Wrecky Roughage

Oct. 22nd, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

According to this survey I'm about to make up, 74% of us don't get enough fiber in our diets. Unless you're British. In which case you don't get enough fibre. And you spell things wrong.

Fortunately, the bakeries of the world are here to help.

I think we'll call this Faeber.

I DO believe in Faeber. I do, I do!!


TRUE STORY: Last week our cat Tonks decided to eat a piece of ribbon because she is, by all accounts, an idiot. Now if you're a cat owner, you know that she will most likely end up dragging a two foot piece of poo-coated ribbon across our carpet while we sleep, blissfully unaware of the impending cleaning bills.

Which makes me wonder: Does the same thing happen with kids?

Admit it: you just had a mental image of a bunch of toddlers scootching their butts across the carpet.


Now, of course, if plastic is your fiber of choice, then have I got a cake for you!

It's like a cartoon colonic.


In fact, bakers really seem to be embracing the Dollar Depot movement: (Heh. "Movement.") Case in point: Ashley ordered a little boy's cake, something appropriate for a first birthday.

Aaaand this is what she got:

...'cuz nothing's more appropriate for a one-year-old than twenty-two individual choking opportunities.

"No, Palmer, Sweetie, you can't eat that. Or that. Or that. Or that. Or that. No! Not that! Or that. Or that. Or that. Or that. Or that. Or that. Or that. Or that. Whoah! Definitely not that. Or that. Or that. Or that. Or that. Or that. Maybe th...no, not that, either.

"Or that."


Diana F., Kasia R., Wicked Princess, & Ashley P., I think the brown sprinkles might be safe, if you want to chance it.

NOTE: This post is from a few years ago, so rest assured Tonks is fine. And more importantly, so is our carpet.


Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

People who use Gmail and other Google services now have an extra layer of security available when logging into Google accounts. The company today incorporated into these services the open Universal 2nd Factor (U2F) standard, a physical USB-based second factor sign-in component that only works after verifying the login site is truly a Google site.

A $17 U2F device made by Yubikey.

A $17 U2F device made by Yubico.

The U2F standard (PDF) is a product of the FIDO (Fast IDentity Online) Alliance, an industry consortium that’s been working to come up with specifications that support a range of more robust authentication technologies, including biometric identifiers and USB security tokens.

The approach announced by Google today essentially offers a more secure way of using the company’s 2-step authentication process. For several years, Google has offered an approach that it calls “2-step verification,” which sends a one-time pass code to the user’s mobile or land line phone.

2-step verification makes it so that even if thieves manage to steal your password, they still need access to your mobile or land line phone if they’re trying to log in with your credentials from a device that Google has not previously seen associated with your account. As Google notes in a support document, security key “offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.”

Unlike a one-time token approach, the security key does not rely on mobile phones (so no batteries needed), but the downside is that it doesn’t work for mobile-only users because it requires a USB port. Also, the security key doesn’t work for Google properties on anything other than Chrome.

The move comes a day after Apple launched its Apple Pay platform, a wireless payment system that takes advantage of the near-field communication (NFC) technology built into the new iPhone 6, which allows users to pay for stuff at participating merchants merely by tapping the phone on the store’s payment terminal.

I find it remarkable that Google, Apple and other major tech companies continue to offer more secure and robust authentication options than are currently available to consumers by their financial institutions. I, for one, will be glad to see Apple, Google or any other legitimate player give the entire mag-stripe based payment infrastructure a run for its money. They could hardly do worse.

Soon enough, government Web sites may also offer consumers more authentication options than many financial sites.  An Executive Order announced last Friday by The White House requires the National Security Council Staff, the Office of Science and Technology Policy and the Office of Management and Budget (OMB) to submit a plan to ensure that all agencies making personal data accessible to citizens through digital applications implement multiple layers of identity assurance, including multi-factor authentication. Verizon Enterprise has a good post with additional details of this announcement.

It’s Not That Big a Deal

Oct. 22nd, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

odd one out

Credit: Flickr / Michelle Friswell

As an Angry Internet Feminist™, every incident I point out has multiple parts.

  1. I notice and say something.
  2. Tone policing, on whether I should have noticed it. After all, it’s not that big a deal.

Someone uses “he” when they should say “they”? Not that big a deal.

Mild objectification of women in something that should be professional? Not that big a deal.

No women speaking at a conference? Not that big a deal.

Because the thing is, each instance isolated is not really that big a deal. So one sentence wasn’t inclusive? So what. So one guy thought he was funny when he wasn’t? So what. So that one conference didn’t actually get the best speakers because they limited themselves to <50% of the population (usually no PoC either). So what?

Here’s the thing that people who are telling me what should and should not bother me don’t seem to realize. It’s that I do understand that if it was that one thing, it wouldn’t be a big deal. But it probably isn’t even the only thing I’ve encountered that week.

Because whatever your feelings about “they” as grammatically less correct, when I sit in a room full of men, and only men, and someone says “he” when they could say “they” I often look around the room, and I’m reminded that I don’t belong.

Really, I get enough reminders. At the events featuring pizza and beer. When men think I’m lost, or something – anything – other than an engineer. Could you just change that word? Would it really be that big a deal?

And yes, it just a word, it’s just a tasteless joke. But it’s in your marketing materials and presumably more than one person looked at those. So if that wasn’t a big deal… what will not be a big deal for something less externally facing?

That guy, urgh that guy, who “jokingly” called his female colleague a bitch. What do you think he’s going to write on her performance review? Maybe that she’s “abrasive”.

You know, when I left my Prestigious Tech Job to do something different, it wasn’t to be the unpaid, unappreciated teaching assistant of the Feminism 101 MOOC.

Because these individual items that each taken individually are “not a big deal” have piled up and now I sit precariously atop a pile of tiny rocks, wondering when it will all come crashing down.

These things do not happen in isolation. The culture that culminates in the death and rape threats (just the most recent example) is built on a culture where women do not get paid what they deserve, where they are objectified, marginalized, and, most of all, ignored.

Can we talk about humour for a moment? Because I’m tired of these things being “jokes”. This guy thought that rape threats were satire. I will now explain why they are not funny. Humour requires an element of the unexpected, and there is nothing unexpected about a woman with an opinion being threatened with rape. It is an alarmingly normal occurrence. Online harassment is an expected part of being an Angry Internet Feminist™, and it is hard to distinguish between the guy who calls me some obscene word and is “joking” and the one who has intent.

So we add two factor authentication (did you know, Twitter has it?), and install security software on our websites. I have only experienced the very mildest levels of harassment, but make no doubt, if I was truly under threat, I have a plan for where I would go, and enough air miles and money to get me there. Call it paranoia, if you want. I call it being prepared.

There is no humour there. There is just yet another woman who is paying the price, in harassment, for having an opinion. For calling stuff out, when she saw it.

The data says that 40% women drop out of tech careers in the first 10 years. I didn’t know many other women on my university course, but of those I do, I am the only one still building systems and writing code. One is an environmental economist. Another a BA. I hear one became an artist, cool.

And I’m sure each of them went towards something compelling, to them. I’m sure they each made the decision that worked for them. I hope they have interesting careers and fulfilled lives.

But they didn’t stay.

Against the evidence, my generation of women techies, we thought we were different. We thought things were better, because sexual harassment and even assault was no longer a normal part of the working day (although don’t be mistaken – it happens). We thought things would be different, and we just needed to work hard and be awesome. We were wrong.

I’m reaching this point in my career where I’m starting to see my peers drop out. Make their backup plans. I wrote this article about knowing someday I would leave tech, and so many women said “this is how I feel!” and a couple of men said “wow it’s really bad that women feel this way, maybe we should do something”.

Because I hear variations on the same story, again, and again, and again.

It is hard to fix structural equality. And like many hard things the first step is admitting there is a problem. Could you just say “they” instead of “he”? Pay an expert to review your marketing materials? Could you just do the work to get a more balanced line-up at your conference? Stop making “satirical” rape threats? Could you stop telling me what should, or should not bother me? Please?

I’ll tell you what I think is a big deal. It’s when I watch a woman who I know to be brilliant, slowly lose her joy of making. It’s when I watch her give up caring about her career, and just go through the motions, because frankly showing up every day is hard enough. It’s when I see her leave.

How I Do Antiquing: Old Disney Toys!

Oct. 22nd, 2014 12:18 am
[syndicated profile] epbot_feed

Posted by Jen

Some people go antiquing for the history or the treasure. I go for the toys.

Vintage Orange Bird & baby Donald!
Yes, they're filthy. But Donald is from 1984, was only a dollar, and c'mon, BABY DONALD. Orange Bird was $15, but he's kinda rare, and I love him. (I'm guessing he's also from the early 80s.)

Anyway, here's a quick tip: If you need to clean toys like Donald, which is soft & rubbery like a squeak toy, then grab one of these bad boys:

Yep, Magic Eraser works wonders at taking off old stains, crayon marks, and even pen ink from soft plastic. Check out the difference!

The blue pen line down the side of his face is completely gone!

Just be careful when scrubbing, since Magic Eraser *will* take the original paint off. It's basically a spongey form of sandpaper.

(And no, this isn't a sponsored post.)

Magic Eraser works well on harder surfaces, too, of course. Here's cleaned-up Orange Bird:

Did I mention he's a bank?

I'm debating touching up his paint, and possibly re-painting Donald all together. (Although those 80s pastels *are* kinda rockin'. Hee.)

I also picked up this tiny purse for $5, because the inside is ridiculously cool:

I'm a sucker for anything small with "hidden" compartments, and LOOK:

That circular screen pulls out to reveal a powder puff & powder compartment, and I guess the other sections were for lipstick and... money? Maybe? They're both suuuper tiny; the lipstick compartment is about 3/4 of the size of a Chapstick tube.

And THEN, there's another section under the mirror!


It doesn't look like the purse was ever used, but the exterior suede/velvet was crumbling off in my hands. I'm hoping to redo the whole thing, maybe make it usable for a steampunk outfit or something. [brain storming]

And finally, our big splurge: $30 for this amaaazing "Baseball Clock" that sold at the World's Fair during the 1930s:

Fun, right? I've never seen another clock like it! (It winds in the back.)

If you're ever looking for good/cheap antiquing here in central Florida, check out the Orange Tree Antique Mall (my favorite), or the Flea Market and outside areas at Renningers in Mt. Dora. (The inside vendors are too pricey for me, but it's still fun to look.)

Oh, and speaking of funky clocks, stay tuned....

'Cuz I'm working on one last Halloween thing. 

[evil grin]

[syndicated profile] geekfeminism_feed

Posted by spam-spam


  • On Gamergate: a letter from the editor | Polygon (October 17): “Video games are capital “C” Culture now. There won’t be less attention, only more. There won’t be less scrutiny. There certainly won’t be less diversity, in the fiction of games themselves or in the demographics of their players. What we’re in control of is how we respond to that expansion, as journalists, as developers, as consumers. Step one has to be a complete rejection of the tools of harassment and fear — we can’t even begin to talk about the interesting stuff while people are literally scared for their lives. There can be no dialogue with a leaderless organization that both condemns and condones this behavior, depending on who’s using the hashtag.”
  • Gamergate threats: Why it’s so hard to prosecute the people targeting Zoe Quinn and Anita Sarkeesian | Slate (October 17): “The light penalties attached to many of these online crimes also deter officials from taking them seriously, because the punishment doesn’t justify the resources required to investigate and prosecute them”
  • Of Gamers, Gates, and Disco Demolition: The Roots of Reactionary Rage | The Daily Beast (October 16): “Our various “culture wars” tend to boil down to one specific culture war, the one about men wanting to feel like Real Men and lashing out at the women who won’t let them.”
  • Gamergate in Posterity | The Awl (October 15): “Maybe there will be some small measure of accountability in the far future, not just for public figures and writers and activists, but for all the people who could not or would not see their “trolling” for what it really was. Maybe, when their kids ask them what they were like when they were young, they will have no choice but to say: I was a piece of shit. I was part of a movement. I marched, in my sad way, against progress. Don’t take my word for it. You can Google it!”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

[syndicated profile] geekfeminism_feed

Posted by Tim Chevalier

With his permission, I’m reposting this blog comment from Marco Rogers, in a reply to an anti-feminist comment on a blog post about women in tech that he wrote 2 1/2 years ago. Although the post is that old, the comment is from a few days ago, because even years later, anti-feminist trolls are stumbling across Marco’s blog post and feeling the need to express their displeasure with it.

I’m reposting Marco’s comment because I think it’s a good example about how to respond to a troll. I would love to see more men let their anti-feminist peers know that uninformed anti-feminist wankery is a waste of time. And I would love to do that more often myself, rather than engaging with it.

Hi [REDACTED]. I thought a long time about whether to let this comment stand or delete it. I do listen to input from different perspectives. I read this entire thing. And I’m sorry to say it was a waste of my time.

I’m afraid this reply won’t be very constructive. I had to chose whether to waste further time dismantling your false logic, and I had to take into account whether it would make any difference to you or anyone reading. I don’t think it will. In my experience, it’s very difficult to educate men who think like you do.

I’ll admit it also annoys me that you would come and write a small novel in my blog comments but not say anything new or original. Men have been making this argument that their long history of sexism is somehow the natural order of things since the beginning of time. It’s not revelatory, it’s not some profound wisdom that people haven’t heard, it’s boring. The feminist/womanist movement grew in direct opposition to all the nonsense you spouted above. There is a ton of literature that debunks and rejects every single point you are poorly trying to make. The least you can do is educate yourself on the system you’re up against, so you can sound more cogent and have an actual chance of convincing anyone.

The question remains of whether I let your comment stay up. I think I will. Not because I feel compelled to represent multiple viewpoints here. This is my blog and I choose what goes here. But I’ll leave it because I’m no longer afraid of letting people read tripe like this. You’re losing. We WILL create a world where the mentality of men like you is a minority and women get to exist as themselves without fear. You can’t stop it. Stay mad bro. Thanks for dropping by.

YES WE CA... Oh. Well, Crap.

Oct. 21st, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen



Thanks to Lionel S. for reminding us there's also no "eye" in "team," although I don't see what that has to do with anything.


Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.

staplesAccording to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.

Framingham, Mass.-based Staples has more than 1,800 stores nationwide, but so far the banks contacted by this reporter have traced a pattern of fraudulent transactions on a group of cards that had all previously been used at a small number of Staples locations in the Northeast.

The fraudulent charges occurred at other (non-Staples) businesses, such as supermarkets and other big-box retailers. This suggests that the cash registers in at least some Staples locations may have fallen victim to card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals.

Asked about the banks’ claims, Staples’s Senior Public Relations Manager Mark Cautela confirmed that Staples is in the process of investigating a “potential issue involving credit card data and has contacted law enforcement.”

“We take the protection of customer information very seriously, and are working to resolve the situation,” Cautela said. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”  

A New Book Review? As You Wish!

Oct. 20th, 2014 03:44 pm
[syndicated profile] epbot_feed

Posted by Jen

Last week my sister-in-law surprised me with Cary Elwes' new Princess Bride memoir, As You Wish, and I zipped through it in 2 nights.

I've been looking forward to this read since I first heard about it months ago, so I was positively giddy cracking open the first page. I LOVE behind-the-scenes stories already, but throw in stories from one of my favorite movies of all time? SOLD!

Ok, so, let's start with the obvious: if you're as big a fan of The Princess Bride as I am, you're going to buy this book. And really, if you're that uber fan, you absolutely should.

For everyone else, though? Who may only have a passing interest in a movie they certainly like, but don't, say, quote daily & maybe even have "As You Wish" inscribed in a spouse's wedding ring? (WHAT.)

Well... for those folks, maybe not.

Don't get me wrong; there are some delightful tidbits in Elwes' book, stories that make the movie that much more magical in my eyes - but those tidbits are few and far between. Much of the book's 270 pages feels like filler, as Elwes gushes about how wonderful his co-stars are, how brilliant the director Rob Reiner is, and how blessed overall he feels to have been a part of this movie.

I'm relieved this isn't some grimy tell-all, of course, but after two hundred pages of everyone being wonderful and amazing, but very few personal stories to go along with all the gushing, you start to wonder if you're getting the whole truth. Or maybe we are getting the truth, but Elwes just didn't have enough material to properly fill out the book. Realistically, I think the "good stuff" could have been condensed down to 50 pages, and not felt rushed.

For example, Elwes spends 4 or 5 pages detailing the entire plot of The Princess Bride. Not just reminding us what happens in case it's been a while; actually explaining it as if we've never seen the movie... but still chose to read a book about it. (Ohhh... kaaaaay....)

I'm sad to say that, even as short as the book is, I ended up skimming several sections. Elwes drags out even the most interesting stories - trying to milk them for all their worth, I guess - and even then, I didn't feel like I was really getting an insider's scoop. It all felt a little too sanitized, too diplomatic, like he didn't want to reveal anything too interesting for fear of offending his co-stars. (There's a vague reference to Mandy Patinkin's competitive streak during fencing training, but no examples or details.)

In fact, the most interesting stories revolve around Andre the Giant, and I can't help but wonder if Elwes felt more free sharing those because Andre is no longer with us. (Or maybe because those stories are already so well-known?)

On the plus side, sprinkled throughout the book are quotes from the rest of the cast and crew, often recounting their own memories of the same events. Those breaks help give Elwes' memoir a more well-rounded feel, and while there were no big revelations, it was still a nice addition.

That's my spoiler-free review, but now, as a reward, I'm going to tell you a few of my favorite things I learned. Some (all?) of these were already on the internet, so it's possible they won't be spoilers at all! Still, if you'd rather wait and get your movie trivia from the book, then STOP HERE.

Ok, my #1 go-to trivia for the next time I need a good ice-breaker - because I go to at least one or two parties a year and hey, IT COULD HAPPEN - In this scene:

The one where Count Rugen hits Westley over the head with his sword? The scene used in the movie shows Christopher Guest (as Count Rugen) actually knocking Elwes unconscious.

Elwes woke up later in the ER, as they were stitching up his head. In Guest's defense, they didn't have a prop sword, so the heavy metal handle came down harder than he intended, plus Elwes *told* him to just go ahead and hit him.

And in this scene:


Watch how Westley gets up; see how he favors one leg? That's because Elwes had just broken his big toe riding Andre the Giant's 4-wheel ATV - I think the same day, even - and was in a huge amount of pain. 

Those are the only two injuries Elwes sustained the whole movie, and I guess it says something about me that I find those the most interesting. :D
On the funny side, for the scenes with Billy Crystal as Miracle Max, Elwes spoiled so many takes by laughing that they had to replace him for most of it with a prop dummy on the table:

Again, to be fair, *everyone* was spoiling takes by laughing, including the director. The only injury Mandy Patinkin received during the whole shoot was during this scene; he bruised a rib, trying to hold in his laughter. Ha!

And finally, the sweetest revelation for me:

Wallace Shawn (Vizzini) was terrified of heights, and though all the long shots in this scene were done with stuntmen, the close-ups were done on a 30-foot tall fake cliff set. He was apparently so distraught that they physically tied him to Andre, who told Shawn, "Don't worry, I'll take care of you." (FEELZ!!) After that, Shawn was able to do the scene.

There were a few other really fascinating bits about Shawn, but I'll leave those for the book.

So, what'd you think, guys? Any favorite parts I missed? Or did you already know all these from various BuzzFeed articles? :D ([shaking fist at sky] Curse you, Buzzfeeeeed!)
[syndicated profile] geekfeminism_feed

Posted by Tim Chevalier

Simply Secure is a new non-profit that focuses on helping the open source community do a better job at security. Their focus is on adding usable security technology on top of existing, already-widely-adopted platforms and services, and their advisory board includes Wendy Seltzer, Cory Doctorow, and Angela Sasse, among others. (Full disclosure: I went to college with the executive director and founder, Sara “Scout” Sinclair Brody.)

They are hiring for two full-time positions right now: a research director/associate director with some mix of practical experience and formal education in security and UX design (sufficient experience compensates for a lesser degree of formal education), and an operations manager who will write grants and manage finances. Simply Secure strongly encourages applications from populations under-represented in the technology industry. For both positions, experience with and/or enthusiasm for open source is desirable but not required. Simply Secure is located in the US in Philadelphia and is actively recruiting candidates who work remotely.

To apply, visit their jobs page!

A Failure To Communicate, Vol. 243

Oct. 20th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

I like how the only thing legible is the one word NOT supposed to be there:


Erin K. wanted her daughter's cake to be oriented vertically, or portrait-style, but the baker wasn't getting it.

"You know, the long way?"



When you want a big 75, NOT a "big 75."

Can I quote you on that?


In fact, a lot of butchered instructions end up as new nick names:

Give up?

They wanted "thank you" written in pink.


And this one didn't want any gel icing:


Here's a blast from the past: a Historical Society hosted a "President's Tea."

Thank goodness they weren't screening old 80s TV shows there, too!

Can you imagine if it'd been the "President's Tea & A-Team Party?"


Now imagine, if you will, the ordering process that resulted in this cake:

I'm picturing a Monty Python sketch, myself.

"No, I want you to STAY HERE, and write the names underneath!"

"So I'm to write these names twice and capitalize 'Underneath.' Got it."

"No, no, it's quite simple. Write 'Happy Birthday' once, and the names underneath."

"If, if, uh... If, if, uh... Oh! Can I write the names three times... IF I use extra sprinkles?"



Thanks to Terry M., Erin K., Dan E., Stephanie D., Melanie K., Karen A., & Damon E. - AND NO SINGING!


Thank you for using our Amazon links to shop! USA, UK, Canada.

Public Speaking as Performance

Oct. 20th, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

cute bunny

Credit: Flickr / Sarah Embaby

I’ve written before about how I prepare mentally for a talk. Most recently, I’ve started to view it as a performance and be more and more (as the fall conference season is now underway) I’ve got more comfortable with the things I need to give a good performance. This change is mental, viewing it as a performance (rather than, commonly, a terrifying obligation past-me committed to), so differences are subtle, but important. I felt really good giving my last talk, which I think is a sign it’s time to prep a new one!

Because, it is a performance. I stand up in front of people, not my natural habitat, and try to be intensively witty and insightful.

I hope I’m usually witty and insightful, but in conversations, you take turns. On stage, it’s all on me.

One of my pet peeves as an audience member is when speakers are unprepared (even, maybe especially when they apologise for it!) Not preparing is disrespectful to the audience who have given up their time, and often significant amounts of money to be there.

If I’m speaking, then everything I do is around showing up prepared and in a good place mentally. This makes the conference experience very different. I feel OK about missing talks prior to mine. Although, pro-tip, for small conferences it’s worth letting them know you are hiding prior to your talk, and when to expect you as they may worry if they don’t see you!

Now, I always ask for travel costs (most conferences give speakers a free ticket) in part because it means I don’t feel any obligation to make the cost of attending worthwhile. Any value I got (which has typically been high) is gravy. Everything comes second to the performance.

Decompression time afterwards is also important. I usually use some of this time to make a storify of tweets during my talk.

Following day – a good night’s sleep and a good breakfast!

The other thing I’ve realised is that as a speaker, you can ask for things. Like water. Or to avoid specific slots. You can also ask for specific slots, but that is much harder for the organisers. It is incredibly hard organising a conference, so I try to go along with as much as possible and only ask for the things that will genuinely make an impact on my talk.

  • Prepare.
  • Hide (mental prep / power poses).
  • Setup equipment, test sound etc.
  • Perform.
  • Hide.
  • Socialise (this is when people say nice things! Don’t want to miss that!)
  • Relax (sleep in, have a nice breakfast).
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad.

Last month, media outlets in Malaysia reported that organized crime gangs had stolen the equivalent of about USD $1 million with the help of malware they’d installed on at least 18 ATMs across the country. Several stories about the Malaysian attack mention that the ATMs involved were all made by ATM giant NCR. To learn more about how these attacks are impacting banks and the ATM makers, I reached out to Owen Wild, NCR’s global marketing director, security compliance solutions.

Wild said ATM malware is here to stay and is on the rise.


BK: I have to say that if I’m a thief, injecting malware to jackpot an ATM is pretty money. What do you make of reports that these ATM malware thieves in Malaysia were all knocking over NCR machines?

OW: The trend toward these new forms of software-based attacks is occurring industry-wide. It’s occurring on ATMs from every manufacturer, multiple model lines, and is not something that is endemic to NCR systems. In this particular situation for the [Malaysian] customer that was impacted, it happened to be an attack on a Persona series of NCR ATMs. These are older models. We introduced a new product line for new orders seven years ago, so the newest Persona is seven years old.

BK: How many of your customers are still using this older model?

OW: Probably about half the install base is still on Personas.

BK: Wow. So, what are some of the common trends or weaknesses that fraudsters are exploiting that let them plant malware on these machines? I read somewhere that the crooks were able to insert CDs and USB sticks in the ATMs to upload the malware, and they were able to do this by peeling off the top of the ATMs or by drilling into the facade in front of the ATM. CD-ROM and USB drive bays seem like extraordinarily insecure features to have available on any customer-accessible portions of an ATM.

OW: What we’re finding is these types of attacks are occurring on standalone, unattended types of units where there is much easier access to the top of the box than you would normally find in the wall-mounted or attended models.

BK: Unattended….meaning they’re not inside of a bank or part of a structure, but stand-alone systems off by themselves.

OW: Correct.

BK: It seems like the other big factor with ATM-based malware is that so many of these cash machines are still running Windows XP, no?

This new malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.

This new malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.

OW: Right now, that’s not a major factor. It is certainly something that has to be considered by ATM operators in making their migration move to newer systems. Microsoft discontinued updates and security patching on Windows XP, with very expensive exceptions. Where it becomes an issue for ATM operators is that maintaining Payment Card Industry (credit and debit card security standards) compliance requires that the ATM operator be running an operating system that receives ongoing security updates. So, while many ATM operators certainly have compliance issues, to this point we have not seen the operating system come into play.

BK: Really?

OW: Yes. If anything, the operating systems are being bypassed or manipulated with the software as a result of that.

BK: Wait a second. The media reports to date have observed that most of these ATM malware attacks were going after weaknesses in Windows XP?

OW: It goes deeper than that. Most of these attacks come down to two different ways of jackpotting the ATM. The first is what we call “black box” attacks, where some form of electronic device is hooked up to the ATM — basically bypassing the infrastructure in the processing of the ATM and sending an unauthorized cash dispense code to the ATM. That was the first wave of attacks we saw that started very slowly in 2012, went quiet for a while and then became active again in 2013.

The second type that we’re now seeing more of is attacks that start with the introduction of malware into the machine, and that kind of attack is a little less technical to get on the older machines if protective mechanisms aren’t in place.

BK: What sort of protective mechanisms, aside from physically securing the ATM?

OW: If you work on the configuration setting…for instance, if you lock down the BIOS of the ATM to eliminate its capability to boot from USB or CD drive, that gets you about as far as you can go. In high risk areas, these are the sorts of steps that can be taken to reduce risks.

BK: Seems like a challenge communicating this to your customers who aren’t anxious to spend a lot of money upgrading their ATM infrastructure.

OW: Most of these recommendations and requirements have to be considerate of the customer environment. We make sure we’ve given them the best guidance we can, but at end of the day our customers are going to decide how to approach this.

BK: You mentioned black-box attacks earlier. Is there one particular threat or weakness that makes this type of attack possible? One recent story on ATM malware suggested that the attackers may have been aided by the availability of ATM manuals online for certain older models.

OW: The ATM technology infrastructure is all designed on multivendor capability. You don’t have to be an ATM expert or have inside knowledge to generate or code malware for ATMs. Which is what makes the deployment of preventative measures so important. What we’re faced with as an industry is a combination of vulnerability on aging ATMs that were built and designed at a point where the threats and risk were not as great.

According to security firm F-Secure, the malware used in the Malaysian attacks was “PadPin,” a family of malicious software first identified by Symantec. Also, Russian antivirus firm Kaspersky has done some smashing research on a prevalent strain of ATM malware that it calls “Tyupkin.” Their write-up on it is here, and the video below shows the malware in action on a test ATM.

In a report published this month, the European ATM Security Team (EAST) said it tracked at least 20 incidents involving ATM jackpotting with malware in the first half of this year. “These were ‘cash out’ or ‘jackpotting’ attacks and all occurred on the same ATM type from a single ATM deployer in one country,” EAST Director Lachlan Gunn wrote. “While many ATM Malware attacks have been seen over the past few years in Russia, Ukraine and parts of Latin America, this is the first time that such attacks have been reported in Western Europe. This is a worrying new development for the industry in Europe”

Card skimming incidents fell by 21% compared to the same period in 2013, while overall ATM related fraud losses of €132 million (~USD $158 million) were reported, up 7 percent from the same time last year.

This Week

Oct. 20th, 2014 12:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

IMG_6928 IMG_6929 IMG_6931


Hanging out in Canadia (KW) this week and catching up with friends from when I lived here. It’s great to see people! Also gave a talk at the University of Waterloo, which I live tweeted. Then heading back to the UK. Looking forward to getting back in the pool! I’ve missed swimming.


Contemplating a job offer, but meanwhile I continue explore freedom. I’m making progress on the app! Which is exciting (is there anything better than an excited email from your UX designer and new mocks?). Also following up on some potential consultancy stuff.


Very foodie week including Bhimas, Uptown 21, Public. There is Cha Time here! Which was wonderous. I drank a lot of it.


Reading Jean Jennings Bartik’s memoir Pioneer Programmer, which is great so far. For light relief, finished Beauvallet and read Charity Girl and Convenient Marriage.

Product links Amazon


Elsewhere: I was Hannah’s Ada Lovelace Day pick! And quoted in The Guardian.

On The Internet

[syndicated profile] geekfeminism_feed

Posted by spam-spam

Gamergate and online harassment

Other Stuff

  • Ada Lovelace, a Computer Programmer Ahead of Her Time | Mashable (October 15): Read more about the life of the “enchantress of numbers”
  • Ways Men In Tech Are Unintentionally Sexist | this is not a pattern (October 14): “These are little things. Things that many people do without thinking about them and certainly without intending anything by them. Things that individually are meaningless, but in aggregate set the tone of an entire community.”
  • The Malala you won’t hear about | The People’s Record (October 16): “This is the Malala the Western corporate media doesn’t like to quote. This is the Malala whose politics do not fit neatly into the neocolonialist, cookie-cutter frame of presentation. This is the Malala who recognizes that true liberation will take more than just education, that it will take the establishment of not just bourgeois political “democracy,” but ofeconomic democracy, of socialism.”
  • Where’s Thor When You Need Her? Women In Comics Fight An Uphill Battle | NPR (October 10): “On Facebook, women make up just under half of all self-identified comics fans. But even as the female audience grows, female creators for DC and Marvel, colloquially known as “the Big Two,” are still in the minority.”
  • Internal Memo: Microsoft CEO Satya Nadella sets new diversity plan after ‘humbling’ experience | GeekWire (October 15): “The memo, sent prior to a regular monthly Q&A session with employees, went on to outline a series of steps that Nadella says the company will be taking to improve diversity and inclusion across the company, including the company’s engineering and senior leadership teams.”
  • FiveThirtyEight Turns the Lidless Eye of Data Crunching to Gender Disparity in Superhero Comics Characters | The Mary Sue (October 15): “Hanley has been crunching the numbers on the gender make up of the folks who work on Marvel and DC comics for years, but FiveThirtyEight wanted to take a slightly different tack by looking at the characters who make up those comics in the first place.”
  • Mary Berners-Lee: Ada Lovelace Day Hero | equalitism (October 19): “Tim Berners-Lee’s mom, Mary Lee Woods was a badass mathematician/computer scientist before he was. Both of Tim’s parents worked on a team that developed programs in the School of Computer Science, University of Manchester Mark 1, Ferranti Mark 1 and Mark 1 Star computers.”
  • We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

    You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

    Thanks to everyone who suggested links.

    Sunday Sweets: Gothic Elegance

    Oct. 19th, 2014 01:00 pm
    [syndicated profile] cakewrecks_feed

    Posted by Jen

    Who says dark has to be dreary? These gorgeous Gothic cakes will have you cheering:

    (By Sweet Lake Cakes)


    Sweet Lake seems to specialize in Gothic designs, and I couldn't pick just one favorite!

    (By Sweet Lake Cakes)

    Look at that lace and "fabric" draping. INCREDIBLE.


    One more:

    (By Sweet Lake Cakes)

    The bird skull cameo is the perfect touch.


    And speaking of cameos, check out the raven head design on this little top hat:

    (By Cake Central member ChrisJack1)

    The feather, the hand painted skulls and swirls, the roses - just beautiful.


    (By Candytuft Cakes)

    It doesn't get much more classic than rich black and blood-red roses!


    I really love the contrast of the white tiers under all this heavy scrollwork:

    (Baker unknown. Anyone recognize it?)

    WOW. The bottom tier looks like a wrought iron gate, and the second has architectural arch ways. The longer you look, the more detail you see!


    On the other hand, sometimes simple can be just as dramatic:

    (By Connie Cupcake)



    Now welcome, foolish mortals, to the Haunted Mansion cake:

    (By WDW's Contemporary Resort bakery, found here)

    That wallpaper and perfect draping has this Dizgeek all atwitter, you guys. Great color on the roses, too!


    (By Antonelli di Maria Torte & Design)

    One of my personal favorites today; I can't believe that fabric draping, and the perfect color fade on the spider web!


    (Baker unknown)

    This purple practically glows, it's so vivid. If you look closely, you can see the layered acanthus leaves making up the second tier. Beautiful.


    (By Cake Opera Company, featured here)

    Another astounding, can't-believe-it's-cake design. That heavy embroidery is insanely intricate, and I've been so busy staring at the cake itself that I just now noticed the cake stand is wrapped in fur!


    And finally, arguably the simplest design of them all today, but I'm just so smitten with the unusual floral swag:

    (By Artistic Bites, featured here)

    This wedding cake was made for a "Red Riding Hood marries the Wolf" themed photo shoot, and I highly recommend hitting that link up there to see the rest. It's the perfect blend of dark elegance and fairy-tale whimsy, and I LOVE the succulents and fuzzy mosses they used on the cake.


    Hope you enjoyed the Gothic Sweets, everyone! Happy Sunday!

    Be sure to check out our Sunday Sweets Directory to see which bakers in your area have been featured here on Sweets!


    Thank you for using our Amazon links to shop! USA, UK, Canada.


    Buffy the Linkspam Slayer

    Oct. 17th, 2014 07:16 pm
    [syndicated profile] geekfeminism_feed

    Posted by spam-spam

    • Anita Sarkeesian explains why she canceled USU lecture | Salt Lake City Tribune (October 16): “A nationally known feminist media critic said Wednesday that “it would be irresponsible” to give a lecture amidst mass shooting threats at Utah State University, knowing that police would not screen for weapons at the door. In a phone interview from San Francisco, Anita Sarkeesian said she canceled Wednesday’s lecture not because of three death threats — one of which promised “the deadliest school shooting in American history” — but because firearms would be allowed in spite of the threats.”
    • When gun rights trump public safety | Mary Elizabeth Williams (October 15): “It’s one thing to accept and understand that plenty of reasonable and responsible people own guns and that is their constitutional right. It is another to be so outrageously afraid of legitimate and sane restrictions that you have a situation in which it is entirely permissible to carry a loaded weapon into an event that carries a threat that the people attending it will “die screaming.””
    • The Threats Against Anita Sarkeesian Expose The Darkest Aspects of Online Misogyny | Maureen Ryan (October 15): “The question that’s been haunting many observers for weeks is now right out in the open in the wake of the latest threats leveled at Sarkeesian: Is someone going to have to die for things to change?”
    • #Gamergate Trolls Aren’t Ethics Crusaders; They’re a Hate Group | Jezebel (October 13): “I set about locking down accounts, emailing professors, contacting campus safety, and calling family. It was an exhausting process, but I considered it necessary. The attack could get out of hand. I mentioned offhand to my sister, about two hours in, that “it was getting to be my turn anyways,” to nonchalantly minimize my hurt. That was the moment I broke down. I realized just how much I’d internalized the presumed process: if you’re even asking about equality or diversity in games, being shouted down in a traumatizing manner is now a mandatory step that you have to sit back and endure.”
    • Sweatin’ the Small Stuff, of, Beware Your Throwaway Jokes About Middle-Aged Women in Magic | One General to Rule them All (October 14): “I dare Wizards to give us a major female Magic character (read: Planeswalker) in the next couple of sets who doesn’t have a body that wouldn’t look out of place on a runway or the cover of Playboy. Tamiyo, the Moon Sage was a great start, but that was three blocks ago. Hell, at this point, I’ll take more than one female Planeswalker per set.”
    • AdaCamp: Spending Time with Women in Open Source and Technology | Zara Rahman (October 13): “There were some sessions that really opened my eyes to another area of this ‘open’ bubble- for example, talking about women in open source. Most of the women there were coders, who had contributed to open source code projects; and despite my having read accounts of abuse and harassment within the open source community fairly regularly before, the severity of the situations they face, really hit home for me during this session.
    • Ada Lovelace Day: Meet the 6 women who gave you ‘the computer’ | The Register (October 14): “All six are now sadly no longer with us – Bartik was the last to pass away. But their achievements were profound, not just in terms of inadvertently cementing the name “computer”. In the absence of manuals literally working out how to use this giant, the team of six installed computer programs working from sheets of paper, nimbly unplugging and replugging a rat’s nest of cables and resetting switches.”
    • Don’t Be Fooled by Apple and Facebook, Egg Freezing Is Not a Benefit | The Daily Beast (October 15): “Of all the women Snyder surveyed, nearly 90 percent of them said they did not plan on returning to the tech industry in the future. The incompatibility between motherhood and tech, it seems, runs far deeper than the timing of pregnancy alone. And the problem is so severe that the women who leave almost never want to come back. In this context, the decision to cover egg freezing reads as Silicon Valley at its most typical, deploying a hasty technological stopgap for a cultural problem.”
    • Tech’s Meritocracy Problem | Medium (October 10): “Engineers love to be skeptics — it’s time to bring our skepticism to the concept of meritocracy. If we can be skeptical enough about our own ability to detect merit, and balance it with more objective measurement or outright mitigatory adjustments — we’ll come closer to resembling an actual meritocracy.”
    • HERoes: Genevieve Valentine | Comicosity (October 2): “From journalist to award winning novelist, Genevieve Valentine is now channeling her inner crime boss. She is providing a new voice to a suited up Selina Kyle, starting with this month’s issue of Catwoman. She tells Comicosity about switching the role of female characters in comics and the importance of reader perspective while consuming.”
    •  Comic Books are Still Made by Men, For Men, and About Men | FiveThirtyEight (October 13): “But these recent advancements don’t make up for the fact that women have been ignored in comic books for decades. And they still don’t bring women anywhere close to parity: Females make up about one in four comic book characters. Among comic-creators, the numbers are even more discouraging. Tim Hanley, a comics historian and researcher, analyzes who’s behind each month’s batch of releases, counting up writers, artists, editors, pencilers and more. In August, Hanley found that men outnumbered women nine-to-one behind the scenes at both DC and Marvel.”
    • Life, Engineered: How Lynn Conway reinvented her world and ours | University of Michigan (October 8): “Ten years earlier, Conway had been one of the first Americans to undergo a modern gender transition. It had cost her a job and her family. Once she established herself as a woman, she kept the past a secret. Conway stayed behind the scenes as much as she could. As a result, so did many of her achievements.”

    We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

    You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

    Thanks to everyone who suggested links.

    Friday Favs 10/17/14

    Oct. 17th, 2014 01:00 pm
    [syndicated profile] cakewrecks_feed

    Posted by Jen

    Some of my favorite new submissions this week.


    Guys, if you ever want a 3D sculpted cake like this:


    ...and your baker claims she can make a cupcake cake (patooie!) look just like it, DO NOT BELIEVE HER.

    On the plus side, I hear hippo skin rugs are all the rage now in child therapy sessions.



    They asked for a book cake of The Great Gatsby:




    You know, when *I* was a kid they didn't have all these new-fangled flavored fillings:




    "Ok, ma'am, your cake has room for three lines of text."

    "Great! I'd like 'Mazel Tov' on the first line, and 'Sara Rose' on the second."

    "And for the third line?"

    "Oh, just leave that blank."



    Apparently Jennifer K's husband never gets her anything for their anniversary, so for the big 10 she got him a cake. That said this:

    I really shouldn't be finding this so funny, should I?



    "Hey, guys, is 'give up' all one word?

    Is there a dash?

    How do you spell it, again?

    Is this right?

    How about now?


    Mmmm, sweet irony.


    Thanks to Disireah, Tonianne, Allie P., Deena M., & Anony M. for reminding us to never give up, NEVER SURRENDER.


    Thank you for using our Amazon links to shop! USA, UK, Canada.

    [syndicated profile] accidentallyincode_feed

    Posted by Cate

    My notes from Pilky’s iOSDevUK talk. It was so good that after watching it I actually thought I understood AutoLayout (I later discovered I was wrong). His slides (and notes) are here.

    cat in a box

    Credit: Wikimedia

    What is AutoLayout?

    • Constraint based layout system.
    • Define relationships between views.
    • Into in Max OS X 1.07, iOS 6.
    • Makes previously complex layout problems simple (i18n much easier).
    • Requires a different way of thinking about layout.
    • Fits more closely to your natural mental model – bit like a compiler. You don’t write everything in assembly. You write in a programming language, compiler translates.

    Constraints: How do they work?

    • Represented by NSLayoutConstraint (only class added for AutoLayout).
    • Defines relationship between two attributes.
    • Attributes are effectively variables. Can’t access directly, treat them as constraints.
    • Treat a constraint as a small function modifying a variable.
    • y = mx + c
    • view1.attribute = multiplier * view2.attribute + constant


    Effectively variables, so what do we have:

    • width
    • height
    • centerX
    • centerY
    • baseline (for text)
    • Left leading. Right trailing, Top, Bottom.
    • Left and Right – left to right language, equivalent. In R to L language, left becomes trailing, right leading.
      • Want the entire information flow of your app to swap around.
      • Used to have to do this yourself, now get it for free.


    • Equal
    • Greater than or equal to
    • Less than or equal to
    • Becomes more important with different size devices. Want things to resize smartly.

    Multipler and Constant

    • Multiplier: ratio between two attributes.
    • Constant: difference between two attributes.


    • How strongly should a constrained be satisfied.
    • Constraints required by default.
    • Constraints can be broken. Optional constraints.
    • Required constrains have priority of 1000.
    • Allows us to build a hierarchy of constraints.
    • If two conflict, lower one will be broken to satisfy higher one.


    How should you be thinking?

    Relative vs Absolute

    • Don’t think in frames, think in relationships.
    • Most constraints are relative to other attributes.
    • No need to do complex calculations based on other views.

    Thinking in Values

    • Can be hard to work out what attributes, constant etc. to use.
    • Don’t think of them as abstract values.
    • It’s an equation – substitute in numbers.

    Constraining a View

    • All views need at least 4 constraints.
    • Need to position and size in both horizontal and vertical axes.

    Intrinsic Content Size

    • Views know how to layout some content.
    • Therefore they know the smallest size to display that content.
    • Implicit constrains defining intrinsic width and height.
    • Stronger constrains is compression resistance (p. 750, prevents from clipping).
    • Helps a lot with localisation.
    • Never want to specify explicit height or width, especially one that is showing text.
    • Used to have to change things manually on i18n. Now with auto layout you don’t. Saves a lot of code.

    Calculating UITableViewCellHeights

    • Autolayout and UITableView.
    • Create table cells as any views, adding constraints to define height.
    • Use systemLayoutSizeFittingSize: to return height.
    • Get a cell from the table view:
      • Set a vertical constrain to have priority 999.
    • Or use template cell.
    • Set estimatedRowHeight to most common height.
    • Ensure rowHeight is UITableViewAutomaticDimension.
    • Set it to anything else, all the same problems as iOS6 and 7.

    Autoresizing UIImageVIew

    • Subclass UIImageView
    • Add following:
      • overrideIntrinsicContentSize:
      • overrideSetImage: (need to relayout).
    • If too big, will appear off the screen. Need to specify maximum size.
    • Cannot use external constraints, only those from the view hierarchy.
    • Reason for preferredMaxSize property.

    Switching Orientation

    • Turn constraints on and off (bit of a hack).
    • Make them optional. Set priority depending on orientation.
    • Set constrains priorities to 999 to enable.
    • Set to 1 to disable.
    • Many problems with this.
      • Theoretically, priority 1 constrains should never be satisfied.
      • But potentially it could be.
    • iOS8
      • New active property.
      • Set to yes, take into account.
      • Set to no, not taken into account.
      • activateConstraints: for bulk changes.
      • Use NIBs with size classes.


    • Frame based animation.
    • AutoLayout based animation.
      • AutoLayout is simpler, if the views are already there.
    [syndicated profile] geekfeminism_feed

    Posted by Tim Chevalier

    [Content warning: rape]

    Back in April, we published a statement of support for the victim in the Dana McCallum rape case. In the letter — written by Liz Henry and co-signed by Leigh Honeywell, Valerie Aurora, Brenda Wallace, Tim Chevalier (me), Annalee Flower Horne, and Beth Flanagan — we stated our empathy and support for the victim/survivor — who is McCallum’s wife (they are in the process of divorcing) — in this case as well as for her family.

    This month, McCallum accepted a guilty plea for two misdemeanors in this case: one count of domestic violence with corporal injury to the spouse and one count of false imprisonment. McCallum will serve probation, community service, and will have to undergo counseling. We already included this link in a linkspam, but given our previous statement of support for McCallum’s victim, I want to reiterate that support.

    As Liz wrote in our statement of support back in April, “Rape is a horrible violent crime no matter who the rapist is.” McCallum’s wife read a statement that says, in part:

    I must say that it deeply saddens me that as a victim, my only public support has been from hate groups. I expected more from the LGBT and feminist community. It’s a shame that they can’t do the emotional work it requires to process that someone they love is capable of such an awful crime. That is their burden to carry, though.

    In April, we also expressed disappointment in the transmisogynistic response to McCallum’s crime. As geek feminists, we believed then, and do now, that we can and must accept that someone in our community is capable of the crime of rape. Hard as it may be to accept, self-identified feminists can sustain rape culture — up to and including actually committing rape — too. We also believe that at the same time, we must resist the narrative that would use this crime to de-gender or misgender McCallum and, by extension, trans women. Rape can be committed by anyone, regardless of their assigned sex at birth or their self-affirmed sex or gender. Structural power dynamics and rape culture mean it’s far more likely to be committed by cis men than by people in any other group, but that is a fact that needs to inform anti-rape organizing — it does not make rapes committed by specific non-cis, non-male people less damaging.

    McCallum’s wife also said that she still loves McCallum and wants “forgiveness” to prevail. The Revolution Starts at Home (PDF link) is recommended reading for anyone curious about what that might look like.

    Edited to add: McCallum’s ex has also written a public blog post, as a guest post on Helen Boyd’s blog, about her experience:

    The transphobic radical feminists and other transphobic people will continue to rage over the state of my wife’s genitals, and I can’t stop them. But I hope more intelligent and thoughtful people will rise to the occasion to steer the conversation to what really matters.

    I want her to be accountable. I want this to never happen again. I want to forgive her. I want this story to be about forgiveness and redemption. I need it to be. I need others to let it be that, too – to be my story, my trauma, my choice, my agency.

    I recommend reading the post, but not the comments.

    My Steampunk Jack-O-Lantern!

    Oct. 16th, 2014 10:30 am
    [syndicated profile] epbot_feed

    Posted by Jen

    Or, ok, let's just go ahead and call it a Steampunkin. :)


    I had a lot of ideas for this guy, so nailing down the design was definitely the hardest part. If I'd known what I wanted to begin with, I probably could have finished in an afternoon, instead of taking over a week. o.0

    (I really vacillated between painting it copper & leaving the pumpkin "natural." I'm happy with it this way, but tempted to grab another small pumpkin and go full on metallic. :D)

    My only expense was the pumpkin itself - a $15 "Funkin" - and a single sheet of craft foam. Everything else is bits and pieces I had on hand.

    The jaw and tube flange are made with craft foam, silver rub n' buff, and "bead in a bottle" paint for the rivets:

    The plastic tubing is for holding computer wires (there's a split down the back), from a big roll I found in the clearance section at Ikea for a dollar.

    The monocle is a discard from my original goggles tutorial, but you could easily substitute a jar lid or piece of PVC pipe:

    The straps are more craft foam, held in place with furniture tacks.

    The last thing I added ended up being one of my favorites: a cut-away section with exposed gears:

    The gears are the same thin foil gears I use on just about everything, which my friend Sharyn makes in her die-cutting machine. (Love ya, Sharyn!)

    I originally planned to have a PVC "chimney" on there, too, but the proportions were off so I scrapped it. John liked it, though, and since he took a cool photo I GUESS I'll go ahead and post it:

    It's all wrong, though, right? Yep, I stand by my decision to remove the chimney. (But that photo on the right is awesome. Hey John, sweetie, you wanna do all my project photos? [Bambi eyes])

     Now, are you ready... for the magic? 



    And check out the gear cut-outs on the side!

    Aw yeeeeah. I am DIGGING those gear silhouettes.

    And I'm completely in love with my pumpkin light, you guys. It's the same one I had last year, which changes colors in alternating flashes & slow fades. I found it at one of those seasonal Halloween Superstore places for about $10.

    I also added a glow bracelet (left over from my poison apple tutorial) inside the tubing, which works surprisingly well.

    Here's a video of it all in action - turn off your sound, unless you want to hear my wall clock ticking away:

    But wait, WE'RE STILL NOT DONE. I have one more trick up my, uh, pumpkin.

    Did you wonder why I carved the mouth so big? And why the whole thing is sitting on that black plastic base? There's a reason! And here it is:


    Here's how we did it:

    I've had this $10 bubble gun for ages, figuring I'd use it for something steamy eventually. John built a wooden turn rod that, when twisted, presses the trigger. The rod above the trigger-pusher goes through the gun's housing for stability. Then we topped off the turn rod with an old faucet handle.

    Initially the pumpkin's mouth was angled down a little too far, so the bubbles kept popping on the jaw. To prop it up, John cut off most of an old plastic bucket to form a ring. This gives a nice stable bottom for the gun, and also lets us angle the pumpkin any way we like. (The bubble gun is easily removable, btw, which is nice.)

    The bubble feature would be WAY cooler if it were motion-activated, of course, but we don't have those skills just yet. It's fun to have the option of a little interactive surprise, though, and I think the neighborhood kids will like it come Halloween night!

    Hope you liked my Steampunkin, everyone! And thanks to those of you who suggested I make one in the first place over on the Epbot FB page; I really had fun with this guy, and couldn't be happier with how he turned out!

    All About That Boss

    Oct. 16th, 2014 01:01 pm
    [syndicated profile] cakewrecks_feed

    Posted by Jen

    Because I'm
    All about that boss
    'Bout that boss

    No trouble


    I'm all about that boss
    'Bout that boss

    No trouble


    I'm all about my boss,
    'Bout my boss

    No trouble


    I'm all about my boss
    'Bout my boss!


    Yeah, it's pretty clear
    She ain't no 2#

    My boss can bake it, bake it
    Like she's SUPPOSED to do


    She got that spelling that all the boys chase

    With all the balloons in all the right places.
    [knowing nod]


    Happy Boses Booses Bossy Day to Brendan R., Rebel Baking Company, Amy W., Justin M., Amanda B., & Susan G. Now, GET BACK TO WORK.


    Thank you for using our Amazon links to shop! USA, UK, Canada.

    [syndicated profile] krebsonsecurity_feed

    Posted by BrianKrebs

    The U.S. Justice Department has piled on more charges against alleged cybercrime kingpin Roman Seleznev, a Russian national who made headlines in July when it emerged that he’d been whisked away to Guam by U.S. federal agents while vacationing in the Maldives. The additional charges against Seleznev may help explain the extended downtime at an extremely popular credit card fraud shop in the cybercrime underground.

    The 2pac[dot]cc credit card shop.

    The 2pac[dot]cc credit card shop.

    The government alleges that the hacker known in the underground as “nCux” and “Bulba” was Roman Seleznev, a 30-year-old Russian citizen who was arrested in July 2014 by the U.S. Secret Service. According to Russian media reports, the young man is the son of a prominent Russian politician.

    Seleznev was initially identified by the government in 2012, when it named him as part of a conspiracy involving more than three dozen popular merchants on carder[dot]su, a bustling fraud forum where Bulba and other members openly marketed various cybercrime-oriented services (see the original indictment here).

    According to Seleznev’s original indictment, he was allegedly part of a group that hacked into restaurants between 2009 and 2011 and planted malicious software to steal card data from store point-of-sale devices. The indictment further alleges that Seleznev and unnamed accomplices used his online monikers to sell stolen credit and debit cards at bulba[dot]cc and track2[dot]name. Customers of these services paid for their cards with virtual currencies, including WebMoney and Bitcoin.

    But last week, U.S. prosecutors piled on another 11 felony counts against Seleznev, charging that he also sold stolen credit card data on a popular carding store called 2pac[dot]cc. Interestingly, Seleznev’s arrest coincides with a period of extended downtime on 2pac[dot]cc, during which time regular customers of the store could be seen complaining on cybercrime forums where the store was advertised that the proprietor of the shop had gone silent and was no longer responding to customer support inquiries.

    A few weeks after Seleznev’s arrest, it appears that someone new began taking ownership of 2pac[dot]cc’s day-to-day operations. That individual recently posted a message on the carding shop’s home page apologizing for the extended outage and stating that fresh, new cards were once again being added to the shop’s inventory.

    The message, dated Aug. 8, 2014, explains that the proprietor of the shop was unreachable because he was hospitalized following a car accident:

    “Dear customers. We apologize for the inconvenience that you are experiencing now by the fact that there are no updates and [credit card] checker doesn’t work. This is due to the fact that our boss had a car accident and he is in hospital. We will solve all problems as soon as possible. Support always available, thank you for your understanding.”

    2pac[dot]cc's apologetic message to would-be customers of the credit card fraud shop.

    2pac[dot]cc’s apologetic message to would-be customers of the credit card fraud shop.


    2pac is but one of dozens of fraud shops selling stolen debit and credit cards. And with news of new card breaches at major retailers surfacing practically each week, the underground is flush with inventory. The single most important factor that allows individual card shop owners to differentiate themselves among so much choice is providing excellent customer service.

    Many card shops, including 2pac[dot]cc, try to keep customers happy by including an a-la-carte card-checking service that allows customers to test purchased cards using compromised merchant accounts — to verify that the cards are still active. Most card shop checkers are configured to automatically refund to the customer’s balance the value of any cards that come back as declined by the checking service.

    This same card checking service also is built into rescator[dot]cc, a card shop profiled several times in this blog and perhaps best known as the source of cards stolen from the Target, Sally Beauty, P.F. Chang’s and Home Depot retail breaches. Shortly after breaking the news about the Target breach, I published a lengthy analysis of forum data that suggested Rescator was a young man based in Odessa, Ukraine.

    Turns out, Rescator is a major supplier of stolen cards to other, competing card shops, including swiped1[dot]su — a carding shop that’s been around in various forms since at least 2008. That information came in a report (PDF) released today by Russian computer security firm Group-IB, which said it discovered a secret way to view the administrative statistics for the swiped1[dot]su Web site. Group-IB found that a user named Rescator was by far the single largest supplier of stolen cards to the shop, providing some 5,306,024 cards to the shop over the years.

    Group-IB also listed the stats on how many of Rescator’s cards turned out to be useful for cybercriminal customers. Of the more than five million cards Rescator contributed to the shop, only 151,720 (2.8 percent) were sold. Another 421,801 expired before they could be sold. A total of 42,626 of the 151,720 — or about 28 percent – of Rescator’s cards that were sold on Swiped1[dot]su came back as declined when run through the site’s checking service.

    The swiped1[dot]su login page.

    The swiped1[dot]su login page.

    Many readers have asked why the thieves responsible for the card breach at Home Depot collected cards from Home Depot customers for five months before selling the cards (on Rescator’s site, of course). After all, stolen credit cards don’t exactly age gracefully or grow more valuable over time.

    One possible explanation — supported by the swiped1[dot]su data and by my own reporting on this subject — is that veteran fraudsters like Rescator know that only a tiny fraction of stolen cards actually get sold. Based on interviews with several banks that were heavily impacted by the Target breach, for example, I have estimated that although Rescator and his band of thieves managed to steal some 40 million debit and credit card numbers in the Target breach, they likely only sold between one and three million of those cards.

    The crooks in the Target breach were able to collect 40 million cards in approximately three weeks, mainly because they pulled the trigger on the heist on or around Black Friday, the busiest shopping day of the year and the official start of the holiday shopping season in the United States. My guess is that Rescator and his associates understood all too well how many cards they needed to steal from Home Depot to realize a certain number of sales and monetary return for the heist, and that they kept collecting cards until they had hit that magic number.

    For anyone who’s interested, the investigation into swiped1[dot]su was part of a larger report that Group-IB published today, available here.

    [syndicated profile] cakewrecks_feed

    Posted by Jen

    It's National Cake Decorating Day, bakers, so let's go over those basics again!


    Remember, it all starts with a good foundation:


    ...and a smooth, even application of icing.


    When it comes time to decorate, no need to get fancy!
    Just stick with something simple, like a butterfly.


    Or, uh, maybe something easier, like flowers.



    Or... I dunno... balloons? Yeah. You can't screw up balloons.

    Never mind.


    And lastly, let's talk penmanship.

    Just skip that for now. And always.


    Tell you what, bakers, just cover the whole thing with an edible image, ok? PROBLEM SOLVED.


    Step 1: Forcefully connect head to desk Step
    2: Repeat


    Thanks to Trasi K., Danika G., Heather E., Stephanie B., Kate H., Shannon S., & Andy W. for helping me test the structural integrity of my keyboard. With my face. Again.


    Thank you for using our Amazon links to shop! USA, UK, Canada.

    [syndicated profile] accidentallyincode_feed

    Posted by Cate

    Screen Shot 2014-10-14 at 10.32.31 am

    When I started testing iOS apps, which shamefully was not when I started writing iOS apps, I discovered the biggest impediment to thorough testing on iOS was the View Controller, and it’s mix of UI code, and not.

    Now I’m working on my first independent app (yay!) of course I am writing extensive unit tests.

    I won’t go into mocking here, but you need a mocking framework and some understanding of what mocking is for this to make sense. Currently, I’m using OCMock. Also, XCTest is not the best documented, and here is a handy list of asserts.

    Introducing The Presenter

    Step 1 for writing thorough unit tests is getting all the non-view code out of the ViewController. This goes in the Presenter. So for each View Controller, I know have MyClassViewController and MyClassPresenter.

    Over time I have refined this and now I have at a top level “ViewController” and “Presenter” classes. The Presenter knows what ViewController it has, but the MyClassViewController knows nothing, the ViewController merely knows there is a Presenter, and can call some standard methods – viewLoaded:, leftNavigationButtons:, rightNavigationButtons:.

    This could be a blog post all on it’s own (maybe it will be soon!) but the point is: get non-view code out of the ViewController.

    Perform Selector

    This is handy for testing that the right thing happens when a button is pressed. This can be done using performSelector:

    For example, if we want to verify that the first and only left navigation button does what we want it to:

    // Extract the button.
    UIBarButtonItem *button = (UIBarButtonItem *)
        [[presenter_ leftNavigationButtons] firstObject];
    // Perform the action.
    [[button target] performSelector:[button action]

    Then, verify.

    Partial Mock For Object – Woah

    I discovered this via StackOverflow and it’s genius. One thing that I want to mock and verify when testing my ViewController is the navigationController property. But it’s up in the super class, and the trick of setValue:forKey: was not working.

    So what you can do, is create a partialMockForClass, and then stub the navigationController property. (Here, I’m making sure that the ViewController dismiss… method for use by the presenter, causes the navigationController method to be called)

    // Create the mock navigation controller.
    id mockNavigationController =
        OCMStrictClassMock([UINavigationController class]);
    // Create a partial mock for the ViewController.
    id mockViewController =
        [OCMockObject partialMockForObject:viewController_];
    // Stub to return mockNavigationController.
    [[[mockViewController expect]
        andReturn:mockNavigationController] navigationController];
    // Set up expectations.
    // Call the method that should trigger them.
    [viewController_ dismissViewControllerAnimated:YES 
    // Verify!

    That’s it!

    ♥ Happy Unit Testing ♥


    terriko: (Default)

    October 2014

    S M T W T F S
    5678 91011
    1920 2122232425

    Most Popular Tags

    Page Summary

    Style Credit

    Expand Cut Tags

    No cut tags
    Page generated Oct. 23rd, 2014 10:04 am
    Powered by Dreamwidth Studios