Recent blog entries

5 Jul 2015 caolan   » (Master)

crash testing, 1 export failure, 0 import failures

I graphed our crashtesting improvement on importing documents a while back, and mentioned that while import failures had improved dramatically that the export figures weren't as shiny. But there's been some great progress there too, especially with the work mstahl has been putting in, so today the crashtesting has reported effectively three consecrative 0 import failures and with the first drop to 1 reported export failure (an assert) so I present the graph of export failure progress

 And an updated import crashtesting graph.

This is on our corpus of 76000+ documents sucked down from various bugzillas and other sources.

Syndicated 2015-07-05 10:37:00 (Updated 2015-07-05 10:37:06) from Caolán McNamara

4 Jul 2015 marnanel   » (Journeyer)

puns

Sometimes I like throwing puns into a discussion without marking them as such, and seeing whether anyone notices. I'm at a conference thing, and they're doing massages for the people there. I had one, and afterwards the massage person said, "Sorry to cut it short, but I have three more people to go in the next twenty minutes. I didn't realise I'd be so busy!" I said, "Well, everyone wants to feel kneaded." They agreed, and I smiled, and went on my way.

This entry was originally posted at http://marnanel.dreamwidth.org/336931.html. Please comment there using OpenID.

Syndicated 2015-07-04 13:51:57 from Monument

3 Jul 2015 marnanel   » (Journeyer)

The Ghost in the Crown-- act 2, part 1

(I haven’t finished Act 2 yet, but here’s the first part. More soon.)

I'm reading a book
That I took from my school.
Polonius comes in.
(He’s a pompous old fool,
But also my girlfriend
Ophelia’s dad.)
I’ll scare him away!
I’ll pretend to be mad!

He said, “Who am I?”
And I looked all about.
I said, “You’re the fellow
Who sold me a trout.
But have you a daughter?”
He said, “Just the one.”
“Be careful,” I said,
“If she walks in the sun
Where meat becomes maggots
And milk becomes curds.”
He asked what I’m reading.
I said, “Words…
words…
words.”

“But what do they say?”
And I said, “I detect
Some satire, some slander,
Some lack of respect.
It says: when you’re old
Your eyesight gets hazy.
Your whiskers go grey.
You start to go crazy.
Your eyes fill with goop.
And yes, it’s all true
But seems a bit rude
To codgers like you.”

He hurried away.
But my uncle instead
Strode into the room
And called me and said:

“I will open the door!
I will show you a thing!
You will like what I show you!”
(Said Claudius King.)
“Your friends came to visit!
Come quickly and see!
Some friends, and I call them
Thing R and Thing G!
They came to the castle
To be a surprise!
They might cheer you up!
And they’re not at all spies!”

They said, “We’re in Denmark
To see how you are!
Would you like to shake hands
With Thing G and Thing R?”

This entry was originally posted at http://marnanel.dreamwidth.org/336692.html. Please comment there using OpenID.

Syndicated 2015-07-03 20:51:52 (Updated 2015-07-03 20:53:03) from Monument

3 Jul 2015 Pizza   » (Master)

Shinko S1245 and S6245 (AKA Sinfonia E1 and CE1)

A few months ago I received a semi-official documentation dump from Sinfonia. Thanks to that information, Gutenprint now claims full support for both the S1245 and S6245. These models required new backends, and last night I committed the last of the necessary changes.
Both printers should now work -- in theory, anyway.

As I don't own or have access to either printer, this code has received no testing whatsoever, and as such might result in kittens swallowing the earth with impeccable wide-eyed cuteness as they mew and cry out for belly rubs. Oh, the humanity!

If there's someone out there who wouldn't mind donating a printer to the cause, or at least be willing to go a few rounds of testing, drop me a line.

Do it for Free Software. Do it for World Peace. Do it for Kittens.

Syndicated 2015-07-03 19:41:38 from Solomon Peachy

3 Jul 2015 wingo   » (Master)

Pfmatch, a packet filtering language embedded in Lua

Greets, hackers! I just finished implementing a little embedded language in Lua and wanted to share it with you. First, a bit about the language, then some notes on how it works with Lua to reach the high performance targets of Snabb Switch.

the pfmatch language

Pfmatch is a language designed for filtering, classifying, and dispatching network packets in Lua. Pfmatch is built on the well-known pflang packet filtering language, using the fast pflua compiler for LuaJIT.

Here's an example of a simple pfmatch program that just divides up packets depending on whether they are TCP, UDP, or something else:

match {
   tcp => handle_tcp
   udp => handle_udp
   otherwise => handle_other
}

Unlike pflang filters written for such tools as tcpdump, a pfmatch program can dispatch packets to multiple handlers, potentially destructuring them along the way. In contrast, a pflang filter can only say "yes" or "no" on a packet.

Here's a more complicated example that passes all non-IP traffic, drops all IP traffic that is not going to or coming from certain IP addresses, and calls a handler on the rest of the traffic.

match {
   not ip => forward
   ip src 1.2.3.4 => incoming_ip
   ip dst 5.6.7.8 => outgoing_ip
   otherwise => drop
}

In the example above, the handlers after the arrows (forward, incoming_ip, outgoing_ip, and drop) are Lua functions. The part before the arrow (not ip and so on) is a pflang expression. If the pflang expression matches, its handler will be called with two arguments: the packet data and the length. For example, if the not ip pflang expression is true on the packet, the forward handler will be called.

It's also possible for the handler of an expression to be a sub-match:

match {
   not ip => forward
   ip src 1.2.3.4 => {
      tcp => incoming_tcp(&ip[0], &tcp[0])
      udp => incoming_udp(&ip[0], &ucp[0])
      otherwise => incoming_ip(&ip[0])
   }
   ip dst 5.6.7.8 => {
      tcp => outgoing_tcp(&ip[0], &tcp[0])
      udp => outgoing_udp(&ip[0], &ucp[0])
      otherwise => outgoing_ip(&ip[0])
   }
   otherwise => drop
}

As you can see, the handlers can also have additional arguments, beyond the implicit packet data and length. In the above example, if not ip doesn't match, then ip src 1.2.3.4 matches, then tcp matches, then the incoming_tcp function will be called with four arguments: the packet data as a uint8_t* pointer, its length in bytes, the offset of byte 0 of the IP header, and the offset of byte 0 of the TCP header. An argument to a handler can be any arithmetic expression of pflang; in this case &ip[0] is actually an extension. More on that later. For language lawyers, check the syntax and semantics over in our source repo.

Thanks especially to my colleague Katerina Barone-Adesi for long backs and forths about the language design; they really made it better. Fistbump!

pfmatch and lua

The challenge of designing pfmatch is to gain expressiveness, compared to writing filters by hand, while not endangering the performance targets of Pflua and Snabb Switch. These days Snabb is on target to give ASIC-driven network appliances a run for their money, so anything we come up with cannot sacrifice speed.

In practice what this means is compile, don't interpret. Using the pflua compiler allows us to generalize the good performance that we have gotten on pflang expressions to a multiple-dispatch scenario. It's a pretty straightword strategy. Naturally though, the interface with Lua is more complex now, so to understand the performance we should understand the interaction with Lua.

How does one make two languages interoperate, anyway? With pflang it's pretty clear: you compile pflang to a Lua function, and call the Lua function to match on packets. It returns true or false. It's a thin interface. Indeed you could with pflang and pflua you could just match the clauses in order:

not_ip = pf.compile('not ip')
incoming = pf.compile('ip src 1.2.3.4')
outgoing = pf.compile('ip dst 5.6.7.8')

function handle(packet, len)
   if not_ip(packet, len) then return forward(packet, len)
   elseif incoming(packet, len) then return incoming_ip(packet, len)
   elseif outgoing(packet, len) then return outgoing_ip(packet, len)
   else return drop(packet, len) end
end

But not only is this tedious, you don't get easy access to the packet itself, and you're missing out on opportunities for optimization. For example, if the packet fails the not_ip check, we don't need to check if it's an IP packet in the incoming check. Compiling a pfmatch program takes advantage of pflua's optimizer to produce good code for the match expression as a whole.

If this were Scheme I would make the right-hand side of an arrow be an expression and implement pfmatch as a macro; see Racket's match documentation for an example. In Lua or other languages that's harder to do; you would have to parse Lua, and it's not clear which parts of the production as a whole are the host language (Lua) and which are the embedded language (pfmatch).

Instead, I think embedding host language snippets by function name is a fine solution. It seems fairly clear that incoming_ip, for example, is some kind of function. It's easy to parse identifiers in an embedded language, both for humans and for programs, so that takes away a lot of implementation headache and cognitive overhead.

We are left with a few problems: how to map names to functions, what to do about the return value of match expressions, and how to tie it all together in the host language. Again, if this were Scheme then I'd use macros to embed expressions into the pfmatch term, and their names would be scoped into whatever environment the match term was defined. In Lua, the best way to implement a name/value mapping is with a table. So we have:

local handlers = {
   forward = function(data, len)
      ...
   end,
   drop = function(data, len)
      ...
   end,
   incoming_ip = function(data, len)
      ...
   end,
   outgoing_ip = function(data, len)
      ...
   end
}

Then we will pass the handlers table to the matcher function, and the matcher function will call the handlers by name. LuaJIT will mostly take care of the overhead of the table dispatch. We compile the filter like this:

local match = require('pf.match')

local dispatcher = match.compile([[match {
   not ip => forward
   ip src 1.2.3.4 => incoming_ip
   ip dst 5.6.7.8 => outgoing_ip
   otherwise => drop
}]])

To use it, you just invoke the dispatcher with the handlers, data, and length, and the return value is whatever the handler returns. Here let's assume it's a boolean.

function loop(self)
   local i, o = self.input.input, self.output.output
   while not link.empty() do
      local pkt = link.receive(i)
      if dispatcher(handlers, pkt.data, pkt.length) then
         link.transmit(o, pkt)
      end
   end
end

Finally, we're ready for an example of a compiled matcher function. Here's what pflua does with the match expression above:

local cast = require("ffi").cast
return function(self,P,length)
   if length < 14 then return self.forward(P, len) end
   if cast("uint16_t*", P+12)[0] ~= 8 then return self.forward(P, len) end
   if length < 34 then return self.drop(P, len) end
   if P[23] ~= 6 then return self.drop(P, len) end
   if cast("uint32_t*", P+26)[0] == 67305985 then return self.incoming_ip(P, len) end
   if cast("uint32_t*", P+30)[0] == 134678021 then return self.outgoing_ip(P, len) end
   return self.drop(P, len)
end

The result is a pretty good dispatcher. There are always things to improve, but it's likely that the function above is better than what you would write by hand, and it will continue to get better as pflua improves.

