Linux Container Security

Oct. 23rd, 2014 08:44 am
[personal profile] mjg59
First, read these slides. Done? Good.

Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment[1].

Does this mean containers provide reduced security? That's an arguable point. In the event of a new kernel vulnerability, container-based deployments merely need to upgrade the kernel on the host and restart all the containers. Full VMs need to upgrade the kernel in each individual image, which takes longer and may be delayed due to the additional disruption. In the event of a flaw in some remotely accessible code running in your image, an attacker's ability to cause further damage may be restricted by the existing seccomp and capabilities configuration in a container. They may be able to escalate to a more privileged user in a full VM.

I'm not really compelled by either of these arguments. Both argue that the security of your container is improved, but in almost all cases exploiting these vulnerabilities would require that an attacker already be able to run arbitrary code in your container. Many container deployments are task-specific rather than running a full system, and in that case your attacker is already able to compromise pretty much everything within the container. The argument's stronger in the Virtual Private Server case, but there you're trading that off against losing some other security features - sure, you're deploying seccomp, but you can't use selinux inside your container, because the policy isn't per-namespace[2].

So that seems like kind of a wash - there's maybe marginal increases in practical security for certain kinds of deployment, and perhaps marginal decreases for others. We end up coming back to the attack surface, and it seems inevitable that that's always going to be larger in container environments. The question is, does it matter? If the larger attack surface still only results in one more vulnerability per thousand years, you probably don't care. The aim isn't to get containers to the same level of security as hypervisors, it's to get them close enough that the difference doesn't matter.

I don't think we're there yet. Searching the kernel for bugs triggered by Trinity shows plenty of cases where the kernel screws up from unprivileged input[3]. A sufficiently strong seccomp policy plus tight restrictions on the ability of a container to touch /proc, /sys and /dev helps a lot here, but it's not full coverage. The presentation I linked to at the top of this post suggests using the grsec patches - these will tend to mitigate several (but not all) kernel vulnerabilities, but there's tradeoffs in (a) ease of management (having to build your own kernels) and (b) performance (several of the grsec options reduce performance).

But this isn't intended as a complaint. Or, rather, it is, just not about security. I suspect containers can be made sufficiently secure that the attack surface size doesn't matter. But who's going to do that work? As mentioned, modern container deployment tools make use of a number of kernel security features. But there's been something of a dearth of contributions from the companies who sell container-based services. Meaningful work here would include things like:

  • Strong auditing and aggressive fuzzing of containers under realistic configurations
  • Support for meaningful nesting of Linux Security Modules in namespaces
  • Introspection of container state and (more difficult) the host OS itself in order to identify compromises

These aren't easy jobs, but they're important, and I'm hoping that the lack of obvious development in areas like this is merely a symptom of the youth of the technology rather than a lack of meaningful desire to make things better. But until things improve, it's going to be far too easy to write containers off as a "convenient, cheap, secure: choose two" tradeoff. That's not a winning strategy.

[1] Companies using hypervisors! Audit your qemu setup to ensure that you're not providing more emulated hardware than necessary to your guests. If you're using KVM, ensure that you're using sVirt (either selinux or apparmor backed) in order to restrict qemu's privileges.
[2] There's apparently some support for loading per-namespace Apparmor policies, but that means that the process is no longer confined by the sVirt policy
[3] To be fair, last time I ran Trinity under Docker under a VM, it ended up killing my host. Glass houses, etc.

3 weeks at home

Oct. 22nd, 2014 04:17 pm
pleia2: (Default)
[personal profile] pleia2

I am sitting in a hotel room in Raleigh where I’m staying for a conference, but prior to this I had a full 3 weeks at home! I was the longest stretch I’ve had in months, even my gallbladder removal surgery didn’t afford me a full 3 weeks. Unfortunately during this blessed 3 weeks home MJ was out of town for a full 2 weeks of it. It also decided to be summer time in San Francisco (typical of early October) with temperatures rising to 90F for several days and our condo not cooling off. Some days it made work a challenge as I sometimes fled to coffee shops. The cats didn’t seem amused by this either.

The time at home alone did give me a chance to chill out at home and listen to the Giants playoff games on the little AM radio I had set up in our living room. As any good pseudo-fan does I only loosely keep up with the team during the actual season, going to actual games only here and there as I have the opportunity, which I didn’t this year (too much travel + gallbladder). It felt nice to sit and listen to the games as I got some work done in the evenings. I did learn how much modern technology gets in the way of AM reception though, as I listened to the quality tank when I turned on the track lighting in my living room or random times when my highrise neighbors must have been doing something.

Fleet week also came to San Francisco while I was home. I think I’ve only actually been in town for it twice, so it was a nice treat. To add to the fun I was meeting up with a friend to work on some OpenStack stuff on Sunday when they were doing their final show and her office offers amazing floor to ceiling windows with a stunning view of the bay. Perfect for watching the show!

I also did manage to get out for some non-work social time with a couple friends, and finally made it out to Off the Grid in the Marina for some street food adventuring. I hadn’t been before because I’m not the biggest fan of food trucks, the food is fine but you end up standing while eating, making a mess, and not getting a meal for all that cheaper than you would if you just went to a proper restaurant with tables. Maybe I’m just a giant snob, but it was an interesting experience, and I got to take the cable car home, so that’s always fun.

And now Raleigh. I’m here for All Things Open which I’ll be blogging about soon. This kicked off about 3 weeks away from home, so I had to pack accordingly:

After Raleigh I’ll be flying to Miami for a cousin’s wedding, then staying several extra days in a beach hotel where I’ll be working (and taking breaks to visit the ocean!). At the end of the week I’m flying to Paris for the OpenStack Summit for a week. I’ve never been to Paris before so I’m really looking forward to that. When the conference wraps up I’m flying back stateside for another wedding for a family member, this time in Philadelphia. So during this time I’ll get to see MJ twice, as we meet in cities for weddings. Thankfully I head home after that, but then we’re off for a proper vacation a few days later – to Jamaica! Then maybe I’ll spend all of December in a stay-at-home coma, but I’ll probably end up going somewhere because apparently I really like airplanes. Plus December would be the only month I didn’t fly, and I can’t have that.

Originally published at pleia2's blog. You can comment here or there.

Oh no, not again!

Oct. 23rd, 2014 08:55 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

We went on a short plane trip to Wagga two weekends ago. V got a colouring activity kit on the plane, and at first he just scribbled energetically near the pictures. But Andrew pointed out an interesting task:

Outline by number

After a quick explanation, it emerged he could read the numbers and join them up pretty much by himself.

Surprise! It’s a plane!

Finished product!

On the way back the next day, he got the same activity kit and said loudly “Oh no, not again!”

Quantum State of the Beable

Oct. 22nd, 2014 12:45 pm
beable: (Default)
[personal profile] beable
(In particular for those not on FB): Yes, I work downtown, however am safe.

Building is in lockdown, cell phone only semi-functional because of congestion on cell network.

Wrecky Roughage

Oct. 22nd, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

According to this survey I'm about to make up, 74% of us don't get enough fiber in our diets. Unless you're British. In which case you don't get enough fibre. And you spell things wrong.

Fortunately, the bakeries of the world are here to help.

I think we'll call this Faeber.

I DO believe in Faeber. I do, I do!!

 

TRUE STORY: Last week our cat Tonks decided to eat a piece of ribbon because she is, by all accounts, an idiot. Now if you're a cat owner, you know that she will most likely end up dragging a two foot piece of poo-coated ribbon across our carpet while we sleep, blissfully unaware of the impending cleaning bills.

Which makes me wonder: Does the same thing happen with kids?

Admit it: you just had a mental image of a bunch of toddlers scootching their butts across the carpet.

 

Now, of course, if plastic is your fiber of choice, then have I got a cake for you!

It's like a cartoon colonic.

 

In fact, bakers really seem to be embracing the Dollar Depot movement: (Heh. "Movement.") Case in point: Ashley ordered a little boy's cake, something appropriate for a first birthday.

Aaaand this is what she got:

...'cuz nothing's more appropriate for a one-year-old than twenty-two individual choking opportunities.

"No, Palmer, Sweetie, you can't eat that. Or that. Or that. Or that. Or that. No! Not that! Or that. Or that. Or that. Or that. Or that. Or that. Or that. Or that. Whoah! Definitely not that. Or that. Or that. Or that. Or that. Or that. Maybe th...no, not that, either.

"Or that."

 

Diana F., Kasia R., Wicked Princess, & Ashley P., I think the brown sprinkles might be safe, if you want to chance it.

NOTE: This post is from a few years ago, so rest assured Tonks is fine. And more importantly, so is our carpet.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

People who use Gmail and other Google services now have an extra layer of security available when logging into Google accounts. The company today incorporated into these services the open Universal 2nd Factor (U2F) standard, a physical USB-based second factor sign-in component that only works after verifying the login site is truly a Google site.

A $17 U2F device made by Yubikey.

A $17 U2F device made by Yubico.

The U2F standard (PDF) is a product of the FIDO (Fast IDentity Online) Alliance, an industry consortium that’s been working to come up with specifications that support a range of more robust authentication technologies, including biometric identifiers and USB security tokens.

The approach announced by Google today essentially offers a more secure way of using the company’s 2-step authentication process. For several years, Google has offered an approach that it calls “2-step verification,” which sends a one-time pass code to the user’s mobile or land line phone.

2-step verification makes it so that even if thieves manage to steal your password, they still need access to your mobile or land line phone if they’re trying to log in with your credentials from a device that Google has not previously seen associated with your account. As Google notes in a support document, security key “offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.”

Unlike a one-time token approach, the security key does not rely on mobile phones (so no batteries needed), but the downside is that it doesn’t work for mobile-only users because it requires a USB port. Also, the security key doesn’t work for Google properties on anything other than Chrome.

The move comes a day after Apple launched its Apple Pay platform, a wireless payment system that takes advantage of the near-field communication (NFC) technology built into the new iPhone 6, which allows users to pay for stuff at participating merchants merely by tapping the phone on the store’s payment terminal.

I find it remarkable that Google, Apple and other major tech companies continue to offer more secure and robust authentication options than are currently available to consumers by their financial institutions. I, for one, will be glad to see Apple, Google or any other legitimate player give the entire mag-stripe based payment infrastructure a run for its money. They could hardly do worse.

Soon enough, government Web sites may also offer consumers more authentication options than many financial sites.  An Executive Order announced last Friday by The White House requires the National Security Council Staff, the Office of Science and Technology Policy and the Office of Management and Budget (OMB) to submit a plan to ensure that all agencies making personal data accessible to citizens through digital applications implement multiple layers of identity assurance, including multi-factor authentication. Verizon Enterprise has a good post with additional details of this announcement.

It’s Not That Big a Deal

Oct. 22nd, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

odd one out

Credit: Flickr / Michelle Friswell

As an Angry Internet Feminist™, every incident I point out has multiple parts.

  1. I notice and say something.
  2. Tone policing, on whether I should have noticed it. After all, it’s not that big a deal.

Someone uses “he” when they should say “they”? Not that big a deal.

Mild objectification of women in something that should be professional? Not that big a deal.

No women speaking at a conference? Not that big a deal.

Because the thing is, each instance isolated is not really that big a deal. So one sentence wasn’t inclusive? So what. So one guy thought he was funny when he wasn’t? So what. So that one conference didn’t actually get the best speakers because they limited themselves to <50% of the population (usually no PoC either). So what?

Here’s the thing that people who are telling me what should and should not bother me don’t seem to realize. It’s that I do understand that if it was that one thing, it wouldn’t be a big deal. But it probably isn’t even the only thing I’ve encountered that week.

Because whatever your feelings about “they” as grammatically less correct, when I sit in a room full of men, and only men, and someone says “he” when they could say “they” I often look around the room, and I’m reminded that I don’t belong.

Really, I get enough reminders. At the events featuring pizza and beer. When men think I’m lost, or something – anything – other than an engineer. Could you just change that word? Would it really be that big a deal?

And yes, it just a word, it’s just a tasteless joke. But it’s in your marketing materials and presumably more than one person looked at those. So if that wasn’t a big deal… what will not be a big deal for something less externally facing?

That guy, urgh that guy, who “jokingly” called his female colleague a bitch. What do you think he’s going to write on her performance review? Maybe that she’s “abrasive”.

You know, when I left my Prestigious Tech Job to do something different, it wasn’t to be the unpaid, unappreciated teaching assistant of the Feminism 101 MOOC.

Because these individual items that each taken individually are “not a big deal” have piled up and now I sit precariously atop a pile of tiny rocks, wondering when it will all come crashing down.

These things do not happen in isolation. The culture that culminates in the death and rape threats (just the most recent example) is built on a culture where women do not get paid what they deserve, where they are objectified, marginalized, and, most of all, ignored.

Can we talk about humour for a moment? Because I’m tired of these things being “jokes”. This guy thought that rape threats were satire. I will now explain why they are not funny. Humour requires an element of the unexpected, and there is nothing unexpected about a woman with an opinion being threatened with rape. It is an alarmingly normal occurrence. Online harassment is an expected part of being an Angry Internet Feminist™, and it is hard to distinguish between the guy who calls me some obscene word and is “joking” and the one who has intent.

So we add two factor authentication (did you know, Twitter has it?), and install security software on our websites. I have only experienced the very mildest levels of harassment, but make no doubt, if I was truly under threat, I have a plan for where I would go, and enough air miles and money to get me there. Call it paranoia, if you want. I call it being prepared.

There is no humour there. There is just yet another woman who is paying the price, in harassment, for having an opinion. For calling stuff out, when she saw it.

The data says that 40% women drop out of tech careers in the first 10 years. I didn’t know many other women on my university course, but of those I do, I am the only one still building systems and writing code. One is an environmental economist. Another a BA. I hear one became an artist, cool.

And I’m sure each of them went towards something compelling, to them. I’m sure they each made the decision that worked for them. I hope they have interesting careers and fulfilled lives.

But they didn’t stay.

Against the evidence, my generation of women techies, we thought we were different. We thought things were better, because sexual harassment and even assault was no longer a normal part of the working day (although don’t be mistaken – it happens). We thought things would be different, and we just needed to work hard and be awesome. We were wrong.

I’m reaching this point in my career where I’m starting to see my peers drop out. Make their backup plans. I wrote this article about knowing someday I would leave tech, and so many women said “this is how I feel!” and a couple of men said “wow it’s really bad that women feel this way, maybe we should do something”.

Because I hear variations on the same story, again, and again, and again.

It is hard to fix structural equality. And like many hard things the first step is admitting there is a problem. Could you just say “they” instead of “he”? Pay an expert to review your marketing materials? Could you just do the work to get a more balanced line-up at your conference? Stop making “satirical” rape threats? Could you stop telling me what should, or should not bother me? Please?

I’ll tell you what I think is a big deal. It’s when I watch a woman who I know to be brilliant, slowly lose her joy of making. It’s when I watch her give up caring about her career, and just go through the motions, because frankly showing up every day is hard enough. It’s when I see her leave.

How I Do Antiquing: Old Disney Toys!

Oct. 22nd, 2014 12:18 am
[syndicated profile] epbot_feed

Posted by Jen

Some people go antiquing for the history or the treasure. I go for the toys.



Vintage Orange Bird & baby Donald!
Yes, they're filthy. But Donald is from 1984, was only a dollar, and c'mon, BABY DONALD. Orange Bird was $15, but he's kinda rare, and I love him. (I'm guessing he's also from the early 80s.)

Anyway, here's a quick tip: If you need to clean toys like Donald, which is soft & rubbery like a squeak toy, then grab one of these bad boys:



Yep, Magic Eraser works wonders at taking off old stains, crayon marks, and even pen ink from soft plastic. Check out the difference!


The blue pen line down the side of his face is completely gone!

Just be careful when scrubbing, since Magic Eraser *will* take the original paint off. It's basically a spongey form of sandpaper.

(And no, this isn't a sponsored post.)

Magic Eraser works well on harder surfaces, too, of course. Here's cleaned-up Orange Bird:



Did I mention he's a bank?

I'm debating touching up his paint, and possibly re-painting Donald all together. (Although those 80s pastels *are* kinda rockin'. Hee.)


I also picked up this tiny purse for $5, because the inside is ridiculously cool:


I'm a sucker for anything small with "hidden" compartments, and LOOK:


That circular screen pulls out to reveal a powder puff & powder compartment, and I guess the other sections were for lipstick and... money? Maybe? They're both suuuper tiny; the lipstick compartment is about 3/4 of the size of a Chapstick tube.

And THEN, there's another section under the mirror!

 SO COOL. 

It doesn't look like the purse was ever used, but the exterior suede/velvet was crumbling off in my hands. I'm hoping to redo the whole thing, maybe make it usable for a steampunk outfit or something. [brain storming]

And finally, our big splurge: $30 for this amaaazing "Baseball Clock" that sold at the World's Fair during the 1930s:

 
Fun, right? I've never seen another clock like it! (It winds in the back.)


If you're ever looking for good/cheap antiquing here in central Florida, check out the Orange Tree Antique Mall (my favorite), or the Flea Market and outside areas at Renningers in Mt. Dora. (The inside vendors are too pricey for me, but it's still fun to look.)


Oh, and speaking of funky clocks, stay tuned....


'Cuz I'm working on one last Halloween thing. 

[evil grin]

[syndicated profile] geekfeminism_feed

Posted by spam-spam

#Gamergate

  • On Gamergate: a letter from the editor | Polygon (October 17): “Video games are capital “C” Culture now. There won’t be less attention, only more. There won’t be less scrutiny. There certainly won’t be less diversity, in the fiction of games themselves or in the demographics of their players. What we’re in control of is how we respond to that expansion, as journalists, as developers, as consumers. Step one has to be a complete rejection of the tools of harassment and fear — we can’t even begin to talk about the interesting stuff while people are literally scared for their lives. There can be no dialogue with a leaderless organization that both condemns and condones this behavior, depending on who’s using the hashtag.”
  • Gamergate threats: Why it’s so hard to prosecute the people targeting Zoe Quinn and Anita Sarkeesian | Slate (October 17): “The light penalties attached to many of these online crimes also deter officials from taking them seriously, because the punishment doesn’t justify the resources required to investigate and prosecute them”
  • Of Gamers, Gates, and Disco Demolition: The Roots of Reactionary Rage | The Daily Beast (October 16): “Our various “culture wars” tend to boil down to one specific culture war, the one about men wanting to feel like Real Men and lashing out at the women who won’t let them.”
  • Gamergate in Posterity | The Awl (October 15): “Maybe there will be some small measure of accountability in the far future, not just for public figures and writers and activists, but for all the people who could not or would not see their “trolling” for what it really was. Maybe, when their kids ask them what they were like when they were young, they will have no choice but to say: I was a piece of shit. I was part of a movement. I marched, in my sad way, against progress. Don’t take my word for it. You can Google it!”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

9 and nearly ½ months

Oct. 22nd, 2014 09:38 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

Hand work

The photos are from her nine month-day. Normally one would say something like “longer out than in!” but in my case, I was six days short of being a “ten month mama”. (I’m a big nerd and just worked it out. It was a 300 day pregnancy exactly. She’s “longer out than in” on November 6 at 301 days old.)

At not quite 300 days old, she’s definitely a big baby, which is a time of rapid change. The time from about 3 months old until the onset of sitting up and crawling — admittedly, a much longer time for her than V — seems to be a time of subtle change to me. There are all kinds of changes, but nothing like the change between leaving the baby there, and finding it here.

I wouldn’t normally put this many shots in but they’re all so characteristic, you can get a feeling for what it’s like spending 15 minutes with her:

TongueClose-upHand workThumb with added grassLip suckingHair pulling

The bottom lip sucking is especially characteristic. The red scratch near her right eye is unfortunately pretty much a permanent feature at this point. V had soft nails that we almost never needed to cut (he bites them now, so we still don’t have to) but she has hard sharp scratching nails that we just can’t stay on top of.

Or here’s a few videos.


Playing with her hands and thumb sucking


Babbling and doing all the things bar crawling

Her sleep is mixed. We had a few weeks of OK sleep, and now we’re having bad sleep again. It’s following her usual pattern of doing a really long sleep while I’m still awake, and then waking up frequently later in the night. This seems to have come with a refreshed realisation that she doesn’t have to eat puree if she doesn’t want to. No doubt the phase of eating four or five bowls a day went with a growth spurt in any case, but now after as few as a couple of spoonfuls she’ll be twisting around in her chair, shutting her mouth and so on, because things like trying to touch the doorknob and vertical blinds behind her in the kitchen is way more fun than eating.

She has… most of a pincer grip I think. She can certainly grab things with thumb and forefinger, but she tends to trap them with the side of her finger rather than the tip. But, close! She’s very interested in finger food and increasingly skilled with it, but her complete lack of teeth (it’s now a contest to see if V’s adult teeth come in before her baby ones) combined with the usual tendency of babies to decorate their immediate surroundings with copious dollops of food mean that it will be a while before she gets much in that way. I’m also not enjoying the return of going to cafes and needing to help them clean up after the baby before we leave. V has just got so neat.

This has gone with increasing her number of nursing sessions from some smaller number (8 a day?) to some larger number (20 a day?). Which I am not enamoured with. I haven’t started wanting to eat the entire world yet, but perhaps that will come soon.

Her crawling is still commando-style. She’s clearly not satisfied with it: she usually tries to start either cross-crawling or crab crawling before ending up on her old reliable belly. You can tell she’s coming by the angry squeals. It looks like she’ll end up cross-crawling but it’s hard to tell. I doubt she’ll move straight to walking: she has begun to pull up to stand (she first did so in the bath), but she’s fairly wobbly when she does so (in the bath) and isn’t cruising yet. I think crawling has a ways to go.

This past weekend, while we were at her grandparents, she was super needy and grouchy. Andrew and I agreed that it was the first time ever we felt she’d been consistently more work and needed more attention than V for an extended stretch of time. (To be fair, other than in the middle of the night.) She’s also developing the Mama-fixation that went with the onset of separation anxiety for V. There is, for example, generally only one target she crawls towards. So we may be entering the long dark teatime of grouchy clinginess that is the first thing I think of when I think “1 year old” now.

Conversely, I enjoy watching her baby life. Never is this clearer than in the bath, because she moves around more easily in the water, sliding herself from end to end and screeching and cooing happily as she explores her toys and paws at the bath fittings.

[syndicated profile] geekfeminism_feed

Posted by Tim Chevalier

With his permission, I’m reposting this blog comment from Marco Rogers, in a reply to an anti-feminist comment on a blog post about women in tech that he wrote 2 1/2 years ago. Although the post is that old, the comment is from a few days ago, because even years later, anti-feminist trolls are stumbling across Marco’s blog post and feeling the need to express their displeasure with it.

I’m reposting Marco’s comment because I think it’s a good example about how to respond to a troll. I would love to see more men let their anti-feminist peers know that uninformed anti-feminist wankery is a waste of time. And I would love to do that more often myself, rather than engaging with it.

Hi [REDACTED]. I thought a long time about whether to let this comment stand or delete it. I do listen to input from different perspectives. I read this entire thing. And I’m sorry to say it was a waste of my time.

I’m afraid this reply won’t be very constructive. I had to chose whether to waste further time dismantling your false logic, and I had to take into account whether it would make any difference to you or anyone reading. I don’t think it will. In my experience, it’s very difficult to educate men who think like you do.

I’ll admit it also annoys me that you would come and write a small novel in my blog comments but not say anything new or original. Men have been making this argument that their long history of sexism is somehow the natural order of things since the beginning of time. It’s not revelatory, it’s not some profound wisdom that people haven’t heard, it’s boring. The feminist/womanist movement grew in direct opposition to all the nonsense you spouted above. There is a ton of literature that debunks and rejects every single point you are poorly trying to make. The least you can do is educate yourself on the system you’re up against, so you can sound more cogent and have an actual chance of convincing anyone.

The question remains of whether I let your comment stay up. I think I will. Not because I feel compelled to represent multiple viewpoints here. This is my blog and I choose what goes here. But I’ll leave it because I’m no longer afraid of letting people read tripe like this. You’re losing. We WILL create a world where the mentality of men like you is a minority and women get to exist as themselves without fear. You can’t stop it. Stay mad bro. Thanks for dropping by.

YES WE CA... Oh. Well, Crap.

Oct. 21st, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

 

 

Thanks to Lionel S. for reminding us there's also no "eye" in "team," although I don't see what that has to do with anything.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.

staplesAccording to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.

Framingham, Mass.-based Staples has more than 1,800 stores nationwide, but so far the banks contacted by this reporter have traced a pattern of fraudulent transactions on a group of cards that had all previously been used at a small number of Staples locations in the Northeast.

The fraudulent charges occurred at other (non-Staples) businesses, such as supermarkets and other big-box retailers. This suggests that the cash registers in at least some Staples locations may have fallen victim to card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals.

Asked about the banks’ claims, Staples’s Senior Public Relations Manager Mark Cautela confirmed that Staples is in the process of investigating a “potential issue involving credit card data and has contacted law enforcement.”

“We take the protection of customer information very seriously, and are working to resolve the situation,” Cautela said. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”  

A New Book Review? As You Wish!

Oct. 20th, 2014 03:44 pm
[syndicated profile] epbot_feed

Posted by Jen

Last week my sister-in-law surprised me with Cary Elwes' new Princess Bride memoir, As You Wish, and I zipped through it in 2 nights.


I've been looking forward to this read since I first heard about it months ago, so I was positively giddy cracking open the first page. I LOVE behind-the-scenes stories already, but throw in stories from one of my favorite movies of all time? SOLD!

Ok, so, let's start with the obvious: if you're as big a fan of The Princess Bride as I am, you're going to buy this book. And really, if you're that uber fan, you absolutely should.

For everyone else, though? Who may only have a passing interest in a movie they certainly like, but don't, say, quote daily & maybe even have "As You Wish" inscribed in a spouse's wedding ring? (WHAT.)

Well... for those folks, maybe not.

Don't get me wrong; there are some delightful tidbits in Elwes' book, stories that make the movie that much more magical in my eyes - but those tidbits are few and far between. Much of the book's 270 pages feels like filler, as Elwes gushes about how wonderful his co-stars are, how brilliant the director Rob Reiner is, and how blessed overall he feels to have been a part of this movie.

I'm relieved this isn't some grimy tell-all, of course, but after two hundred pages of everyone being wonderful and amazing, but very few personal stories to go along with all the gushing, you start to wonder if you're getting the whole truth. Or maybe we are getting the truth, but Elwes just didn't have enough material to properly fill out the book. Realistically, I think the "good stuff" could have been condensed down to 50 pages, and not felt rushed.

For example, Elwes spends 4 or 5 pages detailing the entire plot of The Princess Bride. Not just reminding us what happens in case it's been a while; actually explaining it as if we've never seen the movie... but still chose to read a book about it. (Ohhh... kaaaaay....)

I'm sad to say that, even as short as the book is, I ended up skimming several sections. Elwes drags out even the most interesting stories - trying to milk them for all their worth, I guess - and even then, I didn't feel like I was really getting an insider's scoop. It all felt a little too sanitized, too diplomatic, like he didn't want to reveal anything too interesting for fear of offending his co-stars. (There's a vague reference to Mandy Patinkin's competitive streak during fencing training, but no examples or details.)

In fact, the most interesting stories revolve around Andre the Giant, and I can't help but wonder if Elwes felt more free sharing those because Andre is no longer with us. (Or maybe because those stories are already so well-known?)

On the plus side, sprinkled throughout the book are quotes from the rest of the cast and crew, often recounting their own memories of the same events. Those breaks help give Elwes' memoir a more well-rounded feel, and while there were no big revelations, it was still a nice addition.

That's my spoiler-free review, but now, as a reward, I'm going to tell you a few of my favorite things I learned. Some (all?) of these were already on the internet, so it's possible they won't be spoilers at all! Still, if you'd rather wait and get your movie trivia from the book, then STOP HERE.



Ok, my #1 go-to trivia for the next time I need a good ice-breaker - because I go to at least one or two parties a year and hey, IT COULD HAPPEN - In this scene:

The one where Count Rugen hits Westley over the head with his sword? The scene used in the movie shows Christopher Guest (as Count Rugen) actually knocking Elwes unconscious.

Elwes woke up later in the ER, as they were stitching up his head. In Guest's defense, they didn't have a prop sword, so the heavy metal handle came down harder than he intended, plus Elwes *told* him to just go ahead and hit him.

And in this scene:

 

Watch how Westley gets up; see how he favors one leg? That's because Elwes had just broken his big toe riding Andre the Giant's 4-wheel ATV - I think the same day, even - and was in a huge amount of pain. 

Those are the only two injuries Elwes sustained the whole movie, and I guess it says something about me that I find those the most interesting. :D
  
On the funny side, for the scenes with Billy Crystal as Miracle Max, Elwes spoiled so many takes by laughing that they had to replace him for most of it with a prop dummy on the table:


Again, to be fair, *everyone* was spoiling takes by laughing, including the director. The only injury Mandy Patinkin received during the whole shoot was during this scene; he bruised a rib, trying to hold in his laughter. Ha!

And finally, the sweetest revelation for me:


Wallace Shawn (Vizzini) was terrified of heights, and though all the long shots in this scene were done with stuntmen, the close-ups were done on a 30-foot tall fake cliff set. He was apparently so distraught that they physically tied him to Andre, who told Shawn, "Don't worry, I'll take care of you." (FEELZ!!) After that, Shawn was able to do the scene.

There were a few other really fascinating bits about Shawn, but I'll leave those for the book.


So, what'd you think, guys? Any favorite parts I missed? Or did you already know all these from various BuzzFeed articles? :D ([shaking fist at sky] Curse you, Buzzfeeeeed!)

How to Hate a Book

Oct. 20th, 2014 12:48 pm
altamira16: Tall ship at dusk (Default)
[personal profile] altamira16
About a week ago, the blogger formerly posting at Requires Hate wrote something friends locked on Twitter that made me wonder what was going on in her life. I started reading her when [livejournal.com profile] nihilistic_kid mentioned her as a potential recipient of a literary award for the best fan blogs.

At first, she was making fun of Charlaine Harris books for being racist, and I thought that her view point was interesting and way over the top. But then she started writing about anime, and I just cannot care about anime.

A few days ago, my sister gave me the link to this piece by an author named Hale who obsesses over a Goodreads reviewer. I didn't read the whole thing because it just seemed so neurotic, but again it reminded me of the person writing the Requires Hate blog because she had many words about how much she hated various books. I thought that Hale, the neurotic author, would hate her. (If you look at my book reviews here, I usually spend more time writing about things that I dislike than things that I like. I use blogging to work out my grievances sometimes. There are just a lot more people who are a lot more verbose about that type of thing.)

Anyway, today the "Requires Hate" blogger wrote an entry apologizing for some of her reviews. It seems like this happened because someone exposed her identity. Apparently, she has a new book coming out soon.
[syndicated profile] geekfeminism_feed

Posted by Tim Chevalier

Simply Secure is a new non-profit that focuses on helping the open source community do a better job at security. Their focus is on adding usable security technology on top of existing, already-widely-adopted platforms and services, and their advisory board includes Wendy Seltzer, Cory Doctorow, and Angela Sasse, among others. (Full disclosure: I went to college with the executive director and founder, Sara “Scout” Sinclair Brody.)

They are hiring for two full-time positions right now: a research director/associate director with some mix of practical experience and formal education in security and UX design (sufficient experience compensates for a lesser degree of formal education), and an operations manager who will write grants and manage finances. Simply Secure strongly encourages applications from populations under-represented in the technology industry. For both positions, experience with and/or enthusiasm for open source is desirable but not required. Simply Secure is located in the US in Philadelphia and is actively recruiting candidates who work remotely.

To apply, visit their jobs page!

MLP:FIM the Movie in 2017?

Oct. 20th, 2014 10:39 am
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
mlp_fim_move_fan_poster_by_jarredspekter
Source: http://jarredspekter.deviantart.com/art/MLP-FIM-Move-fan-poster-294655370

Rumor has it that there will be a My Little Pony movie, to be released in 2017. According to Variety, here, a production house called Allspark Pictures will be producing the film which is to have a theatrical release. The script is to be written by Joe Ballarini and Meghan McCarthy is to be the co-executive producer.

Allow Meghan McCarthy to give yer hope a boost.

A Failure To Communicate, Vol. 243

Oct. 20th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

I like how the only thing legible is the one word NOT supposed to be there:

 

Erin K. wanted her daughter's cake to be oriented vertically, or portrait-style, but the baker wasn't getting it.

"You know, the long way?"

*headdesk*

 

When you want a big 75, NOT a "big 75."

Can I quote you on that?

 

In fact, a lot of butchered instructions end up as new nick names:

Give up?

They wanted "thank you" written in pink.

 

And this one didn't want any gel icing:

 

Here's a blast from the past: a Historical Society hosted a "President's Tea."

Thank goodness they weren't screening old 80s TV shows there, too!

Can you imagine if it'd been the "President's Tea & A-Team Party?"

 

Now imagine, if you will, the ordering process that resulted in this cake:

I'm picturing a Monty Python sketch, myself.

"No, I want you to STAY HERE, and write the names underneath!"

"So I'm to write these names twice and capitalize 'Underneath.' Got it."

"No, no, it's quite simple. Write 'Happy Birthday' once, and the names underneath."

"If, if, uh... If, if, uh... Oh! Can I write the names three times... IF I use extra sprinkles?"

"AAAAAAUUGH!"

 

Thanks to Terry M., Erin K., Dan E., Stephanie D., Melanie K., Karen A., & Damon E. - AND NO SINGING!

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Public Speaking as Performance

Oct. 20th, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

cute bunny

Credit: Flickr / Sarah Embaby

I’ve written before about how I prepare mentally for a talk. Most recently, I’ve started to view it as a performance and be more and more (as the fall conference season is now underway) I’ve got more comfortable with the things I need to give a good performance. This change is mental, viewing it as a performance (rather than, commonly, a terrifying obligation past-me committed to), so differences are subtle, but important. I felt really good giving my last talk, which I think is a sign it’s time to prep a new one!

Because, it is a performance. I stand up in front of people, not my natural habitat, and try to be intensively witty and insightful.

I hope I’m usually witty and insightful, but in conversations, you take turns. On stage, it’s all on me.

One of my pet peeves as an audience member is when speakers are unprepared (even, maybe especially when they apologise for it!) Not preparing is disrespectful to the audience who have given up their time, and often significant amounts of money to be there.

If I’m speaking, then everything I do is around showing up prepared and in a good place mentally. This makes the conference experience very different. I feel OK about missing talks prior to mine. Although, pro-tip, for small conferences it’s worth letting them know you are hiding prior to your talk, and when to expect you as they may worry if they don’t see you!

Now, I always ask for travel costs (most conferences give speakers a free ticket) in part because it means I don’t feel any obligation to make the cost of attending worthwhile. Any value I got (which has typically been high) is gravy. Everything comes second to the performance.

Decompression time afterwards is also important. I usually use some of this time to make a storify of tweets during my talk.

Following day – a good night’s sleep and a good breakfast!

The other thing I’ve realised is that as a speaker, you can ask for things. Like water. Or to avoid specific slots. You can also ask for specific slots, but that is much harder for the organisers. It is incredibly hard organising a conference, so I try to go along with as much as possible and only ask for the things that will genuinely make an impact on my talk.

  • Prepare.
  • Hide (mental prep / power poses).
  • Setup equipment, test sound etc.
  • Perform.
  • Hide.
  • Socialise (this is when people say nice things! Don’t want to miss that!)
  • Relax (sleep in, have a nice breakfast).

Bye tooth!

Oct. 20th, 2014 09:27 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

On Wednesday morning, V came over with an urgent report. “Mama, my tooth! It’s wobbling.”

It sure was. It was at the stage where a bit of gum was all that was holding it in.

Wobbly tooth

(May that be the most intimate photo of him ever posted here.)

But even so, he’s at the young end of losing baby teeth (apparently 4 is in the normal range, but I was more like 6). So even though it was really loose, I still wasn’t expecting him to lose it that day. But that afternoon, he was walking along the street eating a bun (you can see traces of flour on his nose) and:

“Mama, my tooth! It’s gone!”

All that was left were small smears of blood on the bun, and this:

Bye tooth!

That’s right, we’ve lost the actual tooth. V wanted to search the street for it — “I’m never going to see my tooth again!” — but given that it likely got stuck in the bun as he bit down, I suspect he swallowed it. Not really the most poignant farewell to babyhood.

People keep joking with me about the going rate for the tooth fairy being $20 or $50 a tooth or something, but one of the benefits of V being 4 is that I’m pretty sure he doesn’t know anyone who’s lost a tooth. And it’s not a time in which I have spare energy to be sneaking in and out of his bedroom with the median wage so so far, the tooth fairy has not stepped up.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad.

Last month, media outlets in Malaysia reported that organized crime gangs had stolen the equivalent of about USD $1 million with the help of malware they’d installed on at least 18 ATMs across the country. Several stories about the Malaysian attack mention that the ATMs involved were all made by ATM giant NCR. To learn more about how these attacks are impacting banks and the ATM makers, I reached out to Owen Wild, NCR’s global marketing director, security compliance solutions.

Wild said ATM malware is here to stay and is on the rise.

ncrmalware

BK: I have to say that if I’m a thief, injecting malware to jackpot an ATM is pretty money. What do you make of reports that these ATM malware thieves in Malaysia were all knocking over NCR machines?

OW: The trend toward these new forms of software-based attacks is occurring industry-wide. It’s occurring on ATMs from every manufacturer, multiple model lines, and is not something that is endemic to NCR systems. In this particular situation for the [Malaysian] customer that was impacted, it happened to be an attack on a Persona series of NCR ATMs. These are older models. We introduced a new product line for new orders seven years ago, so the newest Persona is seven years old.

BK: How many of your customers are still using this older model?

OW: Probably about half the install base is still on Personas.

BK: Wow. So, what are some of the common trends or weaknesses that fraudsters are exploiting that let them plant malware on these machines? I read somewhere that the crooks were able to insert CDs and USB sticks in the ATMs to upload the malware, and they were able to do this by peeling off the top of the ATMs or by drilling into the facade in front of the ATM. CD-ROM and USB drive bays seem like extraordinarily insecure features to have available on any customer-accessible portions of an ATM.

OW: What we’re finding is these types of attacks are occurring on standalone, unattended types of units where there is much easier access to the top of the box than you would normally find in the wall-mounted or attended models.

BK: Unattended….meaning they’re not inside of a bank or part of a structure, but stand-alone systems off by themselves.

OW: Correct.

BK: It seems like the other big factor with ATM-based malware is that so many of these cash machines are still running Windows XP, no?

This new malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.

This new malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.

OW: Right now, that’s not a major factor. It is certainly something that has to be considered by ATM operators in making their migration move to newer systems. Microsoft discontinued updates and security patching on Windows XP, with very expensive exceptions. Where it becomes an issue for ATM operators is that maintaining Payment Card Industry (credit and debit card security standards) compliance requires that the ATM operator be running an operating system that receives ongoing security updates. So, while many ATM operators certainly have compliance issues, to this point we have not seen the operating system come into play.

BK: Really?

OW: Yes. If anything, the operating systems are being bypassed or manipulated with the software as a result of that.

BK: Wait a second. The media reports to date have observed that most of these ATM malware attacks were going after weaknesses in Windows XP?

OW: It goes deeper than that. Most of these attacks come down to two different ways of jackpotting the ATM. The first is what we call “black box” attacks, where some form of electronic device is hooked up to the ATM — basically bypassing the infrastructure in the processing of the ATM and sending an unauthorized cash dispense code to the ATM. That was the first wave of attacks we saw that started very slowly in 2012, went quiet for a while and then became active again in 2013.

The second type that we’re now seeing more of is attacks that start with the introduction of malware into the machine, and that kind of attack is a little less technical to get on the older machines if protective mechanisms aren’t in place.

BK: What sort of protective mechanisms, aside from physically securing the ATM?

OW: If you work on the configuration setting…for instance, if you lock down the BIOS of the ATM to eliminate its capability to boot from USB or CD drive, that gets you about as far as you can go. In high risk areas, these are the sorts of steps that can be taken to reduce risks.

BK: Seems like a challenge communicating this to your customers who aren’t anxious to spend a lot of money upgrading their ATM infrastructure.

OW: Most of these recommendations and requirements have to be considerate of the customer environment. We make sure we’ve given them the best guidance we can, but at end of the day our customers are going to decide how to approach this.

BK: You mentioned black-box attacks earlier. Is there one particular threat or weakness that makes this type of attack possible? One recent story on ATM malware suggested that the attackers may have been aided by the availability of ATM manuals online for certain older models.

OW: The ATM technology infrastructure is all designed on multivendor capability. You don’t have to be an ATM expert or have inside knowledge to generate or code malware for ATMs. Which is what makes the deployment of preventative measures so important. What we’re faced with as an industry is a combination of vulnerability on aging ATMs that were built and designed at a point where the threats and risk were not as great.

According to security firm F-Secure, the malware used in the Malaysian attacks was “PadPin,” a family of malicious software first identified by Symantec. Also, Russian antivirus firm Kaspersky has done some smashing research on a prevalent strain of ATM malware that it calls “Tyupkin.” Their write-up on it is here, and the video below shows the malware in action on a test ATM.

In a report published this month, the European ATM Security Team (EAST) said it tracked at least 20 incidents involving ATM jackpotting with malware in the first half of this year. “These were ‘cash out’ or ‘jackpotting’ attacks and all occurred on the same ATM type from a single ATM deployer in one country,” EAST Director Lachlan Gunn wrote. “While many ATM Malware attacks have been seen over the past few years in Russia, Ukraine and parts of Latin America, this is the first time that such attacks have been reported in Western Europe. This is a worrying new development for the industry in Europe”

Card skimming incidents fell by 21% compared to the same period in 2013, while overall ATM related fraud losses of €132 million (~USD $158 million) were reported, up 7 percent from the same time last year.

This Week

Oct. 20th, 2014 12:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

IMG_6928 IMG_6929 IMG_6931

Life

Hanging out in Canadia (KW) this week and catching up with friends from when I lived here. It’s great to see people! Also gave a talk at the University of Waterloo, which I live tweeted. Then heading back to the UK. Looking forward to getting back in the pool! I’ve missed swimming.

Work

Contemplating a job offer, but meanwhile I continue explore freedom. I’m making progress on the app! Which is exciting (is there anything better than an excited email from your UX designer and new mocks?). Also following up on some potential consultancy stuff.

Places

Very foodie week including Bhimas, Uptown 21, Public. There is Cha Time here! Which was wonderous. I drank a lot of it.

Media

Reading Jean Jennings Bartik’s memoir Pioneer Programmer, which is great so far. For light relief, finished Beauvallet and read Charity Girl and Convenient Marriage.

Product links Amazon

Published

Elsewhere: I was Hannah’s Ada Lovelace Day pick! And quoted in The Guardian.

On The Internet

[syndicated profile] geekfeminism_feed

Posted by spam-spam

Gamergate and online harassment

Other Stuff

  • Ada Lovelace, a Computer Programmer Ahead of Her Time | Mashable (October 15): Read more about the life of the “enchantress of numbers”
  • Ways Men In Tech Are Unintentionally Sexist | this is not a pattern (October 14): “These are little things. Things that many people do without thinking about them and certainly without intending anything by them. Things that individually are meaningless, but in aggregate set the tone of an entire community.”
  • The Malala you won’t hear about | The People’s Record (October 16): “This is the Malala the Western corporate media doesn’t like to quote. This is the Malala whose politics do not fit neatly into the neocolonialist, cookie-cutter frame of presentation. This is the Malala who recognizes that true liberation will take more than just education, that it will take the establishment of not just bourgeois political “democracy,” but ofeconomic democracy, of socialism.”
  • Where’s Thor When You Need Her? Women In Comics Fight An Uphill Battle | NPR (October 10): “On Facebook, women make up just under half of all self-identified comics fans. But even as the female audience grows, female creators for DC and Marvel, colloquially known as “the Big Two,” are still in the minority.”
  • Internal Memo: Microsoft CEO Satya Nadella sets new diversity plan after ‘humbling’ experience | GeekWire (October 15): “The memo, sent prior to a regular monthly Q&A session with employees, went on to outline a series of steps that Nadella says the company will be taking to improve diversity and inclusion across the company, including the company’s engineering and senior leadership teams.”
  • FiveThirtyEight Turns the Lidless Eye of Data Crunching to Gender Disparity in Superhero Comics Characters | The Mary Sue (October 15): “Hanley has been crunching the numbers on the gender make up of the folks who work on Marvel and DC comics for years, but FiveThirtyEight wanted to take a slightly different tack by looking at the characters who make up those comics in the first place.”
  • Mary Berners-Lee: Ada Lovelace Day Hero | equalitism (October 19): “Tim Berners-Lee’s mom, Mary Lee Woods was a badass mathematician/computer scientist before he was. Both of Tim’s parents worked on a team that developed programs in the School of Computer Science, University of Manchester Mark 1, Ferranti Mark 1 and Mark 1 Star computers.”
  • We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

    You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

    Thanks to everyone who suggested links.

    Sunday Sweets: Gothic Elegance

    Oct. 19th, 2014 01:00 pm
    [syndicated profile] cakewrecks_feed

    Posted by Jen

    Who says dark has to be dreary? These gorgeous Gothic cakes will have you cheering:

    (By Sweet Lake Cakes)

     

    Sweet Lake seems to specialize in Gothic designs, and I couldn't pick just one favorite!

    (By Sweet Lake Cakes)

    Look at that lace and "fabric" draping. INCREDIBLE.

     

    One more:

    (By Sweet Lake Cakes)

    The bird skull cameo is the perfect touch.

     

    And speaking of cameos, check out the raven head design on this little top hat:

    (By Cake Central member ChrisJack1)

    The feather, the hand painted skulls and swirls, the roses - just beautiful.

     

    (By Candytuft Cakes)

    It doesn't get much more classic than rich black and blood-red roses!

     

    I really love the contrast of the white tiers under all this heavy scrollwork:

    (Baker unknown. Anyone recognize it?)

    WOW. The bottom tier looks like a wrought iron gate, and the second has architectural arch ways. The longer you look, the more detail you see!

     

    On the other hand, sometimes simple can be just as dramatic:

    (By Connie Cupcake)

    Love.

     

    Now welcome, foolish mortals, to the Haunted Mansion cake:

    (By WDW's Contemporary Resort bakery, found here)

    That wallpaper and perfect draping has this Dizgeek all atwitter, you guys. Great color on the roses, too!

     

    (By Antonelli di Maria Torte & Design)

    One of my personal favorites today; I can't believe that fabric draping, and the perfect color fade on the spider web!

     

    (Baker unknown)

    This purple practically glows, it's so vivid. If you look closely, you can see the layered acanthus leaves making up the second tier. Beautiful.

     

    (By Cake Opera Company, featured here)

    Another astounding, can't-believe-it's-cake design. That heavy embroidery is insanely intricate, and I've been so busy staring at the cake itself that I just now noticed the cake stand is wrapped in fur!
    Ha!

     

    And finally, arguably the simplest design of them all today, but I'm just so smitten with the unusual floral swag:

    (By Artistic Bites, featured here)

    This wedding cake was made for a "Red Riding Hood marries the Wolf" themed photo shoot, and I highly recommend hitting that link up there to see the rest. It's the perfect blend of dark elegance and fairy-tale whimsy, and I LOVE the succulents and fuzzy mosses they used on the cake.

     

    Hope you enjoyed the Gothic Sweets, everyone! Happy Sunday!

    Be sure to check out our Sunday Sweets Directory to see which bakers in your area have been featured here on Sweets!

    *****

    Thank you for using our Amazon links to shop! USA, UK, Canada.

     

    Friendship is Magic

    Oct. 18th, 2014 08:27 pm
    ponyville_trot: Six cartoon ponies in a huddle (Default)
    [personal profile] frith posting in [community profile] ponyville_trot
    friendship_is_magic_by_dennybutt
    Source: http://dennybutt.deviantart.com/art/Friendship-is-Magic-489281371

    Give peace a chance and find out that maybe Sunset Shimmer isn't the pony you thought she was.

    Hello Superhero

    Oct. 18th, 2014 06:36 pm
    beable: (care cthulhus)
    [personal profile] beable
    I normally hate pink, but I will make an exception for these utterly adorable pink Hello Kitty superheroes.

    (especially Hawkeye)

    http://diply.com/trendyjoe/avengers-other-superheroes-get-a-hilarious-hello-kitty/51166

    Tiny Apple

    Oct. 17th, 2014 09:55 pm
    ponyville_trot: Six cartoon ponies in a huddle (Default)
    [personal profile] frith posting in [community profile] ponyville_trot
    Tiny_Apple_by_Tsitra360
    Source: http://tsitra360.tumblr.com/post/100146426790/tiny-apple-decided-to-make-her-a-little-little

    Tsitra360's DeviantArt page has been hit with a ban and a five month wait for the ban to be reviewed, thus the link to the Tumblr.

    Profile

    terriko: (Default)
    terriko

    October 2014

    S M T W T F S
       1234
    5678 91011
    12131415161718
    1920 2122232425
    262728293031 

    Most Popular Tags

    Page Summary

    Style Credit

    Expand Cut Tags

    No cut tags
    Page generated Oct. 23rd, 2014 10:04 am
    Powered by Dreamwidth Studios