages Exactly Once · Segment Blog
holy crap, this is exactly the wrong way to build a massive-scale deduplication system -- with a monster random-access "is this random UUID in the db" lookup
(tags: deduping architecture horror segment messaging kafka)
Mozilla Employee Denied Entry to the United States
Ugh. every non-USian tech worker's nightmare. curl developer Daniel Stenberg:
“I can’t think of a single valid reason why they would deny me travel, so what concerns me is that somehow someone did and then I’m worried that I’ll get trouble fixing that issue,” Stenberg said. “I’m a little worried since border crossings are fairly serious matters and getting trouble to visit the US in the future would be a serious blowback for me, both personally with friends and relatives there, and professionally with conferences and events there.”
(tags: curl travel mozilla esta us-politics usa immigration flying)
-
Interesting! We discussed similar ideas in $prevjob, good to see one hitting production globally.
RIPE Atlas probes form the backbone of the RIPE Atlas infrastructure. Volunteers all over the world host these small hardware devices that actively measure Internet connectivity through ping, traceroute, DNS, SSL/TLS, NTP and HTTP measurements. This data is collected and aggregated by the RIPE NCC, which makes the data publicly available. Network operators, engineers, researchers and even home users have used this data for a wide range of purposes, from investigating network outages to DNS anycasting to testing IPv6 connectivity. Anyone can apply to host a RIPE Atlas probe. If your application is successful (based on your location), we will ship you a probe free of charge. Hosts simply need to plug their probe into their home (or other) network. Probes are USB-powered and are connected to an Ethernet port on the host’s router or switch. They then automatically and continuously perform active measurements about the Internet’s connectivity, and this data is sent to the RIPE NCC, where it is aggregated and made publicly available. We also use this data to create several Internet maps and data visualisations. [....] The hardware of the first and second generation probes is a Lantronix XPort Pro module with custom powering and housing built around it. The third generation probe is a modified TP-Link wireless router (model TL-MR 3020) with a small USB thumb drive in it, but this probe does not support WiFi.
(via irldexter)(tags: via:irldexter ripe ncc probing active-monitoring networking ping traceroute dns testing http ipv6 anycast hardware devices isps)
"BBC English" was invented by a small team in the 1920s & 30s
Excellent twitter thread:
Today we speak of "BBC English" as a standard form of the language, but this form had to be invented by a small team in the 1920s & 30s. 1/ It turned out even within the upper-class London accent that became the basis for BBC English, many words had competing pronunciations. 2/ Thus in 1926, the BBC's first managing director John Reith established an "Advisory Committee on Spoken English" to sort things out. 3/ The committee was chaired by Irish playwright George Bernard Shaw, and also included American essayist Logan Pearsall Smith, 4/ novelist Rose Macaulay, lexicographer (and 4th OED editor) C.T. Onions, art critic Kenneth Clark, journalist Alistair Cooke, 5/ ghost story writer Lady Cynthia Asquith, and evolutionary biologist and eugenicist Julian Huxley. 6/ The 20-person committee held fierce debates, and pronunciations now considered standard were often decided by just a few votes.
(tags: bbc language english history rp received-pronunciation pronunciation john-reith)
How Did I “Hack” AWS Lambda to Run Docker Containers?
Running Docker containers in Lambda using a usermode-docker hack -- hacky as hell but fun ;) Lambda should really support native Docker though
Cadence: Microservice architecture beyond request/reply – @Scale
Uber’s request/reply handling middleware — based on the SWF API, it seems
(tags: swf apis microservices uber cadence asynchronous request-reply distcomp queueing middleware go)
-
A curated list of awesome services, solutions and resources for serverless / nobackend applications.
(tags: serverless lambda ops devops saas services architecture lists)
The Really Good Pickle Martini
The Really Good Pickle Martini 2 oz Gordon’s London dry gin; 1/4 oz Martini & Rossi extra dry vermouth; 1/4 oz pickle juice; Garnish: Skewered dill pickle slice; Glass: Cocktail Pour all the ingredients into a mixing glass with ice, and stir briskly with a bar spoon for about 1 minute. Strain into a chilled Martini glass. Garnish with a skewered dill pickle slice.
(tags: recipes pickles martini cocktails pickle-juice gin vermouth)
-
A little benchmark for top-k selection from a stream
(tags: algorithms benchmarks performance top-k streams streaming quickselect binary-heap priority-queue)
-
London has been running tube trains so long that the ground beneath parts of the city is now as much as 10°C hotter than it was in 1900.
(tags: london tube underground tfl engineering history temperature ventilation)
A Neural Network Turned a Book of Flowers Into Shockingly Lovely Dinosaur Art
DeepArt.io, 'powered by an algorithm developed by Leon Gatys and a team from the University of Tübingen in Germany', did a really amazing job here
Determinism in League of Legends
Once again, deterministic replay/reruns of online games proves useful. John Carmack wrote a .plan about this many years ago: https://raw.githubusercontent.com/ESWAT/john-carmack-plan-archive/master/by_day/johnc_plan_19981014.txt (via Nelson)
(tags: clock realtime time determinism testing replay games league-of-legends via:nelson)
How they did it: an analysis of emissions defeat devices in modern automobiles
Using CurveDiff, the team analysed 963 firmware images, for which analysis completed successfully for 924. 406 of the analysed images contained a defeat device, out of which 333 contained at least one active profile. In at least 268 images, the test detection affects the EGR. Firmware images released on Dec 3rd 2014 are used in VW Passat cars, and include the refinement to the defeat device to detect steering wheel angle that we discussed previously.
(tags: cars driving emissions diesel volkswagen law regulation firmware reverse-engineering)
-
excellent list (albeit from 2010)
How does language, memory and package size affect cold starts of AWS Lambda?
some datapoints -- java and C# have a hard time
(tags: java cold-start lambda serverless aws)
Science didn't understand my kids' rare disease until I decided to study it - YouTube
via Kevin Lyda: 'Sharon Terry essentially invented and promoted something akin to the GPL but for medical research. Here's a bunch of data and research and you can use it if you contribute back what you discover to everyone else.'
(tags: sharon-terry videos ted-talks genetic-alliance genes pxe-international pxe tedmed citizen-science licensing gpl gnu)
-
Oh man, this is awful. Poor guy. And this should have been there right from the start:
The moderator said that when he started, he was given just two weeks training and was required to use his personal Facebook account to log into the social media giant’s moderation system. “They should have let us use fake profiles,” he said, adding: “They never warned us that something like this could happen.” Facebook told the Guardian that as a result of the leak it is testing the use of administrative accounts that are not linked to personal profiles.
(tags: facebook security counter-terrorism moderation social-media role-accounts admin)
Screen time guidelines need to be built on evidence, not hype | Science | The Guardian
An open letter signed by about 100 scientists 'from different countries and academic fields with research expertise and experience in screen time, child development and evidence-based policy.'
If the government were to implement guidelines on screen-based technology at this point, as the authors of the letter suggest, this would be on the basis of little to no evidence. This risks the implementation of unnecessary, ineffective or even potentially harmful policies. For guidelines to have a meaningful impact, they need to be grounded in robust research evidence and acknowledge that children’s health and wellbeing is a complex issue affected by many other factors, such as socioeconomic status, relational poverty, and family environment – all of which are likely to be more relevant for children’s health and well-being than screens. For example, there is no consistent evidence that more screen time leads to less outdoor play; if anything the evidence indicates that screen time and physical outdoor activity are unrelated, and reductions in average time spent in outdoor play over time seem to be driven by other factors. Policy efforts to increase outdoor play that focus on screen time are therefore likely to be ineffective.
(via Damien Mulley)(tags: via:damienmulley science children psychology screens screen-time childhood development evidence policy health open-letters)
Could crafty beer giants crush small breweries before they take off? - Independent.ie
Grainne says:
“We’re getting feedback from publicans that says: ‘Look, I’m gonna take out your tap, I’d love to leave it in but I’m getting a cheque for €50,000’.
(tags: metalman brewing craft-beer ireland beer-wars pubs publicans competition)
-
What a great story.
As a child, he was into maths and geometry, the middle child with one sister 10 years older and another 10 years younger. “I heard about this incredible new thing called the internet,” he says, adding how, aged 12, he saw an advert for the Paris science museum where you could try the internet for free. “There were 15 computers and you queued to have an hour free if you bought an entry ticket. I bought an annual pass to the museum and every Saturday and Sunday I’d travel from one side of Paris to the other to get on the internet and see what it was about. I’d go on Yahoo, chat with people on the other side of the world. I didn’t speak great English then so it wasn’t brilliant chat ...”
(via Niall Murphy)(tags: france mounir-mahjoubi internet computers society macron politics security)
-
A sandboxed local environment that replicates the live AWS Lambda environment almost identically – including installed software and libraries, file structure and permissions, environment variables, context objects and behaviors – even the user and running process are the same.
(via og-aws)
Connemara shop in patents row with whiskey multinational
Beam Suntory own a trademark on the name "Connemara" -- utter fiasco. How was this granted? Connemara is a very well-known placename in Ireland
(tags: connemara ireland ip trademarks copyfight beam-suntory whiskey)
AWS Inter-Region Latency Monitoring
only averages, though, no percentiles
(tags: latency networking aws ops inter-region cross-region ping)
How Turla hackers (ab)used satellites to stay under the radar | Ars Technica
A very nifty hack. DVB-S broadcasts a subset of unencrypted IP traffic across a 600-mile radius:
The Turla attackers listen for packets coming from a specific IP address in one of these classes. When certain packets—say, a TCP/IP SYN packet—are identified, the hackers spoof a reply to the source using a conventional Internet line. The legitimate user of the link just ignores the spoofed packet, since it goes to an otherwise unopened port, such as port 80 or 10080. With normal Internet connections, if a packet hits a closed port, the end user will normally send the ISP some indication that something went wrong. But satellite links typically use firewalls that drop packets to closed ports. This allows Turla to stealthily hijack the connections. The hack allowed computers infected with Turla spyware to communicate with Turla C&C servers without disclosing their location. Because the Turla attackers had their own satellite dish receiving the piggybacked signal, they could be anywhere within a 600-mile radius. As a result, researchers were largely stopped from shutting down the operation or gaining clues about who was carrying it out. "It's probably one of the most effective methods of ensuring their operational security, or that nobody will ever find out the physical location of their command and control server," Tanase told Ars. "I cannot think of a way of identifying the location of a command server. It can be anywhere in the range of the satellite beam."
(tags: turla hacks satellite security dvb dvb-s tcpip command-and-control syn)
A Brief History of the UUID · Segment Blog
This is great, by Rick Branson. I didn't realise UUIDs came from Apollo
(tags: history distributed distcomp uuids ids coding apollo unix)
Turla’s watering hole campaign: An updated Firefox extension abusing Instagram
Pretty crazy.
The extension will look at each photo’s comment and will compute a custom hash value. If the hash matches 183, it will then run this regular expression on the comment in order to obtain the path of the bit.ly URL: (?:\\u200d(?:#|@)(\\w) Looking at the photo’s comments, there was only one for which the hash matches 183. This comment was posted on February 6, while the original photo was posted in early January. Taking the comment and running it through the regex, you get the following bit.ly URL: bit.ly/2kdhuHX Looking a bit more closely at the regular expression, we see it is looking for either @|# or the Unicode character \200d. This character is actually a non-printable character called ‘Zero Width Joiner’, normally used to separate emojis. Pasting the actual comment or looking at its source, you can see that this character precedes each character that makes the path of the bit.ly URL
(tags: security malware russia turla zwj unicode characters social-media instagram command-and-control)
-
decent enough tool builtin to OSX
Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
RUSSIAN MILITARY INTELLIGENCE [GRU] executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept. The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.
(tags: politics russia nsa leaks us-politics cyberattacks gru hacking elections spear-phishing phishing e-voting)
Drug Company Chairman to America: Go Fuck Yourself
'Mr. Coury [chairman of Mylan, makers of the EpiPen] replied that he was untroubled [by critics of 10x price-gouging price hikes]. He raised both his middle fingers and explained, using colorful language, that anyone criticizing Mylan, including its employees, ought to go copulate with themselves. Critics in Congress and on Wall Street, he said, should do the same. And regulators at the Food and Drug Administration? They, too, deserved a round of anatomically challenging self-fulfillment.'
(tags: mylan gfy fda us-politics healthcare medicine epipen nytimes)
-
"His face would suffuse, he would turn red, and he would get violent if people used the term "research" in his presence. You can imagine how he felt, then, about the term "mathematical". [....] I felt I had to do something to shield Wilson and the Air Force from the fact that I was really doing mathematics inside RAND"
(tags: rand funny history insane dr-strangelove 1950s dynamic-programming mathematics algorithms)
How The Intercept Outed Reality Winner
those printer-identifying secret yellow dots
(tags: printers metadata tracking documents reality-winner nsa leaks the-intercept)
Open Guide to Amazon Web Services
'A lot of information on AWS is already written. Most people learn AWS by reading a blog or a “getting started guide” and referring to the standard AWS references. Nonetheless, trustworthy and practical information and recommendations aren’t easy to come by. AWS’s own documentation is a great but sprawling resource few have time to read fully, and it doesn’t include anything but official facts, so omits experiences of engineers. The information in blogs or Stack Overflow is also not consistently up to date. This guide is by and for engineers who use AWS. It aims to be a useful, living reference that consolidates links, tips, gotchas, and best practices. It arose from discussion and editing over beers by several engineers who have used AWS extensively.'
(tags: amazon aws guides documentation ops architecture)
-
Coda Hale wrote a handy java library implementing a USL solver
(tags: usl scalability java performance optimization benchmarking measurement ops coda-hale)