Make Mine Crafty

Sep. 30th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Oh, so you want your cake to look like this?

 

Nooo problem.

 

Thanks to Tish B. for proving, yet again, that a picture is worth a thousand facepalms.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Milk sagas

Sep. 30th, 2014 07:00 pm
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

Last week, A’s daycare abruptly asked whether I could maybe, possibly, send 400mL of milk with her every day rather than 200mL. Uh… no? Not easily anyway. And annoying because in 2010, V barely consumed milk at daycare and I was able to pump about 600–750mL a day and we were facing a milk storage crisis in the household. Those were the days.

So I agreed that I would, in the short term, send in one big bottle of 200mL, and also come in and nurse her myself. Here’s how that worked out:

Last Wednesday, 3pm: phone call telling me to not bother coming in, because she had her big bottle late and is now asleep.

Monday, 3pm: I drop in unannounced at the agreed time. She had her big bottle late and is now asleep. Good news so far! Maybe the 400mL thing was a passing fad!

Also Monday: On a couple of people’s advice (thank you!) I change the valves on my pump and the pumping now feels and looks like it did in 2010 when I could sometimes pump 400mL in a single session at 10 in the morning. Unfortunately, appearances are one thing, reality is so far another: my actual pumping output is about 100mL over the course of the day in miserly painful 20mL pumpings, ie, half of my normal volume and a quarter or less of what the daycare thinks A needs, at about twice my normal time expenditure.

Today, Tuesday: While A has her sleep in in the morning (she and Andrew both like to sleep in), I pump 120mL or so so that there’s at least one full bottle for her again. A promising start to the day! Andrew and I admire the very full bottle and he drops her at daycare.

My pumping volume is down for the rest of the day — I’ll probably add a pumping session in the early mornings permanently now, since my supply is by far the best then — but I figure one evening session might at least get us to 200mL again.

3pm: phone call from the daycare. They do need me to come in and nurse her. Which, OK, they had warned me about that last week. One bottle may not be enough. But now for the really annoying bit: they needed me to come in and nurse her because they threw out half the milk I sent today.

It’s not entirely clear what happened. I am told she was given a bottle by a carer who doesn’t usually feed her, and that carer insisted that she was not hungry after the first 100mL and then refused the bottle. And then the rest of the milk — which had been heated and was in the same bottle — needed to be chucked out (per ABA guidelines, see “infant has begun feeding”). But her usual carers were super puzzled because her milk consumption is pretty consistently voracious. (Maybe she was rejecting the carer and not the milk? I don’t know if babies often have a feeder-carer preference, but it seems like they could!)

And that feeding was all the milk I would have pumped in the afternoon. (I know this because I tried to pump and got 20mL.) So now I have 60mL of milk and tomorrow they’d like… well, ideally 400. (But judging from the last three days in care, her hunger last week was an aberration and I might be able to get away with 250. Even so.) Super, super frustrating because I really worked hard for that milk I sent in this morning, to the point of admiring it in its bottle, and the only reason half of it got chucked out is the recent daycare request to switch to putting it in a single giant bottle for her. As late as last week, it would have gone in in 2×100mL bottles, and one of those could have been fed to her at 3pm or even kept in the fridge for tomorrow. Gar, throwing out my milk, gar.

Sandpit skills

Sep. 30th, 2014 08:31 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

Sitting up means that A can do her own thing in playgrounds. Such as hold spades:

Sandpit

She’s still at the age where a single object is infinitely fascinating. She had a purple spade which she passed from hand to hand, held at every possible angle, and experimentally chewed on for fifteen minutes or so. By the time I thought of taking a video she had moved on slightly, but these are pretty representative of her current behaviour:


Video: My hands are magic


Video: everything but crawling

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Apple has released updates to insulate Mac OS X systems from the dangerous “Shellshock” bug, a pervasive vulnerability that is already being exploited in active attacks.

osxPatches are available via Software Update, or from the following links for OS X Mavericks, Mountain Lion, and Lion.

After installing the updates, Mac users can check to see whether the flaw has been truly fixed by taking the following steps:

* Open Terminal, which you can find in the Applications folder (under the Utilities subfolder on Mavericks) or via Spotlight search.

* Execute this command:
bash –version

* The version after applying this update will be:

OS X Mavericks:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
OS X Mountain Lion:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12)
OS X Lion:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)

[syndicated profile] infotropism_feed

Posted by Skud

This is a post I made on Growstuff Talk to propose some initial steps towards interoperability for open food projects. If you have comments, probably best to make them on that post.


I wanted to post about some concepts from my past open data work which have been very much in my mind when working on Growstuff, but which I’m not sure I’ve ever expressed in a way that helps everyone understand their importance.

Just for background: from 2007-2011 I worked on Freebase, a massive general-purpose open data repository which was acquired by Google in 2010 and now forms part of their “Knowledge” area. While working at Google I also worked as a liaison between Google search/knowledge and the Wikimedia Foundation, and presented at a Wikimedia data summit where we proposed the first stages of what would become Wikidata — an entity-based data store for all of Wikimedia’s other projects.

Freebase and Wikidata are part of what is broadly known as the Semantic Web, which has to do with providing data and meaning via web technologies, using common data formats etc.


The Semantic Web movement has several different branches, ranging from the extremely abstract and academic, to the quite mundane and pragmatic. Some of the more common bits of Semantic Web technology you might have come across are microformats, for instance, which let you add semantic meaning to your HTML markup, for instance for defining the meanings of links to things like licenses or for marking up recipes on food blogs and the like. There is also Semantic Mediawiki which adds some semantic features on top of a wiki, to allow you to query for information in interesting ways; Practical Plants uses SMW and its search is based on this semantic data.

At the more academic end of the Semantic Web world are things like RDF which creates a directed graph of semantic data which can be queried via a language called SPARQL, and attempts to define data standards and ontologies for a wide range of purposes. These are generally heavyweight and mostly of interest to researchers, academics, etc, though some aspects of this work are starting to seep through into consumer technology.

This is all background, however. What I wanted to talk about was the single most important thing we learned while working on Freebase, which is this:

Entities must have unique identifiers.

Here’s what I mean. Let’s say you know three people all called Mary Smith. Then someone says, “It’s Mary Smith’s birthday today.” Which one are they referring to? You don’t know. In any system based around knowledge, you need to have some kind of unique ID for each entity to avoid ambiguity. So instead you might say, “Mary Smith, whose employee number is E453425″ or “Mary Smith, whose email address is mary@example.com”, or “Mary Smith, whose primary key in our database is 789″.

When working on our proposal for phase 1 of Wikidata, one of the things we realised is that the Wikimedia community — all the languages of Wikipedia, the Wikimedia Commons, etc — lacked unique identifiers for real-world entities. For instance, Barack Obama was http://en.wikipedia.org/wiki/Barack_Obama on English Wikipedia and http://de.wikipedia.org/wiki/Barack_Obama on German Wikipedia and http://commons.wikimedia.org/wiki/Barack_Obama on Wikimedia Commons and http://en.wikinews.org/wiki/Category:Barack_Obama on Wikinews, but none of these was his definitive identifier.

Meanwhile, interwiki links — the links between English and German and French and Swahili and Korean wikipedias — were maintained by hand (or, actually, by a bot) that had to update every wikipedia whenever a page was added or changed on any of them. This was a combinatoric exercise: with 2 wikis, there are two links (A -> B and B <- A). With 5 wikis there are (4 + 3 + 2 + 1) * 2 links. With N wikis, there are N-1! * 2 links, or to put it another way, 50 wikis would mean 1.2165637e+63 links between them. This was wildly inefficient to maintain!

Wikidata’s “phase 1″ was to create an entity store for Wikimedia projects, where each concept or entity — “Barack Obama” or “semantic web” or “tomato” — would have a central identity which could be linked to. Then, each Wikimedia project could say “This page describes entity XYZ”, or conversely Wikidata could say “this entity is described on these pages”, and suddenly the work of the interwiki bot became much easier: it meant that each new wiki added would only mean one new link, not an exponentially-expanding web of links.

We are in a similar position with open food data at present. There are dozens of open source food projects and that list doesn’t even touch on the ones that are more connected to recipes/eating/nutrition. We’re talking about how to interoperate between our various projects, but the key to interoperability is entity identification. If someone wants to mash up Growstuff’s harvest data with Openrecipes recipe search or the US FDA’s nutrition data, they need to know that Growstuff’s tomato is the same as the tomato you use in spaghetti sauce or the tomato that contains some percent of your RDA of potassium.

So how do we do this? None of our projects are sufficiently established, mature, or complete to claim the right to be the central ID repository. Apart from that, many of us have different focuses — edible plants, all types of plants, all types of living things, and all types of food (including non-animal/non-plant food) are some of the scopes I can mention offhand. Even the wide-ranging species databases like the Encyclopedia of Life don’t capture such information as crop varieties (eg. roma tomato, habanero pepper) that are important to veggie gardeners like Growstuff’s members.

Here’s what I would propose as an interim measure.

All open food projects need to link their major entities (eg. “crops” in Growstuff’s case) to one or more large, open, API-accessible data stores.

Examples of these include:

  • Wikipedia (any language, but English has the most articles)
  • Wikidata
  • Freebase
  • Encyclopedia of Life

By doing this, we can match data between projects. For instance, if Growstuff’s “tomato” links to the same entity as OpenFarm’s “tomato” and OpenFoodNetwork’s “tomato” and OpenRecipes’ “tomato” then we can reasonably assume they’re all talking about the same thing.

Also, some of the above data sources provide APIs which allow us to pivot easily between data sets. For instance, Freebase’s query language allows you to ask questions like “given an entity that is identified as ‘tomato’ on English Wikipedia, what is its identify on the Encyclopedia of Life?”

To see this in action, paste the following query into Freebase’s interactive query editor:

    [{
      "a:key": [{
        "namespace": "/wikipedia/en",
        "value": "Tomato"
      }],
      "b:key": [{
        "namespace": "/biology/eol",
        "value": null
      }]    
    }]

As you’ll see, the result is “392557” or to put it another way http://eol.org/pages/392557 — the EOL page on tomatoes.

From day 1, Growstuff has been tracking Wikipedia links for all our crops, to enable this sort of query against Freebase and so easily pivot to other data sets that Freebase knows about. If other projects take similar steps, this means that we are well on our way toward interoperability.

(As an aside, this is why we’re also having this other discussion about what to do about crop varieties that don’t have their own Wikipedia page, as this messes up the 1-to-1 relationship between Wikipedia entities and Growstuff entities. This may be something we just have to deal with, however, as no external data set will exactly match ours.)

Next steps

  1. I strongly encourage all open food projects to link their “crops” or similar entities to one or more major, open-licensed, API-accessible data source (ideally one which has its keys in Freebase).
  2. We should all expose these links via our APIs, data dumps, or whatever other mechanisms we use to make our open data available.
  3. Developers should be able to request data from our APIs based on these identifiers, either through query parameters or through REST API resources like eg. /crops/eol/392557.json
  4. We should use semantic markup/links to denote this entity equivalence on our webpages, eg. if Growstuff links to a Practical Plants page on the same crop, there should be a standard way to say “we consider these pages to refer to the same entity”. I’m not sure exactly what this is, yet, but if we do this it will benefit web crawlers, search engines, and other non-API consumers of our websites.
  5. We should look into developing a microformat for expressing crop information on a webpage, in collaboration with microformats.org. I expect, however, that it will be very hard to develop a workable ontology, since (for instance) some of our projects are interested in planting information and some aren’t, some are interested in sale and distribution and others aren’t, some are dealing with non-edible plants and others aren’t, etc. It may have to be as simple as “this is a crop and here are the names we have for it”.
  6. It would be great to put together some kind of visualisation like the linked open data cloud to show which open food projects are providing interoperable identities and how they connect to each other.

I’d like to get buy-in from other open food data projects on at least the general idea of matching our “crop” entities (whatever we call them) against some of the big databases. Who’s in?

skud: (Default)
[personal profile] skud
This is a crosspost from Infotropism. You can comment here or there.

This is a post I made on Growstuff Talk to propose some initial steps towards interoperability for open food projects. If you have comments, probably best to make them on that post.


I wanted to post about some concepts from my past open data work which have been very much in my mind when working on Growstuff, but which I’m not sure I’ve ever expressed in a way that helps everyone understand their importance.

Just for background: from 2007-2011 I worked on Freebase, a massive general-purpose open data repository which was acquired by Google in 2010 and now forms part of their “Knowledge” area. While working at Google I also worked as a liaison between Google search/knowledge and the Wikimedia Foundation, and presented at a Wikimedia data summit where we proposed the first stages of what would become Wikidata — an entity-based data store for all of Wikimedia’s other projects.

Freebase and Wikidata are part of what is broadly known as the Semantic Web, which has to do with providing data and meaning via web technologies, using common data formats etc.

Read the rest of this entry  )

Two frogs in a bowl of cream

Sep. 30th, 2014 01:16 am
[syndicated profile] infotropism_feed

Posted by Skud

A story I got from someone who says she got it from an older Dutch woman. I wouldn’t mention the Dutch woman thing except that this story just seems so Dutch to me. Anyway.

Two frogs fell into a bowl of cream. They swam and swam trying to get out, round and around in the cream, for hours.

Eventually one frog gave up, stopped swimming, and drowned.

The other frog kept swimming, refusing to give up. Finally the frog’s activity, splashing around in the cream, turned it to butter. It became solid in the bowl, and the frog was able to climb out.

The moral, I’m told, is that sometimes if you just keep kicking things will magically solidify under you and you’re can step up out of the trouble and move on. Also, apparently I’m frog #2. Trust me when I say it’s exhausting.

Two frogs in a bowl of cream

Sep. 30th, 2014 11:16 am
skud: (Default)
[personal profile] skud
This is a crosspost from Infotropism. You can comment here or there.

A story I got from someone who says she got it from an older Dutch woman. I wouldn’t mention the Dutch woman thing except that this story just seems so Dutch to me. Anyway.

Two frogs fell into a bowl of cream. They swam and swam trying to get out, round and around in the cream, for hours.

Eventually one frog gave up, stopped swimming, and drowned.

The other frog kept swimming, refusing to give up. Finally the frog’s activity, splashing around in the cream, turned it to butter. It became solid in the bowl, and the frog was able to climb out.

The moral, I’m told, is that sometimes if you just keep kicking things will magically solidify under you and you’re can step up out of the trouble and move on. Also, apparently I’m frog #2. Trust me when I say it’s exhausting.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

“Please note that [COMPANY NAME] takes the security of your personal data very seriously.” If you’ve been on the Internet for any length of time, chances are very good that you’ve received at least one breach notification email or letter that includes some version of this obligatory line. But as far as lines go, this one is about as convincing as the classic break-up line, “It’s not you, it’s me.”

coxletter

I was reminded of the sheer emptiness of this corporate breach-speak approximately two weeks ago, after receiving a snail mail letter from my Internet service provider — Cox Communications. In its letter, the company explained:

“On or about Aug. 13, 2014, “we learned that one of our customer service representatives had her account credentials compromised by an unknown individual. This incident allowed the unauthorized person to view personal information associated with a small number of Cox accounts. The information which could have been viewed included your name, address, email address, your Secret Question/Answer, PIN and in some cases, the last four digits only of your Social Security number or drivers’ license number.”

The letter ended with the textbook offer of free credit monitoring services (through Experian, no less), and the obligatory “Please note that Cox takes the security of your personal data very seriously.” But I wondered how seriously they really take it. So, I called the number on the back of the letter, and was directed to Stephen Boggs, director of public affairs at Cox.

Boggs said that the trouble started after a female customer account representative was “socially engineered” or tricked into giving away her account credentials to a caller posing as a Cox tech support staffer. Boggs informed me that I was one of just 52 customers whose information the attacker(s) looked up after hijacking the customer service rep’s account.

The nature of the attack described by Boggs suggested two things: 1) That the login page that Cox employees use to access customer information is available on the larger Internet (i.e., it is not an internal-only application); and that 2) the customer support representative was able to access that public portal with nothing more than a username and a password.

Boggs either did not want to answer or did not know the answer to my main question: Were Cox customer support employees required to use multi-factor or two-factor authentication to access their accounts? Boggs promised to call back with an definitive response. To Cox’s credit, he did call back a few hours later, and confirmed my suspicions.

“We do use multifactor authentication in various cases,” Boggs said. “However, in this situation there was not two-factor authentication. We are taking steps based on our investigation to close this gap, as well as to conduct re-training of our customer service representatives to close that loop as well.”

This sad state of affairs is likely the same across multiple companies that claim to be protecting your personal and financial data. In my opinion, any company — particularly one in the ISP business — that isn’t using more than a username and a password to protect their customers’ personal information should be publicly shamed.

Unfortunately, most companies will not proactively take steps to safeguard this information until they are forced to do so — usually in response to a data breach.  Barring any pressure from Congress to find proactive ways to avoid breaches like this one, companies will continue to guarantee the security and privacy of their customers’ records, one breach at a time.

"Something Funny, I Guess?"

Sep. 29th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

You'll never guess what Beth ordered for her daughter's birthday party!

Or, ok, maybe you will.

 

Ah, but can you decipher the exact words used in this phone call?

Nailed it.

Hey, you're good at this!

 

Now, how well can you follow directions?

Nice to know Jackie keeps herself centered.

 

Marissa's boss was leaving on a trip, so she wanted to get a cake that said, "So................" as an inside joke. She specified that there should be 18 dots, so...

Good luck with that, Marissa.

(I like how the baker spontaneously switched to cursive for just the letter R.)

(Also, "Fallowing?" You ever wonder what these bakers THINK they're writing?)

 

And finally, you guys will never guess where the baker is going with this one!

 

Now with bonus color commentary on today's post: the cast of Hogan's Heros, everybody!

Thanks, guys.

 

And thanks to Beth M., Jenny S., Sky C., Marissa, & Robert F. for addressing the problem.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Talk Prep: Grids and Concertinas

Sep. 29th, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

This year, I prepped one talk. Next year, I feel more confident and plan to prep 3 (working titles: Mobile is a Systems Problem, The Myth of The Intersection of Energy, Creativity, and Time, and a Series of Unfortunate Statistics).

This year’s talk – Distractedly Intimate – has been given in timeframes ranging from 20 minutes to 45 minutes. And though I tweak and personalise it each time (especially when it was the final talk of the conference!) it has remained substantially the same.

That is because it is built on a grid.

Screen Shot 2014-09-29 at 9.26.07 am

This means that there are different adjustments that can be made. E.g. including a section – Application is for longer talks only.

Cutting points, so if I wanted to cut to 15 minutes I might remove a point from each section.

Shortening stories. The close contains a video, which is nice because it gives me a short break and I can come back for a strong finish, but the difference between 25 and 20 minutes is removing the video, and cutting some details of the stories in sections 1, 2 and 3.

The above is the maximum time example – in this case, 40 minutes.

25 minutes is as follows:

25 min

20 minutes:

20 min

15 minutes:

15 min

One thing to keep in mind is having the right amount of content for the time. I hate those talks where I feel like someone talked for 40 minutes and only made 2 real points, and I never want to give one. But I also hate it when the presenter tries to pack too much in and loses the audience because they’ve missed out key things, or the content is too complicated for the timeframe.

I don’t think this talk is really suited for the 15 minute version, so I probably wouldn’t give it in that time. I think the base content is right for 20 minutes, and so every longer session I should increase the information content. My favourite version is the 25 minute version, because I love the video and the time frame is less tight. 40 minutes is a long time to listen to anyone, which is why I mix it up a bit and take a different approach to add that extra ~10 minutes of content and focus on application, rather than ideas (this section gets the least laughs, but I hope people find it useful!)

This approach might seem overly structured, but the purpose of each point is to have a takeaway, and weave a story around it. So, the grid is the concept which in one transformation becomes the (heavily visual) slide deck, and in another transformation it’s the structure I weave my narrative around. I don’t need a slide for each point, but I do need slides (because video!) and I think showing my twitter handle on each slide encourages the audience to tweet about it so I create one for each item in the grid, and it works for me.

There are few things more impressive to me than an excellent presentation, without slides, but often I find speakers without slides become a little unstructured and lose their way. For me the change of slide says “here is a new point” which audience member, or speaker, I appreciate, and I’ll keep them for longer talks – for now.

Preparing one talk, really well, and delivering it multiple times (being careful about not to the same people!) has been great for building my confidence, and has made the investment of time in creating the talk much more worthwhile. Now each conference is 1-2 hours of prep time, rather than 20+. This makes the 5 I will speak at between September and November much more manageable.

This Week

Sep. 29th, 2014 12:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

Click to view slideshow.

Life

Last week in London so rushing around catching up with people, felt like I spent the week running around but not really achieving very much. Went for lunch at Facebook (fab) and had some good meetings. Spent an evening in Brighton, and ventured out to suburbia for a Science Extravaganza on behalf of Stemettes, which was pretty cool. Then spent the weekend in Plymouth, because I was speaking at DigPen [tweets from my talk here]. The conference was amazing, I had a great time and met some wonderful people. And Plymouth is very pretty! It was nice to be by the sea.

Work

All over, or just beginning, depending on how you look at it! I’m no longer employed by Google. Pretty excited about what’s next :)

Media

Finishing The Profitable Side Project, finished A Girl Like You (got a bit more into it, not a great portrayal of women though), read Shades of Milk and Honey (finally! Birthday gift. It was different, nice escapism), From Notting Hill with Love… Actually (just… irritatingly unrealistic), now reading Going Home (really like this).

Re-watching How I Met Your Mother.

Product links Amazon.

Places

Stayed at the Gallery Guesthouse in Plymouth, which is nice, ate at The Roundabout, and the Pasta Bar.

In London, went to the Secret Thai Restaurant (so cute), followed by desert at the Troubador, breakfast at Bill’s and Cafe Phillies, lunch at Lantana (tasty), afternoon tea at Candella, dinner at Da Mario.

Published

On The Internet

Bribery

Sep. 29th, 2014 10:01 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

I haven’t reported from V’s swimming lessons for a while because there isn’t a lot to report. He has slightly better attention and is inching along in skills, working on the kicking part of freestyle and just beginning to work on arms. (The synchronised motion where one arm goes back and under as one comes forward and over seems to be a big challenge for four year olds, they can only remember to do one or the other.)

My current thinking, actually, is that I won’t do swimming lessons with A nearly as early as I did with V. They’ve been a good way to mark time with him, to get us out of the house together one morning a week, and I don’t regret it, but I also don’t think he’s two and a half years ahead of a child starting to learn right now. If the same pool is still our local pool, she can perhaps start at three and half, which is the youngest age when they are in the water with the teacher and not a parent. I’m also considering whether I really want to haul V over there once a week, 48 weeks of the year, after school, once he starts. Probably not. Most kids do lessons as part of the school curriculum, and he can do the holiday intensives.

There has been one significant challenge since the start of the year, when V graduated to “Goldfish” (intermediate under 5), which has been jumping in the big pool. Most of the class takes place in a warm shallow learning pool, but they like them to have some self-rescue experience out of their depth in cool water. So he’s walked over with his teacher and class week after week crying and sticking himself to the far wall, regardless of whether his class is full of fellow fearful children, or three merchildren who jump in and confidently swim 10 metres in 2m depths. It hadn’t shown any sign of improving even slightly, so a couple of weeks ago, we went for bribery. On a Saturday, he was allowed to choose a toy for himself at Kmart on the understanding that it would be put away until he jumped in the big pool in his lesson. On the Sunday, we all trooped to the pool, and V chose Andrew to be the target of his practice leaps. It took all of two leaps before he was pumping his fist in the air and congratulating himself, and by the Friday lesson he was gagging to leap into the pool again as many times as he was allowed.

And so:

Lightning McQueen is the best

He’s even, sweetly, encouraged A to share Lightning with him.

And bribery pays: we were all set for an entire week, until the next swimming challenge, which was “you don’t count as winning a swimming race if you pushed someone else underwater during it”. So next up, I guess, are a lot of conversations about Fair Play. Perhaps we should only let him watch the tail end of Cars while working on this.

[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • You don’t know what you don’t know: How our unconscious minds undermine the workplace | Official Google Blog (September 25): Google runs research and analytics to try and combat unconscious bias that excludes minorities. “we need to help people identify and understand their biases so that they can start to combat them. So we developed a workshop, Unconscious Bias @ Work, in which more than 26,000 Googlers have taken part. And it’s made an impact: Participants were significantly more aware, had greater understanding, and were more motivated to overcome bias.”
  • Building a better and more diverse community | Blog – Hacker School (September 25): “The short: We now have need-based living expense grants for black and non-white Latino/a and Hispanic people, as well as people from many other groups traditionally underrepresented in programming. Etsy, Juniper, Perka, Stripe, Betaworks, and Fog Creek have partnered with us to fund the grants, and help make the demographics of Hacker School better reflect those of the US. Hacker School remains free for everyone.”
  • Science Has A Thomas Jefferson Problem… | Isis the Scientist… (September 19): “A large portion of the attacks against scientists are perpetrated by someone the victim knew, but many women in general know their attackers. So, at the crux of the stunning and shocking and eye opening is something that I find more insidious – it is the belief that science is somehow different than society at large.”
  • Read The Nasty Comments Women In Science Deal With Daily | The Huffington Post (September 25): [CW: Sexist and harassing language] “Curious to learn more about sexism in science, HuffPost Science reached out to women on the secret-sharing app Whisper. We asked whether anyone had ever said or done anything to discourage their interest in science–and, as you can see below, we were flooded with responses.”
  • Book Challenges Suppress Diversity | Diversity in YA (September 18): “It’s clear to me that books that fall outside the white, straight, abled mainstream are challenged more often than books that do not destabilize the status quo.”
  • Technology Isn’t Designed to Fit Women | Motherboard (September 12): “In some cases, making devices smaller necessarily requires waiting for further technological advancements; just think of how smartphones shrunk through the years as the tech was refined (before phablets took them in the other direction). But especially when it comes to devices that are implanted in the body, this has a disproportionate impact on people of smaller stature—which means women are more likely to be left behind.”
  • Building a Better Breast Pump | The Atlantic (September 25): “Until women have better support for breast-feeding, whether that manifests as paid maternity leave, safe and convenient places for pumping, or better access to lactation specialists, breast pumps aren’t likely to go the way of the Fitbit.”
  • Hope-less at Hope X | missbananabiker.com (September 18): “What Edward Snowden, Glenn Greenwald and Laura Poitras made possible, a couple of knuckleheads made impossible. The courage that Snowden has shown, the determination Poitras has shown, the persistence Greenwald has displayed — all these things made it possible for a woman who mostly doesn’t leave the house to … well, leave the house. I thought, for the first time in years, maybe this is a fight I should be fighting alongside the others.”
  • Goodbye, Ello: Privacy, Safety, and Why Ello Makes Me More Vulnerable to My Abusers and Harassers | Not Your Ex/Rotic (September 23): “Because the people I most want to avoid know my aliases. They are friends with people I know on Ello. They might already be on Ello (I’d be surprised if they weren’t) and are totally open to following me, reading me, tagging me, commenting on my posts. Hell, they can even find me through our mutual friends – any mutual activity pops up on their Friends feed.And, by the way Ello is currently set up, there is nothing I can do about it.”
  • The Victim, The Comforter, The Guy’s Girl… | Matter | Medium (September 23): “I’ve come to notice more and more how working within the particular masculine sexism of the tech industry has nudged the way I present myself, just a little. I’ve noticed how, very slowly, I’ve started to acquiesce into playing roles that get assigned to me. I’ve noticed how I disappear behind these masks.”
  • Apple Promised an Expansive Health App So Why Can’t I Track Menstruation? | The Verge (September 25): “Apple’s HealthKit can help you keep track of your blood alcohol content. If you’re still growing, it’ll track your height. And if you have an inhaler, it’ll help you track how often you use it. You can even use it to input your sodium intake, because “with Health, you can monitor all of your metrics that you’re most interested in,” said Apple Software executive Craig Federighi back in June. And yet, of all the crazy stuff you can do with the Health app, Apple somehow managed to omit a woman’s menstrual cycle.”
  • Why can’t you track periods in Apple’s Health app? | ntlk’s blog (September 26): “So why isn’t cycle tracking present in the Health app? I don’t know, but the only valid reason I can think of is that it didn’t occur to anyone to include it.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Sunday Sweets: It's Fall, Y'all!

Sep. 28th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

The weather down here in Florida may not have gotten the memo yet, but fall is officially upon us. So let's celebrate!

(By McGreevy Cakes)

Pumpkins, pumpkins, everywhere - and this time I'm not complaining! Love the raffia border between the two tiers, and check out that gorgeous hand-painted scene.

 

In addition to my favorite color (orange!), fall is all about rich shades of bronze, gold, and - oh yeah - CHOCOLATE:

(By Bellaria Cakes Design)

Mmmm. That acorn & leaves bundle is too perfect. Who needs flowers?

 

In fact, I like how fall puts all the changing leaves at center stage:

(By Jacques Fine European Pastries)

Stunning.

 

But really, we're gonna need some more pumpkins in here.

(By Palermo's Custom Cakes)

Muuuch better.

Really digging this design, although that lace pattern has me stumped. I'm guessing it's airbrushed on over a stencil? Could also be an edible image, though. Anyone know for sure?

 

Here's a delicate modern number - or does it feel more vintage?

(By Ligia De Santis)

The hand painted design looks like fine antique china; and I like the two little leaves as an understated accent.

 

Now this next one is definitely modern, and I like it.

(By AP Signature Cakes)

Ooooh. Dark chocolate with red and white accents just became my new favorite color combo.

 

Then again, this snow-white number is down right heavenly:

(By Cake Central user GrandMomOf1)

Perfect for autumn weddings!

 

Remember when I said, "Who needs flowers?" Well, as it turns out, I do:

(By Flutterby Bakery)

I NEED THESE FLOWERS.

I want to stare at them all day and make soft cooing noises.

 

And finally, a Sweet so quintessentially fall it makes me want to pack up my sweaters and move north:

(By Nice Icing)

Kicking through leaf piles! C'mon, it doesn't get more fall than that.

I'm so impressed with the little girl sculpt; the leaves on her skirt & boot really do seem to be levitating. And look at those adorable little bushes & toadstools on the bottom! And the fox! Ah! SO GOOD.

 

Hope you enjoyed your Sweets today, everyone! Happy Sunday!

Be sure to check out our Sunday Sweets Directory to see which bakers in your area have been featured here on Sweets!

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] epbot_feed

Posted by Jen

Time to dive back into Dragon Con cosplay, 'cuz there's still SO MUCH to see!

Let's start with my dear friends Robyn & Christie, who once again blew me away with new costumes this year:

 Fire & Ice Dragons!


 
Robyn as the Ice Dragon.

The sisters made everything themselves, but it's those elaborate headpieces that really steal the show:
 
The wire armatures outline dragon heads! WOW.

(I so want to make a giant feather headdress now, you guys.)

I later learned they also made elaborate - not to mention stunning - back spines that trail all the way to the floor, so I'm bummed I didn't get a shot from the back. I talked Christie into posting build photos, though, so head over to their Facebook page for more pics and to see how they did it all. (Christie's armor is made of individually cut scales of craft foam!)

Moving on, another gorgeous pair:

 Elphaba & Glinda from Wicked!

Belle, Meg, and Lilo:

 And I just realized Westley/The Dread Pirate Roberts is wearing a vial of Iocane powder. LOVE. (He's the Cary Elwes look-alike from my last post.)

You see a lot of "only at Dragon Con" stuff at DC, but I thought this group was especially perfect:

Yep. That's Dragon Con.

And a close up of one of the Borg:



I was thrilled to find this: Karen Hallions' famous Haunted Mansion Leia!

 She asked me to help with the pose, but I think she nailed it on her own.

 This steampunk Wizard of Oz group is perfect. PERFECT, I SAY:

I especially love the Tin Man's design; his metal heart had a rotating light feature in it. Also check out Dorothy's little Toto & sparkly boots, and the Cowardly Lion's Courage medal!

Oh, and Glinda's staff blew bubbles! You can see some here in a later shot:


Harrison from Volpin Props in his "Marriott Chariot":

You probably remember, but I posted a group shot of the Marriot carpet ninjas earlier.

If you love amazing prop builds, btw, check out Harrison's site. His Skyrim armor is the stuff of legends.

Oh! Speaking of armor:

Awesome.

Anyone remember the live-action show of The Tick?

Captain Liberty & Bat Manuel! YES!!

I'm having a terrible time finding a clear reference shot, but here's a general idea:

Those two are so spot-on, it's scary. They even look like the actors!

Lady Skeletor:


 Here's a dapper twist on Jack & Sally from Nightmare Before Christmas:

 Plus a great Doctor Doom.

I was in costume myself Saturday night, and this is my second favorite shot of the night:

 My vision is so limited in the helmet that I had NO IDEA who I was posing with until afterward. Ha!

There were two or three truly amazing kid costumes at DC this year, and this Doc Oc was one of them:

It was hard to get close to him, but my dad - who loves costume hunting as much as I do, and was often right beside me taking his own pics - got a fantastic shot:


In fact, while I'm at it, here are two more of Dad's, of cosplays I missed:

MINE?
(I love how everyone's headgear is different!)

And an absolutely stunning Maleficent:

You can see the rest of my Dad's Dragon Con photos here on Flickr.

K, back to my stuff! A great Borderlands group:


And I'm not sure of the character, but this girl's giant keyboard had fun color-changing lights underneath:

(Aha! Per the comments, she's Arcade Sona from League of Legends. Here's a reference:)



Not sure this counts as cosplay, exactly, but this lady had her own Mobile Virtual Presence Device, like Sheldon's from the Big Bang Theory!

If you're not familiar, it's basically a web cam on wheels that she was operating remotely - I assume from her hotel room. The device DID have a handler walking beside it for protection, but how cool is this for folks who don't want to brave the crowds in person?

Here's a classic:
Blue Screen Of Death!! ha!

 I've seen some impressive Homestuck cosplay before, but this is my new favorite:

It's a Homestuck Star Wars mashup! So, so good.

(Homestuck trolls have gray skin and orange horns. If you go to any conventions, you've probably seen the cosplay, even if you didn't know what it was.)

And another great mashup:

Iron Man Totoro!

I featured this Totoro last year, I believe, and his makers told me they planned to make different costumes for him to wear each year. I LOVE this idea; like Totoro is cosplaying, too!

One of the Iron Man armor variations:

And a spookily-lit Splicer from BioShock:


Splicers come in all different outfits, but here's a general reference shot:

My gosh that game is scary. 

(I still haven't made it all the way through the first BioShock; I chicken out when the lights go out on that second floor hallway. [shudder] For some reason I didn't find BioShock 2 as bad, though.)

A terrible shot, but this is a lovely Doctor Crusher doppelgänger!


And more loveliness: an Athenian warrior:


And... Jean Gray? I think?

Scratch that; she's Black Widow. Thanks, commenters!

Ok, THIS one I know:

Uncle Fester!


Emma Frost has a diamond form, so this cosplayer is kind of mid-transformation:

Spaaaarkly.

I'm not sure what to call this style of Anna & Elsa, but it's vaguely Moulin Rouge-ish, and completely gorgeous:

Check out Elsa's levitating snowflakes! I assume there's a wire wrapped around her finger - simple, but oh so impressive for pics.

I loved this Effie Trinket from Hunger Games so much I had a little fun with her photo:

If you look verrrry closely, you can see there are even butterfly shapes in her eyelashes.

And here's Effie from the movie, for comparison:


The attention to detail is amazing; she even has the little butterflies glued to her arm, and the same yellow blush!


I'm going to end there, since John tells me I've spent more time and effort on this post than I have an entire week's worth of Cake Wrecks post. Heh. I do hope you guys are ok with me dragging out my Dragon Con coverage like this. Truth is, every year I feel so rushed to get all my photos posted that I think we both miss out. This way, I can take my time, play with photo editing as much as I like, and you guys get an extended DC visit, broken up over a longer time period.

Of course, I take so many photos at DC each year that I just realized I could easily post a different costume every day for a year. Hm... now THERE's an idea... for a different blog... when I have unlimited time. Ha!

Hope you guys are having a great weekend!

No more little baby bath

Sep. 28th, 2014 11:58 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a DW account.

Now that A can sit up, she has a bath every night in the big tub:

Sitting up in the big tub!

Lots more things to add to the “baby declutter” list, starting with the blue plastic baby bath. The stage of kneeling or squatting in bathrooms while a wet soapy floppy baby tries to escape from me will not be missed.

S1 E3

Sep. 26th, 2014 09:19 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
s1_e3_by_noben
Source: http://noben.deviantart.com/art/S1-E3-484568694

Golden ticket to the Grand Galloping Gala.

Signature Systems Breach Expands

Sep. 26th, 2014 03:35 pm
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Signature Systems Inc., the point-of-sale vendor blamed for a credit and debit card breach involving some 216 Jimmy John’s sandwich shop locations, now says the breach also may have jeopardized customer card numbers at nearly 100 other independent restaurants across the country that use its products.

pdqEarlier this week, Champaign, Ill.-based Jimmy John’s confirmed suspicions first raised by this author on July 31, 2014: That hackers had installed card-stealing malware on cash registers at some of its store locations. Jimmy John’s said the intrusion — which lasted from June 16, 2014 to Sept. 5, 2014 — occurred when hackers compromised the username and password needed to remotely administer point-of-sale systems at 216 stores.

Those point-of-sale systems were produced by Newtown, Pa., based payment vendor Signature Systems. In a statement issued in the last 24 hours, Signature Systems released more information about the break-in, as well as a list of nearly 100 other stores — mostly small mom-and-pop eateries and pizza shops — that were compromised in the same attack.

“We have determined that an unauthorized person gained access to a user name and password that Signature Systems used to remotely access POS systems,” the company wrote. “The unauthorized person used that access to install malware designed to capture payment card data from cards that were swiped through terminals in certain restaurants. The malware was capable of capturing the cardholder’s name, card number, expiration date, and verification code from the magnetic stripe of the card.”

Meanwhile, there are questions about whether Signature’s core product — PDQ POS — met even the most basic security requirements set forth by the PCI Security Standards Council for point-of-sale payment systems. According to the council’s records, PDQ POS was not approved for new installations after Oct. 28, 2013. As a result, any Jimmy John’s stores and other affected restaurants that installed PDQ’s product after the Oct. 28, 2013 sunset date could be facing fines and other penalties.

This snapshot from the PCI Council shows that PDQ POS was not approved for new installations after Oct. 28, 2013.

This snapshot from the PCI Council shows that PDQ POS was not approved for new installations after Oct. 28, 2013.

What’s more, the company that performed the security audit on PDQ — a now-defunct firm called Chief Security Officers — appears to be the only qualified security assessment firm to have had their certification authority revoked (PDF) by the PCI Security Standards Council.

In response to inquiry from KrebsOnSecurity, Jimmy John’s noted that of the 216 impacted stores, 13 were opened after October 28, 2013.

“We understood, from our point of sale technology vendor, that payment systems installed in those stores, as with all locations, were PCI compliant,” Jimmy Johns said in a statement. “We are working independently, and moving as quickly as possible, to install PCI compliant stand-alone payment terminals in those 13 stores.  This is being overseen by Jimmy John’s director of information technology, who will confirm completion of this work directly with each location.  As part of our broader response to the security incident, action has already been taken in those 13 stores, as well as the other impacted locations, to remove malware, and to install and assure the use of dual-factor authentication for remote access and encrypted swipe technology for store purchases.  In addition, the systems used in all of our stores are scanned every day for malware.”

For its part, Signature Systems says it has been developing a new payment application that features card readers that utilize point-to-point encryption capable of blocking point-of-sale malware.

8 Cake Love Notes Gone Wrong

Sep. 26th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

It's National Love Note Day, but don't be boring and write an actual note; order a cake, instead!

Bakers are standing by to tell your sweetheart how you really feel, using one of these convenient, pre-selected designs!

Just choose from:

The Boxer:

Don't forget the wine to go with all that cheese!

 

The Pictionary:

(Sorry, Carol can't draw sheep.)

 

The Shining:

All work and no cake decorating makes Jack a dull boy!

 

The Foreshadowing:

o.0

 

The Hidden Message:

If only that heart was upside down. IF ONLY.

 

The "Keeping It Casual":

Or, since I see no comma, The "Keeping It Cannibal!"
BahahahaaaaEW.

 

The "Kenya West":

"Now THAT'S lov..." [mic snatched out of hand]

"Imma let you finish, but 'Kenya' is one of the best Kanye misspellings of all time."

 

And finally, our best seller!

The Silver Lining:

 

Thanks to Rebecca C., Beth P., Mary R., Andrew B., Kelsey B., Lisa D., Heather R., & Shaunna R. for hitting all the wrong notes.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

#iOSDevUK: Hacking Health

Sep. 26th, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

most common chronic conditions

Credit: Centers for Disease Control and Prevention

My notes from the talk Emily gave at iOSDevUK.

What are health apps?

  • Step counters
  • Fitness trackers
  • Diabetes apps
  • Heart rate monitors
  • Bluetooth enabled medical devices

Apple and Google have decided this is where the future is. Gone in. Apple, Healthkit. Google, GFit. Standardized APIs getting information with defined types, centralised storage. Enables gathering data from a range of different sources, don’t need to connect with a billion different APIs. Fine grained permissioning – user is in control.

If user says no, can no longer see that information is even there. E.g. if you know blood sugar is being stored, even if can’t see it, can infer things.

Parkinsons App:

  • Insight into effects of personal choices.
  • Better understanding of redactions to medications.
  • Ease of sharing information with care circle.
  • More accurate information provided to medical practitioners.

Parkinsons – sleep and eat has tremendous effect. Give people information on this, also give them control over the life. Insight into reactions to medications.

Parkinsons patients see consultants for 10 minutes every 6-8 months. Have to provide ALL information, and practitioner has to provide information. Done using a questionnaire. Incredibly difficult thing for users/patients to be able to remember. Influenced by their mood when they fill it in. Helping people see on average every day, able to use that 10 minute slot far better.

App:

  • Enter and alert on medication schedule.
  • Track adherence.
  • Track lifestyle factors, mood, diet, fitness etc.
  • Measuring severity of symptoms (e.g. use gyroscope to measure tremor, compare before and after).
  • Track side effects.
  • Allow correlation between lifestyle choices and presentation of condition.

Issues:

  • Ethical
  • Legal
  • Technical

Do no harm. Hippocratic oath. We are devs not doctors, probably not going to do harm, but have a duty to our users that our app don’t cause them to do something that will cause them harm.

Patients vulnerable. Can make decisions based on what you show. E.g. diabetics and blood sugar.

E.g.:

  • Self diagnosis app:
    • Misdiagnosis.
    • Delay in seeking proper medical advice.
    • Self medication problems:
      • Unknown interactions.
      • Unwanted side effects.

Pay attention to potential harm. Think very carefully about design.

Respect:

  • Your users are more than their condition.
  • Think about people rather than patients.
  • Use language carefully.
  • Think about how you word and time notifications (e.g. if giving a presentation from mobile, what if interrupted? Allow to turn off).

Consent:

  • People want to protect their personal medical information.
  • Informed consent around data sharing and collection.
  • Opt in, not opt out (granular control).
  • HealthKit and GFit permissioning.
  • If not prepared to tell people what you’re exactly doing with their data, think about what you are doing.

Stats are hard:

  • Be careful if use stats to tell people how safe it is.
  • People are often scared by statistics.

Transparency and Honesty:

  • Users will not share data with you unless they trust you with it.
  • Expose your ethics, standards and decision making process.
  • Warrant Canary – libraries in the US used to put a sign in the window, saying “FBI has not been here to raid information”. If removed, it’s a sign to indicate, even when they couldn’t tell people that they had been raided by the FBI.
    • rsync.net – first company to use things.

“When you start to gather and store information about a person that they would normally only share with their closest family and medical carers, you have a responsibility to that person to care about what happens to that data. If you do not care, in my opinion, you have no business working with private, personal medical information.” ~Emily

Legal Stuff

The diagnosis Line (what is and isn’t diagnosis).

  • Example: 23 and Me
    • Sent back statistical likelihood about genes you are carrying.
    • People don’t understand stats, were interpreting as a diagnosis.
    • Rebranded as genetic detection service (gave people analysis, no conclusions).
  • If taking data, analysing it, presenting conclusions, can be interpreted as diagnosis. This may need to be regulated.
  • US and Europe have different rules.
  • Best to present information, allow users to draw conclusions themselves.

Data protection app:

  • Only collect what you need.
  • Keep it secure.
  • Ensure relevant and up to date.
  • Only hold as much as you need for as long as you need.
  • Allow the subject of the information to see it on request.
  • Fair processing: ensure it is handled in ways that are transparent and that they would reasonably expect.
  • Do not transfer outside of the EEA unless compliance is ensured.

HL7 and HIPPA

  • Standard for sharing health data and US version.
  • International standards for interoperability of health information technology.
  • HealthKit does not conform to HL7 but does to HIPAA.

Don’t overlook data. Don’t lose anything.

Technological

Secure storage:

  • Disk encryption.
  • Public key infrastructure.
  • IP security.
  • Data masking.
  • Data erasure.

Apple doesn’t seem to have published how they are storing.

Not just about how you’re storing but also about your process. If only need to bribe one person, then your data is not secure.

Pseudonymisation:

  • Huge topic.
  • Ensuring individuals are statistically hard to identify from data.
  • Separating out PII from other information:
    • Different servers, databases.
  • Why should they not be identifiable:
    • E.g. Cancer patients data leak. Sold onto a research company, contained contact data and occupations. Patients were contacted directly, and asked intrusive questions.
  • Who is accessing your data and what do they need?
    • E.g. Insurance company. If could recognise people, might give them higher premiums because of things like not taking medication on time.

A11y:

  • Good practise.
  • Think about who your audience is.
    • e.g. Parkinsons, tremors.
  • Coordination symptoms.
  • Medication side effects.

Miscalibration:

  • E.g. Therac-25
    • Radiation machine. One high powered beam used with something else, other low.
    • 6 accidents resulted in 6 patients being given 100x intended dose.
    • Caused by a race condition caused by a byte counter overflow in the calibration.
    • Poor calibration could cause a lot of harm – giving people bad information about their medical state.
  • Check and double check calibration.
  • Publish your algorithms.

Localisation – conversions:

  • HealthKit and GFit provide APIs for this.
  • Even NSA get this wrong:
    • E.g. Mars client auditor.
  • Language.
    •  American Airlines. “Fly in leather” campaign, became “Fly Naked”
    • Dairy association. “Got milk?” became “Are you lactating?”
    • Pepsi. “Pepsi will bring your ancestors back from the dead”

Data provenance:

  • Where does data come from, and can it be trusted?
    • Important both for data you use and data you provide.
    • Especially if selling on to research organisations.
  • How accurate is it?
  • How could inaccuracy hurt my users?
  • Impact of HealthKit and GFit. You do not know where that data is coming from.

Why Bother?

Common causes of death. If could make apps to make these people to live more fulfilling lives, or prevent them from getting that condition in the first place.

Most common chronic conditions: high blood pressure. Altzimers. Could improve lives,

  • Improve lives, maybe even save a few.
  • Empower people.
  • Improve quality of care.
  • Provide data to help solve.
thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
[personal profile] thorfinn
First, if you're a unix sysadmin or anyone running any web services that pass through a unix server, ow. Hope you've got overtime pay.

For anyone who cares to read more about the details of what the bug is and what it can do, etc, I refer you to Troy Hunt's post of yesterday ( http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html ).

If you're a normal person hearing about this, then then there are a few things you can and should do:

1. Check that your home wifi router is not able to be accessed via the Internet (usually for administration purposes). If that is on, and your router runs Linux (and many of them do), it's potentially a problem. Check your instruction leaflet for whether this can be on or not and turn it off if it is. Then check how to download the latest "firmware" for your router, in a few weeks time you'll want to do that. If you have any other devices that are accessible "via the Internet", you probably want to find out if they're Linux based and turn that feature off too.

2. If you're a Mac OS X user, if your machine only ever joins networks with trusted machines on it, you're probably safe for now. But just in case or if you ever join public networks, open System Preferences - Sharing. If Printer Sharing is on, you want to turn it off. if you're using an old version of Mac OS, you may have Web Sharing turned on, you also want to turn it off. New versions of Mac OS don't have Web Sharing, unless you're running OS X Server. If you have Remote Login active, just check that you do not Allow Access for All Users. Other than that, wait for Apple to issue an OS Software Update that fixes the problem.

3. If you're a Linux user, you probably want to run your Linux version's package updater right now. And again in a few days time, as the bash maintainers have not actually released a patch that fully fixes the problem yet.

4. This is a similar situation to the Heartbleed bug ( my PSA from last time - http://thorfinn.dreamwidth.org/tag/heartbleed ) in that web servers may potentially be broken into (it's even worse technically). You will need to confirm with website owners that they were either not vulnerable, or were vulnerable and have fixed the bug, then change your password on that service. Again. Yes, I know. Tiresome. Sorry. :-( It's probably best to just prioritise the important sites (net banking, and anything with serious personal consequences), and do those in a few days time.

5. If you use unique passwords for every site you log in to, that at least limits any potentially stolen passwords to sites that are vulnerable and lessens the urgency on changing every password you have. That's why, if you haven't already, now is the time to find a password keeper application to randomly generate new unique passwords for every single site you log in to and store them for you. If you're an Apple only person, the iCloud Keychain is quite good and free, otherwise I highly recommend 1Password ( https://agilebits.com/onepassword ). LastPass ( https://lastpass.com ) showed themselves to be reasonably good at security (and they support Linux). There are other options for secure password keepers, if people who use other good ones wish to mention them in comments, please feel free.
[syndicated profile] epbot_feed

Posted by Jen

New project time!

I figure John and I are far enough along now to - knock on wood - avoid the Epbot curse. (That's the one where I doom a project by mentioning it here before it's finished. :))

This will be more of a build walk-through than a tutorial, though I'm happy to answer any questions I can. It's one of the most complex things John and I have ever tackled, which is funny, considering it looks pretty simple:

 Oh, did I mention? 

We're building Claptrap.

Woot woot!


Of course by "we" I mostly mean "John," though I'm helping where I can. Plus it'll be my turn to take over soon, since I get to handle all the painting and finishing. o.0

John got the lion's share of the body done in just three days, after which I think he realized just how complex this build is. So many details and funky angles! We're around the 2 week mark now, with John working at least a couple of hours a day.


First steps: scale drawings (using measurements taken from in-game screen shots) and a quick arm mock-up.
Transferring templates to wood.

Attaching inner frame.

John used an old sample board of wood stains for the inner frame, which is why it looks so pretty. :)

Block supports & thin wood laminate to make the inner curve on the front:
 The laminate was actually my idea. See? HELPING.


 
Sliding in the bottom panel.



We decided on a hinged top panel, so we can access the insides later:

(You can also see the inner side panels coming along; those will be filled with wires & tubing later.)

John did a great job recessing the hinges, so you shouldn't see them at all once it's painted.

The eye flap is reinforced underneath with a wedge of wood cut to the same angle.

A quick mock-up of the eye, which is made from a stryofoam ball & PVC pipe:


The front wheel surround was a pain; John re-did it three times to appease a particularly demanding supervisor [smirk]:

In the supervisor's defense, now it's practically perfect.

The wheel is a used go-kart tire John ordered online - our most expensive piece so far, since we had to buy two for $45, including shipping. It's the perfect size, though, and the tread is close to Claptrap's.

 

The hubcaps are screwed into four wood supporting blocks inside the wheel, and the inset is a PVC threaded reducer. There's also an inflated bicycle tire in there, for padding.

 
I had John add an inner wooden ring to the hubcap, both to hide the joint & to better match Claptrap.

The wheel shaft and assembly is made from more PVC pipe, plus cast iron flanges John had left over from an old project:


Taking the new wheel assembly for a test spin!

Here I am starting my first attempt at cell-shading for the paint job:

 Adding thick, sloppy borders on purpose is really hard for a perfectionist. Had to keep going back to mess it up a bit.

(If you're not familiar with the cell-shading look for Borderlands cosplay, here's an example:

 The game has a graphic, comic book sketchy feel, with lots of heavy outlines & almost cartoony shading.)

So, after shading, highlighting, and adding some grunge:
 Eh. Satisfied enough to keep going!
 
The struts were harder; I initially made them way too clean & realistic. I kept going back, adding more and more "sketchy" lines to really drive home the graphic cartoony feel.

 For the finishing touch I made two faux screw heads from "Bead in a Bottle" paint:

(Pipe the paint onto a smooth piece of plastic or glass, let it dry completely, pop it off, and use a craft blade to make the screw-head indentation. Easy-peasy!)

Screws in place, and outlined with more black paint:

 We have a wheel!!

Think I'll end there for now. Next time I'll show you guys some of the fun stuff we're doing with the front panels, which light up and are looking pretty cool, if I do say so myself. :)

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

As if consumers weren’t already suffering from breach fatigue: Experts warn that attackers are exploiting a critical, newly-disclosed security vulnerability present in countless networks and Web sites that rely on Unix and Linux operating systems. Experts say the flaw, dubbed “Shellshock,” is so intertwined with the modern Internet that it could prove challenging to fix, and in the short run is likely to put millions of networks and countless consumer records at risk of compromise.

The bug is being compared to the recent Heartbleed vulnerability because of its ubiquity and sheer potential for causing havoc on Internet-connected systems — particularly Web sites. Worse yet, experts say the official patch for the security hole is incomplete and could still let attackers seize control over vulnerable systems.

The problem resides with a weakness in the GNU Bourne Again Shell (Bash), the text-based, command-line utility on multiple Linux and Unix operating systems. Researchers discovered that if Bash is set up to be the default command line utility on these systems, it opens those systems up to specially crafted remote attacks via a range of network tools that rely on it to execute scripts, from telnet and secure shell (SSH) sessions to Web requests.

According to several security firms, attackers are already probing systems for the weakness, and that at least two computer worms are actively exploiting the flaw to install malware. Jamie Blasco, labs director at AlienVault, has been running a honeypot on the vulnerability since yesterday to emulate a vulnerable system.

“With the honeypot, we found several machines trying to exploit the Bash vulnerability,” Blasco said. “The majority of them are only probing to check if systems are vulnerable. On the other hand, we found two worms that are actively exploiting the vulnerability and installing a piece of malware on the system. This malware turns the systems into bots that connect to a C&C server where the attackers can send commands, and we have seen the main purpose of the bots is to perform distributed denial of service attacks.”

The vulnerability does not impact Microsoft Windows users, but there are patches available for Linux and Unix systems. In addition, Mac users are likely vulnerable, although there is no official patch for this flaw from Apple yet. I’ll update this post if we see any patches from Apple.

Update, Sept. 29 9:06 p.m. ET: Apple has released an update for this bug, available for OS X Mavericks, Mountain Lion, and Lion.

The U.S.-CERT’s advisory includes a simple command line script that Mac users can run to test for the vulnerability. To check your system from a command line, type or cut and paste this text:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable
 this is a test

An unaffected (or patched) system will output:

 bash: warning: x: ignoring function definition attempt
 bash: error importing function definition for `x'
 this is a test

US-CERT has a list of operating systems that are vulnerable. Red Hat and several other Linux distributions have released fixes for the bug, but according to US-CERT the patch has an issue that prevents it from fully addressing the problem.

The Shellshock bug is being compared to Heartbleed because it affects so many systems; determining which are vulnerable and developing and deploying fixes to them is likely to take time. However, unlike Heartbleed, which only allows attackers to read sensitive information from vulnerable Web servers, Shellshock potentially lets attackers take control over exposed systems.

“This is going to be one that’s with us for a long time, because it’s going to be in a lot of embedded systems that won’t get updated for a long time,” said Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley. “The target computer has to be accessible, but there are a lot of ways that this turns accessibility into full local code execution. For example, one could easily write a scanner that would basically scan every Web site on the planet for vulnerable (Web) pages.”

Stay tuned. This one could get interesting very soon.

[syndicated profile] female_cs_feed

Posted by Gail Carmichael

I've been trying something a little bit different for our CS2 class this semester.  The course typically covers object-oriented programming in Java along with topics like recursion.  In fact, students becoming proficient in Java is one of the hard requirements of the course.  But students who have recently passed the course did not seem sufficiently prepared for what came next: systems programming with C.  In fact, some students (barely) passing the course seemed not to be able to program sufficiently well on their own at all.

I knew there was an appetite to try something new, and I thought I had the perfect book to try out: Think Like a Programmer.  Only problem was that the book uses C++, and as I said above, we need to use Java.  I ended up chatting with a member of our curriculum committee about it, and we realized that maybe, just maybe, we could do both.  We could teach just a bit of C++ so students would understand the book, and do our major examples and assignments in Java.  So that's what I'm doing.  The question is, will it turn out well, or end in disaster?


In some ways, it seems like trying to cover two languages in a course where many students can't grasp even one is a really bad idea.  But hear me out.  I am not trying to teach them how to be proficient C++ programmers.  My goal is only to show enough C++ so that students can understand Think Like a Programmer, and even more importantly, so that I can more explicitly illustrate some key concepts in Java that are normally hidden away.

For example, C++ makes you choose whether you are passing by reference.  With some simple examples, I can illustrate the difference between pass-by-reference and pass-by-value more clearly. When we get to Java, I can easily explain what gets passed by reference automatically.  Understanding dynamic memory can also be made more explicit in C++, then applied to topics like creating linked lists in Java.  Even the fact that C++ allows me to build up to objects without needing to have a dummy class in the meantime is quite helpful.

We're only in our third full week of class so far, and we're just getting started on Java.  So I don't know yet how well this experiment will work once we have the two languages going side by side.  But I can say that it has been very beneficial to be able to approach the course using the problem-solving perspective of Think Like a Programmer and the slightly lower level view that C++ allows for things like how variables and arrays are stored in memory.  If this continues working well, I think this could be a winner.

I'll be soliciting anonymous feedback after a couple of weeks of using both languages, and hope to report back after I get some data from students.  Eventually I'll also share more details about the course design itself.

In the meantime, I wold love to hear your opinion - does this approach have potential, or do you see it as a disaster waiting to happen?

Profile

terriko: (Default)
terriko

September 2014

S M T W T F S
 123456
78 910111213
141516 17181920
2122 2324252627
282930    

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 30th, 2014 05:52 pm
Powered by Dreamwidth Studios