[syndicated profile] cakewrecks_feed

Posted by Jen

Were the good ol' days of cake decorating REALLY better?

And more importantly, can Jen find an excuse to post some of the rad vintage birthday cakes you guys have been sending in?

Let's find out, with...

EPIC CAKE BATTLES OF HISTORY!!

THEN:

I pity the fool who doesn't recognize Hulk Hogan & Mr. T.

VS

NOW:

 

THEN:

VS

NOW:

 

THEN:

VS

NOW:

"I stopped listening after 'cabbage'."
(Yup, it's cake. Cabbagey, cabbagey cake.)

 

THEN:

VS

NOW:

 

THEN:

VS

NOW:

Who WON? Who LOST?
YOU decide!!

And keep sending in those vintage birthday cakes, because seriously, these things are amazing.

 

Thanks to Robert T., Elizabeth B., Jason R., Tiki C., Jason R., Kristi C., Lindsay S., Karen H., Susan M., & Brittany J. - and a hat tip to Epic Rap Battles of History for all the lolz.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] infotropism_feed

Posted by Skud

As I mentioned earlier today, I’m off to Europe shortly for AdaCamp Berlin, then in November I’m going to India for AdaCamp Bangalore. I’ll be leading both events, which means I get to welcome everyone and set the stage for the unconference, make sure the sessions and workshops run smoothly, and that the culture of AdaCamp meets its usual high standards.

The Ada Initiative just posted this announcement and interview where I talk a bit about my experience with AdaCamp, running various community events, and what I’ll bring to these ones.

[syndicated profile] infotropism_feed

Posted by Skud

I haven’t mentioned this on here yet so I thought I’d better do so before I actually, you know, board the plane.

I’m heading over to Europe next week and the week after. The main reason I’m going is AdaCamp in Berlin, which I will be helping run, but before and after that I’ll also be spending some time in the UK and running this Growstuff event, to get stuck into some serious code with some of our UK-based developers, in London on Oct 18-19.

If you are in the UK and are interested in food innovation, open data, technology for social good, sustainability, inclusive open source projects, or related fields, I would love to meet you! If you can’t make it to the Growstuff code sprint but would like to catch up for a coffee or something, drop me a line.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

A Florida man was sentenced today to 27 months in prison for trying to purchase Social Security numbers and other data from an identity theft service that pulled consumer records from a subsidiary of credit bureau Experian.

Ngo's ID theft service superget.info

Ngo’s ID theft service superget.info

Derric Theoc, 36, pleaded guilty to attempting to purchase Social Security and bank account records on more than 100 Americans with the intent to open credit card accounts and file fraudulent tax returns in the victims’ names. According to prosecutors, Theoc had purchased numerous records from Superget.info, a now-defunct online identity theft service that was run by Vietnamese individual named Hieu Minh Ngo.

Ngo was arrested in 2012 by U.S. Secret Service agents, after he was lured to Guam by an undercover investigator who’d proposed a business deal to expand Ngo’s personal consumer data stores. As part of a guilty plea, Ngo later admitted that he’d obtained personal information on consumers from a variety of data broker companies by posing as a private investigator based in the United States.

Among the biggest brokers that Ngo bought from was Court Ventures, a company that was acquired in March 2012 by Experian — one of the three major credit bureaus. Court records show that for almost ten months after Experian completed that acquisition, Ngo continued siphoning consumer data and paying for the information via cash wire transfers from a bank in Singapore.

After Ngo’s arrest, Secret Service investigators in early 2013 quietly assumed control over his identity theft service in the hopes of identifying and arresting at least some of his more than 1,000 paying customers.

Theoc is just the latest in a string of identity thieves to have been rounded up for attempting to purchase additional records after the service came under the government’s control. In May, I wrote about another big beneficiary of Ngo’s service: An identity theft ring of at least 32 people who were arrested last year for allegedly using the information to steal millions from more than 1,000 victims across the country.

In April, this publication featured a story about 28-year-old Dayton, Ohio resident Lance Ealy, whom the government alleges also used Ngo’s services to steal financial records used for tax return fraud.

In October 2013, KrebsOnSecurity broke the news that Experian’s subsidiary was a major contributor to Ngo’s identity theft service. In subsequent hearings on Capital Hill, Experian executives assured lawmakers with the curious contradiction that the company knew who the victims were and that they’d be taken care of, but that there was no evidence that any consumers had actually been harmed as a result of Experian’s oversight. It remains unclear if Experian, Court Ventures or any other firm duped by Ngo will ever be made to fully and publicly account for the damage done here, although earlier this year several state attorneys general announced that they’d launched their own investigation into the matter.

[syndicated profile] geekfeminism_feed

Posted by Mary

Two weeks ago, I interviewed Geek Feminism founder Alex Skud Bayley about Geek Feminism, programming, and the Growstuff Indiegogo campaign. As a followup, I’m interviewing Frances Hocutt, who will work on Growstuff’s API if the fundraiser reaches its target.

Frances Hocutt looks at a flask in a laboratory

Frances Hocutt

Frances is the founding president of the Seattle Attic Community Workshop, Seattle’s first feminist hackerspace/makerspace. She prefers elegance in her science and effectiveness in her art and is happiest when drawing on as many disciplines as she can. Her current passion is creating tools that make it easy for people to do what they need to, and teaching people to use them. She is a fan of well-designed APIs, open data, and open and welcoming open source communities.

Frances is entering technology as a career changer, from a scientific career. She’s recently finished a Outreach Program for Women (OPW) internship, and she spoke to me about OPW, Growstuff, mentoring and friendly open source communities.

What did your OPW project go? What attracted you to Mediawiki as your OPW project?

This summer I wrote standards for, reviewed, evaluated, and improved client libraries for the MediaWiki web API. When I started, API:Client Code had a list of dozens of API client libraries and was only sorted by programming language. There was little information about whether these libraries worked, what their capabilities were, and whether they were maintained. I wrote evaluations for the Java, Perl, Python, and Ruby libraries, and now anyone who wants to write an API client can make an informed choice about which library will work best for their project.

I am generally interested in open knowledge, open data, and copyleft, and I admire the Wikimedia Foundation’s successes with the various Wikipedias. When Sumana Harihareswara asked me if I might be interested in interning on this project for the Wikimedia Foundation I jumped at the chance. I was pleasantly surprised by how welcoming and supportive I found the Mediawiki development community. I had a good experience technically, professionally, and personally, and I learned a lot.

What attracts you to Growstuff and its API as your next project, technically?

Growstuff open data campaign logo

I really like creating usable tools and interfaces, and when that comes with the chance to play around with APIs and structured data, that’s gravy.

My favorite tech projects value developer experience and generally usable interfaces (whether for UIs or APIs). Growstuff’s current API makes it hard to retrieve some fairly basic data (given a location, when was a crop planted?), so I’m really looking forward to the chance to have input into designing a better one.

I also enjoy writing particularly clear and careful code, which I’ll be doing with my API example scripts so that anyone can pick them up, include them in their website or app, and easily modify them for whatever their intended purpose is.

What attracts you to Growstuff as your next development community?

The development community is the main reason I’m so excited about working on Growstuff. Growstuff is one of a handful of majority-female open source projects, and I definitely feel more comfortable when I don’t have the pressure to represent all women that sometimes comes when women are a small minority. Growstuff has great documentation for new developers, a friendly IRC channel, and an agile development process where pair programming is the norm. It’s obvious that Skud has fostered a collaborative and friendly open source community, and I’m looking forward to working in it.

What can the technical community learn from OPW and Growstuff about mentoring and supporting people coming to tech from diverse backgrounds and oppressed groups?

As I’ve come into tech, I’ve gotten the most benefit from environments where interpersonal connections can flourish and where learning is easy and ignorance of a topic is seen as an opportunity for growth. I credit much of the smoothness of my internship to being able to work with my mentor towards the shared goal of helping me succeed.

Some particularly useful approaches and skills were:

  • explicit explanations of open source community norms (i.e. how IRC works, whom and how to ask for help, ways that various criticisms might be better received, where a little praise would smooth the way)
  • constant encouragement to put myself out there in the MediaWiki development community and ask for help when needed
  • willingness to share her experiences as a woman in technology and honesty about challenges she had and hadn’t faced
  • willingness to have hard conversations about complicity and what we’re supporting with our technical work
  • willingness to engage with a feminist criticism of the field and orginazation, without falling back on “that’s just how it is and you need to get over it”
  • introducing me to other people like me and encouraging me to make and nurture those connections
  • telling me about career paths that my specific skills might be useful in
  • making me aware of opportunities, over and over, and encouraging me to take them
  • inviting metacognition and feedback on what management approaches were working for me and which weren’t.

Gatherings like AdaCamp have also helped me find people at various stages in their careers who were willing to openly discuss challenges and strategies. I’ve been building a rich network of technical women of whom I can ask anything from “how does consulting work” to “how much were you paid in that position” to “how in the world do I set up this Java dev environment?!” It’s amazing.

I’m looking forward to more of the same at Growstuff. Growstuff’s pairing-heavy style encourages those connections, and Growstuff’s development resources focus on making knowledge accessible and not assuming previous experience. I’ve admired Skud’s work for years and I am delighted to have the opportunity to work with her myself.

How are you finding the fundraising process for Growstuff? How can people best support it?

Frustrating, in a word. The crowdfunding campaign I ran last year only ran for ten days, so I’m adjusting to the longer and slower pace of this one. Like many women, I often feel awkward promoting myself and my projects — even when I would be happy to hear a friend tell me about a similar project she was working on! I try to reframe it as sharing interesting information. Sometimes that works for me, but sometimes I still feel weird.

That said: if you want to support Growstuff (and I hope you do), back our campaign! Tell any of your friends who are into sustainability, gardening, shared local knowledge, or open data why Growstuff is exciting and encourage them to donate! If you garden, sign up for an account and connect with other gardeners in your area! We’re trying to make it as an ethical and ad-free open source project and every bit helps. And if there’s anything you want to do with our data, let us know! We’d love to hear from you.

Insulting Inscriptions 101

Oct. 1st, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Some handy tips when crafting the perfect cake zinger:

1) Don't misspell it.

There's nothing like borrowing song lyrics for a backhanded compliment, but misspell the thing (and omit all the necessary apostrophes) and you come across more crude than clever.

 

2) Be specific.

 

Ok, so Charity smells - but what does she smell like? Hmm? Could be roses, or cotton candy. (Mmm, cotton candy...) This is the time to release your inner muse: tell us what putrescent stench Charity is emitting, and really explore your literary space, ok?

 

3) Keep it simple.

 

While you're exploring that space, though, don't get so carried away that no one can tell what you're trying to say. Instead of an oddly phrased "Youth Forgot", why not go with something more straightforward? You know, like this:

See, the lack of exclamation marks or capital letters here really brings home juuust the right amount of indifference. Even the off-centered leaning seems to say, "Hey, I got you a cake, alright? Don't go pushing your geezer luck by expecting quality."

 

And lastly,

4) A little name-calling can go a long way.

Again, creativity is king here. Just watch your penmanship; that "Fink" could almost be mistaken for "Tink".

 

Thanks to this next one I think I've found my new favorite pet name for John:

Brilliant!

 

Kathryn R., Laura I., Sonya L., Mercedes R., Beth, & Kelli A., obviously your fathers smelled of elderberries.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Male Allies and GHC

Oct. 1st, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

strings of a broken heart

Credit: DeviantArt / DubiousOrchid

This year will be my 5th year at GHC (Grace Hopper Celebration, the annual conference for technical women from the Anita Borg Institute), my first speaking, and my first in my new post-corporate-job life. It’s been blocked on my calendar since last year, and there has been a long lead time, which means I made the transition from corporate job to independent knowing that GHC was going to be expensive as a result, but deciding that it was worthwhile and not worth delaying the rest of my life over.

There are a few things that have irritated me about the process for speakers. Mostly, I think, around ensuring that people are prepared. You have to send your slides in advance, and use their slide template, etc. Speakers don’t get free, or even discounted, tickets. Which is fine when you work for Big Tech Company, but as an independent is pricey. Students speaking have loads of scholarships available to them, and universities to sponsor them.

A common thread I hear from friends is that GHC is for students, or for really senior women (I managed to get into the Senior Women’s forum once, and the women I met were amazing). What if you’re in between? And it’s aimed at companies, because it’s a recruiting machine for women and most tech companies throw money at recruiting more women to the pipeline full of acid rather than actually doing anything about the acid.

I’ve sympathised, and defended, explained my approach to being pickier about what talks I attend, and making the most of the women that I meet up with every year. I quit corporate feminism over a year ago, so last year I went incognito – I wore nothing branded with the company I worked for, I did not interview, I did not spend time at the booth. This was a different experience than previous years and one that I needed, but I know women at other tech companies where recruiting and being constantly branded is the price you pay for the ticket.

It’s become harder and harder to defend. And now, there’s going to be a male allies panel, this is the last thing – it is about companies, not about the women who suffer in them. And I’ve been tweeting about this, so here’s my long form take.

There’s a lot of discussion about women in tech, and there’s this constant refrain of “what about the men” and I am tired of hearing it. It’s not about the men. It’s about women, and other minorities (who have it far worse). The fact that (some) men have made this, like everything, about them is illustrative of the problem.

The men who get it need to talk to the ones that don’t, and you don’t find many that don’t get it at at a conference of 99% women. Last year, as part of “the Australian contingent”, there were 3 guys with us. They came to listen. And for once, they were the minority.

I actually agree with Shanley, (I paraphrase), the system is broken and what we need to do is burn the system down.

But if we’re not ready to burn yet (and with men in charge, will that ever come?) maybe we can keep pushing on the system to make it a little less broken, but this is how we survive, and stay – for now. Within this, there are two separate things: how do we make the line between being a bitch and a pushover wider, and how do we walk it more effectively. Lean In (Amazon) is mostly about walking that line more effectively. There’s space for that, and people who may find it useful, but it’s not the whole story.

There are different classes of problems in Diversity. Easy is fixing your marketing materials. Easy is throwing money at recruiting.

Moderate is throwing money internally (training, minority groups), because (some) men will complain “it’s not fair”. Moderate is handling egregiously gendered interactions, sexual harassment, words use to and about women, and only women. The more blatant versions of “get back in the kitchen”, usually served with a side of poor understanding of biology.

Hard is promoting the qualified woman when there is also a qualified man. Hard is dealing with the more subtle gendered interactions – when he repeats everything she says in a meeting, for example. When she doesn’t get to say anything in the meeting, because he answers everything for her. When he publicly undermines her. Gendered performance feedback.

Extra hard is taking the woman whose belief in herself has been stamped out of her by all the things that were never dealt with, because they were too hard, finding her a good manager, a good project, and helping her rebuild her self-confidence. Extra hard is being a sponsor, believing in someone who The System has told so loudly she doesn’t belong that she has come to believe it.

Within this, there are different levels. It’s easy to deal with egregiously gendered things, but do you have to have them pointed out to you or do you notice? The same within the subtle ones.

Some people are still stuck on the easy problems, but at GHC I’d like to think that we could focus on the hard problems. And the thing about the companies represented on the male allies panel, is there is little evidence to suggest they have moved past the easy ones, and one of them only managed that in the last year.

Two of them have not released diversity data (although I did get some info in response to this tweet). The other two have 15 and 17% women in tech roles respectively, and do not clarify the definition of tech so it may well be broader than the Eng/UX/PM that has been decried elsewhere.

Alan Eustace is from Google, and I used to work there so I know that he is a fantastic ally. He’s the only man who I have ever taken advice from on dealing with the emotional toll of women in tech stuff, which is because he is the only man who has ever offered advice on the topic that wasn’t just telling me how to feel.

But. Even with that, the numbers are terrible. If the experience for women was better, the numbers would be.

So what is this panel going to be? Is it going to be discussing how you can care so much, and work so hard, and achieve so very little because the entrenched problems are too great?

Or is it just going to be a celebration of managing the easy things. Of crawling over that exceptionally low bar of sexist marketing materials. Of focusing on the pipeline rather than the women who are already here. Or I should say, at the expense of the women who are already here, because it takes up their time, and corporate feminism takes it’s toll.

GHC could do better. GHC could do the hard things.

 

Edited October 2nd to clarify what GHC is.

[syndicated profile] infotropism_feed

Posted by Skud

tl;dr – if we usually talk on IM/GTalk you won’t see me around any more. Use IRC, email, or other mechanisms (listed at bottom of this post) to contact me.


Background: Google stopped supporting open standards for IM a few years ago.

Other background: when I changed my name in 2011 I grabbed a GMail account with that name, just in case it would be useful. I didn’t use it, though — instead I forwarded any mail from it to my actual email address, the one I’ve had since the turn of the century: skud@infotrope.net, and set that address as my default for everything I could find.

Unfortunately Google didn’t honour those preferences, and kept exposing my unused GMail address to people. When I signed up for Google Groups, it would be exposed. When I shared Google Docs, it would be exposed. I presume it was being exposed all kinds of other ways, too, because people kept seeing my GMail address and thinking it was the right way to contact me. So in addition to the forwarding I also set up a vacation reminder telling anyone who emailed me there to use my actual address and not to use the Google one.

But Google wasn’t done yet. They kept dropping stuff into my GMail account and not forwarding it. Comments on Google docs. Invitations. Administrative notices. IM logs that I most definitely did not want archived. These were all piling up silently in an account I never logged into.

Eventually, after I missed out on several messages from a volunteer offering to help with Growstuff, I got fed up and found out how to completely delete a GMail account. I did this few weeks ago.

Fast forward to last night, when my Internet connection flaked out right before I went to bed. I looked at all my disconnected, blank windows, shrugged, and crashed for the night. This morning, everything was better and all my apps set about reconnecting.

Except that Adium, the app I use for instant messaging, was asking me for the GTalk password for skud@infotrope.net. Weird, I thought, but I had the password saved in my keychain and resubmitted it. Adium, or more properly GTalk, didn’t like it. I tried a few more times, including resetting my app password (I use two-factor auth). No luck.

Eventually I found the problem. Via this Adium bug report I learned that a GMail account is required to use GTalk. Even if you don’t use (and have never used) your GMail address to login to it, and don’t give people a GMail address to add you as a contact.

So, my choices at this point are:

  1. Sign up again for GMail, continue to have an unused and unwanted email address exposed to the public, miss important messages, and risk security/privacy problems with archiving of stuff I don’t want archived; or,
  2. Set up Jabber/XMPP, which will take a fair amount of messing around (advice NOT wanted, I know what is involved), and which will only let me talk to friends who don’t use GMail/GTalk (a small minority); or,
  3. Not be available on IM.

For now I am going with option 3. If you are used to talking to me via IM at my skud@infotrope.net address, you can now contact me as follows.

IRC: I am Skud on irc.freenode.net and on some other specialist networks. On Freenode I habitually hang around on #growstuff and intermittently on other channels. Message me any time; if I’m not awake/online I’ll see it when I return.

Email: skud@infotrope.net as ever, or skud@growstuff.org for Growstuff and related work.

Social media: I’m on social media hiatus and won’t be using it to chat at length, but still check mentions/messages semi-regularly.

Text/SMS: If you have my number, you know where to find me.

Voice/video (including phone, Skype, etc): By arrangement. Email me if you want to set something up.

To my good friends who I used to chat to all the time and now won’t see around so much: please let me know if you use Jabber/XMPP and if so what your address is; if you do, then I’ll prioritise getting that set up.

[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • The Trans-Everything CEO | New York Magazine: [CW: This piece doesn't follow GLAAD's media recommendations for coverage of transgender issues; there's a lot of problematic stuff in this otherwise positive profile of a woman doing some fascinating and geeky things.] “But the highest-paid female CEO in America is not nearly as well known. She is Martine Rothblatt, the 59-year-old founder of United Therapeutics—a publicly traded, Silver Spring, Maryland–based pharmaceutical company—who made a previous fortune as a founder of Sirius radio, a field she entered as an attorney specializing in the law of space.”
  • Growing fantasy-game universe collides with entrenched boys’ club mentality | The Washington Post: “Longmore’s success, and the recent success of other female players, set off something of a crash course in diversity training for Magic players. It had to. The game isn’t just some extra-obscure corner of the offbeat nerd community anymore: It’s a $200 million-a-year industry with a fan base of 20 million and a growing pool of elite players who make their living from tournament prizes (which top out at about $40,000).”
  • The Business Case for Diversity in the Tech Industry | NYTimes.com: “The issue here was one of ignorance — the engineers and designers who created the YouTube app were all right-handed, and none had considered that some people may pick up their phones differently. It’s a small example, but a telling one. If Google’s designers couldn’t anticipate the needs of left-handed people with an all-right-handed product team, how could they anticipate the needs of women with a staff composed overwhelmingly of men?”
  • Facebook’s real name policy is a drag, and not just for the performers it outs | Comment is free | theguardian.com: “People will find a way to undermine identities they don’t approve of, and there will always be ways to write them off as insufficiently authoritative, ‘made up’ or ‘fake’. It’s not about bad behavior, or even about official sign-off. It’s just about making yourself the arbiter of someone else’s self.”
  • Why women don’t name names: Kirsten Gillibrand, Daniel Inouye and women’s calculus for survival | Salon.com: [CW: Sexual harassment] “And not all of them wear the typical mask of a villain. Some are progressives, even self-identified feminists. Men who don’t vote to strip women of control over their own bodies but who still feel entitlement to those bodies. So this is the face of harassment. The faces of the men you know, and the faces of the men you respect. How do we create space to talk about that? Maybe this is the larger conversation Gillibrand wanted to have when she chose not to name names.”
  • ‘Innocent Until Proven Guilty': Notes for the Peanut Gallery | satifice: “From what I understand, there are some people — in the apparent interest of seeming ‘reasonable’ and ‘neutral’ — who are insisting that in the Team Harpy legal case that our plaintiff should be considered ‘innocent until proven guilty’. There are a few things wrong with this framing.”
  • Recent Events Involving Brian Leiter | For Those Who Need To Know: [CW: Harassment, abuse.] “What follows recounts the basic facts about these episodes and provides links to relevant information. There have been several other such episodes over the last decade or so, some of which involved not philosophers but lawyers. But we do not have the energy to catalogue all of them, and we are not sure what purpose it would serve. What follows, we hope, is sufficiently illuminating.”
  • Why I’m not really here for Emma Watson’s feminism speech at the UN: “Here, she seems to suggest that the reason men aren’t involved in the fight for gender equality is that women simply haven’t invited them and, in fact, have been unwelcoming. Women haven’t given men a formal invitation, so they haven’t joined in. It’s not because, you know, men benefit HUGELY (socially, economically, politically, etc. infinity) from gender inequality and therefore have much less incentive to support its dismantling. It’s not because of the prevalence of misogyny the entire world over. It’s just that no one’s asked. OMG, why didn’t any of us think to ask?! This is an absurd thing to suggest. Women have been trying to get men to care about oppression of women since…always. Men have never been overwhelmingly interested in fighting that fight, because it requires them giving up power and all evidence suggests that’s not their super-fave thing. Share a link about gender equality? Sure! Count me in! Give up real power in real ways? Nope, not really.”
  • Building a Better Breast Pump | The Atlantic: “At the close of a hackathon held at the Massachusetts institute of Technology this weekend, tables were littered with the standard fare: empty coffee cups, LEDs, joysticks, and transistor parts. There were also scraps of fabric decorated with elephants, foam models of women’s breasts and flanges. Lots of flanges.”
  • Monstrous Women in Dragon Age: Desire Demons and Broodmothers | Gaming As Women: “In this essay, I’d like to talk about a very specific feature of Dragon Age: Origins:  the female monsters. Throughout the game, the player encounters humanoid enemies (such as bandits or soldiers) that are both male and female, with no significant differences between the two sexes.  The monstrous enemies in the game, on the other hand, follow a different course.”
  • ​Tentacle Alien Sex Card Game Isn’t As Perverted as You’d Think | Kotaku: [CW: Consensual sexual content, NSFW!] “It’s easier and safer to negotiate sexual practices (whether represented in cards or with your actual body) if you talk, obviously—but when we play games, we are often looking for more danger, surprise, and challenge. Which is great! We can explore stuff in the safety of games that I wouldn’t recommend doing during actual sex, obviously! The silent games had a variety of communication styles — most people were “communicating” (so to speak) just by looking each other in the eye, but there were several games where people were touching each other, or making dirty or suggestive gestures, etc. That’s all mentioned in the rules. It’s pretty much up to players to negotiate how to play.”
  • My free software will respect users or it will be bullshit | Matthew Garrett: “The four freedoms are only meaningful if they result in real-world benefits to the entire population, not a privileged minority. If your approach to releasing free software is merely to ensure that it has an approved license and throw it over the wall, you’re doing it wrong. We need to design software from the ground up in such a way that those freedoms provide immediate and real benefits to our users. Anything else is a failure.”
  • Four Interactions That Could Have Gone Better | Bridget Kromhout: “If you’re wondering why women don’t attend the conferences, unconferences, meetups, or hackathons you enjoy, or why you don’t seem to make meaningful professional connections with the ones who are there, maybe they’ve been having these conversations often enough that they’re tired of it, and would rather spend their time doing anything else at all.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

[syndicated profile] adulting_feed

Is your friend …

• Unemployed and searching for a job?
• Wanting to find the right someone but hasn’t?
• Trying to get pregnant and having a hard time with it?
• Waiting to hear back from that dream grad school program?

When the thing they have desperately been waiting for happens, they will tell you. Peppering them with questions and/or unsolicited advice on how they can better achieve this life goal is probably not what they’re looking for.

Instead, it’s just depressing to have to vocalize, again and again, that no, the thing they want has not yet happened, and then have to sit patiently while the other person tells them to keep their chin up, or that the right one is coming, or whatever.

It’s great to ask, more generally, how everything is with them. If they want to cry on your shoulder or share great news, they will. 

Make Mine Crafty

Sep. 30th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Oh, so you want your cake to look like this?

 

Nooo problem.

 

Thanks to Tish B. for proving, yet again, that a picture is worth a thousand facepalms.

 

*****

IMPORTANT ELEVEN O'CLOCK UPDATE:
(Because John was really bored.)

WE CAN GO DEEPER!

It's a picture of a picture of a picture of a cake on a cake.

 

*****

IMPORTANT UPDATE TO THE ELEVEN O'CLOCK UPDATE:

DEEPER!!!

It's a picture of picture of a picture of a picture of a cake on a cake.

 

*****

IMPORTANT UPDATE TO THE UPDATE TO THE ELEVEN O'CLOCK UPDATE:

MWUAHAHAHAHAHAAAA!!!

It's a picture of a picture of a picture of a picture of a cake on a cake on a cake!

 

IMPORTANT UPDATE ETC. 

CAKECEPTION!

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

 

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Apple has released updates to insulate Mac OS X systems from the dangerous “Shellshock” bug, a pervasive vulnerability that is already being exploited in active attacks.

osxPatches are available via Software Update, or from the following links for OS X Mavericks, Mountain Lion, and Lion.

After installing the updates, Mac users can check to see whether the flaw has been truly fixed by taking the following steps:

* Open Terminal, which you can find in the Applications folder (under the Utilities subfolder on Mavericks) or via Spotlight search.

* Execute this command:
bash –version [author's note: my WordPress install is combining these two dashes; it should read the word "bash" followed by a space, then two dashes, and the word "version"].

* The version after applying this update will be:

OS X Mavericks:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
OS X Mountain Lion:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12)
OS X Lion:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)

[syndicated profile] infotropism_feed

Posted by Skud

This is a post I made on Growstuff Talk to propose some initial steps towards interoperability for open food projects. If you have comments, probably best to make them on that post.


I wanted to post about some concepts from my past open data work which have been very much in my mind when working on Growstuff, but which I’m not sure I’ve ever expressed in a way that helps everyone understand their importance.

Just for background: from 2007-2011 I worked on Freebase, a massive general-purpose open data repository which was acquired by Google in 2010 and now forms part of their “Knowledge” area. While working at Google I also worked as a liaison between Google search/knowledge and the Wikimedia Foundation, and presented at a Wikimedia data summit where we proposed the first stages of what would become Wikidata — an entity-based data store for all of Wikimedia’s other projects.

Freebase and Wikidata are part of what is broadly known as the Semantic Web, which has to do with providing data and meaning via web technologies, using common data formats etc.


The Semantic Web movement has several different branches, ranging from the extremely abstract and academic, to the quite mundane and pragmatic. Some of the more common bits of Semantic Web technology you might have come across are microformats, for instance, which let you add semantic meaning to your HTML markup, for instance for defining the meanings of links to things like licenses or for marking up recipes on food blogs and the like. There is also Semantic Mediawiki which adds some semantic features on top of a wiki, to allow you to query for information in interesting ways; Practical Plants uses SMW and its search is based on this semantic data.

At the more academic end of the Semantic Web world are things like RDF which creates a directed graph of semantic data which can be queried via a language called SPARQL, and attempts to define data standards and ontologies for a wide range of purposes. These are generally heavyweight and mostly of interest to researchers, academics, etc, though some aspects of this work are starting to seep through into consumer technology.

This is all background, however. What I wanted to talk about was the single most important thing we learned while working on Freebase, which is this:

Entities must have unique identifiers.

Here’s what I mean. Let’s say you know three people all called Mary Smith. Then someone says, “It’s Mary Smith’s birthday today.” Which one are they referring to? You don’t know. In any system based around knowledge, you need to have some kind of unique ID for each entity to avoid ambiguity. So instead you might say, “Mary Smith, whose employee number is E453425″ or “Mary Smith, whose email address is mary@example.com”, or “Mary Smith, whose primary key in our database is 789″.

When working on our proposal for phase 1 of Wikidata, one of the things we realised is that the Wikimedia community — all the languages of Wikipedia, the Wikimedia Commons, etc — lacked unique identifiers for real-world entities. For instance, Barack Obama was http://en.wikipedia.org/wiki/Barack_Obama on English Wikipedia and http://de.wikipedia.org/wiki/Barack_Obama on German Wikipedia and http://commons.wikimedia.org/wiki/Barack_Obama on Wikimedia Commons and http://en.wikinews.org/wiki/Category:Barack_Obama on Wikinews, but none of these was his definitive identifier.

Meanwhile, interwiki links — the links between English and German and French and Swahili and Korean wikipedias — were maintained by hand (or, actually, by a bot) that had to update every wikipedia whenever a page was added or changed on any of them. This was a combinatoric exercise: with 2 wikis, there are two links (A -> B and B <- A). With 5 wikis there are (4 + 3 + 2 + 1) * 2 links. With N wikis, there are N * (N-1) links, or to put it another way, 50 wikis would mean 2450 links between them. This was wildly inefficient to maintain!

Wikidata’s “phase 1″ was to create an entity store for Wikimedia projects, where each concept or entity — “Barack Obama” or “semantic web” or “tomato” — would have a central identity which could be linked to. Then, each Wikimedia project could say “This page describes entity XYZ”, or conversely Wikidata could say “this entity is described on these pages”, and suddenly the work of the interwiki bot became much easier: it meant that each new wiki added would only mean one new link, not an exponentially-expanding web of links.

We are in a similar position with open food data at present. There are dozens of open source food projects and that list doesn’t even touch on the ones that are more connected to recipes/eating/nutrition. We’re talking about how to interoperate between our various projects, but the key to interoperability is entity identification. If someone wants to mash up Growstuff’s harvest data with Openrecipes recipe search or the US FDA’s nutrition data, they need to know that Growstuff’s tomato is the same as the tomato you use in spaghetti sauce or the tomato that contains some percent of your RDA of potassium.

So how do we do this? None of our projects are sufficiently established, mature, or complete to claim the right to be the central ID repository. Apart from that, many of us have different focuses — edible plants, all types of plants, all types of living things, and all types of food (including non-animal/non-plant food) are some of the scopes I can mention offhand. Even the wide-ranging species databases like the Encyclopedia of Life don’t capture such information as crop varieties (eg. roma tomato, habanero pepper) that are important to veggie gardeners like Growstuff’s members.

Here’s what I would propose as an interim measure.

All open food projects need to link their major entities (eg. “crops” in Growstuff’s case) to one or more large, open, API-accessible data stores.

Examples of these include:

  • Wikipedia (any language, but English has the most articles)
  • Wikidata
  • Freebase
  • Encyclopedia of Life

By doing this, we can match data between projects. For instance, if Growstuff’s “tomato” links to the same entity as OpenFarm’s “tomato” and OpenFoodNetwork’s “tomato” and OpenRecipes’ “tomato” then we can reasonably assume they’re all talking about the same thing.

Also, some of the above data sources provide APIs which allow us to pivot easily between data sets. For instance, Freebase’s query language allows you to ask questions like “given an entity that is identified as ‘tomato’ on English Wikipedia, what is its identify on the Encyclopedia of Life?”

To see this in action, paste the following query into Freebase’s interactive query editor:

    [{
      "a:key": [{
        "namespace": "/wikipedia/en",
        "value": "Tomato"
      }],
      "b:key": [{
        "namespace": "/biology/eol",
        "value": null
      }]    
    }]

As you’ll see, the result is “392557” or to put it another way http://eol.org/pages/392557 — the EOL page on tomatoes.

From day 1, Growstuff has been tracking Wikipedia links for all our crops, to enable this sort of query against Freebase and so easily pivot to other data sets that Freebase knows about. If other projects take similar steps, this means that we are well on our way toward interoperability.

(As an aside, this is why we’re also having this other discussion about what to do about crop varieties that don’t have their own Wikipedia page, as this messes up the 1-to-1 relationship between Wikipedia entities and Growstuff entities. This may be something we just have to deal with, however, as no external data set will exactly match ours.)

Next steps

  1. I strongly encourage all open food projects to link their “crops” or similar entities to one or more major, open-licensed, API-accessible data source (ideally one which has its keys in Freebase).
  2. We should all expose these links via our APIs, data dumps, or whatever other mechanisms we use to make our open data available.
  3. Developers should be able to request data from our APIs based on these identifiers, either through query parameters or through REST API resources like eg. /crops/eol/392557.json
  4. We should use semantic markup/links to denote this entity equivalence on our webpages, eg. if Growstuff links to a Practical Plants page on the same crop, there should be a standard way to say “we consider these pages to refer to the same entity”. I’m not sure exactly what this is, yet, but if we do this it will benefit web crawlers, search engines, and other non-API consumers of our websites.
  5. We should look into developing a microformat for expressing crop information on a webpage, in collaboration with microformats.org. I expect, however, that it will be very hard to develop a workable ontology, since (for instance) some of our projects are interested in planting information and some aren’t, some are interested in sale and distribution and others aren’t, some are dealing with non-edible plants and others aren’t, etc. It may have to be as simple as “this is a crop and here are the names we have for it”.
  6. It would be great to put together some kind of visualisation like the linked open data cloud to show which open food projects are providing interoperable identities and how they connect to each other.

I’d like to get buy-in from other open food data projects on at least the general idea of matching our “crop” entities (whatever we call them) against some of the big databases. Who’s in?

Two frogs in a bowl of cream

Sep. 30th, 2014 01:16 am
[syndicated profile] infotropism_feed

Posted by Skud

A story I got from someone who says she got it from an older Dutch woman. I wouldn’t mention the Dutch woman thing except that this story just seems so Dutch to me. Anyway.

Two frogs fell into a bowl of cream. They swam and swam trying to get out, round and around in the cream, for hours.

Eventually one frog gave up, stopped swimming, and drowned.

The other frog kept swimming, refusing to give up. Finally the frog’s activity, splashing around in the cream, turned it to butter. It became solid in the bowl, and the frog was able to climb out.

The moral, I’m told, is that sometimes if you just keep kicking things will magically solidify under you and you’re can step up out of the trouble and move on. Also, apparently I’m frog #2. Trust me when I say it’s exhausting.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

“Please note that [COMPANY NAME] takes the security of your personal data very seriously.” If you’ve been on the Internet for any length of time, chances are very good that you’ve received at least one breach notification email or letter that includes some version of this obligatory line. But as far as lines go, this one is about as convincing as the classic break-up line, “It’s not you, it’s me.”

coxletter

I was reminded of the sheer emptiness of this corporate breach-speak approximately two weeks ago, after receiving a snail mail letter from my Internet service provider — Cox Communications. In its letter, the company explained:

“On or about Aug. 13, 2014, “we learned that one of our customer service representatives had her account credentials compromised by an unknown individual. This incident allowed the unauthorized person to view personal information associated with a small number of Cox accounts. The information which could have been viewed included your name, address, email address, your Secret Question/Answer, PIN and in some cases, the last four digits only of your Social Security number or drivers’ license number.”

The letter ended with the textbook offer of free credit monitoring services (through Experian, no less), and the obligatory “Please note that Cox takes the security of your personal data very seriously.” But I wondered how seriously they really take it. So, I called the number on the back of the letter, and was directed to Stephen Boggs, director of public affairs at Cox.

Boggs said that the trouble started after a female customer account representative was “socially engineered” or tricked into giving away her account credentials to a caller posing as a Cox tech support staffer. Boggs informed me that I was one of just 52 customers whose information the attacker(s) looked up after hijacking the customer service rep’s account.

The nature of the attack described by Boggs suggested two things: 1) That the login page that Cox employees use to access customer information is available on the larger Internet (i.e., it is not an internal-only application); and that 2) the customer support representative was able to access that public portal with nothing more than a username and a password.

Boggs either did not want to answer or did not know the answer to my main question: Were Cox customer support employees required to use multi-factor or two-factor authentication to access their accounts? Boggs promised to call back with an definitive response. To Cox’s credit, he did call back a few hours later, and confirmed my suspicions.

“We do use multifactor authentication in various cases,” Boggs said. “However, in this situation there was not two-factor authentication. We are taking steps based on our investigation to close this gap, as well as to conduct re-training of our customer service representatives to close that loop as well.”

This sad state of affairs is likely the same across multiple companies that claim to be protecting your personal and financial data. In my opinion, any company — particularly one in the ISP business — that isn’t using more than a username and a password to protect their customers’ personal information should be publicly shamed.

Unfortunately, most companies will not proactively take steps to safeguard this information until they are forced to do so — usually in response to a data breach.  Barring any pressure from Congress to find proactive ways to avoid breaches like this one, companies will continue to guarantee the security and privacy of their customers’ records, one breach at a time.

"Something Funny, I Guess?"

Sep. 29th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

You'll never guess what Beth ordered for her daughter's birthday party!

Or, ok, maybe you will.

 

Ah, but can you decipher the exact words used in this phone call?

Nailed it.

Hey, you're good at this!

 

Now, how well can you follow directions?

Nice to know Jackie keeps herself centered.

 

Marissa's boss was leaving on a trip, so she wanted to get a cake that said, "So................" as an inside joke. She specified that there should be 18 dots, so...

Good luck with that, Marissa.

(I like how the baker spontaneously switched to cursive for just the letter R.)

(Also, "Fallowing?" You ever wonder what these bakers THINK they're writing?)

 

And finally, you guys will never guess where the baker is going with this one!

 

Now with bonus color commentary on today's post: the cast of Hogan's Heros, everybody!

Thanks, guys.

 

And thanks to Beth M., Jenny S., Sky C., Marissa, & Robert F. for addressing the problem.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Talk Prep: Grids and Concertinas

Sep. 29th, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

This year, I prepped one talk. Next year, I feel more confident and plan to prep 3 (working titles: Mobile is a Systems Problem, The Myth of The Intersection of Energy, Creativity, and Time, and a Series of Unfortunate Statistics).

This year’s talk – Distractedly Intimate – has been given in timeframes ranging from 20 minutes to 45 minutes. And though I tweak and personalise it each time (especially when it was the final talk of the conference!) it has remained substantially the same.

That is because it is built on a grid.

Screen Shot 2014-09-29 at 9.26.07 am

This means that there are different adjustments that can be made. E.g. including a section – Application is for longer talks only.

Cutting points, so if I wanted to cut to 15 minutes I might remove a point from each section.

Shortening stories. The close contains a video, which is nice because it gives me a short break and I can come back for a strong finish, but the difference between 25 and 20 minutes is removing the video, and cutting some details of the stories in sections 1, 2 and 3.

The above is the maximum time example – in this case, 40 minutes.

25 minutes is as follows:

25 min

20 minutes:

20 min

15 minutes:

15 min

One thing to keep in mind is having the right amount of content for the time. I hate those talks where I feel like someone talked for 40 minutes and only made 2 real points, and I never want to give one. But I also hate it when the presenter tries to pack too much in and loses the audience because they’ve missed out key things, or the content is too complicated for the timeframe.

I don’t think this talk is really suited for the 15 minute version, so I probably wouldn’t give it in that time. I think the base content is right for 20 minutes, and so every longer session I should increase the information content. My favourite version is the 25 minute version, because I love the video and the time frame is less tight. 40 minutes is a long time to listen to anyone, which is why I mix it up a bit and take a different approach to add that extra ~10 minutes of content and focus on application, rather than ideas (this section gets the least laughs, but I hope people find it useful!)

This approach might seem overly structured, but the purpose of each point is to have a takeaway, and weave a story around it. So, the grid is the concept which in one transformation becomes the (heavily visual) slide deck, and in another transformation it’s the structure I weave my narrative around. I don’t need a slide for each point, but I do need slides (because video!) and I think showing my twitter handle on each slide encourages the audience to tweet about it so I create one for each item in the grid, and it works for me.

There are few things more impressive to me than an excellent presentation, without slides, but often I find speakers without slides become a little unstructured and lose their way. For me the change of slide says “here is a new point” which audience member, or speaker, I appreciate, and I’ll keep them for longer talks – for now.

Preparing one talk, really well, and delivering it multiple times (being careful about not to the same people!) has been great for building my confidence, and has made the investment of time in creating the talk much more worthwhile. Now each conference is 1-2 hours of prep time, rather than 20+. This makes the 5 I will speak at between September and November much more manageable.

This Week

Sep. 29th, 2014 12:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

Click to view slideshow.

Life

Last week in London so rushing around catching up with people, felt like I spent the week running around but not really achieving very much. Went for lunch at Facebook (fab) and had some good meetings. Spent an evening in Brighton, and ventured out to suburbia for a Science Extravaganza on behalf of Stemettes, which was pretty cool. Then spent the weekend in Plymouth, because I was speaking at DigPen [tweets from my talk here]. The conference was amazing, I had a great time and met some wonderful people. And Plymouth is very pretty! It was nice to be by the sea.

Work

All over, or just beginning, depending on how you look at it! I’m no longer employed by Google. Pretty excited about what’s next :)

Media

Finishing The Profitable Side Project, finished A Girl Like You (got a bit more into it, not a great portrayal of women though), read Shades of Milk and Honey (finally! Birthday gift. It was different, nice escapism), From Notting Hill with Love… Actually (just… irritatingly unrealistic), now reading Going Home (really like this).

Re-watching How I Met Your Mother.

Product links Amazon.

Places

Stayed at the Gallery Guesthouse in Plymouth, which is nice, ate at The Roundabout, and the Pasta Bar.

In London, went to the Secret Thai Restaurant (so cute), followed by desert at the Troubador, breakfast at Bill’s and Cafe Phillies, lunch at Lantana (tasty), afternoon tea at Candella, dinner at Da Mario.

Published

On The Internet

[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • You don’t know what you don’t know: How our unconscious minds undermine the workplace | Official Google Blog (September 25): Google runs research and analytics to try and combat unconscious bias that excludes minorities. “we need to help people identify and understand their biases so that they can start to combat them. So we developed a workshop, Unconscious Bias @ Work, in which more than 26,000 Googlers have taken part. And it’s made an impact: Participants were significantly more aware, had greater understanding, and were more motivated to overcome bias.”
  • Building a better and more diverse community | Blog – Hacker School (September 25): “The short: We now have need-based living expense grants for black and non-white Latino/a and Hispanic people, as well as people from many other groups traditionally underrepresented in programming. Etsy, Juniper, Perka, Stripe, Betaworks, and Fog Creek have partnered with us to fund the grants, and help make the demographics of Hacker School better reflect those of the US. Hacker School remains free for everyone.”
  • Science Has A Thomas Jefferson Problem… | Isis the Scientist… (September 19): “A large portion of the attacks against scientists are perpetrated by someone the victim knew, but many women in general know their attackers. So, at the crux of the stunning and shocking and eye opening is something that I find more insidious – it is the belief that science is somehow different than society at large.”
  • Read The Nasty Comments Women In Science Deal With Daily | The Huffington Post (September 25): [CW: Sexist and harassing language] “Curious to learn more about sexism in science, HuffPost Science reached out to women on the secret-sharing app Whisper. We asked whether anyone had ever said or done anything to discourage their interest in science–and, as you can see below, we were flooded with responses.”
  • Book Challenges Suppress Diversity | Diversity in YA (September 18): “It’s clear to me that books that fall outside the white, straight, abled mainstream are challenged more often than books that do not destabilize the status quo.”
  • Technology Isn’t Designed to Fit Women | Motherboard (September 12): “In some cases, making devices smaller necessarily requires waiting for further technological advancements; just think of how smartphones shrunk through the years as the tech was refined (before phablets took them in the other direction). But especially when it comes to devices that are implanted in the body, this has a disproportionate impact on people of smaller stature—which means women are more likely to be left behind.”
  • Building a Better Breast Pump | The Atlantic (September 25): “Until women have better support for breast-feeding, whether that manifests as paid maternity leave, safe and convenient places for pumping, or better access to lactation specialists, breast pumps aren’t likely to go the way of the Fitbit.”
  • Hope-less at Hope X | missbananabiker.com (September 18): “What Edward Snowden, Glenn Greenwald and Laura Poitras made possible, a couple of knuckleheads made impossible. The courage that Snowden has shown, the determination Poitras has shown, the persistence Greenwald has displayed — all these things made it possible for a woman who mostly doesn’t leave the house to … well, leave the house. I thought, for the first time in years, maybe this is a fight I should be fighting alongside the others.”
  • Goodbye, Ello: Privacy, Safety, and Why Ello Makes Me More Vulnerable to My Abusers and Harassers | Not Your Ex/Rotic (September 23): “Because the people I most want to avoid know my aliases. They are friends with people I know on Ello. They might already be on Ello (I’d be surprised if they weren’t) and are totally open to following me, reading me, tagging me, commenting on my posts. Hell, they can even find me through our mutual friends – any mutual activity pops up on their Friends feed.And, by the way Ello is currently set up, there is nothing I can do about it.”
  • The Victim, The Comforter, The Guy’s Girl… | Matter | Medium (September 23): “I’ve come to notice more and more how working within the particular masculine sexism of the tech industry has nudged the way I present myself, just a little. I’ve noticed how, very slowly, I’ve started to acquiesce into playing roles that get assigned to me. I’ve noticed how I disappear behind these masks.”
  • Apple Promised an Expansive Health App So Why Can’t I Track Menstruation? | The Verge (September 25): “Apple’s HealthKit can help you keep track of your blood alcohol content. If you’re still growing, it’ll track your height. And if you have an inhaler, it’ll help you track how often you use it. You can even use it to input your sodium intake, because “with Health, you can monitor all of your metrics that you’re most interested in,” said Apple Software executive Craig Federighi back in June. And yet, of all the crazy stuff you can do with the Health app, Apple somehow managed to omit a woman’s menstrual cycle.”
  • Why can’t you track periods in Apple’s Health app? | ntlk’s blog (September 26): “So why isn’t cycle tracking present in the Health app? I don’t know, but the only valid reason I can think of is that it didn’t occur to anyone to include it.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Sunday Sweets: It's Fall, Y'all!

Sep. 28th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

The weather down here in Florida may not have gotten the memo yet, but fall is officially upon us. So let's celebrate!

(By McGreevy Cakes)

Pumpkins, pumpkins, everywhere - and this time I'm not complaining! Love the raffia border between the two tiers, and check out that gorgeous hand-painted scene.

 

In addition to my favorite color (orange!), fall is all about rich shades of bronze, gold, and - oh yeah - CHOCOLATE:

(By Bellaria Cakes Design)

Mmmm. That acorn & leaves bundle is too perfect. Who needs flowers?

 

In fact, I like how fall puts all the changing leaves at center stage:

(By Jacques Fine European Pastries)

Stunning.

 

But really, we're gonna need some more pumpkins in here.

(By Palermo's Custom Cakes)

Muuuch better.

Really digging this design, although that lace pattern has me stumped. I'm guessing it's airbrushed on over a stencil? Could also be an edible image, though. Anyone know for sure?

 

Here's a delicate modern number - or does it feel more vintage?

(By Ligia De Santis)

The hand painted design looks like fine antique china; and I like the two little leaves as an understated accent.

 

Now this next one is definitely modern, and I like it.

(By AP Signature Cakes)

Ooooh. Dark chocolate with red and white accents just became my new favorite color combo.

 

Then again, this snow-white number is down right heavenly:

(By Cake Central user GrandMomOf1)

Perfect for autumn weddings!

 

Remember when I said, "Who needs flowers?" Well, as it turns out, I do:

(By Flutterby Bakery)

I NEED THESE FLOWERS.

I want to stare at them all day and make soft cooing noises.

 

And finally, a Sweet so quintessentially fall it makes me want to pack up my sweaters and move north:

(By Nice Icing)

Kicking through leaf piles! C'mon, it doesn't get more fall than that.

I'm so impressed with the little girl sculpt; the leaves on her skirt & boot really do seem to be levitating. And look at those adorable little bushes & toadstools on the bottom! And the fox! Ah! SO GOOD.

 

Hope you enjoyed your Sweets today, everyone! Happy Sunday!

Be sure to check out our Sunday Sweets Directory to see which bakers in your area have been featured here on Sweets!

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] epbot_feed

Posted by Jen

Time to dive back into Dragon Con cosplay, 'cuz there's still SO MUCH to see!

Let's start with my dear friends Robyn & Christie, who once again blew me away with new costumes this year:

 Fire & Ice Dragons!


 
Robyn as the Ice Dragon.

The sisters made everything themselves, but it's those elaborate headpieces that really steal the show:
 
The wire armatures outline dragon heads! WOW.

(I so want to make a giant feather headdress now, you guys.)

I later learned they also made elaborate - not to mention stunning - back spines that trail all the way to the floor, so I'm bummed I didn't get a shot from the back. I talked Christie into posting build photos, though, so head over to their Facebook page for more pics and to see how they did it all. (Christie's armor is made of individually cut scales of craft foam!)

Moving on, another gorgeous pair:

 Elphaba & Glinda from Wicked!

Belle, Meg, and Lilo:

 And I just realized Westley/The Dread Pirate Roberts is wearing a vial of Iocane powder. LOVE. (He's the Cary Elwes look-alike from my last post.)

You see a lot of "only at Dragon Con" stuff at DC, but I thought this group was especially perfect:

Yep. That's Dragon Con.

And a close up of one of the Borg:



I was thrilled to find this: Karen Hallions' famous Haunted Mansion Leia!

 She asked me to help with the pose, but I think she nailed it on her own.

 This steampunk Wizard of Oz group is perfect. PERFECT, I SAY:

I especially love the Tin Man's design; his metal heart had a rotating light feature in it. Also check out Dorothy's little Toto & sparkly boots, and the Cowardly Lion's Courage medal!

Oh, and Glinda's staff blew bubbles! You can see some here in a later shot:


Harrison from Volpin Props in his "Marriott Chariot":

You probably remember, but I posted a group shot of the Marriot carpet ninjas earlier.

If you love amazing prop builds, btw, check out Harrison's site. His Skyrim armor is the stuff of legends.

Oh! Speaking of armor:

Awesome.

Anyone remember the live-action show of The Tick?

Captain Liberty & Bat Manuel! YES!!

I'm having a terrible time finding a clear reference shot, but here's a general idea:

Those two are so spot-on, it's scary. They even look like the actors!

Lady Skeletor:


 Here's a dapper twist on Jack & Sally from Nightmare Before Christmas:

 Plus a great Doctor Doom.

I was in costume myself Saturday night, and this is my second favorite shot of the night:

 My vision is so limited in the helmet that I had NO IDEA who I was posing with until afterward. Ha!

There were two or three truly amazing kid costumes at DC this year, and this Doc Oc was one of them:

It was hard to get close to him, but my dad - who loves costume hunting as much as I do, and was often right beside me taking his own pics - got a fantastic shot:


In fact, while I'm at it, here are two more of Dad's, of cosplays I missed:

MINE?
(I love how everyone's headgear is different!)

And an absolutely stunning Maleficent:

You can see the rest of my Dad's Dragon Con photos here on Flickr.

K, back to my stuff! A great Borderlands group:


And I'm not sure of the character, but this girl's giant keyboard had fun color-changing lights underneath:

(Aha! Per the comments, she's Arcade Sona from League of Legends. Here's a reference:)



Not sure this counts as cosplay, exactly, but this lady had her own Mobile Virtual Presence Device, like Sheldon's from the Big Bang Theory!

If you're not familiar, it's basically a web cam on wheels that she was operating remotely - I assume from her hotel room. The device DID have a handler walking beside it for protection, but how cool is this for folks who don't want to brave the crowds in person?

Here's a classic:
Blue Screen Of Death!! ha!

 I've seen some impressive Homestuck cosplay before, but this is my new favorite:

It's a Homestuck Star Wars mashup! So, so good.

(Homestuck trolls have gray skin and orange horns. If you go to any conventions, you've probably seen the cosplay, even if you didn't know what it was.)

And another great mashup:

Iron Man Totoro!

I featured this Totoro last year, I believe, and his makers told me they planned to make different costumes for him to wear each year. I LOVE this idea; like Totoro is cosplaying, too!

One of the Iron Man armor variations:

And a spookily-lit Splicer from BioShock:


Splicers come in all different outfits, but here's a general reference shot:

My gosh that game is scary. 

(I still haven't made it all the way through the first BioShock; I chicken out when the lights go out on that second floor hallway. [shudder] For some reason I didn't find BioShock 2 as bad, though.)

A terrible shot, but this is a lovely Doctor Crusher doppelgänger!


And more loveliness: an Athenian warrior:


And... Jean Gray? I think?

Scratch that; she's Black Widow. Thanks, commenters!

Ok, THIS one I know:

Uncle Fester!


Emma Frost has a diamond form, so this cosplayer is kind of mid-transformation:

Spaaaarkly.

I'm not sure what to call this style of Anna & Elsa, but it's vaguely Moulin Rouge-ish, and completely gorgeous:

Check out Elsa's levitating snowflakes! I assume there's a wire wrapped around her finger - simple, but oh so impressive for pics.

I loved this Effie Trinket from Hunger Games so much I had a little fun with her photo:

If you look verrrry closely, you can see there are even butterfly shapes in her eyelashes.

And here's Effie from the movie, for comparison:


The attention to detail is amazing; she even has the little butterflies glued to her arm, and the same yellow blush!


I'm going to end there, since John tells me I've spent more time and effort on this post than I have an entire week's worth of Cake Wrecks post. Heh. I do hope you guys are ok with me dragging out my Dragon Con coverage like this. Truth is, every year I feel so rushed to get all my photos posted that I think we both miss out. This way, I can take my time, play with photo editing as much as I like, and you guys get an extended DC visit, broken up over a longer time period.

Of course, I take so many photos at DC each year that I just realized I could easily post a different costume every day for a year. Hm... now THERE's an idea... for a different blog... when I have unlimited time. Ha!

Hope you guys are having a great weekend!

Signature Systems Breach Expands

Sep. 26th, 2014 03:35 pm
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Signature Systems Inc., the point-of-sale vendor blamed for a credit and debit card breach involving some 216 Jimmy John’s sandwich shop locations, now says the breach also may have jeopardized customer card numbers at nearly 100 other independent restaurants across the country that use its products.

pdqEarlier this week, Champaign, Ill.-based Jimmy John’s confirmed suspicions first raised by this author on July 31, 2014: That hackers had installed card-stealing malware on cash registers at some of its store locations. Jimmy John’s said the intrusion — which lasted from June 16, 2014 to Sept. 5, 2014 — occurred when hackers compromised the username and password needed to remotely administer point-of-sale systems at 216 stores.

Those point-of-sale systems were produced by Newtown, Pa., based payment vendor Signature Systems. In a statement issued in the last 24 hours, Signature Systems released more information about the break-in, as well as a list of nearly 100 other stores — mostly small mom-and-pop eateries and pizza shops — that were compromised in the same attack.

“We have determined that an unauthorized person gained access to a user name and password that Signature Systems used to remotely access POS systems,” the company wrote. “The unauthorized person used that access to install malware designed to capture payment card data from cards that were swiped through terminals in certain restaurants. The malware was capable of capturing the cardholder’s name, card number, expiration date, and verification code from the magnetic stripe of the card.”

Meanwhile, there are questions about whether Signature’s core product — PDQ POS — met even the most basic security requirements set forth by the PCI Security Standards Council for point-of-sale payment systems. According to the council’s records, PDQ POS was not approved for new installations after Oct. 28, 2013. As a result, any Jimmy John’s stores and other affected restaurants that installed PDQ’s product after the Oct. 28, 2013 sunset date could be facing fines and other penalties.

This snapshot from the PCI Council shows that PDQ POS was not approved for new installations after Oct. 28, 2013.

This snapshot from the PCI Council shows that PDQ POS was not approved for new installations after Oct. 28, 2013.

What’s more, the company that performed the security audit on PDQ — a now-defunct firm called Chief Security Officers — appears to be the only qualified security assessment firm to have had their certification authority revoked (PDF) by the PCI Security Standards Council.

In response to inquiry from KrebsOnSecurity, Jimmy John’s noted that of the 216 impacted stores, 13 were opened after October 28, 2013.

“We understood, from our point of sale technology vendor, that payment systems installed in those stores, as with all locations, were PCI compliant,” Jimmy Johns said in a statement. “We are working independently, and moving as quickly as possible, to install PCI compliant stand-alone payment terminals in those 13 stores.  This is being overseen by Jimmy John’s director of information technology, who will confirm completion of this work directly with each location.  As part of our broader response to the security incident, action has already been taken in those 13 stores, as well as the other impacted locations, to remove malware, and to install and assure the use of dual-factor authentication for remote access and encrypted swipe technology for store purchases.  In addition, the systems used in all of our stores are scanned every day for malware.”

For its part, Signature Systems says it has been developing a new payment application that features card readers that utilize point-to-point encryption capable of blocking point-of-sale malware.

8 Cake Love Notes Gone Wrong

Sep. 26th, 2014 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

It's National Love Note Day, but don't be boring and write an actual note; order a cake, instead!

Bakers are standing by to tell your sweetheart how you really feel, using one of these convenient, pre-selected designs!

Just choose from:

The Boxer:

Don't forget the wine to go with all that cheese!

 

The Pictionary:

(Sorry, Carol can't draw sheep.)

 

The Shining:

All work and no cake decorating makes Jack a dull boy!

 

The Foreshadowing:

o.0

 

The Hidden Message:

If only that heart was upside down. IF ONLY.

 

The "Keeping It Casual":

Or, since I see no comma, The "Keeping It Cannibal!"
BahahahaaaaEW.

 

The "Kenya West":

"Now THAT'S lov..." [mic snatched out of hand]

"Imma let you finish, but 'Kenya' is one of the best Kanye misspellings of all time."

 

And finally, our best seller!

The Silver Lining:

 

Thanks to Rebecca C., Beth P., Mary R., Andrew B., Kelsey B., Lisa D., Heather R., & Shaunna R. for hitting all the wrong notes.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

#iOSDevUK: Hacking Health

Sep. 26th, 2014 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

most common chronic conditions

Credit: Centers for Disease Control and Prevention

My notes from the talk Emily gave at iOSDevUK.

What are health apps?

  • Step counters
  • Fitness trackers
  • Diabetes apps
  • Heart rate monitors
  • Bluetooth enabled medical devices

Apple and Google have decided this is where the future is. Gone in. Apple, Healthkit. Google, GFit. Standardized APIs getting information with defined types, centralised storage. Enables gathering data from a range of different sources, don’t need to connect with a billion different APIs. Fine grained permissioning – user is in control.

If user says no, can no longer see that information is even there. E.g. if you know blood sugar is being stored, even if can’t see it, can infer things.

Parkinsons App:

  • Insight into effects of personal choices.
  • Better understanding of redactions to medications.
  • Ease of sharing information with care circle.
  • More accurate information provided to medical practitioners.

Parkinsons – sleep and eat has tremendous effect. Give people information on this, also give them control over the life. Insight into reactions to medications.

Parkinsons patients see consultants for 10 minutes every 6-8 months. Have to provide ALL information, and practitioner has to provide information. Done using a questionnaire. Incredibly difficult thing for users/patients to be able to remember. Influenced by their mood when they fill it in. Helping people see on average every day, able to use that 10 minute slot far better.

App:

  • Enter and alert on medication schedule.
  • Track adherence.
  • Track lifestyle factors, mood, diet, fitness etc.
  • Measuring severity of symptoms (e.g. use gyroscope to measure tremor, compare before and after).
  • Track side effects.
  • Allow correlation between lifestyle choices and presentation of condition.

Issues:

  • Ethical
  • Legal
  • Technical

Do no harm. Hippocratic oath. We are devs not doctors, probably not going to do harm, but have a duty to our users that our app don’t cause them to do something that will cause them harm.

Patients vulnerable. Can make decisions based on what you show. E.g. diabetics and blood sugar.

E.g.:

  • Self diagnosis app:
    • Misdiagnosis.
    • Delay in seeking proper medical advice.
    • Self medication problems:
      • Unknown interactions.
      • Unwanted side effects.

Pay attention to potential harm. Think very carefully about design.

Respect:

  • Your users are more than their condition.
  • Think about people rather than patients.
  • Use language carefully.
  • Think about how you word and time notifications (e.g. if giving a presentation from mobile, what if interrupted? Allow to turn off).

Consent:

  • People want to protect their personal medical information.
  • Informed consent around data sharing and collection.
  • Opt in, not opt out (granular control).
  • HealthKit and GFit permissioning.
  • If not prepared to tell people what you’re exactly doing with their data, think about what you are doing.

Stats are hard:

  • Be careful if use stats to tell people how safe it is.
  • People are often scared by statistics.

Transparency and Honesty:

  • Users will not share data with you unless they trust you with it.
  • Expose your ethics, standards and decision making process.
  • Warrant Canary – libraries in the US used to put a sign in the window, saying “FBI has not been here to raid information”. If removed, it’s a sign to indicate, even when they couldn’t tell people that they had been raided by the FBI.
    • rsync.net – first company to use things.

“When you start to gather and store information about a person that they would normally only share with their closest family and medical carers, you have a responsibility to that person to care about what happens to that data. If you do not care, in my opinion, you have no business working with private, personal medical information.” ~Emily

Legal Stuff

The diagnosis Line (what is and isn’t diagnosis).

  • Example: 23 and Me
    • Sent back statistical likelihood about genes you are carrying.
    • People don’t understand stats, were interpreting as a diagnosis.
    • Rebranded as genetic detection service (gave people analysis, no conclusions).
  • If taking data, analysing it, presenting conclusions, can be interpreted as diagnosis. This may need to be regulated.
  • US and Europe have different rules.
  • Best to present information, allow users to draw conclusions themselves.

Data protection app:

  • Only collect what you need.
  • Keep it secure.
  • Ensure relevant and up to date.
  • Only hold as much as you need for as long as you need.
  • Allow the subject of the information to see it on request.
  • Fair processing: ensure it is handled in ways that are transparent and that they would reasonably expect.
  • Do not transfer outside of the EEA unless compliance is ensured.

HL7 and HIPPA

  • Standard for sharing health data and US version.
  • International standards for interoperability of health information technology.
  • HealthKit does not conform to HL7 but does to HIPAA.

Don’t overlook data. Don’t lose anything.

Technological

Secure storage:

  • Disk encryption.
  • Public key infrastructure.
  • IP security.
  • Data masking.
  • Data erasure.

Apple doesn’t seem to have published how they are storing.

Not just about how you’re storing but also about your process. If only need to bribe one person, then your data is not secure.

Pseudonymisation:

  • Huge topic.
  • Ensuring individuals are statistically hard to identify from data.
  • Separating out PII from other information:
    • Different servers, databases.
  • Why should they not be identifiable:
    • E.g. Cancer patients data leak. Sold onto a research company, contained contact data and occupations. Patients were contacted directly, and asked intrusive questions.
  • Who is accessing your data and what do they need?
    • E.g. Insurance company. If could recognise people, might give them higher premiums because of things like not taking medication on time.

A11y:

  • Good practise.
  • Think about who your audience is.
    • e.g. Parkinsons, tremors.
  • Coordination symptoms.
  • Medication side effects.

Miscalibration:

  • E.g. Therac-25
    • Radiation machine. One high powered beam used with something else, other low.
    • 6 accidents resulted in 6 patients being given 100x intended dose.
    • Caused by a race condition caused by a byte counter overflow in the calibration.
    • Poor calibration could cause a lot of harm – giving people bad information about their medical state.
  • Check and double check calibration.
  • Publish your algorithms.

Localisation – conversions:

  • HealthKit and GFit provide APIs for this.
  • Even NSA get this wrong:
    • E.g. Mars client auditor.
  • Language.
    •  American Airlines. “Fly in leather” campaign, became “Fly Naked”
    • Dairy association. “Got milk?” became “Are you lactating?”
    • Pepsi. “Pepsi will bring your ancestors back from the dead”

Data provenance:

  • Where does data come from, and can it be trusted?
    • Important both for data you use and data you provide.
    • Especially if selling on to research organisations.
  • How accurate is it?
  • How could inaccuracy hurt my users?
  • Impact of HealthKit and GFit. You do not know where that data is coming from.

Why Bother?

Common causes of death. If could make apps to make these people to live more fulfilling lives, or prevent them from getting that condition in the first place.

Most common chronic conditions: high blood pressure. Altzimers. Could improve lives,

  • Improve lives, maybe even save a few.
  • Empower people.
  • Improve quality of care.
  • Provide data to help solve.
[syndicated profile] epbot_feed

Posted by Jen

New project time!

I figure John and I are far enough along now to - knock on wood - avoid the Epbot curse. (That's the one where I doom a project by mentioning it here before it's finished. :))

This will be more of a build walk-through than a tutorial, though I'm happy to answer any questions I can. It's one of the most complex things John and I have ever tackled, which is funny, considering it looks pretty simple:

 Oh, did I mention? 

We're building Claptrap.

Woot woot!


Of course by "we" I mostly mean "John," though I'm helping where I can. Plus it'll be my turn to take over soon, since I get to handle all the painting and finishing. o.0

John got the lion's share of the body done in just three days, after which I think he realized just how complex this build is. So many details and funky angles! We're around the 2 week mark now, with John working at least a couple of hours a day.


First steps: scale drawings (using measurements taken from in-game screen shots) and a quick arm mock-up.
Transferring templates to wood.

Attaching inner frame.

John used an old sample board of wood stains for the inner frame, which is why it looks so pretty. :)

Block supports & thin wood laminate to make the inner curve on the front:
 The laminate was actually my idea. See? HELPING.


 
Sliding in the bottom panel.



We decided on a hinged top panel, so we can access the insides later:

(You can also see the inner side panels coming along; those will be filled with wires & tubing later.)

John did a great job recessing the hinges, so you shouldn't see them at all once it's painted.

The eye flap is reinforced underneath with a wedge of wood cut to the same angle.

A quick mock-up of the eye, which is made from a stryofoam ball & PVC pipe:


The front wheel surround was a pain; John re-did it three times to appease a particularly demanding supervisor [smirk]:

In the supervisor's defense, now it's practically perfect.

The wheel is a used go-kart tire John ordered online - our most expensive piece so far, since we had to buy two for $45, including shipping. It's the perfect size, though, and the tread is close to Claptrap's.

 

The hubcaps are screwed into four wood supporting blocks inside the wheel, and the inset is a PVC threaded reducer. There's also an inflated bicycle tire in there, for padding.

 
I had John add an inner wooden ring to the hubcap, both to hide the joint & to better match Claptrap.

The wheel shaft and assembly is made from more PVC pipe, plus cast iron flanges John had left over from an old project:


Taking the new wheel assembly for a test spin!

Here I am starting my first attempt at cell-shading for the paint job:

 Adding thick, sloppy borders on purpose is really hard for a perfectionist. Had to keep going back to mess it up a bit.

(If you're not familiar with the cell-shading look for Borderlands cosplay, here's an example:

 The game has a graphic, comic book sketchy feel, with lots of heavy outlines & almost cartoony shading.)

So, after shading, highlighting, and adding some grunge:
 Eh. Satisfied enough to keep going!
 
The struts were harder; I initially made them way too clean & realistic. I kept going back, adding more and more "sketchy" lines to really drive home the graphic cartoony feel.

 For the finishing touch I made two faux screw heads from "Bead in a Bottle" paint:

(Pipe the paint onto a smooth piece of plastic or glass, let it dry completely, pop it off, and use a craft blade to make the screw-head indentation. Easy-peasy!)

Screws in place, and outlined with more black paint:

 We have a wheel!!

Think I'll end there for now. Next time I'll show you guys some of the fun stuff we're doing with the front panels, which light up and are looking pretty cool, if I do say so myself. :)

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

As if consumers weren’t already suffering from breach fatigue: Experts warn that attackers are exploiting a critical, newly-disclosed security vulnerability present in countless networks and Web sites that rely on Unix and Linux operating systems. Experts say the flaw, dubbed “Shellshock,” is so intertwined with the modern Internet that it could prove challenging to fix, and in the short run is likely to put millions of networks and countless consumer records at risk of compromise.

The bug is being compared to the recent Heartbleed vulnerability because of its ubiquity and sheer potential for causing havoc on Internet-connected systems — particularly Web sites. Worse yet, experts say the official patch for the security hole is incomplete and could still let attackers seize control over vulnerable systems.

The problem resides with a weakness in the GNU Bourne Again Shell (Bash), the text-based, command-line utility on multiple Linux and Unix operating systems. Researchers discovered that if Bash is set up to be the default command line utility on these systems, it opens those systems up to specially crafted remote attacks via a range of network tools that rely on it to execute scripts, from telnet and secure shell (SSH) sessions to Web requests.

According to several security firms, attackers are already probing systems for the weakness, and that at least two computer worms are actively exploiting the flaw to install malware. Jaime Blasco, labs director at AlienVault, has been running a honeypot on the vulnerability since yesterday to emulate a vulnerable system.

“With the honeypot, we found several machines trying to exploit the Bash vulnerability,” Blasco said. “The majority of them are only probing to check if systems are vulnerable. On the other hand, we found two worms that are actively exploiting the vulnerability and installing a piece of malware on the system. This malware turns the systems into bots that connect to a C&C server where the attackers can send commands, and we have seen the main purpose of the bots is to perform distributed denial of service attacks.”

The vulnerability does not impact Microsoft Windows users, but there are patches available for Linux and Unix systems. In addition, Mac users are likely vulnerable, although there is no official patch for this flaw from Apple yet. I’ll update this post if we see any patches from Apple.

Update, Sept. 29 9:06 p.m. ET: Apple has released an update for this bug, available for OS X Mavericks, Mountain Lion, and Lion.

The U.S.-CERT’s advisory includes a simple command line script that Mac users can run to test for the vulnerability. To check your system from a command line, type or cut and paste this text:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable
 this is a test

An unaffected (or patched) system will output:

 bash: warning: x: ignoring function definition attempt
 bash: error importing function definition for `x'
 this is a test

US-CERT has a list of operating systems that are vulnerable. Red Hat and several other Linux distributions have released fixes for the bug, but according to US-CERT the patch has an issue that prevents it from fully addressing the problem.

The Shellshock bug is being compared to Heartbleed because it affects so many systems; determining which are vulnerable and developing and deploying fixes to them is likely to take time. However, unlike Heartbleed, which only allows attackers to read sensitive information from vulnerable Web servers, Shellshock potentially lets attackers take control over exposed systems.

“This is going to be one that’s with us for a long time, because it’s going to be in a lot of embedded systems that won’t get updated for a long time,” said Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley. “The target computer has to be accessible, but there are a lot of ways that this turns accessibility into full local code execution. For example, one could easily write a scanner that would basically scan every Web site on the planet for vulnerable (Web) pages.”

Stay tuned. This one could get interesting very soon.

[syndicated profile] female_cs_feed

Posted by Gail Carmichael

I've been trying something a little bit different for our CS2 class this semester.  The course typically covers object-oriented programming in Java along with topics like recursion.  In fact, students becoming proficient in Java is one of the hard requirements of the course.  But students who have recently passed the course did not seem sufficiently prepared for what came next: systems programming with C.  In fact, some students (barely) passing the course seemed not to be able to program sufficiently well on their own at all.

I knew there was an appetite to try something new, and I thought I had the perfect book to try out: Think Like a Programmer.  Only problem was that the book uses C++, and as I said above, we need to use Java.  I ended up chatting with a member of our curriculum committee about it, and we realized that maybe, just maybe, we could do both.  We could teach just a bit of C++ so students would understand the book, and do our major examples and assignments in Java.  So that's what I'm doing.  The question is, will it turn out well, or end in disaster?


In some ways, it seems like trying to cover two languages in a course where many students can't grasp even one is a really bad idea.  But hear me out.  I am not trying to teach them how to be proficient C++ programmers.  My goal is only to show enough C++ so that students can understand Think Like a Programmer, and even more importantly, so that I can more explicitly illustrate some key concepts in Java that are normally hidden away.

For example, C++ makes you choose whether you are passing by reference.  With some simple examples, I can illustrate the difference between pass-by-reference and pass-by-value more clearly. When we get to Java, I can easily explain what gets passed by reference automatically.  Understanding dynamic memory can also be made more explicit in C++, then applied to topics like creating linked lists in Java.  Even the fact that C++ allows me to build up to objects without needing to have a dummy class in the meantime is quite helpful.

We're only in our third full week of class so far, and we're just getting started on Java.  So I don't know yet how well this experiment will work once we have the two languages going side by side.  But I can say that it has been very beneficial to be able to approach the course using the problem-solving perspective of Think Like a Programmer and the slightly lower level view that C++ allows for things like how variables and arrays are stored in memory.  If this continues working well, I think this could be a winner.

I'll be soliciting anonymous feedback after a couple of weeks of using both languages, and hope to report back after I get some data from students.  Eventually I'll also share more details about the course design itself.

In the meantime, I wold love to hear your opinion - does this approach have potential, or do you see it as a disaster waiting to happen?
[syndicated profile] cakewrecks_feed

Posted by Jen

These cakes are all quite nicely done. I'm sure that will be of some comfort to the kids when they're in therapy.

Sock-hop it to me, Audrey R.!

Yes, happy birthday, girls, from Headless Flo and her Tinker-Toy Poodle Skirt of Probable Misfortune. ("Doom" was taken.)

Now, who wants ice cream?

 

"No, no, Patrick, the dinosaur isn't trying to eat you. He's here to party!"

See? Look at that cute little party hat! It really bring out his razor sharp teeth, don't you think, Selah T.?

 

Speaking of teeth...

This looks like the aftermath of a fairy-tale massacre, or in other words, a-DOR-able! [sing-song voice] Say, Arloe S., is that middle pig coming or going?

 

[announcer voice] "Hey parents, are you tired of boring, peaceful birthday parties? Want to add a little more excitement back into the one-year celebration? Then ask for the Dead Elephant special!"

[Kids yelling] "Yay! Dead elephants!"

[announcer] "That's right, kids! Yes, these delectable globs of deceased pachyderms tell the world: this party is gonna be killer!

"Side effects may include screaming, crying, thumb-sucking, sweating, itchy palms, irritable bowel, and a life-long fear of blue animals. Not recommended for children with nervous constitutions or sensitive bladders. Dead elephants are not responsible for any damages - real or imagined - done to your children. Void where prohibited, all rights reserved."

You've got a killer eye there, Andrew C.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Profile

terriko: (Default)
terriko

September 2014

S M T W T F S
 123456
78 910111213
141516 17181920
2122 2324252627
282930    

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 2nd, 2014 02:27 pm
Powered by Dreamwidth Studios