[syndicated profile] adulting_feed

This is from Ina Garten, whom I think we can all agree is the best. If you’re having people over for dinner, figure out what time you want to serve dinner, then count backward from there, taking into account how long each component will take.

Then, type it out into a schedule, and voila! No more wondering when you should put the potatoes in. It’s on the ding-dang schedule!

For the record, I’m typing this WHILE watching 30 Rock.

Unbreakable filter

Oct. 24th, 2014 09:13 pm
[syndicated profile] garethheyes_feed

Posted by Gareth Heyes

I was bored so I thought I’d take a look at Ashar’s filters. I noticed he’d done a talk about it at Blackhat Europe which I was quite surprised at. Then I came across the following blog post about the talk which I pretty much agreed with. That blog post links to his filters so you can try them out yourself.

The first one is basically multiple JavaScript regexes which are far too generic to be of any value. For example “hahasrchaha” is considered a valid attack =) because it has “src” in. I’m not joking. The regexes are below.


function test(string) {
var match = /

Call Me Linkspam

Oct. 24th, 2014 08:41 pm
[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • It’s Ada Lovelace Day: Get Angry | Garann Means (October 14): “It’s Ada Lovelace Day and we’re supposed to talk about the women in technology who’ve inspired us. The women who inspire me are those who’ve taken the frightening step of lessening their culpability by decreasing their participation. While it’s courageous to remain in tech/on the internet and try to make it a better place, you can’t get around the compromise in doing so.”
  • When Women Stopped Coding | NPR Planet Money (October 21): “These early personal computers weren’t much more than toys. You could play pong or simple shooting games, maybe do some word processing. And these toys were marketed almost entirely to men and boys. This idea that computers are for boys became a narrative. It became the story we told ourselves about the next computing revolution.”
  • Online Harassment | PEWResearch Internet Project (October 22): “In broad trends, the data show that men are more likely to experience name-calling and embarrassment, while young women are particularly vulnerable to sexual harassment and stalking.”
  • Breaking gender and racial barriers in Netrunner | Gamasutra (October 20): “Netrunner is a lovely and beloved experience for all those reasons, but the game is worth championing for other ideas that go beyond its smart design too. It’s also worth celebrating because Netrunner is one of the most progressive games in terms of gender and minority representation today.”
  • Life and Times of a Tech Feminist Killjoy: The Cuts Leave Scars | Julie Pagano (October 6): “After years of pushing yourself and being stretched too thin, you lose the flexibility you once had to bounce back. You snap more easily. The paper cuts are harder to brush off. You are likely to be punished for this. You will be seen simultaneously as too sensitive and too harsh.”
  • Marvel’s Victoria Alonso wants a female superhero movie, calls for more women in VFX | Variety (October 20th): “You’ve got to get the girls in here, boys. It’s better when it’s 50-50,” she continued. “I have been with you beautiful, handsome, talented, creative men in dark rooms for two decades and I can tell you those rooms are better when there are a few of us in them. So as you take this with you, please remember that it’s OK to allow the ladies in. They’re smart, they’re talented. They bring a balance that you need.”

#Gamergate

  • The only thing I have to say about gamer gate | Felicia Day (October 22): “I know it feels good to belong to a group, to feel righteous in belonging to a cause, but causing fear and pushing people away from gaming is not the way to go about doing it. Think through the repercussions of your actions and the people you are aligning yourself with. And think honestly about whether your actions are genuinely going to change gaming life for the better.”
  • Felicia Day’s worst Gamergate fears just came true | The Daily Dot (October 23): “Day wrote of realizing after crossing the street to avoid two gamers she saw in Vancouver that she had allowed Gamergate to enhance her fear of other people within her community. Her post was an attempt to conquer that fear and to urge other women to do the same.But less than an hour after describing her past experiences with stalkers in the post, a commenter showed up to do the one thing she feared would happen.”
  • Why #Gamergate is actually an ed tech issue | Medium (October 20): “It’s not simply the hyper-macho shoot ‘em up games, either. I’ve had girls leave Minecraft because of misogynist threats. Apparently, this isn’t an isolate case. Others have seen the same thing. If we want to talk about integrating games into the classroom, we need to rethink what culture we’re inviting in.”
  • Gamergate goons can scream all they want, but they can’t stop progress | Wired (October 21): “Even more fascinating is how these insecurities have allowed some gamers to consider themselves a downtrodden minority, despite their continued dominance of every meaningful sector of the games industry, from development to publishing to criticism. That demonstrates a strange and seemingly contradictory “overdog” phenomenon: The most powerful members of a culture often perceive an increase in social equality as a form of persecution.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Friday Favs 10/24/14

Oct. 24th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Some of my favorite submissions this week:

 

October is Breast Cancer Awareness Month, so it's nice to see bakers doing their part:

...to make pink ribbons look like ding-a-lings.

 

You know how they say the most important thing is to just never stop trying?

Please stop trying, bakers.

Please.

 

Mary ordered a cupcake cake (patooie!) in the shape of a number 6 for her daughter, but I guess the baker ran out of cupcakes, so...

This birthday is brought to you by 3/4 of the number 0.

Thanks for nothing.

 

How Twitter has ruined us all:

#Wrecktastic

 

And finally, Catherine told the baker her son's name was "Stephen with a PH."

She got this:

 

Thanks to Amber G., Diana E., Mary G., Meredith N., & Catherine J. for the phweet phurprise.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

My notes from John Reid‘s talk at iOSDevUK.

digital wires

Credit: DeviantArt / LoneWolfAssassin

Barriers to TDD. Two primary:

  • Not knowing what it is. Rejecting it as silly without giving it a try. A good try, as there is a learning curve. It will slow you down at first. If you give up before the payoff then you will say “oh that was stupid”.
  • UI and Networking. On iOS most of what we do is UI and networking, rules out 90% of app, so not really useful.

EBay Fashion app. All test driven.

3 Types of Unit test:

  • Return value test
  • State test
  • Interaction test

Patterns of testing. The Design Patterns book, the Gang of Four never intended it to be the beginning and end of design patterns.

Not going to be rocket since. About getting through the barrier. Writing unit tests after if necessary, but ideally before.

Return Value Test:

  • Arrange: set up object.
  • Act: Call method that returns a value.
  • Assert: Compare against expected value.

With this alone, you should be able to get a very far distance. Onboarding engineers at Facebook, teach them not to be shy about extracting stand alone functions. Helps overcome that barrier.

State test:

  • Arrange: Set up object.
  • Act: Call method.
  • Assert: Compare against expected value.

Since interested in a side effect, just need an additional call to verify state. Should be able to write quite a few tests with these two techniques.

Interaction Test:

Don’t need to be isolated units. They can be connected, as long as they are fast. Check that the system under test (SUT) is communicating correctly to something else.

Don’t want to talk to the real thing:

  • Takes too long.
  • Might not be there.
  • May not have everything (don’t want to use things up).
  • Might want to test the failure (normal end to end tests).

Want a fake thing that the test can control. Need dependency injection, if the middle thing is creating the end thing, it’s hard to test.

Dependency Injection:

  • Extract and Override.
  • Method injection.
  • Property injection.
  • Constructor injection.

Difference between having a singleton, and a single way to access a singleton. E.g. NSUserDefaults. Don’t want to access it in this way.

Extract and Override: read “Working Effectively with Legacy Code” (Amazon).

TDD was working for me in a greenfield project, but how many of us get to stay in such a place?

Seams

Make a cut – subclass, override “userDefaults”, do what you want. Very powerful. Very effective with legacy code. Very dangerous. Like a drug. But will end up with the bane of testing code, fragile tests, because tests are coupled to implementation.

For getting started, especially with legacy code – good technique.

Method Injection

Better for other things, like calling “[NSDate date]” – will cause havoc with tests. Can swizzle, or just pass in what time you want. Now you will have a method that does more, now it’s tied to any time, not the current time. Helpful as context for injected object is very small. When spans across method, probably want to hang on to it as a property.

Test can inject the fake thing. But what about production code? Can end up with nil. Objective C will be like “whatever”.

Create custom getter with lazy eval. If no value, get the default value.

Inject in constructor – workhorse of dependency injection. Biggest benefit, makes everything explicit.

Can be annoying to have everything explicit. Long chain of dependencies is a code smell – you have too many dependencies.

Even then, you can simplify that, by using a Builder. Builder pattern creates the object you want according to however it is set. Set in any order, or not set and have it have defaults.

Constructor injection is the main one.

Ambient Context. Change something globally. Swizzling is an example of this. You can, sometimes helpful. But dangerous. Have to have your test restore the pre-test condition.

Let’s learn some good things from other people in other disciplines. There are plenty of smart people who are not using Obj-C

Interaction Test

Types of Fakes: The Art of Unit Testing

  • Stub: Fake that provides a pre-canned answer.
  • Mock: Recording how it is called by the SUT, so that it can assert.
  • Difference is which way the test is pointing to make it’s assertion.

Don’t need a DI framework in order to do DI as a concept.

Mocking, if never mocked before don’t use OCMock or OCMockito at first. Use them eventually. Meanwhile, you can make your own fake. Subclass and override all methods. Test Driven iOS development, means don’t have to do that in Obj-C. Dynamic language, supports DuckTyping.

Subclass NSObject. Put the method in. Use a simple property to record the number of calls. Have a fake return value (if unspecified is nil). Capture arguments.

Interesting thing about doing by hand, answers question of “what do we do in swift”. No introspection available to us. Do it by hand, laborious, might cry a little bit, but nothing stopping us.

Now we have a mock, use it. Start writing some tests.

[syndicated profile] epbot_feed

Posted by Jen

I hope you guys are ready for a LOT of amazing new geek art this month, because I, uh, kind of got carried away.  o.0

ONWARD!!

Let's kick things off with some Never Ending Story goodness:

 "Neverending" 8X12 print, $12

Those colors! YES.


I had a terrible time picking my favorites over at CocoMilla's Etsy store; there are WAY too many awesome choices:





Her watercolor prints start at $15 for 6X8 prints, and she has larger sizes available, too. Go see the rest; from Disney to gaming, she's got a little of everything!


Michael Banks of Suger Fueled makes adorably creepy big-eyed art, and even better, his ACEO prints are only $4!

He also has a huge selection of 8X12 prints for $12 each:





And since it IS October, how about this cutie from Sydey Hanson?
"Little Bat" 8X10 print, $12

Not quite as Halloweeny, but I'm totally smitten with Sydney's bumble bee:

"Bumblebee" 8X10 print, $12

D'awww. I'm actually terrified of anything that stings, but this guy I want to snuggle.


From Love Ashley Designs, a perfectly Wicked piece:
"Are You A Good Witch Or A Bad Witch?" 10X10 print, $25

Tempted to get this one for John, since he's forever singing "Popular." Which is hilarious.


Artist Wisesnail, aka Namecchan, has some amaaazing Guardians of the Galaxy prints:


WOW. And the 8X10s are only $15! (She has larger sizes, too.)

I'm also REALLY digging her Jim Moriarty:

7X10 print, $15

Love how the background looks like smokey flames!


Epbot reader Candace happens to be married to a Pixar animator, Victor Navone, and he generously donated this sweet Wall-E print for the give-away board:

The white surround is much larger than this, but that's all that would fit in my scanner. :) 


And speaking of the give-away board, here are some more of my new additions:

"I Am Who," by my buddy Charlie Thurston.
(You can buy it at the link for $10)

"Iron Giant Superman #1" by Matthew Waite

That's a mash-up of Iron Giant with the first Superman Comic, btw, which is brilliant if you know the movie.  Since Waite only sells at conventions, I picked this one up for the board. Check out the rest of his work over on DeviantArt or Tumblr.


From another of my good friends, Bianca Roman-Stumpff:

SO CUTE.

 (Groot is the new darling of Artist Alleys everywhere, and I am definitely not complaining.)

Most of Bianca's work still isn't available online (HINT HINT BIANCA), so she donated that one for the board!

She's also been churning out new Puff Monsters, which you *can* buy online through her Facebook page or sometimes her Etsy shop.

 The pumpkin one! Ah! And I ended up buying the blue & white one clapping in the middle.

Bianca also has a few prints available over on Society6, so you can check over there for more.


Remember Tampa Fanboy Expo, the convention last month where I fangirled over James Hance? Well, right next to him was Andrew "Drone" Cosson, and I FLIPPED over his baby Groot:

I've had this hanging in my office for over a month now, and I JUST NOW realized it looks like he's flipping us the bird. Which somehow makes him even cuter.

Andrew told me he'd just sold the companion Rocket Raccoon painting, and even worse, HE DIDN'T TAKE A PHOTO! Nooo!
So to console myself, I also bought these two original ink drawings from him:

Who else wants Andrew to make a Doctor Who coloring book now?

Andrew doesn't have a website or even an online portfolio, which is downright criminal. He directed me to his personal Facebook page, but I don't think he has everything there. I also can't believe he doesn't scan his original paintings to make prints! Arg! So Andrew, if you see this, please, GET THEE TO ETSY. Or Society6. Or DeviantArt. Or something.

Ahem.

Also at Tampa Fanboy, there was the delightful duo of Jennipho, who sculpts 3D sweetness like this:




... and Victoria, who paints & draws sweetness like this:

Her prints start at just $7!

John had to drag me away from their booth, since I kept going back to chat. They're both super friendly and uber talented, so definitely check out both sites!

And finally, since this is too perfect to show off right before Halloween, check out what John just got for his game room:

Haha!

John says he either wants a picture of me in it, looking appropriately terrified, or a drawing of a uvula. I'm lobbying for the uvula.

The artist, Myrcury's Toybox, was at a local street show event here in Orlando last week, and we couldn't stop giggling over her tiny monster frames. Check out her Etsy shop for more, plus fun skull & monster eye hair clips, original art, and painted coffin boxes like these:



K, guys, that does it for this month's roundup! Now, you know the drill: comment below for a chance to win your choice of art from my Pinterest Art Give-Away Board! I'll ship anywhere, so international comments are welcome! (Last month I sent art to Africa and Australia. SO COOL. And expensive. But mostly cool.)

I'll announce my randomly-selected winner sometime next week. Happy commenting, everyone, and happy weekend!
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

In the interests of full disclosure: Sourcebooks – the company that on Nov. 18 is publishing my upcoming book about organized cybercrime — disclosed last week that a breach of its Web site shopping cart software may have exposed customer credit card and personal information.

Fortunately, this breach does not affect readers who have pre-ordered Spam Nation through the retailers I’ve been recommending — Amazon, Barnes & Noble, and Politics & Prose.  I mention this breach mainly to get out in front of it, and because of the irony and timing of this unfortunate incident.

From Sourcebooks’ disclosure (PDF) with the California Attorney General’s office:

“Sourcebooks recently learned that there was a breach of the shopping cart software that supports several of our websites on April 16, 2014 – June 19, 2014 and unauthorized parties were able to gain access to customer credit card information. The credit card information included card number, expiration date, cardholder name and card verification value (CVV2). The billing account information included first name, last name, email address, phone number, and address. In some cases, shipping information was included as first name, last name, phone number, and address. In some cases, account password was obtained too. To our knowledge, the data accessed did not include any Track Data, PIN Number, Printed Card Verification Data (CVD). We are currently in the process of having a third-party forensic audit done to determine the extent of this breach.”

So again, if you have pre-ordered the book from somewhere other than Sourcebook’s site (and that is probably 99.9999 percent of you who have already pre-ordered), you are unaffected.

I think there are some hard but important lessons here about the wisdom of smaller online merchants handling credit card transactions. According to Sourcebooks founder Dominique Raccah, the breach affected approximately 5,100 people who ordered from the company’s Web site between mid-April and mid-June of this year. Raccah said the breach occurred after hackers found a security vulnerability in the site’s shopping cart software.

Shopping-Cart-iconExperts say tens of thousands of businesses that rely on shopping cart software are a major target for malicious hackers, mainly because shopping cart software is generally hard to do well.

“Shopping cart software is extremely complicated and tricky to get right from a security perspective,” said Jeremiah Grossman, founder and chief technology officer for WhiteHat Security, a company that gets paid to test the security of Web sites.  “In fact, no one in my experience gets it right their first time out. That software must undergo serious battlefield testing.”

Grossman suggests that smaller merchants consider outsourcing the handling of credit cards to a solid and reputable third-party. Sourcebooks’ Raccah said the company is in the process of doing just that.

“Make securing credit cards someone else’s problem,” Grossman said. “Yes, you take a little bit of a margin hit, but in contrast to the effort of do-it-yourself [approaches] and breach costs, it’s worth it.”

What’s more, as an increasing number of banks begin issuing more secure chip-based cards  — and by extension more main street merchants in the United States make the switch to requiring chip cards at checkout counters — fraudsters will begin to focus more of their attention on attacking online stores. The United States is the last of the G20 nations to move to chip cards, and in virtually every country that’s made the transition the fraud on credit cards didn’t go away, it just went somewhere else. And that somewhere else in each case manifested itself as increased attacks against e-commerce merchants.

If you haven’t pre-ordered Spam Nation yet, remember that all pre-ordered copies will ship signed by Yours Truly. Also, the first 1,000 customers to order two or more copies of the book (including any combination of digital, audio or print editions) will also get a Krebs On Security-branded ZeusGard. So far, approximately 400 readers have taken us up on this offer! Please make sure that if you do pre-order, that you forward a proof-of-purchase (receipt, screen shot of your Kindle order, etc.) to spamnation@sourcebookspr.com.

Pre-order two or more copies of Spam Nation and get this "Krebs Edition" branded ZeusGard.

Pre-order two or more copies of Spam Nation and get this “Krebs Edition” branded ZeusGard.

[syndicated profile] geekfeminism_feed

Posted by Annalee

Content warning: stalking, harassment, threats, violence–GamerGate, basically.

Geek Feminism’s lack of a statement about the GamerGate hate campaign has felt conspicuous to me. We’re a community dedicated to promoting justice and equality within geek communities. Documenting harassment and abuse in geek communities is one of our biggest projects. GamerGate is on our beat.

But while our fabulous team of linkspammers has been on top of the story, we haven’t put up a statement.

I spoke to some of our other bloggers about ways we could respond. The conversation we had was pretty illustrative.

Here are the ideas we had, and why we discarded them:

1: A “Seriously, Fuck GamerGate” Post

Why we didn’t:

“Fuck GamerGate” is a fairly obvious statement from us. It might be satisfying to say, but it adds little to the conversation.

And women who’ve said it before us have been stalked, harassed, doxxed, and threatened–some to the point of fleeing their homes.

2. A statement of support for GamerGate’s victims

Why we didn’t:

Telling folks we support them is nice, but it doesn’t provide the victims of these terror campaigns with the practical support they need to protect themselves. Talking about them has a very high chance of exposing them to even more abusers. When you’re the target of an organized campaign of terror, the last thing you need is more attention.

And women who’ve made statements of support have been stalked, harassed, doxxed, and threatened–some to the point of fleeing their homes.

3. An Ada Lovelace-style celebration of women in gaming, where we encourage folks to blog about games they love by women, and women in gaming who inspire them.

Why we didn’t:

We didn’t want to paint a target on anyone’s back.

Women in gaming who’ve gotten positive attention have been stalked, harassed, doxxed, and threatened–some to the point of fleeing their homes.

4. Present an iron hide and dare them to bring it.

Some of us feel guilty for not telling GamerGaters exactly where they can shove the horseshit they have the temerity to present as discourse.

Why we didn’t:

We want to live in a world where terror campaigns like this are ineffective; where that which does not kill us makes us stronger; where good triumphs over obtuse, selfish, cowardly evil. But wanting to live in that world doesn’t make that world real. In this world, oppression and injustice have built a system whereby that which does not kill us often leaves us personally and professionally damaged.

The fantasy that bravado would win the day is appealing, but daring abusers to come for us won’t do anything constructive. As much as we might want to put ourselves between GamerGate and its victims, we can’t. There are too many of them to successfully draw their fire.

We’d just end up getting stalked, harassed, doxxed, and threatened–possibly to the point of fleeing our homes.

By now, you’ve surely noticed the theme here.

It’s tempting to offer cheap platitudes to the women who’ve been the focus of these abuse campaigns, or those who might become them. To tell them to be brave, to speak their truth, to not let violent assholes scare them.

Platitudes won’t keep the cesspits of the internet from backflowing into their homes and workplaces. Platitudes won’t secure their computers and personal information; protect their families from detailed, sexually-explicit death threats; walk their kids to school; or stay at home to protect their pets while they’re at work. Platitudes won’t explain to their bosses why their companies’ websites are being DDOSed. Platitudes won’t stop bullets.

So before you lament how terrible it is to ‘let them win’ by being silent, please stop and think of a better way to phrase “I want to live in a world where the victims of abuse campaigns have a winning move.” Don’t ask women to sacrifice their names, careers, and safety to the fantasy that life is fair.

Telling women to be brave and speak up is telling them to face a violent horde unarmed. We don’t have an effective defense against these terror campaigns. We desperately need one. We’re going to follow up and see if we can develop any effective strategies.

In the meantime, I’ve already painted the target on my back, so I might as well say it.

Fuck GamerGate.

Wedding Wrecks, Vol. 345

Oct. 23rd, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

They wanted bubbles:

 

They got sprinkles.

Mm, crunchy.

 

They wanted this:

 

They got... this:

("Hang on, you can still see some icing. BRING MORE FLOWERS!")

 

And finally,

Jessica wanted this:

... but what she got was so bad that her photographer decided it'd be too much to have the whole cake in frame, and so focused on some guy in the background checking his phone instead:

Good job, Jessica's photographer.

 

Thanks to Anony M., Sonya J., & Jessica K., who like to think that guy is reading Cake Wrecks, because, dude, SO META.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] geekfeminism_feed

Posted by Leigh Honeywell

This is another round of Geek feminism classifieds – now quarterly! If you’re looking to hire women, find some people to participate in your study, find female speakers, or just want some like-minded folk to join your open source project, this is the thread for you!

Here’s how it works:

  1. Geeky subjects only. We take a wide view of geekdom, but if your thing isn’t related to an obviously geeky topic, you’ll probably want to give a bit of background on why the readers of Geek Feminism would be interested.
  2. Explain what your project/event/thing is, or link to a webpage that provides clear, informative information about it. Ideally you’ll also explain why geek women might find it particularly awesome.
  3. Explain what you’re looking for. Even if it’s not a job ad, think of it like one: what is the activity/role in question, and what would it involve? What is the profile of people you’re looking for?
  4. GF has international readership, so please be sure to indicate the location if you’re advertising a job position, conference, or other thing where the location matters. Remember that city acronyms aren’t always known world-wide and lots of cities share names, so be as clear as possible! (That is, don’t say “SF[O]” or “NYC” or “Melb”, say “San Francisco, USA”, “New York City, USA” or “Melbourne, Australia”.) And if you can provide travel/relocation assistance, we’d love to know about it.
  5. Keep it legal. Most jurisdictions do not allow you to (eg.) advertise jobs for only people of a given gender. So don’t do that. If you are advertising for something that falls into this category, think of this as an opportunity to boost the signal to women who might be interested.
  6. If you’re asking for participants in a study, please note Mary’s helpful guide to soliciting research participation on the ‘net, especially the “bare minimum” section.
  7. Provide a way for people to contact you, such as your email address or a link to apply in the case of job advertisements. (The email addresses entered in the comment form here are not public, so readers won’t see them.)
  8. Keep an eye on comments here, in case people ask for clarification or more details. (You can subscribe to comments via email or RSS.)

If you’d like some more background/tips on how to reach out to women for your project/event/whatever, take a look at Recruiting women on the Geek Feminism Wiki.)

Good luck!

Wrecky Roughage

Oct. 22nd, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

According to this survey I'm about to make up, 74% of us don't get enough fiber in our diets. Unless you're British. In which case you don't get enough fibre. And you spell things wrong.

Fortunately, the bakeries of the world are here to help.

I think we'll call this Faeber.

I DO believe in Faeber. I do, I do!!

 

TRUE STORY: Last week our cat Tonks decided to eat a piece of ribbon because she is, by all accounts, an idiot. Now if you're a cat owner, you know that she will most likely end up dragging a two foot piece of poo-coated ribbon across our carpet while we sleep, blissfully unaware of the impending cleaning bills.

Which makes me wonder: Does the same thing happen with kids?

Admit it: you just had a mental image of a bunch of toddlers scootching their butts across the carpet.

 

Now, of course, if plastic is your fiber of choice, then have I got a cake for you!

It's like a cartoon colonic.

 

In fact, bakers really seem to be embracing the Dollar Depot movement: (Heh. "Movement.") Case in point: Ashley ordered a little boy's cake, something appropriate for a first birthday.

Aaaand this is what she got:

...'cuz nothing's more appropriate for a one-year-old than twenty-two individual choking opportunities.

"No, Palmer, Sweetie, you can't eat that. Or that. Or that. Or that. Or that. No! Not that! Or that. Or that. Or that. Or that. Or that. Or that. Or that. Or that. Whoah! Definitely not that. Or that. Or that. Or that. Or that. Or that. Maybe th...no, not that, either.

"Or that."

 

Diana F., Kasia R., Wicked Princess, & Ashley P., I think the brown sprinkles might be safe, if you want to chance it.

NOTE: This post is from a few years ago, so rest assured Tonks is fine. And more importantly, so is our carpet.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

People who use Gmail and other Google services now have an extra layer of security available when logging into Google accounts. The company today incorporated into these services the open Universal 2nd Factor (U2F) standard, a physical USB-based second factor sign-in component that only works after verifying the login site is truly a Google site.

A $17 U2F device made by Yubikey.

A $17 U2F device made by Yubico.

The U2F standard (PDF) is a product of the FIDO (Fast IDentity Online) Alliance, an industry consortium that’s been working to come up with specifications that support a range of more robust authentication technologies, including biometric identifiers and USB security tokens.

The approach announced by Google today essentially offers a more secure way of using the company’s 2-step authentication process. For several years, Google has offered an approach that it calls “2-step verification,” which sends a one-time pass code to the user’s mobile or land line phone.

2-step verification makes it so that even if thieves manage to steal your password, they still need access to your mobile or land line phone if they’re trying to log in with your credentials from a device that Google has not previously seen associated with your account. As Google notes in a support document, security key “offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.”

Unlike a one-time token approach, the security key does not rely on mobile phones (so no batteries needed), but the downside is that it doesn’t work for mobile-only users because it requires a USB port. Also, the security key doesn’t work for Google properties on anything other than Chrome.

The move comes a day after Apple launched its Apple Pay platform, a wireless payment system that takes advantage of the near-field communication (NFC) technology built into the new iPhone 6, which allows users to pay for stuff at participating merchants merely by tapping the phone on the store’s payment terminal.

I find it remarkable that Google, Apple and other major tech companies continue to offer more secure and robust authentication options than are currently available to consumers by their financial institutions. I, for one, will be glad to see Apple, Google or any other legitimate player give the entire mag-stripe based payment infrastructure a run for its money. They could hardly do worse.

Soon enough, government Web sites may also offer consumers more authentication options than many financial sites.  An Executive Order announced last Friday by The White House requires the National Security Council Staff, the Office of Science and Technology Policy and the Office of Management and Budget (OMB) to submit a plan to ensure that all agencies making personal data accessible to citizens through digital applications implement multiple layers of identity assurance, including multi-factor authentication. Verizon Enterprise has a good post with additional details of this announcement.

It’s Not That Big a Deal

Oct. 22nd, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

odd one out

Credit: Flickr / Michelle Friswell

As an Angry Internet Feminist™, every incident I point out has multiple parts.

  1. I notice and say something.
  2. Tone policing, on whether I should have noticed it. After all, it’s not that big a deal.

Someone uses “he” when they should say “they”? Not that big a deal.

Mild objectification of women in something that should be professional? Not that big a deal.

No women speaking at a conference? Not that big a deal.

Because the thing is, each instance isolated is not really that big a deal. So one sentence wasn’t inclusive? So what. So one guy thought he was funny when he wasn’t? So what. So that one conference didn’t actually get the best speakers because they limited themselves to <50% of the population (usually no PoC either). So what?

Here’s the thing that people who are telling me what should and should not bother me don’t seem to realize. It’s that I do understand that if it was that one thing, it wouldn’t be a big deal. But it probably isn’t even the only thing I’ve encountered that week.

Because whatever your feelings about “they” as grammatically less correct, when I sit in a room full of men, and only men, and someone says “he” when they could say “they” I often look around the room, and I’m reminded that I don’t belong.

Really, I get enough reminders. At the events featuring pizza and beer. When men think I’m lost, or something – anything – other than an engineer. Could you just change that word? Would it really be that big a deal?

And yes, it just a word, it’s just a tasteless joke. But it’s in your marketing materials and presumably more than one person looked at those. So if that wasn’t a big deal… what will not be a big deal for something less externally facing?

That guy, urgh that guy, who “jokingly” called his female colleague a bitch. What do you think he’s going to write on her performance review? Maybe that she’s “abrasive”.

You know, when I left my Prestigious Tech Job to do something different, it wasn’t to be the unpaid, unappreciated teaching assistant of the Feminism 101 MOOC.

Because these individual items that each taken individually are “not a big deal” have piled up and now I sit precariously atop a pile of tiny rocks, wondering when it will all come crashing down.

These things do not happen in isolation. The culture that culminates in the death and rape threats (just the most recent example) is built on a culture where women do not get paid what they deserve, where they are objectified, marginalized, and, most of all, ignored.

Can we talk about humour for a moment? Because I’m tired of these things being “jokes”. This guy thought that rape threats were satire. I will now explain why they are not funny. Humour requires an element of the unexpected, and there is nothing unexpected about a woman with an opinion being threatened with rape. It is an alarmingly normal occurrence. Online harassment is an expected part of being an Angry Internet Feminist™, and it is hard to distinguish between the guy who calls me some obscene word and is “joking” and the one who has intent.

So we add two factor authentication (did you know, Twitter has it?), and install security software on our websites. I have only experienced the very mildest levels of harassment, but make no doubt, if I was truly under threat, I have a plan for where I would go, and enough air miles and money to get me there. Call it paranoia, if you want. I call it being prepared.

There is no humour there. There is just yet another woman who is paying the price, in harassment, for having an opinion. For calling stuff out, when she saw it.

The data says that 40% women drop out of tech careers in the first 10 years. I didn’t know many other women on my university course, but of those I do, I am the only one still building systems and writing code. One is an environmental economist. Another a BA. I hear one became an artist, cool.

And I’m sure each of them went towards something compelling, to them. I’m sure they each made the decision that worked for them. I hope they have interesting careers and fulfilled lives.

But they didn’t stay.

Against the evidence, my generation of women techies, we thought we were different. We thought things were better, because sexual harassment and even assault was no longer a normal part of the working day (although don’t be mistaken – it happens). We thought things would be different, and we just needed to work hard and be awesome. We were wrong.

I’m reaching this point in my career where I’m starting to see my peers drop out. Make their backup plans. I wrote this article about knowing someday I would leave tech, and so many women said “this is how I feel!” and a couple of men said “wow it’s really bad that women feel this way, maybe we should do something”.

Because I hear variations on the same story, again, and again, and again.

It is hard to fix structural equality. And like many hard things the first step is admitting there is a problem. Could you just say “they” instead of “he”? Pay an expert to review your marketing materials? Could you just do the work to get a more balanced line-up at your conference? Stop making “satirical” rape threats? Could you stop telling me what should, or should not bother me? Please?

I’ll tell you what I think is a big deal. It’s when I watch a woman who I know to be brilliant, slowly lose her joy of making. It’s when I watch her give up caring about her career, and just go through the motions, because frankly showing up every day is hard enough. It’s when I see her leave.

How I Do Antiquing: Old Disney Toys!

Oct. 22nd, 2014 12:18 am
[syndicated profile] epbot_feed

Posted by Jen

Some people go antiquing for the history or the treasure. I go for the toys.



Vintage Orange Bird & baby Donald!
Yes, they're filthy. But Donald is from 1984, was only a dollar, and c'mon, BABY DONALD. Orange Bird was $15, but he's kinda rare, and I love him. (I'm guessing he's also from the early 80s.)

Anyway, here's a quick tip: If you need to clean toys like Donald, which is soft & rubbery like a squeak toy, then grab one of these bad boys:



Yep, Magic Eraser works wonders at taking off old stains, crayon marks, and even pen ink from soft plastic. Check out the difference!


The blue pen line down the side of his face is completely gone!

Just be careful when scrubbing, since Magic Eraser *will* take the original paint off. It's basically a spongey form of sandpaper.

(And no, this isn't a sponsored post.)

Magic Eraser works well on harder surfaces, too, of course. Here's cleaned-up Orange Bird:



Did I mention he's a bank?

I'm debating touching up his paint, and possibly re-painting Donald all together. (Although those 80s pastels *are* kinda rockin'. Hee.)


I also picked up this tiny purse for $5, because the inside is ridiculously cool:


I'm a sucker for anything small with "hidden" compartments, and LOOK:


That circular screen pulls out to reveal a powder puff & powder compartment, and I guess the other sections were for lipstick and... money? Maybe? They're both suuuper tiny; the lipstick compartment is about 3/4 of the size of a Chapstick tube.

And THEN, there's another section under the mirror!

 SO COOL. 

It doesn't look like the purse was ever used, but the exterior suede/velvet was crumbling off in my hands. I'm hoping to redo the whole thing, maybe make it usable for a steampunk outfit or something. [brain storming]

And finally, our big splurge: $30 for this amaaazing "Baseball Clock" that sold at the World's Fair during the 1930s:

 
Fun, right? I've never seen another clock like it! (It winds in the back.)


If you're ever looking for good/cheap antiquing here in central Florida, check out the Orange Tree Antique Mall (my favorite), or the Flea Market and outside areas at Renningers in Mt. Dora. (The inside vendors are too pricey for me, but it's still fun to look.)


Oh, and speaking of funky clocks, stay tuned....


'Cuz I'm working on one last Halloween thing. 

[evil grin]

[syndicated profile] geekfeminism_feed

Posted by spam-spam

#Gamergate

  • On Gamergate: a letter from the editor | Polygon (October 17): “Video games are capital “C” Culture now. There won’t be less attention, only more. There won’t be less scrutiny. There certainly won’t be less diversity, in the fiction of games themselves or in the demographics of their players. What we’re in control of is how we respond to that expansion, as journalists, as developers, as consumers. Step one has to be a complete rejection of the tools of harassment and fear — we can’t even begin to talk about the interesting stuff while people are literally scared for their lives. There can be no dialogue with a leaderless organization that both condemns and condones this behavior, depending on who’s using the hashtag.”
  • Gamergate threats: Why it’s so hard to prosecute the people targeting Zoe Quinn and Anita Sarkeesian | Slate (October 17): “The light penalties attached to many of these online crimes also deter officials from taking them seriously, because the punishment doesn’t justify the resources required to investigate and prosecute them”
  • Of Gamers, Gates, and Disco Demolition: The Roots of Reactionary Rage | The Daily Beast (October 16): “Our various “culture wars” tend to boil down to one specific culture war, the one about men wanting to feel like Real Men and lashing out at the women who won’t let them.”
  • Gamergate in Posterity | The Awl (October 15): “Maybe there will be some small measure of accountability in the far future, not just for public figures and writers and activists, but for all the people who could not or would not see their “trolling” for what it really was. Maybe, when their kids ask them what they were like when they were young, they will have no choice but to say: I was a piece of shit. I was part of a movement. I marched, in my sad way, against progress. Don’t take my word for it. You can Google it!”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

[syndicated profile] geekfeminism_feed

Posted by Tim Chevalier

With his permission, I’m reposting this blog comment from Marco Rogers, in a reply to an anti-feminist comment on a blog post about women in tech that he wrote 2 1/2 years ago. Although the post is that old, the comment is from a few days ago, because even years later, anti-feminist trolls are stumbling across Marco’s blog post and feeling the need to express their displeasure with it.

I’m reposting Marco’s comment because I think it’s a good example about how to respond to a troll. I would love to see more men let their anti-feminist peers know that uninformed anti-feminist wankery is a waste of time. And I would love to do that more often myself, rather than engaging with it.

Hi [REDACTED]. I thought a long time about whether to let this comment stand or delete it. I do listen to input from different perspectives. I read this entire thing. And I’m sorry to say it was a waste of my time.

I’m afraid this reply won’t be very constructive. I had to chose whether to waste further time dismantling your false logic, and I had to take into account whether it would make any difference to you or anyone reading. I don’t think it will. In my experience, it’s very difficult to educate men who think like you do.

I’ll admit it also annoys me that you would come and write a small novel in my blog comments but not say anything new or original. Men have been making this argument that their long history of sexism is somehow the natural order of things since the beginning of time. It’s not revelatory, it’s not some profound wisdom that people haven’t heard, it’s boring. The feminist/womanist movement grew in direct opposition to all the nonsense you spouted above. There is a ton of literature that debunks and rejects every single point you are poorly trying to make. The least you can do is educate yourself on the system you’re up against, so you can sound more cogent and have an actual chance of convincing anyone.

The question remains of whether I let your comment stay up. I think I will. Not because I feel compelled to represent multiple viewpoints here. This is my blog and I choose what goes here. But I’ll leave it because I’m no longer afraid of letting people read tripe like this. You’re losing. We WILL create a world where the mentality of men like you is a minority and women get to exist as themselves without fear. You can’t stop it. Stay mad bro. Thanks for dropping by.

YES WE CA... Oh. Well, Crap.

Oct. 21st, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

 

 

Thanks to Lionel S. for reminding us there's also no "eye" in "team," although I don't see what that has to do with anything.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.

staplesAccording to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.

Framingham, Mass.-based Staples has more than 1,800 stores nationwide, but so far the banks contacted by this reporter have traced a pattern of fraudulent transactions on a group of cards that had all previously been used at a small number of Staples locations in the Northeast.

The fraudulent charges occurred at other (non-Staples) businesses, such as supermarkets and other big-box retailers. This suggests that the cash registers in at least some Staples locations may have fallen victim to card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals.

Asked about the banks’ claims, Staples’s Senior Public Relations Manager Mark Cautela confirmed that Staples is in the process of investigating a “potential issue involving credit card data and has contacted law enforcement.”

“We take the protection of customer information very seriously, and are working to resolve the situation,” Cautela said. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”  

A New Book Review? As You Wish!

Oct. 20th, 2014 03:44 pm
[syndicated profile] epbot_feed

Posted by Jen

Last week my sister-in-law surprised me with Cary Elwes' new Princess Bride memoir, As You Wish, and I zipped through it in 2 nights.


I've been looking forward to this read since I first heard about it months ago, so I was positively giddy cracking open the first page. I LOVE behind-the-scenes stories already, but throw in stories from one of my favorite movies of all time? SOLD!

Ok, so, let's start with the obvious: if you're as big a fan of The Princess Bride as I am, you're going to buy this book. And really, if you're that uber fan, you absolutely should.

For everyone else, though? Who may only have a passing interest in a movie they certainly like, but don't, say, quote daily & maybe even have "As You Wish" inscribed in a spouse's wedding ring? (WHAT.)

Well... for those folks, maybe not.

Don't get me wrong; there are some delightful tidbits in Elwes' book, stories that make the movie that much more magical in my eyes - but those tidbits are few and far between. Much of the book's 270 pages feels like filler, as Elwes gushes about how wonderful his co-stars are, how brilliant the director Rob Reiner is, and how blessed overall he feels to have been a part of this movie.

I'm relieved this isn't some grimy tell-all, of course, but after two hundred pages of everyone being wonderful and amazing, but very few personal stories to go along with all the gushing, you start to wonder if you're getting the whole truth. Or maybe we are getting the truth, but Elwes just didn't have enough material to properly fill out the book. Realistically, I think the "good stuff" could have been condensed down to 50 pages, and not felt rushed.

For example, Elwes spends 4 or 5 pages detailing the entire plot of The Princess Bride. Not just reminding us what happens in case it's been a while; actually explaining it as if we've never seen the movie... but still chose to read a book about it. (Ohhh... kaaaaay....)

I'm sad to say that, even as short as the book is, I ended up skimming several sections. Elwes drags out even the most interesting stories - trying to milk them for all their worth, I guess - and even then, I didn't feel like I was really getting an insider's scoop. It all felt a little too sanitized, too diplomatic, like he didn't want to reveal anything too interesting for fear of offending his co-stars. (There's a vague reference to Mandy Patinkin's competitive streak during fencing training, but no examples or details.)

In fact, the most interesting stories revolve around Andre the Giant, and I can't help but wonder if Elwes felt more free sharing those because Andre is no longer with us. (Or maybe because those stories are already so well-known?)

On the plus side, sprinkled throughout the book are quotes from the rest of the cast and crew, often recounting their own memories of the same events. Those breaks help give Elwes' memoir a more well-rounded feel, and while there were no big revelations, it was still a nice addition.

That's my spoiler-free review, but now, as a reward, I'm going to tell you a few of my favorite things I learned. Some (all?) of these were already on the internet, so it's possible they won't be spoilers at all! Still, if you'd rather wait and get your movie trivia from the book, then STOP HERE.



Ok, my #1 go-to trivia for the next time I need a good ice-breaker - because I go to at least one or two parties a year and hey, IT COULD HAPPEN - In this scene:

The one where Count Rugen hits Westley over the head with his sword? The scene used in the movie shows Christopher Guest (as Count Rugen) actually knocking Elwes unconscious.

Elwes woke up later in the ER, as they were stitching up his head. In Guest's defense, they didn't have a prop sword, so the heavy metal handle came down harder than he intended, plus Elwes *told* him to just go ahead and hit him.

And in this scene:

 

Watch how Westley gets up; see how he favors one leg? That's because Elwes had just broken his big toe riding Andre the Giant's 4-wheel ATV - I think the same day, even - and was in a huge amount of pain. 

Those are the only two injuries Elwes sustained the whole movie, and I guess it says something about me that I find those the most interesting. :D
  
On the funny side, for the scenes with Billy Crystal as Miracle Max, Elwes spoiled so many takes by laughing that they had to replace him for most of it with a prop dummy on the table:


Again, to be fair, *everyone* was spoiling takes by laughing, including the director. The only injury Mandy Patinkin received during the whole shoot was during this scene; he bruised a rib, trying to hold in his laughter. Ha!

And finally, the sweetest revelation for me:


Wallace Shawn (Vizzini) was terrified of heights, and though all the long shots in this scene were done with stuntmen, the close-ups were done on a 30-foot tall fake cliff set. He was apparently so distraught that they physically tied him to Andre, who told Shawn, "Don't worry, I'll take care of you." (FEELZ!!) After that, Shawn was able to do the scene.

There were a few other really fascinating bits about Shawn, but I'll leave those for the book.


So, what'd you think, guys? Any favorite parts I missed? Or did you already know all these from various BuzzFeed articles? :D ([shaking fist at sky] Curse you, Buzzfeeeeed!)
[syndicated profile] geekfeminism_feed

Posted by Tim Chevalier

Simply Secure is a new non-profit that focuses on helping the open source community do a better job at security. Their focus is on adding usable security technology on top of existing, already-widely-adopted platforms and services, and their advisory board includes Wendy Seltzer, Cory Doctorow, and Angela Sasse, among others. (Full disclosure: I went to college with the executive director and founder, Sara “Scout” Sinclair Brody.)

They are hiring for two full-time positions right now: a research director/associate director with some mix of practical experience and formal education in security and UX design (sufficient experience compensates for a lesser degree of formal education), and an operations manager who will write grants and manage finances. Simply Secure strongly encourages applications from populations under-represented in the technology industry. For both positions, experience with and/or enthusiasm for open source is desirable but not required. Simply Secure is located in the US in Philadelphia and is actively recruiting candidates who work remotely.

To apply, visit their jobs page!

A Failure To Communicate, Vol. 243

Oct. 20th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

I like how the only thing legible is the one word NOT supposed to be there:

 

Erin K. wanted her daughter's cake to be oriented vertically, or portrait-style, but the baker wasn't getting it.

"You know, the long way?"

*headdesk*

 

When you want a big 75, NOT a "big 75."

Can I quote you on that?

 

In fact, a lot of butchered instructions end up as new nick names:

Give up?

They wanted "thank you" written in pink.

 

And this one didn't want any gel icing:

 

Here's a blast from the past: a Historical Society hosted a "President's Tea."

Thank goodness they weren't screening old 80s TV shows there, too!

Can you imagine if it'd been the "President's Tea & A-Team Party?"

 

Now imagine, if you will, the ordering process that resulted in this cake:

I'm picturing a Monty Python sketch, myself.

"No, I want you to STAY HERE, and write the names underneath!"

"So I'm to write these names twice and capitalize 'Underneath.' Got it."

"No, no, it's quite simple. Write 'Happy Birthday' once, and the names underneath."

"If, if, uh... If, if, uh... Oh! Can I write the names three times... IF I use extra sprinkles?"

"AAAAAAUUGH!"

 

Thanks to Terry M., Erin K., Dan E., Stephanie D., Melanie K., Karen A., & Damon E. - AND NO SINGING!

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Public Speaking as Performance

Oct. 20th, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

cute bunny

Credit: Flickr / Sarah Embaby

I’ve written before about how I prepare mentally for a talk. Most recently, I’ve started to view it as a performance and be more and more (as the fall conference season is now underway) I’ve got more comfortable with the things I need to give a good performance. This change is mental, viewing it as a performance (rather than, commonly, a terrifying obligation past-me committed to), so differences are subtle, but important. I felt really good giving my last talk, which I think is a sign it’s time to prep a new one!

Because, it is a performance. I stand up in front of people, not my natural habitat, and try to be intensively witty and insightful.

I hope I’m usually witty and insightful, but in conversations, you take turns. On stage, it’s all on me.

One of my pet peeves as an audience member is when speakers are unprepared (even, maybe especially when they apologise for it!) Not preparing is disrespectful to the audience who have given up their time, and often significant amounts of money to be there.

If I’m speaking, then everything I do is around showing up prepared and in a good place mentally. This makes the conference experience very different. I feel OK about missing talks prior to mine. Although, pro-tip, for small conferences it’s worth letting them know you are hiding prior to your talk, and when to expect you as they may worry if they don’t see you!

Now, I always ask for travel costs (most conferences give speakers a free ticket) in part because it means I don’t feel any obligation to make the cost of attending worthwhile. Any value I got (which has typically been high) is gravy. Everything comes second to the performance.

Decompression time afterwards is also important. I usually use some of this time to make a storify of tweets during my talk.

Following day – a good night’s sleep and a good breakfast!

The other thing I’ve realised is that as a speaker, you can ask for things. Like water. Or to avoid specific slots. You can also ask for specific slots, but that is much harder for the organisers. It is incredibly hard organising a conference, so I try to go along with as much as possible and only ask for the things that will genuinely make an impact on my talk.

  • Prepare.
  • Hide (mental prep / power poses).
  • Setup equipment, test sound etc.
  • Perform.
  • Hide.
  • Socialise (this is when people say nice things! Don’t want to miss that!)
  • Relax (sleep in, have a nice breakfast).
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad.

Last month, media outlets in Malaysia reported that organized crime gangs had stolen the equivalent of about USD $1 million with the help of malware they’d installed on at least 18 ATMs across the country. Several stories about the Malaysian attack mention that the ATMs involved were all made by ATM giant NCR. To learn more about how these attacks are impacting banks and the ATM makers, I reached out to Owen Wild, NCR’s global marketing director, security compliance solutions.

Wild said ATM malware is here to stay and is on the rise.

ncrmalware

BK: I have to say that if I’m a thief, injecting malware to jackpot an ATM is pretty money. What do you make of reports that these ATM malware thieves in Malaysia were all knocking over NCR machines?

OW: The trend toward these new forms of software-based attacks is occurring industry-wide. It’s occurring on ATMs from every manufacturer, multiple model lines, and is not something that is endemic to NCR systems. In this particular situation for the [Malaysian] customer that was impacted, it happened to be an attack on a Persona series of NCR ATMs. These are older models. We introduced a new product line for new orders seven years ago, so the newest Persona is seven years old.

BK: How many of your customers are still using this older model?

OW: Probably about half the install base is still on Personas.

BK: Wow. So, what are some of the common trends or weaknesses that fraudsters are exploiting that let them plant malware on these machines? I read somewhere that the crooks were able to insert CDs and USB sticks in the ATMs to upload the malware, and they were able to do this by peeling off the top of the ATMs or by drilling into the facade in front of the ATM. CD-ROM and USB drive bays seem like extraordinarily insecure features to have available on any customer-accessible portions of an ATM.

OW: What we’re finding is these types of attacks are occurring on standalone, unattended types of units where there is much easier access to the top of the box than you would normally find in the wall-mounted or attended models.

BK: Unattended….meaning they’re not inside of a bank or part of a structure, but stand-alone systems off by themselves.

OW: Correct.

BK: It seems like the other big factor with ATM-based malware is that so many of these cash machines are still running Windows XP, no?

This new malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.

This new malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.

OW: Right now, that’s not a major factor. It is certainly something that has to be considered by ATM operators in making their migration move to newer systems. Microsoft discontinued updates and security patching on Windows XP, with very expensive exceptions. Where it becomes an issue for ATM operators is that maintaining Payment Card Industry (credit and debit card security standards) compliance requires that the ATM operator be running an operating system that receives ongoing security updates. So, while many ATM operators certainly have compliance issues, to this point we have not seen the operating system come into play.

BK: Really?

OW: Yes. If anything, the operating systems are being bypassed or manipulated with the software as a result of that.

BK: Wait a second. The media reports to date have observed that most of these ATM malware attacks were going after weaknesses in Windows XP?

OW: It goes deeper than that. Most of these attacks come down to two different ways of jackpotting the ATM. The first is what we call “black box” attacks, where some form of electronic device is hooked up to the ATM — basically bypassing the infrastructure in the processing of the ATM and sending an unauthorized cash dispense code to the ATM. That was the first wave of attacks we saw that started very slowly in 2012, went quiet for a while and then became active again in 2013.

The second type that we’re now seeing more of is attacks that start with the introduction of malware into the machine, and that kind of attack is a little less technical to get on the older machines if protective mechanisms aren’t in place.

BK: What sort of protective mechanisms, aside from physically securing the ATM?

OW: If you work on the configuration setting…for instance, if you lock down the BIOS of the ATM to eliminate its capability to boot from USB or CD drive, that gets you about as far as you can go. In high risk areas, these are the sorts of steps that can be taken to reduce risks.

BK: Seems like a challenge communicating this to your customers who aren’t anxious to spend a lot of money upgrading their ATM infrastructure.

OW: Most of these recommendations and requirements have to be considerate of the customer environment. We make sure we’ve given them the best guidance we can, but at end of the day our customers are going to decide how to approach this.

BK: You mentioned black-box attacks earlier. Is there one particular threat or weakness that makes this type of attack possible? One recent story on ATM malware suggested that the attackers may have been aided by the availability of ATM manuals online for certain older models.

OW: The ATM technology infrastructure is all designed on multivendor capability. You don’t have to be an ATM expert or have inside knowledge to generate or code malware for ATMs. Which is what makes the deployment of preventative measures so important. What we’re faced with as an industry is a combination of vulnerability on aging ATMs that were built and designed at a point where the threats and risk were not as great.

According to security firm F-Secure, the malware used in the Malaysian attacks was “PadPin,” a family of malicious software first identified by Symantec. Also, Russian antivirus firm Kaspersky has done some smashing research on a prevalent strain of ATM malware that it calls “Tyupkin.” Their write-up on it is here, and the video below shows the malware in action on a test ATM.

In a report published this month, the European ATM Security Team (EAST) said it tracked at least 20 incidents involving ATM jackpotting with malware in the first half of this year. “These were ‘cash out’ or ‘jackpotting’ attacks and all occurred on the same ATM type from a single ATM deployer in one country,” EAST Director Lachlan Gunn wrote. “While many ATM Malware attacks have been seen over the past few years in Russia, Ukraine and parts of Latin America, this is the first time that such attacks have been reported in Western Europe. This is a worrying new development for the industry in Europe”

Card skimming incidents fell by 21% compared to the same period in 2013, while overall ATM related fraud losses of €132 million (~USD $158 million) were reported, up 7 percent from the same time last year.

This Week

Oct. 20th, 2014 12:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

IMG_6928 IMG_6929 IMG_6931

Life

Hanging out in Canadia (KW) this week and catching up with friends from when I lived here. It’s great to see people! Also gave a talk at the University of Waterloo, which I live tweeted. Then heading back to the UK. Looking forward to getting back in the pool! I’ve missed swimming.

Work

Contemplating a job offer, but meanwhile I continue explore freedom. I’m making progress on the app! Which is exciting (is there anything better than an excited email from your UX designer and new mocks?). Also following up on some potential consultancy stuff.

Places

Very foodie week including Bhimas, Uptown 21, Public. There is Cha Time here! Which was wonderous. I drank a lot of it.

Media

Reading Jean Jennings Bartik’s memoir Pioneer Programmer, which is great so far. For light relief, finished Beauvallet and read Charity Girl and Convenient Marriage.

Product links Amazon

Published

Elsewhere: I was Hannah’s Ada Lovelace Day pick! And quoted in The Guardian.

On The Internet

[syndicated profile] geekfeminism_feed

Posted by spam-spam

Gamergate and online harassment

Other Stuff

  • Ada Lovelace, a Computer Programmer Ahead of Her Time | Mashable (October 15): Read more about the life of the “enchantress of numbers”
  • Ways Men In Tech Are Unintentionally Sexist | this is not a pattern (October 14): “These are little things. Things that many people do without thinking about them and certainly without intending anything by them. Things that individually are meaningless, but in aggregate set the tone of an entire community.”
  • The Malala you won’t hear about | The People’s Record (October 16): “This is the Malala the Western corporate media doesn’t like to quote. This is the Malala whose politics do not fit neatly into the neocolonialist, cookie-cutter frame of presentation. This is the Malala who recognizes that true liberation will take more than just education, that it will take the establishment of not just bourgeois political “democracy,” but ofeconomic democracy, of socialism.”
  • Where’s Thor When You Need Her? Women In Comics Fight An Uphill Battle | NPR (October 10): “On Facebook, women make up just under half of all self-identified comics fans. But even as the female audience grows, female creators for DC and Marvel, colloquially known as “the Big Two,” are still in the minority.”
  • Internal Memo: Microsoft CEO Satya Nadella sets new diversity plan after ‘humbling’ experience | GeekWire (October 15): “The memo, sent prior to a regular monthly Q&A session with employees, went on to outline a series of steps that Nadella says the company will be taking to improve diversity and inclusion across the company, including the company’s engineering and senior leadership teams.”
  • FiveThirtyEight Turns the Lidless Eye of Data Crunching to Gender Disparity in Superhero Comics Characters | The Mary Sue (October 15): “Hanley has been crunching the numbers on the gender make up of the folks who work on Marvel and DC comics for years, but FiveThirtyEight wanted to take a slightly different tack by looking at the characters who make up those comics in the first place.”
  • Mary Berners-Lee: Ada Lovelace Day Hero | equalitism (October 19): “Tim Berners-Lee’s mom, Mary Lee Woods was a badass mathematician/computer scientist before he was. Both of Tim’s parents worked on a team that developed programs in the School of Computer Science, University of Manchester Mark 1, Ferranti Mark 1 and Mark 1 Star computers.”
  • We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

    You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

    Thanks to everyone who suggested links.

    Sunday Sweets: Gothic Elegance

    Oct. 19th, 2014 01:00 pm
    [syndicated profile] cakewrecks_feed

    Posted by Jen

    Who says dark has to be dreary? These gorgeous Gothic cakes will have you cheering:

    (By Sweet Lake Cakes)

     

    Sweet Lake seems to specialize in Gothic designs, and I couldn't pick just one favorite!

    (By Sweet Lake Cakes)

    Look at that lace and "fabric" draping. INCREDIBLE.

     

    One more:

    (By Sweet Lake Cakes)

    The bird skull cameo is the perfect touch.

     

    And speaking of cameos, check out the raven head design on this little top hat:

    (By Cake Central member ChrisJack1)

    The feather, the hand painted skulls and swirls, the roses - just beautiful.

     

    (By Candytuft Cakes)

    It doesn't get much more classic than rich black and blood-red roses!

     

    I really love the contrast of the white tiers under all this heavy scrollwork:

    (Baker unknown. Anyone recognize it?)

    WOW. The bottom tier looks like a wrought iron gate, and the second has architectural arch ways. The longer you look, the more detail you see!

     

    On the other hand, sometimes simple can be just as dramatic:

    (By Connie Cupcake)

    Love.

     

    Now welcome, foolish mortals, to the Haunted Mansion cake:

    (By WDW's Contemporary Resort bakery, found here)

    That wallpaper and perfect draping has this Dizgeek all atwitter, you guys. Great color on the roses, too!

     

    (By Antonelli di Maria Torte & Design)

    One of my personal favorites today; I can't believe that fabric draping, and the perfect color fade on the spider web!

     

    (Baker unknown)

    This purple practically glows, it's so vivid. If you look closely, you can see the layered acanthus leaves making up the second tier. Beautiful.

     

    (By Cake Opera Company, featured here)

    Another astounding, can't-believe-it's-cake design. That heavy embroidery is insanely intricate, and I've been so busy staring at the cake itself that I just now noticed the cake stand is wrapped in fur!
    Ha!

     

    And finally, arguably the simplest design of them all today, but I'm just so smitten with the unusual floral swag:

    (By Artistic Bites, featured here)

    This wedding cake was made for a "Red Riding Hood marries the Wolf" themed photo shoot, and I highly recommend hitting that link up there to see the rest. It's the perfect blend of dark elegance and fairy-tale whimsy, and I LOVE the succulents and fuzzy mosses they used on the cake.

     

    Hope you enjoyed the Gothic Sweets, everyone! Happy Sunday!

    Be sure to check out our Sunday Sweets Directory to see which bakers in your area have been featured here on Sweets!

    *****

    Thank you for using our Amazon links to shop! USA, UK, Canada.

     

    Buffy the Linkspam Slayer

    Oct. 17th, 2014 07:16 pm
    [syndicated profile] geekfeminism_feed

    Posted by spam-spam

    • Anita Sarkeesian explains why she canceled USU lecture | Salt Lake City Tribune (October 16): “A nationally known feminist media critic said Wednesday that “it would be irresponsible” to give a lecture amidst mass shooting threats at Utah State University, knowing that police would not screen for weapons at the door. In a phone interview from San Francisco, Anita Sarkeesian said she canceled Wednesday’s lecture not because of three death threats — one of which promised “the deadliest school shooting in American history” — but because firearms would be allowed in spite of the threats.”
    • When gun rights trump public safety | Mary Elizabeth Williams (October 15): “It’s one thing to accept and understand that plenty of reasonable and responsible people own guns and that is their constitutional right. It is another to be so outrageously afraid of legitimate and sane restrictions that you have a situation in which it is entirely permissible to carry a loaded weapon into an event that carries a threat that the people attending it will “die screaming.””
    • The Threats Against Anita Sarkeesian Expose The Darkest Aspects of Online Misogyny | Maureen Ryan (October 15): “The question that’s been haunting many observers for weeks is now right out in the open in the wake of the latest threats leveled at Sarkeesian: Is someone going to have to die for things to change?”
    • #Gamergate Trolls Aren’t Ethics Crusaders; They’re a Hate Group | Jezebel (October 13): “I set about locking down accounts, emailing professors, contacting campus safety, and calling family. It was an exhausting process, but I considered it necessary. The attack could get out of hand. I mentioned offhand to my sister, about two hours in, that “it was getting to be my turn anyways,” to nonchalantly minimize my hurt. That was the moment I broke down. I realized just how much I’d internalized the presumed process: if you’re even asking about equality or diversity in games, being shouted down in a traumatizing manner is now a mandatory step that you have to sit back and endure.”
    • Sweatin’ the Small Stuff, of, Beware Your Throwaway Jokes About Middle-Aged Women in Magic | One General to Rule them All (October 14): “I dare Wizards to give us a major female Magic character (read: Planeswalker) in the next couple of sets who doesn’t have a body that wouldn’t look out of place on a runway or the cover of Playboy. Tamiyo, the Moon Sage was a great start, but that was three blocks ago. Hell, at this point, I’ll take more than one female Planeswalker per set.”
    • AdaCamp: Spending Time with Women in Open Source and Technology | Zara Rahman (October 13): “There were some sessions that really opened my eyes to another area of this ‘open’ bubble- for example, talking about women in open source. Most of the women there were coders, who had contributed to open source code projects; and despite my having read accounts of abuse and harassment within the open source community fairly regularly before, the severity of the situations they face, really hit home for me during this session.
    • Ada Lovelace Day: Meet the 6 women who gave you ‘the computer’ | The Register (October 14): “All six are now sadly no longer with us – Bartik was the last to pass away. But their achievements were profound, not just in terms of inadvertently cementing the name “computer”. In the absence of manuals literally working out how to use this giant, the team of six installed computer programs working from sheets of paper, nimbly unplugging and replugging a rat’s nest of cables and resetting switches.”
    • Don’t Be Fooled by Apple and Facebook, Egg Freezing Is Not a Benefit | The Daily Beast (October 15): “Of all the women Snyder surveyed, nearly 90 percent of them said they did not plan on returning to the tech industry in the future. The incompatibility between motherhood and tech, it seems, runs far deeper than the timing of pregnancy alone. And the problem is so severe that the women who leave almost never want to come back. In this context, the decision to cover egg freezing reads as Silicon Valley at its most typical, deploying a hasty technological stopgap for a cultural problem.”
    • Tech’s Meritocracy Problem | Medium (October 10): “Engineers love to be skeptics — it’s time to bring our skepticism to the concept of meritocracy. If we can be skeptical enough about our own ability to detect merit, and balance it with more objective measurement or outright mitigatory adjustments — we’ll come closer to resembling an actual meritocracy.”
    • HERoes: Genevieve Valentine | Comicosity (October 2): “From journalist to award winning novelist, Genevieve Valentine is now channeling her inner crime boss. She is providing a new voice to a suited up Selina Kyle, starting with this month’s issue of Catwoman. She tells Comicosity about switching the role of female characters in comics and the importance of reader perspective while consuming.”
    •  Comic Books are Still Made by Men, For Men, and About Men | FiveThirtyEight (October 13): “But these recent advancements don’t make up for the fact that women have been ignored in comic books for decades. And they still don’t bring women anywhere close to parity: Females make up about one in four comic book characters. Among comic-creators, the numbers are even more discouraging. Tim Hanley, a comics historian and researcher, analyzes who’s behind each month’s batch of releases, counting up writers, artists, editors, pencilers and more. In August, Hanley found that men outnumbered women nine-to-one behind the scenes at both DC and Marvel.”
    • Life, Engineered: How Lynn Conway reinvented her world and ours | University of Michigan (October 8): “Ten years earlier, Conway had been one of the first Americans to undergo a modern gender transition. It had cost her a job and her family. Once she established herself as a woman, she kept the past a secret. Conway stayed behind the scenes as much as she could. As a result, so did many of her achievements.”

    We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

    You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

    Thanks to everyone who suggested links.

    Friday Favs 10/17/14

    Oct. 17th, 2014 01:00 pm
    [syndicated profile] cakewrecks_feed

    Posted by Jen

    Some of my favorite new submissions this week.

     

    Guys, if you ever want a 3D sculpted cake like this:

     

    ...and your baker claims she can make a cupcake cake (patooie!) look just like it, DO NOT BELIEVE HER.

    On the plus side, I hear hippo skin rugs are all the rage now in child therapy sessions.

     ***

     

    They asked for a book cake of The Great Gatsby:

    NAILED IT.

     ***

     

    You know, when *I* was a kid they didn't have all these new-fangled flavored fillings:

     

    ***

     

    "Ok, ma'am, your cake has room for three lines of text."

    "Great! I'd like 'Mazel Tov' on the first line, and 'Sara Rose' on the second."

    "And for the third line?"

    "Oh, just leave that blank."

    ***

     

    Apparently Jennifer K's husband never gets her anything for their anniversary, so for the big 10 she got him a cake. That said this:

    I really shouldn't be finding this so funny, should I?

     ***

     

    "Hey, guys, is 'give up' all one word?

    Is there a dash?

    How do you spell it, again?

    Is this right?

    How about now?

    OH FORGET IT."

    Mmmm, sweet irony.

     

    Thanks to Disireah, Tonianne, Allie P., Deena M., & Anony M. for reminding us to never give up, NEVER SURRENDER.

    *****

    Thank you for using our Amazon links to shop! USA, UK, Canada.

    Profile

    terriko: (Default)
    terriko

    October 2014

    S M T W T F S
       1234
    5678 91011
    12131415161718
    1920 2122232425
    262728293031 

    Most Popular Tags

    Page Summary

    Style Credit

    Expand Cut Tags

    No cut tags
    Page generated Oct. 26th, 2014 08:28 am
    Powered by Dreamwidth Studios