How YouTube Radicalized Brazil
YouTube’s search and recommendation system appears to have systematically diverted users to far-right and conspiracy channels in Brazil. A New York Times investigation in Brazil found that, time and again, videos promoted by the site have upended central elements of daily life. Teachers describe classrooms made unruly by students who quote from YouTube conspiracy videos or who, encouraged by right-wing YouTube stars, secretly record their instructors. Some parents look to “Dr. YouTube” for health advice but get dangerous misinformation instead, hampering the nation’s efforts to fight diseases like Zika. Viral videos have incited death threats against public health advocates. And in politics, a wave of right-wing YouTube stars ran for office alongside Mr. Bolsonaro, some winning by historic margins. Most still use the platform, governing the world’s fourth-largest democracy through internet-honed trolling and provocation. YouTube’s recommendation system is engineered to maximize watchtime, among other factors, the company says, but not to favor any political ideology. The system suggests what to watch next, often playing the videos automatically, in a never-ending quest to keep us glued to our screens.
(tags: youtube politics brazil future grim engagement machine-learning google zika)
security-bulletins/2019-002.md at master · Netflix/security-bulletins
A variety of DOS attacks against HTTP/2 server-side implementations
-
scraping data from publicly available sources is so much of an industry standard that it’s taught as a foundational skill (sans ethics) in most data science and machine-learning training. […] this story highlights the need for the tech industry to adapt its cultural norms and standard practices to keep pace with the rapid evolution of the technology itself, as well as the public’s awareness of how their data is used.
(tags: scraping privacy data ai big-data data-privacy flickr photos machine-learning)
Justin's Linklog Posts
-
The patterns on the goods in this shop are designed to trigger Automated License Plate Readers, injecting junk data in to the systems used by the State and its contractors to monitor and track civilians and their locations.
(tags: anpr alpr adversarial-classification privacy)
Google Employee Alleges Discrimination Against Pregnant Women in Viral Memo – VICE
“During one conversation with my new manager in which I reiterated an early leave and upcoming bedrest, she told me that she had just listened to an NPR segment that debunked the benefits of bedrest,” she wrote. “She also shared that her doctor had ordered her to take bedrest, but that she ignored the order and worked up until the day before she delivered her son via cesarean section. My manager then emphasized in this same meeting that a management role was no longer guaranteed upon my return from maternity leave, and that she supported my interviewing for other roles at Google.”
(tags: pregnancy life hr work google peopleops leaks bedrest maternity-leave career)
-
for AWS I/O optimized instance types. This is vital info to understand how I/O performance on AWS will degrade and what it’ll drop down to, for production workloads
-
“Cracking down on white nationalists will therefore involve removing a lot of people who identify to a greater or lesser extent as Trump supporters, and some people in Trump circles and pro-Trump media will certainly seize on this to complain they are being persecuted,” Berger said. “There’s going to be controversy here that we didn’t see with ISIS, because there are more white nationalists than there are ISIS supporters, and white nationalists are closer to the levers of political power in the US and Europe than ISIS ever was.”
(tags: gop corruption twitter politics filtering ai fascism republicans)
The White House is reportedly drafting an order to stop social media ‘bias’ – The Verge
One shooting was apparently an act of far-right terrorism, based on an anti-immigrant screed posted online. There was a fine line between its rhetoric and the views of major conservative figures like Tucker Carlson or Trump himself. Preemptively flagging the shooter — or one of several far-right killers before him — could have looked like egregious anti-conservative bias. And since predictive AI has sky-high error rates, it would probably catch a lot of non-violent conservative accounts (alongside those of non-conservatives) purely by accident. That’s already a recipe for a PR disaster, and it gets even dicier if Trump adds new legal punishments.
(via JK)(tags: filtering ai terrorism far-right fascism nazis trump twitter social-media)
-
(via ITC)
(tags: bike-cameras cameras safety cycling)
Why I Turned Down an AWS Job Offer – Last Week in AWS
Amazon have filed a non-compete case against one of their sales execs who left and moved to Google. ouch
(tags: aws amazing noncompetes jobs work legal non-competes)
We Already Have the World’s Most Efficient Carbon Capture Technology
it’s the empress tree, which can absorb 10x to 100x the quantity of CO2-per-acre vs other tree species
-
Wow, this is a great answer. As he notes, the Scrum-style process is flawed for big backend projects: “This style of short-term planning, direct customer contact, and continuous iteration is well suited to software with a simple core and lots of customer visible features that are incrementally useful. It is not so well suited to software which has a very simple interface and tons of hidden internal complexity, software which isn’t useful until it’s fairly complete, or leapfrog solutions the customer can’t imagine.” And he goes on to come up with something which works better for Google-style projects:
Our highest priority is to increase customer (and programmer) productivity and access to information. Work on the biggest, most frequently used problems you can find, and create the largest net impact. Don’t give the customer what they ask for; understand them, and revolutionize their world. Developers should create a Google Design Document (a fairly minimal, but structured design doc), explaining the project, what goals it hopes to achieve, and explains why it can’t be done in other ways. This document should be circulated with stakeholders, to get early feedback before the project gets underway. The written record is essential, as it assures there is a clear and agreed understanding of when the project is a success and how it aims to get there. At all phases of the project, critical design elements for larger components should be concisely explained and captured in a design document. Innovate in leapfrogs. It’s more important to finish and deploy a leapfrog than to attempt perfection. There is no perfection. Instead be flexible, and plan to constantly reinvent at every level of the stack. Deliver working software as soon as is reasonably possible, and no sooner. “Dogfood” projects internally before they are shipped externally. Make sure products meet high quality standards before shipping. The quality of the product is more important than the time it takes to achieve it.
(tags: agile architecture google scrum development coding projects project-management design)
-
CarbonKit provides all the data and models necessary for calculating various greenhouse gas emissions in categories such as car, train and air transport, types of fuel or country-specific grid electricity, electrical appliances, agricultural and industrial processes and building materials.
-
The goal is to take standard applications and JIT them to their AVX-512 equivalent such that we can fuzz 16 VMs at a time per thread. The net result of this work allows for high performance fuzzing (approx 40 billion to 120 billion instructions per second [the 2 trillion clickbait number is theoretical maximum]) depending on the target, while gathering differential coverage on code, register, and memory state. By gathering more than just code coverage we are able to track state of code deeper than just code coverage itself, allowing us to fuzz through things like memcmp() without any hooks or static analysis of the target at all. Further since we’re running emulated code we are able to run a soft MMU implementation which has byte-level permissions. This gives us stronger-than-ASAN memory protections, making bugs fail faster and cleaner.
