Skip to content

Category: Uncategorized

Links for 2017-05-31

Published May 31, 2017

  • EpiBone Grows New Bones Using Stem Cells

    To grow EpiBone, Tandon explained, scientists take a CT scan of the bone they’ll need to engineer. This helps them create a 3D model. Then, from the model, a 3D printer produces a scaffold (this can be made out of protein and collagen from animal bones or synthetic material). After that, they take stem cells from the patient out of their fat, and those cells are put into the scaffold and then incubated. They regenerate, and form around the bone. This process results in a bone that the body will recognize as the patient’s. The crazy part is that it only takes three weeks to grow a bone that’s personalized to the individual patient.

    (tags: stem-cells epibone bone body healing health medicine 3d-printing)

  • WHAT WENT WRONG IN BRITISH AIRWAYS DATACENTER IN MAY 2017?

    A SPOF UPS. There was a similar AZ-wide outage in one of the Amazon DUB datacenters with a similar root cause, if I recall correctly -- supposedly redundant dual UPS systems were in fact interdependent, in that case, and power supply switchover wasn't clean enough to avoid affecting the servers.

    Minutes later power was restored was resumed in what one source described as “uncontrolled fashion.” Instead of gradual restore, all power was restored at once resulting in a power surge.   BA CEO Cruz told BBC Radio this power surge  caused network hardware to fail. Also server hardware was damaged because of the power surge. It seems as if the UPS was the single point of failure for power feed of the IT equipment in Boadicea House . The Times is reporting that the same UPS was powering both Heathrow based datacenters. Which could be a double single point of failure if true (I doubt it is) The broken network  stopped the exchange of messages between different BA systems and application. Without messaging, there is no exchange of information between various applications. BA is using Progress Software’s Sonic [enterprise service bus].
    (via Tony Finch)

    (tags: postmortems ba airlines outages fail via:fanf datacenters ups power progress esb j2ee)

  • GDPR Advisors and Consultants - Data Compliance Europe

    Simon McGarr's new consultancy:

    Our consultancy helps our clients understand how EU privacy law applies to their organisations; delivers the practical and concrete steps needed to achieve legal compliance; and helps them manage their continuing obligations after GDPR comes into force. Our structured approach to GDPR provides a long-term data compliance framework to minimise the ongoing risk of potential fines for data protection breaches. Our continuing partnership provides regulator liaison, advisory consultancy, and external Data Protection Officer services.

    (tags: gdpr simon-mcgarr law privacy eu europe data-protection regulation data)

Links for 2017-05-29

Published May 29, 2017

Links for 2017-05-26

Published May 26, 2017

Links for 2017-05-25

Published May 25, 2017

  • 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy by Daniel J. Solove :: SSRN

    In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument. When asked about government surveillance and data mining, many people respond by declaring: "I've got nothing to hide." According to the nothing to hide argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The nothing to hide argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings.
    Via Fred Logue

    (tags: law philosophy privacy security essay papers daniel-solove surveillance snooping)

  • Enough with the microservices

    Good post!

    Much has been written on the pros and cons of microservices, but unfortunately I’m still seeing them as something being pursued in a cargo cult fashion in the growth-stage startup world. At the risk of rewriting Martin Fowler’s Microservice Premium article, I thought it would be good to write up some thoughts so that I can send them to clients when the topic arises, and hopefully help people avoid some of the mistakes I’ve seen. The mistake of choosing a path towards a given architecture or technology on the basis of so-called best practices articles found online is a costly one, and if I can help a single company avoid it then writing this will have been worth it.

    (tags: architecture design microservices coding devops ops monolith)

Links for 2017-05-24

Published May 24, 2017

  • Skot Olsen -- Blessed Saint Architeuthis

    Classic piece of freaky squid-related art, now purchaseable on giclee for $200! (very tempted)

    Saint Architeuthis is the patron saint of doomed sailors. While the origins of the saint remain unclear, it's recent history and worship are well documented. Whalers who turned their attention to catching giant squid and sea serpents in the 19th century, began asking Saint Architeuthis for mercy whenever a hunt would go awry, which was fairly frequent. When hunting for such animals, one would sometimes be thrown over board or a boat would sink exposing the men to whatever was in the water at the time. A sailor would ask Saint Architeuthis for the quick and relatively painless death of drowning, rather than the hideous demise of being ripped apart by the beak of the squid or chewed up in the sea serpent's hideous maw. Often, men would have visions of Saint Architeuthis who would appear before them in the form of a gigantic, yet benevolent squid wearing a bishop's mitre and carrying tools of the squid hunter's trade.

    (tags: art squid skot-olsen prints giclees toget weird)

Links for 2017-05-23

Published May 23, 2017

  • U.S. top court tightens patent suit rules in blow to 'patent trolls'

    This is excellent news, and a death knell for the East Texas patent troll court (cf https://motherboard.vice.com/en_us/article/the-small-town-judge-who-sees-a-quarter-of-the-nations-patent-cases ):

    The U.S. Supreme Court on Monday tightened rules for where patent lawsuits can be filed in a decision that may make it harder for so-called patent "trolls" to launch sometimes dodgy patent cases in friendly courts, a major irritant for high-tech giants like Apple and Alphabet Inc's Google. In a decision that upends 27 years of law governing patent infringement cases, the justices sided with beverage flavoring company TC Heartland LLC in its legal battle with food and beverage company Kraft Heinz Co (KHC.O). The justices ruled 8-0 that patent suits can be filed only in courts located in the jurisdiction where the targeted company is incorporated.
    via Brad Fitzgerald

    (tags: via:bradfitz patents swpats east-texas law trolls supreme-court infringement)

Links for 2017-05-22

Published May 22, 2017

Links for 2017-05-20

Published May 20, 2017

Links for 2017-05-18

Published May 18, 2017

  • Spotting a million dollars in your AWS account · Segment Blog

    You can easily split your spend by AWS service per month and call it a day. Ten thousand dollars of EC2, one thousand to S3, five hundred dollars to network traffic, etc. But what’s still missing is a synthesis of which products and engineering teams are dominating your costs.  Then, add in the fact that you may have hundreds of instances and millions of containers that come and go. Soon, what started as simple analysis problem has quickly become unimaginably complex.  In this follow-up post, we’d like to share details on the toolkit we used. Our hope is to offer up a few ideas to help you analyze your AWS spend, no matter whether you’re running only a handful of instances, or tens of thousands.

    (tags: segment money costs billing aws ec2 ecs ops)

Links for 2017-05-17

Published May 17, 2017

  • Seeking medical abortions online is safe and effective, study finds | World news | The Guardian

    Of the 1,636 women who were sent the drugs between the start of 2010 and the end of 2012, the team were able to analyse self-reported data from 1,000 individuals who confirmed taking the pills. All were less than 10 weeks pregnant. The results reveal that almost 95% of the women successfully ended their pregnancy without the need for surgical intervention. None of the women died, although seven women required a blood transfusion and 26 needed antibiotics. Of the 93 women who experienced symptoms for which the advice was to seek medical attention, 95% did so, going to a hospital or clinic. “When we talk about self-sought, self-induced abortion, people think about coat hangers or they think about tables in back alleys,” said Aiken. “But I think this research really shows that in 2017 self-sourced abortion is a network of people helping and supporting each other through what’s really a safe and effective process in the comfort of their own homes, and I think is a huge step forward in public health.”

    (tags: health medicine abortion pro-choice data women-on-web ireland law repealthe8th)

Links for 2017-05-15

Published May 15, 2017

  • The World Is Getting Hacked. Why Don’t We Do More to Stop It? - The New York Times

    Zeynep Tufekci is (as usual!) on the money with this op-ed. I strongly agree with the following:

    First, companies like Microsoft should discard the idea that they can abandon people using older software. The money they made from these customers hasn’t expired; neither has their responsibility to fix defects. Besides, Microsoft is sitting on a cash hoard estimated at more than $100 billion (the result of how little tax modern corporations pay and how profitable it is to sell a dominant operating system under monopolistic dynamics with no liability for defects). At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, “pay extra money to us or we will withhold critical security updates” can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more. Microsoft should spend more of that $100 billion to help institutions and users upgrade to newer software, especially those who run essential services on it. This has to be through a system that incentivizes institutions and people to upgrade to more secure systems and does not force choosing between privacy and security. Security updates should only update security, and everything else should be optional and unbundled.
    More on this twitter thread: https://twitter.com/zeynep/status/863734133188681732

    (tags: security microsoft upgrades windows windows-xp zeynep-tufekci worms viruses malware updates software)

  • Fireside Chat with Vint Cerf & Marc Andreessen (Google Cloud Next '17) - YouTube

    In which Vint Cerf calls for regulatory oversight of software engineering. "It's a serious issue now"

    (tags: vint-cerf gcp regulation oversight politics law reliability systems)

  • don't use String.intern() in Java

    String.intern is the gateway to native JVM String table, and it comes with caveats: throughput, memory footprint, pause time problems will await the users. Hand-rolled deduplicators/interners to reduce memory footprint are working much more reliably, because they are working on Java side, and also can be thrown away when done. GC-assisted String deduplication does alleviate things even more. In almost every project we were taking care of, removing String.intern from the hotpaths was the very profitable performance optimization. Do not use it without thinking, okay?

    (tags: strings interning java performance tips)

  • Moom removed from sale due to patent violation claim | Hacker News

    Well this sucks. Some scumbag applied for a patent on tiling window management in 2008, and it's been granted. I use Moom every day :(

    (tags: moom patents bullshit swpat software window-management osx)

  • V2V and the challenge of cooperating technology

    A great deal of effort and attention has gone into a mobile data technology that you may not be aware of. This is "Vehicle to Vehicle" (V2V) communication designed so that cars can send data to other cars. There is special spectrum allocated at 5.9ghz, and a protocol named DSRC, derived from wifi, exists for communications from car-to-car and also between cars and roadside transmitters in the infrastructure, known as V2I. This effort has been going on for some time, but those involved have had trouble finding a compelling application which users would pay for. Unable to find one, advocates hope that various national governments will mandate V2V radios in cars in the coming years for safety reasons. In December 2016, the U.S. Dept. of Transportation proposed just such a mandate. [....] "Connected Autonomous Vehicles -- Pick 2."

    (tags: cars self-driving autonomous-vehicles v2v wireless connectivity networking security)

  • _Amazon Aurora: Design Considerations for High Throughput Cloud-Native Relational Databases_

    'Amazon Aurora is a relational database service for OLTP workloads offered as part of Amazon Web Services (AWS). In this paper, we describe the architecture of Aurora and the design considerations leading to that architecture. We believe the central constraint in high throughput data processing has moved from compute and storage to the network. Aurora brings a novel architecture to the relational database to address this constraint, most notably by pushing redo processing to a multi-tenant scale-out storage service, purpose-built for Aurora. We describe how doing so not only reduces network traffic, but also allows for fast crash recovery, failovers to replicas without loss of data, and fault-tolerant, self-healing storage. We then describe how Aurora achieves consensus on durable state across numerous storage nodes using an efficient asynchronous scheme, avoiding expensive and chatty recovery protocols. Finally, having operated Aurora as a production service for over 18 months, we share the lessons we have learnt from our customers on what modern cloud applications expect from databases.'

    (tags: via:rbranson aurora aws amazon databases storage papers architecture)

  • Hello Sandwich Tokyo Guide

    a guide for people who like travelling like a local and visiting hidden places off the beaten track. There are tips on where to rent a bike, the best bike path, the best coffee, the best craft shops, the coolest shops, the cheapest drinks, the most delicious pizza, the best izakaya, the cutest cafes, the best rooftop bar, the coolest hotels (and the cheap and cheerful hotels), the loveliest parks and soooo much more. It's a list of all of the places I frequent, making it a local insiders guide to Tokyo. Also included in the Hello Sandwich Tokyo Guide are language essentials and travel tips. It's the bloggers guide to Tokyo and if you'd like to visit the places seen on Hello Sandwich, then this guide is the zine for you.

