8 Myths of Abortion in Ireland
from the Abortion Rights Campaign's "8 Days - 8 Reasons to Repeal the 8th" myth-busting series in 2014.
arc  abortion  ireland  politics  mythbusters  repealthe8th 
3 days ago
GDPR Subject Access Request helper for Dublin Bus vs bike incidents
'A new tool has been created to assist people who want to request video footage of incidents involving Dublin Bus under GDPR rules.'
dublin-bus  bus  bike  cycling  dublin  cameras  gdpr  sars 
3 days ago
A primer on privacy as "contextual integrity"
A primer on privacy as "contextual integrity" and why privacy notices on mobile platforms (both Android and iOS) are insufficient for attaining informed consent.

If your doctor asked for permission to collect your medical history, you would probably say yes.
However, if that doctor asked to collect your medical history to give to marketers for advertising purposes, you would probably decline.

The difference is, in the first case, you're making assumptions about how the data will be used based on who is making the request.
Knowing just the type of data requested and the requester are insufficient to make an informed decision: people also consider the purpose and other constraints (e.g., will data be resold, stored securely, etc.), which are equally important factors.

(via Karlin)
privacy  context  understanding  mobile  data-protection  permission  opt-in 
5 days ago
Notebookcheck's Top 10 Tablets under 250 Euros
a decent list of low-end tablets, given the season
tablets  devices  hardware  android  gadgets  xmas 
5 days ago
Uber’s Fast, Reliable Docker Image Builder for Apache Mesos and Kubernetes.
we built our own image building tool, Makisu, a solution that allows for more flexible, faster container image building at scale. Specifically, Makisu:

requires no elevated privileges, making the build process portable.

uses a distributed layer cache to improve performance across a build cluster.

provides flexible layer generation, preventing unnecessary files in images.

is Docker-compatible, supporting multi-stage builds and common build commands.
makisu  docker  containers  ops  build  mesos  kubernetes  building 
6 days ago
Billionaires Are the Leading Cause of Climate Change
That's largely because there is no "free market" incentive to prevent disaster. An economic environment where a company is only considered viable if it's constantly expanding and increasing its production can't be expected to pump its own brakes over something as trivial as pending global catastrophe. Instead, market logic dictates that rather than take the financial hit that comes with cutting profits, it's more reasonable to find a way to make money off the boiling ocean. Nothing illustrates this phenomenon better than the burgeoning climate-change investment industry. According to Bloomberg, investors are looking to make money off of everything from revamped food production to hotels for people fleeing increasingly hurricane-ravaged areas. A top JP Morgan Asset investment strategist advised clients that sea-level rise was so inevitable that there was likely a lot of opportunity for investing in sea-wall construction.
doom  capitalism  future  climate-change  environment  politics 
6 days ago
"Bring home the bacon" debate is a case study in how stupid we've all become
Well said, that Carl Kinsella.
How are we supposed to focus on the things that matter when media organisations refuse to? Ivan Yates and Matt Cooper ran a segment on whether or not we've reached political correctness. Niall Boylan had a discussion about whether or not it's okay to ban phrases that nobody really wants to ban [as PETA has suggested].

As a matter of pure coincidence, other reports from outlets like the Daily Mail and Today FM reported that the HSE was going to ban its employees from using phrases like "love," "pet" or "dear." That wasn't true either. Again, it was one line in a huge report that asked the question as to whether or not it was the best course of action to use such terms. It wasn't mentioned again.

Unlike phrases about meat, this actually matters. This is the kind of thing that could actually change how people are treated in hospital. But again, it wasn't true. The public – which has lost its capacity to verify what is true and what is not — was being lied to by the media. That's how it works now.
media  clickbait  fake-news  news  today-fm  daily-mail  hse  niall-boylan  peta  controversy  political-correctness  ivan-yates  matt-cooper 
10 days ago
Irish agricultural CO2 emissions actually INCREASED by 2.9% last year
Irish EPA: agriculture greenhouse gas emissions increased by 2.9% in 2017 “The most significant drivers are higher dairy cow numbers (+3.1%) which reflects national plans to expand milk production”

Feck's sake.
epa  ireland  co2  greenhouse-gases  emissions  green  farming  agriculture 
10 days ago
Chester Beatty Digital Collections
'Explore online access to our remarkable treasures, through this searchable database of digitised artworks and manuscripts', from the Chester Beatty museum's collection. Licensing isn't fully open though -- 'Images and PDF's are provided for personal research and scholarship.'
chester-beatty  museums  history  archaeology  artifacts  art  manuscripts 
10 days ago
3D models by DH_Age Sheela-na-Gig3D Project (@DH_Age) - Sketchfab
These are fantastic -- 3D scans of Sheela-na-Gig carvings around Ireland from 3D Sheela, an Irish based research initiative 'focusing on the digital documentation and analysis of Ireland's Sheela-na-Gig catalogue' (NSFW)
3d  sheela-na-gigs  history  carving  nsfw  models  photogrammetry 
11 days ago
Rudy Giuliani doesn't understand how links work
As waxy noted: 'this might be funny if he wasn't Trump's cybersecurity advisor'.
Twitter allowed someone to invade my text with a disgusting anti-President message. The same thing-period no space-occurred later and it didn’t happen. Don’t tell me they are not committed cardcarrying anti-Trumpers. Time Magazine also may fit that description. FAIRNESS PLEASE

Giuliani composed a tweet with no spaces after full stops, and a broken regexp at Twitter auto-linkified "G-20.In". An internet prankster registered this domain and Giuliani lost his shit in a spectacular display of incompetence.

The best bit? Here's a thread with the original devs: https://twitter.com/hoverbird/status/1070142045140877312 -- 'Hey @tw and @bcherry, remember all the debates we had about the linkifying regex around edge cases like this?'