Getting back to what I mentioned earlier, when we write filtering code by hand, we inevitably end up writing interpreters for some kind of filtering language. Network functions are essentially linguistic in nature: static appliances are no good because network topologies change, and people want solutions that reflect their problems. Usually this means embedding an interpreter for some embedded language, for example BPF bytecode or iptables rules. Using pflua and pfmatch expressions, we can instead compile a filter suited directly for the problem at hand -- and while we're at it, we can forget about worrying about pesky offsets, constants, and bit-shifts.

challenges

I'm optimistic about pfmatch or something like it being a success, but there are some challenges too.

One challenge is that pflang is pretty weird. For example, attempting to access ip[100] will abort a filter immediately on a packet that is less than 100 bytes long, not including L2 encapsulation. It's wonky semantics, and in the context of pfmatch, aborting the entire pfmatch program would obviously be the wrong thing. That would abort too much. Instead it should probably just fail the pflang test in which that packet access appears. To this end, in pfmatch we turn those aborts into local expression match failures. However, this leads to an inconsistency with pflang. For example in (ip[100000] == 0 or (1==1)), instead of ip[100000] causing the whole pflang match to fail, it just causes the local test to fail. This leaves us with 1==1, which passes. We abort too little.

This inconsistency is probably a bug. We want people to be able to test clauses with vanilla pflang expressions, and have the result match the pfmatch behavior. Due to limitations in some of pflua's intermediate languages, though, it's likely to persist for a while. It is the only inconsistency that I know of, though.

Pflang is also underpowered in many ways. It has terrible IPv6 support; for example, tcp[0] only matches IPv4 packets, and at least as implemented in libpcap, most payload access on IPv6 packets does the wrong thing regarding chained extension headers. There is no facility in the language for binding names to intermediate results, there is no linguistic facility for talking about fragmentation, no ability to address IP source and destination addresses in arithmetic expressions by name, and so on. We can solve these in pflua with extensions to the language, but that introduces incompatibilities with pflang.

You mind wonder why to stick with pflang, after all of this. If this is you, Juho Snellman wrote a great article on this topic, just for you: What's wrong with pcap filters.

Pflua's optimizer has mostly helped us, but there have been places where it could be more helpful. When compiling just one expression, you can often end up figuring out which branches are dead-ends, which helps the rest of the optimization to proceed. With more than one successful branch, we had to make a few improvements to the optimizer to actually get decent results. We also had to relax one restriction on the optimizer: usually we only permit transformations that make the code smaller. This way we know we're going in the right direction and will eventually terminate. However because of reasons we did decide to allow tail calls to be duplicated, so instead of having just one place in the match function that tail-calls a handler, you can end up with multiple calls. I suspect using a tracing compiler will largely make this moot, as control-flow splits effectively lead to trace duplication anyway, and adding later splits doesn't effectively counter that. Still, I suspect that the resulting trace shape will rejoin only at the loop head, instead of in some intermediate point, which is probably OK.

future

With all of these concerns, is pfmatch still a win? Yes, probably! We're going to start using it when building Snabb apps, and will see how it goes. We'll probably end up adding a few more pflang extensions before we're done. If it's something you're in to, snabb-devel is the place to try it out, and see you on the bug tracker. Happy packet hacking!

Syndicated 2015-07-03 11:05:11 from wingolog

3 Jul 2015 glyph   » (Master)

Sorry I Unfollowed You

Since Alex Gaynor wrote his seminal thinkpiece on the subject, “I Hope Twitter Goes Away”, I’ve been wrestling to define my relationship to this often problematic product.

On the one hand, Twitter has provided me with delightful interactions with human beings who I would not otherwise have had the opportunity to meet or interact with. If you are the sort of person who likes following people, four suggestions I’d make on that front are Melissa 🔔, Gary Bernhardt, Eevee and Matt Blaze, all of whom have blogs but none of whom I would have discovered without Twitter.

Twitter has also allowed me to reach a larger audience with my writing than I otherwise would have been able to. Lots of people click on links to this blog from Twitter either from following me directly or from a retweet. (Thank you, retweeters, one and all.)

On the other hand, the effect of using Twitter on my productivity is like having a constant, low-grade headache. While Twitter has never been a particularly bad distraction as measured by hours spent on it (I keep metrics on that, and it’s rarely even in the top 10), I feel like consulting Twitter is something I do when I am stuck, or having to think about something hard. “I’ll just check Twitter” is an easy way to “take a break” right at the moment that I ought to be thinking harder, eliminating distractions, mustering my will to focus.

This has been particularly stark for me as I’ve been trying to get some real writing done over the last couple of weeks and have been consistently drawing a blank. Given that I have a deadline coming up on Wednesday and another next Monday, something had to give.

Or, as Joss Whedon put it, when he quit Twitter:

If I’m going to start writing again, I have to go to the quiet place, and this is the least quiet place I’ve ever been in my life.

I’m an introvert, and using Twitter is more like being at a gigantic, awkward party all the time than any other online space I’ve ever been in.

There’s an irony here. Mostly what people like that I put on Twitter (and yes, I’ve checked) are announcements that link to other things, accomplishments in other areas, like a blog post, or a feature in Twisted, but using Twitter itself is inimical to completing those things.

I’m loath to abandon the positive aspects of Twitter. Some people also use Twitter as a replacement for RSS, and I don’t want to break the way they choose to pay attention to the stuff that I do. And a few of my friends communicate exclusively through direct messages.

The really “good” thing about Twitter is discovery. It enables you to discover people, content, and, eugh, “brands” that appeal to you. I have discovered things that I enjoy many times. The fundamental problem I am facing, which is a little bit hard to admit to oneself, is that I have discovered enough. I have enough games to play, enough books and articles to read, enough podcasts to listen to, enough movies to watch, enough code to write, enough open source libraries to investigate, that I will be busy for years based on what I already know.

For me, using Twitter’s timeline at this point to “discover” more things is like being at a delicious buffet, being so full I’m nauseous, and stuffing my pockets with shrimp “just in case” I’m hungry “when I get home” - and then, of course, not going home.

Even disregarding my desire to produce useful content, if I just want to enjoy consuming content more deeply, I have to take the time to engage with it properly.

So here’s what I’m doing:

  1. I am turning on the “anyone can direct message me” feature. We’ll see how that goes; I may have to turn it off again later. As always, I’d prefer you send email (or text me, if it’s time-critical).
  2. I am unfollowing literally everyone, and will not follow people in the future. Checking my timeline was the main information junk-food I want to avoid.
  3. Since my timeline, rather than mentions and replies, was my main source of distraction, I’ll continue paying attention to mentions and replies (at least for now; I’ll have to see if that becomes a problem in the absence of a timeline).
  4. In order to avoid producing such information junk-food myself, I’m going to try to directly tweet less, and put more things into brief blog posts so I have enough room to express them. I won’t say “not at all”, but most of the things that I put on Twitter would really be better as longer, more thoughtful articles.

Please note that there’s nothing prescriptive here. I’m outlining what I’m doing in the hopes that others might recognize similar problems with themselves - if everyone used Twitter this way, there would hardly be a point to the site.

Also, if I’ve unfollowed you, that doesn’t mean I’m not interested in what you have to say. I already have a way of keeping in touch with people’s more fully-formed ideas: I use Blogtrottr to deliver relevant blog articles to my email. If I previously followed you and you think I might not be reading your blog already (in most cases I believe I already am), please feel free to drop me a line with an RSS link.

Syndicated 2015-06-09 00:41:00 from Deciphering Glyph

3 Jul 2015 marnanel   » (Journeyer)

Gentle Readers: proof by elephant

Gentle Readers
a newsletter made for sharing
volume 4, number 1
2nd July 2015: proof by elephant
What I’ve been up to

I'm back! I've been ill for quite a while, and I've missed writing Gentle Readers enormously. But today I'm back.

A picture

Metro gnome

Metro gnome

Something wonderful

The voyage of Columbus didn't convince anyone that the world is round. Nobody needed convincing, because nobody believed that the world was flat. Nearly two thousand years earlier, a Greek scholar named Eratosthenes had demonstrated it-- not only the shape of the earth, but even how far it was around. (He went to two different cities, and measured the angle of the sun when it was at its highest point on Midsummer Day. Then, since he knew how far apart the cities were, he could work out the circumference of the earth.)

But a century before Erastothenes, Aristotle's book On the heavens (Περὶ οὐρανοῦ) gave five reasons to believe the earth is round. And one of them is a proof by elephants.
How to find the shape of the earth using elephants
What do you find if you go as far west from Greece as you can, to Africa? Elephants!
What do you find if you go as far east as you can, to India? Elephants!
So obviously if the east and the west both have elephants, it stands to reason that they're next to one another.

"Hence one should not be too sure of the incredibility of the view of those who conceive that there is continuity between the parts about the pillars of Hercules and the parts about India, and that in this way the ocean is one. As further evidence in favour of this they quote the case of elephants, a species occurring in each of these extreme regions, suggesting that the common characteristic of these extremes is explained by their continuity."

Thomas Aquinas helpfully pointed out the flaw in this reasoning:

...they make a conjecture as to the similarity of both places from the elephants which arise in both places but are not found in the regions between them. This of course is a sign of the agreement of these places but not necessarily of their nearness to one another.

Something from someone else

This is a famous retelling of a very old story.
 
THE BLIND MEN AND THE ELEPHANT
by John Godfrey Saxe (1816-1887)

It was six men of Indostan
To learning much inclined,
Who went to see the Elephant
(Though all of them were blind),
That each by observation
Might satisfy his mind.

The First approached the Elephant,
And happening to fall
Against his broad and sturdy side,
At once began to bawl:
"God bless me! but the Elephant
Is very like a wall!"

The Second, feeling of the tusk,
Cried, "Ho! what have we here
So very round and smooth and sharp?
To me 'tis mighty clear
This wonder of an Elephant
Is very like a spear!"

The Third approached the animal,
And happening to take
The squirming trunk within his hands,
Thus boldly up and spake:
"I see," quoth he, "the Elephant
Is very like a snake!"

The Fourth reached out an eager hand,
And felt about the knee.
"What most this wondrous beast is like
Is mighty plain," quoth he;
"'Tis clear enough the Elephant
Is very like a tree!"

The Fifth, who chanced to touch the ear,
Said: "E'en the blindest man
Can tell what this resembles most;
Deny the fact who can
This marvel of an Elephant
Is very like a fan!"