    (tags: shops tourism japan tokyo guidebooks)

  • jantman/awslimitchecker

    A script and python module to check your AWS service limits and usage, and warn when usage approaches limits. Users building out scalable services in Amazon AWS often run into AWS' service limits - often at the least convenient time (i.e. mid-deploy or when autoscaling fails). Amazon's Trusted Advisor can help this, but even the version that comes with Business and Enterprise support only monitors a small subset of AWS limits and only alerts weekly. awslimitchecker provides a command line script and reusable package that queries your current usage of AWS resources and compares it to limits (hard-coded AWS defaults that you can override, API-based limits where available, or data from Trusted Advisor where available), notifying you when you are approaching or at your limits.
    (via This Week in AWS)

    (tags: aws amazon limits scripts ops)

Links for 2017-05-13

Published May 13, 2017

Links for 2017-05-12

Published May 12, 2017

Links for 2017-05-11

Published May 11, 2017

  • Uuni

    "The world's best portable wood-fired oven". Fergal has one and loves it. $299

    (tags: uuni pizza oven outdoor food cooking gadgets)

  • Repair and Leasing Scheme - Peter Mc Verry Trust

    Minister Simon Coveney and the Department of Housing have provided funding of €32 million in 2017 for the Repair and Leasing Programme and set a target of 800 units to be delivered this year (2017). A total of €140 million has been allocated to the repair and leasing scheme over the lifetime of Rebuilding Ireland. The Repair and Leasing Scheme at a Glance: Targets Properties Empty or Derelict for 1 Year or more Grants to Property owners of up to €40,000 to get properties back into use Lease Terms of 10, 15 or 20 Years State Guaranteed Rental Income for Duration of Lease Property and Tenants Managed by Approved Housing Bodies [the Peter McVerry Trust in D1, D3, D7 and D9]

    (tags: peter-mcverry homelessness dublin housing repair derelict-buildings homes ireland property)

  • iKydz

    'Total Parent Control' for kids internet access at home. Dublin-based product, dedicated wifi AP with lots of child-oriented filtering capabilities

    (tags: filtering security ikydz kids children internet wifi ap hardware blocking)

  • _Optimal Probabilistic Cache Stampede Prevention_ [pdf]

    'When a frequently-accessed cache item expires, multiple requests to that item can trigger a cache miss and start regenerating that same item at the same time. This phenomenon, known as cache stampede, severely limits the performance of databases and web servers. A natural countermeasure to this issue is to let the processes that perform such requests to randomly ask for a regeneration before the expiration time of the item. In this paper we give optimal algorithms for performing such probabilistic early expirations. Our algorithms are theoretically optimal and have much better performances than other solutions used in real-world applications.' (via Marc Brooker)

    (tags: via:marcbrooker caching caches algorithm probabilistic expiration vldb papers expiry cache-miss stampedes)

Links for 2017-05-09

Published May 9, 2017

Links for 2017-05-08

Published May 8, 2017

  • The great British Brexit robbery: how our democracy was hijacked | Technology | The Guardian

    A map shown to the Observer showing the many places in the world where SCL and Cambridge Analytica have worked includes Russia, Lithuania, Latvia, Ukraine, Iran and Moldova. Multiple Cambridge Analytica sources have revealed other links to Russia, including trips to the country, meetings with executives from Russian state-owned companies, and references by SCL employees to working for Russian entities. Article 50 has been triggered. AggregateIQ is outside British jurisdiction. The Electoral Commission is powerless. And another election, with these same rules, is just a month away. It is not that the authorities don’t know there is cause for concern. The Observer has learned that the Crown Prosecution Service did appoint a special prosecutor to assess whether there was a case for a criminal investigation into whether campaign finance laws were broken. The CPS referred it back to the electoral commission. Someone close to the intelligence select committee tells me that “work is being done” on potential Russian interference in the referendum. Gavin Millar, a QC and expert in electoral law, described the situation as “highly disturbing”. He believes the only way to find the truth would be to hold a public inquiry. But a government would need to call it. A government that has just triggered an election specifically to shore up its power base. An election designed to set us into permanent alignment with Trump’s America. [....] This isn’t about Remain or Leave. It goes far beyond party politics. It’s about the first step into a brave, new, increasingly undemocratic world.

    (tags: elections brexit trump cambridge-analytica aggregateiq scary analytics data targeting scl ukip democracy grim-meathook-future)

  • Online security won’t improve until companies stop passing the buck to the customer

    100% agreed!

    Giving good security advice is hard because very often individuals have little or no effective control over their security. The extent to which a customer is at risk of being defrauded largely depends on how good their bank’s security is, something customers cannot know. Similarly, identity fraud is the result of companies doing a poor job at verifying identity. If a criminal can fraudulently take out a loan using another’s name, address, and date of birth from the public record, that’s the fault of the lender – not, as Cifas, a trade organisation for lenders, claims, because customers “don’t take the same care to protect our most important asset – our identities”.

    (tags: cifas uk passwords security regulation banking ncsc riscs advice)

  • Backdooring an AWS account

    eek. Things to look out for on your AWS setup:

    So you’ve pwned an AWS account?—?congratulations?—?now what? You’re eager to get to the data theft, amirite? Not so fast whipper snapper, have you disrupted logging? Do you know what you have? Sweet! Time to get settled in. Maintaining persistence in AWS is only limited by your imagination but there are few obvious and oft used techniques everyone should know and watch for.

    (tags: aws security hacks iam sts)

Links for 2017-05-07

Published May 7, 2017

Links for 2017-05-04

Published May 4, 2017

  • The Dark Secret at the Heart of AI - MIT Technology Review

    'The mysterious mind of [NVidia's self-driving car, driven by machine learning] points to a looming issue with artificial intelligence. The car’s underlying AI technology, known as deep learning, has proved very powerful at solving problems in recent years, and it has been widely deployed for tasks like image captioning, voice recognition, and language translation. There is now hope that the same techniques will be able to diagnose deadly diseases, make million-dollar trading decisions, and do countless other things to transform whole industries. But this won’t happen—or shouldn’t happen—unless we find ways of making techniques like deep learning more understandable to their creators and accountable to their users. Otherwise it will be hard to predict when failures might occur—and it’s inevitable they will. That’s one reason Nvidia’s car is still experimental. Already, mathematical models are being used to help determine who makes parole, who’s approved for a loan, and who gets hired for a job. If you could get access to these mathematical models, it would be possible to understand their reasoning. But banks, the military, employers, and others are now turning their attention to more complex machine-learning approaches that could make automated decision-making altogether inscrutable. Deep learning, the most common of these approaches, represents a fundamentally different way to program computers. “It is a problem that is already relevant, and it’s going to be much more relevant in the future,” says Tommi Jaakkola, a professor at MIT who works on applications of machine learning. “Whether it’s an investment decision, a medical decision, or maybe a military decision, you don’t want to just rely on a ‘black box’ method.”'

    (tags: ai algorithms ml machine-learning legibility explainability deep-learning nvidia)

Links for 2017-05-03

Published May 3, 2017

  • Prior Exposure Increases Perceived Accuracy of Fake News

    In other words, repeated exposure to fake news renders it believable. Pennycook, Gordon and Cannon, Tyrone D and Rand, David G., _Prior Exposure Increases Perceived Accuracy of Fake News_ (April 30, 2017):

    Collectively, our results indicate familiarity is used heuristically to infer accuracy. Thus, the spread of fake news is supported by persistent low-level cognitive processes that make even highly implausible and partisan claims more believable with repetition. Our results suggest that political echo chambers not only isolate one from opposing views, but also help to create incubation chambers for blatantly false (but highly salient and politicized) fake news stories.
    (via Zeynep Tufekci) See also: http://www.rand.org/content/dam/rand/pubs/perspectives/PE100/PE198/RAND_PE198.pdf , _The Russian "Firehose of Falsehood" Propaganda Model_, from RAND.

    (tags: propaganda psychology fake-news belief facebook echo-chambers lies truth media)

  • How your selfie could affect your life insurance

    Noping so hard. Imagine the levels of algorithmic discrimination inherent in this shit.

    "Your face is something you wear all your life, and it tells a very unique story about you," says Karl Ricanek Jr., co-founder and chief data scientist at Lapetus Solutions Inc. in Wilmington, N.C. Several life insurance companies are testing Lapetus technology that uses facial analytics and other data to estimate life expectancy, he says. (Lapetus would not disclose the names of companies testing its product.) Insurers use life expectancy estimates to make policy approval and pricing decisions. Lapetus says its product, Chronos, would enable a customer to buy life insurance online in as little as 10 minutes without taking a life insurance medical exam.

    (tags: discrimination computer-says-no algorithms selfies face lapetus photos life-insurance life-expectancy)

  • After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts • The Register

    Experts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other. [...] O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7. In other words, thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers, allowing them to empty their accounts. The thefts occurred over the past few months, according to multiple sources.

    (tags: o2 telefonica germany ss7 mobile 2fa security hacks cellphones)

Links for 2017-05-02

Published May 2, 2017

  • explainshell.com

    This is pretty excellent work -- paste a UNIX command line and it'll contextually inline manual page snippets to match, highlighting the matching part of the command line.

    (tags: cli unix documentation explainshell shell scripting syntax manual-pages)

  • Sufjan Stevens - Carrie & Lowell Live on Vimeo

    the entire concert set. This was the highlight concert for me in 2015

    (tags: music video sufjan-stevens concerts 2015)

  • Exclusive: The Leaked Fyre Festival Pitch Deck Is Beyond Parody | Vanity Fair

    This is the worst future ever.

    As the pitch deck claims, within the first 48 hours of the social-media blitz, the Fyre Starters had reached “300 million social impressions”—impressions being the kind of dumb synonym one uses instead of the word “people,” in the same way someone at a bar tries to sound smart by saying he is “inebriated” instead of “drunk.” (And to be fair, an impression isn’t even a sentient person. It’s essentially reaching a person when they aren’t paying attention.) To pull off the 300 million impressions, McFarland and Ja Rule partnered with a P.R. agency, a creative agency, and Elliot Tebele, a once-random nobody who has created a social-media empire by siphoning other people’s jokes into the Instagram account @FuckJerry. One of the biggest deceits of the entire media campaign was that almost all of the 400 influencers who shared the promotional videos and photos never noted they were actually advertising something for someone else, which the Federal Trade Commission requires. This kind of advertising has been going on for years, and while the F.T.C. has threatened to crack down on online celebrities and influencers deceitfully failing to disclose that they are paid to post sponsorships, so far those threats have been completely ignored.

    (tags: fyre fail grim influencers instagram ftc pr advertising festivals)

  • Towards true continuous integration – Netflix TechBlog – Medium

    Netflix discuss how they handle the eternal dependency-management problem which arises with lots of microservices:

    Using the monorepo as our requirements specification, we began exploring alternative approaches to achieving the same benefits. What are the core problems that a monorepo approach strives to solve? Can we develop a solution that works within the confines of a traditional binary integration world, where code is shared? Our approach, while still experimental, can be distilled into three key features: Publisher feedback?—?provide the owner of shared code fast feedback as to which of their consumers they just broke, both direct and transitive. Also, allow teams to block releases based on downstream breakages. Currently, our engineering culture puts sole responsibility on consumers to resolve these issues. By giving library owners feedback on the impact they have to the rest of Netflix, we expect them to take on additional responsibility. Managed source?—?provide consumers with a means to safely increment library versions automatically as new versions are released. Since we are already testing each new library release against all downstreams, why not bump consumer versions and accelerate version adoption, safely. Distributed refactoring?—?provide owners of shared code a means to quickly find and globally refactor consumers of their API. We have started by issuing pull requests en masse to all Git repositories containing a consumer of a particular Java API. We’ve run some early experiments and expect to invest more in this area going forward.
    What I find interesting is that Amazon dealt effectively with the first two many years ago, in the form of their "Brazil" build system, and Google do the latter (with Refaster?). It would be amazing to see such a system released into an open source form, but maybe it's just too heavyweight for anyone other than a giant software company on the scale of a Google, Netflix or Amazon.

    (tags: brazil amazon build microservices dependencies coding monorepo netflix google refaster)

  • acksin/seespot: AWS Spot instance health check with termination and clean up support

    When a Spot Instance is about to terminate there is a 2 minute window before the termination actually happens. SeeSpot is a utility for AWS Spot instances that handles the health check. If used with an AWS ELB it also handles cleanup of the instance when a Spot Termination notice is sent.

    (tags: aws elb spot-instances health-checks golang lifecycle ops)

  • cristim/autospotting: Pay up to 10 times less on EC2 by automatically replacing on-demand AutoScaling group members with similar or larger identically configured spot instances.

    A simple and easy to use tool designed to significantly lower your Amazon AWS costs by automating the use of the spot market. Once enabled on an existing on-demand AutoScaling group, it launches an EC2 spot instance that is cheaper, at least as large and configured identically to your current on-demand instances. As soon as the new instance is ready, it is added to the group and an on-demand instance is detached from the group and terminated. It continuously applies this process, gradually replacing any on-demand instances with spot instances until the group only consists of spot instances, but it can also be configured to keep some on-demand instances running.

    (tags: aws golang ec2 autoscaling asg spot-instances ops)

  • Rule by Nobody

    'Algorithms update bureaucracy’s long-standing strategy for evasion.'

    The need to optimize yourself for a network of opaque algorithms induces a sort of existential torture. In The Utopia of Rules: On Technology, Stupidity, and the Secret Joys of Bureaucracy, anthropologist David Graeber suggests a fundamental law of power dynamics: “Those on the bottom of the heap have to spend a great deal of imaginative energy trying to understand the social dynamics that surround them — including having to imagine the perspectives of those on top — while the latter can wander about largely oblivious to much of what is going on around them. That is, the powerless not only end up doing most of the actual, physical labor required to keep society running, they also do most of the interpretive labor as well.” This dynamic, Graeber argues, is built into all bureaucratic structures. He describes bureaucracies as “ways of organizing stupidity” — that is, of managing and reproducing these “extremely unequal structures of imagination” in which the powerful can disregard the perspectives of those beneath them in various social and economic hierarchies. Employees need to anticipate the needs of bosses; bosses need not reciprocate. People of color are forced to learn to accommodate and anticipate the ignorance and hostility of white people. Women need to be acutely aware of men’s intentions and feelings. And so on. Even benevolent-seeming bureaucracies, in Graeber’s view, have the effect of reinforcing “the highly schematized, minimal, blinkered perspectives typical of the powerful” and their privileges of ignorance and indifference toward those positioned as below them.

    (tags: algorithms bureaucracy democracy life society via:raycorrigan technology power)

  • Reverse engineering the 76477 "Space Invaders" sound effect chip from die photos

    Now _this_ is reversing:

    Remember the old video game Space Invaders? Some of its sound effects were provided by a chip called the 76477 Complex Sound Generation chip. While the sound effects1 produced by this 1978 chip seem primitive today, it was used in many video games, pinball games. But what's inside this chip and how does it work internally? By reverse-engineering the chip from die photos, we can find out. (Photos courtesy of Sean Riddle.) In this article, I explain how the analog circuits of this chip works and show how the hundreds of transistors on the silicon die form the circuits of this complex chip.

    (tags: space-invaders games history reverse-engineering chips analog sound-effects)

Links for 2017-04-28

Published April 28, 2017

Links for 2017-04-26

Published April 26, 2017

  • Put Down the Pink Dumbbell

    So, ladies, let’s first put down the two-pound, pink dumbbells. We have been sold a false story about fitness, health (and its connection to weight loss). I was exercised by wolves. And I’m going to tell you all the secrets and tricks I learned by avoiding the fitness-industrial complex. Most of what I’ll say applies to men, but I have discovered that most of the outrageously wrong advice is given to women. [...] So, here: truth number one. Very few of us consider strength-training as essential exercise, but it is. It is especially crucial as one ages, because a natural part of the aging process is losing muscle. Women, especially, need to lift weights, and the trick to lifting weights is stressing muscles. And that weight has to be a real weight, progressively increased, and barring health issues, an average woman should not even bother with two pound weights because that won’t stress your muscles enough to benefit you. Exercise industry is surely partially to blame for why people don’t exercise regularly: they promise the wrong thing (weight loss) and then don’t push/guide people to do the right thing.

    (tags: exercise health fitness weight-loss zeynep-tufekci strength aging weights training)

  • ECJ rules sale of multimedia player enabling streaming of illegal content onto TV screen breaches copyright

    via Simon McGarr

    (tags: via:tupp_ed piracy streaming dodgyboxes tv ecj eu)

Links for 2017-04-25

Published April 25, 2017

  • Ireland’s Content Pool

    Bring your content to life with our free resource for positive tourism related purposes. Our image, video and copy collections show people, landscapes and the Irish lifestyle across a range of experiences including festivals, activities, cities, rural life and food.
    Interesting idea -- but the licensing terms aren't 100% clear. This would have been much easier if it was just CC licensed!

    (tags: open-data licensing ireland tourism via:damienmulley landscapes photos pictures content failte-ireland)

  • Here’s Why Juicero’s Press is So Expensive – Bolt Blog

    Our usual advice to hardware founders is to focus on getting a product to market to test the core assumptions on actual target customers, and then iterate. Instead, Juicero spent $120M over two years to build a complex supply chain and perfectly engineered product that is too expensive for their target demographic. Imagine a world where Juicero raised only $10M and built a product subject to significant constraints. Maybe the Press wouldn’t be so perfectly engineered but it might have a fewer features and cost a fraction of the original $699. Or maybe with a more iterative approach, they would have quickly found that customers vary greatly in their juice consumption patterns, and would have chosen a per-pack pricing model rather than one-size-fits-all $35/week subscription. Suddenly Juicero is incredibly compelling as a product offering, at least to this consumer.

    (tags: juicero design electronics hardware products startups engineering teardowns)

  • AWS Greengrass

    AWS Greengrass is software that lets you run local compute, messaging & data caching for connected devices in a secure way. With AWS Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet. Using AWS Lambda, Greengrass ensures your IoT devices can respond quickly to local events, operate with intermittent connections, and minimize the cost of transmitting IoT data to the cloud. AWS Greengrass seamlessly extends AWS to devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With Greengrass, you can use familiar languages and programming models to create and test your device software in the cloud, and then deploy it to your devices. AWS Greengrass can be programmed to filter device data and only transmit necessary information back to the cloud. AWS Greengrass authenticates and encrypts device data at all points of connection using AWS IoT’s security and access management capabilities. This way data is never exchanged between devices when they communicate with each other and the cloud without proven identity.

    (tags: aws cloud iot lambda devices offline synchronization architecture)

  • Immunotherapy Pioneer James Allison Has Unfinished Business with Cancer - MIT Technology Review

    On the discovery and history of ipilimumab (trade named Yervoy), one of the first immunotherapy drugs

    (tags: ipilimumab cancer yervoy immunotherapy medicine melanoma)

  • FactCheck: No, the reported side effects of the HPV vaccine do NOT outweigh the proven benefits

    The Journal FactCheck team take a shortcut through Regret.ie's bullshit

    (tags: hpv antivaxxers gardasil safety vaccination health medicine fact-checking)

Links for 2017-04-24

Published April 24, 2017

  • Unroll.me sold your data to Uber

    'Uber devoted teams to so-called competitive intelligence, purchasing data from Slice Intelligence, which collected customers' emailed Lyft receipts via Unroll.me and sold the data to Uber'. Also: 'Unroll.me allegedly "kept a copy of every single email that you sent or received" in "poorly secured S3 buckets"': https://news.ycombinator.com/item?id=14180463 Unroll.me CEO: 'felt bad “to see that some of our users were upset to learn about how we monetise our free service”.' https://www.theguardian.com/technology/2017/apr/24/unrollme-mail-unsubscription-service-heartbroken-sells-user-inbox-data-slice

    (tags: uber unroll.me gmail google privacy data-protection lyft scumbags slice-intelligence)

  • Capturing all the flags in BSidesSF CTF by pwning Kubernetes/Google Cloud

    good exploration of the issues with running a CTF challenge (or any other secure infrastructure!) atop Kubernetes and a cloud platform like GCE

    (tags: gce google-cloud kubernetes security docker containers gke ctf hacking exploits)

  • How To Add A Security Key To Your Gmail (Tech Solidarity)

    Excellent how-to guide for Yubikey usage on gmail

    (tags: gmail yubikey security authentication google)

  • Ethics - Lyrebird

    'Lyrebird is the first company to offer a technology to reproduce the voice of someone as accurately and with as little recorded audio. [..] Voice recordings are currently considered as strong pieces of evidence in our societies and in particular in jurisdictions of many countries. Our technology questions the validity of such evidence as it allows to easily manipulate audio recordings. This could potentially have dangerous consequences such as misleading diplomats, fraud and more generally any other problem caused by stealing the identity of someone else. By releasing our technology publicly and making it available to anyone, we want to ensure that there will be no such risks. We hope that everyone will soon be aware that such technology exists and that copying the voice of someone else is possible. More generally, we want to raise attention about the lack of evidence that audio recordings may represent in the near future.'

    (tags: lyrebird audio technology scary ethics)

Links for 2017-04-21

Published April 21, 2017

Links for 2017-04-20

Published April 20, 2017

  • Amazon DynamoDB Accelerator (DAX)

    Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second. DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management.
    No latency percentile figures, unfortunately. Also still in preview.

    (tags: amazon dynamodb aws dax performance storage databases latency low-latency)

  • I Just Love This Juicero Story So Much

    When we signed up to pump money into this juice company, it was because we thought drinking the juice would be a lot harder and more expensive. That was the selling point, because Silicon Valley is a stupid libertarian dystopia where investor-class vampires are the consumers and a regular person’s money is what they go shopping for. Easily opened bags of juice do not give these awful nightmare trash parasites a good bargain on the disposable income of credulous wellness-fad suckers; therefore easily opened bags of juice are a worse investment than bags of juice that are harder to open.

    (tags: juicero juicebros techbros silicon-valley funny dystopia fruit bags juice)

  • Zeynep Tufekci: Machine intelligence makes human morals more important | TED Talk | TED.com

    Machine intelligence is here, and we're already using it to make subjective decisions. But the complex way AI grows and improves makes it hard to understand and even harder to control. In this cautionary talk, techno-sociologist Zeynep Tufekci explains how intelligent machines can fail in ways that don't fit human error patterns — and in ways we won't expect or be prepared for. "We cannot outsource our responsibilities to machines," she says. "We must hold on ever tighter to human values and human ethics."
    More relevant now that nVidia are trialing ML-based self-driving cars in the US...

    (tags: nvidia ai ml machine-learning scary zeynep-tufekci via:maciej technology ted-talks)

  • 'Mathwashing,' Facebook and the zeitgeist of data worship

    Fred Benenson: Mathwashing can be thought of using math terms (algorithm, model, etc.) to paper over a more subjective reality. For example, a lot of people believed Facebook was using an unbiased algorithm to determine its trending topics, even if Facebook had previously admitted that humans were involved in the process.

    (tags: maths math mathwashing data big-data algorithms machine-learning bias facebook fred-benenson)

  • Build a Better Monster: Morality, Machine Learning, and Mass Surveillance

    We built the commercial internet by mastering techniques of persuasion and surveillance that we’ve extended to billions of people, including essentially the entire population of the Western democracies. But admitting that this tool of social control might be conducive to authoritarianism is not something we’re ready to face. After all, we're good people. We like freedom. How could we have built tools that subvert it? As Upton Sinclair said, “It is difficult to get a man to understand something, when his salary depends on his not understanding it.” I contend that there are structural reasons to worry about the role of the tech industry in American political life, and that we have only a brief window of time in which to fix this.

    (tags: advertising facebook google internet politics surveillance democracy maciej-ceglowski talks morality machine-learning)

Links for 2017-04-13

Published April 13, 2017

Links for 2017-04-12

Published April 12, 2017

Links for 2017-04-11

Published April 11, 2017

Links for 2017-04-10

Published April 10, 2017

Links for 2017-04-07

Published April 7, 2017

  • Research Blog: Federated Learning: Collaborative Machine Learning without Centralized Training Data

    Great stuff from Google - this is really nifty stuff for large-scale privacy-preserving machine learning usage:

    It works like this: your device downloads the current model, improves it by learning from data on your phone, and then summarizes the changes as a small focused update. Only this update to the model is sent to the cloud, using encrypted communication, where it is immediately averaged with other user updates to improve the shared model. All the training data remains on your device, and no individual updates are stored in the cloud. Federated Learning allows for smarter models, lower latency, and less power consumption, all while ensuring privacy. And this approach has another immediate benefit: in addition to providing an update to the shared model, the improved model on your phone can also be used immediately, powering experiences personalized by the way you use your phone.
    Papers: https://arxiv.org/pdf/1602.05629.pdf , https://arxiv.org/pdf/1610.05492.pdf

    (tags: google ml machine-learning training federated-learning gboard models privacy data-privacy data-protection)

  • /r/ireland map

    The denizens of /r/ireland have put together a map of their favourite tourist spots around the country. Some slightly odd choices but definitely a few that may be worth a visit. Thread: https://www.reddit.com/r/ireland/comments/5b0634/i_am_starting_a_rireland_recommended_map_for/

    (tags: ireland tourist tourism attractions reddit)

Links for 2017-04-06

Published April 6, 2017

Links for 2017-04-05

Published April 5, 2017

Links for 2017-04-04

Published April 4, 2017

Links for 2017-04-03

Published April 3, 2017

  • Introducing the Faves & Flags roleplaying system | MetaTalk

    awesome D&D-spoofing April Fool from MeFi

    (tags: metafilter funny dungeons-and-dragons community spoofs rpg 1970s)

  • Watching the hearings, I learned my "Bernie bro" harassers may have been Russian bots

    However, the rest of the abuse came from accounts purporting to be supporters of Vermont Independent Senator Bernie Sanders. And these were “people” with whom I believed I shared common values and policy interests. Almost all of the accounts presented as men — mostly young and white — and used sexist and misogynistic tones and words. I was called “mom” and “grandma” as epithets by these “young men.” I was called every vile sexualized name you can imagine. For some reason that I did not understand at the time, they liked to call me a “vagina.” (I now believe non-native English — i.e. Russian — speakers wrote the algorithms controlling these bots and perhaps imagined “vagina” to be the equivalent of the c-word when hurled at a woman.) Not being conversant in the mechanisms of Russian psychological warfare techniques at the time, it never occurred to me that, like the #MAGA bots, these “Bernie Bro” accounts were actually bots too. And the abuse from these accounts was much harder to dismiss. It went in further, emotionally speaking. The vitriol of the attacks felt like a painful betrayal. After all, “we” probably shared 99 percent of our political perspective; we just supported different candidates — which is something I said repeatedly in my attempts to appeal to reason with some of the attackers over the course of those long months. Nonetheless, even the mildest criticism of Sanders or comment of support for Clinton would bring out a swarm of these “Bernie Bro” accounts spouting off with abusive language and mockery.

    (tags: bernie-bros abuse twitter russia security bots elections hilary-clinton)

Links for 2017-03-31

Published March 31, 2017

Links for 2017-03-28

Published March 28, 2017

  • Automated unemployment insurance fraud detection system had a staggering 93% error rate in production

    Expect to see a lot more cases of automated discrimination like this in the future. There is no way an auto-adjudication system would be allowed to have this staggering level of brokenness if it was dealing with the well-off:

    State officials have said that between Oct. 1, 2013, when the MiDAS [automated unemployment insurance fraud detection] system came on line, and Aug. 7, 2015, when the state halted the auto-adjudication of fraud determinations and began to require some human review of MiDAS findings, the system had a 93% error rate and made false fraud findings affecting more than 20,000 unemployment insurance claims. Those falsely accused of fraud were subjected to quadruple penalties and aggressive collection techniques, including wage garnishment and seizure of income tax refunds. Some were forced into bankruptcy. The agency is now reviewing about 28,000 additional fraud determinations that were made during the relevant period, but which involved some human review. An unknown number of those fraud findings were also false.

    (tags: fraud broken fail michigan detroit social-welfare us-politics computer-says-no automation discrimination fraud-detection)

Links for 2017-03-27

Published March 27, 2017

Links for 2017-03-26

Published March 26, 2017

  • American Snoper – Medium

    The grugq on Putin vs France:

    How modern conflicts play out in the informatics sphere, what I mean when I talk about cyber war, is happening in France. After France there will be Germany, then the Scandinavian countries have their elections. There is no chance that Putin attempting to shape the world to best suit Russian interests will abate. Currently, the strongest area that he can contend in is the informatics sphere, the cyber realm, where human perception of reality is shaped.

    (tags: putin france elections russia cyber-war hacking security wikileaks)

Links for 2017-03-24

Published March 24, 2017

  • That thing about pwning N26

    Whitehat CCC hacker thoroughly pwns N26 bank -- there's a lot of small leaks and insecurities here. Sounds like N26 are dealing with them though

    (tags: ccc hacks exploits n26 banks banking security)

  • 'For decades, the transaction concept has played a central role in database research and development. Despite this prominence, transactional databases today often surface much weaker models than the classic serializable isolation guarantee—and, by default, far weaker models than alternative,“strong but not serializable” models such as Snapshot Isolation. Moreover, the transaction concept requires the programmer’s involvement: should an application programmer fail to correctly use transactions by appropriately encapsulating functionality, even serializable transactions will expose programmers to errors. While many errors arising from these practices may be masked by low concurrency during normal operation, they are susceptible to occur during periods of abnormally high concurrency. By triggering these errors via concurrent access in a deliberate attack, a determined adversary could systematically exploit them for gain. In this work, we defined the problem of ACIDRain attacks and introduced 2AD, a lightweight dynamic analysis tool that uses traces of normal database activity to detect possible anomalous behavior in applications. To enable 2AD, we extended Adya’s theory of weak isolation to allow efficient reasoning over the space of all possible concurrent executions of a set of transactions based on a concrete history, via a new concept called an abstract history, which also applies to API calls. We then applied 2AD analysis to twelve popular self-hosted eCommerce applications, finding 22 vulnerabilities spread across all but one application we tested, affecting over 50% of eCommerce sites on the Internet today. We believe that the magnitude and the prevalence of these vulnerabilities to ACIDRain attacks merits a broader reconsideration of the success of the transaction concept as employed by programmers today, in addition to further pursuit of research in this direction. Based on our early experiences both performing ACIDRain attacks on self-hosted applications as well as engaging with developers, we believe there is considerable work to be done in raising awareness of these attacks—for example, via improved analyses and additional 2AD refinement rules (including analysis of source code to better highlight sources of error)—and in automated methods for defending against these attacks—for example, by synthesizing repairs such as automated isolation level tuning and selective application of SELECT FOR UPDATE mechanisms. Our results here—as well as existing instances of ACIDRain attacks in the wild—suggest there is considerable value at stake.'

    (tags: databases transactions vulnerability security acidrain peter-bailis storage isolation acid)

  • Scientists made a detailed “roadmap” for meeting the Paris climate goals. It’s eye-opening. - Vox

    tl;dr: this is not going to happen and we are fucked.

    (tags: climate environment global-warming science roadmap future grim-meathook-future)

  • HyperBitBit

    jomsdev notes: 'Last year, in the AofA’16 conference Robert Sedgewick proposed a new algorithm for cardinality estimation. Robert Sedgwick is a professor at Princeton with a long track of publications on combinatorial/randomized algorithms. He was a good friend of Philippe Flajolet (creator of Hyperloglog) and HyperBitBit it's based on the same ideas. However, it uses less memory than Hyperloglog and can provide the same results. On practical data, HyperBitBit, for N < 2^64 estimates cardinality within 10% using only 128 + 6 bits.'

    (tags: algorithms programming cs hyperloglog estimation cardinality counting hyperbitbit)

Links for 2017-03-23

Published March 23, 2017

Links for 2017-03-22

Published March 22, 2017

  • Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware

    DRM working as expected:

    To avoid the draconian locks that John Deere puts on the tractors they buy, farmers throughout America's heartland have started hacking their equipment with firmware that's cracked in Eastern Europe and traded on invite-only, paid online forums. Tractor hacking is growing increasingly popular because John Deere and other manufacturers have made it impossible to perform "unauthorized" repair on farm equipment, which farmers see as an attack on their sovereignty and quite possibly an existential threat to their livelihood if their tractor breaks at an inopportune time.
    (via etienneshrdlu)

    (tags: hacking farming drm john-deere tractors firmware right-to-repair repair)

Links for 2017-03-21

Published March 21, 2017

  • Don’t Get Trampled: The Puzzle For “Unicorn” Employees

    'One of my sad predictions for 2017 is a bunch of big headline-worthy acquisitions and IPOs that leave a lot of hard working employees at these companies in a weird spot. They’ll be congratulated by everyone they know for their extraordinary success while scratching their heads wondering why they barely benefited. Of course, the reason is that these employees never understood their compensation in the first place (and they were not privy to the terms of all the financings before and after they were hired).'

    (tags: share-options shares unicorns funding employment jobs compensation)

  • GitHub's new Balanced Employee IP Agreement (BEIPA) lets workers keep the IP when they use company resources for personal projects — Quartz

    Huh, interesting development:

    If it’s on company time, it’s the company’s dime. That’s the usual rule in the tech industry—that if employees use company resources to work on projects unrelated to their jobs, their employer can claim ownership of any intellectual property (IP) they create. But GitHub is throwing that out the window. Today the code-sharing platform announced a new policy, the Balanced Employee IP Agreement (BEIPA). This allows its employees to use company equipment to work on personal projects in their free time, which can occur during work hours, without fear of being sued for the IP. As long as the work isn’t related to GitHub’s own “existing or prospective” products and services, the employee owns it.

    (tags: github law tech jobs work day-job side-projects hacking ip copyright)

Links for 2017-03-20

Published March 20, 2017

  • Segment.com on cost savings using DynamoDB, autoscaling and ECS

    great post. 1. DynamoDB hot shards were a big problem -- and it is terrible that diagnosing this requires a ticket to AWS support! This heat map should be a built-in feature. 2. ECS auto-scaling gets a solid thumbs-up. 3. Switching from ELB to ALB lets them set ports dynamically for individual ECS Docker containers, and then pack as many containers as will fit on a giant EC2 instance. 4. Terraform modules to automate setup and maintainance of ECS, autoscaling groups, and ALBs

    (tags: terraform segment architecture aws dynamodb alb elb asg ecs docker)

  • atlassian/localstack: A fully functional local AWS cloud stack. Develop and test your cloud apps offline!

    LocalStack provides an easy-to-use test/mocking framework for developing Cloud applications. Currently, the focus is primarily on supporting the AWS cloud stack. LocalStack spins up the following core Cloud APIs on your local machine: API Gateway at http://localhost:4567; Kinesis at http://localhost:4568; DynamoDB at http://localhost:4569; DynamoDB Streams at http://localhost:4570; Elasticsearch at http://localhost:4571; S3 at http://localhost:4572; Firehose at http://localhost:4573; Lambda at http://localhost:4574; SNS at http://localhost:4575; SQS at http://localhost:4576 Additionally, LocalStack provides a powerful set of tools to interact with the cloud services, including a fully featured KCL Kinesis client with Python binding, simple setup/teardown integration for nosetests, as well as an Environment abstraction that allows to easily switch between local and remote Cloud execution.

    (tags: aws emulation mocking services testing dynamodb s3)

Links for 2017-03-15

Published March 15, 2017

  • Artificial intelligence is ripe for abuse, tech researcher warns: 'a fascist's dream' | Technology | The Guardian

    “We should always be suspicious when machine learning systems are described as free from bias if it’s been trained on human-generated data,” Crawford said. “Our biases are built into that training data.” In the Chinese research it turned out that the faces of criminals were more unusual than those of law-abiding citizens. “People who had dissimilar faces were more likely to be seen as untrustworthy by police and judges. That’s encoding bias,” Crawford said. “This would be a terrifying system for an autocrat to get his hand on.” [...] With AI this type of discrimination can be masked in a black box of algorithms, as appears to be the case with a company called Faceception, for instance, a firm that promises to profile people’s personalities based on their faces. In its own marketing material, the company suggests that Middle Eastern-looking people with beards are “terrorists”, while white looking women with trendy haircuts are “brand promoters”.

    (tags: bias ai racism politics big-data technology fascism crime algorithms faceception discrimination computer-says-no)

  • ASAP: Automatic Smoothing for Attention Prioritization in Streaming Time Series Visualization

    Peter Bailis strikes again. 'Time series visualization of streaming telemetry (i.e., charting of key metrics such as server load over time) is increasingly prevalent in recent application deployments. Existing systems simply plot the raw data streams as they arrive, potentially obscuring large-scale deviations due to local variance and noise. We propose an alternative: to better prioritize attention in time series exploration and monitoring visualizations, smooth the time series as much as possible to remove noise while still retaining large-scale structure. We develop a new technique for automatically smoothing streaming time series that adaptively optimizes this trade-off between noise reduction (i.e., variance) and outlier retention (i.e., kurtosis). We introduce metrics to quantitatively assess the quality of the choice of smoothing parameter and provide an efficient streaming analytics operator, ASAP, that optimizes these metrics by combining techniques from stream processing, user interface design, and signal processing via a novel autocorrelation-based pruning strategy and pixel-aware preaggregation. We demonstrate that ASAP is able to improve users’ accuracy in identifying significant deviations in time series by up to 38.4% while reducing response times by up to 44.3%. Moreover, ASAP delivers these results several orders of magnitude faster than alternative optimization strategies.'

    (tags: dataviz graphs metrics peter-bailis asap smoothing aggregation time-series tsd)

  • When the Children Crashed Dad’s BBC Interview: The Family Speaks - WSJ

    Mr. Kelly describes his reaction as a mixture of surprise, embarrassment and amusement but also love and affection. The couple says they weren’t mad and didn’t scold the children. “I mean it was terribly cute,” Mr. Kelly said. “I saw the video like everybody else. My wife did a great job cleaning up a really unanticipated situation as best she possibly could... It was funny. If you watch the tape I was sort of struggling to keep my own laughs down. They’re little kids and that’s how things are.” “Yes I was mortified, but I also want my kids to feel comfortable coming to me,” Mr. Kelly said.
    aww!

    (tags: cute family bbc interviews funny viral kids hippity-hoppity robert-kelly)

  • UN privacy watchdog says 'little or no evidence' that mass surveillance works | ZDNet

    The United Nations' special rapporteur on privacy has lambasted a spate of new surveillance laws across Europe and the US, saying that there is "little or no evidence" that mass monitoring of communications works. In a report published this week, Prof. Joseph Cannataci, the first privacy watchdog to take up the post, said he was neither convinced of the effectiveness or the proportionality "of some of the extremely privacy-intrusive measures that have been introduced by new surveillance laws." He also said that bulk records collection, such as call and email metadata, runs the risk of "being hacked by hostile governments or organized crime." Cannataci singled out recently-passed laws in France, Germany, the UK and the US, all of which have pushed through new legislation in the wake of the threat from the so-called Islamic State. He said that the passed laws amount to "gesture-politics," which in his words, "have seen politicians who wish to be seen to be doing something about security, legislating privacy-intrusive powers into being -- or legalize existing practices -- without in any way demonstrating that this is either a proportionate or indeed an effective way to tackle terrorism." A rise in public support of increased surveillance powers is "predicated on the psychology of fear," he said, referring to the perceived threat of terrorism.

    (tags: surveillance law privacy un joseph-cannataci watchdogs terrorism fear fud)

  • The Lord British Postulate

    One of the most famous attributes of Lord British is that he is almost invincible. In every Ultima game in which he has appeared, he is designed to be almost impervious to a player's character predations. However, there are ways for a player thinking outside the box to assassinate him. This phenomenon is the origin of the Lord British Postulate which states: "If it exists as a living creature in an MMORPG, someone, somewhere, will try to kill it."[7] Virtually every MMO game displays numerous instances of this, with players attempting to kill (or, in the case of friendly NPCs, cause the death of) virtually every NPC or monster, howsoever powerful, meek, friendly, or ethereal.

    (tags: npcs gaming games lord-british murder rules mmorpgs)

Links for 2017-03-13

Published March 13, 2017

  • Dinosaur Escape - BoardGameGeek

    good kid's board game -- age 4+, 2-4 players.

    The object of Dinosaur Escape is to get all three dinosaurs safely to Dinosaur Island before the volcano erupts! Work together to move the dinosaur movers around the board and uncover the matching dinosaurs under the fern tokens. On your turn, roll the die. If you roll a number, move any dinosaur mover the indicated number of spaces any direction on the path. Then turn over one fern token anywhere on the board. If you reveal rocks, bones or other items, flip the token back over. If you reveal a dinosaur, and the dinosaur mover of the same species is in the same habitat area, move the dinosaur moved and matching token to Dinosaur Island. You just helped a dinosaur escape! If you reveal a dinosaur but the dinosaur mover of the same species is not in the same habitat as the token, flip the token back over. Dinosaur movers and matching tokens must be in the same habitat to help a dinosaur escape! If you turn over the T-Rex, RUN! Move each of the dinosaur movers in play back to a start space. If you roll a volcano, place volcano piece number 1 in the stand on the board. If you can find and help all three lost dinosaurs escape to Dinosaur Island before completing the 3D volcano puzzle, you all win!

    (tags: boardgames reviews kids children co-op games gaming)

  • Fides Raising Gamers (age 2 - 5) | BoardGameGeek

    some good boardgame reviews

    (tags: games gaming boardgames kids children reviews)

  • [1606.08813] European Union regulations on algorithmic decision-making and a "right to explanation"

    We summarize the potential impact that the European Union's new General Data Protection Regulation will have on the routine use of machine learning algorithms. Slated to take effect as law across the EU in 2018, it will restrict automated individual decision-making (that is, algorithms that make decisions based on user-level predictors) which "significantly affect" users. The law will also effectively create a "right to explanation," whereby a user can ask for an explanation of an algorithmic decision that was made about them. We argue that while this law will pose large challenges for industry, it highlights opportunities for computer scientists to take the lead in designing algorithms and evaluation frameworks which avoid discrimination and enable explanation.
    oh this'll be tricky.

    (tags: algorithms accountability eu gdpr ml machine-learning via:daveb europe data-protection right-to-explanation)

Links for 2017-03-12

Published March 12, 2017

  • Tim Berners-Lee calls for tighter regulation of online political advertising | Technology | The Guardian

    “Targeted advertising allows a campaign to say completely different, possibly conflicting things to different groups. Is that democratic?” Berners-Lee said.

    (tags: politics trump law elections polling advertising facebook micro-advertising)

  • ctop

    Top for containers (ie Docker)

    (tags: docker containers top ops go monitoring cpu)

  • Communications data errors: UK police incriminating the wrong people due to data retention system screwups

    It seems there have been 34 with serious consequences since 2008. Causes include:

    - Omission of an underscore when transcribing an e-mail address led to the wrong subscriber information being provided and a search warrant being executed at the premises of an individual unconnected with the investigation. - A CSP's data warehouse system change affected how GMT and British Summer Time were treated. This was not communicated to staff using the data retention disclosure system. This led to a one hour error in subscriber information disclosed in relation to IP address usage. Of 98 potential disclosure errors identified, 94 were in fact incorrect and four returned the same results when re-run. Of the 94 incorrect disclosures, in three cases a search warrant was executed at premises relating to individuals unconnected with the investigation (and one individual was arrested). - Due to a technical fault causing a time zone conversion to be out by seven hours, a CSP voluntarily disclosed an incorrect IP address to a public authority.  That led to a search warrant being executed at premises relating to individuals unconnected with the investigation.
    In other words, timezones largely screw up everything, yet again.

    (tags: timezones uk law data-retention errors bst)

Links for 2017-03-09

Published March 9, 2017

  • Colm O'Gorman, on societal responsibility for Mother & Baby Homes, Magdalene Laundries & various other church atrocities in Ireland

    Excellent twitter thread on the topic. Pasted:

    It is often said that everyone knew what was happening in such places, or about the rape of children by priests. That is not true. It is true that deep veins of knowledge existed across Irish society, at all levels, but not everyone knew. Or were allowed to know. Just like is always the case, the terrible things that were done were possible only because they were tolerated. They went unchecked. They were tolerated by those in positions of authority who either dared not, or did not wish to, challenge the power strictures that existed They were tolerated by those without power or position because they feared what speaking up might do to them and to their families That was an Ireland where challenging such vile abuse by power would see you become its victim. It was brutal and vicious. If you did not, or could not, conform to the demands of the powerful, you were in real danger. At best, ostracisation and excommunication. But many experience far worse than that. They found themselves in the very places we now acknowledge as hell holes. Locked up in institutions I always remember the late, great Mary Rafferty exposing the scale of such abusive institutionalisation. She pointed out that at one point in our relatively recent history, we led the world in one regard. Per capita, we locked up more people in psychiatric institutions than any other country on the planet. Only the Soviet Union came a distant second to us. That was how Ireland treated dissent or difference That what was happened to many who could not conform to a brutal demand to be somehow 'acceptable' to dogma & unaccountable power And it wasn't some ancient Ireland either. The last laundry closed in 1996. In 2002, when fighting for inquiries into child rape by priests and it's cover up by bishops, cardinals and popes, those same princes declared themselves above the rule of the law of this Republic insisting that the law of their church was superior to the law of this state. And their position was taken seriously by many. It took months of dogged battle by me and others to get past that bullshit. For our political and legal system to assert itself. The Ireland where the lives of women & children were controlled & brutalised by people who felt they had a God given right to do so is not some other country that existed back in some other time. It is this Ireland. We have changed a lot - but it is still this Ireland. The difference now is that we ALL know. That the truth is out, and that more is being revealed. And yes, undoubtedly there is more to come. So it is NOT true all past members of society, or even anything close to a majority, colluded with such abuses. That is a falsehood. It is also a falsehood to suggest that the church did what the state would not do, and provided as best it could. That is a lie. The Catholic Church captured control of what should have been arms of the state. Health, education and social care. And it exploited them. It used them to drive its own agendas, to enforce its own dogma. And at every turn it resisted any 'intrusion' into those realms by others. including the state. Look at the Mother & Child Scheme for eg, or the response to the first multi-denominational schools, and much more. Catholic orders defended themselves against accusations of appalling abuse of children in their institutions by claiming that the state did not give them enough money to feed, clothe and properly care for the children they detained in those places. This was a lie. in the same institutions where children went starving, clergy were well fed and housed. They went for nothing. Funded by the state and the forced labour of the children or women they detained. The Ryan Report debunked that lie in its entirety. Ryan found that religious orders maintained "bloated congregations" by bringing in more and more children, and therefore more and more money And now we know. Now the threat of brutal reprisal is lifted. Now is the time for truth, to own what has been done to so many vulnerable people in our Republic. To learn from it and ensure we identify how that same corrupting tendency manifests today. Because it does of course It may not be quite as vicious, but it prevails.Look at how power still treats a reasonable demand for accountability: Maurice McCabe for eg Look at how our education and health systems still allow religious dogma to exert extraordinary power over people's lives. We are a different Ireland, but are we different enough?

    (tags: mother-and-baby-homes tuam ireland catholic-church abuse colm-o-gorman twitter history priests)

  • Chatbot that overturned 160,000 parking fines now helping refugees claim asylum | Technology | The Guardian

    The original DoNotPay, created by Stanford student Joshua Browder, describes itself as “the world’s first robot lawyer”, giving free legal aid to users through a simple-to-use chat interface. The chatbot, using Facebook Messenger, can now help refugees fill in an immigration application in the US and Canada. For those in the UK, it helps them apply for asylum support.

    (tags: government technology automation bots asylum forms facebook)

Links for 2017-03-07

Published March 7, 2017

Links for 2017-03-06

Published March 6, 2017

  • A Programmer’s Introduction to Unicode – Nathan Reed’s coding blog

    Fascinating Unicode details -- a lot of which were new to me. Love the heat map of usage in Wikipedia:

    One more interesting way to visualize the codespace is to look at the distribution of usage—in other words, how often each code point is actually used in real-world texts. Below is a heat map of planes 0–2 based on a large sample of text from Wikipedia and Twitter (all languages). Frequency increases from black (never seen) through red and yellow to white. You can see that the vast majority of this text sample lies in the BMP, with only scattered usage of code points from planes 1–2. The biggest exception is emoji, which show up here as the several bright squares in the bottom row of plane 1.

    (tags: unicode coding character-sets wikipedia bmp emoji twitter languages characters heat-maps dataviz)

  • Martin Fowler's First Law of Distributed Object Design: Don’t

    lol. I hadn't seen this one, but it's a good beatdown on distributed objects from back in 2003

    (tags: distributed-objects dcom corba history martin-fowler laws rules architecture 2003)

  • Spammergate: The Fall of an Empire

    Featuring this interesting reactive-block evasion tactic:

    In that screenshot, a RCM co-conspirator describes a technique in which the spammer seeks to open as many connections as possible between themselves and a Gmail server. This is done by purposefully configuring your own machine to send response packets extremely slowly, and in a fragmented manner, while constantly requesting more connections. Then, when the Gmail server is almost ready to give up and drop all connections, the spammer suddenly sends as many emails as possible through the pile of connection tunnels. The receiving side is then overwhelmed with data and will quickly block the sender, but not before processing a large load of emails.
    (via Tony Finch)

    (tags: via:fanf spam antispam gmail blocklists packets tcp networking)

Links for 2017-03-05

Published March 5, 2017

  • The Occasional Chaos of AWS Lambda Runtime Performance

    If our code has modest resource requirements, and can tolerate large changes in performance, then it makes sense to start with the least amount of memory necessary. On the other hand, if consistency is important, the best way to achieve that is by cranking the memory setting all the way up to 1536MB. It’s also worth noting here that CPU-bound Lambdas may be cheaper to run over time with a higher memory setting, as Jim Conning describes in his article, “AWS Lambda: Faster is Cheaper”. In our tests, we haven’t seen conclusive evidence of that behavior, but much more data is required to draw any strong conclusions. The other lesson learned is that Lambda benchmarks should be gathered over the course of days, not hours or minutes, in order to provide actionable information. Otherwise, it’s possible to see very impressive performance from a Lambda that might later dramatically change for the worse, and any decisions made based on that information will be rendered useless.

    (tags: aws lambda amazon performance architecture ops benchmarks)

  • Google’s featured snippets are worse than fake news

    omg the Obama coup one is INSANE

    (tags: google news lies fake-news obama facts)

  • The State already knew about Tuam. Nothing ever changes in Ireland

    Forensic archaeologists are combing through the soil in Tuam. Perhaps justice might be better served if forensic accountants were combing through the accounts of the Bon Secours Sisters. They sold healthy babies and let the rest to die.

    (tags: nuns bon-secours history ireland tuam-babies tuam horror)

Links for 2017-03-03

Published March 3, 2017

Links for 2017-03-02

Published March 2, 2017

  • "I caused an outage" thread on twitter

    Anil Dash: "What was the first time you took the website down or broke the build? I’m thinking of all the inadvertent downtime that comes with shipping." Sample response: 'Pushed a fatal error in lib/display.php to all of FB’s production servers one Friday night in late 2005. Site loaded blank pages for 20min.'

    (tags: outages reliability twitter downtime fail ops post-mortem)

  • Facebook, patient zero in fake news epidemic, proudly advertises ability to sway elections

    The online social network is highlighting the Toomey campaign's ability to make ads that performed exceptionally well on Facebook even as it downplays the ability of the site to influence elections. In the days following the President Donald Trump's election, Facebook CEO Mark Zuckerberg responded to the potential influence of fake news on the election as "a pretty crazy idea." Taking Facebook at its word means holding two contradictory beliefs at once: that the site can sway an election on behalf of paying customers, but doesn't exert influence when it comes to the spread of misinformation by independent profiteers.

    (tags: facebook fake-news elections news pat-toomey republicans advertising)

  • S3 2017-02-28 outage post-mortem

    The Amazon Simple Storage Service (S3) team was debugging an issue causing the S3 billing system to progress more slowly than expected. At 9:37AM PST, an authorized S3 team member using an established playbook executed a command which was intended to remove a small number of servers for one of the S3 subsystems that is used by the S3 billing process. Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended. The servers that were inadvertently removed supported two other S3 subsystems.  One of these subsystems, the index subsystem, manages the metadata and location information of all S3 objects in the region. This subsystem is necessary to serve all GET, LIST, PUT, and DELETE requests. The second subsystem, the placement subsystem, manages allocation of new storage and requires the index subsystem to be functioning properly to correctly operate. The placement subsystem is used during PUT requests to allocate storage for new objects. Removing a significant portion of the capacity caused each of these systems to require a full restart. While these subsystems were being restarted, S3 was unable to service requests. Other AWS services in the US-EAST-1 Region that rely on S3 for storage, including the S3 console, Amazon Elastic Compute Cloud (EC2) new instance launches, Amazon Elastic Block Store (EBS) volumes (when data was needed from a S3 snapshot), and AWS Lambda were also impacted while the S3 APIs were unavailable.  

    (tags: s3 postmortem aws post-mortem outages cms ops)

  • Phoenician Sun God in Eighteenth-Century Ireland? - Beachcombing's Bizarre History Blog

    It is the most extraordinary inscription. This mill-stone rock, which once stood on the top of Tory Hill in County Kilkenny in Ireland, has been taken as proof of Carthaginian contact and settlement or at least trade with Ireland in antiquity. The words clearly read (give or take some distorted letters) Beli Dinose, a reference to the Carthaginian god Bel or Baal Dionysus. Extraordinary to think that Phoenicians, in the early centuries B.C. brought their nasty child-killing faith to the green hills of Ireland. Only of course they didn’t… At least not on this evidence. The stone celebrating ‘the lordly one’ actually has a rather different origin.
    excellent tale.

    (tags: phoenicia dionysus baal history tory-hill kilkenny carthage gods typos fail archaeology graffiti)

Links for 2017-02-28

Published February 28, 2017

  • Gravitational Teleport

    Teleport enables teams to easily adopt the best SSH practices like: Integrated SSH credentials with your organization Google Apps identities or other OAuth identity providers. No need to distribute keys: Teleport uses certificate-based access with automatic expiration time. Enforcement of 2nd factor authentication. Cluster introspection: every Teleport node becomes a part of a cluster and is visible on the Web UI. Record and replay SSH sessions for knowledge sharing and auditing purposes. Collaboratively troubleshoot issues through session sharing. Connect to clusters located behind firewalls without direct Internet access via SSH bastions.

    (tags: ssh teleport ops bastions security auditing oauth 2fa)

  • Manage DynamoDB Items Using Time to Live (TTL)

    good call.

    Many DynamoDB users store data that has a limited useful life or is accessed less frequently over time. Some of them track recent logins, trial subscriptions, or application metrics. Others store data that is subject to regulatory or contractual limitations on how long it can be stored. Until now, these customers implemented their own time-based data management. At scale, this sometimes meant that they ran a couple of Amazon Elastic Compute Cloud (EC2) instances that did nothing more than scan DynamoDB items, check date attributes, and issue delete requests for items that were no longer needed. This added cost and complexity to their application. In order to streamline this popular and important use case, we are launching a new Time to Live (TTL) feature today. You can enable this feature on a table-by-table basis, specifying an item attribute that contains the expiration time for the item.

    (tags: dynamodb ttl storage aws architecture expiry)

  • Zeynep Tufekci: "Youtube is a crucial part of the misinfomation ecology"

    This is so spot on. I hope Google address this issue --

    YouTube is crucial part of the misinformation ecology. Not just a demand issue: its recommender algo is a "go down the rabbit hole" machine. You watch a Trump rally: you get suggested white supremacist videos, sometimes, auto-playing. Like a gateway drug theory of engagement. I've seen this work across the political spectrum. YouTube algo has discovered out-flanking and "red-pilling" is.. engaging. So it does.
    This thread was in response to this Buzzfeed article on the same topic: https://www.buzzfeed.com/josephbernstein/youtube-has-become-the-content-engine-of-the-internets-dark

    (tags: youtube nazis alt-right lies politics google misinformation recommendations ai red-pill)

  • The power of role models

    At dinner I asked some of the women to speak to me about this, how astronomy became so (relatively) egalitarian. And one topic became clear: role models. Astronomy has a long history of women active in the field, going all the way back to Caroline Herschel in the early 19th century. Women have made huge contributions to the field. Dava Sobel just wrote a book about the women who laid the foundations for the discovery of the expansion of the universe. Just a couple of weeks ago, papers ran obituaries of Vera Rubin, the remarkable observational astronomer who discovered the evidence for dark matter. I could mention Jocelyn Bell, whose discovery of pulsars got her advisor a Nobel (sic). The most famous astronomer I met growing up was Helen Hogg, the (adopted) Canadian astronomer at David Dunlap Observatory outside Toronto, who also did a fair bit of what we now call outreach. The women at the meeting spoke of this, a history of women contributing, of role models to look up to, of proof that women can make major contributions to the field. What can computing learn from this? It seems we're doing it wrong. The best way to improve the representation of women in the field is not to recruit them, important though that is, but to promote them. To create role models. To push them into positions of influence.

    (tags: software women feminism role-models gender-balance egalitarianism astronomy computing rob-pike)

  • When DNNs go wrong – adversarial examples and what we can learn from them

    Excellent paper.

    [The] results suggest that classifiers based on modern machine learning techniques, even those that obtain excellent performance on the test set, are not learning the true underlying concepts that determine the correct output label. Instead, these algorithms have built a Potemkin village that works well on naturally occuring data, but is exposed as a fake when one visits points in space that do not have high probability in the data distribution.

    (tags: ai deep-learning dnns neural-networks adversarial-classification classification classifiers machine-learning papers)

Links for 2017-02-27

Published February 27, 2017

Links for 2017-02-24

Published February 24, 2017

  • Cloudflare Reverse Proxies are Dumping Uninitialized Memory

    This is a massive bug. C considered harmful! See also jgc's blog post: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

    (tags: internet security cloudflare caching coding buffer-overflows c data-leak leaks)

  • In 1914, Feminists Fought For the Right to Forget Childbirth | Atlas Obscura

    Wow, this is creepy.

    Tracy and Leupp described twilight sleep as “a very fine balance in the states of consciousness,” which required “special knowledge of the use of drugs that cause it.” Once a woman had gone into labor, she was given a combination of morphine to dull the pain and scopolamine to dull her memory of the experience. (Today, scopolamine is sometimes called the “zombie drug” because its users become susceptible to suggestion but retain no memory of their actions.) These drugs had been used in the past as anesthetics, but few doctors had adopted them with enthusiasm. But the German clinic, the McClure’s article reported, had reached a technical breakthrough with scopolamine, which allowed the doctors to administer it with more precision and therefore with more success. Women who they treated with these drugs would retain muscle control and would follow orders from doctors, but would remember none of it. There were some strange conditions that went along with the use of these drugs. Because the women’s state of suspension was precarious, women in twilight sleep were kept in padded, crib-like beds, with eye masks blocking out the light and cotton balls in their ears blocking out sound. Sometimes they were fitted into straight-jacket-like shirts that limited the movement of their arms. When the birth was over, women also often experienced a moment of dissociation, as Carmody did: Had they really had a baby? Was the baby they’d been handed really theirs?

    (tags: twilight-sleep childbirth history freiburg morphine scopolamine anaesthesia birth)

  • At the cost of security everywhere, Google dorking is still a thing | Ars Technica

    I'd never heard of this term!

    (tags: dorking google security searching web)

Links for 2017-02-23

Published February 23, 2017

  • Maniac Killers of the Bangalore IT Department

    On "techies" and their tenuous relationship with Indian society:

    Technology was supposed to deliver India from poverty, but in Bangalore it’s also deepened the division between rich and poor, young and old, modern and traditional. As the city has grown richer, it’s also become unruly and unfamiliar. If the tech worker is the star of the Indian economy, then the techie is his shadow— spoiled, untrustworthy, adulterous, depressed, and sometimes just plain senseless. (“TECHIE WITH EARPHONES RUN OVER BY TRAIN.”) In one occupational boogeyman, Bangaloreans can see their future and their fears. [....] “TECHIE’S WIFE MURDERED” read the headlines in both the Hindu and the Bangalore Mirror. “TECHIE STABS FRIEND’S WIFE TO DEATH” ran in the Deccan Herald. To read the Indian newspapers regularly is to believe the software engineer is the country’s most cursed figure. Almost every edition carries a gruesome story involving a techie accused of homicide, rape, burglary, blackmail, assault, injury, suicide, or another crime. When techies are the victims, it’s just as newsworthy. The Times of India, the country’s largest English-language paper, has carried “TECHIE DIES IN FREAK ACCIDENT” and “MAN HELD FOR PUSHING TECHIE FROM TRAIN”; in the Hindu, readers found “TEACHER CHOPS OFF FINGERS OF TECHIE HUSBAND” and “TECHIE DIED AFTER BEING FORCE-FED CYANIDE.” A long-standing journalistic adage says, “If it bleeds, it leads.” In India, if it codes, it explodes.

    (tags: crime tech india bangalore pune society techies work jobs)

  • Why Aren’t Baby Boomers Eating Pho? – Medium

    'Their decidedly un-hygge reluctance to partake in comforting, clear-brothed Vietnamese soups most likely stems from the generation’s reckless spending habits?—?many bought homes in their early 20’s. Some even claim they have owned upwards of seven cars over the course of their lifetimes. Unbelievably, many have never ridden a bicycle post-childhood.'

    (tags: boomers funny jokes pho soup news lifestyle age)

Links for 2017-02-20

Published February 20, 2017

  • 10 Most Common Reasons Kubernetes Deployments Fail

    some real-world failure cases and how to fix them

    (tags: kubernetes docker ops)

  • How-to Debug a Running Docker Container from a Separate Container

    arguably this shouldn't be required -- building containers without /bin/sh, strace, gdb etc. is just silly

    (tags: strace docker ops debugging containers)

  • 4chan: The Skeleton Key to the Rise of Trump

    This is the best article on chan culture and how it's taken over

    (tags: 4chan 8chan somethingawful boards history internet trump alt-right)

  • pachyderm

    'Containerized Data Analytics':

    There are two bold new ideas in Pachyderm: Containers as the core processing primitive Version Control for data These ideas lead directly to a system that's much more powerful, flexible and easy to use. To process data, you simply create a containerized program which reads and writes to the local filesystem. You can use any tools you want because it's all just going in a container! Pachyderm will take your container and inject data into it. We'll then automatically replicate your container, showing each copy a different chunk of data. With this technique, Pachyderm can scale any code you write to process up to petabytes of data (Example: distributed grep). Pachyderm also version controls all data using a commit-based distributed filesystem (PFS), similar to what git does with code. Version control for data has far reaching consequences in a distributed filesystem. You get the full history of your data, can track changes and diffs, collaborate with teammates, and if anything goes wrong you can revert the entire cluster with one click! Version control is also very synergistic with our containerized processing engine. Pachyderm understands how your data changes and thus, as new data is ingested, can run your workload on the diff of the data rather than the whole thing. This means that there's no difference between a batched job and a streaming job, the same code will work for both!

    (tags: analytics data containers golang pachyderm tools data-science docker version-control)

  • How Space Weather Can Influence Elections on Earth - Motherboard

    oh, god -- I'm not keen on this take: how's about designing systems that recognise the risks?

    "Everything was going fine, but then suddenly, there were an additional 4,000 votes cast. Because it was a local election, which are normally very small, people were surprised and asked, 'how did this happen?'" The culprit was not voter fraud or hacked machines. It was a single event upset (SEU), a term describing the fallout of an ionizing particle bouncing off a vulnerable node in the machine's register, causing it to flip a bit, and log the additional votes. The Sun may not have been the direct source of the particle—cosmic rays from outside the solar system are also in the mix—but solar-influenced space weather certainly contributes to these SEUs.

    (tags: bit-flips science elections voting-machines vvat belgium bugs risks cosmic-rays)

Links for 2017-02-14

Published February 14, 2017

  • Riot Games Seek Court Justice After Internet Provider Deliberately Causes In-Game Lag

    Pretty damning for Time-Warner Cable:

    When it seemed that the service provider couldn’t sink any lower, they opted to hold Riot to a ‘lag ransom’. Following Riot’s complaints regarding the inexplicable lag the player base were experiencing, TWC offered to magically solve the issue, a hardball tactic to which Riot finally admitted defeat in August of 2015. Before the deal was finalised, lag and data-packet loss for League of Legends players were far above the standards Riot was aiming for. Miraculously, after the two tech companies reached an unpleasant deal, the numbers improved.

    (tags: ftc fcc twc time-warner cable isps network-neutrality league-of-legends internet)

  • Instapaper Outage Cause & Recovery

    Hard to see this as anything other than a pretty awful documentation fail by the AWS RDS service:

    Without knowledge of the pre-April 2014 file size limit, it was difficult to foresee and prevent this issue. As far as we can tell, there’s no information in the RDS console in the form of monitoring, alerts or logging that would have let us know we were approaching the 2TB file size limit, or that we were subject to it in the first place. Even now, there’s nothing to indicate that our hosted database has a critical issue.

    (tags: limits aws rds databases mysql filesystems ops instapaper risks)

  • 'Software Engineering at Google'

    20 pages of Google's software dev practices, with emphasis on the build system (since it was written by the guy behind Blaze). Naturally, some don't make a whole lot of sense outside of Google, but still some good stuff here

    (tags: development engineering google papers software coding best-practices)

Links for 2017-02-10

Published February 10, 2017

  • Why Shopify Payments prohibit sexual content

    Interesting background info from a twitter thread:

    @jennschiffer Breitbart uses Shopify Payments, which is built on top of Stripe, which is sponsored by Wells Fargo merchant services AFAIK. WF has underwriting rules that prohibit sexual content. The main reasons aren't b/c WF or Stripe are interested in policing morals. Historically there's a higher rate of chargebacks from porn sites, which is why banks are generally anti-sexual content. Imagine someone's partner finds a charge for pornhub on their credit cars and calls them out on it. The person will deny and file a CB. Once porn sites started getting shut down by banks, they would change their names or submit applications claiming to be fetish sites, etc So underwriting dept's decided the risk is too high and generally defer to no with anything sexual. Most processors aren't inclined to challenge this position on moral grounds since there's strong precedent against it... ...and it could jeapordize their entire payments system if they get shut off. There are exceptions of course and there are other prohibited uses that are allowed to continue.

    (tags: twitter porn shopify sex chargebacks payment)

  • Comparing Amazon Elastic Container Service and Google Kubernetes – Medium

    nice intro to Kubernetes and container orchestration

    (tags: kubernetes containers docker ops)

  • Minor Infractions — Real Life

    When our son turned 12, we gave him a phone and allowed him to use social media, with a condition: He had no right to privacy. We would periodically and without warning read his texts and go through his messenger app. We would follow him on Facebook, Instagram and Twitter (though we wouldn’t comment or tag him — we’re not monsters). We wouldn’t ambush him about what we read and we wouldn’t attempt to embarrass him. Anything that wasn’t dangerous or illegal, we would ignore.
    Food for thought. But not yet!

    (tags: surveillance family kids privacy online social-media teenagers)

Links for 2017-02-09

Published February 9, 2017

Links for 2017-02-07

Published February 7, 2017

  • What Vizio was doing behind the TV screen | Federal Trade Commission

    This is awful:

    Starting in 2014, Vizio made TVs that automatically tracked what consumers were watching and transmitted that data back to its servers. Vizio even retrofitted older models by installing its tracking software remotely. All of this, the FTC and AG allege, was done without clearly telling consumers or getting their consent. What did Vizio know about what was going on in the privacy of consumers’ homes? On a second-by-second basis, Vizio collected a selection of pixels on the screen that it matched to a database of TV, movie, and commercial content. What’s more, Vizio identified viewing data from cable or broadband service providers, set-top boxes, streaming devices, DVD players, and over-the-air broadcasts. Add it all up and Vizio captured as many as 100 billion data points each day from millions of TVs. Vizio then turned that mountain of data into cash by selling consumers’ viewing histories to advertisers and others. And let’s be clear: We’re not talking about summary information about national viewing trends. According to the complaint, Vizio got personal. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership.  And Vizio permitted these companies to track and target its consumers across devices. That’s what Vizio was up to behind the screen, but what was the company telling consumers? Not much, according to the complaint. Vizio put its tracking functionality behind a setting called “Smart Interactivity.”  But the FTC and New Jersey AG say that the generic way the company described that feature – for example, “enables program offers and suggestions” – didn’t give consumers the necessary heads-up to know that Vizio was tracking their TV’s every flicker. (Oh, and the “Smart Interactivity” feature didn’t even provide the promised “program offers and suggestions.”)

    (tags: privacy ftc surveillance tv vizio ads advertising smart-tvs)

  • Inuit Cartography

    In Kalaallit Nunaat (Greenland), the Inuit people are known for carving portable maps out of driftwood to be used while navigating coastal waters. These pieces, which are small enough to be carried in a mitten, represent coastlines in a continuous line, up one side of the wood and down the other. The maps are compact, buoyant, and can be read in the dark.

    (tags: maps inuit history sailing navigation coastlines greenland)

Links for 2017-02-06

Published February 6, 2017

  • Trump and Staff Rethink Tactics After Stumbles - The New York Times

    This sounds more like a medieval court than a modern democracy. Also this incredible gem:

    Mr. Bannon remains the president’s dominant adviser, despite Mr. Trump’s anger that he was not fully briefed on details of the executive order he signed giving his chief strategist a seat on the National Security Council, a greater source of frustration to the president than the fallout from the travel ban.

    (tags: stephen-bannon trump us-politics nsc)

  • Beringei: A high-performance time series storage engine | Engineering Blog | Facebook Code

    Beringei is different from other in-memory systems, such as memcache, because it has been optimized for storing time series data used specifically for health and performance monitoring. We designed Beringei to have a very high write rate and a low read latency, while being as efficient as possible in using RAM to store the time series data. In the end, we created a system that can store all the performance and monitoring data generated at Facebook for the most recent 24 hours, allowing for extremely fast exploration and debugging of systems and services as we encounter issues in production. Data compression was necessary to help reduce storage overhead. We considered several existing compression schemes and rejected the techniques that applied only to integer data, used approximation techniques, or needed to operate on the entire dataset. Beringei uses a lossless streaming compression algorithm to compress points within a time series with no additional compression used across time series. Each data point is a pair of 64-bit values representing the timestamp and value of the counter at that time. Timestamps and values are compressed separately using information about previous values. Timestamp compression uses a delta-of-delta encoding, so regular time series use very little memory to store timestamps. From analyzing the data stored in our performance monitoring system, we discovered that the value in most time series does not change significantly when compared to its neighboring data points. Further, many data sources only store integers (despite the system supporting floating point values). Knowing this, we were able to tune previous academic work to be easier to compute by comparing the current value with the previous value using XOR, and storing the changed bits. Ultimately, this algorithm resulted in compressing the entire data set by at least 90 percent.

    (tags: beringei compression facebook monitoring tsd time-series storage architecture)

  • St. Petersburg team operated a PRNG hack against Vegas slots

    According to Willy Allison, a Las Vegas–based casino security consultant who has been tracking the Russian scam for years, the operatives use their phones to record about two dozen spins on a game they aim to cheat. They upload that footage to a technical staff in St. Petersburg, who analyze the video and calculate the machine’s pattern based on what they know about the model’s pseudorandom number generator. Finally, the St. Petersburg team transmits a list of timing markers to a custom app on the operative’s phone; those markers cause the handset to vibrate roughly 0.25 seconds before the operative should press the spin button. “The normal reaction time for a human is about a quarter of a second, which is why they do that,” says Allison, who is also the founder of the annual World Game Protection Conference. The timed spins are not always successful, but they result in far more payouts than a machine normally awards: Individual scammers typically win more than $10,000 per day. (Allison notes that those operatives try to keep their winnings on each machine to less than $1,000, to avoid arousing suspicion.) A four-person team working multiple casinos can earn upwards of $250,000 in a single week.

    (tags: prng hacking security exploits randomness gambling las-vegas casinos slot-machines)

Links for 2017-02-05

Published February 5, 2017

  • Data from pacemaker used to arrest man for arson, insurance fraud

    Compton has medical conditions which include an artificial heart linked to an external pump. According to court documents, a cardiologist said that "it is highly improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions." After US law enforcement caught wind of this peculiar element to the story, police were able to secure a search warrant and collect the pacemaker's electronic records to scrutinize his heart rate, the demand on the pacemaker and heart rhythms prior to and at the time of the incident.

    (tags: pacemakers health medicine privacy data arson insurance fraud heart)

Links for 2017-02-04

Published February 4, 2017

  • LandSafe.org: if you aren't safe, we'll make noise for you

    a Dead Man's Switch for border crossings; if you are detained and cannot make a "checkin", it'll make noise on your behalf so your friends and family know what's happened

    (tags: safety borders dead-mans-switch landsafe tools)

  • "what's the inside story on these young fascist nazis"

    Excellent explanatory twitter thread explaining where this movement came from (ie chan sites):

    "what's the inside story on these young fascist nazis" a lot of them ended up in shock humor/lonely dude forums that nazi recruiters joined. this isn't a fucking puzzle box, we have all the history right here. dudes ended up on various sites crossing nerdy hobbies & resentment. a buncha fucking nerds had their various dipshit teenage beefs, many starting with resentment of women, and got radicalized. "how did they end up nazis?" a bunch of real nazis whispered poison in their ears while becoming their only community, their only "friends". they also used multiple levels of irony to make bigotry and fascism more acceptable by drowning it in "oh we're just joking"

    (tags: nazis fascism 4chan 8chan extremism politics)

Links for 2017-02-03

Published February 3, 2017

Links for 2017-01-31

Published January 31, 2017

  • Supporting our Muslim sisters and brothers in tech - Inside Intercom

    This is simply amazing:

    Intercom is a dual-citizen company of a sort. We’ve had two offices from day zero. I moved to San Francisco from Ireland in 2011 and now hold a green card and live here. I set up our headquarters here, which contains all of our business functions. My cofounders set up our Dublin office, where our research and development teams are based. And we have over 150 people in each office now. We’d like to use this special position we’re in to try help anyone in our industry feeling unsafe and hurt right now. If you’re in tech, and you’re from one of the newly unfavored countries, or even if you’re not, but you’re feeling persecuted for being Muslim, we’d like to help you consider Dublin as a place to live and work. [....] – If you decide you want to look into moving seriously, we’ll retain our Dublin immigration attorneys for you, and pay your legal bills with them, up to €5k. We’ll do this for as many as we can afford. We should be able to do this for at least 50 people.

    (tags: intercom muslim us-politics immigration dublin ireland)

Links for 2017-01-30

Published January 30, 2017

Links for 2017-01-27

Published January 27, 2017

Links for 2017-01-24

Published January 24, 2017

  • Sankey diagram - Wikipedia

    'a specific type of flow diagram, in which the width of the arrows is shown proportionally to the flow quantity. Sankey diagrams put a visual emphasis on the major transfers or flows within a system. They are helpful in locating dominant contributions to an overall flow. Often, Sankey diagrams show conserved quantities within defined system boundaries. [....] One of the most famous Sankey diagrams is Charles Minard's Map of Napoleon's Russian Campaign of 1812. It is a flow map, overlaying a Sankey diagram onto a geographical map.'

    (tags: sankey diagrams dataviz data viz)

  • Toyota's Gill Pratt: "No one is close to achieving true level 5 [self-driving cars]"

    The most important thing to understand is that not all miles are the same. Most miles that we drive are very easy, and we can drive them while daydreaming or thinking about something else or having a conversation. But some miles are really, really hard, and so it’s those difficult miles that we should be looking at: How often do those show up, and can you ensure on a given route that the car will actually be able to handle the whole route without any problem at all? Level 5 autonomy says all miles will be handled by the car in an autonomous mode without any need for human intervention at all, ever. So if we’re talking to a company that says, “We can do full autonomy in this pre-mapped area and we’ve mapped almost every area,” that’s not Level 5. That’s Level 4. And I wouldn’t even stop there: I would ask, “Is that at all times of the day, is it in all weather, is it in all traffic?” And then what you’ll usually find is a little bit of hedging on that too. The trouble with this Level 4 thing, or the “full autonomy” phrase, is that it covers a very wide spectrum of possible competencies. It covers “my car can run fully autonomously in a dedicated lane that has no other traffic,” which isn’t very different from a train on a set of rails, to “I can drive in Rome in the middle of the worst traffic they ever have there, while it’s raining," which is quite hard. Because the “full autonomy” phrase can mean such a wide range of things, you really have to ask the question, “What do you really mean, what are the actual circumstances?” And usually you’ll find that it’s geofenced for area, it may be restricted by how much traffic it can handle, for the weather, the time of day, things like that. So that’s the elaboration of why we’re not even close.

    (tags: autonomy driving self-driving cars ai robots toyota weather)

Links for 2017-01-18

Published January 18, 2017

  • NetGuard

    Excellent network monitor app for Android, comes recommended by @redacted in the ITC Slack. Inserts itself as a VPN to capture traffic, and looks like it should work well. Supports ad blocking using a hosts file.

    (tags: android ad-blocking ads netguard apps)

Links for 2017-01-17

Published January 17, 2017

Links for 2017-01-12

Published January 12, 2017

  • Facebook is censoring posts in Thailand that the government has deemed unsuitable | TechCrunch

    Dictator-friendly censorship tools? no probs!

    (tags: facebook censorship royalty thailand politics)

  • Who killed the curry house? | Bee Wilson | Life and style | The Guardian

    This is fascinating, re "authenticity" of food:

    The objection that curry house food was inauthentic was true, but also unfair. It’s worth asking what “authenticity” really means in this context, given that people in India – like humans everywhere – do not themselves eat a perfectly “authentic” diet. When I asked dozens of people, while on a recent visit to India, about their favourite comfort food, most of them – whether from Delhi, Bangalore or Mumbai – told me that what they really loved to eat, especially when drinking beer, was something called Indian-Chinese food. It is nothing a Chinese person would recognise, consisting of gloopy dishes of meat and noodles, thick with cornflour and soy sauce, but spiced with green chillis and vinegar to please the national palate. Indian-Chinese food – just like British curry house food – offers a salty night away from the usual home cooking. The difference is that Indian people accept Indian-Chinese food for the ersatz joy that it is, whereas many British curry house customers seem to have believed that recipe for their Bombay potatoes really did come from Bombay, and felt affronted to discover that it did not.

    (tags: curry indian-food food chinese-food indian-chinese-food authenticity)

  • Banks biased against black fraud victims

    We raised the issue of discrimination in 2011 with one of the banks and with the Commission for Racial Equality, but as no-one was keeping records, nothing could be proved, until today. How can this discrimination happen? Well, UK rules give banks a lot of discretion to decide whether to refund a victim, and the first responders often don’t know the full story. If your HSBC card was compromised by a skimmer on a Tesco ATM, there’s no guarantee that Tesco will have told anyone (unlike in America, where the law forces Tesco to tell you). And the fraud pattern might be something entirely new. So bank staff end up making judgement calls like “Is this customer telling the truth?” and “How much is their business worth to us?” This in turn sets the stage for biases and prejudices to kick in, however subconsciously. Add management pressure to cut costs, sometimes even bonuses for cutting them, and here we are.

    (tags: discrimination racism fraud uk banking skimming security fca)

Links for 2017-01-11

Published January 11, 2017

  • How a Machine Learns Prejudice - Scientific American

    Agreed, this is a big issue.

    If artificial intelligence takes over our lives, it probably won’t involve humans battling an army of robots that relentlessly apply Spock-like logic as they physically enslave us. Instead, the machine-learning algorithms that already let AI programs recommend a movie you’d like or recognize your friend’s face in a photo will likely be the same ones that one day deny you a loan, lead the police to your neighborhood or tell your doctor you need to go on a diet. And since humans create these algorithms, they're just as prone to biases that could lead to bad decisions—and worse outcomes. These biases create some immediate concerns about our increasing reliance on artificially intelligent technology, as any AI system designed by humans to be absolutely "neutral" could still reinforce humans’ prejudicial thinking instead of seeing through it.

    (tags: prejudice bias machine-learning ml data training race racism google facebook)

  • Falsehoods Programmers Believe About CSVs

    Much of my professional work for the last 10+ years has revolved around handing, importing and exporting CSV files. CSV files are frustratingly misunderstood, abused, and most of all underspecified. While RFC4180 exists, it is far from definitive and goes largely ignored. Partially as a companion piece to my recent post about how CSV is an encoding nightmare, and partially an expression of frustration, I've decided to make a list of falsehoods programmers believe about CSVs. I recommend my previous post for a more in-depth coverage on the pains of CSVs encodings and how the default tooling (Excel) will ruin your day.
    (via Tony Finch)

    (tags: via:fanf csv excel programming coding apis data encoding transfer falsehoods fail rfc4180)

Links for 2017-01-10

Published January 10, 2017

Links for 2017-01-09

Published January 9, 2017

Links for 2017-01-08

Published January 8, 2017

  • PagerDuty Incident Response Documentation

    This documentation covers parts of the PagerDuty Incident Response process. It is a cut-down version of our internal documentation, used at PagerDuty for any major incidents, and to prepare new employees for on-call responsibilities. It provides information not only on preparing for an incident, but also what to do during and after. It is intended to be used by on-call practitioners and those involved in an operational incident response process (or those wishing to enact a formal incident response process).
    This is a really good set of processes -- quite similar to what we used in Amazon for high-severity outage response.

    (tags: ops process outages pagerduty incident-response incidents on-call)

  • The Irish Ether Drinking Craze

    Dr. Kelly, desperate to become intoxicated while maintaining The Pledge, realized that not only could ether vapors be inhaled, but liquid ether could be swallowed. Around 1845 he began consuming tiny glasses of ether, and then started dispensing these to his patients and friends as a nonalcoholic libation. It wasn't long before it became a popular beverage, with one priest going so far as to declare that ether was "a liquor on which a man could get drunk with a clean conscience." In some respects ingesting ether is less damaging to the system than severe alcohol intoxication. Its volatility - ether is a liquid at room temperature but a gas at body temperature -dramatically speeds its effects. Dr. Ernest Hart wrote that "the immediate effects of drinking ether are similar to those produced by alcohol, but everything takes place more rapidly; the stages of excitement, mental confusion, loss of muscular control, and loss of consciousness follow each other so quickly that they cannot be clearly separated." Recovery is similarly rapid. Not only were ether drunks who were picked up by the police on the street often completely sober by the time they reached the station, but they suffered no hangovers. Ether drinking spread rapidly throughout Ireland, particularly in the North, and the substance soon could be purchased from grocers, druggists, publicans, and even traveling salesmen. Because ether was produced in bulk for certain industrial uses, it could also be obtained quite inexpensively. Its low price and rapid action meant than even the poorest could afford to get drunk several times a day on it. By the 1880s ether, distilled in England or Scotland, was being imported and widely distributed to even the smallest villages. Many Irish market towns would "reek of the mawkish fumes of the drug" on fair days when "its odor seems to cling to the very hedges and houses for some time."

    (tags: ether history ireland northern-ireland ulster drugs bizarre)

Links for 2017-01-07

Published January 7, 2017

  • Hacking the Attention Economy

    Can't help feeling danah boyd is hitting the nail on the head here:

    The Internet has long been used for gaslighting, and trolls have long targeted adversaries. What has shifted recently is the scale of the operation, the coordination of the attacks, and the strategic agenda of some of the players. For many who are learning these techniques, it’s no longer simply about fun, nor is it even about the lulz. It has now become about acquiring power. A new form of information manipulation is unfolding in front of our eyes. It is political. It is global. And it is populist in nature. The news media is being played like a fiddle, while decentralized networks of people are leveraging the ever-evolving networked tools around them to hack the attention economy.

    (tags: danah-boyd news facebook social-media gaslighting trolls 4chan lulz gamergate fake-news)

  • World's top 100 cocktails of 2016

    per Difford's Guide -- Amaretto Sour, Margarita, Bramble, Espresso Martini, Old-Fashioned, Negroni, White Lady and Manhattan up there.

    (tags: cocktails diffords 2016 review booze drinks)

Links for 2017-01-04

Published January 4, 2017

  • Raising the Roof: Comments on the recent Newgrange ‘roof-box’ controversy

    Instead of discussing recent site visits or photographs we’ll be looking at a recent controversy sparked by comments about the reconstruction of Newgrange and, in particular, three claims made in the media by an Irish archaeologist; 1. That the “roof-box” at Newgrange may not be an original feature, instead it was “fabricated” and has “not a shred of authenticity” 2. That two vitally important structural stones, both decorated with megalithic art, from Newgrange were lost after the excavation and 3. That the photographic evidence that backs up the existing restoration is either inaccessible or never existed at all. I hope to show why we can be sure none of these claims are sustainable and that in fact the winter solstice phenomenon at Newgrange is an original and central feature of the tomb.

    (tags: history newgrange archaeology solstice ireland megalithic)

  • Leap Smear  |  Public NTP  |  Google Developers

    Google offers public NTP service with leap smearing -- I didn't realise! (thanks Keith)

    (tags: google clocks time ntp leap-smearing leap-second ops)

Links for 2017-01-03

Published January 3, 2017