5908
Who Discovered Why The Challenger Exploded?
Everyone knows Richard Feynman’s famous televised demonstration that the Challenger had exploded because its O-rings got stiff when they were cold -- but it wasn’t Feynman’s discovery. It was Sally Ride’s.'

(via Tony Finch)
richard-feynman  sally-ride  history  space  challenger  o-rings  science  engineering  nasa 
march 2017
Bakeneko - Wikipedia
'The bakeneko (化け猫, "changed cat") is a type of Japanese yōkai, or supernatural creature. According to its name, it is a cat that has changed into a yōkai. It is often confused with the nekomata, another cat-like yōkai,[2] and the distinction between the two can often be quite ambiguous.'

Reportedly, Totoro's catbus is a bakeneko, as is the Maneki Neko good luck totem.
superstitions  cats  catbus  totoro  bakeneko  yokai  japan  history 
march 2017
Deep Dive on Amazon EBS Elastic Volumes
'March 2017 AWS Online Tech Talks' -- lots about the new volume types
aws  ebs  storage  architecture  ops  slides 
march 2017
Learn redis the hard way (in production) · trivago techblog
oh god this is pretty awful. this just reads like "don't try to use Redis at scale" to me
redis  scalability  ops  architecture  horror  trivago  php 
march 2017
Automated unemployment insurance fraud detection system had a staggering 93% error rate in production
Expect to see a lot more cases of automated discrimination like this in the future. There is no way an auto-adjudication system would be allowed to have this staggering level of brokenness if it was dealing with the well-off:

State officials have said that between Oct. 1, 2013, when the MiDAS [automated unemployment insurance fraud detection] system came on line, and Aug. 7, 2015, when the state halted the auto-adjudication of fraud determinations and began to require some human review of MiDAS findings, the system had a 93% error rate and made false fraud findings affecting more than 20,000 unemployment insurance claims. Those falsely accused of fraud were subjected to quadruple penalties and aggressive collection techniques, including wage garnishment and seizure of income tax refunds. Some were forced into bankruptcy.

The agency is now reviewing about 28,000 additional fraud determinations that were made during the relevant period, but which involved some human review. An unknown number of those fraud findings were also false.
fraud  broken  fail  michigan  detroit  social-welfare  us-politics  computer-says-no  automation  discrimination  fraud-detection 
march 2017
Intuit and H&R Block Are Spending Millions to Keep Us From Having Simpler Tax Forms
I noticed this when I was living there -- it was nearly impossible to file a 1040 without help, and this is why:
Intuit spent more than $2 million lobbying last year, much of it spent on legislation that would permanently bar the government from offering taxpayers pre-filled returns. H&R Block spent $3 million, also directing some of their efforts toward the bill.


On the upside, with H&R Block it's reasonably easy. Just pretty unpleasant that it's a requirement and effectively private-sector taxation as a result.
h-r-block  intuit  taxes  us-politics  lobbying  scams  usa 
march 2017
The criminal exploits of "Prawo Jazdy"
Excellent policing folklore here....

'Eventually a letter was sent to the Polish embassy to ask for the Polish government's assistance in bringing this rogue motorist to justice.
Their reply was as swift as it was courteous. It said "Prawo Jazdy is Polish for driver's license".'
gardai  policing  ireland  polish  driving  safety  road-safety  funny  anecdotes 
march 2017
American Snoper – Medium
The grugq on Putin vs France:
How modern conflicts play out in the informatics sphere, what I mean when I talk about cyber war, is happening in France. After France there will be Germany, then the Scandinavian countries have their elections. There is no chance that Putin attempting to shape the world to best suit Russian interests will abate. Currently, the strongest area that he can contend in is the informatics sphere, the cyber realm, where human perception of reality is shaped.
putin  france  elections  russia  cyber-war  hacking  security  wikileaks 
march 2017
HyperBitBit
jomsdev notes:

'Last year, in the AofA’16 conference Robert Sedgewick proposed a new algorithm for cardinality estimation. Robert Sedgwick is a professor at Princeton with a long track of publications on combinatorial/randomized algorithms. He was a good friend of Philippe Flajolet (creator of Hyperloglog) and HyperBitBit it's based on the same ideas. However, it uses less memory than Hyperloglog and can provide the same results. On practical data, HyperBitBit, for N < 2^64 estimates cardinality within 10% using only 128 + 6 bits.'
algorithms  programming  cs  hyperloglog  estimation  cardinality  counting  hyperbitbit 
march 2017
[no title]
'For decades, the transaction concept has played a central role in
database research and development. Despite this prominence, transactional
databases today often surface much weaker models than the
classic serializable isolation guarantee—and, by default, far weaker
models than alternative,“strong but not serializable” models such as
Snapshot Isolation. Moreover, the transaction concept requires the
programmer’s involvement: should an application programmer fail
to correctly use transactions by appropriately encapsulating functionality,
even serializable transactions will expose programmers
to errors. While many errors arising from these practices may be
masked by low concurrency during normal operation, they are susceptible
to occur during periods of abnormally high concurrency. By
triggering these errors via concurrent access in a deliberate attack, a
determined adversary could systematically exploit them for gain.
In this work, we defined the problem of ACIDRain attacks and
introduced 2AD, a lightweight dynamic analysis tool that uses traces
of normal database activity to detect possible anomalous behavior
in applications. To enable 2AD, we extended Adya’s theory of weak
isolation to allow efficient reasoning over the space of all possible
concurrent executions of a set of transactions based on a concrete
history, via a new concept called an abstract history, which also
applies to API calls. We then applied 2AD analysis to twelve popular
self-hosted eCommerce applications, finding 22 vulnerabilities
spread across all but one application we tested, affecting over 50%
of eCommerce sites on the Internet today.

We believe that the magnitude and the prevalence of these vulnerabilities
to ACIDRain attacks merits a broader reconsideration of
the success of the transaction concept as employed by programmers
today, in addition to further pursuit of research in this direction.
Based on our early experiences both performing ACIDRain attacks
on self-hosted applications as well as engaging with developers, we
believe there is considerable work to be done in raising awareness
of these attacks—for example, via improved analyses and additional
2AD refinement rules (including analysis of source code to
better highlight sources of error)—and in automated methods for defending
against these attacks—for example, by synthesizing repairs
such as automated isolation level tuning and selective application
of SELECT FOR UPDATE mechanisms. Our results here—as well as
existing instances of ACIDRain attacks in the wild—suggest there
is considerable value at stake.'
databases  transactions  vulnerability  security  acidrain  peter-bailis  storage  isolation  acid 
march 2017
That thing about pwning N26
Whitehat CCC hacker thoroughly pwns N26 bank -- there's a lot of small leaks and insecurities here. Sounds like N26 are dealing with them though
ccc  hacks  exploits  n26  banks  banking  security 
march 2017
US grand jury decides that a GIF counts as a deadly weapon in Twitter seizure case - The Verge
While this is certainly correct to prosecute, I still think that Twitter need to rethink their UI choices that allow a random stranger to fire graphic images at their targets without any opt-in requirement.
FBI investigators seized the account late last year after tracking him through his iPhone, and allege that Rivello sent several tweets and messages about his intentions to cause Eichenwald to have a seizure — including the text “You deserve a seizure for your post.” According to NBC News, other messages specifically say that "I hope this sends him into a seizure,” while others read "Spammed this at [Eichenwald] let's see if he dies."
images  twitter  epilepsy  gifs  nam-shub  abuse  social-media  trolls 
march 2017
The Gig Economy Celebrates Working Yourself to Death - The New Yorker
At the root of this is the American obsession with self-reliance, which makes it more acceptable to applaud an individual for working himself to death than to argue that an individual working himself to death is evidence of a flawed economic system. The contrast between the gig economy’s rhetoric (everyone is always connecting, having fun, and killing it!) and the conditions that allow it to exist (a lack of dependable employment that pays a living wage) makes this kink in our thinking especially clear.
capitalism  culture  gig-economy  lyft  fiverr  work  jobs  employment  self-reliance 
march 2017
Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware
DRM working as expected:
To avoid the draconian locks that John Deere puts on the tractors they buy, farmers throughout America's heartland have started hacking their equipment with firmware that's cracked in Eastern Europe and traded on invite-only, paid online forums. Tractor hacking is growing increasingly popular because John Deere and other manufacturers have made it impossible to perform "unauthorized" repair on farm equipment, which farmers see as an attack on their sovereignty and quite possibly an existential threat to their livelihood if their tractor breaks at an inopportune time.

(via etienneshrdlu)
hacking  farming  drm  john-deere  tractors  firmware  right-to-repair  repair 
march 2017
GitHub's new Balanced Employee IP Agreement (BEIPA) lets workers keep the IP when they use company resources for personal projects — Quartz
Huh, interesting development:
If it’s on company time, it’s the company’s dime. That’s the usual rule in the tech industry—that if employees use company resources to work on projects unrelated to their jobs, their employer can claim ownership of any intellectual property (IP) they create.
But GitHub is throwing that out the window. Today the code-sharing platform announced a new policy, the Balanced Employee IP Agreement (BEIPA). This allows its employees to use company equipment to work on personal projects in their free time, which can occur during work hours, without fear of being sued for the IP. As long as the work isn’t related to GitHub’s own “existing or prospective” products and services, the employee owns it.
github  law  tech  jobs  work  day-job  side-projects  hacking  ip  copyright 
march 2017
Don’t Get Trampled: The Puzzle For “Unicorn” Employees
'One of my sad predictions for 2017 is a bunch of big headline-worthy acquisitions and IPOs that leave a lot of hard working employees at these companies in a weird spot. They’ll be congratulated by everyone they know for their extraordinary success while scratching their heads wondering why they barely benefited. Of course, the reason is that these employees never understood their compensation in the first place (and they were not privy to the terms of all the financings before and after they were hired).'
share-options  shares  unicorns  funding  employment  jobs  compensation 
march 2017
atlassian/localstack: A fully functional local AWS cloud stack. Develop and test your cloud apps offline!
LocalStack provides an easy-to-use test/mocking framework for developing Cloud applications. Currently, the focus is primarily on supporting the AWS cloud stack.

LocalStack spins up the following core Cloud APIs on your local machine:

API Gateway at http://localhost:4567;
Kinesis at http://localhost:4568;
DynamoDB at http://localhost:4569;
DynamoDB Streams at http://localhost:4570;
Elasticsearch at http://localhost:4571;
S3 at http://localhost:4572;
Firehose at http://localhost:4573;
Lambda at http://localhost:4574;
SNS at http://localhost:4575;
SQS at http://localhost:4576

Additionally, LocalStack provides a powerful set of tools to interact with the cloud services, including a fully featured KCL Kinesis client with Python binding, simple setup/teardown integration for nosetests, as well as an Environment abstraction that allows to easily switch between local and remote Cloud execution.
aws  emulation  mocking  services  testing  dynamodb  s3 
march 2017
Segment.com on cost savings using DynamoDB, autoscaling and ECS
great post.

1. DynamoDB hot shards were a big problem -- and it is terrible that diagnosing this requires a ticket to AWS support! This heat map should be a built-in feature.

2. ECS auto-scaling gets a solid thumbs-up.

3. Switching from ELB to ALB lets them set ports dynamically for individual ECS Docker containers, and then pack as many containers as will fit on a giant EC2 instance.

4. Terraform modules to automate setup and maintainance of ECS, autoscaling groups, and ALBs
terraform  segment  architecture  aws  dynamodb  alb  elb  asg  ecs  docker 
march 2017
Pink Trombone
A model of how voice sounds are produced. Pretty cool
voice  phonetics  sound  mouth  science 
march 2017
The Lord British Postulate
One of the most famous attributes of Lord British is that he is almost invincible. In every Ultima game in which he has appeared, he is designed to be almost impervious to a player's character predations. However, there are ways for a player thinking outside the box to assassinate him. This phenomenon is the origin of the Lord British Postulate which states: "If it exists as a living creature in an MMORPG, someone, somewhere, will try to kill it."[7] Virtually every MMO game displays numerous instances of this, with players attempting to kill (or, in the case of friendly NPCs, cause the death of) virtually every NPC or monster, howsoever powerful, meek, friendly, or ethereal.
npcs  gaming  games  lord-british  murder  rules  mmorpgs 
march 2017
UN privacy watchdog says 'little or no evidence' that mass surveillance works | ZDNet
The United Nations' special rapporteur on privacy has lambasted a spate of new surveillance laws across Europe and the US, saying that there is "little or no evidence" that mass monitoring of communications works. In a report published this week, Prof. Joseph Cannataci, the first privacy watchdog to take up the post, said he was neither convinced of the effectiveness or the proportionality "of some of the extremely privacy-intrusive measures that have been introduced by new surveillance laws."

He also said that bulk records collection, such as call and email metadata, runs the risk of "being hacked by hostile governments or organized crime."

Cannataci singled out recently-passed laws in France, Germany, the UK and the US, all of which have pushed through new legislation in the wake of the threat from the so-called Islamic State. He said that the passed laws amount to "gesture-politics," which in his words, "have seen politicians who wish to be seen to be doing something about security, legislating privacy-intrusive powers into being -- or legalize existing practices -- without in any way demonstrating that this is either a proportionate or indeed an effective way to tackle terrorism." A rise in public support of increased surveillance powers is "predicated on the psychology of fear," he said, referring to the perceived threat of terrorism.
surveillance  law  privacy  un  joseph-cannataci  watchdogs  terrorism  fear  fud 
march 2017
When the Children Crashed Dad’s BBC Interview: The Family Speaks - WSJ
Mr. Kelly describes his reaction as a mixture of surprise, embarrassment and amusement but also love and affection. The couple says they weren’t mad and didn’t scold the children. “I mean it was terribly cute,” Mr. Kelly said. “I saw the video like everybody else. My wife did a great job cleaning up a really unanticipated situation as best she possibly could... It was funny. If you watch the tape I was sort of struggling to keep my own laughs down. They’re little kids and that’s how things are.” “Yes I was mortified, but I also want my kids to feel comfortable coming to me,” Mr. Kelly said.


aww!
cute  family  bbc  interviews  funny  viral  kids  hippity-hoppity  robert-kelly 
march 2017
ASAP: Automatic Smoothing for Attention Prioritization in Streaming Time Series Visualization
Peter Bailis strikes again.

'Time series visualization of streaming telemetry (i.e., charting of
key metrics such as server load over time) is increasingly prevalent
in recent application deployments. Existing systems simply plot the
raw data streams as they arrive, potentially obscuring large-scale
deviations due to local variance and noise. We propose an alternative:
to better prioritize attention in time series exploration and
monitoring visualizations, smooth the time series as much as possible
to remove noise while still retaining large-scale structure. We
develop a new technique for automatically smoothing streaming
time series that adaptively optimizes this trade-off between noise
reduction (i.e., variance) and outlier retention (i.e., kurtosis). We
introduce metrics to quantitatively assess the quality of the choice
of smoothing parameter and provide an efficient streaming analytics
operator, ASAP, that optimizes these metrics by combining techniques
from stream processing, user interface design, and signal
processing via a novel autocorrelation-based pruning strategy and
pixel-aware preaggregation. We demonstrate that ASAP is able to
improve users’ accuracy in identifying significant deviations in time
series by up to 38.4% while reducing response times by up to 44.3%.
Moreover, ASAP delivers these results several orders of magnitude
faster than alternative optimization strategies.'
dataviz  graphs  metrics  peter-bailis  asap  smoothing  aggregation  time-series  tsd 
march 2017
Artificial intelligence is ripe for abuse, tech researcher warns: 'a fascist's dream' | Technology | The Guardian
“We should always be suspicious when machine learning systems are described as free from bias if it’s been trained on human-generated data,” Crawford said. “Our biases are built into that training data.”

In the Chinese research it turned out that the faces of criminals were more unusual than those of law-abiding citizens. “People who had dissimilar faces were more likely to be seen as untrustworthy by police and judges. That’s encoding bias,” Crawford said. “This would be a terrifying system for an autocrat to get his hand on.” [...]

With AI this type of discrimination can be masked in a black box of algorithms, as appears to be the case with a company called Faceception, for instance, a firm that promises to profile people’s personalities based on their faces. In its own marketing material, the company suggests that Middle Eastern-looking people with beards are “terrorists”, while white looking women with trendy haircuts are “brand promoters”.
bias  ai  racism  politics  big-data  technology  fascism  crime  algorithms  faceception  discrimination  computer-says-no 
march 2017
The Uber Bombshell About to Drop
Alphabet's IP theft allegations regarding Waymo, Otto and Anthony Levandowski are pretty hardcore
alphabet  google  uber  lawsuits  ip  waymo 
march 2017
[1606.08813] European Union regulations on algorithmic decision-making and a "right to explanation"
We summarize the potential impact that the European Union's new General Data Protection Regulation will have on the routine use of machine learning algorithms. Slated to take effect as law across the EU in 2018, it will restrict automated individual decision-making (that is, algorithms that make decisions based on user-level predictors) which "significantly affect" users. The law will also effectively create a "right to explanation," whereby a user can ask for an explanation of an algorithmic decision that was made about them. We argue that while this law will pose large challenges for industry, it highlights opportunities for computer scientists to take the lead in designing algorithms and evaluation frameworks which avoid discrimination and enable explanation.


oh this'll be tricky.
algorithms  accountability  eu  gdpr  ml  machine-learning  via:daveb  europe  data-protection  right-to-explanation 
march 2017
Dinosaur Escape - BoardGameGeek
good kid's board game -- age 4+, 2-4 players.
The object of Dinosaur Escape is to get all three dinosaurs safely to Dinosaur Island before the volcano erupts! Work together to move the dinosaur movers around the board and uncover the matching dinosaurs under the fern tokens.

On your turn, roll the die. If you roll a number, move any dinosaur mover the indicated number of spaces any direction on the path. Then turn over one fern token anywhere on the board. If you reveal rocks, bones or other items, flip the token back over. If you reveal a dinosaur, and the dinosaur mover of the same species is in the same habitat area, move the dinosaur moved and matching token to Dinosaur Island. You just helped a dinosaur escape!

If you reveal a dinosaur but the dinosaur mover of the same species is not in the same habitat as the token, flip the token back over. Dinosaur movers and matching tokens must be in the same habitat to help a dinosaur escape! If you turn over the T-Rex, RUN! Move each of the dinosaur movers in play back to a start space. If you roll a volcano, place volcano piece number 1 in the stand on the board. If you can find and help all three lost dinosaurs escape to Dinosaur Island before completing the 3D volcano puzzle, you all win!
boardgames  reviews  kids  children  co-op  games  gaming 
march 2017
Communications data errors: UK police incriminating the wrong people due to data retention system screwups
It seems there have been 34 with serious consequences since 2008. Causes include:
- Omission of an underscore when transcribing an e-mail address led to the wrong subscriber information being provided and a search warrant being executed at the premises of an individual unconnected with the investigation.

- A CSP's data warehouse system change affected how GMT and British Summer Time were treated. This was not communicated to staff using the data retention disclosure system. This led to a one hour error in subscriber information disclosed in relation to IP address usage. Of 98 potential disclosure errors identified, 94 were in fact incorrect and four returned the same results when re-run. Of the 94 incorrect disclosures, in three cases a search warrant was executed at premises relating to individuals unconnected with the investigation (and one individual was arrested).

- Due to a technical fault causing a time zone conversion to be out by seven hours, a CSP voluntarily disclosed an incorrect IP address to a public authority.  That led to a search warrant being executed at premises relating to individuals unconnected with the investigation.


In other words, timezones largely screw up everything, yet again.
timezones  uk  law  data-retention  errors  bst 
march 2017
ctop
Top for containers (ie Docker)
docker  containers  top  ops  go  monitoring  cpu 
march 2017
Tim Berners-Lee calls for tighter regulation of online political advertising | Technology | The Guardian
“Targeted advertising allows a campaign to say completely different, possibly conflicting things to different groups. Is that democratic?” Berners-Lee said.
politics  trump  law  elections  polling  advertising  facebook  micro-advertising 
march 2017
a digital clock in Conway's Game of Life
I'm sure everyone has seen this amazing feat, but I wanted to make sure I had it bookmarked ;) Gliders and lightweight spaceships, apparently...
life  games  alife  conways-life  gliders  hacks  cool 
march 2017
Chatbot that overturned 160,000 parking fines now helping refugees claim asylum | Technology | The Guardian
The original DoNotPay, created by Stanford student Joshua Browder, describes itself as “the world’s first robot lawyer”, giving free legal aid to users through a simple-to-use chat interface. The chatbot, using Facebook Messenger, can now help refugees fill in an immigration application in the US and Canada. For those in the UK, it helps them apply for asylum support.
government  technology  automation  bots  asylum  forms  facebook 
march 2017
Colm O'Gorman, on societal responsibility for Mother & Baby Homes, Magdalene Laundries & various other church atrocities in Ireland
Excellent twitter thread on the topic. Pasted:

It is often said that everyone knew what was happening in such places, or about the rape of children by priests. That is not true.
It is true that deep veins of knowledge existed across Irish society, at all levels, but not everyone knew. Or were allowed to know.
Just like is always the case, the terrible things that were done were possible only because they were tolerated. They went unchecked.
They were tolerated by those in positions of authority who either dared not, or did not wish to, challenge the power strictures that existed
They were tolerated by those without power or position because they feared what speaking up might do to them and to their families
That was an Ireland where challenging such vile abuse by power would see you become its victim. It was brutal and vicious.
If you did not, or could not, conform to the demands of the powerful, you were in real danger. At best, ostracisation and excommunication.
But many experience far worse than that. They found themselves in the very places we now acknowledge as hell holes. Locked up in institutions
I always remember the late, great Mary Rafferty exposing the scale of such abusive institutionalisation. She pointed out that at one point
in our relatively recent history, we led the world in one regard. Per capita, we locked up more people in psychiatric institutions than
any other country on the planet. Only the Soviet Union came a distant second to us. That was how Ireland treated dissent or difference
That what was happened to many who could not conform to a brutal demand to be somehow 'acceptable' to dogma & unaccountable power
And it wasn't some ancient Ireland either. The last laundry closed in 1996. In 2002, when fighting for inquiries into child rape by priests
and it's cover up by bishops, cardinals and popes, those same princes declared themselves above the rule of the law of this Republic
insisting that the law of their church was superior to the law of this state. And their position was taken seriously by many.
It took months of dogged battle by me and others to get past that bullshit. For our political and legal system to assert itself.
The Ireland where the lives of women & children were controlled & brutalised by people who felt they had a God given right to do so is not
some other country that existed back in some other time. It is this Ireland. We have changed a lot - but it is still this Ireland.
The difference now is that we ALL know. That the truth is out, and that more is being revealed. And yes, undoubtedly there is more to come.
So it is NOT true all past members of society, or even anything close to a majority, colluded with such abuses. That is a falsehood.
It is also a falsehood to suggest that the church did what the state would not do, and provided as best it could. That is a lie.
The Catholic Church captured control of what should have been arms of the state. Health, education and social care. And it exploited them.
It used them to drive its own agendas, to enforce its own dogma. And at every turn it resisted any 'intrusion' into those realms by others.
including the state. Look at the Mother & Child Scheme for eg, or the response to the first multi-denominational schools, and much more.
Catholic orders defended themselves against accusations of appalling abuse of children in their institutions by claiming that
the state did not give them enough money to feed, clothe and properly care for the children they detained in those places. This was a lie.
in the same institutions where children went starving, clergy were well fed and housed. They went for nothing. Funded by the state and the
forced labour of the children or women they detained. The Ryan Report debunked that lie in its entirety.
Ryan found that religious orders maintained "bloated congregations" by bringing in more and more children, and therefore more and more money
And now we know. Now the threat of brutal reprisal is lifted. Now is the time for truth, to own what has been done to so many vulnerable
people in our Republic. To learn from it and ensure we identify how that same corrupting tendency manifests today. Because it does of course
It may not be quite as vicious, but it prevails.Look at how power still treats a reasonable demand for accountability: Maurice McCabe for eg
Look at how our education and health systems still allow religious dogma to exert extraordinary power over people's lives.
We are a different Ireland, but are we different enough?
mother-and-baby-homes  tuam  ireland  catholic-church  abuse  colm-o-gorman  twitter  history  priests 
march 2017
How to stop Ubuntu Xenial (16.04) from randomly killing your big processes
ugh.
Unfortunately, a bug was recently introduced into the allocator which made it sometimes not try hard enough to free kernel cache memory before giving up and invoking the OOM killer. In practice, this means that at random times, the OOM killer would strike at big processes when the kernel tries to allocate, say, 16 kilobytes of memory for a new process’s thread stack — even when there are many gigabytes of memory in reclaimable kernel caches!
oom-killer  ooms  linux  ops  16.04 
march 2017
Annotated tenets of SRE
A google SRE annotates the Google SRE book with his own thoughts. The source material is great, but the commentary improves it alright.

Particularly good for the error budget concept.

Also: when did "runbooks" become "playbooks"? Don't particularly care either way, but needless renaming is annoying.
runbooks  playbooks  ops  google  sre  error-budget 
march 2017
Spammergate: The Fall of an Empire
Featuring this interesting reactive-block evasion tactic:
In that screenshot, a RCM co-conspirator describes a technique in which the spammer seeks to open as many connections as possible between themselves and a Gmail server. This is done by purposefully configuring your own machine to send response packets extremely slowly, and in a fragmented manner, while constantly requesting more connections.
Then, when the Gmail server is almost ready to give up and drop all connections, the spammer suddenly sends as many emails as possible through the pile of connection tunnels. The receiving side is then overwhelmed with data and will quickly block the sender, but not before processing a large load of emails.


(via Tony Finch)
via:fanf  spam  antispam  gmail  blocklists  packets  tcp  networking 
march 2017
Martin Fowler's First Law of Distributed Object Design: Don’t
lol. I hadn't seen this one, but it's a good beatdown on distributed objects from back in 2003
distributed-objects  dcom  corba  history  martin-fowler  laws  rules  architecture  2003 
march 2017
A Programmer’s Introduction to Unicode – Nathan Reed’s coding blog
Fascinating Unicode details -- a lot of which were new to me. Love the heat map of usage in Wikipedia:
One more interesting way to visualize the codespace is to look at the distribution of usage—in other words, how often each code point is actually used in real-world texts. Below is a heat map of planes 0–2 based on a large sample of text from Wikipedia and Twitter (all languages). Frequency increases from black (never seen) through red and yellow to white.

You can see that the vast majority of this text sample lies in the BMP, with only scattered usage of code points from planes 1–2. The biggest exception is emoji, which show up here as the several bright squares in the bottom row of plane 1.
unicode  coding  character-sets  wikipedia  bmp  emoji  twitter  languages  characters  heat-maps  dataviz 
march 2017
The State already knew about Tuam. Nothing ever changes in Ireland
Forensic archaeologists are combing through the soil in Tuam. Perhaps justice might be better served if forensic accountants were combing through the accounts of the Bon Secours Sisters. They sold healthy babies and let the rest to die.
nuns  bon-secours  history  ireland  tuam-babies  tuam  horror 
march 2017
The Occasional Chaos of AWS Lambda Runtime Performance
If our code has modest resource requirements, and can tolerate large changes in performance, then it makes sense to start with the least amount of memory necessary. On the other hand, if consistency is important, the best way to achieve that is by cranking the memory setting all the way up to 1536MB.
It’s also worth noting here that CPU-bound Lambdas may be cheaper to run over time with a higher memory setting, as Jim Conning describes in his article, “AWS Lambda: Faster is Cheaper”. In our tests, we haven’t seen conclusive evidence of that behavior, but much more data is required to draw any strong conclusions.
The other lesson learned is that Lambda benchmarks should be gathered over the course of days, not hours or minutes, in order to provide actionable information. Otherwise, it’s possible to see very impressive performance from a Lambda that might later dramatically change for the worse, and any decisions made based on that information will be rendered useless.
aws  lambda  amazon  performance  architecture  ops  benchmarks 
march 2017
In praise of cash
'The battle to protect cash is one full of ambiguities - it feels somewhat
like trying to protect good ol' normal capitalism from a Minority Report
surveillance-capitalism'
cash  payment  contactless  surveillance  banking  banks  credit-cards 
march 2017
Phoenician Sun God in Eighteenth-Century Ireland? - Beachcombing's Bizarre History Blog
It is the most extraordinary inscription. This mill-stone rock, which once stood on the top of Tory Hill in County Kilkenny in Ireland, has been taken as proof of Carthaginian contact and settlement or at least trade with Ireland in antiquity. The words clearly read (give or take some distorted letters) Beli Dinose, a reference to the Carthaginian god Bel or Baal Dionysus. Extraordinary to think that Phoenicians, in the early centuries B.C. brought their nasty child-killing faith to the green hills of Ireland. Only of course they didn’t… At least not on this evidence. The stone celebrating ‘the lordly one’ actually has a rather different origin.


excellent tale.
phoenicia  dionysus  baal  history  tory-hill  kilkenny  carthage  gods  typos  fail  archaeology  graffiti 
march 2017
S3 2017-02-28 outage post-mortem
The Amazon Simple Storage Service (S3) team was debugging an issue causing the S3 billing system to progress more slowly than expected. At 9:37AM PST, an authorized S3 team member using an established playbook executed a command which was intended to remove a small number of servers for one of the S3 subsystems that is used by the S3 billing process. Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended. The servers that were inadvertently removed supported two other S3 subsystems.  One of these subsystems, the index subsystem, manages the metadata and location information of all S3 objects in the region. This subsystem is necessary to serve all GET, LIST, PUT, and DELETE requests. The second subsystem, the placement subsystem, manages allocation of new storage and requires the index subsystem to be functioning properly to correctly operate. The placement subsystem is used during PUT requests to allocate storage for new objects. Removing a significant portion of the capacity caused each of these systems to require a full restart. While these subsystems were being restarted, S3 was unable to service requests. Other AWS services in the US-EAST-1 Region that rely on S3 for storage, including the S3 console, Amazon Elastic Compute Cloud (EC2) new instance launches, Amazon Elastic Block Store (EBS) volumes (when data was needed from a S3 snapshot), and AWS Lambda were also impacted while the S3 APIs were unavailable.  
s3  postmortem  aws  post-mortem  outages  cms  ops 
march 2017
Facebook, patient zero in fake news epidemic, proudly advertises ability to sway elections
The online social network is highlighting the Toomey campaign's ability to make ads that performed exceptionally well on Facebook even as it downplays the ability of the site to influence elections. In the days following the President Donald Trump's election, Facebook CEO Mark Zuckerberg responded to the potential influence of fake news on the election as "a pretty crazy idea."

Taking Facebook at its word means holding two contradictory beliefs at once: that the site can sway an election on behalf of paying customers, but doesn't exert influence when it comes to the spread of misinformation by independent profiteers.
facebook  fake-news  elections  news  pat-toomey  republicans  advertising 
march 2017
"I caused an outage" thread on twitter
Anil Dash: "What was the first time you took the website down or broke the build? I’m thinking of all the inadvertent downtime that comes with shipping."

Sample response: 'Pushed a fatal error in lib/display.php to all of FB’s production servers one Friday night in late 2005. Site loaded blank pages for 20min.'
outages  reliability  twitter  downtime  fail  ops  post-mortem 
march 2017
When DNNs go wrong – adversarial examples and what we can learn from them
Excellent paper.
[The] results suggest that classifiers based on modern machine learning techniques, even those that obtain excellent performance on the test set, are not learning the true underlying concepts that determine the correct output label. Instead, these algorithms have built a Potemkin village that works well on naturally occuring data, but is exposed as a fake when one visits points in space that do not have high probability in the data distribution.
ai  deep-learning  dnns  neural-networks  adversarial-classification  classification  classifiers  machine-learning  papers 
february 2017
The power of role models
At dinner I asked some of the women to speak to me about this, how astronomy became so (relatively) egalitarian. And one topic became clear: role models. Astronomy has a long history of women active in the field, going all the way back to Caroline Herschel in the early 19th century. Women have made huge contributions to the field. Dava Sobel just wrote a book about the women who laid the foundations for the discovery of the expansion of the universe. Just a couple of weeks ago, papers ran obituaries of Vera Rubin, the remarkable observational astronomer who discovered the evidence for dark matter. I could mention Jocelyn Bell, whose discovery of pulsars got her advisor a Nobel (sic). The most famous astronomer I met growing up was Helen Hogg, the (adopted) Canadian astronomer at David Dunlap Observatory outside Toronto, who also did a fair bit of what we now call outreach.

The women at the meeting spoke of this, a history of women contributing, of role models to look up to, of proof that women can make major contributions to the field.

What can computing learn from this? It seems we're doing it wrong. The best way to improve the representation of women in the field is not to recruit them, important though that is, but to promote them. To create role models. To push them into positions of influence.
software  women  feminism  role-models  gender-balance  egalitarianism  astronomy  computing  rob-pike 
february 2017
Zeynep Tufekci: "Youtube is a crucial part of the misinfomation ecology"
This is so spot on. I hope Google address this issue --
YouTube is crucial part of the misinformation ecology. Not just a demand issue: its recommender algo is a "go down the rabbit hole" machine.
You watch a Trump rally: you get suggested white supremacist videos, sometimes, auto-playing. Like a gateway drug theory of engagement.
I've seen this work across the political spectrum. YouTube algo has discovered out-flanking and "red-pilling" is.. engaging. So it does.


This thread was in response to this Buzzfeed article on the same topic: https://www.buzzfeed.com/josephbernstein/youtube-has-become-the-content-engine-of-the-internets-dark
youtube  nazis  alt-right  lies  politics  google  misinformation  recommendations  ai  red-pill 
february 2017
Manage DynamoDB Items Using Time to Live (TTL)
good call.
Many DynamoDB users store data that has a limited useful life or is accessed less frequently over time. Some of them track recent logins, trial subscriptions, or application metrics. Others store data that is subject to regulatory or contractual limitations on how long it can be stored. Until now, these customers implemented their own time-based data management. At scale, this sometimes meant that they ran a couple of Amazon Elastic Compute Cloud (EC2) instances that did nothing more than scan DynamoDB items, check date attributes, and issue delete requests for items that were no longer needed. This added cost and complexity to their application. In order to streamline this popular and important use case, we are launching a new Time to Live (TTL) feature today. You can enable this feature on a table-by-table basis, specifying an item attribute that contains the expiration time for the item.
dynamodb  ttl  storage  aws  architecture  expiry 
february 2017
Gravitational Teleport
Teleport enables teams to easily adopt the best SSH practices like:

Integrated SSH credentials with your organization Google Apps identities or other OAuth identity providers.
No need to distribute keys: Teleport uses certificate-based access with automatic expiration time.
Enforcement of 2nd factor authentication.
Cluster introspection: every Teleport node becomes a part of a cluster and is visible on the Web UI.
Record and replay SSH sessions for knowledge sharing and auditing purposes.
Collaboratively troubleshoot issues through session sharing.
Connect to clusters located behind firewalls without direct Internet access via SSH bastions.
ssh  teleport  ops  bastions  security  auditing  oauth  2fa 
february 2017
X-Plan: Giving your kids a way out
Great idea -- an "escape hatch" for your teenage kids, so they can be extricated from scary/dodgy peer-pressure situations without losing face among their peers.
xplan  escape  escape-hatch  parenting  kids  peer-pressure  teens  x-plan 
february 2017
US immigration asking tech interview trivia questions now
what the absolute fuck. Celestine Omin on Twitter: "I was just asked to balance a Binary Search Tree by JFK's airport immigration. Welcome to America."
twitter  celestine-omin  us-politics  immigration  tests  interviews  bst  trees  data-structures  algorithms 
february 2017
In 1914, Feminists Fought For the Right to Forget Childbirth | Atlas Obscura
Wow, this is creepy.
Tracy and Leupp described twilight sleep as “a very fine balance in the states of consciousness,” which required “special knowledge of the use of drugs that cause it.” Once a woman had gone into labor, she was given a combination of morphine to dull the pain and scopolamine to dull her memory of the experience. (Today, scopolamine is sometimes called the “zombie drug” because its users become susceptible to suggestion but retain no memory of their actions.)

These drugs had been used in the past as anesthetics, but few doctors had adopted them with enthusiasm. But the German clinic, the McClure’s article reported, had reached a technical breakthrough with scopolamine, which allowed the doctors to administer it with more precision and therefore with more success. Women who they treated with these drugs would retain muscle control and would follow orders from doctors, but would remember none of it.

There were some strange conditions that went along with the use of these drugs. Because the women’s state of suspension was precarious, women in twilight sleep were kept in padded, crib-like beds, with eye masks blocking out the light and cotton balls in their ears blocking out sound. Sometimes they were fitted into straight-jacket-like shirts that limited the movement of their arms. When the birth was over, women also often experienced a moment of dissociation, as Carmody did: Had they really had a baby? Was the baby they’d been handed really theirs?
twilight-sleep  childbirth  history  freiburg  morphine  scopolamine  anaesthesia  birth 
february 2017
Why Aren’t Baby Boomers Eating Pho? – Medium
'Their decidedly un-hygge reluctance to partake in comforting, clear-brothed Vietnamese soups most likely stems from the generation’s reckless spending habits — many bought homes in their early 20’s. Some even claim they have owned upwards of seven cars over the course of their lifetimes. Unbelievably, many have never ridden a bicycle post-childhood.'
boomers  funny  jokes  pho  soup  news  lifestyle  age 
february 2017
Maniac Killers of the Bangalore IT Department
On "techies" and their tenuous relationship with Indian society:
Technology was supposed to deliver India from poverty, but in Bangalore it’s also deepened the division between rich and poor, young and old, modern and traditional. As the city has grown richer, it’s also become unruly and unfamiliar. If the tech worker is the star of the Indian economy, then the techie is his shadow— spoiled, untrustworthy, adulterous, depressed, and sometimes just plain senseless. (“TECHIE WITH EARPHONES RUN OVER BY TRAIN.”) In one occupational boogeyman, Bangaloreans can see their future and their fears. [....]

“TECHIE’S WIFE MURDERED” read the headlines in both the Hindu and the Bangalore Mirror. “TECHIE STABS FRIEND’S WIFE TO DEATH” ran in the Deccan Herald. To read the Indian newspapers regularly is to believe the software engineer is the country’s most cursed figure. Almost every edition carries a gruesome story involving a techie accused of homicide, rape, burglary, blackmail, assault, injury, suicide, or another crime. When techies are the victims, it’s just as newsworthy. The Times of India, the country’s largest English-language paper, has carried “TECHIE DIES IN FREAK ACCIDENT” and “MAN HELD FOR PUSHING TECHIE FROM TRAIN”; in the Hindu, readers found “TEACHER CHOPS OFF FINGERS OF TECHIE HUSBAND” and “TECHIE DIED AFTER BEING FORCE-FED CYANIDE.” A long-standing journalistic adage says, “If it bleeds, it leads.” In India, if it codes, it explodes.
crime  tech  india  bangalore  pune  society  techies  work  jobs 
february 2017
Fault Domains and the Vegas Rule | Expedia Engineering Blog
I like this concept -- analogous to AWS' AZs -- limit blast radius of an outage by explicitly defining dependency scopes
aws  az  fault-domains  vegas-rule  blast-radius  outages  reliability  architecture 
february 2017
How Space Weather Can Influence Elections on Earth - Motherboard
oh, god -- I'm not keen on this take: how's about designing systems that recognise the risks?
"Everything was going fine, but then suddenly, there were an additional 4,000 votes cast. Because it was a local election, which are normally very small, people were surprised and asked, 'how did this happen?'"

The culprit was not voter fraud or hacked machines. It was a single event upset (SEU), a term describing the fallout of an ionizing particle bouncing off a vulnerable node in the machine's register, causing it to flip a bit, and log the additional votes. The Sun may not have been the direct source of the particle—cosmic rays from outside the solar system are also in the mix—but solar-influenced space weather certainly contributes to these SEUs.
bit-flips  science  elections  voting-machines  vvat  belgium  bugs  risks  cosmic-rays 
february 2017
pachyderm
'Containerized Data Analytics':
There are two bold new ideas in Pachyderm:

Containers as the core processing primitive
Version Control for data

These ideas lead directly to a system that's much more powerful, flexible and easy to use.

To process data, you simply create a containerized program which reads and writes to the local filesystem. You can use any tools you want because it's all just going in a container! Pachyderm will take your container and inject data into it. We'll then automatically replicate your container, showing each copy a different chunk of data. With this technique, Pachyderm can scale any code you write to process up to petabytes of data (Example: distributed grep).

Pachyderm also version controls all data using a commit-based distributed filesystem (PFS), similar to what git does with code. Version control for data has far reaching consequences in a distributed filesystem. You get the full history of your data, can track changes and diffs, collaborate with teammates, and if anything goes wrong you can revert the entire cluster with one click!

Version control is also very synergistic with our containerized processing engine. Pachyderm understands how your data changes and thus, as new data is ingested, can run your workload on the diff of the data rather than the whole thing. This means that there's no difference between a batched job and a streaming job, the same code will work for both!
analytics  data  containers  golang  pachyderm  tools  data-science  docker  version-control 
february 2017
4chan: The Skeleton Key to the Rise of Trump
This is the best article on chan culture and how it's taken over
4chan  8chan  somethingawful  boards  history  internet  trump  alt-right 
february 2017
How-to Debug a Running Docker Container from a Separate Container
arguably this shouldn't be required -- building containers without /bin/sh, strace, gdb etc. is just silly
strace  docker  ops  debugging  containers 
february 2017
10 Most Common Reasons Kubernetes Deployments Fail
some real-world failure cases and how to fix them
kubernetes  docker  ops 
february 2017
Hadoop Internals
This is the best documentation on the topic I've seen in a while
hadoop  map-reduce  architecture  coding  java  distcomp 
february 2017
'Software Engineering at Google'
20 pages of Google's software dev practices, with emphasis on the build system (since it was written by the guy behind Blaze). Naturally, some don't make a whole lot of sense outside of Google, but still some good stuff here
development  engineering  google  papers  software  coding  best-practices 
february 2017
Instapaper Outage Cause & Recovery
Hard to see this as anything other than a pretty awful documentation fail by the AWS RDS service:
Without knowledge of the pre-April 2014 file size limit, it was difficult to foresee and prevent this issue. As far as we can tell, there’s no information in the RDS console in the form of monitoring, alerts or logging that would have let us know we were approaching the 2TB file size limit, or that we were subject to it in the first place. Even now, there’s nothing to indicate that our hosted database has a critical issue.
limits  aws  rds  databases  mysql  filesystems  ops  instapaper  risks 
february 2017
Riot Games Seek Court Justice After Internet Provider Deliberately Causes In-Game Lag
Pretty damning for Time-Warner Cable:
When it seemed that the service provider couldn’t sink any lower, they opted to hold Riot to a ‘lag ransom’. Following Riot’s complaints regarding the inexplicable lag the player base were experiencing, TWC offered to magically solve the issue, a hardball tactic to which Riot finally admitted defeat in August of 2015. Before the deal was finalised, lag and data-packet loss for League of Legends players were far above the standards Riot was aiming for. Miraculously, after the two tech companies reached an unpleasant deal, the numbers improved.
ftc  fcc  twc  time-warner  cable  isps  network-neutrality  league-of-legends  internet 
february 2017
Minor Infractions — Real Life
When our son turned 12, we gave him a phone and allowed him to use social media, with a condition: He had no right to privacy. We would periodically and without warning read his texts and go through his messenger app. We would follow him on Facebook, Instagram and Twitter (though we wouldn’t comment or tag him — we’re not monsters). We wouldn’t ambush him about what we read and we wouldn’t attempt to embarrass him. Anything that wasn’t dangerous or illegal, we would ignore.


Food for thought. But not yet!
surveillance  family  kids  privacy  online  social-media  teenagers 
february 2017
Why Shopify Payments prohibit sexual content
Interesting background info from a twitter thread:

@jennschiffer Breitbart uses Shopify Payments, which is built on top of Stripe, which is sponsored by Wells Fargo merchant services AFAIK.
WF has underwriting rules that prohibit sexual content. The main reasons aren't b/c WF or Stripe are interested in policing morals.
Historically there's a higher rate of chargebacks from porn sites, which is why banks are generally anti-sexual content.
Imagine someone's partner finds a charge for pornhub on their credit cars and calls them out on it. The person will deny and file a CB.
Once porn sites started getting shut down by banks, they would change their names or submit applications claiming to be fetish sites, etc
So underwriting dept's decided the risk is too high and generally defer to no with anything sexual.
Most processors aren't inclined to challenge this position on moral grounds since there's strong precedent against it...
...and it could jeapordize their entire payments system if they get shut off.
There are exceptions of course and there are other prohibited uses that are allowed to continue.
twitter  porn  shopify  sex  chargebacks  payment 
february 2017
« earlier      later »
abuse ads ai algorithms amazon analytics android anti-spam apple apps architecture art automation aws banking big-data bitcoin books bugs build business cars cassandra censorship children china cli climate climate-change cloud coding compression concurrency containers copyright covid-19 crime crypto culture cycling data data-protection data-structures databases dataviz debugging deployment design devops distcomp distributed dns docker driving dublin ec2 email eu europe exploits facebook fail false-positives filesharing filtering food fraud funny future gadgets games gaming gc gchq git github go google government graphics hacking hacks hadoop hardware hashing health history home http https images internet ios iot ip iphone ireland isps java javascript journalism json jvm kafka kids lambda languages latency law legal libraries life linux logging machine-learning malware mapping maps medicine memory metrics microsoft ml mobile money monitoring movies mp3 music mysql netflix networking news nosql nsa open-source ops optimization outages packaging papers patents pdf performance phones photos piracy politics presentations privacy programming protocols python racism recipes redis reliability replication research ruby russia s3 safety scala scalability scaling scams science search security shopping silicon-valley slides snooping social-media society software space spam ssl statistics storage streaming surveillance swpats sysadmin tcp tech technology testing time tips tls tools travel tuning tv twitter ui uk unix us-politics via:fanf via:nelson video web wifi work youtube

Copy this bookmark:



description:


tags: