Recent blog entries

3 May 2016 sye   » (Journeyer)

In preparation of submission to Epiphany online magazine of NYC.

This poem is dedicated to Hopewell Sports and Family Medicine Dr. James Vandenburg, Kenneth Daniels, O.D and Dr. Darma Ie with Delaware Valley Retina Associates. I am forever grateful for their prognosis and subsequent surgical and other continued professional care to restore vision loss due to Macula Off Retinal Detachment in mad march of 2016. I am also encouraged by the liking of it from a good friend of mine, Prof. Mark Burgess from Oslo, himself a great scientific writer and practitioner of his unique 'promise' theory.

I am a long time resident in West Trenton, New Jersey, with my husband Eric and our two sons. We attend St. Andrew's Episcopal Church in Yardley, Pennsylvania.

Eye Witness

Fortnights ago, my right eye turned evil.
It splits the world in half:
one side clear, the other misguided.

Naturally, i was puzzled but went on, as if
my world is unchanged.
Then my educated mind caught up,
'one must check with professionals, for
such radical change on point of view'

It was exactly 7 days
before Good Friday,
my right eye was put on trial.

Three doctors examined it
with great interests and gladness.
Each one alerted the next
to engage in its urgent care.

Monday came and the vitrectomy was delivered
to posterio chamber where macular must suffer
a total change of its atomsphere

So that the heart of matter
shall remain rightfully restored
and reflected in my due time.

After the execution with laser sharpness,
three nights and three days,
my head is ordered to be
in a certain spot for the promise
of good vision to return to me.

On the Good Friday, as if
unplanned and perchance,
I stumbled on some words divine
by a newly acquintainted poet
Theodore Roethke to my trouble at hand.

'Night Crow'
When I saw that clumsy crow
flap from a wasted tree,
a shape in the mind rose up:
over gulfs of dream
flew a tremendous bird
Further and further away
Into a moonless black
deep in the brain, far back.

Back to my troubled common sense
Watch out people, I've got an evil eye now
for better or for worse

Of future tense in all words, still
alive in the blind spot of eye witness
from another time or another place.

At wit's end, a world of blind faces
staring into bone cold abyss
as legend has it.

That beside the envy of night crow
a song bird rises, out of white ashes
Fear not, the end of all creations.




Tension in contextualized translation...from English to Chinese, wor(l)ds apart... ? - ResearchGate. Available from: https://www.researchgate.net/post/Tension_in_contextualized_translationfrom_English_to_Chinese_worlds_apart [accessed May 3, 2016].

3 May 2016 glyph   » (Master)

Letters To The Editor: Re: Email

Since I removed comments from this blog, I’ve been asking y’all to email me when you have feedback, with the promise that I’d publish the good bits. Today I’m making good on that for the first time, with this lovely missive from Adam Doherty:


I just wanted to say thank you. As someone who is never able to say no, your article on email struck a chord with me. I have had Gmail since the beginning, since the days of hoping for an invitation. And the day I received my invitation was the the last day my inbox was ever empty.

Prior to reading your article I had over 40,000 unread messages. It used to be a sort of running joke; I never delete anything. Realistically though was I ever going to do anything with them?

With 40,000 unread messages in your inbox, you start to miss messages that are actually important. Messages that must become tasks, tasks that must be completed.

Last night I took your advice; and that is saying something - most of the things I read via HN are just noise. This however spoke to me directly.

I archived everything older than two weeks, was down to 477 messages and kept pruning. So much of the email we get on a daily basis is also noise. Those messages took me half a second to hit archive and move on.

I went to bed with zero messages in my inbox, woke up with 21, archived 19, actioned 2 and then archived those.

Seriously, thank you so very much. I am unburdened.


First, I’d like to thank Adam for writing in. I really do appreciate the feedback.

Second, I wanted to post this here not in service of showcasing my awesomeness1, but rather to demonstrate that getting to the bottom of your email can have a profound effect on your state of mind. Even if it’s a running joke, even if you don’t think it’s stressing you out, there’s a good chance that, somewhere in the back of your mind, it is. After all, if you really don’t care, what’s stopping you from hitting select all / archive right now?

At the very least, if you did that, your mail app would load faster.


  1. although, let there be no doubt, I am awesome 

Syndicated 2016-05-03 06:06:00 from Deciphering Glyph

3 May 2016 marnanel   » (Journeyer)

Alexander and the wise, resourceful, no-fool philosophers

[Alexander the Great is questioning some Indian philosophers, and has threatened to execute anyone who gives a wrong answer]

• The first one... being asked which, in his opinion, were more numerous, the living or the dead, said that the living were, since the dead no longer existed.
• The second, being asked whether the earth or the sea produced larger animals, said the earth did, since the sea was but a part of the earth.
• The third, being asked what animal was the most cunning, said: "That which up to this time man has not discovered."
• The fourth, when asked why he had induced Sabbas to revolt, replied: "Because I wished him either to live nobly or to die nobly."
• The fifth, being asked which, in his opinion, was older, day or night, replied: "Day, by one day"; and he added, upon the king expressing amazement, that hard questions must have hard answers.
• Passing on, then, to the sixth, Alexander asked how a man could be most loved; "If," said the philosopher, "he is most powerful, and yet does not inspire fear."
• Of the three remaining, he who was asked how one might become a god instead of man, replied: "By doing something which a man cannot do";
• the one who was asked which was the stronger, life or death, answered: "Life, since it supports so many ills."
• and the last, asked how long it were well for a man to live, answered: "Until he does not regard death as better than life."

-- Plutarch, "Lives", late 1st century

This entry was originally posted at http://marnanel.dreamwidth.org/367027.html. Please comment there using OpenID.

Syndicated 2016-05-02 23:21:15 from Monument

1 May 2016 dmarti   » (Master)

George F. Will

I think I understand what George F. Will is going through right now.

I wish I didn't.

Once, I thought I was writing for an audience of people with a principled committment to a free economy and an aversion to centrally planned decision making..

I thought I was writing for readers who wanted to restore civilized norms.

I didn't think they just wanted an oversized angry personality who would violate those norms, but take on the establishment.

I didn't think that the readers would want to go for easy answers and bling over hard work and building a movement.

I was wrong.

The desktop Linux audience, which I thought was out there, went the same way as George F. Will's principled conservative audience.

I want the desktop Linux users back, and I want George F. Will to get his principled conservatives back. But maybe people were never who we thought they were to begin with.

Syndicated 2016-05-01 12:51:53 from Don Marti

27 Apr 2016 philiph   » (Journeyer)

27 Apr 2016 benad   » (Apprentice)

The Static Blog

A quick note to mention that I added The Static Blog to my main web site, discussing the relocation of the blog you’re reading right now to this site.

Syndicated 2016-04-27 01:11:57 from Benad's Blog

26 Apr 2016 MichaelCrawford   » (Master)

Madness

In December I realized that I was badly depressed, so I asked my psychiatrist to prescribe imipramine. As a very old antidepressant, it is not commonly used anymore, but my experience is that it works well for me.

I haven't been able to find work so what little money I get, I earn by singing on the street for tips. I had a setback when I got bronchitis, and could not raise the money for bus fare to get to my pharmacy. That led to my getting depressed again.

I went to the emergency room, they set me up with one dose and a bus ticket. Now I'm back on track. For quite a long time, I would get into these really foul states of mind. Now it has been two or three weeks since the last time that happened.

I can tell that I'm still somewhat depressed but in general life is a lot better. Antidepressants are always slow to take effect. One has to establish new patterns in one's life.

25 Apr 2016 wainstead   » (Master)

"Going forward, the only languages projected to see more use among front-end, back-end and IoT developers are JavaScript, naturally, followed by Go, Python and C++, which will see the most future use among IoT developers."

Node.js Survey: Enterprise Inroads, New Meaning for 'Full Stack' Developers

25 Apr 2016 mones   » (Journeyer)

Maximum number of clients reached Error: Can't open display: :0

Today it happened again: you try to open some program and nothing happens. Go to an open terminal, try again and it answers with the above message. Other days I used to reboot the session, but that's something I don't really think should be necessary.

First thought about X gone mad, but this one seems pretty well behaved:

$ lsof -p `pidof Xorg` | wc -l
5

Then noticed I had a long running chromium process (a jQuery page monitoring a remote service) so tried this one as well:

$ for a in `pidof chromium`; do echo "$a "`lsof -p $a | wc -l`; done
27914 5
26462 5
25350 5
24693 5
23378 5
22723 5
22165 5
21476 222
21474 1176
21443 5
21441 204
21435 546
11644 5
11626 5
11587 5
11461 5
11361 5
9833 5
9726 5

Wow, I'd bet you can guess next command ;-)

$ kill -9 21435 21441 21474 21476

This of course wiped out all chromium processes, but also fixed the problem. Suggestions for selective chromium killing welcome! But I'd better like to know why those files are not properly closed. Just relaunching chromium to write this post yields:

$ for a in `pidof chromium`; do echo "$a "`lsof -p $a | wc -l`; done
11919 5
11848 222
11841 432
11815 5
11813 204
11807 398

Which looks a bit exaggerated to me :-(

Syndicated 2016-04-25 08:20:38 from Ricardo Mones

25 Apr 2016 glyph   » (Master)

Email Isn’t The Thing You’re Bad At

I’ve been using the Internet for a good 25 years now, and I’ve been lucky enough to have some perspective dating back farther than that. The common refrain for my entire tenure here:

We all get too much email.

A New, New, New, New Hope

Luckily, something is always on the cusp of replacing email. AOL instant messenger will totally replace it. Then it was blogging. RSS. MySpace. Then it was FriendFeed. Then Twitter. Then Facebook.

Today, it’s in vogue to talk about how Slack is going to replace email. As someone who has seen this play out a dozen times now, let me give you a little spoiler:

Slack is not going to replace email.

But Slack isn’t the problem here, either. It’s just another communication tool.

The problem of email overload is both ancient and persistent. If the problem were really with “email”, then, presumably, one of the nine million email apps that dot the app-stores like mushrooms sprouting from a globe-spanning mycelium would have just solved it by now, and we could all move on with our lives. Instead, it is permanently in vogue1 to talk about how overloaded we all are.

If not email, then what?

If you have twenty-four thousand unread emails in your Inbox, like some kind of goddamn animal, what you’re bad at is not email, it’s transactional interactions.

Different communication media have different characteristics, but the defining characteristic of email is that it is the primary mode of communication that we use, both professionally and personally, when we are asking someone else to perform a task.

Of course you might use any form of communication to communicate tasks to another person. But other forms - especially the currently popular real-time methods - appear as a bi-directional communication, and are largely immutable. Email’s distinguishing characteristic is that it is discrete; each message is its own entity with its own ID. Emails may also be annotated, whether with flags, replied-to markers, labels, placement in folders, archiving, or deleting. Contrast this with a group chat in IRC, iMessage, or Slack, where the log is mostly2 unchangeable, and the only available annotation is “did your scrollbar ever move down past this point”; each individual message has only one bit of associated information. Unless you have catlike reflexes and an unbelievably obsessive-compulsive personality, it is highly unlikely that you will carefully set the “read” flag on each and every message in an extended conversation.

All this makes email much more suitable for communicating a task, because the recipient can file it according to their system for tracking tasks, come back to it later, and generally treat the message itself as an artifact. By contrast if I were to just walk up to you on the street and say “hey can you do this for me”, you will almost certainly just forget.

The word “task” might seem heavy-weight for some of the things that email is used for, but tasks come in all sizes. One task might be “click this link to confirm your sign-up on this website”. Another might be “choose a time to get together for coffee”. Or “please pass along my resume to your hiring department”. Yet another might be “send me the final draft of the Henderson report”.

Email is also used for conveying information: here are the minutes from that meeting we were just in. Here is transcription of the whiteboard from that design session. Here are some photos from our family vacation. But even in these cases, a task is implied: read these minutes and see if they’re accurate; inspect this diagram and use it to inform your design; look at these photos and just enjoy them.

So here’s the thing that you’re bad at, which is why none of the fifty different email apps you’ve bought for your phone have fixed the problem: when you get these messages, you aren’t making a conscious decision about:

  1. how important the message is to you
  2. whether you want to act on them at all
  3. when you want to act on them
  4. what exact action you want to take
  5. what the consequences of taking or not taking that action will be

This means that when someone asks you to do a thing, you probably aren’t going to do it. You’re going to pretend to commit to it, and then you’re going to flake out when push comes to shove. You’re going to keep context-switching until all the deadlines have passed.

In other words:

The thing you are bad at is saying ‘no’ to people.

Sometimes it’s not obvious that what you’re doing is saying ‘no’. For many of us — and I certainly fall into this category — a lot of the messages we get are vaguely informational. They’re from random project mailing lists, perhaps they’re discussions between other people, and it’s unclear what we should do about them (or if we should do anything at all). We hang on to them (piling up in our Inboxes) because they might be relevant in the future. I am not advocating that you have to reply to every dumb mailing list email with a 5-part action plan and a Scrum meeting invite: that would be a disaster. You don’t have time for that. You really shouldn’t have time for that.

The trick about getting to Inbox Zero3 is not in somehow becoming an email-reading machine, but in realizing that most email is worthless, and that’s OK. If you’re not going to do anything with it, just archive it and forget about it. If you’re subscribed to a mailing list where only 1 out of 1000 messages actually represents something you should do about it, archive all the rest after only answering the question “is this the one I should do something about?”. You can answer that question after just glancing at the subject; there are times when checking my email I will be hitting “archive” with a 1-second frequency. If you are on a list where zero messages are ever interesting enough to read in their entirety or do anything about, then of course you should unsubscribe.

Once you’ve dug yourself into a hole with thousands of “I don’t know what I should do with this” messages, it’s time to declare email bankruptcy. If you have 24,000 messages in your Inbox, let me be real with you: you are never, ever going to answer all those messages. You do not need a smartwatch to tell you exactly how many messages you are never going to reply to.

We’re In This Together, Me Especially

A lot of guidance about what to do with your email addresses email overload as a personal problem. Over the years of developing my tips and tricks for dealing with it, I certainly saw it that way. But lately, I’m starting to see that it has pernicious social effects.

If you have 24,000 messages in your Inbox, that means you aren’t keeping track or setting priorities on which tasks you want to complete. But just because you’re not setting those priorities, that doesn’t mean nobody is. It means you are letting availability heuristic - whatever is “latest and loudest” - govern access to your attention, and therefore your time. By doing this, you are rewarding people (or #brands) who contact you repeatedly, over inappropriate channels, and generally try to flood your attention with their priorities instead of your own. This, in turn, creates a culture where it is considered reasonable and appropriate to assume that you need to do that in order to get someone’s attention.

Since we live in the era of subtext and implication, I should explicitly say that I’m not describing any specific work environment or community. I used to have an email startup, and so I thought about this stuff very heavily for almost a decade. I have seen email habits at dozens of companies, and I help people in the open source community with their email on a regular basis. So I’m not throwing shade: almost everybody is terrible at this.

And that is the one way that email, in the sense of the tools and programs we use to process it, is at fault: technology has made it easier and easier to ask people to do more and more things, without giving us better tools or training to deal with the increasingly huge array of demands on our time. It’s easier than ever to say “hey could you do this for me” and harder than ever to just say “no, too busy”.

Mostly, though, I want you to know that this isn’t just about you any more. It’s about someone much more important than you: me. I’m tired of sending reply after reply to people asking to “just circle back” or asking if I’ve seen their email. Yes, I’ve seen your email. I have a long backlog of tasks, and, like anyone, I have trouble managing them and getting them all done4, and I frequently have to decide that certain things are just not important enough to do. Sometimes it takes me a couple of weeks to get to a message. Sometimes I never do. But, it’s impossible to be mad at somebody for “just checking in” for the fourth time when this is probably the only possible way they ever manage to get anyone else to do anything.

I don’t want to end on a downer here, though. And I don’t have a book to sell you which will solve all your productivity problems. I know that if I lay out some incredibly elaborate system all at once, it’ll seem overwhelming. I know that if I point you at some amazing gadget that helps you keep track of what you want to do, you’ll either balk at the price or get lost fiddling with all its knobs and buttons and not getting a lot of benefit out of it. So if I’m describing a problem that you have here, here’s what I want you to do.

Step zero is setting aside some time. This will probably take you a few hours, but trust me; they will be well-spent.

Email Bankruptcy

First, you need to declare email bankruptcy. Select every message in your Inbox older than 2 weeks. Archive them all, right now. In the past, you might have to worry about deleting those messages, but modern email systems pretty much universally have more storage than you’ll ever need. So rest assured that if you actually need to do anything with these messages, they’ll all be in your archive. But anything in your Inbox right now older than a couple of weeks is just never going to get dealt with, and it’s time to accept that fact. Again, this part of the process is not about making a decision yet, it’s just about accepting a reality.

Mailbox Three

One extra tweak I would suggest here is to get rid of all of your email folders and filters. It seems like many folks with big email problems have tried to address this by ever-finer-grained classification of messages, ever more byzantine email rules. At least, it’s common for me, when looking over someone’s shoulder to see 24,000 messages, it’s common to also see 50 folders. Probably these aren’t helping you very much.

In older email systems, it was necessary to construct elaborate header-based filtering systems so that you can later identify those messages in certain specific ways, like “message X went to this mailing list”. However, this was an incomplete hack, a workaround for a missing feature. Almost all modern email clients (and if yours doesn’t do this, switch) allow you to locate messages like this via search.

Your mail system ought to have 3 folders:

  1. Inbox, which you process to discover tasks,
  2. Drafts, which you use to save progress on replies, and
  3. Archive, the folder which you access only by searching for information you need when performing a task.

Getting rid of unnecessary folders and queries and filter rules will remove things that you can fiddle with.

Moving individual units of trash between different heaps of trash is not being productive, and by removing all the different folders you can shuffle your messages into before actually acting upon them you will make better use of your time spent looking at your email client.

There’s one exception to this rule, which is filters that do nothing but cause a message to skip your Inbox and go straight to the archive. The reason that this type of filter is different is that there are certain sources or patterns of message which are not actionable, but rather, a useful source of reference material that is only available as a stream of emails. Messages like that should, indeed, not show up in your Inbox. But, there’s no reason to file them into a specific folder or set of folders; you can always find them with a search.

Make A Place For Tasks

Next, you need to get a task list. Your email is not a task list; tasks are things that you decided you’re going to do, not things that other people have asked you to do5. Critically, you are going to need to parse e-mails into tasks. To explain why, let’s have a little arithmetic aside.

Let’s say it only takes you 45 seconds to go from reading a message to deciding what it really means you should do; so, it only takes 20 seconds to go from looking at the message to remembering what you need to do about it. This means that by the time you get to 180 un-processed messages that you need to do something about in your Inbox, you’ll be spending an hour a day doing nothing but remembering what those messages mean, before you do anything related to actually living your life, even including checking for new messages.

What should you use for the task list? On some level, this doesn’t really matter. It only needs one really important property: you need to trust that if you put something onto it, you’ll see it at the appropriate time. How exactly that works depends heavily on your own personal relationship with your computers and devices; it might just be a physical piece of paper. But for most of us living in a multi-device world, something that synchronizes to some kind of cloud service is important, so Wunderlist or Remember the Milk are good places to start, with free accounts.

Turn Messages Into Tasks

The next step - and this is really the first day of the rest of your life - start at the oldest message in your Inbox, and work forward in time. Look at only one message at a time. Decide whether this message is a meaningful task that you should accomplish.

If you decide a message represents a task, then make a new task on your task list. Decide what the task actually is, and describe it in words; don’t create tasks like “answer this message”. Why do you need to answer it? Do you need to gather any information first?

If you need to access information from the message in order to accomplish the task, then be sure to note in your task how to get back to the email. Depending on what your mail client is, it may be easier or harder to do this6, but in the worst case, following the guidelines above about eliminating unnecessary folders and filing in your email client, just put a hint into your task list about how to search for the message in question unambiguously.

Once you’ve done that:

Archive the message immediately.

The record that you need to do something about the message now lives in your task list, not your email client. You’ve processed it, and so it should no longer remain in your inbox.

If you decide a message doesn’t represent a task, then:

Archive the message immediately.

Do not move on to the next message until you have archived this message. Do not look ahead7. The presence of a message in your Inbox means you need to make a decision about it. Follow the touch-move rule with your email. If you skip over messages habitually and decide you’ll “just get back to it in a minute”, that minute will turn into 4 months and you’ll be right back where you were before.

Circling back to the subject of this post; once again, this isn’t really specific to email. You should follow roughly the same workflow when someone asks you to do a task in a meeting, or in Slack, or on your Discourse board, or wherever, if you think that the task is actually important enough to do. Note the slack timestamp and a snippet of the message so you can search for it again, if there is a relevant attachment. The thing that makes email different is really just the presence of an email box.

Banish The Blue Dot

Almost all email clients have a way of tracking “unread” messages; they cheerfully display counters of them. Ignore this information; it is useless. Messages have two states: in your inbox (unprocessed) and in your archive (processed). “Read” vs. “Unread” can be, at best, of minimal utility when resuming an interrupted scanning session. But, you are always only ever looking at the oldest message first, right? So none of the messages below it should be unread anyway...

Be Ruthless

As you try to start translating your flood of inbound communications into an actionable set of tasks you can actually accomplish, you are going to notice that your task list is going to grow and grow just as your Inbox was before. This is the hardest step:

Decide you are not going to do those tasks, and simply delete them. Sometimes, a task’s entire life-cycle is to be created from an email, exist for ten minutes, and then have you come back to look at it and then delete it. This might feel pointless, but in going through that process, you are learning something extremely valuable: you are learning what sorts of things are not actually important enough to do you do.

If every single message you get from some automated system provokes this kind of reaction, that will give you a clue that said system is wasting your time, and just making you feel anxious about work you’re never really going to get to, which can then lead to you un-subscribing or filtering messages from that system.

Tasks Before Messages

To thine own self, not thy Inbox, be true.

Try to start your day by looking at the things you’ve consciously decided to do. Don’t look at your email, don’t look at Slack; look at your calendar, and look at your task list.

One of those tasks, probably, is a daily reminder to “check your email”, but that reminder is there more to remind you to only do it once than to prevent you from forgetting.

I say “try” because this part is always going to be a challenge; while I mentioned earlier that you don’t want to unthinkingly give in to availability heuristic, you also have to acknowledge that the reason it’s called a “cognitive bias” is because it’s part of human cognition. There will always be a constant anxious temptation to just check for new stuff; for those of us who have a predisposition towards excessive scanning behavior have it more than others.

Why Email?

We all need to make commitments in our daily lives. We need to do things for other people. And when we make a commitment, we want to be telling the truth. I want you to try to do all these things so you can be better at that. It’s impossible to truthfully make a commitment to spend some time to perform some task in the future if, realistically, you know that all your time in the future will be consumed by whatever the top 3 highest-priority angry voicemails you have on that day are.

Email is a challenging social problem, but I am tired of email, especially the user interface of email applications, getting the blame for what is, at its heart, a problem of interpersonal relations. It’s like noticing that you get a lot of bills through the mail, and then blaming the state of your finances on the colors of the paint in your apartment building’s mail room. Of course, the UI of an email app can encourage good or bad habits, but Gmail gave us a prominent “Archive” button a decade ago, and we still have all the same terrible habits that were plaguing Outlook users in the 90s.

Of course, there’s a lot more to “productivity” than just making a list of the things you’re going to do. Some tools can really help you manage that list a lot better. But all they can help you to do is to stop working on the wrong things, and start working on the right ones. Actually being more productive, in the sense of getting more units of work out of a day, is something you get from keeping yourself healthy, happy, and well-rested, not from an email filing system.

You can’t violate causality to put more hours into the day, and as a frail and finite human being, there’s only so much work you can reasonably squeeze in before you die.

The reason I care a lot about salvaging email specifically is that it remains the best medium for communication that allows you to be in control of your own time, and by extension, the best medium for allowing people to do creative work.

Asking someone to do something via SMS doesn’t scale; if you have hundreds of unread texts there’s no way to put them in order, no way to classify them as “finished” and “not finished”, so you need to keep it to the number of things you can fit in short term memory. Not to mention the fact that text messaging is almost by definition an interruption - by default, it causes a device in someone’s pocket to buzz. Asking someone to do something in group chat, such as IRC or Slack, is similarly time-dependent; if they are around, it becomes an interruption, and if they’re not around, you have to keep asking and asking over and over again, which makes it really inefficient for the asker (or the asker can use a @highlight, and assume that Slack will send the recipient, guess what, an email).

Social media often comes up as another possible replacement for email, but its sort order is even worse than “only the most recent and most frequently repeated”. Messages are instead sorted by value to advertisers or likeliness to increase ‘engagement’”, i.e. most likely to keep you looking at this social media site rather than doing any real work.

For those of us who require long stretches of uninterrupted time to produce something good – “creatives”, or whatever today’s awkward buzzword for intersection of writers, programmers, graphic designers, illustrators, and so on, is – we need an inbound task queue that we can have some level of control over. Something that we can check at a time of our choosing, something that we can apply filtering to in order to protect access to our attention, something that maintains the chain of request/reply for reference when we have to pick up a thread we’ve had to let go of for a while. Some way to be in touch with our customers, our users, and our fans, without being constantly interrupted. Because if we don’t give those who need to communicate with such a tool, they’ll just blast @everyone messages into our slack channels and @mentions onto Twitter and texting us Hey, got a minute? until we have to quit everything to try and get some work done.

Questions about this post?

Go ahead and send me an email.


Acknowledgements

As always, any errors or bad ideas are certainly my own.

First of all, Merlin Mann, whose writing and podcasting were the inspiration, direct or indirect, for many of my thoughts on this subject; and who sets a good example because he won’t answer your email.

Thanks also to David Reid for introducing me to Merlin's work, as well as Alex Gaynor, Tristan Seligmann, Donald Stufft, Cory Benfield, Piët Delport, Amber Brown, and Ashwini Oruganti for feedback on drafts.


  1. Email is so culturally pervasive that it is literally in Vogue, although in fairness this is not a reference to the overflowing-Inbox problem that I’m discussing here. 

  2. I find the “edit” function in Slack maddening; although I appreciate why it was added, it’s easy to retroactively completely change the meaning of an entire conversation in ways that make it very confusing for those reading later. You don’t even have to do this intentionally; sometimes you make a legitimate mistake, like forgetting the word “not”, and the next 5 or 6 messages are about resolving that confusion; then, you go back and edit, and it looks like your colleagues correcting you are a pedantic version of Mr. Magoo, unable to see that you were correct the first time. 

  3. There, I said it. Are you happy now? 

  4. Just to clarify: nothing in this post should be construed as me berating you for not getting more work done, or for ever failing to meet any commitment no matter how casual. Quite the opposite: what I’m saying you need to do is acknowledge that you’re going to screw up and rather than hold a thousand emails in your inbox in the vain hope that you won’t, just send a quick apology and move on. 

  5. Maybe you decided to do the thing because your boss asked you to do it and failing to do it would cost you your job, but nevertheless, that is a conscious decision that you are making; not everybody gets to have “boss” priority, and unless your job is a true Orwellian nightmare, not everything your boss says in email is an instant career-ending catastrophe. 

  6. In Gmail, you can usually just copy a link to the message itself. If you’re using OS X’s Mail.app, you can use this Python script to generate links that, when clicked, will open the Mail app:

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    from __future__ import (print_function, unicode_literals,
                            absolute_import, division)
    
    from ScriptingBridge import SBApplication
    import urllib
    
    mail = SBApplication.applicationWithBundleIdentifier_("com.apple.mail")
    
    for viewer in mail.messageViewers():
        for message in viewer.selectedMessages():
            for header in message.headers():
                name = header.name()
                if name.lower() == "message-id":
                    content = header.content()
                    print("message:" + urllib.quote(content))
    

    You can then paste these links into just about any task tracker; if they don’t become clickable, you can paste them into Safari’s URL bar or pass them to the open command-line tool. 

  7. The one exception here is that you can look ahead in the same thread to see if someone has already replied. 

Syndicated 2016-04-24 23:54:00 from Deciphering Glyph

23 Apr 2016 mikal   » (Journeyer)

High Output Management




ISBN: 9780679762881
LibraryThing
A reading group of managers at work has been reading this book, except for the last chapter which we were left to read by ourselves. Overall, the book is interesting and very readable. Its a little dated, being all excited with the invention of email and some unfortunate gender pronouns, but if you can get past those minor things there is a lot of wise advice here. I'm not sure I agree with 100% of it, but I do think the vast majority is of interest. A well written book that I'd recommend to new managers.

Tags for this post: book andy_gove management intel non_fiction
Related posts: Being Geek; On Cars; Why document management is good; The Man in the Rubber Mask; Perl sample source code; Cataloguing meta data against multi media formats


Comment

Syndicated 2016-04-23 01:30:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

23 Apr 2016 marnanel   » (Journeyer)

"I shall come back" by Dorothy Parker

[death]
I SHALL COME BACK
by Dorothy Parker
 
I shall come back without fanfaronade
of wailing wind and graveyard panoply;
but, trembling, slip from cool Eternity —
a mild and most bewildered little shade.
I shall not make sepulchral midnight raid,
but softly come where I had longed to be
in April twilight's unsung melody,
and I, not you, shall be the one afraid.
Strange, that from lovely dreamings of the dead
I shall come back to you, who hurt me most.
You may not feel my hand upon your head,
I'll be so new and inexpert a ghost.
Perhaps you will not know that I am near —
and that will break my ghostly heart, my dear.
 
http://i.imgur.com/dSIcrykl.jpg
 

This entry was originally posted at http://marnanel.dreamwidth.org/366517.html. Please comment there using OpenID.

Syndicated 2016-04-23 00:03:44 from Monument

22 Apr 2016 mjg59   » (Master)

Circumventing Ubuntu Snap confinement

Ubuntu 16.04 was released today, with one of the highlights being the new Snap package format. Snaps are intended to make it easier to distribute applications for Ubuntu - they include their dependencies rather than relying on the archive, they can be updated on a schedule that's separate from the distribution itself and they're confined by a strong security policy that makes it impossible for an app to steal your data.

At least, that's what Canonical assert. It's true in a sense - if you're using Snap packages on Mir (ie, Ubuntu mobile) then there's a genuine improvement in security. But if you're using X11 (ie, Ubuntu desktop) it's horribly, awfully misleading. Any Snap package you install is completely capable of copying all your private data to wherever it wants with very little difficulty.

The problem here is the X11 windowing system. X has no real concept of different levels of application trust. Any application can register to receive keystrokes from any other application. Any application can inject fake key events into the input stream. An application that is otherwise confined by strong security policies can simply type into another window. An application that has no access to any of your private data can wait until your session is idle, open an unconfined terminal and then use curl to send your data to a remote site. As long as Ubuntu desktop still uses X11, the Snap format provides you with very little meaningful security. Mir and Wayland both fix this, which is why Wayland is a prerequisite for the sandboxed xdg-app design.

I've produced a quick proof of concept of this. Grab XEvilTeddy from git, install Snapcraft (it's in 16.04), snapcraft snap, sudo snap install xevilteddy*.snap, /snap/bin/xevilteddy.xteddy . An adorable teddy bear! How cute. Now open Firefox and start typing, then check back in your terminal window. Oh no! All my secrets. Open another terminal window and give it focus. Oh no! An injected command that could instead have been a curl session that uploaded your private SSH keys to somewhere that's not going to respect your privacy.

The Snap format provides a lot of underlying technology that is a great step towards being able to protect systems against untrustworthy third-party applications, and once Ubuntu shifts to using Mir by default it'll be much better than the status quo. But right now the protections it provides are easily circumvented, and it's disingenuous to claim that it currently gives desktop users any real security.

comment count unavailable comments

Syndicated 2016-04-22 01:51:19 from Matthew Garrett

21 Apr 2016 philiph   » (Journeyer)

21 Apr 2016 mikal   » (Journeyer)

Bad Pharma




ISBN: 9780007350742
LibraryThing
Another excellent book by Ben Goldacre. In this book he argues that modern medicine is terribly corrupted by the commercial forces that act largely unchecked in the marketplace -- studies which don't make a new drug look good go missing; new drugs are compared only against placebo and not against the current best treatment; doctors are routinely bribed with travel, training and small perks. Overall I'm left feeling like things haven't improved much since this book was published, given that these behaviors still seem common.

The book does offer concrete actions that we could take to fix things, but I don't see many of these happening any time soon, which is a worrying place to be. Overall, a disturbing but important read.

Tags for this post: book ben_goldacre medicine science corruption non_fiction
Related posts: Bad Science; Sixty five roses (Cystic Fibrosis); On Cars; Being Geek; Audio from linux.conf.au 2005 continued; Lemon juice as a cure for AIDS?


Comment

Syndicated 2016-04-20 16:53:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

20 Apr 2016 gary   » (Master)

Infinity client library

This past few weeks I’ve been working on an Infinity client library. This is what GDB will use to execute notes it finds. It’s early days, but it executed its first note this morning so I thought I’d put something together so people can see what I’m doing. Here’s how to try it out:

  1. Install elfutils libelf development stuff if you don’t have it already, the tlsdump example program needs it:
    sudo yum install elfutils-libelf-devel  # Fedora, RHEL, etc...
    sudo apt-get install libelf-dev         # Debian, Ubuntu, etc...
  2. Download and build the Infinity client library and example program:
    git clone -b libi8x-0.0.1 https://github.com/gbenson/libi8x.git libi8x-0.0.1
    cd libi8x-0.0.1
    ./autogen.sh
    ./configure --enable-logging --enable-debug
    make
  3. Check the tlsdump example program built:
    bash$ ls -l examples/tlsdump
    -rwxr-xr-x. 1 gary gary 5540 Apr 20 12:52 examples/tlsdump

    Yeah, there it is! (if it’s not there go back to step 0)

  4. Build a program with notes to run the example program against:
    gcc -o tests/ifact tests/ifact.S tests/main.c
  5. Run the program you just built:
    bash$ tests/ifact &
    [2] 8301
    Hello world I'm 8301
  6. Run the libi8x tlsdump example program with the test program’s PID as it’s argument:
    $ examples/tlsdump 8301
    0! = 1
    1! = 1
    2! = 2
    3! = 6
    4! = 24
    5! = 120
    6! = 720
    7! = 5040
    8! = 40320
    9! = 362880
    10! = 3628800
    11! = 39916800
    12! = 479001600

What just happened? The executable test/ifact you built contains a single Infinity note, test::factorial(i)i, the source for which is in tests/ifact.i8. The tlsdump example located the ifact executable, loaded test::factorial(i)i from it, and ran it a few times printing the result:

  err = i8x_ctx_get_funcref (ctx, "test", "factorial", "i", "i", &fr);
  if (err != I8X_OK)
    error_i8x (ctx, err);

  err = i8x_xctx_new (ctx, 512, &xctx);
  if (err != I8X_OK)
    error_i8x (ctx, err);

  for (int i = 0; i 

To see some debug output try this:

I8X_LOG=debug examples/tlsdump PID

Also try I8X_DEBUG=true in addition to I8X_LOG=debug to trace the bytecode as it executes.

Syndicated 2016-04-20 14:21:54 from gbenson.net

20 Apr 2016 glyph   » (Master)

Far too many things can stop the BLOB

It occurs to me that the lack of a standard, well-supported, memory-efficient interface for BLOBs in multiple programming languages is one of the primary driving factors of poor scalability characteristics of open source SaaS applications.

Applications like Gitlab, Redmine, Trac, Wordpress, and so on, all need to store potentially large files (“attachments”). Frequently, they elect to store these attachments (at least by default) in a dedicated filesystem directory. This leads to a number of tricky concurrency issues, as the filesystem has different (and divorced) concurrency semantics from the backend database, and resides only on the individual API nodes, rather than in the shared namespace of the attached database.

Some databases do support writing to BLOBs like files. Postgres, SQLite, and Oracle do, although it seems MySQL lags behind in this area (although I’d love to be corrected on this front). But many higher-level API bindings for these databases don’t expose support for BLOBs in an efficient way.

Directly using the filesystem, as opposed to a backing service, breaks the “expected” scaling behavior of the front-end portion of a web application. Using an object store, like Cloud Files or S3, is a good option to achieve high scalability for public-facing applications, but they creates additional deployment complexity.

So, as both a plea to others and a note to myself: if you’re writing a database-backed application that needs to store some data, please consider making “store it in the database as BLOBs” an option. And if your particular database client library doesn’t support it, consider filing a bug.

Syndicated 2016-04-20 01:01:00 from Deciphering Glyph

18 Apr 2016 mjg59   » (Master)

One more attempt at SATA power management

Around a year ago I wrote some patches in an attempt to improve power management on Haswell and Broadwell systems by configuring Serial ATA power management appropriately. I got a couple of reports of them triggering SATA errors for some users, couldn't reproduce them myself and so didn't have a lot of confidence in them. Time passed.

I've been working on power management stuff again this week, so it seemed like a good opportunity to revisit these. I've made a few changes and pushed a couple of trees - one against master and one against 4.5.

First, these probably only have relevance to users of mobile Intel parts in the U or S range (/proc/cpuinfo will tell you - you're looking for a four-digit number that starts with 4 (Haswell), 5 (Broadwell) or 6 (Skylake) and ends with U or S), and won't do anything unless you have SATA drives (including PCI-based SATA). To test them, first disable anything like TLP that might alter your SATA link power management policy. Then check powertop - you should only be getting to PC3 at best. Build a kernel with these patches and boot it. /sys/class/scsi_host/*/link_power_management_policy should read "firmware". Check powertop and see whether you're getting into deeper PC states. Now run your system for a while and check the kernel log for any SATA errors that you didn't see before.

Let me know if you see SATA errors and are willing to help debug this, and leave a comment if you don't see any improvement in PC states.

comment count unavailable comments

Syndicated 2016-04-18 02:15:58 from Matthew Garrett

15 Apr 2016 yosch   » (Master)

Building and testing the latest SILE with complex script support

Interested in multilingual publishing with complex scripts and smart fonts? Then you should definitely check out the latest version of SILE (Simon's Improved Layout Editor).
Simon Cozens is the author and the maintainer of this very promising new publishing platform. Development happens on github: https://github.com/simoncozens/sile/.

See this sile-master.sh gist for the details of getting the various components installed and the build working. I recommend you try it with Ubuntu 16.04 (Xenial Xerus).

(There is also homebrew support for OSX users: brew install sile --HEAD ).

Once you have sile running, you should really check out fontproof, the nice new proofing class/package made by Victor Gaultney. It's a great helper to generate pages to test how your font will behave in various situations, especially with complex script features where other publishing paths do poorly.

15 Apr 2016 yosch   » (Master)

Building and testing the next-generation Scribus with complex script support

Interested in multilingual publishing with complex scripts and smart fonts? Then you should help test the latest CTL (Complex Text Layout) branch from Scribus, the libre desktop publishing app.

Various Scribus developers have worked on this over the years. Andreas Vox started the CTL project. Integrating Harfbuzz, Graphite and Raqm goes a long way towards building up capacity to tackle more complex scripts and do a better job. AFAICT the developers at HOST-Oman and Khaled Hosny have spend a lot of time and energy on this: https://github.com/HOST-Oman/scribus and the results are very promising.

See this scribus-ctl-master.sh gist for the details of getting the various components installed and the build working.
I recommend you try with Ubuntu 16.04 (Xenial Xerus), currently under freeze, because you need QT 5.5. (the codebase won't work on previous versions and you will need to install the whole QT toolchain yourself).
Please report your bugs and help make this better for everyone.

(OpenSuse users should probably look at http://download.opensuse.org/repositories/home:/ftake:/scribus:/CTL/).



15 Apr 2016 mjg59   » (Master)

David MacKay

The first time I was paid to do software development came as something of a surprise to me. I was working as a sysadmin in a computational physics research group when a friend asked me if I'd be willing to talk to her PhD supervisor. I had nothing better to do, so said yes. And that was how I started the evening having dinner with David MacKay, and ended the evening better fed, a little drunker and having agreed in principle to be paid to write free software.

I'd been hired to work on Dasher, an information-efficient text entry system. It had been developed by one of David's students as a practical demonstration of arithmetic encoding after David had realised that presenting a visualisation of an effective compression algorithm allowed you to compose text without having to enter as much information into the system. At first this was merely a neat toy, but it soon became clear that the benefits of Dasher had a great deal of overlap with good accessibility software. It required much less precision of input, it made it easy to correct mistakes (you merely had to reverse direction in order to start zooming back out of the text you had entered) and it worked with a variety of input technologies from mice to eye tracking to breathing. My job was to take this codebase and turn it into a project that would be interesting to external developers.

In the year I worked with David, we turned Dasher from a research project into a well-integrated component of Gnome, improved its support for Windows, accepted code from an external contributor who ported it to OS X (using an OpenGL canvas!) and wrote ports for a range of handheld devices. We added code that allowed Dasher to directly control the UI of other applications, making it possible for people to drive word processors without having to leave Dasher. We taught Dasher to speak. We strove to avoid the mistakes present in so many other pieces of accessibility software, such as configuration that could only be managed by an (expensive!) external consultant. And we visited Dasher users and learned how they used it and what more they needed, then went back home and did what we could to provide that.

Working on Dasher was an incredible opportunity. I was involved in the development of exciting code. I spoke on it at multiple conferences. I became part of the Gnome community. I visited the USA for the first time. I entered people's homes and taught them how to use Dasher and experienced their joy as they realised that they could now communicate up to an order of magnitude more quickly. I wrote software that had a meaningful impact on the lives of other people.

Working with David was certainly not easy. Our weekly design meetings were, charitably, intense. He had an astonishing number of ideas, and my job was to figure out how to implement them while (a) not making the application overly complicated and (b) convincing David that it still did everything he wanted. One memorable meeting involved me gradually arguing him down from wanting five new checkboxes to agreeing that there were only two combinations that actually made sense (and hence a single checkbox) - and then admitting that this was broadly equivalent to an existing UI element, so we could just change the behaviour of that slightly without adding anything. I took the opportunity to delete an additional menu item in the process.

I was already aware of the importance of free software in terms of developers, but working with David made it clear to me how important it was to users as well. A community formed around Dasher, helping us improve it and allowing us to develop support for new use cases that made the difference between someone being able to type at two words per minute and being able to manage twenty. David saw that this collaborative development would be vital to creating something bigger than his original ideas, and it succeeded in ways he couldn't have hoped for.

I spent a year in the group and then went back to biology. David went on to channel his strong feelings about social responsibility into issues such as sustainable energy, writing a freely available book on the topic. He served as chief adviser to the UK Department of Energy and Climate Change for five years. And earlier this year he was awarded a knighthood for his services to scientific outreach.

David died yesterday. It's unlikely that I'll ever come close to what he accomplished, but he provided me with much of the inspiration to try to do so anyway. The world is already a less fascinating place without him.

comment count unavailable comments

Syndicated 2016-04-15 06:26:14 from Matthew Garrett

14 Apr 2016 Killerbees   » (Journeyer)

Note to self: How to mount virtualbox shared folders RW, and enable symlinks

So these are two commands to mount shared folder in a linux host on a linux guest so that the guest has full permission in the shared folders.

This first command should be executed on the guest VM

    sudo mount -t vboxsf SHARE_NAME /MOUNT_POINT/ -o rw,users,umask=0000
    

This next command enables symlink creation and should be executed on the host.

    VBoxManage setextradata VM_NAME VBoxInternal2/SharedFoldersEnableSymlinksCreate/SHARE_NAME 1 
    

Syndicated 2016-04-14 10:19:00 (Updated 2016-04-14 10:35:29) from Danny Angus

14 Apr 2016 marnanel   » (Journeyer)

REVEALED: Corbyn's links to apple thieves

REVEALED: Corbyn"s links to apple thieves

REVEALED: Corbyn's links to apple thieves
• Caused original sin
• Family held apple shares
• Responsible for fall

Jeremy Corbyn is descended from notorious apple thieves Adam and Eve, the Telegraph can reveal.

Speaking today on condition of anonymity, a senior Labour backstabberbencher. told of his shock at the hypocrisy.

“Adam dared to question the ways of God. Clearly that was only the start, since Corbyn has now dared to question the Prime Minister's tax returns.

“And don't forget, as soon as she ate the apple, Eve learned that she was naked, and hid herself. In all the years Corbyn has been a member of Parliament, I have never seen him naked. What does he have to hide?”

At press time, God was unavailable for comment. (cont. Genesis 94)

This entry was originally posted at http://marnanel.dreamwidth.org/365879.html. Please comment there using OpenID.

Syndicated 2016-04-14 01:03:28 (Updated 2016-04-14 01:06:27) from Monument

13 Apr 2016 glyph   » (Master)

I think I’m using GitHub wrong.

I use a hodgepodge of https: and : (i.e. “ssh”) URL schemes for my local clones; sometimes I have a remote called “github” and sometimes I have one called “origin”. Sometimes I clone from a fork I made and sometimes I clone from the upstream.

I think the right way to use GitHub would instead be to always fork first, make my remote always be “origin”, and consistently name the upstream remote “upstream”. The problem with this, though, is that forks rapidly fall out of date, and I often want to automatically synchronize all the upstream branches.

Is there a script or a github option or something to synchronize a fork with upstream automatically, including all its branches and tags? I know there’s no comment field, but you can email me or reply on twitter.

Syndicated 2016-04-13 21:11:00 from Deciphering Glyph

13 Apr 2016 mjg59   » (Master)

Skylake's power management under Linux is dreadful and you shouldn't buy one until it's fixed

Linux 4.5 seems to have got Intel's Skylake platform (ie, 6th-generation Core CPUs) to the point where graphics work pretty reliably, which is great progress (4.4 tended to lose all my windows every so often, especially over suspend/resume). I'm even running Wayland happily. Unfortunately one of the reasons I have a laptop is that I want to be able to do things like use it on battery, and power consumption's an important part of that. Skylake continues the trend from Haswell of moving to an SoC-type model where clock and power domains are shared between components that were previously entirely independent, and so you can't enter deep power saving states unless multiple components all have the correct power management configuration. On Haswell/Broadwell this manifested in the form of Serial ATA link power management being involved in preventing the package from going into deep power saving states - setting that up correctly resulted in a reduction in full-system power consumption of about 40%[1].

I've now got a Skylake platform with a nice shiny NVMe device, so Serial ATA policy isn't relevant (the platform doesn't even expose a SATA controller). The deepest power saving state I can get into is PC3, despite Skylake supporting PC8 - so I'm probably consuming about 40% more power than I should be. And nobody seems to know what needs to be done to fix this. I've found no public documentation on the power management dependencies on Skylake. Turning on everything in Powertop doesn't improve anything. My battery life is pretty poor and the system is pretty warm.

The best thing about this is the following statement from page 64 of the 6th Generation Intel ® Processor Datasheet for U-Platforms:

Caution: Long term reliability cannot be assured unless all the Low-Power Idle States are enabled.

which is pretty concerning. Without support for states deeper than PC3, Linux is running in a configuration that Intel imply may trigger premature failure. That's obviously not good. Until this situation is improved, you probably shouldn't buy any Skylake systems if you're planning on running Linux.

[1] These patches never went upstream. Someone reported that they resulted in their SSD throwing errors and I couldn't find anybody with deeper levels of SATA experience who was interested in working on the problem. Intel's AHCI drivers for Windows do the right thing, but I couldn't find anybody at Intel who could get any information from their Windows driver team.

comment count unavailable comments

Syndicated 2016-04-13 20:22:40 from Matthew Garrett

11 Apr 2016 mikal   » (Journeyer)

Exploring the Jagungal

Peter Thomas kindly arranged for a variety of ACT Scout leaders to take a tour of the Jagungal portion of Kosciuszko National Park under the guidance of Robert Green. Robert is very experienced with this area, and has recently written a book. Five leaders from the Macarthur Scout Group decided to go along on this tour and take a look at our hiking options in the area.

The first challenge is getting to the area. The campsite we used for the first day is only accessible to four wheel drive vehicles -- the slope down to the camp site from Nimmo Plain is quite rocky and has some loose sections. That said, the Landcruiser I was in had no trouble making the trip, and the group managed to get two car style four wheel drives into the area without problems as well. The route to Nimmo Plain from the south of Canberra is as follows:

Interactive map for this route.

We explored two areas which are both a short drive from Nimmo Plain. We in fact didn't explore anything at Nimmo Plain itself, but as the intermediate point where the road forks it makes sense to show that bit of route first. From Nimmo Plain, it you turn left you end up where we camped for the first day, which is a lovely NWPS camp site with fire pits, a pit toilet, and trout in the river.

The route to that camp site is like this:

Interactive map for this route.

From this campsite we did a 14km loop walk, which took in a series of huts and ruins along relatively flat and easy terrain. There are certainly good walking options here for Scouts, especially those which don't particularly like hills. The route for the first day was like this:

Interactive map for this route.

Its a fantastic area, very scenic without being difficult terrain...

                                           

As you can see from the pictures, life around the camp fire that evening was pretty hard. One note on the weather though -- even at the start of April we're already starting to see very cool overnight weather in this area, with a definite frost on the tents and cars in the morning. I wouldn't want to be hiking in this area much later in the season than this without being prepared for serious cold weather.

   

The next day we drove back to Nimmo Plain and turned right. You then proceed down a dirt road that is marked as private property, but has a public right of way through to the national park. At the border of the park you can leave the car again and go for another walk. The route to this second entrance to the park is like this:

Interactive map for this route.

                     

This drive on the second morning involved a couple of river crossings, with some representative pictures below. Why does the red Landcruiser get to do the crossing three times? Well that's what happens when you forget to shut the gate...

                                                   

Following that we did a short 5km return walk to Cesjack's Hut, which again wasn't scenic at all...

Interactive map for this route.

                                     

I took some pictures on the drive home too of course...

             

Tags for this post: blog pictures 20160409-jagungal photo kosciuszko scouts bushwalk
Related posts: Scout activity: orienteering at Mount Stranger

Comment

Syndicated 2016-04-11 00:17:00 from stillhq.com : Mikal, a geek from Canberra living in Silicon Valley (no blather posts)

11 Apr 2016 mjg59   » (Master)

Making it easier to deploy TPMTOTP on non-EFI systems

I've been working on TPMTOTP a little this weekend. I merged a pull request that adds command-line argument handling, which includes the ability to choose the set of PCRs you want to seal to without rebuilding the tools, and also lets you print the base32 encoding of the secret rather than the qr code so you can import it into a wider range of devices. More importantly it also adds support for setting the expected PCR values on the command line rather than reading them out of the TPM, so you can now re-seal the secret against new values before rebooting.

I also wrote some new code myself. TPMTOTP is designed to be usable in the initramfs, allowing you to validate system state before typing in your passphrase. Unfortunately the initramfs itself is one of the things that's measured. So, you end up with something of a chicken and egg problem - TPMTOTP needs access to the secret, and the obvious thing to do is to put the secret in the initramfs. But the secret is sealed against the hash of the initramfs, and so you can't generate the secret until after the initramfs. Modify the initramfs to insert the secret and you change the hash, so the secret is no longer released. Boo.

On EFI systems you can handle this by sticking the secret in an EFI variable (there's some special-casing in the code to deal with the additional metadata on the front of things you read out of efivarfs). But that's not terribly useful if you're not on an EFI system. Thankfully, there's a way around this. TPMs have a small quantity of nvram built into them, so we can stick the secret there. If you pass the -n argument to sealdata, that'll happen. The unseal apps will attempt to pull the secret out of nvram before falling back to looking for a file, so things should just magically work.

I think it's pretty feature complete now, other than TPM2 support? That's on my list.

comment count unavailable comments

Syndicated 2016-04-11 05:59:32 from Matthew Garrett

9 Apr 2016 hypatia   » (Journeyer)

Make your Dreamhost site HTTPS-only

Encrypt all the traffic!

Some of the archival Ada Initiative web content is hosted on Dreamhost, and today I re-enabled HTTPS for it now that Let’s Encrypt certificates are available both on Dreamhost and WordPress.com.

Here’s how to enable, and insist on, HTTPS connections to sites hosted on Dreamhost:

  1. Log into the panel
  2. Go to Secure Hosting
  3. Click ‘Add Secure Hosting’
  4. Select the domain you want from the dropdown, check the box next to ‘By checking this option you agree to the Let’s Encrypt Terms of Service.’, leave ‘Unique IP’ unchecked, and press ‘Add now’.
  5. Important: wait for an email from Dreamhost telling you the certificate is ready. This seems to take about fifteen minutes or so. The email contains a copy of the certificate but you don’t need to do anything with it, they configure the webserver automatically at about the same time as they send the email.
  6. Once you have received the email, check that your site is available at https://YOUR-URL and that your browswer does not report errors. (If it does, wait around 15 minutes, try again, and if you’re still seeing errors, screenshot them and contact Dreamhost support.)

Now that HTTPS is working on your site, you can then force all HTTP requests to redirect to HTTPS by placing this in the ~/YOUR-URL/.htaccess file:


<IfModule mod_rewrite.c>
# Redirect all insecure requests
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</IfModule>

Check that visiting http://YOUR-URL now redirects to https://YOUR-URL, and the same should be true of pages underneath http://YOUR-URL.

Feature request for Dreamhost: make a “force HTTPS” option in your standard config.

Syndicated 2016-04-09 00:37:56 from puzzling.org

7 Apr 2016 hypatia   » (Journeyer)

Facts to definitely give when advertising your event, an incomplete list

The year. Otherwise your event for the 18th April might be in a few weeks, or it may be a stale webpage from your very successful and very over event in 2004.

The weekday. Otherwise I can’t intersect your event’s day and my (ridiculously complicated) personal calendar in my head and figure out if this is a Tuesday probably-I-could-swing-it event or a Wednesday nope-I’ll-be-in-Melbourne event without authenticating to some device and opening my calendar navigating to the day and… SQUIRREL.

If you are kind-hearted, you could add a few of very very many pieces of information suggested in the AdaCamp template lovingly brought to you by seven revisions of AdaCamps. But you can start off with the year and weekday.

Related: Terms not to use when negotiating meeting times, an incomplete list

Syndicated 2016-04-07 22:17:06 from puzzling.org

7 Apr 2016 marnanel   » (Journeyer)

What the bikers said in "The Ogre Downstairs"

In Diana Wynne Jones's book "The Ogre Downstairs", there's a scene where some menacing bikers grow out of the ground like plants. Their speech is colloquial English, but written in Greek script. Some people have asked for a transcription, so here it is. I've avoided trying to represent their accent in the English text, so I've put "them" for "'em" and so on. The typesetters for some editions of the book seem not to have understood the joke; in my copy (HarperCollins, 2010) capital lambda is written as a section mark, and capital beta as a comma. I've seen editions with even stranger substitutions.

They stared at the buried man in some perplexity, wondering how he got there and whether to help him out. While they stared, the face shook its chin free of sand and stones and spoke.

“ν θε λιδαγειν ᾿ανσε υοτιωγετ!!” it said. ["...n the lid again and see what you get!" - I think some text from the MS might have been lost here?]

“What language is that?” said Johnny.

“It might be Greek,” Douglas guessed, equally mystified.

A clattering of gravel made them look up. The other mushrooms, up and down the lane between the cars, had also grown into men in crash helmets. The next nearest was now only buried from the waist downward. He had his hands on the gravel and was levering to get his legs free. Beyond him, a number had grown to full height and were stepping up onto the ground, shaking their boots. They were all identically dressed in black leather motorcycle suits and white crash helmets, and they all had most unpleasant faces.

With one accord, Douglas and Johnny looked round to see how near the car was. It was twenty yards off. Between them and it, the lane was filled with motorcyclists stepping free of the ground and moving menacingly down toward them.

“I don’t like the look of this,” said Douglas. “And don’t tell me it’s my fault. I know.”

The nearest man struggled up from the earth and shook himself. Stones clattered from his leather clothes and mud spattered the boys. Carefully he drew his boot from the last of the gravel and walked a step or so toward them.

"Θιωκ ᾿ιυ κνιτ φελλως ᾿ον Θε εδ δουιου?" he demanded of Douglas. ["Think you can hit fellas on the head, do you?"]

“I’m sorry. I don’t understand,” Douglas said.

The man looked round at the other motorcyclists.

"Θης κιζ τραιδ του θυμπ μι, φελλως!" he said angrily. ["These kids tried to thump me, fellas!"]

From the way the others reacted, it was clear that, whatever this meant, it meant no good for Johnny and Douglas. They all gave the boys most unpleasant, blank looks and strolled nearer. "'Ωκει, λετς τεικ βωθοφεμ ᾿απαρτ ᾿αβιτ" ["Okay, let's take both of them apart a bit"] said one. And one who was still only half out of the ground added "Λετμε ᾿αττεμ." ["Let me at them"] Neither of these suggestions sounded pleasant. Johnny looked despairingly round what he could see of the car-park between the advancing leather suits. He found nothing but cars, lines of them, locked, silent and deserted. There did not seem to be another soul in sight.

“Get back to back,” said Douglas. “Use the mop on them.”

Johnny at once scrambled round Douglas and leaned against his back. He held the dustbin lid as a genuine shield, and put the head of the mop under one arm, with the stick pointing outward toward what was now a circle of menacing motorcyclists. Behind him, he heard the clang of the strawberry soap rolling in the dustbin as Douglas raised that for a shield and leveled the broom. Johnny was glad that he had such a tall back as Douglas’s to stand against. If it had been Caspar’s or Malcolm’s back, he would have felt a great deal more frightened. Not that their defenses seemed to impress the motorcyclists. Some laughed jeeringly. One said, "Φυλλα σπιριτ, 'αρυντθει?" ["Full of spirit, aren't they?"] which was clearly a sarcastic remark of some kind, and all of them laughed. Then the first of them said, "Λετσγω, φελλως." ["Let's go, fellas."] And they closed in.
This entry was originally posted at http://marnanel.dreamwidth.org/365349.html. Please comment there using OpenID.

Syndicated 2016-04-07 22:25:27 from Monument

7 Apr 2016 chalst   » (Master)

Recentlog

Kudos to badvogato and aicra for continuing to post unsyndicated diary entries here.

I like wingo's simple solution to pay gaps.

I plan to read louie's LibrePlanet 2016 talk properly soon.

6 Apr 2016 chalst   » (Master)

Future of Scheme?

There's a very interetsting thread on at Lambda the Ultimate about the expiration of the IEEE Scheme standard, IEEE Scheme expiring soon.

6 Apr 2016 chalst   » (Master)

Wikipedia
After a long hiatus, following the end of the Peter Damian feud, I have started editing Wikipedia again. My main current goal is to get the Logic article up to featured article status.

5 Apr 2016 mjg59   » (Master)

There's more than one way to exploit the commons

There's a piece of software called XScreenSaver. It attempts to fill two somewhat disparate roles:

  • Provide a functioning screen lock on systems using the X11 windowing system, a job made incredibly difficult due to a variety of design misfeatures in said windowing system[1]
  • Provide cute graphical output while the screen is locked
XScreenSaver does an excellent job of the second of these[2] and is pretty good at the first, which is to say that it only suffers from a disasterous security flaw once very few years and as such is certainly not appreciably worse than any other piece of software.

Debian ships an operating system that prides itself on stability. The Debian definition of stability is a very specific one - rather than referring to how often the software crashes or misbehaves, it refers to how often the software changes behaviour. Debian is very reluctant to upgrade software that is part of a stable release, to the extent that developers will attempt to backport individual security fixes to the version they shipped rather than upgrading to a release that contains all those security fixes but also adds a new feature. The argument here is that the new release may also introduce new bugs, and Debian's users desire stability (in the "things don't change" sense) more than new features. Backporting security fixes keeps them safe without compromising the reason they're running Debian in the first place.

This all makes plenty of sense at a theoretical level, but reality is sometimes less convenient. The first problem is that security bugs are typically also, well, bugs. They may make your software crash or misbehave in annoying but apparently harmless ways. And when you fix that bug you've also fixed a security bug, but the ability to determine whether a bug is a security bug or not is one that involves deep magic and a fanatical devotion to the cause so given the choice between maybe asking for a CVE and dealing with embargoes and all that crap when perhaps you've actually only fixed a bug that makes the letter "E" appear in places it shouldn't and not one that allows the complete destruction of your intergalactic invasion fleet means people will tend to err on the side of "Eh fuckit" and go drinking instead. So new versions of software will often fix security vulnerabilities without there being any indication that they do so[3], and running old versions probably means you have a bunch of security issues that nobody will ever do anything about.

But that's broadly a technical problem and one we can apply various metrics to, and if somebody wanted to spend enough time performing careful analysis of software we could have actual numbers to figure out whether the better security approach is to upgrade or to backport fixes. Conversations become boring once we introduce too many numbers, so let's ignore that problem and go onto the second, which is far more handwavy and social and so significantly more interesting.

The second problem is that upstream developers remain associated with the software shipped by Debian. Even though Debian includes a tool for reporting bugs against packages included in Debian, some users will ignore that and go straight to the upstream developers. Those upstream developers then have to spend at least 15 or so seconds telling the user that the bug they're seeing has been fixed for some time, and then figure out how to explain that no sorry they can't make Debian include a fixed version because that's not how things work. Worst case, the stable release of Debian ends up including a bug that makes software just basically not work at all and everybody who uses it assumes that the upstream author is brutally incompetent, and they end up quitting the software industry and I don't know running a nightclub or something.

From the Debian side of things, the straightforward solution is to make it more obvious that users should file bugs with Debian and not bother the upstream authors. This doesn't solve the problem of damaged reputation, and nor does it entirely solve the problem of users contacting upstream developers. If a bug is filed with Debian and doesn't get fixed in a timely manner, it's hardly surprising that users will end up going upstream. The Debian bugs list for XScreenSaver does not make terribly attractive reading.

So, coming back to the title for this entry. The most obvious failure of the commons is where a basically malicious actor consumes while giving nothing back, but if an actor with good intentions ends up consuming more than they contribute that may still be a problem. An upstream author releases a piece of software under a free license. Debian distributes this to users. Debian's policies result in the upstream author having to do more work. What does the upstream author get out of this exchange? In an ideal world, plenty. The author's software is made available to more people. A larger set of developers is willing to work on making improvements to the software. In a less ideal world, rather less. The author has to deal with bug mail about already fixed bugs. The author's reputation may be harmed by user exposure to said fixed bugs. The author may get less in the way of useful bug fixes or features because people are running old versions rather than fixing new ones. If the balance tips towards the latter, the author's decision to release their software under a free license has made their life more difficult.

Most discussions about Debian's policies entirely ignore the latter scenario, focusing more on the fact that the author chose to release their software under a free license to begin with. If the author is unwilling to handle the consequences of that, goes the argument, why did they do it in the first place? The unfortunate logical conclusion to that argument is that the author realises that they made a huge mistake and never does so again, and woo uh oops.

The irony here is that one of Debian's foundational documents, the Debian Free Software Guidelines, makes allowances for this. Section 4 allows for distribution of software in Debian even if the author insists that modified versions[4] are renamed. This allows for an author to make a choice - allow themselves to be associated with the Debian version of their work and increase (a) their userbase and (b) their support load, or try to distinguish what Debian ship from their identity. But that document was ratified in 1997 and people haven't really spent much time since then thinking about why it says what it does, and so this tradeoff is rarely considered.

Free software doesn't benefit from distributions antagonising their upstreams, even if said upstream is a cranky nightclub owner. Debian's users are Debian's highest priority, but those users are going to suffer if developers decide that not using free licenses improves their quality of life. Kneejerk reactions around specific instances aren't helpful, but now is probably a good time to start thinking about what value Debian bring to its upstream authors and how that can be increased. Failing to do so doesn't serve users, Debian itself or the free software community as a whole.

[1] The X server has no fundamental concept of a screen lock. This is implemented by an application asking that the X server send all keyboard and mouse input to it rather than to any other application, and then that application creating a window that fills the screen. Due to some hilarious design decisions, opening a pop-up menu in an application prevents any other application from being able to grab input and so it is impossible for the screensaver to activate if you open a menu and then walk away from your computer. This is merely the most obvious problem - there are others that are more subtle and more infuriating. The only fix in this case is to nuke the site from orbit.

[2] There's screenshots here. My favourites are the one that emulate the electrical characteristics of an old CRT in order to present a more realistic depiction of the output of an Apple 2 and the one that includes a complete 6502 emulator.

[3] And obviously new versions of software will often also introduce new security vulnerabilities without there being any indication that they do so, because who would ever put that in their changelog. But the less ethically challenged members of the security community are more likely to be looking at new versions of software than ones released three years ago, so you're probably still tending towards winning overall

[4] There's a perfectly reasonable argument that all packages distributed by Debian are modified in some way

comment count unavailable comments

Syndicated 2016-04-05 07:18:20 from Matthew Garrett

4 Apr 2016 mjg59   » (Master)

TPMs, event logs, fine-grained measurements and avoiding fragility in remote-attestation

Trusted Platform Modules are fairly unintelligent devices. They can do some crypto, but they don't have any ability to directly monitor the state of the system they're attached to. This is worked around by having each stage of the boot process "measure" state into registers (Platform Configuration Registers, or PCRs) in the TPM by taking the SHA1 of the next boot component and performing an extend operation. Extend works like this:

New PCR value = SHA1(current value||new hash)

ie, the TPM takes the current contents of the PCR (a 20-byte register), concatenates the new SHA1 to the end of that in order to obtain a 40-byte value, takes the SHA1 of this 40-byte value to obtain a 20-byte hash and sets the PCR value to this. This has a couple of interesting properties:
  • You can't directly modify the contents of the PCR. In order to obtain a specific value, you need to perform the same set of writes in the same order. If you replace the trusted bootloader with an untrusted one that runs arbitrary code, you can't rewrite the PCR to cover up that fact
  • The PCR value is predictable and can be reconstructed by replaying the same series of operations
But how do we know what those operations were? We control the bootloader and the kernel and we know what extend operations they performed, so that much is easy. But the firmware itself will have performed some number of operations (the firmware itself is measured, as is the firmware configuration, and certain aspects of the boot process that aren't in our control may also be measured) and we may not be able to reconstruct those from scratch.

Thankfully we have more than just the final PCR date. The firmware provides an interface to log each extend operation, and you can read the event log in /sys/kernel/security/tpm0/binary_bios_measurements. You can pull information out of that log and use it to reconstruct the writes the firmware made. Merge those with the writes you performed and you should be able to reconstruct the final TPM state. Hurrah!

The problem is that a lot of what you want to measure into the TPM may vary between machines or change in response to configuration changes or system updates. If you measure every module that grub loads, and if grub changes the order that it loads modules in, you also need to update your calculations of the end result. Thankfully there's a way around this - rather than making policy decisions based on the final TPM value, just use the final TPM value to ensure that the log is valid. If you extract each hash value from the log and simulate an extend operation, you should end up with the same value as is present in the TPM. If so, you know that the log is valid. At that point you can examine individual log entries without having to care about the order that they occurred in, which makes writing your policy significantly easier.

But there's another source of fragility. Imagine that you're measuring every command executed by grub (as is the case in the CoreOS grub). You want to ensure that no inappropriate commands have been run (such as ones that would allow you to modify the loaded kernel after it's been measured), but you also want to permit certain variations - for instance, you might have a primary root filesystem and a fallback root filesystem, and you're ok with either being passed as a kernel argument. One approach would be to write two lines of policy, but there's an even more flexible approach. If the bootloader logs the entire command into the event log, when replaying the log we can verify that the event description hashes to the value that was passed to the TPM. If it does, rather than testing against an explicit hash value, we can examine the string itself. If the event description matches a regular expression provided by the policy then we're good.

This approach makes it possible to write TPM policies that are resistant to changes in ordering and permit fine-grained definition of acceptable values, and which can cleanly separate out local policy, generated policy values and values that are provided by the firmware. The split between machine-specific policy and OS policy allows for the static machine-specific policy to be merged with OS-provided policy, making remote attestation viable even over automated system upgrades.

We've integrated an implementation of this kind of policy into the TPM support code we'd like to integrate into Kubernetes, and CoreOS will soon be generating known-good hashes at image build time. The combination of these means that people using Distributed Trusted Computing under Tectonic will be able to validate the state of their systems with nothing more than a minimal machine-specific policy description.

The support code for all of this should also start making it into other distributions in the near future (the grub code is already in Fedora 24), so with luck we can define a cross-distribution policy format and make it straightforward to handle this in a consistent way even in hetrogenous operating system environments. Remote attestation is a powerful tool for ensuring that your systems are in a valid state, but the difficulty of policy management has been a significant factor in making it difficult for people to deploy in their data centres. Making it easier for people to shield themselves against low-level boot attacks is a big step forward in improving the security of distributed workloads and makes bare-metal hosting a much more viable proposition.

comment count unavailable comments

Syndicated 2016-04-04 21:59:57 from Matthew Garrett

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

Advogato User Stats
Users13994
Observer9879
Apprentice746
Journeyer2334
Master1031

New Advogato Members

Recently modified projects

8 Mar 2016 ShinyCMS
8 Feb 2016 OpenBSC
5 Feb 2016 Abigail
29 Dec 2015 mod_virgule
19 Sep 2015 Break Great Firewall
20 Jul 2015 Justice4all
25 May 2015 Molins framework for PHP5
25 May 2015 Beobachter
7 Mar 2015 Ludwig van
7 Mar 2015 Stinky the Shithead
18 Dec 2014 AshWednesday
11 Nov 2014 respin
20 Jun 2014 Ultrastudio.org
13 Apr 2014 Babel
13 Apr 2014 Polipo

New projects

8 Mar 2016 ShinyCMS
5 Feb 2016 Abigail
2 Dec 2014 Justice4all
11 Nov 2014 respin
8 Mar 2014 Noosfero
17 Jan 2014 Haskell
17 Jan 2014 Erlang
17 Jan 2014 Hy
17 Jan 2014 clj-simulacrum
17 Jan 2014 Haskell-Lisp
17 Jan 2014 lfe-disco
17 Jan 2014 clj-openstack
17 Jan 2014 lfe-openstack
17 Jan 2014 LFE
1 Nov 2013 FAQ Linux