Recent blog entries

1 Jul 2015 hypatia   » (Journeyer)

Blogging for Geek Feminism, a short history

With yesterday’s release of Spam All the Links, I’ve finished my long awaited project of departing the Geek Feminism blog.

I was involved in the blog on, if not from the first day of its existence, at least from the first week of it. My involvement in the blog was huge, and comprises among other things:

  • over 200 posts to the blog
  • founding and for a long time running the Ask a Geek Feminist, Wednesday Geek Woman and Cookie of the Week series
  • doing a linkspam post by myself multiple times a week for about a year
  • recruiting the initial team of Linkspammers and setting up their manual, mailing list and of course, the script that supports them
  • recruiting several other bloggers, including Tim, Restructure! and Courtney S
  • a bunch of sysadmin of the self-hosted WordPress install (it’s now hosted on

My leaving the blog is delayed news. I initially told the co-bloggers I was leaving close to a year ago now (mid-August, if I’d waited much longer on writing this I could have posted on the one year anniversary), because my output had dried up. I feel in large part that what happened was that I spent about ten years in geekdom (1999–2009) accumulating about three years of material for the blog, and then I ran out of things to write about there. I also have two more children and one more business than I had when I was first writing for it, and, very crucially, one less unfinished PhD to avoid. But I had a handover todo list to plod my way through, and Spam All the Links was the last item on it!

I remain involved in Geek Feminism as an administrator on the Geek Feminism wiki, on which I had about 25% of total edits last I looked, although the same sense of being a dry well is there too.

The blog was obviously hugely important for me, both as an outlet for that ten years of pent up opinionating and, to my surprise, because I ended up moving into the space professionally. I’m glad I did it.

Today, I would say these are my five favourite posts I made to the blog:

“Girl stuff” in Free Software, August 2009:

Terri mention[ed] that she had resisted at times working on things perceived as ‘girl stuff’. In Free Software this includes but is not limited to documentation, usability research, community management and (somewhat unusually for wider society) sometimes management in general. The audience immediately hit on it, and it swirled around me all week.

Why we document, August 2009:

I do not in fact find writing the wiki documentation of incidents in geekdom very satisfying. The comment linked at the beginning of the post compared the descriptions to a rope tying geekdom to the past. Sometimes being known as a wiki editor and pursued around IRC with endless links to yet another anonymous commenter or well-known developer advising women to shut up and take it and write some damned code anyway is like a rope tying me to the bottom of the ocean.

But what makes it worth it for me is that when people are scratching their heads over why women would avoid such a revolutionarily free environment like Free Software development, did maybe something bad actually happen, that women have answers.

(I’d be very interested in other people’s takes on this in 2015, which is a very different landscape in terms of the visibility of geek sexism than 2009 was.)

Why don’t you just hit him?, December 2010:

This is the kind of advice given by people who don’t actually want to help. Or perhaps don’t know how they can. It’s like if you’re a parent of a bullying victim, and you find yourself repeating “ignore it”, “fight back with fists” or whatever fairly useless advice you yourself were once on the receiving end of. It’s expressing at best helplessness, and at worst victim-blaming. It’s personalising a cultural problem.

You are not helpless in the face of harassment. Call for policies, implement policies, call out harassment when you overhear it, or report it. Stand with people who discuss their experiences publicly.

Anti-pseudonym bingo, July 2011:

Let’s recap really quickly: wanting to and being able to use your legal name everywhere is associated with privilege. Non-exhaustive list of reasons you might not want to use it on social networks: everyone knows you by a nickname; you want everyone to know you by a nickname; you’re experimenting with changing some aspect of your identity online before you do it elsewhere; online circles are the only place it’s safe to express some aspect of your identity, ever; your legal name marks you as a member of a group disproportionately targeted for harassment; you want to say things or make connections that you don’t want to share with colleagues, family or bosses; you hate your legal name because it is shared with an abusive family member; your legal name doesn’t match your gender identity; you want to participate in a social network as a fictional character; the mere thought of your stalker seeing even your locked down profile makes you sick; you want to create a special-purpose account; you’re an activist wanting to share information but will be in danger if identified; your legal name is imposed by a legal system that doesn’t match your culture… you know, stuff that only affects a really teeny minority numerically, and only a little bit, you know?

But I’m mostly listing it here because I always have fun with the design of my bingo cards. (This was my first time, Sexist joke bingo is better looking.)

I take it we aren’t cute enough for you?, August 2012:

… why girls? Why do we not have 170 comments on our blog reaching out to women who are frustrated with geekdom? I want to get this out in the open: people love to support geek girls, they are considerably more ambivalent about supporting geek women.

The one I’m still astonished I had time for was transcribing the entire Doubleclicks “Nothing to Prove” video. 2013? I don’t remember having that kind of time in 2013!

Thanks to my many co-bloggers over the five years I was a varyingly active blogger at Geek Feminism. I may be done, at least for a time and perhaps in that format, but here’s to a new generation of geek feminist writers joining the exisitng one!

Hand holding aloft a cocktail glass
from an image by Susanne Nilsson, CC BY-SA
Image credit: Cheers! by Susanne Nilsson, Creative Commons Attribution-Sharealike. The version used in this post was cropped and colour adjusted by Mary.

Syndicated 2015-07-01 22:25:59 from

1 Jul 2015 mikal   » (Journeyer)

Hunting for GC1D1NB

I went for an after work walk to try and find GC1D1NB on Tuggeranong Hill yesterday. It wasn't a great success. I was in the right area but I just couldn't find it. Eventually I ran out of time and had to turn back. I am sure I'll have another attempt at this one soon.


Interactive map for this route.

Tags for this post: blog pictures 20150701-tuggeranong_hill photo canberra bushwalk
Related posts: Goodwin trig; Big Monks; Geocaching; Confessions of a middle aged orienteering marker; A quick walk through Curtin; Narrabundah trig and 16 geocaches


Syndicated 2015-07-01 15:52:00 from : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

1 Jul 2015 marnanel   » (Journeyer)

The Ghost in the Crown - Act 1

What if Dr Seuss had written Hamlet?

The sun did not shine.
There were clouds overhead.
I sat in the castle
And wished I was dead.
My father had perished.
My dad lost his life.
My uncle usurped him
And married his wife!
An action more evil
Than man should commit.
And I did not like it!
Not even one bit!

My mother, the queen,
And her husband, her kin,
They knocked on the door.
They said “May we come in?”
They opened the door
Of the room where I sat.
And they said to me,
“Why do you sit there like that?
Did you know derrières
Are a bit like your dad?
For everyone’s got one.
(Or everyone had.)
You cried for a night
When he died without warning.
But you can have lots
of good fun in the morning!
There’s plenty of fathers!
They’re twenty a dime!
They don’t last forever.
They die all the time!
So stop going round
In a suit of black cloth.
You’re sure to be sad
If you dress like a goth.
Don’t run off to college.
Just chill for a while.
Now I’m your new father.
So give us a smile!”

And then I was sadder
Than ever I’ve felt.
My body’s alive
But I wished it would melt.
My mum, like a beast,
With my uncle was lying,
In less than a month
From her mourning and crying.
They jumped into bed
While her tears were undried,
And I wished that the Lord
Would allow suicide.

My friends came to tell me,
“Come quickly! Come down!
We’ve seen on the ramparts
It gave us a fright
Like we never have had!
It shines in the dark!
And it looks like your dad!”

I went to the ramparts
High over the town.
I looked! And I saw him!
The GHOST in the CROWN!

He said, “Listen closely,
For everyone’s sake!
They said I was killed
By a venomous snake.
My bruv did the deed!
Not a serpent that hisses!
He wants to be king
And to sleep with my missus!
Tell your uncle from me
He’s a murdering swine!
Or your haircut will look
Like a mad porcupine!”

I’ll be posting these over the next few days, one for each of the five acts of Hamlet. When I’m done I’ll work on some illustrations. Feedback and sharing are very welcome. This entry was originally posted at Please comment there using OpenID.