(tags: fuzzing hardware performance programming virtualization avx-512 avx)
Coal Ash Is More Radioactive Than Nuclear Waste – Scientific American
I didn’t know this:
At issue is coal’s content of uranium and thorium, both radioactive elements. They occur in such trace amounts in natural, or “whole,” coal that they aren’t a problem. But when coal is burned into fly ash, uranium and thorium are concentrated at up to 10 times their original levels. Fly ash uranium sometimes leaches into the soil and water surrounding a coal plant, affecting cropland and, in turn, food. People living within a “stack shadow”—the area within a half- to one-mile (0.8- to 1.6-kilometer) radius of a coal plant’s smokestacks—might then ingest small amounts of radiation. Fly ash is also disposed of in landfills and abandoned mines and quarries, posing a potential risk to people living around those areas.
(via Jamie McCarthy)(tags: via:jamiemccarthy coal environment nuclear pollution fly-ash coal-ash safety health)
Fast and flexible observability with canonical log lines
Interesting — basically crossing the line between service metrics and logging, with a simple, readable structured logging format, and a well-defined structure
(tags: stripe logging metrics canonical-logs structured-logs ops operability observability)
How To Talk To Older People In Your Life About Fake News
Caulfield said it’s common for older people to unwittingly share things that have extremist messages or iconography. “It’s very hard to see people posting stuff that may come from a kind of a dark place that they don’t realize is dark,” Caulfield said. “What do you do when your parents go from posting Minions to posting hard-right memes about cement milkshakes?”
this is where we’re at. (Thankfully not with _my_ parents, though)(tags: family fake-news propaganda facebook memes alt-right fascism)
AWS S3 Event Notifications have “probably once” delivery
you get the following Messages that are delivered once; Messages that are delivered multiple times; Messages that are not delivered This is in fact equivalent to “no guarantees at all” but the phrase “probably once” has a certain appeal to it. In my case I have an application that writes files to S3 at a regular interval. These files are processed by a lambda so they can be loaded into a database. This database is ultimately used in a customer facing application, so any duplicates gets noticed very quickly. Somehow I needed to come up with a way to deal with this pecuilar behavior of S3 Event Notifications.
Christ, what a mess. Sounds like S3 Event Notifications are best ignored for production use. Disappointing :((tags: aws s3 event-notifications consistency durability reliability ops)
Loss of Arctic’s Reflective Sea Ice Will Advance Global Warming by 25 Years
“Losing the reflective power of Arctic sea ice will lead to warming equivalent to one trillion tons of CO2 and advance the 2ºC threshold by 25 years. Any rational policy would make preventing this a top climate priority for world leaders,” said Ramanathan, a professor of atmospheric and climate sciences at Scripps. [….] Computer forecast models are actually underestimating the extent of this trend. “We analyzed 40 climate models from modeling centers around the world,” said Eisenman, a professor of climate, atmospheric science, and physical oceanography at Scripps. “Not a single one of the models simulated as much Arctic sea ice retreat per degree of global warming as has been observed during recent decades.”
(tags: arctic climate-change climate global-warming fear ice earth)
Latacora – How (not) to sign a JSON object
good notes on authentication of API consumers using a HMAC. colmmacc also noted that using a constant-time comparison function of the expected and sent values, is important to avoid timing attacks. “A standard strcmp/memcmp isn’t secure and I still see this error in 2019 :(“
(tags: hmac mac authentication crypto security json apis api coding signing)
twitter thread on how same-sex romance was added to The Sims back in 1998
Phil Salvador on Twitter: “Sims developer Don Hopkins released a bunch of design documents from The Sims, including this one from August 1998 with his notes about romance: […] It’s incredible to see the internal discussion about romance in The Sims written out so strongly like this.”
(tags: don-hopkins games history the-sims design romance 1990s)
Data isn’t the new oil, it’s the new CO2
great point.
We should not endlessly be defending arguments along the lines that “people choose to willingly give up their freedom in exchange for free stuff online”. The argument is flawed for two reasons. First the reason that is usually given – people have no choice but to consent in order to access the service, so consent is manufactured. We are not exercising choice in providing data but rather resigned to the fact that they have no choice in the matter. The second, less well known but just as powerful, argument is that we are not only bound by other people’s data; we are bound by other people’s consent. In an era of machine learning-driven group profiling, this effectively renders my denial of consent meaningless. Even if I withhold consent, say I refuse to use Facebook or Twitter or Amazon, the fact that everyone around me has joined means there are just as many data points about me to target and surveil. The issue is systemic, it is not one where a lone individual can make a choice and opt out of the system. We perpetuate this myth by talking about data as our own individual “oil”, ready to sell to the highest bidder. In reality I have little control over this supposed resource which acts more like an atmospheric pollutant, impacting me and others in myriads of indirect ways. There are more relations – direct and indirect – between data related to me, data about me, data inferred about me via others than I can possibly imagine, let alone control with the tools we have at our disposal today.
(tags: data ethics data-privacy privacy surveillance surveillance-capitalism co2 future profiling consent gdpr)
Ikea Symfonisk review: affordable, fun Sonos speakers – The Verge
looks like they’ve done a decent job on getting Sonos into IKEA furniture
-
Using our model, we find that 99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes. Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model.
ouch.(tags: deanonymization deidentification anonymization anonymisation gdpr privacy data-privacy papers)
Aurora Postgres – Disastrous experience : aws
wow. absolute car crash of a thread regarding Postgres-on-Aurora
“Let’s talk about peeing in space.”
Great Twitter thread by @MaryRobinette on the intricacies of bodily functions in zero-G
(tags: space zero-g gravity peeing bodily-functions funny shit)
-
Deep learning techniques have become the method of choice for researchers working on algorithmic aspects of recommender systems. With the strongly increased interest in machine learning in general, it has, as a result, become difficult to keep track of what represents the state-of-the-art at the moment, e.g., for top-n recommendation tasks. At the same time, several recent publications point out problems in today’s research practice in applied machine learning, e.g., in terms of the reproducibility of the results or the choice of the baselines when proposing new models. In this work, we report the results of a systematic analysis of algorithmic proposals for top-n recommendation tasks. Specifically, we considered 18 algorithms that were presented at top-level research conferences in the last years. Only 7 of them could be reproduced with reasonable effort. For these methods, it however turned out that 6 of them can often be outperformed with comparably simple heuristic methods, e.g., based on nearest-neighbor or graph-based techniques. The remaining one clearly outperformed the baselines but did not consistently outperform a well-tuned non-neural linear ranking method. Overall, our work sheds light on a number of potential problems in today’s machine learning scholarship and calls for improved scientific practices in this area.
(via Halvar Flake)(tags: via:halvarflake deep-learning machine-learning ml papers algorithms top-n heuristics)
Bulgarian tax authority hacked, majority of population’s tax details leaked
Well this is pretty much the worst-case scenario for a tax authority:
A 20-year-old man was arrested in Sofia, Bulgaria, on Tuesday afternoon and charged with an unprecedented hack of the country’s tax authority, ending with the theft of sensitive personal records from nearly every adult in Bulgaria, according to local reports. The suspect, whose name is Kristiyan Boykov, according to Bulgarian media, faces up to eight years in prison. Police say others may have been involved. The country’s officials have spent the week revealing and apologizing for the pillaging of Bulgaria’s National Revenue Agency (NRA) in June, Reuters reported. Personal and financial data for millions of taxpayers was leaked by email to local journalists. The data leak includes names, addresses, income and earnings information, and personal identification numbers, totaling 21 gigabytes and extending back over a decade.
Margaret Hamilton interviewed by The Guardian
good interview with the software engineering pioneer
(tags: margaret-hamilton tech software the-guardian interviews history apollo)
When Non-Jews Wield Anti-Semitism as Political Shield | GQ
a spate of ultra-Christian would-be spokespeople have demonstrated outrage against congresswoman Alexandria Ocasio-Cortez for daring to use the term “concentration camps” to describe the camps in which thousands of migrants are concentrated in squalor, and have died, on the Southern border. Wyoming representative Liz Cheney and Meghan McCain have volunteered, unasked-for, as blonde Christian Loraxes, prepared at all times to speak for the Jews. In late June, Cheney demanded Ocasio-Cortez apologize for utilizing the term, stating that “6 million Jews were exterminated in the Holocaust. You demean their memory and disgrace yourself with comments like this.” But Jews are not trees, not animals, not mute props to use as cudgels in a war of escalating rhetoric. We do not need to be spoken for, we who have been here since before this country was a country, and want to remain, and know no other home; we are not waiting for your apocalypse. As if to prove a counterpoint, on Tuesday, July 15, one thousand “Jews and allies” led by a group called #NeverAgainAction and the immigrant justice group Movimiento Cosecha enacted a protest in Washington, D.C., blockading the entrances and exits to the Immigration and Customs Enforcement agency’s headquarters and the approaching street. Their chief slogan defied those who would use Jews’ bloody history to deny present atrocities; those who would utilize Jews as weapons to silence anti-racists; those who want us to wait, meekly, to be cozened by Christ in the end of days. What they chanted, holding hands, were four simple words: “Never Again is Now.”
(tags: antisemitism us-politics politics smearing aoc rhetoric)
The Codeless Code: Case 234 Ozymandias
Love this:
I chanced upon an ancient cache of code: a stack of printouts, tall as any man, that in decaying boxes had been stowed. Ten thousand crumbling pages long it ran. Abandoned in the blackness to erode, what steered a ship through blackness to the moon. The language is unused in this late year. The target hardware, likewise, lies in ruin. Entombed within one lone procedure’s scope, a line of code and then these words appear: # TEMPORARY, I HOPE HOPE HOPE The code beside persisting to the last— as permanent as aught upon this sphere— while overhead, a vacant moon flies past.
(tags: moon apollo coding history hacks comments funny poetry poems ozymandias)
Modeling the Mythical Man-Month using the Universal Scalability Law
turns out the USL can apply
(tags: usl scalability scaling brooks teams mythical-man-month estimation)
-
posts GitHub pull requests that are ready to be reviewed into Slack. How does it know when a pull request is ready? We have a special label in our repositories, aptly named READY TO REVIEW (all caps so it’s easier to spot). When a pull request is ready for review, the author adds this label to their PR to mark it as finished. Meanwhile, all pull requests without this label are seen as works in progress and shouldn’t be reviewed. Next, an engineer can pick from the READY TO REVIEW pull requests and start reviewing — all code changes at PSPDFKit get reviewed by at least one other person. After the review is done, the pull request author incorporates the feedback and merges the PR.
(tags: github reviews code-review slack integration team)
Details of the Cloudflare outage on July 2, 2019
Great writeup from jgc. Worth noting some important lessons: * config changes should be rolled out carefully and gradually, just like code; * particularly regexps, which are effectively code anyway; * emergency-use rollback systems need to work, of course!; * having emergency-only systems is a risk, too, since infrequently-used code paths are likely to atrophy and break without anyone noticing (as nsheridan said); * /.*/ in a regexp is pretty much always bad news, and would have been worth a linter to catch before commit.
(tags: cloudflare outages regex postmortems regexps deployment rollback via:jgc)
The Configuration Complexity Clock
This, so much this…..
Frustratingly there are still some business requirements that can’t be configured using the new [post-config-file] rules engine. Some logical conditions simply aren’t configurable using its GUI, and so the application has to be re-coded and re-deployed for some scenarios. Help is at hand, someone on the team reads Ayende’s DSLs book. Yes, a DSL will allow us to write arbitrarily complex rules and solve all our problems. The team stops work for several months to implement the DSL. It’s a considerable technical accomplishment when it’s completed and everyone takes a well earned break. Surely this will mean the end of arbitrary hard-coded business logic? It’s now 9am on the clock. Amazingly it works. Several months go by without any changes being needed in the core application. The team spend most of their time writing code in the new DSL. After some embarrassing episodes, they now go through a complete release cycle before deploying any new DSL code. The DSL text files are version controlled and each release goes through regression testing before being deployed. Debugging the DSL code is difficult, there’s little tooling support, they simply don’t have the resources to build an IDE or a ReSharper for their new little language. As the DSL code gets more complex they also start to miss being able to write object-oriented software. Some of the team have started to work on a unit testing framework in their spare time. In the pub after work someone quips, “we’re back where we started four years ago, hard coding everything, except now in a much crappier language.”
(via Oisin)(tags: configuration scripting dsls script config rules-engines rules via:oisin dsl coding hard-coding)
Palantir’s Top-Secret User Manual for Cops
The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives. The capabilities are staggering, according to the guide: If police have a name that’s associated with a license plate, they can use automatic license plate reader data to find out where they’ve been, and when they’ve been there. This can give a complete account of where someone has driven over any time period. With a name, police can also find a person’s email address, phone numbers, current and previous addresses, bank accounts, social security number(s), business relationships, family relationships, and license information like height, weight, and eye color, as long as it’s in the agency’s database. The software can map out a person’s family members and business associates of a suspect, and theoretically, find the above information about them, too. All of this information is aggregated and synthesized in a way that gives law enforcement nearly omniscient knowledge over any suspect they decide to surveil.
(tags: police surveillance palantir creepy grim data-privacy privacy)
Ireland putting profit before people with genomic medicine strategy
From David McConnell and Orla Hardiman at TCD:
Much of the medical information sought by GMI [Genomics Medicine Ireland] has been collected from patients in public hospitals funded by the exchequer at great expense […]. Clinicians are being contracted and asked to obtain consent from their patients to transfer clinical information to GMI, along with a tissue sample for WGS [Whole Genome Sequencing]. We understand GMI will pay for the additional hospital clinical costs required for the project. It will obtain the full genetic code for each patient (WGS), and it will analyse all the data. For the most part …. there is minimal tangible benefit to the patient who participates in this programme. It is important to realise that GMI will own all the clinical and WGS data that they have acquired from the health service, which is of considerable commercial value. GMI will also have complete control over the research and any outcomes. Participating patients do not appear to have access to their data held by GMI – and there does not seem to be a “right to be forgotten”, despite the commercial nature of the enterprise. Moreover, the genomic and clinical data may also be transmitted outside of the European Union, and thus will not be protected by the stringent data-protection laws within the EU.[….] The Government has made a very big investment in GMI. There may be a view that it is not necessary to provide any additional public investments in genomic medicine in Ireland. However, to those of us who care about the longer-term development of genomic medicine in Ireland, this would be a seriously short-sighted approach. One person in 20 will develop a genetic disorder in their lifetime and half of the Irish population will experience a form of cancer. These and many other patients should be able to benefit from a publicly-available genomics project that can drive new medical care in Ireland. Genomic medicine is here to stay. We urgently need a properly governed genomics programme in Ireland that will ensure that Irish genomics remains within the public (non-commercial) domain, and that data obtained from Irish citizens will be used to benefit the entire Irish population.
(via Aoife McLysaght)(tags: gmi wgs genome open-data data-privacy gdpr privacy health medicine ireland genomics)
-
Rossa McMahon with a twitter thread on the legality of GMI’s genomic data collection program in Ireland:
GMI is a big, expensive company. It announced planned investment injection of $400m last year. It is engaged in a hot industry – hot because of investor interest and hot because of regulatory/ethics concerns. GDPR is not new. It has been known since 2016. Data protection law is not new. It has been known since 1988. The impact of these laws on genetic data collection & use is not a surprise. So if you have a $400m+ business and this is a key business issue, you have taken advice. And you have, no doubt, been in a position to take that advice from some of the best and/or most expensive advisors available. Assumptions are dangerous, but I think it is fair to assume this has happened. So read the story again. Would you be looking for repeated meetings with [Department of Health], answers to questions on regulatory matters and assurances from the State, if you had legal advice of your own to the effect that you are operating or can operate as your currently are?
(tags: gmi genomics genetics data-privacy privacy gdpr ireland)
Terrifying thread of Google Maps fails
‘This takes you over Hayden Pass Rd. “It’s a real challenging road and a true test of your vehicle and your stamina because the road abounds in twists and turns with wheels sometimes hanging above the precipice.” “There is a very narrow section of shelf road before you get to the top that is very dangerous if icy. There are no rocks to stop you from sliding off the side. This section should not be attempted if there is any ice at all.” I’m a little surprised that Google gave this route to me with no warning. It’s also comical to say you can get the drive done in 30 minutes.’ [….] ‘A couple of years ago I did a drive from Port Headland (Northwest Western Australia) to Perth. When we got onto Nanutarra road (Near Paraburdoo), the maps decided we should take a road that was actually the Lyons River – if we were foreign tourists it would have led us into a spot where we could easily have died. Unfortunately in outback WA, many tourists have experienced this and succumbed to it.’
(tags: driving safety google-maps google mapping routing fail via:danluu)
excellent Twitter thread about Brexiteer attitudes to Ireland
as one commenter notes: ‘Ireland as Britain’s Taiwan, not a real country but a renegade province that must be brought to heel and reclaimed for the Motherland’
Moving From Apache Thrift to gRPC: A Perspective From Alluxio
Good advice here:
Thrift served well as a fast and reliable RPC framework powering the metadata operations in Alluxio 1.x. Its limitation in handling streamed data has led us to a journey in search of better alternatives. gRPC provides some nice features that help us in building a simpler, more unified API layer. In this post, we discussed some lessons learned to move from Thrift to gRPC, including performance tuning tips that helped us achieve comparable performance for both one-off RPC calls as well as data streams. We hope this helps if you are looking at gRPC as an option for building high-performance services. Check out our blog for more articles on how we build Alluxio.
-
‘Homes for Sale and Rent (in Ireland), Mapped’ — neat dataviz site by Robert Lawson
Guidance for Drivers on use of “Dash Cams”
guidance note from the Irish Data Protection Commissioner on GDPR implications of dashcams.
Chernobyl True Story: What The HBO Miniseries Gets Right (& Changes)
A much more reasonable writeup of what the HBO series changed from what really happened — notably the show trial in the final episode was largely concocted. This is much more accurate than the cinemablend.com article.
(tags: chernobyl fact fiction hbo tv fictionalisation ussr history)
Open Source Could Be a Casualty of the Trade War
ideologically, a core tenant of open source is non-discriminatory empowerment. When I was introduced to open source in the 90’s, the chief “bad guy” was Microsoft – people wanted to defend against “embrace, extend, extinguish” corporate practices, and by homesteading on the technological frontier with GNU/Linux we were ensuring that our livelihoods, independence, and security would never be beholden to a hostile corporate power. Now, the world has changed. Our open source code may end up being labeled as enabling a “foreign adversary”. I never suspected that I could end up on the “wrong side” of politics by being a staunch advocate of open source, but here I am. My open source mission is to empower people to be technologically independent; to know that technology is not magic, so that nobody will ever be a slave to technology. This is true even if that means resisting my own government. The erosion of freedom starts with restricting access to “foreign adversaries”, and ends with the government arbitrarily picking politically convenient winners and losers to participate in the open source ecosystem. Freedom means freedom, and I will stand to defend it. Now that the US is carpet-bombing Huawei’s supply chain, I fear there is no turning back. The language already written into EO13873 sets the stage to threaten open source as a whole by drawing geopolitical and national security borders over otherwise non-discriminatory development efforts. While I still hold hope that the trade war could de-escalate, the proliferation and stockpiling of powerful anti-trade weapons like EO13873 is worrisome. Now is the time to raise awareness of the threat this poses to the open source world, so that we can prepare and come together to protect the freedoms we cherish the most. I hope, in all earnestness, that open source shall not be a casualty of this trade war.
(tags: open-source business china economics huawei us-politics trade-war oss gnu linux)
jCenter is the new default repository used with Android’s gradle plugin, I haven… | Hacker News
I am a developer Advocate with JFrog, the company behind Bintray. So, jcenter is a Java repository in Bintray (https://bintray.com/bintray/jcenter), which is the largest repo in the world for Java and Android OSS libraries, packages and components. All the content is served over a CDN, with a secure https connection. JCenter is the default repository in Groovy Grape (http://groovy.codehaus.org/Grape), built-in in Gradle (the jcenter() repository) and very easy to configure in every other build tool (maybe except Maven) and will become even easer very soon. Bintray has a different approach to package identification than the legacy Maven Central. We don’t rely on self-issued key-pairs (which can be generated to represent anyone, actually and never verified in Maven Central). Instead, similar to GitHub, Bintray gives a strong personal identity to any contributed library. If you really need to get your package to Maven Central (for supporting legacy tools) you can do it from Bintray as well, in a click of a button or even automatically.
(tags: jars maven gradle java bintray via:lemire packaging distribution)
Russians used fake Foster email for disinformation – researchers
Facebook believes this is the first time fake information about Northern Ireland and topics concerning Anglo-Irish relations has been disseminated by Russian operators acting in concert. The Atlantic Council’s research centre found the campaign was “persistent, sophisticated and well-resourced” and said that “the likelihood is that this operation was run by a Russian intelligence agency”. The operation “appeared designed to stoke racial, religious or political hatred, especially in Northern Ireland”, the researchers said, disclosing their findings in an online article published on the Medium self-publishing online platform over the weekend.
(tags: ireland russia disinformation fake-news facebook dfrlab ira politics)
Why the BAI is not the body to regulate the internet
Simon McGarr makes a good argument, and I agree
(tags: bai ireland regulation internet web messaging crypto privacy)
-
Three related flaws were found in the Linux kernel’s handling of TCP networking. The most severe vulnerability could allow a remote attacker to trigger a kernel panic in systems running the affected software and, as a result, impact the system’s availability. The issues have been assigned multiple CVEs: CVE-2019-11477 is considered an Important severity, whereas CVE-2019-11478 and CVE-2019-11479 are considered a Moderate severity. The first two are related to the Selective Acknowledgement (SACK) packets combined with Maximum Segment Size (MSS), the third solely with the Maximum Segment Size (MSS). These issues are corrected either through applying mitigations or kernel patches. Mitigation details and links to RHSA advsories can be found on the RESOLVE tab of this article.
Climate change: I work in the environmental movement. I don’t care if you recycle. – Vox
While we’re busy testing each other’s purity, we let the government and industries — the authors of said devastation — off the hook completely. This overemphasis on individual action shames people for their everyday activities, things they can barely avoid doing because of the fossil fuel-dependent system they were born into. In fact, fossil fuels supply more than 75 percent of the US energy system. If we want to function in society, we have no choice but to participate in that system. To blame us for that is to shame us for our very existence. […] But that doesn’t mean we do nothing. Climate change is a vast and complicated problem, and that means the answer is complicated too. We need to let go of the idea that it’s all of our individual faults, then take on the collective responsibility of holding the true culprits accountable. In other words, we need to become many Davids against one big, bad Goliath.
(tags: activism climate environment green climate-change future fossil-fuels society)
A free Argo Tunnel for your next project
Argo Tunnel lets you expose a server to the Internet without opening any ports. The service runs a lightweight process on your server that creates outbound tunnels to the Cloudflare network. Instead of managing DNS, network, and firewall complexity, Argo Tunnel helps administrators serve traffic from their origin through Cloudflare with a single command. [….] Starting today, any user, even those without a Cloudflare account, can try this new method of connecting their server to the Internet. Argo Tunnel can now be used in a free model that will create a new URL, known only to you, that will proxy traffic to your server. We’re excited to make connecting a server to the Internet more accessible for everyone.
(tags: cloudflare internet tunnel servers ports tunnelling ops free)
Download Starburst Distribution of Presto
Starburst’s free distro of Presto; there are additional enterprise features which require a license key but the basic distro is OSS. Docs at https://docs.starburstdata.com/latest/index.html
-
“Ten Emerging Technologies That’ll Improve and/or Ruin Everything” — Advanced Nuclear Power
(tags: nukes nuclear-power power future soonish smbc tech reactors)
Show HN: Enviro+ for Raspberry Pi – Environmental sensors
HN thread and linked Pimoroni gadget. UKP45 for a nice environmental sensor board
(tags: electronics iot projects sensors environment raspberry-pi gadgets)
The Surprising Reason that There Are So Many Thai Restaurants in America – VICE
Turns out the Thai government has taken a leaf from Guinness’ book:
The Ministry of Commerce’s Department of Export Promotion [..] drew up prototypes for three different “master restaurants,” which investors could choose as a sort of prefabricated restaurant plan, from aesthetic to menu offerings. Elephant Jump would be the fast casual option, at $5 to $15 per person; Cool Basil would be the mid-priced option at $15 to $25 a head; and the Golden Leaf prototype would cost diners $25 to $30, with décor featuring “authentic Thai fabrics and objets d’art.” (Does your favorite Thai spot have objets d’art? The restaurant may have been built from a government prototype.)
(Guinness do exactly the same thing for Irish pubs worldwide.)(tags: cuisine culture food government marketing thai thailand guinness restaurants franchising)
-
aren’t these lovely
-
Undocumented Amazon S3 APIs and third-party extensions: GET object by multipart number; AWS Java SDK partNumber; Multipart Upload ETag. (via Last Week in AWS)
Why women leave academia and why universities should be worried
I couldn’t agree more with this, having seen it happen first-hand:
The participants in the study identify many characteristics of academic careers that they find unappealing: the constant hunt for funding for research projects is a significant impediment for both men and women. But women in greater numbers than men see academic careers as all-consuming, solitary and as unnecessarily competitive. Both men and women PhD candidates come to realise that a string of post-docs is part of a career path, and they see that this can require frequent moves and a lack of security about future employment. Women are more negatively affected than men by the competitiveness in this stage of an academic career and their concerns about competitiveness are fuelled, they say, by a relative lack of self-confidence. Women more than men see great sacrifice as a prerequisite for success in academia. This comes in part from their perception of women who have succeeded, from the nature of the available role models. Successful female professors are perceived by female PhD candidates as displaying masculine characteristics, such as aggression and competitiveness, and they were often childless. As if all this were not enough, women PhD candidates had one experience that men never have. They were told that they would encounter problems along the way simply because they are women. They are told, in other words, that their gender will work against them. […] Universities will not survive as research institutions unless university leadership realises that the working conditions they offer dramatically reduce the size of the pool from which they recruit. We will not survive because we have no reason to believe we are attracting the best and the brightest. When industry is the more attractive employer, our credibility as the home of long-term, cutting edge, high-risk, profoundly creative research, is diminished.
(via Aoife McLysaght)(tags: women life university third-level careers research via:aoifemcl)
The New Wilderness (Idle Words)
Our discourse around privacy needs to expand to address foundational questions about the role of automation: To what extent is living in a surveillance-saturated world compatible with pluralism and democracy? What are the consequences of raising a generation of children whose every action feeds into a corporate database? What does it mean to be manipulated from an early age by machine learning algorithms that adaptively learn to shape our behavior?
(tags: facebook google privacy future dystopia surveillance society)
Jigsaw Bought a Russian Twitter Troll Campaign as an Experiment
“Let’s say I want to wage a disinformation campaign to attack a political opponent or a company, but I don’t have the infrastructure to create my own Internet Research Agency,” Gully told WIRED in an interview, speaking publicly about Jigsaw’s year-old disinformation experiment for the first time. “We wanted to see if we could engage with someone who was willing to provide this kind of assistance to a political actor … to buy services that directly discredit their political opponent for very low cost and with no tooling or resources required. For us, it’s a pretty clear demonstration these capabilities exist, and there are actors comfortable doing this on the internet.”
it cost just $250.(tags: disinformation fakes disinfo fake-news russia trolls jigsaw social-media)
New Spam Campaign Controlled by Attackers via DNS TXT Records
Ah, Google, what were you thinking?
When decoded, this string is an URL to Google’s public DNS resolve for a particular domain. For example, the above string decodes to https://dns.google.com/resolve?name=fetch.vxpapub.[omitted].net&type=TXT. The attachment’s script will use this URL to retrieve the associated domain’s TXT record. A TXT record is a DNS entry that can be used to store textual data. This field is typically used for SPF or DMARC records, but could be used to host any type of textual content. The nice part about using the Google’s DNS resolver is that the information will be returned as JSON, which makes it easy for the malicious script to extract the data it needs.
(via Paul Vixie)(tags: txt dns google resolvers spam fail security via:paulvixie)
An Orbit Map of the Solar System
This week’s map shows the orbits of more than 18000 asteroids in the solar system. This includes everything we know of that’s over 10km in diameter – about 10000 asteroids – as well as 8000 randomized objects of unknown size. This map shows each asteroid at its exact position on New Years’ Eve 1999. All of the data for this map is shared by NASA and open to the public.
Really lovely stuff!(tags: astronomy dataviz map space visualization asteroids planets posters moons solar-system)
Fans Are Better Than Tech at Organizing Information Online
Fans tag the content, but then — volunteers consolidate and aggregate those tags:
On AO3, users can put in whatever tags they want. (Autocomplete is there to help, but they don’t have to use it.) Then behind the scenes, human volunteers look up any new tags that no one else has used before and match them with any applicable existing tags, a process known as tag wrangling. Wrangling means that you don’t need to know whether the most popular tag for your new fanfic featuring Sherlock Holmes and John Watson is Johnlock or Sherwatson or John/Sherlock or Sherlock/John or Holmes/Watson or anything else. And you definitely don’t need to tag your fic with all of them just in case. Instead, you pick whichever one you like, the tag wranglers do their work behind the scenes, and readers looking for any of these synonyms will still be able to find you.
(tags: folksonomy tagging tags taxonomy fans fandom archival archives fanfic)
Irish National Open Research Forum national framework published
“All Irish scholarly publications resulting from publicly-funded research will be openly available by default from 2020 onwards and will be accessible on an ongoing basis.” (via Don Marti)
(tags: via:donmarti open open-access science public ireland funding research)
Internet-Scale analysis of AWS Cognito Security
Just published the white-paper for my latest research: Internet-Scale analysis of AWS Cognito Security. The white-paper contains the methodology and results of an internet-scale security analysis of AWS Cognito configurations. The research identified 2500 identity pools, which were used to gain access to more than 13000 S3 buckets (which are not publicly exposed), 1200 DynamoDB tables and 1500 Lambda functions.
(via Ben Bridts)(tags: aws cognito security s3 dynamodb scanning whitepapers)
Multi-Sensor IoT Environmental Sensor Box With CircuitPython
Just add a power outlet and a WiFi network and stream time and location stamped environmental readings to AdafruitIO.
(tags: adafruit sensors iot maker hacks air-quality temperature environment metrics)
The Making of a YouTube Radical – The New York Times
Near the end of our interview, I told Mr. Cain that I found it odd that he had successfully climbed out of a right-wing YouTube rabbit hole, only to jump into a left-wing YouTube rabbit hole. I asked if he had considered cutting back on his video intake altogether, and rebuild some of his offline relationships. He hesitated, and looked slightly confused. For all of its problems, he said, YouTube is still where political battles are fought and won. Leaving the platform would essentially mean abandoning the debate. He conceded, though, that he needed to think critically about the videos he watched. “YouTube is the place to put out a message,” he said. “But I’ve learned now that you can’t go to YouTube and think that you’re getting some kind of education, because you’re not.”
two-thirds of cyclists with disabilities find cycling easier than walking
and other facts about disabled cyclists. This is very thought-provoking stuff.
According to a recent study by Wheels for Well-being, a British organization of disabled cyclists, 15 percent of people with disabilities cycle, compared with 18 percent of the general population. Moreover, two-thirds of cyclists with disabilities find cycling easier than walking, the group says. Clearly, bikes are not just a mode of transit, but function as mobility devices for many disabled people. I find it ableist, or prejudiced against the disabled, when we consider e-bikes and other adaptive-cycling methods as “inferior.” Many of us can ride a traditional two-wheeled bicycle, but others simply can’t.
(tags: cycling disability accessibility cities design cycles disabled)
Carnival Cruise Line to pay a $20M fine over pollution
Carnival’s pollution problem is so bad that across its fleet, the large boats pollute 10 times more than all 260 million of Europe’s cars. That tidbit comes courtesy of a study by the European think tank Transport & Environment, which looked at 203 cruise ships sailing European waters in 2017. The report also found that besides over-tourism and crashing into ports, there’s a good reason for European cities to dislike cruise ships: they are emitting sulfur dioxide all over the place. If you can’t keep your pollutants straight, sulfur dioxide causes both acid rain and lung cancer. Cruise lines, it turns out, have been dropping the gas all over Europe; the report says Barcelona, Palma Mallorca, and Venice were the cities worst affected by sulfur dioxide emissions. Per the FT, “sulfur dioxide emissions from cars was 3.2m kt versus 62m kt from cruise ships, with Carnival accounting for half that, the study found.”
(tags: carnival cruises cruise-ships pollution europe eu driving environment climate-change)
The Existential Crisis Plaguing Online Extremism Researchers
Oh god. This, so much:
Many researchers in the field cut their teeth as techno-optimists, studying the positive aspects of the internet—like bringing people together to enhance creativity or further democratic protest, á la the Arab Spring—says Marwick. But it didn’t last. The past decade has been an exercise in dystopian comeuppance to the utopian discourse of the ’90s and ‘00s. Consider Gamergate, the Internet Research Agency, fake news, the internet-fueled rise of the so-called alt-right, Pizzagate, QAnon, Elsagate and the ongoing horrors of kids YouTube, Facebook’s role in fanning the flames of genocide, Cambridge Analytica, and so much more. “In many ways, I think it [the malaise] is a bit about us being let down by something that many of us really truly believed in,” says Marwick. Even those who were more realistic about tech—and foresaw its misuse—are stunned by the extent of the problem, she says. “You have to come to terms with the fact that not only were you wrong, but even the bad consequences that many of us did foretell were nowhere near as bad as the actual consequences that either happened or are going to happen.” […..] “It’s not that one of our systems is broken; it’s not even that all of our systems are broken,” says Phillips. “It’s that all of our systems are working … toward the spread of polluted information and the undermining of democratic participation.”
(via Paul Moloney)(tags: future grim dystopia tech optimism web internet gamergate wired via:oceanclub)
France Bans Judge Analytics, 5 Years In Prison For Rule Breakers
‘The identity data of magistrates and members of the judiciary cannot be reused with the purpose or effect of evaluating, analysing, comparing or predicting their actual or alleged professional practices.’ As far as Artificial Lawyer understands, this is the very first example of such a ban anywhere in the world. Insiders in France told Artificial Lawyer that the new law is a direct result of an earlier effort to make all case law easily accessible to the general public, which was seen at the time as improving access to justice and a big step forward for transparency in the justice sector. However, judges in France had not reckoned on NLP and machine learning companies taking the public data and using it to model how certain judges behave in relation to particular types of legal matter or argument, or how they compare to other judges. In short, they didn’t like how the pattern of their decisions – now relatively easy to model – were potentially open for all to see.
(tags: censorship france analytics judgements legal judges statistics)
Changing my Mind about AI, Universal Basic Income, and the Value of Data
In this piece I’ll be talking about two particular bits of rhetoric that have found an apparently unlikely partnership in the past five years. The impending obsolescence of humanity locked eyes across the room with a utopian vision of all-powerful AI that sees to all our needs. They started a forbidden romance that has since enthralled even the most serious tech industry leaders. I myself was enthralled with the story at first, but more recently I’ve come to believe it may end in tragedy.
(tags: ai philosophy ubi future tech)
An update on Sunday’s service disruption | Google Cloud Blog
Google posting the most inappropriately upbeat post-mortem I’ve ever read…
In essence, the root cause of Sunday’s disruption was a configuration change that was intended for a small number of servers in a single region. The configuration was incorrectly applied to a larger number of servers across several neighboring regions, and it caused those regions to stop using more than half of their available network capacity. The network traffic to/from those regions then tried to fit into the remaining network capacity, but it did not. The network became congested, and our networking systems correctly triaged the traffic overload and dropped larger, less latency-sensitive traffic in order to preserve smaller latency-sensitive traffic flows, much as urgent packages may be couriered by bicycle through even the worst traffic jam. Google’s engineering teams detected the issue within seconds, but diagnosis and correction took far longer than our target of a few minutes. Once alerted, engineering teams quickly identified the cause of the network congestion, but the same network congestion which was creating service degradation also slowed the engineering teams’ ability to restore the correct configurations, prolonging the outage. The Google teams were keenly aware that every minute which passed represented another minute of user impact, and brought on additional help to parallelize restoration efforts.
(tags: gcp google odd outages post-mortems networking)
-
RepliCade Insert Coin keychains are constructed from a traditional blend of diecast metal and plastic. Push the coin return button to activate LED illumination for 30 seconds. This 1:1 scale arcade-accurate replica metal coin return key chain stands 2″ tall and weighs in at a whopping 3.2 ozs.
The war on trees: insurance involvement denied by Cork County Council
Cork people have documented on social media examples of trees being removed from public spaces and have been critical of the practice. Last week, The Phoenix magazine claimed the insurance industry “has been identified as the dark force behind the slaughtering of thousands of healthy trees across Ireland”.t “It transpires insurance companies have offered lower premiums to county councils, if they remove any tree that poses even a remote threat to passing humans,” the magazine reported. This was put to Cork City Council, which denied the claim. “I refer to your query and can confirm that no contact has been made with Cork City Council by insurance companies, in relation to trees,” the spokesperson said.
Skerries protesters attempt to stop felling of mature trees
The War On Trees comes to Skerries, with people organising day-long rotas and chaining vehicles to trees to stop Fingal County Council from cutting them down
Yes, you can feed bread to swans
“There has been a great deal of press coverage in recent months regarding the ‘Ban the Bread’ campaign which is confusing many members of the public who like to feed swans. Supporters of the campaign claim that bread should not be fed to swans on the grounds that it is bad for them. This is not correct. [….] There is no good reason not to feed bread to swans, provided it is not mouldy. Most households have surplus bread and children have always enjoyed feeding swans with their parents. The ‘Ban the Bread’ campaign is already having a deleterious impact upon the swan population; I am receiving reports of underweight cygnets and adult birds, and a number of swans from large flocks have begun to wander into roads in search of food. This poses the further risk of swans being hit by vehicles. Malnutrition also increases their vulnerability to fatal diseases like avian-flu which has caused the deaths of many mute swans and other waterfowl in the past.”
What I Learned Trying To Secure Congressional Campaigns (Idle Words)
‘on August 22, the DNC had a phishing scare, where they mistook a vulnerability assessment for an actual attack. The next day, DCCC Executive Director Dan Sena sent an email to all campaigns with the subject line “Reminder About Cybersecurity”. That email included three attachments, including a file evocatively titled “2-20170712-Falcon.docx”.’
(tags: politics security dnc democrats funny yubikeys gmail google auth phishing hacking congress)
British Far Right Extremism Manipulating Ireland
digging into the “Irexit” campaign and their extensive links to Nigel Farage and the British far right — 100% astroturf
(tags: astroturf ireland irexit nigel-farage ukip brexit politics dirty-tricks)
-
an entertaining dive down a low-level performance-optimization rabbit hole, diving into radix sort on an array of integers in particular
(tags: sorting sort performance optimization radix-sort qsort algorithms)
A Twitter thread about where P99s came from
“If you’re wondering what “P-four-nines” means, it’s the latency at the 99.99th percentile, meaning only one in 10,000 requests has a worse latency. Why do we measure latency in percentiles? A thread about how how it came to be at Amazon…” This is a great thread from Andrew Certain, who managed the Performance Engineering team at Amazon in 2001. Percentiles, particularly for latency and performance measurement, were one of the big ideas which hit me like a ton of bricks when I joined Amazon, as they had been adopted whole-heartedly across the company by that stage.
(tags: p99 percentiles quantiles history performance analysis measurement metrics amazon aws pmet)
The Fairy King’s advice on Trees. A poem from Early Ireland
This medieval Irish poem about trees is taken from a text known as Aidedh Ferghusa meic Léide (the Death of Fergus). In the poem, Iubhdán, the king of the fairies, advises the ruler of Ulster, Fergus mac Léide, on the special qualities of trees and which ones can be burned in the household fire.
The Dark Forest Theory of the Internet
The internet of today is a battleground. The idealism of the ’90s web is gone. The web 2.0 utopia?—?where we all lived in rounded filter bubbles of happiness?—?ended with the 2016 Presidential election when we learned that the tools we thought were only life-giving could be weaponized too. The public and semi-public spaces we created to develop our identities, cultivate communities, and gain knowledge were overtaken by forces using them to gain power of various kinds (market, political, social, and so on). […] The dark forests grow because they provide psychological and reputational cover. They allow us to be ourselves because we know who else is there. Compared to the free market communication style of the mass channels?—?with their high risks, high rewards, and limited moderation?—?dark forest spaces are more Scandinavian in their values and the social and emotional security they provide. They cap the downsides of looking bad and the upsides of our best jokes by virtue of a contained audience.
(tags: culture internet dark-forests future web privacy abuse community)
-
Nixery provides the ability to pull ad-hoc container images from a Docker-compatible registry server. The image names specify the contents the image should contain, which are then retrieved and built by the Nix package manager. Nix is also responsible for the creation of the container images themselves.
e.g. “docker run -ti nixery.appspot.com/shell/htop bash”(tags: docker containers nix nixpkgs packaging deployment ops)
5G is the new antivax/chemtrails conspiracy theory
And Russia is pushing it. Expect to see a lot of this about soon
(tags: 5g conspiracies loons crazy russia propaganda disinformation wireless youtube)
The definitive guide to running EC2 Spot Instances as Kubernetes worker nodes
it really is quite definitive, good writeup
(tags: ec2 spot-instances cost-saving kubernetes clusters asg aws)
-
Irish MEP Mairead McGuinness is reportedly involved, according to this
(tags: mairead-mcguinness religion secular democracy eu meps europe lobbying)
-
‘a new national platform for accessing authoritative geospatial information which provides free, web-based access to authoritative Irish spatial data from multiple providers, including Ordnance Survey Ireland (OSi) and many more.’
(tags: ireland mapping maps geo ordnance-survey osi geodata)
-
nice high-res scan
-
The EU’s expert group met last year as a response to the wildfire spread of fake news and disinformation seen in the Brexit referendum and in the US election of President Donald Trump. Their task was to help prevent the spread of disinformation, particularly at pivotal moments such as this week’s hotly contested European parliamentary elections. However some of these experts say that representatives of Facebook and Google undermined the work of the group, which was convened by the European Commission and comprised leading European researchers, media entrepreneurs and activists. In particular, the platforms opposed proposals that would have forced them to be more transparent about their business models. And a number of insiders have raised concerns about how the tech platforms’ funding relationships with experts on the panel may have helped to water down the recommendations. In the wake of numerous reports of massive disinformation campaigns targeting the European elections, many linked to Russia and to far-right groups, EU politicians and transparency campaigners have called these fresh allegations about the tech platforms’ behaviour a “scandal”.
(tags: google facebook disinformation russia eu democracy lobbying)