Holloways: Roads Tunneled into the Earth by Time
Appearing like trenches dragged into the earth, sunken lanes, also called hollow-ways or holloways, are centuries-old thoroughfares worn down by the traffic of time. They're one of the few examples of human-made infrastructure still serving its original purpose, although many who walk through holloways don't realize they're retracing ancient steps.
(tags: cool hiking geography roads paths holloways psychogeography lanes)
Terrorism and internet blocking – is this the most ridiculous amendment ever? - EDRi
So, there you have it: Blocking is necessary, except it is not. Safeguards need to be implemented, except they don’t need to be. This approach is legal, except it isn’t. The text is based on the Child Exploitation Directive, except it isn’t. Is this really how we are going to create credible legislation on terrorism?
E-Voting in Estonia needs to be discontinued
After studying other e-voting systems around the world, the team was particularly alarmed by the Estonian I-voting system. It has serious design weaknesses that are exacerbated by weak operational management. It has been built on assumptions which are outdated and do not reflect the contemporary reality of state-level attacks and sophisticated cybercrime. These problems stem from fundamental architectural problems that cannot be resolved with quick fixes or interim steps. While we believe e-government has many promising uses, the Estonian I-voting system carries grave risks — elections could be stolen, disrupted, or cast into disrepute. In light of these problems, our urgent recommendation is that to maintain the integrity of the Estonian electoral process, use of the Estonian I-voting system should be immediately discontinued.
(tags: internet technology e-voting voting security via:mattblaze estonia i-voting russia cybercrime)
Category: Uncategorized
Squeezing blood from a stone: small-memory JVM techniques for microservice sidecars
Reducing service memory usage from 500MB to 105MB:
We found two specific techniques to be the most beneficial: turning off one of the two JIT compilers enabled by default (the “C2” compiler), and using a 32-bit, rather than a 64-bit, JVM.
The Irish Internet in the 1980s
from Dr Mark Humphrys in DCU:
A collection of bits and pieces of Internet history. Focusing somewhat (but not exclusively) on: (a) the 1980s, when I first started using the Internet, and: (b) Ireland.
(tags: mark-humphrys dcu history tcd bitnet ireland internet web www 1980s)
-
I need to get in touch about the early days of the Irish web!
an online home for stories from Ireland – stories about the country’s long and convoluted relationship with information technology. It aims to gather information on the most significant aspects of this relationship, to compile archives on the selected themes, and to store the assembled records for the benefit of future generations.
The History of the Irish Internet
This site is a companion effort to the techarchives website, except it is less well-researched, and is primarily a personal view of the development of the Internet in Ireland by your humble author, Niall Murphy.
(tags: niallm internet ireland history networking heanet ieunet)
What's Actually Wrong with Yahoo's Purchase of Summly
An old post about Y!'s acquisition of Summly, an iPhone app which uses NLP to summarise news stories. This is an excellent point about modern tech startups:
[Summly] licensed the core engine from another company. They are the quintessential bolt-on engineers, taking a Japanese bike engine, slapping together a badly constructed frame aligned solely by eyeballs, and laying down a marketing blitz. That's why the story sells. "You, too, can do it." But do you want to? [...] it's critical to keep tabs on the ratio known as "glue versus thought." Sure, both imply progress and both are necessary. But the former is eminently mundane, replaceable, and outsource-able. The latter is typically what gives a company its edge, what is generally regarded as a competitive advantage. So, what is Yahoo signaling to the world? "We value glue more than thought."
(tags: glue thought glue-vs-thought summly yahoo acquisitions licensing tech startups outsourcing open-source)
What the Irish Ate Before Potatoes - Bon Appétit
on the history of Irish cuisine -- mostly milk and butter, and notably "bog butter":
And the Irish didn’t like their butter just one way: from the 12th century on, there are records of butter flavored with onion and garlic, and local traditions of burying butter in bogs. Originally, it’s thought that bog butter began as a good storage system, but after a time, buried bog butter came to be valued for its uniquely boggy flavor.
(tags: bog-butter bogs ireland food eating milk curds whey banbidh dairy)
The tyranny of the algorithm yet again...
Paypal will no longer handle payments if the user's address includes the word "Isis":
That these place names exist won't be a surprise to anyone familiar with English limnology - the study of rivers and inland waters. As Wikipedia helpfully tells us, "The Isis is the name given to the part of the River Thames above Iffley Lock which flows through the university city of Oxford". In at least one local primary school I'm familiar with, the classes are called Windrush, Cherwell, Isis and Thames. [...] Now PayPal has decided that they are not prepared to facilitate payments for goods to be delivered to an address which includes the word "Isis". An Isis street resident ran into some unexpected difficulties when attempting to purchase a small quantity of haberdashery on the internet with the aid of a PayPal account. The transaction would not process. In puzzlement she eventually got irritated enough to brave the 24/7 customer support telephone tag labyrinth. The short version of the response from the eventual real person she managed to get through to was that PayPal have blacklisted addresses which include the name "Isis". They will not process payments for goods to be delivered to an Isis related address, whatever state of privileged respectability the residents of such properties may have earned or inherited in their lifetimes to this point.
One has to wonder if this also brings the risk of adding the user to a secret list, somewhere. Trial by algorithm.(tags: isis algorithms automation fail law-enforcement paypal uk rivers)
Can the United Kingdom government legally disregard a vote for Brexit?
Oh thank god, there's a "get out of jail" card before they destroy the global economy to appease the eurosceptics.
On the day after a vote for Brexit, the UK will still be a member state of the EU. All the legislation which gives effect to EU law will still be in place. Nothing as a matter of law changes in any way just because of a vote to Leave. What will make all the legal difference is not a decision to leave by UK voters in a non-binding advisory vote, but the decision of the prime minister on how to react before making any Article 50 notification. And what the prime minister will do politically after a referendum vote for Brexit is, at the moment, as unknown as the result of the result of the referendum itself.
(tags: brexit law uk government referenda eurosceptics eu)
-
comparison-shopping site for Irish car insurance. recommended by some random Broadsheet commenter, worth a try next time this comes up
(tags: comparison shopping ireland car-insurance insurance)
-
Apple have announced they plan to use it; Google use a DP algorithm called RAPPOR in Chrome usage statistics. In summary: "novel privacy technology that allows inferring statistics about populations while preserving the privacy of individual users".
(tags: apple privacy anonymization google rappor algorithms sampling populations statistics differential-privacy)
-
The Department of Education has issued a new circular accepting it cannot defund the education of children whose parents do not want their kid’s data to be in POD [the privacy-infringing database of all Irish primary-school children]. They’ll only accept a written request as the basis of that refusal, however. So, here’s one you can use that meets the requirements. Send or give it to your school.
Three starts network-level ad blocking trial
Three, the mobile carrier, has begun warming up for a network-level ad blocking trial. It will become one of the first mobile carriers worldwide—and certainly in the UK—to try blocking ads before they are squirted over the network to the consumer, rather than attempting to hide or block ads locally on the device, which can cost both bandwidth and battery life. The ad blocking trial, which will affect both mobile websites and apps, will take place during a 24-hour period sometime between June 13 and 20. Three says it will contact customers and ask them to sign up for the trial, presumably via the online customer portal. It isn't clear how large the trial will be. Technologically, the network-level ad blocking will be powered by Shine. Due to the nature of the beast—the constant tussle between ad publishers and ad blockers—Shine doesn't like to talk about its tech in much detail. It sounds like Shine uses deep packet inspection and machine learning to find packets that contain ads, and then replaces or removes them in such a way that it doesn't break the layout of the website or app.
Some thoughts on operating containers
R.I.Pienaar talks about the conventions he uses when containerising; looks like a decent approach.
(tags: ops containers docker ripienaar packaging)
ClickHouse — open-source distributed column-oriented DBMS
'ClickHouse manages extremely large volumes of data in a stable and sustainable manner. It currently powers Yandex.Metrica, world’s second largest web analytics platform, with over 13 trillion database records and over 20 billion events a day, generating customized reports on-the-fly, directly from non-aggregated data. This system was successfully implemented at CERN’s LHCb experiment to store and process metadata on 10bn events with over 1000 attributes per event registered in 2011.' Yandex-tastic, but still looks really interesting
Cross-Region Read Replicas for Amazon Aurora
Creating a read replica in another region also creates an Aurora cluster in the region. This cluster can contain up to 15 more read replicas, with very low replication lag (typically less than 20 ms) within the region (between regions, latency will vary based on the distance between the source and target). You can use this model to duplicate your cluster and read replica setup across regions for disaster recovery. In the event of a regional disruption, you can promote the cross-region replica to be the master. This will allow you to minimize downtime for your cross-region application. This feature applies to unencrypted Aurora clusters.
(tags: aws mysql databases storage replication cross-region failover reliability aurora)
Advanced Airflow (Lesson 1) : TriggerDagRunOperator
good intro to some Airflow concepts
Finding pearls; fuzzing ClamAV
great how-to for practical scanner fuzz testing
(tags: fuzz-testing clamav scanners security vulnerabilities testing)
Ireland goes Big Brother as police upgrade snooping abilities - The Register
The Garda Síochána has proposed to expand its surveillance on Irish citizens by swelling the amount of data it collects on them through an increase in its CCTV and ANPR set-ups, and will also introduce facial and body-in-a-crowd biometrics technologies. [...] The use of Automated Facial Recognition (AFR) technology is fairly troubled in the UK, with the independent biometrics commissioner warning the government that it was risking inviting a legal challenge back in March. It is no less of an issue in Ireland, where the Data Protection Commissioner (DPC) audited Facebook in 2011 and 2012, and scolded the Zuckerborg over its use of facial recognition technology.
(tags: afr facial-recognition minority-report surveillance ireland gardai cctv anpr biometrics privacy)
-
"Here," by Richard McGuire. Amazing piece of comic art from 1989
(tags: richard-mcguire art comics graphic-novels history time)
Stop it with short PGP key IDs!
What happened today? We still don't really know, but it seems we found a first potentially malicious collision — that is, the first "nonacademic" case. Enrico found two keys sharing the 9F6C6333 short ID, apparently belonging to the same person (as would be the case of Asheesh, mentioned above). After contacting Gustavo, though, he does not know about the second — That is, it can be clearly regarded as an impersonation attempt. Besides, what gave away this attempt are the signatures it has: Both keys are signed by what appears to be the same three keys: B29B232A, F2C850CA and 789038F2. Those three keys are not (yet?) uploaded to the keyservers, though... But we can expect them to appear at any point in the future. We don't know who is behind this, or what his purpose is. We just know this looks very evil. Now, don't panic: Gustavo's key is safe. Same for his certifiers, Marga, Agustín and Maxy. It's just a 32-bit collision. So, in principle, the only parties that could be cheated to trust the attacker are humans, right? Nope. Enrico tested on the PGP pathfinder & key statistics service, a keyserver that finds trust paths between any two arbitrary keys in the strong set. Surprise: The pathfinder works on the short key IDs, even when supplied full fingerprints. So, it turns out I have three faked trust paths into our impostor.
UK at serious risk of over-blocking content online, human rights watchdog warns | Ars Technica UK
The IWF in the spotlight...
The blacklist operated by the IWF effectively amounts to censorship. Not only are the blacklist and notices sent to members of the IWF kept secret, but there is no requirement to notify website owners when their site has been added to the blacklist. Even where statutory rules do exist with respect to notice and take-down procedures (namely, the Terrorism Act 2006 and the Defamation (Operators of Websites) Regulations 2013), the provisions are not so concerned with safeguards for the protection of freedom of expression, as with offering an exemption from liability for ISPs.
Collecting my thoughts about Torus
Worryingly-optimistic communications about CoreOS' recently-announced distributed storage system. I had similar thoughts, but Jeff Darcy is actually an expert on this stuff so he's way more worth listening to on the topic ;)
(tags: jeff-darcy distcomp filesystems coreos torus storage)
German Privacy Regulators Fined Adobe, Others Over U.S. Data Transfers
Adobe was fined 8,000 euros, Punica 9,000 euros and Unilever 11,000 euros. The regulator said they had put in place alternative legal mechanisms for transferring data to the United States following the fine. “The fact that the companies have eventually implemented a legal basis for the transfer had to be taken into account in a favorable way for the calculation of the fines,” said Johannes Caspar, the Hamburg Commissioner for Data Protection. “For future infringements, stricter measures have to be applied.”
(tags: data-protection eu fines us privacy safe-harbor)
[dns-operations] Sad news today: systemd-resolved to be deployed in Ubuntu 16.10
systemd needs to stop breaking shit
The Mitsubishi Outlander vulnerability allows trivial remote car alarm unlocking.
Nearly-open wifi (easily-cracked weak WPA PSK), and a 6-byte string to disable the car alarm, discovered via replay attack. Massive fail
(tags: internetofshit mitsubishi fail outlander wpa alarms security replay-attack)
FullPageOS Automatically Boots Your Raspberry Pi Into a Full Page Web Kiosk Mode
set up to boot into a full-screen Chromium window on boot. This means if you’re using your Pi to power an information display, you won’t need to go through the process of disabling screen savers, editing display size, and forcing full-screen mode on your own. All you need to do is install FullPageOS on an SD card, then edit a TXT file to include your Wi-Fi network info and the URL you want it to load up.
(tags: kiosks raspberry-pi fullpageos chrome chromium web appliances hacks)
_Could a Neuroscientist Understand a Microprocessor?_
'There is a popular belief in neuroscience that we are primarily data limited, that producing large, multimodal, and complex datasets will, enabled by data analysis algorithms, lead to fundamental insights into the way the brain processes information. Microprocessors are among those artificial information processing systems that are both complex and that we understand at all levels, from the overall logical flow, via logical gates, to the dynamics of transistors. Here we take a simulated classical microprocessor as a model organism, and use our ability to perform arbitrary experiments on it to see if popular data analysis methods from neuroscience can elucidate the way it processes information. We show that the approaches reveal interesting structure in the data but do not meaningfully describe the hierarchy of information processing in the processor. This suggests that current approaches in neuroscience may fall short of producing meaningful models of the brain.' via Bryan O'Sullivan.
(tags: via:bos neuroscience microprocessors 6502 computers hardware wetware brain biology neural-systems)
MPs’ private emails are routinely accessed by GCHQ
65% of parliamentary emails are routed via Dublin or the Netherlands, so liable to access via Tempora; NSA's Prism program gives access to all Microsoft Office 365 docs; and MessageLabs, the anti-spam scanning system in use, has a GCHQ backdoor program called Haruspex, allegedly.
(tags: snowden privacy mps uk politics gchq nsa haruspex messagelabs symantec microsoft parliament)
-
'centrally-planned object and thread pools' for java. 'In the default JVM thread pools, once a thread is created it will only be retired when it hasn't performed a task in the last minute. In practice, this means that there are as many threads as the peak historical number of concurrent tasks handled by the pool, forever. These thread pools are also poorly instrumented, making it difficult to tune their latency or throughput. Dirigiste provides a fast, richly instrumented version of a java.util.concurrent.ExecutorService, and provides a means to feed that instrumentation into a control mechanism that can grow or shrink the pool as needed. Default implementations that optimize the pool size for thread utilization are provided. It also provides an object pool mechanism that uses a similar feedback mechanism to resize itself, and is significantly simpler than the Apache Commons object pool implementation.' Great metric support, too.
(tags: async jvm dirigiste java threadpools concurrency utilization capacity executors object-pools object-pooling latency)
-
new Jenkins UX. looks great
Here comes the summer: how Daylight Saving Time came to Ireland
good history on the crapfest that is DST
'Virtual nose' may reduce simulator sickness
Anecdotal evidence has suggested simulator sickness is less intense when games contain fixed visual reference objects - such as a racecar's dashboard or an airplane's cockpit - located within the user's field of view. "But you can't have a cockpit in every VR simulation," Whittinghill said. His research team was studying the problem when undergraduate student Bradley Ziegler suggested inserting the image of a virtual human nose in the center of the video display. "It was a stroke of genius," said Whittinghill, who teaches video game design. "You are constantly seeing your own nose. You tune it out, but it's still there, perhaps giving you a frame of reference to help ground you." The researchers have discovered that the virtual nose, or "nasum virtualis," reduces simulator sickness when inserted into popular games.
(tags: virtual-nose nose vr simulator-sickness nausea vr-sickness games)
-
Interesting new collections lib for Java 6+; generates Map-like and Set-like collections at runtime based on the contract annotations you desire. Fat (20MB) library-based implementation also available
(tags: collections java koloboke performance coding)
Symantec Issues Intermediate CA Certificate for Blue Coat Public Services
ugh, so dodgy
Green/Blue Deployments with AWS Lambda and CloudFormation - done right
Basically, use a Lambda to put all instances from an ASG into the ELB, then remove the old ASG
(tags: asg elb aws lambda deployment ops blue-green-deploys)
Six Years of Hacker News Comments about Twilio
love it.
(tags: twilio hn hackernews funny tech)
-
'Tired of copy/pasting Dockerfiles around? Not sure about best practices for Dockerfiles or Docker entry points? This tool lets you Dockerize your applications using best practices to define your Dockerfile and Docker entry point files.' The best practices in question are defined here: https://github.com/docker-library/official-images#review-guidelines
(tags: docker dockerfile images build best-practices alpine containers)
-
backward compatible replacement for Dockerfile. Yes, you can take any Dockerfile, rename it to Rockerfile and use rocker build instead of docker build. ... Rocker aims to solve the following use cases, which are painful with plain Docker: Mount reusable volumes on build stage, so dependency management tools may use cache between builds. Share ssh keys with build (for pulling private repos, etc.), while not leaving them in the resulting image. Build and run application in different images, be able to easily pass an artifact from one image to another, ideally have this logic in a single Dockerfile. Tag/Push images right from Dockerfiles. Pass variables from shell build command so they can be substituted to a Dockerfile. And more. These are the most critical issues that were blocking our adoption of Docker at Grammarly. The most challenging part is caching. While implementing those features seems to be not a big deal, it's not trivial to do that just by utilising Docker’s image cache (the one that docker build does). Actually, it is the main reason why those features are still not in Docker. With Rocker we achieve this by introducing a set of trade-offs. Search this page for "trade-off" to find out more details.
(tags: docker rocker build containers dockerfiles)
How big an issue is the nausea problem for Virtual Reality products? - Quora
Sadly (because I want a “holodeck” as much as the next red-blooded geek) - I don’t think it’s possible to make a VR system that both delivers the experience that everyone wants - and doesn’t make a sizeable proportion of the population so sick that they’ll never want to do it again. For the people who can stomach the display - my major concern is that the US Navy studies show that there is some disorientation that might persist long after finishing your game…so driving a car while “under the influence” of post-VR disorientation is probably as dangerous as drunk-driving. If these devices are in pretty much every home - then there are huge problems in store for the industry in terms of product liability. There have been plenty of warnings from the flight simulation industry - there are no excuses for not reading the Wikipedia article on the subject. If people are driving “under the influence” and the VR companies didn’t warn them about that - then they’re in deep trouble. IMHO, these consumer-grade VR devices should be carefully studied and if they do cause possible driving impairment, they should be banned until such time as the problems can be fixed…which may very well be “never”. Sorry to be the bearer of bad news.
(via Tony Finch)(tags: holodeck vr oculus-rift hmds nausea head-mounted-displays biology brain flight-simulation)
Why do Selenium-style record/replay tests of web applications break?
good data! Mostly because of element locations it seems....
LinkedIn called me a white supremacist
Wow. Massive, massive algorithm fail.
n the morning of May 12, LinkedIn, the networking site devoted to making professionals “more productive and successful,” emailed scores of my contacts and told them I’m a professional racist. It was one of those updates that LinkedIn regularly sends its users, algorithmically assembled missives about their connections’ appearances in the media. This one had the innocent-sounding subject, “News About William Johnson,” but once my connections clicked in, they saw a small photo of my grinning face, right above the headline “Trump put white nationalist on list of delegates.” [.....] It turns out that when LinkedIn sends these update emails, people actually read them. So I was getting upset. Not only am I not a Nazi, I’m a Jewish socialist with family members who were imprisoned in concentration camps during World War II. Why was LinkedIn trolling me?
(tags: ethics fail algorithm linkedin big-data racism libel)
[RFE] add a way to run in a new systemd scope automatically · Issue #428 · tmux/tmux
omgwtfbbq. 1: User reports that their gnome session leaks processes; 2: systemd modifies default session behaviour to kill all processes, including screen/tmux; 3: _everyone_ complains because they break 30 years of UNIX process semantics, then 4: they request that tmux/screen hack their shit to workaround their brokenness. Get fucked, systemd. This is the kind of shit that would finally drive me to BSDland
(tags: systemd horror linux fail unix gnome tmux bugs omgwtfbbq)
The Dordogne Valley: What to Expect
French Foodie in Dublin writes and vlogs about the Dordogne Valley, good foodie tips
The Dutch word for "nitpicker" is significantly more sweary
via James Kelleher on Twitter: "‘Mierenneuker’ — Dutch slang for someone who pays (too much) attention to detail, literally ‘ant-fucker’."; and in German, 'Korinthenkacker', "raisin-shitter".
(tags: raisins funny words ants dutch german language nit-picking perfectionism)
#825394 - systemd kill background processes after user logs out - Debian Bug report logs
Systemd breaks UNIX behaviour which has been standard practice for 30 years:
It is now indeed the case that any background processes that were still running are killed automatically when the user logs out of a session, whether it was a desktop session, a VT session, or when you SSHed into a machine. Now you can no longer expect a long running background processes to continue after logging out. I believe this breaks the expectations of many users. For example, you can no longer start a screen or tmux session, log out, and expect to come back to it.
(tags: systemd ops debian linux fail background cli commandline)
-
Geofencing used for evil:
What Flynn realized is that he could use [ad targeting] to infer that a woman might be seeking an abortion, and to target her for ads from anti-choice groups [using geofenced advertising]. “We can reach every Planned Parenthood in the U.S.,” he wrote in a PowerPoint display sent to potential clients in February. The Powerpoint included a slide titled “Targets for Pro-Life,” in which Flynn said he could also reach abortion clinics, hospitals, doctors’ offices, colleges, and high schools in the United States and Canada, and then “[d]rill down to age and sex.” “We can gather a tremendous amount of information from the [smartphone] ID,” he wrote. “Some of the break outs include: Gender, age, race, pet owners, Honda owners, online purchases and much more.” Flynn explained that he would then use that data to send anti-choice ads to women “while they’re at the clinic.”
(tags: geofencing grim-meathook-future abortion phones smartphones pro-choice ads)
-
Rapid Fire is a special event we started hosting at our own in-person CTFs in 2014. The idea is pretty simple: Create several CTF challenges that can be solved in a few minutes each. Set up the challenges on 4 identical computers with some basic tools. Mirror the player’s screens so the audience can watch their actions. Whoever solves the most challenges the fastest wins. This event is interesting for a number of reasons: the players are under intense pressure, as everything they do is being watched by several people; the audience can watch several different approaches to the same problems; and people can follow along fairly easily with what is going on with the challenges.
With e-sports-style video!(tags: gaming hacking security e-sports streaming twitch ctf)
-
Twitter are open sourcing their Storm replacement, and moving it to an independent open source foundation
(tags: open-source twitter heron storm streaming architecture lambda-architecture)
Why the Very Silly Oracle v. Google Trial Actually Matters
If it’s illegal to write clean room implementations of APIs, then no one has clean hands. The now-shelved open source project Apache Harmony, like Android, reimplemented Java SE, and tech giant IBM contributed code to that project. Oracle itself built its business off a proprietary implementation of SQL, which was created by IBM. The proposition “Reimplementations of APIs are infringements” creates a recursive rabbit hole of liability that spans across the industry. Even the very 37 Java APIs at issue in this trial contain reimplementations of other APIs. Google witness Joshua Bloch—who, while at Sun Microsystems, wrote many of the Java APIs—testified that specific Java APIs are reimplementations of other APIs from Perl 5 and the C programming language.
(tags: apis fair-use copyright ip android java google oracle law)
-
GitLab continue to out-innovate Github, which is just wanking around with breaking the UI these days
(tags: gitlab github git ci cd containers docker deployment coding)
-
'The algorithm of Lamport timestamps is a simple algorithm used to determine the order of events in a distributed computer system. As different nodes or processes will typically not be perfectly synchronized, this algorithm is used to provide a partial ordering of events with minimal overhead, and conceptually provide a starting point for the more advanced vector clock method. They are named after their creator, Leslie Lamport.' See also vector clocks (which I think would be generally preferable nowadays).
(tags: vector-clocks distributed programming algorithm clocks time leslie-lamport coding distcomp)
100 thieves steal $13m in three hours from cash machines across Japan
'Police believe that as many as 100 people, none of whom have been apprehended, worked together using forged credit cards containing account details illegally obtained from a bank in South Africa. The culprits used the fake cards at 1,400 convenience store automated teller machines on the morning of 15 May, according to police. Each made a single withdrawal of 100,000 yen – the maximum allowed by the cash machines.' 1,600 forged/stolen credit card credentials from a single bank, then a synchronised attack made possible by the eventually-consistent ledger model of ATM accounting. (via William Gibson)
Revealed: How copyright law is being misused to remove material from the internet
Automated DMCA takedowns used to fraudulently censor online content.
In fact, no copyright infringement had occurred at all. Instead, something weirder had happened. At some point after Narey posted her comments on Mumsnet, someone had copied the entire text of one of her posts and pasted it, verbatim, to a spammy blog titled “Home Improvement Tips and Tricks”. The post, headlined “Buildteam interior designers” was backdated to September 14 2015, three months before Narey had written it, and was signed by a “Douglas Bush” of South Bend, Indiana. The website was registered to someone quite different, though: Muhammed Ashraf, from Faisalabad, Pakistan. Quite why Douglas Bush or Muhammed Ashraf would be reviewing a builder based in Clapham is not explained in “his” post. BuildTeam says it has no idea why Narey’s review was reposted, but that it had nothing to do with it. “At no material times have we any knowledge of why this false DCMA take down was filed, nor have we contracted any reputation management firms, or any individual or a group to take such action on our behalf. Finally, and in conjunction to the above, we have never spoken with a ‘Douglas Bush,’ or a ‘Muhammed Ashraf.’”
(tags: fraud censorship mumsnet dmca takedowns google automation copyright)
3 Reasons AWS Lambda Is Not Ready for Prime Time
This totally matches my own preconceptions ;)
When we at Datawire tried to actually use Lambda for a real-world HTTP-based microservice [...], we found some uncool things that make Lambda not yet ready for the world we live in: Lambda is a building block, not a tool; Lambda is not well documented; Lambda is terrible at error handling Lung skips these uncool things, which makes sense because they’d make the tutorial collapse under its own weight, but you can’t skip them if you want to work in the real world. (Note that if you’re using Lambda for event handling within the AWS world, your life will be easier. But the really interesting case in the microservice world is Lambda and HTTP.)
(tags: aws lambda microservices datawire http api-gateway apis https python ops)
-
holy crap, this is dystopian:
The first time Paul Zilly heard of his score — and realized how much was riding on it — was during his sentencing hearing on Feb. 15, 2013, in court in Barron County, Wisconsin. Zilly had been convicted of stealing a push lawnmower and some tools. The prosecutor recommended a year in county jail and follow-up supervision that could help Zilly with “staying on the right path.” His lawyer agreed to a plea deal. But Judge James Babler had seen Zilly’s scores. Northpointe’s software had rated Zilly as a high risk for future violent crime and a medium risk for general recidivism. “When I look at the risk assessment,” Babler said in court, “it is about as bad as it could be.” Then Babler overturned the plea deal that had been agreed on by the prosecution and defense and imposed two years in state prison and three years of supervision.
(tags: dystopia law policing risk risk-assessment northpointe racism fortune-telling crime)
Guillermo Del Toro's Tweetstorm About John Carpenter
'Regarding [John] Carpenter: We all talk about inequalities in film. We can add a huge one: Genre inequality. Horror will always be punk rock!'
(tags: horror punk john-carpenter movies film guillermo-del-toro)
For World’s Newest Scrabble Stars, SHORT Tops SHORTER
Nigeria's scrabble team are kicking ass with short-word strats.
“ ‘What would the robot do?’ is now the key question in Scrabble,” said Mr. Fatsis. Often, he said, the robot plays five letters: “There are inefficiencies in the game that you can exploit by having a mastery of those intermediate-length words.”
-
Today in nose-leech news -- the paper!
Principal Findings: A new genus and species of leech from Perú was found feeding from the nasopharynx of humans. Unlike any other leech previously described, this new taxon has but a single jaw with very large teeth. Phylogenetic analyses of nuclear and mitochondrial genes using parsimony and Bayesian inference demonstrate that the new species belongs among a larger, global clade of leeches, all of which feed from the mucosal surfaces of mammals. Conclusions: This new species, found feeding from the upper respiratory tract of humans in Perú, clarifies an expansion of the family Praobdellidae to include the new species Tyrannobdella rex n. gen. n.sp., along with others in the genera Dinobdella, Myxobdella, Praobdella and Pintobdella. Moreover, the results clarify a single evolutionary origin of a group of leeches that specializes on mucous membranes, thus, posing a distinct threat to human health.
(tags: leeches nose-leech papers science species tyrannobdella-rex horror)
Bike thief reveals tricks of the trade in this shockingly candid interview
This is an eye-opener:
A former bicycle thief has revealed the tricks of the trade in an interview, which clearly and shockingly shows the extent that thieves will go to in order to steal a bike. He talks about the motivations behind the theft, the tools used to crack locks and how the bikes were moved around and sold for a significant sum. He also gives tips on how to prevent your bike from being stolen. [...] 'Don’t be fooled by Kryptonite locks, they’re not as tough as made out to be. Also D-bars with tubular locks, never use them, they’re the most easy to pick with a little tool. It’s small and discreet, no noise and it looks like you are just unlocking your bike. With the bolt cutters we would go out on high performance motorbikes, two men on a bike.'
(tags: bikes locks bike-locks security london theft lockpicking d-locks)
How Trump’s troll army is cashing in on his campaign
Of the dozens of Trump pages seemingly run by click-farms, just one responded to our request for an interview, though the anonymous operators of the Trumpians fan page declined to provide the name of their company, citing the “volatility of Trump haters.” Trump’s Facebook page is the only one of over 100 the company runs that’s dedicated to an individual politician. “The other [candidates] don’t have any value from a merchandise perspective ,” the operator said by Facebook Messenger.
(tags: click-farms spam donald-trump politics us-politics facebook trolls)
_DataEngConf: Parquet at Datadog_
"How we use Parquet for tons of metrics data". good preso from Datadog on their S3/Parquet setup
(tags: datadog parquet storage s3 databases hadoop map-reduce big-data)
Should create a separate Hystrix Thread pool for each remote call?
Excellent advice on capacity planning and queueing theory, in the context of Hystrix. Should I use a single thread pool for all dependency callouts, or independent thread pools for each one?
(tags: threadpools pooling hystrix capacity queue-theory queueing queues failure resilience soa microservices)
-
'The database of Irish nonprofits'. Excellent stuff!
(tags: non-profits ireland charities charity transparency)
Far more drivers break red lights in Dublin than cyclists
'of all the red light violations [filmed by red light cameras at Blackhall Place and Con Colbert Road by the RPA in 2011,] approximately 15% were committed by cyclists, with almost 85% committed by motor vehicles.'
(tags: law cycling red-lights driving dublin red-light-cameras)
-
RIP. "Big Dead Place" is a fantastic document of "M*A*S*H on ice", as the London Times called it, and one of my favourite books. See also http://feralhouse.com/nick-johnson-rip/ for another eulogy from his publishers
(tags: big-dead-place nick-johnson rip eulogies books reading history antarctica exploration raytheon bureaucracy)
-
Gradle plugin that allows easy integration with the infer static analyzer
“You Can't Copyright Klingon” Means Paramount Is In Trouble
The Language Creation Society filed an amicus brief claiming that Klingon is a real language and therefore not subject to copyright. To reiterate: the fandom of Star Trek elevated a language invented in 1984 by Marc Okrand for Star Trek III: The Search for Spock to the point it is taught in colleges and spoken as a living language. So it isn’t Star Trek anymore: it is real. [...] the entire legal brief is impossible to reprint due to limits in our non-Klingon font system, but even the motion includes Klingon-translated passages that accuse Paramount of being “arrogant” and “pathetic”.
(tags: klingon star-trek languages paramount ip copyright law)
Westminster social engineering to blame for 'Glasgow effect' mortality rate
This is quite significant -- scientific proof that austerity/social engineering policies cause higher mortality rates:
Researchers found that the historic effect of overcrowding was an important factor and highlighted the strategies of local government, which prioritised the regeneration of the city centre over investment in the cities housing schemes as having a significant impact on the health of Glaswegians. Data shows that Glasgow authorities spent far less on housing repairs, leaving people's homes poorly maintained and subject to damp. David Walsh, of the Glasgow Centre for Population Health, said that their work proved that poor health had political causes and could not simply be attributed to individual lifestyle choices.
(tags: glasgow-effect scotland poverty glasgow lifestyle health mortality housing policies uk)
Key Metrics for Amazon Aurora | AWS Partner Network (APN) Blog
Very DataDog-oriented, but some decent tips on monitorable metrics here
In Oracle v. Google, a Nerd Subculture Is on Trial
“The G part stands for GNU?” Alsup asked in disbelief. “Yes,” said Schwartz on the stand. “That doesn’t make any sense,” said the 71-year-old Clinton appointee.
Historic computers look super sexy in this new photo series by Docubyte and Ink
Wow, these look amazing:
The IBM 1401 and Alan Turing’s Pilot ACE (shown below) are among the computers featured in the series by photographer Docubyte and production studio Ink.
(tags: ibm computers history tech docubyte ink bletchley-park)
Kodak Had a Secret Nuclear Reactor Loaded With Enriched Uranium Hidden In a Basement
non-proliferation? what's that?
Kodak's purpose for the reactor wasn't sinister: they used it to check materials for impurities as well as neutron radiography testing. The reactor, a Californium Neutron Flux multiplier (CFX) was acquired in 1974 and loaded with three and a half pounds of enriched uranium plates placed around a californium-252 core. The reactor was installed in a closely guarded, two-foot-thick concrete walled underground bunker in the company's headquarters, where it was fed tests using a pneumatic system. According to the company, no employees were ever in contact with the reactor. Apparently, it was operated by atomic fairies and unicorns.
(tags: kodak nuclear safety non-proliferation scary rochester reactors)
Champagne Mojitos Recipe - John Besh
sounds like a decent party starter:
This puckery drink is prepared with rum and fresh mint like a classic mojito, but New Orleans chef John Besh makes it holiday-worthy by topping it with a splash of Champagne.
(tags: cocktails recipes champagne mojito sugar water rum lime mint sparkling-wine)
Cava and Pomegranate Cocktails Recipe - José Andrés
I've made a variant on this, good cava cocktail
(tags: sparkling-wine cocktails recipes pomegranate champagne)
Southside Royale Recipe - Eric Alperin
variant on the French 75 with lime juice in place of lemon
Virgin Media Ireland hate people working from home
What the hell, Virgin?
Section 12: Use of Virtual Private Network (VPN) As stated above, the Virgin Media Services are for residential use only and we do not support the use of VPN. If we find you are using VPN we may instruct you to stop using it and you must comply with this request. This is in order to prevent problems with our network and other Internet users.
(tags: virgin-media virgin upc isps ireland teleworking telecommuting home vpns vpn)
About to leave UPC due to (lack of) port forwarding - Boards.ie
Virgin Media/UPC seem to have silently deployed an IPv6 "carrier-grade NAT" setup called "DS-Lite" -- ie. all customers now get just a routable IPv6 address, and share a small pool of IPv4 NATs. This breaks a multitude of useful services, including UDP IPSec VPNs it seems
(tags: udp vpns isps virgin-media virgin ireland ds-lite ipv6 tunnelling networking nat ipv4)
Ireland will need referendum to create EU court for patents
omg. Sean "Irish SOPA" Sherlock dealing with the important issues once again -- in this case the bloody "Unified Patent Court"
(tags: patents eu sean-sherlock absurd referenda ireland ip)
-
In his 1962 book, The Image: A Guide to Pseudo-Events in America, former Librarian of Congress Daniel J. Boorstin describes a world where our ability to technologically shape reality is so sophisticated, it overcomes reality itself. "We risk being the first people in history," he writes, "to have been able to make their illusions so vivid, so persuasive, so ‘realistic’ that they can live in them."
(tags: algorithms facebook ethics filtering newsfeed conspiracy-theories twitter viral crazy)
World’s first vanity gTLD goes live
".richardli". TLDs are now officially beyond a joke
Open Whisper Systems >> Blog >> Reflections: The ecosystem is moving
Very interesting post on federation vs centralization for new services:
One of the controversial things we did with Signal early on was to build it as an unfederated service. Nothing about any of the protocols we've developed requires centralization; it's entirely possible to build a federated Signal Protocol based messenger, but I no longer believe that it is possible to build a competitive federated messenger at all.
(tags: development encryption communication network-effects federation signal ip protocols networking smtp platforms)
CD at LMAX: Testing into Production and Back Again
Chock-full of excellent build/test ideas from LMAX's Continuous Delivery setup. Lots of good ideas to steal
Chinese censorship: arbitrary rule changes are a form of powerful intermittent reinforcement
China's Internet censors are capricious and impossible to predict -- but this isn't because China's censors are incompetent, rather, they're tapping into one of the most powerful forms of conditioning, the uncertainty born of intermittent reinforcement. [...] As C Custer writes at Tech in Asia, this caprice is by design: by not specifying a set of hard and fast rules, but rather the constant risk of being taken down for crossing some invisible line, China's censors inspire risk-aversion in people who rely on the net to be heard or earn their livings. It's what Singaporeans call "out of bounds," the unspecified realm of things you mustn't, shouldn't or won't want to enter.
(tags: risk risk-aversion censorship control china politics enforcement crime self-censorship)
Dublin & Wicklow Walks » Family Walks
These are a great selection. Gonna be doing one of these every weekend if possible, now that the 2 year old can just about handle it ;)
-
command line utility that performs an HTML element selection on HTML content passed to the stdin. Using css selectors that everybody knows. Since input comes from stdin and output is sent to stdout, it can easily be used inside traditional UNIX pipelines to extract content from webpages and html files. tq provides extra formating options such as json-encoding or newlines squashing, so it can play nicely with everyones favourite command line tooling.
(tags: tq linux unix cli command-line html parsing css tools)
Apple Stole My Music. No, Seriously.
some amazingly terrible product decisions here. Deleting local copies of unreleased WAV files -- on the assumption that the user will simply listen to them streamed down from Apple Music -- that is astonishingly bad, and it's amazing they didn't consider the "freelance composer" use case at all. (via Tony Finch)
(tags: apple music terrible wav sound copyright streaming apple-music design product fail)
-
Purpose-built in 1898, the telephone exchange in Temple Bar was Dublin’s first automatic telephone exchange. Much like its newer neighbor, Internet House, it stood as a technological beacon shining through the luddite fog. With this in mind the Irish Citizen Army targeted the Telephone Exchange in 1916 as one of the communication hubs for the island. While many of us grew up learning of a history of ‘blood sacrifice’ and the futility of the Easter Rising, the truth is that the attack was meticulously planned both militarily and logistically. Sixty communication points around Dublin were hit in an effort to cut off all contact between British military forces within Ireland and to the ‘mainland’. The hope being that reserves and reinforcements would be delayed or misinformed.[...] Unfortunately for the rebels they could not take the Temple Bar exchange. A failure that would prove disastrous.
(tags: temple-bar history dublin telephones communications 1916)
Waste charges unpaid by 50% of residents in city litter blackspot
as Paul McDonnell noted: this one line tells you everything you need to know about DCC's ability to enforce the rules: 'in some of the bags inspected previously issued litter fines were found'. Pathetic
(tags: littering dublin northside dcc law enforcement rubbish bins)
-
This conceptual collection consists of eight 6:1 scale versions of classic LEGO bricks, each fully functional in one way or the other. Including eight matching photo montages, a homage to the box cover art for the classic "Legoland Space" line. Hultén - "Like most people, I was raised by Lego. For this project, I chose to work with a set of decorated bricks from the iconic 79-87 "Legoland Space" line. These were bricks that would trigger my imagination as a child. 25 years have passed, and they still trigger"
ERMAHGERD (faints) BTrDB: Optimizing Storage System Design for Timeseries Processing
interesting, although they punt to Ceph for storage and miss out the chance to make a CRDT
(tags: storage trees data-structures timeseries delta-delta-coding encoding deltas)
?Why I Hate Security, Computers, and the Entire Modern Banking System | Motherboard
I am honestly amazed the US banking system still works this way, after over a decade of rampant identity theft:
I cannot count the number of times I’ve freely given out my routing and account numbers—in emails, in webforms, in paperwork. This is because it’s necessary for other people to know my routing number and account number in order for them to send me money. But apparently, with that same information, they can also snatch money straight from my account. What kind of insane system is this? There’s two factor authentication, there’s one factor authentication, and then there’s this, which I think I can call zero factor authentication.
(tags: identity-theft phishing banking banks usa authentication 2fa 0fa security)
-
Cropping, scaling, and resizing images on the fly, for free, with GAE. Great service, wish AWS had something similar
App Engine API has a very useful function to extract a magic URL for serving the images when uploaded into the Cloud Storage. get_serving_url() returns a URL that serves the image in a format that allows dynamic resizing and cropping, so you don’t need to store different image sizes on the server. Images are served with low latency from a highly optimized, cookieless infrastructure.
(tags: gae google app-engine images scaling cropping image-processing thumbnails google-cloud)
Ex-surgeon duped into being €100k drug mule
Oh man. This is so sad:
Soriano, who had travelled to Ireland from Bogota via Panama and Paris, told customs officials that a red bag he was carrying contained a gift for banking officials which would facilitate the transfer of a $2.3m inheritance from a long-lost relative he had never heard of until recently. He was very co-operative with the officials and agreed to allow them x-ray and examine the bag. It was found to contain 1.86kg of cocaine in three packets. Sgt Finnegan said gardaí were initially sceptical that Soriano could have fallen for the scam but, as interviews went on, they became aware that there were underlying issues. Gardaí found documentation that Soriano had printed out about other phishing scams. He said that he knew they were scams but he was lonely and would respond to them for “a little bit of fun”. Sgt Finnegan said that, despite this, he remained adamant that the inheritance was still due to be claimed.
Bizarrely not the first prominent surgeon to fall victim to 419 scammers.(tags: 419 scams cocaine smuggling surgeons phishing dementia)
Wikipedia’s Piracy Police Are Ruining the Developing World's Internet Experience | Motherboard
Oh dear.
The Wikimedia Foundation told me last month that it has been aware of people using Wikipedia Zero for file sharing for about a year, and says that there are no plans to pull out of any countries because of piracy. But that hasn’t stopped rogue Wiki users from suggesting it anyway, and members of the task force have gotten Wikimedia Bangladesh to plead with the pirates to stop contributing to an “increasingly negative perception of Bangladesh in many different sectors.”
(tags: wikipedia wikimedia bangladesh filesharing piracy wikipedia-zero copyright)
Go best practices, six years in
from Peter Bourgon. Looks like a good list of what to do and what to avoid
(tags: go golang best-practices coding guidelines)
raboof/nethogs: Linux 'net top' tool
NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.
(tags: nethogs cli networking performance measurement ops linux top)
The Airplane Seating Arrangement that Triggers 'Air Rage'
The presence of a first-class cabin, and having to walk through it to get to economy, is a triggering factor for "air rage" incidents:
As lead researcher Katherine DeCelles explained to Gizmodo, airplanes are like a miniature version of class-based society. “It’s a small world of the greater society that we live in, though one that’s greatly concentrated,” she said. Traveling by plane is stressful enough, but DeCelles believes that seating inequality on airplanes often serves as “the straw that breaks the camel’s back,” and that air rage can be partly explained and understood through the lens of social inequality.
(tags: air-rage first-class flying air travel anger economy)
The Challenges of Container Configuration // Speaker Deck
Some good advice on Docker metadata/config from Gareth Rushgrove
(tags: docker metadata configuration build devops dev containers slidfes)
CoreOS and Prometheus: Building monitoring for the next generation of cluster infrastructure
Ooh, this is a great plan. :applause:
Enabling GIFEE — Google Infrastructure for Everyone Else — is a primary mission at CoreOS, and open source is key to that goal. [....] Prometheus was initially created to handle monitoring and alerting in modern microservice architectures. It steadily grew to fit the wider idea of cloud native infrastructure. Though it was not intentional in the original design, Prometheus and Kubernetes conveniently share the key concept of identifying entities by labels, making the semantics of monitoring Kubernetes clusters simple. As we discussed previously on this blog, Prometheus metrics formed the basis of our analysis of Kubernetes scheduler performance, and led directly to improvements in that code. Metrics are essential not just to keep systems running, but also to analyze and improve application behavior. All things considered, Prometheus was an obvious choice for the next open source project CoreOS wanted to support and improve with internal developers committed to the code base.
(tags: monitoring coreos prometheus metrics clustering ops gifee google kubernetes)
Let Them Make Noise: A ‘Dining Club’ Invites Toddlers - NYTimes.com
This is a great idea. I miss eating out, and this is why:
Throughout our three-hour meal, babies cried, mothers nursed, toddlers shrieked and farro grains flew, but the atmosphere was surprisingly leisurely. There was no reason to be self-conscious about a crying-nursing-dancing child because everyone knew every other parent was in the same boat. Or would be in a few seconds. So we relaxed and ate. This is not fine dining as I once knew it, and that’s O.K. That’s what date night is for. But my daughter got her first lesson in how to behave at a fancy restaurant. And I got to finish a delicious meal while it was still warm, toddler in tow.
Image Dithering: Eleven Algorithms and Source Code
Nice demos
(tags: algorithms graphics coding dithering floyd-steinberg)
A poem about Silicon Valley, made up of Quora questions about Silicon Valley
Why do so many startups fail? Why are all the hosts on CouchSurfing male? Are we going to be tweeting for the rest of our lives? Why do Silicon Valley billionaires choose average-looking wives? What makes a startup ecosystem thrive? What do people plan to do once they’re over 35? Is an income of $160K enough to survive? What kind of car does Mark Zuckerberg drive? Are the real estate prices in Palo Alto crazy? Do welfare programs make poor people lazy? What are some of the biggest lies ever told? How do I explain Bitcoin to a 6-year-old? Why is Powdered Alcohol not successful so far? How does UberX handle vomiting in the car? Is being worth $10 million considered ‘rich’? What can be causing my upper lip to twitch? Why has crowdfunding not worked for me? Is it worth pre-ordering a Tesla Model 3? How is Clinkle different from Venmo and Square? Can karma, sometimes, be unfair? Why are successful entrepreneurs stereotypically jerks? Which Silicon Valley company has the best intern perks? What looks easy until you actually try it? How did your excretions change under a full Soylent diet? What are alternatives to online dating? Is living in small apartments debilitating? Why don’t more entrepreneurs focus on solving world hunger? What do you regret not doing when you were younger?
(tags: funny tech poetry silicon-valley humour bitcoin soylent 2016)
Some great factoids about Glasnevin Cemetery
local landmark and significant chunk of Dublin history. I like this one:
Another odd thing was that people from Dublin had to be buried before noon. This was due to the fact that many funerals stopping at the gate would end up so late in the pub the gates would be closed. A number of times the sextant would open up in the morning to find a coffin or two aganst the gates. For years I thought this was made up but it turns out to be true. A friend had a copy of the cemetary bye laws from (I think) around 1908 and it was in there. I think the rule was if you lived within 7 miles of the GPO you had to be buried before 12 noon.
(tags: death burial graveyards glasnevin dublin history d11)
-
Results: We obtained 20?882 survey responses (94?606 preferences) from 27 EU member countries. Respondents recognized the benefits of storing electronic health information, with 75.5%, 63.9%, and 58.9% agreeing that storage was important for improving treatment quality, preventing epidemics, and reducing delays, respectively. Concerns about different levels of access by third parties were expressed by 48.9% to 60.6% of respondents. On average, compared to devices or systems that only store basic health status information, respondents preferred devices that also store identification data (coefficient/relative preference 95% CI?=?0.04 [0.00-0.08], P?=?0.034) and information on lifelong health conditions (coefficient?=?0.13 [0.08 to 0.18], P?0.001), but there was no evidence of this for devices with information on sensitive health conditions such as mental and sexual health and addictions (coefficient?=??0.03 [?0.09 to 0.02], P?=?0.24). Respondents were averse to their immediate family (coefficient?=??0.05 [?0.05 to ?0.01], P?=?0.011) and home care nurses (coefficient?=??0.06 [?0.11 to ?0.02], P?=?0.004) viewing this data, and strongly averse to health insurance companies (coefficient?=??0.43 [?0.52 to 0.34], P?0.001), private sector pharmaceutical companies (coefficient?=??0.82 [?0.99 to ?0.64], P?0.001), and academic researchers (coefficient?=??0.53 [?0.66 to ?0.40], P?0.001) viewing the data. Conclusions: Storing more detailed electronic health data was generally preferred, but respondents were averse to wider access to and sharing of this information. When developing frameworks for the use of electronic health data, policy makers should consider approaches that both highlight the benefits to the individual and minimize the perception of privacy risks.
Via Antoin.(tags: privacy data medicine health healthcare papers via:antoin)
Inside “Emojigeddon”: The Fight Over The Future Of The Unicode Consortium
Michael "evertype" Everson in the news!
(tags: unicode typography michael-everson emoji eggplant)
The Make: Weekend Projects Thumbnail Guide To Soldering
man, I wish I had this 30 years ago. now I know what stuff I need to get to make my occasional solders less of a PITA
Exclusive: SWIFT bank network says aware of multiple cyber fraud incidents
"SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the group warned customers on Monday in a notice seen by Reuters.
Ouch. They seem to be indicating that they're all phishing/impersonation-based attacks.(tags: phishing swift banking hacks exploits banks security)
Bodyhackers are all around you, they’re called women
I have two cyborg implants. One is in my hand, and it lets my unlock phones and doors by waving at them. The other is in my uterus, and it lets me control my own fertility.
(tags: bodyhacking iuds implants cyborg feminism birth-control)
-
Amazing deep dive into the graphic design of 1980s sci-fi classic, Alien, in particular Ron Cobb's_Semiotic Standard For All Commercial Trans-Stellar Utility Lifter And Heavy Element Transport Spacecraft_ and its application aboard the Weylan-Yutani Nostromo
(tags: fonts typography movies cinema alien sf history 1980s ron-cobb graphic-design)
Bots won't replace apps. Better apps will replace apps
As I’ll explain, messenger apps’ apparent success in fulfilling such a surprising array of tasks does not owe to the triumph of “conversational UI.” What they’ve achieved can be much more instructively framed as an adept exploitation of Silicon Valley phone OS makers’ growing failure to fully serve users’ needs, particularly in other parts of the world. Chat apps have responded by evolving into “meta-platforms.” Many of the platform-like aspects they’ve taken on to plaster over gaps in the OS actually have little to do with the core chat functionality. Not only is “conversational UI” a red herring, but as we look more closely, we’ll even see places where conversational UI has breached its limits and broken down.
(tags: apps bots chatops chat ui messaging silicon-valley agents alexa siri phones)
How I Hacked Facebook, and Found Someone's Backdoor Script
Great writeup of a practical pen test. Those crappy proprietary appliances that get set up "so the CEO can read his email on the road" etc. are always a weak spot
(tags: facebook hacking security exploits pen-tests backdoors)
Anti-innovation: EU excludes open source from new tech standards
EC up to its old anti-competitive tricks:
The European Commission is surprisingly coy about what exactly ['open'] means in this context. It is only on the penultimate page of the ICT Standardisation Priorities document that we finally read the following key piece of information: "ICT standardisation requires a balanced IPR [intellectual property rights] policy, based on FRAND licensing terms." It's no surprise that the Commission was trying to keep that particular detail quiet, because FRAND licensing—the acronym stands for "fair, reasonable, and non-discriminatory"—is incompatible with open source, which will therefore find itself excluded from much of the EU's grand new Digital Single Market strategy. That's hardly a "balanced IPR policy."
(tags: open-source open frand eu ec)
I am Alex St. John’s Daughter, and He is Wrong About Women in Tech — Medium
Great, great post from Amilia St. John, responding to the offensive sexist crap spewed by her father, Alex St. John
(tags: sexism career tech amilia-st-john alex-st-john jobs work feminism)
-
The history of this is fascinating:
Today’s pirate libraries have their roots in the work of Russian academics to digitize texts in the 1990s. Scholars in that part of the world had long had a thriving practice of passing literature and scientific information underground, in opposition to government censorship—part of the samizdat culture, in which banned documents were copied and passed hand to hand through illicit channels. Those first digital collections were passed freely around, but when their creators started running into problems with copyright, their collections “retreated from the public view,” writes Balázs Bodó, a piracy researcher based at the University of Amsterdam. “The text collections were far too valuable to simply delete,” he writes, and instead migrated to “closed, membership-only FTP servers.” [....] There’s always been osmosis within the academic community of copyrighted materials from people with access to scholar without. “Much of the life of a research academic in Kazakhstan or Iran or Malaysia involves this informal diffusion of materials across the gated walls of the top universities,” he says.
(tags: pirates pirate-libraries libraries archival history russia ussr samizdat samizdata academia papers)
[Updated] Using a Dyson hand dryer is like setting off a viral bomb in a bathroom | Ars Technica
Clumping the data from all six heights together, the Dyson produced 60 times more plaques than the warm air dryer and 1,300 times more than paper towels. Of the viruses launched by the jet dryer, 70 percent were at the height of a small child’s face.
(vomit)Building a Regex Search Engine for DNA | Hacker News
The original post is pretty mediocre -- a search engine which handles a corpus of "thousands" of plasmids from "a scientist's personal library", and which doesn't handle fuzzy matches? I think that's called grep -- but the HN comments are good
(tags: grep regular-expressions hacker-news strings dna genomics search elasticsearch)
-
Prepaid talk+text+data or data-only mobile SIM cards, delivered to your home or hotel, prior to visiting the US. great service for temporary US business visits
(tags: visiting us usa zip-sim sims mobile-phones travel phones mobile travelling data)
Detecting the use of "curl | bash" server side
tl;dr:
The better solution is never to pipe untrusted data streams into bash. If you still want to run untrusted bash scripts a better approach is to pipe the contents of URL into a file, review the contents on disk and only then execute it.
The Melancholy Mystery of Lullabies - NYTimes.com
Fascinating article on lullabies:
One way a mother might bond with a newborn is by sharing her joy; another way is by sharing her grief or frustration. We see this in songs across time. A 200-year-old Arabic lullaby still sung today goes: I am a stranger, and my neighbors are strangers; I have no friends in this world. Winter night and the husband is absent. And an old Spanish lullaby from Asturias, written down by the poet Federico García Lorca, goes: This little boy clinging so Is from a lover, Vitorio, May God, who gave, end my woe, Take this Vitorio clinging so. We assume the sound of these songs is sweet, as no lullaby endures without being effective at putting babies to sleep. Think of ‘‘Rock-a-bye Baby,’’ the way it tenderly describes an infant and its cradle falling to the ground: The singer gets to speak a fear, the baby gets to rest; the singer tries to accommodate herself to a possible loss that has for most of human history been relatively common, and the baby gets attentive care. In the Arabic and Spanish lullabies, the singers get to say something to the one being — their new burden, their new love — who can’t and won’t judge or discipline them for saying it. When even relatively happy, well-supported people become the primary caretaker of a very small person, they tend to find themselves eddied out from the world of adults. They are never alone — there is always that tiny person — and yet they are often lonely. Old songs let us feel the fellowship of these other people, across space and time, also holding babies in dark rooms.
(tags: lullabies songs singing history folk babies children)
New Oil-Based Cityscapes Set at Dawn and Dusk by Jeremy Mann
lovely art via This Is Colossal
Amazon S3 Transfer Acceleration
The AWS edge network has points of presence in more than 50 locations. Today, it is used to distribute content via Amazon CloudFront and to provide rapid responses to DNS queries made to Amazon Route 53. With today’s announcement, the edge network also helps to accelerate data transfers in to and out of Amazon S3. It will be of particular benefit to you if you are transferring data across or between continents, have a fast Internet connection, use large objects, or have a lot of content to upload. You can think of the edge network as a bridge between your upload point (your desktop or your on-premises data center) and the target bucket. After you enable this feature for a bucket (by checking a checkbox in the AWS Management Console), you simply change the bucket’s endpoint to the form BUCKET_NAME.s3-accelerate.amazonaws.com. No other configuration changes are necessary! After you do this, your TCP connections will be routed to the best AWS edge location based on latency. Transfer Acceleration will then send your uploads back to S3 over the AWS-managed backbone network using optimized network protocols, persistent connections from edge to origin, fully-open send and receive windows, and so forth.
(tags: aws s3 networking infrastructure ops internet cdn)
-
Earlier this year, I asked a question on Stack Overflow about a data structure for loaded dice. Specifically, I was interested in answering this question: "You are given an n-sided die where side i has probability pi of being rolled. What is the most efficient data structure for simulating rolls of the die?" This data structure could be used for many purposes. For starters, you could use it to simulate rolls of a fair, six-sided die by assigning probability 1616 to each of the sides of the die, or a to simulate a fair coin by simulating a two-sided die where each side has probability 1212 of coming up. You could also use this data structure to directly simulate the total of two fair six-sided dice being thrown by having an 11-sided die (whose faces were 2, 3, 4, ..., 12), where each side was appropriately weighted with the probability that this total would show if you used two fair dice. However, you could also use this data structure to simulate loaded dice. For example, if you were playing craps with dice that you knew weren't perfectly fair, you might use the data structure to simulate many rolls of the dice to see what the optimal strategy would be. You could also consider simulating an imperfect roulette wheel in the same way. Outside the domain of game-playing, you could also use this data structure in robotics simulations where sensors have known failure rates. For example, if a range sensor has a 95% chance of giving the right value back, a 4% chance of giving back a value that's too small, and a 1% chance of handing back a value that's too large, you could use this data structure to simulate readings from the sensor by generating a random outcome and simulating the sensor reading in that case. The answer I received on Stack Overflow impressed me for two reasons. First, the solution pointed me at a powerful technique called the alias method that, under certain reasonable assumptions about the machine model, is capable of simulating rolls of the die in O(1)O(1) time after a simple preprocessing step. Second, and perhaps more surprisingly, this algorithm has been known for decades, but I had not once encountered it! Considering how much processing time is dedicated to simulation, I would have expected this technique to be better- known. A few quick Google searches turned up a wealth of information on the technique, but I couldn't find a single site that compiled together the intuition and explanation behind the technique.
(via Marc Brooker)(tags: via:marcbrooker algorithms probability algorithm coding data-structures alias dice random)
Donald Rumsfeld wrote the best memo ever: "Issues w/Various Countries"
Paraphrasing: "I have made a massive mess of US foreign policy and the whole world is falling apart. Have you fixed it for me yet?" Right in the middle of the biggest Middle Eastern shitstorm ever created, April 7, 2003. Heck of a job, Rummie
(tags: donald-rumsfeld inept gobshites korea pakistan issues world-politics funny facepalm george-w-bush iraq syria libya amazing)
The problems with forcing regular password expiry
The new password may have been used elsewhere, and attackers can exploit this too. The new password is also more likely to be written down, which represents another vulnerability. New passwords are also more likely to be forgotten, and this carries the productivity costs of users being locked out of their accounts, and service desks having to reset passwords. It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack. What appeared to be a perfectly sensible, long-established piece of advice doesn’t, it turns out, stand up to a rigorous, whole-system analysis. CESG now recommend organisations do not force regular password expiry.
(tags: cesg recommendations guidelines security passwords expiry uk gchq)
-
good rules of thumb for variable naming, from ex-coworker Jacob Gabrielson
Canadian Police Obtained BlackBerry’s Global Decryption Key in 2010
According to technical reports by the Royal Canadian Mounted Police that were filed in court, law enforcement intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe. The report doesn't disclose exactly where the key — effectively a piece of code that could break the encryption on virtually any BlackBerry message sent from one device to another — came from. But, as one police officer put it, it was a key that could unlock millions of doors. Government lawyers spent almost two years fighting in a Montreal courtroom to keep this information out of the public record.
(tags: canada crime encryption security blackberry crypto rcmp police rogers montreal rim)
-
Ouch, multi-region outage:
At 14:50 Pacific Time on April 11th, our engineers removed an unused GCE IP block from our network configuration, and instructed Google’s automated systems to propagate the new configuration across our network. By itself, this sort of change was harmless and had been performed previously without incident. However, on this occasion our network configuration management software detected an inconsistency in the newly supplied configuration. The inconsistency was triggered by a timing quirk in the IP block removal - the IP block had been removed from one configuration file, but this change had not yet propagated to a second configuration file also used in network configuration management. In attempting to resolve this inconsistency the network management software is designed to ‘fail safe’ and revert to its current configuration rather than proceeding with the new configuration. However, in this instance a previously-unseen software bug was triggered, and instead of retaining the previous known good configuration, the management software instead removed all GCE IP blocks from the new configuration and began to push this new, incomplete configuration to the network. One of our core principles at Google is ‘defense in depth’, and Google’s networking systems have a number of safeguards to prevent them from propagating incorrect or invalid configurations in the event of an upstream failure or bug. These safeguards include a canary step where the configuration is deployed at a single site and that site is verified to still be working correctly, and a progressive rollout which makes changes to only a fraction of sites at a time, so that a novel failure can be caught at an early stage before it becomes widespread. In this event, the canary step correctly identified that the new configuration was unsafe. Crucially however, a second software bug in the management software did not propagate the canary step’s conclusion back to the push process, and thus the push system concluded that the new configuration was valid and began its progressive rollout.
(tags: multi-region outages google ops postmortems gce cloud ip networking cascading-failures bugs)
Using jemalloc to get to the bottom of an off-heap Java memory leak
Good technique
Easy way to log all queries in mysql without restart
thanks StackOverflow!
(tags: stackoverflow mysql rds logging ops)
Rendezvous hashing - Wikipedia, the free encyclopedia
Rendezvous or Highest Random Weight (HRW) hashing[1][2] is an algorithm that allows clients to achieve distributed agreement on a set of k options out of a possible set of n options. A typical application is when clients need to agree on which sites (or proxies) objects are to assigned to. When k is 1, it subsumes the goals of consistent hashing, using an entirely different method.
(tags: hrw hashing hashes consistent-hashing rendezvous-hashing algorithms discovery distributed-computing)
Open Sourcing Dr. Elephant: Self-Serve Performance Tuning for Hadoop and Spark
[LinkedIn] are proud to announce today that we are open sourcing Dr. Elephant, a powerful tool that helps users of Hadoop and Spark understand, analyze, and improve the performance of their flows.
neat, although I've been bitten too many times by LinkedIn OSS release quality at this point to jump in....Improving Our Engineering Interview Process
Foursquare on hiring. 'we forgo technical phone interviews whenever possible. They’re typically unpleasant for everyone involved and we felt like the environment of a phone screen wasn’t conducive to learning about a candidate’s abilities comprehensively. Instead we give out a take-home exercise that takes about three hours.'
(tags: hiring interviewing foursquare hr phone-screens tech jobs)
-
'AWS Assume Made Awesome' -- 'Here are Trek10, we work with many clients, and thus work with multiple AWS accounts on a regular (daily) basis. We needed a way to make managing all our different accounts easier. We create a standard Trek10 administrator role in our clients’ accounts that we can assume. For security we require that the role assumer have multifactor authentication enabled.'
-
'I would strongly encourage you to avoid repeating the mistakes of testing methodologies that focus entirely on max achievable throughput and then report some (usually bogus) latency stats at those max throughout modes. The techempower numbers are a classic example of this in play, and while they do provide some basis for comparing a small aspect of behavior (what I call the "how fast can this thing drive off a cliff" comparison, or "pedal to the metal" testing), those results are not very useful for comparing load carrying capacities for anything that actually needs to maintain some form of responsiveness SLA or latency spectrum requirements.' Some excellent advice here on how to measure and represent stack performance. Also: 'DON'T use or report standard deviation for latency. Ever. Except if you mean it as a joke.'
(tags: performance benchmarking testing speed gil-tene latency measurement hdrhistogram load-testing load)
Data Protection Mishap Leaves 55M Philippine Voters at Risk
Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC). While initial reports have downplayed the impact of the leak, our investigations showed a huge number of sensitive personally identifiable information (PII)–including passport information and fingerprint data–were included in the data dump. [....] Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible to everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and a list of people running for office since the 2010 elections. In addition, among the data leaked were files on all candidates running on the election with the filename VOTESOBTAINED. Based on the filename, it reflects the number of votes obtained by the candidate. Currently, all VOTESOBTAINED file are set to have NULL as figure.
(tags: fingerprints biometrics philippines authentication data-dumps security hacks comelec e-voting pii passports voting)
The dark side of Guardian comments | Technology | The Guardian
Excellent data on abusive commenters
(tags: comments data guardian journalism abuse twitter racism sexism)
-
The saddest superhero ever
(tags: funny pintman dublin ireland alcoholics twitter history pubs)
Damien Mulley on Twitter: "Item Number 1 for the startup is our hoody."
Legendary Mulley tweetstorm on startup culture
(tags: startups funny damien-mulley twitter tweetstorms ireland)
Dan Luu reviews the Site Reliability Engineering book
voluminous! still looks great, looking forward to reading our copy (via Tony Finch)
(tags: books reading devops ops google sre dan-luu via:fanf)
Koyaanisqatsi trailer recreated using stock footage
'Koyannistocksi is a shot-by-shot remake of the trailer for Godfrey Reggio's Koyaanisqatsi using only stock footage. A testament to Reggio's influence on contemporary motion photography, and the appropriation of his aesthetic by others for commercial means.' Nailed it. This is why I find it hard to watch Koyaanisqatsi nowadays -- its imagery and style have been stolen by so many other filmmakers.
(tags: godfrey-reggio koyaanisqatsi ads remakes film stock-footage)
Neutered RNG let man rig million dollar lotteries | Ars Technica
A forensic examination found that the generator had code that was installed after the machine had been audited by a security firm that directed the generator not to produce random numbers on three particular days of the year if two other conditions were met. Numbers on those days would be drawn by an algorithm that Tipton could predict [...] All six prizes linked to Tipton were drawn on either Nov. 23 or Dec. 29 between 2005 and 2011.
(tags: prng randomness security hacks exploits lottery us audits holes)
-
I would only recommend 3d printing to someone who wanted a hobby, and wanted that hobby to be 3d printing, not "having parts made on a 3d printer". The printing itself is the activity. If you have any other primary motivation your parts will fail more often than they'll succeed.
(via burritojustice)(tags: via:burritojustice 3d-printing machines parts things hobbies open-source funny)
Internet mapping turned a remote farm into a digital hell
I think this a bit of a legal issue for MaxMind:
The trouble for the Taylor farm started in 2002, when a Massachusetts-based digital mapping company called MaxMind decided it wanted to provide “IP intelligence” to companies who wanted to know the geographic location of a computer to, for example, show the person using it relevant ads or to send the person a warning letter if they were pirating music or movies.
GCHQ intervenes to prevent catastrophically insecure UK smart meter plan - The Inquirer
GCHQ barged in after spooks cast their eyes over the plans and realised that power companies were proposing to use a single decryption key for communications from the 53 million smart meters that will eventually be installed in the UK.
holy crap.(tags: gchq security smart-meters power uk electricity gas infrastructure)
Irish drone register allowed access to personal details of 2,000 members
The breach, which allowed registered users to view names, addresses, email addresses and phone numbers of other people registered on the site, was brought to the attention of the authority on Sunday night. In a statement to TheJournal.ie, the IAA revealed it was aware of four users who downloaded the file.
Running Docker on AWS from the ground up
Advantages/disavantages section right at the bottom is good.
ECS, believe it or not, is one of the simplest Schedulers out there. Most of the other alternatives I’ve tried offer all sorts of fancy bells & whistles, but they are either significantly more complicated to understand (lots of new concepts), take too much effort to set up (lots of new technologies to install and run), are too magical (and therefore impossible to debug), or some combination of all three. That said, ECS also leaves a lot to be desired.
(tags: aws docker ecs ec2 schedulers)
Hungary proposes anti-crypto law
up to 2 years imprisonment for use of apps for encrypted communication
good example of Application-Level Keepalive beating SO_KEEPALIVE
we have now about 100 salt-minions which are installed in remote areas with 3G and satellite connections. We loose connectivity with all of those minions in about 1-2 days after installation, with test.ping reporting "minion did not return". The state was each time that the minions saw an ESTABLISHED TCP connection, while on the salt-master there were no connection listed at all. (Yes that is correct). Tighter keepalive settings were tried with no result. (OS is linux) Each time, restarting the salt-minion fixes the problem immediately. Obviously the connections are transparently proxied someplace, (who knows what happens with those SAT networks) so the whole tcp-keepalive mechanism of 0mq fails.
Also notes in the thread that the default TCP timeout for Azure Load Balancer is 4 minutes: https://azure.microsoft.com/en-us/blog/new-configurable-idle-timeout-for-azure-load-balancer/ . The default Linux TCP keepalive doesn't send until 2 hours after last connection use, and it's a system-wide sysctl (/proc/sys/net/ipv4/tcp_keepalive_time). Further, http://networkengineering.stackexchange.com/questions/7207/why-bgp-implements-its-own-keepalive-instead-of-using-tcp-keepalive notes "some firewalls filter TCP keepalives".(tags: tcp keep-alive keepalive protocol timeouts zeromq salt firewalls nat)
“Racist algorithms” and learned helplessness
Whenever I’ve had to talk about bias in algorithms, I’ve tried be careful to emphasize that it’s not that we shouldn’t use algorithms in search, recommendation and decision making. It’s that we often just don’t know how they’re making their decisions to present answers, make recommendations or arrive at conclusions, and it’s this lack of transparency that’s worrisome. Remember, algorithms aren’t just code. What’s also worrisome is the amplifier effect. Even if “all an algorithm is doing” is reflecting and transmitting biases inherent in society, it’s also amplifying and perpetuating them on a much larger scale than your friendly neighborhood racist. And that’s the bigger issue. [...] even if the algorithm isn’t creating bias, it’s creating a feedback loop that has powerful perception effects.
(tags: feedback bias racism algorithms software systems society)
The revenge of the listening sockets
More adventures in debugging the Linux kernel:
You can't have a very large number of bound TCP sockets and we learned that the hard way. We learned a bit about the Linux networking stack: the fact that LHTABLE is fixed size and is hashed by destination port only. Once again we showed a couple of powerful of System Tap scripts.
-
git for Cloud Storage. Create distributed, decentralized and versioned repositories that scale infinitely to 100s of millions of files and PBs of storage. Huge repos can be cloned on your local SSD for making changes, committing and pushing back. Oh yeah, and it dedupes too due to BLAKE2 Tree hashing. http://s3git.org
(tags: git ops storage cloud s3 disk aws version-control blake2)
BLAKE2: simpler, smaller, fast as MD5
'We present the cryptographic hash function BLAKE2, an improved version of the SHA-3 finalist BLAKE optimized for speed in software. Target applications include cloud storage, intrusion detection, or version control systems. BLAKE2 comes in two main flavors: BLAKE2b is optimized for 64-bit platforms, and BLAKE2s for smaller architectures. On 64-bit platforms, BLAKE2 is often faster than MD5, yet provides security similar to that of SHA-3. We specify parallel versions BLAKE2bp and BLAKE2sp that are up to 4 and 8 times faster, by taking advantage of SIMD and/or multiple cores. BLAKE2 has more benefits than just speed: BLAKE2 uses up to 32% less RAM than BLAKE, and comes with a comprehensive tree-hashing mode as well as an efficient MAC mode.'
(tags: crypto hash blake2 hashing blake algorithms sha1 sha3 simd performance mac)
When It Comes to Age Bias, Tech Companies Don’t Even Bother to Lie
HubSpot’s CEO and co-founder, Brian Halligan, explained to the New York Times that this age imbalance was not something he wanted to remedy, but in fact something he had actively cultivated. HubSpot was “trying to build a culture specifically to attract and retain Gen Y’ers,” because, “in the tech world, gray hair and experience are really overrated,” Halligan said. I gasped when I read that. Could anyone really believe this? Even if you did believe this, what CEO would be foolish enough to say it out loud? It was akin to claiming that you prefer to hire Christians, or heterosexuals, or white people. I assumed an uproar would follow. As it turned out, nobody at HubSpot saw this as a problem. Halligan didn’t apologize for his comments or try to walk them back. The lesson I learned is that when it comes to race and gender bias, the people running Silicon Valley at least pay lip service to wanting to do better — but with age discrimination they don’t even bother to lie.
(tags: hiring startups tech ageism age hubspot gen-y discrimination)
Gaeltacht development company defends sale of State seaweed company to Canadian multinational
FFS. Fine Gael government sells off more of our national assets for cheap:
Mr John O’Sullivan, chief executive of Bioatlantis Ltd in Co Kerry called on the Oireachtas environment committee to investigate the sale, or ask the Oireachtas public accounts committee to do so. Mr O’Sullivan said that his company had made a bid of €5.7 million for Arramara, comprising €1.5 million initially and €4.2 million in the post-investment phase, and had been given just 12 days to prepare the bid. He understood that two foreign companies – the Canadian Acadian Seaplants and French company Setalg – had been given over a year to prepare their bids. He said that Acadian’s bid was €1.8 million, and the French bid was €2 million, for initial purchase, and that the rating was “changed” when the final bids were in. No details had been released and the lack of transparency was “frightening” in relation to the final sale, he said.
(tags: seaweed acadian setalg arramara bioatlantis government ireland selloff gaeltacht unag)
-
Comprehensive surveillance appears as seemingly inexpensive because it is a solution that scales thanks to technology: troubleshooting at the press of a button. Directly linked with the aim of saving more and more, just as with the State in general. But classic investigative work, which is proven to work, is expensive and labor intensive. This leads to a failure by the authorities because of a faith in technology that is driven by economics.
(tags: tech surveillance techdirt terrorism brussels crypto going-dark)
So you're thinking of coming to Dublin...
A really excellent list of stuff to do/see/eat/drink in Ireland, from Colin @ 3FE. top notch recommendations! (also, god I need to get out more)
Nest Reminds Customers That Ownership Isn't What It Used to Be
EFF weigh in on the internet of shit:
Customers likely didn't expect that, 18 months after the last Revolv Hubs were sold, instead of getting more upgrades, the device would be intentionally, permanently, and completely disabled. .... Nest Labs and Google are both subsidiaries of Alphabet, Inc., and bricking the Hub sets a terrible precedent for a company with ambitions to sell self-driving cars, medical devices, and other high-end gadgets that may be essential to a person’s livelihood or physical safety.
(tags: nest legal tech google alphabet internetofshit iot law)
Primary Online Database: POD now (mostly) not compulsory (for now)
Ever since the introduction of the Primary Online Database of schoolchildren by the Department of Education, the Department and its Minister have been eager to point out that any parent who refused to allow a child’s data to be transferred would see that child’s education defunded. Well, for all children other than this week’s crop of new Junior Infants, that threat has now collapsed. This is despite the Minister and her department having claimed that the drastic threat of defunding was because it simply wasn’t possible to give grants without a child’s full data being transferred. [...] Oddly, as the prospect of defunding the education of 30% of the nation’s children in the run up to an election loomed large, the Department discovered it could, after all, pay for a child’s education without all its POD data.
(tags: pod law ireland data-protection privacy children school)
Wired on the new O'Reilly SRE book
"Site Reliability Engineering: How Google Runs Production Systems", by Chris Jones, Betsy Beyer, Niall Richard Murphy, Jennifer Petoff. Go Niall!
(tags: google sre niall-murphy ops devops oreilly books toread reviews)
Google's Nest killing off old devices
Google is making customers' existing devices useless, less than 2 years after the devices were available for sale, with only 2 months warning. This is one of the reasons I won't spend money on the Internet Of Things shitshow. '"Which hardware will Google choose to intentionally brick next?" asks Arlo Gilbert. "If they stop supporting Android will they decide that the day after warranty expires that your phone will go dark? Is your Nexus device safe? What about your Nest fire alarm? What about your Dropcam? What about your Chromecast device?"'
'Devastating' bug pops secure doors at airports, hospitals
"A command injection vulnerability exists in this function due to a lack of any sanitisation on the user-supplied input that is fed to the system() call," Lawshae says.
:facepalm:(tags: security iot funny fail linux unix backticks system udp hid vertx edge)
Counting with domain specific databases — The Smyte Blog — Medium
whoa, pretty heavily engineered scalable counting system with Kafka, RocksDB and Kubernetes
(tags: kafka rocksdb kubernetes counting databases storage ops)
Is anyone concerned about the future of Nest?
wow, looks like Nest is fucked:
As a Nest engineer, I won't say any numbers that aren't public, but this company is already on deathwatch. Once that happens, most people will quickly have shiny paperweights because it's a constant firefight keeping these systems up. We have $340M in revenue, not profit, against a ~$500M budget. No new products since the purchase, and sales/growth numbers are dire. Our budget deal expires soon, and all the good engineers on my teams have discreetly indicated they are going to flee once their golden handcuffs unlock (many have already left despite sacrificing a lot of money to do so). Tony and his goons demand crazy timelines so much that "crunch time" has basically lost meaning. Just when your labor bears fruit, they swoop in, 180 the specs you just delivered on, then have the gall to call your team "incompetent" for not reading their mind and delivering on these brand-new specs. I waste most of my time in pointless meetings, or defending my teams so they don't flip their desks and walk out. People fall asleep in corners and cry in the bathrooms, health and marriages are suffering. Already the churn is insane, close to half the company if not more. Skilled engineers can tell the environment is toxic, so we're filling vacancies with mostly sub-par talent.
-
Publish JVM and Android libraries direct from github -- it'll build and package a lib on the fly, caching them via CDN
(tags: build github java maven gradle dependencies packaging libraries)
Illicit trade in prescription drugs a growing problem for Dublin’s north inner city
ughh. The latest scourge is Zopiclone, "zimmos", which are being dealt openly due to a bureaucratic loophole in enforcement.
A programming language for E. coli
Mind = blown.
MIT biological engineers have created a programming language that allows them to rapidly design complex, DNA-encoded circuits that give new functions to living cells. Using this language, anyone can write a program for the function they want, such as detecting and responding to certain environmental conditions. They can then generate a DNA sequence that will achieve it. "It is literally a programming language for bacteria," says Christopher Voigt, an MIT professor of biological engineering. "You use a text-based language, just like you're programming a computer. Then you take that text and you compile it and it turns it into a DNA sequence that you put into the cell, and the circuit runs inside the cell."
(tags: dna mit e-coli bacteria verilog programming coding biohacking science)
GitHub now supports "squash on merge"
yay. On the other hand -- http://www.thecaucus.net/#/content/caucus/tech_blog/516 is a good explanation of why not to adopt it. Pity GitHub haven't made it a per-review option...
-
Dynamic tracing tools for Linux, a la dtrace, ktrace, etc. Built using BPF, using kernel features in the 4.x kernel series, requiring at least version 4.1 of the kernel
US government commits to publish publicly financed software under Free Software licenses
Wow, this is significant:
At the end of last week, the White House published a draft for a Source Code Policy. The policy requires every public agency to publish their custom-build software as Free Software for other public agencies as well as the general public to use, study, share and improve the software. At the Free Software Foundation Europe (FSFE) we believe that the European Union, and European member states should implement similar policies. Therefore we are interested in your feedback to the US draft.
(tags: government open-source coding licenses fsf free-software source-code us-politics usa)
-
'used most commonly when coding integers whose upper-bound cannot be determined beforehand.'
(tags: data-structures algorithms elias-gamma-coding encoding coding numbers integers)
A Decade Of Container Control At Google
The big thing that can be gleaned from the latest paper out of Google on its container controllers is that the shift from bare metal to containers is a profound one – something that may not be obvious to everyone seeking containers as a better way – and we think cheaper way – of doing server virtualization and driving up server utilization higher. Everything becomes application-centric rather than machine-centric, which is the nirvana that IT shops have been searching for. The workload schedulers, cluster managers, and container controllers work together to get the right capacity to the application when it needs it, whether it is a latency-sensitive job or a batch job that has some slack in it, and all that the site recovery engineers and developers care about is how the application is performing and they can easily see that because all of the APIs and metrics coming out of them collect data at the application level, not on a per-machine basis. To do this means adopting containers, period. There is no bare metal at Google, and let that be a lesson to HPC shops or other hyperscalers or cloud builders that think they need to run in bare metal mode.
(tags: google containers kubernetes borg bare-metal ops)
How wet is a cycling commute in Ireland?
It turns out that you’ll get wet 3 times more often if you’re a Galway cyclist when compared to a Dubliner. Dublin is Ireland’s driest cycling city.
Some good data and visualization on this extremely important issue(tags: rain rainfall-radar ireland climate weather dublin galway cycling)
CNBC "How Secure Is Your Password" tester form is a spectacular security shitshow
It not only runs over HTTP, it also sends your password to a bunch of third-party ad trackers. omgwtfbbqfail
(tags: fail wtf funny cnbc clowns inept security passwords http ad-trackers)
Inside the GPO in 1916: Desmond FitzGerald’s eyewitness account
'First published 50 years ago, this first-hand account by the father of the future taoiseach Garrett FitzGerald created a storm by claiming that the rebel leaders sympathetically discussed the likelihood of the Germans putting a prince of their own on the Irish throne.' This is amazing -- the dispair and confusion is palpable. This is the first realistic-sounding account of what went on inside the GPO during the Easter Rising I've read, and the "German prince" gambit is pretty astonishing too.
(tags: easter-rising 1916 history gpo germany ireland desmond-fitzgerald royalty)
SmartThings Presence Detection using DD-WRT Router Script
neat trick -- using DD-WRT's arp tables and a cron job to detect presence of wifi devices (e.g. phones) and take action based on that. By using https://ifttt.com/maker , it should be feasible to wire up any IFTTT action when a device connects to my home wifi...
-
quite a reasonable position, I think
(tags: tor cloudflare abuse anonymity captchas)
Clampers have to clock off as hour change crashes system
DST strikes again:
The failure of the ParkbyText system, operated by National Controlled Parking Systems (NCPS), was described by one employee contacted by a midlands motorist unable to pay for his parking at a train station as a “Y2K moment”. The system failure caused early morning panic for thousands of drivers who tried unsuccessfully to use text messages or an app to pay for their parking ahead of returning to work after the bank holiday weekend.
Impact was that they had to stop enforcement until the day passed, I think.firehol/netdata: Real-time performance monitoring, done right!
Lovely Bootstrap-based UI, easy to install (via Mark Kenny)
(tags: via:markkenny linux monitoring ops netdata sysstat metrics graphing ui)
the murky origins of Truecrypt
Allegedly, Truecrypt, the disk encryption tool, was written by a multi-millionaire international arms dealer and criminal kingpin. Hell of an assertion, this!
Mass surveillance silences minority opinions, according to study - The Washington Post
This is excellent research, spot on.
Elizabeth Stoycheff, lead researcher of the study and assistant professor at Wayne State University, is disturbed by her findings. “So many people I've talked with say they don't care about online surveillance because they don't break any laws and don't have anything to hide. And I find these rationales deeply troubling,” she said. She said that participants who shared the “nothing to hide” belief, those who tended to support mass surveillance as necessary for national security, were the most likely to silence their minority opinions. “The fact that the 'nothing to hide' individuals experience a significant chilling effect speaks to how online privacy is much bigger than the mere lawfulness of one's actions. It's about a fundamental human right to have control over one's self-presentation and image, in private, and now, in search histories and metadata,” she said.
(tags: culture privacy psychology surveillance mass-surveillance via:snowden nothing-to-hide spiral-of-silence fear)
-
pretty sure I had this bookmarked previously, but this is the current URL -- SSL/TLS quality report
Observability at Twitter: technical overview, part II
Interesting to me mainly for this tidbit which makes my own prejudices:
“Pull” vs “push” in metrics collection: At the time of our previous blog post, all our metrics were collected by “pulling” from our collection agents. We discovered two main issues: * There is no easy way to differentiate service failures from collection agent failures. Service response time out and missed collection request are both manifested as empty time series. * There is a lack of service quality insulation in our collection pipeline. It is very difficult to set an optimal collection time out for various services. A long collection time from one single service can cause a delay for other services that share the same collection agent. In light of these issues, we switched our collection model from “pull” to “push” and increased our service isolation. Our collection agent on each host only collects metrics from services running on that specific host. Additionally, each collection agent sends separate collection status tracking metrics in addition to the metrics emitted by the services. We have seen a significant improvement in collection reliability with these changes. However, as we moved to self service push model, it becomes harder to project the request growth. In order to solve this problem, we plan to implement service quota to address unpredictable/unbounded growth.
(tags: pull push metrics tcp stacks monitoring agents twitter fault-tolerance)
These unlucky people have names that break computers
Pat McKenzie's name is too long to fit in Japanese database schemas; Janice Keihanaikukauakahihulihe'ekahaunaele's name was too long for US schemas; and Jennifer Null suffers from the obvious problem
(tags: databases design programming names coding japan schemas)
How we implemented the video player in Mail.Ru Cloud
We’ve recently added video streaming service to Mail.Ru Cloud. Development started with contemplating the new feature as an all-purpose “Swiss Army knife” that would both play files of any format and work on any device with the Cloud available. Video content uploaded to the Cloud mostly falls into one of the two categories: “movies/series” and “users’ videos”. The latter are the videos that users shoot with their phones and cameras, and these videos are most versatile in terms of formats and codecs. For many reasons, it is often a problem to watch these videos on other end-user devices without prior normalization: a required codec is missing, or the file size is too big to download, or whatever.
Mainly around using HLS (HTTP Live Streaming).(tags: hls http streaming video audio mail.ru players codecs)
A shot that rang round the world
The international impact of the Easter Rising has rarely been acknowledged. This rebellion did not only rattle British rule in Ireland — it inspired radical movements in Britain itself and across the globe, and it shook colonial rulers and states worldwide.
(tags: history easter-rising 1916 ireland revolution colonialism)
-
nice java impl of this efficient data structure, broken out from Project Reactor
(tags: scalability java timers hashed-wheel-timers algorithms data-structures)
SNES Code Injection -- Flappy Bird in Super Mario World
hand-injecting an entirely different game into Super Mario World on the SNES by exploiting buffer overflows BY HAND. this is legendary behaviour
(tags: games hacks exploits buffer-overflow snes code-injection amazing flappy-bird seth-bling video youtube)
-
built-in support for CI/CD deployment pipelines, driven from a checked-in DSL file. great stuff, very glad to see them going this direction. (via Eric)
(tags: via:eric jenkins ci cd deployment pipelines testing automation build)
Hey Microsoft, the Internet Made My Bot Racist, Too
All machine learning algorithms strive to exaggerate and perpetuate the past. That is, after all, what they are learning from. The fundamental assumption of every machine learning algorithm is that the past is correct, and anything coming in the future will be, and should be, like the past. This is a fine assumption to make when you are Netflix trying to predict what movie you’ll like, but is immoral when applied to many other situations. For bots like mine and Microsoft’s, built for entertainment purposes, it can lead to embarrassment. But AI has started to be used in much more meaningful ways: predictive policing in Chicago, for example, has already led to widespread accusations of racial profiling. This isn’t a little problem. This is a huge problem, and it demands a lot more attention then it’s getting now, particularly in the community of scientists and engineers who design and apply these algorithms. It’s one thing to get cursed out by an AI, but wholly another when one puts you in jail, denies you a mortgage, or decides to audit you.
(tags: machine-learning ml algorithms future society microsoft)
Tahoe LAFS accidentally lose Bitcoin wallet with loads of donations in it, get it back
But ECDSA private keys don't trigger the same protective instincts that we'd apply to, say, a bar of gold. One sequence of 256 random bits looks just as worthless as any other. And the cold hard unforgeability of these keys means we can't rely upon other humans to get our money back when we lose them. Plus, we have no experience at all with things that grow in value by four orders of magnitude, without any attention, in just three years. So we have a cryptocurrency-tool UX task in front of us: to avoid mistakes like the one we made, we must to either move these digital assets into solid-feeling physical containers, or retrain our perceptions to attach value to the key strings themselves.
(tags: backups cryptography bitcoin cryptocurrency ecdsa private-keys ux money)
Visual Representation of SQL Joins
useful bookmark to have (via Nelson)
Interesting Lottery Terminal Hack - Schneier on Security
Neat manual timing attack.
An investigator for the Connecticut Lottery determined that terminal operators could slow down their lottery machines by requesting a number of database reports or by entering several requests for lottery game tickets. While those reports were being processed, the operator could enter sales for 5 Card Cash tickets. Before the tickets would print, however, the operator could see on a screen if the tickets were instant winners. If tickets were not winners, the operator could cancel the sale before the tickets printed.
(tags: attacks security lottery connecticut kiosks)
-
A microservice saviour appears! In order to prevent such a terrible tragedy from occurring ever again during our lifetimes, `left-pad.io` has been created to provide all the functionality of `left-pad` AND the overhead of a TLS handshake and an HTTP request. Less code is better code, leave the heavy lifting to `left-pad.io`, The String Experts™.
(tags: humor javascript jokes npm packages left-pad strings microservices http)
Life360 testimonial for Prometheus
Now this is a BIG thumbs up:
'Prometheus has been known to us for a while, and we have been tracking it and reading about the active development, and at a point (a few months back) we decided to start evaluating it for production use. The PoC results were incredible. The monitoring coverage of MySQL was amazing, and we also loved the JMX monitoring for Cassandra, which had been sorely lacking in the past.'
(tags: metrics monitoring time-series prometheus testimonials life360 cassandra jmx mysql)
Microsoft terminates its Tay AI chatbot after she turns into a Nazi
'if you tell her "repeat after me" she will parrot back whatever you say, allowing you to put words into her mouth.'
what. the. fuck. Microsoft.
Javascript libraries and tools should bundle their code
If you have a million npm dependencies, distribute them in the dist package; aka. omnibus packages for JS
(tags: packaging omnibus npm webpack rollup dependencies coding javascript)
Ruby in Production: Lessons Learned — Medium
Based on the pain we've had trying to bring our Rails services up to the quality levels required, this looks pretty accurate in many respects. I'd augment this advice by saying: avoid RVM; use Docker.
Charity Majors - AWS networking, VPC, environments and you
'VPC is the future and it is awesome, and unless you have some VERY SPECIFIC AND CONVINCING reasons to do otherwise, you should be spinning up a VPC per environment with orchestration and prob doing it from CI on every code commit, almost like it’s just like, you know, code.'
(tags: networking ops vpc aws environments stacks terraform)
Angola’s Wikipedia Pirates Are Exposing the Problems With Digital Colonialism | Motherboard
Wikimedia and Facebook have given Angolans free access to their websites, but not to the rest of the internet. So, naturally, Angolans have started hiding pirated movies and music in Wikipedia articles and linking to them on closed Facebook groups, creating a totally free and clandestine file sharing network in a country where mobile internet data is extremely expensive.
(tags: facebook piracy africa hacks wikipedia angola internet)
-
This is a great point, and one I'll be quoting:
Any design that is hard to test is crap. Pure crap. Why? Because if it's hard to test, you aren't going to test it well enough. And if you don't test it well enough, it's not going to work when you need it to work. And if it doesn't work when you need it to work the design is crap.
Amen!(tags: testing tdd uncle-bob coding design testability unit-tests)
Modern Irish genome closely matches pre-Celt DNA, not Celtic
Radiocarbon dating shows that the bones discovered at McCuaig's go back to about 2000 B.C. That makes them hundreds of years older than the oldest artifacts generally considered to be Celtic — relics unearthed from Celt homelands of continental Europe, most notably around Switzerland, Austria and Germany. For a group of scholars who in recent years have alleged that the Celts, beginning from the middle of Europe, may never have reached Ireland, the arrival of the DNA evidence provides the biological certitude that the science has sometimes brought to criminal trials. “With the genetic evidence, the old model [of Celtic colonisation of Ireland] is completely shot,” John Koch, a linguist at the Center for Advanced Welsh and Celtic Studies at the University of Wales.
(tags: celts ireland history dna genetics genome carbon-dating bronze-age europe colonisation)
GCM XMPP delivery receipt not always received - Google Groups
Good to know:
'GCM delivery receipts don't have an SLA at this time. Having your connection open longer will increase the odds that delivery receipts will arrive. 10 seconds seems a bit short. I'm glad it works. I would recommend longer like 10 min or an hour. The real design of this system is for persistent connections, hence connections that setup and tear down frequently will have difficulty receiving delivery receipts.'
(tags: gcm xmpp receipts messaging push-notifications google)
The disturbingly simple way dozens of celebrities had their nude photos stolen
Basic phishing: 'Collins hacked over 100 people by sending emails that looked like they came from Apple and Google, such as “e-mail.protection318@icloud.com,” “noreply_helpdesk0118@outlook.com,” and “secure.helpdesk0019@gmail.com.” According to the government, Collins asked for his victims’ iCloud or Gmail usernames and passwords and “because of the victims’ belief that the email had come from their [Internet Service Providers], numerous victims responded by giving [them].”'
(tags: security phishing nudes fappening celebs gmail icloud apple)
RFC 7754 - Technical Considerations for Internet Service Blocking and Filtering
The Internet is structured to be an open communications medium. This openness is one of the key underpinnings of Internet innovation, but it can also allow communications that may be viewed as undesirable by certain parties. Thus, as the Internet has grown, so have mechanisms to limit the extent and impact of abusive or objectionable communications. Recently, there has been an increasing emphasis on "blocking" and "filtering", the active prevention of such communications. This document examines several technical approaches to Internet blocking and filtering in terms of their alignment with the overall Internet architecture. When it is possible to do so, the approach to blocking and filtering that is most coherent with the Internet architecture is to inform endpoints about potentially undesirable services, so that the communicants can avoid engaging in abusive or objectionable communications. We observe that certain filtering and blocking approaches can cause unintended consequences to third parties, and we discuss the limits of efficacy of various approaches.
(via Tony Finch)(tags: via:fanf blocking censorship filtering internet rfcs rfc isps)
-
'There are three easy to make mistakes in go. I present them here in the way they are often found in the wild, not in the way that is easiest to understand. All three of these mistakes have been made in Kubernetes code, getting past code review at least once each that I know of.'
Health of purebred vs mixed breed dogs: the actual data - The Institute of Canine Biology
This study found that purebred dogs have a significantly greater risk of developing many of the hereditary disorders examined in this study. No, mixed breed dogs are not ALWAYS healthier than purebreds; and also, purebreds are not "as healthy" as mixed breed dogs. The results of this study will surprise nobody who understands the basics of Mendelian inheritance. Breeding related animals increases the expression of genetic disorders caused by recessive mutations, and it also increases the probability of producing offspring that will inherit the assortment of genes responsible for a polygenic disorder.
In conclusion, go mutts.(tags: dogs breeding genetics hereditary-disorders science inheritance recessive-mutation data)
DeepMind founder Demis Hassabis on how AI will shape the future | The Verge
Good interview with Demis Hassabis on DeepMind, AlphaGo and AI:
I’d like to see AI-assisted science where you have effectively AI research assistants that do a lot of the drudgery work and surface interesting articles, find structure in vast amounts of data, and then surface that to the human experts and scientists who can make quicker breakthroughs. I was giving a talk at CERN a few months ago; obviously they create more data than pretty much anyone on the planet, and for all we know there could be new particles sitting on their massive hard drives somewhere and no-one’s got around to analyzing that because there’s just so much data. So I think it’d be cool if one day an AI was involved in finding a new particle.
(tags: ai deepmind google alphago demis-hassabis cern future machine-learning)
-
Good post on Dublin City Council's atrociously revisionist 1916-commemoration banner, celebrating Henry Grattan, Daniel O'Connell, Charles Stewart Parnell and John Redmond:
The banner is not showing parliamentary nationalists who might be included in a history of 1916 (Redmond might have been joined by John Dillon and Tom Kettle, for instance), but displaying the parliamentarian tradition in Irish political history. The people chosen all worked for change via political means, whether obtaining an independent Irish parliament from 1782-1801 (Grattan), working for Catholic Emancipation (Grattan and O’Connell), land reform (Parnell), or trying to repeal the Act of Union and obtain Home Rule (O’Connell, Parnell, Redmond). All were MPs in Westminster at some point. None openly espoused physical force. None aimed at establishing an independent Irish Republic. Putting the history of parliamentarianism on a banner labelled 1916 suggests that 1916 was in the parliamentarian tradition. That suggestion is very far from the truth.
(tags: parliamentarianism 1916 history revisionism dcc dublin politics)
-
a static type checker for Javascript, from Facebook
(tags: javascript code-analysis coding facebook types strong-types)
Wait and lock free alternatives to LongAdder and AtomicLong by qwwdfsad
interesting new lock-free low-level hacking
(tags: longadder doug-lea mechanical-sympathy lock-free performance atomic multithreading java jvm)
Annie West's walking trail maps
These are really beautiful (and actually quite practical)! Nice one Annie
(tags: annie-west maps prints ireland sligo benbulben trails via:broadsheet)
How to force Three to use 3G and 4G only (Android)
Using the hidden *#*#4636#*#* menu
-
'The shared SQL command line for AWS'. it's #chatopsy!
-
a free, multi-threaded compression utility with support for bzip2 compressed file format. lbzip2 can process standard bz2 files in parallel. It uses POSIX threading model (pthreads), which allows it to take full advantage of symmetric multiprocessing (SMP) systems. It has been proven to scale linearly, even to over one hundred processor cores. lbzip2 is fully compatible with bzip2 – both at file format and command line level. Files created by lbzip2 can be decompressed by all versions of bzip2 and other software supporting bz2 format. lbzip2 can decompress any bz2 files in parallel. All bzip2 command-line options are also accepted by lbzip2. This makes lbzip2 a drop-in replacement for bzip2.
Distribution of people's PIN codes, as a heatmap
Excellent use of a heatmap
(tags: security datavis pins passwords date-of-birth birthday atms banking)
Conversant ConcurrentQueue and Disruptor BlockingQueue
'Disruptor is the highest performing intra-thread transfer mechanism available in Java. Conversant Disruptor is the highest performing implementation of this type of ring buffer queue because it has almost no overhead and it exploits a particularly simple design. Conversant has been using this in production since 2012 and the performance is excellent. The BlockingQueue implementation is very stable, although we continue to tune and improve it. The latest release, 1.2.4, is 100% production ready. Although we have been working on it for a long time, we decided to open source our BlockingQueue this year to contribute something back to the community. ... its a drop in for BlockingQueue, so its a very easy test. Conversant Disruptor will crush ArrayBlockingQueue and LinkedTransferQueue for thread to thread transfers. In our system, we noticed a 10-20% reduction in overall system load and latency when we introduced it.'
(tags: disruptor blocking-queues queues queueing data-structures algorithms java conversant concurrency performance)
TeleGeography Submarine Cable Map 2015
Gorgeously-illustrated retro map of modern-day submarine cables. Prints available for $150 (via Conor Delaney)
(tags: via:conor-delaney data internet maps cables world telegeography mapping retro)
-
UK banks are getting press for evading liability and screwing the customer when scams and phishing occur
(tags: scams phishing uk banking banks liability terms-and-conditions barclays)
-
Nice approach from MongoDB:
we’ve recently gained momentum on standardizing our [cross-platform test] drivers. Human-readable, machine-testable specs, coded in YAML, prove which code conforms and which does not. These YAML tests are the Cat-Herd’s Crook: a tool to guide us all in the same direction.
(tags: mongodb testing unit-tests yaml multi-platform coding)
There’s Something Fishy About The Other Nefertiti
The last possibility and reigning theory is that Ms. Badri and Mr. Nelles elusive hacker partners are literally real hackers who stole a copy of the high resolution scan from the Museum’s servers. A high resolution scan must exist as a high res 3D printed replica is already available for sale online. Museum officials have dismissed the Other Nefertiti model as “of minor quality”, but that’s not what we are seeing in this highly detailed scan. Perhaps the file was obtained from someone involved in printing the reproduction, or it was a scan made of the reproduction? Indeed, the common belief in online 3D Printing community chatter is that the Kinect “story” is a fabrication to hide the fact that the model was actually stolen data from a commercial high quality scan. If the artists were behind a server hack, the legal ramifications for them are much more serious than scanning the object, which has few, if any legal precedents.
(tags: art history 3d-printing 3d nefertiti heists copyright data kinect)
Amaro 101: An Introduction to Italian Amari
some nice-sounding cocktail recipes for these tasty bitters
-
Prodigy software patents invoked in suit against GroupOn. Patent troll mode activated :( (via Paul Graham)
(tags: ibm patents swpats paul-graham patent-trolls prodigy groupon)
Nook DRM promises to kill book collection unless user takes action
yay, DRM. "It is important that you transfer your purchased NOOK Books to ensure access"
(tags: drm fail nook uk sainsburys)
March 2016's shocking global warming temperature record
Keep in mind that it took from the dawn of the industrial age until last October to reach the first 1.0 degree Celsius, and we’ve come as much as an extra 0.4 degrees further in just the last five months. Even accounting for the margin of error associated with these preliminary datasets, that means it’s virtually certain that February handily beat the record set just last month for the most anomalously warm month ever recorded. That’s stunning.
eek.(tags: global-warming climate-change 2016)
Protect me, I am the Donnybrook laundry
Mannix Flynn makes a persuasive case to preserve the last remaining Magdalene Laundry still standing:
Memory is something that fights an eternal battle with the passage of time and forgetfulness. Time is a great healer for those who can heal and those who are offered healing. There is no healing here. Time stands still like a festering wound in a well-to-do suburb as somebody attempts to erase a grave and mortal wrong. The McAleese report, the Justice for the Magdalenes, the hundreds of women still alive and their families should know of this place. Should be present here to witness what can only be witnessed by them. So that they can understand what’s lost, what cannot be given. What was taken from them for generations.
(tags: magdalenes injustice ireland history catholic-church abuse mannix-flynn)
10 things to avoid in docker containers
decent tips
(tags: best-practices docker ops containers tips)
-
The latest SSL security hole. 'DROWN shows that merely supporting SSLv2 is a threat to modern servers and clients. It allows an attacker to decrypt modern TLS connections between up-to-date clients and servers by sending probes to a server that supports SSLv2 and uses the same private key.'
(tags: drown attacks vulnerabilities sslv2 ssl tls security holes)
-
Excellent drawing books from Chris Judge and his brother Andrew. gotta get this: 'WELCOME TO DOODLETOWN, the home of the Doodles. It is a very nice town, except for one SMALL problem. Everything is half drawn with bits and pieces missing! The Doodles are going to need YOUR help. So grab a pen or a pencil and help finish the adventure!'
The IPv6 Numeric IP Format is a Serious Usability Problem
strongly agreed!
(tags: ipv6 usability addressing networking ip colons addresses)
Proportional Representation in Ireland: How it Works
Excellent explanation of PR-STV and the Irish voting system. Don't be a Plumper! (via John O'Shea)
(tags: plumpers pr-stv pr voting ireland politics via:joshea)
Microsoft warns of risks to Irish operation in US search warrant case
“Our concern is that if we lose the case more countries across Europe or elsewhere are going to be concerned about having their data in Ireland, ” Mr Smith said, after testifying before the House judiciary committee. Asked what would happen to its Irish unit if the company loses the case or doesn’t convince Congress to pass updated legislation governing cross-border data held by American companies, the Microsoft executive said: “We’ll certainly face a new set of risks that we don’t face today.” He added that the issue could be resolved by an executive order by the White House or through international negotiations between the Irish Government or the European Union and the US.
(tags: microsoft data privacy us-politics surveillance usa)
How To Implement Secure Bitcoin Vaults
At the Bitcoin workshop in Barbados, Malte Möser will present our solution to the Bitcoin private key management problem. Specifically, our paper describes a way to create vaults, special accounts whose keys can be neutralized if they fall into the hands of attackers. Vaults are Bitcoin’s decentralized version of you calling your bank to report a stolen credit card -- it renders the attacker’s transactions null and void. And here’s the interesting part: in so doing, vaults demotivate key theft in the first place. An attacker who knows that he will not be able to get away with theft is less likely to attack in the first place, compared to current Bitcoin attackers who are guaranteed that their hacking efforts will be handsomely rewarded.
Maglev: A Fast and Reliable Software Network Load Balancer
Maglev is Google’s network load balancer. It is a large distributed software system that runs on commodity Linux servers. Unlike traditional hardware network load balancers, it does not require a specialized physical rack deployment, and its capacity can be easily adjusted by adding or removing servers. Network routers distribute packets evenly to the Maglev machines via Equal Cost Multipath (ECMP); each Maglev machine then matches the packets to their corresponding services and spreads them evenly to the service endpoints. To accommodate high and ever-increasing traffic, Maglev is specifically optimized for packet processing performance. A single Maglev machine is able to saturate a 10Gbps link with small packets. Maglev is also equipped with consistent hashing and connection tracking features, to minimize the negative impact of unexpected faults and failures on connection-oriented protocols. Maglev has been serving Google's traffic since 2008. It has sustained the rapid global growth of Google services, and it also provides network load balancing for Google Cloud Platform.
Something we argued for quite a lot in Amazon, back in the day....(tags: google paper scale ecmp load-balancing via:conall maglev lbs)
-
BrewDog releases their beer recipes for free. so cool! 'So here it is. The keys to our kingdom. Every single BrewDog recipe, ever. So copy them, tear them to pieces, bastardise them, adapt them, but most of all, enjoy them. They are well travelled but with plenty of miles still left on the clock. Just remember to share your brews, and share your results. Sharing is caring.'
(tags: brewing homebrew beer brewdog open-source free sharing)
National Children’s Science Centre due to open in 2018
Good for science fans, not so hot for real tennis fans.
The former real tennis court building close to the concert hall’s north wing would be used for temporary and visiting exhibitors, with a tunnel connecting it to the science centre. The National Children’s Science Centre is due to open in late 2018 and will also be known as the Exploration Station, said Dr Danny O’Hare, founding president of Dublin City University and chairman of the Exploration Station board since 2006.
(tags: real-tennis tennis nch dublin science kids planetarium)
Troy Hunt: Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs
holy crap. Nissan expose a public API authenticated _solely_ using the car's VIN -- which is more or less public info; the API allows turning on/off AC, grabbing driving history, etc.
(tags: security fail nissan leaf cars apis vin authentication)
Argon2 code audits - part one - Infer
A pretty viable way to run Facebook's Infer dataflow static analysis tool (which is otherwise quite a bear to run).
(tags: infer facebook java clang errors static-analysis lint dataflow docker)
You could pay €40k in fund fees - even if you lose money - Independent.ie
High PRSA charges make them a pretty crappy retirement policy
(tags: prsa savings retirement money investment fees irish-life pensions)
Neutrino Software Load Balancer
eBay's software LB, supporting URL matching, comparable to haproxy, built using Netty and Scala. Used in their QA infrastructure it seems
(tags: netty scala ebay load-balancing load-balancers url http architecture)
This is Why People Fear the ‘Internet of Things’
Ugh. This is a security nightmare. Nice work Foscam...
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt. This is the nightmare “Internet of Things” (IoT) scenario for any system administrator: The IP cameras that you bought to secure your physical space suddenly turn into a vast cloud network designed to share your pictures and videos far and wide. The best part? It’s all plug-and-play, no configuration necessary!
CharybdeFS: a new fault-injecting filesystem for software testing
a FUSE-based filesystem from ScyllaDB to test filesystem-related failure scenarios. great idea
(tags: fuse software testing scylladb filesystems disk charybdefs fault-injection tests)
The NSA’s SKYNET program may be killing thousands of innocent people
Death by Random Forest: this project is a horrible misapplication of machine learning. Truly appalling, when a false positive means death:
The NSA evaluates the SKYNET program using a subset of 100,000 randomly selected people (identified by their MSIDN/MSI pairs of their mobile phones), and a a known group of seven terrorists. The NSA then trained the learning algorithm by feeding it six of the terrorists and tasking SKYNET to find the seventh. This data provides the percentages for false positives in the slide above. "First, there are very few 'known terrorists' to use to train and test the model," Ball said. "If they are using the same records to train the model as they are using to test the model, their assessment of the fit is completely bullshit. The usual practice is to hold some of the data out of the training process so that the test includes records the model has never seen before. Without this step, their classification fit assessment is ridiculously optimistic." The reason is that the 100,000 citizens were selected at random, while the seven terrorists are from a known cluster. Under the random selection of a tiny subset of less than 0.1 percent of the total population, the density of the social graph of the citizens is massively reduced, while the "terrorist" cluster remains strongly interconnected. Scientifically-sound statistical analysis would have required the NSA to mix the terrorists into the population set before random selection of a subset—but this is not practical due to their tiny number. This may sound like a mere academic problem, but, Ball said, is in fact highly damaging to the quality of the results, and thus ultimately to the accuracy of the classification and assassination of people as "terrorists." A quality evaluation is especially important in this case, as the random forest method is known to overfit its training sets, producing results that are overly optimistic. The NSA's analysis thus does not provide a good indicator of the quality of the method.
(tags: terrorism surveillance nsa security ai machine-learning random-forests horror false-positives classification statistics)
Lasers reveal 'lost' Roman roads
UK open data success story, via Tony Finch:
This LIDAR data bonanza has proved particularly helpful to archaeologists seeking to map Roman roads that have been ‘lost’, some for thousands of years. Their discoveries are giving clues to a neglected chapter in the history of Roman Britain: the roads built to help Rome’s legions conquer and control northern England.
(tags: uk government lidar open-data data roman history mapping geodata)
-
Also known as "Graduate Student Descent", a common approach to hyperparameter tuning in machine learning -- ie. get an intern to sit there tweaking parameters until they find something approximating optimal performance
(tags: optimization funny terms terminology graduate-student-descent hyperparameters semisupervised-intern-descent tuning interns)
-
Valentine's Day cards for you and yours, from one of cinema's true visionaries. How do you communicate the depth of your desire? Say it with Cronenberg Valentines.
(tags: david-cronenberg horror gross naked-lunch movies valentines-day funny)
-
Let's see how long this lasts:
Today Sauce Labs is proud to open-source isign. isign can take an iOS app that was authorized to run only on one developer’s phone, and transform it so it can run on another developer’s phone. This is not a hack around Apple’s security. We figured out how Apple’s code signing works and re-implemented it in Python. So now you can use our isign utility anywhere – even on Linux!
-
'Indonesia's government has demanded that instant messaging apps remove stickers featuring same-sex couples, in the latest high-profile attempt to discourage visible homosexuality in the socially conservative country.' (via fuzzix)
Apollo 11 astronauts wrote on moon ship's walls, Smithsonian 3D scan reveals
The 3D scan is pretty awesome
(tags: scanning apollo history moon spaceflight 3d-scanning columbia apollo-command-module)
-
Apple outlaws third-party repairs with vague TouchID-related justifications:
Freelance photographer and self-confessed Apple addict Antonio Olmos says this happened to his phone a few weeks ago after he upgraded his software. Olmos had previously had his handset repaired while on an assignment for the Guardian in Macedonia. “I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly.” He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead.
Now that is scummy.(tags: apple error-53 ios9 ios phones smartphones touchid via:boingboing)
-
good roundup of real-world clock skew links
(tags: clocks clock-skew ntp realtime time bugs distcomp reliability skew)
-
A critique of the "Redlock" locking algorithm from Redis by Martin Kleppman. antirez responds here: http://antirez.com/news/101
(tags: distributed locking redis algorithms coding distcomp redlock martin-kleppman zookeeper)
Submitting User Applications with spark-submit - AWS Big Data Blog
looks reasonably usable, although EMR's crappy UI is still an issue
-
Awesome post from Dan Luu with data from Google:
The cause [of some mystery widespread 250ms hangs] was kernel throttling of the CPU for processes that went beyond their usage quota. To enforce the quota, the kernel puts all of the relevant threads to sleep until the next multiple of a quarter second. When the quarter-second hand of the clock rolls around, it wakes up all the threads, and if those threads are still using too much CPU, the threads get put back to sleep for another quarter second. The phase change out of this mode happens when, by happenstance, there aren’t too many requests in a quarter second interval and the kernel stops throttling the threads. After finding the cause, an engineer found that this was happening on 25% of disk servers at Google, for an average of half an hour a day, with periods of high latency as long as 23 hours. This had been happening for three years. Dick Sites says that fixing this bug paid for his salary for a decade. This is another bug where traditional sampling profilers would have had a hard time. The key insight was that the slowdowns were correlated and machine wide, which isn’t something you can see in a profile.
(tags: debugging performance visualization instrumentation metrics dan-luu latency google dick-sites linux scheduler throttling kernel hangs)
View & diagnose Google Cloud Messaging (GCM) statistics
Looks like GCM now offers a way to determine if a message got delivered, via the GCM diagnostics console
(tags: gcm google push-notifications android messaging)
OnePlus 2 and OnePlus X damaging Deutsche Telekom SIM cards
I can confirm, there is a help forum from the "deutsche telekom", they say there is a feature called MEC (it's mainly for setting phone parameters to match their network), active on all their SIM cards, which is not correctly handled by any of the OnePlus Devices (one, two, x) so it writes constantly to flash memory, killing it arround 100.000 writes which is 3-6 weeks.
(via Mike Walsh on the Irish tech slack)(tags: via:itc oneplus phones sim-cards mec deutsche-telekom bugs flash)
Scala client composition with Traits vs implementing an abstract class - Stack Overflow
good Scala coding advice from Travis Brown
(tags: scala coding travis-brown inheritance oo languages traits)
The science behind "don't drink when pregnant" is rubbish
As the economist Emily Oster pointed out in her 2013 book Expecting Better, there is also no “proven safe” level of Tylenol or caffeine, and yet both are fine in moderation during pregnancy. Oster pored through reams of research on alcohol and pregnancy for her book and concluded that there is simply no scientific evidence that light drinking during pregnancy impacts a baby’s health. (In one frequently cited 2001 study that suggested light drinking in pregnancy increases the chances of a child displaying aggressive behaviors, the drinkers were also significantly likelier to have taken cocaine during pregnancy.)
My wife also followed the paper trail on this issue in the past. In the papers from which these recommendations were derived, the level of drinking at which any effects were observed in babies was when women consumed at least *9 units every day* for the entire pregnancy. That's an entire bottle of wine, daily!(tags: booze alcohol science facts papers medicine emily-oster babies pregnancy pre-pregnant research)
-
'“Spam emails are a large proportion of emails seen in SIGINT [signals intelligence],” reads part of a dense document from the Snowden archive, published by Boing Boing on Tuesday. “GCHQ would like to reduce the impact of spam emails on data storage, processing and analysis.”' (circa 2011). Steganography, anyone? (via Tony Finch)
(tags: spam anti-spam gchq funny boing-boing sigint snowden surveillance)
ECHR: Websites not liable for readers' comments
'Lawyers for [a Hungarian news] site said the comments concerned had been taken down as soon as they were flagged. They said making their clients liable for everything readers posted "would have serious adverse repercussions for freedom of expression and democratic openness in the age of Internet". The ECHR agreed. "Although offensive and vulgar, the incriminated comments did not constitute clearly unlawful speech; and they certainly did not amount to hate speech or incitement to violence," the judges wrote.'
research!rsc: Zip Files All The Way Down
quine.zip, quine.gz, and quine.tar.gz. Here's what happens when you mail it through bad AV software: https://twitter.com/FioraAeterna/status/694655296707297281
(tags: zip algorithms compression quines fun hacks gzip)
The Nuclear Missile Sites of Los Angeles
Great article by Geoff "bldgblog" Manaugh on the ruins of the Nike air-to-air missile emplacements dotted around California. I had absolutely no idea that these -- the 1958-era Nike-Hercules missiles, at least -- carried 30-kiloton nuclear warheads, intended to be detonated at 50,000 feet *above* the cities they were defending, in order to destroy in-flight bomber formations. Nuclear war was truly bananas.
(tags: war history la sf california nike-missiles missiles nuclear-war nike-hercules cold-war 1950s)
Exclusive: Snowden intelligence docs reveal UK spooks' malware checklist / Boing Boing
This is an excellent essay from Cory Doctorow on mass surveillance in the post-Snowden era, and the difference between HUMINT and SIGINT. So much good stuff, including this (new to me) cite for, "Goodhart's law", on secrecy as it affects adversarial classification:
The problem with this is that once you accept this framing, and note the happy coincidence that your paymasters just happen to have found a way to spy on everyone, the conclusion is obvious: just mine all of the data, from everyone to everyone, and use an algorithm to figure out who’s guilty. The bad guys have a Modus Operandi, as anyone who’s watched a cop show knows. Find the MO, turn it into a data fingerprint, and you can just sort the firehose’s output into ”terrorist-ish” and ”unterrorist-ish.” Once you accept this premise, then it’s equally obvious that the whole methodology has to be kept from scrutiny. If you’re depending on three ”tells” as indicators of terrorist planning, the terrorists will figure out how to plan their attacks without doing those three things. This even has a name: Goodhart's law. "When a measure becomes a target, it ceases to be a good measure." Google started out by gauging a web page’s importance by counting the number of links they could find to it. This worked well before they told people what they were doing. Once getting a page ranked by Google became important, unscrupulous people set up dummy sites (“link-farms”) with lots of links pointing at their pages.
(tags: adversarial-classification classification surveillance nsa gchq cory-doctorow privacy snooping goodharts-law google anti-spam filtering spying snowden)
Phone robot keeps annoying telemarketers talking for as long as possible
'Anderson encourages his readers to forward telemarketers to the robot, and is happy to send them recordings of the ensuing conversations. His instructions are below if you'd like to give it a shot.'
(tags: telemarketers script robodialing spam funny)
Why is Safe Harbour II such a challenge? - EDRi
The only possible deal that is immediately available is where the European Commission agrees a politically expeditious but legally untenable deal, creating a time bomb rather than a durable deal, to the benefit of no one. In absence of reforms before an agreement, individuals’ fundamental rights would remain under threat.
(tags: edri law eu ec ecj surveillance snooping us-politics safe-harbor)
-
interactive menu selection for the UNIX command line
(tags: cli linux unix grep menus selection ui interactive terminal)
-
It seems git's default behavior in many situations is -- despite communicating objectID by content-addressable hashes which should be sufficient to assure some integrity -- it may not actually bother to *check* them. Yes, even when receiving objects from other repos. So, enabling these configuration parameters may "slow down" your git operations. The return is actually noticing if someone ships you a bogus object. Everyone should enable these.
(tags: git security integrity error-checking dvcs version-control coding)
-
Good explanation and scipy code for the birthday paradox and hash collisions
(tags: hashing hashes collisions birthday-problem birthday-paradox coding probability statistics)
iPhone, iPad, Mac Buyer's Guide: Know When to Buy
sync up with the Apple product cycle when you're buying new hardware
(tags: hardware devices apple shopping mac ios iphone ipad releases schedule gadgets)
Seesaw: scalable and robust load balancing from Google
After evaluating a number of platforms, including existing open source projects, we were unable to find one that met all of our needs and decided to set about developing a robust and scalable load balancing platform. The requirements were not exactly complex - we needed the ability to handle traffic for unicast and anycast VIPs, perform load balancing with NAT and DSR (also known as DR), and perform adequate health checks against the backends. Above all we wanted a platform that allowed for ease of management, including automated deployment of configuration changes. One of the two existing platforms was built upon Linux LVS, which provided the necessary load balancing at the network level. This was known to work successfully and we opted to retain this for the new platform. Several design decisions were made early on in the project — the first of these was to use the Go programming language, since it provided an incredibly powerful way to implement concurrency (goroutines and channels), along with easy interprocess communication (net/rpc). The second was to implement a modular multi-process architecture. The third was to simply abort and terminate a process if we ended up in an unknown state, which would ideally allow for failover and/or self-recovery.
(tags: seesaw load-balancers google load-balancing vips anycast nat lbs go ops networking)
"What the hell have you built"
cut out and keep PNG for many occasions! "Why is Redis talking to MongoDB?"
(tags: mongodb redis funny architecture gifs png reactiongifs)
Schema evolution in Avro, Protocol Buffers and Thrift
Good description of this key feature of decent serialization formats
(tags: avro thrift protobuf schemas serialization coding interop compatibility)
ECB forcing Ireland to pay the bondholders was like a hostage situation | David McWilliams
At the time, many of us citizens thought the State was being craven in the face of the EU but it is now clear that Trichet’s ECB was prepared to let the Irish banks go to the wall, prompting a new bank run in 2010. This is like a hostage situation. The ECB was saying to the Irish government: you managed in September 2008 to prevent a bank run with the guarantee (which should always have been temporary and conditional) but now we are going to threaten you with another bank run – because we are still funding your banks and you must pay all the bondholders and add the cost to the national debt of the country. So the implicit threat was: “We will close the banks, cause a bank run and you will be left to pick up the pieces politically, socially and economically.”
(tags: banking ireland politics ecb eu bondholders jean-claude-trichet economics)
Three lessons from running Kubernetes in production
Wow, the deployment thing is pretty hacky
(tags: deployment ops kubernetes production)
Apollo 11 Mission on Technical Debt — Medium
'# TEMPORARY, I HOPE HOPE HOPE'
(tags: hacks technical-debt backlog prioritisation project-management apollo space history)
Pinboard: bookmarks for peakscale tagged 'postmortem'
Bookmarking so I can follow my own link from https://pinboard.in/u:jmason/t:post-mortems/
(tags: postmortem outages availability post-mortems)
Ireland’s first dedicated poutine place opened in Dublin today and it’s delish
SOUND THE POUTINE KLAXON
(tags: poutine canadia canada frozen-wastes food chips dublin)
-
Dropwizard for Go, basically:
a distributed programming toolkit for building microservices in large organizations. We solve common problems in distributed systems, so you can focus on your business logic.
(tags: microservices go golang http libraries open-source rpc circuit-breakers)
Meteor | What are the full list of short-codes for voicemail/diverts?
bookmarking for future use
In Phibsboro, a New Deli For a Changing Neighbourhood
"Bang Bang", new fancy deli on Leinster Road North
Tara Pilgrimage 2006 - Indymedia Ireland
OMG, this is hilarious. High drama among the arch-druids (via Lisa Carey)
Tim O'Reilly vs Paul Graham: fight!
'In his essay on Income Inequality, Paul Graham credited me for pre-publication feedback. Because he didn’t do much with my comments, I thought I’d publish them here.' ... 'Mostly, I think you are picking a fight with people who would mostly agree with you, and ignoring the real arguments about what inequality means and why it matters.'
(tags: inequality silicon-valley tech paul-graham tim-oreilly piketty politics economics wealth startups history work stock-options)
Fairytales much older than previously thought, say researchers
Analysis showed Jack and the Beanstalk was rooted in a group of stories classified as The Boy Who Stole Ogre’s Treasure, and could be traced back to when eastern and western Indo-European languages split – more than 5,000 years ago. Beauty and the Beast and Rumpelstiltskin to be about 4,000 years old. A folk tale called The Smith and the Devil was estimated to date back 6,000 years to the bronze age. The study employed phylogenetic analysis, which was developed to investigate evolutionary relationships between species, and used a tree of Indo-European languages to trace the descent of shared tales on it, to see how far they could be demonstrated to go back in time. Tehrani said: “We find it pretty remarkable these stories have survived without being written. They have been told since before even English, French and Italian existed. They were probably told in an extinct Indo-European language.”
(tags: history mythology stories folk-tales jack-and-the-beanstalk rumpelstiltskin language phylogenetic)
Transform your oyster travelcard with sugru!
probably totally dodgy where the Oyster rules are concerned, but still pretty damn cool
-
handy -- search Netflix in all regions, then show where the show/movie is available. Probably going to be less handy from now on now that Netflix is blocking region-spoofing
Why Eircode is a shambles, by someone who works in the transport industry
This is full of good points.
Without having a distinct SORT KEY for a geographically distinct area, a postcode is of no real benefit to any type of transport firm or agency. To take one example, Eircode have used the same sort key, F92, for Arranmore (Donegal’s largest inhabited island) and the north western Donegal mainland. Cill Rónáin, Inis Mór, the largest of the Aran Islands, has the same sort key H91, as Connemara and Galway City. Galway city and the Aran Islands may be in a relatively small geographical area, but keen eyes may have noticed that the Aran Islands are separated from the mainland by a small section of the Atlantic Ocean. Sort codes which ignore clear and obvious boundaries, like seas or oceans, need to be redesigned. In two seconds a [UK] website could tell a Hebridean that his delivery will take 4 days at a cost of fifty quid by using the first three characters of the postcode. The Eircode-using Irish equivalent website would need to lookup a large database to tell an Arranmore resident the cost and time for delivery – and they’d need the full exact code. Any mistake made here, and your estimated delivery time, and cost for delivery will be wrong.
(tags: postcodes eircode loc8code fail couriers delivery geodata geocoding galway aran-islands)