The Sixth no sooner had begun
About the beast to grope,
Than, seizing on the swinging tail
That fell within his scope,
"I see," quoth he, "the Elephant
Is very like a rope!"

And so these men of Indostan
Disputed loud and long,
Each in his own opinion
Exceeding stiff and strong,
Though each was partly in the right,
And all were in the wrong!

At this point I should include my parody; I wondered what might happen if blind elephants had tried to find out about humans.
 
It was six jolly Elephants
(And all of them were blind),
That all agreed to search a town
To study humankind,
That each by observation
Might satisfy his mind.

The first one felt a person's head;
In puzzled tones he spake:
"This wonder of a Human Man
Is flat as griddle-cake!"
The others solemnly agreed,
"'Tis true, and no mistake."

Colophon

Gentle Readers is published on Mondays and Thursdays, and I want you to share it. The archives are at https://gentlereaders.uk, and so is a form to get on the mailing list. If you have anything to say or reply, or you want to be added or removed from the mailing list, I’m at thomas@thurman.org.uk and I’d love to hear from you. The newsletter is reader-supported; please pledge something if you can afford to, and please don't if you can't. ISSN 2057-052X. Love and peace to you all.
 

This entry was originally posted at http://marnanel.dreamwidth.org/336130.html. Please comment there using OpenID.

Syndicated 2015-07-03 01:23:00 from Monument

2 Jul 2015 marnanel   » (Journeyer)

marnanel @ 2015-07-02T20:06:00

Random happy memory:

Once, in a needlework class at secondary school, I overheard the girls at the next table, gossiping about a Korean girl who wasn't in the room. She was in our year, but she'd only just started at our school, so they didn't know her very well. One particular thing they didn't know was that she was my cousin.

"Did you see that new [redacted] girl?" one said.

"Yeah," said the other. "Looks like a sumo wrestler."

It was a beautifully satisfying moment when I turned round and said, "Is that my cousin you're talking about?"

They spluttered for a few moments, then said, "But she can't be your cousin!"

"Look, I ought to know who my own cousins are."

"But, but...," they said. "Are you adopted?"

I hope it was a teachable moment for them in more ways than one.
This entry was originally posted at http://marnanel.dreamwidth.org/335972.html. Please comment there using OpenID.

Syndicated 2015-07-02 19:06:30 from Monument

2 Jul 2015 Stevey   » (Master)

My new fitness challenge

So recently I posted on twitter about a sudden gain in strength:

I have conquered pull-ups! On Saturday night I could do 1.5. Today I could do 11! (Chinups were always easy.) #fitness

— Steve Kemp (@Stolen_Souls) June 15, 2015


Comment

Syndicated 2015-07-01 15:52:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

1 Jul 2015 marnanel   » (Journeyer)

The Ghost in the Crown - Act 1

What if Dr Seuss had written Hamlet?


The sun did not shine.
There were clouds overhead.
I sat in the castle
And wished I was dead.
My father had perished.
My dad lost his life.
My uncle usurped him
And married his wife!
An action more evil
Than man should commit.
And I did not like it!
Not even one bit!

My mother, the queen,
And her husband, her kin,
They knocked on the door.
They said “May we come in?”
They opened the door
Of the room where I sat.
And they said to me,
“Why do you sit there like that?
Did you know derrières
Are a bit like your dad?
For everyone’s got one.
(Or everyone had.)
You cried for a night
When he died without warning.
But you can have lots
of good fun in the morning!
There’s plenty of fathers!
They’re twenty a dime!
They don’t last forever.
They die all the time!
So stop going round
In a suit of black cloth.
You’re sure to be sad
If you dress like a goth.
Don’t run off to college.
Just chill for a while.
Now I’m your new father.
So give us a smile!”

And then I was sadder
Than ever I’ve felt.
My body’s alive
But I wished it would melt.
My mum, like a beast,
With my uncle was lying,
In less than a month
From her mourning and crying.
They jumped into bed
While her tears were undried,
And I wished that the Lord
Would allow suicide.

My friends came to tell me,
“Come quickly! Come down!
We’ve seen on the ramparts
A GHOST in a CROWN!
It gave us a fright
Like we never have had!
It shines in the dark!
And it looks like your dad!”

I went to the ramparts
High over the town.
I looked! And I saw him!
The GHOST in the CROWN!

He said, “Listen closely,
For everyone’s sake!
They said I was killed
By a venomous snake.
My bruv did the deed!
Not a serpent that hisses!
He wants to be king
And to sleep with my missus!
Tell your uncle from me
He’s a murdering swine!
Or your haircut will look
Like a mad porcupine!”


I’ll be posting these over the next few days, one for each of the five acts of Hamlet. When I’m done I’ll work on some illustrations. Feedback and sharing are very welcome. This entry was originally posted at http://marnanel.dreamwidth.org/335745.html. Please comment there using OpenID.

Syndicated 2015-07-01 16:38:00 from Monument

1 Jul 2015 hypatia   » (Journeyer)

Code release: Spam All the Links

The Geek Feminism blog’s Linkspam tradition started back in August 2009, in the very early days of the blog and by September it had occurred to us to take submissions through bookmarking services. From shortly after that point there were a sequence of scripts that pulled links out of RSS feeds. Last year, I began cleaning up my script and turning it into the one link-hoovering script to rule them all. It sucks links out of bookmarking sites, Twitter and WordPress sites and bundles them all up into an email that is sent to the linkspamming team there for curation, pre-formatted in HTML and with title and suggestion descriptions for each link. It even attempts to filter out links already posted in previous linkspams.

The Geek Feminism linkspammers aren’t the only link compilers in town, and it’s possible we’re not the only group who would find my script useful. I’ve therefore finished generalising it, and I’ve released it as Spam All the Links on Gitlab. It’s a Python 3 script that should run on most standard Python environments.

Spam All the Links

Spam All the Links is a command line script that fetches URL suggestions from
several sources and assembles them into one email. That email can in turn be
pasted into a blog entry or otherwise used to share the list of links.

Use case

Spam All the Links was written to assist in producing the Geek Feminism linkspam posts. It was developed to check WordPress comments, bookmarking websites such as Pinboard, and Twitter, for links tagged “geekfeminism”, assemble them into one email, and email them to an editor who could use the email as the basis for a blog post.

The script has been generalised to allow searches of RSS/Atom feeds, Twitter, and WordPress blog comments as specified by a configuration file.

Email output

The email output of the script has three components:

  1. a plain text email with the list of links
  2. a HTML email with the list of links
  3. an attachment with the HTML formatted links but no surrounding text so as to be easily copy and pasted

All three parts of the email can be templated with Jinja2.

Sources of links

Spam All the Links currently can be configured to check multiple sources of links, in these forms:

  1. RSS/Atom feeds, such as those produced by the bookmarking sites Pinboard or Diigo, where the link, title and description of the link can be derived from the equivalent fields in the RSS/Atom. (bookmarkfeed in the configuration file)
  2. RSS/Atom feeds where links can be found in the ‘body’ of a post (postfeed in the configuration file)
  3. Twitter searches (twitter in the configuration file)
  4. comments on WordPress blog entries (wpcommentsfeed in the configuration file)

More info, and the code, is available at the Spam All the Links repository at Gitlab. It is available under the MIT free software licence.

Syndicated 2015-06-30 23:25:56 from puzzling.org

30 Jun 2015 mikal   » (Journeyer)

Percival trig

I had a pretty bad day, so I knocked off early and went for a walk before going off to the meeting at a charity I help out with. The walk was to Percival trig, which I have to say was one of the more boring trigs I've been to. Some of the forest nearly was nice enough, but the trig itself is stranded out in boring grasslands. Meh.

   

Interactive map for this route.

Tags for this post: blog pictures 20150630-percival photo canberra bushwalk trig_point
Related posts: Goodwin trig; Big Monks; Narrabundah trig and 16 geocaches; Cooleman and Arawang Trigs; One Tree and Painter; A walk around Mount Stranger

Comment

Syndicated 2015-06-30 04:08:00 (Updated 2015-07-01 02:08:08) from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

29 Jun 2015 mikal   » (Journeyer)

A team walk around Red Hill

My team at work is trying to get a bit more active, so a contingent from the Canberra portion of the team went for a walk around Red Hill. I managed to sneak in a side trip to Davidson trig, but it was cheating because it was from the car park at the top of the hill. A nice walk, with some cool geocaches along the way.

 

Interactive map for this route.

Tags for this post: blog pictures 20150629-davidson photo canberra bushwalk trig_point
Related posts: Goodwin trig; Big Monks; Narrabundah trig and 16 geocaches; Cooleman and Arawang Trigs; One Tree and Painter; A walk around Mount Stranger

Comment

Syndicated 2015-06-29 15:38:00 (Updated 2015-07-01 00:06:00) from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

29 Jun 2015 dmarti   » (Master)

Broadcasters, fighting, and data leakage

Bob Hoffman wants to see broadcasters standing up against adtech. He writes,

They are being taken to the cleaners by hyper-motivated digital evangelists who understand what predatory thinking means.

Here's a screenshot of a radio station site.

The purple bar on the right is a Ghostery list of all the trackers that are data-leaking the KFOG audience to the "adtech ecosystem."

So if a media buyer wants to reach radio listeners in the Bay Area, he or she can buy a radio commercial on KFOG (good for KFOG), buy an ad or sponsorship on the KFOG site (also good for KFOG), or just leech off the data leakage and use adtech to reach the same listeners on another site entirely (not so good for KFOG).

The radio station builds an audience, and the third-party trackers leak it away.

At the same time, a radio station can't unilaterally drop all the third-party trackers from the site. Protecting the audience is hard. That's where a radio station can use a tracking protection plan. Get the audience protected, stop data leakage, get more advertisers coming to you instead of sneaking around.

On air, when someone interferes with your signal you can call the FCC. On the Internet, well, this is getting too long, so just call Bob.

Syndicated 2015-06-29 14:07:54 from Don Marti

29 Jun 2015 Pizza   » (Master)

Ongoing Dyesub Photo Printer Developments

Gutenprint 5.2.11-pre1 was released this weekend. It contains the usual support for a pile of new printers, and improvements for many previously-supported models. I'll only speak about stuff I had a hand in:

First, the newly-supported models that are reported to be working quite well:

  • Canon SELPHY CP820 and CP910
  • Citizen CW-01 / Olmec OP900
  • DNP DS620/DS620A
  • Mitsubishi CP-3800DW

Next, new models that were added but have received no testing:

  • Sony UP-CR10L (aka DNP SL10)
  • Shinko S1245 [1]

Models that have much-improved support:

  • DNP DS40/DS80/RX1 [4]
  • Citizen CX/CX-W/CY [4]
  • Canon SELPHY CP900
  • Kodak 605, 6800, and 6850 [3]
  • Mitsubishi CP9550 family (including the CP9550DW-S!)
  • Sony UP-DR200

Finally, models that are improved or added, but will require muh more work before they are considerd useful:

  • Mitsubishi CP-D70/D707/K60/D80 [2]
  • Ciaat Brava 21 [2]
  • Kodak 305 [2]
  • Kodak 8810
  • Shinko S6145 [2]
  • Shinko S6245

Some notes:

[1] The Shinko S1245 is notable in that I've already completed a full-featured backend that just needs testing with a real printer.

[2] These models are all related, and use an unknown color scaling/dithering algorithm that must be reverse-engineered before the printers become usable.

[3] The Kodak 68x0 family in particular is consirerably more robust in the face of errors, media mismatches, and status reporting.

[4] The DNP/Citizen backend was greatly improved, and is far, far more robust than it used to be. Error detection and recovery, general buffer management, handling media/printjob mismatches, and even general status queries were all improved.


Oh, just to forestall the question, all printers with multicut modes (eg 2x6 strips) have full support, but will require a minor patch to be applied to Gutenprint before compiling.

I'll end this with my usual request for testers, especially ones with access to the Shinko S1245, Sony UP-CR10L, and DNP SL10 models since the work is already completed. As for what's next, the Shinko S6245 is the most promising candidate.

Thanks go out to everyone who has helped -- be it testing or providing USB dumps; sending over documentation (Yay, Shinko!), or actual printers (Yay, LiveLink!). There are others I would like to acknowledge but they have asked to remain anonymous. Thank you, all.

Syndicated 2015-06-29 12:15:48 from Solomon Peachy

29 Jun 2015 pabs3   » (Master)

The aliens are amongst us!

Don't worry, they can't cope with our atmosphere.

Alien on the ground

Perhaps they are just playing dead. Don't turn your back if you see one.

Folks may want to use this alien in free software. The original photo is available on request. To the extent possible under law, I have waived all copyright and related or neighboring rights to this work. The alien has signed a model release. An email or a link to this page would be appreciated though.

Syndicated 2015-06-29 08:29:36 from Advogato

28 Jun 2015 badvogato   » (Master)

http://blog.nuclearsecrecy.com/2012/10/18/who-knew-about-radiation-sickness-and-when/

28 Jun 2015 hypatia   » (Journeyer)

Sunday 28 June 2015

We’ve had our used moving boxes picked up, and we’ve returned my overdue library books from Glebe. We’ve hung the pictures we haven’t seen in three years because the previous place didn’t have hooks. There’s things we aren’t on top of (at least two lights need electrical work) but on the basics we really are moved in now.

We had our housewarming party last weekend. That and my then-missing photos hard drive motivated the bulk of the box unpacking. I like to occasionally have parties and invite a huge number of people that I know. In lieu of culling the guest list, I give fairly short notice. We live in a short street, which made it easy to invite the new neighbours too. It fell on the solstice. I used to have solstice barbecues up at Balls Head Reserve and heat mulled wine in a pot on the electric barbecues in the dark. Not since V was born. But since the housewarming was on June 21, we made mulled wine in the crockpot and had heated party pies and sausage rolls. The latter used to be a welcome treat on dive boats, served with mugs of instant soup, restoring our body temperature between dives.

The next two weeks are school holidays, which will be less of a contrast for V than they were for us. He’s spending the two weeks in his usual after school care provider, in their full day vacation care program. They do a lot of excursions and activities and generally contribute to the school holiday crowding in public places. We’re visiting my family for a weekend but not otherwise going away because we’re going to the snow in September (if there is snow this year). For a while my life will be mainly house things.

We aren’t far from an adult education centre, so I’d like to enrol in a few courses over the next couple of years. Music, studio photography… And I’m excited about the possibilities of a house I can change over time. The biggest project I can imagine is getting the back courtyard substantially redesigned. There’s a lot of small stuff that can go before that though. I’ve even joined Pinterest to track inspiration; I’m reminded that in my Wikimania keynote in 2012 the issue of women using Pinterest rather than editing Wikipedia came up once or twice, which now seems mostly odd, since one is an encyclopedia and the other is a visual inspiration bookmarking site. Probably my “find interesting pictures of courtyards” moments will not overlap terribly much with my “find sources for recent Australian crimes” moments.

Syndicated 2015-06-28 11:31:45 from puzzling.org

25 Jun 2015 caolan   » (Master)

Equalize Width/Height

In LibreOffice 5.1 I've added an equalize width/height pair of adjustments to the "shapes" submenu when multiple objects are selected. Equalize Width and Equalize Height which adjusts the width/height of the selected objects to the width/height of the last selected object.

So if you need to adjust the shapes of a bunch of little images and shapes. Adjust one, then select the lot, selecting the reference one last, and use these to update the rest of the sizes.

Syndicated 2015-06-25 13:55:00 (Updated 2015-06-25 13:55:34) from Caolán McNamara

25 Jun 2015 dmarti   » (Master)

NIMBY + ISDS = Profit?

Random idea for how to make some cash from the Trans-Pacific Partnership.

Step 1: Buy a piece of real estate in a city with a severe NIMBY problem. (See How Strong Property Rights Promote Social Equality for more info.) Sell an ownership interest in the property to a foreign company.

Step 2: Get an architect to design a building for the site that is technically 100% legal, but that will provoke a severe NIMBY reaction. Something like "Section 8 housing for TaskRabbit workers and tech bus drivers." Put up posters and buy some newspaper ads, to get the local NIMBYs fired up.

Step 3: When the local government starts giving you grief about the building plans, don't even go to the City Council meeting. Take it straight to the International Centre for Settlement of Investment Disputes, and get the US Federal government to pay the foreign company for its investment loss.

Buy back the foreign company's share of the property and repeat. Do this enough times and a vacant lot could be more profitable than a luxury condo development. (Sucks to be a person actually looking for an apartment, but hey, are we going to do Free Trade or what?)

Syndicated 2015-06-25 02:25:36 from Don Marti

24 Jun 2015 dmarti   » (Master)

One dad's FREE weight loss tip will blow your mind!

"Don, it looks like you lost weight," someone said to me last week.

That is true. Since December 2013 I have lost about 15% of my body weight.

Not a rapid decrease, but sustainable so far. I'm not at my ideal weight yet, but I have made some progress, including having to buy new pants.

The main change that I had to make was to get some kind of personal Hawthorne effect going. If I keep track of how much food I eat, and make rules for myself about when I eat food, then I'm more likely to eat the right amount.

Think of it as a kind of mindful consumption thing.

I have zero claim to be an expert on this subject. I just think of it like IT spending within a company. If my "inner CIO" is doing his job, the overall level of stuff coming in the door should be manageable, even as the users keep asking for more. Sometimes, some extra stuff will get in, over the CIO's objections, but in general, the IT department can handle it and things keep working.

So let's look at today's surveillance marketing news.

40 kcal of rogue IT

Can Mondelez, Facebook Sell More Cookies Online?

The new arrangement also covers 52 countries and will "focus on creating and delivering creative video content and driving impulse snack purchasing online," according to a statement issued on Tuesday.

Hold on a minute.

"impulse snack purchasing"

?

I'm not allowed to do impulse snack purchasing.

My inner CIO has a snack approval policy, and my inner impulsive cookie-eater has to fill out a form and wait.

So, if you want to sell me food, you have to come in the front door and pitch the mindful eating department. Or my inner CIO will set up the filters to block you.

If you want to rely on Facebook's power to manipulate emotions instead, and try to get around the CIO, you just lost your access.

David Ogilvy once wrote, The customer is not a moron. She's your wife. That's being generous. The customer is a little of both. An inner moron and an inner non-moron who comes home and yells, What the hell did you eat all those cookies for, you moron?

In an environment where advertisers are trying to "engage" my inner moron, information diet is a prerequisite for food diet. I don't have Facebook on my phone, and I have the web site as a mostly write-only medium (thanks to dlvr.it for gatewaying this blog). But Facebook does have an online behavioral advertising operation. In order to protect myself from that kind of thing, I have tracking protection turned on in my browser.

So if you're reading this blog for the weight loss tip, here it is. Take the tracking protection test and get protected. Bonus tip: How can I break the Facebook habit?

I'm fortunate. For me, the consequences of impulse buying are low. Yes, I like Oreo cookies, and no, I don't trust myself not to be manipulated into eating more Oreo cookies than are good for me. But it's not that big of a deal. I'm not being targeted for predatory lending or gambling. My inner CIO could have a lot worse problems.

(If anyone has a blog about mindful eating, I should probably read it to learn more about this stuff, so let me know where to find it, please.)

Photo: Balfabio for Wikimedia Commons

Syndicated 2015-06-24 02:50:55 from Don Marti

24 Jun 2015 hypatia   » (Journeyer)

Photography: autumn in Sydney’s inner west

Autumn in Glebe

Autumn in Rozelle

Autumn leaves in Rozelle

More at Flickr

Syndicated 2015-06-24 08:23:07 from puzzling.org

23 Jun 2015 caolan   » (Master)

Impress Slide Design

Selecting multiple slides in normal view and using the slide design dialog will now affect all the selected slides as opposed to the single last selected slide in 5.1 onwards.

Syndicated 2015-06-23 16:12:00 (Updated 2015-06-23 16:12:44) from Caolán McNamara

21 Jun 2015 Stevey   » (Master)

We're all about storing objects

Recently I've been experimenting with camlistore, which is yet another object storage system.

Camlistore gains immediate points because it is written in Go, and is a project initiated by Brad Fitzpatrick, the creator of Perlbal, memcached, and Livejournal of course.

Camlistore is designed exactly how I'd like to see an object storage-system - each server allows you to:

  • Upload a chunk of data, getting an ID in return.
  • Download a chunk of data, by ID.
  • Iterate over all available IDs.

It should be noted more is possible, there's a pretty web UI for example, but I'm simplifying. Do your own homework :)

With those primitives you can allow a client-library to upload a file once, then in the background a bunch of dumb servers can decide amongst themselves "Hey I have data with ID:33333 - Do you?". If nobody else does they can upload a second copy.

In short this kind of system allows the replication to be decoupled from the storage. The obvious risk is obvious though: if you upload a file the chunks might live on a host that dies 20 minutes later, just before the content was replicated. That risk is minimal, but valid.

There is also the risk that sudden rashes of uploads leave the system consuming all the internal-bandwith constantly comparing chunk-IDs, trying to see if data is replaced that has been copied numerous times in the past, or trying to play "catch-up" if the new-content is larger than the replica-bandwidth. I guess it should possible to detect those conditions, but they're things to be concerned about.

Anyway the biggest downside with camlistore is documentation about rebalancing, replication, or anything other than simple single-server setups. Some people have blogged about it, and I got it working between two nodes, but I didn't feel confident it was as robust as I wanted it to be.

I have a strong belief that Camlistore will become a project of joy and wonder, but it isn't quite there yet. I certainly don't want to stop watching it :)

On to the more personal .. I'm all about the object storage these days. Right now most of my objects are packed in a collection of boxes. On the 6th of next month a shipping container will come pick them up and take them to Finland.

For pretty much 20 days in a row we've been taking things to the skip, or the local charity-shops. I expect that by the time we've relocated the amount of possesions we'll maintain will be at least a fifth of our current levels.

We're working on the general rule of thumb: "If it is possible to replace an item we will not take it". That means chess-sets, mirrors, etc, will not be carried. DVDs, for example, have been slashed brutally such that we're only transferring 40 out of a starting collection of 500+.

Only personal, one-off, unique, or "significant" items will be transported. This includes things like personal photographs, family items, and similar. Clothes? Well I need to take one jacket, but more can be bought. The only place I put my foot down was books. Yes I'm a kindle-user these days, but I spent many years tracking down some rare volumes, and though it would be possible to repeat that effort I just don't want to.

I've also decided that I'm carrying my complete toolbox. Some of the tools I took with me when I left home at 18 have stayed with me for the past 20+ years. I don't need this specific crowbar, or axe, but I'm damned if I'm going to lose them now. So they stay. Object storage - some objects are more important than they should be!

Syndicated 2015-06-21 00:00:00 from Steve Kemp's Blog

20 Jun 2015 mikal   » (Journeyer)

Yet another possible cub walk

Jacqui and Catherine kindly agreed to come on another test walk for a possible cub walk. This one was the Sanctuary Loop at Tidbinbilla. To be honest this wasn't a great choice for cubs -- whilst being scenic and generally pleasant, the heavy use of black top paths and walkways made it feel like a walk in the Botanic Gardens, and the heavy fencing made it feel like an exhibit at a zoo. I'm sure its great for a weekend walk or for tourists, but if you're trying to have a cub adventure its not great.

                                       

See more thumbnails

Interactive map for this route.

Tags for this post: blog pictures 20150620-tidbinbilla photo canberra bushwalk
Related posts: Goodwin trig; Big Monks; Geocaching; Confessions of a middle aged orienteering marker; A quick walk through Curtin; Narrabundah trig and 16 geocaches

Comment

Syndicated 2015-06-20 02:20:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

19 Jun 2015 caolan   » (Master)

gtk3 clipboard support implemented

Our LibreOffice gtk2 vclplug inherits from our generic X11 vclplug and so in lots of places we just continued to use our historic X11 vclplug for various things, one big example being clipboard support.

To do the same with the gtk3 vclplug would work for the case where gtk3 is backed by X11, but not if backed by wayland. So we needed to implement cut and paste with the gtk3 apis.

X clipboard/selection/cut and paste is errr... "tricky", so it was a bit of a death march to drag myself to the keyboard to go about this. But it turns out the gtk clipboard apis are really good and its reasonably easy to get it up and running. So the LibreOffice gtk3 vclplug now has clipboard support.

Last major thing is to get gtk3 gstreamer integration working for video playback and then it's mopping up territory.

Syndicated 2015-06-19 08:33:00 (Updated 2015-06-19 08:33:22) from Caolán McNamara

19 Jun 2015 ade   » (Journeyer)

Omnivorous inclusiveness and the closing of the browser parenthesis

In the past I've thought of the web as a convoy of browsers. That turns out to be wrong.

Nowadays (thanks to a long lunch with Paul Downey, Jeni Tennison,  et al) I've begun thinking of the web as a ship of Theseus where, despite replacing every single part of the stack, what's left is still recognisably the web.

This made me realise that we are surrounded by unexamined and ossified metaphors that are in danger of becoming thought-terminating cliches. For example:
- open web versus (presumably) closed web
- the web browser is the web platform is the web
- the web as a platform
- web apps
- web versus native



Comment

Syndicated 2015-06-18 16:01:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

18 Jun 2015 wingo   » (Master)

arrow functions coming to chrome 45!

It's been a long time coming, but I just flipped the bit in V8 that will ship arrow functions in Chrome 45! Woo hoo!

You probably know, but arrow functions are a new way to write functions in JavaScript. They look like this:

// Two arguments, body implicitly returned.
(x, y) => x + y

// With just one argument, no parentheses needed.
x => x * 2

// Body can have braces too; in that case use "return".
x => { return x * 2 }

Relative to the other kind of function that is written like function (x) { return x * 2 }, arrow functions don't define this or arguments in their bodies, instead capturing these values from the environment. There are a couple of other minor differences, too, but instead of writing about them here I'll just point to the great article by Jason Orendorff of the SpiderMonkey team.

Arrow functions are part of the JavaScript language standard that was called "ECMAScript 6" or ES6, and I guess you could still call it that. It seems like a silly thing for the committee to do to throw away all their branding like that but they decided to rename it ECMAScript 2015, which I'm sure is a link that the pedants are glad I have included. The upshot is that the standard is now final, gold master, etched in stone, which from an implementor's perspective is a relief. You can practically feel the anxiety ebbing away by the happy rate at which commits bubble out of source repositories and into shipping browsers, free from the fear that some spec change will force the hack-stream to change course.

From the V8 side, our arrow function implementation has also been a long time coming. My colleague Adrián Pérez did the first half of the work, and I picked up on the back end of things. It seems like such a small feature and in many ways it is, but still it took a long time. Now I know that my readers are a bunch of nerds and many of you like implementing languages, so you might appreciate these nargish points.

One of the first bits is that arrow functions are hard to parse. Consider, this is a valid JavaScript expression:

(x,y)

It's a "comma expression" that will evaluate x then y and its result will be the result of evaluating y. But add an arrow on after the end and you get not an expression but a formal parameter list:

(x,y)=>x+y

Now you might think, well OK, when you see an arrow, rewind the input stream and parse in "arrow function mode". Indeed that would be fine, but not in combination with some additional ES6 features, optional and destructuring arguments. Optional arguments look like this:

(x=42)=>x

The =42 part is the expression that will be evaluated to give x a value, if the function is called with no arguments. Note that this bit is still under implementation in V8 so you can't try it in your browser. An optional argument initializer is an expression and not a value, so you can also have:

(x=(x)=>42)=>x

Combined, this makes rewinding the token stream a proposition of exponential complexity, which is a no-go for a production JavaScript parser. Parsers are on the hot path for page-load times and no browser vendor wants to introduce a pathological case into their page load.

Instead, V8 does something I hadn't seen before. It keeps an open mind about whether something is a comma expression or a formal parameter list of an arrow function, and only makes a decision when it sees the => (or not). As it parses, V8 records places that it would signal an error for either a parameter list or for an expression, and then when that superimposed wave function collapses it checks that the production is valid, signalling the appropriate error if not. I thought this was a really neat trick, so if you're into that thing see expression classifier to see those details.

The other thing that's tricky about arrow functions is the this binding. In JavaScript, this is basically a hidden parameter passed to a function when it is called. Calling a function like o.f() passes the value of o to f as its this parameter. If instead f() is called directly, like with no dot before the call, then undefined is passed as this. Also for sloppy-mode functions, if the passed this value isn't an object, then the global object instead is assigned to this. Finally outside a function, this is bound to the global object.

OK, I know all of you know these things. Thing is, you always have a this, and although it's like a variable it's not a valid variable name, and before ES6 nothing could capture its value, because each function has its own this value. Perhaps you see where I'm going with this (ahem) now. Arrow functions introduce a function scope that doesn't have a this value, and that indeed might capture some other scope's this value, forcing it to be context-allocated. Other parts of ES6 can actually force assignment to this, like a super call, and that assignment can actually come from within an arrow function. Zounds! A simple concept, but there was a lot of incidental complexity in V8 around the implementation. Between Adrián and myself it took like three months to fix this usage in V8 to always just go through the (possibly context-allocated) variable, and there are still probably some devtools bugs to find in the upcoming weeks.

Performance-wise, arrow functions are just like functions. They should be just as fast as if you wrote them with function. So use them with joy, use them with abandon, use them judiciously -- however you decide you use them, don't let perf influence your decision one way or the other.

That's about it! Like all of my JS engine work over the past couple years, this hacking was sponsored by fabulous folks over at Bloomberg, so big ups to them. From me and Adrián at Igalia, until next time! We leave you to puzzle out what this bit of JavaScript evaluates to:

(({},{},({},{})=>({},{}))=>(({},{})=>({},{}),{},{}))({},{})

Happy hacking!

Syndicated 2015-06-18 16:41:17 from wingolog

17 Jun 2015 mikal   » (Journeyer)

Exploring possible cub walks

I've been exploring possible cub walks for a little while now, and decided that Jerrabomberra Wetlands might be an option. Most of these photos will seem a bit odd to readers, unless you realize I'm mostly interested in the terrain and its suitability for cubs...

                                 

Interactive map for this route.

Tags for this post: blog pictures 20150617-jerrabomerra_wetlands photo canberra bushwalk
Related posts: Goodwin trig; Big Monks; Geocaching; Confessions of a middle aged orienteering marker; A quick walk through Curtin; Narrabundah trig and 16 geocaches

Comment

Syndicated 2015-06-16 21:35:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

17 Jun 2015 dmarti   » (Master)

5 five-minute steps up

Jason Kint writes, in "5 Ways Industry Leaders Need To Step Up",

Needless to say I found myself shaking my head at a recent publisher event where sites were discussing how they could block Facebook from tracking their users. How on earth did this become a responsibility of the publisher to hack together a short-term solution?

It's not all the publisher's responsibility, but it's a fact of the Internet that (1) stuff keeps getting broken, often on purpose, and (2) in order for things to keep working, everyone has to keep his or her own piece safe. If you want to run a mailing list or email newsletter, you have to understand the current state of spam filtering and work on deliverability. And if you want to be on the web, you have to think about protecting your users from the problem of third-party tracking.

Do the short-term solutions right, and they don't take too much effort individually, but they turn into continuous improvement. And nobody has to wait for big, slow-moving companies to change, or worse, cooperate.

So here are five, count'em, five, quick ways to step up and make a difference in the problems of tracking-based fraud, users seeing ads as untrustworthy and blocking them, and data leakage. Should take five minutes each on a basic site, longer if you have a big hairy professional CMS.

It's not the responsibility of an individual site to fix the whole problem, but there are plenty of small tweaks that can help slow down data leaks, encourage users to adopt site-friendly alternatives to ad blocking, and otherwise push things in the right direction.

Syndicated 2015-06-17 00:46:30 from Don Marti

16 Jun 2015 jas   » (Master)

SSH Host Certificates with YubiKey NEO

If you manage a bunch of server machines, you will undoubtedly have run into the following OpenSSH question:

The authenticity of host 'host.example.org (1.2.3.4)' can't be established.
RSA key fingerprint is 1b:9b:b8:5e:74:b1:31:19:35:48:48:ba:7d:d0:01:f5.
Are you sure you want to continue connecting (yes/no)?

If the server is a single-user machine, where you are the only person expected to login on it, answering “yes” once and then using the ~/.ssh/known_hosts file to record the key fingerprint will (sort-of) work and protect you against future man-in-the-middle attacks. I say sort-of, since if you want to access the server from multiple machines, you will need to sync the known_hosts file somehow. And once your organization grows larger, and you aren’t the only person that needs to login, having a policy that everyone just answers “yes” on first connection on all their machines is bad. The risk that someone is able to successfully MITM attack you grows every time someone types “yes” to these prompts.

Setting up one (or more) SSH Certificate Authority (CA) to create SSH Host Certificates, and have your users trust this CA, will allow you and your users to automatically trust the fingerprint of the host through the indirection of the SSH Host CA. I was surprised (but probably shouldn’t have been) to find that deploying this is straightforward. Even setting this up with hardware-backed keys, stored on a YubiKey NEO, is easy. Below I will explain how to set this up for a hypothethical organization where two persons (sysadmins) are responsible for installing and configuring machines.

I’m going to assume that you already have a couple of hosts up and running and that they run the OpenSSH daemon, so they have a /etc/ssh/ssh_host_rsa_key* public/private keypair, and that you have one YubiKey NEO with the PIV applet and that the NEO is in CCID mode. I don’t believe it matters, but I’m running a combination of Debian and Ubuntu machines. The Yubico PIV tool is used to configure the YubiKey NEO, and I will be using OpenSC‘s PKCS#11 library to connect OpenSSH with the YubiKey NEO. Let’s install some tools:

apt-get install yubikey-personalization yubico-piv-tool opensc-pkcs11 pcscd

Every person responsible for signing SSH Host Certificates in your organization needs a YubiKey NEO. For my example, there will only be two persons, but the number could be larger. Each one of them will have to go through the following process.

The first step is to prepare the NEO. First mode switch it to CCID using some device configuration tool, like yubikey-personalization.

ykpersonalize -m1

Then prepare the PIV applet in the YubiKey NEO. This is covered by the YubiKey NEO PIV Introduction but I’ll reproduce the commands below. Do this on a disconnected machine, saving all files generated on one or more secure media and store that in a safe.

user=simon
key=`dd if=/dev/random bs=1 count=24 2>/dev/null | hexdump -v -e '/1 "%02X"'`
echo $key > ssh-$user-key.txt
pin=`dd if=/dev/random bs=1 count=6 2>/dev/null | hexdump -v -e '/1 "%u"'|cut -c1-6`
echo $pin > ssh-$user-pin.txt
puk=`dd if=/dev/random bs=1 count=6 2>/dev/null | hexdump -v -e '/1 "%u"'|cut -c1-8`
echo $puk > ssh-$user-puk.txt

yubico-piv-tool -a set-mgm-key -n $key
yubico-piv-tool -k $key -a change-pin -P 123456 -N $pin
yubico-piv-tool -k $key -a change-puk -P 12345678 -N $puk

Then generate a RSA private key for the SSH Host CA, and generate a dummy X.509 certificate for that key. The only use for the X.509 certificate is to make PIV/PKCS#11 happy — they want to be able to extract the public-key from the smartcard, and do that through the X.509 certificate.

openssl genrsa -out ssh-$user-ca-key.pem 2048
openssl req -new -x509 -batch -key ssh-$user-ca-key.pem -out ssh-$user-ca-crt.pem

You import the key and certificate to the PIV applet as follows:

yubico-piv-tool -k $key -a import-key -s 9c 

You now have a SSH Host CA ready to go! The first thing you want to do is to extract the public-key for the CA, and you use OpenSSH's ssh-keygen for this, specifying OpenSC's PKCS#11 module.

ssh-keygen -D /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -e > ssh-$user-ca-key.pub

If you happen to use YubiKey NEO with OpenPGP using gpg-agent/scdaemon, you may get the following error message:

no slots
cannot read public key from pkcs11

The reason is that scdaemon exclusively locks the smartcard, so no other application can access it. You need to kill scdaemon, which can be done as follows:

gpg-connect-agent SCD KILLSCD SCD BYE /bye

The output from ssh-keygen may look like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp+gbwBHova/OnWMj99A6HbeMAGE7eP3S9lKm4/fk86Qd9bzzNNz2TKHM7V1IMEj0GxeiagDC9FMVIcbg5OaSDkuT0wGzLAJWgY2Fn3AksgA6cjA3fYQCKw0Kq4/ySFX+Zb+A8zhJgCkMWT0ZB0ZEWi4zFbG4D/q6IvCAZBtdRKkj8nJtT5l3D3TGPXCWa2A2pptGVDgs+0FYbHX0ynD0KfB4PmtR4fVQyGJjJ0MbF7fXFzQVcWiBtui8WR/Np9tvYLUJHkAXY/FjLOZf9ye0jLgP1yE10+ihe7BCxkM79GU9BsyRgRt3oArawUuU6tLgkaMN8kZPKAdq0wxNauFtH

Now all your users in your organization needs to add a line to their ~/.ssh/known_hosts as follows:

@cert-authority *.example.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp+gbwBHova/OnWMj99A6HbeMAGE7eP3S9lKm4/fk86Qd9bzzNNz2TKHM7V1IMEj0GxeiagDC9FMVIcbg5OaSDkuT0wGzLAJWgY2Fn3AksgA6cjA3fYQCKw0Kq4/ySFX+Zb+A8zhJgCkMWT0ZB0ZEWi4zFbG4D/q6IvCAZBtdRKkj8nJtT5l3D3TGPXCWa2A2pptGVDgs+0FYbHX0ynD0KfB4PmtR4fVQyGJjJ0MbF7fXFzQVcWiBtui8WR/Np9tvYLUJHkAXY/FjLOZf9ye0jLgP1yE10+ihe7BCxkM79GU9BsyRgRt3oArawUuU6tLgkaMN8kZPKAdq0wxNauFtH

Each sysadmin needs to go through this process, and each user needs to add one line for each sysadmin. While you could put the same key/certificate on multiple YubiKey NEOs, to allow users to only have to put one line into their file, dealing with revocation becomes a bit more complicated if you do that. If you have multiple CA keys in use at the same time, you can roll over to new CA keys without disturbing production. Users may also have different policies for different machines, so that not all sysadmins have the power to create host keys for all machines in your organization.

The CA setup is now complete, however it isn't doing anything on its own. We need to sign some host keys using the CA, and to configure the hosts' sshd to use them. What you could do is something like this, for every host host.example.com that you want to create keys for:

h=host.example.com
scp root@$h:/etc/ssh/ssh_host_rsa_key.pub .
gpg-connect-agent "SCD KILLSCD" "SCD BYE" /bye
ssh-keygen -D /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -s ssh-$user-ca-key.pub -I $h -h -n $h -V +52w ssh_host_rsa_key.pub
scp ssh_host_rsa_key-cert.pub root@$h:/etc/ssh/

The ssh-keygen command will use OpenSC's PKCS#11 library to talk to the PIV applet on the NEO, and it will prompt you for the PIN. Enter the PIN that you set above. The output of the command would be something like this:

Enter PIN for 'PIV_II (PIV Card Holder pin)': 
Signed host key ssh_host_rsa_key-cert.pub: id "host.example.com" serial 0 for host.example.com valid from 2015-06-16T13:39:00 to 2016-06-14T13:40:58

The host now has a SSH Host Certificate installed. To use it, you must make sure that /etc/ssh/sshd_config has the following line:

HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub

You need to restart sshd to apply the configuration change. If you now try to connect to the host, you will likely still use the known_hosts fingerprint approach. So remove the fingerprint from your machine:

ssh-keygen -R $h

Now if you attempt to ssh to the host, and using the -v parameter to ssh, you will see the following:

debug1: Server host key: RSA-CERT 1b:9b:b8:5e:74:b1:31:19:35:48:48:ba:7d:d0:01:f5
debug1: Host 'host.example.com' is known and matches the RSA-CERT host certificate.

Success!

One aspect that may warrant further discussion is the host keys. Here I only created host certificates for the hosts' RSA key. You could create host certificate for the DSA, ECDSA and Ed25519 keys as well. The reason I did not do that was that in this organization, we all used GnuPG's gpg-agent/scdaemon with YubiKey NEO's OpenPGP Card Applet with RSA keys for user authentication. So only the host RSA key is relevant.

Revocation of a YubiKey NEO key is implemented by asking users to drop the corresponding line for one of the sysadmins, and regenerate the host certificate for the hosts that the sysadmin had created host certificates for. This is one reason users should have at least two CAs for your organization that they trust for signing host certificates, so they can migrate away from one of them to the other without interrupting operations.

Syndicated 2015-06-16 12:05:46 from Simon Josefsson's blog

14 Jun 2015 elwell   » (Journeyer)

Satellite Tracking / New rotor controller

(it appears I'm about due for my annual blog post entry). Those of you who follow me on twitter will be aware that I've just acquired an old Kenpro 5400 (this is roughly the same as the Yaesu G5500) Azimuth / Elevation rotator, that I plan to use to track cubesats and play with for ham radio.

On opening the control unit (I wanted to see if there were any other primary taps on the transformer, as it's a 110v controller) it was evident it had been 'altered' in the past. To quote someone on #highaltitude "that wiring job is responsible for a thousand dead kittens",


hence a plan was developed to leave the existing controller as an emergency spare and build a fresh 1U rack version instead. The ideas (such as they are) are on a github gist that I'll keep updated with plans. The rough idea being to have a decent embedded board (probably a beaglebone black as a Raspberry Pi depends on an SD card) controlling the relays for output directly, and reading in the potentiometer values to calc position. Using a more powerful microprocessor than say a pic or atmega (arduino) means I can update TLE's automatically and offload much of the tracking directly to the controller - meaning any SDR receivers can concentrate on the signal alone.

I'm also going to house in a GPS module (most likely another one from upu) so that it doubles as a stratum 1 NTP server as well as having accurate position to calculate passes from.




Syndicated 2015-06-14 15:08:00 (Updated 2015-06-14 15:08:13) from Andrew Elwell

13 Jun 2015 jmeskill   » (Master)

Blue/Green Deploys with Kubernetes and Amazon ELB

At Octoblu, we deploy very frequently and we’re tired of our users seeing the occasional blip when a new version is put into production.

Though we’re using Amazon Opsworks to more easily manage our infrastructure, our updates can take a while for dependencies to be installed before the service restarts – not a great experience.

Enter Kubernetes.

We knew that moving to an immutable infrastructure approach would help us deploy our apps, which range from extremely simple web services, to complex near-real-time messaging systems, quicker and easier.

Containerization is the future of app deployment, but managing and scaling a bunch of Docker instances, managing all the port mappings, is not a simple proposition.

Kubernetes simplified that part of our deployment strategy. However, we still had a problem, while Kubernetes is spinning up new versions of our docker instances, we could enter a state where old and new versions were in the mix. If we shut down the old before bringing up the new, we would also have a brief (sometimes not so brief) period of downtime.

Blue/Green Deploys

I first read about Blue/Green deploys in Martin Fowler’s excellent article BlueGreenDeployment, a simple, but powerful concept. We started to build out a way to do this in Kubernetes. After some complicated attempts, we came up with a simple idea: use Amazon ELBs as the router. Kubernetes handles the complexities of routing your request to the appropriate minion by listening to a given port on all minions, making ELB load balancing a piece of cake. Have the ELB listen on port 80 and 443, then route the request to the Kubernetes port on all minions.

Blue or Green?

The next problem was figuring out whether blue or green is currently active. Another simple idea, store a blue port and a green port as tags in the ELB and look at the current configuration of the ELB to see which one is currently live. No need to store the value somewhere that may not be accurate.

Putting it all together.

We currently use a combination of Travis CI and Amazon CodeDeploy to kick off the blue/green deploy process.

The following is part of a script that runs on our Trigger Service deploy. You can check out the code on GitHub if you want to see how it all works together.

I’ve added some annotation to help explain what is happening.

#!/bin/bash

SCRIPT_DIR=`dirname $0`
DISTRIBUTION_DIR=`dirname $SCRIPT_DIR`

export PATH=/usr/local/bin:$PATH
export AWS_DEFAULT_REGION=us-west-2

# Query ELB to get the blue port label
BLUE_PORT=`aws elb describe-tags --load-balancer-name triggers-octoblu-com | jq &#039;.TagDescriptions[0].Tags[] | select(.Key == &quot;blue&quot;) | .Value | tonumber&#039;`

# Query ELB to get the green port label
GREEN_PORT=`aws elb describe-tags --load-balancer-name triggers-octoblu-com | jq &#039;.TagDescriptions[0].Tags[] | select(.Key == &quot;green&quot;) | .Value | tonumber&#039;`

# Query ELB to figure out the current port
OLD_PORT=`aws elb describe-load-balancers --load-balancer-name triggers-octoblu-com | jq &#039;.LoadBalancerDescriptions[0].ListenerDescriptions[0].Listener.InstancePort&#039;`

# figure out if the new color is blue or green
NEW_COLOR=blue
NEW_PORT=${BLUE_PORT}
if [ &quot;${OLD_PORT}&quot; == &quot;${BLUE_PORT}&quot; ]; then
  NEW_COLOR=green
  NEW_PORT=${GREEN_PORT}
fi

export BLUE_PORT GREEN_PORT OLD_PORT NEW_COLOR NEW_PORT

# crazy template stuff, don&#039;t ask.
#
# Some people, when confronted with a problem,
# think &quot;I know, I&#039;ll use regular expressions.&quot;
# Now they have two problems.
# -- jwz
REPLACE_REGEX=&#039;s;(\\*)(\$([a-zA-Z_][a-zA-Z_0-9]*)|\$\{([a-zA-Z_][a-zA-Z_0-9]*)\})?;substr($1,0,int(length($1)/2)).($2&amp;&amp;length($1)%2?$2:$ENV{$3||$4});eg&#039;
perl -pe $REPLACE_REGEX $SCRIPT_DIR/triggers-service-blue-service.yaml.tmpl &gt; $SCRIPT_DIR/triggers-service-blue-service.yaml
perl -pe $REPLACE_REGEX $SCRIPT_DIR/triggers-service-green-service.yaml.tmpl &gt; $SCRIPT_DIR/triggers-service-green-service.yaml

# Always create both services
kubectl delete -f $SCRIPT_DIR/triggers-service-${NEW_COLOR}-service.yaml
kubectl create -f $SCRIPT_DIR/triggers-service-${NEW_COLOR}-service.yaml

# destroy the old version of the new color
kubectl stop rc -lname=triggers-service-${NEW_COLOR}
kubectl delete rc -lname=triggers-service-${NEW_COLOR}
kubectl delete pods -lname=triggers-service-${NEW_COLOR}
kubectl create -f $SCRIPT_DIR/triggers-service-${NEW_COLOR}-controller.yaml

# wait for Kubernetes to bring up the instances properly
x=0
while [ &quot;$x&quot; -lt 20 -a -z &quot;$KUBE_STATUS&quot; ]; do
   x=$((x+1))
   sleep 10
   echo &quot;Checking kubectl status, attempt ${x}...&quot;
   KUBE_STATUS=`kubectl get pod -o json -lname=triggers-service-${NEW_COLOR} | jq &quot;.items[].currentState.info[\&quot;triggers-service-${NEW_COLOR}\&quot;].ready&quot; | uniq | grep true`
done

if [ -z &quot;$KUBE_STATUS&quot; ]; then
  echo &quot;triggers-service-${NEW_COLOR} is not ready, giving up.&quot;
  exit 1
fi

# remove the port mappings on the ELB
aws elb delete-load-balancer-listeners --load-balancer-name triggers-octoblu-com --load-balancer-ports 80
aws elb delete-load-balancer-listeners --load-balancer-name triggers-octoblu-com --load-balancer-ports 443

# create new port mappings
aws elb create-load-balancer-listeners --load-balancer-name triggers-octoblu-com --listeners Protocol=HTTP,LoadBalancerPort=80,InstanceProtocol=HTTP,InstancePort=${NEW_PORT}
aws elb create-load-balancer-listeners --load-balancer-name triggers-octoblu-com --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=${NEW_PORT},SSLCertificateId=arn:aws:iam::822069890720:server-certificate/startinter.octoblu.com

# reconfigure the health check
aws elb configure-health-check --load-balancer-name triggers-octoblu-com --health-check Target=HTTP:${NEW_PORT}/healthcheck,Interval=30,Timeout=5,UnhealthyThreshold=2,HealthyThreshold=2

Oops happens!

Sometimes Peter makes a mistake. We have to quickly rollback to a prior version. If it is the off-cluster, rollback is as simple as re-mapping the ELB to forward to the old ports. Sometimes Peter tries to fix his mistake with a new deploy and now we have a real mess.

Because this happened more than once, we created oops. Oops allows us to instantly rollback to the off cluster, simply by executing oops-rollback, or quickly re-deploy a previous version oops-deploy git-commit.

We add an .oopsrc to all our apps that looks something like this:

{
"elb-name": "triggers-octoblu-com",
"application-name": "triggers-service",
"deployment-group": "master",
"s3-bucket": "octoblu-deploy"
}

oops list will show us all available deployments.

We are always looking for ways to get better results, if you have some suggestions, let us know.

Syndicated 2015-06-13 17:31:22 from Jade Meskill

13 Jun 2015 Stevey   » (Master)

I'm still moving, but ..

Previously I'd mentioned that we were moving from Edinburgh to Newcastle, such that my wife could accept a position in a training-program, and become a more specialized (medical) doctor.

Now the inevitable update: We're still moving, but we're no longer moving to Newcastle, instead we're moving to Helsinki, Finland.

Me? I care very little about where I end up. I love Edinburgh, I always have, and I never expected to leave here, but once the decision was made that we needed to be elsewhere the actual destination does/didn't matter too much to me.

Sure Newcastle is the home of Newcastle Brown Ale, and has the kind of proper-Northern accents I both love and miss but Finland has Leipäjuusto, Saunas, and lovely people.

Given the alternative - My wife moves to Finland, and I do not - Moving to Helsinki is a no-brainer.

I'm working on the assumption that I can keep my job and work more-remotely. If that turns out not to be the case that'll be a real shame given the way the past two years have worked out.

So .. 60 days or so left in the UK. Fun.

Syndicated 2015-06-13 00:00:00 from Steve Kemp's Blog

12 Jun 2015 robbat2   » (Master)

gnupg-2.1 mutt

For the mutt users with GnuPG, depending on your configuration, you might notice that mutt's handling of GnuPG mail stopped working with GnuPG. There were a few specific cases that would have caused this, which I'll detail, but if you just want it to work again, put the below into your Muttrc, and make the tweak to gpg-agent.conf. The underlying cause for most if it is that secret key operations have moved to the agent, and many Mutt users used the agent-less mode, because Mutt handled the passphrase nicely on it's own.

  • -u must now come BEFORE --cleansign
  • Add allow-loopback-pinentry to gpg-agent.conf, and restart the agent
  • The below config adds --pinentry-mode loopback before --passphrase-fd 0, so that GnuPG (and the agent) will accept it from Mutt still.
  • --verbose is optional, depending what you're doing, you might find --no-verbose cleaner.
  • --trust-model always is a personal preference for my Mutt mail usage, because I do try and curate my keyring
set pgp_autosign = yes
set pgp_use_gpg_agent = no
set pgp_timeout = 600
set pgp_sign_as="(your key here)"
set pgp_ignore_subkeys = no

set pgp_decode_command="gpg %?p?--pinentry-mode loopback  --passphrase-fd 0? --verbose --no-auto-check-trustdb --batch --output - %f"
set pgp_verify_command="gpg --pinentry-mode loopback --verbose --batch --output - --no-auto-check-trustdb --verify %s %f"
set pgp_decrypt_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - %f"
set pgp_sign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - --armor --textmode %?a?-u %a? --detach-sign %f"
set pgp_clearsign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - --armor --textmode %?a?-u %a? --detach-sign %f"
set pgp_encrypt_sign_command="pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --textmode --trust-model always --output - %?a?-u %a? --armor --encrypt --sign --armor -- -r %r -- %f"
set pgp_encrypt_only_command="pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --trust-model always --output --output - --encrypt --textmode --armor -- -r %r -- %f"
set pgp_import_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --import -v %f"
set pgp_export_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --export --armor %r"
set pgp_verify_key_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --fingerprint --check-sigs %r"
set pgp_list_pubring_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --with-colons --list-keys %r"
set pgp_list_secring_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --with-colons --list-secret-keys %r"

This entry was originally posted at http://robbat2.dreamwidth.org/238770.html. Please comment there using OpenID.

