5197
Can The Best Financial Tips Fit On An Index Card? : All Tech Considered : NPR
'A couple of years ago, University of Chicago professor Harold Pollack did an online video chat with personal finance writer Helaine Olen. The topic was how regular people get steered into bad investments by financial advisers. Pollack said that the best personal finance advice "can fit on a 3-by-5 index card, and is available for free in the library — so if you're paying someone for advice, almost by definition, you're probably getting the wrong advice, because the correct advice is so straightforward." After they posted the video, the emails started pouring in — people wanted to know, where could they get this index card? What was this fantastic yet simple advice for managing their money?'

These seem like pretty solid tips, and relatively portable to the Irish markets too. I need to take a look at this stuff...
finance  money  advice  npr  401k  pensions  financial-advisors 
july 2017
Top 5 ways to improve your AWS EC2 performance
A couple of bits of excellent advice from Datadog (although this may be a slightly old post, from Oct 2016):

1. Unpredictable EBS disk I/O performance. Note that gp2 volumes do not appear to need as much warmup or priming as before.

2. EC2 Instance ECU Mismatch and Stolen CPU. advice: use bigger instances

The other 3 ways are a little obvious by comparison, but worth bookmarking for those two anyway.
ops  ec2  performance  datadog  aws  ebs  stolen-cpu  virtualization  metrics  tips 
july 2017
Exactly-once Semantics is Possible: Here's How Apache Kafka Does it
How does this feature work? Under the covers it works in a way similar to TCP; each batch of messages sent to Kafka will contain a sequence number which the broker will use to dedupe any duplicate send. Unlike TCP, though—which provides guarantees only within a transient in-memory connection—this sequence number is persisted to the replicated log, so even if the leader fails, any broker that takes over will also know if a resend is a duplicate. The overhead of this mechanism is quite low: it’s just a few extra numeric fields with each batch of messages. As you will see later in this article, this feature add negligible performance overhead over the non-idempotent producer.
kafka  sequence-numbers  dedupe  deduplication  unique  architecture  distcomp  streaming  idempotence 
july 2017
Delivering Billions of Messages Exactly Once · Segment Blog
holy crap, this is exactly the wrong way to build a massive-scale deduplication system -- with a monster random-access "is this random UUID in the db" lookup
deduping  architecture  horror  segment  messaging  kafka 
june 2017
Don't Settle For Eventual Consistency
Quite an argument. Not sure I agree, but worth a bookmark anyway...
With an AP system, you are giving up consistency, and not really gaining anything in terms of effective availability, the type of availability you really care about.  Some might think you can regain strong consistency in an AP system by using strict quorums (where the number of nodes written + number of nodes read > number of replicas).  Cassandra calls this “tunable consistency”.  However, Kleppmann has shown that even with strict quorums, inconsistencies can result.10  So when choosing (algorithmic) availability over consistency, you are giving up consistency for not much in return, as well as gaining complexity in your clients when they have to deal with inconsistencies.
cap-theorem  databases  storage  cap  consistency  cp  ap  eventual-consistency 
june 2017
Mozilla Employee Denied Entry to the United States
Ugh. every non-USian tech worker's nightmare. curl developer Daniel Stenberg:
“I can’t think of a single valid reason why they would deny me travel, so what concerns me is that somehow someone did and then I’m worried that I’ll get trouble fixing that issue,” Stenberg said. “I’m a little worried since border crossings are fairly serious matters and getting trouble to visit the US in the future would be a serious blowback for me, both personally with friends and relatives there, and professionally with conferences and events there.”
curl  travel  mozilla  esta  us-politics  usa  immigration  flying 
june 2017
"BBC English" was invented by a small team in the 1920s & 30s
Excellent twitter thread:
Today we speak of "BBC English" as a standard form of the language, but this form had to be invented by a small team in the 1920s & 30s. 1/
It turned out even within the upper-class London accent that became the basis for BBC English, many words had competing pronunciations. 2/
Thus in 1926, the BBC's first managing director John Reith established an "Advisory Committee on Spoken English" to sort things out. 3/
The committee was chaired by Irish playwright George Bernard Shaw, and also included American essayist Logan Pearsall Smith, 4/
novelist Rose Macaulay, lexicographer (and 4th OED editor) C.T. Onions, art critic Kenneth Clark, journalist Alistair Cooke, 5/
ghost story writer Lady Cynthia Asquith, and evolutionary biologist and eugenicist Julian Huxley. 6/
The 20-person committee held fierce debates, and pronunciations now considered standard were often decided by just a few votes.
bbc  language  english  history  rp  received-pronunciation  pronunciation  john-reith 
june 2017
RIPE Atlas Probes
Interesting! We discussed similar ideas in $prevjob, good to see one hitting production globally.
RIPE Atlas probes form the backbone of the RIPE Atlas infrastructure. Volunteers all over the world host these small hardware devices that actively measure Internet connectivity through ping, traceroute, DNS, SSL/TLS, NTP and HTTP measurements. This data is collected and aggregated by the RIPE NCC, which makes the data publicly available. Network operators, engineers, researchers and even home users have used this data for a wide range of purposes, from investigating network outages to DNS anycasting to testing IPv6 connectivity.

Anyone can apply to host a RIPE Atlas probe. If your application is successful (based on your location), we will ship you a probe free of charge. Hosts simply need to plug their probe into their home (or other) network.

Probes are USB-powered and are connected to an Ethernet port on the host’s router or switch. They then automatically and continuously perform active measurements about the Internet’s connectivity, and this data is sent to the RIPE NCC, where it is aggregated and made publicly available. We also use this data to create several Internet maps and data visualisations. [....]

The hardware of the first and second generation probes is a Lantronix XPort Pro module with custom powering and housing built around it. The third generation probe is a modified TP-Link wireless router (model TL-MR 3020) with a small USB thumb drive in it, but this probe does not support WiFi.


(via irldexter)
via:irldexter  ripe  ncc  probing  active-monitoring  networking  ping  traceroute  dns  testing  http  ipv6  anycast  hardware  devices  isps 
june 2017
Cadence: Microservice architecture beyond request/reply – @Scale
Uber’s request/reply handling middleware — based on the SWF API, it seems
swf  apis  microservices  uber  cadence  asynchronous  request-reply  distcomp  queueing  middleware  go 
june 2017
How Did I “Hack” AWS Lambda to Run Docker Containers?
Running Docker containers in Lambda using a usermode-docker hack -- hacky as hell but fun ;) Lambda should really support native Docker though
docker  lambda  aws  serverless  ops  hacks  udocker 
june 2017
ANSI K100.1-1974
ANSI standard safety code and requirements for dry martinis
standards  alcohol  martini  gin  recipes  martinis  cocktails 
june 2017
London's Tube has been running so long it's literally raising the temperature of the earth around it | CityMetric
London has been running tube trains so long that the ground beneath parts of the city is now as much as 10°C hotter than it was in 1900.
london  tube  underground  tfl  engineering  history  temperature  ventilation 
june 2017
The Really Good Pickle Martini
The Really Good Pickle Martini

2 oz Gordon’s London dry gin;
1/4 oz Martini & Rossi extra dry vermouth;
1/4 oz pickle juice;
Garnish: Skewered dill pickle slice;
Glass: Cocktail

Pour all the ingredients into a mixing glass with ice, and stir briskly with a bar spoon for about 1 minute.

Strain into a chilled Martini glass.

Garnish with a skewered dill pickle slice.
recipes  pickles  martini  cocktails  pickle-juice  gin  vermouth 
june 2017
Determinism in League of Legends
Once again, deterministic replay/reruns of online games proves useful. John Carmack wrote a .plan about this many years ago: https://raw.githubusercontent.com/ESWAT/john-carmack-plan-archive/master/by_day/johnc_plan_19981014.txt

(via Nelson)
clock  realtime  time  determinism  testing  replay  games  league-of-legends  via:nelson 
june 2017
A Neural Network Turned a Book of Flowers Into Shockingly Lovely Dinosaur Art
DeepArt.io, 'powered by an algorithm developed by Leon Gatys and a team from the University of Tübingen in Germany', did a really amazing job here
art  dinosaurs  ai  plants  deep-learning  graphics  cool 
june 2017
How they did it: an analysis of emissions defeat devices in modern automobiles
Using CurveDiff, the team analysed 963 firmware images, for which analysis completed successfully for 924. 406 of the analysed images contained a defeat device, out of which 333 contained at least one active profile. In at least 268 images, the test detection affects the EGR. Firmware images released on Dec 3rd 2014 are used in VW Passat cars, and include the refinement to the defeat device to detect steering wheel angle that we discussed previously.
cars  driving  emissions  diesel  volkswagen  law  regulation  firmware  reverse-engineering 
june 2017
Revealed: Facebook exposed identities of moderators to suspected terrorists | Technology | The Guardian
Oh man, this is awful. Poor guy. And this should have been there right from the start:
The moderator said that when he started, he was given just two weeks training and was required to use his personal Facebook account to log into the social media giant’s moderation system.

“They should have let us use fake profiles,” he said, adding: “They never warned us that something like this could happen.”

Facebook told the Guardian that as a result of the leak it is testing the use of administrative accounts that are not linked to personal profiles.
facebook  security  counter-terrorism  moderation  social-media  role-accounts  admin 
june 2017
Science didn't understand my kids' rare disease until I decided to study it - YouTube
via Kevin Lyda: 'Sharon Terry essentially invented and promoted something akin to the GPL but for medical research. Here's a bunch of data and research and you can use it if you contribute back what you discover to everyone else.'
sharon-terry  videos  ted-talks  genetic-alliance  genes  pxe-international  pxe  tedmed  citizen-science  licensing  gpl  gnu 
june 2017
Screen time guidelines need to be built on evidence, not hype | Science | The Guardian
An open letter signed by about 100 scientists 'from different countries and academic fields with research expertise and experience in screen time, child development and evidence-based policy.'
If the government were to implement guidelines on screen-based technology at this point, as the authors of the letter suggest, this would be on the basis of little to no evidence. This risks the implementation of unnecessary, ineffective or even potentially harmful policies. For guidelines to have a meaningful impact, they need to be grounded in robust research evidence and acknowledge that children’s health and wellbeing is a complex issue affected by many other factors, such as socioeconomic status, relational poverty, and family environment – all of which are likely to be more relevant for children’s health and well-being than screens. For example, there is no consistent evidence that more screen time leads to less outdoor play; if anything the evidence indicates that screen time and physical outdoor activity are unrelated, and reductions in average time spent in outdoor play over time seem to be driven by other factors. Policy efforts to increase outdoor play that focus on screen time are therefore likely to be ineffective.


(via Damien Mulley)
via:damienmulley  science  children  psychology  screens  screen-time  childhood  development  evidence  policy  health  open-letters 
june 2017
lambci/docker-lambda
A sandboxed local environment that replicates the live AWS Lambda environment almost identically – including installed software and libraries, file structure and permissions, environment variables, context objects and behaviors – even the user and running process are the same.


(via og-aws)
docker  lambda  images  testing  aws  serverless 
june 2017
Mounir Mahjoub​i​, the 'geek' who saved Macron's campaign: 'We knew we were going to be attacked' | World news | The Guardian
What a great story.

As a child, he was into maths and geometry, the middle child with one sister 10 years older and another 10 years younger. “I heard about this incredible new thing called the internet,” he says, adding how, aged 12, he saw an advert for the Paris science museum where you could try the internet for free. “There were 15 computers and you queued to have an hour free if you bought an entry ticket. I bought an annual pass to the museum and every Saturday and Sunday I’d travel from one side of Paris to the other to get on the internet and see what it was about. I’d go on Yahoo, chat with people on the other side of the world. I didn’t speak great English then so it wasn’t brilliant chat ...”


(via Niall Murphy)
france  mounir-mahjoubi  internet  computers  society  macron  politics  security 
june 2017
Could crafty beer giants crush small breweries before they take off? - Independent.ie
Grainne says:
“We’re getting feedback from publicans that says: ‘Look, I’m gonna take out your tap, I’d love to leave it in but I’m getting a cheque for €50,000’.
metalman  brewing  craft-beer  ireland  beer-wars  pubs  publicans  competition 
june 2017
Connemara shop in patents row with whiskey multinational
Beam Suntory own a trademark on the name "Connemara" -- utter fiasco. How was this granted? Connemara is a very well-known placename in Ireland
connemara  ireland  ip  trademarks  copyfight  beam-suntory  whiskey 
june 2017
How Turla hackers (ab)used satellites to stay under the radar | Ars Technica
A very nifty hack. DVB-S broadcasts a subset of unencrypted IP traffic across a 600-mile radius:
The Turla attackers listen for packets coming from a specific IP address in one of these classes. When certain packets—say, a TCP/IP SYN packet—are identified, the hackers spoof a reply to the source using a conventional Internet line. The legitimate user of the link just ignores the spoofed packet, since it goes to an otherwise unopened port, such as port 80 or 10080. With normal Internet connections, if a packet hits a closed port, the end user will normally send the ISP some indication that something went wrong. But satellite links typically use firewalls that drop packets to closed ports. This allows Turla to stealthily hijack the connections.

The hack allowed computers infected with Turla spyware to communicate with Turla C&C servers without disclosing their location. Because the Turla attackers had their own satellite dish receiving the piggybacked signal, they could be anywhere within a 600-mile radius. As a result, researchers were largely stopped from shutting down the operation or gaining clues about who was carrying it out.

"It's probably one of the most effective methods of ensuring their operational security, or that nobody will ever find out the physical location of their command and control server," Tanase told Ars. "I cannot think of a way of identifying the location of a command server. It can be anywhere in the range of the satellite beam."
turla  hacks  satellite  security  dvb  dvb-s  tcpip  command-and-control  syn 
june 2017
A Brief History of the UUID · Segment Blog
This is great, by Rick Branson. I didn't realise UUIDs came from Apollo
history  distributed  distcomp  uuids  ids  coding  apollo  unix 
june 2017
Turla’s watering hole campaign: An updated Firefox extension abusing Instagram
Pretty crazy.
The extension will look at each photo’s comment and will compute a custom hash value. If the hash matches 183, it will then run this regular expression on the comment in order to obtain the path of the bit.ly URL:
(?:\\u200d(?:#|@)(\\w)

Looking at the photo’s comments, there was only one for which the hash matches 183. This comment was posted on February 6, while the original photo was posted in early January. Taking the comment and running it through the regex, you get the following bit.ly URL: bit.ly/2kdhuHX

Looking a bit more closely at the regular expression, we see it is looking for either @|# or the Unicode character \200d. This character is actually a non-printable character called ‘Zero Width Joiner’, normally used to separate emojis. Pasting the actual comment or looking at its source, you can see that this character precedes each character that makes the path of the bit.ly URL
security  malware  russia  turla  zwj  unicode  characters  social-media  instagram  command-and-control 
june 2017
Open Guide to Amazon Web Services
'A lot of information on AWS is already written. Most people learn AWS by reading a blog or a “getting started guide” and referring to the standard AWS references. Nonetheless, trustworthy and practical information and recommendations aren’t easy to come by. AWS’s own documentation is a great but sprawling resource few have time to read fully, and it doesn’t include anything but official facts, so omits experiences of engineers. The information in blogs or Stack Overflow is also not consistently up to date. This guide is by and for engineers who use AWS. It aims to be a useful, living reference that consolidates links, tips, gotchas, and best practices. It arose from discussion and editing over beers by several engineers who have used AWS extensively.'
amazon  aws  guides  documentation  ops  architecture 
june 2017
The inventor of dynamic programming, had to hide the fact he was inventing it from the Secretary of Defense
"His face would suffuse, he would turn red, and he would get violent if people used the term "research" in his presence. You can imagine how he felt, then, about the term "mathematical". [....] I felt I had to do something to shield Wilson and the Air Force from the fact that I was really doing mathematics inside RAND"
rand  funny  history  insane  dr-strangelove  1950s  dynamic-programming  mathematics  algorithms 
june 2017
Drug Company Chairman to America: Go Fuck Yourself
'Mr. Coury [chairman of Mylan, makers of the EpiPen] replied that he was untroubled [by critics of 10x price-gouging price hikes]. He raised both his middle fingers and explained, using colorful language, that anyone criticizing Mylan, including its employees, ought to go copulate with themselves. Critics in Congress and on Wall Street, he said, should do the same. And regulators at the Food and Drug Administration? They, too, deserved a round of anatomically challenging self-fulfillment.'
mylan  gfy  fda  us-politics  healthcare  medicine  epipen  nytimes 
june 2017
Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
RUSSIAN MILITARY INTELLIGENCE [GRU] executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.
politics  russia  nsa  leaks  us-politics  cyberattacks  gru  hacking  elections  spear-phishing  phishing  e-voting 
june 2017
usl4j And You | codahale.com
Coda Hale wrote a handy java library implementing a USL solver
usl  scalability  java  performance  optimization  benchmarking  measurement  ops  coda-hale 
june 2017
GDPR Advisors and Consultants - Data Compliance Europe
Simon McGarr's new consultancy:
Our consultancy helps our clients understand how EU privacy law applies to their organisations; delivers the practical and concrete steps needed to achieve legal compliance; and helps them manage their continuing obligations after GDPR comes into force. Our structured approach to GDPR provides a long-term data compliance framework to minimise the ongoing risk of potential fines for data protection breaches. Our continuing partnership provides regulator liaison, advisory consultancy, and external Data Protection Officer services.
gdpr  simon-mcgarr  law  privacy  eu  europe  data-protection  regulation  data 
may 2017
WHAT WENT WRONG IN BRITISH AIRWAYS DATACENTER IN MAY 2017?
A SPOF UPS. There was a similar AZ-wide outage in one of the Amazon DUB datacenters with a similar root cause, if I recall correctly -- supposedly redundant dual UPS systems were in fact interdependent, in that case, and power supply switchover wasn't clean enough to avoid affecting the servers.
Minutes later power was restored was resumed in what one source described as “uncontrolled fashion.” Instead of gradual restore, all power was restored at once resulting in a power surge.   BA CEO Cruz told BBC Radio this power surge  caused network hardware to fail. Also server hardware was damaged because of the power surge.

It seems as if the UPS was the single point of failure for power feed of the IT equipment in Boadicea House . The Times is reporting that the same UPS was powering both Heathrow based datacenters. Which could be a double single point of failure if true (I doubt it is)

The broken network  stopped the exchange of messages between different BA systems and application. Without messaging, there is no exchange of information between various applications. BA is using Progress Software’s Sonic [enterprise service bus].


(via Tony Finch)
postmortems  ba  airlines  outages  fail  via:fanf  datacenters  ups  power  progress  esb  j2ee 
may 2017
EpiBone Grows New Bones Using Stem Cells
To grow EpiBone, Tandon explained, scientists take a CT scan of the bone they’ll need to engineer. This helps them create a 3D model. Then, from the model, a 3D printer produces a scaffold (this can be made out of protein and collagen from animal bones or synthetic material). After that, they take stem cells from the patient out of their fat, and those cells are put into the scaffold and then incubated. They regenerate, and form around the bone. This process results in a bone that the body will recognize as the patient’s. The crazy part is that it only takes three weeks to grow a bone that’s personalized to the individual patient.
stem-cells  epibone  bone  body  healing  health  medicine  3d-printing 
may 2017
Scaling Amazon Aurora at ticketea
Ticketing is a business in which extreme traffic spikes are the norm, rather than the exception. For Ticketea, this means that our traffic can increase by a factor of 60x in a matter of seconds. This usually happens when big events (which have a fixed, pre-announced 'sale start time') go on sale.
scaling  scalability  ops  aws  aurora  autoscaling  asg 
may 2017
‘This is not the end’: Using immunotherapy to target genes gives cancer patients hope - The Washington Post
Pembrolizumab, marketed by Merck as Keytruda, is an anti-PD-1 immunotherapy drug now going through US trials, targeting malignancies with certain molecular characteristics.

Good trial results vs melanoma here: http://www.nejm.org/doi/full/10.1056/NEJMoa1503093
cancer  trials  drugs  pembro  anti-pd-1  immunotherapy  merck 
may 2017
After Seven Years, Microsoft Is Finally Fixing the "J" Email Bug
True story: when I started at Amazon, I thought people were using "J" instead of smileys as shorthand for "joking". Great job Microsoft!

(via Tony Finch)
microsoft  fail  operating-systems  monoculture  character-sets  j  wingdings  exchange  email 
may 2017
An empirical study on the correctness of formally verified distributed systems
We must recognise that even formal verification can leave gaps and hidden assumptions that need to be teased out and tested, using the full battery of testing techniques at our disposal. Building distributed systems is hard. But knowing that shouldn’t make us shy away from trying to do the right thing, instead it should make us redouble our efforts in our quest for correctness.
formal-verification  software  coding  testing  tla+  chapar  fuzzing  verdi  bugs  papers 
may 2017
GraphQL
a query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.


Now being used by Facebook and Github -- looks quite interesting.
apis  data  github  facebook  graphql  languages  types 
may 2017
JPM | Free Full-Text | Accuracy in Wrist-Worn, Sensor-Based Measurements of Heart Rate and Energy Expenditure in a Diverse Cohort
The ability to measure physical activity through wrist-worn devices provides an opportunity for cardiovascular medicine. However, the accuracy of commercial devices is largely unknown. The aim of this work is to assess the accuracy of seven commercially available wrist-worn devices in estimating heart rate (HR) and energy expenditure (EE) and to propose a wearable sensor evaluation framework. We evaluated the Apple Watch, Basis Peak, Fitbit Surge, Microsoft Band, Mio Alpha 2, PulseOn, and Samsung Gear S2.


tl;dr: wrist-based calorie counters were inaccurate by up to 93% in tests.
fitbit  microsoft  mio  pulseon  samsung-gear  apple  apple-watch  basis  gadgets  health  heart-rate  calorie-counters 
may 2017
Enough with the microservices
Good post!
Much has been written on the pros and cons of microservices, but unfortunately I’m still seeing them as something being pursued in a cargo cult fashion in the growth-stage startup world. At the risk of rewriting Martin Fowler’s Microservice Premium article, I thought it would be good to write up some thoughts so that I can send them to clients when the topic arises, and hopefully help people avoid some of the mistakes I’ve seen. The mistake of choosing a path towards a given architecture or technology on the basis of so-called best practices articles found online is a costly one, and if I can help a single company avoid it then writing this will have been worth it.
architecture  design  microservices  coding  devops  ops  monolith 
may 2017
'I've Got Nothing to Hide' and Other Misunderstandings of Privacy by Daniel J. Solove :: SSRN
In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument. When asked about government surveillance and data mining, many people respond by declaring: "I've got nothing to hide." According to the nothing to hide argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The nothing to hide argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings.


Via Fred Logue
law  philosophy  privacy  security  essay  papers  daniel-solove  surveillance  snooping 
may 2017
Skot Olsen -- Blessed Saint Architeuthis
Classic piece of freaky squid-related art, now purchaseable on giclee for $200! (very tempted)
Saint Architeuthis is the patron saint of doomed sailors. While the origins of the saint remain unclear, it's recent history and worship are well documented. Whalers who turned their attention to catching giant squid and sea serpents in the 19th century, began asking Saint Architeuthis for mercy whenever a hunt would go awry, which was fairly frequent. When hunting for such animals, one would sometimes be thrown over board or a boat would sink exposing the men to whatever was in the water at the time. A sailor would ask Saint Architeuthis for the quick and relatively painless death of drowning, rather than the hideous demise of being ripped apart by the beak of the squid or chewed up in the sea serpent's hideous maw. Often, men would have visions of Saint Architeuthis who would appear before them in the form of a gigantic, yet benevolent squid wearing a bishop's mitre and carrying tools of the squid hunter's trade.
art  squid  skot-olsen  prints  giclees  toget  weird 
may 2017
U.S. top court tightens patent suit rules in blow to 'patent trolls'
This is excellent news, and a death knell for the East Texas patent troll court (cf https://motherboard.vice.com/en_us/article/the-small-town-judge-who-sees-a-quarter-of-the-nations-patent-cases ):
The U.S. Supreme Court on Monday tightened rules for where patent lawsuits can be filed in a decision that may make it harder for so-called patent "trolls" to launch sometimes dodgy patent cases in friendly courts, a major irritant for high-tech giants like Apple and Alphabet Inc's Google.

In a decision that upends 27 years of law governing patent infringement cases, the justices sided with beverage flavoring company TC Heartland LLC in its legal battle with food and beverage company Kraft Heinz Co (KHC.O). The justices ruled 8-0 that patent suits can be filed only in courts located in the jurisdiction where the targeted company is incorporated.


via Brad Fitzgerald
via:bradfitz  patents  swpats  east-texas  law  trolls  supreme-court  infringement 
may 2017
Government urged to declare if it wants mandatory ID cards
“The move from a voluntary or small-scale project of Public Services Cards to requiring all passport and driving licence applicant to present these cards is very significant.” Dr TJ McIntyre, a UCD law lecturer and chairman of the privacy advocacy group Digital Rights Ireland said on Sunday these measures marked the introduction of a “national ID card by stealth” and he believed it was being done “in a way which appears to be illegal”.
privacy  government  ireland  id-cards  law 
may 2017
Sorry
hosted status page / downtime banner service
banners  web  status  uptime  downtime  ops  reliability 
may 2017
To Cite or to Steal? When a Scholarly Project Turns Up in a Gallery
What I was seeing was an announcement for a show by Jason Shulman at Cob Gallery called Photographs of Films. The press and interviews collected on the gallery’s website lauded a conceptual beauty and rigor in his work, but the only thing I could see was a rip-off. “Email for price list.” These images were unmistakably similar to the distinctive work I had been producing for years, and it was not long before friends started writing to let me know.
copyright  art  aggregation  averaging  images  movies  rip-offs  jason-shulman  jason-salavon  kevin-l-ferguson 
may 2017
Spotting a million dollars in your AWS account · Segment Blog
You can easily split your spend by AWS service per month and call it a day. Ten thousand dollars of EC2, one thousand to S3, five hundred dollars to network traffic, etc. But what’s still missing is a synthesis of which products and engineering teams are dominating your costs. 

Then, add in the fact that you may have hundreds of instances and millions of containers that come and go. Soon, what started as simple analysis problem has quickly become unimaginably complex. 

In this follow-up post, we’d like to share details on the toolkit we used. Our hope is to offer up a few ideas to help you analyze your AWS spend, no matter whether you’re running only a handful of instances, or tens of thousands.

segment  money  costs  billing  aws  ec2  ecs  ops 
may 2017
Seeking medical abortions online is safe and effective, study finds | World news | The Guardian
Of the 1,636 women who were sent the drugs between the start of 2010 and the end of 2012, the team were able to analyse self-reported data from 1,000 individuals who confirmed taking the pills. All were less than 10 weeks pregnant.

The results reveal that almost 95% of the women successfully ended their pregnancy without the need for surgical intervention. None of the women died, although seven women required a blood transfusion and 26 needed antibiotics.
Of the 93 women who experienced symptoms for which the advice was to seek medical attention, 95% did so, going to a hospital or clinic.

“When we talk about self-sought, self-induced abortion, people think about coat hangers or they think about tables in back alleys,” said Aiken. “But I think this research really shows that in 2017 self-sourced abortion is a network of people helping and supporting each other through what’s really a safe and effective process in the comfort of their own homes, and I think is a huge step forward in public health.”
health  medicine  abortion  pro-choice  data  women-on-web  ireland  law  repealthe8th 
may 2017
jantman/awslimitchecker

A script and python module to check your AWS service limits and usage, and warn when usage approaches limits.

Users building out scalable services in Amazon AWS often run into AWS' service limits - often at the least convenient time (i.e. mid-deploy or when autoscaling fails). Amazon's Trusted Advisor can help this, but even the version that comes with Business and Enterprise support only monitors a small subset of AWS limits and only alerts weekly. awslimitchecker provides a command line script and reusable package that queries your current usage of AWS resources and compares it to limits (hard-coded AWS defaults that you can override, API-based limits where available, or data from Trusted Advisor where available), notifying you when you are approaching or at your limits.


(via This Week in AWS)
aws  amazon  limits  scripts  ops 
may 2017
Hello Sandwich Tokyo Guide
a guide for people who like travelling like a local and visiting hidden places off the beaten track. There are tips on where to rent a bike, the best bike path, the best coffee, the best craft shops, the coolest shops, the cheapest drinks, the most delicious pizza, the best izakaya, the cutest cafes, the best rooftop bar, the coolest hotels (and the cheap and cheerful hotels), the loveliest parks and soooo much more.

It's a list of all of the places I frequent, making it a local insiders guide to Tokyo. Also included in the Hello Sandwich Tokyo Guide are language essentials and travel tips. It's the bloggers guide to Tokyo and if you'd like to visit the places seen on Hello Sandwich, then this guide is the zine for you.
shops  tourism  japan  tokyo  guidebooks 
may 2017
_Amazon Aurora: Design Considerations for High Throughput Cloud-Native Relational Databases_
'Amazon Aurora is a relational database service for OLTP workloads offered as part of Amazon Web Services (AWS). In this paper, we describe the architecture of Aurora and the design considerations leading to that architecture. We believe the central constraint in high throughput data processing has moved from compute and storage to the network. Aurora brings a novel architecture to the relational database to address this constraint, most notably by pushing redo processing to a multi-tenant scale-out storage service, purpose-built for Aurora. We describe how doing so not only reduces network traffic, but also allows for fast crash recovery, failovers to replicas without loss of data, and fault-tolerant, self-healing storage. We then describe how Aurora achieves consensus on durable state across numerous storage nodes using an efficient asynchronous scheme, avoiding expensive and chatty recovery protocols. Finally, having operated Aurora as a production service for over 18 months, we share the lessons we have learnt from our customers on what modern cloud applications expect from databases.'
via:rbranson  aurora  aws  amazon  databases  storage  papers  architecture 
may 2017
V2V and the challenge of cooperating technology
A great deal of effort and attention has gone into a mobile data technology that you may not be aware of. This is "Vehicle to Vehicle" (V2V) communication designed so that cars can send data to other cars. There is special spectrum allocated at 5.9ghz, and a protocol named DSRC, derived from wifi, exists for communications from car-to-car and also between cars and roadside transmitters in the infrastructure, known as V2I.

This effort has been going on for some time, but those involved have had trouble finding a compelling application which users would pay for. Unable to find one, advocates hope that various national governments will mandate V2V radios in cars in the coming years for safety reasons. In December 2016, the U.S. Dept. of Transportation proposed just such a mandate. [....] "Connected Autonomous Vehicles -- Pick 2."
cars  self-driving  autonomous-vehicles  v2v  wireless  connectivity  networking  security 
may 2017
Moom removed from sale due to patent violation claim | Hacker News
Well this sucks. Some scumbag applied for a patent on tiling window management in 2008, and it's been granted. I use Moom every day :(
moom  patents  bullshit  swpat  software  window-management  osx 
may 2017
don't use String.intern() in Java
String.intern is the gateway to native JVM String table, and it comes with caveats: throughput, memory footprint, pause time problems will await the users. Hand-rolled deduplicators/interners to reduce memory footprint are working much more reliably, because they are working on Java side, and also can be thrown away when done. GC-assisted String deduplication does alleviate things even more. In almost every project we were taking care of, removing String.intern from the hotpaths was the very profitable performance optimization. Do not use it without thinking, okay?
strings  interning  java  performance  tips 
may 2017
Fireside Chat with Vint Cerf & Marc Andreessen (Google Cloud Next '17) - YouTube
In which Vint Cerf calls for regulatory oversight of software engineering. "It's a serious issue now"
vint-cerf  gcp  regulation  oversight  politics  law  reliability  systems 
may 2017
The World Is Getting Hacked. Why Don’t We Do More to Stop It? - The New York Times
Zeynep Tufekci is (as usual!) on the money with this op-ed. I strongly agree with the following:
First, companies like Microsoft should discard the idea that they can abandon people using older software. The money they made from these customers hasn’t expired; neither has their responsibility to fix defects. Besides, Microsoft is sitting on a cash hoard estimated at more than $100 billion (the result of how little tax modern corporations pay and how profitable it is to sell a dominant operating system under monopolistic dynamics with no liability for defects).

At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, “pay extra money to us or we will withhold critical security updates” can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more.

Microsoft should spend more of that $100 billion to help institutions and users upgrade to newer software, especially those who run essential services on it. This has to be through a system that incentivizes institutions and people to upgrade to more secure systems and does not force choosing between privacy and security. Security updates should only update security, and everything else should be optional and unbundled.

More on this twitter thread: https://twitter.com/zeynep/status/863734133188681732
security  microsoft  upgrades  windows  windows-xp  zeynep-tufekci  worms  viruses  malware  updates  software 
may 2017
Physical separation of cyclists from traffic “crucial” to dropping injury rates, shows U.S. study
Citing a further study of differing types of cycling infrastructure in Canada, the editorial writes that an 89% increase in safety was noted on streets with physical separation over streets where no such infrastructure existed. Unprotected cycling space was found to be 53% safer.

In 2014 there were 902 recorded cyclists fatalities in America and 35,206 serious injuries. Per kilometre cycled fatalities per 100 million kilometres cycled sat at 4.7. In the Netherlands and Denmark those rates sit at 1 and 1.1, respectively.
cycling  infrastructure  roads  safety  accidents  cars  statistics  us  canada 
may 2017
Global ‘Wana’ Ransomware Outbreak Earned Perpetrators [just] $26,000 So Far
As thousands of organizations work to contain and clean up the mess from this week’s devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what’s being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam.
money  fraud  ransomware  wana  brian-krebs  bitcoin  cryptocurrency  viruses 
may 2017
A federal court has ruled that an open-source license is an enforceable contract — Quartz
“Not so,” said Judge Jacqueline Scott Corley in her order on the motion on April 25. Corley said the GNU GPL “provides that the Ghostscript user agrees to its terms if the user does not obtain a commercial license. Plaintiff alleges that Defendant used Ghostscript, did not obtain a commercial license, and represented publicly that its use of Ghostscript was licensed under the GNL GPU. These allegations sufficiently plead the existence of a contract.”
open-source  oss  ghostscript  gnu  gpl  licenses  contracts  law 
may 2017
Reddit Users Lose Real Money After Meme Currency Bot Dies
dogetipbot runs out of money in another cryptocurrency omnishambles. 'Very lies, such betrayal, WOW.'
bitcoin  reddit  doge  dogetipbot  bots  memes  ffs  shambles  dogecoin 
may 2017
Quividi - Leader in Attention Analytics
more "Anonymous Video Analytics" which is currently deployed in Dublin on-street billboards by a company called Orb with cameras pointing into public spaces. I am very curious whether this is legal under Irish DPA law given that sensitive personal data (your face) is being, while not _stored_ per se, _processed_ by this system without any provision for opt-in/opt-out.
advertising  privacy  technology  tracking  opt-in  quividi  orb 
may 2017
_Optimal Probabilistic Cache Stampede Prevention_ [pdf]
'When a frequently-accessed cache item expires, multiple requests
to that item can trigger a cache miss and start regenerating
that same item at the same time. This phenomenon,
known as cache stampede, severely limits the performance
of databases and web servers. A natural countermeasure to
this issue is to let the processes that perform such requests
to randomly ask for a regeneration before the expiration
time of the item. In this paper we give optimal algorithms
for performing such probabilistic early expirations. Our algorithms
are theoretically optimal and have much better
performances than other solutions used in real-world applications.'

(via Marc Brooker)
via:marcbrooker  caching  caches  algorithm  probabilistic  expiration  vldb  papers  expiry  cache-miss  stampedes 
may 2017
iKydz
'Total Parent Control' for kids internet access at home. Dublin-based product, dedicated wifi AP with lots of child-oriented filtering capabilities
filtering  security  ikydz  kids  children  internet  wifi  ap  hardware  blocking 
may 2017
Repair and Leasing Scheme - Peter Mc Verry Trust
Minister Simon Coveney and the Department of Housing have provided funding of €32 million in 2017 for the Repair and Leasing Programme and set a target of 800 units to be delivered this year (2017). A total of €140 million has been allocated to the repair and leasing scheme over the lifetime of Rebuilding Ireland.

The Repair and Leasing Scheme at a Glance:

Targets Properties Empty or Derelict for 1 Year or more

Grants to Property owners of up to €40,000 to get properties back into use

Lease Terms of 10, 15 or 20 Years

State Guaranteed Rental Income for Duration of Lease

Property and Tenants Managed by Approved Housing Bodies [the Peter McVerry Trust in D1,
D3, D7 and D9]
peter-mcverry  homelessness  dublin  housing  repair  derelict-buildings  homes  ireland  property 
may 2017
Uuni
"The world's best portable wood-fired oven". Fergal has one and loves it. $299
uuni  pizza  oven  outdoor  food  cooking  gadgets 
may 2017
Nick Mathewson on Twitter
"Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing."


Words to live by....
ffu  funny  the-abyss  life  work  experts  expertise  sme 
may 2017
The Push Train
Excellent preso from Dan McKinley on the Etsy-based continuous delivery model, and what he learned trying to apply it after Etsy:
It’s notable that almost all of the hard things we dealt with were social problems. Some of these solutions involved writing code, but the hard part was the human organization. The hard parts in were maintaining a sense of community ownership over the state of the whole system.
etsy  ci  cd  deployment  devops  deploys  dan-mckinley  mcfunley  presentations 
may 2017
AIY Projects Voice Kit
This looks nifty!
This project demonstrates how to get a natural language recognizer up and running and connect it to the Google Assistant. Along with everything the Google Assistant already does, you can add your own question and answer pairs. All in a handy little cardboard cube, powered by a Raspberry Pi.


(via sergio)
voice  google  aiy-projects  cardboard  hacks  raspberry-pi 
may 2017
Backdooring an AWS account
eek. Things to look out for on your AWS setup:
So you’ve pwned an AWS account — congratulations — now what? You’re eager to get to the data theft, amirite? Not so fast whipper snapper, have you disrupted logging? Do you know what you have? Sweet! Time to get settled in. Maintaining persistence in AWS is only limited by your imagination but there are few obvious and oft used techniques everyone should know and watch for.
aws  security  hacks  iam  sts 
may 2017
Online security won’t improve until companies stop passing the buck to the customer
100% agreed!
Giving good security advice is hard because very often individuals have little or no effective control over their security. The extent to which a customer is at risk of being defrauded largely depends on how good their bank’s security is, something customers cannot know.

Similarly, identity fraud is the result of companies doing a poor job at verifying identity. If a criminal can fraudulently take out a loan using another’s name, address, and date of birth from the public record, that’s the fault of the lender – not, as Cifas, a trade organisation for lenders, claims, because customers “don’t take the same care to protect our most important asset – our identities”.
cifas  uk  passwords  security  regulation  banking  ncsc  riscs  advice 
may 2017
« earlier      later »
abuse ads ai algorithms amazon analytics android anti-spam apache apple apps architecture art automation aws banking big-data bitcoin books bugs build business cars cassandra censorship children china cli coding compression concurrency containers copyright crime crypto culture cycling data data-protection data-structures databases dataviz debugging deployment design devops distcomp distributed dns docker driving dublin ec2 email eu europe exploits facebook fail false-positives fault-tolerance filesharing filtering food fraud funny future games gaming gc gchq git github go google government graphics hacking hacks hadoop hardware hashing health history home http https images internet ios ip iphone ireland isps java javascript journalism jvm kafka kids lambda languages latency law legal libraries life linux load-balancing logging machine-learning malware mapping maps medicine memory metrics microsoft ml mobile money monitoring movies mp3 music mysql netflix network networking news nosql nsa open-source ops optimization outages packaging papers patents pdf performance phones photos piracy politics presentations privacy programming protocols python recipes redis reliability replication research ruby russia s3 safety scala scalability scaling scams science search security shopping silicon-valley slides snooping social-media society software space spam sql ssl startups statistics storage streaming surveillance swpats sysadmin tcp tech technology testing time tips tls tools travel tuning tv twitter ui uk unix us-politics via:fanf via:nelson video web wifi work youtube

Copy this bookmark:



description:


tags: