[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • I had a culture column at WIRED. And then I didn’t. Here’s what happened. | monica byrne (May 19): “I’ve talked with other writers who’ve had experiences with Wired. My experience is not unique. So as far as I can tell, they don’t cover the future. They produce a white male fantasy of the future. Which isn’t surprising.”
  • The Dehumanizing Myth of the Meritocracy by Coraline Ada Ehmke | Model View Culture (May 19): “We hide behind the motto of “love the art, hate the artist” to justify our preferences despite the faint voice of conscience, persistent in telling us that something is amiss. It seems that ignoring the worst of our heroes is easy, but should the opposite also hold true? Should we ignore the positive, community-oriented contributions of others as quickly as we dismiss some people’s negative attributes? Are the contributions of bad actors really superior to those who bring humane, non-code contributions to our corner of the world?”
  • #girlswithtoys: women remind Twitter they are scientists too | Wired UK (May 18): “Female scientists from all over the world have taken to Twitter to post pictures of themselves with tools and equipment from their workplaces alongside the hashtag #girlswithtoys.”
  • Furiosa (5) | Be Less Amazing (May 18): “I’ve seen a few internet pundits that they “don’t see the feminist content” of this film. Dudes. It’s about the lone powerful woman in a male-dominated society who helps a group of sex slaves escape under the premise that “[they] are not things.” That’s about as feminist as it gets, and that’s just one of the many amazing equality messages going on this movie. “
  • The programming talent myth | LWN.net (April 28): “When we see someone who does not look like one of those three men, we assume they are not a real programmer, he said. Almost all of the women he knows in the industry have a story about someone assuming they aren’t a programmer. He talked to multiple women attending PyCon 2015 who were asked which guy they are there with—the only reason they would come is because their partner, the man, is the programmer. “If you’re a dude, has anyone ever asked you that?” On the other hand, when he got up on stage, he did look like those guys. “So you probably assumed I was a real programmer.” These sorts of assumptions contribute to the attrition of marginalized people in tech, he said.”
  • We Will No Longer Be Promoting HBO’s Game of Thrones | The Mary Sue (May 18): “After the episode ended, I was gutted. I felt sick to my stomach. And then I was angry. My next thought was, “I’m going to have to spend part of the next six months explaining why this was a bad move over and over.””
  • Reasons Why It’s Hard to Find Senior Women Engineers | Accidentally in Code (May 14): “People ask me about this topic sometimes, especially as I’m no longer close to being a “new grad” but at the point where I look for bigger opportunities. I’m collecting it here for reference – reasons and observations from my own experience, of why it’s so much harder to find senior women engineers.”
  • How Social Media is Failing Creative Women | Ink, Bits, & Pixels (May 17): “Real Name policies endanger women. Until these companies understand WHY that is, it’s not possible for the policy to be crafted in a way that reduces the danger.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

[syndicated profile] epbot_feed

Posted by Jen

Several years ago I started jotting down a "Craft Bucket List," and number one on my list has always been "assemble my own nixie tube clock."

Well, last night, I FINALLY DID.

Just look at all that beautiful soldering. Eh? Eh?!

(Those of you who actually know what beautiful soldering looks like: be kind. It's my first try!)

Ok, maybe the underside of a circuit board isn't all that impressive. So how about...

 ... this?

Now scrambled!

Now a close-up!
 Oooh. Aaaaah.

(Oddly enough, the LEDs underneath are actually pure cobalt blue in real life, but in photos they turn that crazy ultraviolet.)

Even that boring underside is lovely with the power switched on:

Here's the clock switched off:
 Next John and I will have to make a case for it, since I don't want the circuit board to show. I haven't decided on a style yet, but you can bet it'll be appropriately steampunky.

John got me this kit for Christmas from PV Electronics in the UK, but I was too intimidated to start on my own. Enter my dad the electrical engineer, who was invaluable in helping me sort and label all the parts (since I can't tell a resistor from a capacitor). Once we had that done, Dad taught me a few soldering tricks, and set me to it.

We hit a road block a few hours in during the high voltage test, when one of the parts began to smoke. (For the record, smoke = VERY BAD.) So we shelved the project for a few months, during which Pete from PV very kindly sent us a replacement part (we think the one piece was defective) and then patiently walked us through some trouble shooting via instant chat on their website. We were really impressed, so if you're in the market for a nixie clock kit, I highly recommend those guys.

I think I spent a good 10 hours on this, but a chunk of that was trouble-shooting and back-tracking with my Dad's help. (Removing soldered pieces takes about ten times as long as putting them on in the first place! o.0) The time really zipped by, though, since it turns out I actually like soldering. :)

The kit comes pre-programmed with a dizzying array of display options, so John and I had fun playing with some of the settings. It's almost hypnotic watching the numbers shift, and we turned on a "slots" feature that jumbles the numbers every 60 seconds. Here, I took a little video so you can see:

This still doesn't quite capture how gorgeous the colors are; on video the LEDs appear to fluctuate, but they're rock-steady IRL. And the colors aren't quite right here, either; they're more electric sherbet orange and rich ultramarine blue. So I guess you guys will have to either come visit or make your own to see what I mean!
[syndicated profile] geekfeminism_feed

Posted by brainwane

This is the second of a two-part post about feminism and the philosophies and vocabularies of “open stuff” (fandom, open source, etc.). Part I is at Crooked Timber, here, and I suggest you read that first.

Recently I was thinking about abstractions we open source software folks might borrow from fandom, particularly the online world of fan fiction and fanvids. I mean, I am already a rather fannish sort of open sourcer — witness when I started a love meme, a.k.a. an appreciation thread, on the MediaWiki developers’ mailing list. But I hadn’t, until recently, taken a systematic look at what models we might be able to translate into the FLOSS world. And sometimes we can more clearly see our own skeletons, and our muscles and weaknesses, by comparison.

Affirmational and transformational

While arguing in December that the adjectives “fan” and “political” don’t contradict each other, I said:

I think calling them fanwork/fanvids is a reasonable way to honor fandom’s both transformative and affirmational heritage

I got that phrasing (“affirmational/transformational”) from RaceFail, which is a word for many interconnected conversations about racism, cultural appropriation, discourse, and fandom that happened in early 2009. (In “Feminist Point of View: A Geek Feminism Retrospective”, Skud discussed how RaceFail influenced the DNA of Geek Feminism (see slide 15).) RaceFail included several discussions that X-rayed fandom and developed new models for understanding it. (And I do mean “discussions” — in many of the Dreamwidth links I’m about to mention, the bulk of thought happens in the comments.)

obsession_inc, in a RaceFail discussion, articulated the difference between “affirmational” and “transformational” fandom. Do you bask in canon, relaxing in the security of a hierarchy, or do you use it, without a clear answer about Who’s In Charge?

When we use these terms we’re talking about different modes: different approaches to source texts, to communities, to the Web, to the mass media industries, and to each other. It’s not just about whether you’re into pages of words or audio/video, and it’s not necessarily generational either:

So when I see the assertion that as a group, print-oriented old time fans don’t know how to deal with extensive cross-linked multi-threaded fast-paced discussion, all I can do is cough and mutter “bullshit”.

We have a long-standing heritage of transformational fandom — sometimes it surprises fans to know just how long we’ve been making fanvids, for instance. (What other heritages do I have that I don’t know enough about?)

And I’m mulling over what bits of FLOSS culture feel affirmational to me (e.g., deference to celebrities like Linus Torvalds) or transformational (e.g., the Open Source Bridge session selection process, where everyone can see each other’s proposals and favstar what they like). I’d love to hear more thoughts in the comments.

Expectations around socializing and bug reports

I reread the post and the hundreds of comments at oliviacirce’s “Admitting Impediments: Post-WisCon Posts, Part I, or, That Post I Never Made About RaceFail ’09”, where people talked about questions of power and discourse and expectations. For instance, one assessment of a particular sector of fandom: “non-critical, isolated, and valuing individual competition over hypertext fluency and social interaction.” This struck me as a truth about a divide within open source communities, and between different open source projects.

Jumping off of that came dysprositos’s question, “what expectations do we … have of each other that are not related to fandom but that are not expectations we would have for humanity at large?” (“Inessential weirdness” might be a useful bit of vocabulary here.) In this conversation, vehemently distinguishes between fans who possess “the willingness to be much more openly confrontational of a fannish object’s social defects” vs. those who tend to be “resigned or ironic in their observations of same. I don’t think that’s a difference in analysis, however, but a difference in audiencing, tactics, and intent among the analyzers.” When I saw this I thought of the longtime whisper network among women in open source, women warning each other of sexual abusers, and of the newer willingness to publicly name names. And I thought of how we learn, through explicit teaching and through the models we see in our environment, how to write, read, and respond to bug reports. Are you writing to help someone else understand what needs fixing so they can fix it, or are you primarily concerned with warning other users so they don’t get hurt? Do you care about the author’s feelings when you write a report that she’ll probably read?

Optimizing versus plurality

In fanfic and fanvids, we want more. There is no one true best fic or vid and we celebrate a diverse subjectivity and an ever-growing body of art for everyone to enjoy. We keep making and sharing stuff, delighting in making intricate gifts for each other. In the tech world I have praised !!Con for a similar ethos:

In the best fannish traditions, we see the Other as someone whose fandom we don’t know yet but may soon join. We would rather encourage vulnerability, enthusiasm and play than disrespect anyone; we take very seriously the sin of harshing someone else’s squee.

Sometimes we make new vocabulary to solve problems (“Dead Dove: Do Not Eat”) but sometimes we say it’s okay if the answer to a problem is to have quite a lot of person-to-person conversations. It’s okay if we solve things without focusing first on optimizing, on scaling. And I think the FLOSS world could learn from that. As I said in “Good And Bad Signs For Community Change, And Some Leadership Styles”, in the face of a problem, some people reflexively reach more for “make a process that scales” and some for “have a conversation with ____”. We need both, of course – scale and empathy.

Many of us are in open stuff (fanfic, FLOSS, and all the other nooks and crannies) because we like to make each other happy. And not just in an abstract altrustic way, but because sometimes we get to see someone accomplish something they couldn’t have before, or we get comments full of happy squee when we make a vid that makes someone feel understood. It feels really good when someone notices that I’ve entered a room, remembers that they value me and what I’ve contributed, and greets me with genuine enthusiasm. We could do a lot better in FLOSS if we recognized the value of social grooming and praise — in our practices and in time-consuming conversations, not just in new technical features like a friction-free Thanks button. A Yuletide Treasure gift exchange for code review, testing, and other contributions to underappreciated software projects would succeed best if it went beyond the mere “here’s a site” level, and grew a joyous community of practice around the festival.

What else?

I’m only familiar with my corners of fandom and FLOSS, and I would love to hear your thoughts on what models, values, practices, and intellectual frameworks we in open source ought to borrow from fandom. I’m particularly interested in places where pragmatism trumps ideology, in bits of etiquette, and in negotiating the balance between desires for privacy and for publicity.

[syndicated profile] sumana_feed
I've arrived in Madison for WisCon! And just in time for WisCon:

I have a blog post up (in two parts) focusing on the frameworks that we free software/open source folks often take for granted, what might have been erased from our FLOSS intellectual heritage due to sexism, what FLOSS might look like under a different approach, and what practices and perspectives we might borrow from the fan fiction/fanvidding realm of speculative fiction and media fandom.

Part 1 is up at Crooked Timber as the guest post "Where are the women in the history of open source?" Part 2 is up at Geek Feminism as "What if free and open source software were more like fandom?"

Please feel free to comment at CT or GF.

Friday Favs 5/22/15

May. 22nd, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Some of my favorite new submissions this week.


Graduation cakes are still comin' in hot and wrecky, as evidenced by this Facebook sub from Maggie:

So. Many. Facepalms.

Plus, note all the extra enthusiasm that ending period conveys. I mean, really, CONTAIN YOURSELF, BAKER.


Here's a baker who CAN write "congratulations," but has trouble when asked to add a "grad hat" for decoration:

Spelling: B -

Reading Comprehension: Ermmm.... What?


Here's one that *I* cannot comprehend:



It's really the best kind of luck:


And finally, Rebecca M. ordered this pretty ombré design for her friend's birthday:


Her friend is visually impaired, so Rebecca asked the baker to be sure to write "Happy Birthday" on top in the darkest shade of pink. Otherwise, she explained, her friend might have trouble seeing it.

This is what she got:


I'd like to take back all my facepalms from before, please, and re-apply them here. Times a million.


Thanks to Maggie V., Dani S., Andrew, Leah P., & Rebecca M., who assures me there's writing on that thing, but darned if I can see it.


Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

My Notes from Halle‘s amazing talk at NSConf.

success failure

Credit: Pixabay / geralt

Terror – have people who have had great app indies for 5-10 years – real experts. This has been working 3.5 years. Been an interesting and challenging 3.5 years.

Started because was “meh” at apps. 3 paid apps. Got positive feedback, but couldn’t crack the marketing code. Decided to pause, reconsider, decide what the next thing should be.

This isn’t really a failure talk. Failure tolerant industry. Used to be the case that one big failure could take you out. Now maybe we’ve gone too far the other way – glamourising and valorising failure.

Suspicious about how much data you get from failure. Can fail on the app store but not know why.

Focusing on failure may lead us to mis-categorised success as failure. Leading us to abandon a strategy that is working, but slowly.

E.g. hit 75% of target – do you have a failed product? Did you estimate the wrong timeframe? Do you have a resource allocation problem?

If looking for a failure in that scenario, you’ll find it. But maybe it’s an undersized success.

When you stop, and reconsider, how do you proceed.

With intention, that is how you carry on.

“What do I want to do?” – one of the scariest first world questions. When we answer it, we might actually be able to do that thing.

Let’s not make it too complicated.

We want to make something useful. We can make something entertaining. Entertaining is a use.

Wanted to build on something that was already demonstrably working.

Had released a library – making offline voice recognition look good. Wanted to make offline speech recognition look good. Improve UX by stealth.

How to make it into a business?

Unusual as a sector – most businesses aren’t a single isolated thing. They usually have some diversity and consonance.

In a lot of businesses, diversity, protects you from a shock. Consonance – multiple products build interest in each other.

How to do that with OpenEars?

Wanted it to be free. Didn’t want to do the selling support business model – selling support creates perverse incentive not to make it as simple as possible. But believe it should be as simple as possible.

If something is a core value for you, the best place to put it is in your business model.

In a lot of places where there is one app, there is a quiet second business. Often a media channel. A fantastic blog, or a fantastic podcast. Has a halo effect, your audience is with you in social media. When you talk about your app, that gets amplified by your audience. Don’t do this cynically, but if you’re interested, good way.

Now have 5 plugins, 6 integrated products. One developer.

Little Things

Meet the Neighbours – step from the agile manifesto. When you start a new software project, look at who is nearest and reach out to them. Decide what relationship you want to have with them, and create that. Asked “how can I be of use to them” – this is the question.

Software projects that work, last for years. So decide at the beginning what kind of relationships you have and make that happen.

Having a role model is good. Having an idiot role model is better. Had another software vendor, her vendor, was so angry with them all the time. Doing everything wrong. Wanted to rant about twitter every day. Realised, their product structure is a bit like Politepix. “They could be a lot like my company in 2 years!” Became fascinated, why do they make such terrible decisions, what was going on. Read all of their apology blog posts – it was like a visit from bad decisions future.

You can learn from mistakes. There are enough mistakes to go around, you don’t have to make them all yourself.

Learn doubly-entry book-keeping. Fired accountant, didn’t understand what he had done. Had to learn it. Like getting an introduction to the history of capitalism from first principles. Will let you do great projections for your business, if you understand it. Once you learn which side of the ledger capital is on when you hear about a terrible startup raising a series A, you will have the appropriate response, which is sympathy.

Big Things


Small business can take up all your time. Have to focus on improving your product. Use programmer laziness. Automate everything you can.

Don’t repeat yourself

  • Automated documentation pushing this in all formats. Most important, documentation is really pretty.
  • Code snippets. If you don’t give them snippets, they will go to stack over flow and get a snippet. Then you will have to support it. Created a customisable tutorial tool.
  • Forums – main problem was pointing people to the right answer when not finding it themselves. Wrote a tool, dealt with 90%. Macros for other 5%.

The third time you do a production task, and it’s not improving your app, automate.

Support became a much less big job, but 1 in 3 shot it would be a horror scenario. Started to dread looking at questions. Wrote a sentiment analysis tool that helps. If sentence particularly negative. If sentence is particularly subjective. What the worse sentence you wrote is. And makes suggestions, “maybe go take a walk before you answer this.”

Tool is “Me on my best day giving advice to me on my worst day” which helps respond to people when they are really stressing you out.

Anything you are doing that requires manual intervention, you can probably automate that.

Automated automated testing. Wrote a fuzzer, called HWHorrorShow. Randomised cross-thread stress-test.

You can automate all kinds of things that you wouldn’t necessarily think you could.


Learn to say no. Bootstrapping through contracting is great, but you have to stop when you stop.

If you run a product company and it works, you’re probably really good at executing. You don’t know if they are going to be.

No to free updates.

No talking about future plans. When someone asks you, they are asking you because they are making a plan. You only have control of the plans you make at the beginning, things change.

No spending all of your money on the products of famous luxury brand, Apple. Cost control is a real thing. Isn’t discussed that much. Standard business model high growth low revenue, not sure about the end game. Small, sustainable indie – want to be profitable in 12 months.

No to being a fan of Apple. You can like, respect, but you should be clear – if you want to be a fan, be a fan of your peers. They are doing amazing things, it’s going to mean a lot more for them.

No features for individual people.

No to the avoidant decision process. Because you’re afraid of people’s negativity.

The Philosophy of Death

Anxiety is normal. Confusion about your sphere of control. You control your planning, part of your execution, the way that you respond, basically nothing else. If you react to these worries, everytime something awesome happens, there’s something that can bring you down.

A business entities life is not a human life. When fearing business will tank, you will look at doing things that you would not normally.

Looked to ancient greek philosophy to deal with anxiety. Not big fans of positive thinking. Visualise that every morning, and then put it away and then you’re done.

The Doldrums

Not becoming such a dull person that new ideas can’t find your address.

Small business problems can be addictive. You can fill 100% of your time with that. But your creativity is your most important tool and characteristic.

Cultivating your spark is a really big part of your job – like taking care of your health and psychological well being to the best of your ability.

Berlin is full of hidden courtyards. Become obsessed with getting into all of them in neighbourhood.

Find the source of the delight that leads to making delightful products. Don’t think you find that behind a screen.

Don’t eat the seed corn – your creative capacity is what got you into this, it’s the only thing that can move you forward.

Closing Thoughts

Irony in making something very self-sufficient, makes less need for collaboration. And that is a huge loss.

Photo circle shots

May. 21st, 2015 11:08 pm
[syndicated profile] lecta_feed

Posted by Mary

I recently ran a “photo circle”, consisting of a small group of people sending prints of their own photographs to each other. It was a fun way to prod myself to take non-kid photos.

My four photos were:

Photo circle: sun in the eucalypts

I took Sun in the eucalypts in the late afternoon of Easter Sunday, as the sun was sinking behind the eucalypts at Centennial Park’s children’s bike track. I tried to take one with the sun shining through the trees but didn’t get the lens flare right. I like the contrast between the sunlit tree and the dark tree in this one. It feels springlike, for an autumn scene.

The other three are a very different type of weather shot, taken during Sydney’s extreme rainfall of late April and very early May:

Photo circle: rainstorm

This one has the most post-processing by far: it was originally shot in portrait and in colour. I was messing around with either fast or slow shutter speeds while it poured with rain at my house; I have a number of similar photos where spheres of water are suspended in the air. None of them quite work but I will continue to play with photographing rain with a fast shutter speed. In the meantime, the slow shutter speed here works well. I made the image monochrome in order to make the rain stand out more. In the original image the green tree and the rich brown fencing and brick rather detract from showing exactly how rainy it was.

Photo circle: Sydney rain storm

This was shot from Gunners’ Barracks in Mosman (a historical barracks, not an active one) as a sudden rainstorm rolled over Sydney Harbour. The view was good enough, but my lens not wide enough, to see it raining on parts of the harbour and not on other parts. All the obscurity of the city skyline in this shot is due to rain, not fog.

Photo circle: ferry in the rain

This is the same rainstorm as the above shot; they were taken very close together. It may not be immediately obvious, but the saturation on this shot is close to maximum in order to make the colours of the ferry come up at all. I was the most worried about this shot on the camera, it was very dim. It comes up better in print than on screen, too. The obscurity is again entirely due to the rain, and results in the illusion that there is only one vessel on Sydney Harbour. Even in weather like this, that’s far from true. I felt very lucky to capture this just before the ferry vanished into the rain too.

Comb The Dessert!

May. 21st, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Like so many brides, Robyn M. found the perfect cake for her wedding on Pinterest:

Now, let's be real, Robyn. That cake? THAT cake? There are like 4 bakers on the planet who can make that cake, with all its tiny, perfectly-pleated ruffles and its flawless ombré fade. Ok? Ok.

Anyway, I'm guessing Robyin already figured that out, because...



(It's like a cheap lingerie shop exploded on it. Can't you almost feel the scratchy nylon? Mmmm.)


Ug, you know what? I can't even with this today. So...






REALLY ugly:


We've gone from suck to blow!

 Which means it's ugly.


Aaaaand... ugly:


You may now eat the cake.

Or... not.


Thanks to Robyn M., Mallory M., Angela B., Anna W., Anony M., & Richard B. for combing the dessert. (Eh? EH?!) Now... check, please.


Thank you for using our Amazon links to shop! USA, UK, Canada.

Carefirst Blue Cross Breach Hits 1.1M

May. 21st, 2015 01:03 pm
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

CareFirst BlueCross BlueShield on Wednesday said it had been hit with a data breach that compromised the personal information on approximately 1.1 million customers. There are indications that the same attack methods may have been used in this intrusion as with breaches at Anthem and Premera, incidents that collectively involved data on more than 90 million Americans.

carefirstAccording to a statement CareFirst issued Wednesday, attackers gained access to names, birth dates, email addresses and insurance identification numbers. The company said the database did not include Social Security or credit card numbers, passwords or medical information. Nevertheless, CareFirst is offering credit monitoring and identity theft protection for two years.

Nobody is officially pointing fingers at the parties thought to be responsible for this latest health industry breach, but there are clues implicating the same state-sponsored actors from China thought to be involved in the Anthem and Premera attacks.

As I noted in this Feb. 9, 2015 story, Anthem was breached not long after a malware campaign was erected that mimicked Anthem’s domain names at the time of the breach. Prior to its official name change at the end of 2014, Anthem was known as Wellpoint. Security researchers at cybersecurity firm ThreatConnect Inc. had uncovered a series of subdomains for we11point[dot]com (note the “L’s” in the domain were replaced by the numeral “1”) — including myhr.we11point[dot]com and hrsolutions.we11point[dot]com.

ThreatConnect also found that the domains were registered in April 2014 (approximately the time that the Anthem breach began), and that the domains were used in conjunction with malware designed to mimic a software tool that many organizations commonly use to allow employees remote access to internal networks.

On Feb. 27, 2015, ThreatConnect published more information tying the same threat actors and modus operandi to a domain called “prennera[dot]com” (notice the use of the double “n” there to mimic the letter “m”).

tc-cfbcbs“It is believed that the prennera[dot]com domain may have been impersonating the Healthcare provider Premera Blue Cross, where the attackers used the same character replacement technique by replacing the ‘m’ with two ‘n’ characters within the faux domain, the same technique that would be seen five months later with the we11point[dot]com command and control infrastructure,” ThreatConnect observed in a February 2015 blog post.

Turns out, the same bulk registrant in China that registered the phony Premera and Anthem domains in April 2014 also registered two Carefirst look-alike domains — careflrst[dot]com (the “i” replaced with an “L”) and caref1rst[dot]com (the “i” replaced with the number “1”).

Additionally, ThreatConnect has unearthed evidence showing the same tactics were used on EmpireB1ue.com (note the “L” replaced with a number “1”), a domain registered April 11, 2014 (the same day as the phony Carefirst domains). EmpireBlue BlueCross BlueShield was one of the organizations impacted by the Anthem breach.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Last week, KrebsOnSecurity broke the news that sensitive data apparently stolen from hundreds of thousands of customers mobile spyware maker mSpy had been posted online. mSpy has since been quoted twice by other publications denying a breach of its systems. Meanwhile, this blog has since contacted multiple people whose data was published to the deep Web, all of whom confirmed they were active or former mSpy customers.

myspyappmSpy told BBC News it had been the victim of a “predatory attack” by blackmailers, but said it had not given in to demands for money. mSpy also told the BBC that claims the hackers had breached its systems and stolen data were false.

“There is no data of 400,000 of our customers on the web,” a spokeswoman for the company told the BBC. “We believe to have become a victim of a predatory attack, aimed to take advantage of our estimated commercial achievements.”

Let’s parse that statement a bit further. No, the stolen records aren’t on the Web; rather, they’ve been posted to various sites on the Deep Web, which is only accessible using Tor. Also, I don’t doubt that mSpy was the target of extortion attempts; the fact that the company did not pay the extortionist is likely what resulted in its customers’ data being posted online.

How am I confident of this, considering mSpy has still not responded to requests for comment? I spent the better part of the day today pulling customer records from the hundreds of gigabytes of data leaked from mSpy. I spoke with multiple customers whose payment and personal data — and that of their kids, employees and significant others — were included in the huge cache. All confirmed they are or were recently paying customers of mSpy.

Joe Natoli, director of a home care provider in Arizona, confirmed what was clear from looking at the leaked data — that he had paid mSpy hundreds of dollars a month for a subscription to monitor all of the mobile devices distributed to employees by his company. Natoli said all employees agree to the monitoring when they are hired, but that he only used mSpy for approximately four months.

“The value proposition for the cost didn’t work out,” Natoli said.

Katherine Till‘s information also was in the leaked data. Till confirmed that she and her husband had paid mSpy to monitor the mobile device of their 14-year-old daughter, and were still a paying customer as of my call to her.

Till added that she was unaware of a breach, and was disturbed that mSpy might try to cover it up.

“This is disturbing, because who knows what someone could do with all that data from her phone,” Till said, noting that she and her husband had both discussed the monitoring software with their daughter. “As parents, it’s hard to keep up and teach kids all the time what they can and can’t do. I’m sure there are lots more people like us that are in this situation now.”

Another user whose financial and personal data was in the cache asked not to be identified, but sheepishly confirmed that he had paid mSpy to secretly monitor the mobile device of a “friend.”

Update, May 22, 10:24 a.m.: mSpy is finally admitting that it did have a breach that exposed customer information, but they are still downplaying the numbers.


News of the mSpy breach prompted renewed calls from Sen. Al Franken for outlawing products like mSpy, which the Minnesota democrat refers to as “stalking apps.” In a letter (PDF) sent this week to the U.S. Justice Department and Federal Trade Commission, Franken urged the agencies to investigate mSpy, whose products he called ‘deeply troubling’ and “nothing short of terrifying” when “in the hands of a stalker or abuse intimate partner.”

Last year, Franken reintroduced The Location Privacy Protection Act of 2014, legislation that would outlaw the development, operation, and sale of such products.

U.S. regulators and law enforcers have taken a dim view of companies that offer mobile spyware services like mSpy. In September 2014, U.S. authorities arrested a 31-year-old Hammad Akbar, the CEO of a Lahore-based company that makes a spyware app called StealthGenie. The FBI noted that while the company advertised StealthGenie’s use for “monitoring employees and loved ones such as children,” the primary target audience was people who thought their partners were cheating. Akbar was charged with selling and advertising wiretapping equipment.

“Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners,” U.S. Attorney Dana Boente said in a press release tied to Akbar’s indictment.

Akbar pleaded guilty to the charges in November 2014, and according to the Justice Department he is “the first-ever person to admit criminal activity in advertising and selling spyware that invades an unwitting victim’s confidential communications.”

WisCon Schedule

May. 20th, 2015 07:55 pm
[syndicated profile] sumana_feed
I'll be at WisCon starting tomorrow and leaving on Tuesday. I am scheduled to participate in these sessions:
  1. Imaginary Book Club, Fri, 4:00-5:15 pm in Conference 2. Five panelists discuss books that don't exist, improvising critiques and responses. I proposed this panel a few years ago (you can see video of its debut) and it has continued, which is cool!
  2. Lighthearted Shorthand Sans Fail, Sat, 8:30-9:45 am in Capitol A. What are your go-to phrasings to avoid sexism, ableism, etc. while getting your point across in casual conversation? I hope to walk out of this with some new vocabulary to replace bad habits.
  3. Vid Party, Saturday night 9:00 pm-Sun, 3:00 am in room 629. I am premiering a fanvid. Once it's premiered, I'll hit Post on blog posts to announce it publicly as well.
  4. Call Out Culture II: Follow-up to the Discussion Held at WisCon 38, Sun, 10:00-11:15 am in Senate A. Meta-discussion around discourse in social justice movements. I predict this session will be pretty intense.
  5. Vid Party Discussion, Sun, 1:00-2:15 pm in Assembly. We will discuss some of the vids shown at the vid party, and fan vids in general. This will be the first time I've engaged in public realtime conversation about fanvids. Before this panel I hope to publish some notes about what I learned from watching several vids that drew from multiple sources (including stills), made a political point, or were otherwise particularly ambitious. I'll probably reference those lessons during the panel.

I also proposed "What Does Feminist Tech Education Look Like?", "Impostor Syndrome Training Exercise", and "Entry Level Discussion Group", but am not a panelist or presenter for those sessions; I bet they'll be interesting, though, and you could do worse than to check them out. You can read Entry Level ahead of time for free online.

I look like the photo to the left. I am often bad with names, and will remember 5 minutes into our conversation that we had an awesome deep conversation three years prior. I apologize in advance.

If you are good at clothes, consider joining me at the Clothing Swap portion of the Gathering on Friday afternoon to help me find pieces that suit me. I'm introducing two old pals to WisCon and spending a lot of time with them (we live in different cities), and they're both white, so I might not be able to come to the People of Color dinner on Friday night. And sadly, The Floomp dance party on Saturday happens during the Vid Party so I probably can't attend that. I did buy a ticket for the Dessert Salon and will attend the Guest of Honor and Tiptree Award speeches on Sunday, and maybe you will be at my table!

One of my pals who's coming to WisCon is Beth Lerman, an artist who will be displaying and selling her work in the art show. Check it out!

Also I am open to doing a small room performance of my half-hour geeky stand-up comedy routine if several people ask for it. I don't know when or where it would be; Monday night would be easiest. Speak up in comments or some other medium if you'd be interested.

Seven Years of Wreckage

May. 20th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Seven years, wrecky minions.

John and I have been doing this "silly cake blog" thing for SEVEN YEARS.

No one is more surprised than me; I figured we'd have to get "real jobs" way before now. HI-FIVE, JOHN! Awww YEEEAH.


So. Lemme explain.

No, no. There is too much.

Lemme sum up:



The Cake That Started It All


Sorry, You Can't Have Any


Naked Mohawk-Baby Carrot Jockeys



"Hey everybody, thish cake ish from Holland. Ishn't that veird?"


This One's For The Ladies


Happy Falker Satherhood!



The Men Of Marvel


Somewhere in Germany


Taking the Mickey Out of 'Em



Return of the Poo-Wangs!


King Me


Tell Me What You Want, What You Really Really Want





Sheep Who Must Not Be Named


My Funny Valentines



1,2,3,4 - I Declare A Thumb Drive War!


Ken Day Come-Ons


Completely Inappropriate First Birthday Cakes



8 Wrecks To Bring the "Romance"


Obama's New Groove




Thanks for all the laughs, love, and support these past 7 years, guys. It's been a heckuva ride, and frankly, we're not ready to give it up just yet. So... see ya back here tomorrow?


And now, john's fun Cake Wrecks facts:

Number of posts in seven years- 2,436
Number of photos posted- 10,619
Number of unposted photos in our archive- 13,021
Number of comments from readers- 213,027
Number of people who've visited our site- 33,138,816
Countries from which we've never had a visitor- 2 (Western Sahara and North Korea)


Thank you for using our Amazon links to shop! USA, UK, Canada.

A Small Focus Hack

May. 20th, 2015 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

Happy New Year Danbo

Credit: Flickr / Leland Francisco

I decided that my word for 2015 was “ship”. Part of this is that it’s easy to flounder in an unstructured environment (which I did a bit at the end of 2014). The way I decided to solve this was to give myself structure, and goals.

How do you measure bigger milestones though? It makes sense to have a separate place, away from how we manage our todo lists.

My strategy: a simple text document. At the top a list of projects or significant milestones I’m working towards.

Below, each month is a heading. Under it goes things that “shipped” that month. New client contracts, talks, alphas, betas, releases, open sourced libraries.

When I want to see what I’ve achieved this year, this is where I look. It keeps me focused on moving the needle, reminds me not to fill my days with transient busywork, but rather the 2-5 (typically 3) things that will still matter months from now.

Going Gluten-Free... FOR SCIENCE!

May. 20th, 2015 02:29 am
[syndicated profile] epbot_feed

Posted by Jen

Everything I've been reading on Hashimoto's keeps coming back to the same dietary requirement/recommendation: give up gluten*.  I've been stalling and rationalizing and being just plain stubborn about it, but after a bad 2-day anxiety flare-up last week, I was ready to try just about anything. (Amazing what a strong motivator irrational fear can be, huh?)

[*The tl;dr version: some doctors believe your body could be mistaking thyroid tissue for gluten - since they're structurally similar - and so ends up attacking both. Give up gluten, and the attacks could stop, allowing your thyroid to heal.]

And since I've heard it can also help with panic - and I'm lactose-intolerant anyway - I decided to give up dairy, too. In for a penny, right?

Still, considering that every meal I eat usually has both dairy *and* gluten in it, this was a Big Deal.

And considering that I am not only terrible at cooking, but also hate doing it, this was a Really Really Big Deal.

So it's been almost a full week now, and I gotta say: This isn't nearly as bad as I thought it would be, and I am so relieved.

I've always equated going gluten-free with going low-carb, for some reason, or at least going awful- carb, with chemical-tasting fake breads and pastas and whatnot - and forget about all the baked-goods and desserts I love. So, the first thing John and I did - and yes, you WILL laugh at me over this - was find a good gluten-free chocolate chip cookie. Because PRIORITIES.

It only took 4 tries with 4 different brands to find an amazing, so-good-I'd-eat-'em-anyway, GF chocolate chip cookie. As soon as I took the first bite, I knew I could do this.

These are the cookies, by the way:

They sell them at Target.
(But I'm still open to recommendations for other brands.)

Next I had to find a proper milk substitute, since it's been the only thing I drink besides water for over 6 years. I already knew I liked sweetened Almond Milk well enough, so once I cut it half-and-half with water it was close enough to pass for my usual 2% milk. SUCCESS.

Next up, sandwich bread. I was dreading this, because the GF bread we've tried before was like crumbly cardboard: completely inedible. I lucked out when John brought home a loaf of All But Gluten, because once toasted, it tastes almost exactly like the white wheat we usually eat.

In fact, I've found this whole thing is a lot less daunting if I just start with what I already eat, and then find substitutions to make it work. I'm not quite as strict with the dairy as I am with gluten, though, so I'm ok with small amounts of whey or even cream in some items.

Some things are already gluten-free, of course, like our favorite burrito bowls over at Chipotle. Leave off the sour cream and cheese, and it's dairy-free, too. (I sub'd with some dairy-free sour cream, which tastes almost exactly the same as the real stuff, and some soy-based "cheddar cheese," which... does not. Ha! It's not too bad, though.)

Everyone keeps saying this is an amazing time to go gluten-free, and I gotta say, they're right. I was like a kid in a candy store once I found the GF aisle at Publix, eying all the stuff I can still eat, and I even found a local vegan bakery that has almost half its menu GF. Including cupcakes. Woot!

Restaurants have been surprisingly accommodating so far, and it's pretty easy to find GF menus on most websites. Which reminds me, quick side note:

This week we've been out at Universal a lot with visiting family, and I have to give major props to the staff at the Three Broomsticks, who I swear turned into culinary superheroes the second we uttered the words "gluten-free." I'd already done my homework online as to what I could eat, but John had a quick question about the ribs. Within seconds, the head chef himself was in front of us, smiling and offering to cook the ribs sans sauce (which has gluten in it) just for us. Then, the server plating our food insisted on replacing our order when she realized she hadn't put on fresh gloves before handling my GF plate.

I was so touched by how conscientious they all were, and more than that, how they didn't make a fuss or act like we were putting them out. I've been afraid of restaurant staff rolling their eyes or getting snippy with me, but so far, knock on wood, everyone's been great.

That said, it's a lot easier to eat gluten and dairy-free at home - or at least it's easier to eat well. (Because who wants a house salad for every meal?) So far John's made us this Rainbow Thai salad:

 Which was awesome, though ours wasn't nearly as photogenic:

 Plus we replaced the mango with mandarin oranges. Mmm.

We disagreed on the dressing, since John wanted more vinegar and I wanted more peanut butter, so in the end we split the recipe and doctored our own versions.

For dinners we've also had hot sandwiches, which John is the master of making, and fruity chicken salad with these to-die-for GF crackers:

We've been eating the crackers for months now, so it was a pleasant surprise when I realized there's a big ol' "GLUTEN FREE" stamp on the bag. (Seriously, you must try them. Crunchy nutty goodness you'll be eating like potato chips!)

It feels pretty strange to be sharing snapshots of our dinners here, but after the response to my gluten-free brownies quip a few posts back, I figured enough of you guys might be interested.

It's too soon to say if going gluten and dairy-free is helping my panic or thyroid issues, but I can at least tell you my stomach feels less awful.  Since I usually have dairy every day, I'm used to being in almost constant GI distress - even when I remember the Lactaid. (This is how much I love milk, you guys.) Now my stomach is quieter, without its usual symphony of gastrointestinal whale song, and all the other bloaty-and-crampy stuff that goes with it.

Fingers crossed this is just the beginning, and in another few months I'll be one of those annoyingly perky GF converts, raving about all my renewed energy and new-found health benefits. ;)

Thanks for all the support and advice, everyone - 'cuz I AM taking notes over here - and I hope my sharing helps encourage some of you out there contemplating the gluten-free switch yourself!
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

A security firm made headlines earlier this month when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks. But a closer look at the details behind that report suggests the actors in question were relatively unsophisticated Nigerian phishers who’d simply registered a bunch of new fake bank Web sites.

The report was released by Colorado Springs, Colo.-based security vendor root9B, which touts a number of former National Security Agency (NSA) and Department of Defense cybersecurity experts among its ranks. The report attracted coverage by multiple media outlets, including, Fox News, PoliticoSC Magazine and The Hill. root9B said it had unearthed plans by a Russian hacking gang known variously as the Sofacy Group and APT28. APT is short for “advanced persistent threat,” and it’s a term much used among companies that sell cybersecurity services in response to breaches from state-funded adversaries in China and Russia that are bent on stealing trade secrets via extremely stealthy attacks.

The cover art for the root9B report.

The cover art for the root9B report.

“While performing surveillance for a root9B client, the company discovered malware generally associated with nation state attacks,” root9B CEO Eric Hipkins wrote of the scheme, which he said was targeted financial institutions such as Bank of America, Regions Bank and TD Bank, among others.

“It is the first instance of a Sofacy or other attack being discovered, identified and reported before an attack occurred,” Hipkins said. “Our team did an amazing job of uncovering what could have been a significant event for the international banking community. We’ve spent the past three days informing the proper authorities in Washington and the UAE, as well as the CISOs at the financial organizations.”

However, according to an analysis of the domains reportedly used by the criminals in the planned attack, perhaps root9B should clarify what it means by APT. Unless the company is holding back key details about their research, their definition of APT can more accurately be described as “African Phishing Threat.”

The report correctly identifies several key email addresses and physical addresses that the fraudsters used in common across all of the fake bank domains. But root9B appears to have scant evidence connecting the individual(s) who registered those domains to the Sofacy APT gang. Indeed, a reading of their analysis suggests their sole connection is that some of the fake bank domains used a domain name server previously associated with Sofacy activity: carbon2u[dot]com (warning: malicious host that will likely set off antivirus alerts).

The problem with that linkage is although carbon2go[dot]com was in fact at one time associated with activity emanating from the Sofacy APT group, Sofacy is hardly the only bad actor using that dodgy name server. There is plenty of other badness unrelated to Sofacy that calls Carbon2go home for their DNS operations, including these clowns.

From what I can tell, the vast majority of the report documents activity stemming from Nigerian scammers who have been conducting run-of-the-mill bank phishing scams for almost a decade now and have left quite a trail.

rolexzadFor example, most of the wordage in this report from root9B discusses fake domains registered to a handful of email addresses, including “adeweb2001@yahoo.com,” adeweb2007@yahoo.com,” and “rolexzad@yahoo.com”.

Each of these emails have long been associated with phishing sites erected by apparent Nigerian scammers. They are tied to this Facebook profile for a Showunmi Oluwaseun, who lists his job as CEO of a rather fishy-sounding organization called Rolexzad Fishery Nig. Ltd.

The domain rolexad[dot]com was flagged as early as 2008 by aa419.com, a volunteer group that seeks to shut down phishing sites — particularly those emanating from Nigerian scammers (hence the reference to the Nigerian criminal code 419, which outlaws various confidence scams and frauds). That domain also references the above-mentioned email addresses. Here’s another phishy bank domain registered by this same scammer, dating all the way back to 2005!

Bob Zito, a spokesperson for root9B, said “the team stands by the report as 100 percent accurate and it has been received very favorably by the proper authorities in Washington (and others in the cyber community, including other cyber firms).”

I wanted to know if I was alone in finding fault with the root9B report, so I reached out to Jaime Blasco, vice president and chief scientist at AlienVault — one of the security firms that first published the initial findings on the Sofacy/APT28 group back in October 2014. Blasco called the root9B research “very poor” (full disclosure: AlienVault is one of several advertisers on this blog).

“Actually, there isn’t a link between what root9B published and Sofacy activity,” he said. “The only link is there was a DNS server that was used by a Sofacy domain and the banking stuff root9B published. It doesn’t mean they are related by any means. I’m really surprised that it got a lot of media attention due to the poor research they did, and [their use] of [terms] like ‘zeroday hashes’ in the report really blew my mind. Apart from that it really looks like a ‘marketing report/we want media coverage asap,’ since days after that report they published their Q1 financial results and probably that increased the value of their penny stocks.”

Blasco’s comments may sound harsh, but it is true that root9B Chairman Joe Grano bought large quantities of the firm’s stock roughly a week before issuing this report. On May 14, 2015, root9B issued its first quarter 2015 financial results.

There is an old adage: If the only tool you have is a hammer, you tend to treat everything as if it were a nail. In this case, if all you do is APT research, then you’ll likely see APT actors everywhere you look.

[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • Where Does Your Pipeline Lead? | Life as I Know It: “If you’re thinking about getting into the tech industry or wondering how to stay in the tech industry in the face of pervasive toxic environments, I encourage you to broaden your horizons about what ‘being in tech’ can look like. What is your goal? If you want to use technology to make a better life for yourself, think carefully about the pipeline you enter and where you want it to lead.”
  • Marvel replaces Black Widow with Captain America for its toy line | BoingBoing: “In other words, not only is Black Widow ridiculously underrepresented in Avengers merchandise—she’s also actively erased from her own scenes. Well done Marvel.”
  • Happy Birthday to Inge Lehmann, the Woman Who Discovered Earth’s Inner Core | Smart News | Smithsonian: “Her idea was revolutionary. When Lehmann published her findings in 1936, her solid core model was quickly adopted by the scientific community. Lehmann’s theory was finally proven right in 1970, when new, more sensitive seismographs picked up seismic waves bouncing off the Earth’s solid core.”
  • Interview: ‘Nimona’ Creator Noelle Stevenson | NPR: “Like a lot of young women, I went through an entire period where I hated female characters — I didn’t want to read about them! I thought I was going to be the cool girl who was not like other girls. And that’s so harmful.”
  • ATP Shownote Data | Kieran Healy: “When doing this kind of thing it can be helpful to look back on what your past practice has been. For example, it can be useful to audit one’s own habits of linking and engagement. Often exclusion is less a matter of explicit boundary policing (though God knows there’s enough of that in the tech sector) and more a matter of passive homophily.”
  • Project Update: The Electric Blanket is DONE! | Tech Musings: “Mrs. Parenteau and her merry band of 3rd grade scientists/sewers have finally finished their electric blanket project! The final result is a quilt containing approximately 45 squares that light up. Currently hanging in the Science hallway, it’s fun to watch students interact with it by pressing the different switches to light up the quilt. This was a challenging project for the kids and we are proud of their hard work and perseverance with the e-textile materials – especially the conductive thread.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

[syndicated profile] female_cs_feed

Posted by Gail Carmichael

On the last day of the 2015 edition of my week-long mini-course (Computer Science and Games: Just for Girls!), I held a discussion about women in computer science.  Below is a transcription of the notes I made on the white board.  The thoughts, if not the wording, very closely represent what the girls said.

"If it is not appropriate for women, it is not appropriate." (via Wikimedia)

Why do girls avoid computer science?
  • Seems nerdy
  • Stereotypes: man's job
  • Don't want to stick out as only female
  • Impression that you must love video games
  • Accused of being interested to attract guys
  • Stereotypes of femininity
  • Females more pressured to take certain programs of study
  • Pressure from others who don't think certain skills are valuable (e.g. video game development)
  • Too many guys, "I will never fit in"
  • Girls are less confident, partly due to society's messages

Why does it matter?
  • Girls can change an idea or product without destroying or outright rejecting it
  • Girls should have the freedom to choose their career without barriers
  • We are turning girls away from their passion
  • Discrimination is always bad
  • Women should have independence, especially financially
  • We need products designed by us
  • Women can change how women are represented in games

What would make you interested in trying computer science in high school or post-secondary?
  • Stop the stereotypes!!
  • Enforce a better gender balance, or provide all-female options
  • People around us have to stop talking down about CS
  • Give us a chance to try it out! We don't know what it is otherwise!
  • More interesting application in university-level courses (like robotics)
  • More positive attitudes toward college-level options [which typically grant diplomas in Canada, as opposed to universities, which grant degrees]
  • Avoid giving the impression that it's impossibly complicated.
  • More one-on-one time (and other better teaching strategies) to make sure we get a good base in math.
[syndicated profile] sumana_feed
A few announcements:

We have three days left to fund The Recompiler, a new technology magazine that will combine tutorials and technical articles with personal narratives and art. My household has now funded this campaign and I hope to attend the launch party in Portland next month. I particularly loved seeing (via the video on Indiegogo) that 2600 is one of the inspirations for The Recompiler. 2600 has many virtues, but it pays people in a free t-shirt or a year's worth of issues of the magazine. I am looking forward to seeing The Recompiler pay people to write "you can totally do this, here's how" high-quality technical articles.

My old boss Erik is running a new video interview series called "Passionate Voices" and kicked it off by interviewing me (72 minutes); if you are interested in my work on inclusive communities, my thoughts on codes of conduct, and my reflections on the Recurse Center, you might want to watch this.

In about ten days, I'll be leading a Geek Feminism book club on Courtney Milan's Trade Me -- read the first chapter free online, get hooked, and snarfle down the rest by May 28th so you can participate in the comment thread.

Also on Geek Feminism, I posted a quick note about the word "girl" in the name of superhero Supergirl.

Finally: I met some pretty interesting people via the Columbia master's program I did. And for several years, I've known Jack Barsky as a mentor, a tech executive, and a friend. He's now the subject of a profile by 60 Minutes because, no joke, he used to be a Soviet spy. This guy who gave me important advice, who always got to the heart of the matter and had super emotionally honest conversations with me, has a past that sounds beyond melodramatic. I was not aware until this month of all the twists and turns within his story, and I am honestly still processing it. Give it a look.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

The St. Louis Federal Reserve today sent a message to those it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution. The attack redirected Web searches and queries for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in an apparent bid by cybercrooks to hijack online communications of banks and other entities dealing with the regional Fed office.

fedstlouisThe communique, shared by an anonymous source, was verified as legitimate by a source at another regional Federal Reserve location.

The notice from the St. Louis Fed stated that the “the Federal Reserve Bank of St. Louis has been made aware that on April 24, 2015, computer hackers manipulated routing settings at a domain name service (DNS) vendor used by the St. Louis Fed so that they could automatically redirect some of the Bank’s web traffic that day to rogue webpages they created to simulate the look of the St. Louis Fed’s research.stlouisfed.org website, including webpages for FRED, FRASER, GeoFRED and ALFRED.”

Requests for comment from the St. Louis Fed so far have gone unreturned. It remains unclear what impact, if any, this event has had on the normal day-to-day operations of hundreds of financial institutions that interact with the regional Fed operator.

The advisory noted that “as is common with these kinds of DNS attacks, users who were redirected to one of these phony websites may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as phishing, malware and access to user names and passwords.”

The statement continues:

“These risks apply to individuals who attempted to access the St. Louis Fed’s research.stlouisfed.org website on April 24, 2015. If you attempted to log into your user account on that date, it is possible that this malicious group may have accessed your user name and password.

The St. Louis Fed’s website itself was not compromised.

“Out of an abundance of caution, we wanted to alert you to this issue, and also make you aware that the next time you log into your user account, you will be asked to change your password. In addition, in the event that your user name and password are the same or similar as those you use for other websites, we highly recommend that you follow best practices and use a strong, unique and different password for each of your user accounts on the Internet. Click https://research.stlouisfed.org/useraccount/forgotpassword/step1 to change your user account password now.”

According to Wikipedia, the Federal Reserve Economic Data (FRED) is a database maintained by the Research division of the Federal Reserve Bank of St. Louis that has more than 247,000 economic time series from 79 sources. The data can be viewed in graphical and text form or downloaded for import to a database or spreadsheet, and viewed on mobile devices. They cover banking, business/fiscal, consumer price indexes, employment and population, exchange rates, gross domestic product, interest rates, monetary aggregates, producer price indexes, reserves and monetary base, U.S. trade and international transactions, and U.S. financial data.

FRASER stands for the Federal Reserve Archival System for Economic Research, and reportedly contains links to scanned images (PDF format) of historic economic statistical publications, releases, and documents including the annual Economic Report of the President. Coverage starts with the 19th and early 20th century for some economic and banking reports.

According to the Federal Reserve, GeoFred allows authorized users to create, customize, and share geographical maps of data found in FRED.

ALFRED, short for ArchivaL Federal Reserve Economic Data, allows users to retrieve vintage versions of economic data that were available on specific dates in history.

The St. Louis Federal Reserve is one of twelve regional Fed organizations, and serves banks located in the all of Arkansas and portions of six other states: Illinois, Indiana, Kentucky, Mississippi, Missouri and Tennessee. According to the reserve’s Web site, it also serves most of eastern Missouri and southern Illinois.

No information is available at this time about the attackers involved in this intrusion, but given the time lag between this event and today’s disclosure it seems likely that it is related to state-sponsored hacking activity from a foreign adversary. If the DNS compromise also waylaid emails to and from the institution, this could be a much bigger deal. This is likely to be a fast-moving story. More updates as they become available.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

When it comes to reporting on breaches involving customer accounts at major brands, the news media overall deserves an F-minus. Hardly a week goes by when I don’t hear from readers about a breathless story proclaiming that yet another household brand name company has been hacked. Upon closer inspection, the stories usually are based on little more than anecdotal evidence from customers who had their online loyalty or points accounts hijacked and then drained of value.

javamessThe latest example of this came last week from a story that was responsibly reported by Bob Sullivan, a former MSNBC journalist who’s since struck out on his own. Sullivan spoke with multiple consumers who’d seen their Starbucks card balances emptied and then topped up again.

Those customers had all chosen to tie their debit accounts to their Starbucks cards and mobile phones. Sullivan allowed in his story one logical explanation for the activity: These consumers had re-used their Starbucks account password at another site that got hacked, and attackers simply tried those account credentials en masse at other popular sites — knowing that a fair number of consumers use the same email address and password across multiple sites.

Following up on Sullivan’s story, the media pounced, suggesting that Starbucks had been compromised. In a written statement, Starbucks denied the unauthorized activity was the result of a hack or intrusion into its servers or mobile applications.

“Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account,” the company wrote. “This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.”

In most cases, a flurry of fraudulent account activity targeting a major brand is preceded by postings on noob-friendly hacker forums about large numbers of compromised accounts for sale, and the publication of teachable “methods” for extracting value from said hacked accounts.


Unsurprisingly, we saw large numbers of compromised Starbucks accounts for sale in the days leading up to the initial story about the Starbucks fraud, as well as the usual “methods” explaining to clueless ne’er-do-wells about how to perpetrate fraud against hacked accounts. Here’s another noob-friendly thread explaining how to cash out compromised Subway accounts; how long until we read media reports shouting that Subway has been hacked?

To be sure, password re-use is a major problem, and it’s a core driver of fraud like this. Also, companies like Starbucks, Hilton Honors, Starwood and others certainly could be doing more — such as offering customers two-step authentication — to protect accounts. Indeed, as these recurring episodes show, affected brands take an image hit when customers have their accounts hijacked through password re-use, because the story inevitably devolves into allegations of a data breach at the brand involved.

But it works both ways: consumers who re-use passwords for sites holding their payment data are asking for trouble, and will get it eventually.

For helpful hints on picking strong passwords (or outsourcing that to third-party software and/or services), check out this primer. For further reading about how penny-ante punks exploit password re-use and trick media outlets into falsely reporting breaches, see How to Tell Data Leaks from Publicity Stunts.

Cungrate.. Condrag... GUT JOB!

May. 18th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Wahooo! SCOOL'S OUT!


Or.... is it?

Not gonna lie: kinda confused right now.


Well, assuming you students aced all your subjects:

(If only they taught USEFUL stuff in school, am I right?)


...then I hear some Congradularons are in order!


Unless you prefer a "Congralulalio" - 'cuz I've got one of those, too:


Eesh. You know, I have so many hundreds of misspelled "congratulations" cakes in the archives I may never post them all. I wonder when bakers decide to just give up completely?

Er, that was rhetorical, guys...


C'mon, now. We have to move on.




What the... Congrauktion.at?!



So, in conclusion:

I think I already did.


Conklenators to Jayne L., Laura A., Debbie M., Bree M., Tammy J., Dara, Candy R., Kristin, Jennifer P., & Kat N. on their stellar wreckporting.


Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

Unit Testing on iOS


I have two ways of submitting to CfPs. The first: a carefully written abstract of a talk that I have already prepped, and probably already given.

The second: something that I have already been exploring in blog posts, collected into a “here is this thing that I think I could talk about, but I’m not 100% sure what that would look like yet”.

My submission to mdevcon at the start of the year was of the second variety, prompted by the inclusion of the CfP in an edition of Technically Speaking. It was based on a series of blogposts about unit testing UI code on iOS which had been relatively well read. It included the comment that “this could be either a workshop or a talk”.

Typically I follow a policy of submit and forget – there’s no point getting too attached to these things, you have no control once you’ve submitted, after all.

And then one day an email arrives. And it said – “how about both?”

My reaction: Yay! I was accepted! Both! Ai! Could I? OK then.


So I had committed myself to giving my first super technical talk, and my first workshop together, on the same topic, in a two day period. Luckily I had around 6 weeks to prepare.

My initial design constraint was the title: Unit Testing on iOS: Beyond the Model. Clearly there was going to be some overlap between the two, but I didn’t want to just present the same content in two lengths – I think a workshop should be designed differently from a talk. A talk is to give you something to think about, to take back into your own work. A workshop is a deep dive into learning something, I want people to come away feeling like they have conquered it.

I decided to make my talk about what I actually do, not what we might do in a contrived example. Because this, to me, is the main benefit of conference talks – learning what people actually do.

So I opted to tie the talk to my own app, Show and Hide. It’s a relatively simple app UX-wise, the engineering challenges are in the image processing. So I build the talk along the screens, introducing two testing techniques per screen. I showcased my KIF tests by running them – live – using this time to introduce what the app actually does. And I opened and closed with stories about why testing is important and what the ROI is. I used my speaker notes (I write very detailed notes that are easy to turn into a blog post) to get feedback on what people found particularly interesting and what they struggled with.

With the talk mostly done, I moved onto preparing the workshop.

For the workshop, I built a simple sample app of a tic-tac-toe game with a full suite of tests. As part of getting feedback on the content from my talk, I had discovered that people’s knowledge when it came to testing on iOS was widely divergent. Some people were interested because they wanted to know how to unit test UI code… others were hoping to learn how to start unit testing… at all.

This was a huge constraint on the design of the workshop. I added a section in at the beginning covering how to unit test, period. Spent more time on how mocks work. I’ve never been a fan of instructor does something, pauses while everyone has a go, and because experience levels vary so widely, people are either bored or rushed. But knowing that my audience would vary between: no knowledge of unit testing at all, to experts in testing just not of unit testing UI code completely ruled this out as an option. I was not going to start my workshop dismissing half the audience, or boring the rest.

As a result, I put together a ~20 page document that worked through testing the sample app, step by step. With a section at the beginning that could be skipped (unit testing basics) and a more open ended section at the end which I expected only experienced people to get to (getting started with UIAutomation using KIF). I created a fork of the sample project, and deleted tests from it, leaving behind examples and comments on where to insert code. I actually covered more testing techniques in the talk than the workshop – because a deep dive takes a lot longer than an overview.

My workshop was also the first to sell out! Which was exciting but put the pressure on. Thankfully the organisers found me a TA to help.

Final step was a practise talk, where I got some helpful feedback which I incorporated into both the talk, and where applicable the workshop.


Delivering the workshop and the talk was intense and exhausting.

The workshop came first. I gave people access to the document, and then moved around the room on rotation, being sure to spend time with everyone. You hear a lot more issues people are facing if you go to them and ask, and there are a lot more opportunities to elaborate and connect with them. Because I had hosted the code on GitHub, and the instructions on GoogleDocs, I was able to make minor changes as people ran into things (thankfully there weren’t many).

Once it was over I was exhausted! I went for food and a walk, unable to contemplate speaking to another human for a while.

Bizarrely when it came to it I was more nervous about the talk than the workshop. The workshop was so thoroughly prepared that I felt like I had ran out of nervous energy doing that much preparation. And I couldn’t think past it being over! So once it was, I felt like I was under-prepared for my talk. Actually I had done about as much preparation as I normally do, I just hadn’t had the emotional capacity to be as anxious about it!


When I got the feedback from the workshop, the main comment was that I hadn’t run it in a more typical way – with explanations and breaks for people to try things out. My initial reaction was “but it was designed that way for a reason!” and then I realised – this is a sign of success. If people think that was an option, they must have left feeling their level of expertise – whatever it was (and having spent time with everyone I can tell you it was incredibly varied) – was entirely normal. Really, I would sooner people leave a workshop I ran thinking I’d made a mistake in how I designed it, than feeling stupid because they didn’t know some key concept.

If you are interested in the content, you can find my blog post from my speaker notes here, and an updated version of the workshop for working through at home is available for sale.

[syndicated profile] geekfeminism_feed

Posted by brainwane

CBS has just released a “first look” teaser for the new Supergirl TV show, coming this fall. I’ve always frowned at the name “Supergirl” for an adult woman, finding it infantilizing. The teaser tries to address this:

News announcer on television: “Media Magnate Cat Grant, of National City’s new female hero: Supergirl.” (news channel displays “#Supergirl”)

Kara Danvers: “We can’t name her that.”

Cat Grant: “We … didn’t.”

Danvers: “Shouldn’t she be called Super…. woman?”

Grant: “What do you think is so bad about ‘girl’? I’m a girl. And your boss, and powerful, and rich, and hot, and smart. So if you perceive ‘Supergirl’ as anything less than excellent, isn’t the real problem you?”

Calista Flockhart plays an authoritative Cat Grant, a casting choice which itself implies (to me) a defense of the type of femininity Flockhart performed as Ally McBeal in her best-known role to date.

I don’t find Grant’s argument convincing, since my particular beef with the “girl” suffix is around connotations of immaturity, and particularly because we do not tend to call men of similar ages “boys”. That’s unequal. But I appreciate that at least this teaser attempts a defense. And overall I loved the teaser, and it made me cry. Stories of women discovering and claiming our power, in ourselves and to help others, will always get me.


Sunday Sweets: (Video) GAME ON!

May. 17th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Anyone else out there love video games??

(By Un Jeu d'Enfant)

'Cuz if so, this post's for you.


Mortal Kombat:

(By Maridell's Cakes)


Disney Infinity:

(Baker unknown. Anyone recognize it?)

Seriously love this idea: you can set the character cupcakes on the game pads, just like the real system! SO FUN.



(By Bellaria Cakes Design)

I've never played this one before, but these fun character cakes make me want to!


Here's another, also from Skylanders:

(By Dina Cimarusti - who was on season 7 of Face Off! SO COOL.)


Call of Duty:

(By Not Just Cakes By Annie)

Especially perfect for someone named Paul. Ha!



(By The Violet Cake Shop)

It's a plethora of perfectly placed pixels! Swoon.


Mario Kart:

(By Enna's Cake Design)

Because that little Italian plumber never gets old.


Secret Agent Clank:

(By Vsem Tort)

I remember playing Ratchet and Clank eons ago - I had no idea Clank got his own title!


Legend of Zelda:

(By Studio Sweets, which sells those toppers on Etsy!)

Another classic, and talk about a perfect wedding cake! I love the "floating" sugar gems.


And finally, one of John's favorite games of all time:


(By Baking Obsession)

I got John the Alduin statue this cake is based on last Christmas, so we're both pretty familiar with it - and neither of us could believe this was cake at first and not the real thing. It's that perfect.

Now, who wants to go play a game? :)


Happy Sunday, everyone!


Thank you for using our Amazon links to shop! USA, UK, Canada.

This Week

May. 17th, 2015 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate



Taking a break! Went off to Easter Island where there was Little Internet. I could exchange messages, but couldn’t really load web pages. So I limited myself to posting one picture a day and disconnected a bit. It was so good for me. Then spent a night at Santiago airport, and arrived in Rio. One of my friends was supposed to join me but didn’t know she needed a visa so wasn’t allowed on the plane, which has been a bit rubbish.

Honestly feeling ready to be a bit boring for a while after all this rushing about! But also feeling very creatively recharged and productive.


Light week, mostly disconnected. But being offline made me focus and allowed me to make some significant progress on a project that I’d been stalling on, and I’m approaching a milestone with it which is awesome.

The Technically Speaking 6monthiversary continues. It’s going really well. I’m super excited and happy about it.


Reading Essentialism, and read a bunch of novels – mostly super frothy ones – The Frog Prince, Meet and Delete, My So-Called (Love) Life, Creature Comforts (I kinda like her books – they’re like fairy tales for adults), and now on this Dating Mr Darcy series.

Product Links Amazon.


A new edition of Technically Speaking is out.

On the Internet

[syndicated profile] epbot_feed

Posted by Jen

I still believe in a good session of retail therapy from time-to-time - and I just realized it's been far too long since I shared my favorite Etsy finds with you guys. So, hide your checkbooks, my friends, 'cuz it's about to get reeeeealllly tempting in here.

First up, a birthday gift from John, and the necklace I'm currently loving the most:

The glass is pillowy perfection, and I like that the fox isn't too small; about the length of my pinky. And seriously, $15?! This thing looks like it'd cost five times that in a pricey boutique. 

The little cord it comes with is pretty dinky, but I'm planning to make a braided leather cord for it soon - maybe in gray, white, and teal? Mmmm.

Also really loving the clean lines of this octopus pendant:

And while we're talking tentacles [grin], I've found a couple of artists designing some genius 2D "glass bottle" necklaces:

Kraken Attack Ship in a Bottle Necklace, $20 by TheGorgonist


And check this one out: goldfish in a baggie!

2D Goldfish on Acrylic, $29 by BakuForestStudios
Check both those shops for more options.

For my fairy lovers:

I don't even have pierced ears, but that's never stopped me from shopping sparklies. Besides, these wouldn't be hard to convert to clips.

Oh, and lots more iridescent colors in her shop, too!

I found two fun twists on the traditional "best friends" necklaces:


(I'm hoping she makes one with R2 and the new BB-8, now, too. Because blue and orange.)


They even lock together!

From the same shop:

Pacman & Ghosts, $15
(Also available as a bracelet)

It's reversible, so you can have Pac-Man chasing ghosts, or ghosts chasing Pac-Man. YES.

Where my Supernatural fans at?  'Cuz you Castiel cosplayers desperately - DESPERATELY - need this necklace:

Castiel's Grace, $25 by NeveEbrez

It's Castiel's stolen grace!!

The necklace is battery-powered, so you get a bright LED glow, and that's the Enochian symbol for the letter C. SO COOL. Hit the link to see more pics of it powered off.

Another of my favorite necklaces - which is actually sold as a cellphone charm:
Grey Kitty Wooden Charm, $10 by LittlePaperForest

It's nice and big - about an inch and a half across - and super easy to convert to a corded necklace. I get compliments every time I wear this one; people love them some nerdy kitty-cats!

And finally, FLYING MONKEY:

Flying Monkey Necklace, $18 by RudeAndReckless

Because flying monkeys. :D

K, I think I've done enough damage to your collective paychecks for now. Happy shopping, everyone!

Friday Favs 5/15/15

May. 15th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Some of my favorite new submissions this week.


If you have a daughter named Brandon, guess what you get asked the most?

I'm kind of loving the piping gymnastics the baker had to go through to fit all that on there. Do you think at any point she stopped to wonder... ?



Uh, guys? Did I miss something? Are brain cakes for babies a thing now?

Because the pics of little Toby covered in red cake gore are seriously not safe for life.


Believe it or not, though, that's not the wreck. See, someone else wanted a cake just like that for their baby... but instead they got this:

It looks like a big mushy ball of Mac n' Cheese. Which, let's be honest, is WAY BETTER THAN BRAIN CAKES FOR BABIES, mmkay? Yeesh.

Ok, maybe the brain cake is too divisive of an issue.

So can we at least agree that THIS is wrong?

"Icing shots?!" With no cake?? FOR $2.00??

Whaddaya mean, you like that much icing? Are you INSAAAANE?

(Side Note: anyone else distracted by the "Dry Old German Chocolate" sign? I was about to be impressed by their honesty before I realized it's supposed to be "Day." Heh.)

Well, in the interests of minion harmony, let's end with a classic:

A birthday cake with "a big number 2 and stars on the sides."

I guess there wasn't room to write "stars" on both sides.


Thanks to Jennifer B., Amanda N., Kathleen, K.T. for bringing us only the second-best stars.
P.S. If you're not following both The Bloggess and yours truly over on Twitter, then you're missing out on some riveting intellectual interactions, like this:


Thank you for using our Amazon links to shop! USA, UK, Canada.


terriko: (Default)

May 2015

34 56789
10111213 141516

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated May. 23rd, 2015 05:45 am
Powered by Dreamwidth Studios