ramblings about spam, scalability, software development, the web

Bella Caledonia: A Wake-Up Call

Swathes of the British elite appeared ignorant of much of Irish history and the country’s present reality. They seemed to have missed that Ireland’s economic dependence on exports to its neighbour came speedily to an end after both joined the European Economic Community in 1973. They seemed unacquainted with Ireland’s modern reality as a confident, wealthy, and internationally-oriented nation with overwhelming popular support for EU membership. Repeated descriptions of the border as a “surprise” obstacle to talks betrayed that Britain had apparently not listened, or had dismissed, the Irish government’s insistence in tandem with the rest of the EU since April that no Brexit deal could be agreed that would harden the border between Ireland and Northern Ireland. The British government failed to listen to Ireland throughout history, and it was failing to listen still.

(tags: europe ireland brexit uk ukip eu northern-ireland border history)

AWS re:invent 2017: Advanced Design Patterns for Amazon DynamoDB (DAT403) – YouTube

Video of one of the more interesting sessions from this year’s Re:invent

(tags: reinvent aws dynamodb videos tutorials coding)

AWS re:invent 2017: Container Networking Deep Dive with Amazon ECS (CON401) // Practical Applications

Another re:Invent highlight to watch — ECS’ new native container networking model explained

(tags: reinvent aws containers docker ecs networking sdn ops)

VLC in European Parliament’s bug bounty program

This was not something I expected:

The European Parliament has approved budget to improve the EU’s IT infrastructure by extending the free software security audit programme (FOSSA) and by including a bug bounty approach in the programme. The Commission intends to conduct a small-scale “bug bounty” activity on open-source software with companies already operating in the market. The scope of this action is to: Run a small-scale “bug bounty” activity for open source software project or library for a period of up to two months maximum; The purpose of the procedure is to provide the European institutions with open source software projects or libraries that have been properly screened for potential vulnerabilities; The process must be fully open to all potential bug hunters, while staying in-line with the existing Terms of Service of the bug bounty platform.

(tags: vlc bug-bounties security europe europarl eu ep bugs oss video open-source)

Sonarr

newsgroup/torrent TV PVR automation. looks neat

(tags: pvr tv automation usenet bittorrent)

South Pole Ice Tunnels – Antarctica – Atlas Obscura

‘One of the strangest of these monuments consists of the body of an atrophied White Sturgeon and a handwritten account of its journey. The fish had arrived in 1992 at McMurdo Station (a US base located at the edge of Antarctica and the Ross Sea) and had been destined for a remote Russian station called Vostok. However, the Russians gifted the sturgeon to American scientists who later discarded it after it had languished uneaten in a freezer for several months. It was from the trash dump that a garbage processing crew reclaimed the sturgeon, and it then made its way from location to location across Antarctica. It finally became enshrined in the tunnels beneath the South Pole where it greets visitors from a ledge chiseled in the ice.’

(tags: south-pole pole big-dead-place shrines funny sturgeons antarctica amundsen-scott-station mcmurdo vostok)

Introducing the Amazon Time Sync Service

Well overdue; includes Google-style leap smearing

(tags: time-sync time aws services ntp ops)

The Impenetrable Program Transforming How Courts Treat DNA Evidence | WIRED

‘So the lab turned to TrueAllele, a program sold by Cybergenetics, a small company dedicated to helping law enforcement analyze DNA where regular lab tests fail. They do it with something called probabilistic genotyping, which uses complex mathematical formulas to examine the statistical likelihood that a certain genotype comes from one individual over another. It’s a type of DNA testing that’s becoming increasingly popular in courtrooms. ‘ […] ‘But now legal experts, along with Johnson’s advocates, are joining forces to argue to a California court that TrueAllele—the seemingly magic software that helped law enforcement analyze the evidence that tied Johnson to the crimes—should be forced to reveal the code that sent Johnson to prison. This code, they say, is necessary in order to properly evaluate the technology. In fact, they say, justice from an unknown algorithm is no justice at all.’

(tags: law justice trueallele software dna evidence statistics probability code-review auditing)

Meet the man who deactivated Trump’s Twitter account

Legend!

His last day at Twitter was mostly uneventful, he says. There were many goodbyes, and he worked up until the last hour before his computer access was to be shut off. Near the end of his shift, the fateful alert came in. This is where Trump’s behavior intersects with Duysak’s work life. Someone reported Trump’s account on Duysak’s last day; as a final, throwaway gesture, he put the wheels in motion to deactivate it. Then he closed his computer and left the building.

(tags: twitter trump bahtiyar-duysak abuse reporting funny)

Fine Art Prints – The Public Domain Review

This is amazing — “museum quality” prints of favourites from the PDR archives, featuring Paul Klee, William Blake, ukiyo-e from Hiroshige, Goya, and even Athanasius Kircher

(tags: prints to-get fine-art public-domain art william-blake ukiyo-e hiroshige goya klee)

Introducing AWS Fargate – Run Containers without Managing Infrastructure

now that’s a good announcement. Available right away running atop ECS; EKS in 2018

(tags: eks ecs fargate aws services ops containers docker)

creepy fake motion-detector cameras in AirBnBs

Jason Scott on Twitter: “In “oh, that’s a thing now” news, a colleague of mine thought it odd that there was a single “motion detector” in his AirBNB in the bedroom and voila, it’s an IP camera connected to the web. (He left at 3am, reported, host is suspended, colleague got refund.)”

(tags: airbnb motion-detectors cameras surveillance creepy privacy)

Parental Controls & Internet Filtering — Circle

this looks interesting; internet time limits and per-user/per-device content filtering, for kids

(tags: apps kids android ios circle filtering family parenting)

Brutal London

‘A book about London’s gorgeous, brutalist architecture includes dainty DIY papercraft models to make yourself’ — awesome

(tags: brutalist architecture london papercraft models barbican)

UK government planning to require age verification for access to porn

This thread has pointed out the unintentional side effect which I hadn’t considered: this database of user auth info and their porn habits will be an incredibly valuable target for foreign governments and hackers, and a single foreign porn company owns the AV service they are potentially planning to use for it. “if they can’t find a way to de-link identities from usage, this is a monumental national security risk and it’s beyond insane they’re even considering it. “Sorry Prime Minister, Russia now knows what porn every MP, civil servant and clearance holder watches and when, and we don’t know how much of it they’ve given to Wikileaks. In retrospect, having the world’s most obvious SIGINT target built in PHP and hosted in the Cayman Islands by an uncleared foreign 25 year old working for a porn company probably wasn’t the best idea”.’

(tags: age verification porn uk politics censorship security national-security wikileaks russia)

How to configure Backblaze B2 with Duplicity on Linux

sorry S3, Backblaze is cheaper nowadays!

(tags: duplicity backups linux ops security b2 s3 storage home)

Tansplaining

/tan?sple?n/ – verb informal – (of a British journalist or political type) explaining Irish history and politics to an Irish person, in a manner regarded as condescending, patronizing, and often incorrect.

(tags: politics lols funny tansplaining black-and-tans history uk brexit dictionary neologisms)

Ordering a new EV ? what are your 181 options ?

(thinking face)

(tags: evs cars driving ireland)

Witney Seibold watches all the Academy Award Best Picture winners

Myself and the missus are in the process of doing this right now!

(tags: nerdist witney-seibold academy-awards best-picture awards movies)

Spam is back | The Outline

it’s 2017, and spam has clawed itself back from the grave. It shows up on social media and dating sites as bots hoping to lure you into downloading malware or clicking an affiliate link. It creeps onto your phone as text messages and robocalls that ring you five times a day about luxury cruises and fictitious tax bills. Networks associated with the buzzy new cryptocurrency system Ethereum have been plagued with spam. Facebook recently fought a six-month battle against a spam operation that was administering fake accounts in Bangladesh, Indonesia, Saudi Arabia, and other countries. Last year, a Chicago resident sued the Trump campaign for allegedly sending unsolicited text message spam; this past November, ZDNet reported that voters were being inundated with political text messages they never signed up for. Apps can be horrid spam vectors, too — TechCrunch writer Jordan Crook wrote in April about how she idly downloaded an app called Gather that promptly spammed everyone in her contact list. Repeated mass data breaches that include contact information, such as the Yahoo breach in which 3 billion user accounts were exposed, surely haven’t helped. Meanwhile, you, me, and everyone we know is being plagued by robocalls. “There is no recourse for me,” lamented Troy Doliner, a student in Boston who gets robocalls every day. “I am harassed by a faceless entity that I cannot track down.” “I think we had a really unique set of circumstances that created this temporary window where spam was in remission,” said Finn Brunton, an assistant professor at NYU who wrote Spam: A Shadow History of the Internet, “and now we’re on the other side of that, with no end in sight.”

(tags: spam privacy email social-media web robocalls phone ethereum texts abuse)

S3 Inventory Adds Apache ORC output format and Amazon Athena Integration

Interesting to see Amazon are kind of putting their money behind ORC as a new public data interchange format with this

(tags: orc formats data interchange s3 athena output)

Spot Fleet now supports Target Tracking

Awesome, nice feature

(tags: spot-fleet spot-instances ec2 amazon aws scaling ops architecture)

IBM urged to avoid working on ‘extreme vetting’ of U.S. immigrants

ICE wants to use machine learning technology and social media monitoring to determine whether an individual is a “positively contributing member of society,” according to documents published on federal contracting websites. More than 50 civil society groups and more than 50 technical experts sent separate letters on Thursday to the Department of Homeland Security saying the vetting program as described was “tailor-made for discrimination” and contending artificial intelligence was unable to provide the information ICE desired.

(tags: civil-rights politics usa trump ice ibm civil-liberties immigration discrimination racism social-media)

Cordyceps even creepier than at first thought

Hughes’s team found that fungal cells infiltrate the ant’s entire body, including its head, but they leave its brain untouched. There are other parasites that manipulate their hosts without destroying their brains, says Kelly Weinersmith from Rice University. For example, one flatworm forms a carpet-like layer over the brain of the California killifish, leaving the brain intact while forcing the fish to behave erratically and draw the attention of birds—the flatworm’s next host. “But manipulation of ants by Ophiocordyceps is so exquisitely precise that it is perhaps surprising that the fungus doesn’t invade the brain of its host,” Weinersmith says. [….] So what we have here is a hostile takeover of a uniquely malevolent kind. Enemy forces invading a host’s body and using that body like a walkie-talkie to communicate with each other and influence the brain from afar. Hughes thinks the fungus might also exert more direct control over the ant’s muscles, literally controlling them “as a puppeteer controls as a marionette doll.” Once an infection is underway, he says, the neurons in the ant’s body—the ones that give its brain control over its muscles—start to die. Hughes suspects that the fungus takes over. It effectively cuts the ant’s limbs off from its brain and inserts itself in place, releasing chemicals that force the muscles there to contract. If this is right, then the ant ends its life as a prisoner in its own body. Its brain is still in the driver’s seat, but the fungus has the wheel.

(tags: biology gross cordyceps fungi fungus ants zombies infection brain parasites)

Unicomp, Inc.

‘I think you want a Unicomp […] They bought the old IBM model M factory line, it’s a model M with USB’ — a classic IBM-style clacky full size keyboard — https://twitter.com/SwartzCr/status/932678394021535751

(tags: keyboards clacky model-m ibm history hardware usb)

Tech Leaders Dismayed by Weaponization of Social Media – IEEE Spectrum

“We have passed the fail-safe point,” McNamee said. “I don’t think we can get back to the Silicon Valley that I loved. At this point we just have to save America.”

(tags: propaganda fake-news facebook twitter social-media us-politics brexit internet russia silicon-valley usa)

How to ensure Presto scalability ?in multi user case

Good preso from Treasure Data on multi-user Presto usage

(tags: presto presentations slides storage databases)

Why is this company tracking where you are on Thanksgiving?

Creepy:

To do this, they tapped a company called SafeGraph that provided them with 17 trillion location markers for 10 million smartphones. The data wasn’t just staggering in sheer quantity. It also appears to be extremely granular. Researchers “used this data to identify individuals’ home locations, which they defined as the places people were most often located between the hours of 1 and 4 a.m.,” wrote The Washington Post. [….] This means SafeGraph is looking at an individual device and tracking where its owner is going throughout their day. A common defense from companies that creepily collect massive amounts of data is that the data is only analyzed in aggregate; for example, Google’s database BigQuery, which allows organizations to upload big data sets and then query them quickly, promises that all its public data sets are “fully anonymized” and “contain no personally-identifying information.” In multiple press releases from SafeGraph’s partners, the company’s location data is referred to as “anonymized,” but in this case they seem to be interpreting the concept of anonymity quite liberally given the specificity of the data. Most people probably don’t realize that their Thanksgiving habits could end up being scrutinized by strangers. It’s unclear if users realize that their data is being used this way, but all signs point to no. (SafeGraph and the researchers did not immediately respond to questions.) SafeGraph gets location data from “from numerous smartphone apps,” according to the researchers.

(tags: safegraph apps mobile location tracking surveillance android iphone ios smartphones big-data)

Quad9

Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy.  Security: Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against the IBM X-Force threat intelligence database of over 40 billion analyzed web pages and images. Quad9 also taps feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike.  Performance: Quad9 systems are distributed worldwide in more than 70 locations at launch, with more than 160 locations in total on schedule for 2018. These servers are located primarily at Internet Exchange points, meaning that the distance and time required to get answers is lower than almost any other solution. These systems are distributed worldwide, not just in high-population areas, meaning users in less well-served areas can see significant improvements in speed on DNS lookups. The systems are “anycast” meaning that queries will automatically be routed to the closest operational system.  Privacy: No personally-identifiable information is collected by the system. IP addresses of end users are not stored to disk or distributed outside of the equipment answering the query in the local data center. Quad9 is a nonprofit organization dedicated only to the operation of DNS services. There are no other secondary revenue streams for personally-identifiable data, and the core charter of the organization is to provide secure, fast, private DNS

(tags: quad9 resolvers dns anycast ip networking privacy security)

Continuous self-testing at Hosted Graphite

‘why we send external canaries, every second’

(tags: graphite hostedgraphite monitoring canaries udp alerting ops)

‘STELLA Report from the SNAFUcatchers Workshop on Coping With Complexity’, March 14-16 2017

‘A consortium workshop of high end techs reviewed postmortems to better understand how engineers cope with the complexity of anomalies (SNAFU and SNAFU catching episodes) and how to support them. These cases reveal common themes regarding factors that produce resilient performances. The themes that emerge also highlight opportunities to move forward.’ The ‘Dark debt’ concept is interesting here.

(tags: complexity postmortems dark-debt technical-debt resilience reliability systems snafu reports toread stella john-allspaw)

Driverless shuttle in Las Vegas gets in fender bender within an hour

Like any functioning autonomous vehicle, the shuttle can avoid obstacles and stop in a hurry if needed. What it apparently can’t do is move a couple feet out of the way when it looks like a 20-ton truck is going to back into it. A passenger interviewed by KSNV shared her frustration: The shuttle just stayed still and we were like, ‘oh my gosh, it’s gonna hit us, it’s gonna hit us!’ and then.. it hit us! And the shuttle didn’t have the ability to move back, either. Like, the shuttle just stayed still.

(tags: ai driverless-cars driving cars las-vegas aaa navya keolis)

The naked truth about Facebook’s revenge porn tool

This is absolutely spot on.

If Facebook wanted to implement a truly trusted system for revenge porn victims, they could put the photo hashing on the user side of things — so only the hash is transferred to Facebook. To verify the claim that the image is truly a revenge porn issue, the victim could have the images verified through a trusted revenge porn advocacy organization. Theoretically, the victim then would have a verified, privacy-safe version of the photo, and a hash that could be also sent to Google and other sites.

(tags: facebook privacy hashing pictures images revenge-porn abuse via:jwz)

20 Benefits that speed up hiring and 5 that slow it down

But that isn’t to say work-life balance isn’t important. It’s just job seekers are looking for balance outside of work. Three of the five benefits that sped up time to hire were related to giving more opportunities to leave work: Caregiver leave Adoption leave On site gym Performance based incentives Family leave

(tags: hiring benefits text-analysis pto holidays vacation leave gyms work family-leave)

Facebook asks users for nude photos in project to combat revenge porn

The photos are hashed, server-side, using the PhotoDNA hashing algorithm. This would have been way way better if it ran locally, on user’s phones, instead though. Interesting to note that PhotoDNA claims to have a “1 in 10 billion” false positive rate according to https://www.itu.int/en/cop/case-studies/Documents/ICMEC_PhotoDNA.PDF

(tags: photodna hashing images facebook revenge-porn messenger nudes photos)

The $280M Ethereum bug

The newly deployed contract, 0x863df6bfa4469f3ead0be8f9f2aae51c91a907b4, contains a vulnerability where its owner was uninitialized. Although, the contract is a library it was possible for devops199 to turn it into a regular multi-sig wallet since for Ethereum there is no real distinction between accounts, libraries, and contracts. The event occurred in two transactions, a first one to take over the library and a second one to kill the library?—?which was used by all multi-sig wallets created after the 20th of July. Since by design smart-contracts themselves can’t be patched easily, this make dependancies on third party libraries very lethal if a mistake happens. The fact that libraries are global is also arguable, this would be shocking if it was how our daily use Operating Systems would work.

(tags: security bitcoin ethereum lol fail smart-contracts)

How Facebook Figures Out Everyone You’ve Ever Met

Oh god this is so creepy.

Facebook’s machinery operates on a scale far beyond normal human interactions. And the results of its People You May Know algorithm are anything but obvious. In the months I’ve been writing about PYMK, as Facebook calls it, I’ve heard more than a hundred bewildering anecdotes: A man who years ago donated sperm to a couple, secretly, so they could have a child—only to have Facebook recommend the child as a person he should know. He still knows the couple but is not friends with them on Facebook. A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information. A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later. An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”

(tags: facebook privacy surveillance security creepy phones contacts pymk)

A Clash of Cultures

In short, I am in support of Naomi Wu. Rather than let the Internet speculate on why, I am sharing my perspectives on the situation preemptively. As with most Internet controversies, it’s messy and emotional. I will try my best to outline the biases and issues I have observed. Of course, everyone has their perspective; you don’t have to agree with mine. And I suspect many of my core audience will dislike and disagree with this post. However, the beginning of healing starts with sharing and listening. I will share, and I respectfully request that readers read the entire content of this post before attacking any individual point out of context. The key forces I see at play are: Prototype Bias – how assumptions based on stereotypes influence the way we think and feel Idol Effect – the tendency to assign exaggerated capabilities and inflated expectations upon celebrities Power Asymmetry – those with more power have more influence, and should be held to a higher standard of accountability Guanxi Bias – the tendency to give foreign faces more credibility than local faces in China All these forces came together in a perfect storm this past week.

(tags: culture engineering maker naomi-wu women stereotypes bias idols power china bunnie)

‘Lambda and serverless is one of the worst forms of proprietary lock-in we’ve ever seen in the history of humanity’ • The Register

That doesn’t mean Polvi is a fan. “Lambda and serverless is one of the worst forms of proprietary lock-in that we’ve ever seen in the history of humanity,” said Polvi, only partly in jest, referring to the most widely used serverless offering, AWS Lambda. “It’s seriously as bad as it gets.” He elaborated: “It’s code that tied not just to hardware – which we’ve seen before – but to a data center, you can’t even get the hardware yourself. And that hardware is now custom fabbed for the cloud providers with dark fiber that runs all around the world, just for them. So literally the application you write will never get the performance or responsiveness or the ability to be ported somewhere else without having the deployment footprint of Amazon.”

(tags: lambda amazon aws containers coreos deployment lockin proprietary serverless alex-polvi kubernetes)

AWS switching hypervisor from Xen to KVM

interesting

(tags: aws kvm xen virtualization)

How to effectively complain to an Irish broadcaster about a public affairs show

Simon McGarr: “If you think that a public affairs show has failed to address a matter with proper balance, you can (Tweet) say it to the breeze or complain. There is a process to follow to make an effective complaint 1) complain to broadcaster 2) complain to BAI if unhappy with response.” Thread with more details, and yet more at https://twitter.com/IrishTV_films/status/927172642544783360

(tags: complaining complaints rte bai ireland current-affairs)

The 10 Top Recommendations for the AI Field in 2017 from the AI Now Institute

I am 100% behind this. There’s so much potential for hidden bias and unethical discrimination in careless AI/ML deployment.

While AI holds significant promise, we’re seeing significant challenges in the rapid push to integrate these systems into high stakes domains. In criminal justice, a team at Propublica, and multiple academics since, have investigated how an algorithm used by courts and law enforcement to predict recidivism in criminal defendants may be introducing significant bias against African Americans. In a healthcare setting, a study at the University of Pittsburgh Medical Center observed that an AI system used to triage pneumonia patients was missing a major risk factor for severe complications. In the education field, teachers in Texas successfully sued their school district for evaluating them based on a ‘black box’ algorithm, which was exposed to be deeply flawed. This handful of examples is just the start?—?there’s much more we do not yet know. Part of the challenge is that the industry currently lacks standardized methods for testing and auditing AI systems to ensure they are safe and not amplifying bias. Yet early-stage AI systems are being introduced simultaneously across multiple areas, including healthcare, finance, law, education, and the workplace. These systems are increasingly being used to predict everything from our taste in music, to our likelihood of experiencing mental illness, to our fitness for a job or a loan.

(tags: ai algorithms machine-learning ai-now ethics bias racism discrimination)

Something is wrong on the internet – James Bridle – Medium

‘an essay on YouTube, children’s videos, automation, abuse, and violence, which crystallises a lot of my current feelings about the internet through a particularly unpleasant example from it. […] What we’re talking about is very young children [..] being deliberately targeted with content which will traumatise and disturb them, via networks which are extremely vulnerable to exactly this form of abuse. It’s not about trolls, but about a kind of violence inherent in the combination of digital systems and capitalist incentives. It’s down to that level of the metal.’

(tags: internet youtube children web automation violence horror 4chan james-bridle)

Inside The Great Poop Emoji Feud

PILE_OF_POO in the news!

The debate appears to be between some of Unicode’s most prolific contributors and typographers (Unicode was initially established to develop standards for translating alphabets into code that can be read across all computers and operating systems), and those in the consortium who focus primarily on the evolution of emojis. The two chief critics — Michael Everson and Andrew West, both typographers — say that the emoji proposal process has become too commercial and frivolous, thereby cheapening the Unicode Consortium’s long body of work. Their argument centers around “Frowning Pile Of Poo,” one of the emojis under consideration for the June 2018 class. In an Oct. 22 memo to the Unicode Technical Committee, Everson tore into the committee over the submission calling it “damaging … to the Unicode standard.”

(tags: pile-of-poo emoji funny michael-everson unicode frowning-poo poo shit)

newrelic/sidecar: Gossip-based service discovery. Docker native, but supports static discovery, too.

An AP gossip-based service-discovery sidecar process.

Services communicate to each other through an HAproxy instance on each host that is itself managed and configured by Sidecar. It is inspired by Airbnb’s SmartStack. But, we believe it has a few advantages over SmartStack: Native support for Docker (works without Docker, too!); No dependence on Zookeeper or other centralized services; Peer-to-peer, so it works on your laptop or on a large cluster; Static binary means it’s easy to deploy, and there is no interpreter needed; Tiny memory usage (under 20MB) and few execution threads means its very light weight

(tags: clustering docker go service-discovery ap sidecar haproxy discovery architecture)

aws-vault

‘A vault for securely storing and accessing AWS credentials in development environments’. Scott Piper says: ‘You should not use the AWS CLI with MFA without aws-vault, and probably should not use the CLI at all without aws-vault, because of it’s benefit of storing your keys outside of ~/.aws/credentials (since every once in a while a developer will decide to upload all their dot-files in their home directory to github so they can use the same .vimrc and .bashrc aliases everywhere, and will end up uploading their AWS creds).’

(tags: aws vault security cli development coding dotfiles credentials mfa)

AWS Service Terms

57.10 Acceptable Use; Safety-Critical Systems. Your use of the Lumberyard Materials must comply with the AWS Acceptable Use Policy. The Lumberyard Materials are not intended for use with life-critical or safety-critical systems, such as use in operation of medical equipment, automated transportation systems, autonomous vehicles, aircraft or air traffic control, nuclear facilities, manned spacecraft, or military use in connection with live combat. However, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization.

(tags: aws zombies funny t-and-cs legal civilization just-in-case)

How the Guardian found 800,000 paying readers

The strategy to rescue the Guardian from financial oblivion has attained a landmark position by increasing its revenue from readers to a point where it now outweighs the paper’s income from advertising. This significant shift in the Guardian’s business model, making it less dependent on a highly challenging advertising market for media companies, results largely from a quadrupling in the number of readers making monthly payments under the title’s membership scheme, which has grown from 75,000 to 300,000 members in the past year.

(tags: guardian journalism subscriptions newspapers future membership donations)

How to make the function keys the default Touch Bar display

Gonna need this for the new work laptop

(tags: touchbar apple ui function-keys keyboard usability it-just-works)

20 Touch Bar Tips & Tricks for the New MacBook Pro – YouTube

another set of touchbar tips

(tags: touchbar it-just-works apple ui usability youtube)

Fooling Neural Networks in the Physical World with 3D Adversarial Objects · labsix

This is amazingly weird stuff. Fooling NNs with adversarial objects:

Here is a 3D-printed turtle that is classified at every viewpoint as a “rifle” by Google’s InceptionV3 image classifier, whereas the unperturbed turtle is consistently classified as “turtle”. We do this using a new algorithm for reliably producing adversarial examples that cause targeted misclassification under transformations like blur, rotation, zoom, or translation, and we use it to generate both 2D printouts and 3D models that fool a standard neural network at any angle. Our process works for arbitrary 3D models – not just turtles! We also made a baseball that classifies as an espresso at every angle! The examples still fool the neural network when we put them in front of semantically relevant backgrounds; for example, you’d never see a rifle underwater, or an espresso in a baseball mitt.

(tags: ai deep-learning 3d-printing objects security hacking rifles models turtles adversarial-classification classification google inceptionv3 images image-classification)

Rich “Lowtax” Kyanka on Twitter’s abuse/troll problem

how did you solve this problem at Something Awful? You said you wrote a bunch of rules but internet pedants will always find ways to get around them. The last rule says we can ban you for any reason. It’s like the catch-all. We can ban you if it’s too hot in the room, we can ban you if we had a bad day, we can ban you if our finger slips and hits the ban button. And that way people know that if they’re doing something and it’s not technically breaking any rules but they’re obviously trying to push shit as far as they can, we can still ban them. But, unlike Twitter, we actually have what’s called the Leper’s Colony, which says what they did and has their track record. Twitter just says, “You’re gone.”

(tags: twitter communication discussion history somethingawful lowtax)

Here’s A List Of The Darkest, Strangest Scientific Paper Titles Of All Time | IFLScience

some great papers here (via Emilie)

(tags: via:emilie funny papers science titles)

Yonatan Zunger’s twitter thread on Twitter’s problem with policy issues

‘I worked on policy issues at G+ and YT for years. It was *painfully* obvious that Twitter never took them seriously.’ This thread is full of good information on “free speech”, nazis, Trump, Gamergate and Twitter’s harrassment problem. (Via Peter Bourgon)

(tags: via:peterbourgon harrassment twitter gamergate threads youtube google-plus policy abuse bullying free-speech engagement)

What To Do When Your Daughter Is the Mean Girl | Psychology Today

Bookmarking — just in case. hopefully it won’t be necessary… good site for parenting advice along these lines.

I knew this day would come. I was, of course, hoping it never would-hoping that my daughter would never be mean to someone else’s daughter-but as they say, I wrote the book on girl bullying in elementary school, so I knew that there was a pretty good chance that despite all of my best efforts, one of these days, my girl was gonna act like the mean one. This morning, she told me about it.

(tags: psychology kids parenting bullies children girls)

MaxMind DB File Format Specification

An interesting data structure format — ‘the MaxMind DB file format is a database format that maps IPv4 and IPv6 addresses to data records using an efficient binary search tree.’

(tags: maxmind databases storage ipv4 ipv6 addresses bst binary-search-trees trees data-structures)

Cronic

‘A cure for Cron’s chronic email problem’

(tags: cron linux unix ops sysadmin mail)

IBM broke its cloud by letting three domain names expire – The Register

“multiple domain names were mistakenly allowed to expire and were in hold status.”

(tags: outages fail ibm the-register ops dns domains cloud)

Open-sourcing RacerD: Fast static race detection at scale | Engineering Blog | Facebook Code

At Facebook we have been working on automated reasoning about concurrency in our work with the Infer static analyzer. RacerD, our new open source race detector, searches for data races — unsynchronized memory accesses, where one is a write — in Java programs, and it does this without running the program it is analyzing. RacerD employs symbolic reasoning to cover many paths through an app, quickly.

(tags: racerd race-conditions data-races thread-safety static-code-analysis coding testing facebook open-source infer)

Solera – Wikipedia

Fascinating stuff — from Felix Cohen’s excellent twitter thread.

Solera is a process for aging liquids such as wine, beer, vinegar, and brandy, by fractional blending in such a way that the finished product is a mixture of ages, with the average age gradually increasing as the process continues over many years. The purpose of this labor-intensive process is the maintenance of a reliable style and quality of the beverage over time. Solera means literally “on the ground” in Spanish, and it refers to the lower level of the set of barrels or other containers used in the process; the liquid (traditionally transferred from barrel to barrel, top to bottom, the oldest mixtures being in the barrel right “on the ground”), although the containers in today’s process are not necessarily stacked physically in the way that this implies, but merely carefully labeled. Products which are often solera aged include Sherry, Madeira, Lillet, Port wine, Marsala, Mavrodafni, Muscat, and Muscadelle wines; Balsamic, Commandaria, some Vins doux naturels, and Sherry vinegars; Brandy de Jerez; beer; rums; and whiskies. Since the origin of this process is undoubtedly out of the Iberian peninsula, most of the traditional terminology was in Spanish, Portuguese, or Catalan.

(tags: wine aging solera sherry muscat vinegar brandy beer rum whiskey whisky brewing spain)

The Best Way to Sous Vide Is to Shut Up About It

lol

(tags: sous-vide gadgets kitchen bros cooking cookery funny)

“1 like = 1 delicious cocktail recipe or booze fact.”

Great cocktail factoid thread from Manhattans Project/Every Cloud’s Felix Cohen

(tags: felix-cohen cocktails booze factoids history drinks)

Alarm systems alarmingly insecure. Oh the irony | Pen Test Partners

Some absolutely abysmal security practices used in off-the-shelf self-installed wireless home alarm systems — specifically the Yale HSA6400. Simple replay attacks of the unlock PIN message, for instance

(tags: security home wireless alarms yale fail)

What Parents Can Do When Bullying is Downplayed at School | Psychology Today

Despite the “Bully-Free Zone” posters that line the school cafeteria walls and the Zero-Tolerance policy that was boasted about during last September’s Back-to-School night, your experience is that the school would rather not address the problem at all. The responses you get from your child’s teacher include bland lip service […]

(tags: bullying kids school education psychology children parenting)

Cyclists: Let’s Talk About Shoaling

You’re stopped at a red light with a bunch of folks on bikes, when someone who’s just arrived sails past everyone, right to the head of the class. It’s a lot like seeing somebody in the Whole Foods express lane with too many things. In other words, it’s the kind of behavior that triggers toothy-toddler rages in otherwise emotionally competent adults.

(tags: shoaling cycling commuting bikes red-lights commute rage)

Commodore 64 Raspberry Pi Case with working power LED

3D-printed retro-pi cases (via Oisin)

(tags: via:oisin 3d-printing retropi cases raspberry-pi hardware cute)

srcecde/aws-lambda-cheatsheet

‘AWS Lambda cheatsheet’ — a quick ref card for Lambda users

(tags: aws lambda ops serverless reference quick-references)

Turtle Bunbury – THE NIGHT OF THE BIG WIND, 1839 (Reprise)

The Night of the Big Wind was the most devastating storm ever recorded in Irish history. Known in As Gaeilge as ‘Oiche na Gaoithe Moire’, the hurricane of 6th and 7th January 1839 made more people homeless in a single night than all the sorry decades of eviction that followed it.

(tags: 1839 1830s 19th-century ireland turtle-bunbury history storms weather hurricanes)

One person’s history of Twitter, from beginning to end – Mike Monteiro

Twitter, which was conceived and built by a room of privileged white boys (some of them my friends!), never considered the possibility that they were building a bomb. To this day, Jack Dorsey doesn’t realize the size of the bomb he’s sitting on. Or if he does, he believes it’s metaphorical. It’s not. He is utterly unprepared for the burden he’s found himself responsible for. The power of Oppenheimer-wide destruction is in the hands of entitled men-children, cuddled runts, who aim not to enhance human communication, but to build themselves a digital substitute for physical contact with members of the species who were unlike them. And it should scare you.

(tags: politics twitter mike-monteiro history silicon-valley trump)

A history of the neural net/tank legend in AI, and other examples of reward hacking

@gwern: “A history of the neural net/tank legend in AI: https://t.co/2s4AOGMS3a (Feel free to suggest more sightings or examples of reward hacking!)”

(tags: gwern history ai machine-learning ml genetic-algorithms neural-networks perceptron learning training data reward-hacking)

Falling through the KRACKs

I want to talk about why this vulnerability continues to exist so many years after WPA was standardized. And separately, to answer a question: how did this attack slip through, despite the fact that the 802.11i handshake was formally proven secure?

(tags: krack security wpa wifi ieee crypto vulnerabilities)

Over The Air – Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices

This is the most amazing hack.

Upon successful execution, the exploit exposes APIs to read and write the host’s physical memory directly over-the-air, by mapping in any requested address to the controlled DART L2 translation table, and issuing DMA accesses to the corresponding mapped IO-Space addresses.

(tags: hacks exploits security ios wifi apple iphone kernel)

How to operate reliable AWS Lambda applications in production

running a reliable Lambda application in production requires you to still follow operational best practices. In this article I am including some recommendations, based on my experience with operations in general as well as working with AWS Lambda.

(tags: aws cloud lambda ops amazon)

Amazon Shipping Filter – Chrome Web Store

a user script to determine when Amazon.{com,co.uk,fr,de,it,etc} will not deliver to your chosen delivery address, which is a common risk for Irish users

(tags: ireland shipping amazon buying extensions chrome userscripts shopping)

Spotify’s Discover Weekly: How machine learning finds your new music

Not sure how accurate this is (it’s not written by a Spotify employee), but seems pretty well researched — according to this Discover Weekly is a mix of 3 different algorithms

(tags: discover-weekly spotify nlp music ai ml machine-learning)

Study: wearing hi-viz clothing does not reduce risk of collision for cyclists

Journal of Transport & Health, 22 March 2017:

This study found no evidence that cyclists using conspicuity aids were at reduced risk of a collision crash compared to non-users after adjustment for confounding, but there was some evidence of an increase in risk. Bias and residual confounding from differing route selection and cycling behaviours in users of conspicuity aids are possible explanations for these findings. Conspicuity aids may not be effective in reducing collision crash risk for cyclists in highly-motorised environments when used in the absence of other bicycle crash prevention measures such as increased segregation or lower motor vehicle speeds.

(tags: health safety hi-viz clothing cycling commute visibility collision crashes papers)

Jepsen: Hazelcast 3.8.3

Not a very good review of Hazelcast’s CAP behaviour from Aphyr. see also https://twitter.com/MarcJBrooker/status/917437286639329280 for more musings from Marc Brooker on the topic (“PA/EC is a confusing and dangerous behaviour for many cases”)

(tags: jepsen aphyr testing hazelcast cap-theorem reliability partitions network pacelc marc-brooker)

House Six, the Heartbeat of Student Life – The University Times

Dilapidated but beloved, House Six shapes student life in Trinity and has for decades been the backdrop to changes in Irish society.

(tags: history tcd trinity house-six csc tcdsu dublin buildings landmarks)

London’s Hidden Tunnels Revealed In Amazing Cutaways | Londonist

these really are remarkable. I love the Renzo Picassos in particular

(tags: design history london 3d cutaways diagrams comics mid-century)

Kremlin info-ops measured to have a total reach of 340 million with dark, divisive ads

when the virality and resharing is measured, it’s far higher than previously estimated, according to this Washington Post article

(tags: virality news fake-news facebook politics russia)

A Branchless UTF-8 Decoder

This week I took a crack at writing a branchless UTF-8 decoder: a function that decodes a single UTF-8 code point from a byte stream without any if statements, loops, short-circuit operators, or other sorts of conditional jumps. […] Why branchless? Because high performance CPUs are pipelined. That is, a single instruction is executed over a series of stages, and many instructions are executed in overlapping time intervals, each at a different stage.

(tags: algorithms optimization unicode utf8 branchless coding c via:fanf)

Internet speed guarantees must be realistic, says Ofcom | Hacker News

Good news from the UK. Hope this comes to Ireland soon, too

(tags: marketing isps internet speed measurement ofcom uk)

“Why We Built Our Own Distributed Column Store” (video)

“Why We Built Our Own Distributed Column Store” by Sam Stokes of Honeycomb.io — Retriever, inspired by Facebook’s Scuba

(tags: scuba retriever storage data-stores columnar-storage honeycomb.io databases via:charitymajors)

A Decade of Dynamo: Powering the next wave of high-performance, internet-scale applications – All Things Distributed

A deep dive on how we were using our existing databases revealed that they were frequently not used for their relational capabilities. About 70 percent of operations were of the key-value kind, where only a primary key was used and a single row would be returned. About 20 percent would return a set of rows, but still operate on only a single table. With these requirements in mind, and a willingness to question the status quo, a small group of distributed systems experts came together and designed a horizontally scalable distributed database that would scale out for both reads and writes to meet the long-term needs of our business. This was the genesis of the Amazon Dynamo database. The success of our early results with the Dynamo database encouraged us to write Amazon’s Dynamo whitepaper and share it at the 2007 ACM Symposium on Operating Systems Principles (SOSP conference), so that others in the industry could benefit. The Dynamo paper was well-received and served as a catalyst to create the category of distributed database technologies commonly known today as “NoSQL.”

(tags: dynamo history nosql storage databases distcomp amazon papers acm data-stores)

The world’s first cyber-attack, on the Chappe telegraph system, in Bordeaux in 1834

The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements. Some tried using messengers and carrier pigeons, but the Blanc brothers found a way to use the telegraph line instead. They bribed the telegraph operator in the city of Tours to introduce deliberate errors into routine government messages being sent over the network. The telegraph’s encoding system included a “backspace” symbol that instructed the transcriber to ignore the previous character. The addition of a spurious character indicating the direction of the previous day’s market movement, followed by a backspace, meant the text of the message being sent was unaffected when it was written out for delivery at the end of the line. But this extra character could be seen by another accomplice: a former telegraph operator who observed the telegraph tower outside Bordeaux with a telescope, and then passed on the news to the Blancs. The scam was only uncovered in 1836, when the crooked operator in Tours fell ill and revealed all to a friend, who he hoped would take his place. The Blanc brothers were put on trial, though they could not be convicted because there was no law against misuse of data networks. But the Blancs’ pioneering misuse of the French network qualifies as the world’s first cyber-attack.

(tags: bordeaux hacking history security technology cyber-attacks telegraph telegraphes-chappe)

Slack 103: Communication and culture

Interesting note on some emergent Slack communications systems using emoji: “redirect raccoon”, voting, and “I’m taking a look at this”

(tags: slack communications emojis emoji online talk chat)

This Future Looks Familiar: Watching Blade Runner in 2017

I told a lot of people that I was going to watch Blade Runner for the first time, because I know that people have opinions about Blade Runner. All of them gave me a few watery opinions to keep in mind going in—nothing that would spoil me, but things that would help me understand what they assured me would be a Very Strange Film. None of them told me the right things, though.

(tags: culture movies film blade-runner politics slavery replicants)

poor man’s profiler

‘Sampling tools like oprofile or dtrace’s profile provider don’t really provide methods to see what [multithreaded] programs are blocking on – only where they spend CPU time. Though there exist advanced techniques (such as systemtap and dtrace call level probes), it is overkill to build upon that. Poor man doesn’t have time. Poor man needs food.’ Basically periodically grabbing stack traces from running processes using gdb.

(tags: gdb profiling linux unix mark-callaghan stack-traces performance)

Report an Issue Online | Dublin City Council

handy self-service issue report portal, more direct possibly than FixMyStreet.ie

(tags: dcc dublin city council reporting civic traffic-lights roads paths)

Intel pcj library for persistent memory-oriented data structures

This is a “pilot” project to develop a library for Java objects stored in persistent memory. Persistent collections are being emphasized because many applications for persistent memory seem to map well to the use of collections. One of this project’s goals is to make programming with persistent objects feel natural to a Java developer, for example, by using familiar Java constructs when incorporating persistence elements such as data consistency and object lifetime. The breadth of persistent types is currently limited and the code is not performance-optimized. We are making the code available because we believe it can be useful in experiments to retrofit existing Java code to use persistent memory and to explore persistent Java programming in general.

(tags: persistent-memory data-structures storage persistence java coding future)

Google and Facebook Have Failed Us – The Atlantic

There’s no hiding behind algorithms anymore. The problems cannot be minimized. The machines have shown they are not up to the task of dealing with rare, breaking news events, and it is unlikely that they will be in the near future. More humans must be added to the decision-making process, and the sooner the better.

(tags: algorithms facebook google las-vegas news filtering hoaxes 4chan abuse breaking-news responsibility silicon-valley)

the execution of James Connolly in cake form

As depicted in the Decobake 1916 commemorative cake competition. Amazing scenes of edible history

(tags: odd funny decobake 1916 history ireland republican nationalism james-connolly executions omgwtf cake)

Cashing in on ATM Malware – A Comprehensive Look at Various Attack Types

rather unnerving report from Trend Micro / Europol. ‘As things stand, it looks like different criminal groups have already graduated from physical to virtual skimming via malware, thanks to the lack of security measures implemented by commercial banks worldwide. This is common in Latin America and Eastern Europe, but these criminals are exporting the technique and have started to victimize other countries.’

(tags: atms banking security trend-micro banks europol exploits)

Your Morning Sucks. Here’s How to Create a Dream Morning Routine.

this is fucking hilarious

(tags: funny self-parody morning routines via:dorothy hydration trampolines wtf manic)

The copyright implications of a publicly curated online archive of Oireachtas debates

“a publicly curated online archive of Oireachtas debates is so obviously in the public interest that copyright law should not prevent it.” (via Aileen)

(tags: via:aileen copyright oireachtas debates ireland parliament archival history)

Share scripts that have dependencies with Nix

Nice approach to one-liner packaging invocations using nix-shell

(tags: nix packaging unix linux ops shebang #!)

In 1973, I invented a ‘girly drink’ called Baileys

The creation of the iconic booze:

‘We bought a small bottle of Jamesons Irish Whiskey and a tub of single cream and hurried back. It was a lovely May morning. 1973. Underdogs Sunderland had just won the FA Cup. We mixed the two ingredients in our kitchen, tasted the result and it was certainly intriguing, but in reality bloody awful. Undaunted, we threw in some sugar and it got better, but it still missed something. We went back to the store, searching the shelves for something else, found our salvation in Cadbury’s Powdered Drinking Chocolate and added it to our formula. Hugh and I were taken by surprise. It tasted really good. Not only this, but the cream seemed to have the effect of making the drink taste stronger, like full-strength spirit. It was extraordinary.’

(tags: whiskey cream booze drinks baileys 1970s history 1973 chocolate cocktails)

S3 Point In Time Restore

restore a versioned S3 bucket to the state it was at at a specific point in time

(tags: ops s3 restore backups versioning history tools scripts unix)

EV Purchase and Import Guide

Importing an EV from the UK into Ireland (specifically the Nissan Leaf). A little dated (2013) but possibly useful all the same

(tags: ev cars driving uk import nissan-leaf)

The Israeli Digital Rights Movement’s campaign for privacy | Internet Policy Review

This study explores the persuasion techniques used by the Israeli Digital Rights Movement in its campaign against Israel’s biometric database. The research was based on analysing the movement’s official publications and announcements and the journalistic discourse that surrounded their campaign within the political, judicial, and public arenas in 2009-2017. The results demonstrate how the organisation navigated three persuasion frames to achieve its goals: the unnecessity of a biometric database in democracy; the database’s ineffectiveness; and governmental incompetence in securing it. I conclude by discussing how analysing civil society privacy campaigns can shed light over different regimes of privacy governance. [….] 1. Why the database should be abolished: because it’s not necessary – As the organisation highlighted repeatedly throughout the campaign with the backing of cyber experts, there is a significant difference between issuing smart documents and creating a database. Issuing smart documents effectively solves the problem of stealing and forging official documents, but does it necessarily entail the creation of a database? The activists’ answer is no: they declared that while they do support the transition to smart documents (passports and ID cards) for Israeli citizens, they object to the creation of a database due to its violation of citizens’ privacy. 2. Why the database should be abolished: because it’s ineffective; […] 3. Why the database should be abolished: because it will be breached – The final argument was that the database should be abolished because the government would not be able to guarantee protection against security breaches, and hence possible identity theft.

(tags: digital-rights privacy databases id-cards israel psc drm identity-theft security)