Syndicated 2015-06-05 17:25:31 from Move along, nothing to read

11 Jun 2015 slef   » (Master)

Mick Morgan: here’s why pay twice?

http://baldric.net/2015/06/05/why-pay-twice/ asks why the government hires civilians to monitor social media instead of just giving GC HQ the keywords. Us cripples aren’t allowed to comment there (physical ability test) so I reply here:

It’s pretty obvious that they have probably done both, isn’t it?

This way, they’re verifying each other. Politicians probably trust neither civilians or spies completely and that makes it worth paying twice for this.

Unlike lots of things that they seem to want not to pay for at all…

Syndicated 2015-06-11 03:49:00 from Software Cooperative News » mjr

9 Jun 2015 dorward   » (Journeyer)

Windows touched my file permissions

A Windows system made a commit to a branch and then I had to merge it. There were +xs everywhere, and guess who got to clean them up?

Perl to the rescue!

    bzr diff | grep properties\ changed | perl -pe”\$_ =~ s/^.*?’//; \$_ =~ s/’.*\$//; \$_ =~ s/ /\\\\ /g” | xargs chmod -x

  

Syndicated 2015-06-09 16:13:10 from Dorward's Ramblings

8 Jun 2015 caolan   » (Master)

impress, format, character, font-effects, Capitals


Added All-Caps character effects to impress/draw (for 5-1 onwards).

Syndicated 2015-06-08 16:12:00 (Updated 2015-06-08 16:12:31) from Caolán McNamara

8 Jun 2015 hypatia   » (Journeyer)

Monday 8 June 2015

Moving house is an exercise in unlearned helplessness and assumptions. For example: evening, an Esky sitting on our kitchen bench, having transported some of the intermediately perishable contents of the fridge. I asked Andrew if he’d unpacked it. He gave me a strange look and pointed out that he had been sick all day. But, but said my hindbrain… unpacking the Esky is… an Andrew job? The kind of thing that Andrew thinks to do? I’d thought of purchasing the thing, then bought it, then brought it home to be packed. Once I’ve provided the tools, apparently the execution is mentally filed under “Andrew”. Oops.

Likewise, after a week I finally gave up on hoping that I’d be coincidentally in the kitchen while he ran the dishwasher and thus able to show me how to, and went and searched for a manual for it. (And then went upstairs to confirm my understanding of it with him. It’s one of those “drawer” models which is actually two small dishwashers, very clever and very unnecessary for a household with four people in it, and as I suspected, wasteful. There’s no mode in which it becomes one dishwasher.)

We were both sick during the move. Mildly in terms of duration, but severely in terms of utility. It’s a rare illness when I have to take both panadol and ibuprofen to stop the pain and that was a bit terrifying when it was happening the night before the truck was to arrive. Luckily by the next morning, I was up to “walking around like a ghost” capacity. No doubt this looked delightful to the people carrying our stuff down and upstairs: the woman who needed to rest after watching them for too long. But my knowledge helped Andrew get through that night when it was his turn, cutting straight to panadol and codeine. Then he was sick enough the next day (Saturday 30th) that he spent the day being screened for contagious illness, which had negative results and bought him a good lie down, but on the minus side, no Esky unpacking happened.

The stress of the whole thing seems to have caused V to regress a few years and behave like a three year old all week, including a lengthy howling tantrum this Saturday. So that’s been tedious. Who knows, maybe I’ve shed a few years behaviorally too, it’s just harder to tell. At least A isn’t acting like a zygote. (Hard to find, makes me nauseous.) We’re continuing with V’s lifelong trend that he’s always happier outside the house. Which admittedly means that living in inner Sydney doesn’t suit him so well but it does give us all an excuse to get out of the house every day. Today we took him into Darling Harbour to go to Madame Tussauds and Wild Life Sydney while we still have an annual pass, and at the end of the trip he even thanked us and talked enthusiastically about what a fun day it had been. So not all the way three then.

Syndicated 2015-06-08 06:47:16 from puzzling.org

8 Jun 2015 hacker   » (Master)

2015 Tour de France Stages Mapped and Ready

I recently noticed that not a lot of people have mapped the 2015 Tour de France yet, as it’s still pretty early. But I decided to start putting the routes together, road by road, turn by turn, lane change by lane change, as close to accurate as I could find them. I’ll continue to update […]

No related posts.

Syndicated 2015-06-08 02:19:35 from random neuron misfires

7 Jun 2015 marnanel   » (Journeyer)

getting to church early

This morning I'd set the alarm assuming Kit was coming with me to church, but she was soundly asleep-- we'd stayed up to watch the Nebula awards in Chicago last night (because a friend was a nominee and another friend was speaking).

So I got to church uncharacteristically early, and there I discovered I'd been elected a sidesperson in absentia at the parish meeting a fortnight ago. (I had to miss the meeting, and I forgot I'd put my name down as a possible candidate.) Not only that, but today was my first day on the rota, and I had no idea what I was doing. But if there was one day I should have got there early, it was today!

This entry was originally posted at http://marnanel.dreamwidth.org/335479.html. Please comment there using OpenID.

Syndicated 2015-06-07 16:27:55 from Monument

7 Jun 2015 dmarti   » (Master)

Team Targeting, Team Signal

Academics tend to put the conversation about the targeted advertising problem in terms of companies on one side, and users on the other. A good recent example is Turow et al:

New Annenberg survey results indicate that marketers are misrepresenting a large majority of Americans by claiming that Americans give out information about themselves as a tradeoff for benefits they receive. To the contrary, the survey reveals most Americans do not believe that ‘data for discounts’ is a square deal.

....

Our findings, instead, support a new explanation: a majority of Americans are resigned to giving up their data—and that is why many appear to be engaging in tradeoffs.

From that point of view, the privacy paradox has an almost-too-easy answer: privacy is hard. Most users aren't seeking privacy, for the same reason that they're not training for the World Series of Poker. They would prefer winning a large poker game to not winning, but they rationally expect that unless they get really good, poker playing will result in a net loss of time and money.

But the academic model that puts all businesses opposite all users is probably an oversimplification. Advertisers, agencies, publishers, and intermediaries all have different and competing interests. Businesses are not all on the same side.

In most cases, brand advertisers, high-reputation publishers, and users have a shared interest in signaling that tends to put them into an adversarial relationship with the surveillance marketing complex. The kinds of media that are good for direct response and behavioral techniques are terrible for signaling, and vice versa.

The natural dividing line is not between users and companies, but between Team Signal and Team Targeting. Team Signal includes users, legit publishers, and reputable brands—everyone who wins from honest signaling. Team Targeting is mostly adtech intermediaries, fraud hackers, low-reputation sites, and low-quality brands.

For the business members of Team Signal, the privacy poker game has a positive expected value. Which is why independent web sites can benefit by helping their users get started with tracking protection. Users, resigned or not, are not alone.

What about the agencies?

Required reading if you're into this stuff: Pitch Mania by Brian Jacobs.

Agency managers have been quick to herald this flood of pitches as proof positive that advertisers have finally recognised what they (the agencies) have been preaching for years. Their future-gazing is they say finally coming to pass. This they contend is the dawn of a new model, based around integration, joined-up thinking, big data analytics and the rest.

Are large advertisers really just looking to switch between brands of adtech/adfraud as usual? Or will an agency that wants to keep the prospective clients awake (instead of boring them with the same Big Data woo-woo as all the other agencies) do better with a tracking protection component to its pitch?

Syndicated 2015-06-06 15:48:16 from Don Marti

6 Jun 2015 louie   » (Master)

What tools are changing our world next?

Quick brain dump after a bike ride home: free software took a huge leap in the late 90s and early 00s in large part because of non-ideological advantages that the rest of the world is now competing with or surpassing:

HDR automatically created from old pictures of Muir Woods by Google Photos.
HDR automatically created by Google Photos from my old pictures of Muir Woods. Not perfect, but better than I ever bothered to do!
  • Collaboration tools: Because we got to the ‘net first, our tools for collaborating with each other were simply better than what proprietary developers were doing: cvs, mailman, wiki, etc., were all better than the silo’d old-school tools. Modern best-of-breed collaboration tools have all learned from what we did and added proprietary sauce on top: github, slack, Google Docs, etc. So our tools that are now (at best) as productive as our proprietary counterparts, and sometimes less productive but ideologically agreeable.
  • Release processes: “Release early/release often” made us better partners for our users. We’re now actively behind here: compare how often a mobile app or web user gets updates, exactly as the author intended, relative to a user of a modern Linux distro.
  • Zero cost: We did things for no (direct) cost by subsidizing our work through college, startups, or consulting gigs; now everyone has a subsidize-by-selling-something-else model (usually advertising, though sometimes freemium). Again, advantage (mostly?) lost.
  • Knowing our users: We knew a lot about our users, because we were our biggest users, and we talked to other users a lot; this was more effective than what passed for software design in the late 90s. This has been eclipsed by extensive a/b testing throughout the industry, and (to a lesser extent) by more extensive usage of direct user testing and design-thinking.

None of these are terribly original observations – all of these have been remarked on before. But after playing some with Google Photos this weekend, I’m ready to add another one to the list:

Worth asking what your project is doing that could be radically changed if your competitors get access to new technology. For example, for Wikipedia:

  • Collaborating: Wiki was best-of-breed (or close); it isn’t anymore. Visual Editor helps get editing back to par, but the social aspect of collaboration is still lacking relative to the expectations of many users.
  • Knowledge creation: big groups of humans, working together wiki-style, is the state of the art for creating useful, non-BS knowledge at scale. With the aforementioned machine learning, I suspect this will no longer the case in a (growing) number of domains.

I’m sure there are others…

Syndicated 2015-06-06 15:00:06 from Luis Villa » Blog

5 Jun 2015 bagder   » (Master)

I lead the curl project and this is how it works

I did this 50 minute talk on May 21 2015 for a Swedish company. With tongue in cheek subtitled “from hobby to world domination”. I think it turned out pretty decent and covers what the project is, how we work on it and what I do to make it run. Some of the questions are not easy to hear but in general it works out fine. Enjoy!