[syndicated profile] geekfeminism_feed

Posted by Guest Blogger

This is a cross-post from Amelia Greenhall’s blog.

I am very hopeful that other intersectional feminist tech publications – possibly many others – will start in the coming year. This blog post is my way of supporting these nascent publications: an offering of everything I’ve learned about starting and running publishing companies.

After I wrote a blog post (What it was like to co-found Model View Culture with Shanley Kane) that disclosed that my business partner had been emotionally and verbally abusive, a number of people who had written for Model View Culture wrote nuanced, thoughtful pieces about it. (Links at the end.) In particular, Amelia Abreu wrote “Now start yr own band: on relationships, trauma, and tech feminism”. The last sentence of her essay really resonated with me:

“To borrow an old riot grrrl catchphrase, “Now start yr own band”. I neither want nor need to be aligned with a movement that is led unilaterally, and I also have no problem supporting those who need to control their own visions. We have the momentum, so now let’s start a bunch of new conversations and some new venues for them.”

At the moment, I have no interest in (or time for) starting another intersectional feminist tech publication, but I do possess a lot of knowledge about what goes into running one. I have pulled it all together here in hopes that it will help people who are considering starting a new publication. Here’s my (California/USA-flavored) advice on publishing, collaborating, budgeting, business incorporating, working with lawyers, being profitable, and anything else I thought was both important and non-obvious. I also asked Valerie Aurora (co-founder of The Ada Initiative and one of the women I co-founded Double Union with) to contribute to this article, including the sections on incorporation, choosing a founder, choosing a board of directors and advisors, making a budget, and raising money.

May this be of use.

— Amelia Greenhall (@ameliagreenhall), San Francisco, January 2015

Thank you to Amelia Abreu and Marlena Compton for the title of this post. And if you do start seriously thinking about it and want to do a phone call, ask questions or simply say hello, please send me an email: hello@ameliagreenhall.com).

Let’s talk Google docs

It’s one of those subtle things so I want to talk about it first: plain old Google Docs might be one of the key factors to your new publication’s success. I have been in love with making publications since I could write and draw, and have worked on or started about twenty different ones – newsletters, magazines, many many many ‘zines, student newspapers, yearbooks, the college humor paper, a literary journal. But Google Docs is what really made it click for me: collaborative writing was suddenly possible in real time.

By the time Google took the beta label off of Docs in 2009 I had been heavily using Docs to collaborate on writing and editing essays, short fiction, and stories with friends. There was something new and fresh and easy about being able to drop a link to someone in email and have them edit the document – even in real time at the same time as you. This felt revolutionary and eventually inspired me, my husband, and a writing collaborator of ours to start the Open Review Quarterly in 2010, which we have been publishing a few times a year ever since. Here is the process that we developed, (and that I adapted for Model View Culture and several collaborative zines):

  1. Make a Google Docs folder for the organization
  2. Within that, make an “Issues” folder
  3. Within the “Issues” folder make a folder for each issue, using a naming convention that has numbers in it so they are ordered correctly (for example: “ORQ13_Schemes” for the 13th issue’s folder)
  4. In the current issue’s folder, create a document for each author who agrees to write for the issue, using a naming convention that makes sense to you (for example: “ORQ13_First_Last”)
  5. Share that document with the author so that they can edit it and send them a link.
  6. Have the author drop their first draft in the document
  7. Collaboratively edit, using the appropriate Gdocs editing mode (under “View” -> “Mode”): “suggested edits” for wording changes, plain old “edit mode” to fix typos, and liberal use of Gdocs’ comments
  8. Use email to communicate about bigger picture issues

With some people, you will build up enough trust that you can fully co-write with them: directly adding to and rewriting their work, with only occasional use of comments or suggested edits. Leigh Honeywell, with whom I have done a lot of co-writing and editing, left me a comment when she edited this section. It captures what I love about collaborative editing:

“Gdocs are amazing. I get this feeling when a bunch of friendly folks edit one of my docs that’s like getting fussed over at a beauty salon. Care and attention that’s focused on making you look ahhhhmazing. It’s pretty great.”

Pay your authors

Put the biggest part of your budget towards your authors, because they are the most important part of your publication.

When we started MVC, we budgeted to pay at least $100/piece for features. So some initial math might look like: 10 authors/issue * 1 issue/every 3 weeks = 150 pieces/year => $100 * 150 = $15k in author payments minimum. (More on budgeting and raising that money later.) Personally, I think $500 is a good minimum as a reasonable compensation for a writer’s time on an article-length piece, and had hoped to get to that point with MVC, for a total of $500 * 150 = $75k / year in payments.

You can do your own math for how you imagine your publication – maybe you do an issue every two weeks, only have 3 pieces per issue, take some holiday breaks and therefore only publish 20 issues a year. You decide you want to pay authors $200/piece minimum when you’re getting started. Your math is: 20 issues/year * 3 pieces/issue * $200/piece = $12,000 in author payments your first year.

I was sad when authors were surprised/pleased at the $100 rate – several authors said that they had been paid $25-40 for similar work (they name dropped major publications) and that $100 was pretty standard in journalism-land. :( And then there is Bustle, which launched with job posts offering to pay women $100/day to write 4-6 pieces of content! :(( If you’ve ever thought: “Wow, the quality of MVC is so much higher than other sites!” our payment rates are probably one reason why.

I’d encourage you to use a spreadsheet to test out a bunch of different scenarios for payment vs. number of articles. Figure out where you want to be, and what you can swing with your initial budget. Try on different ideas for size until you find a plan that feels possible.

Let your authors keep copyright

Mainstream journalism is pretty abusive in many ways besides money, and one way that’s easy to push back through your feminist publication is by letting your authors keep copyright to their work. At MVC we settled on a “You keep copyright and can republish it however you like, we just ask that you don’t publish elsewhere it for 6 weeks to give the publication some exclusive time.” For the print quarterly we felt it was reasonable to extend the “exclusive, please don’t reprint” time longer, to 3-6 months, because the print edition was sold as an exclusive to subscribers. Letting your authors keep copyright lets them republish their work in compilations as well as letting them put it up on their own blog/portfolio as documentation of their work. And they might get to make extra money if they are asked to reprint it down the road!

Get contracts with your authors in writing

Cover, in writing, the things you are mutually agreeing on with an author. Good contracts make good business partners – they are clear and explicit, like boundaries. The contract should include:

  • the estimated timeline for first draft due date
  • the completion date and when it will go to press
  • the payment for the work, the copyright
  • how it will be published (online, in print, etc)
  • how the company will have rights to publish it again in the future in other forms (you might want to publish a “best of” compilation later)
  • if you want rights to use their name and photo on a ‘contributors’ section of the site
  • how profits will be dealt with, if another publication wants to pay to reprint the piece
  • some sort of statement of your mutual intent to work together in good faith and communicate well

Make this into a one or one-and-a-half page pdf that’s formatted to be nice and readable – you will re-use the main version over and over, and then update the contract to suit special cases. Have your lawyer look over it, because this will be the record of your right to have the content on your site and other media. Don’t let (too much) legalese sneak in the contract – keep in mind this is mostly a working document to come to agreement on the terms and timeline.

You should use software to make it easier to send pdfs to people to sign; I like HelloSign because it is well integrated with google docs and email. Get the contract signed and agreed upon within a few days of the author agreeing to write for your publication.

Recommendation: HelloSign

Spreadsheets for keeping track of contributor status

Spreadsheets are also surprisingly important for collaborative publishing. Making a shared spreadsheet (using Google Sheets, naturally) for each issue is the best way I’ve found to keep track of the status of each author’s piece – mostly, you need to have a column for the author’s name and a column for their status. (Status column might contain things like: asked them to write/they submitted a pitch, confirmed via email, have their contributor’s agreement, have first draft, first draft edits returned to them, second edits returned to them, final copyedits, good to go, published.)

I suggest that you check this spreadsheet at the beginning and end of each work day and make sure you have done all the emailing you need to do to move things forwards. Over time, you’ll figure out what else you want to track in this spreadsheet – I usually keep a column called “piece description” and another called “editor” for the person who’s the main point of contact for the author. Having a shared spreadsheet lets you see at a glance who’s doing what and saves a lot of time communicating between editors (beyond just keeping you on track with doing the right thing at the right time).

Make a budget from the start

Making a budget – even if it turns out to be wildly inaccurate – is an important and encouraging thing to do when you are starting out. If you enjoy creating budgets and making spreadsheets, you can skip to the next paragraph. If you are the kind of person who feels nervous about planning for the future or dealing with money, getting started on the budget might be hard but in the end it makes you feel more secure. Sit down with your co-founder(s) or a trusted friend, get a cup of warm tea and some snacks, and start making stuff up. Google Sheets makes it easy to co-edit a budget together and helps you get over the inertia of a blank page. When you’re done, reward yourselves with a celebration of some sort: a glass of your favorite drink, a dessert, you favorite guilty pleasure TV show.

What to put in a budget? Everything you can think of, plus padding of about 30% for things you didn’t think of. Good things to include are:

Expenses:

  • Legal fees
  • Office rent & security deposits
  • Hosting fees
  • Software license fees
  • Business registration fees
  • Printing costs
  • Postage
  • Schwag costs (t-shirt printing, stickers, etc.)
  • Your salaries
  • Payments to authors
  • Bookkeeper & accountant
  • Insurance (for events, offices)
  • Travel (including conference attendance)
  • Business meals
  • Event expenses
  • Office equipment & supplies (printers, paper, etc.)
  • Furniture & art
  • Repayment of loans

Income:

  • Subscriptions
  • Investments/loans
  • Donations
  • Event revenue
  • Sponsorships
  • Schwag sales
  • Consulting fees
  • Speaking fees
  • Donations in kind (account for these even though they aren’t cash)

A useful way to structure your budget is to split up the budget by months and record expected income and expenses in each month, then calculate the business’s total cash at the end of the month – this is your cash flow on a monthly basis. Keep updating the budget with your actual revenue and expenses (“actuals”) and you’ll have a good sense of when your bank account will be in crisis.

Find a co-founder

You need a co-founder or two. Co-founders keep you going when you are having doubts, bring skills you may not have, help you develop ideas and work out problems, and emotionally support you. I have many amazing and long-lasting co-founder partnerships and know it can be done right for publishing. Of course, I’d advise you not to do as I did with MVC, and co-found with someone you’ve only known for a few weeks – trust your intuition and don’t override it with the excitement that you’ve found someone who’s willing to co-found with you. Your gut feelings are important, and if there are little red flags getting thrown up, take the time to investigate them. Talk to other people you trust about your potential co-founder before you commit.

Things that are commonly good signs in a potential co-founder include:

Morals

  • Extremely conscientious about small things (that $5 they owe you, giving credit properly, correcting mistakes that are in their favor)
  • A strong sense of guilt and desire to not let others down
  • Has apologized in public or owned up to their mistakes before

Collaboration

  • A track record of collaborating with other people on joint projects
  • Reliable – usually they do what they say they will, and if they can’t, they tell you so ASAP
  • It’s easy to meet up or talk on the phone – you are a priority for them
  • Their first reaction to mistakes is to figure out how to prevent them in the future, rather than assigning blame

Compatibility

  • A feeling of ease when you are around them or communicating with them
  • If they learn they hurt someone, they immediately validate that person’s feelings and find ways to make it right (whether or not they were in the wrong)
  • Similar ideas about what is worth spending money on and what is not
  • Similar tolerance for financial risk
  • Shared values in many areas

Talent & interest

  • Passionate about the subject of your venture for many years
  • Good at things you that you are weak in (e.g., finances, coding, people skills)
  • Willing to let go of a thing that isn’t working so they can do a new thing that does work
  • Able to prioritize your joint venture above things that aren’t as important (e.g., requests for free work from colleagues) but below things that are more important (having a life outside work, spending time with family)

Connected socially (optional if you have these things)

  • Introduces you to their friends and colleagues willingly and eagerly
  • Often organizes social events (buy tickets to the movie, invite people to dinner, etc.)
  • Has a large personal network of people who can help with your company

A lot of the advice in books about romantic relationships will apply to a co-founder relationship. Reading books about making decisions about whether to stay in romantic relationships are especially useful. The following books are very heterocentric and oriented towards middle and upper class white straight women, but can be adapted to co-founder relationships fairly easily: “Why Does He Do That?,” “Too Good to Leave, Too Bad to Stay,” and “Is He Mr. Right?” (worst title ever, give it a read anyway).

Incorporation: why and how to do it

You may view becoming a corporation with suspicion or concern. After all, many of the ills of modern life – and in particular, the kinds of oppression a feminist publication would be fighting – are aided and abetted by corporations. However, we live within a system in which individuals have a great disadvantage compared to corporations. Corporations are actually a really neat and clever form of legal organization that protects the individuals forming it, and you should take advantage of their benefits! In particular, corporations give you a layer of protection from liability and debts that you can’t get without incorporation.

What kind of corporation should you become?

The first question many people ask is: should I be a for-profit or a non-profit? Having recently finished doing the hundreds of hours of work it took us to complete Double Union’s 1023 filing (the epic form that the IRS wants your 501(c)(3) non-profit to fill out to be granted tax-exempt status) I can say with finality: starting for-profits is several orders of magnitudes easier than starting a non-profit. (More on B-corps and similar later.)

Also, if you decide to be a non-profit you’ll run into the problem of having two jobs that Sue Gardner wrote about in “What is really wrong with non profits — and how we can fix it.”

Every nonprofit has two main jobs: you need to do your core work, and you need to make the money to pay for it. In the for-profit sector when you make better products, you make more money — if you make awesome socks, you sell lots of socks. Paying attention to revenue makes sense in part because revenue functions as a signal for the overall effectiveness of the org: if sales drop, that’s a signal your product may be starting to suck, or that something else is wrong.

Nonprofits also prioritize revenue. But for most it doesn’t actually serve as much of an indicator of overall effectiveness. That’s because donors rarely experience the core mission work first-hand — most people who donate to Médecins Sans Frontières, for example, have never lived in a war zone. That means that most, or often all, the actual experiences a donor has with a nonprofit are related to fundraising, which means that over time many nonprofits have learned that the donating process needs –in and of itself– to provide a satisfying experience for the donor. All sorts of energy is therefore dedicated towards making it exactly that: donors get glossy newsletters of thanks, there are gala dinners, they are elaborately consulted on a variety of issues, and so forth.

By contrast, when I buy socks I do not get a gala dinner. In fact it’s the opposite: the more that sockmakers focus relentlessly and obsessively on sock-making awesomeness, the likelier I am to buy their socks in future. This means that inside most of nonprofitland –and unique to nonprofitland– there’s a structural problem of needing to provide positive experiences for donors that is disconnected from the core work of the organization. This has a variety of unintended effects, all of which undermine effectiveness.

It’s a brilliant essay, you should read the rest of it.

Also, beware that women and other people doing diversity work often get advice along the lines of “be a non-profit, you’re doing a cause.” You can choose to focus all your energy on selling one thing – a thing that is good, for a profit – and still be a feminist. (I’m sure you weren’t worried but wait until you start talking to well-intentioned people.) Many media companies are for-profit; there is nothing inherently “non-profit-y” about an intersectional feminist one. My biggest worry about a non-profit media company is the problem of controlling what you publish once the subtle pressures of pleasing big donors are rolled into it all. I say “for profit all the way!” But you should do your own research and do what you want to do, and I support you 100% in your decision.

If you’re incorporating as a for-profit, you still have some more choices to make. In most cases, you will want to be a C-corporation. For a publication, this is the most common form of incorporation and the benefits of other forms of incorporation are unlikely to be significant. S-Corporations and LLCs are better suited to consulting or one-person businesses. There are new forms of incorporation that try to walk the line between for-profit and non-profit, such as various forms of benefit corporations now becoming popular in the United States. The main difference between a C-corp and B-corp is that the B-corp’s management has greater freedom to make decisions that further the corporations’ purpose even if it doesn’t maximize the profit for the shareholders. If your company will be owned by feminists anyway, a B-corp will only add complexity and cost for no benefit in many cases.

Find some money

You’re going to need money, if for no other reason than to pay the lawyers to get your incorporation right. Be creative and flexible about how you will fund your business, and recognize that your first plan will probably evolve a great deal. Keep in mind too that many businesses that serve new businesses are very flexible on their payment plans (lawyers in particular). This is a huge topic, so I’ll just touch on the high points.

The big picture on money is: use your money wisely and take it only from people that you are comfortable being accountable to or giving power to.

The best place to get startup money is your and your co-founders’ bank accounts, if that’s possible. Often the first step to starting a business is starting a savings account, long before you know what you will do or who you will do it with. If you and your co-founder(s) are socially connected and have a long track record of being responsible, creative, and talented, you almost certainly have a group of people who would love to help your venture succeed – and benefit from it themselves. If you’re lucky enough to have a good relationship with family members who have savings, you might be surprised how many of them want to get in on the ground floor of your business. You can decide sell these investors (and yourself) equity — there are all sorts of ways to do that – talk to your lawyer. Or you can decide that it is just a small loan that gets paid back first, put $3-10k in your corporate bank account, and then pay yourselves back as soon as you’ve launched and are profitable.

Finding Money II: Thoughts on Crowdfunding

Crowdfunding is a great way both to raise seed money from people who support your mission and to advertise your new venture. Autostraddle’s indiegogo is a great example! However, crowdfunding is easy to do wrong. If there’s one thing you take away from this section, it should be: don’t offer any physical rewards for a gift of less than $50 ($100 or more is even better).

The cost of creating and shipping a physical object is astonishingly high. Even with all the best software and a state-of-the art label printer, you will find yourself fighting with address formatting, software bugs, envelopes with weak glue, a pile of leftover packing materials, running out of stamps, incredibly time-consuming customs forms, automatic data conversion that removes leading zeroes from zip codes, the post office losing an entire bag of mail containing your rewards, delivery drivers who can’t find addresses, backers who moved, people who want you to send them stickers even though they can’t afford to donate, the wrong t-shirt color, the wrong t-shirt sizes, printing errors, vendors who send you the wrong size pendants – the list goes on. And months after you ship the last reward, you still face the worst punishment of all: the enormous ULINE catalog that fills up your entire mailbox and makes the postal worker stop delivering your mail until you go in person to the post office to genuflect and pick up your mail (if they haven’t lost it already). And the catalog can’t be stopped except by calling ULINE on the phone during business hours several times until they really take you off their catalog mailing list.

Other tips for running a good crowdfunding campaign: line up people to blog and campaign for you before the campaign starts, choose the shortest possible duration (30 days at most, 20 days or fewer is good), set your initial goal for about 30% – 60% of what you think you can actually raise, don’t feel guilty about asking people for a higher gift, have stretch goals already defined and ready to go as soon as you hit the current goal, have hilarious and funny prizes for extremely large gifts (like the $50,000 meritocracy rug gift offered for Double Union), have lots of cheery exciting pictures featuring happy people, thank donors with a personal email and ask them why they decided to donate just now, and when donations slow down, spend time brainstorming new people to ask.

One of the hardest things to do as an activist raising money for a social good project is to understand what people are getting out of contributing to your project. Often we think that contributors are going to be watching over our shoulders and measuring our work, or will only contribute if they get something significant and costly in return. What people are really doing when they support your awesome project is getting the good feeling that comes from (1) acting in harmony with their beliefs (reducing cognitive dissonance), (2) knowing they helped make the world a better place. You don’t have to send them a detailed report with bar graphs hockey-sticking upwards or a hand-embroidered tote bag.

And one more thing: crowdfunding works best when you are launching a new venture, or making a big and exciting expansion. It isn’t suitable for long-term funding. If you plan to have a fundraising drive every year, you should be investigating the non-profit model and be aware of the pitfalls of over-focusing on fundraising and donor relationships, as noted in the post of Sue Gardner’s referenced earlier in this article.

Revenue models

When it comes to long-term revenue, be creative! Many of today’s publishing businesses are really a suite of related services and products – everything from books to t-shirts to events to speaking gigs. (Here’s an in-depth post on getting paid to speak from Geek Feminism.) It’s also relatively common for an early-stage startup to be supported by consulting income from one of the co-founders for a period of time (it usually can’t be the long-term plan, though).

Selling subscriptions to some kind of print edition or quarterly up front is one way to get some money in the door to cover your operating expenses and not have to front much money yourself (and for the company to be able pay you back for your “loans” quickly). You can think of subscriptions as an investment you are taking from many people: you owe the buyers books/magazines, which you pay off over time. Since each individual’s amount put in is relatively small ($50-100/year is a typical sales price for a small niche press subscription) the individual buyers don’t end up with undue influence over your business. More on selling and shipping physical objects later.

Ad-based per-pageview revenue?

You’ll have to think carefully about if you want to take on per-pageview ad-based revenue as part of your model. Otherwise you might end up like Bustle! O.o. (My fav quote from an article about their business model: “Another favorite Bustle approach is to take one news peg and publish contradictory opinions on the same event.”) But more seriously, a few downsides of ad-based revenue that I think are relevant to feminist publishing:

  • Harder to print long, thoughtful articles because of the timescales involved
  • Ad-based revenue seems to lend itself to “spray and pray” and churning out large amounts of smaller content
  • Harder to avoid the pressure to use clickbait headlines (Top 10 Ways to… You’ll Never Believe What…) and thus end up w/ clickbait article structures
  • You need to split your longer articles up into annoying 300-word chunks and make people click through 2-4 pages (and see more ads!)… but this means (especially on mobile) that people are less likely to actually read the whole article
  • Given a limited budget for content, you then can’t pay your authors as much per piece because you need more pieces

This doesn’t mean you can’t have ads, just that you should think carefully about how you price and sell them, and to whom. Again, the big picture on money is that you should think carefully about who you take money from: you should only take money from people you are comfortable being accountable to or giving power to.

Get a Lawyer

A surprising thing I have learned over the past few years: lawyers, accountants and bookkeepers are your friends. You should have one of each to start! You should have them on retainer and pay them to do things for you because they (a) actually know what needs to be done and (b) will actually do these things right. Besides knowing what needs to be done, they battle incredible amounts of bureaucracy for you (much of what needs to be done involves bureaucracy).

Every time I pay my lawyers, bookkeepers, and accountants I do a little happy dance of gratitude. It’s great to get to work with professional people who are competent at what they do. I like seeing how they save me from headaches down the road by doing things like setting the accounting categories up to be prepared for required state forms that need to be filled out in year 2. (I had no idea such forms existed until year 2, when suddenly that random-seeming accounting category made sense!) Professionals will know about the things you would never even imagine exist, and then your company will be ready for them.

When you decide to engage a lawyer to work for your company, you will sign something called an “engagement agreement”. This is a document that lays out the terms of your relationship, and will cover the scope of what they are representing you for, their obligations to you, confidentiality, how the agreement may be ended, and how you pay them. Generally, when you start working with a lawyer you will write them a check for what’s called an “initial retainer” which is money you give them in advance (perhaps on the order of a few thousand dollars for incorporation work). This money goes into an attorney/client trust account and the attorney bills your fees against the retainer as they do work for you. If you leave before the retainer money is used up, they are required to return the unspent part to you. As you keep working together on future projects you will figure out if/how to continue to top off the retainer account with fresh money.

I have a lawyer recommendations if you need one in SF – feel free to send me an email (hello@ameliagreenhall.com) if you’re looking for an intro.

What to expect when you are incorporating

You are starting a publication, and will need a lawyer to do boring yet incredibly important things for you – to start, you need to incorporate a company. Many companies incorporate in Delaware because the requirements for registering in that state are very low, and then register to do business with the city and state they’re actually in. (This is somewhat confusingly called “registering as a foreign business entity.” In this case, “foreign” = “out of state.”) Your lawyer will help make sure that the many things that need to be done get done, and in the right order, which is no easy task. Things that your lawyer will do for you when you are forming your entity might include:

  • Preparing the formation documents
  • Incorporating in Delaware, if you go with that
  • Drafting your bylaws
  • Drafting first meeting minutes (where you elect the board and give yourself permission to do all the things you’re doing, such as getting a bank and giving the CEO the power to make binding decisions for the company)
  • Registering the business with your state, the secretary of state, and the city
  • Preparing the fictitious business name statement and coordinating publishing it (often as a classified in the local newspaper)
  • Filing notice with your state’s department of corporations
  • Preparing indemnification agreements

They might also help you with getting a bank account set up or introduce you to other professionals like realtors, accountants, and bookkeepers.

Two bits of advice on choosing lawyers

  1. Do not do as we did for MVC and go with a $900/hr fancy startup lawyer, which was not worth it considering our needs at the time. From my more in depth research since then, $300-450/hr is the max you should pay for the work of incorporating a company. Several law firms that specialize in starting companies offer it as a package, for rates along the lines of $2-3k total. If you end up growing so much that your company needs a big, fancy law firm your lawyer will be able to help you with the transition.
  2. Do not try to save money by doing your own incorporation paperwork, as we did for Double Union. GET A LAWYER. Incorporating is tricky business requiring a lot of legalese comprehension and checking boxes. We found out that hard way that even if you think you understand and check the box that describes your company, you may actually be better off checking the box that does not seem to describe what you want, for some reason that lawyers know from experience but that you do not. (We later worked with a great non-profit law firm for the Double Union 1023 form and they fixed many small errors that we had made upon self-incorporation. Thankfully, all was well but it still cost us the lawyer time in the end.)

Get an accountant and a bookkeeper

Often your accountant and bookkeeper are separate businesses who work together remotely, though sometimes you get lucky and find a CPA firm that has bookkeeping capabilities. Ask your lawyer to send emails introducing you to a few that they recommend. Set up initial calls with the people who sound interesting: talk to them and ask questions about how they work, their fee structure, and anything else you want to know. You will be able to get a good sense from a phone call if you will enjoy working with this person – if you don’t get that sense, keep talking to other people. (If you do decide during the initial call that you want to engage this person, sleep on it and call them the next day to confirm.)

Here are questions to keep in mind when interviewing bookkeepers and accountants:

  • Do they use the accounting software you want to use (in my case, Xero not Quickbooks)?
  • Are they easy to talk to, and is there a feeling of mutual respect?
  • Do they seem to take pride and delight in doing their job well?
  • Are they good at (and patient with) explaining things until you have all your questions answered?

Also, for reference, my sense of rates in early 2015 San Francisco is: $50-75/hr range for bookkeepers, $250-350/hr range for accountants.

Get a registered agent

Registered agents accept legal documents and process of service (if you get sued) on your behalf and then forward them to you or deal with them. Other benefits of having a registered agent:

  • They keep track of all the things you are supposed to file with various governmental agencies.
  • Your agent’s address goes on all the government forms and thus in the online corporation search (eg, like this one for Delaware or this one for California). So if you don’t have an office yet, you can keep your home address from being easily searched.
  • Each time you move offices or change secretaries, you do not have to update your address with numerous governmental agencies and forms.

Recommended: BizFilings or Vcorp Services. Registered agents cost $100-$150/year. Do not go with a “cheap” one – those are scammy and also lock you into a long contract where the next year’s fee is a lot higher.

Get a bank

You will need one – look for somewhere with low fees for the things you will do often, and a convenient location to you. Also, does their website/app look usable? Do they offer an online bank feed that is compatible with your bookkeeping software? If you can find somewhere you’ll have a personal relationship with your banker, even better. Credit unions also offer business accounts! You will need to have bylaws, an EIN, and a few other formation things done before you can open an account. If you get confused by the list of requirements to open an account that you see listed on the bank’s website, visit the bank in person or call a banker to start the conversation. Don’t be disappointed if it takes a few tries to get all the documentation in order. And double-check that they spelled your business name right!

Get accounting software

This is how your business keeps track of all the things the IRS requires you to keep track of (in addition to being necessary for budgeting). You’ll probably work with your bookkeeper once a month to reconcile the books and with your accountant quarterly to prepare your quarterly tax filing.

Recommended: Xero (orders of magnitude better user experience than Quickbooks)

Get expense reporting & automatic reimbursement set up

An expense reporting app/service is worth paying for, because it will save you a TON of time and frustration with complying with IRS rules which are super complicated. Besides helping keep track of what everyone in your company is spending money on (and how much you are spending against your budgets), you need documentation of all your work expenses you buy with your personal funds in order for them to be reimbursed. We were researching what to use for Double Union and realized that Uber CEO Travis Kalanick is an investor in Expensify, so we kept looking and found Abacus. Abacus is out of YCombinator, which has its own set of problems, but it seems easier to use and slightly more modern. Abacus lets you email or directly upload receipts or PDFs, and also has an app where you can take pictures of receipts. Then when another team member approves your request, money transfers into your bank account automatically via ACH.

Recommendation: Abacus

Get payroll set up

Hopefully you can pay yourselves – even if it is just covering your living expenses – from the time you start making revenue, or begin doing so as soon as you can. Xero does payroll in California and a handful of other states as well. If you end up getting significant investment from others right away, you should definitely be able to pay yourselves something. Payroll is another thing that requires a lot of IRS forms and also registering with the state type things (your lawyer or accountant can help you with this). You can’t just write yourself a check for your salary, it needs to go through a payroll system, like IntuitPayroll, ZenPayroll, or Xero’s payroll so that you pay all the required payroll taxes, social security, unemployment insurance, and all the rest. You can fix up a lot of mistakes you make early on in your business, but you don’t want to screw up your taxes, ever!

Recommendation: Xero

Get Insurance

You’ll probably want to get an umbrella insurance policy for your company, and definitely worker’s compensation insurance. If you rent an office or physical space yourself (i.e, are not renting desks at a coworking space) you’ll probably need to insure that too, as a term of your lease. If you run events, you should be sure that either the venue’s insurance covers your event, or you should purchase separate general liability insurance for your event (often around $200 per event, or around $1000/year in combination with your office’s policy). You might also consider getting Directors & Officers’ (D&O) insurance to protect your board of directors from liability for actions taken in good faith.

Have a board besides just the co-founders, and a group of advisors

One of the biggest mistakes that I made with MVC was not insisting on having a board of directors and an advisory board right away. If you are two co-founders, you need a group of people to go to when you have major disagreements about the direction of the company or its structure. (You still want this even if you have an odd number of co-founders.) A board has legal responsibilities to act in the best interest of the company and can provide guidance and a more objective perspective when things get too personal for the founders.

Picking the right board members is very important. They are easier to find than a good co-founder because it takes less time to be on a board (you should be aiming for less than 2 hours a week per person, usually much less), but you still want a lot of the same qualities in a board member as in a co-founder. Shared high-level values and philosophies are extremely important because you don’t want to be arguing over the basics of, e.g., whether employees should regularly take vacation or if you should take tons of investment early in the company’s life cycle.

Ideally, you should work with a board member in a lower-stakes relationship for several months before inviting them to your board. Pick people who have experience and skills you don’t have: perhaps an area of law, managing a large organization, or a particular technology. You should also look for people who have a large personal network and are willing to use it appropriately on your behalf. If a board member won’t support your work by spending their personal capital (social or monetary), you should ask them to leave, politely. Also, you should raise your eyebrows if your board members want to be paid.

Advisors don’t have a legal responsibility to the corporation, so your relationship (and match in values) can be a little looser. You still want to be picky, but you can have a lot more variety in philosophy and approach with your advisors.

Get an administrative assistant

Get your publication an administrative assistant from the get go. (This was something I wish we’d done for MVC and I will do for all my future companies.) You can find someone for $20-30/hr and hire them for 5 hours a week. Are you going to sell things and charge sales tax? Then you will have to file with the Board of Equalization. Going to run payroll? Then you’ll need to register with the state. Going to have a DBA (doing business as) name or names? More forms. Governmental agencies have absolutely no incentive to make anything easy for you, thus these are things that will always be tedious and painful. It worth paying someone else to do them, so you can focus your extremely limited time and energy on the core of your business.

Learn email management skills

Your work and personal emails should be separate. Use Google Apps to get email for your publication’s domain (eg: yourname@yourpub.co). You should spend time learning bigtime email management skills – read up on things like Inbox Zero, Getting Things Done (I recommend another book in that series, “Making it all work,” as well) and how to focus on what’s important and not urgent. And read enough blog posts or get a tutorial from a friend who is a Gmail power user so that you know how to do things like:

  • Use canned responses
  • Learn keyboard shortcuts (turn them on in Settings > Labs)
  • Filter filter filter all your mail so newsletters and updates from apps don’t make it into your main inbox, and instead go into folders that you can look at when you care to
  • Turn on “Undo Send” and “Send and Archive button” in Settings > Labs
  • Use stars or flags instead of re-marking things as unread
  • Set up 2-factor authentication via SMS or the Google Authenticator app

Get a shared password manager like LastPass

Get a password manager like LastPass Enterprise (or OnePassword or other competitors). Create a shared folder where you and your co-founder(s) can store and share all the passwords to group infrastructure things like DNS hosting, your Google Apps admin account, domain management website, and other online services. Every password should be shared with at least two people, and no one should be using a personal account for the business’s use. Use a long (30+ character) memorized passphrase for your password manager’s login and your Google Apps email account login. For the rest, use your password manager to generate long random passwords that are different for each site. Get the password manager’s app for your phone, too.

Recommended: LastPass

Do not work out of your home

It’s okay to work from home or coffee shops for a while, but the longer you’re in business the more important it is to have an actual office space where you can take phone calls and work side-by-side with collaborators. Give yourself boundaries between home and work, and a commute between to get in the right mindset. Perhaps renting desks at a local co-working space is the answer. Maybe you know someone who has a company that has a little spare space, and you can pay them a bit to have a table in the corner. If you have the funding, rent yourself a tiny office. (According to a number of people I’ve talked to with experience, commercial leases are always 2+ years but — especially in San Francisco — they are easy enough to sub-let or otherwise get out of with a few months notice and willingness to eat the deposit. So don’t a long lease scare you away if you find a great deal on a place you love.)

Consider doing some sort of print editions

There is a lot of interest in print publications right now. Would one make financial sense for your business? That’s a matter of how many you think you could sell vs. the cost to print. I love 3191milesapart.com and their print edition was part of what inspired me to start MVC with a business model that included a print quarterly. I saw that their quarterly said “edition of 1,000” in it. Hmm, a niche publication might have as many readers as them, I thought. So start by thinking about how many people you and your co-founder know that are interested in your publication. You can talk to other people who publish print works, if you know any. Say you come up with 400. Then there are people you don’t know, and you’ll want to have ones to give away. Could you double it and make your first print run 800? Well, looking at most print brochures, it’s more round numbers, so you could maybe print 1,000? Or bump down to 750 and create a “sold out” demand – you can always reprint if you are more popular than you need. In any case, pick a few numbers that you think you might aim for printing and of those, how many you think you can sell.

Now do the math – you are figuring out if print might be a good idea. Use a spreadsheet and run some numbers – for each print run (eg 750, 1000, 2000, 3000) what is the cost to print. Then, at various prices, what is the # of copies you’d need to sell to break even and make your print costs back. Use that to think through the trade-offs, and pick your price and initial print run.

Recommended: I really like working with Amy of 1984 Printing

Tips on managing the shipping extravaganza, if you sell physical things

Physical things are awesome: people love them and are willing to pay for them. When the first MVC quarterlies came out, there was a twitter meme of people posing their pets pretending to read or hold the books. And anyone who’s made ‘zines knows the power of having something you can hold in your hand, leave on a table, or pass on to someone when you’re done reading.

Physical things are good for publications because you can make an actual exchange of value with your readers that somehow feels ‘right’ all round. There’s a ton to know about shipping and I do not know most of it, but here are some of the things I’ve figured out from doing bulk-mailing of various products over the years. (I also recommend the giant guide to estimating shipping on Nick D’s blog.)

Uline.

Book mailers, self seal envelopes, tyvek. It’s a pretty astounding catalogue of everything you might need – just looking at it gives me the thrills. So much you could make and ship to people! Be sure to use the search box and poke around to figure out what’s there before you need it. Upon ordering, you will start getting their catalogues too, which is a mailbox filling hazard of the job… keep one and then unsubscribe. Also, when you are choosing book mailers and envelopes, and are faced with the choice to pay extra for the self sealing sticky kind… remember that they are probably worth it due to the time they save you.

Recommendation: Uline

Inked stamps

People love inked stamps. Stamps are fun to stamp. Get pre-inked ones. You can get them many places – Vistaprint, RubberStamps.net, etc. Almost every stamp-ordering experience is harrowing and sketchy but thankfully you don’t have to order them often.

Recommendation: Vistaprint or RubberStamps.net

Professional label printer

I recommend the Brother QL-700 series, which will save you tons of time, though the dated software that is literally named “P-Touch” takes a bit of time to learn up front. Export a CSV of your sales into Google Sheets, use formulas to combine fields to create something that’s cleaned up and ready to go into the printer’s CSV “database” and push print. It will print out hundreds of labels in a very short time in a durable, rain-proof way. It also cut the labels to size for you. Give yourself plenty of time to fight with formatting the addresses and keep a PDF copy of every set of labels you print so you can debug problems when people tell you their thing never arrived.

Recommendation: Brother QL-700

Recommendation: Get the paper for the brother printer from Office Smart Labels and an inner reusable cartridge

Choose a way to unify your site’s images

For MVC the emphasis was on using personal image, often from the authors, where possible. I chose a “golden ratio” landscape crop and decided to do color-processing using photoshop actions to give an overarching unity to the images on the site. You can buy actions on sites like The Color Shop (my favorite) or search for “Actions” on sites like CreativeMarket. For Open Review Quarterly and most zines we have artists create work for the theme, or inspired by a particular piece. Some authors make illustrations for their own piece, telling the story visually as well. Creating a standard size and processing lets you have a variety of content with a unified feeling across your whole publication.

Recommendation: Photoshop is $20/mo if you subscribe through Creative Cloud

Website building

Having your writing look good on mobile is the biggest thing to think about; then worry about page load speed. I tend to lean towards writing code to do exactly what I want, but if you don’t know how to code or don’t have a specific artistic vision, look at themes until you find one you like, purchase the theme, and then adapt it to fit your needs. For example, CreativeMarket is a site that has a lot of themes. (There are many other similar sites out there – look around!) If you end up wanting to use WordPress, for example, you can find themes for it. Just poking around there, I like this one and this one a lot. Imagine how beautiful your publication will be!

Pick some useful metrics and add tracking codes to your website

You’ll probably want to add a lot of analytics, so you can see how your publication is doing and what’s working by tracking things like number of visitors, time on the site, how many other articles a visitor reads after the first one, and so on. There are a lot of blog posts discussing blog metrics with varying degrees of helpfulness, like this, this, and this. So start by doing some research to see what metrics and products are relevant today, and from there figure out which ones are relevant to your company and values. Minimally, you’ll want Google Analytics and maybe CrazyEgg as a start.

Create a list of topics and article ideas

In your dream publication, what are you covering? Have a few hour+ long sessions of brainstorming with a notebook and your co-founder(s). What are the ideas, themes, topics that are interesting but not covered well? What do you want to see in the world? Write down article titles, issue themes, and other things that interest you. Aim to end up with several hundred one-line ideas written down.

Create a “Potential Authors” spreadsheet

Make a “Potential Authors” spreadsheet with the header columns that are something like: Name, What do they write about, Twitter handle (if they have one), link to blog or writing, How do you know them (or can you get an intro), what would you love to have them write about for you, status on reaching out to them. Include authors you don’t know yet but would aspirationally like to write for you. Search for articles related to things on your list of topics and article ideas to find people who research or have written about similar things. Continue adding people to this spreadsheet all the time!

Do active outreach for authors

Once you have your potential authors spreadsheet, get in touch with some of them with a concrete proposal – make your email something that can be replied to with a “yes” or “no”. (If it’s not clear enough to have a yes or no response, keep rewriting before you send.) If you can get an intro over email from someone you know, that’s awesome. But DM-ing them to get their email address, or a respectful cold email to a publicly posted address often works. Your “pitch” email should describe what your publication is like and your goals, how much you can pay for a piece, what you like about their current work or have seen of it, and what topics you’d be interested in seeing them write about.

Email your authors early and often!

You are going to be emailing your authors a lot. (That’s ok, you get to get to know lots of awesome people that way!) Email your authors a day before the first draft deadline. Email them the day of in the morning, reminding them that today’s the day. Email them the evening of if they haven’t turned it in. (If they did turn it in, you’ll have already emailed them saying thanks!).

As the “final” deadline nears, use emails to provide feedback on what’s working in the piece in way that is higher level than all the individual edits/comments/suggestions in the google doc. Don’t forget that your authors need you to provide positive ways to bring the piece to its best and lots of encouragement.

Also, depending on the author, they might want to do a video call, phone call, or sms chat to discuss their piece or their idea.

Fake deadlines (ok, really long timelines) for feature length pieces

Especially if you are going to be working with long pieces that go in themed issues, have “fake” deadlines for the first draft. Don’t expect all authors to get their piece in by the first draft deadline. If you do, you will be disappointed every deadline day. If you reach your first deadline and 70% of the authors have sent you something, that is a major success! Get started editing the ones that come in and continue emailing the authors that still owe you drafts.

Themed issues are a good way to get authors to finish writing

“Can’t it go in the next issue?” “No, the next issue is on X and your piece is on Y and is so perfect for the Y issue. Let’s work together to make it happen for Y issue like we planned. The world needs to hear what you’ve got to say! [Insert sentences figuring out what to do together to make it work – a slight extension on the deadline, shortening the scope of the piece, a hearty round of edits and comments on an “unfinished, pre-first-draft-draft”…]”

Thoughts on bringing new writing into the world

Your publication has the opportunity to bring new writing into the world – writing that wouldn’t exist otherwise. You will be able to publish stories from people who don’t normally write for publications, and from people who publish more widely, but wouldn’t have felt safe or able to write this to be published elsewhere. You will publish writing from people who are now able to spend the time writing, since you are paying them. The writer-editor relationship a really special connection to be part of, and editing with care, appreciation, and thankfulness will go a long way towards bringing a piece to its best. You’ll improve at editing over time, but here are some brief thoughts on order of operations:

  • Go through once without marking anything (just correct typos like spelling or minor grammar as you go).
  • Think about the overall structure of the piece. Some drafts come in nearly good-to-go, but others might benefit from a little re-ordering, such as pulling out an interesting anecdote from the middle and placing it as the intro.
  • Leave comments on individual words or sentences (highlight and command-option-M). Note what parts really spoke to you. Ask questions about things that you want to know more about. Suggest parts to cut out for clarity or brevity. Ask for assertions to be expanded on, anecdotes to be added.
  • Approach editing with curiosity, love, and a belief in the author’s innate abilities.

Good luck! And if you start thinking of starting a feminist publication (or feminist startup in general) and want to chat, feel free to send me an email: hello@ameliagreenhall.com.

Thank you to Alicia Liu for inviting Ameila to give a talk about collaborative publishing at Digital Humanities in July 2014. The notes and slides for that talk formed the base of this post. Also thank you to all of Amelia’s publishing partners, past and present, especially Adam Greenhall and Michael Ahillen, and Valerie’s co-founder, Mary Gardiner. Thank you to Leigh Honeywell and Kate Losse for reading and editing this draft.


Responses to What it was like to co-found Model View Culture with Shanley Kane: Betsy Haibel wrote “An Apology, and Eight other Things”. Annalee Flower Horne wrote “The Trouble with Heroes”. Tim Chevalier wrote “Holding our Heroes Accountable”. Amelia Abreu wrote “Now start yr own band: on relationships, trauma, and tech feminism”.

Cool Valentines For Geek Girls!

Jan. 28th, 2015 03:40 pm
[syndicated profile] epbot_feed

Posted by Jen

I was stuck in a CVS for over an hour the other day, waiting on the clinic's nurse practitioner to tell me I probably have an ear infection, because my ear was just jealous of John's ear getting all the attention after his surgery. That, or my new dental filling has gone horribly wrong.

So, antibiotics *AND* a return trip to the dentist? Could this week.... BE any better? (Everyone else is marathoning Friends on Netflix right now, too, right?)

Anyhoo, while prowling the aisles in boredom, I discovered some surprisingly great Valentines' cards, and thought I'd share:

 Spider-Girl!

Classic Wonder Woman! (With a blue paracord bracelet.)

3D Donald!

And perfect for steampunks:

The compass is layered, so it has a nice 3D effect, and the card is flocked velvet. SUPER pretty in person.

For a little gee-whiz factor, check THIS action out: the envelope has a functioning lock on it!
 It comes with a separate card to lock inside the envelope - and the recipient can wear the key as a charm! So cool. (Only about $8, too!)

And finally, some sweet Tinkerbell art, because yes I still like glittery fairies:



I'm always in favor of supporting independent artists when you can, of course, but it's nice to see options like this at a big retailer, too. Especially when you're grumpy and have an earache. So thanks, CVS.


PS: Speaking of Tinkerbell, have you SEEN the new effects in the Peter Pan queue at the Magic Kingdom? WOWIE. First time Disney has really floored me in ages. Definitely take a look!


[syndicated profile] cakewrecks_feed

Posted by Jen

Sometimes when a cake makes no sense, it's helpful to ask yourself, "What do you suppose the customer asked for?"

Insults 101: When calling a girl a dog, it's always helpful to be breed-specific.

 

(For what it's worth, I'm pretty sure that's not how Mrs. Hopperband spells her name.)

 

"Look, I just want what every girl wants for her birthday: a big- a$$ cake!"

Eh. [shrugging] As I'm sure every cake-loving girl would agree: close enough. Pass the forks!

 

Sometimes you just want a sugary baked good for no reason at all. And yet, without an inscription, what can Wreckerators wreck? That's why they're so adamant that your cake say something.

And that's also why we get Wrecks like these:

Give it a minute.

 

Jen B., Stephanie W., Autumn R., & Sara G., one "Ho Thing Special," comin' up.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

It’s time once again to update my Value of a Hacked Email Account graphic: According to a recent alert from the FBI, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employees have their email accounts hijacked.

Federal investigators say the so-called “business email compromise” (BEC) swindle is a sophisticated and increasingly common scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

According to new data from the Internet Crime Complaint Center (IC3) — a partnership between the National White Collar Crime Center and the FBI — the victims of BEC scams range from small to large businesses that may purchase or supply a variety of goods, such as textiles, furniture, food, and pharmaceuticals.

Image: IC3

Image: IC3

One variation on the BEC scam, also known as “CEO fraud,” starts with the email account compromise for high-level business executives (CFO, CTO, etc). Posing as the executive, the fraudster sends a request for a wire transfer from the compromised account to a second employee within the company who is normally responsible for processing these requests.

“The requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request,” the agency warned. “In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank ‘X’ for reason ‘Y.'”

The IC3 notes that the fraudsters perpetrating these scams do their homework before targeting a business and its employees, monitoring and studying their selected victims prior to initiating the fraud.

“Fraudulent e-mails received have coincided with business travel dates for executives whose e-mails were spoofed,” the IC3 alert warns. “The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment. Victims may also first receive ‘phishing’ e-mails requesting additional details of the business or individual being targeted (name, travel dates, etc).”

The advisory urges businesses to adopt two-step or two-factor authentication for email, where available, and/or to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media.

For more info on how to rethink the security of your inbox, check out this post.

Your email account may be worth far more than you imagine.

Your email account may be worth far more than you imagine.

Finding More Women on Social Media

Jan. 28th, 2015 01:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

DATABASE at Postmasters, March 2009  DATA BASE is an Oxford English Dictionary with the word "DATA BASE" cut into it with the laser cutter.

Credit: Flickr / Michael Mandiberg

Every so often I find my twitter handle in a list that forms a response to some guy saying “who are some women I should follow on social media?”. Do these things work? I don’t know. I’ve compared notes with other women on how long it lasted when a prominent VC asked that question (for me, <24 hours), which tells me at least sometimes they are ineffectual.

Besides that, there are different types of engagement, you can follow someone, but do you listen to them? And you can listen to them, but do you engage with them or their content? Typically we all go back and forth through these different modes, but if you just ignore, or perhaps worse, think “oh she’s moaning again” then this strategy clearly isn’t working.

I think the best way to increase the number of women you encounter on social media is to seek out women whose opinions or work you are interested in.

  • Women developers of your favourite products.
  • Women contributors to open source projects you use.
  • Women who have written articles you liked.
  • Women who have given conference talks you enjoyed.
  • Women who have been retweeted into your timeline.

This is harder than someone giving you a ready made list. For each one of these, there is a reason why:

  • There are few women developers, and some hide their affiliations for fear of threats.
  • There are even fewer women contributing to OSS, and many of them do so under gender neutral pseudonyms for safety.
  • Women’s content is shared less, and more likely to be (or be thought) women-focused.
  • Women are not fairly represented at conferences.
  • Women get retweeted less.

But these aren’t insurmountable. And moreover, for me at least, it’s vastly more flattering to be noticed because of something cool I’ve built or written than because I’m female.

As a cis-white-women I’m trying these strategies, and slowly improving the diversity of my feed, too.

 

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

For the second time in a week, Adobe has issued an emergency update to fix a critical security flaw that crooks are actively exploiting in its Flash Player software. Updates are available for Flash Player on Windows and Mac OS X.

brokenflash-aLast week, Adobe released an out-of-band Flash Patch to fix a dangerous bug that attackers were already exploiting. In that advisory, Adobe said it was aware of yet another zero-day flaw that also was being exploited, but that last week’s patch didn’t fix that flaw.

Earlier this week, Adobe began pushing out Flash v. 16.0.0.296 to address the outstanding zero-day flaw. Adobe said users who have enabled auto-update for Flash Player will be receiving the update automatically this week. Alternatively, users can manually update by downloading the latest version from this page.

Adobe said it is working with its distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. Google Chrome version 40.0.2214.93 includes this update, and is available now. To check for updates in Chrome, click the stacked three bars to the right of the address bar in Chrome, and look for a listing near the bottom that says “Update Chrome.”

To see which version of Flash you have installed, check this link. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

Super Bowl Showdown

Jan. 27th, 2015 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Hey, I hear there's a big game this weekend! Anybody know who's playing?

 

 

 

 

 

....

....

So, no, huh?

Well, not sure how many of those teams will be playing, exactly, but I know who I'M rooting for:

GO, PATRITOS!!

 

Thanks to Bethany G., Alyssa F., Samantha S., Kristy F., Molly S., Amber G., & Katie S. for that stirring display of patritoism.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

When Karim Rattani isn’t manning the till at the local Subway franchise in his adopted hometown of Cartersville, Ga., he’s usually tinkering with code. The 21-year-old Pakistani native is the lead programmer for two very different yet complementary online services: One lets people launch powerful attacks that can knock Web sites, businesses and other targets offline for hours at a time; the other is a Web hosting service designed to help companies weather such assaults.

Grimbooter

Grimbooter

Rattani helps run two different “booter” or “stresser” services – grimbooter[dot]com, and restricted-stresser[dot]info. He also works on TheHosted[dot]me, a Web hosting firm marketed to Web sites looking for protection from the very attacks he helps to launch.

As part of an ongoing series on booter services, I reached out to Rattani via his Facebook account (which was replete with images linking to fake Youtube sites that foist malicious software disguised as Adobe’s Flash Player plugin). It turns out, the same Google Wallet is used to accept payment for all three services, and that wallet traced back to Rattani.

In a Facebook chat, Rattani claimed he doesn’t run the companies, but merely accepts Google Wallet payments for them and then wires the money (minus his cut) to a young man named Danial Rajput — his business partner back in Karachi. Rajput declined to be interviewed for this story.

The work that Rattani does for these booter services brings in roughly $2,500 a month — far more than he could ever hope to make in a month slinging sandwiches. Asked whether he sees a conflict of interest in his work, Rattani was ambivalent.

“It is kind of [a conflict], but if my friend won’t sell [the service], someone else will,” he said.

Rattani and his partner are among an increasing number of young men who sell legally murky DDoS-for-hire services. The proprietors of these services market them as purely for Web site administrators to “stress test” their sites to ensure they can handle high volumes of visitors.

But that argument is about as convincing as a prostitute trying to pass herself off as an escort. The owner of the attack services (the aforementioned Mr. Rajput) advertises them at hackforums[dot]net, an English language forum where tons of low-skilled hackers hang out and rent such attack services to prove their “skills” and toughness to others. Indeed, in his own first post on Hackforums in 2012, Rajput states that “my aim is to provide the best quality vps [virtual private server] for ddosing :P”.

Damon McCoy, an assistant professor of computer science at George Mason University, said the number of these DDoS-for-hire services has skyrocketed over the past two years. Nearly all of these services allow customers to pay for attacks using PayPal or Google Wallet, even though doing so violates the terms of service spelled out by those payment networks.

“The main reason they are becoming an increasing problem is that they are profitable,” McCoy said. “They are also easy to setup using leaked code for other booters, increasing demand from gamers and other customers, decreasing cost of attack infrastructure that can be amplified using common DDoS attacks. Also, it is relatively low-risk to operate a booter service when using rented attack servers instead of botnets.”

The booter services are proliferating thanks mainly to free services offered by CloudFlare, a content distribution network that offers gratis DDoS protection for virtually all of the booter services currently online. That includes the Lizardstresser, the attack service launched by the same Lizard Squad (a.k.a. Loser Squad) criminals whose assaults knocked the Microsoft Xbox and Sony Playstation networks offline on Christmas Day 2014.

The sad truth is that most booter services probably would not be able to remain in business without CloudFlare’s free service. That’s because outside of CloudFlare, real DDoS protection services are expensive, and just about the only thing booter service customers enjoy attacking more than Minecraft and online gaming sites are, well, other booter services.

For example, looking at the (now leaked) back-end database for the LizardStresser, we can see that TheHosted and its various properties were targeted for attacks repeatedly by one of the Loser Squad’s more prominent members.

The Web site crimeflare.com, which tracks abusive sites that hide behind CloudFlare, has cataloged more than 200 DDoS-for-hire sites using CloudFlare. For its part, CloudFlare’s owners have rather vehemently resisted the notion of blocking booter services from using the company’s services, saying that doing so would lead CloudFlare down a “slippery slope of censorship.”

As I observed in a previous story about booters, CloudFlare CEO Matthew Prince has noted that while Cloudflare will respond to legal process and subpoenas from law enforcement to take sites offline, “sometimes we have court orders that order us to not take sites down.” Indeed, one such example was CarderProfit, a Cloudflare-protected carding forum that turned out to be an elaborate sting operation set up by the FBI.

I suppose it’s encouraging that prior to CloudFlare, Prince was co-creator of Project Honey Pot, which bills itself as the largest open-source community dedicated to tracking online fraud and abuse. In hacking and computer terminology, a honeypot is a trap set to detect, deflect or otherwise counteract attempts at unauthorized use or abuse of information systems.

It may well turn out to be the case that federal investigators are allowing these myriad booter services to remain in operation so that they can gather copious evidence for future criminal prosecutions against their owners and users. In the meantime, however, it will continue to be possible to purchase powerful DDoS attacks with little more than a credit card or prepaid debit card.

[syndicated profile] cakewrecks_feed

Posted by Jen

I don't know if you've noticed, but there's been a lot of talk about balls lately.

Who handled the balls, how they handled the balls, the balls' temperature while they were being handled, and most importantly, is "prolate spheroid" supposed to sound like "prolapsed sphincter," or is that just another Freudian sports thing?

Which reminds me:

Cupcake?

 

Now, I may not be much of a sports fan, but I will NEVER turn my back on a current events story that lets me make lots of ball jokes.

'Cuz that'd be just nutty.

So in the spirit of ethical journalism, allow me to present:

8 Kinds Of Balls Worse Than Tom Brady's:*

[*I haven't actually read any of the articles on Deflategate, so I could be wrong on this.
There could be more than 8.]

 

Swollen Balls:

 

Lumpy Balls:

 

Poopy Balls:

 

Wrinkly Balls:

 

Steamrolled Balls:

 

Missing Balls:


 

Bieber Balls:

(Hey, anyone who's seen the Bieb's new CK ad already knows where all the extra ball inflation went, am I right?)

 

And perhaps worst of all...

Schweddy Balls:

Eww.

 

Thanks to Michelle Y., Nino F., Allison A., Cara W., Amber A., Julia K., Kathleen D., Jen S., Britt, Laura C., Diane B., and Alec Ball-dwin for sharing his irresistible Schweddy Balls.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

The Boat

Jan. 26th, 2015 01:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

IMG_3353

A year and a half ago now, I checked off a long-term bucket list item. I went to North Korea. (I blogged a lot about it, the summary is here).

It’s interesting to look back and see what sticks after that amount of time, and being in Berlin right now and learning about East Germany reminds me of North Korea at times – the military, the propaganda videos.

In particular, there is one thing we saw that I still think about often.

We were amongst the first Westerners to see the USS Pueblo.

Short version of the story: the ship was between North Korea and Russia, spying. The North Koreans objected to this, and raided the boat, killing one person and capturing everyone else. Eventually the US signed a confession, and the captives were freed.

After the captives were freed, the US retracted the confession.

One of the things that struck me when I read up on this story afterwards, was that the only substantial difference between the story as told in North Korea, and the story as told in the West is where the maritime boarder is.

North Korea claims a maritime border of 12 nautical miles. The UN wanted 3. Like many things involving this part of the world, it’s a bit opaque.

But my takeaway – it’s doesn’t have to be a web of lies, both sides can be reasonable, but different assumption – where the maritime border is – mean they go in wildly divergent directions.

In this case, it’s easy to side with UN law.

But there are plenty of places where it is less clear cut. Politics is far from the only situation where that can happen. If I think of some of the things that have made me the most angry, it’s “reasonable” people operating on what I consider to be deeply flawed assumptions.

 

Adulting meets adult toy shopping

Jan. 25th, 2015 07:16 pm
[syndicated profile] adulting_feed

Anonymous asks: So this might be too much of an adult question, but where’s a good place to shop for dildos?

Not at all! So when shopping for sex toys, remember never to buy things labeled “for novelty use only,” because they can contain dangerous chemicals and be generally body-unfriendly.

There are some great online shops — like SheBop or Babeland — that sell high-quality, body-safe toys. You can/should go ahead ahead and invest in quality, and if you’re not shy, sex-positive shops in your city have great employees that will happily help you find the right thing for you.

Good luck and godspeed with the dildo search!

[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • Feminist Bloggers Cannot Be Your Therapists | Brute Reason (January 11): “Why are people blaming feminism–the feminism of the 1970s or 80s, no less–for failing to cure what appeared to be a serious psychological issue? Why are people claiming that the solution now is simply for feminist writers and activists to be more compassionate and considerate towards male nerds like Aaronson, as though any compassion or consideration could have magically fixed such a deeply layered set of deeply irrational beliefs?”
  • Bringing back the Riot Grrrl | Marlena’s Blog (January 20): “What I found is that no matter how much I read and worked at not being an asshole or finding the “right way” to say things or get my opinions across, I could never be silent enough.”
  • Smash Bros. Community Boots Harassing Host of Their Largest Tournament | The Mary Sue (January 20): “Over the past day or so, the Smash Bros. community has come together in a big way to denounce years of harassment by the host of the largest Smash Bros. tournament around: Apex. With Apex 2015 rapidly approaching the last weekend of January, Jonathan “Alex Strife” Lugo has been forced to step down from his position at the tournament in a huge win for safety in the fighting game community.”
  • Infamous, Thoughtless, Careless, and Reckless | Mark Bernstein  (January 15): A series of posts discussing the Wikipedia Arbitration Committee’s decision to prohibit feminists from contributing to Wikipedia on issues related to gaming, gender, or sexuality. “The infamous draft decision of Wikipedia’s Arbitration Committee (ArbCom) on Gamergate is worse than a crime. It’s a blunder that threatens to disgrace the internet. “
  • Gaming while black: Casual racism to cautious optimism | Joystiq (January 16): “Freelance gaming and media writer Sidney Fussell summarized the pushback as follows: “I’ve been writing about blackness and games for about two years now and a huge majority of the negative feedback I get boils down to this: Race doesn’t belong in video games. White commenters tell me racism in games isn’t a problem. Only attention-starved reverse racists, dragging it up for clicks from white-guilt-addled gamers, still want to talk about racism. This is the burden of being a black gamer: I love games, but if I want to talk about them critically, my motives are questioned, my social ties are strained and suddenly I’m a member of the ‘PC Police’ who wants to go around ruining everyone’s fun.”
  • We’re going to keep talking about women in tech | The Daily Dot (January 14): “Here are 25 straightforward things you can do to create change – many of which won’t take more than two minutes of your time.”
  • Abusing Contributors is not okay | Curious Efficiency (January 22): “As the coordinator of the Python Software Foundation’s contribution to the linux.conf.au 2015 financial assistance program, and as someone with a deep personal interest in the overall success of the open source community, I feel it is important for me to state explicitly that I consider Linus’s level of ignorance around appropriate standards of community conduct to be unacceptable in an open source community leader in 2015.”
  • Support diversity in Linux by attending an Ally Skills Workshop at SCALE 13X | The Ada Initiative (January 21): “The Ally Skills Workshop teaches men how to support women in their workplaces and communities, by effectively speaking up when they see sexism, creating discussions that allow more voices to be heard, and learning how to prevent sexism and unwelcoming behavior in the first place. The changes that reduce sexism also make communities more welcoming, productive, and creative.”
  • The Elephant in the Keynote | Project Gus (January 19): “And while younger white male software developers are having their opinions panned by the respected older generation on stage, what does this mean for actual marginalised groups? If FOSS is ever going to achieve broad adoption, it has to appeal to more than a privileged few.”
  • OPW Successes and Succession Planning | The Geekess (January 15): “It’s been a busy winter for the FOSS Outreach Program for Women (OPW).  On October 13, 2014, seven (yes, seven!) of the former Linux kernel OPW interns presented their projects at LinuxCon Europe.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Jurassic Sweets

Jan. 25th, 2015 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Sharyn

When I was little, I read The Enormous Egg, a book about a chicken that laid a triceratops egg, and all the adventures the dinosaur had with its kid.

(By The Cake Geek)

I've secretly wanted a dinosaur ever since.

 

Mind you, not one of the ferocious ones that will eat your neighbors.

(By Vina of Mionette Cakes)

Although he's actually a real cupcake...
Sort of.

 

Still, it would probably be a good idea to stick with an herbivore.

(By Sweet Love Cake Couture)

Plus, I'd never have to trim the bushes again!

 

Yup, I want a sweet dinosaur.

One who stops to smell the flowers...

(By Experimental Cakes)

...before she eats them.

 

One who likes to gather mushrooms for dinner:

(By Little Cottage Cupcakes)

 

One who waves when I come home:

(By Cakes Decor member Laura e Virna)

 

...and one who likes to play fetch!

(By Sweet As Sugar Cakes)

(Although maybe we should stick with sticks after this. o.0)

 

Hmmm, maybe my dino will be tall enough to help me reach those high places...

(By Sugarland)

(Don't worry. He assures me he's a vegetarian.)

 

I'm sure my dino will have lots of friends.

(By Karen Dodenbier of Dutch Cakes)

 

And we'll go on fun adventures!

(By Zeph's Cakes)

 

I'll just have to keep an eye on Betty while we're out:

(By Michelle Sugar Art)

Sweet kid, but she's a real dodo.
(No, really!)

Yup, I want a sweet dinosaur, but I know I can't really have one.
Except in cake.
And I guess that's Sweet enough. For now. ;)

 

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

DIY Faux Brick Painting Tutorial

Jan. 25th, 2015 09:00 am
[syndicated profile] epbot_feed

Posted by Jen

Whether you're looking to re-paint real brick or make over some faux brick paneling, here's how to do it!

First, find a picture of a brick wall that you like, so you'll have a solid color reference. (Pinterest is great for this.) Here's my inspiration photo:

(via)

And here's my finished brick:
 

Mine doesn't match the reference exactly; I wanted it less pink and more grungy. John made three different sample boards to help me nail the colors, which is a great idea if you're like me and have trouble visualizing. Here's our sample board outside in the sunlight:

You can see a lot of dark lines in there, but in the actual room I was able to finesse the technique to avoid most of those, so I think it looks more natural:


So let's get to it!

You Will Need:

4 colors of paint:

    - the grout color (I used a creamy off-white)
    - 2 complementary brick colors, one about 2 shades darker than the other
   - the "dirt" color - a grungy dark brown or gray

Note: Make sure your brick colors are much lighter & brighter than you want the end product to look, since we're going to grunge them up a LOT. If you're unsure, this is where sample boards help!

For tools, you'll need all the usual supplies for painting a room: rollers, brushes, painter's tape, drop cloths, etc., but also, and most importantly:

-  A small, flat-edged foam roller and frame, like this:


Make sure your roller has that sharp, flat edge; the rounded edge rollers won't let you get into the corners and up against the trim, which is verrrry important.

- And a cheap chip brush (pictured above) or any other brush that has extremely stiff bristles.

Now, LET'S PAINT.

 To my knowledge there's only one kind of brick paneling out there, and this is it. Great quality, very convincing texture, and SUPER dark. (We found ours at Lowe's for about $26 per sheet.)

Step 1) Paint your brick or brick paneling the grout color. Yes, all of the brick. But don't worry about doing a second coat; this finish WANTS to look imperfect and grungy. So embrace the grunge, my friends. EMBRACE IT.


Ta-da! Grout colored walls.

Step 2) Use your handy-dandy foam roller to LIGHTLY roll the walls with the lighter of your brick colors. Since you only want the bricks themselves to catch the color, NOT the grout, roll in diagonal lines, not up-and-down or side-to-side. And only load your roller with a little paint at a time.

Your coverage won't be even close to perfect, and again, that's ok. Embraaaace the gruuuunge!

Step 3) Randomly paint individual bricks with your darker brick color. You can do this with your little foam roller, or paint them in with a brush. Either way.

(Sorry for the terrible cellphone pics, btw; I didn't think about writing up a tutorial while we were doing this!)

Now, are you ready... FOR THE MAGIC?!


Step 4) This is the most important step, so here's where you'll want to spend most of your time. That said, it's ridiculously fast and easy; in essence, you're just repeating Step 2, only with the "dirt" paint color. A few tips, though:

- Load your foam roller with the dark paint, and then roll it out on a scrap piece of cardboard or wood several times to get most of it off again. You've heard of dry-brushing? This is "dry-rolling."

- GENTLY start rolling over a patch of bricks in several different directions, to avoid any obvious up-and-down lines. You can always add more, and a little goes a loooong way, so start out light!

- After you've rolled out a bit and your foam roller is pretty dry, go ahead and start pressing harder into those grout lines, so they pick up a little grungy magic, too.

- Get as close to the trim and corners as you can with your roller, but don't worry; you'll be coming back for those later.

- Contrast Is King, so don't be afraid of dark spots, lines, and imperfections. Trust me, that "oops" moment will probably end up your favorite!

Step 5) When all of your walls are done, it's time to go back to those corners and trim areas you couldn't quite reach with the roller. See the white line in my corner here?

Touch those areas up with your stiff brush, pouncing in a tiny bit of color at a time. I actually made my corners darker than the rest of the wall for a kind of vignette, which I think really frames the room nicely:


Step 6) Touch-up time! Step back, and see where your wall needs a bit more dirt. Use your stiff brush to dry-brush any grout lines that look too clean.

This is also the time to address any paneling seams, since those can leave obvious vertical lines. Use a small artist brush and pounce on more "dirt" to help hide those lines.


I also sanded my paneling seams prior to painting, which helped a lot. Just use a little sandpaper and hit each brick that straddles the seam, since this paneling tends to have a slightly raised lip right at that edge. And if there's a gap, of course, fill that up with caulking. (Again, do this before painting. Heh.)

Step 7) Step back and enjoy the view!



I hope this was helpful, guys! Feel free to ask any questions in the comments!

********

And for my fellow pinners, here's the best "before-and-after" shot I could come up with:


This Week

Jan. 25th, 2015 01:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

Click to view slideshow.

Life

Enjoying Berlin, meeting people and touristing. I have a friend visiting from Canada, which is great. Still – still – coughing like I have typhoid but mostly when I’m cold so I’m getting back into working out more. Although still no swimming – sadness.

Met up with another man in tech for The Project (so far it’s going pretty well).

Was 24 miles short of Gold status (thanks to all the flights last year that didn’t count – grr!) but Air Canada let me have it anyway, which was nice!

Work

Sent out the new faster build and my unit tests failed me so the images were reversed (basically when I refactored helper assert methods out into a separate class I messed them up). Fixed everything, and got some UX feedback, will work on that and send out a new build.

Really got started on Android, and got the home screen working. Spent a lot of time searching for what to search for – the hardest thing about moving onto a platform I’m less familiar with is I’m not sure what everything is called! I need to read more of the book.

Confirmed that I will be speaking at mdevcon, sharing some strategies I use for unit testing UI code on iOS. Also NSConference is coming up – really excited to be there, the lineup looks great.

Places

Continuing to visit my favourites Tabibito, Roamers, and the Croissanterie, but exploring some new places including Floor’s (breakfast), The Barn (coffee shop), Susuru (udon, great decor), Companion Coffee, Mayflower (delicious Chinese food), Izumi (sushi, okay), Just a Bite (fancy tiny cupcakes, meh), Toca Rouge (Asian fusion, I don’t think I ordered well), Reisschale (Asian, cheap, I had a nice Thai red curry), Lagari (brunch!), Ron Telesky’s (so Canadian, there are moose, and a pizza called the Rob Ford) and Fräulein Wild (cake!).

Went to the Palace of Tears or the Tränenpalast, which is about the divide between East and West Berlin. It’s named for the station where people would have to say goodbye to their loved ones. It’s a great, and free, museum. I particularly liked the news real that contrasted news footage from the east with footage from the west, to compare and contrast.

I also went to the Designpanoptikum which is a surrealist museum of collected objects that combine form and function. It’s like, art from industrial design. Including an Iron Lung. The guy who runs it is absolutely fascinating and hilarious.

Media

Watching Kourtney and Khloe take the Hamptons (very dramatic!). Apparently I have reached a milestone in The Black Swan and the rest can be viewed as kind of an appendix. Essentially the conclusion is a trading strategy: take a small amount of very high risk with a very high potential upside.

Read The Beach Hut Next Door, The Year I Met You (Cecelia Ahern always writes such thought provoking books), An Eligible Bachelor.

Product links Amazon.

Published

A new edition of Technically Speaking is out, and @chiuki shared her notes from the hangout last week.

I’m quoted in this article in Time!

Also my UIImage test post is discussed on the iOS Bytes podcast.

We launched a redesign (by @krotondo) of the Male Allies bingo card, get it at maleallies.com.

On The Internet

[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • Hacker Mythologies and Mismanagement | Betsy Haibel at Model View Culture (20 January): “There’s nothing wrong with recognizing that some software engineers conform to nerd and/or hacker stereotypes. There’s also nothing wrong with recognizing that engineering is a discipline that requires concentration, or a creative profession in which work may sometimes come in difficult fits and starts. But the idea that engineering culture should map one-to-one to the existing and coherent nerd subculture is dangerous. Our myths about engineering become excuses for why someone is struggling. They discourage teamwork as a drag on productivity, rather than seeing it as a multiplier. They encourage coders to Other disfavored employees as “not real engineers,” creating clearly defined in- and out-groups. They encourage everyone to view coding ability as an innate orientation rather than as a trained capacity, which corrupts both hiring and professional development practices.”
  • Infamous | Mark Bernstein (15 January): [I found this site’s colours and text difficult to read, and it gave me a headache.] “GamerGate set out to writes its own story in Wikipedia – and to spread the dirt about the women who were its targets. These efforts were blocked by established editors under established Wikipedia policy. In retaliation, GamerGate planned an operation to get rid of its opponents – the “Five Horsemen” active in preserving objectivity and in keeping scurrilous sexual innuendo out of the encyclopedia.”
  • Gaming while black: Casual racism to cautious optimism | Jessica Conditt at joystiq (16 January): “”Gaming culture is a direct reflection of our society,” [Dr. Kishonna Gray] said. “The only reason racism and sexism run rampant in gaming is because racism and sexism run rampant in society. But in physical spaces, mostly, it’s not overt. It’s subtle. It’s covert. So, yes, these issues manifest in a similar manner in gaming, but I contend that they present themselves worse. It’s not subtle. It’s in-your-face racism. A black person may not be called a nigger to their face, but they can almost guarantee it will happen in virtuality.””
  • Male Allies Bingo Card | Karen Catlin, Cate Huston, Kathryn Rotondo (15 January): “As we look ahead to 2015, we’re hopeful that more men will show up as allies for women in the tech industry. That you will take a stand. That you will leverage your voices and your power to make real change to improve diversity. The tech industry desperately needs it. And here’s what we hope to hear from you.”
  • Call for Donations and Nominations to Wiscon Member Assistance Fund | Chris W at WisCon (2 December): “Every year, we try to help as many people as we can come to WisCon. It’s the time of year when we ask you to please consider contributing to the member assistance fund. […] All nominations need to be made by midnight, PST, February 15, 2015.”
  • C is Manly, Python is for “n00bs”: How False Stereotypes Turn Into Technical “Truths” | Jean Yang at Model View Culture (20 January): “Judgments about language use, despite being far from “objective” or “technical,” set up a hierarchy among programmers that systematically privileges certain groups. Software engineers sometimes deride statistical analysis languages like R or SAS as “not real programming.” R and SAS programmers, in turn, look down at spreadsheet developers. Software engineers also distinguish between front-end (client-facing) and back-end (server) code, perceiving writing server code to be more “real.””

A few links about Shanley Kane, co-founder of Model View Media, and the terrible retaliation for her criticism of the Linux community. [For all of these links: Warning for organized hate campaigns, sexual abuse, stalking, and domestic violence.]

  • My Statement | Shanley at Pastebin (20 January): “Last Thursday, I criticized the Linux community for continuing to support and center a leader with a years-long, documented history of unrepentant abusive behavior, someone who has actively and systematically nurtured a hostile, homogeneous technical community, and someone who has long actively chased people from marginalized groups out of open source. The retaliation has been terrifying.”
  • What it was like to co-found Model View Culture with Shanley Kane | Amelia Greenhall (20 January): “One year ago, in January 2014, I hit the enter key and launched Model View Culture, a new publication and media platform focused on technology, culture, and diversity. Later that month, I stood onstage in front of 200 people at our launch party with my business partner, Shanley Kane. Four months later I resigned. I put up a post on my blog titled “Leaving Model View Culture” that quietly stated that I had resigned due to irreconcilable differences with my business partner without going into much detail about why. I took the summer off to work on a few personal projects, and returned to working as a designer. Now I am ready to share more of the story.”
  • Brutal Optimization | Rachel Shadoan at Storify (20 January): “When you have to wade through an ocean of horror to participate in our communities, what are our communities optimizing for? […] Let’s examine our ideals, FOSS folks. Do we want to be a community where you can only participate if you can survive the brutal terrorizing?”
  • The Elephant in the Keynote (LCA 2015) | Project Gus (19 January): “In all three of these questions I see a common thread – people (particularly younger people) not wanting to engage with kernel development or the Linux community in general. It’s not even necessarily a diversity issue – Matthew Garrett & Thomi Richards are both younger white men, demographics traditionally over-represented in open source ranks. I’m in that same demographic, and with a background in systems programming and writing hardware-level code I’d be naturally interested in learning to contribute to the kernel. The major detractor for me is the community’s demeanor. […] I don’t mean to play down the importance of diversity in open source. I think these issues are also extremely important and I think Thomi and Matthew do as well. It’s just that even if you leave the (traditionally polarising) issue of diversity completely aside, the answers we heard on Friday are still problematic. Considering the diversity angle just compounds the problem with additional layers of alienation. […] And while younger white male software developers are having their opinions panned by the respected older generation on stage, what does this mean for actual marginalised groups? If FOSS is ever going to achieve broad adoption, it has to appeal to more than a privileged few.”
  • The Trouble With Heroes | Flower Horne (20 January): “If you only support abuse victims if they meet your standard of ‘deserving,’ then you don’t support abuse victims at all. You’re using abuse and your ability to withhold support as a means of manipulating and controlling vulnerable populations.That’s an abuser tactic.”

 


 

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

[syndicated profile] geekfeminism_feed

Posted by Tim Chevalier

It’s never been clearer that neutral point of view is a joke.

The Arbitration Committee (ArbCom) is the highest user-run body on Wikipedia, or “Wikipedia’s supreme court”. Contrary to its public image as a freewheeling, anarchic site where anyone can edit, Wikipedia actually is a bureaucracy to rival the IRS.

ArbCom’s latest decision: banning five editors who in their personal lives are feminists from editing feminism-related articles. Specifically, all five editors had been attempting to rewrite Wikipedia articles with a pro-Gamergate slate to have a more neutral point of view. No editors who’d expressed a pro-Gamergate point of view in their personal lives were banned; five feminists were.

I’ve previously written on my blog about how Wikipedia administrators decided I couldn’t be neutral because I identified at the time as genderqueer. But if this latest twist isn’t Wikipedia throwing down the gauntlet to declare that “neutral point of view” really means “point of view that soothes white, heterosexual, cis, abled men’s egos”, I don’t know what is.

The Guardian has the full story.

Friday Favs 1/23/15

Jan. 23rd, 2015 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Some of my favorite new submission this week:

 

If that Frozen fiasco on Monday taught us anything, it's to be specific when you order a cake. After all, as Lynn's grandmother discovered, one person's "Ninja Turtle cake" is another's "Meh, just stick an empty pencil box on it."

I like how the green sprinkles really tie the whole thing together.

 

And speaking of Frozen, don't you hate it when you post a whole bunch of Frozen cake kit wrecks, only to have THE BEST ONE EVER come in the very next day?

Admit it, bakers: at this point you're just screwing with me.

 

Now, you might think that if a bakery only had to put a single edible image on a cake - an image that you made and printed out for them - then there'd be no possible way for that to go wrong.

You might think that...

...but you would be so, so wrong.

(Clearly the baker just wanted to protect the identities of those poor musicians.)

 

Indecent Proposal:

 

 

Tricia actually wanted the baker to draw a sad face, but I think this still works:

Awww.

 

And finally,

The Good News: Airbrush stencils are easy, guarantee correct spelling, and save time!

The Bad News: People are still dumb.

Bummer.

 

Thanks to Lynn M., MJ, Robin C., Liz A., Tricia M., & Tia K., who's pretty sure that baker will never invent Skynet, so hey, SILVER LINING.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

Credit: Wikipedia

Credit: Wikipedia

First thing learned when starting to make apps. Was making an app about beauty products. Went looking for people who would purchase beauty products (Oxford Street!) started in Starbucks.

Asked for 5 minutes.

People were really nice, if it wasn’t for them wouldn’t have discovered how hard it was for people to get to the product page.

People daunted, confused, takes a lot of time.

If release it like that you’ll get app store reviews of 1* “your app is shit”, this doesn’t help you figure out what is wrong.

If you take the time to sit down can uncover issues and learn a lot in the process. Doesn’t have to have a 2-way mirror, can just sit down and learn the application and see what they do.

Analytics will tell you what, but not why. We want apps to be intuitive. How? Listen to the people who use your apps every day.

Why don’t we test?

  • We forget.
  • We don’t always know how.
  • We don’t see the benefit.
  • We’re scared.

Getting involved makes you a better developer.

Running automated tests isn’t enough, need to get your hands dirty.

WHY do it?

  1. Save dev time, throw away less code.

Money transfer site.

  • 9 months dev
  • Tested day before launch.
  • Ranked lowest in comparison to competitors.
  • CEO pulled the plug. Not launching tomorrow.
  • If people couldn’t use it, would just get a bad rep.

Build a better product from day 1.

More code you write the better you are at it. Same for this. Devs get better at tackling problems, the more you watch users struggle.

  • We can help. We know what’s possible.
  • Can see what people are trying to do, build it, make it easier for them.
  • Data driven decision in your team.
  • Know how it works, but can be surprised when put it into someones hands.
  • Tap and hold (iOS), suggested for edit a note. People disagreed, but thought it would work. Put it into user testing and everyone managed just fine. People knew, because it’s how you delete apps. Could have turned out the other way, but at least now it was based on some kind of data.
  • No-one starts out with all the answers.

SwiftKey been doing this for the past few months. Had no time to lose, tested every single week.

  • Helps you understand changes.

Spent ages working on something, want to know why. If you see someone struggle, makes a lot more sense.

  • Helps connect to the people you build for.

When stuck behind your laptop don’t see scared face. Someone who doesn’t get what they should do.

E.g. “the case of the missing text” – can’t let it go when seen someone experience that. Can’t ship with a bug like that. Fix it.

How Does This Fit In?

  • Do I have time for that?
  • Depends on how you work. UX team.
  • Watch one session a week (if do weekly testing).
  • Brings people and experiences into discussions.
  • Put it into people’s hands.

DIY

Need people.

  • Target audience.
  • 5 people.
  • 80% usability issues.
  • Aim for 6-8.

Content

  • Tasks
  • Prep
  • Observations
  • Prompts
  • e.g. Could you delete a notebook?
  • Have to have the right content
  • Follow up from previous tasks.

Pointers

  • Do they ever swipe?
  • Can they press buttons easily
  • How do they respond to a prompt?

Promtps

  • How would you think you could do that?
  • How do you do this normally/elsewher?

Ask:

  • What do you think happened to the content?
  • Did you feel you could do this by accident?
  • Why did you do what you just did?
  • What did the action remind you of?

Measure

  • How easy was that?
  • What did you like?
  • How could it be better?

Preparation.

  • Welcome them
  • “We’re testing the product, not you”
  • “Please, talk out loud”
  • “Nothing will offend us”

Interaction During the Session

  • Don’t help
  • Don’t encourage
  • Use your prompts
  • Keep the conversation going.

People say devs shouldn’t do user testing. Because we made it, so much easier for someone independent rather than involved. Subconsciously will smile when they get it right, be annoyed when they get it wrong. Users want you to be happy, will try and please you.

(Solves this by being enthusiastic all the time)

Closing Qs

  • Repetition of good and bad
  • “how much would you pay?”
  • likelihood of recommendation (1-10) (NPS)
  • “What would we need to get to that 10?”

Tips

  • Focus on observation
  • Be positive
  • Be conversational

Outcomes

What do do with results? Fix them. Any major issues will surface

There’s nothing like watching someone in love with what you made.

On Getting Paid to Speak

Jan. 23rd, 2015 04:20 am
[syndicated profile] geekfeminism_feed

Posted by Guest Blogger

In response to a thread on a private mailing list, a prominent woman in tech wrote this fantastic rundown of the details of getting paid to speak, including which speaker bureaus represent which kinds of speakers. We are re-posting an anonymized version of it with her permission in the hopes that with better information, more women will get paid fairly for their public speaking. Paying women fair wages for their work is a feminist act. This advice applies primarily to United States-based speakers; if you have information about international speaker bureaus, please share it in the comments!

Question: I’m interested in speaking with [members of the private mailing list] who either speak via a speaker bureau/agency, or otherwise get paid for their speaking gigs. I have done an absolute ton of speaking in the past few years (including several keynotes) and I know I’m at the level where I could be asking for money for my speaking, and I also need to reduce the amount I sign up for in order to focus on my own projects. So I’m on the market for an agency and would love to hear numbers from other folks who charge for giving talks. I know several women who ask for $1000-$2000 plus travel costs for engagement, but would love to know if that is typical or low as I definitely do know dudes who get much more.

Thanks!

PS this was a very scary email to write! Asking for others to value your work as work is really difficult!

Answer: I have a lot of experience with this & have done a lot of research. The main U.S. bureaus are:

  • The Leigh Bureau, which represents Nate Silver, Joi Ito, danah boyd, Tim Wu, Don Tapscott, Malcolm Gladwell, etc. Leigh tends to represent so-called public intellectuals, and to do a lot of work crafting the brand and visibility of their speakers in well-thought-out laborious campaigns. It tends to represent people for whom speaking is their FT job (or at least, it’s what pays their bills). Leigh does things like organize paid author tours when a new book comes out. Being repped by Leigh is a major time commitment.
  • The Washington Speakers Bureau: Jonathan Zittrain, Madeleine Albright, Tony Blair, Katie Couric, Lou Dobbs, Ezra Klein. These folks specialize in DC/public policy.
  • The Harry Walker Agency: Jimmy Wales, Bill Clinton, Larry Summers, Steve Forbes, Bono, Steven Levitt, Cass Sunstein. These folks tend to rep celebrities and DC types: busy people for whom speaking is a sideline.
  • The Lavin Agency: Jared Diamond, Anderson Cooper, Jonathan Haidt, Lewis Lapham, Steve Wozniak. Lavin does (sort of) generalist public intellectual think-y type people, but is way less commitment than e.g. Leigh. Lavin reps people whose main work is something other than speaking.

(There are probably lots of others including ones that are more specialized, but these are the ones I know.)

I went with Lavin and they’ve been fine. The primary benefits to me are 1) They bring me well-paying talks I wouldn’t otherwise get; 2) they take care of all the flakes so I don’t have to, and they vet to figure out who is a flake; 2) they negotiate the fee; and 3) they handle all the boring logistical details of e.g. scheduling, contractual stuff, reimbursements, etc. I mostly do two types of talks:

  1. The event organizers approach me, and I send them to Lavin. About 80% of these invitations are just [stuff] I would never do, because it pays nothing and/or the event sounds dubious, the expected audience is tiny, I have no idea why they invited me, or whatever. But, about 20% are people/events that I like or am interested in, like advocacy groups, museums, [technical standards bodies], [technical conferences]; TED-x. If I really like the organizers and they are poor, sometimes I will waive my fee and just have them pay expenses. (Warning: if there is no fee, the bureau bows out and I have to handle everything myself. Further warning: twice I have waived my fee and found out later that other speakers didn’t. Bah.) If I get paid for these events, it’s usually about 5K.
  2. The event organizers approach Lavin directly, requesting me. These tend to be professional conferences, where they’re staging something every year and need to come up with a new keynote annually. These are all organized by a corporation or an industry association with money — e.g., Penguin Books, Bain, McKinsey, the American Society of Public Relations Professionals, the Institute of E-Learning Specialists, etc. I do them solely for the money, and I accept them unless I have a scheduling conflict or I really cannot imagine myself connecting with the theme or the audience. These talks are way less fun than the #1 kind above, but they pay more: my fee is usually 25K but occasionally 50K.

For all my talks I get the base fee plus hotel and airfare, plus usually an expenses buyout of about $200 a day. A few orgs can’t do a buyout because of internal policies: that’s worse for me because it means I need to save receipts etc., which is a hassle. Lavin keeps half my fee, which I think is pretty typical. In terms of fees generally, I can tell you from working with bureaus from the other side that 5K is a pretty typical ballpark fee that would usually get a speaker with some public profile (like a David Pogue-level of celebrity) who would be expected to be somewhat entertaining. The drivers of speaker fees are, I think 1) fame, 2) entertainment value and 3) expertise/substance, with the last being the least important. The less famous you are, the more entertaining you’re expected to be. Usually for the high-money talks, there is at least one prep call, during which they tell me what they want: usually it’s a combination of “inspiration” plus a couple of inside-baseball type anecdotes that people can tell their friends about afterwards. The high-money talks are definitely less fun than the low-money ones: the audiences are less engaged, it’s more work for me to provide what they need, everybody cares less, etc.

When I spoke with [a guy at one agency] he told me some interesting stuff about tech conferences, most of which I sadly have forgotten :/ But IIRC I think he said tech conferences tend to pay poorly if at all, because the assumption is that the speaker is benefiting in other ways than cash — they’re consultants who want to be hired by tech companies, they’re pitching a product, trying to hire engineers, building their personal brand, or whatever. Leigh says they’re not lucrative and so they don’t place their people at them much. The real money is in the super-boring stuff, and in PR/social media conferences.

Hope this is useful!

We certainly found it useful. Here are some additional resources which came up in the mailing list thread:

Flash Patch Targets Zero-Day Exploit

Jan. 22nd, 2015 05:54 pm
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Adobe today released an important security update for its Flash Player software that fixes a vulnerability which is already being exploited in active attacks. Compounding the threat, the company said it is investigating reports that crooks may have developed a separate exploit that gets around the protections in this latest update.

brokenflash-aEarly indicators of a Flash zero-day vulnerability came this week in a blog post by Kafeine, a noted security researcher who keeps close tabs on new innovations in “exploit kits.” Often called exploit packs — exploit kits are automated software tools that help thieves booby-trap hacked sites to deploy malicious code.

Kafeine wrote that a popular crimeware package called the Angler Exploit Kit was targeting previously undocumented vulnerability in Flash that appears to work against many different combinations of the Internet Explorer browser on Microsoft Windows systems.

Attackers may be targeting Windows and IE users for now, but the vulnerability fixed by this update also exists in versions of Flash that run on Mac and Linux as well. The Flash update brings the media player to version 16.0.0.287 on Mac and Windows systems, and 11.2.202.438 on Linux.

While Flash users should definitely update as soon as possible, there are indications that this fix may not plug all of the holes in Flash for which attackers have developed exploits. In a statement released along with the Flash update today, Adobe said its patch addresses a newly discovered vulnerability that is being actively exploited, but that there appears to be another active attack this patch doesn’t address.

“Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player,” Adobe said. “Additionally, we are investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists in the wild.”

To see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash, although as of this writing it seems that the latest version of Chrome (40.0.2214.91) is still running v. 16.0.0.257

The most recent versions of Flash are available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

I am looking forward to day in which far fewer sites require Flash Player to view content, and instead rely on HTML5 for rendering video content. For now, it’s probably impractical for most users to remove Flash altogether, but there are in-between options to limit automatic rendering of Flash content in the browser. My favorite is click-to-play, which is a feature available for most browsers (except IE, sadly) that blocks Flash content from loading by default, replacing the content on Web sites with a blank box. With click-to-play, users who wish to view the blocked content need only click the boxes to enable Flash content inside of them (click-to-play also blocks Java applets from loading by default).

Windows users also should take full advantage of the Enhanced Mitigation Experience Toolkit (EMET), a free tool from Microsoft that can help Windows users beef up the security of third-party applications.

Update 11:05 p.m. ET: Adobe just issued a bulletin confirming that this latest patch does not protect Flash users against all current, active attacks. The company says it plans to release an update the week of Jan. 26 to address this other security issue.

"Write!" Said Fred

Jan. 22nd, 2015 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

It's handwriting analysis week, minions, so I'm here to demonstrate this fascinating science.
What does your baker's work say about them? Let's find out!

 

- Passive-aggressive

 

- Uses "jazz hands"

 

- Writes erotic Zombie fan-fic

 

- Cries during yogurt commercials

 

- twerks

 

- Collects spores, molds, and fungus

 

- Has to pee

 

- Pushes ALL the elevator floor buttons

 

- Gym grunter

 

- Conspiracy theorist

 

- Magician

 

Hope this helps you see those wrecks in a whole new light, minions! And remember: an upward slanting signature with extra long loopy bits means you have excellent taste in websites, so congrats on that.

 

Thanks to Kate M., Jill S., Johnny E., Sara G., Sarah S., Kelly D., David F., Jasmine K., Lacey C., Jenny H., & Shelly D., who are all too sexy for my party.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Two different readers have written in this past week to complain about having their Starwood Preferred Guest loyalty accounts hijacked by scammers. The spike in fraud appears to be tied to a combination of password re-use and the release of a tool that automates the checking of account credentials at the Web site for the popular travel rewards program.

spgThe mass compromise of Starwood accounts began in earnest less than a week ago. That roughly coincides with a Starwoods-specific account-checking tool that was released for free on Leakforums[dot]org, an English-language forum dedicated to helping (mostly low-skilled) misfits monetize compromised credentials from various online services, particularly e-retailers, cloud-based services and points or rewards accounts.

The tool is little more than a bit of code that automates the checking of account credentials stolen from other data breaches, to see if the stolen credentials also work at Starwoods.com. These types of account checking tools work because — despite constant advice to the contrary — a fair number of Internet users will rely on the same email address (username) and password pair for accounts at multiple sites.

The release of the account checking tool caused numerous Leakforums denizens to run the tool against various username and password lists stolen in previous data breaches. In less than 24 hours after its release, there were more than a half dozen Leakforums members selling compromised accounts. One seller advertised a Starwood account with 70,000 points for sale at just $3, while accounts with about 40,000 points sold for $1.50.

The release of an account checking tool for Starwood credentials has prompted dozens of  miscreants to sell and cash out hijacked Starwood reward points.

The release of an account checking tool for Starwood credentials has prompted dozens of miscreants to sell and cash out hijacked Starwood reward points.

According to a tutorial posted on the forum, hijacked account buyers “cash out” their purchases by creating new Starwood accounts and then forcing the hijacked account to transfer its account balance to the new account. The reward points are then exchanged for gift cards that can be used as cash.

Starwood does offer customers the option to receive email or text message alerts when account changes are made. But the tutorial on Leakforums encourages buyers to change the email address, password and other contact information on the victim’s account, effectively locking out the legitimate user.

Chris Holdren, senior vice president of global and digital at Starwood Preferred Guest, said the attacks of the past week track closely to the fraud patterns that have hit other loyalty programs in recent months, including Hilton Honors.

“They appear to be using credentials from elsewhere and seeing how many of those match up to Starwood accounts to see how many hits they can get,” Holdren said.

Holdren added that Starwood users who have had their accounts hijacked will not lose points due to fraud, a claim that was backed up by at least one of the two readers who initially contacted KrebsOnSecurity about being victimized by fraudsters.

“Not one guest is going to lose even a single Starwood point through this activity,” Holdren said. “We have a very large team globally mobilized to combat it.”

Could companies like Starwood be doing a lot more to facilitate safer login procedures, such as 2-step authentication? Absolutely. Even so, far too many people re-use the same passwords at multiple sites that hold either their credit card information or points that can easily be redeemed for cash.

[syndicated profile] epbot_feed

Posted by Jen

I feel like this week the internet finally shook off its holiday/new year doldrums, and started churning out the Good Stuff again, you know? It's been weeks since I found much online to really inspire or capture my imagination, and now suddenly I'm seeing all KINDS of goodies! (Granted, that could be a reflection of my own doldrums-shaking, but still.)

Some of my favorites:

Glowing Mushroom Tutorial by Matt over at Instructables:

These mushrooms are incredibly life-like, and other than the LED wiring, look pretty simple to make! (Just a little silicon caulking and paint, if you can believe it.) I want to make some to display in a glass dome, like a steampunky specimen jar. Would look SO COOL at night.

Oh, and another instructables user made some with blue LEDs:

Awesome.


My favorite photographer, Tom Bricker, did a quick tutorial on Blending Image Layers:


Wowie.

And while we're at it, Tom went to an Owl Cafe in Japan - an OWL CAFE, people - and wrote up a review of the experience, which is fascinating.  I want this one:
 
Yep. DO WANT.


For my fellow Borderlands fans: there's an 11-inch tall, remote-controlled Claptrap coming out in March, and he looks suh-WEET:


He'll cost about $400, and there will only be 5000 made, so... I guess I'll just console myself with our life-sized Claptrap coming together in the garage. Heh.  (More details over at Mashable.)


Remember Lammily, the "realistic fashion doll" that went viral for re-imagining Barbie with actual human proportions? Well in that general spirit, there's a Tasmanian artist now giving Bratz dolls some surprisingly sweet "make-unders:"

Tree Change Dolls repaints the faces, (un)styles the hair, molds new feet, and then outfits these thrift-store finds in clothes she and her mother make by hand:


As I said, the results are surprisingly sweet! Her out-doorsy finished photos really capture the innocence of a much younger and less self-conscious childhood, and the contrast between the dolls' before and after pics could be taken for a serious commentary on today's society - should you be so inclined. (Or if not: lookie! Pretty dolls! :))


Head over to the Tree Change Dolls Tumblr for lots more before-and-afters, and watch that site for her Etsy shop, which she says is coming soon. (And hat tip to Neatorama for the link.)

Another excellent Neatorama find: 40+ DIY uses for wine corks. Most are about what you'd expect (trivets, anyone?), but there are a few real gems in there! My favorite are the drawer pulls from Dollar Store Crafts:

Not sure how durable they'd be long-term, but considering the cost is $FREE, this would be awesome for rustic, vintage, or steampunky designs.

Sue of All Natural Arts just made her best watch-part sculpture yet for Edgar Allen Poe's birthday:

Seriously, how stunning is this?? Sue uses real vintage pocket watches, and those are all tiny watch parts - see how the raven's wings are tiny clock hands? And as if that weren't enough, the pendulum under Poe's ear actually swings back and forth. SWOON.

And finally, in adorable robot news, look what Disney just made!

  This too-cute-for-words, turtle-shaped "Beach Bot" can draw pictures in the sand. Big, BIG pictures:

 And it's orange! ORANGE!!

Ahem.

More over at Wired, where you can watch a video of the BeachBot in action.


So what's inspiring you this month, guys? Hit me up with some more Good Stuff in the comments!

In Which John Gets An Earful...

Jan. 21st, 2015 01:57 pm
[syndicated profile] epbot_feed

Posted by Jen

For those of you not on Facebook, just wanted to let you know John's ear surgery was a total success, and his recovery has been nothing short of amazing!

Just look at that devilish glint in his eye.  Mrowr.

There was a scary few minutes not too long before I took this photo; John almost passed out while the nurse attempted (and failed) to place an IV in his hand - all while describing what she was doing in excruciating detail. (If you ever get the chance, have John tell you this story; it's hilarious, in a cringe-inducing, horrific kind of way.)

Anyway, John's heart rate dropped down to 30bpm while he was NOT passing out,* so they had to give him adrenaline to kick it back up again. Then they came out to the waiting room and got me.

[*John is very adamant on this point. He did not pass out. He just saw swimming ceiling tiles and sent the entire staff into a tizzy while his vitals tanked.]

John looked like hell frozen over when I got back there, and seeing him in an oxygen mask and hooked up to a zillion machines brought back some awful memories of his near-death illness on our first book tour, but before long his color returned, and we were chatting and laughing again.

More good news: the doc was able to do everything without cutting outside the ear, so there are no clunky bandages to change, *and* he found the problem and was able to fix it.

[For those curious: John had a benign tumor removed from his ear when he was 11, and they had to replace most of his ear guts (technical term!) with plastic and cadaver bones. Over the years that shifted and pressed against his ear drum, causing it to deteriorate. So the doc reset the old fix and replaced the damaged part of the ear drum.]

They sent us home with dire warnings of rampant dizziness, pain, and nausea, but - knock on wood - John hasn't so much as needed a Tylenol until today, and he's been rock steady from the moment I helped him out of the hospital bed. I'm starting to suspect he's not even human.

But the best part? Monday night John came to find me in the office, all excited. "JEN," he said, "I can hear myself breathing in my right ear. I can hear it when I brush my hand against that ear! And everything is SO LOUD."

He was grinning so hard there were tears in his eyes.

So I think I speak for us both when I say: "Worth it." 


(John's surgical packing comes out in another week, and after that we'll know if his hearing is really back to 100%. Hopefully that will also help him feel like he's not shouting all the time, since he can hear himself SUPER well right now with that ear all plugged up. Ha!)

Java Patch Plugs 19 Security Holes

Jan. 21st, 2015 02:55 pm
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Oracle this week released its quarterly patch update for Java, a widely-installed program that for most casual users has probably introduced more vulnerability than utility. If you have Java installed and require it for some application or Web site, it’s time to update it. If you’re not sure you have Java on your computer or are unsure why you still have it, read on for advice that could save you some security headaches down the road.

javamessOracle’s update brings Java 7 to Update 75 and Java 8 to Update 31, and fixes at least 19 security vulnerabilities in the program. Security vendor Qualys notes that 13 of those flaws are remotely exploitable, with a CVSS score of 10 (the most severe possible score).

Java 7 users should know that Oracle plans to start using the auto-update function built into the program to migrate those users to Java 8 this week.

According to a new report (PDF) from Cisco, online attacks that exploit Java vulnerabilities have decreased by 34 percent in the past year. Cisco reckons this is thanks to security improvements in the program, and to bad guys embracing new attack vectors — such Microsoft Silverlight flaws (if you’re a Netflix subscriber, you have Silverlight installed). Nevertheless, my message about Java will remain the same: Patch it, or pitch it.

The trouble with Java is that it has a very broad install base, but many users don’t even know if they have it on their systems. There are a few of ways to find out if you have Java installed and what version may be running. Windows users can check for the program in the Add/Remove Programs listing in Windows, or visit Java.com and click the “Do I have Java?” link on the homepage. Updates also should be available via the Java Control Panel or from Java.com.

If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. In the past, updating via the control panel auto-selected the installation of third-party software, so be sure to look for any pre-checked “add-ons” before proceeding with an update through the Java control panel.

Otherwise, seriously consider removing Java altogether. I have long urged end users to junk Java unless they have a specific use for it (this advice does not scale for businesses, which often have legacy and custom applications that rely on Java). This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants.

If you have an affirmative use or need for Java, there is a way to have this program installed while minimizing the chance that crooks will exploit unknown or unpatched flaws in the program: unplug it from the browser unless and until you’re at a site that requires it (or at least take advantage of click-to-play, which can block Web sites from displaying both Java and Flash content by default). The latest versions of Java let users disable Java content in web browsers through the Java Control Panel. Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java.

For Java power users — or for those who are having trouble upgrading or removing a stubborn older version — I recommend JavaRa, which can assist in repairing or removing Java when other methods fail (requires the Microsoft .NET Framework).

Many people confuse Java with  JavaScript, a powerful scripting language that helps make sites interactive. Unfortunately, a huge percentage of Web-based attacks use JavaScript tricks to foist malicious software and exploits onto site visitors. For more about ways to manage JavaScript in the browser, check out my tutorial Tools for a Safer PC.

Sobering Celebrations

Jan. 21st, 2015 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Choosing the right cake design to go with your message is key. After all, you wouldn't want anyone to get the wrong idea, now, would you?

Aw, now there's a warm welcome.

(And if you think an overly enthusiastic volunteer fire brigade might spell disaster, you're wrong. It spells "neiborhood.")

 

Baptism, baseball...they both involve dunking, right?

[UPDATE: I have just been informed that baseball does not, in fact, have dunking. Apparently that's hockey. My bad.]

 

Ah, Niko. That boy is creeping up on death like a herd of geriatric turtles. Why, it seems like only yesterday you were playing with Thomas the Tank Engine, huh, Niko? Maybe because it WAS only yesterday, but still.

(No, the 5 is not a typo; this really was for a fifth birthday party.)

 

Whoops, Karen T., Karen G., & Tammy C., apparently geriatric turtles come in flocks.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

IMG_7749

I’ve been working on this app which relates to my obsession with color. It’s an image processing app, and you can see some pictures made with it on our Tumblr.

This involved learning about how to take images apart and put them back together, rewriting a lot of stuff in C for performance, etc. But one of the other problems I faced was a question of how to test things involving images? How do I create test images? And how do I compare them?

Creating Test Images

The simplest way to do this is to to draw the image into context. This is super not performant, so isn’t really viable for much other than small test images, but does work.

I have three little helper functions that create some test images that I can work with.

The other thing I have is a function that turns an array of UIColors into an image. This is a bit more complicated, but helpful for some tests.

Comparing Images

This leads me to the question of comparing images. For my purposes (and the app is heavily focused on colors), I can determine if things have worked by comparing two color arrays. I could compare the rawData but  I want to abstract it away a bit to make my tests clearer. So I have another function that is basically the inverse of the one above, which extracts an array of pixels from an image.

Turning images into arrays of UIColors and vice versa is so-so performance-wise, and UIColors have a huge space overhead compared to the rawData array. It’s fine for testing, for very small images or a proof of concept, but not much more than that.

Then with two arrays I can just loop through and compare.

Profile

terriko: (Default)
terriko

January 2015

S M T W T F S
    123
4567 8 910
11 121314151617
18192021222324
25 262728293031

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 29th, 2015 10:16 am
Powered by Dreamwidth Studios