Syndicated 2015-07-01 16:38:00 from Monument

1 Jul 2015 hypatia   » (Journeyer)

Code release: Spam All the Links

The Geek Feminism blog’s Linkspam tradition started back in August 2009, in the very early days of the blog and by September it had occurred to us to take submissions through bookmarking services. From shortly after that point there were a sequence of scripts that pulled links out of RSS feeds. Last year, I began cleaning up my script and turning it into the one link-hoovering script to rule them all. It sucks links out of bookmarking sites, Twitter and WordPress sites and bundles them all up into an email that is sent to the linkspamming team there for curation, pre-formatted in HTML and with title and suggestion descriptions for each link. It even attempts to filter out links already posted in previous linkspams.

The Geek Feminism linkspammers aren’t the only link compilers in town, and it’s possible we’re not the only group who would find my script useful. I’ve therefore finished generalising it, and I’ve released it as Spam All the Links on Gitlab. It’s a Python 3 script that should run on most standard Python environments.

Spam All the Links

Spam All the Links is a command line script that fetches URL suggestions from
several sources and assembles them into one email. That email can in turn be
pasted into a blog entry or otherwise used to share the list of links.

Use case

Spam All the Links was written to assist in producing the Geek Feminism linkspam posts. It was developed to check WordPress comments, bookmarking websites such as Pinboard, and Twitter, for links tagged “geekfeminism”, assemble them into one email, and email them to an editor who could use the email as the basis for a blog post.

The script has been generalised to allow searches of RSS/Atom feeds, Twitter, and WordPress blog comments as specified by a configuration file.

Email output

The email output of the script has three components:

  1. a plain text email with the list of links
  2. a HTML email with the list of links
  3. an attachment with the HTML formatted links but no surrounding text so as to be easily copy and pasted

All three parts of the email can be templated with Jinja2.

Sources of links

Spam All the Links currently can be configured to check multiple sources of links, in these forms:

  1. RSS/Atom feeds, such as those produced by the bookmarking sites Pinboard or Diigo, where the link, title and description of the link can be derived from the equivalent fields in the RSS/Atom. (bookmarkfeed in the configuration file)
  2. RSS/Atom feeds where links can be found in the ‘body’ of a post (postfeed in the configuration file)
  3. Twitter searches (twitter in the configuration file)
  4. comments on WordPress blog entries (wpcommentsfeed in the configuration file)

More info, and the code, is available at the Spam All the Links repository at Gitlab. It is available under the MIT free software licence.

Syndicated 2015-06-30 23:25:56 from

30 Jun 2015 mikal   » (Journeyer)

Percival trig

I had a pretty bad day, so I knocked off early and went for a walk before going off to the meeting at a charity I help out with. The walk was to Percival trig, which I have to say was one of the more boring trigs I've been to. Some of the forest nearly was nice enough, but the trig itself is stranded out in boring grasslands. Meh.


Interactive map for this route.

Tags for this post: blog pictures 20150630-percival photo canberra bushwalk trig_point
Related posts: Goodwin trig; Big Monks; Narrabundah trig and 16 geocaches; Cooleman and Arawang Trigs; One Tree and Painter; A walk around Mount Stranger


Syndicated 2015-06-30 04:08:00 (Updated 2015-07-01 02:08:08) from : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

29 Jun 2015 mikal   » (Journeyer)

A team walk around Red Hill

My team at work is trying to get a bit more active, so a contingent from the Canberra portion of the team went for a walk around Red Hill. I managed to sneak in a side trip to Davidson trig, but it was cheating because it was from the car park at the top of the hill. A nice walk, with some cool geocaches along the way.


Interactive map for this route.

Tags for this post: blog pictures 20150629-davidson photo canberra bushwalk trig_point
Related posts: Goodwin trig; Big Monks; Narrabundah trig and 16 geocaches; Cooleman and Arawang Trigs; One Tree and Painter; A walk around Mount Stranger


Syndicated 2015-06-29 15:38:00 (Updated 2015-07-01 00:06:00) from : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

29 Jun 2015 dmarti   » (Master)

Broadcasters, fighting, and data leakage

Bob Hoffman wants to see broadcasters standing up against adtech. He writes,

They are being taken to the cleaners by hyper-motivated digital evangelists who understand what predatory thinking means.

Here's a screenshot of a radio station site.

The purple bar on the right is a Ghostery list of all the trackers that are data-leaking the KFOG audience to the "adtech ecosystem."

So if a media buyer wants to reach radio listeners in the Bay Area, he or she can buy a radio commercial on KFOG (good for KFOG), buy an ad or sponsorship on the KFOG site (also good for KFOG), or just leech off the data leakage and use adtech to reach the same listeners on another site entirely (not so good for KFOG).

The radio station builds an audience, and the third-party trackers leak it away.

At the same time, a radio station can't unilaterally drop all the third-party trackers from the site. Protecting the audience is hard. That's where a radio station can use a tracking protection plan. Get the audience protected, stop data leakage, get more advertisers coming to you instead of sneaking around.

On air, when someone interferes with your signal you can call the FCC. On the Internet, well, this is getting too long, so just call Bob.

Syndicated 2015-06-29 14:07:54 from Don Marti

29 Jun 2015 Pizza   » (Master)

Ongoing Dyesub Photo Printer Developments

Gutenprint 5.2.11-pre1 was released this weekend. It contains the usual support for a pile of new printers, and improvements for many previously-supported models. I'll only speak about stuff I had a hand in:

First, the newly-supported models that are reported to be working quite well:

  • Canon SELPHY CP820 and CP910
  • Citizen CW-01 / Olmec OP900
  • DNP DS620/DS620A
  • Mitsubishi CP-3800DW

Next, new models that were added but have received no testing:

  • Sony UP-CR10L (aka DNP SL10)
  • Shinko S1245 [1]

Models that have much-improved support:

  • DNP DS40/DS80/RX1 [4]
  • Citizen CX/CX-W/CY [4]
  • Canon SELPHY CP900
  • Kodak 605, 6800, and 6850 [3]
  • Mitsubishi CP9550 family (including the CP9550DW-S!)
  • Sony UP-DR200

Finally, models that are improved or added, but will require muh more work before they are considerd useful:

  • Mitsubishi CP-D70/D707/K60/D80 [2]
  • Ciaat Brava 21 [2]
  • Kodak 305 [2]
  • Kodak 8810
  • Shinko S6145 [2]
  • Shinko S6245

Some notes:

[1] The Shinko S1245 is notable in that I've already completed a full-featured backend that just needs testing with a real printer.

[2] These models are all related, and use an unknown color scaling/dithering algorithm that must be reverse-engineered before the printers become usable.

[3] The Kodak 68x0 family in particular is consirerably more robust in the face of errors, media mismatches, and status reporting.

[4] The DNP/Citizen backend was greatly improved, and is far, far more robust than it used to be. Error detection and recovery, general buffer management, handling media/printjob mismatches, and even general status queries were all improved.

Oh, just to forestall the question, all printers with multicut modes (eg 2x6 strips) have full support, but will require a minor patch to be applied to Gutenprint before compiling.

I'll end this with my usual request for testers, especially ones with access to the Shinko S1245, Sony UP-CR10L, and DNP SL10 models since the work is already completed. As for what's next, the Shinko S6245 is the most promising candidate.

Thanks go out to everyone who has helped -- be it testing or providing USB dumps; sending over documentation (Yay, Shinko!), or actual printers (Yay, LiveLink!). There are others I would like to acknowledge but they have asked to remain anonymous. Thank you, all.

Syndicated 2015-06-29 12:15:48 from Solomon Peachy

29 Jun 2015 pabs3   » (Master)

The aliens are amongst us!

Don't worry, they can't cope with our atmosphere.

Alien on the ground

Perhaps they are just playing dead. Don't turn your back if you see one.

Folks may want to use this alien in free software. The original photo is available on request. To the extent possible under law, I have waived all copyright and related or neighboring rights to this work. The alien has signed a model release. An email or a link to this page would be appreciated though.

Syndicated 2015-06-29 08:29:36 from Advogato

28 Jun 2015 badvogato   » (Master)

28 Jun 2015 hypatia   » (Journeyer)

Sunday 28 June 2015

We’ve had our used moving boxes picked up, and we’ve returned my overdue library books from Glebe. We’ve hung the pictures we haven’t seen in three years because the previous place didn’t have hooks. There’s things we aren’t on top of (at least two lights need electrical work) but on the basics we really are moved in now.

We had our housewarming party last weekend. That and my then-missing photos hard drive motivated the bulk of the box unpacking. I like to occasionally have parties and invite a huge number of people that I know. In lieu of culling the guest list, I give fairly short notice. We live in a short street, which made it easy to invite the new neighbours too. It fell on the solstice. I used to have solstice barbecues up at Balls Head Reserve and heat mulled wine in a pot on the electric barbecues in the dark. Not since V was born. But since the housewarming was on June 21, we made mulled wine in the crockpot and had heated party pies and sausage rolls. The latter used to be a welcome treat on dive boats, served with mugs of instant soup, restoring our body temperature between dives.

The next two weeks are school holidays, which will be less of a contrast for V than they were for us. He’s spending the two weeks in his usual after school care provider, in their full day vacation care program. They do a lot of excursions and activities and generally contribute to the school holiday crowding in public places. We’re visiting my family for a weekend but not otherwise going away because we’re going to the snow in September (if there is snow this year). For a while my life will be mainly house things.

We aren’t far from an adult education centre, so I’d like to enrol in a few courses over the next couple of years. Music, studio photography… And I’m excited about the possibilities of a house I can change over time. The biggest project I can imagine is getting the back courtyard substantially redesigned. There’s a lot of small stuff that can go before that though. I’ve even joined Pinterest to track inspiration; I’m reminded that in my Wikimania keynote in 2012 the issue of women using Pinterest rather than editing Wikipedia came up once or twice, which now seems mostly odd, since one is an encyclopedia and the other is a visual inspiration bookmarking site. Probably my “find interesting pictures of courtyards” moments will not overlap terribly much with my “find sources for recent Australian crimes” moments.

Syndicated 2015-06-28 11:31:45 from

25 Jun 2015 caolan   » (Master)

Equalize Width/Height

In LibreOffice 5.1 I've added an equalize width/height pair of adjustments to the "shapes" submenu when multiple objects are selected. Equalize Width and Equalize Height which adjusts the width/height of the selected objects to the width/height of the last selected object.

So if you need to adjust the shapes of a bunch of little images and shapes. Adjust one, then select the lot, selecting the reference one last, and use these to update the rest of the sizes.

Syndicated 2015-06-25 13:55:00 (Updated 2015-06-25 13:55:34) from Caolán McNamara

25 Jun 2015 dmarti   » (Master)

NIMBY + ISDS = Profit?

Random idea for how to make some cash from the Trans-Pacific Partnership.

Step 1: Buy a piece of real estate in a city with a severe NIMBY problem. (See How Strong Property Rights Promote Social Equality for more info.) Sell an ownership interest in the property to a foreign company.

Step 2: Get an architect to design a building for the site that is technically 100% legal, but that will provoke a severe NIMBY reaction. Something like "Section 8 housing for TaskRabbit workers and tech bus drivers." Put up posters and buy some newspaper ads, to get the local NIMBYs fired up.

Step 3: When the local government starts giving you grief about the building plans, don't even go to the City Council meeting. Take it straight to the International Centre for Settlement of Investment Disputes, and get the US Federal government to pay the foreign company for its investment loss.

Buy back the foreign company's share of the property and repeat. Do this enough times and a vacant lot could be more profitable than a luxury condo development. (Sucks to be a person actually looking for an apartment, but hey, are we going to do Free Trade or what?)

Syndicated 2015-06-25 02:25:36 from Don Marti

24 Jun 2015 dmarti   » (Master)

One dad's FREE weight loss tip will blow your mind!

"Don, it looks like you lost weight," someone said to me last week.

That is true. Since December 2013 I have lost about 15% of my body weight.

Not a rapid decrease, but sustainable so far. I'm not at my ideal weight yet, but I have made some progress, including having to buy new pants.

The main change that I had to make was to get some kind of personal Hawthorne effect going. If I keep track of how much food I eat, and make rules for myself about when I eat food, then I'm more likely to eat the right amount.

Think of it as a kind of mindful consumption thing.

I have zero claim to be an expert on this subject. I just think of it like IT spending within a company. If my "inner CIO" is doing his job, the overall level of stuff coming in the door should be manageable, even as the users keep asking for more. Sometimes, some extra stuff will get in, over the CIO's objections, but in general, the IT department can handle it and things keep working.

So let's look at today's surveillance marketing news.

40 kcal of rogue IT

Can Mondelez, Facebook Sell More Cookies Online?

The new arrangement also covers 52 countries and will "focus on creating and delivering creative video content and driving impulse snack purchasing online," according to a statement issued on Tuesday.

Hold on a minute.

"impulse snack purchasing"


I'm not allowed to do impulse snack purchasing.

My inner CIO has a snack approval policy, and my inner impulsive cookie-eater has to fill out a form and wait.

So, if you want to sell me food, you have to come in the front door and pitch the mindful eating department. Or my inner CIO will set up the filters to block you.

If you want to rely on Facebook's power to manipulate emotions instead, and try to get around the CIO, you just lost your access.

David Ogilvy once wrote, The customer is not a moron. She's your wife. That's being generous. The customer is a little of both. An inner moron and an inner non-moron who comes home and yells, What the hell did you eat all those cookies for, you moron?

In an environment where advertisers are trying to "engage" my inner moron, information diet is a prerequisite for food diet. I don't have Facebook on my phone, and I have the web site as a mostly write-only medium (thanks to for gatewaying this blog). But Facebook does have an online behavioral advertising operation. In order to protect myself from that kind of thing, I have tracking protection turned on in my browser.

So if you're reading this blog for the weight loss tip, here it is. Take the tracking protection test and get protected. Bonus tip: How can I break the Facebook habit?

I'm fortunate. For me, the consequences of impulse buying are low. Yes, I like Oreo cookies, and no, I don't trust myself not to be manipulated into eating more Oreo cookies than are good for me. But it's not that big of a deal. I'm not being targeted for predatory lending or gambling. My inner CIO could have a lot worse problems.

(If anyone has a blog about mindful eating, I should probably read it to learn more about this stuff, so let me know where to find it, please.)

Photo: Balfabio for Wikimedia Commons

Syndicated 2015-06-24 02:50:55 from Don Marti

24 Jun 2015 hypatia   » (Journeyer)

Photography: autumn in Sydney’s inner west

Autumn in Glebe

Autumn in Rozelle

Autumn leaves in Rozelle

More at Flickr

Syndicated 2015-06-24 08:23:07 from

23 Jun 2015 caolan   » (Master)

Impress Slide Design

Selecting multiple slides in normal view and using the slide design dialog will now affect all the selected slides as opposed to the single last selected slide in 5.1 onwards.

Syndicated 2015-06-23 16:12:00 (Updated 2015-06-23 16:12:44) from Caolán McNamara

21 Jun 2015 Stevey   » (Master)

We're all about storing objects

Recently I've been experimenting with camlistore, which is yet another object storage system.

Camlistore gains immediate points because it is written in Go, and is a project initiated by Brad Fitzpatrick, the creator of Perlbal, memcached, and Livejournal of course.

Camlistore is designed exactly how I'd like to see an object storage-system - each server allows you to:

  • Upload a chunk of data, getting an ID in return.
  • Download a chunk of data, by ID.
  • Iterate over all available IDs.

It should be noted more is possible, there's a pretty web UI for example, but I'm simplifying. Do your own homework :)

With those primitives you can allow a client-library to upload a file once, then in the background a bunch of dumb servers can decide amongst themselves "Hey I have data with ID:33333 - Do you?". If nobody else does they can upload a second copy.

In short this kind of system allows the replication to be decoupled from the storage. The obvious risk is obvious though: if you upload a file the chunks might live on a host that dies 20 minutes later, just before the content was replicated. That risk is minimal, but valid.

There is also the risk that sudden rashes of uploads leave the system consuming all the internal-bandwith constantly comparing chunk-IDs, trying to see if data is replaced that has been copied numerous times in the past, or trying to play "catch-up" if the new-content is larger than the replica-bandwidth. I guess it should possible to detect those conditions, but they're things to be concerned about.

Anyway the biggest downside with camlistore is documentation about rebalancing, replication, or anything other than simple single-server setups. Some people have blogged about it, and I got it working between two nodes, but I didn't feel confident it was as robust as I wanted it to be.

I have a strong belief that Camlistore will become a project of joy and wonder, but it isn't quite there yet. I certainly don't want to stop watching it :)

On to the more personal .. I'm all about the object storage these days. Right now most of my objects are packed in a collection of boxes. On the 6th of next month a shipping container will come pick them up and take them to Finland.

For pretty much 20 days in a row we've been taking things to the skip, or the local charity-shops. I expect that by the time we've relocated the amount of possesions we'll maintain will be at least a fifth of our current levels.

We're working on the general rule of thumb: "If it is possible to replace an item we will not take it". That means chess-sets, mirrors, etc, will not be carried. DVDs, for example, have been slashed brutally such that we're only transferring 40 out of a starting collection of 500+.

Only personal, one-off, unique, or "significant" items will be transported. This includes things like personal photographs, family items, and similar. Clothes? Well I need to take one jacket, but more can be bought. The only place I put my foot down was books. Yes I'm a kindle-user these days, but I spent many years tracking down some rare volumes, and though it would be possible to repeat that effort I just don't want to.

I've also decided that I'm carrying my complete toolbox. Some of the tools I took with me when I left home at 18 have stayed with me for the past 20+ years. I don't need this specific crowbar, or axe, but I'm damned if I'm going to lose them now. So they stay. Object storage - some objects are more important than they should be!

Syndicated 2015-06-21 00:00:00 from Steve Kemp's Blog

20 Jun 2015 mikal   » (Journeyer)

Yet another possible cub walk

Jacqui and Catherine kindly agreed to come on another test walk for a possible cub walk. This one was the Sanctuary Loop at Tidbinbilla. To be honest this wasn't a great choice for cubs -- whilst being scenic and generally pleasant, the heavy use of black top paths and walkways made it feel like a walk in the Botanic Gardens, and the heavy fencing made it feel like an exhibit at a zoo. I'm sure its great for a weekend walk or for tourists, but if you're trying to have a cub adventure its not great.


See more thumbnails

Interactive map for this route.

Tags for this post: blog pictures 20150620-tidbinbilla photo canberra bushwalk
Related posts: Goodwin trig; Big Monks; Geocaching; Confessions of a middle aged orienteering marker; A quick walk through Curtin; Narrabundah trig and 16 geocaches


Syndicated 2015-06-20 02:20:00 from : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

19 Jun 2015 caolan   » (Master)

gtk3 clipboard support implemented

Our LibreOffice gtk2 vclplug inherits from our generic X11 vclplug and so in lots of places we just continued to use our historic X11 vclplug for various things, one big example being clipboard support.

To do the same with the gtk3 vclplug would work for the case where gtk3 is backed by X11, but not if backed by wayland. So we needed to implement cut and paste with the gtk3 apis.

X clipboard/selection/cut and paste is errr... "tricky", so it was a bit of a death march to drag myself to the keyboard to go about this. But it turns out the gtk clipboard apis are really good and its reasonably easy to get it up and running. So the LibreOffice gtk3 vclplug now has clipboard support.

Last major thing is to get gtk3 gstreamer integration working for video playback and then it's mopping up territory.

Syndicated 2015-06-19 08:33:00 (Updated 2015-06-19 08:33:22) from Caolán McNamara

19 Jun 2015 ade   » (Journeyer)

Omnivorous inclusiveness and the closing of the browser parenthesis

In the past I've thought of the web as a convoy of browsers. That turns out to be wrong.

Nowadays (thanks to a long lunch with Paul Downey, Jeni Tennison,  et al) I've begun thinking of the web as a ship of Theseus where, despite replacing every single part of the stack, what's left is still recognisably the web.

This made me realise that we are surrounded by unexamined and ossified metaphors that are in danger of becoming thought-terminating cliches. For example:
- open web versus (presumably) closed web
- the web browser is the web platform is the web
- the web as a platform
- web apps
- web versus native


Syndicated 2015-06-18 16:01:00 from : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

18 Jun 2015 wingo   » (Master)

arrow functions coming to chrome 45!

It's been a long time coming, but I just flipped the bit in V8 that will ship arrow functions in Chrome 45! Woo hoo!

You probably know, but arrow functions are a new way to write functions in JavaScript. They look like this:

// Two arguments, body implicitly returned.
(x, y) => x + y

// With just one argument, no parentheses needed.
x => x * 2

// Body can have braces too; in that case use "return".
x => { return x * 2 }

Relative to the other kind of function that is written like function (x) { return x * 2 }, arrow functions don't define this or arguments in their bodies, instead capturing these values from the environment. There are a couple of other minor differences, too, but instead of writing about them here I'll just point to the great article by Jason Orendorff of the SpiderMonkey team.

Arrow functions are part of the JavaScript language standard that was called "ECMAScript 6" or ES6, and I guess you could still call it that. It seems like a silly thing for the committee to do to throw away all their branding like that but they decided to rename it ECMAScript 2015, which I'm sure is a link that the pedants are glad I have included. The upshot is that the standard is now final, gold master, etched in stone, which from an implementor's perspective is a relief. You can practically feel the anxiety ebbing away by the happy rate at which commits bubble out of source repositories and into shipping browsers, free from the fear that some spec change will force the hack-stream to change course.

From the V8 side, our arrow function implementation has also been a long time coming. My colleague Adrián Pérez did the first half of the work, and I picked up on the back end of things. It seems like such a small feature and in many ways it is, but still it took a long time. Now I know that my readers are a bunch of nerds and many of you like implementing languages, so you might appreciate these nargish points.

One of the first bits is that arrow functions are hard to parse. Consider, this is a valid JavaScript expression:


It's a "comma expression" that will evaluate x then y and its result will be the result of evaluating y. But add an arrow on after the end and you get not an expression but a formal parameter list:


Now you might think, well OK, when you see an arrow, rewind the input stream and parse in "arrow function mode". Indeed that would be fine, but not in combination with some additional ES6 features, optional and destructuring arguments. Optional arguments look like this:


The =42 part is the expression that will be evaluated to give x a value, if the function is called with no arguments. Note that this bit is still under implementation in V8 so you can't try it in your browser. An optional argument initializer is an expression and not a value, so you can also have:


Combined, this makes rewinding the token stream a proposition of exponential complexity, which is a no-go for a production JavaScript parser. Parsers are on the hot path for page-load times and no browser vendor wants to introduce a pathological case into their page load.

Instead, V8 does something I hadn't seen before. It keeps an open mind about whether something is a comma expression or a formal parameter list of an arrow function, and only makes a decision when it sees the => (or not). As it parses, V8 records places that it would signal an error for either a parameter list or for an expression, and then when that superimposed wave function collapses it checks that the production is valid, signalling the appropriate error if not. I thought this was a really neat trick, so if you're into that thing see expression classifier to see those details.

The other thing that's tricky about arrow functions is the this binding. In JavaScript, this is basically a hidden parameter passed to a function when it is called. Calling a function like o.f() passes the value of o to f as its this parameter. If instead f() is called directly, like with no dot before the call, then undefined is passed as this. Also for sloppy-mode functions, if the passed this value isn't an object, then the global object instead is assigned to this. Finally outside a function, this is bound to the global object.

OK, I know all of you know these things. Thing is, you always have a this, and although it's like a variable it's not a valid variable name, and before ES6 nothing could capture its value, because each function has its own this value. Perhaps you see where I'm going with this (ahem) now. Arrow functions introduce a function scope that doesn't have a this value, and that indeed might capture some other scope's this value, forcing it to be context-allocated. Other parts of ES6 can actually force assignment to this, like a super call, and that assignment can actually come from within an arrow function. Zounds! A simple concept, but there was a lot of incidental complexity in V8 around the implementation. Between Adrián and myself it took like three months to fix this usage in V8 to always just go through the (possibly context-allocated) variable, and there are still probably some devtools bugs to find in the upcoming weeks.

Performance-wise, arrow functions are just like functions. They should be just as fast as if you wrote them with function. So use them with joy, use them with abandon, use them judiciously -- however you decide you use them, don't let perf influence your decision one way or the other.

That's about it! Like all of my JS engine work over the past couple years, this hacking was sponsored by fabulous folks over at Bloomberg, so big ups to them. From me and Adrián at Igalia, until next time! We leave you to puzzle out what this bit of JavaScript evaluates to:


Happy hacking!

Syndicated 2015-06-18 16:41:17 from wingolog

17 Jun 2015 mikal   » (Journeyer)

Exploring possible cub walks

I've been exploring possible cub walks for a little while now, and decided that Jerrabomberra Wetlands might be an option. Most of these photos will seem a bit odd to readers, unless you realize I'm mostly interested in the terrain and its suitability for cubs...


Interactive map for this route.

Tags for this post: blog pictures 20150617-jerrabomerra_wetlands photo canberra bushwalk
Related posts: Goodwin trig; Big Monks; Geocaching; Confessions of a middle aged orienteering marker; A quick walk through Curtin; Narrabundah trig and 16 geocaches


Syndicated 2015-06-16 21:35:00 from : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

17 Jun 2015 dmarti   » (Master)

5 five-minute steps up

Jason Kint writes, in "5 Ways Industry Leaders Need To Step Up",

Needless to say I found myself shaking my head at a recent publisher event where sites were discussing how they could block Facebook from tracking their users. How on earth did this become a responsibility of the publisher to hack together a short-term solution?

It's not all the publisher's responsibility, but it's a fact of the Internet that (1) stuff keeps getting broken, often on purpose, and (2) in order for things to keep working, everyone has to keep his or her own piece safe. If you want to run a mailing list or email newsletter, you have to understand the current state of spam filtering and work on deliverability. And if you want to be on the web, you have to think about protecting your users from the problem of third-party tracking.

Do the short-term solutions right, and they don't take too much effort individually, but they turn into continuous improvement. And nobody has to wait for big, slow-moving companies to change, or worse, cooperate.

So here are five, count'em, five, quick ways to step up and make a difference in the problems of tracking-based fraud, users seeing ads as untrustworthy and blocking them, and data leakage. Should take five minutes each on a basic site, longer if you have a big hairy professional CMS.

It's not the responsibility of an individual site to fix the whole problem, but there are plenty of small tweaks that can help slow down data leaks, encourage users to adopt site-friendly alternatives to ad blocking, and otherwise push things in the right direction.

Syndicated 2015-06-17 00:46:30 from Don Marti

16 Jun 2015 jas   » (Master)

SSH Host Certificates with YubiKey NEO

If you manage a bunch of server machines, you will undoubtedly have run into the following OpenSSH question:

The authenticity of host ' (' can't be established.
RSA key fingerprint is 1b:9b:b8:5e:74:b1:31:19:35:48:48:ba:7d:d0:01:f5.
Are you sure you want to continue connecting (yes/no)?

If the server is a single-user machine, where you are the only person expected to login on it, answering “yes” once and then using the ~/.ssh/known_hosts file to record the key fingerprint will (sort-of) work and protect you against future man-in-the-middle attacks. I say sort-of, since if you want to access the server from multiple machines, you will need to sync the known_hosts file somehow. And once your organization grows larger, and you aren’t the only person that needs to login, having a policy that everyone just answers “yes” on first connection on all their machines is bad. The risk that someone is able to successfully MITM attack you grows every time someone types “yes” to these prompts.

Setting up one (or more) SSH Certificate Authority (CA) to create SSH Host Certificates, and have your users trust this CA, will allow you and your users to automatically trust the fingerprint of the host through the indirection of the SSH Host CA. I was surprised (but probably shouldn’t have been) to find that deploying this is straightforward. Even setting this up with hardware-backed keys, stored on a YubiKey NEO, is easy. Below I will explain how to set this up for a hypothethical organization where two persons (sysadmins) are responsible for installing and configuring machines.

I’m going to assume that you already have a couple of hosts up and running and that they run the OpenSSH daemon, so they have a /etc/ssh/ssh_host_rsa_key* public/private keypair, and that you have one YubiKey NEO with the PIV applet and that the NEO is in CCID mode. I don’t believe it matters, but I’m running a combination of Debian and Ubuntu machines. The Yubico PIV tool is used to configure the YubiKey NEO, and I will be using OpenSC‘s PKCS#11 library to connect OpenSSH with the YubiKey NEO. Let’s install some tools:

apt-get install yubikey-personalization yubico-piv-tool opensc-pkcs11 pcscd

Every person responsible for signing SSH Host Certificates in your organization needs a YubiKey NEO. For my example, there will only be two persons, but the number could be larger. Each one of them will have to go through the following process.

The first step is to prepare the NEO. First mode switch it to CCID using some device configuration tool, like yubikey-personalization.

ykpersonalize -m1

Then prepare the PIV applet in the YubiKey NEO. This is covered by the YubiKey NEO PIV Introduction but I’ll reproduce the commands below. Do this on a disconnected machine, saving all files generated on one or more secure media and store that in a safe.

key=`dd if=/dev/random bs=1 count=24 2>/dev/null | hexdump -v -e '/1 "%02X"'`
echo $key > ssh-$user-key.txt
pin=`dd if=/dev/random bs=1 count=6 2>/dev/null | hexdump -v -e '/1 "%u"'|cut -c1-6`
echo $pin > ssh-$user-pin.txt
puk=`dd if=/dev/random bs=1 count=6 2>/dev/null | hexdump -v -e '/1 "%u"'|cut -c1-8`
echo $puk > ssh-$user-puk.txt

yubico-piv-tool -a set-mgm-key -n $key
yubico-piv-tool -k $key -a change-pin -P 123456 -N $pin
yubico-piv-tool -k $key -a change-puk -P 12345678 -N $puk

Then generate a RSA private key for the SSH Host CA, and generate a dummy X.509 certificate for that key. The only use for the X.509 certificate is to make PIV/PKCS#11 happy — they want to be able to extract the public-key from the smartcard, and do that through the X.509 certificate.

openssl genrsa -out ssh-$user-ca-key.pem 2048
openssl req -new -x509 -batch -key ssh-$user-ca-key.pem -out ssh-$user-ca-crt.pem

You import the key and certificate to the PIV applet as follows:

yubico-piv-tool -k $key -a import-key -s 9c 

You now have a SSH Host CA ready to go! The first thing you want to do is to extract the public-key for the CA, and you use OpenSSH's ssh-keygen for this, specifying OpenSC's PKCS#11 module.

ssh-keygen -D /usr/lib/x86_64-linux-gnu/ -e > ssh-$

If you happen to use YubiKey NEO with OpenPGP using gpg-agent/scdaemon, you may get the following error message:

no slots
cannot read public key from pkcs11

The reason is that scdaemon exclusively locks the smartcard, so no other application can access it. You need to kill scdaemon, which can be done as follows:

gpg-connect-agent SCD KILLSCD SCD BYE /bye

The output from ssh-keygen may look like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp+gbwBHova/OnWMj99A6HbeMAGE7eP3S9lKm4/fk86Qd9bzzNNz2TKHM7V1IMEj0GxeiagDC9FMVIcbg5OaSDkuT0wGzLAJWgY2Fn3AksgA6cjA3fYQCKw0Kq4/ySFX+Zb+A8zhJgCkMWT0ZB0ZEWi4zFbG4D/q6IvCAZBtdRKkj8nJtT5l3D3TGPXCWa2A2pptGVDgs+0FYbHX0ynD0KfB4PmtR4fVQyGJjJ0MbF7fXFzQVcWiBtui8WR/Np9tvYLUJHkAXY/FjLOZf9ye0jLgP1yE10+ihe7BCxkM79GU9BsyRgRt3oArawUuU6tLgkaMN8kZPKAdq0wxNauFtH

Now all your users in your organization needs to add a line to their ~/.ssh/known_hosts as follows:

@cert-authority * ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp+gbwBHova/OnWMj99A6HbeMAGE7eP3S9lKm4/fk86Qd9bzzNNz2TKHM7V1IMEj0GxeiagDC9FMVIcbg5OaSDkuT0wGzLAJWgY2Fn3AksgA6cjA3fYQCKw0Kq4/ySFX+Zb+A8zhJgCkMWT0ZB0ZEWi4zFbG4D/q6IvCAZBtdRKkj8nJtT5l3D3TGPXCWa2A2pptGVDgs+0FYbHX0ynD0KfB4PmtR4fVQyGJjJ0MbF7fXFzQVcWiBtui8WR/Np9tvYLUJHkAXY/FjLOZf9ye0jLgP1yE10+ihe7BCxkM79GU9BsyRgRt3oArawUuU6tLgkaMN8kZPKAdq0wxNauFtH

Each sysadmin needs to go through this process, and each user needs to add one line for each sysadmin. While you could put the same key/certificate on multiple YubiKey NEOs, to allow users to only have to put one line into their file, dealing with revocation becomes a bit more complicated if you do that. If you have multiple CA keys in use at the same time, you can roll over to new CA keys without disturbing production. Users may also have different policies for different machines, so that not all sysadmins have the power to create host keys for all machines in your organization.

The CA setup is now complete, however it isn't doing anything on its own. We need to sign some host keys using the CA, and to configure the hosts' sshd to use them. What you could do is something like this, for every host that you want to create keys for:
scp root@$h:/etc/ssh/ .
gpg-connect-agent "SCD KILLSCD" "SCD BYE" /bye
ssh-keygen -D /usr/lib/x86_64-linux-gnu/ -s ssh-$ -I $h -h -n $h -V +52w
scp root@$h:/etc/ssh/

The ssh-keygen command will use OpenSC's PKCS#11 library to talk to the PIV applet on the NEO, and it will prompt you for the PIN. Enter the PIN that you set above. The output of the command would be something like this:

Enter PIN for 'PIV_II (PIV Card Holder pin)': 
Signed host key id "" serial 0 for valid from 2015-06-16T13:39:00 to 2016-06-14T13:40:58

The host now has a SSH Host Certificate installed. To use it, you must make sure that /etc/ssh/sshd_config has the following line:

HostCertificate /etc/ssh/

You need to restart sshd to apply the configuration change. If you now try to connect to the host, you will likely still use the known_hosts fingerprint approach. So remove the fingerprint from your machine:

ssh-keygen -R $h

Now if you attempt to ssh to the host, and using the -v parameter to ssh, you will see the following:

debug1: Server host key: RSA-CERT 1b:9b:b8:5e:74:b1:31:19:35:48:48:ba:7d:d0:01:f5
debug1: Host '' is known and matches the RSA-CERT host certificate.


One aspect that may warrant further discussion is the host keys. Here I only created host certificates for the hosts' RSA key. You could create host certificate for the DSA, ECDSA and Ed25519 keys as well. The reason I did not do that was that in this organization, we all used GnuPG's gpg-agent/scdaemon with YubiKey NEO's OpenPGP Card Applet with RSA keys for user authentication. So only the host RSA key is relevant.

Revocation of a YubiKey NEO key is implemented by asking users to drop the corresponding line for one of the sysadmins, and regenerate the host certificate for the hosts that the sysadmin had created host certificates for. This is one reason users should have at least two CAs for your organization that they trust for signing host certificates, so they can migrate away from one of them to the other without interrupting operations.

Syndicated 2015-06-16 12:05:46 from Simon Josefsson's blog

14 Jun 2015 elwell   » (Journeyer)

Satellite Tracking / New rotor controller

(it appears I'm about due for my annual blog post entry). Those of you who follow me on twitter will be aware that I've just acquired an old Kenpro 5400 (this is roughly the same as the Yaesu G5500) Azimuth / Elevation rotator, that I plan to use to track cubesats and play with for ham radio.

On opening the control unit (I wanted to see if there were any other primary taps on the transformer, as it's a 110v controller) it was evident it had been 'altered' in the past. To quote someone on #highaltitude "that wiring job is responsible for a thousand dead kittens",

hence a plan was developed to leave the existing controller as an emergency spare and build a fresh 1U rack version instead. The ideas (such as they are) are on a github gist that I'll keep updated with plans. The rough idea being to have a decent embedded board (probably a beaglebone black as a Raspberry Pi depends on an SD card) controlling the relays for output directly, and reading in the potentiometer values to calc position. Using a more powerful microprocessor than say a pic or atmega (arduino) means I can update TLE's automatically and offload much of the tracking directly to the controller - meaning any SDR receivers can concentrate on the signal alone.

I'm also going to house in a GPS module (most likely another one from upu) so that it doubles as a stratum 1 NTP server as well as having accurate position to calculate passes from.

Syndicated 2015-06-14 15:08:00 (Updated 2015-06-14 15:08:13) from Andrew Elwell

13 Jun 2015 jmeskill   » (Master)

Blue/Green Deploys with Kubernetes and Amazon ELB

At Octoblu, we deploy very frequently and we’re tired of our users seeing the occasional blip when a new version is put into production.

Though we’re using Amazon Opsworks to more easily manage our infrastructure, our updates can take a while for dependencies to be installed before the service restarts – not a great experience.

Enter Kubernetes.

We knew that moving to an immutable infrastructure approach would help us deploy our apps, which range from extremely simple web services, to complex near-real-time messaging systems, quicker and easier.

Containerization is the future of app deployment, but managing and scaling a bunch of Docker instances, managing all the port mappings, is not a simple proposition.

Kubernetes simplified that part of our deployment strategy. However, we still had a problem, while Kubernetes is spinning up new versions of our docker instances, we could enter a state where old and new versions were in the mix. If we shut down the old before bringing up the new, we would also have a brief (sometimes not so brief) period of downtime.

Blue/Green Deploys

I first read about Blue/Green deploys in Martin Fowler’s excellent article BlueGreenDeployment, a simple, but powerful concept. We started to build out a way to do this in Kubernetes. After some complicated attempts, we came up with a simple idea: use Amazon ELBs as the router. Kubernetes handles the complexities of routing your request to the appropriate minion by listening to a given port on all minions, making ELB load balancing a piece of cake. Have the ELB listen on port 80 and 443, then route the request to the Kubernetes port on all minions.

Blue or Green?

The next problem was figuring out whether blue or green is currently active. Another simple idea, store a blue port and a green port as tags in the ELB and look at the current configuration of the ELB to see which one is currently live. No need to store the value somewhere that may not be accurate.

Putting it all together.

We currently use a combination of Travis CI and Amazon CodeDeploy to kick off the blue/green deploy process.

The following is part of a script that runs on our Trigger Service deploy. You can check out the code on GitHub if you want to see how it all works together.

I’ve added some annotation to help explain what is happening.


SCRIPT_DIR=`dirname $0`

export PATH=/usr/local/bin:$PATH
export AWS_DEFAULT_REGION=us-west-2

# Query ELB to get the blue port label
BLUE_PORT=`aws elb describe-tags --load-balancer-name triggers-octoblu-com | jq '.TagDescriptions[0].Tags[] | select(.Key == "blue") | .Value | tonumber'`

# Query ELB to get the green port label
GREEN_PORT=`aws elb describe-tags --load-balancer-name triggers-octoblu-com | jq '.TagDescriptions[0].Tags[] | select(.Key == "green") | .Value | tonumber'`

# Query ELB to figure out the current port
OLD_PORT=`aws elb describe-load-balancers --load-balancer-name triggers-octoblu-com | jq '.LoadBalancerDescriptions[0].ListenerDescriptions[0].Listener.InstancePort'`

# figure out if the new color is blue or green
if [ "${OLD_PORT}" == "${BLUE_PORT}" ]; then


# crazy template stuff, don't ask.
# Some people, when confronted with a problem,
# think "I know, I'll use regular expressions."
# Now they have two problems.
# -- jwz
perl -pe $REPLACE_REGEX $SCRIPT_DIR/triggers-service-blue-service.yaml.tmpl > $SCRIPT_DIR/triggers-service-blue-service.yaml
perl -pe $REPLACE_REGEX $SCRIPT_DIR/triggers-service-green-service.yaml.tmpl > $SCRIPT_DIR/triggers-service-green-service.yaml

# Always create both services
kubectl delete -f $SCRIPT_DIR/triggers-service-${NEW_COLOR}-service.yaml
kubectl create -f $SCRIPT_DIR/triggers-service-${NEW_COLOR}-service.yaml

# destroy the old version of the new color
kubectl stop rc -lname=triggers-service-${NEW_COLOR}
kubectl delete rc -lname=triggers-service-${NEW_COLOR}
kubectl delete pods -lname=triggers-service-${NEW_COLOR}
kubectl create -f $SCRIPT_DIR/triggers-service-${NEW_COLOR}-controller.yaml

# wait for Kubernetes to bring up the instances properly
while [ "$x" -lt 20 -a -z "$KUBE_STATUS" ]; do
   sleep 10
   echo "Checking kubectl status, attempt ${x}..."
   KUBE_STATUS=`kubectl get pod -o json -lname=triggers-service-${NEW_COLOR} | jq ".items[][\"triggers-service-${NEW_COLOR}\"].ready" | uniq | grep true`

if [ -z "$KUBE_STATUS" ]; then
  echo "triggers-service-${NEW_COLOR} is not ready, giving up."
  exit 1

# remove the port mappings on the ELB
aws elb delete-load-balancer-listeners --load-balancer-name triggers-octoblu-com --load-balancer-ports 80
aws elb delete-load-balancer-listeners --load-balancer-name triggers-octoblu-com --load-balancer-ports 443

# create new port mappings
aws elb create-load-balancer-listeners --load-balancer-name triggers-octoblu-com --listeners Protocol=HTTP,LoadBalancerPort=80,InstanceProtocol=HTTP,InstancePort=${NEW_PORT}
aws elb create-load-balancer-listeners --load-balancer-name triggers-octoblu-com --listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=${NEW_PORT},SSLCertificateId=arn:aws:iam::822069890720:server-certificate/

# reconfigure the health check
aws elb configure-health-check --load-balancer-name triggers-octoblu-com --health-check Target=HTTP:${NEW_PORT}/healthcheck,Interval=30,Timeout=5,UnhealthyThreshold=2,HealthyThreshold=2

Oops happens!

Sometimes Peter makes a mistake. We have to quickly rollback to a prior version. If it is the off-cluster, rollback is as simple as re-mapping the ELB to forward to the old ports. Sometimes Peter tries to fix his mistake with a new deploy and now we have a real mess.

Because this happened more than once, we created oops. Oops allows us to instantly rollback to the off cluster, simply by executing oops-rollback, or quickly re-deploy a previous version oops-deploy git-commit.

We add an .oopsrc to all our apps that looks something like this:

"elb-name": "triggers-octoblu-com",
"application-name": "triggers-service",
"deployment-group": "master",
"s3-bucket": "octoblu-deploy"

oops list will show us all available deployments.

We are always looking for ways to get better results, if you have some suggestions, let us know.

Syndicated 2015-06-13 17:31:22 from Jade Meskill

13 Jun 2015 Stevey   » (Master)

I'm still moving, but ..

Previously I'd mentioned that we were moving from Edinburgh to Newcastle, such that my wife could accept a position in a training-program, and become a more specialized (medical) doctor.

Now the inevitable update: We're still moving, but we're no longer moving to Newcastle, instead we're moving to Helsinki, Finland.

Me? I care very little about where I end up. I love Edinburgh, I always have, and I never expected to leave here, but once the decision was made that we needed to be elsewhere the actual destination does/didn't matter too much to me.

Sure Newcastle is the home of Newcastle Brown Ale, and has the kind of proper-Northern accents I both love and miss but Finland has Leipäjuusto, Saunas, and lovely people.

Given the alternative - My wife moves to Finland, and I do not - Moving to Helsinki is a no-brainer.

I'm working on the assumption that I can keep my job and work more-remotely. If that turns out not to be the case that'll be a real shame given the way the past two years have worked out.

So .. 60 days or so left in the UK. Fun.

Syndicated 2015-06-13 00:00:00 from Steve Kemp's Blog

12 Jun 2015 robbat2   » (Master)

gnupg-2.1 mutt

For the mutt users with GnuPG, depending on your configuration, you might notice that mutt's handling of GnuPG mail stopped working with GnuPG. There were a few specific cases that would have caused this, which I'll detail, but if you just want it to work again, put the below into your Muttrc, and make the tweak to gpg-agent.conf. The underlying cause for most if it is that secret key operations have moved to the agent, and many Mutt users used the agent-less mode, because Mutt handled the passphrase nicely on it's own.

  • -u must now come BEFORE --cleansign
  • Add allow-loopback-pinentry to gpg-agent.conf, and restart the agent
  • The below config adds --pinentry-mode loopback before --passphrase-fd 0, so that GnuPG (and the agent) will accept it from Mutt still.
  • --verbose is optional, depending what you're doing, you might find --no-verbose cleaner.
  • --trust-model always is a personal preference for my Mutt mail usage, because I do try and curate my keyring
set pgp_autosign = yes
set pgp_use_gpg_agent = no
set pgp_timeout = 600
set pgp_sign_as="(your key here)"
set pgp_ignore_subkeys = no

set pgp_decode_command="gpg %?p?--pinentry-mode loopback  --passphrase-fd 0? --verbose --no-auto-check-trustdb --batch --output - %f"
set pgp_verify_command="gpg --pinentry-mode loopback --verbose --batch --output - --no-auto-check-trustdb --verify %s %f"
set pgp_decrypt_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - %f"
set pgp_sign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - --armor --textmode %?a?-u %a? --detach-sign %f"
set pgp_clearsign_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --output - --armor --textmode %?a?-u %a? --detach-sign %f"
set pgp_encrypt_sign_command="pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --textmode --trust-model always --output - %?a?-u %a? --armor --encrypt --sign --armor -- -r %r -- %f"
set pgp_encrypt_only_command="pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --trust-model always --output --output - --encrypt --textmode --armor -- -r %r -- %f"
set pgp_import_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --import -v %f"
set pgp_export_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --export --armor %r"
set pgp_verify_key_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --fingerprint --check-sigs %r"
set pgp_list_pubring_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --with-colons --list-keys %r"
set pgp_list_secring_command="gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --verbose --batch --with-colons --list-secret-keys %r"

This entry was originally posted at Please comment there using OpenID.

Syndicated 2015-06-05 17:25:31 from Move along, nothing to read

11 Jun 2015 slef   » (Master)

Mick Morgan: here’s why pay twice? asks why the government hires civilians to monitor social media instead of just giving GC HQ the keywords. Us cripples aren’t allowed to comment there (physical ability test) so I reply here:

It’s pretty obvious that they have probably done both, isn’t it?

This way, they’re verifying each other. Politicians probably trust neither civilians or spies completely and that makes it worth paying twice for this.

Unlike lots of things that they seem to want not to pay for at all…

Syndicated 2015-06-11 03:49:00 from Software Cooperative News » mjr

9 Jun 2015 dorward   » (Journeyer)

Windows touched my file permissions

A Windows system made a commit to a branch and then I had to merge it. There were +xs everywhere, and guess who got to clean them up?

Perl to the rescue!

    bzr diff | grep properties\ changed | perl -pe”\$_ =~ s/^.*?’//; \$_ =~ s/’.*\$//; \$_ =~ s/ /\\\\ /g” | xargs chmod -x


Syndicated 2015-06-09 16:13:10 from Dorward's Ramblings

8 Jun 2015 caolan   » (Master)

impress, format, character, font-effects, Capitals

Added All-Caps character effects to impress/draw (for 5-1 onwards).

Syndicated 2015-06-08 16:12:00 (Updated 2015-06-08 16:12:31) from Caolán McNamara

8 Jun 2015 hypatia   » (Journeyer)

Monday 8 June 2015

Moving house is an exercise in unlearned helplessness and assumptions. For example: evening, an Esky sitting on our kitchen bench, having transported some of the intermediately perishable contents of the fridge. I asked Andrew if he’d unpacked it. He gave me a strange look and pointed out that he had been sick all day. But, but said my hindbrain… unpacking the Esky is… an Andrew job? The kind of thing that Andrew thinks to do? I’d thought of purchasing the thing, then bought it, then brought it home to be packed. Once I’ve provided the tools, apparently the execution is mentally filed under “Andrew”. Oops.

Likewise, after a week I finally gave up on hoping that I’d be coincidentally in the kitchen while he ran the dishwasher and thus able to show me how to, and went and searched for a manual for it. (And then went upstairs to confirm my understanding of it with him. It’s one of those “drawer” models which is actually two small dishwashers, very clever and very unnecessary for a household with four people in it, and as I suspected, wasteful. There’s no mode in which it becomes one dishwasher.)

We were both sick during the move. Mildly in terms of duration, but severely in terms of utility. It’s a rare illness when I have to take both panadol and ibuprofen to stop the pain and that was a bit terrifying when it was happening the night before the truck was to arrive. Luckily by the next morning, I was up to “walking around like a ghost” capacity. No doubt this looked delightful to the people carrying our stuff down and upstairs: the woman who needed to rest after watching them for too long. But my knowledge helped Andrew get through that night when it was his turn, cutting straight to panadol and codeine. Then he was sick enough the next day (Saturday 30th) that he spent the day being screened for contagious illness, which had negative results and bought him a good lie down, but on the minus side, no Esky unpacking happened.

The stress of the whole thing seems to have caused V to regress a few years and behave like a three year old all week, including a lengthy howling tantrum this Saturday. So that’s been tedious. Who knows, maybe I’ve shed a few years behaviorally too, it’s just harder to tell. At least A isn’t acting like a zygote. (Hard to find, makes me nauseous.) We’re continuing with V’s lifelong trend that he’s always happier outside the house. Which admittedly means that living in inner Sydney doesn’t suit him so well but it does give us all an excuse to get out of the house every day. Today we took him into Darling Harbour to go to Madame Tussauds and Wild Life Sydney while we still have an annual pass, and at the end of the trip he even thanked us and talked enthusiastically about what a fun day it had been. So not all the way three then.

Syndicated 2015-06-08 06:47:16 from

8 Jun 2015 hacker   » (Master)

2015 Tour de France Stages Mapped and Ready

I recently noticed that not a lot of people have mapped the 2015 Tour de France yet, as it’s still pretty early. But I decided to start putting the routes together, road by road, turn by turn, lane change by lane change, as close to accurate as I could find them. I’ll continue to update […]

No related posts.

Syndicated 2015-06-08 02:19:35 from random neuron misfires

7 Jun 2015 marnanel   » (Journeyer)

getting to church early

This morning I'd set the alarm assuming Kit was coming with me to church, but she was soundly asleep-- we'd stayed up to watch the Nebula awards in Chicago last night (because a friend was a nominee and another friend was speaking).

So I got to church uncharacteristically early, and there I discovered I'd been elected a sidesperson in absentia at the parish meeting a fortnight ago. (I had to miss the meeting, and I forgot I'd put my name down as a possible candidate.) Not only that, but today was my first day on the rota, and I had no idea what I was doing. But if there was one day I should have got there early, it was today!

This entry was originally posted at Please comment there using OpenID.

Syndicated 2015-06-07 16:27:55 from Monument

7 Jun 2015 dmarti   » (Master)

Team Targeting, Team Signal

Academics tend to put the conversation about the targeted advertising problem in terms of companies on one side, and users on the other. A good recent example is Turow et al:

New Annenberg survey results indicate that marketers are misrepresenting a large majority of Americans by claiming that Americans give out information about themselves as a tradeoff for benefits they receive. To the contrary, the survey reveals most Americans do not believe that ‘data for discounts’ is a square deal.


Our findings, instead, support a new explanation: a majority of Americans are resigned to giving up their data—and that is why many appear to be engaging in tradeoffs.

From that point of view, the privacy paradox has an almost-too-easy answer: privacy is hard. Most users aren't seeking privacy, for the same reason that they're not training for the World Series of Poker. They would prefer winning a large poker game to not winning, but they rationally expect that unless they get really good, poker playing will result in a net loss of time and money.

But the academic model that puts all businesses opposite all users is probably an oversimplification. Advertisers, agencies, publishers, and intermediaries all have different and competing interests. Businesses are not all on the same side.

In most cases, brand advertisers, high-reputation publishers, and users have a shared interest in signaling that tends to put them into an adversarial relationship with the surveillance marketing complex. The kinds of media that are good for direct response and behavioral techniques are terrible for signaling, and vice versa.

The natural dividing line is not between users and companies, but between Team Signal and Team Targeting. Team Signal includes users, legit publishers, and reputable brands—everyone who wins from honest signaling. Team Targeting is mostly adtech intermediaries, fraud hackers, low-reputation sites, and low-quality brands.

For the business members of Team Signal, the privacy poker game has a positive expected value. Which is why independent web sites can benefit by helping their users get started with tracking protection. Users, resigned or not, are not alone.

What about the agencies?

Required reading if you're into this stuff: Pitch Mania by Brian Jacobs.

Agency managers have been quick to herald this flood of pitches as proof positive that advertisers have finally recognised what they (the agencies) have been preaching for years. Their future-gazing is they say finally coming to pass. This they contend is the dawn of a new model, based around integration, joined-up thinking, big data analytics and the rest.

Are large advertisers really just looking to switch between brands of adtech/adfraud as usual? Or will an agency that wants to keep the prospective clients awake (instead of boring them with the same Big Data woo-woo as all the other agencies) do better with a tracking protection component to its pitch?

Syndicated 2015-06-06 15:48:16 from Don Marti

6 Jun 2015 louie   » (Master)

What tools are changing our world next?

Quick brain dump after a bike ride home: free software took a huge leap in the late 90s and early 00s in large part because of non-ideological advantages that the rest of the world is now competing with or surpassing:

HDR automatically created from old pictures of Muir Woods by Google Photos.
HDR automatically created by Google Photos from my old pictures of Muir Woods. Not perfect, but better than I ever bothered to do!
  • Collaboration tools: Because we got to the ‘net first, our tools for collaborating with each other were simply better than what proprietary developers were doing: cvs, mailman, wiki, etc., were all better than the silo’d old-school tools. Modern best-of-breed collaboration tools have all learned from what we did and added proprietary sauce on top: github, slack, Google Docs, etc. So our tools that are now (at best) as productive as our proprietary counterparts, and sometimes less productive but ideologically agreeable.
  • Release processes: “Release early/release often” made us better partners for our users. We’re now actively behind here: compare how often a mobile app or web user gets updates, exactly as the author intended, relative to a user of a modern Linux distro.
  • Zero cost: We did things for no (direct) cost by subsidizing our work through college, startups, or consulting gigs; now everyone has a subsidize-by-selling-something-else model (usually advertising, though sometimes freemium). Again, advantage (mostly?) lost.
  • Knowing our users: We knew a lot about our users, because we were our biggest users, and we talked to other users a lot; this was more effective than what passed for software design in the late 90s. This has been eclipsed by extensive a/b testing throughout the industry, and (to a lesser extent) by more extensive usage of direct user testing and design-thinking.

None of these are terribly original observations – all of these have been remarked on before. But after playing some with Google Photos this weekend, I’m ready to add another one to the list:

Worth asking what your project is doing that could be radically changed if your competitors get access to new technology. For example, for Wikipedia:

  • Collaborating: Wiki was best-of-breed (or close); it isn’t anymore. Visual Editor helps get editing back to par, but the social aspect of collaboration is still lacking relative to the expectations of many users.
  • Knowledge creation: big groups of humans, working together wiki-style, is the state of the art for creating useful, non-BS knowledge at scale. With the aforementioned machine learning, I suspect this will no longer the case in a (growing) number of domains.

I’m sure there are others…

Syndicated 2015-06-06 15:00:06 from Luis Villa » Blog

5 Jun 2015 bagder   » (Master)

I lead the curl project and this is how it works

I did this 50 minute talk on May 21 2015 for a Swedish company. With tongue in cheek subtitled “from hobby to world domination”. I think it turned out pretty decent and covers what the project is, how we work on it and what I do to make it run. Some of the questions are not easy to hear but in general it works out fine. Enjoy!