(via Waxy and pretty much everyone on twitter)
edge-cases  bugs  twitter  regexps  regular-expressions  links  urls  us-politics  trump  rudy-giuliani  security  funny 
11 days ago
Convert an RSS feed to ActivityPub
for autoposting to Mastodon or similar. Via Nelson
via:nelson  mastodon  rss  blogging  scripts 
13 days ago
Nice heatmap visualisation of mortality ratios between men and women
'Age and period specific mortality ratios of females and males (a "Lexis-surface" in demographers parlance)' (via apenwarr)
via:apenwarr  mortality  heatmaps  dataviz  visualisation  colouring  lexis-surfaces 
15 days ago
PRDD - Performance-Review Driven Development
'If the way to get promoted is to launch a shiny new product, then your most senior people will be the best at finding shiny new products to launch, even if that's not the right technical decision to make.' (from a newsy thread about Twitter's latest messaging system switch)
newsy  messaging  infrastructure  twitter  kafka  pubsub  ops  architecture  prdd  performance-reviews 
16 days ago
Crowdfunding Backer Patented My Project
I had thought thought all along that if we published everything openly, it wouldn’t be possible for someone else to patent stuff that’s already all over the web.  But I was wrong. Despite tons of prior art out on the web, in academic research papers and even for sale that are LED stickers, the patent examiner missed it and deemed the LED sticker patent “new” and “non-obvious.”  

How could that happen?  The sad truth is that patents are approved all that time that probably shouldn’t be.

Can’t you invalidate the patent? Unfortunately, once a patent gets issued things get much more complicated and expensive. The cheapest option would be for us to go to the USPTO with our prior art list and invalidate the patent though a process called an inter partes review (IPR).  But such a process typically costs between $300,000 and $600,000 to file due to legal fees. In fact, it’s much more than the cost of getting the patent in the first place! So for now, we’ve decided not to go down this route.

The US patent system is broken. This is appalling
patents  led-stickers  uspto  prior-art  invention  crowdfunding 
16 days ago
Google Tried to Patent My Work After a Job Interview
I looked up the patent application and luckily, this time the patent application was still being reviewed by the patent examiner.  It had not issued! The provisional was filed August 29, 2014, months after my first interview and visit back in March 2014.  Two of the inventors listed were the same people who had interviewed me. 

This is frankly appalling behaviour from Google -- total abuse of the patent system. If Joi Ito hadn't been around to mediate this patent probably would have issued and this researcher's life's work stolen from her through IP dirty tricks.

(Also, patents need to die)
patents  software-patents  google  dirty-tricks  interviewing  ip  mit  medialab  paper  jie-qi 
16 days ago
House Democrats Sent A New Letter To Jeff Bezos About Amazon’s Facial Recognition Tool
The House Democrats’ questions focus largely on possible embedded bias in Amazon Rekognition, including how the tool’s accuracy breaks down by race, gender, ethnicity, and age. Also of particular concern is whether Amazon will build privacy protections into its facial recognition system and how it will ensure it is not abused for secret government surveillance. [....]

Meanwhile, Jeff Bezos has yet to address mounting criticism of Amazon’s Rekognition technology by Amazon employees, shareholders, and civil rights groups. In November, Amazon executives defended the company’s controversial facial recognition technology at an all-hands staff meeting after employees raised civil rights concerns about the tech’s potential misuse.

“It’s hard to trust that harm and abuse can be prevented if it is only post-mortem and through the Terms of Service,” an Amazon employee who requested anonymity told BuzzFeed News at the time.

rekognition  aws  privacy  data-protection  surveillance  amazon  us-politics  civil-rights 
16 days ago
event-stream vulnerability explained - Zach Schneider
This was an incredibly clever attack, very reminiscent of this blog post from January about how a similar attack might work. The attacker covered their tracks well — the code and commit log on GitHub all tell an innocuous and fairly common story (a new maintainer joins a project, adds a feature, and then tweaks the implementation of their feature a bit). Other than the warning signs about flatmap-stream (new package, no contributors or download activity), the attack was virtually undetectable. And indeed, it wasn’t discovered for over two months — it was only found because the attacker made a tiny mistake and used the deprecated crypto.createDecipher rather than crypto.createDecipheriv, which raised a suspicious deprecation warning in another library that consumes event-stream.

Unfortunately, this genre of attack isn’t going away anytime soon. JavaScript is the most popular language right now and it’s not really close, meaning it will continue to be an attractive target for hackers. JavaScript also has relatively few standard-library convenience features compared to other languages, which encourages developers to import them from npm packages instead — this, along with other cultural factors, means that JavaScript projects tend to have massive dependency trees.

(via Nelson)
npm  malware  bitcoin  security  javascript  event-stream  flatmap-stream  hacks 
17 days ago
Party Parrot as a Service
Enter an image URL and it'll generate an animated GIF of the party parrot version
party-parrot  gifs  funny  slack  emojis 
17 days ago
A way to handle immutable blockchains and GDPR: "have an encryption key for each user (stored outside of this ledger) and encrypt all PII with that key. Throw away the key if the user wants you to delete their data."
pii  gdpr  privacy  data-protection  crypto  cryptoshredding  deletion  coding 
17 days ago
Leeroy Jenkins was taking the piss
I had no idea!
"We didn’t think anyone would believe it was real, we thought it was so obviously satire."
leeroy-jenkins  warcraft  gaming  memes  satire  videos  at-least-i-have-chicken 
18 days ago
Declarative Airflow Workflows in YAML, from Etsy
airflow  python  batch  cron  etl 
18 days ago
Antoin O Lachtnain on Twitter regarding GDPR and DNA kits
'It provides legal protections. But the problem is that those protections may not be practically effective. The other problem is the effect that you, as a consenting adult may have on other people who are related to you but who haven't consented.' -- useful thread
gdpr  privacy  data-protection  dna 
19 days ago
flatmap-stream NPM package backdoor incident
Good twitter thread with background on the incident. 2,000,000 downloads per week, used by many other core libs. It appears the attacker persuaded the (overloaded) legit maintainer to hand over ownership then backdoored the package in order to attack copay-dash, a cryptocurrency wallet app.
cryptocurrency  npm  packages  open-source  twitter  flatmap-stream  packaging  security  backdoors 
19 days ago
Linkerd 2.0
The 2.0 release of Linkerd brings two very significant changes. First, we’ve completely rewritten Linkerd to be orders of magnitude faster and smaller than Linkerd 1.x. Linkerd 2.0’s data plane is comprised of ultralight Rust proxies which consume around 10mb of RSS and have a p99 latency of <1ms. Linkerd’s minimalist control plane (written in Go) is similarly designed for speed and low resource footprint.

Second, with the 2.0 release, Linkerd moves beyond the service mesh model to be something not more, but less: Linkerd 2.0 at its core is a service sidecar, running on a single service without requiring cluster-wide installation. This means that if you’re a developer or service owner who doesn’t have access to the whole Kubernetes cluster, you can run Linkerd on your service and get:

Instant Grafana dashboards of your service’s success rates, latencies, and throughput;
A topology graph of incoming and outgoing dependencies;
A live view of requests being made to your service;
Improved, latency-aware load balancing;
… and much more.
linkerd  mesh  networking  services  architecture  sidecars 
20 days ago
the act of having a small portion of your cremated remains fired in a Brickof Mu.

MuMufied is what you will be after the act of MuMufication has been carried out.

What you get in the here and now is a Brick of Mu and a signed and stamped Certificate of MuMufication.

What you get after you die is 23 grams of yours cremated remains fired in your Brick of Mu, which will then be laid to rest on The People’s Pyramid come the following Toxteth Day of the Dead on 23rd of November.
klf  mu  mumufication  23  eris  discordianism  religion  death  toxteth  liverpool  cremation  pyramids 
21 days ago
Awful AI

Artificial intelligence in its current state is unfair, easily susceptible to attacks and notoriously difficult to control. Nevertheless, more and more concerning uses of AI technology are appearing in the wild. This list aims to track all of them. We hope that Awful AI can be a platform to spur discussion for the development of possible contestational technology (to fight back!).
ai  algorithms  ethics  technology  machine-learning 
25 days ago
Introducing Predictive Scaling for Amazon EC2 in AWS Auto Scaling
Predictive Scaling predicts future traffic based on daily and weekly trends, including regularly-occurring spikes, and provisions the right number of EC2 instances in advance of anticipated changes. Provisioning the capacity just in time for an impending load change makes Auto Scaling faster than ever before. Predictive Scaling’s machine learning algorithms detect changes in daily and weekly patterns, automatically adjusting their forecasts. This removes the need for manual adjustment of Auto Scaling parameters over time, making Auto Scaling simpler to configure and consume. Auto Scaling enhanced with Predictive Scaling delivers faster, simpler, and more accurate capacity provisioning to our customers.

Fantastic! More heavy lifting taken care of.
aws  amazon  scaling  autoscaling  predictive-scaling  ml  ec2  asg 
25 days ago
Traditional Chinese medicine origins: Mao invented it but didn’t believe in it
Mikulski and the rest of the Senate may be surprised to learn that they were repeating 60-year-old justifications of Chinese medicine put forward by Chairman Mao. Unlike Mikulski, however, Mao was under no illusion that Chinese medicine—a key component of naturopathic education—actually worked. In The Private Life of Chairman Mao, Li Zhisui, one of Mao’s personal physicians, recounts a conversation they had on the subject. Trained as an M.D. in Western medicine, Li admitted to being baffled by ancient Chinese medical books, especially their theories relating to the five elements. It turns out his employer also found them implausible. 

via Dr. Jen Gunter
medicine  tcm  mao  history  china  health  naturopathy 
26 days ago
Some notes about HTTP/3
Robert Graham from ErrataSec on QUIC aka HTTP/3:

'Google (pbuh) has both the most popular web browser (Chrome) and the two most popular websites (#1 Google.com #2 Youtube.com). Therefore, they are in control of future web protocol development.'

Faster connection setup and latency; better bandwidth negotiation when using multiplexing; user-mode stacks by building on UDP and using recvmmsg(); and better mobile support for roaming IPs.
google  http3  quic  protocols  ip 
26 days ago
The JVM in Docker 2018

Later JDK versions have made it far easier to run a JVM application in a Linux container. The memory support means that if you relied on JVM ergonomics before than you can do the same inside a container where as previously you had to override all memory related settings. The CPU support for containers needs to be carefully evaluated for your application and environment. If you’ve previously set low cpu_shares in environments like Kubernetes to increase utilisation while relying on using up unused cycles then you might get a shock.
jvm  docker  kubernetes  linux  containers  ops 
27 days ago
'a next-generation, no-compromise automation system'.

Web-scale configuration management of all Linux/Unix systems;
Application deployment;
Immutable systems build definition;
Maintaining stateful services such as database and messaging platforms;
Automating one-off tasks & processes;
Deployment and management of the undercloud.


Python 3 DSL;
Declarative resource model with imperative capabilities;
Type / Provider plugin seperation;
Implicit ordering (with handler notification);
Formalized “Plan” vs “Apply” evaluation stages;
Early validation prior to runtime;
Programatically scoped variables;
Strong object-orientation
opsmop  ops  configuration-management  deployment  build 
27 days ago
Deep learning can "discover" new knowledge from scans/images
Amazing paper:
Here, we show that deep learning can extract new knowledge from retinal fundus images. Using deep-learning models trained on data from 284,335 patients and validated on two independent datasets of 12,026 and 999 patients, we predicted cardiovascular risk factors not previously thought to be present or quantifiable in retinal images, such as age (mean absolute error within 3.26 years), gender (area under the receiver operating characteristic curve (AUC) = 0.97), smoking status (AUC = 0.71), systolic blood pressure (mean absolute error within 11.23 mmHg) and major adverse cardiac events (AUC = 0.70). We also show that the trained deep-learning models used anatomical features, such as the optic disc or blood vessels, to generate each prediction.
deep-learning  data  analysis  ml  machine-learning  health  medicine  papers 
27 days ago
The Time Our Provider Screwed Us
Good talk (with transcript) from Paul Biggar about what happened when CircleCI had a massive security incident, and how Jesse Robbins helped them do incident response correctly.

'On the left, Jesse pointed out that we needed an incident commander. That’s me, Paul. And this is very good, because I was a big proponent, I think lots of were around the 2013 mark, of flat organizational structures, and so I hadn’t really got a handle of this whole being in charge thing. The fact that someone else came in and said, “No, no, no, you are in charge”: extremely useful. And he also laid out the order of our priorities. Number one priority; safety of customers. Number two priority: communicate with customers. Number three priority: recovery of service.

I think a reasonable person could have put those in a different order, especially under the pressure and time constraints of the potential company-ending situation. So I was very happy to have those in order. If this is ever going to happen to you, I’d memorize them, maybe put it on an index card in your pocket, in case this ever happens.

The last thing he said is to make sure that we log everything, that we go slow, and that we code review and communicate. His point there is that if we’re going to bring our site back up, if we’re going to do all the things that we need to do in order to save our business and do the right thing for our customers and all that, we can’t be making quick, bad decisions. You can’t just upload whatever code is on your computer now, because I have to do this now, I have to fix it. So we set up a Slack channel … This was pre-Slack; it was a HipChat channel, where all of our communications went. Every single communication that we had about this went in that chatroom. Which came in extremely useful the next day, when I had to write a blog post that detailed exactly what had happened and all the steps that we did to fix it and remediate this, and I had an exact time stamps of all the things that had happened.'
incidents  incident-response  paul-biggar  circleci  security  communication  outages 
27 days ago
Java's ByteBuffer native memory "leak"
Well this is suboptimal:
The Java NIO APIs use ByteBuffers as the source and destination of I/O calls, and come in two flavours. Heap ByteBuffers wrap a byte[] array, allocated in the garbage collected Java heap. Direct ByteBuffers wrap memory allocated outside the Java heap using malloc. Only "native" memory can be passed to operating system calls, so it won't be moved by the garbage collector. This means that when you use a heap ByteBuffer for I/O, it is copied into a temporary direct ByteBuffer. The JDK caches one temporary buffer per thread, without any memory limits. As a result, if you call I/O methods with large heap ByteBuffers from multiple threads, your process can use a huge amount of additional native memory, which looks like a native memory leak. This can cause your process to unexpectedly run into memory limits and get killed.
jvm  performance  java  memory  leaks  bytebuffers  netty  threads  coding  bugs 
27 days ago
Google 'betrays patient trust' with DeepMind Health move | Technology | The Guardian

Now that Streams is a Google product itself, that promise appears to have been broken, says privacy researcher Julia Powles: “Making this about semantics is a sleight of hand. DeepMind said it would never connect Streams with Google. The whole Streams app is now a Google product. That is an atrocious breach of trust, for an already beleaguered product.”

A DeepMind spokesperson emphasised that the core of the promise remains intact: “All patient data remains under our partners’ strict control, and all decisions about its use lie with them. This data remains subject to strict audit and access controls and its processing remains subject to both our contracts and data protection legislation. The move to Google does not affect this.”

google  deepmind  health  nhs  data-protection  privacy  healthcare 
4 weeks ago
SpamAssassin is back [LWN.net]
The SpamAssassin 3.4.2 release was the first from that project in well over three years. At the 2018 Open Source Summit Europe, Giovanni Bechis talked about that release and those that will be coming in the near future. It would seem that, after an extended period of quiet, the SpamAssassin project is back and has rededicated itself to the task of keeping junk out of our inboxes.

This is good to see! Also, newsy thread: https://news.ycombinator.com/item?id=18458212
spamassassin  open-source  oss  anti-spam 
4 weeks ago
Tuning Spark Back Pressure by Simulation
Interesting, Spark uses a PID controller algorithm to manage backpressure:
Spark back pressure, which can be enabled by setting spark.streaming.backpressure.enabled=true, will dynamically resize batches so as to avoid queue build up. It is implemented using a Proportional Integral Derivative (PID) algorithm. This algorithm has some interesting properties, including the lack of guarantee of a stable fixed point. This can manifest itself not just in transient overshoot, but in a batch size oscillating around a (potentially optimal) constant throughput. The overshoot incurs latency; the undershoot costs throughput. Catastrophic overshoot leading to OOM is possible in degenerate circumstances (you need to choose the parameters quite deviously to cause this to happen). Having witnessed undershoot and slow recovery in production streaming jobs, I decided to investigate further by testing the algorithm with a simulator.
backpressure  streaming  queueing  pid-controllers  algorithms  congestion-control 
4 weeks ago
Brits getting into the online-disinfo game

Disinformation and deception have been a part of warfare for thousands of years, but across the world, something new was starting to happen. Information has long been used to support combat operations, but now combat was seen to taking place primarily, sometimes exclusively, through it. From being a tool of warfare, each military began to realise that the struggle with, over and through information was what war itself actually was about. And it wasn’t confined to Russia, China or anyone else. A global informational struggle has broken out. Dozens of countries are already doing it. And these are just the campaigns that we know about.
disinfo  fake-news  uk  british-army  military  memes  infowar 
4 weeks ago
HTTP-over-QUIC to be renamed HTTP/3
Decent newsy comment thread about HTTP/3, QUIC, and how the modern internet treats IP protocols
ip  protocols  http  http3  quic  networking  internet  newsy 
4 weeks ago
Jeff Bezos is wrong, tech workers are not bullies
I decided to leave my job as a staff engineer at Google because of Project Maven, and because I believe that the artificial intelligence ethical guidelines they published afterwards were not strict enough: they allowed surveillance within “internationally accepted norms”.

I am now joining forces with current and former Google employees who also opposed Maven and the Dragonfly search engine. We do not wish to be complicit in human rights violations and we believe that workers, and the public, deserve a voice. We support employees at Amazon, Microsoft, Salesforce, McKinsey and Deloitte who have similarly stood up to their employers.

We also have a right to not contribute to killing. Most workers at Google or Amazon did not join those companies to work on military applications. Both companies are international employers with engineering offices across the world, and many of their workers are neither US citizens nor residents. I worked as an engineer in Google's European headquarters in Dublin, Ireland. To me, the US military is not our military (as Google Cloud chief executive Diane Greene referred to it in a blog post), nor is it a force we should automatically support as a matter of patriotism.

As an engineer, I believe it is my responsibility to speak up for human rights and accountable decision making. As an industry, we in technology cannot compromise our principles or allow ourselves to be bullied by billionaires who stand to be enriched by our silence.
project-maven  dragonfly  google  amazon  surveillance  us-politics  politics  ai  silicon-valley  ethics  work  life 
4 weeks ago
Riding full circle on a paternoster
"A paternoster or paternoster lift is a passenger elevator which consists of a chain of open compartments (each usually designed for two persons) that move slowly in a loop up and down inside a building without stopping. Passengers can step on or off at any floor they like.

I'm slightly obsessed with these quite dangerous 1970s constructions....
paternoster  lifts  elevators  danger  construction  1970s 
4 weeks ago
Some notes on running new software in production
This is really good -- how to approach new infrastructure/software dependencies in production with reliability and uptime in mind.

(via Tony Finch)
reliability  uptime  slas  kubernetes  envoy  outages  runbooks  ops 
4 weeks ago
Deadlines, lies and videotape: The tale of a gRPC bug
HostedGraphite decided to use gRPC as an internal inter-service protocol and ran into a basic protocol bug -- it does not default to using an application-level keepalive on the TCP channel so can block indefinitely if sending-side buffers fill up. Always use application-level keepalives and don't trust TCP
tcp  protocols  keepalive  grpc  rpc  architecture  networking 
5 weeks ago
What if the Placebo Effect Isn’t a Trick? - The New York Times
It is not possible to assay levels of COMT directly in a living brain, but there is a snippet of the genome called rs4680 that governs the production of the enzyme, and that varies from one person to another: One variant predicts low levels of COMT, while another predicts high levels. When Hall analyzed the I.B.S. patients’ DNA, she found a distinct trend. Those with the high-COMT variant had the weakest placebo responses, and those with the opposite variant had the strongest. These effects were compounded by the amount of interaction each patient got: For instance, low-COMT, high-interaction patients fared best of all, but the low-COMT subjects who were placed in the no-treatment group did worse than the other genotypes in that group. They were, in other words, more sensitive to the impact of the relationship with the healer.

The discovery of this genetic correlation to placebo response set Hall off on a continuing effort to identify the biochemical ensemble she calls the placebome — the term reflecting her belief that it will one day take its place among the other important “-omes” of medical science, from the genome to the microbiome. The rs4680 gene snippet is one of a group that governs the production of COMT, and COMT is one of a number of enzymes that determine levels of catecholamines, a group of brain chemicals that includes dopamine and epinephrine. (Low COMT tends to mean higher levels of dopamine, and vice versa.) Hall points out that the catecholamines are associated with stress, as well as with reward and good feeling, which bolsters the possibility that the placebome plays an important role in illness and health, especially in the chronic, stress-related conditions that are most susceptible to placebo effects.
placebo  comt  health  healthcare  medicine  enzymes  brain 
5 weeks ago
Specification gaming examples in AI
A good list of examples where machine learning systems "figure out" how to cheat their fitness function, e.g.:
'Creatures bred for speed grow really tall and generate high velocities by falling over'
ai  funny  humor  spreadsheets  machine-learning  ml  fitness-functions 
5 weeks ago
Welcome To The Dystopia: People Are Arguing Whether This Trump Press Conference Video Is Doctored Or Not
To sum it up: A historically unreliable narrator who works for a conspiracy website tweets out a video in order to show alleged bad behavior on the part of a journalist. The clip goes viral. The White House picks up and disseminates that video and uses it as proof to ban the journalist from reporting at the White House. Outraged journalists decry the White House's use of a video taken from a historically unreliable narrator. Then, users attempt to debunk the video as "actual fake news." Others, unclear if the video is fake, urge caution, suggesting the media may be jumping the gun. An argument breaks out over the intricate technical details of doctoring a clip.

The entire ordeal is a near perfect example of a scenario disinformation experts have predicted and warned of, where the very threat of video manipulation can lead to a blurring of reality. "These technological underpinnings [of AI and photoshop, and editing programs lead] to the increasing erosion of trust,” computational propaganda researcher Renee DiResta told BuzzFeed News in early 2018. “It makes it possible to cast aspersions on whether videos — or advocacy for that matter — are real.”
twitter  disinfo  disinformation  buzzfeed  video  reality  fake-news  photoshop 
5 weeks ago
How do you populate your development databases?
Lots of comments pro/anti copying from production
database  data  testing  system-tests  dev 
5 weeks ago
Sci-Fi Writer Greg Egan and 4chan anon Math Whiz Advance Permutation Problem | Quanta Magazine
On September 16, 2011, an anime fan posted a math question to the online bulletin board 4chan about the cult classic television series 'The Melancholy of Haruhi Suzumiya'. Season one of the show, which involves time travel, had originally aired in non-chronological order, and a re-broadcast and a DVD version had each further rearranged the episodes. Fans were arguing online about the best order to watch the episodes, and the 4chan poster wondered: If viewers wanted to see the series in every possible order, what is the shortest list of episodes they’d have to watch?

In less than an hour, an anonymous person offered an answer — not a complete solution, but a lower bound on the number of episodes required. The argument, which covered series with any number of episodes, showed that for the 14-episode first season of Haruhi, viewers would have to watch at least 93,884,313,611 episodes to see all possible orderings. “Please look over [the proof] for any loopholes I might have missed,” the anonymous poster wrote.

The proof slipped under the radar of the mathematics community for seven years — apparently only one professional mathematician spotted it at the time, and he didn’t check it carefully. But in a plot twist last month, the Australian science fiction novelist Greg Egan proved a new upper bound on the number of episodes required. Egan’s discovery renewed interest in the problem and drew attention to the lower bound posted anonymously in 2011. Both proofs are now being hailed as significant advances on a puzzle mathematicians have been studying for at least 25 years.
mathematics  internet  math  greg-egan  anime  bizarre  4chan  superpermutation  permutation  proofs 
5 weeks ago
A neat kragen hack:
Report wireless signal strength using audio synthesis.

This quick kludge is useful for figuring out where the dead spots in
your wireless network coverage are. They’re where the pitch goes high
and maybe you start getting clicks from audio buffer underruns.

Example audio output can be found at

This is based on a brilliant hack by Seth Schoen, in which he
generated a tone controlled by the signal strength indication from his
wireless card in order to get a sort of 21st-century software
Theremin. This adds some envelope modulation so that it’s useful as a
network diagnostic tool rather than a musical instrument.

It depends on PulseAudio and the interface to the usual set of Linux
commands: pacat, ping, and iwconfig. (I should really just read
/proc/net/wireless instead of depending on iwconfig.)
kragen  wifi  scanning  audio  sound  signal  linux 
5 weeks ago
Meet the Irish master codebreaker you never heard of
In 1943, one of Nazi Germany’s most notorious communication codes was broken by a mild-mannered librarian and family man from Abbeyfeale in west Limerick, Richard Hayes. His day job was director of the National Library of Ireland, but during the Emergency, he secretly led a covert team of cryptanalysts, working feverishly on the infamous “Görtz Cipher” – a fiendish Nazi code that had stumped many of the greatest code-breaking minds at Bletchley Park, the centre of British wartime cryptography.

Astonishingly, the feat was accomplished not in one of the huts at Bletchley Park, but in a now derelict building colloquially known as “The Red House” on Montpellier Hill in Dublin. If this wasn’t an amazing enough feat, Hayes also broke a complex microdot enciphering system which had baffled the American OSS, as well an enciphering system used by the dreaded Sicherheitsdienst (or SD), the intelligence section of the SS. The breaking of the latter code was instrumental in the Allied victory at the Battle of the Bulge.

Few individuals can be said to have altered the course of the second World War on their own, but Hayes was one such individual – and he did it not with a gun, but with a detailed knowledge of the complex algorithms and mathematical permutations involved in the art of cryptography.

(via Colm)
via:colmmacc  crypto  codes  hermann-gortz  wwii  dublin  ireland  richard-hayes  cryptanalysis 
5 weeks ago
Underground Utility Colour Codes Explained
Underground utility colour codes are used to differentiate and identify underground utilities to protect it from damage during excavation. There are different types of utilities and in order to tell them apart coloured lines, flags or sometimes both are used. They help mark the location and indicate the type of utility that is buried underground.

I had no idea! (via Tony Finch)
utilities  power  underground  excavation  digging  repair  urban 
5 weeks ago
Productionproofing EKS
'We recently migrated SaleMove infrastructure from self-managed Kubernetes clusters running on AWS to using Amazon Elastic Container Service for Kubernetes (EKS). There were many surprises along the way to getting our EKS setup ready for production. This post covers some of these gotchas (others may already be fixed or are not likely to be relevant for a larger crowd) and is meant to be used as a reference when thinking of running EKS in production.'
eks  aws  docker  kubernetes  k8s  ops  prod 
6 weeks ago
Physical spam using cheap Bluetooth beacons spotted in the wild
Buzz Andersen on Twitter: "Crazy thing: my friends who run a high traffic coffee shop just found this thing under their bar. It turns out to be a super cheap Chinese Bluetooth LE beacon.… https://t.co/pecNBCR86u"
bluetooth  spam  via:twitter  alibaba  eddystone  ads 
6 weeks ago
Block Advertising on your Network with Pi-hole and Raspberry Pi
A good walkthrough of the Pi-Hole network-wide adblocker install and operation
pi-hole  ads  blocking  ops  home  raspberry-pi 
6 weeks ago
Neoliberalism has conned us into fighting climate change as individuals | Martin Lukacs | Environment | The Guardian
These pervasive exhortations to individual action — in corporate ads, school textbooks, and the campaigns of mainstream environmental groups, especially in the west — seem as natural as the air we breathe. But we could hardly be worse-served.

While we busy ourselves greening our personal lives, fossil fuel corporations are rendering these efforts irrelevant. The breakdown of carbon emissions since 1988? A hundred companies alone are responsible for an astonishing 71%. You tinker with those pens or that panel; they go on torching the planet.

The freedom of these corporations to pollute – and the fixation on a feeble lifestyle response – is no accident. It is the result of an ideological war, waged over the last 40 years, against the possibility of collective action. Devastatingly successful, it is not too late to reverse it. The political project of neoliberalism, brought to ascendence by Thatcher and Reagan, has pursued two principal objectives. The first has been to dismantle any barriers to the exercise of unaccountable private power. The second had been to erect them to the exercise of any democratic public will. [...]

At the very moment when climate change demands an unprecedented collective public response, neoliberal ideology stands in the way. Which is why, if we want to bring down emissions fast, we will need to overcome all of its free-market mantras.
politics  environment  neoliberalism  future  climate-change  green 
6 weeks ago
Your Kid’s Apps Are Crammed With Ads - The New York Times
In apps marketed for children 5 and under in the Google Play store, there were pop-up ads with disturbing imagery. There were ads that no child could reasonably be expected to close out of, and which, when triggered, would send a player into more ads. Dancing treasure chests would give young players points for watching video ads, potentially endlessly. The vast majority of ads were not marked at all. Characters in children’s games gently pressured the kids to make purchases, a practice known as host-selling, banned in children’s TV programs in 1974 by the Federal Trade Commission. At other times an onscreen character would cry if the child did not buy something.

“The first word that comes to mind is furious,” said Dr. Radesky, an assistant professor of developmental behavioral pediatrics at the University of Michigan Medical School. “I’m a researcher. I want to stay objective. We started this study really just trying to look at distraction. My frustrated response is about all the surprising, potentially deceptive stuff we found.”

brb, installing Pi-Hole.
children  kids  ads  advertising  apps  android  google  ftc  games  iap 
6 weeks ago
A Dark Consensus About Screens and Kids Begins to Emerge in Silicon Valley - The New York Times
John Lilly, a Silicon Valley-based venture capitalist with Greylock Partners and the former C.E.O. of Mozilla, said he tries to help his 13-year-old son understand that he is being manipulated by those who built the technology.

“I try to tell him somebody wrote code to make you feel this way — I’m trying to help him understand how things are made, the values that are going into things and what people are doing to create that feeling,” Mr. Lilly said. “And he’s like, ‘I just want to spend my 20 bucks to get my Fortnite skins.’”
kids  technology  education  parenting  screentime  apps  tech  phones 
6 weeks ago
cool twitter image compression hack
Dаvіd Вucһаnаn on Twitter:
Assuming this all works out, the image in this tweet is also a valid ZIP archive, containing a multipart RAR archive, containing the complete works of Shakespeare. This technique also survives twitter's thumbnailer :P

(via JK)
via:johnke  cool  compression  image  jpeg  twitter 
6 weeks ago
Analyses open source code repos on github, running static code analysis to find "zero-days and other critical bugs".
security  code-review  static-code-analysis  coding  lgtm  github 
6 weeks ago
October 21 post-incident analysis | The GitHub Blog
A network outage caused a split-brain scenario, and their failover system allowed writes to occur in both
regional databases. Once the outage was repaired it was impossible to reconcile writes in an automated fashion as a result.

Embarrassingly, this exact scenario was called out in their previous blog post about their Raft-based failover system at https://githubengineering.com/mysql-high-availability-at-github/ --

"In a data center isolation scenario, and assuming a master is in the isolated DC, apps in that DC are still able to write to the master. This may result in state inconsistency once network is brought back up. We are working to mitigate this split-brain by implementing a reliable STONITH from within the very isolated DC. As before, some time will pass before bringing down the master, and there could be a short period of split-brain. The operational cost of avoiding split-brains altogether is very high."

Failover is hard.
github  fail  outages  failover  replication  consensus  ops 
6 weeks ago
ChromeCast HTTP APIs
similar to the Google Home hackable APIs, it seems Chromecasts are easily hacked/scripted with no auth
auth  http  apis  security  chromecast  google 
6 weeks ago
Google Home (in)Security
0 authentication on some setup APIs, including 'delete the current wifi network config' -- pretty major lack of security
auth  security  fail  google  google-home 
6 weeks ago
Epic twitter thread from @colmmacc explaining why client certs and mutual-auth TLS are TERRIBAD
Ok. tweet thread time! Too long ago I promised to write a screed explaining how much I hated mutual-auth TLS and why. I got distracted, and I wasn't happy with the writing, so here it is in tweet thread form instead! But basically: Client certs and Mutual-Auth TLS is TERRIBAD.
When I say TERRIBAD, I mean that unless you've got the resources of a big security dept and folks who comb threat models for a living, using clients certs and mutual auth probably materially lessens your security. That's NUTS!

(source: https://twitter.com/colmmacc/status/1057017343438540801 )
terribad  rants  twitter  threads  tls  ssl  authentication  mtls  security 
6 weeks ago
"The first AI portrait in Christie’s" was mostly output from someone else's open-source code
The print was created by Obvious, a trio of 25-year-old French students whose goal is to “explain and democratize” AI through art. Over the past year, they’ve made a series of portraits depicting members of the fictional Belamy family, amplifying their work through attention-grabbing press releases. But insiders say the code used to generate these prints is mostly the work of another artist and programmer: 19-year-old Robbie Barrat, a recent high school graduate who shared his algorithms online via an open-source license.

The members of Obvious don’t deny that they borrowed substantially from Barrat’s code, but until recently, they didn’t publicize that fact either. This has created unease for some members of the AI art community, which is open and collaborative and taking its first steps into mainstream attention.[...]

Jason Bailey, a digital art blogger who runs the site Artnome, says that what Obvious has done is far from unusual. “It’s almost weekly in digital art that someone takes some open code and tweaks it and sells it,” he tells The Verge. But the prominence of this auction and the fact that Obvious, not Barrat, has received the attendant prestige and attention does complicate the matter. “There’s a lot of stuff you can do that’s legal, but that makes you sort of a jerk,” adds Bailey. “If I was Robbie, I’d be pretty miffed, and Obvious said they owe him a great deal of credit.”
Barrat says he holds no grudges at all and is mostly annoyed that the auction might give outsiders the wrong impression about AI art. “I’m more concerned about the fact that actual artists using AI are being deprived of the spotlight,” he says. “It’s a very bad first impression for the field to have.”
ai  art  graphics  history  open-source  ownership  copyright  obvious  robbie-barrat  digital 
7 weeks ago
The Yelp Production Engineering Documentation Style Guide
This is great! Also they correctly use the term "runbook" instead of "playbook" :)
Documentation is something that many of us in software and site reliability engineering struggle with – even if we recognize its importance, it can still be a struggle to write it consistently and to write it well. While we in Yelp’s Production Engineering group are no different, over the last few quarters we’ve engaged in a concerted effort to do something about it.

One of the first steps towards changing this process was developing our documentation style guide, something that started out as a Hackathon project late last year. I spoke about it when I was giving my talk on documentation at SRECon EMEA in August, and afterwards, a number of people reached out to ask if they could have a copy.

While what we’re sharing today isn’t our exact style guide – we’ve trimmed out some of the specifics that aren’t really relevant, done a bit of rewording for a more general audience, and added some annotations – it’s essentially the one we’ve been using since the start of this year, with the caveat that it’s a living document and continues to be refined. While this may not be perfect for every team (both at Yelp and elsewhere), it’s helped us raise the bar on our own documentation and provides an example for others to follow.
yelp  pe  sre  ops  engineering  documentation  srecon  chastity-blackwell  processes 
7 weeks ago
Motorola and iFixit—A Match Made in Mobile
This is awesome.
Motorola is setting an example for major manufacturers to embrace a more open attitude towards repair. If you’re a Motorola customer, you can now either send in your broken device directly to Motorola for repair—or you can fix it yourself with the highest quality parts and tools, plus a free step-by-step guide, all included in our official Motorola OEM Fix Kits.
motorola  repair  ifixit  hardware  mobile 
7 weeks ago
LiV Pi
Air quality sensor board for Raspberry Pis, with a good quality self-calibrating NDIR CO2 sensor
co2  air  quality  monitoring  metrics  health  home  raspberry-pi  hardware  to-get 
7 weeks ago
'Tries to move K8s Pods from on-demand to spot instances':

K8s Spot rescheduler is a tool that tries to reduce load on a set of Kubernetes nodes. It was designed with the purpose of moving Pods scheduled on AWS on-demand instances to AWS spot instances to allow the on-demand instances to be safely scaled down (By the Cluster Autoscaler).

In reality the rescheduler can be used to remove load from any group of nodes onto a different group of nodes. They just need to be labelled appropriately.

For example, it could also be used to allow controller nodes to take up slack while new nodes are being scaled up, and then rescheduling those pods when the new capacity becomes available, thus reducing the load on the controllers once again.
k8s  kubernetes  aws  scaling  spot-instances  ops 
7 weeks ago
A Guide to Post-Quantum Cryptography
Post-quantum cryptography is an incredibly exciting area of research that has seen an immense amount of growth over the last decade. While the four types of cryptosystems described in this post have received lots of academic attention, none have been approved by NIST and as a result are not recommended for general use yet. Many of the schemes are not performant in their original form, and have been subject to various optimizations that may or may not affect security. Indeed, several attempts to use more space-efficient codes for the McEliece system have been shown to be insecure. As it stands, getting the best security from post-quantum cryptosystems requires a sacrifice of some amount of either space or time. Ring lattice-based cryptography is the most promising avenue of work in terms of flexibility (both signatures and KEM, also fully homomorphic encryption), but the assumptions that it is based on have only been studied intensely for several years. Right now, the safest bet is to use McEliece with Goppa codes since it has withstood several decades of cryptanalysis.
cryptography  crypto  post-quantum-crypto  pqc  quantum-computing  via:el33th4xor  security  algorithms 
7 weeks ago
Bulky Household Waste Collection Service
for e.g., doors, beds, radiators, mattresses, furniture etc. -- EUR40 per collection
waste  rubbish  household  dublin  dcc  services 
7 weeks ago
Making a C64 Cartridge - World of Jani
'To create a cartridge for your Commodore 64 in the simplest form, is wiring a 8K ROM to the expansion port.'
roms  c64  commodore  hardware  hacks  via:valen 
7 weeks ago
Atlassian Boosted Its Female Technical Hires By 80% — Here’s How
'In this exclusive interview, she leans into empirical research to prescribe two seismic mindset shifts, and a set of principles proven to increase D&I. All of this advice can be implemented starting now, so that your company doesn’t miss out on the many benefits that come with a diverse environment where everyone — from underrepresented minorities to introverts to parents — feels truly included.'

(via Caro)
via:caro  recruiting  diversity  hiring  inclusion  meritocracy  tech 
7 weeks ago
Saudi Arabian spy worked as a Twitter SRE
and Twitter didn't find out until the CIA told them. The spy who had root
root  spies  twitter  saudi-arabia  privacy  espionage  cia 
7 weeks ago
Musée de la Chasse et de la Nature
Marie Foulston, curator of the V&A's "Videogames: Design/Play/Disrupt" exhibition, on Twitter: "Also grateful that @taleoftales brought us to the 'Musée de la Chasse et de la Nature'. Curious & unsettling place that perfectly mixes the analogue, the digital and the weird. Gave me a smiliar feeling as the Museum of Jurassic Technology & Ghibli Museum at times"
exhibitions  art  paris  museums  to-see  weird 
7 weeks ago
Remapping the silly double-S key on a Macbook running 10.12 Sierra
the latest hacky workaround for this stupid Apple keyboard layout bullshit
apple  keyboards  europe  fail  hidutil  macosx 
8 weeks ago
« earlier      
abuse ads ai algorithms amazon analytics android anti-spam apache apple apps architecture art automation aws banking big-data bitcoin books bugs build business cars cassandra censorship children china cli coding compression concurrency containers copyright crime crypto culture cycling data data-protection data-structures databases dataviz debugging deployment design devops distcomp distributed dns docker driving dublin ec2 email eu europe exploits facebook fail false-positives filesharing filtering food fraud funny future games gaming gc gchq git github go google government graphics hacking hacks hadoop hardware hashing health history home http https images internet ios ip iphone ireland isps java javascript journalism jvm kafka kids lambda languages latency law legal libraries life linux load-balancing logging machine-learning malware mapping maps medicine memory metrics microsoft ml mobile money monitoring movies mp3 music mysql netflix network networking news nosql nsa open-source ops optimization outages packaging papers patents pdf performance phones photos piracy politics presentations privacy programming protocols python recipes redis reliability replication research ruby russia s3 safety scala scalability scaling scams science search security shopping silicon-valley slides snooping social-media software space spam ssl startups statistics storage streaming surveillance swpats sysadmin tcp tech technology testing time tips tls tools travel tuning tv twitter ui uk unix us-politics via:fanf via:nelson video web wifi work youtube

Copy this bookmark: