La Con De Python

Apr. 19th, 2015 12:54 am
[syndicated profile] sumana_feed
I spent a good chunk of this month at PyCon in Montréal, watching talks, seeing people I rarely get to see, and working on Mailman. My stay in Montréal felt homey thanks to Jo Walton and Emmet O'Brien, who put me up in their place for the duration. Much thanks, Emmet and Jo!

It was wonderful getting to sprint with the rest of the Mailman team, some of whom I'd never met before. I'm grateful to the Python Software Foundation and the PyCon sponsors for arranging the venue and food; one can attend the sprints at no registration cost, and I thoroughly appreciate that. I wrote a few patches, told other attendees about the upcoming release and got them to come test the install, and did a great deal of testing and bug-reporting myself, and generally a bunch of release management. I had the privilege of discovering a funny bug, although I wish the bug didn't exist since it prevented us from meeting our goal and shipping 3.0 by Thursday. (A 3.0rc1 release is imminent!)

On the last day of the sprints, I started a keysigning. I think every keysigning I've ever participated in has included philosophical and engineering questions about the usefulness of keysigning parties, why we bootstrap an anarchistic web of trust using government-issued documentation to authenticate people, the difference between "I control this key" and "I am the person whose passport this is," and the anti-mnemonic powers of gpg command-line flags. I feel as though there ought to be, and perhaps is, a haggadah for this ritual that incorporates these questions. I can't exactly remember this exemplary exchange from Thursday, but it went something like:

Me: I wonder what I would learn if I tried setting up my own keyserver.

Debian guy: You would learn that the system is utterly ripe for abuse and that we're just lucky no one has seriously tried it yet. It's an append-only distributed database, after all.

Me: (Pause.) I think I had already learned that particular social lesson and I was thinking more of the technical lessons.

Debian guy: Ah! Yes, there are some interesting backend protocols involved....

This was the longest stretch I've ever spent someplace Francophone, and I felt my high school French coming back to me day by day; towards the end I was able to put together "J'ai perdu un chapeau bleu" or "Je voudrais acheter cette chose" with tolerable facility. (I did indeed lose a blue hat that I bought in Washington, DC in 2001 just before I left for my trip to Russia; we had a good run together and I hope it ends up with someone else who likes it.) I have never played Flappy Bird, but I understand that a single error ends the round; similarly, bad French in Montréal is a sudden death game for me, in which a single mistake or even a tilted head while parsing a response can cause the interlocutor to switch to English. Like many people with one dominant language fluency and a lot of language smatterings, I find the wrong language's vocabulary springs to mind at inopportune moments. A caterer was serving me food; I couldn't remember the polite French for "that's enough" and my mouth wanted to say "ಸಾಕು" instead. Similarly, "mais" and "et" no longer come as naturally to me as do "но" and "и". But I have it easy -- evidently this is even less convenient when one of the languages is ASL!

The next PyCon North America will be May 28 - June 5 2016 in Portland, Oregon; this overlaps with the Memorial Day weekend in the US (May 28-30) which means it will probably conflict with WisCon's 40th anniversary, and I already have plans to hit WisCon 40. I hope to finagle schedules so as to attend WisCon in Madison and then fly to Portland to participate in post-PyCon sprints. But that might be too much spring travel, because what if Leonard and I want to do something special in April to celebrate our tenth wedding anniversary? What I am saying is that adulthood sure does have a lot of logistics involving calendars.

New Takes On My Published Writing

Apr. 18th, 2015 04:36 pm
[syndicated profile] sumana_feed
My Crooked Timber guest post on codes of conduct, freedom, governance, contracts, and copyleft software licenses has attracted over 200 comments. Many of them are thoughtful and interesting, and worth at least a skim if you found anything useful in the original post. For instance, can we compare mindshare to other forms of property? And what do we do to legitimately obtain the enthusiastic consent of the governed? Some of them have old or new perspectives on Adria Richards or Linus Torvalds. And about five percent of the comments are gross, hurtful, or laugh-out-loud wrong on multiple axes, e.g., "The FOSS world is not asking for codes of conduct, she is seeking to thrust them upon it." I shall be mining those for use in my stand-up comedy routine at AlterConf in Portland, Oregon in June.

Also, the code4lib Journal asked for me to turn my code4lib keynote from 2014 into an essay, "User Experience is a Social Justice Issue", for their special issue on diversity in library technology. The new article includes some contextual introduction and a retrospective with links to related work by others in the past year. You can comment there.

ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
Applebloom3

In the interest of Being Excellent and considerate of those who have yet to watch this episode, all references to the content of this episode are stashed under the cut and will remain so hidden for at least a month. Someponies like to watch MLP:FIM in herds and it can be a while before they get all their ponies together. 8^) As spoilers are also likely to be in any comments: don't read if you haven't yet seen the episode unless you like being spoiled. When you're ready, drop in a comment and say what you thought of this episode!

After a month, I hope Episode Discuss posts will be so far off the top page that it'll probably take the tag to find them, so about a month after posting the cut will be removed. 8^) Sometimes I go back and drop in little extras into the posts, like comics and links to the music.

The broadcast is at 11:30 am EDT (4:30 pm UTC, 8:30 am PDT and Oatmeal? Are you crazy? 2:30 AM Down Under) at the tail end of 2 hours of MLP:FIM.

Bloom and Gloom is credited to have been written by Josh Haber, who also penned Leap of Faith, Simple Ways and Castle-Mania, and apparently the Rainbow Rocks shorts Pinkie on the One and Hamstocalypse Now. (See IMDb, here.) This is his Twitter page.

For you "live-tweet" twitterers, Meghan McCarthy is a good possibility, and other twits in the early morning chorus may include the likes of Jayson Thiessen (Supervising Director of MLP:FIM) and Big Jim (storyboard work and Director of MLP:FIM). The hashtag to watch is #MLPseason5.


Review for episode 4, Bloom and Gloom, below the cut. )


Catch the show and throw in your two bits in the comments! Copy/paste your reviews into the comments, spread the wealth!



Watch Bloom and Gloom on DailyMotion here in glorious, clear HD, and here on Youtube at 1080p.

Download Bloom and Gloom (later, maybe even today!).

iTunes sells the episodes, but apparently only to the US. If you belong to the other 95% of the world population, you are SOOL, as are those who don't have iTunes compatible software for whatever reason or who don't/can't perform casual electronic monetary transactions. On top of that, if I'm getting this right, the episodes have faded colour. Season Five on iTunes is here and the first episode is free.

Meanwhile, on Amazon you can buy the region 1 DVD of season one here (with bonus audio commentaries, Charlie!), buy the region 1 DVD of season two here, get the season three region 1 DVD here, Season Four too (I got mine!). For Europe, go here to find the region 0 DVDs and here for the blu-ray disk of season one (the other seasons may be lurking in the links). Australia also has a box set but has switched distributors.

I think you can also catch all of season one, two and three on Netflix in the US, I believe you may still have to wait awhile for season four. Netflix Canada should have some episodes, Google Play has it here if you live in the US. And Hasbro also has pay-per-view on YouTube, here, also only in the US. And HubWorld/HubNetwork is quick to put them online too, again limited to the US. In the UK there's "POP TV" (channel 75), I don't know what their deal is or if it's the entire episodes (I've read that maybe they are!). Here's a relevant link that should help you see if you can get POP TV or not, which I'm told is available on the Digital Terrestrial (UHF) Freeview service. All that UK folks need do to see it is to get their TV's/set-top boxes to retune/rescan for new channels.

iTunes has many of the season one songs in a soundtrack package and as of April 16th it will have many more (missing are the Pinkie Pride songs), and so does Google Play. When a new song shows up I edit it into the review as soon as I get a youtube link and a download link for it. The iTunes/Google Play songs are of better quality than the fan-uploaded versions.

This is getting messy. I should cut out the chit-chat and post the links in the community sticky.
[syndicated profile] geekfeminism_feed

Posted by spam-spam

This was the week of tableflip.club!

  • tableflip dot club: “Women are leaving your tech company because you don’t deserve to keep us around.”
  • Why Women in Tech Need to Start Flipping Tables | Motherboard: “I think the huge response to the piece makes it clear how much these are the shared experiences women in tech have, so I’m glad I did go all-out. I’ll probably reveal myself eventually. It’s not like people don’t already know my opinions, but commentary on individual issues are a bit different from a call for women in tech to flip all the tables :)”
  • Screw leaning in. It’s time to slam the door in Silicon Valley’s face | The Guardian: “Even as an outside observer, I found the tableflip.club manifesto energizing. It has the feeling of a furious tweetstorm or impassioned speech – it goes beyond a mission statement and into the realm of oratory. It’s a huge departure from the usual women-in-tech rhetoric, which usually focuses on prying the doors of the tech world open through education, a positive attitude and changing the work environment. Nobody ever advocates just slamming the door back in Silicon Valley’s face.”

Other links:

  • Not the affirmative action you meant, not the history you’re making | Epiphany 2.0: “See, in America we often forget that the various initiatives which made up the capital-A Affirmative Action program were based on policies and procedures that have always existed for white men… SFFdom has not been immune to this societal tendency to give straight white guys more, treat them more kindly, eagerly open doors to them that are firmly shut against others.”
  • Codes of conduct and the trade-offs of copyleft — Crooked Timber: “But the first step might be — if you’re trying to get your community to adopt a code of conduct, you might benefit by looking at other freedom-restricting tradeoffs the community is okay with, so you can draw out that comparison.”
  • Does 18F Pass the Bechdel Test for Tech? | 18F: “We decided to see how many 18F projects pass this modified test. To pass, a project had to have at least one function written by a woman dev that called another function written by another woman dev.”
  • This Public Shaming Is Not Like The Other | Buzzfeed: “What makes this book an uncomfortable, if distant, cousin of GamerGate and men’s rights activist logic is that it, too, relies on a series of false equivalencies and muddy distinctions in order to elevate being shamed on social media to epic proportions. These sorts of distortions are dangerous because they minimize — and even threaten to erase — far more systematic and serious problems that have taken years to even reach the public consciousness.”
  • Black Girls Code Founder: To Bring Diversity to Tech, First We Need Role Models | Inc.com: “Bryant credits her own mentor, an electrical engineering upperclassman she met in college who was black and female, for keeping her — a student from inner city Memphis — in technology and in school. ”
  • Help Me Help You | Jenna Pederson: “I am asked, in what turns out to be a not so awesome way, if I’ll consider speaking at a conference or event. And if I won’t, do I know any other women who will. Sometimes this request comes after the speaker list has already been set and organizers have realized they don’t have enough diversity on the speaker lineup. Or it comes in a passive-aggressive, backhanded comment like ‘Well, if only Jenna would have submitted a talk…’ with a side-glance my way. Wait… so now it’s my fault?”
  • As Tech Giants Push For Diversity, Blacks And Latinos Are Fleeing Once-Diverse San Francisco | International Business Times: “It’s been a year since many tech companies in Silicon Valley released workforce transparency reports laying bare a sorry track record in minority hiring and announced plans to be more inclusive. But the Bay Area’s changing demographics are working against them. Local African-American and Hispanic residents are employed only in minuscule numbers by the tech industry, and increasingly finding themselves priced out and forced to leave.”
  • The Attention Game | Accidentally in Code: “This idea that you do things for “exposure” where the formula is exposure -> ??? -> profit. OK maybe you can argue that this model works for Kim Kardashian but not, I think for most of us. It didn’t work for Monica Lewinsky. Exposure is not inherently valuable. The value is in what results from it.”
  • Female Programmer Denied Job Because of Her ‘Unprofessional’ Attire | Daily Dot: “Elizabeth is a senior at Oberlin College in Ohio, and like many college seniors, she’s currently interviewing for jobs. But one interview made her so angry that she took to Facebook to vent her frustration.”
  • What They Really Mean When They Say They’re Not a Feminist | Everyday Feminism: “If you don’t call yourself a feminist, see if you find some of your reasons here. The stories in this comic can help us all have more respect for the wide range of ways we stand up to oppression.”
  • Project Opportunity: Contribute Stories on Digital Labor | HASTAC: “I’m currently launching a project that will act as this kind of publication, using familiar aesthetics and tropes of tech and business media to tell digital labor stories that usually don’t get coverage. The aim is to use familiar media elements to disrupt (to use a popular tech-industry word) dialogues on digital technology and the labor it runs on.”
  • BGN’s Women in Gaming Series: Nichol Bradford | Black Girl Nerds: “Nichol is currently CEO of The Willow Group, whose mission is to permanently move 100 million people into a state of fundamental well-being by 2025. She is also the Executive Director of the Transformative Technology Lab at Sofia University that is working outside traditional research boundaries to find creative ways to manage the intersection of technology and consciousness. We had a chance to talk about what it takes to be the architect of your own success, the power of “raising your hand” to create opportunities and the benefits of being obsessive about your passions in life.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Friday Favs 4/17/15

Apr. 17th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Some of my favorite new submissions this week.

 

Further proof that talent and common sense aren't always a package deal:

Now if only it said "CREST HERE" on the left.

 

John's taken over e-mail submission duties here at CW, and speaking of "duties..."
... yesterday he named this file, "pretty much just poop.jpg"

NAILED IT.

("Cake Wrecks: Keeping It Prefessional Since 2008")

I'm sorry, everyone; I know poop jokes are classless and in poor taste.

 

So here, have an Awkward Ninja Turtle Erection:

BOOYAKASHA!

(I'm not sure who looks more horrified: me or him.)

 

One of my Grammar Police friends recently posted a Facebook mini-rant about the word "alright" - which I, personally, have no problem with.*

[*Yeah, I said it. COME AT ME, BRO.]

The very next day was my friend's birthday, so I found her the perfect cake from our archives:

It went over so well, I think everyone should do this for their grammar-loving friends!

I also recommend writing something like, "Its you're birthday! Irregardless, do'nt loose ur kool, Ok?"

 

And finally, for you bakers out there: this is why you should be careful what you post on Facebook:

Ouch.

 

Thanks to Regina F., Doug M., Sharlyn W., Andrea C., & Anony M., who all know Facebook is really only good for thought-provoking political discussions.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Book: How to Sleep Well Every Night

Apr. 17th, 2015 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

the sleep bookMy abiding memory of my teenage years is being sleep-deprived and exhausted. Being awake at 4am. Eventually, age 22, I trained myself to sleep with sleeping pills and ever since I’ve been mostly free of insomnia. It’s come with certain rituals though. When I travel, I get to be free of those rituals and do things I would never do at home, using electronics in bed being the big one. And I still sleep OK.

But having had insomnia I do fear it coming back. Lying awake feels terrifyingly familiar. If it happens a couple of nights in a row I will get anxious. If I feel like I haven’t been physically active enough I will go to bed expecting not to sleep… and then I won’t.

Anyway, The Sleep Book (Amaz0n) was refreshing because it’s not about how to arrange your life around rituals for sleeping, but about sleeping normally which means – doing nothing. About reclaiming your life from insomnia and living it again. It’s a 5 week program, so I read a chapter a week.

Even though I now mostly sleep fine, I still found it helpful – and one of the things it clarified for me was that my sleep rituals? I don’t need them when I travel. I don’t really need them at all. But I’ll keep some of them anyway because I like them for their own sake, now.

Warm in the sun

Apr. 16th, 2015 10:02 pm
badgerbag: (Default)
[personal profile] badgerbag
Such a nice day today. I had meetings all morning from 8am onwards, then went to therapy, bus broke down on the way there and the guy was worried about letting me off into the street, but not a jerk about it. I got off and went to the next stop and all was well on the next bus. Listened to one of the mixes I made recently & played Ingress & looked out the window. So warm in a nice way - a little on the hot side but that feels good to me! I should start wearing sunscreen.

After my appointment I went to look for a replacement scarf for my lost wooly pashmina. The woman running the store and I discussed our strange desires to have every scarf. My new pashmina is silk and cashmere and is a dark rich shiny brown with faint black patterns. Super ideal. I feel like a little brown bird. (In a giant blanket thing, with purple trimmings). Then beetled off to the J, to downtown uneventfully, switched to the N, went up to the roof at work. I sat in the sun overlooking the bay & devoured a stroopwaffel and some of those toasted coconut flakes, dealt with some bugmail, then hung out with support and user advoc. people who were having a beer. Unsurprisingly, support/UA team is NICE.

I tried channeling Lukas a bit by hosting an event at work. the nicest meetup. In retrospect, really, I knew this but just figured I could get away with it, I should have lined up another person to help me host. And, I should have specially invited the facilities people to come and attend so they could see some accessibility barrier negotiation in action. (But really they can just come see me be unable to open the heavy door, any time. ) Around 40-50 people showed up and I met lots of nice people.

After many years of volunteer thingies and doing a lot of work it was nice to just go, Oh, an event shall happen, and magic catering people and an A/V magician show up and do many of the things. The only thing I did was zoom around opening the 2 different doors at the entryways and greeting people. Which was fun except for the door being hard to manage. it was not unpleasant to briefly wield some resources and be a nice host without having to do all the actual physical labor.

I thought how I used to go out and do something like this every week sometimes more than once a week. Increasingly by taking more painkillers. Oh! so exhausting! I just can't do it!

But, it was nice for tonight. also, the food was good. i was just inhaling it. (I wonder if all the asthma meds make me hungrier?? food seems especially satisfying this week) Nice cheese, dried figs, giant slabs of very dense crystalized honey.... those mushroom truffle tarts... wtf, nice.

i am now planning to put in a workplace service request (like facilities) for working with lighthouse to do a tactile map of surrounding area and the building first floor interior. I wonder if this is something that is useful beyond just particular occasion (must ask them -- also, did they keep the julia morgan ballroom one, and did the JM ballroom people know it existed? I should follow up) So, do they keep such things and then print them for people ? Can't believe I never followed up on that....

I am so excited about vacation and our trip. I cannot wait to pack. I'm going to loaf on the beach like nobody's business.
beable: (gonzo journalism)
[personal profile] beable
I came up with these last year on a road trip to a dance event.
However since at Filk Ontario tonight then [livejournal.com profile] decadentdave closed his concert with Barrett's then this seemed like a good time to re-inflict them on the world.


Oh, there's 99 bottles of beer on the wall.
How I wish I was in Sherbrooke now!
We took one down and we passed around,
God damn them all!

I was told we'd sail the seas for a bottle of rum,
We'd fire no guns. Take 1 down, & pass it around,
There's 98 bottles on a Halifax pier
[syndicated profile] cakewrecks_feed

Posted by Jen

Love,

Your Co-Workers

 

(And also Jamie M., who thinks you're positively glowing. Or that you need to lay off the break room donuts.)

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] epbot_feed

Posted by Jen

Alright, cosplay fans, let's dive right in with some EPIC ADORABLENESS:

Look at this cutie patootie little Frozen girl! With her Olaf armbands! Squee!

[Correction: Oops, right out of the gate I get one wrong, ha! She's actually Annie from League of Legends:

Thanks, commenters!]


And over on the other side of the spectrum:

Creeeeepy

Yep, this post is gonna be a roller coaster, my friends. Buckle up.

...but mostly it's gonna be epic awesomeness like this:

 
That's Katniss from Hunger Games with a picture-perfect Agent Carter.  Love it.

 And another fun pair: a roller derby Eowyn with a sweet lolita Alice:

 

Fun to see a post-haircut Rapunzel:

 And not far away, Cindy's fairy godmother!


A Guardians of the Galaxy trio:
 You probably recognize Starlord, but that's also the Collector with his assistant, Carina:



This Elizabeth from BioShock:Infinite's DLC is spot-on:

And she's with a gender-swapped Booker - complete with crow hand & the Murder of Crows bottle!

Here's a comparison shot for Elizabeth:


Speaking of BioShock: Infinite, I flipped. OUT. over this Boy of Silence, here with a Zealot of the Lady (both enemies in the game):

Game reference:


A moment later this Booker joined them:


And the next day I found a motorized patriot, you guys. FOR REALZ. I realize most of you have no idea what that is, but trust me, it's super cool. I'm posting these pics roughly in the order I took them, though, so you'll just have to wait on that one.


Next up, a pint-sized Master Chief:

And a Cyber-styled Finn & Princess Bubblegum from Adventure Time:



Now, I know what some of you are thinking. "Jen," you're thinking, "I don't recognize ANY OF THESE CHARACTERS. Show me something I know, for filth flarn's sake!!"

Your wish = my command, my friends.

Behold! A cosplay YOU ARE GUARANTEED TO RECOGNIZE:

It's also one of my top favorites from the whole weekend.

That's right: it's a Star Trek/Gilligan's Island mashup, you guys. GILLIGAN'S TREK.

Check it out: they have phasers made of bamboo and sea shells!

And the Skipper is holding a shell communicator! Ha! SO GOOD.
 
Seriously, creativity like this is what makes me love cosplay photography. I rode that high all weekend, and I'm still buzzing from it. Can you tell? [bzzz bzz] Aw yeah.

I also tried to get a little more creative with some of my shots this round: playing with perspective and composition and such.

I really like this one.

And for this big War Hammer guy I tried to get down as low as I could:

I've decided I need to make some armor like this for me, just so I can wear stilts to a con once and FINALLY know what it's like to see over peoples' heads. (If you're new here, hi! I'm very short.)

One more Big Armored Dude, I'm guessing also from War Hammer:



This next one is kinda NSFW, so, you know, scroll faster and/or hide the kids:

Say what you will about the appropriateness of the venue; that is BRAVE.

And I know it's an actual character cosplay, because I spotted another lady in the same outfit - only with a bikini top underneath. The coward. (I'm totally joking.)

At lunch I spotted them eating a few tables over, and I was tempted to go ask her if she'd had any trouble from other con-goers. I didn't want to interrupt, though, and from what little I saw, everyone was being respectful.

I bet brandishing a knife helps. :)

Next up, a lovely Belle:

Belle is John's favorite princess. He's always trying to get me to wear more yellow. Heh.

And speaking of my hubby, here he is evilly photobombing Sora from Kingdom Hearts:

That's the Christmas Town variation of Sora, along with a Heartless:



(I couldn't find a good screen grab of Sora, so that's an official figurine.)


See the Jack Skellington on his key blade? And the sand worm? That's from Halloween Town, which is based on Tim Burton's Nightmare Before Christmas.

Which is an excellent segue to...

Sally!

I've seen a lot of Sallys at cons, but the props really bring her cosplay to the next level. That "flying" Zero is amazing! Plus she has the potion ingredient bottles in her basket!

Just gorgeous.

And finally, continuing the Tim Burton theme, here's another of my top favorites from the whole weekend:

Beetlejuice Beetlejuice Beetlejuice!!

Specifically, the Beetlejuice from this scene:


Did you ever notice the Batman-esque bats on his hat carousel before? Or the Jack Skellington head on top?

 
Gotta love Tim Burton tying all his films together like that.

Check out all the little carousel animals; he sculpted them himself from lightweight clay!

Ahhh, gotta love it.

Ok, guys, that does it for this round! As with my last Dragon Con photos, I'll be spacing out these posts so neither of us get too burned out on cosplay pics. Besides, I like taking my time and really having fun with editing, and rushing makes it feel too much like "work." (BOO.)

'Til next time!


thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
[personal profile] thorfinn
Here's a thought about Intellectual Property (movies, photos, books, music, writing, software, patents, etc), and licensing, and why it's all such a mess.

Intangible things of any kind are hard to understand to begin with. Intellectual Property is intangible. Then IP laws are meta IP about IP. Then IP licenses (the things that let you legally use IP) are themselves IP that operate in the context of IP laws.

It's seriously no wonder that people don't understand, and quite reasonably don't even want to understand, Intellectual Property licenses in pretty much any context you like. They're several levels of intangible meta away from even the first level of the intangibility.

And I didn't even mention jurisdictional issues. Ugh.

Really everyone just wants to make cool stuff and maybe make a living out of it. But the legal side of it is actually a giant complicated mess of intangible stuff that almost nobody cares about.

So if you're ever wondering about "Apple vs Samsung", or "Patent trolls", or "creative commons", or "open source" licenses, and why it all seems like it's a horrible mess... Well, yeah. It's not simple. It never will be. :-/ That kinda sucks.

Wednesday 15 April 2015

Apr. 16th, 2015 06:55 am
[syndicated profile] lecta_feed

Posted by Mary

So many things about travel are only things I remember when I travel. Which is a shame, because some of those things I forget when not traveling are bad things about travel and I wouldn’t spend so much of the rest of my time puttering around being all “why am I so mysteriously averse to traveling? how strange!” Sure, I never forget the things about airports and aircraft being hostile to all things normal and human, I remember my three continuous days of insomnia after getting home from Romania in 2007, things like that. But that’s physical discomfort. I forget the emotions. I don’t remember the defensiveness of wanting to spend multiple consecutive days in dark hotel rooms (probably culture shock), I don’t remember the constant loneliness that nicely counterbalances that so that I’m unhappy even in the hotel rooms and I don’t remember the homesickness on top of it all.

I don’t remember the punch in the gut of “almost everything I love best in the world is somewhere else entirely”.

These memories obviously brought to you by being in San Francisco rather than Sydney right now. How else would I be accessing them? And you shouldn’t think of this as an unusual trip for me, this is pretty much every damn time. Not non-stop of course, or I probably would remember better why I have mixed feelings about travel. No. It’s an acute problem and I’m right in the target zone for it: more than halfway done with the travel, mostly done with the reason for the travel, why can’t I go home now?

As I’ve been telling people, last Thursday night was my first night away from A, ever. That Friday night through to this coming Monday night were/will be the second through twelfth nights, respectively. So that’s not helping either. Apparently she’s been pretty fine with it, which is in character. She doesn’t mind when we get babysitters, she doesn’t mind being dropped at daycare, it turns out she doesn’t noticeably mind that I vanished a week ago and that a couple of days later, V vanished too. (He’s gone to visit my parents.) C’est la vie?

On the bright side, I’ve finally been to Montreal! Which is actually part of this whole sad pattern too: I get this way worse when I travel as far as the US East Coast, or Europe, than I do otherwise. But still, I’ve finally been to Montreal! I didn’t really understand their seasons until I was flying in and I noticed that the waterways were still iced up, which I have never actually seen before anywhere, let alone anywhere in the middle of spring. I didn’t leave the city, but I did go and specifically look right at the river at Vieux Port. The ice was pretty slushy but it was extensive. I went to Notre Dame, which I wouldn’t have chosen for myself but am happy about; I wasn’t aware of the French Catholic history of Montreal and the cathedral is beautiful.

I was very Australian about the temperature, which is to say, it was above freezing, so why wear a coat? I run very hot in any case, even other Australians regularly look at my outfits and say “but aren’t you cold?” However by Monday, it was 22°C anyway (up from about -5 the week before) so I didn’t have to shock everyone for long. There was definitely much less ice visible on the way out.

Australian or not, I will admit that walking in the rain on Friday when it was about 3° and I had left my raincoat, conscientiously lugged all the way from Australia, in Outremont was a bit of a challenge.

I was there for PyCon and AdaCamp. The former confirmed that if I want to go to PyCon, some day I just need to go to PyCon and stop thinking that I can go on a work trip and actually attend the conference too. A number of people I know were very surprised to hear I was there given that they didn’t see me at all, and probably some more will be surprised when they read this. I have a more reasonable approach to AdaCamp: I can attend some of it and I do, and it is much as I picture.

I’m in San Francisco now. I think five hours or so is the worst length of flight. Long enough that I spend about four hours thinking “OK, surely we’re nearly there” and checking out the flight map to find out that nope, we are in no way nearly there, short enough that there’s no institutionalisation to the plane environment. Just non-stop outrage the whole way. Plus no one feels sorry for you afterwards, unlike my Sydney to Vancouver to Montreal itinerary which caused some appreciative intake of breath from Montrealers.

Four more nights.

Wednesday 15 April 2015

Apr. 16th, 2015 04:55 pm
puzzlement: (jelly)
[personal profile] puzzlement
Originally posted at http://puzzling.org.

So many things about travel are only things I remember when I travel. Which is a shame, because some of those things I forget when not traveling are bad things about travel and I wouldn’t spend so much of the rest of my time puttering around being all “why am I so mysteriously averse to traveling? how strange!” Sure, I never forget the things about airports and aircraft being hostile to all things normal and human, I remember my three continuous days of insomnia after getting home from Romania in 2007, things like that. But that’s physical discomfort. I forget the emotions. I don’t remember the defensiveness of wanting to spend multiple consecutive days in dark hotel rooms (probably culture shock), I don’t remember the constant loneliness that nicely counterbalances that so that I’m unhappy even in the hotel rooms and I don’t remember the homesickness on top of it all.

I don’t remember the punch in the gut of “almost everything I love best in the world is somewhere else entirely”.

These memories obviously brought to you by being in San Francisco rather than Sydney right now. How else would I be accessing them? And you shouldn’t think of this as an unusual trip for me, this is pretty much every damn time. Not non-stop of course, or I probably would remember better why I have mixed feelings about travel. No. It’s an acute problem and I’m right in the target zone for it: more than halfway done with the travel, mostly done with the reason for the travel, why can’t I go home now?

As I’ve been telling people, last Thursday night was my first night away from A, ever. That Friday night through to this coming Monday night were/will be the second through twelfth nights, respectively. So that’s not helping either. Apparently she’s been pretty fine with it, which is in character. She doesn’t mind when we get babysitters, she doesn’t mind being dropped at daycare, it turns out she doesn’t noticeably mind that I vanished a week ago and that a couple of days later, V vanished too. (He’s gone to visit my parents.) C’est la vie?

On the bright side, I’ve finally been to Montreal! Which is actually part of this whole sad pattern too: I get this way worse when I travel as far as the US East Coast, or Europe, than I do otherwise. But still, I’ve finally been to Montreal! I didn’t really understand their seasons until I was flying in and I noticed that the waterways were still iced up, which I have never actually seen before anywhere, let alone anywhere in the middle of spring. I didn’t leave the city, but I did go and specifically look right at the river at Vieux Port. The ice was pretty slushy but it was extensive. I went to Notre Dame, which I wouldn’t have chosen for myself but am happy about; I wasn’t aware of the French Catholic history of Montreal and the cathedral is beautiful.

I was very Australian about the temperature, which is to say, it was above freezing, so why wear a coat? I run very hot in any case, even other Australians regularly look at my outfits and say “but aren’t you cold?” However by Monday, it was 22°C anyway (up from about -5 the week before) so I didn’t have to shock everyone for long. There was definitely much less ice visible on the way out.

Australian or not, I will admit that walking in the rain on Friday when it was about 3° and I had left my raincoat, conscientiously lugged all the way from Australia, in Outremont was a bit of a challenge.

I was there for PyCon and AdaCamp. The former confirmed that if I want to go to PyCon, some day I just need to go to PyCon and stop thinking that I can go on a work trip and actually attend the conference too. A number of people I know were very surprised to hear I was there given that they didn’t see me at all, and probably some more will be surprised when they read this. I have a more reasonable approach to AdaCamp: I can attend some of it and I do, and it is much as I picture.

I’m in San Francisco now. I think five hours or so is the worst length of flight. Long enough that I spend about four hours thinking “OK, surely we’re nearly there” and checking out the flight map to find out that nope, we are in no way nearly there, short enough that there’s no institutionalisation to the plane environment. Just non-stop outrage the whole way. Plus no one feels sorry for you afterwards, unlike my Sydney to Vancouver to Montreal itinerary which caused some appreciative intake of breath from Montrealers.

Four more nights.

a good swim

Apr. 15th, 2015 03:30 pm
badgerbag: (Default)
[personal profile] badgerbag
I had a decent swim today at PT. My ankles did not feel strong but I could do all the things. I had a nice 10 minutes of lying in the sun beforehand on a park bench and nearly fell asleep. On the way there past the zoo I stopped to watch two brown bears playing in their pool. Today's class was 4 dudes, one of the ditzier ladies, and a nice woman who talked about her marriage and her new (old) Impala and going to casinos. She is a bus driver. Sadly she thought I was in my early 20s. Right..... No! There was a guy there with a new back injury who was very tense and upset. I felt for him. He was wishing that he could just be in the water all the time since then he would be "walking like a normal person again". I did not break it to him that he was still wincing and limping and looking kind of fucked up in the water. I hung out more with the guy with the prison tattoos who is pretty nice, and the Impala lady, who told us all about the beached whale in Pacifica and the last 4 or 5 times there has been a beached whale in the area.

Asthma still nasty. I think that there is nearby road construction and that is what's doing it. Pulse oximeter thing going from 95-98. Inhalers rule. Even if they make you get the shakes.

I am well into this not very good series of fake Jane Austen novels where Elizabeth and Darcy go to all the different settings for Austen's other novels. The writing style and things that happen are not at all right. But they are not super super awful enough that I've stopped reading them, either. Everything else on my Kindle (and it is full of stuff) is sort of serious or dense. Need trashy reading!

Hugo mess continues, very annoying. I read a short story that was withdrawn from the awards. It wasn't very good. Nothing to barf about, it was just boring and as if it were churned out to make $25 or fill up magazine pages 40 or 50 years ago and it would not have done anything new then either. I then thought of all the novels that are basically that same story but stretched out to make more pages, and just as boring. How can people be so dull?!

I also read a pleasingly cranky review of Silver on the Tree, a book that has always annoyed me.

A. wore lip gloss to school today for "twin day" along with black tshirts with horses on them with 3 of her friends. Oddly... she just got home and she is wheezing.
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

“PoSeidon,” a new strain of malicious software designed to steal credit and debit card data from hacked point-of-sale (POS) devices, has been implicated in a number of recent breaches involving companies that provide POS services primarily to restaurants, bars and hotels. The shift by the card thieves away from targeting major retailers like Target and Home Depot to attacking countless, smaller users of POS systems is giving financial institutions a run for their money as they struggle to figure out which merchants are responsible for card fraud.

Image: Cisco.

Image: Cisco.

One basic tool that banks use to learn the source of card data theft involves determining a “common point-of-purchase” (CPP) among a given set of customer cards that experience fraud. When a new batch of cards goes on sale at an online crime shop, banks will often purchase a very small number of their stolen cards to determine if the victim customers all shopped at the same merchant across a specific time period.

This same CPP analysis was critical to banks helping this reporter identify some of the biggest retail breaches on record in recent years, and it is a method heavily relied upon by law enforcement agencies to identify breach victims.

But the CPP approach usually falls flat if all of the cards purchased from the fraud shop fail to reveal a common merchant. More seasoned fraud shops have sought to achieve this confusion and confound investigators by “making sausage” — i.e., methodically mixing cards stolen from multiple victims into any single new batch of stolen cards that they offer for sale.

Increasingly, however, fraudsters selling stolen cards don’t need to make sausage: The victims that are leaking card data are already subsets of restaurant franchises or retail establishments whose only commonality is the branded point-of-sale device which they rely upon to process customer card transactions.

NEXTEP

Card breaches involving POS devices sold by the same vendor are notoriously hard for financial institutions to diagnose because the banks very often have a direct relationship with neither the POS vendor nor the breached restaurant or bar whose customers’ cards were stolen.

nextepWhat’s more, POS-specific breaches frequently tie back to a subset of customers of a POS vendor who in turn rely on local IT company to install and support the POS systems. The commonality among breached restaurants and bars tends to be those who have relied on a support firm that invariably enables remote access to the POS systems via tools like pcAnywhere or LogMeIn using the same or easily-guessed username and password across many customer systems. Once remotely authenticated to the targeted systems, thieves can upload malware like POSeidon, which is capable of capturing all card data processed by the victim POS.

A few weeks ago, this reporter broke the news that multiple systems run by POS vendor NEXTEP had experienced a breach. The banks were only able to pinpoint NEXTEP systems as the source because the overwhelming number of merchants impacted in that breached happened to be NEXTEP customers who also were part of the Zoup chain of soup restaurants.

“You may have seen the discussions of the ‘PoSeidon’ malware that specifically targeted point of sale systems,” NEXTEP CEO Tommy Woycik said in a follow-up email. “Within thirty-six hours of the point that we learned of the problem we were able to internally use our resources to block further data compromise with most of our customers.  We retained and worked with two different sets of consultants to fix all remaining problems and to evaluate, on an ongoing basis, the effectiveness of the fixes.”

Woycik said the company also is investigating why the vast majority of its customers had no compromise of information, but that the hack was limited to a few identified locations. Part of the problem was that some of the breached locations relied on point-of-sale management firms that refused to cooperate in the investigation.

“We have been somewhat hampered in our investigation because some parties involved in the locations that we believe may have been affected have been unwilling to provide us with critical data,” he said.

Bevo POS

More recently, KrebsOnSecurity has heard from multiple banks about suspicions that systems sold and maintained by another POS vendor – Naples, Fla.- based Bevo POS — was likely the source of fraud for more than a dozen restaurants and bars in and around Florida.

bevoReached for comment about these allegations, Bevo POS CEO Onur Haytac responded by acknowledging that a very small subset of its customers were indeed the victim of PoSeidon.

“Was Bevo POS ever breached?  No, however, Windows was. Bevo POS is Point of Sale application (not cloud based) that is both PCI compliant and encrypts all credit card data,” he explained. “The malware identified, PoSeidon, which pushes itself with DLL injection and backdoor Trojans, is a keylogger with memory scraping that breached Windows, and as I’m sure you are aware, Microsoft’s security essentials anti-virus and windows updates do not recognize or stop many of the newer more unique threats. The same day we were alerted to a possible compromise, our engineers found an executable that had been recently installed in Windows at that location, called ‘Winhost.exe.’”

According to Haytac, the company learned of the incidents on March 15. He said the breach occurred with memory scraping as the data passed through while Windows was sending the data to the Bevo application, basically capitalizing on a ‘millisecond gap’ between the systems.   

“A mere 0.26% of customers (13 out of 6,500) were effected and we not only identified the malware within 24 hours (5 days before it was publicly reported by the security experts), we had created a PoSeidon killer tool, and swept every customers machine within a week.  Actual Windows breaches of our customers only occurred over a two day period.”

Haytac said the most frustrating aspect of the ordeal so far is that all of its customers have some form of Windows anti-virus software and that none of these applications were able to recognize the malware. 

“So to prevent future possibilities of this ‘gap’ in the system being tapped again by relentless hackers, we have made an agreement with Comodo to create a new-age containment software that includes anti-virus,” he said. “We are pushing this to all our customers, closing the gap between these breach techniques and Windows OS. We are due to ship this weekend as we are in final stages of testing. Windows is obviously not our product to protect, however our customers are, so we are doing it regardless and without cost to them.”

RESCATOR REVISITED

For several months following revelations that fraudsters had stolen 56 million cards from customers of Home Depot, the card shop principally responsible for selling those cards — Rescator[dot]cm (the same hackers thought to be responsible for the Target intrusion) — inexplicably stopped selling new cards stolen from main-street merchants and retailers.

This hiatus continued for an unprecedented six months until March 10, 2015, when Rescator and his merry band of thieves advertised the “American Dream” batch of credit cards. Days later, the Rescator shop pushed out millions of cards in rapid-fire batches variously named “Breakthrough,” “American Dream,” “Imperium Romanum” and “Spring Awakening.”

One of the many newer "dumps" batches added to the Rescator fraud shop in recent weeks.

One of the many newer “dumps” batches added to the Rescator fraud shop in recent weeks.

Multiple financial institutions contacted by this author purchased handfuls of their cards from these batches, but were unable to find a single common point-of-purchase among any of them. However, each bank said they saw within each batch a strong preponderance of small restaurants and bars that they’d been watching for months as a suspected source of stolen cards. The banks reported to KrebsOnSecurity that the bulk of these establishments are centered around cities in Colorado, Texas, Florida and the Washington, D.C. metropolitan area — including Virginia and Maryland.

BRIAN’S DUMP

The above-mentioned trend away from selling cards stolen from major retail chains toward attacking smaller bars and restaurants is hardly unique to the Rescator shop. Earlier this year, several security experts pointed out that a relative newcomer to the fraud scene — a card shop that markets its wares by capitalizing on the name and likeness of this author (briansdump[dot]ru) — also was pushing fairly large batches of stolen cards onto its shelves.

An advertisement for the carding shop "briansdump[dot]ru" promotes "dumps from the  legendary Brian Krebs. Needless to say, this is not an endorsed site.

An advertisement for the carding shop “briansdump[dot]ru” promotes “dumps from the legendary Brian Krebs.” Needless to say, this is not an endorsed site.

KrebsOnSecurity worked with three different banks who each acquired multiple customer cards from all of the batches of cards that showed up for sale on Briansdump. Eerily enough, all of the merchants identified were from small restaurants and bars in and around the Washington, D.C. area, the hometown of Yours Truly.

OTHER SOLUTIONS

Security vendors have long recommended “end-to-end” or “point-to-point” encryption products and services to sidestep threats like PoSeidon. The idea being that if the card data never traverses the local network or point-of-sale device in an unencrypted format, any card-stealing malware that makes its way to the point-of-sale systems will have nothing to steal but worthless gibberish.

The problem is that many merchants — particularly smaller ones — don’t seem particularly interested in or incentivized to invest in these technologies, which tend to require more up-front costs and on-going maintenance fees to security vendors, said Rich Stuppy, chief operating officer at Kount, a payments security firm based in Boise, Idaho.

“It’s a fundamental redrawing of how the bits are transmitted, and that also tends to redraw a lot of power into another end of the network, either to a card brand or to a point of sale company, and it dramatically changes who’s got the power in this situation,” Stuppy said.

As for why more smaller merchants don’t turn to solutions like point-to-point and end-to-end encryption, Stuppy said it’s a numbers game that favors the attackers.

“I think the bigger [merchants] could maybe put up the fence around this such that it gets harder and harder, but the little guys aren’t going to do that. With these widely distributed point-of-sale systems, the bad guys are looking to just plug in the malware once, and it doesn’t matter if you have to get the big guys once to get 50 million cards, or you have to get 1,000 cards from 50,000 compromised merchants.”

For a deep dive into PoSeidon malware, check out this Mar. 25, 2015 blog post from researchers at Cisco.

Nightmares

Apr. 15th, 2015 08:09 am
badgerbag: (Default)
[personal profile] badgerbag
Nightmares about pain. That was weird. My hands do hurt but not like in the dream.

Take A Wild Guess Day

Apr. 15th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Eat your heart out, Rorschach.

 

♫ Fishy suspenders ♪


 

... and helmets for space rays,


 

Wilson ball swimmers


 

... and movies shown sideways!


 

White mushroom cloud as the city goes BOOM:

 

These are my guesses - now how about you?

 

Thanks to Denise M., Anony M., Molly S., Erin W., & Karen L., who know there was a time when military admirals actually DID serve nuclear mushroom cloud cakes. Ahh, it was a simpler time.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

I’m super excited to release something that I’ve been working on for a while.

Unit testing on iOS is… not common. And part of the problem is that people don’t know where to start. It can be overwhelming.

Building on my years of experience leading iOS apps with over 80% test coverage, including at Google, and my extensive experience in curriculum development and education, I’ve put together a workshop that takes you through the process step by step. It covers:

  • Writing unit tests on model classes.
  • Using mocks.
  • Unit-testing UI code (and how to test UIViewControllers!).
  • Writing your first UIAutomation tests.

The (MIT-licensed) sample code is ready to go (just check it out from GitHub) so you can focus on writing better tests, not wrangling dependencies.

It’s fully digital. Download the PDF, and work through. Email support included.

Who is this for? If you have iOS experience and you:

  • Haven’t written any tests and don’t know where to start, start at Section 1.
  • Are comfortable writing unit tests but want to better test your UI code, start at Section 2.

This isn’t designed for people without iOS experience looking to learn iOS.

Some nice things people have said already:

“Thanks so much… it’s helped me a lot. I have a fairly large, complex code base that I want to add tests to and the workshop has helped me to think about how to even begin to do that.”

—Cathy @catshive

“I really like the workshop. I like the format and pacing, how you’ve structured the Xcode project and using unfulfilled/failing tests for the participant to add themselves. I’ll definitely check out KIF for my own projects, even if it’s just as a way to ensure my apps are properly Accessible.”

Harry @inquisitivesoft

Buy it for 20 USD

If you’re a student or underemployed, contact me and I’ll send you a discount code.

Thanks so much to the many people who tested, reviewed, and gave feedback.

[syndicated profile] epbot_feed

Posted by Jen

John and I just had the perfect weekend at MegaCon: the ticket line was a breeze, the crowds were huge but manageable, the cosplay was plentiful, and our Claptrap was a big hit!

Plus, last week John decided he wanted to make a (very) last-minute costume of another Borderlands character for himself, so he could wheel Claptrap around. And not just any character; this one:

That's Tiny Tina, a 13-year-old girl-turned-explosives-expert.

Why? Because we thought the contrast would be funny, and because it'd never been done before.

I told John there was no way we could create an entire cosplay from scratch in just 3 days, but somehow - somehow - we did it. It was cheap, too, since all we used was thrift store clothing, craft foam, a few leftover supplies, and paint.

 
 Ta-daaa!

We made a gender-swap variation, so instead of a skirt John's just wearing the orange shorts, and instead of a bunny apron, he has a bunny shirt and vest.

He also used this cosplay as an excuse to have his hair bleached - which almost everyone has teased him about, but he LOVES. ("My hair finally matches my eyebrows!")

John handled all the sewing and basic construction on the costume, while I did most of the painting, cell shading, and smaller accessories.

It's kind of a shame Claptrap hides the bottom half. Here's a side view, so you can see John's two different shoes and knee cuff:

Clappy making new friends. :)


John also wore lightweight sticks of "dynamite" we made using cheap plastic tubing from Wal-Mart (apparently it's used to store golf clubs?) and leftover wire from Claptrap:

I made the bunny watch, pin, and simple orange cuff all from painted craft foam and glued-on Velcro.

I'm most proud of the mask, which we made from a $3 craft mask and more foam:

John used a heat gun to smash down the mask's original nose, and then puttied over it with a little glob of epoxy putty. From there I added the foam respirator circle and new eyes, and then painted it all up using this screen shot as a reference:


Some glued on thrift-store belts finished the whole thing off. 
 
 

The final touch was black eyeshadow (which was a hilarious ordeal, since John is VERY
BAD about having things applied near his eyes) and a few lines on his face to give it that sketchy look.

John was pretty nervous before going out the first time on Friday, but within minutes of the crowd catching sight of him and Claptrap, he was an instant celebrity. I spent the rest of the day grinning like a fool and just trying to get out of the way of all the cameras:


It was a different vibe than with John's Dreamfinder cosplay; nobody wanted to hug him, for starters. :D Guys still wanted to shake his hand, though, and people would just lose their minds when we told them Claptrap was filled with snacks. (Which he was.) High-fives and enthusiastic cheering galore, lemme tell ya. Ha!

It was also fun startling people by making Claptrap talk, though the speaker was much quieter out on a crowded con floor than it was here at home. (We'll have to find a way to crank up the volume before his next appearance.) Lots of folks even started dancing with him!

 


On Saturday we learned there was a Borderlands meetup scheduled, so John went out again for a few hours that afternoon. I'll have more of those group pics later, but for now, here's my favorite semi-candid shot:



I love Handsome Jack showing off in the back, and how Salvatore has his face in his hands on the left. Ha!

Oh! And yesterday John had his pic with a fabulous gender-swapped Dr. Zed re-tweeted by Randy Pitchford, president of Gearbox Software (makers of Borderlands)!

 
So cool.  Happily I was right next to the person taking that photo, so here's mine:


Welp, that's enough "Tiny Tony" for now. Hope you guys got a kick out of it, and stay tuned for lots more MegaCon cosplay!

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Get your patch chops on people, because chances are you’re running software from Microsoft, Adobe or Oracle that received critical security updates today. Adobe released a Flash Player update to fix at least 22 flaws, including one flaw that is being actively exploited. Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated software, including one that was publicly disclosed this month. And Oracle has an update for its Java software that addresses at least 15 flaws, all of which are exploitable remotely without any authentication.

brokenflash-aAdobe’s patch includes a fix for a zero-day bug (CVE-2015-3043) that the company warns is already being exploited. Users of the Adobe Flash Player for Windows and Macintosh should update to Adobe Flash Player 17.0.0.169 (the current versions other OSes is listed in the chart below).

If you’re unsure whether your browser has Flash installed or what version it may be running, browse to this link. Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, should automatically update to version 17.0.0.169.

Google has an update available for Chrome that fixes a slew of flaws, and I assume it includes this Flash update, although the Flash checker pages only report that I now have version 17.0.0 installed after applying the Chrome update and restarting (the Flash update released last month put that version at 17.0.0.134, so this is not particularly helpful). To force the installation of an available update, click the triple bar icon to the right of the address bar, select “About Google” Chrome, click the apply update button and restart the browser.

The most recent versions of Flash should be available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

brokenwindowsMicrosoft has released 11 security bulletins this month, four of which are marked “critical,” meaning attackers or malware can exploit them to break into vulnerable systems with no help from users, save for perhaps visiting a booby-trapped or malicious Web site. The Microsoft patches fix flaws in Windows, Internet Explorer (IE), Office, and .NET

The critical updates apply to two Windows bugs, IE, and Office. .NET updates have a history of taking forever to apply and introducing issues when applied with other patches, so I’d suggest Windows users apply all other updates, restart and then install the .NET update (if available for your system).

Oracle’s quarterly “critical patch update” plugs 15 security holes. If you have Java installed, please update it as soon as possible. Windows users can check for the program in the Add/Remove Programs listing in Windows, or visit Java.com and click the “Do I have Java?” link on the homepage. Updates also should be available via the Java Control Panel or fromJava.com.

If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. In the past, updating via the control panel auto-selected the installation of third-party software, so be sure to look for any pre-checked “add-ons” before proceeding with an update through the Java control panel. Also, Java 7 users should note that Oracle has ended support for Java 7 after this update. The company has been quietly migrating Java 7 users to Java 8, but if this hasn’t happened for you yet and you really need Java installed in the browser, grab a copy of Java 8. The recommended version is Java 8 Update 45.

javamessOtherwise, seriously consider removing Java altogether. I have long urged end users to junk Java unless they have a specific use for it (this advice does not scale for businesses, which often have legacy and custom applications that rely on Java). This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants.

If you have an affirmative use or need for Java, there is a way to have this program installed while minimizing the chance that crooks will exploit unknown or unpatched flaws in the program: unplug it from the browser unless and until you’re at a site that requires it (or at least take advantage of click-to-play, which can block Web sites from displaying both Java and Flash content by default). The latest versions of Java let users disable Java content in web browsers through the Java Control Panel. Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java.

Many people confuse Java with  JavaScript, a powerful scripting language that helps make sites interactive. Unfortunately, a huge percentage of Web-based attacks use JavaScript tricks to foist malicious software and exploits onto site visitors. For more about ways to manage JavaScript in the browser, check out my tutorial Tools for a Safer PC.

[syndicated profile] lecta_feed

Posted by Mary

I’m in San Francisco from tomorrow (Wednesday) until Sunday! Most of the trip is a work trip, but I have figured out that I can make use of my Double Union membership when I’m in town and have fun, chill events in the space.

Double Union event: Button-making & crafts with Mary Gardiner

Mary Gardiner, our Australian member and a co-founder of the Ada Initiative, will be visiting San Francisco and wants to use our button-maker! Come make buttons and do assorted crafts (vinyl-cutter, 3D printer, sewing, etc.) and hang out with Mary and Valerie!

When: Sat Apr 18, 2015 6:00pm – 8:00pm

Where: Double Union on Valencia Street between 14th Street and 15th Street. See the visitor information.

This is open to Double Union members. It’s also open to non-Double Union members who are my friends!

For my friends

If you are not a Double Union member, and we’re friends, please email me at my personal address to let me know you’re coming. People of all genders welcome.

Please read the Double Union visitor information and the anti-harassment policy if you are coming along.

puzzlement: (jelly)
[personal profile] puzzlement
Originally posted at http://puzzling.org.

I’m in San Francisco from tomorrow (Wednesday) until Sunday! Most of the trip is a work trip, but I have figured out that I can make use of my Double Union membership when I’m in town and have fun, chill events in the space.

Double Union event: Button-making & crafts with Mary Gardiner

Mary Gardiner, our Australian member and a co-founder of the Ada Initiative, will be visiting San Francisco and wants to use our button-maker! Come make buttons and do assorted crafts (vinyl-cutter, 3D printer, sewing, etc.) and hang out with Mary and Valerie!

When: Sat Apr 18, 2015 6:00pm – 8:00pm

Where: Double Union on Valencia Street between 14th Street and 15th Street. See the visitor information.

This is open to Double Union members. It’s also open to non-Double Union members who are my friends!

For my friends

If you are not a Double Union member, and we’re friends, please email me at my personal address to let me know you’re coming. People of all genders welcome.

Please read the Double Union visitor information and the anti-harassment policy if you are coming along.

Now THAT'S Putting A Face on Wreckage

Apr. 14th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Yesterday a couple of you posted this on the Cake Wrecks' Facebook page:

I'll give you a moment.

[whistling]

Now, I have no idea where it came from, but that's not gonna stop me from jumping on this hilariously traumatizing bandwagon!

 

Like this:

 

And this!

 

And my personal favorite:

"Boop-oop-aSWEET MOTHER OF HECK."

 

Now just one more, because laugh you must.
THERE IS NO TRY.

 

Thanks to Maya O., Amanda S., Crystal G., Kellie C., & Hannah G. for using the forks.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

White Lodging Confirms Second Breach

Apr. 13th, 2015 12:30 pm
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation. The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a “suspected” breach of point-of-sale systems at 10 locations.

whitelodgingBanking sources back in February 2015 told this author that the cards compromised in this most recent incident looked like they were stolen from many of the same White Lodging locations implicated in the 2014 breach, including hotels in Austin, Texas, Bedford Park, Ill., Denver, Indianapolis, and Louisville, Kentucky.  Those sources said the compromises appear once again to be tied to hacked cash registers at food and beverage establishments within the White Lodging run hotels. The sources said the fraudulent card charges that stemmed from the breach ranged from mid-September 2014 to January 2015.

In a press release issued April 8, 2015, White Lodging announced the “suspected breach of point of sales systems at food and beverage outlets, such as restaurants and lounges, from the period July 3, 2014 through February 6, 2015 at 10 properties.

While it acknowledged some of the locations breached this time around were the same as last year’s victim locations, the company emphasized that this was a separate breach.

“After suffering a malware incident in 2014, we took various actions to prevent a recurrence, including engaging a third party security firm to provide security technology and managed services,” wrote Dave Sibley, White Lodging president and CEO, Hospitality Management. “These security measures were unable to stop the current malware occurrence on point of sale systems at food and beverage outlets in 10 hotels that we manage.  We continue to remain committed to investing in the measures necessary to protect the personal information entrusted to us by our valuable guests.  We deeply regret and apologize for this situation.”

White Lodging said the stolen data includes names printed on customers’ credit or debit cards, credit or debit card numbers, and the security code and card expiration dates. Naturally, White Lodging is offering a year’s worth of credit protection services for customers impacted by the breach, from Experian.

Profile

terriko: (Default)
terriko

April 2015

S M T W T F S
   1234
5 6 7891011
1213 1415161718
19202122232425
2627282930  

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Apr. 19th, 2015 10:55 am
Powered by Dreamwidth Studios