ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot

Source: https://www.youtube.com/watch?v=stSvuwLg3Eo

This is an hour long episode in which a former animator from Top Draw recounts working on seasons one and two of MLP:FIM in Flash.

Photo circle shots

May. 21st, 2015 11:08 pm
[syndicated profile] lecta_feed

Posted by Mary

I recently ran a “photo circle”, consisting of a small group of people sending prints of their own photographs to each other. It was a fun way to prod myself to take non-kid photos.

My four photos were:

Photo circle: sun in the eucalypts

I took Sun in the eucalypts in the late afternoon of Easter Sunday, as the sun was sinking behind the eucalypts at Centennial Park’s children’s bike track. I tried to take one with the sun shining through the trees but didn’t get the lens flare right. I like the contrast between the sunlit tree and the dark tree in this one. It feels springlike, for an autumn scene.

The other three are a very different type of weather shot, taken during Sydney’s extreme rainfall of late April and very early May:

Photo circle: rainstorm

This one has the most post-processing by far: it was originally shot in portrait and in colour. I was messing around with either fast or slow shutter speeds while it poured with rain at my house; I have a number of similar photos where spheres of water are suspended in the air. None of them quite work but I will continue to play with photographing rain with a fast shutter speed. In the meantime, the slow shutter speed here works well. I made the image monochrome in order to make the rain stand out more. In the original image the green tree and the rich brown fencing and brick rather detract from showing exactly how rainy it was.

Photo circle: Sydney rain storm

This was shot from Gunners’ Barracks in Mosman (a historical barracks, not an active one) as a sudden rainstorm rolled over Sydney Harbour. The view was good enough, but my lens not wide enough, to see it raining on parts of the harbour and not on other parts. All the obscurity of the city skyline in this shot is due to rain, not fog.

Photo circle: ferry in the rain

This is the same rainstorm as the above shot; they were taken very close together. It may not be immediately obvious, but the saturation on this shot is close to maximum in order to make the colours of the ferry come up at all. I was the most worried about this shot on the camera, it was very dim. It comes up better in print than on screen, too. The obscurity is again entirely due to the rain, and results in the illusion that there is only one vessel on Sydney Harbour. Even in weather like this, that’s far from true. I felt very lucky to capture this just before the ferry vanished into the rain too.

Photo circle shots

May. 22nd, 2015 09:08 am
puzzlement: (jelly)
[personal profile] puzzlement
Originally posted at http://puzzling.org.

I recently ran a “photo circle”, consisting of a small group of people sending prints of their own photographs to each other. It was a fun way to prod myself to take non-kid photos.

My four photos were:

Photo circle: sun in the eucalypts

I took Sun in the eucalypts in the late afternoon of Easter Sunday, as the sun was sinking behind the eucalypts at Centennial Park’s children’s bike track. I tried to take one with the sun shining through the trees but didn’t get the lens flare right. I like the contrast between the sunlit tree and the dark tree in this one. It feels springlike, for an autumn scene.

The other three are a very different type of weather shot, taken during Sydney’s extreme rainfall of late April and very early May:

Photo circle: rainstorm

This one has the most post-processing by far: it was originally shot in portrait and in colour. I was messing around with either fast or slow shutter speeds while it poured with rain at my house; I have a number of similar photos where spheres of water are suspended in the air. None of them quite work but I will continue to play with photographing rain with a fast shutter speed. In the meantime, the slow shutter speed here works well. I made the image monochrome in order to make the rain stand out more. In the original image the green tree and the rich brown fencing and brick rather detract from showing exactly how rainy it was.

Photo circle: Sydney rain storm

This was shot from Gunners’ Barracks in Mosman (a historical barracks, not an active one) as a sudden rainstorm rolled over Sydney Harbour. The view was good enough, but my lens not wide enough, to see it raining on parts of the harbour and not on other parts. All the obscurity of the city skyline in this shot is due to rain, not fog.

Photo circle: ferry in the rain

This is the same rainstorm as the above shot; they were taken very close together. It may not be immediately obvious, but the saturation on this shot is close to maximum in order to make the colours of the ferry come up at all. I was the most worried about this shot on the camera, it was very dim. It comes up better in print than on screen, too. The obscurity is again entirely due to the rain, and results in the illusion that there is only one vessel on Sydney Harbour. Even in weather like this, that’s far from true. I felt very lucky to capture this just before the ferry vanished into the rain too.

Liberty OpenStack Summit day 2

May. 21st, 2015 03:03 pm
pleia2: (Default)
[personal profile] pleia2

My second day of the OpenStack summit came early with he Women of OpenStack working breakfast at 7AM. It kicked off with a series of lightning talks that talked about impostor syndrome, growing as a technical leader (get yourself out there, ask questions) and suggestions from a tech start-up founder about being an entrepreneur. From there we broke up into groups to discuss what we’d like to see from the Women of OpenStack group in the next year. The big take-aways were around mentoring of new women joining our community and starting to get involved with all the OpenStack tooling and more generally giving voice to the women in our community.

Keynotes kicked off at 9AM with Mark Collier announcing the next OpenStack Summit venues: Austin for the spring 2016 summit and Barcelona for the fall 2016 summit. He then went into a series of chats and demos related to using containers, which may be the Next Big Thing in cloud computing. During the session we heard from a few companies who are already using OpenStack with containers (mostly Docker and Kubernetes) in production (video). The keynotes continued with one by Intel, where the speaker took time to talk about how valuable feedback from operators has been in the past year, and appreciation for the new diversity working group (video). The keynote from EBay/Paypal showed off the really amazing progress they’ve made with deploying OpenStack, with it now running on over 300k cores and pretty much powers Paypal at this point (video). Red Hat’s keynote focused on customer engagement as OpenStack matures (video). The keynotes wrapped up with one from NASA JPL, which mostly talked about the awesome Mars projects they’re working on and the massive data requirements therein (video).


OpenStack at EBay/Paypal

Following keynotes, Tuesday really kicked off the core OpenStack Design Summit sessions, where I focused on a series of Cross Project Workshops. First up was Moving our applications to Python 3. This session focused on the migration of Python 3 for functional and integration testing in OpenStack projects now that Oslo libraries are working in Python 3. The session mostly centered around strategy, how to incrementally move projects over and the requirements for the move (2.x dependencies, changes to Ubuntu required to effectively use Python 3.4 for gating, etc). Etherpad here: liberty-cross-project-python3. I then attended Functional Testing Show & Tell which was a great session where projects shared their stories about how they do functional (and some unit) testing in their projects. The Etherpad for this one is super valuable for seeing what everyone reports, it’s available here: liberty-functional-testing-show-tell.

My Design Summit sessions were broken up nicely with a lunch with my fellow panelists, and then the Standing Tall in the Room – Sponsored by the Women of OpenStack panel itself at 2PM (video). It was wonderful to finally meet my fellow panelists in person and the session itself was well-attended and we got a lot of positive feedback from it. I tackled a question about shyness with regard to giving presentations here at the OpenStack Summit, where I pointed at a webinar about submitting a proposal via the Women of OpenStack published in January. I also talked about difficulties related to the first time you write to the development mailing list, participate on IRC and submit code for review. I used an example of having to submit 28 patches for one of my early patches, and audience member Steve Martinelli helpfully tweeted about a 63 patch change. Diving in to all these things helps, as does supporting the ideas of and doing code review for others in your community. Of course my fellow panelists had great things to say too, watch the video!


Thanks to Lisa-Marie Namphy for the photo!

Panel selfie by Rainya Mosher

Following the panel, it was back to the Design Summit. The In-team scaling session was an interesting one with regard to metrics. We’ve learned that regardless of project size, socially within OpenStack it seems difficult for any projects to rise above 14 core reviewers, and keep enough common culture, focus and quality. The solutions presented during the session tended to be heavy on technology (changes to ACLs, splitting up the repo to trusted sub-groups). It’ll be interesting to see how the scaling actually pans out, as there seem to be many more social and leadership solutions to the problem of patches piling up and not having enough core folks to review them. There was also some discussion about the specs process, but the problems and solutions seem to heavily vary between teams, so it seemed unlikely that a unified solution to unprocessed specs would be universal, but it does seem like the process is often valuable for certain things. Etherpad here: liberty-cross-project-in-team-scaling.

My last session of the day was OpenStack release model(s). A time-based discussion required broader participation, so much of the discussion centered around the ability for projects to independently do intermediary releases outside of the release cycle and how that could be supported, but I think the jury is still out on a solution there. There was also talk about how to generally handle release tracking, as it’s difficult to predict what will land, so much so that people have stopped relying on the predictions and that bled into a discussion about release content reporting (release changelogs). In all, an interesting session with some good ideas about how to move forward, Etherpad here: liberty-cross-project-release-models.

I spent the evening with friends and colleagues at the HP+Scality hosted party at Rocky Mountaineer Station. BBQ, food trucks and getting to see non-Americans/non-Canadians try s’mores for the first time, all kinds of fun! Fortunately I managed to make it back to my hotel at a reasonable hour.

Originally published at pleia2's blog. You can comment here or there.

Comb The Dessert!

May. 21st, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Like so many brides, Robyn M. found the perfect cake for her wedding on Pinterest:

Now, let's be real, Robyn. That cake? THAT cake? There are like 4 bakers on the planet who can make that cake, with all its tiny, perfectly-pleated ruffles and its flawless ombré fade. Ok? Ok.

Anyway, I'm guessing Robyin already figured that out, because...

SHAPLOWM!!!!

Whoop.
DARE 'TIS.

(It's like a cheap lingerie shop exploded on it. Can't you almost feel the scratchy nylon? Mmmm.)

 

Ug, you know what? I can't even with this today. So...

 

Ugly:

 

Ugly:

 

REALLY ugly:

 

We've gone from suck to blow!

 Which means it's ugly.

 

Aaaaand... ugly:

DONE!

You may now eat the cake.

Or... not.

 

Thanks to Robyn M., Mallory M., Angela B., Anna W., Anony M., & Richard B. for combing the dessert. (Eh? EH?!) Now... check, please.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Carefirst Blue Cross Breach Hits 1.1M

May. 21st, 2015 01:03 pm
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

CareFirst BlueCross BlueShield on Wednesday said it had been hit with a data breach that compromised the personal information on approximately 1.1 million customers. There are indications that the same attack methods may have been used in this intrusion as with breaches at Anthem and Premera, incidents that collectively involved data on more than 90 million Americans.

carefirstAccording to a statement CareFirst issued Wednesday, attackers gained access to names, birth dates, email addresses and insurance identification numbers. The company said the database did not include Social Security or credit card numbers, passwords or medical information. Nevertheless, CareFirst is offering credit monitoring and identity theft protection for two years.

Nobody is officially pointing fingers at the parties thought to be responsible for this latest health industry breach, but there are clues implicating the same state-sponsored actors from China thought to be involved in the Anthem and Premera attacks.

As I noted in this Feb. 9, 2015 story, Anthem was breached not long after a malware campaign was erected that mimicked Anthem’s domain names at the time of the breach. Prior to its official name change at the end of 2014, Anthem was known as Wellpoint. Security researchers at cybersecurity firm ThreatConnect Inc. had uncovered a series of subdomains for we11point[dot]com (note the “L’s” in the domain were replaced by the numeral “1”) — including myhr.we11point[dot]com and hrsolutions.we11point[dot]com.

ThreatConnect also found that the domains were registered in April 2014 (approximately the time that the Anthem breach began), and that the domains were used in conjunction with malware designed to mimic a software tool that many organizations commonly use to allow employees remote access to internal networks.

On Feb. 27, 2015, ThreatConnect published more information tying the same threat actors and modus operandi to a domain called “prennera[dot]com” (notice the use of the double “n” there to mimic the letter “m”).

tc-cfbcbs“It is believed that the prennera[dot]com domain may have been impersonating the Healthcare provider Premera Blue Cross, where the attackers used the same character replacement technique by replacing the ‘m’ with two ‘n’ characters within the faux domain, the same technique that would be seen five months later with the we11point[dot]com command and control infrastructure,” ThreatConnect observed in a February 2015 blog post.

Turns out, the same bulk registrant in China that registered the phony Premera and Anthem domains in April 2014 also registered two Carefirst look-alike domains — careflrst[dot]com (the “i” replaced with an “L”) and caref1rst[dot]com (the “i” replaced with the number “1”).

Additionally, ThreatConnect has unearthed evidence showing the same tactics were used on EmpireB1ue.com (note the “L” replaced with a number “1”), a domain registered April 11, 2014 (the same day as the phony Carefirst domains). EmpireBlue BlueCross BlueShield was one of the organizations impacted by the Anthem breach.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Last week, KrebsOnSecurity broke the news that sensitive data apparently stolen from hundreds of thousands of customers mobile spyware maker mSpy had been posted online. mSpy has since been quoted twice by other publications denying a breach of its systems. Meanwhile, this blog has since contacted multiple people whose data was published to the deep Web, all of whom confirmed they were active or former mSpy customers.

myspyappmSpy told BBC News it had been the victim of a “predatory attack” by blackmailers, but said it had not given in to demands for money. mSpy also told the BBC that claims the hackers had breached its systems and stolen data were false.

“There is no data of 400,000 of our customers on the web,” a spokeswoman for the company told the BBC. “We believe to have become a victim of a predatory attack, aimed to take advantage of our estimated commercial achievements.”

Let’s parse that statement a bit further. No, the stolen records aren’t on the Web; rather, they’ve been posted to various sites on the Deep Web, which is only accessible using Tor. Also, I don’t doubt that mSpy was the target of extortion attempts; the fact that the company did not pay the extortionist is likely what resulted in its customers’ data being posted online.

How am I confident of this, considering mSpy has still not responded to requests for comment? I spent the better part of the day today pulling customer records from the hundreds of gigabytes of data leaked from mSpy. I spoke with multiple customers whose payment and personal data — and that of their kids, employees and significant others — were included in the huge cache. All confirmed they are or were recently paying customers of mSpy.

Joe Natoli, director of a home care provider in Arizona, confirmed what was clear from looking at the leaked data — that he had paid mSpy hundreds of dollars a month for a subscription to monitor all of the mobile devices distributed to employees by his company. Natoli said all employees agree to the monitoring when they are hired, but that he only used mSpy for approximately four months.

“The value proposition for the cost didn’t work out,” Natoli said.

Katherine Till‘s information also was in the leaked data. Till confirmed that she and her husband had paid mSpy to monitor the mobile device of their 14-year-old daughter, and were still a paying customer as of my call to her.

Till added that she was unaware of a breach, and was disturbed that mSpy might try to cover it up.

“This is disturbing, because who knows what someone could do with all that data from her phone,” Till said, noting that she and her husband had both discussed the monitoring software with their daughter. “As parents, it’s hard to keep up and teach kids all the time what they can and can’t do. I’m sure there are lots more people like us that are in this situation now.”

Another user whose financial and personal data was in the cache asked not to be identified, but sheepishly confirmed that he had paid mSpy to secretly monitor the mobile device of a “friend.”

REACTION ON CAPITOL HILL

News of the mSpy breach prompted renewed calls from Sen. Al Franken for outlawing products like mSpy, which the Minnesota democrat refers to as “stalking apps.” In a letter (PDF) sent this week to the U.S. Justice Department and Federal Trade Commission, Franken urged the agencies to investigate mSpy, whose products he called ‘deeply troubling’ and “nothing short of terrifying” when “in the hands of a stalker or abuse intimate partner.”

Last year, Franken reintroduced The Location Privacy Protection Act of 2014, legislation that would outlaw the development, operation, and sale of such products.

U.S. regulators and law enforcers have taken a dim view of companies that offer mobile spyware services like mSpy. In September 2014, U.S. authorities arrested a 31-year-old Hammad Akbar, the CEO of a Lahore-based company that makes a spyware app called StealthGenie. The FBI noted that while the company advertised StealthGenie’s use for “monitoring employees and loved ones such as children,” the primary target audience was people who thought their partners were cheating. Akbar was charged with selling and advertising wiretapping equipment.

“Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners,” U.S. Attorney Dana Boente said in a press release tied to Akbar’s indictment.

Akbar pleaded guilty to the charges in November 2014, and according to the Justice Department he is “the first-ever person to admit criminal activity in advertising and selling spyware that invades an unwitting victim’s confidential communications.”

Liberty OpenStack Summit day 1

May. 20th, 2015 04:26 pm
pleia2: (Default)
[personal profile] pleia2

This week I’m at the OpenStack Summit. It’s the most wonderful, exhausting and valuable-to-my-job event I go to, and it happens twice a year. This time it’s being held in the beautiful city of Vancouver, BC, and the conference venue is right on the water, so we get to enjoy astonishing views throughout the day.


OpenStack Summit: Clouds inside and outside!

Jonathan Bryce Executive Director of the OpenStack Foundation kicked off the event with an introduction to the summit, success that OpenStack has built in the Process, Store and Move digital economy, and some announcements, among which was the success found with federated identity support in Keystone where Morgan Fainberg, PTL of Keystone, helped show off a demonstration. The first company keynote was presented by Digitalfilm Tree who did a really fun live demo of shooting video at the summit here in Vancouver, using their OpenStack-powered cloud so it was accessible in Los Angeles for editorial review and then retrieving and playing the resulting video. They shared that a recent show that was shot in Vancouver used this very process for the daily editing and that they had previously used courier services and staff-hopping-on-planes to do the physical moving of digital content because it was too much for their previous systems. Finally, Comcast employees rolled onto the stage on a couch to chat about how they’ve expanded their use of OpenStack since presenting at the summit in Portland, Oregon Video of the all of this available here.

Next up for keynotes was Walmart, who talked about how they moved to OpenStack and used it for all the load on their sites experienced over the 2014 holiday season and how OpenStack has met their needs, video here. Then came HP’s keynote, which really focused on the community and choices available aspect of OpenStack, where speaker Mark Interrante said “OpenStack should be simpler, you shouldn’t need a PhD to run it.” Bravo! He also pointed out that HP’s booth had a demonstration of OpenStack running on various hardware at the booth, an impressively inclusive step for a company that also sells hardware. Video for HP’s keynote here (I dig the Star Wars reference). Keynotes continued with one from TD Bank, which I became familiar with when they bought up the Commerce branches in the Philadelphia region, but have since learned are a major Canadian Bank (oooh, TD stands for Toronto Dominion!). The most fascinating thing about their moved to the cloud for me is how they’ve imposed a cloud-first policy across their infrastructure, where teams must have a really good reason and approval in order to do more traditional bare-metal, one off deployments for their applications, so it’s rare, video. Cybera was the next keynote and perhaps the most inspiring from a humanitarian standpoint. As one of the earliest OpenStack adopters, Cybera is a non-profit that seeks to improve access to the internet and valuable resources therein, which presented Robin Winsor stressed in his keynote was now as the physical infrastructure that was built in North America in the 19th and 20th centuries (railroads, highways, etc), video here. The final keynote was from Solidfire who discussed the importance of solid storage as a basis of a successful deployment, video here.

Following the keynotes, I headed over to the Virtual Networking in OpenStack: Neutron 101 (video) where Kyle Mestery and Mark McClain gave a great overview of how Neutron works with various diagrams showing of the agents and improvements made in Kilo with various new drivers and plugins. The video is well worth the watch.

A chunk of my day was then reserved for translations. My role here is as the Infrastructure team contact for the translations tooling, so it’s also been a crash course in learning about translations workflows since I only speak English. Each session, even unrelated to the actual infrastructure-focused tooling has been valuable to learning. In the first translation team working session the focus was translations glossaries, which are used to help give context/meaning to certain English words where the meaning can be unclear or otherwise needs to be defined in terms of the project. There was representation from the Documentation team, which was valuable as they maintain a docs-focused glossary (here) which is more maintained and has a bigger team than the proposed separate translations glossary would have. Interesting discussion, particularly as my knowledge of translations glossaries was limited. Etherpad here: Vancouver-I18n-WG-session.

I hosted the afternoon session on Building Translation Platform. We’re migrating the team to Zanata have been fortunate to have Carlos Munoz, one of the developers on Zanata, join us at every summit since Atlanta. They’ve been one of the most supportive upstreams I’ve ever worked with, prioritizing our bug reports and really working with us to make sure our adoption is a success. The session itself reviewed the progress of our migration and set some deadlines for having translators begin the testing/feedback cycle. We also talked about hosting a Horizon instance in infra, refreshed daily, so that translators can actually see where translations are most needed via the UI and can prioritize appropriately. Finally, it was a great opportunity to get feedback from translators about what they need from the new workflow and have Carlos there to answer questions and help prioritize bugs. Etherpad here: Vancouver-I18n-Translation-platform-session.

My last translations-related thing of the day was Here be dragons – Translating OpenStack (slides). This was a great talk by Łukasz Jernaś that began with some benefits of translations work and then went into best practices and tips for working with open source translations and OpenStack specifically. It was another valuable session for me as the tooling contact because it gave me insight into some of the pain points and how appropriate it would be to address these with tooling vs. social changes to translations workflows.

From there I went back to general talks, attending Building Clouds with OpenStack Puppet Modules by Emilien Macchi, Mike Dorman and Matt Fischer (video). The OpenStack Infrastructure team is looking at building our own infra-cloud (we have a session on it later this week) and the workflows and tips that this presentation gave would also be helpful to me in other work I’ve been focusing on.

The final session I wandered into was a series of Lightning Talks, put together by HP. They had a great lineup of speakers from various companies and organizations. My evening was then spent at an HP employee gathering, but given my energy level and planned attendance at the Women of OpenStack breakfast at 7AM the following morning I headed back to my hotel around 9PM.

Originally published at pleia2's blog. You can comment here or there.

WisCon Schedule

May. 20th, 2015 07:55 pm
[syndicated profile] sumana_feed
I'll be at WisCon starting tomorrow and leaving on Tuesday. I am scheduled to participate in these sessions:
  1. Imaginary Book Club, Fri, 4:00-5:15 pm in Conference 2. Five panelists discuss books that don't exist, improvising critiques and responses. I proposed this panel a few years ago (you can see video of its debut) and it has continued, which is cool!
  2. Lighthearted Shorthand Sans Fail, Sat, 8:30-9:45 am in Capitol A. What are your go-to phrasings to avoid sexism, ableism, etc. while getting your point across in casual conversation? I hope to walk out of this with some new vocabulary to replace bad habits.
  3. Vid Party, Saturday night 9:00 pm-Sun, 3:00 am in room 629. I am premiering a fanvid. Once it's premiered, I'll hit Post on blog posts to announce it publicly as well.
  4. Call Out Culture II: Follow-up to the Discussion Held at WisCon 38, Sun, 10:00-11:15 am in Senate A. Meta-discussion around discourse in social justice movements. I predict this session will be pretty intense.
  5. Vid Party Discussion, Sun, 1:00-2:15 pm in Assembly. We will discuss some of the vids shown at the vid party, and fan vids in general. This will be the first time I've engaged in public realtime conversation about fanvids. Before this panel I hope to publish some notes about what I learned from watching several vids that drew from multiple sources (including stills), made a political point, or were otherwise particularly ambitious. I'll probably reference those lessons during the panel.

I also proposed "What Does Feminist Tech Education Look Like?", "Impostor Syndrome Training Exercise", and "Entry Level Discussion Group", but am not a panelist or presenter for those sessions; I bet they'll be interesting, though, and you could do worse than to check them out. You can read Entry Level ahead of time for free online.

I look like the photo to the left. I am often bad with names, and will remember 5 minutes into our conversation that we had an awesome deep conversation three years prior. I apologize in advance.

If you are good at clothes, consider joining me at the Clothing Swap portion of the Gathering on Friday afternoon to help me find pieces that suit me. I'm introducing two old pals to WisCon and spending a lot of time with them (we live in different cities), and they're both white, so I might not be able to come to the People of Color dinner on Friday night. And sadly, The Floomp dance party on Saturday happens during the Vid Party so I probably can't attend that. I did buy a ticket for the Dessert Salon and will attend the Guest of Honor and Tiptree Award speeches on Sunday, and maybe you will be at my table!

One of my pals who's coming to WisCon is Beth Lerman, an artist who will be displaying and selling her work in the art show. Check it out!

Also I am open to doing a small room performance of my half-hour geeky stand-up comedy routine if several people ask for it. I don't know when or where it would be; Monday night would be easiest. Speak up in comments or some other medium if you'd be interested.

WisCon Schedule

May. 20th, 2015 02:55 pm
brainwane: My smiling face in front of a brick wall, May 2015. (Default)
[personal profile] brainwane
I'll be at WisCon starting tomorrow and leaving on Tuesday. I am scheduled to participate in these sessions:

  1. Imaginary Book Club, Fri, 4:00-5:15 pm in Conference 2. Five panelists discuss books that don't exist, improvising critiques and responses. I proposed this panel a few years ago (you can see video of its debut) and it has continued, which is cool!
  2. Lighthearted Shorthand Sans Fail, Sat, 8:30-9:45 am in Capitol A. What are your go-to phrasings to avoid sexism, ableism, etc. while getting your point across in casual conversation? I hope to walk out of this with some new vocabulary to replace bad habits.
  3. Vid Party, Saturday night 9:00 pm-Sun, 3:00 am in room 629. I am premiering a fanvid. Once it's premiered, I'll hit Post on blog posts to announce it publicly as well.
  4. Call Out Culture II: Follow-up to the Discussion Held at WisCon 38, Sun, 10:00-11:15 am in Senate A. Meta-discussion around discourse in social justice movements. I predict this session will be pretty intense.
  5. Vid Party Discussion, Sun, 1:00-2:15 pm in Assembly. We will discuss some of the vids shown at the vid party, and fan vids in general. This will be the first time I've engaged in public realtime conversation about fanvids. Before this panel I hope to publish some notes about what I learned from watching several vids that drew from multiple sources (including stills), made a political point, or were otherwise particularly ambitious. I'll probably reference those lessons during the panel.

I also proposed "What Does Feminist Tech Education Look Like?", "Impostor Syndrome Training Exercise", and "Entry Level Discussion Group", but am not a panelist or presenter for those sessions; I bet they'll be interesting, though, and you could do worse than to check them out. You can read Entry Level ahead of time for free online.

I look like the photo to the left. I am often bad with names, and will remember 5 minutes into our conversation that we had an awesome deep conversation three years prior. I apologize in advance.

If you are good at clothes, consider joining me at the Clothing Swap portion of the Gathering on Friday afternoon to help me find pieces that suit me. I'm introducing two old pals to WisCon and spending a lot of time with them (we live in different cities), and they're both white, so I might not be able to come to the People of Color dinner on Friday night. And sadly, The Floomp dance party on Saturday happens during the Vid Party so I probably can't attend that. I did buy a ticket for the Dessert Salon and will attend the Guest of Honor and Tiptree Award speeches on Sunday, and maybe you will be at my table!

One of my pals who's coming to WisCon is Beth Lerman, an artist who will be displaying and selling her work in the art show. Check it out!

Also I am open to doing a small room performance of my half-hour geeky stand-up comedy routine if several people ask for it. I don't know when or where it would be; Monday night would be easiest. Speak up in comments or some other medium if you'd be interested.


[Cross-posted from Cogito, Ergo Sumana]

Seven Years of Wreckage

May. 20th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Seven years, wrecky minions.

John and I have been doing this "silly cake blog" thing for SEVEN YEARS.

No one is more surprised than me; I figured we'd have to get "real jobs" way before now. HI-FIVE, JOHN! Awww YEEEAH.

Ahem.

So. Lemme explain.

No, no. There is too much.

Lemme sum up:

 

YEAR 1:

The Cake That Started It All

 

Sorry, You Can't Have Any

 

Naked Mohawk-Baby Carrot Jockeys

 

YEAR 2:

"Hey everybody, thish cake ish from Holland. Ishn't that veird?"

 

This One's For The Ladies

 

Happy Falker Satherhood!

 

YEAR 3:

The Men Of Marvel

 

Somewhere in Germany

 

Taking the Mickey Out of 'Em

 

YEAR 4:

Return of the Poo-Wangs!

 

King Me

 

Tell Me What You Want, What You Really Really Want

 

YEAR 5:

UNHAND THAT WRECK!

 

Sheep Who Must Not Be Named

 

My Funny Valentines

 

YEAR 6:

1,2,3,4 - I Declare A Thumb Drive War!

 

Ken Day Come-Ons

 

Completely Inappropriate First Birthday Cakes

 

YEAR 7:

8 Wrecks To Bring the "Romance"

 

Obama's New Groove

 

PLEASE TELL ME THOSE ARE DEAD SQUIRRELS

 

Thanks for all the laughs, love, and support these past 7 years, guys. It's been a heckuva ride, and frankly, we're not ready to give it up just yet. So... see ya back here tomorrow?

*****

And now, john's fun Cake Wrecks facts:

Number of posts in seven years- 2,436
Number of photos posted- 10,619
Number of unposted photos in our archive- 13,021
Number of comments from readers- 213,027
Number of people who've visited our site- 33,138,816
Countries from which we've never had a visitor- 2 (Western Sahara and North Korea)

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

A Small Focus Hack

May. 20th, 2015 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

Happy New Year Danbo

Credit: Flickr / Leland Francisco

I decided that my word for 2015 was “ship”. Part of this is that it’s easy to flounder in an unstructured environment (which I did a bit at the end of 2014). The way I decided to solve this was to give myself structure, and goals.

How do you measure bigger milestones though? It makes sense to have a separate place, away from how we manage our todo lists.

My strategy: a simple text document. At the top a list of projects or significant milestones I’m working towards.

Below, each month is a heading. Under it goes things that “shipped” that month. New client contracts, talks, alphas, betas, releases, open sourced libraries.

When I want to see what I’ve achieved this year, this is where I look. It keeps me focused on moving the needle, reminds me not to fill my days with transient busywork, but rather the 2-5 (typically 3) things that will still matter months from now.

Going Gluten-Free... FOR SCIENCE!

May. 20th, 2015 02:29 am
[syndicated profile] epbot_feed

Posted by Jen

Everything I've been reading on Hashimoto's keeps coming back to the same dietary requirement/recommendation: give up gluten*.  I've been stalling and rationalizing and being just plain stubborn about it, but after a bad 2-day anxiety flare-up last week, I was ready to try just about anything. (Amazing what a strong motivator irrational fear can be, huh?)

[*The tl;dr version: some doctors believe your body could be mistaking thyroid tissue for gluten - since they're structurally similar - and so ends up attacking both. Give up gluten, and the attacks could stop, allowing your thyroid to heal.]

And since I've heard it can also help with panic - and I'm lactose-intolerant anyway - I decided to give up dairy, too. In for a penny, right?

Still, considering that every meal I eat usually has both dairy *and* gluten in it, this was a Big Deal.

And considering that I am not only terrible at cooking, but also hate doing it, this was a Really Really Big Deal.

So it's been almost a full week now, and I gotta say: This isn't nearly as bad as I thought it would be, and I am so relieved.

I've always equated going gluten-free with going low-carb, for some reason, or at least going awful- carb, with chemical-tasting fake breads and pastas and whatnot - and forget about all the baked-goods and desserts I love. So, the first thing John and I did - and yes, you WILL laugh at me over this - was find a good gluten-free chocolate chip cookie. Because PRIORITIES.

It only took 4 tries with 4 different brands to find an amazing, so-good-I'd-eat-'em-anyway, GF chocolate chip cookie. As soon as I took the first bite, I knew I could do this.

These are the cookies, by the way:

They sell them at Target.
(But I'm still open to recommendations for other brands.)

Next I had to find a proper milk substitute, since it's been the only thing I drink besides water for over 6 years. I already knew I liked sweetened Almond Milk well enough, so once I cut it half-and-half with water it was close enough to pass for my usual 2% milk. SUCCESS.

Next up, sandwich bread. I was dreading this, because the GF bread we've tried before was like crumbly cardboard: completely inedible. I lucked out when John brought home a loaf of All But Gluten, because once toasted, it tastes almost exactly like the white wheat we usually eat.



In fact, I've found this whole thing is a lot less daunting if I just start with what I already eat, and then find substitutions to make it work. I'm not quite as strict with the dairy as I am with gluten, though, so I'm ok with small amounts of whey or even cream in some items.

Some things are already gluten-free, of course, like our favorite burrito bowls over at Chipotle. Leave off the sour cream and cheese, and it's dairy-free, too. (I sub'd with some dairy-free sour cream, which tastes almost exactly the same as the real stuff, and some soy-based "cheddar cheese," which... does not. Ha! It's not too bad, though.)

Everyone keeps saying this is an amazing time to go gluten-free, and I gotta say, they're right. I was like a kid in a candy store once I found the GF aisle at Publix, eying all the stuff I can still eat, and I even found a local vegan bakery that has almost half its menu GF. Including cupcakes. Woot!


Restaurants have been surprisingly accommodating so far, and it's pretty easy to find GF menus on most websites. Which reminds me, quick side note:

This week we've been out at Universal a lot with visiting family, and I have to give major props to the staff at the Three Broomsticks, who I swear turned into culinary superheroes the second we uttered the words "gluten-free." I'd already done my homework online as to what I could eat, but John had a quick question about the ribs. Within seconds, the head chef himself was in front of us, smiling and offering to cook the ribs sans sauce (which has gluten in it) just for us. Then, the server plating our food insisted on replacing our order when she realized she hadn't put on fresh gloves before handling my GF plate.

I was so touched by how conscientious they all were, and more than that, how they didn't make a fuss or act like we were putting them out. I've been afraid of restaurant staff rolling their eyes or getting snippy with me, but so far, knock on wood, everyone's been great.

That said, it's a lot easier to eat gluten and dairy-free at home - or at least it's easier to eat well. (Because who wants a house salad for every meal?) So far John's made us this Rainbow Thai salad:


 Which was awesome, though ours wasn't nearly as photogenic:

 Plus we replaced the mango with mandarin oranges. Mmm.

We disagreed on the dressing, since John wanted more vinegar and I wanted more peanut butter, so in the end we split the recipe and doctored our own versions.

For dinners we've also had hot sandwiches, which John is the master of making, and fruity chicken salad with these to-die-for GF crackers:


We've been eating the crackers for months now, so it was a pleasant surprise when I realized there's a big ol' "GLUTEN FREE" stamp on the bag. (Seriously, you must try them. Crunchy nutty goodness you'll be eating like potato chips!)

It feels pretty strange to be sharing snapshots of our dinners here, but after the response to my gluten-free brownies quip a few posts back, I figured enough of you guys might be interested.

It's too soon to say if going gluten and dairy-free is helping my panic or thyroid issues, but I can at least tell you my stomach feels less awful.  Since I usually have dairy every day, I'm used to being in almost constant GI distress - even when I remember the Lactaid. (This is how much I love milk, you guys.) Now my stomach is quieter, without its usual symphony of gastrointestinal whale song, and all the other bloaty-and-crampy stuff that goes with it.

Fingers crossed this is just the beginning, and in another few months I'll be one of those annoyingly perky GF converts, raving about all my renewed energy and new-found health benefits. ;)

Thanks for all the support and advice, everyone - 'cuz I AM taking notes over here - and I hope my sharing helps encourage some of you out there contemplating the gluten-free switch yourself!
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

A security firm made headlines earlier this month when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks. But a closer look at the details behind that report suggests the actors in question were relatively unsophisticated Nigerian phishers who’d simply registered a bunch of new fake bank Web sites.

The report was released by Colorado Springs, Colo.-based security vendor root9B, which touts a number of former National Security Agency (NSA) and Department of Defense cybersecurity experts among its ranks. The report attracted coverage by multiple media outlets, including, Fox News, PoliticoSC Magazine and The Hill. root9B said it had unearthed plans by a Russian hacking gang known variously as the Sofacy Group and APT28. APT is short for “advanced persistent threat,” and it’s a term much used among companies that sell cybersecurity services in response to breaches from state-funded adversaries in China and Russia that are bent on stealing trade secrets via extremely stealthy attacks.

The cover art for the root9B report.

The cover art for the root9B report.

“While performing surveillance for a root9B client, the company discovered malware generally associated with nation state attacks,” root9B CEO Eric Hipkins wrote of the scheme, which he said was targeted financial institutions such as Bank of America, Regions Bank and TD Bank, among others.

“It is the first instance of a Sofacy or other attack being discovered, identified and reported before an attack occurred,” Hipkins said. “Our team did an amazing job of uncovering what could have been a significant event for the international banking community. We’ve spent the past three days informing the proper authorities in Washington and the UAE, as well as the CISOs at the financial organizations.”

However, according to an analysis of the domains reportedly used by the criminals in the planned attack, perhaps root9B should clarify what it means by APT. Unless the company is holding back key details about their research, their definition of APT can more accurately be described as “African Phishing Threat.”

The report correctly identifies several key email addresses and physical addresses that the fraudsters used in common across all of the fake bank domains. But root9B appears to have scant evidence connecting the individual(s) who registered those domains to the Sofacy APT gang. Indeed, a reading of their analysis suggests their sole connection is that some of the fake bank domains used a domain name server previously associated with Sofacy activity: carbon2u[dot]com (warning: malicious host that will likely set off antivirus alerts).

The problem with that linkage is although carbon2go[dot]com was in fact at one time associated with activity emanating from the Sofacy APT group, Sofacy is hardly the only bad actor using that dodgy name server. There is plenty of other badness unrelated to Sofacy that calls Carbon2go home for their DNS operations, including these clowns.

From what I can tell, the vast majority of the report documents activity stemming from Nigerian scammers who have been conducting run-of-the-mill bank phishing scams for almost a decade now and have left quite a trail.

rolexzadFor example, most of the wordage in this report from root9B discusses fake domains registered to a handful of email addresses, including “adeweb2001@yahoo.com,” adeweb2007@yahoo.com,” and “rolexzad@yahoo.com”.

Each of these emails have long been associated with phishing sites erected by apparent Nigerian scammers. They are tied to this Facebook profile for a Showunmi Oluwaseun, who lists his job as CEO of a rather fishy-sounding organization called Rolexzad Fishery Nig. Ltd.

The domain rolexad[dot]com was flagged as early as 2008 by aa419.com, a volunteer group that seeks to shut down phishing sites — particularly those emanating from Nigerian scammers (hence the reference to the Nigerian criminal code 419, which outlaws various confidence scams and frauds). That domain also references the above-mentioned email addresses. Here’s another phishy bank domain registered by this same scammer, dating all the way back to 2005!

Bob Zito, a spokesperson for root9B, said “the team stands by the report as 100 percent accurate and it has been received very favorably by the proper authorities in Washington (and others in the cyber community, including other cyber firms).”

I wanted to know if I was alone in finding fault with the root9B report, so I reached out to Jaime Blasco, vice president and chief scientist at AlienVault — one of the security firms that first published the initial findings on the Sofacy/APT28 group back in October 2014. Blasco called the root9B research “very poor” (full disclosure: AlienVault is one of several advertisers on this blog).

“Actually, there isn’t a link between what root9B published and Sofacy activity,” he said. “The only link is there was a DNS server that was used by a Sofacy domain and the banking stuff root9B published. It doesn’t mean they are related by any means. I’m really surprised that it got a lot of media attention due to the poor research they did, and [their use] of [terms] like ‘zeroday hashes’ in the report really blew my mind. Apart from that it really looks like a ‘marketing report/we want media coverage asap,’ since days after that report they published their Q1 financial results and probably that increased the value of their penny stocks.”

Blasco’s comments may sound harsh, but it is true that root9B Chairman Joe Grano bought large quantities of the firm’s stock roughly a week before issuing this report. On May 14, 2015, root9B issued its first quarter 2015 financial results.

There is an old adage: If the only tool you have is a hammer, you tend to treat everything as if it were a nail. In this case, if all you do is APT research, then you’ll likely see APT actors everywhere you look.

Kindergarten baby

May. 20th, 2015 12:38 pm
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

V’s class are talking about “Change” as an educational topic, and one of their exercises was to bring in baby photos, partly for a “which child is this a photo of?” guessing game and partly to talk to the class about what has changed since they were a baby.

To which I instinctively answer: “wha? nothing BECAUSE YOU ARE STILL A BABY!” (Although: new jobs, new businesses, moved house, have another degree, have another baby… so, yes, five years have indeed passed.)

Here’s V’s baby photos that he took into class:

Oh cube, I love you

Dancing elf

In both of those, he is very substantially younger than A is now.

[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • Where Does Your Pipeline Lead? | Life as I Know It: “If you’re thinking about getting into the tech industry or wondering how to stay in the tech industry in the face of pervasive toxic environments, I encourage you to broaden your horizons about what ‘being in tech’ can look like. What is your goal? If you want to use technology to make a better life for yourself, think carefully about the pipeline you enter and where you want it to lead.”
  • Marvel replaces Black Widow with Captain America for its toy line | BoingBoing: “In other words, not only is Black Widow ridiculously underrepresented in Avengers merchandise—she’s also actively erased from her own scenes. Well done Marvel.”
  • Happy Birthday to Inge Lehmann, the Woman Who Discovered Earth’s Inner Core | Smart News | Smithsonian: “Her idea was revolutionary. When Lehmann published her findings in 1936, her solid core model was quickly adopted by the scientific community. Lehmann’s theory was finally proven right in 1970, when new, more sensitive seismographs picked up seismic waves bouncing off the Earth’s solid core.”
  • Interview: ‘Nimona’ Creator Noelle Stevenson | NPR: “Like a lot of young women, I went through an entire period where I hated female characters — I didn’t want to read about them! I thought I was going to be the cool girl who was not like other girls. And that’s so harmful.”
  • ATP Shownote Data | Kieran Healy: “When doing this kind of thing it can be helpful to look back on what your past practice has been. For example, it can be useful to audit one’s own habits of linking and engagement. Often exclusion is less a matter of explicit boundary policing (though God knows there’s enough of that in the tech sector) and more a matter of passive homophily.”
  • Project Update: The Electric Blanket is DONE! | Tech Musings: “Mrs. Parenteau and her merry band of 3rd grade scientists/sewers have finally finished their electric blanket project! The final result is a quilt containing approximately 45 squares that light up. Currently hanging in the Science hallway, it’s fun to watch students interact with it by pressing the different switches to light up the quilt. This was a challenging project for the kids and we are proud of their hard work and perseverance with the e-textile materials – especially the conductive thread.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

[syndicated profile] female_cs_feed

Posted by Gail Carmichael

On the last day of the 2015 edition of my week-long mini-course (Computer Science and Games: Just for Girls!), I held a discussion about women in computer science.  Below is a transcription of the notes I made on the white board.  The thoughts, if not the wording, very closely represent what the girls said.

"If it is not appropriate for women, it is not appropriate." (via Wikimedia)

Why do girls avoid computer science?
  • Seems nerdy
  • Stereotypes: man's job
  • Don't want to stick out as only female
  • Impression that you must love video games
  • Accused of being interested to attract guys
  • Stereotypes of femininity
  • Females more pressured to take certain programs of study
  • Pressure from others who don't think certain skills are valuable (e.g. video game development)
  • Too many guys, "I will never fit in"
  • Girls are less confident, partly due to society's messages

Why does it matter?
  • Girls can change an idea or product without destroying or outright rejecting it
  • Girls should have the freedom to choose their career without barriers
  • We are turning girls away from their passion
  • Discrimination is always bad
  • Women should have independence, especially financially
  • We need products designed by us
  • Women can change how women are represented in games

What would make you interested in trying computer science in high school or post-secondary?
  • Stop the stereotypes!!
  • Enforce a better gender balance, or provide all-female options
  • People around us have to stop talking down about CS
  • Give us a chance to try it out! We don't know what it is otherwise!
  • More interesting application in university-level courses (like robotics)
  • More positive attitudes toward college-level options [which typically grant diplomas in Canada, as opposed to universities, which grant degrees]
  • Avoid giving the impression that it's impossibly complicated.
  • More one-on-one time (and other better teaching strategies) to make sure we get a good base in math.
[syndicated profile] sumana_feed
A few announcements:

We have three days left to fund The Recompiler, a new technology magazine that will combine tutorials and technical articles with personal narratives and art. My household has now funded this campaign and I hope to attend the launch party in Portland next month. I particularly loved seeing (via the video on Indiegogo) that 2600 is one of the inspirations for The Recompiler. 2600 has many virtues, but it pays people in a free t-shirt or a year's worth of issues of the magazine. I am looking forward to seeing The Recompiler pay people to write "you can totally do this, here's how" high-quality technical articles.

My old boss Erik is running a new video interview series called "Passionate Voices" and kicked it off by interviewing me (72 minutes); if you are interested in my work on inclusive communities, my thoughts on codes of conduct, and my reflections on the Recurse Center, you might want to watch this.

In about ten days, I'll be leading a Geek Feminism book club on Courtney Milan's Trade Me -- read the first chapter free online, get hooked, and snarfle down the rest by May 28th so you can participate in the comment thread.

Also on Geek Feminism, I posted a quick note about the word "girl" in the name of superhero Supergirl.

Finally: I met some pretty interesting people via the Columbia master's program I did. And for several years, I've known Jack Barsky as a mentor, a tech executive, and a friend. He's now the subject of a profile by 60 Minutes because, no joke, he used to be a Soviet spy. This guy who gave me important advice, who always got to the heart of the matter and had super emotionally honest conversations with me, has a past that sounds beyond melodramatic. I was not aware until this month of all the twists and turns within his story, and I am honestly still processing it. Give it a look.

Chrysalis

May. 18th, 2015 09:17 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
chrysalis_by_zig_word
Source: http://zig-word.deviantart.com/art/Chrysalis-510374158

Her eyes are burning bright, which means she's blind until the light goes out, but I still like this picture.

More street art

May. 19th, 2015 09:54 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

We turned V out on the street with chalk again, this time with his aunt Nina’s help. Apparently the sun is “mostly his” (her words) and everything else is his. I can’t help but publish a sun-centric picture:

Street art: sun view

and a version showing V’s big self portrait in green, wearing what looks to me like a top hat:

Self portrait with sun and naughts and crosses

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

The St. Louis Federal Reserve today sent a message to those it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution. The attack redirected Web searches and queries for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in an apparent bid by cybercrooks to hijack online communications of banks and other entities dealing with the regional Fed office.

fedstlouisThe communique, shared by an anonymous source, was verified as legitimate by a source at another regional Federal Reserve location.

The notice from the St. Louis Fed stated that the “the Federal Reserve Bank of St. Louis has been made aware that on April 24, 2015, computer hackers manipulated routing settings at a domain name service (DNS) vendor used by the St. Louis Fed so that they could automatically redirect some of the Bank’s web traffic that day to rogue webpages they created to simulate the look of the St. Louis Fed’s research.stlouisfed.org website, including webpages for FRED, FRASER, GeoFRED and ALFRED.”

Requests for comment from the St. Louis Fed so far have gone unreturned. It remains unclear what impact, if any, this event has had on the normal day-to-day operations of hundreds of financial institutions that interact with the regional Fed operator.

The advisory noted that “as is common with these kinds of DNS attacks, users who were redirected to one of these phony websites may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as phishing, malware and access to user names and passwords.”

The statement continues:

“These risks apply to individuals who attempted to access the St. Louis Fed’s research.stlouisfed.org website on April 24, 2015. If you attempted to log into your user account on that date, it is possible that this malicious group may have accessed your user name and password.

The St. Louis Fed’s website itself was not compromised.

“Out of an abundance of caution, we wanted to alert you to this issue, and also make you aware that the next time you log into your user account, you will be asked to change your password. In addition, in the event that your user name and password are the same or similar as those you use for other websites, we highly recommend that you follow best practices and use a strong, unique and different password for each of your user accounts on the Internet. Click https://research.stlouisfed.org/useraccount/forgotpassword/step1 to change your user account password now.”

According to Wikipedia, the Federal Reserve Economic Data (FRED) is a database maintained by the Research division of the Federal Reserve Bank of St. Louis that has more than 247,000 economic time series from 79 sources. The data can be viewed in graphical and text form or downloaded for import to a database or spreadsheet, and viewed on mobile devices. They cover banking, business/fiscal, consumer price indexes, employment and population, exchange rates, gross domestic product, interest rates, monetary aggregates, producer price indexes, reserves and monetary base, U.S. trade and international transactions, and U.S. financial data.

FRASER stands for the Federal Reserve Archival System for Economic Research, and reportedly contains links to scanned images (PDF format) of historic economic statistical publications, releases, and documents including the annual Economic Report of the President. Coverage starts with the 19th and early 20th century for some economic and banking reports.

According to the Federal Reserve, GeoFred allows authorized users to create, customize, and share geographical maps of data found in FRED.

ALFRED, short for ArchivaL Federal Reserve Economic Data, allows users to retrieve vintage versions of economic data that were available on specific dates in history.

The St. Louis Federal Reserve is one of twelve regional Fed organizations, and serves banks located in the all of Arkansas and portions of six other states: Illinois, Indiana, Kentucky, Mississippi, Missouri and Tennessee. According to the reserve’s Web site, it also serves most of eastern Missouri and southern Illinois.

No information is available at this time about the attackers involved in this intrusion, but given the time lag between this event and today’s disclosure it seems likely that it is related to state-sponsored hacking activity from a foreign adversary. If the DNS compromise also waylaid emails to and from the institution, this could be a much bigger deal. This is likely to be a fast-moving story. More updates as they become available.

Thought of the Day

May. 18th, 2015 04:34 pm
beable: (gonzo journalism)
[personal profile] beable
Imagine if the aliens from Galaxy Quest had watched the Mad Max movies instead.
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

When it comes to reporting on breaches involving customer accounts at major brands, the news media overall deserves an F-minus. Hardly a week goes by when I don’t hear from readers about a breathless story proclaiming that yet another household brand name company has been hacked. Upon closer inspection, the stories usually are based on little more than anecdotal evidence from customers who had their online loyalty or points accounts hijacked and then drained of value.

javamessThe latest example of this came last week from a story that was responsibly reported by Bob Sullivan, a former MSNBC journalist who’s since struck out on his own. Sullivan spoke with multiple consumers who’d seen their Starbucks card balances emptied and then topped up again.

Those customers had all chosen to tie their debit accounts to their Starbucks cards and mobile phones. Sullivan allowed in his story one logical explanation for the activity: These consumers had re-used their Starbucks account password at another site that got hacked, and attackers simply tried those account credentials en masse at other popular sites — knowing that a fair number of consumers use the same email address and password across multiple sites.

Following up on Sullivan’s story, the media pounced, suggesting that Starbucks had been compromised. In a written statement, Starbucks denied the unauthorized activity was the result of a hack or intrusion into its servers or mobile applications.

“Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account,” the company wrote. “This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.”

In most cases, a flurry of fraudulent account activity targeting a major brand is preceded by postings on noob-friendly hacker forums about large numbers of compromised accounts for sale, and the publication of teachable “methods” for extracting value from said hacked accounts.

crackedstarbucks

Unsurprisingly, we saw large numbers of compromised Starbucks accounts for sale in the days leading up to the initial story about the Starbucks fraud, as well as the usual “methods” explaining to clueless ne’er-do-wells about how to perpetrate fraud against hacked accounts. Here’s another noob-friendly thread explaining how to cash out compromised Subway accounts; how long until we read media reports shouting that Subway has been hacked?

To be sure, password re-use is a major problem, and it’s a core driver of fraud like this. Also, companies like Starbucks, Hilton Honors, Starwood and others certainly could be doing more — such as offering customers two-step authentication — to protect accounts. Indeed, as these recurring episodes show, affected brands take an image hit when customers have their accounts hijacked through password re-use, because the story inevitably devolves into allegations of a data breach at the brand involved.

But it works both ways: consumers who re-use passwords for sites holding their payment data are asking for trouble, and will get it eventually.

For helpful hints on picking strong passwords (or outsourcing that to third-party software and/or services), check out this primer. For further reading about how penny-ante punks exploit password re-use and trick media outlets into falsely reporting breaches, see How to Tell Data Leaks from Publicity Stunts.

Cungrate.. Condrag... GUT JOB!

May. 18th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Wahooo! SCOOL'S OUT!

 

Or.... is it?

Not gonna lie: kinda confused right now.

 

Well, assuming you students aced all your subjects:

(If only they taught USEFUL stuff in school, am I right?)

 

...then I hear some Congradularons are in order!

 

Unless you prefer a "Congralulalio" - 'cuz I've got one of those, too:

 

Eesh. You know, I have so many hundreds of misspelled "congratulations" cakes in the archives I may never post them all. I wonder when bakers decide to just give up completely?

Er, that was rhetorical, guys...

 

C'mon, now. We have to move on.

 

STAHP.

 

What the... Congrauktion.at?!

 

 

So, in conclusion:

I think I already did.

 

Conklenators to Jayne L., Laura A., Debbie M., Bree M., Tammy J., Dara, Candy R., Kristin, Jennifer P., & Kat N. on their stellar wreckporting.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

Unit Testing on iOS

Submitting

I have two ways of submitting to CfPs. The first: a carefully written abstract of a talk that I have already prepped, and probably already given.

The second: something that I have already been exploring in blog posts, collected into a “here is this thing that I think I could talk about, but I’m not 100% sure what that would look like yet”.

My submission to mdevcon at the start of the year was of the second variety, prompted by the inclusion of the CfP in an edition of Technically Speaking. It was based on a series of blogposts about unit testing UI code on iOS which had been relatively well read. It included the comment that “this could be either a workshop or a talk”.

Typically I follow a policy of submit and forget – there’s no point getting too attached to these things, you have no control once you’ve submitted, after all.

And then one day an email arrives. And it said – “how about both?”

My reaction: Yay! I was accepted! Both! Ai! Could I? OK then.

Preparing

So I had committed myself to giving my first super technical talk, and my first workshop together, on the same topic, in a two day period. Luckily I had around 6 weeks to prepare.

My initial design constraint was the title: Unit Testing on iOS: Beyond the Model. Clearly there was going to be some overlap between the two, but I didn’t want to just present the same content in two lengths – I think a workshop should be designed differently from a talk. A talk is to give you something to think about, to take back into your own work. A workshop is a deep dive into learning something, I want people to come away feeling like they have conquered it.

I decided to make my talk about what I actually do, not what we might do in a contrived example. Because this, to me, is the main benefit of conference talks – learning what people actually do.

So I opted to tie the talk to my own app, Show and Hide. It’s a relatively simple app UX-wise, the engineering challenges are in the image processing. So I build the talk along the screens, introducing two testing techniques per screen. I showcased my KIF tests by running them – live – using this time to introduce what the app actually does. And I opened and closed with stories about why testing is important and what the ROI is. I used my speaker notes (I write very detailed notes that are easy to turn into a blog post) to get feedback on what people found particularly interesting and what they struggled with.

With the talk mostly done, I moved onto preparing the workshop.

For the workshop, I built a simple sample app of a tic-tac-toe game with a full suite of tests. As part of getting feedback on the content from my talk, I had discovered that people’s knowledge when it came to testing on iOS was widely divergent. Some people were interested because they wanted to know how to unit test UI code… others were hoping to learn how to start unit testing… at all.

This was a huge constraint on the design of the workshop. I added a section in at the beginning covering how to unit test, period. Spent more time on how mocks work. I’ve never been a fan of instructor does something, pauses while everyone has a go, and because experience levels vary so widely, people are either bored or rushed. But knowing that my audience would vary between: no knowledge of unit testing at all, to experts in testing just not of unit testing UI code completely ruled this out as an option. I was not going to start my workshop dismissing half the audience, or boring the rest.

As a result, I put together a ~20 page document that worked through testing the sample app, step by step. With a section at the beginning that could be skipped (unit testing basics) and a more open ended section at the end which I expected only experienced people to get to (getting started with UIAutomation using KIF). I created a fork of the sample project, and deleted tests from it, leaving behind examples and comments on where to insert code. I actually covered more testing techniques in the talk than the workshop – because a deep dive takes a lot longer than an overview.

My workshop was also the first to sell out! Which was exciting but put the pressure on. Thankfully the organisers found me a TA to help.

Final step was a practise talk, where I got some helpful feedback which I incorporated into both the talk, and where applicable the workshop.

Delivering

Delivering the workshop and the talk was intense and exhausting.

The workshop came first. I gave people access to the document, and then moved around the room on rotation, being sure to spend time with everyone. You hear a lot more issues people are facing if you go to them and ask, and there are a lot more opportunities to elaborate and connect with them. Because I had hosted the code on GitHub, and the instructions on GoogleDocs, I was able to make minor changes as people ran into things (thankfully there weren’t many).

Once it was over I was exhausted! I went for food and a walk, unable to contemplate speaking to another human for a while.

Bizarrely when it came to it I was more nervous about the talk than the workshop. The workshop was so thoroughly prepared that I felt like I had ran out of nervous energy doing that much preparation. And I couldn’t think past it being over! So once it was, I felt like I was under-prepared for my talk. Actually I had done about as much preparation as I normally do, I just hadn’t had the emotional capacity to be as anxious about it!

After

When I got the feedback from the workshop, the main comment was that I hadn’t run it in a more typical way – with explanations and breaks for people to try things out. My initial reaction was “but it was designed that way for a reason!” and then I realised – this is a sign of success. If people think that was an option, they must have left feeling their level of expertise – whatever it was (and having spent time with everyone I can tell you it was incredibly varied) – was entirely normal. Really, I would sooner people leave a workshop I ran thinking I’d made a mistake in how I designed it, than feeling stupid because they didn’t know some key concept.

If you are interested in the content, you can find my blog post from my speaker notes here, and an updated version of the workshop for working through at home is available for sale.

Profile

terriko: (Default)
terriko

May 2015

S M T W T F S
     12
34 56789
10111213 141516
17181920212223
24252627282930
31      

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated May. 22nd, 2015 11:28 am
Powered by Dreamwidth Studios