Sunday morning at our house

Oct. 26th, 2014 08:08 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

Intuiting that I wanted to take a picture of her asleep, A wakes up for the day:

Waking up Why isn't anyone else awake?

You just wish the camera had remotely focused on her while she was rubbing her eyes! SO CUTE.

Meanwhile, V woke up long enough to crawl into our bed shortly after dawn, and won’t again for a while:

Not waking up

A actually had a rough night. She was crying inexplicably in the night (very unusual, usually it’s clear she wants milk), and then just when Andrew had settled her back in her cot, with no warning two bolts of lightning struck so close by it sounded like we were being personally shot at by the heavens. Andrew said less than a second between bolt and clap, so perhaps in our street or the same block. I had heard a car alarm go off. About equivalent to the time several years ago we heard a huge clap of thunder and looked down the street to see a tree beginning to smoke.

V slept right through it as far as I know, A slept through the first clap but not the second and took a long time to sleep again.

[syndicated profile] adulting_feed

This is from Ina Garten, whom I think we can all agree is the best. If you’re having people over for dinner, figure out what time you want to serve dinner, then count backward from there, taking into account how long each component will take.

Then, type it out into a schedule, and voila! No more wondering when you should put the potatoes in. It’s on the ding-dang schedule!

For the record, I’m typing this WHILE watching 30 Rock.

Unbreakable filter

Oct. 24th, 2014 09:13 pm
[syndicated profile] garethheyes_feed

Posted by Gareth Heyes

I was bored so I thought I’d take a look at Ashar’s filters. I noticed he’d done a talk about it at Blackhat Europe which I was quite surprised at. Then I came across the following blog post about the talk which I pretty much agreed with. That blog post links to his filters so you can try them out yourself.

The first one is basically multiple JavaScript regexes which are far too generic to be of any value. For example “hahasrchaha” is considered a valid attack =) because it has “src” in. I’m not joking. The regexes are below.


function test(string) {
var match = /

Call Me Linkspam

Oct. 24th, 2014 08:41 pm
[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • It’s Ada Lovelace Day: Get Angry | Garann Means (October 14): “It’s Ada Lovelace Day and we’re supposed to talk about the women in technology who’ve inspired us. The women who inspire me are those who’ve taken the frightening step of lessening their culpability by decreasing their participation. While it’s courageous to remain in tech/on the internet and try to make it a better place, you can’t get around the compromise in doing so.”
  • When Women Stopped Coding | NPR Planet Money (October 21): “These early personal computers weren’t much more than toys. You could play pong or simple shooting games, maybe do some word processing. And these toys were marketed almost entirely to men and boys. This idea that computers are for boys became a narrative. It became the story we told ourselves about the next computing revolution.”
  • Online Harassment | PEWResearch Internet Project (October 22): “In broad trends, the data show that men are more likely to experience name-calling and embarrassment, while young women are particularly vulnerable to sexual harassment and stalking.”
  • Breaking gender and racial barriers in Netrunner | Gamasutra (October 20): “Netrunner is a lovely and beloved experience for all those reasons, but the game is worth championing for other ideas that go beyond its smart design too. It’s also worth celebrating because Netrunner is one of the most progressive games in terms of gender and minority representation today.”
  • Life and Times of a Tech Feminist Killjoy: The Cuts Leave Scars | Julie Pagano (October 6): “After years of pushing yourself and being stretched too thin, you lose the flexibility you once had to bounce back. You snap more easily. The paper cuts are harder to brush off. You are likely to be punished for this. You will be seen simultaneously as too sensitive and too harsh.”
  • Marvel’s Victoria Alonso wants a female superhero movie, calls for more women in VFX | Variety (October 20th): “You’ve got to get the girls in here, boys. It’s better when it’s 50-50,” she continued. “I have been with you beautiful, handsome, talented, creative men in dark rooms for two decades and I can tell you those rooms are better when there are a few of us in them. So as you take this with you, please remember that it’s OK to allow the ladies in. They’re smart, they’re talented. They bring a balance that you need.”

#Gamergate

  • The only thing I have to say about gamer gate | Felicia Day (October 22): “I know it feels good to belong to a group, to feel righteous in belonging to a cause, but causing fear and pushing people away from gaming is not the way to go about doing it. Think through the repercussions of your actions and the people you are aligning yourself with. And think honestly about whether your actions are genuinely going to change gaming life for the better.”
  • Felicia Day’s worst Gamergate fears just came true | The Daily Dot (October 23): “Day wrote of realizing after crossing the street to avoid two gamers she saw in Vancouver that she had allowed Gamergate to enhance her fear of other people within her community. Her post was an attempt to conquer that fear and to urge other women to do the same.But less than an hour after describing her past experiences with stalkers in the post, a commenter showed up to do the one thing she feared would happen.”
  • Why #Gamergate is actually an ed tech issue | Medium (October 20): “It’s not simply the hyper-macho shoot ‘em up games, either. I’ve had girls leave Minecraft because of misogynist threats. Apparently, this isn’t an isolate case. Others have seen the same thing. If we want to talk about integrating games into the classroom, we need to rethink what culture we’re inviting in.”
  • Gamergate goons can scream all they want, but they can’t stop progress | Wired (October 21): “Even more fascinating is how these insecurities have allowed some gamers to consider themselves a downtrodden minority, despite their continued dominance of every meaningful sector of the games industry, from development to publishing to criticism. That demonstrates a strange and seemingly contradictory “overdog” phenomenon: The most powerful members of a culture often perceive an increase in social equality as a form of persecution.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Friday Favs 10/24/14

Oct. 24th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Some of my favorite submissions this week:

 

October is Breast Cancer Awareness Month, so it's nice to see bakers doing their part:

...to make pink ribbons look like ding-a-lings.

 

You know how they say the most important thing is to just never stop trying?

Please stop trying, bakers.

Please.

 

Mary ordered a cupcake cake (patooie!) in the shape of a number 6 for her daughter, but I guess the baker ran out of cupcakes, so...

This birthday is brought to you by 3/4 of the number 0.

Thanks for nothing.

 

How Twitter has ruined us all:

#Wrecktastic

 

And finally, Catherine told the baker her son's name was "Stephen with a PH."

She got this:

 

Thanks to Amber G., Diana E., Mary G., Meredith N., & Catherine J. for the phweet phurprise.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

My notes from John Reid‘s talk at iOSDevUK.

digital wires

Credit: DeviantArt / LoneWolfAssassin

Barriers to TDD. Two primary:

  • Not knowing what it is. Rejecting it as silly without giving it a try. A good try, as there is a learning curve. It will slow you down at first. If you give up before the payoff then you will say “oh that was stupid”.
  • UI and Networking. On iOS most of what we do is UI and networking, rules out 90% of app, so not really useful.

EBay Fashion app. All test driven.

3 Types of Unit test:

  • Return value test
  • State test
  • Interaction test

Patterns of testing. The Design Patterns book, the Gang of Four never intended it to be the beginning and end of design patterns.

Not going to be rocket since. About getting through the barrier. Writing unit tests after if necessary, but ideally before.

Return Value Test:

  • Arrange: set up object.
  • Act: Call method that returns a value.
  • Assert: Compare against expected value.

With this alone, you should be able to get a very far distance. Onboarding engineers at Facebook, teach them not to be shy about extracting stand alone functions. Helps overcome that barrier.

State test:

  • Arrange: Set up object.
  • Act: Call method.
  • Assert: Compare against expected value.

Since interested in a side effect, just need an additional call to verify state. Should be able to write quite a few tests with these two techniques.

Interaction Test:

Don’t need to be isolated units. They can be connected, as long as they are fast. Check that the system under test (SUT) is communicating correctly to something else.

Don’t want to talk to the real thing:

  • Takes too long.
  • Might not be there.
  • May not have everything (don’t want to use things up).
  • Might want to test the failure (normal end to end tests).

Want a fake thing that the test can control. Need dependency injection, if the middle thing is creating the end thing, it’s hard to test.

Dependency Injection:

  • Extract and Override.
  • Method injection.
  • Property injection.
  • Constructor injection.

Difference between having a singleton, and a single way to access a singleton. E.g. NSUserDefaults. Don’t want to access it in this way.

Extract and Override: read “Working Effectively with Legacy Code” (Amazon).

TDD was working for me in a greenfield project, but how many of us get to stay in such a place?

Seams

Make a cut – subclass, override “userDefaults”, do what you want. Very powerful. Very effective with legacy code. Very dangerous. Like a drug. But will end up with the bane of testing code, fragile tests, because tests are coupled to implementation.

For getting started, especially with legacy code – good technique.

Method Injection

Better for other things, like calling “[NSDate date]” – will cause havoc with tests. Can swizzle, or just pass in what time you want. Now you will have a method that does more, now it’s tied to any time, not the current time. Helpful as context for injected object is very small. When spans across method, probably want to hang on to it as a property.

Test can inject the fake thing. But what about production code? Can end up with nil. Objective C will be like “whatever”.

Create custom getter with lazy eval. If no value, get the default value.

Inject in constructor – workhorse of dependency injection. Biggest benefit, makes everything explicit.

Can be annoying to have everything explicit. Long chain of dependencies is a code smell – you have too many dependencies.

Even then, you can simplify that, by using a Builder. Builder pattern creates the object you want according to however it is set. Set in any order, or not set and have it have defaults.

Constructor injection is the main one.

Ambient Context. Change something globally. Swizzling is an example of this. You can, sometimes helpful. But dangerous. Have to have your test restore the pre-test condition.

Let’s learn some good things from other people in other disciplines. There are plenty of smart people who are not using Obj-C

Interaction Test

Types of Fakes: The Art of Unit Testing

  • Stub: Fake that provides a pre-canned answer.
  • Mock: Recording how it is called by the SUT, so that it can assert.
  • Difference is which way the test is pointing to make it’s assertion.

Don’t need a DI framework in order to do DI as a concept.

Mocking, if never mocked before don’t use OCMock or OCMockito at first. Use them eventually. Meanwhile, you can make your own fake. Subclass and override all methods. Test Driven iOS development, means don’t have to do that in Obj-C. Dynamic language, supports DuckTyping.

Subclass NSObject. Put the method in. Use a simple property to record the number of calls. Have a fake return value (if unspecified is nil). Capture arguments.

Interesting thing about doing by hand, answers question of “what do we do in swift”. No introspection available to us. Do it by hand, laborious, might cry a little bit, but nothing stopping us.

Now we have a mock, use it. Start writing some tests.

[syndicated profile] epbot_feed

Posted by Jen

I hope you guys are ready for a LOT of amazing new geek art this month, because I, uh, kind of got carried away.  o.0

ONWARD!!

Let's kick things off with some Never Ending Story goodness:

 "Neverending" 8X12 print, $12

Those colors! YES.


I had a terrible time picking my favorites over at CocoMilla's Etsy store; there are WAY too many awesome choices:





Her watercolor prints start at $15 for 6X8 prints, and she has larger sizes available, too. Go see the rest; from Disney to gaming, she's got a little of everything!


Michael Banks of Suger Fueled makes adorably creepy big-eyed art, and even better, his ACEO prints are only $4!

He also has a huge selection of 8X12 prints for $12 each:





And since it IS October, how about this cutie from Sydey Hanson?
"Little Bat" 8X10 print, $12

Not quite as Halloweeny, but I'm totally smitten with Sydney's bumble bee:

"Bumblebee" 8X10 print, $12

D'awww. I'm actually terrified of anything that stings, but this guy I want to snuggle.


From Love Ashley Designs, a perfectly Wicked piece:
"Are You A Good Witch Or A Bad Witch?" 10X10 print, $25

Tempted to get this one for John, since he's forever singing "Popular." Which is hilarious.


Artist Wisesnail, aka Namecchan, has some amaaazing Guardians of the Galaxy prints:


WOW. And the 8X10s are only $15! (She has larger sizes, too.)

I'm also REALLY digging her Jim Moriarty:

7X10 print, $15

Love how the background looks like smokey flames!


Epbot reader Candace happens to be married to a Pixar animator, Victor Navone, and he generously donated this sweet Wall-E print for the give-away board:

The white surround is much larger than this, but that's all that would fit in my scanner. :) 


And speaking of the give-away board, here are some more of my new additions:

"I Am Who," by my buddy Charlie Thurston.
(You can buy it at the link for $10)

"Iron Giant Superman #1" by Matthew Waite

That's a mash-up of Iron Giant with the first Superman Comic, btw, which is brilliant if you know the movie.  Since Waite only sells at conventions, I picked this one up for the board. Check out the rest of his work over on DeviantArt or Tumblr.


From another of my good friends, Bianca Roman-Stumpff:

SO CUTE.

 (Groot is the new darling of Artist Alleys everywhere, and I am definitely not complaining.)

Most of Bianca's work still isn't available online (HINT HINT BIANCA), so she donated that one for the board!

She's also been churning out new Puff Monsters, which you *can* buy online through her Facebook page or sometimes her Etsy shop.

 The pumpkin one! Ah! And I ended up buying the blue & white one clapping in the middle.

Bianca also has a few prints available over on Society6, so you can check over there for more.


Remember Tampa Fanboy Expo, the convention last month where I fangirled over James Hance? Well, right next to him was Andrew "Drone" Cosson, and I FLIPPED over his baby Groot:

I've had this hanging in my office for over a month now, and I JUST NOW realized it looks like he's flipping us the bird. Which somehow makes him even cuter.

Andrew told me he'd just sold the companion Rocket Raccoon painting, and even worse, HE DIDN'T TAKE A PHOTO! Nooo!
So to console myself, I also bought these two original ink drawings from him:

Who else wants Andrew to make a Doctor Who coloring book now?

Andrew doesn't have a website or even an online portfolio, which is downright criminal. He directed me to his personal Facebook page, but I don't think he has everything there. I also can't believe he doesn't scan his original paintings to make prints! Arg! So Andrew, if you see this, please, GET THEE TO ETSY. Or Society6. Or DeviantArt. Or something.

Ahem.

Also at Tampa Fanboy, there was the delightful duo of Jennipho, who sculpts 3D sweetness like this:




... and Victoria, who paints & draws sweetness like this:

Her prints start at just $7!

John had to drag me away from their booth, since I kept going back to chat. They're both super friendly and uber talented, so definitely check out both sites!

And finally, since this is too perfect to show off right before Halloween, check out what John just got for his game room:

Haha!

John says he either wants a picture of me in it, looking appropriately terrified, or a drawing of a uvula. I'm lobbying for the uvula.

The artist, Myrcury's Toybox, was at a local street show event here in Orlando last week, and we couldn't stop giggling over her tiny monster frames. Check out her Etsy shop for more, plus fun skull & monster eye hair clips, original art, and painted coffin boxes like these:



K, guys, that does it for this month's roundup! Now, you know the drill: comment below for a chance to win your choice of art from my Pinterest Art Give-Away Board! I'll ship anywhere, so international comments are welcome! (Last month I sent art to Africa and Australia. SO COOL. And expensive. But mostly cool.)

I'll announce my randomly-selected winner sometime next week. Happy commenting, everyone, and happy weekend!

First days of school

Oct. 24th, 2014 09:14 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

As foretold in the prophecies, V recently began his two day a week “Headstart” kindergarten transition program earlier this week.

Here he is in the playground waiting for it to begin:

First day of "school"

And here he is settling in with one of the classroom tasks (they had three tables set up, one with drawing, one with craft, and one with puzzles):

First piece of school work

He drew this, and explained that it is the sun and a path, indicating a winding path with gestures:

First school "work"

I asked if he wanted to add some more colours or make any changes and he firmly said no. I was both impressed that he drew something that is indeed clearly the sun and a winding path in under a minute, and a bit startled that he doesn’t have any idea that it can be worth putting more than a minute into artwork, or at least it can be fun. All with time, I guess.

The parents awkwardly stuck around for about half an hour, waiting, I think, for some kind of firm signal to be gone. When none came, we all slowly drifted out one by one. I don’t think any kids were especially distressed. V wanted a few cuddles while I was still there.

When I picked V up (at 2:30pm I pick him up, walk him to daycare, and leave again, it’s going to be a nightmare) he took me to the smart board, which was showing a class photo they’d taken the first morning and he pointed firmly at “my friend”. I asked what her name was, he said he didn’t know. As we walked to daycare, I asked him for more details of the day and he informed me that it was a SECRET and he COULDN’T tell me, which is a novel variation on the traditional answer to asking a kid about their school day: “um, I don’t know”.

The second day went fine. There was a very small parent morning tea after with a few parents and then we left. After school, he told me he played with “my boy friend” because “my girl friend” hadn’t been there. (This may be so, there are a surprising number of children only going to one of the two days each week.) And he recounted in some detail how the toilets are gender-segregated. (This has in the past interested him about ski school and the pool. It’s not true of his pre-school.)

Now it’s all about how to fit his schooling into our life. I’ve already set up an elaborate calendar for the days when Andrew will have to leave work for the 2:30pm transition because I’m working in the city or out of town. (Five times total, out of sixteen days.) This goes with the elaborate and constantly updated calendar of who drops the children at daycare and picks them up each day. This will all get a bit easier next year when he can access the after-school care, but even so.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

In the interests of full disclosure: Sourcebooks – the company that on Nov. 18 is publishing my upcoming book about organized cybercrime — disclosed last week that a breach of its Web site shopping cart software may have exposed customer credit card and personal information.

Fortunately, this breach does not affect readers who have pre-ordered Spam Nation through the retailers I’ve been recommending — Amazon, Barnes & Noble, and Politics & Prose.  I mention this breach mainly to get out in front of it, and because of the irony and timing of this unfortunate incident.

From Sourcebooks’ disclosure (PDF) with the California Attorney General’s office:

“Sourcebooks recently learned that there was a breach of the shopping cart software that supports several of our websites on April 16, 2014 – June 19, 2014 and unauthorized parties were able to gain access to customer credit card information. The credit card information included card number, expiration date, cardholder name and card verification value (CVV2). The billing account information included first name, last name, email address, phone number, and address. In some cases, shipping information was included as first name, last name, phone number, and address. In some cases, account password was obtained too. To our knowledge, the data accessed did not include any Track Data, PIN Number, Printed Card Verification Data (CVD). We are currently in the process of having a third-party forensic audit done to determine the extent of this breach.”

So again, if you have pre-ordered the book from somewhere other than Sourcebook’s site (and that is probably 99.9999 percent of you who have already pre-ordered), you are unaffected.

I think there are some hard but important lessons here about the wisdom of smaller online merchants handling credit card transactions. According to Sourcebooks founder Dominique Raccah, the breach affected approximately 5,100 people who ordered from the company’s Web site between mid-April and mid-June of this year. Raccah said the breach occurred after hackers found a security vulnerability in the site’s shopping cart software.

Shopping-Cart-iconExperts say tens of thousands of businesses that rely on shopping cart software are a major target for malicious hackers, mainly because shopping cart software is generally hard to do well.

“Shopping cart software is extremely complicated and tricky to get right from a security perspective,” said Jeremiah Grossman, founder and chief technology officer for WhiteHat Security, a company that gets paid to test the security of Web sites.  “In fact, no one in my experience gets it right their first time out. That software must undergo serious battlefield testing.”

Grossman suggests that smaller merchants consider outsourcing the handling of credit cards to a solid and reputable third-party. Sourcebooks’ Raccah said the company is in the process of doing just that.

“Make securing credit cards someone else’s problem,” Grossman said. “Yes, you take a little bit of a margin hit, but in contrast to the effort of do-it-yourself [approaches] and breach costs, it’s worth it.”

What’s more, as an increasing number of banks begin issuing more secure chip-based cards  — and by extension more main street merchants in the United States make the switch to requiring chip cards at checkout counters — fraudsters will begin to focus more of their attention on attacking online stores. The United States is the last of the G20 nations to move to chip cards, and in virtually every country that’s made the transition the fraud on credit cards didn’t go away, it just went somewhere else. And that somewhere else in each case manifested itself as increased attacks against e-commerce merchants.

If you haven’t pre-ordered Spam Nation yet, remember that all pre-ordered copies will ship signed by Yours Truly. Also, the first 1,000 customers to order two or more copies of the book (including any combination of digital, audio or print editions) will also get a Krebs On Security-branded ZeusGard. So far, approximately 400 readers have taken us up on this offer! Please make sure that if you do pre-order, that you forward a proof-of-purchase (receipt, screen shot of your Kindle order, etc.) to spamnation@sourcebookspr.com.

Pre-order two or more copies of Spam Nation and get this "Krebs Edition" branded ZeusGard.

Pre-order two or more copies of Spam Nation and get this “Krebs Edition” branded ZeusGard.

[syndicated profile] geekfeminism_feed

Posted by Annalee

Content warning: stalking, harassment, threats, violence–GamerGate, basically.

Geek Feminism’s lack of a statement about the GamerGate hate campaign has felt conspicuous to me. We’re a community dedicated to promoting justice and equality within geek communities. Documenting harassment and abuse in geek communities is one of our biggest projects. GamerGate is on our beat.

But while our fabulous team of linkspammers has been on top of the story, we haven’t put up a statement.

I spoke to some of our other bloggers about ways we could respond. The conversation we had was pretty illustrative.

Here are the ideas we had, and why we discarded them:

1: A “Seriously, Fuck GamerGate” Post

Why we didn’t:

“Fuck GamerGate” is a fairly obvious statement from us. It might be satisfying to say, but it adds little to the conversation.

And women who’ve said it before us have been stalked, harassed, doxxed, and threatened–some to the point of fleeing their homes.

2. A statement of support for GamerGate’s victims

Why we didn’t:

Telling folks we support them is nice, but it doesn’t provide the victims of these terror campaigns with the practical support they need to protect themselves. Talking about them has a very high chance of exposing them to even more abusers. When you’re the target of an organized campaign of terror, the last thing you need is more attention.

And women who’ve made statements of support have been stalked, harassed, doxxed, and threatened–some to the point of fleeing their homes.

3. An Ada Lovelace-style celebration of women in gaming, where we encourage folks to blog about games they love by women, and women in gaming who inspire them.

Why we didn’t:

We didn’t want to paint a target on anyone’s back.

Women in gaming who’ve gotten positive attention have been stalked, harassed, doxxed, and threatened–some to the point of fleeing their homes.

4. Present an iron hide and dare them to bring it.

Some of us feel guilty for not telling GamerGaters exactly where they can shove the horseshit they have the temerity to present as discourse.

Why we didn’t:

We want to live in a world where terror campaigns like this are ineffective; where that which does not kill us makes us stronger; where good triumphs over obtuse, selfish, cowardly evil. But wanting to live in that world doesn’t make that world real. In this world, oppression and injustice have built a system whereby that which does not kill us often leaves us personally and professionally damaged.

The fantasy that bravado would win the day is appealing, but daring abusers to come for us won’t do anything constructive. As much as we might want to put ourselves between GamerGate and its victims, we can’t. There are too many of them to successfully draw their fire.

We’d just end up getting stalked, harassed, doxxed, and threatened–possibly to the point of fleeing our homes.

By now, you’ve surely noticed the theme here.

It’s tempting to offer cheap platitudes to the women who’ve been the focus of these abuse campaigns, or those who might become them. To tell them to be brave, to speak their truth, to not let violent assholes scare them.

Platitudes won’t keep the cesspits of the internet from backflowing into their homes and workplaces. Platitudes won’t secure their computers and personal information; protect their families from detailed, sexually-explicit death threats; walk their kids to school; or stay at home to protect their pets while they’re at work. Platitudes won’t explain to their bosses why their companies’ websites are being DDOSed. Platitudes won’t stop bullets.

So before you lament how terrible it is to ‘let them win’ by being silent, please stop and think of a better way to phrase “I want to live in a world where the victims of abuse campaigns have a winning move.” Don’t ask women to sacrifice their names, careers, and safety to the fantasy that life is fair.

Telling women to be brave and speak up is telling them to face a violent horde unarmed. We don’t have an effective defense against these terror campaigns. We desperately need one. We’re going to follow up and see if we can develop any effective strategies.

In the meantime, I’ve already painted the target on my back, so I might as well say it.

Fuck GamerGate.

Wedding Wrecks, Vol. 345

Oct. 23rd, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

They wanted bubbles:

 

They got sprinkles.

Mm, crunchy.

 

They wanted this:

 

They got... this:

("Hang on, you can still see some icing. BRING MORE FLOWERS!")

 

And finally,

Jessica wanted this:

... but what she got was so bad that her photographer decided it'd be too much to have the whole cake in frame, and so focused on some guy in the background checking his phone instead:

Good job, Jessica's photographer.

 

Thanks to Anony M., Sonya J., & Jessica K., who like to think that guy is reading Cake Wrecks, because, dude, SO META.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] geekfeminism_feed

Posted by Leigh Honeywell

This is another round of Geek feminism classifieds – now quarterly! If you’re looking to hire women, find some people to participate in your study, find female speakers, or just want some like-minded folk to join your open source project, this is the thread for you!

Here’s how it works:

  1. Geeky subjects only. We take a wide view of geekdom, but if your thing isn’t related to an obviously geeky topic, you’ll probably want to give a bit of background on why the readers of Geek Feminism would be interested.
  2. Explain what your project/event/thing is, or link to a webpage that provides clear, informative information about it. Ideally you’ll also explain why geek women might find it particularly awesome.
  3. Explain what you’re looking for. Even if it’s not a job ad, think of it like one: what is the activity/role in question, and what would it involve? What is the profile of people you’re looking for?
  4. GF has international readership, so please be sure to indicate the location if you’re advertising a job position, conference, or other thing where the location matters. Remember that city acronyms aren’t always known world-wide and lots of cities share names, so be as clear as possible! (That is, don’t say “SF[O]” or “NYC” or “Melb”, say “San Francisco, USA”, “New York City, USA” or “Melbourne, Australia”.) And if you can provide travel/relocation assistance, we’d love to know about it.
  5. Keep it legal. Most jurisdictions do not allow you to (eg.) advertise jobs for only people of a given gender. So don’t do that. If you are advertising for something that falls into this category, think of this as an opportunity to boost the signal to women who might be interested.
  6. If you’re asking for participants in a study, please note Mary’s helpful guide to soliciting research participation on the ‘net, especially the “bare minimum” section.
  7. Provide a way for people to contact you, such as your email address or a link to apply in the case of job advertisements. (The email addresses entered in the comment form here are not public, so readers won’t see them.)
  8. Keep an eye on comments here, in case people ask for clarification or more details. (You can subscribe to comments via email or RSS.)

If you’d like some more background/tips on how to reach out to women for your project/event/whatever, take a look at Recruiting women on the Geek Feminism Wiki.)

Good luck!

Linux Container Security

Oct. 23rd, 2014 08:44 am
[personal profile] mjg59
First, read these slides. Done? Good.

Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment[1].

Does this mean containers provide reduced security? That's an arguable point. In the event of a new kernel vulnerability, container-based deployments merely need to upgrade the kernel on the host and restart all the containers. Full VMs need to upgrade the kernel in each individual image, which takes longer and may be delayed due to the additional disruption. In the event of a flaw in some remotely accessible code running in your image, an attacker's ability to cause further damage may be restricted by the existing seccomp and capabilities configuration in a container. They may be able to escalate to a more privileged user in a full VM.

I'm not really compelled by either of these arguments. Both argue that the security of your container is improved, but in almost all cases exploiting these vulnerabilities would require that an attacker already be able to run arbitrary code in your container. Many container deployments are task-specific rather than running a full system, and in that case your attacker is already able to compromise pretty much everything within the container. The argument's stronger in the Virtual Private Server case, but there you're trading that off against losing some other security features - sure, you're deploying seccomp, but you can't use selinux inside your container, because the policy isn't per-namespace[2].

So that seems like kind of a wash - there's maybe marginal increases in practical security for certain kinds of deployment, and perhaps marginal decreases for others. We end up coming back to the attack surface, and it seems inevitable that that's always going to be larger in container environments. The question is, does it matter? If the larger attack surface still only results in one more vulnerability per thousand years, you probably don't care. The aim isn't to get containers to the same level of security as hypervisors, it's to get them close enough that the difference doesn't matter.

I don't think we're there yet. Searching the kernel for bugs triggered by Trinity shows plenty of cases where the kernel screws up from unprivileged input[3]. A sufficiently strong seccomp policy plus tight restrictions on the ability of a container to touch /proc, /sys and /dev helps a lot here, but it's not full coverage. The presentation I linked to at the top of this post suggests using the grsec patches - these will tend to mitigate several (but not all) kernel vulnerabilities, but there's tradeoffs in (a) ease of management (having to build your own kernels) and (b) performance (several of the grsec options reduce performance).

But this isn't intended as a complaint. Or, rather, it is, just not about security. I suspect containers can be made sufficiently secure that the attack surface size doesn't matter. But who's going to do that work? As mentioned, modern container deployment tools make use of a number of kernel security features. But there's been something of a dearth of contributions from the companies who sell container-based services. Meaningful work here would include things like:

  • Strong auditing and aggressive fuzzing of containers under realistic configurations
  • Support for meaningful nesting of Linux Security Modules in namespaces
  • Introspection of container state and (more difficult) the host OS itself in order to identify compromises

These aren't easy jobs, but they're important, and I'm hoping that the lack of obvious development in areas like this is merely a symptom of the youth of the technology rather than a lack of meaningful desire to make things better. But until things improve, it's going to be far too easy to write containers off as a "convenient, cheap, secure: choose two" tradeoff. That's not a winning strategy.

[1] Companies using hypervisors! Audit your qemu setup to ensure that you're not providing more emulated hardware than necessary to your guests. If you're using KVM, ensure that you're using sVirt (either selinux or apparmor backed) in order to restrict qemu's privileges.
[2] There's apparently some support for loading per-namespace Apparmor policies, but that means that the process is no longer confined by the sVirt policy
[3] To be fair, last time I ran Trinity under Docker under a VM, it ended up killing my host. Glass houses, etc.

3 weeks at home

Oct. 22nd, 2014 04:17 pm
pleia2: (Default)
[personal profile] pleia2

I am sitting in a hotel room in Raleigh where I’m staying for a conference, but prior to this I had a full 3 weeks at home! I was the longest stretch I’ve had in months, even my gallbladder removal surgery didn’t afford me a full 3 weeks. Unfortunately during this blessed 3 weeks home MJ was out of town for a full 2 weeks of it. It also decided to be summer time in San Francisco (typical of early October) with temperatures rising to 90F for several days and our condo not cooling off. Some days it made work a challenge as I sometimes fled to coffee shops. The cats didn’t seem amused by this either.

The time at home alone did give me a chance to chill out at home and listen to the Giants playoff games on the little AM radio I had set up in our living room. As any good pseudo-fan does I only loosely keep up with the team during the actual season, going to actual games only here and there as I have the opportunity, which I didn’t this year (too much travel + gallbladder). It felt nice to sit and listen to the games as I got some work done in the evenings. I did learn how much modern technology gets in the way of AM reception though, as I listened to the quality tank when I turned on the track lighting in my living room or random times when my highrise neighbors must have been doing something.

Fleet week also came to San Francisco while I was home. I think I’ve only actually been in town for it twice, so it was a nice treat. To add to the fun I was meeting up with a friend to work on some OpenStack stuff on Sunday when they were doing their final show and her office offers amazing floor to ceiling windows with a stunning view of the bay. Perfect for watching the show!

I also did manage to get out for some non-work social time with a couple friends, and finally made it out to Off the Grid in the Marina for some street food adventuring. I hadn’t been before because I’m not the biggest fan of food trucks, the food is fine but you end up standing while eating, making a mess, and not getting a meal for all that cheaper than you would if you just went to a proper restaurant with tables. Maybe I’m just a giant snob, but it was an interesting experience, and I got to take the cable car home, so that’s always fun.

And now Raleigh. I’m here for All Things Open which I’ll be blogging about soon. This kicked off about 3 weeks away from home, so I had to pack accordingly:

After Raleigh I’ll be flying to Miami for a cousin’s wedding, then staying several extra days in a beach hotel where I’ll be working (and taking breaks to visit the ocean!). At the end of the week I’m flying to Paris for the OpenStack Summit for a week. I’ve never been to Paris before so I’m really looking forward to that. When the conference wraps up I’m flying back stateside for another wedding for a family member, this time in Philadelphia. So during this time I’ll get to see MJ twice, as we meet in cities for weddings. Thankfully I head home after that, but then we’re off for a proper vacation a few days later – to Jamaica! Then maybe I’ll spend all of December in a stay-at-home coma, but I’ll probably end up going somewhere because apparently I really like airplanes. Plus December would be the only month I didn’t fly, and I can’t have that.

Originally published at pleia2's blog. You can comment here or there.

Oh no, not again!

Oct. 23rd, 2014 08:55 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

We went on a short plane trip to Wagga two weekends ago. V got a colouring activity kit on the plane, and at first he just scribbled energetically near the pictures. But Andrew pointed out an interesting task:

Outline by number

After a quick explanation, it emerged he could read the numbers and join them up pretty much by himself.

Surprise! It’s a plane!

Finished product!

On the way back the next day, he got the same activity kit and said loudly “Oh no, not again!”

Quantum State of the Beable

Oct. 22nd, 2014 12:45 pm
beable: (Default)
[personal profile] beable
(In particular for those not on FB): Yes, I work downtown, however am safe.

Building is in lockdown, cell phone only semi-functional because of congestion on cell network.

Wrecky Roughage

Oct. 22nd, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

According to this survey I'm about to make up, 74% of us don't get enough fiber in our diets. Unless you're British. In which case you don't get enough fibre. And you spell things wrong.

Fortunately, the bakeries of the world are here to help.

I think we'll call this Faeber.

I DO believe in Faeber. I do, I do!!

 

TRUE STORY: Last week our cat Tonks decided to eat a piece of ribbon because she is, by all accounts, an idiot. Now if you're a cat owner, you know that she will most likely end up dragging a two foot piece of poo-coated ribbon across our carpet while we sleep, blissfully unaware of the impending cleaning bills.

Which makes me wonder: Does the same thing happen with kids?

Admit it: you just had a mental image of a bunch of toddlers scootching their butts across the carpet.

 

Now, of course, if plastic is your fiber of choice, then have I got a cake for you!

It's like a cartoon colonic.

 

In fact, bakers really seem to be embracing the Dollar Depot movement: (Heh. "Movement.") Case in point: Ashley ordered a little boy's cake, something appropriate for a first birthday.

Aaaand this is what she got:

...'cuz nothing's more appropriate for a one-year-old than twenty-two individual choking opportunities.

"No, Palmer, Sweetie, you can't eat that. Or that. Or that. Or that. Or that. No! Not that! Or that. Or that. Or that. Or that. Or that. Or that. Or that. Or that. Whoah! Definitely not that. Or that. Or that. Or that. Or that. Or that. Maybe th...no, not that, either.

"Or that."

 

Diana F., Kasia R., Wicked Princess, & Ashley P., I think the brown sprinkles might be safe, if you want to chance it.

NOTE: This post is from a few years ago, so rest assured Tonks is fine. And more importantly, so is our carpet.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

People who use Gmail and other Google services now have an extra layer of security available when logging into Google accounts. The company today incorporated into these services the open Universal 2nd Factor (U2F) standard, a physical USB-based second factor sign-in component that only works after verifying the login site is truly a Google site.

A $17 U2F device made by Yubikey.

A $17 U2F device made by Yubico.

The U2F standard (PDF) is a product of the FIDO (Fast IDentity Online) Alliance, an industry consortium that’s been working to come up with specifications that support a range of more robust authentication technologies, including biometric identifiers and USB security tokens.

The approach announced by Google today essentially offers a more secure way of using the company’s 2-step authentication process. For several years, Google has offered an approach that it calls “2-step verification,” which sends a one-time pass code to the user’s mobile or land line phone.

2-step verification makes it so that even if thieves manage to steal your password, they still need access to your mobile or land line phone if they’re trying to log in with your credentials from a device that Google has not previously seen associated with your account. As Google notes in a support document, security key “offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.”

Unlike a one-time token approach, the security key does not rely on mobile phones (so no batteries needed), but the downside is that it doesn’t work for mobile-only users because it requires a USB port. Also, the security key doesn’t work for Google properties on anything other than Chrome.

The move comes a day after Apple launched its Apple Pay platform, a wireless payment system that takes advantage of the near-field communication (NFC) technology built into the new iPhone 6, which allows users to pay for stuff at participating merchants merely by tapping the phone on the store’s payment terminal.

I find it remarkable that Google, Apple and other major tech companies continue to offer more secure and robust authentication options than are currently available to consumers by their financial institutions. I, for one, will be glad to see Apple, Google or any other legitimate player give the entire mag-stripe based payment infrastructure a run for its money. They could hardly do worse.

Soon enough, government Web sites may also offer consumers more authentication options than many financial sites.  An Executive Order announced last Friday by The White House requires the National Security Council Staff, the Office of Science and Technology Policy and the Office of Management and Budget (OMB) to submit a plan to ensure that all agencies making personal data accessible to citizens through digital applications implement multiple layers of identity assurance, including multi-factor authentication. Verizon Enterprise has a good post with additional details of this announcement.

It’s Not That Big a Deal

Oct. 22nd, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

odd one out

Credit: Flickr / Michelle Friswell

As an Angry Internet Feminist™, every incident I point out has multiple parts.

  1. I notice and say something.
  2. Tone policing, on whether I should have noticed it. After all, it’s not that big a deal.

Someone uses “he” when they should say “they”? Not that big a deal.

Mild objectification of women in something that should be professional? Not that big a deal.

No women speaking at a conference? Not that big a deal.

Because the thing is, each instance isolated is not really that big a deal. So one sentence wasn’t inclusive? So what. So one guy thought he was funny when he wasn’t? So what. So that one conference didn’t actually get the best speakers because they limited themselves to <50% of the population (usually no PoC either). So what?

Here’s the thing that people who are telling me what should and should not bother me don’t seem to realize. It’s that I do understand that if it was that one thing, it wouldn’t be a big deal. But it probably isn’t even the only thing I’ve encountered that week.

Because whatever your feelings about “they” as grammatically less correct, when I sit in a room full of men, and only men, and someone says “he” when they could say “they” I often look around the room, and I’m reminded that I don’t belong.

Really, I get enough reminders. At the events featuring pizza and beer. When men think I’m lost, or something – anything – other than an engineer. Could you just change that word? Would it really be that big a deal?

And yes, it just a word, it’s just a tasteless joke. But it’s in your marketing materials and presumably more than one person looked at those. So if that wasn’t a big deal… what will not be a big deal for something less externally facing?

That guy, urgh that guy, who “jokingly” called his female colleague a bitch. What do you think he’s going to write on her performance review? Maybe that she’s “abrasive”.

You know, when I left my Prestigious Tech Job to do something different, it wasn’t to be the unpaid, unappreciated teaching assistant of the Feminism 101 MOOC.

Because these individual items that each taken individually are “not a big deal” have piled up and now I sit precariously atop a pile of tiny rocks, wondering when it will all come crashing down.

These things do not happen in isolation. The culture that culminates in the death and rape threats (just the most recent example) is built on a culture where women do not get paid what they deserve, where they are objectified, marginalized, and, most of all, ignored.

Can we talk about humour for a moment? Because I’m tired of these things being “jokes”. This guy thought that rape threats were satire. I will now explain why they are not funny. Humour requires an element of the unexpected, and there is nothing unexpected about a woman with an opinion being threatened with rape. It is an alarmingly normal occurrence. Online harassment is an expected part of being an Angry Internet Feminist™, and it is hard to distinguish between the guy who calls me some obscene word and is “joking” and the one who has intent.

So we add two factor authentication (did you know, Twitter has it?), and install security software on our websites. I have only experienced the very mildest levels of harassment, but make no doubt, if I was truly under threat, I have a plan for where I would go, and enough air miles and money to get me there. Call it paranoia, if you want. I call it being prepared.

There is no humour there. There is just yet another woman who is paying the price, in harassment, for having an opinion. For calling stuff out, when she saw it.

The data says that 40% women drop out of tech careers in the first 10 years. I didn’t know many other women on my university course, but of those I do, I am the only one still building systems and writing code. One is an environmental economist. Another a BA. I hear one became an artist, cool.

And I’m sure each of them went towards something compelling, to them. I’m sure they each made the decision that worked for them. I hope they have interesting careers and fulfilled lives.

But they didn’t stay.

Against the evidence, my generation of women techies, we thought we were different. We thought things were better, because sexual harassment and even assault was no longer a normal part of the working day (although don’t be mistaken – it happens). We thought things would be different, and we just needed to work hard and be awesome. We were wrong.

I’m reaching this point in my career where I’m starting to see my peers drop out. Make their backup plans. I wrote this article about knowing someday I would leave tech, and so many women said “this is how I feel!” and a couple of men said “wow it’s really bad that women feel this way, maybe we should do something”.

Because I hear variations on the same story, again, and again, and again.

It is hard to fix structural equality. And like many hard things the first step is admitting there is a problem. Could you just say “they” instead of “he”? Pay an expert to review your marketing materials? Could you just do the work to get a more balanced line-up at your conference? Stop making “satirical” rape threats? Could you stop telling me what should, or should not bother me? Please?

I’ll tell you what I think is a big deal. It’s when I watch a woman who I know to be brilliant, slowly lose her joy of making. It’s when I watch her give up caring about her career, and just go through the motions, because frankly showing up every day is hard enough. It’s when I see her leave.

How I Do Antiquing: Old Disney Toys!

Oct. 22nd, 2014 12:18 am
[syndicated profile] epbot_feed

Posted by Jen

Some people go antiquing for the history or the treasure. I go for the toys.



Vintage Orange Bird & baby Donald!
Yes, they're filthy. But Donald is from 1984, was only a dollar, and c'mon, BABY DONALD. Orange Bird was $15, but he's kinda rare, and I love him. (I'm guessing he's also from the early 80s.)

Anyway, here's a quick tip: If you need to clean toys like Donald, which is soft & rubbery like a squeak toy, then grab one of these bad boys:



Yep, Magic Eraser works wonders at taking off old stains, crayon marks, and even pen ink from soft plastic. Check out the difference!


The blue pen line down the side of his face is completely gone!

Just be careful when scrubbing, since Magic Eraser *will* take the original paint off. It's basically a spongey form of sandpaper.

(And no, this isn't a sponsored post.)

Magic Eraser works well on harder surfaces, too, of course. Here's cleaned-up Orange Bird:



Did I mention he's a bank?

I'm debating touching up his paint, and possibly re-painting Donald all together. (Although those 80s pastels *are* kinda rockin'. Hee.)


I also picked up this tiny purse for $5, because the inside is ridiculously cool:


I'm a sucker for anything small with "hidden" compartments, and LOOK:


That circular screen pulls out to reveal a powder puff & powder compartment, and I guess the other sections were for lipstick and... money? Maybe? They're both suuuper tiny; the lipstick compartment is about 3/4 of the size of a Chapstick tube.

And THEN, there's another section under the mirror!

 SO COOL. 

It doesn't look like the purse was ever used, but the exterior suede/velvet was crumbling off in my hands. I'm hoping to redo the whole thing, maybe make it usable for a steampunk outfit or something. [brain storming]

And finally, our big splurge: $30 for this amaaazing "Baseball Clock" that sold at the World's Fair during the 1930s:

 
Fun, right? I've never seen another clock like it! (It winds in the back.)


If you're ever looking for good/cheap antiquing here in central Florida, check out the Orange Tree Antique Mall (my favorite), or the Flea Market and outside areas at Renningers in Mt. Dora. (The inside vendors are too pricey for me, but it's still fun to look.)


Oh, and speaking of funky clocks, stay tuned....


'Cuz I'm working on one last Halloween thing. 

[evil grin]

[syndicated profile] geekfeminism_feed

Posted by spam-spam

#Gamergate

  • On Gamergate: a letter from the editor | Polygon (October 17): “Video games are capital “C” Culture now. There won’t be less attention, only more. There won’t be less scrutiny. There certainly won’t be less diversity, in the fiction of games themselves or in the demographics of their players. What we’re in control of is how we respond to that expansion, as journalists, as developers, as consumers. Step one has to be a complete rejection of the tools of harassment and fear — we can’t even begin to talk about the interesting stuff while people are literally scared for their lives. There can be no dialogue with a leaderless organization that both condemns and condones this behavior, depending on who’s using the hashtag.”
  • Gamergate threats: Why it’s so hard to prosecute the people targeting Zoe Quinn and Anita Sarkeesian | Slate (October 17): “The light penalties attached to many of these online crimes also deter officials from taking them seriously, because the punishment doesn’t justify the resources required to investigate and prosecute them”
  • Of Gamers, Gates, and Disco Demolition: The Roots of Reactionary Rage | The Daily Beast (October 16): “Our various “culture wars” tend to boil down to one specific culture war, the one about men wanting to feel like Real Men and lashing out at the women who won’t let them.”
  • Gamergate in Posterity | The Awl (October 15): “Maybe there will be some small measure of accountability in the far future, not just for public figures and writers and activists, but for all the people who could not or would not see their “trolling” for what it really was. Maybe, when their kids ask them what they were like when they were young, they will have no choice but to say: I was a piece of shit. I was part of a movement. I marched, in my sad way, against progress. Don’t take my word for it. You can Google it!”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

9 and nearly ½ months

Oct. 22nd, 2014 09:38 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

Hand work

The photos are from her nine month-day. Normally one would say something like “longer out than in!” but in my case, I was six days short of being a “ten month mama”. (I’m a big nerd and just worked it out. It was a 300 day pregnancy exactly. She’s “longer out than in” on November 6 at 301 days old.)

At not quite 300 days old, she’s definitely a big baby, which is a time of rapid change. The time from about 3 months old until the onset of sitting up and crawling — admittedly, a much longer time for her than V — seems to be a time of subtle change to me. There are all kinds of changes, but nothing like the change between leaving the baby there, and finding it here.

I wouldn’t normally put this many shots in but they’re all so characteristic, you can get a feeling for what it’s like spending 15 minutes with her:

TongueClose-upHand workThumb with added grassLip suckingHair pulling

The bottom lip sucking is especially characteristic. The red scratch near her right eye is unfortunately pretty much a permanent feature at this point. V had soft nails that we almost never needed to cut (he bites them now, so we still don’t have to) but she has hard sharp scratching nails that we just can’t stay on top of.

Or here’s a few videos.


Playing with her hands and thumb sucking


Babbling and doing all the things bar crawling

Her sleep is mixed. We had a few weeks of OK sleep, and now we’re having bad sleep again. It’s following her usual pattern of doing a really long sleep while I’m still awake, and then waking up frequently later in the night. This seems to have come with a refreshed realisation that she doesn’t have to eat puree if she doesn’t want to. No doubt the phase of eating four or five bowls a day went with a growth spurt in any case, but now after as few as a couple of spoonfuls she’ll be twisting around in her chair, shutting her mouth and so on, because things like trying to touch the doorknob and vertical blinds behind her in the kitchen is way more fun than eating.

She has… most of a pincer grip I think. She can certainly grab things with thumb and forefinger, but she tends to trap them with the side of her finger rather than the tip. But, close! She’s very interested in finger food and increasingly skilled with it, but her complete lack of teeth (it’s now a contest to see if V’s adult teeth come in before her baby ones) combined with the usual tendency of babies to decorate their immediate surroundings with copious dollops of food mean that it will be a while before she gets much in that way. I’m also not enjoying the return of going to cafes and needing to help them clean up after the baby before we leave. V has just got so neat.

This has gone with increasing her number of nursing sessions from some smaller number (8 a day?) to some larger number (20 a day?). Which I am not enamoured with. I haven’t started wanting to eat the entire world yet, but perhaps that will come soon.

Her crawling is still commando-style. She’s clearly not satisfied with it: she usually tries to start either cross-crawling or crab crawling before ending up on her old reliable belly. You can tell she’s coming by the angry squeals. It looks like she’ll end up cross-crawling but it’s hard to tell. I doubt she’ll move straight to walking: she has begun to pull up to stand (she first did so in the bath), but she’s fairly wobbly when she does so (in the bath) and isn’t cruising yet. I think crawling has a ways to go.

This past weekend, while we were at her grandparents, she was super needy and grouchy. Andrew and I agreed that it was the first time ever we felt she’d been consistently more work and needed more attention than V for an extended stretch of time. (To be fair, other than in the middle of the night.) She’s also developing the Mama-fixation that went with the onset of separation anxiety for V. There is, for example, generally only one target she crawls towards. So we may be entering the long dark teatime of grouchy clinginess that is the first thing I think of when I think “1 year old” now.

Conversely, I enjoy watching her baby life. Never is this clearer than in the bath, because she moves around more easily in the water, sliding herself from end to end and screeching and cooing happily as she explores her toys and paws at the bath fittings.

[syndicated profile] geekfeminism_feed

Posted by Tim Chevalier

With his permission, I’m reposting this blog comment from Marco Rogers, in a reply to an anti-feminist comment on a blog post about women in tech that he wrote 2 1/2 years ago. Although the post is that old, the comment is from a few days ago, because even years later, anti-feminist trolls are stumbling across Marco’s blog post and feeling the need to express their displeasure with it.

I’m reposting Marco’s comment because I think it’s a good example about how to respond to a troll. I would love to see more men let their anti-feminist peers know that uninformed anti-feminist wankery is a waste of time. And I would love to do that more often myself, rather than engaging with it.

Hi [REDACTED]. I thought a long time about whether to let this comment stand or delete it. I do listen to input from different perspectives. I read this entire thing. And I’m sorry to say it was a waste of my time.

I’m afraid this reply won’t be very constructive. I had to chose whether to waste further time dismantling your false logic, and I had to take into account whether it would make any difference to you or anyone reading. I don’t think it will. In my experience, it’s very difficult to educate men who think like you do.

I’ll admit it also annoys me that you would come and write a small novel in my blog comments but not say anything new or original. Men have been making this argument that their long history of sexism is somehow the natural order of things since the beginning of time. It’s not revelatory, it’s not some profound wisdom that people haven’t heard, it’s boring. The feminist/womanist movement grew in direct opposition to all the nonsense you spouted above. There is a ton of literature that debunks and rejects every single point you are poorly trying to make. The least you can do is educate yourself on the system you’re up against, so you can sound more cogent and have an actual chance of convincing anyone.

The question remains of whether I let your comment stay up. I think I will. Not because I feel compelled to represent multiple viewpoints here. This is my blog and I choose what goes here. But I’ll leave it because I’m no longer afraid of letting people read tripe like this. You’re losing. We WILL create a world where the mentality of men like you is a minority and women get to exist as themselves without fear. You can’t stop it. Stay mad bro. Thanks for dropping by.

YES WE CA... Oh. Well, Crap.

Oct. 21st, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

 

 

Thanks to Lionel S. for reminding us there's also no "eye" in "team," although I don't see what that has to do with anything.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.

staplesAccording to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.

Framingham, Mass.-based Staples has more than 1,800 stores nationwide, but so far the banks contacted by this reporter have traced a pattern of fraudulent transactions on a group of cards that had all previously been used at a small number of Staples locations in the Northeast.

The fraudulent charges occurred at other (non-Staples) businesses, such as supermarkets and other big-box retailers. This suggests that the cash registers in at least some Staples locations may have fallen victim to card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals.

Asked about the banks’ claims, Staples’s Senior Public Relations Manager Mark Cautela confirmed that Staples is in the process of investigating a “potential issue involving credit card data and has contacted law enforcement.”

“We take the protection of customer information very seriously, and are working to resolve the situation,” Cautela said. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”  

Profile

terriko: (Default)
terriko

October 2014

S M T W T F S
   1234
5678 91011
12131415161718
1920 2122232425
262728293031 

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 26th, 2014 02:51 am
Powered by Dreamwidth Studios