Feb. 8th, 2016 10:01 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
Source: http://doublewbrothers.deviantart.com/art/Diplomacy-543551833

North Cowrea is gonna toast.

Happy lunar new year! It's the year of the fire monkey. Wear red.
[syndicated profile] bruce_schneier_feed

Posted by schneier

Today, Data and Goliath is being published in paperback.

Everyone tells me that the paperback version sells better than the hardcover, even though it's a year later. I can't really imagine that there are tens of thousands of people who wouldn't spend $28 on a hardcover but are happy to spend $18 on the paperback, but we'll see. (Amazon has the hardcover for $19, the paperback for $11.70, and the Kindle edition for $14.60, plus shipping, if any. I am still selling signed hardcovers for $28 including domestic shipping -- more for international.)

I got a box of paperbacks from my publisher last week. They look good. Not as good as the hardcover, but good for a trade paperback.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Before purchasing an “Internet of things” (IoT) device — a thermostat, camera or appliance made to be remotely accessed and/or controlled over the Internet — consider whether you can realistically care for and feed the security needs of yet another IoT thing. After all, there is a good chance your newly adopted IoT puppy will be:

-chewing holes in your network defenses;
-gnawing open new critical security weaknesses;
-bred by a vendor that seldom and belatedly patches;
-tough to wrangle down and patch

In April 2014, researchers at Cisco alerted HVAC vendor Trane about three separate critical vulnerabilities in their ComfortLink II line of Internet-connected thermostats. These thermostats feature large color LCD screens and a Busybox-based computer that connects directly to your wireless network, allowing the device to display not just the temperature in your home but also personal photo collections, the local weather forecast, and live weather radar maps, among other things.

Trane ComfortLink II thermostat.

Trane ComfortLink II thermostat.

Cisco researchers found that the ComfortLink devices allow attackers to gain remote access and also use these devices as a jumping off point to access the rest of a user’s network. Trane has not yet responded to requests for comment.

One big problem is that the ComfortLink thermostats come with credentials that have hardcoded passwords, Cisco found. By default, the accounts can be used to remotely log in to the system over “SSH,” an encrypted communications tunnel that many users allow through their firewall.

The two other bugs Cisco reported to Trane would allow attackers to install their own malicious software on vulnerable Trane devices, and use those systems to maintain a persistent presence on the victim’s local network.

On January 26, 2016, Trane patched the more serious of the flaws (the hardcoded credentials). According to Cisco, Trane patched the other two bugs part of a standard update released back in May 2015, but apparently without providing customers any indication that the update was critical to their protection efforts.

What does this mean for the average user?

“Compromising IoT devices allow unfettered access though the network to any other devices on the network,” said Craig Williams, security outreach manager at Cisco. “To make matters worse almost no one has access to their thermostat at an [operating system] layer to notice that it has been compromised. No one wakes up and thinks, ‘Hey, it’s time to update my thermostats firmware.’ Typically once someone compromises these devices they will stay compromised until replaced. Basically it gives an attacker a perfect foothold to move laterally though a network.”

Hidden accounts and insecure defaults are not unusual for IoT devices. What’s more, patching vulnerable devices can be complicated, if not impossible, for the average user or for those who are not technically savvy. Trane’s instructions for applying the latest update are here.

“For organizations that maintain large amounts of IoT devices on their network, there may not be a way to update a device that scales, creating a nightmare scenario,” Williams wrote in an email explaining the research. “I suspect as we start seeing more IoT devices that require security updates this is going to become a common problem as the lifetime of IoT devices greatly exceed what would be thought of as the typical software lifetime (2 years vs 10 years).”

If these IoT vulnerabilities sound like something straight out of a Hollywood hacker movie script, that’s not far from the truth. In the first season of the outstanding television series Mr. Robot, the main character [SPOILER ALERT] plots to destroy data on backup tapes stored at an Iron Mountain facility by exploiting a vulnerability in an HVAC system to raise the ambient temperature at the targeted facility.

Cisco’s writeup on its findings is here; it includes a link to a new Metasploit module the researchers developed to help system administrators find and secure exploitable systems on a network. It also can be used by bad guys to exploit vulnerable systems, so if you use one of these ComfortLink systems, consider updating soon before this turns into a Trane wreck (sorry, couldn’t help it).

[syndicated profile] cakewrecks_feed

Posted by Jen

Since I started this blog I've seen my share of cakes crammed onto real live ladies. Here's a croquembouche dress:



Here's a cupcake skirt:

(I'd eat that.)


And here's an edible wedding dress guaranteed to make you never want an edible wedding dress:


[slowly backing away in horror]


But all of that pales in comparison to whatever the heck is happening in this photo:


Now, I know there's a lot of crazy to take in up there, but keep your eyes on the bananas.

See them?


Now you can scroll down:


Ok, so, a few things:

1) There are now bananas artfully draped on the womens' shoulders. I bet you never thought someone could artfully drape a banana. Or that someone would consider a conjoined torso cake with real live ladies sticking out of either end an appetizing idea. BUT THERE THEY BOTH ARE.

2) The candles. Why? Is this a birthday party?

3) WAIT. Is it Beetlejuice's birthday? THAT WOULD EXPLAIN... well, at least the stripey parts.

4) Now I want shrimp cocktail.

5) You Beetlejuice fans got that one. You're welcome.


Thanks to Amy, Evelyn D., Jessica S., & Jemma S. for sending in those pics with absolutely no explanation. I mean, it's just more fun to imagine all the many, MANY reasons why this is a thing that happened.


I'll, uh, come up with one eventually, I'm sure.


Thank you for using our Amazon links to shop! USA, UK, Canada.

Exploiting Google Maps for Fraud

Feb. 8th, 2016 06:52 am
[syndicated profile] bruce_schneier_feed

Posted by schneier

The New York Times has a long article on fraudulent locksmiths. The scam is a basic one: quote a low price on the phone, but charge much more once you show up and do the work. But the method by which the scammers get victims is new. They exploit Google's crowdsourced system for identifying businesses on their maps. The scammers convince Google that they have a local address, which Google displays to its users who are searching for local businesses.

But they involve chicanery with two platforms: Google My Business, essentially the company's version of the Yellow Pages, and Map Maker, which is Google's crowdsourced online map of the world. The latter allows people around the planet to log in to the system and input data about streets, companies and points of interest.

Both Google My Business and Map Maker are a bit like Wikipedia, insofar as they are largely built and maintained by millions of contributors. Keeping the system open, with verification, gives countless businesses an invaluable online presence. Google officials say that the system is so good that many local companies do not bother building their own websites. Anyone who has ever navigated using Google Maps knows the service is a technological wonder.

But the very quality that makes Google's systems accessible to companies that want to be listed makes them vulnerable to pernicious meddling.

"This is what you get when you rely on crowdsourcing for all your 'up to date' and 'relevant' local business content," Mr. Seely said. "You get people who contribute meaningful content, and you get people who abuse the system."

The scam is growing:

Lead gens have their deepest roots in locksmithing, but the model has migrated to an array of services, including garage door repair, carpet cleaning, moving and home security. Basically, they surface in any business where consumers need someone in the vicinity to swing by and clean, fix, relocate or install something.

What's interesting to me are the economic incentives involved:

Only Google, it seems, can fix Google. The company is trying, its representatives say, by, among other things, removing fake information quickly and providing a "Report a Problem" tool on the maps. After looking over the fake Locksmith Force building, a bunch of other lead-gen advertisers in Phoenix and that Mountain View operation with more than 800 websites, Google took action.

Not only has the fake Locksmith Force building vanished from Google Maps, but the company no longer turns up in a "locksmith Phoenix" search. At least not in the first 20 pages. Nearly all the other spammy locksmiths pointed out to Google have disappeared from results, too.

"We're in a constant arms race with local business spammers who, unfortunately, use all sorts of tricks to try to game our system and who've been a thorn in the Internet's side for over a decade," a Google spokesman wrote in an email. "As spammers change their techniques, we're continually working on new, better ways to keep them off Google Search and Maps. There's work to do, and we want to keep doing better."

There was no mention of a stronger verification system or a beefed-up spam team at Google. Without such systemic solutions, Google's critics say, the change to local results will not rise even to the level of superficial.

And that's Google's best option, really. It's not the one losing money from these scammers, so it's not motivated to fix the problem. Unless the problem rises to the level of affecting user trust in the entire system, it's just going to do superficial things.

This is exactly the sort of market failure that government regulation needs to fix.

[syndicated profile] accidentallyincode_feed

Posted by Cate

Tiny Raccon perches on a pillow on a business class airline seat. Below sits a passport, in a case that says "without this I'm nothing"

Tiny Raccoon would like to always travel in style. One day.

About a year ago I wrote about how I get myself uninvited from unflattering speaking invitations (TL;DR I use them as negotiation practise). And last August I wrote about the different options that speakers have when it comes to travel costs – including not going.

I was pretty public about not speaking if there was no real code of conduct, and I shared my costs for becoming a “public speaker” in 2014, but the thing I didn’t directly address last year was how I approached the money aspect.

My general rule last year was no travel, no Cate. I made a couple of exceptions and accepted accommodation-only where it worked for me (basically I wanted to go somewhere anyway, and if I gave a talk, I could make a case to write the flights off against tax), and covered my own very minimal costs to get to a local event that I loved the year before.

I said no to some things, but mostly just didn’t apply to things – I also find it useful that Technically Speaking highlights what travel costs are covered. And a big part of the reason why we do that is because we think it’s an inclusivity issue. This post covers it really well.

Anyway I learned some things last year about speaking and travel and what I was and wasn’t OK with. For example taking 4 flights because the conference had a limited budget. Turns out I’m not willing to spend one of my limited 24 hour days taking extra planes just because. We eventually found a compromise, but I learned something important about conferences that agree to cover international flights – check how much they think an international flight costs, especially if you are not flying from a major hub. Because you might expect max 1 change on the airline you have status with and they might think 3 changes $random_airline is acceptable.

This year I’m limiting myself to 6 talks, and getting more invitations, which means more opportunities for negotiation practise. But also, I can ask work to pay for travel, which also changes things.

However I’m not changing my policy, really. Because even if I don’t necessarily need my travel covered, I don’t want to speak at or attend events where only speakers who can have their companies cover travel can speak.

So in 2016:

  • For more community events, especially where I know the organisers, I’m willing to ask work to cover my travel in exchange for being listed as a sponsor if there is also provision for other speakers to have their travel covered. In one instance me doing this meant that the organiser could invite another woman speaker. Amazing.
  • For corporate events (I have a definition of this in my head, but it  lacks diplomacy and seems unwise to share it), I want travel / accomodation covered. Star Alliance, minimum connections.

I’m not a diva. Well OK, I’m not that much of a diva. But my time is valuable, and to me this is an extension of the Code of Conduct thing – I only want to speak at or be associated with events that make an effort for inclusivity, and I believe that travel costs are an inclusivity issue.

Two years ago, I didn’t know what I was doing and frankly as an unknown couldn’t afford to be that hardline about it. I’ve worked (and paid my own way to speak) to get to this place of privilege where I can say “this is what I want” and where I don’t feel like I’m missing out if I can’t get an agreement. I hope being public about it encourages other people (who also have this privilege) to as well.

Music - Best of November 2014

Feb. 7th, 2016 08:21 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
By the time I post this compilation (Nov. 2014) I'll have about 680 posts with an average of say 5 tracks each = 3,400 tracks left to listen to to catch up. No way am I going to be caught up before Season Six starts. 9_6

We have six tracks this time around. Electronica, piano, new wave, pop, musical and doowop.

Hay Tea -- As The Dreams Pass. Chill house electronica with a strong beat. It's a remix of track by Risen, but Risen doesn't seem to have this track.

Source: https://www.youtube.com/watch?v=XWwuAorn5b8

Soundcloud (wav): https://soundcloud.com/hat-3/as-the-dreams-pass-hay-tea-remix
Mediafire (mp3): http://www.mediafire.com/listen/wg2v0m8t5m3fpa9/As+The+Dreams+Pass+%28Hay+Tea+Remix%29.mp3
Five more under the cut )

This Week

Feb. 7th, 2016 09:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

Click to view slideshow.


Getting used to the altitude and trying to find a rhythm where I swim in the evening. Went to the spa which I really needed. Trying to be better about one day a week no computer, and getting back to reading a novel a week. Last weekend I went to the Botanical Gardens.

I bought myself some flowers which is nice – been a long time since I was still for long enough to have flowers, and jam (approaching Peak Domestication here), and also a new swim suit and a bunch of stuff from Clinique.


Great! My boss or I will do a call with anyone underrepresented in tech working on mobile this month who wants one [tweet], I did my first one already and it was awesome.

We reopened sales of Technically Speaking tshirts, available until February 24th.

I’m speaking at Self.Conference in Detroit in May! Super excited about this.


Went to In Situ restaurant at the Botanical Gardens, which was nice, and La Provincia which was a lovely way to follow the spa. Had brunch at Ganso and Castor, which was lovely, and where I found the jam.


Still reading One Strategy, watching How I Met Your Mother season 5. Read All The Difference (loved this – about how one choice changes things, or doesn’t), and The One That Got Away (I liked this, until it got to the woman didn’t believe in man who had previously behaved badly, had to make up for it).

Product links Amazon.


A new edition of Technically Speaking is out.

On the Internet

Superb Owl Sunday Sweets

Feb. 7th, 2016 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

As I'm sure most of you know, it's Super Bowl Sunday. To those of us who aren't fans of sportsball, though, it's Superb Owl Sunday.

Our day has less cheering, sure, but what it lacks in beer and hot wings it more than makes up for with adorable cakes:

(By Little Boutique Bakery)

Like this!


Or this:

(By Couture Di Sucru)


I like how this one uses piped buttercream to mimic the texture of wood grain:

(By You've Been Cupcaked)

Also, baby owl. 'Nuff said.


Here's one that's ALL buttercream - no fondant!

(By White Flower Cake Shoppe)

Just to remind you guys that it CAN be done.


Love the colors on this one:

(By Fat Cakes Design)

Plus the way the branch wraps around the two tiers.


Check out the detail in these feathers:

(By Cake Crumbs)



Who else needs these owl wedding toppers?

(By Delicut Cakes)

And though it's not necessarily owl-related, I'm digging all the great textures on each tier.


It turns out owls are PERFECT for baby shower cakes:

(By Ann-Maries Cakes)



I like how this tree adds a 3D element:

(By Dream Cakes By Robyn)


Of course, I have to include the world's most magical owl:

(By Delectable Cakes)


Who looks surprisingly cute in Harry's glasses.


And finally, a dramatic cutie with wafer paper feathers:

(By The Cake Tin)



Happy Superb Owl Sunday, everyone!


Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] epbot_feed

Posted by Jen

Last post I covered all the awesome costumes from Universal's Potter Celebration, so now let's take a look at the special exhibits and events they had going throughout the weekend. 

First, and probably the biggest draw, there were several cast Q&As on the main stage:

These included the actors who played Ron, Cho Chang, Ginny, Neville, and Luna.  


We especially enjoyed Neville's 70's 'stache and sideburns - which he mentioned are for a new project:
The giant screens were really helpful, and even standing as far back as we were, I could hear a lot of their answers. (The Leaky Cauldron live-streamed some of these panels, btw, so click this way to watch video of them!)

The other two special attractions had enormous lines all weekend, so we didn't bother waiting for The Sorting Hat Experience:

Essentially a cast member holds the hat over your head, and a recording of the Hat's voice calls out which House you belong to. SO not worth a two-hour wait, unless maybe you have little ones.

The thing worth waiting for was the special Potter Expo:

This wait never went under an hour all three days we were there, and it even closed early 2 of the 3 days because the crowds were so big. Universal made the wait bearable by showing the cast Q&A or the movies on a giant screen over the queue, though, which was a nice touch.

Once inside you could shuffle through a short line arranged around a bunch of merchandise displays:

Oddly enough you couldn't buy any of this stuff there, though; this giant Fluffy and the Fawkes over head were from FAO Schwartz.

These Hedwig and Buckbeak hats were pretty much the greatest things in the entire building:

» Read More

Harmony Holiday: Honesty

Feb. 6th, 2016 08:44 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot

I got lucky finding Applejack swag for this Harmony Day. I went questing on Thursday and came home with just about all the goodies you see here. I was quite pleased to snag a Funrise with hat! What I couldn't find was a big Ty plush, but I knew that I could get one in the boutique at work, so I picked that up during my lunch break (I took the picture at morning break, right before eating the cake). I also didn't have much in the way of a custom cake either. I just bought a regular (and tasty!) custard with fruit cake, had an inscription made (in chocolate, on the ribbon) and perched a figure on top. I don't feel like paying an extra $10 for laser-printed icing on a generic cake.

[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • Fathers: maybe stop mentioning your daughters to earn credibility on women’s issues | Medium: “We have to take our time and earn trust. We have to show up to those women’s meetings — and listen. We have to volunteer to do the busy work it takes to make diversity initiatives run. We’ve got to apologize when we mess up. We have to make our workplaces more hospitable to all kinds of people. We have to hire marginalized people. And we’ve got to read, read, read all we can to make sure we know what we are talking about and never stop because we probably still don’t. Our daughters are awesome. But at work, lets make things better for everyone.”
  • Dear White Women in Tech: Here’s a Thought — Follow Your Own Advice by Riley H | Model View Culture: “Instead of being useful to us, all I see is that white women are quite happy to talk at all-white panels and call it diversity in tech and gaming. You’re happy to use the means afforded to you for being white to play a good game and make a good face while doing nothing meaningful for women of color. You’re screaming and shouting all day about your own shallow versions of feminism while the women of color you claim to represent are trying to simultaneously hold their heads up to stay above water, and down to avoid choking on smoke.”
  • How startups can create a culture of inclusiveness | The Globe and Mail: “As a young female in a leadership position at a successful tech startup, who also happens to be visibly religious, I know a thing or two about representing minorities in the workplace. After years of hearing and reading about the lack of diversity in startups and personally encountering what seem like isolated incidents, I’ve noticed a very real pattern of exclusivity. Here are a few things I’ve learned during my career at several Toronto startups on building a workplace culture that is collaborative, inclusive, and one that can help accelerate the growth of your company.”
  • This 2014 Sci-Fi Novel Eerily Anticipated the Zika Virus | Slate: “There is a better science fiction analog to the Zika crisis: The Book of the Unnamed Midwife, by Meg Elison, which was published in 2014 In Children of Men, abortion and birth control are rendered moot; in The Book of the Unnamed Midwife, birth control and a woman’s right to bodily autonomy are central to the plot.”
  • Let’s Talk About The Other Atheist Movement | Godlessness in Theory: “Over the last twenty-four hours, with media fixated on Dawkins’ absence from one upcoming convention, atheists have been gathered at another in Houston. The Secular Social Justice conference, sponsored jointly by half a dozen orgs, highlights ‘the lived experiences, cultural context, shared struggle and social history of secular humanist people of color’. Sessions address the humanist history of hip hop, the new atheism’s imperialist mission and the lack of secular scaffolds for communities of colour in the working class US, whether for black single mothers or recently released incarcerees. Perhaps we could talk about this?”
  • Computer Science, Meet Humanities: in New Majors, Opposites Attract | Chronicle of Higher Education: “She chose Stanford University, where she became one of the first students in a new major there called CS+Music, part of a pilot program informally known as CS+X.Its goal is to put students in a middle ground, between computer science and any of 14 disciplines in the humanities, including history, art, and classics. And it reduces the number of required hours that students would normally take in a double major in those subjects.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

NSA Reorganizing

Feb. 5th, 2016 03:15 pm
[syndicated profile] bruce_schneier_feed

Posted by schneier

The NSA is undergoing a major reorganization, combining its attack and defense sides into a single organization:

In place of the Signals Intelligence and Information Assurance directorates ­ the organizations that historically have spied on foreign targets and defended classified networks against spying, respectively ­ the NSA is creating a Directorate of Operations that combines the operational elements of each.

It's going to be difficult, since their missions and culture are so different.

The Information Assurance Directorate (IAD) seeks to build relationships with private-sector companies and help find vulnerabilities in software ­ most of which officials say wind up being disclosed. It issues software guidance and tests the security of systems to help strengthen their defenses.

But the other side of the NSA house, which looks for vulnerabilities that can be exploited to hack a foreign network, is much more secretive.

"You have this kind of clash between the closed environment of the sigint mission and the need of the information-assurance team to be out there in the public and be seen as part of the solution," said a second former official. "I think that's going to be a hard trick to pull off."

I think this will make it even harder to trust the NSA. In my book Data and Goliath, I recommended separating the attack and defense missions of the NSA even further, breaking up the agency. (I also wrote about that idea here.)

And missing in their reorg is how US CyberCommmand's offensive and defensive capabilities relate to the NSA's. That seems pretty important, too.

Friday Favs 2/5/16

Feb. 5th, 2016 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Some of my favorite new submissions this week:


Anna writes, "I spelled it out three times for them over the phone."

See, there's your problem right there, Anna: that you had to spell it in the first place.


This bakery display has really captured the zeitgeist of winter:


That inexplicable feeling when your baker replaces almost all of the Rs on your cake with Cs:

I am so confused cight now, you guys. Foc ceal.


Here's this week's moment of someone-was-paid-to-do-this-like-on-purpose-no-really:

A demented smiley face...



...pink sperm on its head!

It's a great day for America, e'erbody.


And last but not least, a tail of beauty:


...and a tail of WHOA:

So sorry, Sarah H. I hope you didn't shell out a lot of clams to make this to scale. :D
(Sea what I did there?)


Thanks to Anna H., Kathryn D., Martin G., Kristi W., Gisele M., & Sarah H. for the "mermaid-to-order" wreckage.


Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

My notes from @jessiechar‘s talk at @nsconf [video].


Credit: Wikimedia

Going through a period of transition. Very fluid. Feel uncomfortable prescribing processes to people.

Ambivalence is not the same as apathy. Ambivalence – caring too much about both sides to make a decision. Apathy – not caring enough to make a decision. Same result, but different. Why process is so interesting.

Really easy to spout an opinion out and find people to agree with you. Like a drug. Feels so good to have people agree with you about things.

Then people grow these army of supporters, live in this world of everywhere they think turns to gold. And then why not profit about that.

Common in design critique.

Part of it is moving fast – want to make quick calls, save time for people. But realise later lost elements they liked, or gained elements they don’t.

What appears convictive and decisive crumbles.

Can be easier to be convictive when not constantly stating opinions.

State what isn’t working, not what should happen.

Prescriptive feedback can have good intentions, but if no description provided it can lead you down a rabbit hole.

Taking a step back from opinions can help you give a much more clear explanation of what you think.

White dress / blue dress – good illustration of how people can perceive the same information completely differently.

Develop a shared vocabulary. When you work with other people, important to have shared goals, want to have the same end goal. But some things can get lost in translation. Debates where people agree, but think they disagree because of the words they are using. Or the opposite, can really bites you in the ass later.

PSA: Sometimes you find someone’s understanding of something does not match up with your own understanding. Lot of people correct people on the internet. Starts with “Actually”, it sounds like a question, but not a question. Actually is a state of mind, where you feel the need to adjust everyone’s opinion. Sentiment – you hear something somebody else thinks and “actually, I disagree with you”. Actually is the truth or fact of the situation. Try and avoid that kind of interaction with people, that kind of corrective tone.

Communication on a scale: literal meaning, to colloquial understanding. Sweet spot in the middle. Then buzz words, the aspirational words that people use. It’s like language inflation, and even appropriation.

Rock star. What it really means is a celebrity known primarily for making music.

Means: we want someone who is good at their job

Read: an entitled engineer who sends passive aggressive emails to the office manager when the kegerator is tapped out.

Raconteur. A person uses captivating narrative to convey a story.

Mean: A person who cares about the overall experience of a project to which they contribute.

Read: A marketing person who didn’t get their MBA but still wants to sound fancy on LinkedIn.

Bespoke: Made to order clothes.

Mean: Artisanal solutions for discerning customer.

Read: Regular work with a different name.


Commotion over GG. Feminism finally became widely discussed topic. Think she might be exempt for it, because doing pretty well. But death threats and violent comments are not the entry level to sexism.

“But you can fix a computer but I bet you can’t cook an egg!” ~Guy at the Apple Store

Used to get way worse comments than this working at the genius bar. “Are you sure”, wanting 2nd opinions.

“Since you are competent at a traditionally masculine activity, you must suck at traditionally feminine activities.”

“I’m sorry but we just have to ask: are you an escort?” ~Dudes at WWDC.

“It is so unimaginable that a woman would attend a tech conference. You must be here to serve us in some way.”

“I work on things that make your computer work” ~Bro at a party

“I bet you don’t understand what I do for a living, so I’m going to make myself sound really impressive.”

(He worked on Yahoo Weather)

“You might make a good junior recruiter.” ~Tech Recruiter

“You don’t look like a senior manager”

“Mike, you sound calm knowledgable and respectful.

Jessie, for how cute and bubbly you sound, you know what you’re talking about” ~Podcast feedback

“Complements I receive because the bar is set so low for me, that anything I do is over it.”

Unconscious bias. Not about being a good or bad person. Insidious. Not just about how people view her, about how she ends up viewing herself.

Feedback most often get is about how her voice sounds. Sounds like nails on a chalkboard. Fast forward through every time talks. Other person said they had to stop listening to podcast because voice is so annoying. External say, that is a jerk. But wondered if just had a high pitched voice, not for radio, but podcast okay.

NPR feedback on women’s voices.

  • Too high.
  • Too child like.
  • Lacks authority.
  • Vocal fry.
  • Uptalk.
  • Too low.

We don’t really know why this phenomenon happens, but probably, you know, “unconscious bias”

Might put a target on her back, but putting it out there, because men need to know. And women – to know that struggle with things do.

Talked about language, and how we should adjust, but ladies we have already adjusted too much.

It’s important to cater to the way people hear you, but it’s important that you don’t change who you are.

Kanye West “Everything in the world is exactly the same.”

Tracking Anonymous Web Users

Feb. 5th, 2016 06:56 am
[syndicated profile] bruce_schneier_feed

Posted by schneier

This research shows how to track e-commerce users better across multiple sessions, even when they do not provide unique identifiers such as user IDs or cookies.

Abstract: Targeting individual consumers has become a hallmark of direct and digital marketing, particularly as it has become easier to identify customers as they interact repeatedly with a company. However, across a wide variety of contexts and tracking technologies, companies find that customers can not be consistently identified which leads to a substantial fraction of anonymous visits in any CRM database. We develop a Bayesian imputation approach that allows us to probabilistically assign anonymous sessions to users, while ac- counting for a customer's demographic information, frequency of interaction with the firm, and activities the customer engages in. Our approach simultaneously estimates a hierarchical model of customer behavior while probabilistically imputing which customers made the anonymous visits. We present both synthetic and real data studies that demonstrate our approach makes more accurate inference about individual customers' preferences and responsiveness to marketing, relative to common approaches to anonymous visits: nearest- neighbor matching or ignoring the anonymous visits. We show how companies who use the proposed method will be better able to target individual customers, as well as infer how many of the anonymous visits are made by new customers.

No Body Is Better At Wedding Cakes

Feb. 4th, 2016 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Last Sunday we saw how bakers used fashionable dresses to inspire some stunning cakes. So TODAY...

We're not going to do that.


See, cakes that look like actual dresses-on-bodies keep popping up, and they tend to be rather creepy.

How creepy?

Well, about as creepy as you'd expect edible neck-and-arm stumps to be:

Not to mention this one looks like its floating up through the table. Spooky.


It's not so bad when the stumps look like a fabric dress form, but for some reason bakers keep making the under bits look like skin. And, worse, wrinkly skin:


Photo removed. Please enjoy this lovely picture of Epcot.



Now, you might think it'd be better to just go ahead and sculpt the whole bride:

It's not.


And don't go sticking a blow-up doll on your wedding cake, either:

This is also creepy.


Here's one that avoided the skin/stump issue entirely - which I applaud - but then fell down in the whole looking-like-a-human-body arena:


This photo also removed. Please enjoy this lovely picture of Epcot.

Definitely more centaur-shaped. The boobage section in particular is... worrisome.


Still, all of that pales in comparison to this bizarre choice of a wedding cake:

I'm actually weirdly fascinated. I... I can't look away. It's like staring into the sun. A headless, armless, legless sun. That you kind of want to hug.

Or is that just me?


Thanks to Elicia H., Caren, Angela B., Sondra D., Brenda T., Megan B., & Samantha B. for proving no body is better at weddings.


Thank you for using our Amazon links to shop! USA, UK, Canada.

Categories Considered Harmful

Feb. 4th, 2016 01:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

Credit: Wikipedia

Credit: Wikipedia

TL;DR – Don’t use categories. They just create different problems.

Categories in Obj-C are a way to add (or expose) functionality to a class without subclassing it.

You can see why this might be tempting, right? File getting a bit big, too many pragma marks, stick that bit in a category.

I want to expose this method just for testing… make a category and voila I have it.

This class someone else made does nearly everything I want, I just want this extra thing… make a category.

I have two big problems with categories. The first is that they make the code less testable. The second, that they obscure control flow.


Say you moved some code into a category because the file was getting too long. You still have all the same problems of testing a really large class… but now that class is split out over multiple files.

If categories are sensible, then they actually suggest sub-objects that could be owned by your class. Objects that can be injected, and mocked, and unit tested.

Control Flow

People throw around the phrase “composition over inheritance” without I think really knowing what it means. Categories are composition in the same way that Frankenstein’s monster is composition.

Objects with Categories are Frankenstein Monster objects. You don’t know what you have unless you look at the import statements. And what if you’ve imported a bunch of them?

And then they murder you, but it’s kind of your fault because you should have known better than to make such a thing and subject it to the torture of existence. Or something.

Sometimes inheritance is a perfectly reasonable answer.


Categories are a fix that is used way more than warrented, over other options. Defaulting to no doesn’t mean never using categories, it just means being critical before you do.

If a class is getting large, look for functionality you can move out into a separate object.

If you want to expose a method for testing why not… just stick it in the header file with a comment to that effect? And then as you write your tests think critically if it really does need to be exposed.

If you want a slight improvement on an existing class, why not just subclass (or compose it) into a new object? Bonus – you can make something that is better to inject and mock, and then you can improve testability. Wrapping library objects so that they have a better interface for testing is often a good way to go.

There’s a bunch of interesting stuff in Obj-C, but with a lot of these things – just because you can doesn’t mean you should.

Swift Extensions

When I was ranting about this on Twitter some people asked about Swift Extensions. Dot suggested that because of Protocol-oriented programming, Swift Extensions are intended for a different use.

I am not familiar enough with Swift to have a strong opinion here, but I would say that just the general idea of adding functionality to a class without subclassing it is one I have reservations about and independent of language, you should think carefully about the ramifications to the testability and maintainability of your project codebase doing it.

[syndicated profile] bruce_schneier_feed

Posted by schneier

The Internet of Things is the name given to the computerization of everything in our lives. Already you can buy Internet-enabled thermostats, light bulbs, refrigerators, and cars. Soon everything will be on the Internet: the things we own, the things we interact with in public, autonomous things that interact with each other.

These "things" will have two separate parts. One part will be sensors that collect data about us and our environment. Already our smartphones know our location and, with their onboard accelerometers, track our movements. Things like our thermostats and light bulbs will know who is in the room. Internet-enabled street and highway sensors will know how many people are out and about­ -- and eventually who they are. Sensors will collect environmental data from all over the world.

The other part will be actuators. They'll affect our environment. Our smart thermostats aren't collecting information about ambient temperature and who's in the room for nothing; they set the temperature accordingly. Phones already know our location, and send that information back to Google Maps and Waze to determine where traffic congestion is; when they're linked to driverless cars, they'll automatically route us around that congestion. Amazon already wants autonomous drones to deliver packages. The Internet of Things will increasingly perform actions for us and in our name.

Increasingly, human intervention will be unnecessary. The sensors will collect data. The system's smarts will interpret the data and figure out what to do. And the actuators will do things in our world. You can think of the sensors as the eyes and ears of the Internet, the actuators as the hands and feet of the Internet, and the stuff in the middle as the brain. This makes the future clearer. The Internet now senses, thinks, and acts.

We're building a world-sized robot, and we don't even realize it.

I've started calling this robot the World-Sized Web.

The World-Sized Web -- can I call it WSW? -- is more than just the Internet of Things. Much of the WSW's brains will be in the cloud, on servers connected via cellular, Wi-Fi, or short-range data networks. It's mobile, of course, because many of these things will move around with us, like our smartphones. And it's persistent. You might be able to turn off small pieces of it here and there, but in the main the WSW will always be on, and always be there.

None of these technologies are new, but they're all becoming more prevalent. I believe that we're at the brink of a phase change around information and networks. The difference in degree will become a difference in kind. That's the robot that is the WSW.

This robot will increasingly be autonomous, at first simply and increasingly using the capabilities of artificial intelligence. Drones with sensors will fly to places that the WSW needs to collect data. Vehicles with actuators will drive to places that the WSW needs to affect. Other parts of the robots will "decide" where to go, what data to collect, and what to do.

We're already seeing this kind of thing in warfare; drones are surveilling the battlefield and firing weapons at targets. Humans are still in the loop, but how long will that last? And when both the data collection and resultant actions are more benign than a missile strike, autonomy will be an easier sell.

By and large, the WSW will be a benign robot. It will collect data and do things in our interests; that's why we're building it. But it will change our society in ways we can't predict, some of them good and some of them bad. It will maximize profits for the people who control the components. It will enable totalitarian governments. It will empower criminals and hackers in new and different ways. It will cause power balances to shift and societies to change.

These changes are inherently unpredictable, because they're based on the emergent properties of these new technologies interacting with each other, us, and the world. In general, it's easy to predict technological changes due to scientific advances, but much harder to predict social changes due to those technological changes. For example, it was easy to predict that better engines would mean that cars could go faster. It was much harder to predict that the result would be a demographic shift into suburbs. Driverless cars and smart roads will again transform our cities in new ways, as will autonomous drones, cheap and ubiquitous environmental sensors, and a network that can anticipate our needs.

Maybe the WSW is more like an organism. It won't have a single mind. Parts of it will be controlled by large corporations and governments. Small parts of it will be controlled by us. But writ large its behavior will be unpredictable, the result of millions of tiny goals and billions of interactions between parts of itself.

We need to start thinking seriously about our new world-spanning robot. The market will not sort this out all by itself. By nature, it is short-term and profit-motivated­ -- and these issues require broader thinking. University of Washington law professor Ryan Calo has proposed a Federal Robotics Commission as a place where robotics expertise and advice can be centralized within the government. Japan and Korea are already moving in this direction.

Speaking as someone with a healthy skepticism for another government agency, I think we need to go further. We need to create agency, a Department of Technology Policy, that can deal with the WSW in all its complexities. It needs the power to aggregate expertise and advice other agencies, and probably the authority to regulate when appropriate. We can argue the details, but there is no existing government entity that has the either the expertise or authority to tackle something this broad and far reaching. And the question is not about whether government will start regulating these technologies, it's about how smart they'll be when they do it.

The WSW is being built right now, without anyone noticing, and it'll be here before we know it. Whatever changes it means for society, we don't want it to take us by surprise.

This essay originally appeared on Forbes.com, which annoyingly blocks browsers using ad blockers.

EDITED TO ADD: Kevin Kelly has also thought along these lines, calling the robot "Holos."

EDITED TO ADD: Commentary.

Joining Stripe

Feb. 3rd, 2016 11:50 pm
[syndicated profile] lecta_feed

Posted by Mary

I’ve been searching for a new position since finishing at the Ada Initiative at the end of September 2015. On January 11, I was very happy to join Stripe in Australia as a Partner Engineer, working as a technical expert with Stripe’s partners.

Stripe is the best way to accept payments online and in mobile apps. (It’s pretty cool to see the change in payments since the last time I worked in a payments company.) My job will involve working closely with Australian companies, which I am especially looking forward to after ending up with a lot of US and Silicon Valley focus over the past few years of my life.

I’ll mostly be based remotely in Sydney, with regular visits to the Australian team in Melbourne. I’m thrilled to work closely with Susan Wu, Mac Wang, and the team in Australia, as well of course as with the company as a whole. I spent my first two weeks with Stripe in San Francisco and love how friendly and welcoming my colleagues are.

Work at Stripe

Stripe is just starting to build a Sales and Partner Engineering team to go with their strong Support Engineering team. If you’re interested in joining me in the Field Engineering team at Stripe, there are multiple positions open, and they include the Head of Field Engineering and Sales Engineering Manager (to whom I will report), both San Francisco-based. If you want to work in Australia. there is a Sales Engineer position open in Melbourne.

If you want to talk to me about working at Stripe, email mary@stripe.com (hey look at that, there’s still firstname@ opportunities too!)

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

In Dec. 2015, KrebsOnSecurity warned that security experts had discovered skimming devices attached to credit and debit card terminals at self-checkout lanes at Safeway stores in Colorado and possibly other states. Safeway hasn’t disclosed what those skimmers looked like, but images from a recent skimming attack allegedly launched against self-checkout shoppers at a Safeway in Maryland offers a closer look at once such device.

Safeway Store, Germantown, Maryland

A skimming device made for self-checkout lanes that was removed from a Safeway Store in Germantown, Maryland

The image above shows an simple but effective “overlay” skimmer that banking industry sources say was retrieved from a Safeway store in Germantown, Md. The device is designed to fit directly over top of the Verifone terminals in use at many Safeways and other retailers. It has a PIN pad overlay to capture the user’s PIN, and a mechanism for recording the data stored on a card’s magnetic stripe when customers swipe their cards at self-checkout aisles.

Safeway officials did not respond to repeated requests for comment about this incident.

My local Safeway in Northern Virginia uses this exact model of Verifone terminals, and after seeing this picture for the first time I couldn’t help but pull on the terminal facing me in the self-checkout line on a recent store visit, just to be sure.

Many banks are now issuing newer, more secure chip-based credit and debit cards that are more expensive and difficult for thieves to steal and to counterfeit. As long as retailers continue to allow customers to avoid “dipping the chip” and instead allow “swipe the stripe” these skimming attacks on self-checkout lanes will continue to proliferate across the retail industry.

It may be worth noting that this skimming device looks remarkably similar to a point-of-sale skimmer designed for Verifone terminals that I wrote about in 2013.

Here’s a simple how-to video made by a fraudster who is selling very similar-looking overlay skimmers for Verifone point-of-sale devices; he calls them “Verifone condoms.” As we can see, the device could be attached in the blink of an eye (and removed quickly as well). The device in the video is just a shell, and does not include the POS PIN pad reader or card reader.

[syndicated profile] epbot_feed

Posted by Jen

Last weekend Universal held their annual Harry Potter Celebration, a special event included with regular admission. Though it's not exactly packed with new activities, the Celebration does include a great cast Q&A, a "Sorting Hat Experience," and a special Expo area filled with promotional items and movie props.

The best part for me, though, are the guest costumes. Unlike party-pooper Disney, which recently banned costumes on anyone over age 14, Universal actively encouraged Potter fans to dress for the occasion - with a few "guidelines," of course:

The rules were mostly common sense stuff: no face coverings, nothing offensive, and if you carry a homemade wand, it can't be too pointy. (These are all my paraphrases, of course.)

I'll be covering the events portion of the weekend - including the fan-organized tributes to Alan Rickman - in a future post. But for now, costumes!

 The Weasley's have never been more adorable. In fact, these two are in my top favs from the whole weekend.

 (I decided to give my pics a vintage vibe with the editing, btw. It just felt right.)


A dapper witch and a Blue Cornish Pixie! Hee! (Those ears are faaabulous.)

 A quidditch player and a reporter for the Daily Prophet:

The reporter had a press badge on her hat, and a custom skirt covered with Daily Prophet articles!

This group had their own Dobby and magical supplies cart:

I was delighted to see two or three Lion-Head-Lunas over the weekend:

And here's the Snape-in-Neville's-grandmother's-clothes who REALLY stole the show:
» Read More

Evolution Of A Big Bird Wreck

Feb. 3rd, 2016 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Stage 1: Excitement

"...now simply pipe seven thousand individual strands and you're done!"


Stage 2: Compromise

"Well, it's still kind of feathery..."


Stage 3: Apathy

"Meh, just spray it yellow."


Stage 4: Passive Aggression

"We call it, 'Big Bird In A Snow Storm.'

"And that'll be $37.99."


Thanks to Anony M., Rose T., Anony M., & Shannon B. for finding the face of despair. (Seriously, the longer you look, the more depressing it gets.)


Thank you for using our Amazon links to shop! USA, UK, Canada.

Security vs. Surveillance

Feb. 3rd, 2016 06:09 am
[syndicated profile] bruce_schneier_feed

Posted by schneier

Both the "going dark" metaphor of FBI Director James Comey and the contrasting "golden age of surveillance" metaphor of privacy law professor Peter Swire focus on the value of data to law enforcement. As framed in the media, encryption debates are about whether law enforcement should have surreptitious access to data, or whether companies should be allowed to provide strong encryption to their customers.

It's a myopic framing that focuses only on one threat -- criminals, including domestic terrorists -- and the demands of law enforcement and national intelligence. This obscures the most important aspects of the encryption issue: the security it provides against a much wider variety of threats.

Encryption secures our data and communications against eavesdroppers like criminals, foreign governments, and terrorists. We use it every day to hide our cell phone conversations from eavesdroppers, and to hide our Internet purchasing from credit card thieves. Dissidents in China and many other countries use it to avoid arrest. It's a vital tool for journalists to communicate with their sources, for NGOs to protect their work in repressive countries, and for attorneys to communicate with their clients.

Many technological security failures of today can be traced to failures of encryption. In 2014 and 2015, unnamed hackers -- probably the Chinese government -- stole 21.5 million personal files of U.S. government employees and others. They wouldn't have obtained this data if it had been encrypted. Many large-scale criminal data thefts were made either easier or more damaging because data wasn't encrypted: Target, TJ Maxx, Heartland Payment Systems, and so on. Many countries are eavesdropping on the unencrypted communications of their own citizens, looking for dissidents and other voices they want to silence.

Adding backdoors will only exacerbate the risks. As technologists, we can't build an access system that only works for people of a certain citizenship, or with a particular morality, or only in the presence of a specified legal document. If the FBI can eavesdrop on your text messages or get at your computer's hard drive, so can other governments. So can criminals. So can terrorists. This is not theoretical; again and again, backdoor accesses built for one purpose have been surreptitiously used for another. Vodafone built backdoor access into Greece's cell phone network for the Greek government; it was used against the Greek government in 2004-2005. Google kept a database of backdoor accesses provided to the U.S. government under CALEA; the Chinese breached that database in 2009.

We're not being asked to choose between security and privacy. We're being asked to choose between less security and more security.

This trade-off isn't new. In the mid-1990s, cryptographers argued that escrowing encryption keys with central authorities would weaken security. In 2013, cybersecurity researcher Susan Landau published her excellent book Surveillance or Security?, which deftly parsed the details of this trade-off and concluded that security is far more important.

Ubiquitous encryption protects us much more from bulk surveillance than from targeted surveillance. For a variety of technical reasons, computer security is extraordinarily weak. If a sufficiently skilled, funded, and motivated attacker wants in to your computer, they're in. If they're not, it's because you're not high enough on their priority list to bother with. Widespread encryption forces the listener -- whether a foreign government, criminal, or terrorist -- to target. And this hurts repressive governments much more than it hurts terrorists and criminals.

Of course, criminals and terrorists have used, are using, and will use encryption to hide their planning from the authorities, just as they will use many aspects of society's capabilities and infrastructure: cars, restaurants, telecommunications. In general, we recognize that such things can be used by both honest and dishonest people. Society thrives nonetheless because the honest so outnumber the dishonest. Compare this with the tactic of secretly poisoning all the food at a restaurant. Yes, we might get lucky and poison a terrorist before he strikes, but we'll harm all the innocent customers in the process. Weakening encryption for everyone is harmful in exactly the same way.

This essay previously appeared as part of the paper "Don't Panic: Making Progress on the 'Going Dark' Debate." It was reprinted on Lawfare. A modified version was reprinted by the MIT Technology Review.


terriko: (Default)

February 2016


Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 9th, 2016 03:12 am
Powered by Dreamwidth Studios