5121
'Scaling to Millions of Simultaneous Connections' [pdf]
Presentation by Rick Reed of WhatsApp on the large-scale Erlang cluster backing the WhatsApp API, delivered at Erlang Factory SF, March 30 2012. lots of juicy innards here
erlang  scaling  scalability  performance  whatsapp  freebsd  presentations 
february 2014
GIFFFFR
turn Youtube videos into animated GIFs (via Waxy)
via:waxy  gifs  youtube  video  animated-gifs  images  web 
february 2014
Video Processing at Dropbox
On-the-fly video transcoding during live streaming. They've done a great job of this!
At the beginning of the development of this feature, we entertained the idea to simply pre-transcode all the videos in Dropbox to all possible target devices. Soon enough we realized that this simple approach would be too expensive at our scale, so we decided to build a system that allows us to trigger a transcoding process only upon user request and cache the results for subsequent fetches. This on-demand approach: adapts to heterogeneous devices and network conditions, is relatively cheap (everything is relative at our scale), guarantees low latency startup time.
ffmpeg  dropbox  streaming  video  cdn  ec2  hls  http  mp4  nginx  haproxy  aws  h264 
february 2014
Belkin managed to put their firmware update private key in the distribution
'The firmware updates are encrypted using GPG, which is intended to prevent this issue. Unfortunately, Belkin misuses the GPG asymmetric encryption functionality, forcing it to distribute the firmware-signing key within the WeMo firmware image. Most likely, Belkin intended to use the symmetric encryption with a signature and a shared public key ring. Attackers could leverage the current implementation to easily sign firmware images.'

Using GPG to sign your firmware updates: yay. Accidentally leaving the private key in the distribution: sad trombone.
fail  wemo  belkin  firmware  embedded-systems  security  updates  distribution  gpg  crypto  public-key  pki  home-automation  ioactive 
february 2014
Disgraced Scientist Granted U.S. Patent for Work Found to be Fraudulent - NYTimes.com
Korean researcher Hwang Woo-suk electrified the science world 10 years ago with his claim that he had created the world’s first cloned human embryos and had extracted stem cells from them. But the work was later found to be fraudulent, and Dr. Hwang was fired from his university and convicted of crimes.

Despite all that, Dr. Hwang has just been awarded an American patent covering the disputed work, leaving some scientists dumbfounded and providing fodder to critics who say the Patent Office is too lax.

“Shocked, that’s all I can say,” said Shoukhrat Mitalipov, a professor at Oregon Health and Science University who appears to have actually accomplished what Dr. Hwang claims to have done. “I thought somebody was kidding, but I guess they were not.”

Jeanne F. Loring, a stem cell scientist at the Scripps Research Institute in San Diego, said her first reaction was “You can’t patent something that doesn’t exist.” But, she said, she later realized that “you can.”
patents  absurd  hwang-woo-suk  cloning  stem-cells  science  biology  uspto 
february 2014
Making Remote Work Work
very good, workable tips on how to remote-work effectively (both in the comments of this thread and the original article)
tips  productivity  collaboration  hn  via:lhl  remote-working  telecommuting  work 
february 2014
"Hackers" unsubscribed a former Mayor from concerned citizen's emails
"The dog ate my homework, er, I mean, hackers hacked my account."
Former Mayor of Kildare, Cllr. Michael Nolan, has denied a claim he asked a local campaigner to stop e-mailing him. Cllr. Michael Nolan from Newbridge said his site was hacked and wrong e-mails were sent out to a number of people, including Leixlip based campaigner, John Weigel.

Mr. Weigel has been campaigning, along with others, about the danger of electromagnetic radiation to humans and the proximity of communications masts to homes and, in particular schools. He regularly updates local politicians on news items relating to the issue.

Recently, he said that he had received an e-mail from Cllr. Nolan asking to be removed from Mr. Weigel’s e-mail list.

The Leader asked Cllr. Nolan why he had done this. But the Fine Gael councillors said that “his e-mail account was hacked and on one particular day a number of mails a were sent from my account pertaining to be from me.”
dog-ate-my-homework  hackers  funny  kildare  newbridge  fine-gael  michael-nolan  email  politics  ireland  excuses 
february 2014
Latest Snowden leak: GCHQ spying on Wikileaks users
“How could targeting an entire website’s user base be necessary or proportionate?” says Gus Hosein, executive director of the London-based human rights group Privacy International. “These are innocent people who are turned into suspects based on their reading habits. Surely becoming a target of a state’s intelligence and security apparatus should require more than a mere click on a link.” The agency’s covert targeting of WikiLeaks, Hosein adds, call into question the entire legal rationale underpinning the state’s system of surveillance. “We may be tempted to see GCHQ as a rogue agency, ungoverned in its use of unprecedented powers generated by new technologies,” he says. “But GCHQ’s actions are authorized by [government] ministers. The fact that ministers are ordering the monitoring of political interests of Internet users shows a systemic failure in the rule of law."
gchq  wikileaks  snowden  privacy  spying  surveillance  politics 
february 2014
GPLv2 being tested in US court
The case is still ongoing, so one to watch.
Plaintiff wrote an XML parser and made it available as open source software under the GPLv2. Defendant acquired from another vendor software that included the code, and allegedly distributed that software to parties outside the organization. According to plaintiff, defendant did not comply with the conditions of the GPL, so plaintiff sued for copyright infringement. Defendants moved to dismiss for failure to state a claim. The court denied the motion.
gpl  open-source  licensing  software  law  legal  via:fplogue 
february 2014
FlightAware MiseryMap
what US airports are causing the most misery? Looks like that old favourite, storms in ORD, right now.... (via Theo Schlossnagle)
via:postwait  misery  air-travel  travel  flying  ord  weather  maps 
february 2014
Blockade
'Testing applications under slow or flaky network conditions can be difficult and time consuming. Blockade aims to make that easier. A config file defines a number of docker containers and a command line tool makes introducing controlled network problems simple.'

Open-source release from Dell's Cloud Manager team (ex-Enstratius), inspired by aphyr's Jepsen. Simulates packet loss using "tc netem", so no ability to e.g. drop packets on certain flows or certain ports. Still, looks very usable -- great stuff.
testing  docker  networking  distributed  distcomp  enstratius  jepsen  network  outages  partitions  cap  via:lusis 
february 2014
About Ultima Ratio Regum
This sounds amazing. I hope it makes it to some kind of "semi-finished".
A semi-roguelike game inspired by Jorge Borges, Umberto Eco, Neal Stephenson, Shadow of the Colossus, Europa Universalis and Civilization. Although currently in its early stages, URR aims to explore several philosophical and sociological issues that both arose during the sixteenth and seventeenth century (when the game is approximately set), and in the present day, whilst almost being a deep, complex and highly challenging roguelike. To do this the game seeks to generate realistic world histories, though ones containing a few unusual happenings and anomalous experiences. The traditional roguelike staple of combat will be rare and deadly – whilst these mechanics will be modeled in detail, exploration, trade and diplomacy factors will have just as much effort put into them.
games  ultima-ratio-regum  roguelikes  borges  umberto-eco  worlds  ascii-art 
february 2014
Why dispute resolution is hard
Good stuff (as usual) from Ross Anderson and Stephen Murdoch.

'Today we release a paper on security protocols and evidence which analyses why dispute resolution mechanisms in electronic systems often don’t work very well. On this blog we’ve noted many many problems with EMV (Chip and PIN), as well as other systems from curfew tags to digital tachographs. Time and again we find that electronic systems are truly awful for courts to deal with. Why?
The main reason, we observed, is that their dispute resolution aspects were never properly designed, built and tested. The firms that delivered the main production systems assumed, or hoped, that because some audit data were available, lawyers would be able to use them somehow.
As you’d expect, all sorts of things go wrong. We derive some principles, and show how these are also violated by new systems ranging from phone banking through overlay payments to Bitcoin. We also propose some enhancements to the EMV protocol which would make it easier to resolve disputes over Chip and PIN transactions.'
finance  security  ross-anderson  emv  bitcoin  chip-and-pin  banking  architecture  verification  vvat  logging 
february 2014
British American Tobacco - Plain packaging of tobacco products
Compare and contrast with the Law Society's comments:
We believe we are entitled to use our packs to distinguish our products from those of our competitors. Our brands are our intellectual property which we have created and invested in. Plain packaging would deny us the right to use brands.

But also, a brand is also an important tool for consumers. As the British Brands Group has stated  , plain packaging legislation "ignores the crucial role that branding plays in providing consumers with high quality, consistent products they can trust".

The restriction of valuable corporate brands by any government would risk placing it in breach of legal obligations relating to intellectual property rights and, in most cases, international trade.
law-society  branding  ip  ireland  tobacco  cigarettes  law  trademarks 
february 2014
Irish Law Society takes a stand for "brand owners IP rights"
The Law Society will attend a meeting of the Oireachtas Health Committee today to outline its strong opposition to the Government proposals to introduce legislation that will require tobacco products to use plain packaging. The society’s director general Ken Murphy will be its principal representative at the meeting today to discuss its submission on the legislation, and to discuss its concerns that a plain packaging regime will undermine registered trade mark, and design, systems and will amount to an “expropriation of brand owners intellectual property rights’.

Speaking ahead of the meeting, Mr Murphy told The Irish Times the views contained in it represent those of the Law Society as a whole, and its 10,000 members, and have been endorsed by the society as a whole, rather than the committee.

Mr Murphy also said the purpose of the Law Society submission was not to protect the tobacco industry, rather the wider effect and impact such a law would have on intellectual property rights, trade marks, in other areas.
“There is a real concern also that plain packaging in the tobacco industry is just the beginning of a trend that will severely undermine intellectual property owners’ rights in other sectors such as alcohol, soft drinks and fast foods.”


Judging by some reactions on Twitter, "endorsed by the society as a whole" may be over-egging it a little.
law-society  gubu  law  ireland  ip  packaging  branding  trademarks  cigarettes  health  tobacco 
february 2014
TCP incast vs Riak
An extremely congested local network segment causes the "TCP incast" throughput collapse problem -- packet loss occurs, and TCP throughput collapses as a side effect. So far, this is pretty unsurprising, and anyone designing a service needs to keep bandwidth requirements in mind.

However it gets worse with Riak. Due to a bug, this becomes a serious issue for all clients: the Erlang network distribution port buffers fill up in turn, and the Riak KV vnode process (in its entirety) will be descheduled and 'cannot answer any more queries until the A-to-B network link becomes uncongested.'

This is where EC2's fully-uncontended-1:1-network compute cluster instances come in handy, btw. ;)
incast  tcp  networking  bandwidth  riak  architecture  erlang  buffering  queueing 
february 2014
Beirtear na IMSIs: Ireland's GSOC surveillance inquiry reveals use of mobile phone interception systems | Privacy International
It is interesting to note that the fake UK network was the only one detected by Verrimus. However, given that IMSI Catchers operate multiple fake towers simultaneously, it is highly likely that one or more Irish networks were also being intercepted. Very often a misconfiguration, such as an incorrect country code, is the only evidence available of an IMSI Catcher being deployed when forensic tools are not being used to look for one.
privacy  imsi-catchers  surveillance  bugging  spying  gsocgate  gsoc  ireland  mobile-phones 
february 2014
CJEU in #Svensson says that in general it is OK to hyperlink to protected works without permission
IPKat says 'this morning the Court of Justice of the European Union issued its keenly awaited decision in Case C-466/12 Svensson [...]: The owner of a website may, without the authorisation of the copyright holders, redirect internet users, via hyperlinks, to protected works available on a freely accessible basis on another site. This is so even if the internet users who click on the link have the impression that the work is appearing on the site that contains the link.'

This is potentially big news. Not so much for the torrent-site scenario, but for the NNI/NLI linking-to-newspaper-stories scenario.
ip  svensson  cjeu  eu  law  linking  hyperlinks  pirate-bay  internet  web  links  http  copyright 
february 2014
193_Cellxion_Brochure_UGX Series 330
The Cellxion UGX Series 330 is a 'transportable Dual GSM/Triple UMTS Firewall and Analysis Tool' -- ie. an IMSI catcher in a briefcase, capable of catching IMSI/IMEIs in 3G. It even supports configurable signal strength. Made in the UK
cellxion  imsi-catchers  imei  surveillance  gsocgate  gsm  3g  mobile-phones  security  spying 
february 2014
SpamAssassin 3.4.0 released
Good to see the guys cracking on without me ;)

'2014-02-11: SpamAssassin 3.4.0 has been released adding native support for IPv6, improved DNS Blocklist technology and support for massively-scalable Bayesian filtering using the Redis backend.'
antispam  open-source  spamassassin  apache 
february 2014
Migrating from MongoDB to Cassandra
Interesting side-effect of using LUKS for full-disk encryption: 'For every disk read, we were pulling in 3MB of data (RA is sectors, SSZ is sector size, 6144*512=3145728 bytes) into cache. Oops. Not only were we doing tons of extra work, but we were trashing our page cache too. The default for the device-mapper used by LUKS under Ubuntu 12.04LTS is incredibly sub-optimal for database usage, especially our usage of Cassandra (more small random reads vs. large rows). We turned this down to 128 sectors — 64KB.'
cassandra  luks  raid  linux  tuning  ops  blockdev  disks  sdd 
february 2014
The Spyware That Enables Mobile-Phone Snooping - Bloomberg
More background on IMSI catchers -- looking likely to have been the "government-level technology" used to snoop on the Garda Ombudsman's offices, particularly given the 'detection of an unexpected UK 3G network near the GSOC offices':
The technology involved is called cellular interception. The active variety of this, the “IMSI catcher,” is a portable device that masquerades as a mobile phone tower. Any phone within range (a mile for a low-grade IMSI catcher; as much as 100 miles for a passive interception device with a very large antenna, such as those used in India) automatically checks to see if the device is a tower operated by its carrier, and the false “tower” indicates that it is. It then logs the phone’s International Mobile Subscriber Identity number -- and begins listening in on its calls, texts and data communications. No assistance from any wireless carrier is needed; the phone has been tricked.
[...] “network extender” devices -- personal mobile-phone towers -- sold by the carriers themselves, often called femtocells, can be turned into IMSI catchers.


Via T.J. McIntyre
via:tjmcintyre  imsi-catchers  surveillance  privacy  gsocgate  mobile-phones  spying  imsi 
february 2014
"IMSI Catcher" used in London
'One case involved Julian Assange's current home at the Ecuadorian Embassy in London, where visitors were surprised to receive welcome messages from a Ugandan telephone company. It turned out the messages were coming from a foreign base station device installed on the roof, masquerading as a cell tower for surveillance purposes. Appelbaum suspects the GCHQ simply forgot to reformat the device from an earlier Ugandan operation.'


via T.J. McIntyre.
surveillance  nsa  privacy  imsi-catchers  gchq  london  uganda  mobile-phones  julian-assange  ecuador  embassies 
february 2014
java - Why not use Double or Float to represent currency?
A good canonical URL for this piece of coding guidance.
For example, suppose you have $1.03 and you spend 42c. How much money do you have left?

System.out.println(1.03 - .42); => prints out 0.6100000000000001.
coding  tips  floating-point  float  java  money  currency  bugs 
february 2014
Trousseau
'an interesting approach to a common problem, that of securely passing secrets around an infrastructure. It uses GPG signed files under the hood and nicely integrates with both version control systems and S3.'

I like this as an approach to securely distributing secrets across a stack of services during deployment. Check in the file of keys, gpg keygen on the server, and add it to the keyfile's ACL during deployment. To simplify, shared or pre-generated GPG keys could also be used.

(via the Devops Weekly newsletter)
gpg  encryption  crypto  secrets  key-distribution  pki  devops  deployment 
february 2014
"A reason to hang him": how mass surveillance, secret courts, confirmation bias and the FBI can ruin your life - Boing Boing
This is bananas. Confirmation bias running amok.
Brandon Mayfield was a US Army veteran and an attorney in Portland, OR. After the 2004 Madrid train bombing, his fingerprint was partially matched to one belonging to one of the suspected bombers, but the match was a poor one. But by this point, the FBI was already convinced they had their man, so they rationalized away the non-matching elements of the print, and set in motion a train of events that led to Mayfield being jailed without charge; his home and office burgled by the FBI; his client-attorney privilege violated; his life upended.
confirmation-bias  bias  law  brandon-mayfield  terrorism  fingerprints  false-positives  fbi  scary 
february 2014
IBM's creepy AI cyberstalking plans
'let's say that you tweet that you've gotten a job offer to move to San Francisco. Using IBM's linguistic analysis technologies, your bank would analyze your Twitter feed and not only tailor services it could offer you ahead of the move--for example, helping you move your account to another branch, or offering you a loan for a new house -- but also judge your psychological profile based upon the tone of your messages about the move, giving advice to your bank's representatives about the best way to contact you.'


Ugh. Here's hoping they've patented this shit so we don't actually have to suffer through it. Creeeepy. (via Adam Shostack)
datamining  ai  ibm  stupid-ideas  creepy  stalking  twitter  via:adamshostack 
february 2014
Death by Metadata
The side-effects of algorithmic false-positives get worse and worse.
What’s more, he adds, the NSA often locates drone targets by analyzing the activity of a SIM card, rather than the actual content of the calls. Based on his experience, he has come to believe that the drone program amounts to little more than death by unreliable metadata. “People get hung up that there’s a targeted list of people,” he says. “It’s really like we’re targeting a cell phone. We’re not going after people – we’re going after their phones, in the hopes that the person on the other end of that missile is the bad guy.”
false-positives  glenn-greenwald  drones  nsa  death-by-metadata  us-politics  terrorism  sim-cards  phones  mobile-phones 
february 2014
Why Mt. Gox is full of shit
leading Bitcoin exchange "Magic The Gatherine Online Exchange" turns out to suffer from crappy code, surprise:
why does Mt. Gox experience this issue? They run a custom Bitcoin daemon, with a custom implementation of the Bitcoin protocol. Their implementation, against all advice, does rely on the transaction ID, which makes this attack possible. They have actually been warned about it months ago by gmaxwell, and have apparently decided to ignore this warning. In other words, this is not a vulnerability in the Bitcoin protocol, but an implementation error in Mt. Gox' custom Bitcoin software.


The rest of the article is eyeopening, including the MySQL injection vulnerabilities and failure to correctly secure a Prolexic-defended server.

https://news.ycombinator.com/item?id=7211286 has some other shocking reports of Bitcoin operators being incompetent, including 'Bitomat, the incompetent exchange that deleted their own [sole] amazon instance accidentally which contained all their keys, and thus customer funds'. wtfbbq
mtgox  security  bitcoin  standards  omgwtfbbq  via:hn  bitomat 
february 2014
Girls and Software
a pretty thought-provoking article from Linux Journal on women in computing, and how we're doing it all wrong
feminism  community  programming  coding  women  computing  software  society  work  linux-journal  children  teaching 
february 2014
Survey results of EU teens using the internet
A lot of unsupervised use:
Just under half of children said they access the internet from their own bedroom on a daily basis with 22pc saying they do so several times a day.
surveys  eu  ireland  politics  filtering  internet  social-media  facebook  children  teens  cyber-bullying 
february 2014
Git is not scalable with too many refs/*
Mailing list thread from 2011; git starts to keel over if you tag too much
git  tags  coding  version-control  bugs  scaling  refs 
february 2014
A patent on 'Birth of a Child By Centrifugal Force'
On November 9 1965, the Blonskys were granted US Patent 3,216,423, for an Apparatus for Facilitating the Birth of a Child by Centrifugal Force. The drawings, as well as the text, are a revelation. The Patent Office has them online at http://tinyurl.com/jd4ra and I urge you - if you have any shred of curiosity in your body - to look them up.

For conceiving what appears to be the greatest labour-saving device ever invented, George and Charlotte Blonsky won the 1999 Ig Nobel Prize in the field of Managed Health Care.


This is utterly bananas. (via christ)
via:christ  crazy  patents  1960s  centrifuge  birth  medicine  ignobels 
february 2014
Big, Small, Hot or Cold - Your Data Needs a Robust Pipeline
'(Examples [of big-data B-I crunching pipelines] from Stripe, Tapad, Etsy & Square)'
stripe  tapad  etsy  square  big-data  analytics  kafka  impala  hadoop  hdfs  parquet  thrift 
february 2014
A Linguist Explains the Grammar of Doge. Wow.
In this sense, doge really is the next generation of LOLcat, in terms of a pet-based snapshot of a certain era in internet language. We’ve kept the idea that animals speak like an exaggerated version of an internet-savvy human, but as our definitions of what it means to be a human on the internet have changed, so too have the voices that we give our animals. Wow.
via:nelson  language  linguist  doge  memes  internet  english 
february 2014
PID controller
Good to know; this generic anti-flap damping algorithm has a name.
A proportional-integral-derivative controller (PID controller) is a generic control loop feedback mechanism (controller) widely used in industrial control systems. A PID controller calculates an "error" value as the difference between a measured process variable and a desired setpoint. The controller attempts to minimize the error by adjusting the process control outputs.
control  damping  flapping  pid-controller  industrial  error  algorithms 
february 2014
QuakeNet IRC Network- Article - PRESS RELEASE: IRC NETWORKS UNDER SYSTEMATIC ATTACK FROM GOVERNMENTS
QuakeNet are not happy about GCHQ's DDoS attacks against them.
Yesterday we learned ... that GCHQ, the British intelligence agency, are performing persistent social and technological attacks against IRC networks. These attacks are performed without informing the networks and are targeted at users associated with politically motivated movements such as "Anonymous". While QuakeNet does not condone or endorse and actively forbids any illegal activity on its servers we encourage discussion on all topics including political and social commentary. It is apparent now that engaging in such topics with an opinion contrary to that of the intelligence agencies is sufficient to make people a target for monitoring, coercion and denial of access to communications platforms. The ... documents depict GCHQ operatives engaging in social engineering of IRC users to entrap themselves by encouraging the target to leak details about their location as well as wholesale attacks on the IRC servers hosting the network. These attacks bring down the IRC network entirely affecting every user on the network as well as the company hosting the server. The collateral damage and numbers of innocent people and companies affected by these forms of attack can be huge and it is highly illegal in many jurisdictions including the UK under the Computer Misuse Act.
quakenet  ddos  security  gchq  irc  anonymous 
february 2014
The Gardai haven't requested info on any Twitter accounts in the past 6 months
This seems to imply they haven't been investigating any allegations of cyber-bullying/harassment from "anonymous" Twitter handles, despite having the legal standing to do so. Enforcement is needed, not new laws
cyber-bullying  twitter  social-media  enforcement  gardai  policing  harassment  online  society  law  government 
february 2014
Realtime water level data across Ireland
Some very nice Dygraph-based time-series graphs in here, along with open CSV data. Good job!
open-data  water-levels  time-series  data  rivers  ireland  csv 
february 2014
Target Hackers Broke in Via HVAC Company
Avivah Litan, a fraud analyst with Gartner Inc., said that although the current PCI standard does not require organizations to maintain separate networks for payment and non-payment operations (page 7), it does require merchants to incorporate two-factor authentication for remote network access originating from outside the network by personnel and all third parties.


Target shared the same network for outside contractor access and the critical POS devices. fail. (via Joe Feise)
via:joe-feise  hvac  contractors  fraud  malware  2fa  security  networking  payment  pci 
february 2014
Little’s Law, Scalability and Fault Tolerance: The OS is your bottleneck. What you can do?
good blog post on Little's Law, plugging quasar, pulsar, and comsat, 3 new open-source libs offering Erlang-like lightweight threads on the JVM
jvm  java  quasar  pulsar  comsat  littles-law  scalability  async  erlang 
february 2014
A looming breakthrough in indistinguishability obfuscation
'The team’s obfuscator works by transforming a computer program into what Sahai calls a “multilinear jigsaw puzzle.” Each piece of the program gets obfuscated by mixing in random elements that are carefully chosen so that if you run the garbled program in the intended way, the randomness cancels out and the pieces fit together to compute the correct output. But if you try to do anything else with the program, the randomness makes each individual puzzle piece look meaningless. This obfuscation scheme is unbreakable, the team showed, provided that a certain newfangled problem about lattices is as hard to solve as the team thinks it is. Time will tell if this assumption is warranted, but the scheme has already resisted several attempts to crack it, and Sahai, Barak and Garg, together with Yael Tauman Kalai of Microsoft Research New England and Omer Paneth of Boston University, have proved that the most natural types of attacks on the system are guaranteed to fail. And the hard lattice problem, though new, is closely related to a family of hard problems that have stood up to testing and are used in practical encryption schemes.'

(via Tony Finch)
obfuscation  cryptography  via:fanf  security  hard-lattice-problem  crypto  science 
february 2014
RTE internal memo to unhappy staff re Pantigate
'I want to reassure you that RTÉ explored every option available to it, including right of reply. Legal advice was sought and all avenues were explored, including an offer to make a donation to a neutral charity.'

And they folded. Notable lack of testicular fortitude by our national broadcaster.
fail  rte  leaks  memos  pantigate  panti-bliss  homophobia  libel  defamation  ireland 
february 2014
GCHQ slide claiming that they DDoS'd anonymous' IRC servers
Mikko Hypponen: "This makes British Government the only Western government known to have launched DDoS attacks."
ddos  history  security  gchq  dos  anonymous  irc  hacking 
february 2014
German IT Industry Looks for Boom from Snowden Revelations - SPIEGEL ONLINE
This is a great idea -- Neelie Kroes suggesting that there be a certification mark for EU companies who have top-of-the-line data protection practices.
data-protection  privacy  certification  marks  eu  neelie-kroes 
february 2014
Yahoo! moving EMEA operations to Dublin
Like many companies, the structure of Yahoo's business is driven by the needs of the business. There are a number of factors which influence decisions about the locations in which the business operates. To encourage more collaboration and innovation, we’re increasing our headcount in Dublin, thus continuing to bring more Yahoos together in fewer locations. Dublin is already the European home to many of the world’s leading global technology brands and has been a home for Yahoo for over a decade already.


Via Conor O'Neill
via:conoro  yahoo  emea  dublin  ireland  jobs  tech 
february 2014
Home · linkedin/rest.li Wiki
Rest.li is a REST+JSON framework for building robust, scalable service architectures using dynamic discovery and simple asynchronous APIs. Rest.li fills a niche for building RESTful service architectures at scale, offering a developer workflow for defining data and REST APIs that promotes uniform interfaces, consistent data modeling, type-safety, and compatibility checked API evolution.


The new underlying comms layer for Voldemort, it seems.
voldemort  d2  rest.li  linkedin  json  rest  http  api  frameworks  java 
february 2014
Opinion: How can we get over ‘Pantigate’?
The fact that RTÉ had agreed to pay damages (€80,000 in total, according to reports yesterday) to the ‘injured parties’, only came to light in an email from the [far-right Catholic lobby group Iona Institute] to its members last Tuesday.
Given the ramifications of the decision to make any kind of payment – regardless of the amount – both for the TV licence payer and those who voice contrarian opinions, the lack of coverage in print media as soon as the Iona email came to light marked a low point for print journalism in Ireland. Aside from a lead story on the damages printed in this paper last Wednesday and ongoing debate online, the media has been glacially slow with commentary and even reportage of the affair.
The debacle has untold ramifications for public life in this country. That many liberal commentators may now baulk at the opportunity to speak and write openly and honestly about homophobia is the most obvious issue here. Most worrying of all, however, is the question that with a referendum on the introduction of gay marriage on the horizon, how can we expect the national broadcaster to facilitate even-handed debate on the subject when they’ve already found themselves cowed before reaching the first hurdle?
homophobia  politics  ireland  libel  dissent  lobbying  defamation  law  gay-marriage  iona-institute  journalism  newspapers 
february 2014
appear.in
zero-install, one-click video chat, using WebRTC. nifty
conference  webrtc  chat  collaboration  video  google-chrome  conferencing 
february 2014
How to invoke section 4 of the Data Protection Acts in Ireland
One wierd trick to get your personal data (in any format) from any random organisation, for only EUR6.35 and up to 40 days wait! Good to know.
Hospitals and doctors’ offices in Ireland will give a person their medical records if they ask for them. Mostly. Eventually. When they get to it. And, sometimes, if you pay them over €100 (for a large file).

But, like so much else in the legal world, there is a set of magic words you can incant to place a 40 day deadline on the delivery of your papers and limit the cost to €6.35 -- you invoke the Data Protection Acts data access request procedure.
data-protection  privacy  data-retention  dpa-section-4  data  ireland  medical  law  dpa 
february 2014
The Million Dollar Deal - YouTube
My mate Luke's doc on the World Series of Poker -- now online in full. it's great.
A documentary about the World Series Of Poker in Las Vegas. Featuring Andrew Black, Donnacha O'Dea, Mike Magee, "Mad" Martyn Wilson, Mark Napolitano, Amarillo Slim, Scotty Nguyen, Dave "Devilfish" Ulliott & Matt Damon. Narrated by John Hurt. Directed by John Butler, Produced by Luke McManus
documentaries  film  poker  world-series-of-poker  mike-magee  andrew-black  donnacha-odea  matt-damon 
february 2014
"A data scientist is a ..."
"A data scientist is a statistician who lives in San Francisco" - slide from Monkigras this year. lols
data-scientist  statistics  statistician  funny  jokes  san-francisco  tech  monkigras 
february 2014
Save 10% on rymdkapsel on Steam
rymdkapsel is a game where you take command of a space station and its minions. You will have to plan your expansion and manage your resources to explore the galaxy.


recommended by JK.
steam  games  recommended  space  gaming 
january 2014
Apache Curator
Netflix open-source library to make using ZooKeeper from Java less of a PITA. I really wish I'd used this now, having reimplemented some key parts of it after failures in prod ;)
zookeeper  netflix  apache  curator  java  libraries  open-source 
january 2014
Ukrainian police use cellphones to track protestors, court order shows
Protesters for weeks had suspected that the government was using location data from cellphones near the demonstration to pinpoint people for political profiling, and they received alarming confirmation when a court formally ordered a telephone company to hand over such data. [...] Three cellphone companies — Kyivstar, MTS and Life — denied that they had provided the location data to the government or had sent the text messages. Kyivstar suggested that it was instead the work of a “pirate” cellphone tower set up in the area. In a ruling made public on Wednesday, a city court ordered Kyivstar to disclose to the police which cellphones were turned on during an antigovernment protest outside the courthouse on Jan. 10.
tech  location-tracking  tracking  privacy  ukraine  cellphones  mobile-phones  civil-liberties 
january 2014
A network of ‘homes’, where children’s happiness was relentlessly destroyed
Stories of this sort will tumble out to the inquiry over the next 18 months, making it plain that the network of “homes” where children’s happiness had relentlessly, deliberately, systematically been destroyed, this archipelago of Catholic evil, had covered the entire island. These things should be kept in mind when next we hear it said that the social ills of today can be explained by reference to loss of faith in the traditional institutions of moral authority. This is the reverse of the truth and an insult to the victims of an unforgiveable sin.
horror  care-homes  politics  catholicism  religion  ireland  derry  church  abuse  children 
january 2014
Yammer Engineering - Resiliency at Yammer
Not content with adding Hystrix (circuit breakers, threadpooling, request time limiting, metrics, etc.) to their entire SOA stack, they've made it incredibly configurable by hooking in a web-based configuration UI, allowing dynamic on-the-fly reconfiguration by their ops guys of the circuit breakers and threadpools in production. Mad stuff
hystrix  circuit-breakers  resiliency  yammer  ops  threadpools  soa  dynamic-configuration  archaius  netflix 
january 2014
Irish Company Locates Office in Ireland
Hot on the heels of Dropbox, AirBnB, Twitter, Facebook and many others, Irish online ticket sales company Tito are amongst the latest in a long series of companies choosing to locate their offices in Ireland. “It just seemed to make sense,” said founder Paul Campbell, talking about the decision making process that led him to set up shop in the capital, Dublin. “Dublin is great. There’s something really familiar about it that I can’t quite put my finger on.”


Har har!
ireland  jokes  funny  tito  hq  tech-companies  dublin  via:oisin 
january 2014
10 Things We Forgot to Monitor
a list of not-so-common outage causes which are easy to overlook; swap rate, NTP drift, SSL expiration, fork rate, etc.
nagios  metrics  ops  monitoring  systems  ntp  bitly 
january 2014
Open-Sourcing Ssync: An Out-of-the-Box Distributed Rsync
a script to perform divide-and-conquer recursive rsync over SSH
recursion  scripts  rsync  ssync  ssh  divide-and-conquer 
january 2014
Hero Culture
Good description of the "hero coder" organisational antipattern.
Now imagine that most of the team is involved in fire-fighting. New recruits see the older recruits getting praised for their brave work in the line-of-fire and they want that kind of praise and reward too. Before long everyone is focused on putting out fires and it is no ones interest to step back and take on the risks that long-term DevOps-focused goals entail.
coding  ops  admin  hero-coder  hero-culture  firefighting  organisations  teams  culture 
january 2014
Capabilities of Movements and Affordances of Digital Media: Paradoxes of Empowerment | DMLcentral
Paradoxically, it’s possible that the widespread use of digital tools facilitates capabilities in some domains, such as organization, logistics, and publicity, while simultaneously engendering hindrances to [political] movement impacts on other domains, including those related to policy and electoral spheres.
society  politics  activism  tech  internet  gezi-park  tahrir-square  euromaidan  occupy 
january 2014
Sugru Magnet Kit
Sugru + neodymium magnets = WANT
sugru  diy  tools  magnets  want  toget  bike  hacks  fixing 
january 2014
Caught with our Pantis down
The views expressed by [the Iona Institute] – especially in relation to gay people – are very much at odds with the liberal secular society that Ireland has become. Indeed, Rory O’Neill suggested that the only time he experiences homophobia is online or at the hands of Iona and Waters.

When they’re done with that, they can ask why Iona is given so much room in the media. In any other country in the world, an organisation as litigious as Iona would never be asked to participate in anything.
homophobia  ireland  john-waters  iona-institute  politics  catholicism  religion  libel  defamation  rte  the-irish-times 
january 2014
Coders performing code reviews of scientific projects: pilot study
'PLOS and Mozilla conducted a month-long pilot study in which professional developers
performed code reviews on software associated with papers published in PLOS
Computational Biology. While the developers felt the reviews were limited by (a) lack of
familiarity with the domain and (b) lack of two-way contact with authors, the scientists
appreciated the reviews, and both sides were enthusiastic about repeating the experiment. '

Actually sounds like it was more successful than this summary implies.
plos  mozilla  code-reviews  coding  science  computational-biology  biology  studies 
january 2014
Sky parental controls break many JQuery-using websites
An 11 hour outage caused by a false positive in Sky's anti-phishing filter; all sites using the code.jquery.com CDN for JQuery would have seen errors.
Sky still appears to be blocking code.jquery.com and all files served via the site, and more worryingly is that if you try to report the incorrect category, once signing in on the Sky website you an error page. We suspect the site was blocked due to being linked to by a properly malicious website, i.e. code.jquery.com and some javascript files were being used on a dodgy website and every domain mentioned was subsequently added to a block list.


(via Tony Finch)
via:fanf  sky  filtering  internet  uk  anti-phishing  phish  jquery  javascript  http  web  fps  false-positives 
january 2014
If You Used This Secure Webmail Site, the FBI Has Your Inbox
TorMail was a Tor-based webmail system, and apparently its drives have been imaged and seized by the FBI. More info on the Freedom Hosting seizure:
The connection, if any, between the FBI obtaining Freedom Hosting’s data and apparently launching the malware campaign through TorMail and the other sites isn’t spelled out in the new document. The bureau could have had the cooperation of the French hosting company that Marques leased his servers from. Or it might have set up its own Tor hidden services using the private keys obtained from the seizure, which would allow it to adopt the same .onion addresses used by the original sites.

The French company also hasn’t been identified. But France’s largest hosting company, OVH, announced on July 29, in the middle of the FBI’s then-secret Freedom Hosting seizure, that it would no longer allow Tor software on its servers. A spokesman for the company says he can’t comment on specific cases, and declined to say whether Freedom Hosting was a customer. “Wherever the data center is located, we conduct our activities in conformity with applicable laws, and as a hosting company, we obey search warrants or disclosure orders,” OVH spokesman Benjamin Bongoat told WIRED. “This is all we can say as we usually don’t make any comments on hot topics.”
fbi  freedom-hosting  hosting  tor  tormail  seizures  ovh  colo  servers 
january 2014
BBC News - Pair jailed over abusive tweets to feminist campaigner
When a producer from BBC Two's Newsnight programme tracked Nimmo down after he had sent the abuse, the former call centre worker told him: "The police will do nothing, it's only Twitter."
bbc  bullying  social-media  twitter  society  uk  trolls  trolling  abuse  feminism  cyberbullying 
january 2014
Extending graphite’s mileage
Ad company InMobi are using graphite heavily (albeit not as heavily as $work are), ran into the usual scaling issues, and chose to fix it in code by switching from a filesystem full of whisper files to a LevelDB per carbon-cache:
The carbon server is now able to run without breaking a sweat even when 500K metrics per minute is being pumped into it. This has been in production since late August 2013 in every datacenter that we operate from.


Very nice. I hope this gets merged/supported.
graphite  scalability  metrics  leveldb  storage  inmobi  whisper  carbon  open-source 
january 2014
Sux
Some basic succinct data structures. [...] The main highlights are:
a novel, broadword-based implementation of rank/select queries for up to 264 bits that is highly competitive with known 32-bit implementations on 64-bit architectures (additional space required is 25% for ranking and 12.5%-37.5% for selection);
several Java structures using the Elias–Fano representation of monotone sequences for storing pointers, variable-length bit arrays, etc.
Java code implementing minimal perfect hashing using around 2.68 bits per element (also using some broadword ideas);
a few Java implementations of monotone minimal perfect hashing.
Sux is free software distributed under the GNU Lesser General Public License.
sux  succinct  data-structures  bits  compression  space  coding 
january 2014
Stupid Simple Things SF Techies Could Do To Stop Being Hated - Anil Dash
I've seen a lot of hand-wringing from techies in San Francisco and Silicon Valley saying "Why are we so hated?" now that there's been a more vocal contingent of people being critical of their lack of civic responsibility. Is it true that corruption and NIMBYism have kept affordable housing from being built? Sure. Is it true that members of the tech industry do contribute tax dollars to the city? Absolutely. But does that mean techies have done enough? Nope.
anil-dash  politics  society  san-francisco  gentrification  helping  tech  community  housing 
january 2014
Cassandra: tuning the JVM for read heavy workloads
The cluster we tuned is hosted on AWS and is comprised of 6 hi1.4xlarge EC2 instances, with 2 1TB SSDs raided together in a raid 0 configuration. The cluster’s dataset is growing steadily. At the time of this writing, our dataset is 341GB, up from less than 200GB a few months ago, and is growing by 2-3GB per day. The workload on this cluster is very read heavy, with quorum reads making up 99% of all operations.


Some careful GC tuning here. Probably not applicable to anyone else, but good approach in general.
java  performance  jvm  scaling  gc  tuning  cassandra  ops 
january 2014
James Friend | PCE.js - Classic Mac OS in the Browser
This is a demo of PCE's classic Macintosh emulation, running System 7.0.1 with MacPaint, MacDraw, and Kid Pix. If you want to try out more apps and games see this demo.


Incredible. I remember using this version of MacPaint!
javascript  browser  emulation  mac  macos  macpaint  macdraw  claris  kid-pix  history  desktop  pce 
january 2014
Chinese Internet Traffic Redirected to Small Wyoming House
'That address — which is home to some 2,000 companies on paper — was the subject of a lengthy 2011 Reuters investigation that found that among the entities registered to the address were a shell company controlled by a jailed former Ukraine prime minister; the owner of a company charged with helping online poker operators evade an Internet gambling ban; and one entity that was banned from government contracts after selling counterfeit truck parts to the Pentagon.'
china  internet  great-firewall  dns  wyoming  attacks  security  not-the-onion 
january 2014
Register article on Amazon's attitude to open source
This article is frequently on target; this secrecy (both around open source and publishing papers) was one of the reasons I left Amazon.
Of the sources with whom we spoke, many indicated that Amazon's lack of participation was a key reason for why people left the company – or never joined at all. This is why Amazon's strategy of maintaining secrecy may derail the e-retailer's future if it struggles to hire the best talent. [...]

"In many cases in the big companies and all the small startups, your Github profile is your resume," explained another former Amazonian. "When I look at developers that's what I'm looking for, [but] they go to Amazon and that resume stops ... It absolutely affects the quality of their hires." "You had no portfolio you could share with the world," said another insider on life after working at Amazon. "The argument this was necessary to attract talent and to retain talent completely fell on deaf ears."
amazon  recruitment  secrecy  open-source  hiring  work  research  conferences 
january 2014
« earlier      later »
abuse ads ai algorithms amazon analytics android anti-spam apache apple apps architecture art automation aws banking big-data bitcoin books bugs build business cars cassandra censorship children china cli coding compression concurrency containers copyright crime crypto culture cycling data data-protection data-structures databases dataviz debugging deployment design devops distcomp distributed dns docker driving dublin ec2 email eu europe exploits facebook fail false-positives filesharing filtering food fraud funny future games gaming gc gchq git github go google government graphics hacking hacks hadoop hardware hashing health history home http https images internet ios ip iphone ireland isps java javascript journalism jvm kafka kids lambda languages latency law legal libraries life linux load-balancing logging machine-learning malware mapping maps medicine memory metrics microsoft ml mobile money monitoring movies mp3 music mysql netflix network networking news nosql nsa open-source ops optimization outages packaging papers patents pdf performance phones photos piracy politics presentations privacy programming protocols python recipes redis reliability replication research ruby russia s3 safety scala scalability scaling scams science search security shopping silicon-valley slides snooping social-media society software space spam sql ssl startups statistics storage streaming surveillance swpats sysadmin tcp tech testing time tips tls tools travel tuning tv twitter ui uk unix us-politics via:fanf via:nelson video web wifi work youtube

Copy this bookmark:



description:


tags: