More Things I've Made Recently

Apr. 1st, 2015 09:48 pm
[syndicated profile] sumana_feed
In addition to Randomized Dystopia, I've made some additional things recently that I don't think I linked to here.

Last year, with Alex Bayley, I co-wrote an article for about Growstuff and how open food can change how we approach technology.

In late March, my friend Elisa inspired me to write Captain America fanfic in the form of a sort of sonnet -- I called it "Spangled". It's 142 words, in case you're looking for a short read.

Today, I made my first fanvid, a 30-second Sisko study called "In the pale dublight". Thanks to Critical Commons for hosting transformative works! Thanks to the open source software community and especially the makers of VLC, Handbrake, and kdenlive for the software. Thanks to synecdochic, Skud, and the wiscon_vidparty vidding workshop for guidance, and thanks to Syun Nakano for the CC-BY music.

And it's behind a paywall right now, but I wrote my first LWN piece, on the upcoming release of Mailman 3.0. I think it's a pretty reasonable roundup of what's new in one of the most popular FLOSS mailing list managers and what that implies for the open source community as a whole. Thanks to Jake Edge, my editor, and to the Mailman dev team for making this piece better!

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

In October 2014, KrebsOnSecurity examined a novel “replay” attack that sought to exploit implementation weaknesses at U.S. financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards. Today’s post looks at one service offered in the cybercrime underground to help thieves perpetrate this type of fraud.

Several U.S. financial institutions last year reported receiving tens of thousands of dollars in fraudulent credit and debit card transactions coming from Brazil and hitting card accounts stolen in recent retail heists, principally cards compromised as part of the October 2014 breach at Home Depot. The affected banks were puzzled by the attacks because the fraudulent transactions were all submitted through Visa and MasterCard‘s networks as chip-enabled transactions, even though the banks that issued the cards in question hadn’t yet begun sending customers chip-enabled cards.

Seller in underground forum describes his "Revolution" software to conduct  EMV card fraud against banks that haven't implemented EMV correctly .

Seller in underground forum describes his “Revolution” software to conduct EMV card fraud against banks that haven’t implemented EMV fully.

Fraud experts said the most likely explanation for the activity was that crooks were pushing regular magnetic stripe transactions through the card network as chip card purchases using a technique known as a “replay” attack. According to one bank interviewed at the time, MasterCard officials explained that the thieves were likely in control of a payment terminal and had the ability to manipulate data fields for transactions put through that terminal. After capturing traffic from a real chip-based chip card transaction, the thieves could insert stolen card data into the transaction stream, while modifying the merchant and acquirer bank account data on-the-fly.

Recently, KrebsOnSecurity encountered a fraudster in a popular cybercrime forum selling a fairly sophisticated software-as-a-service package to do just that. The seller, a hacker who reportedly specializes in selling skimming products to help thieves steal card data from ATMs and point-of-sale devices, calls his product “Revolution” and offers to provide buyers with a list of U.S. financial institutions that have not fully or properly implemented systems for accepting and validating chip-card transactions.

First, a bit of background on chip-based is in order. Chip cards are synonymous with a standard called EMV (short for Europay, MasterCard and Visa), a global payment system that has already been adopted by every other G20 nation as a more secure alternative to cards that simply store account holder data on a card’s magnetic stripe. EMV cards contain a secure microchip that is designed to make the cards very difficult and expensive to counterfeit.

There are several checks that banks can use to validate the authenticity of chip card transactions. The chip stores encrypted data about the cardholder account, as well as a “cryptogram” that allows banks to tell whether a card or transaction has been modified in any way. The chip also includes an internal “counter” mechanism that gets incremented with each sequential transaction, so that a duplicate counter value or one that skips ahead may indicate data copying or other fraud to the bank that issued the card.

It appears that the Evolution software is designed to target banks that are in the process of architecting their payment networks to handle EMV transactions, but that nevertheless aren’t yet properly checking the EMV cryptogram and/or counter for these transactions. It also seems that some banks have inexplicably lowered their fraud controls on EMV transactions, even though they are not yet taking advantage of the added security protections offered by chip-based cards.

“The reason I think they bother to fake EMV transactions is that they know the EMV card issuing banks relax their fraud controls on them and don’t have it implemented properly and therefore they do not properly check the dynamic EMV data,” said Avivah Litan, a fraud analyst with Gartner Inc.

That’s precisely what the fraudster selling Evolution points out in his somewhat awkwardly-worded sales thread for his product, which he said relies on Java card software capable of writing to chip and mag-stripe based cards.  Java Card refers to a software technology that allows Java-based applications (applets) to be run securely on smart cards and similar small memory footprint devices. Java Card is the tiniest of Java platforms targeted for embedded devices, and was originally developed for the purpose of securing sensitive information stored on smart cards.

“The good news is that USA is shifting to EMV,” he writes. “ This software works with Java cards work with static EMV security not with dynamic. Static means the [counter] remains the same every transaction. The thing to add is that I will provide from a lot of banks that uses static some of them that has been tested on it after purchase. Imagine how many banks using STATIC!“

This same fraudster appears to be the operator of an online store called “Last Carding,” which sells stolen credit cards and includes a number of tutorials on how to conduct card fraud. The crook running this site says he’s online twice a day, but that he takes Sundays off. Interestingly, the clock on his Web store says he operates on Central America time (-06:00 GMT). Recall that the banks who initially reported this fraud pattern said the phony chip-card transactions appeared to be emanating from Brazil. If accurate, that would put this criminal in Acre, a state in the northern region of Brazil.

The "Last Carding" store sells stolen cards, tutorials and software for perpetrating card fraud.

The “Last Carding” store sells stolen cards, tutorials and software for perpetrating card fraud.

[syndicated profile] geekfeminism_feed

Posted by Leigh Honeywell

This is another round of Geek feminism classifieds. If you’re looking to hire women, find some people to participate in your study, find female speakers, or just want some like-minded folk to join your open source project, this is the thread for you!

Here’s how it works:

  1. Geeky subjects only. We take a wide view of geekdom, but if your thing isn’t related to an obviously geeky topic, you’ll probably want to give a bit of background on why the readers of Geek Feminism would be interested.
  2. Explain what your project/event/thing is, or link to a webpage that provides clear, informative information about it. Ideally you’ll also explain why geek women might find it particularly awesome.
  3. Explain what you’re looking for. Even if it’s not a job ad, think of it like one: what is the activity/role in question, and what would it involve? What is the profile of people you’re looking for?
  4. GF has international readership, so please be sure to indicate the location if you’re advertising a job position, conference, or other thing where the location matters. Remember that city acronyms aren’t always known world-wide and lots of cities share names, so be as clear as possible! (That is, don’t say “SF[O]” or “NYC” or “Melb”, say “San Francisco, USA”, “New York City, USA” or “Melbourne, Australia”.) And if you can provide travel/relocation assistance, we’d love to know about it.
  5. Keep it legal. Most jurisdictions do not allow you to (eg.) advertise jobs for only people of a given gender. So don’t do that. If you are advertising for something that falls into this category, think of this as an opportunity to boost the signal to women who might be interested.
  6. If you’re asking for participants in a study, please note Mary’s helpful guide to soliciting research participation on the ‘net, especially the “bare minimum” section.
  7. Provide a way for people to contact you, such as your email address or a link to apply in the case of job advertisements. (The email addresses entered in the comment form here are not public, so readers won’t see them.)
  8. Keep an eye on comments here, in case people ask for clarification or more details. (You can subscribe to comments via email or RSS.)

If you’d like some more background/tips on how to reach out to women for your project/event/whatever, take a look at Recruiting women on the Geek Feminism Wiki.)

Good luck!

Time to Chicken Out

Apr. 1st, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

You guys, Easter is this Sunday!


Let's terrorize some children!

"Ohh nooo!"

Oh, YES, 'fraidy cat half-chicken! For far too long now, Easter has been the holiday of the cute and cuddly. Well, NO MORE.

"It's PAYBACK time, beechez."




"Yeah. Just you wait 'til I roll over there, kids. Just you wait.


"Right, Bugsy?"

"Ohh yes. Meet your hippity-hoppity nightmare, young whippersnappers!"


Or shall I introduce you to the Ghost of Easters Past?

Alright. This chick is toast!


Now, brave Wreckies, if ye do doubt your courage - or your strength! - come nae further!

For DEATH awaits you all...

...with nasty, big, pointy teeth!!


[blink blink]



Lamb chop, anyone?


Thanks to Shannon C., Heather, Summer B., Jekka G., Candice C., Danna F., Rachel P., & Jennifer D., who tell me that goes great with mint jelly filling.

Now: run awaaaay!!


Thank you for using our Amazon links to shop! USA, UK, Canada.

How I Interview

Apr. 1st, 2015 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

Danbo and Danbo

Credit: Flickr / Takashi Hososhima

I have interviewed a lot more people than I have myself done interviews. This is mostly because I am terrified of interviewing. But I also used to be extremely nervous to be the interviewer. It’s a lot of pressure to try and evaluate someone in 30-60 minutes, and it matters a lot to me to be as good an interviewer as I can. I’m not claiming that I am a good interviewer, just that it is something that I really care about doing as well as I can, and work really hard to be better at.

This is the process that I follow.


I personally do not give more than a cursory glance at resumes. There are two reasons for this. Firstly, and most importantly, I want to go in without preconceptions. Secondly, I found that when I studied resumes I would frequently start to worry that I wasn’t qualified to interview that person, which would put me in a bad headspace for the interview itself. Obviously for some kinds of interviews this isn’t possible, but for technical interviews, or behavioural based interviews (such as I did for a not-for-profit organisation I’m involved with) I haven’t felt the lack of information.

When someone is job hunting, an interview is probably one of (if not the) most important thing they are doing that day. I feel like it is only fair to reflect that in your schedule as an interviewer – jamming someone inside a 30 minute window is not cool. In as much as I have control over scheduling, I leave an hour before and at least an hour (preferably 2) after open.

I don’t think I am naturally a warm person, but as an interviewer I try to do my best impression of one. I found The Charisma Myth helpful for articulating what this means, but essentially it’s about being in a state of goodwill towards the world in general but particularly the person you are interviewing. This is a mental state, but also a physical one – being fed, hydrated, and having slept, for example. For interviews, I think this is about entering the interview in a state where you expect the interviewee to be a smart, capable person who can do the job that you are interviewing them for.

The Question

These comments apply more to technical interviews.

When choosing an interview question, I think it’s important that everyone can achieve something with it. This doesn’t mean that it’s trivially easy, it means that there are gradations of an answer. It shouldn’t be all or nothing, genius or fail. Someone who is incredible needs to be able to showcase that, but someone who doesn’t really have the knowledge or the experience to give even an okay answer needs to be able to achieve something.

I firmly believe that questions should be domain free where possible. This is because the interviewee is already nervous, and springing an unfamiliar domain on them is liable to induce a state of panic. The classic response to this is that it’s just an example, but if it doesn’t need to be tied to a specific thing, why tie it? For example – any question that gives a video game as an example. No. Anyone who doesn’t play games is liable to be intimidated by that, or need extra time to understand it.

Esoteric knowledge and gotchas, no. If a question requires someone to know some deep detail of the JVM or GCC, it’s a bad question.

At the Beginning

Be warm. Ask them how they are. Mean it.

Be considerate. Ask if it’s still a good time. Mean it.

Explain what is going to happen. How long it will take, what you’re going to do, if there will be time for their questions at the end, anything else they should know. For example, when I do phone interviews I always explain that typing is me taking notes (not doing email or coding!)


Conversation over Interrogation

Some interviewers seem to take the approach that they are a standardised test in human form. I favour conversation over interrogation. There are two parts to this – the first is to encourage them to talk, not just to answer. I think part of this is taking a conversational tone in your questions, and encouraging the interviewee to elaborate. The second thing is that it’s weirdly unnatural to spend an hour with someone and never reveal anything about yourself. So try and be a bit human. If they mention a place, and you went there for some reason, say so. If they pick a language you aren’t familiar with, express interest and say (if it’s true) you’ve been meaning to try it. As an interviewer, you shouldn’t be dominating the conversation. But if they leave feeling that they know no more about you than they did when they entered, you probably didn’t seem that friendly, or make your interviewee feel very comfortable.

Hinting is an Art

The thing I still find hardest is when to hint, and when to wait patiently. Conversation is 2-way though, and if someone isn’t clear on something it could be their understanding… or it could be your communication of the problem. One thing to start with is to assume that your communication is at fault, and clarify that they understand what you are asking. The second thing is to be very general, and get more specific. E.g. Ask first “are you sure you’ve covered all cases?” then “what if the number is negative?”

Don’t Twist the Knife

When I co-organised an interview training event for women students, one of the things I warned interviewers about was that if their interviewee cried I would hunt them down. As I did this, the men in the room mostly looked at me like I was being completely unreasonable. A day after the event, one of them pinged me to tell me that it had been really useful as a warning – because he had known that it could go that badly, he was able to prevent that from actually happening. So when his interviewee stood up to walk out of the room, he was able to redeem the situation. I was really pleased that he had handled that situation, and really happy that he felt he could tell me about it.

It hasn’t happened often, but there have been a couple of cases where someone did so badly on the interview that I switched from trying to evaluate them (I had all the information I needed) to trying to make them feel OK about it. Giving them softball questions that they could answer, or coaching them through the question step by step. I think this is especially important when you are later in a day of interviews, and those interviews have been going badly. Before you give up on someone, it’s important to be sure. Plenty of people are nervous at first and warm up as it goes on. I can think of 2 – extreme – examples in well over 50 interviews.


Thank them. Mean it.

Make sure they know what is happening next. If they have another interview, see if they need a break or want to get water.


I like to write up my feedback immediately, but definitely that same day. I think it’s important to have a fresh memory of what happened. It’s also the kind of task that will weigh on me and be on my mind if left undone.

Typically feedback gets written up under headings, although I usually include my complete notes somewhere. Often I start with an idea of what should go in these sections, but I don’t completely trust those initial ideas, and instead go through my notes again. I often note times in my notes, so I have times to refer to instead of feelings about how long things took.

Once I’ve written my conclusions I go through and comb them for bias. Years of reading original research and writing about and being a woman in tech myself have given me an attuned antenna to subtly gendered or racial comments in feedback. For example, the use of shy. Suggesting someone is more junior than they actually are. Penalising someone for not being confident enough… or for being too confident. How to de-bias your feedback could be a book, but one thing that you can try is going through your feedback with someone (a colleague) who won’t be involved in making that decision, from that perspective. If I’m not confident that something is unbiased, I tone it down or just delete it. It is possible that this makes my feedback for underrepresented minorities slightly more positive than is deserved, but given the evidence about the level of bias we have, I 1) doubt this is actually true and 2) expect that other people will compensate because most people do not go to these lengths.

Terribly, in tech this idea of “culture fit” is often mis-defined as liking that person. I once saw feedback which said that someone was a good culture fit because they “liked board games and sci fi”. Sometimes disliking is relevant – for example I have disliked men I have interviewed because they made sexist or patronising comments to me. But in a short time period, this is usually down to the level of connection you felt with that person, which is fully 50% on you (more, the person with the most power in a relationship has the most influence over it – this applies to managers and directs, and interviewer to interviewee). And secondly can be really influenced by things like language barriers. So my final pass of my feedback is to make how much I liked the person less relevant, and make sure that I haven’t let what I wanted to see influence what I did see. If I didn’t feel like we connected, I don’t want that to show up in my feedback. The level of connection someone creates in an interview doesn’t really have a lot of bearing on how they will work with people over time. They might have come across as quiet or a little reserved, but you don’t know what they are like when they warm up – so don’t assume you do.

Closing Thoughts

Every so often I read these posts about how interviewing is broken, and actually what we should be doing is something else entirely. And I don’t really believe in, or advocate for the standard industry process of whiteboard interviews or whatever.

But I do wonder how big a problem is the process we follow at a macro level, compared to the attitude we take as individuals.

Steampunk Easter Eggs!

Apr. 1st, 2015 12:37 am
[syndicated profile] epbot_feed

Posted by Jen

Hi guys!

John and I are just back from a whirlwind trip to Williamsburg, but of course I can't stop crafting even when we're traveling, so....
Steampunk Easter eggs!

I made the eggs using the same metal tape technique I showed you guys last year, applied over paper craft eggs from JoAnn's. They're finished off with a few jewelry charms from my stash, held in place with black-tipped sewing pins.

That copper "Easter grass" around the eggs is actually a copper scrubbing sponge, unraveled. It makes a delightfully springy metal tube when you unroll it, so I'm already trying to think up new crafty uses for it.

This egg - my favorite - has a propeller charm layered over a small metal gear:
It was a bit tedious cutting and "riveting" all the tiny pieces of metal tape for these, but I love the look.

And since I was working on these at my parents' house, I couldn't resist using some of my dad's antique clock collection for the photos:


In fact, we got to take another of Dad's clocks home with us - thanks for our help with some more home remodeling. (I figure by the time we help them redo the whole house, I'll have his entire collection. Muah-ha-haaa.)

And finally, I made that cute little top hat "basket" holding the eggs from thin craft foam, using this tutorial & template:

The template is an instant download for $5, and I think well worth the money. It'd have taken me forever to figure out the angles for the side panels, not to mention the brim size! 

Plus the guy behind LostWax, Chris, has several more great templates and videos, which I guarantee you'll want to watch. He's really inspired me to play with foam more, now that I've witnessed the miracle of contact cement. (Seriously. SO FUN.) I can see myself making lots more of these hats, too, now that I'm home and have access to all my crafting tools!

[syndicated profile] geekfeminism_feed

Posted by spam-spam

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Chevron Strikes Again!

Mar. 31st, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Remember when someone ordered a cake with a chevron print, and got a chevron gas symbol instead?

Ah, good times.


Well, since then, we've seen a baker do this:


And then, just last week, something amazing happened.

CW reader Ashlee ordered a baby shower cake with a chevron print, and - drum roll, please....



Chevron, Chevrolet... oooh, so close.


Thanks to Fyre & Ashlee J. for the car wreck.


Thank you for using our Amazon links to shop! USA, UK, Canada.

Other People, and Travelling Alone

Mar. 31st, 2015 12:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

You smell really good, pretty kitty!

Credit: Flickr / Takashi Hososhima

My friend and I have been planning a South American adventure in Santiago. I had just finalised all my flights and then she told me… she had been accepted to speak at a really awesome conference and it clashed with our plans.

After we discussed the situation together, she concluded that, ironically, it was thanks to my encouragement that she was able to do this.

Apparently a side effect of starting a newsletter that I had not considered – it might be surprisingly popular, people would find it helpful… and I’d end up on my own in Santiago.

Whilst I was a bit thrown and somewhat disappointed, I’m really happy for and proud of my friend.

Which I feel is tied to a broader life philosophy that I follow when it comes to this kind of thing – I only arrange to do things with other people that I am happy to do by myself.

Without our planning this adventure together, I would probably have booked a flight to Chiang Mai. But South America actually works out slightly better time-zone-wise. And I’m sure it’ll be fine. I am used to travelling alone. I actually love it.

It was work to love it, because it is, at times, harder. I worked at it, and how I did that is one of my more widely read posts and ended up on Lifehacker.

But whenever I waver in this, I think about an ex boyfriend who had this list of things that he had wanted to do but hadn’t wanted to do by himself (not that he exactly made inroads on that list whilst we were together, either).

This is my greatest fear: to miss out on life because I’m waiting for someone to share it with.

I had planned to write about how this was a really good strategy for planning travel with other people – and how solo-travel can be complementary to travelling with other people. And I think this is true.

But outside of travel, I wonder about the broader implications of my need for self-sufficiency. And whether I’m missing out by refusing to rely on other people.

Eventually I concluded that I want a life full of interesting people doing amazing things, and to be that myself. Which means unpredictability, adventure, and at times the prioritisation of something else than what was originally planned. Amazing things require support, but also space and freedom to be achieved. Sometimes the space is harder to give.

Looks Like SOMEONE's Seen "Spamalot"

Mar. 30th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

CW reader Tina's daughter was in a production of 42nd Street, so she ordered a cake for the cast & crew with "a few stars decorations, for Broadway sparkle!"

She got this:



Thanks to Tina T. for the ear worm - and for helping me confuse everyone who's never seen David Hyde Pierce sing.


Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] infotropism_feed

Posted by Skud

Just a quick note to say that I’ll be in North America starting next week, for about two weeks:

  • San Francisco April 6th-10th (meetings, coworking, jetlag recovery, tacos, etc)
  • Montreal April 10th-15th (AdaCamp Montreal — I’m fully booked up from the afternoon of the 12th onward, I’m afraid, but have some time before that)
  • Ottawa April 15th-19th (friends, maybe meetings, coworking, etc)
  • San Francisco, again April 19th-21st

If you’re in any of those places and you’d like to catch up, ping me! I’ve got a fair bit of flexibility so I’m up for coffee/meals/coworking/whatever.

I’m particularly interested in talking with people/groups/orgs about:

  • Open food data, open source for food growers, etc — especially interoperability and linked open data!
  • Sustainable (open source) tech for sustainable (green) communities — why do so many sustainability groups use Facebook and how can we choose tech that better reflects our values?
  • Community management beyond/outside the tech bubble (we didn’t invent this thing; how do we learn and level up from here?)
  • Diversity beyond 101 level — how can we keep pushing forward? What’s next?

I should probably also note that I’ve got some capacity for short-medium term contract work from May onward. For the last 6 months or so I’ve been doing a lot of diversity consulting: I organise/lead AdaCamps (feminist unconferences for women in open tech/culture) around the world, and more recently I’ve been working with the Wikimedia Foundation on their Inspire campaign to address the gender gap. I’m interested in doing more along the same lines, so if you need someone with heaps of expertise at the intersection of open stuff and diversity/inclusiveness, let’s talk!

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

If you’re an American and haven’t yet created an account at, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process.

Screenshot 2015-03-29 14.22.55Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his most recent tax transcript with the Internal Revenue Service (IRS). Kasper said he sought the transcript after trying to file his taxes through the desktop version of TurboTax, and being informed by TurboTax that the IRS had rejected the request because his return had already been filed.

Kasper said he phoned the IRS’s identity theft hotline (800-908-4490) and was told a direct deposit was being made that very same day for his tax refund — a request made with his Social Security number and address but to be deposited into a bank account that he didn’t recognize.

“Since I was alerting them that this transaction was fraudulent, their privacy rules prevented them from telling me any more information, such as the routing number and account number of that deposit,” Kasper said. “They basically admitted this was to protect the privacy of the criminal, not because they were going to investigate right away. In fact, they were very clear that the matter would not be investigated further until a fraud affidavit and accompanying documentation were processed by mail.”

In the following weeks, Kasper contacted the IRS, who told him they had no new information on his case. When he tried to get a transcript of the fraudulent return using the “Get Transcript” function on, he learned that someone had already registered through the IRS’s site using his Social Security number and an unknown email address.

“When I called the IRS to fix this, and spent another hour on hold, they explained they could not tell me what the email address was due to privacy regulations,” Kasper recalled. “They also said they could not change the email address, all they could do was ban access to eServices for my account, which they did. It was something at least.”

FORM 4506

Undeterred, Kasper researched further and discovered that he could still obtain a copy of the fraudulent return by filling out the IRS Form 4506 (PDF) and paying a $50 processing fee. Several days later, the IRS mailed Kasper a photocopy of the fraudulent return filed in his name — complete with the bank routing and account number that received the $8,936 phony refund filed in his name.

“That’s right, $50 just for the right to see my own return,” Kasper said. “And once again the right hand does not know what the left hand is doing, because it cost me just $50 to get them to ignore their own privacy rules. The most interesting thing about this strange rule is that the IRS also refuses to look at the account data itself until it is fully investigated. Banks are required by law to report suspicious refund deposits, but the IRS does not even bother to contact banks to let them know a refund deposit was reported fraudulent, at least in the case of individual taxpayers who call, confirm their identity and report it, just like I did.”

Kasper said the transcript indicates the fraudsters filed his refund request using the IRS web site’s own free e-file website for those with incomes over $60,000. It also showed the routing number for First National Bank of Pennsylvania and the checking account number of the individual who got the deposit plus the date that they filed: January 31, 2015.

The transcript suggests that the fraudsters who claimed his refund had done so by copying all of the data from his previous year’s W2, and by increasing the previous year’s amounts slightly. Kasper said he can’t prove it, but he believes the scammers obtained that W2 data directly from the IRS itself, after creating an account at the IRS portal in his name (but using a different email address) and requesting his transcript.

“The person who submitted it somehow accessed my tax return from the previous year 2013 in order to list my employer and salary from that year, 2013, then use it on the 2014 return, instead,” Kasper said. “In addition, they also submitted a corrected W-2 that increased the withholding amount by exactly $6,000 to increase their total refund due to $8,936.”


On Wednesday, March 18, 2015, Kasper contacted First National Bank of Pennsylvania whose routing number was listed in the phony tax refund request, and reached their head of account security. That person confirmed a direct deposit by the IRS for $8,936.00 was made on February 9, 2015 into an individual checking account specifying Kasper’s full name and SSN in the metadata with the deposit.

“She told me that she could also see transactions were made at one or more branches in the city of Williamsport, PA to disburse or withdraw those funds and that several purchases were made by debit card in the city of Williamsport as well, so that at this point a substantial portion of the funds were gone,” Kasper said. “She further told me that no one from the IRS had contacted her bank to raise any questions about this account, despite my fraud report filed February 9, 2015.”

The head of account security at the bank stated that she would be glad to cooperate with the Williamsport Police if they provided the required legal request to allow her to release the name, address, and account details. The bank officer offered Kasper her office phone number and cell phone to share with the cops. The First National employee also mentioned that the suspect lived in the city of Williamsport, PA, and that this individual seemed to still be using the account.

Kasper said the local police in his New York hometown hadn’t bothered to respond to his request for assistance, but that the lieutenant at the Williamsport police department who heard his story took pity on him and asked him to write an email about the incident to his captain, which Kasper said he sent later that morning.

Just two hours later, he received a call from an investigator who had been assigned to the case. The detective then interviewed the individual who held the account the same day and told Kasper that the bank’s fraud department was investigating and had asked the person to return the cash.

“My tax refund fraud case had gone from stuck in the mud to an open case, almost overnight,” Kasper sad. “Or at least it seemed to be that simple. It turned out to be much more complex.”

For starters, the woman who owned the bank account that received his phony refund — a student at a local Pennsylvania university — said she got the transfer after responding to a Craigslist ad for a moneymaking opportunity.

Kasper said the detective learned that money was deposited into her account, and that she sent the money out to locations in Nigeria via Western Union wire transfer, keeping some as a profit, and apparently never suspecting that she might be doing something illegal.

“She has so far provided a significant amount of information, and I’m inclined to believe her story,” Kasper said. “Who would be crazy enough to deposit a fraudulent tax refund in their own checking account, as opposed to an untraceable debit card they could get at a convenience store. At the same time, wouldn’t somebody who could pull this off also have an explanation like this ready?”

The woman in question, whose name is being withheld from this story, declined multiple requests to speak with KrebsOnSecurity, threatening to file harassment claims if I didn’t stop trying to contact her. Nevertheless, she appears to have been an unwitting — if not unwilling — money mule in a scam that seeks to recruit the unwary for moneymaking schemes.


The IRS’s process for verifying people requesting transcripts is vulnerable to exploitation by fraudsters because it relies on static identifiers and so-called “knowledge-based authentication” (KBA)  — i.e., challenge questions that can be easily defeated with information widely available for sale in the cybercrime underground and/or with a small amount of searching online.

To obtain a copy of your most recent tax transcript, the IRS requires the following information: The applicant’s name, date of birth, Social Security number and filing status. After that data is successfully supplied, the IRS uses a service from credit bureau Equifax that asks four KBA questions. Anyone who succeeds in supplying the correct answers can see the applicant’s full tax transcript, including prior W2s, current W2s and more or less everything one would need to fraudulently file for a tax refund.

The KBA questions — which involve multiple choice, “out of wallet” questions such as previous address, loan amounts and dates — can be successfully enumerated with random guessing. But in practice it is far easier, said Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley.

“I did it twice, and the first time it was related to my current address, one old address question, and one ‘which credit card did you get’ question,” Weaver said. “The second time it was two questions related to my current address, and two related to a car loan I paid off in 2007.”

The second time round, Weaver said a few minutes on gave him all the answers he needed for the KBA questions. Spokeo solved the “old address” questions for him with 100% accuracy.

“Zillow with my address answered all four of them, if you just assume ‘moved when I bought the house’,” he said. “In fact, I NEEDED to use Zillow the second time around, because damned if I remember when my house was built.  So with Zillow and Spokeo data, it isn’t even 1 in 256, it’s 1 in 4 the first time around and 1 in 16 the second, and you don’t need to guess blind either with a bit more Google searching.”

If any readers here doubt how easy it is to buy personal data on just about anyone, check out the story I wrote in December 2014, wherein I was able to find the name, address, Social Security number, previous address and phone number on all current members of the U.S. Senate Commerce Committee. This information is no longer secret (nor are the answers to KBA-based questions), and we are all made vulnerable to identity theft as long as institutions continue to rely on static information as authenticators. See my recent story on Apple Pay for another reminder of this fact.

Unfortunately, the IRS is not the only government agency whose reliance on static identifiers actually makes them complicit in facilitating identity theft against Americans. The same process described to obtain a tax transcript at works to obtain a free credit report from, a Web site mandated by Congress. In addition, Americans who have not already created an account at the Social Security Administration under their Social Security number are vulnerable to crooks hijacking SSA benefits now or in the future. For more on how crooks are siphoning Social Security benefits via government sites, check out this story.

Kasper said he’s grateful for the police report he was able to obtain from the the Pennsylvania authorities because it allows him to get a freeze on his credit file without paying the customary $5 fee in New York to place and thaw a freeze.

Credit freezes prevent would-be creditors from approving new lines of credit in your name — and indeed from even being able to view or “pull” your credit file — but a freeze will not necessarily block fraudsters from filing phony tax returns in your name.

Unless, of course, the scammers in question are counting on obtaining your tax transcripts through the IRS’s own Web site. According to the IRS, people with a credit freeze on their file must lift the freeze (with Equifax, at least) before the agency is able to continue with the KBA questions as part of its verification process.

Update, 10:46 p.m., ET: The link included in the first paragraph of this story directing readers to create an account with the IRS is currently returning the message: “We are currently experiencing technical issues and unable to process new registrations.”

[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • On Being a Badass | New York Magazine – The Cut (March 1): “It strikes me that as women continue to break into traditionally masculine professions and defend their right to exist in unsafe spaces, the rest of us have a responsibility to do more than cheer them from the sidelines. We should also make clear that we understand this work is hard, that it often takes an emotional toll, that there are no easy answers, and that, when they acknowledge their feelings and admit their struggles, they’re all the more badass for it.”
  • Robot-Building 6-Year-Old Girls Talking Tech With Obama Is the Best Thing You’ll See All Week | Mother Jones (March 24): “The 6-year-olds from Tulsa’s Girl Scout Troup 411 were the youngest inventors selected to present at this year’s fair. Inspired by conversations with a librarian and one of the girls’ grandmas, they built a mechanical Lego contraption that can turn pages, to help patients with mobility issues read books.”
  • A Comics Creator Harassed Me On Twitter and I Don’t Want to Say His Name | Women Write About Comics (March 21): “I have a history with stalking, or rather, stalking has a history with me. He couldn’t have known that, our unnamed comic creator, when he decided to make my Twitter life as miserable as his own pathetic heart. He couldn’t have known much about me, or what hurts me, besides the obvious things that hurt all of us. But equally, he couldn’t have known that I DIDN’T have a stalker, a past that, like so many women, includes abuse. He did know, you know, that I am human. That every. Last. Person. You interact with on the internet, is human too.”
  • The divine witches of cyberspace | Boing Boing Offworld (March 24): “There is also a uniquely feminist layer to the digital fortunetelling space—it can offer a safe haven in the technology world, where smooth futures are far less certain for some as for others. Stone suggests that astrology and witchcraft have always, throughout history, offered ways for marginalized people to understand the world, even while white patriarchy, capitalism and their associated religious movements rutted up alongside and over them.”
  • Content warning: descriptions of sexual assault and harassment Sexism in Tech: Don’t Ask Me Unless You’re Ready To Call Somebody a Whistleblower | @katylevinson on Medium (March 8): “You’re tired of hearing about this “women in tech” stuff, and we’re tired of living it, but there are some big issues here, and we’re not going to solve them by pretending they don’t exist because we’re bored or afraid of them. We need serious discussions, and we have to have educated opinions about what’s wrong and how to fix it. We need to mull these ideas around until we come to some combination of hard data and cultural consensus before we can get meaningful change.”
  • The 5 Biases Pushing Women Out of STEM | Harvard Business Review (March 24): “We conducted in-depth interviews with 60 female scientists and surveyed 557 female scientists, both with help from the Association for Women in Science. These studies provide an important picture of how gender bias plays out in everyday workplace interactions. My previous research has shown that there are four major patterns of bias women face at work. This new study emphasizes that women of color experience these to different degrees, and in different ways. Black women also face a fifth type of bias.”
  • How Silicon Valley Can Change Its Culture to Attract More Women | The New Yorker (March 26): “She also sees value in talking about her own experiences as a woman engineer who presents in a “feminine” manner—not to suggest that all female engineers should wear floral dresses and speak softly, like she does, but to promote it as no less valid than turning up at work in a hoodie and jeans and using a loud voice.”
  • A Note on Call-Out Culture | Briarpatch Magazine (March 2): “There are ways of calling people out that are compassionate and creative, and that recognize the whole individual instead of viewing them simply as representations of the systems from which they benefit. Paying attention to these other contexts will mean refusing to unleash all of our very real trauma onto the psyches of those we imagine to only represent the systems that oppress us. Given the nature of online social networks, call-outs are not going away any time soon. But reminding ourselves of what a call-out is meant to accomplish will go a long way toward creating the kinds of substantial, material changes in people’s behaviour – and in community dynamics – that we envision and need.”
  • Salesforce CEO Says Company Is ‘Canceling All Programs’ In Indiana Over LGBT Discrimination Fears | CBS San Francisco (March 26): “Salesforce CEO Marc Benioff says he doesn’t want his employees subjected to discrimination as part of their work for the San Francisco-based company, and he is cancelling all required travel to the state of Indiana following the signing of a religious freedom law that some say allows business to exclude gay customers.”
  • A Fish Is the Last to Discover Water: Impressions From the Ellen Pao Trial | Re/code (March 26): “I can imagine that as the little injustices built up, she compartmentalized and moved on. That’s the easier path. It might not have occurred to her in real time that there should be a policy in place, for example. I know many women in high-powered positions who have not reported incidents or didn’t want to rock the boat. It can be the benefit of reflection on the totality of the situation that provides clarity.”
  • CASSIUS – Issue #1 | Kickstarter “Inspired by Shakespeare’s Julius Caesar and the events of history, Cassius is set in a Roman-esque universe centered around the collection of states know as Latium. The story follows our heroine Junia, who belongs to the Latium state of Cyrentha, and believes herself to be no more than ordinary. But one single act of violence suddenly thrusts Junia into a world of politics, betrayal, greed, bloodshed, and fate – and Junia must overcome it all if she is to survive.”
  • Philosophy has to be about more than white men | The Guardian (March 23): “Imagine a future where a student interested in, say, humanism, encounters a global range of thinking on the topic and not a narrow, regional one. Such a creative, fertile environment is not only possible but it is the only one that can return philosophy to its worthy purpose, namely the investigation of all human existence.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Parties and Gifts

Mar. 30th, 2015 01:36 am
[syndicated profile] sumana_feed
To what extent do you think of your open stuff contributions as gifts? Does this match up with your sense of your communities on the caring-to-combative spectrum?

several papercraft pieces I made, and gave awayTo you, what are the manners surrounding giving and receiving gifts?

In transactions without money changing hands, how do we demonstrate what we value?

Does it motivate you to think of your fanfic, your bug reports, your wiki edits, your patches, your teaching as gifts for a specific person? Or for a community?

Do the community leaders in your open stuff communities treat those artifacts as gifts? What about other participants?

What would a "Secret Santa"-style gift exchange along the lines of Yuletide Treasure or Festivids look like in the world of English Wikisource? Or Django? Or wherever you contribute bits?

Sunday Sweets: Fun and Fondant Free

Mar. 29th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Believe it or not, you CAN have a gorgeous cake without fondant! And I have proof!

(By The White Flower Cake Shoppe)

Glass-smooth icing, perfect piping, and buttery soft flowers that make you want to dive in face-first?



A bunch of today's Sweets will have you doing double-takes:

(By Cup A Dee Cakes)

At first glance, you'd swear this was fondant! Other than the white chocolate centers on the ruffles, though, that's all buttercream.


It doesn't have to be fondant-smooth to be a stellar Sweet, though; some bakers actually use the buttercream texture to their advantage:

(By Queen of Hearts Couture Cakes)

Aha! Edible paints! Brilliant.


Or how about something like this?

(By Fat Cakes Design)

Love that ombre fade! And imagine how boring it would be without the extra icing texture.


I bet you've seen this technique over on Pinterest:

(By Catherine, a friend of CW reader Melissa M.)

SO FUN. And even better, it's actually something we mere mortals can do!
(In a nut shell: Pipe a large dot, smear with a spoon, repeat!)


But supposing you DO want the smooth look of fondant.
It can be done!

(Baker unknown. Anyone recognize it?)

That gumpaste ribbon really helps sell the look.


Oooh, now this next one made me do a triple-take:

(By Shannon Bond Cake Design)


How is that all buttercream?? And how the heck did they pipe that ruffly tier? I'd be dragging my wrist through it by the second line!


And another mind-bogglingly intricate piping job:

(Photo by Jay Tsai Photography, baker unknown.)

Just looking at all that lace is giving my hand sympathy pains. WOW. Can you imagine?


Now, personally, I'm a big fan of excessive frilliness from time to time:

(By Linda Wolff)

Ahhhhh. Love it.


But there's also a lot to be said for bold, modern patterns:

(By Tea Party Cakes)

Not to mention poppies are my favorite flower - so brush-embroidered poppies? Suh-WEET!


This baby shower cake has it all: flowers, dots, perfect pattern piping, and even stripes!

(Also by The White Flower Cake Shoppe)

Plus I love those colors. So springy.


And finally, a stunning combination of buttercream flowers, brush embroidery, and what I think is a cornelli lace variation:

(By Emma Page Cakes)

The background pattern reminds me of the subtle crackle/glazing you see on fine china. SO PRETTY!


Hope you guys enjoyed today's fondant-free fancies! Happy Sunday!


Thank you for using our Amazon links to shop! USA, UK, Canada.

This Week

Mar. 29th, 2015 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate



Spent some time in Berlin, was great to see all my friends there again! Then I finally stopped running around – I have 5 days of peace before I leave for South America. Getting in some focus time and some gym time.


Getting close to shipping my workshop! Sent it out for a last round of feedback that has been pretty positive.

Fixed a bug in my performance tests on iOS, which was super fun. Caused by random numbers and dividing by zero. Also fixed a small UX thing, will send out a new build soon.

Did my first bit of work for a startup I’m contracting for. Exciting!

We announced our next Technically Speaking webinar.


Watching Gossip Girl (starting season 3), and loving it so much! Still working on Thinking in Systems, and The Sleep Book (week 4 of 5). Novel-wise – reading The Love Affairs of Nathaniel P.

Product links Amazon.


A new edition of Technically Speaking is out.

On The Internet

More Books I've Read Recently

Mar. 29th, 2015 02:44 am
[syndicated profile] sumana_feed
More book reviews from the past year or so! I am still catching up and am not done catching up.

Up Against It by MJ Locke. You can read the first 5 chapters free online. I read this fast-paced space mystery during the 2014 summer vacation I shared with Julia and Moss, and enjoyed it as a mystery/procedural, as solid hard scifi, and as a character study of the protagonist. The first time we see Jane Navio, head of the Resource Commission, she makes a tough call. She is the kind of creative, tough leader who can abandon a few likely-to-die people in order to save resources the space colony's going to need in three weeks' time. Later we see that she's a cunning, passionate, thoughtful, and empathetic leader as well -- once you've read it, talk with me about a monologue she delivers in the last few pages of the book, about work and the public eye, because when I read it (as I was thinking about the job I then had at Wikimedia Foundation) it struck me as though I were a gong. And you get space surveillance, posthuman subsocieties, and some teen drama as well, but basically I am all about super leader Jane. Incidentally, MJ Locke is an open pseudonym for Laura J. Mixon, whose work Leonard has really liked. I should pick up more Mixon.

Life Class and Toby's Room by Pat Barker. I thank yatima for bringing my attention to Barker's Regeneration trilogy, which is super great. And thanks to Sam Read Book Shop in Grasmere, where Julia, Moss, and I stopped during our walk. I saw and picked up Perfecting Sound Forever, then got to talking with the store clerk, found out Pat Barker had new World War I fiction out, and bought it. I read both of these books in spare moments while continuing the Coast-To-Coast walk, which meant I had a sort of double vision of England, seeing it in front of my face in 2014, and seeing it in my head a hundred years previous. During my Coast-to-Coast walk in 2012 with Mel, I'd basked in the hospitality of rural northern England. And I enjoyed it again when I came back last year, but I also saw it through wartime eyes -- participant and observer at once. The cosy bits of life -- board games, pub trivia nghts, jokes over breakfast -- felt like civilization, like something to protect, like "what we're fighting for." Life Class -- in comparison to Regeneration -- feels like Young Adult, perhaps because we see the journey these youngish adults take because of the war. Toby's Room has a lot to recommend it but there is a sex-related content warning that I'll put in the comments as it's a spoiler.

The Perilous Life of Jade Yeo by Zen Cho (reread). So fun and funny and heartwarming and incisive. "I used to be a good girl and that was uncomplicated, but I thought complicated would be more interesting than safe." If you liked Jade Yeo, check out this interview with Cho about fluff for postcolonial booknerds, the fantasy of communicating easily with your ancestors and heritage, and her writing in general. I particularly love the bomb she drops nonchalantly: "I've always loved stories that examine the dynamics within small communities with their own rules and conventions -- Jane Austen's two inches of ivory, Enid Blyton's school stories, L. M. Montgomery's Canadian villages, Star Trek's starships." YES. Just add that last one on there. Ooof.

your blue-eyed boys by Feather (lalaietha). Via a recommendation from yatima. I read this both before and after I watched a bunch of the Marvel Cinematic Universe and it makes more sense afterwards (me during the first read: "who's this Sam guy?"). It's the longest piece of MCU fic I've read, but you might also like my Archive of our Own recommendations and Pinboard bookmarks.

American Taxation, American Slavery by Robin Einhorn (2006, University of Chicago Press) (partial reread). This history remains brainbending and full of astonishing anecdotes. Dr. Einhorn's particularly great in describing the importance of institutional competence in government agencies and in refuting "taxation=slavery" rhetoric. Check out this example of her amazingness.

The Autobiography of Malcolm X (reread) and Iacocca: An Autobigraphy (reread). I wrote about these at the time but I did not really talk about why I read Iacocca. I was about eight, and visiting India with family, and I read voraciously. I remember reading many issues of Reader's Digest (the Indian edition, which was different from the US edition). And a relative of mine had a copy of Iacocca and I read it with tremendous interest. I had never read such a detailed narrative about grown-up work before! He used the f-word and I was SCANDALIZED. Cars, these things that I utterly took for granted, did not just emerge ab nihilo; someone had to think them up and design them and compromise and whatnot. And I think I also liked reading Iacocca -- as I liked watching and reading Andy Rooney -- because they used plain language and owned up to their frailties.

So I monologued, a lot, the way kids do, but about Lee Iacocca and Chrysler and the K-car and the Mustang and various other topics, and these Indian aunts and uncles of mine smiled and nodded and perhaps presumed I would be an automotive engineer when I grew up. And then my parents held a sort of family reunion party (the hook being "Sumana's and Nandini's birthday (Observed)"), and my uncle Ashwin gave me one of the most memorable gifts I've ever received: Iacocca's new book of essays, Talking Straight. I don't think I even knew it existed before I had it in my hands! I was SO EXCITED. I probably forgot the minimal socialization my parents had painstakingly attempted to instill in me and went off to a corner to start in on it right away. I am still laughing about this.

Incidentally, the hunger for reading material also affected me eight years later, on another trip to India, as I was preparing to return to the States. Airplanes had no seatback entertainment; you brought twenty-two hours' worth of self-entertainment resources to get you all the way to San Francisco or you explored new depths in boredom. The day before my flight, Mom took me to an English-language bookstore. I'd heard The Lord of the Rings was good, and long. The store didn't have it. But they did have this other super long book. And that's how I read Atlas Shrugged.

(Even so, somewhere above the Pacific I started skimming that Galt radio speech. It is so repetitive you could programmatically transform it into a musical score suitable for Koyaanisqatsi!)

An inflight shopping magazine that helped me discover my roller derby name ("Asian Competence").

[syndicated profile] geekfeminism_feed

Posted by spam-spam

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Between A Wreck And A Hard Place

Mar. 27th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Gents, are you feeling a bit... droopy... lately?


Because whether you want to rock out with your turkey out:


Do a little dribbling:


Or just feel on fire again:


The answer is as plain as the "nose" on Elmo's face!


Even little Brandon here knows:
There's more than one way to win the race.



So forget those turtle necks, fellas:


...and get ready to CELEBRATE!

Don't wait; ask your baker today about Cake Wrecks!

You'll have a truly uplifting experience... GUARANTEED.


Thanks to Nicole F., Katy B., Jennifer V., Annette M., Angela B., Nathan M., & Malisa I. for helping me salute Viagra Day the penis way I know how.


Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] accidentallyincode_feed

Posted by Cate

My notes from @jaimeejaimee‘s fantastic talk at @NSConf.

Rocky Balboa

Credit: Flickr / Scott D Welch

We’re going to talk about burnout.

Before graduated college was dishwasher, waitress, heavy equipment washer, pilot car driver, sign painter, production assistant, bank teller, park ranger, metal sculpture (that was degree).

After graduated realised need to figure out what to do for a living. Decided to be a web designer. Taught herself.

Dad was a U.S marine, sky diver, scuber diver, karate instructor, occasionally big jerk. Taught 1) life is short. Be smart be kind, life is short don’t waste time doing you don’t like doing. 2) love what you do, because life if short.

Loss of 15yo brother at 11, learn – life is short. At 27 lost her mom, reinforced this message. Taking the positive, love her work. In a time of loss, found that work was thing that could poor pain, passion, love energy into. Made her work better. Sure that work saved her life, was a sanctuary.

April 9, 2012. Dad was doing something he loved – riding his motorcycle from her house to his, didn’t make it. Again found, positive from something negative, he died doing something he loved. Lived a life of making decisions to do things he loved, so the odds of him dying doing something he loved were pretty high.

Thought it would be the same, work would be saving grace, everything would be fine.

This time it wasn’t. Work was the balloon, string cut, drifted away. Fell to the ground like a limp noodle.

Thought could just keep going.

It’s important to understand the difference between dissatisfaction and burnout. Wasn’t dissatisfaction. Was different.

When designing experiences for people, you need to be able to connect.

Single mom of two beautiful girls, could not give up, sell everything and run away to the mountains.

Dad was into self help, was so cheesy to her growing up. Thought, dad really found something in it, threw herself into it in search of something that she liked.

Reinforced – needed to pick self up, and carry self through this.

Movie Rocky – unconventional training methods. Drinking raw eggs and punching meat.

Seen movie hundreds of times, “It doesn’t matter if I lose this fight, all I want to do is go the distance”. Realised most important part of the movie.

Started looking design process. Realised. “I am a designer I have 15 years of tools in my Mary Poppins bag for solving problems.” “I have what I need”.

You could design your life, just like your life is a product. We’re making stuff. We pour all this emotion and soul into the stuff that we make, had never before thought of flipping it onto herself.

If my life is the product, and I can control the outcome, what do I do?

No one size fits all, basic process.

Step 1: Understand.

“Breakdown occurs when clarity of vision is lacking.”

First mobile product was the zappos mobile app. Had been working on website for about a year, was approached to look at the mobile apps. 

You can take these questions and turn them at yourself. Her goal: to get unburntout. 

Stakeholders are really important in this too – these are the people who depend on you and you depend on.

Whatever the goal is, have clarity of vision.

Step 2: Discovery.

Context – users – this applies to life too. To be a better mom, did stakeholder interviews with kids. Interviewed teachers, talked to their friends.

Brand – can take that at a personal level. Need to decide what the personality of the brand is.

Existing patterns – hugely important, what patterns exist in user behaviour, what patterns exist in the world.


Behaviours – want to understand the environment, look at day to day rituals, what is working what is not working.

Existing processes.

Once gathered – can brainstorm things that are targeted at a very specific problem. Then you get solutions, and puzzle pieces.

Side-note: What’s good – looking at product, looking at what is wrong, don’t forget what’s good.

Step 3: Design

Once you understand what problem you are designing, you have puzzle pieces. Design is nothing but solving puzzles. 

Problem is carrying stuff. Hate bags. If has a bag, leave it.

Disney came up with a solution – band, magic band, photo ID, credit card, hotel room key. All these things in one magic band, don’t need to carry stuff, they have solved that problem! If only we had that in the real world (apple watch).

The Power of Habit – story of convinving americans to become a nation of people who brush their teeth. Trigger, action, reward.

These are patterns we need to think about when designing products, but also when designing your life. The reward re-enforces the action.

BJ Fogg tiny habits. Improving health. Drinking water feels small and insignificant. Fill my water glass – do it after waking up. Automatically drink the water after fill the glass. Break it down so small, impossible not to do it.

Because of little things, was able to fold this sort of habit form into life.

Break it down so small that you can’t deny it in your life.

Celebrate the little things.

Do some kind of physical manifestation of the reward.

Get something out there – whether it’s your product, a beta, or your life, then you can immediately get feedback on it. That feedback helps you.

Step 4: Iterate

Once you have feedback you can start iterating on things and make it better!

Jesse James Garret – watch, fail or succeed, learn, try again.

We need to iterate.

Really rare that we throw something perfect out there the first time.

“All I want to do is go the distance” – Rocky lost, but he went the distance. Then there was Rocky 2 and he totally kicked ass.

Test, tweak revise. Don’t give up. There’s so much out there.

Wrapping Up

The tools – you have the skills. Whatever you do to build the products you’re building, you can use these.

Worked on products. Works on life. Learned take these skills, and coaching, can not just help people inside companies, can actually help companies. Came back around, now focused on people, not products. Means that people are building better products.

Everything needed to get out of burnout was inside, just had to figure out how to apply it.

[syndicated profile] valerie_fenwick_blog_feed

Posted by Valerie Fenwick

Bob Griffin, EMC, and I will be presenting the history of PKCS#11 and where we are going with the standard in our OASIS Technical Committee Friday, March 27, 2015 at 8AM PT.  This is in preparation for our OASIS wide vote for PKCS#11 2.40 to become an official OASIS standard (boy, this process has taken longer than I imagined possible!)

Come along and hear all about it, and ask me and my co-chair questions!

You can register here at the OASIS site.

"See" you there!

Who Is the Antidetect Author?

Mar. 26th, 2015 02:48 pm
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video for Antidetect showing the software being used to buy products online with stolen credit cards. Today, we’ll take a closer look at clues to a possible real-life identity of this tool’s creator.

The author of Antidetect uses the nickname “Byte Catcher,” and advertises on several crime forums that he can be reached at the ICQ address 737084, and at the jabber instant messaging handles “” and “”. His software is for sale at antidetect[dot]net and antidetect[dot]org.

Antidetect is marketed to fraudsters involved in ripping off online stores.

Antidetect is marketed to fraudsters involved in ripping off online stores.

Searching on that ICQ number turns up a post on a Russian forum from 2006, wherein a fifth-year computer science student posting under the name “pavelvladimirovich” says he is looking for a job and that he can be reached at the following contact points:

ICQ: 737084

Skype name: pavelvladimirovich1


According to a reverse WHOIS lookup ordered from, that email address is the same one used to register the aforementioned antidetect[dot]org, as well as antifraud[dot]biz and hwidspoofer[dot]com (HWID is short for hardware identification, a common method that software makers use to ensure a given program license can only be used on one computer).

These were quite recent registrations (mid-2014), but that email also was used to register domains in 2007, including allfreelance[dot]org and a domain called casinohackers[dot]com. Interestingly, one of the main uses that Byte Catcher advertises for his Antidetect software is to help beat fraud detection mechanisms used by online casinos. As we can see from this page at, a subsection of was at one time dedicated to advertising Antidetect Patch — a version that comes with its own virtual machine.

That ICQ number is tied to a user named “collisionsoftware” at the Russian cybercrime forum antichat[dot]ru, in which the seller is advertising software that routes the user’s Internet connection through hacked PCs. He directs interested buyers to the web site cn[dot]viamk[dot]com, which is no longer online. But an archived version of that page at shows the same “collision” name and the words “freelance team.” The contact form on this site also lists the above-referenced ICQ number and email, and even includes a résumé of the site’s owner.

Another domain connected to that antichat profile is cnsoft[dot]ru, the now defunct domain for Collision Software, which bills itself as a firm that can be hired to write software. The homepage lists the same ICQ number (737084).

The profile page for that number includes links to accounts on Russian fraud forums that are all named “Mysterious Killer.” In one of those accounts, on the fraud forum exploit[dot]in, Mysterious Killer lists the same Jabber and ICQ addresses, and offers a variety of services, including a tool to mass-check PayPal account credentials, as well as a full instructional course on click-fraud.

Antidetect retails for between $399 and $999, and includes live support.

Antidetect retails for between $399 and $999, and includes (somewhat unreliable) live support.

Both antifraud[dot]biz and allfreelance[dot]org were originally registered by an individual in Kaliningrad, Russia named Pavel V. Golub. Note that this name matches the initials in the email address KrebsOnSecurity has yet to receive a response to inquiries sent to that email and to the above-referenced Skype profile. Update, 1:05 p.m.: Pavel replied to my email, denying that he produced the video selling his software. “My software was cracked few years ago and then it as spreaded, selled by other people,” he wrote. Meanwhile, someone has started deleting photos and other items linked in this story.

Original story:

A little searching turns up this profile on Russian social networking giant for one Pavel Golub, a 29-year-old male from Koenig, Russia. Written in Russian as “Кениг,” this is Russian slang for Kaliningrad and refers to the city’s previous German name.

One of Pavel’s five friends on Odnoklassniki is 27-year-old Vera Golub, also of Kaliningrad. A search of “Vera Golub, Kaliningrad” on — Russia’s version of Facebook — reveals a group in Kaliningrad about artificial fingernails that has two contacts: Vera Ivanova (referred to as “master” in this group), and Pavel Vladimirovich (listed as “husband”).

The Vkontakte profile linked to Pavel’s name on that group has been deleted, but “Vera Ivanova” is the same face as Vera Golub from Pavel’s Odnoklassniki profile.

A profile of one of Vera’s friends – one Natalia Kulikova – shows some photos of Pavel from 2009, where he’s tagged as “Pavel Vladimirovich” and with the link to Pavel’s deleted Vkontakte profile.  Also, it shows his previous car, which appears to be a Mitsubishi Galant.

Pavel, posing with his Mitsubishi Galant

Pavel, posing with his Mitsubishi Galant in 2008.

A search on the phone number “79527997034,” referenced in the WHOIS site registration records for Pavel’s domains — antifraud[dot]biz and hwidspoofer[dot]com — turns up a listing on a popular auto sales Web site wherein the seller (from Kaliningrad) is offering a 2002 Mitsubishi Galant. That same seller sold a 2002 BMW last year.

On one level, it’s amusing that a guy who sells software to help Web criminals evade detection is so easily found on the Internet. Then again, as my Breadcrumbs series demonstrates, many individuals involved in writing malware or selling fraud tools either do not care or don’t take too many precautions to hide their identities — probably because they face so little chance of getting into trouble over their activities as long as they remain in Russia.

The above photo of Pavel in his Mitsubishi isn’t such a clear one. Here are a couple more from Kulikova’s Vkontakte pictures.

Vera and Pavel Golub in April 2012.

Vera and Pavel Golub in April 2012.

Pavel V. Golub, in 2009.

Pavel V. Golub, in 2009.

Thursday Favs 3/26/15

Mar. 26th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

I'll be celebrating a special holiday here tomorrow, so Friday Favs has been bumped up to Thursday!

Isn't that great news, "Demon Dog For A Five-Year-Old?"

::gutteral snarling::

Aw, I guess he can't hear me over all the screaming.


Actually, looks like it's been a pretty rough week all 'round for 5-year-old girls:

Can YOU say, "creepy anatomical inaccuracies?"


'Cuz I'd like demon dog back, please. [shudder]


If I told you someone ordered "Congratulations Cub Scouts, Pack 47" on a cake, which of those words do you think most likely to be misspelled?

You guessed wrong.
(I'm guessing.)

It is, in fact, every word except that one:

"Club Scott Pac 47."



Two wrongs may not make a right, but two rights DEFINITELY make this wrong:

[give it a second]


You'll gladly foot the bill for that one, though, after I show you this:



Thanks to Donne G., Leah S., Maura M., Anony M., & Diana M. for the womb with a view.


Thank you for using our Amazon links to shop! USA, UK, Canada.

You Get What You Incentivise

Mar. 26th, 2015 12:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

tulip stair

Credit: Wikipedia

It’s about 18 months since my friend Tracy wrote this post pointing out that whilst the tech industry evangelises data for decision making, there is very little available when it comes to diversity numbers. And about 12 months since we started seeing companies release their numbers. Helped along by radical shareholder action from Jesse Jackson Sr.

This is progress, right? These things didn’t used to be discussed even internally, which is ridiculous because if you’re a woman on a team with more men named “Dave” than women, it’s the kind of thing you notice. Just because you don’t know the global, or local, percentage, doesn’t mean you don’t have a good idea of what is going on.

These are good developments, but at this point perhaps it’s worth stepping back and considering – how far have we come, actually?

Firstly, there is no consistent definition of what “engineering roles” means. My understanding is that it ranges from a narrow definition of ENG/UX/PM, through to a “everyone who reports into an engineering cost centre”. The numbers vary accordingly, but not everyone knows this – I’ve spoken to women who were comparing numbers at companies as part of their decision to take a job (or not) thinking that it was a different of percentages… when it was actually mostly a difference of definitions.

Secondly, if we’re going to blame the pipeline of women and minorities with CS and related degrees, and by “we” I mean “tech companies disclaiming responsibility for the culture they have created” it makes sense to tie the numbers to roles where a CS degree might actually be a benefit.

It’s not like there isn’t precedent for this – the ABI Top Company for Women awards use a standard definition for technical roles. Companies who have participated in this have that data. They have just chosen to release other – better looking – data instead.

As with all processes and incentives, you get what you incentivise. What concerns me is what is what is incentivised in this scenario: padding the definition of “engineering role” to make the numbers appear better, and focus on hiring “diverse” new grads.

What would we want to incentivise? Perhaps:

  • Hiring under-represented groups at every level.
  • Paying them equitably.
  • Building a culture where everyone is allowed to succeed:
    • Where they have equal opportunity to do equal work.
    • Where promotions aren’t delayed by gendered or racial feedback and expectations (hello, lawsuits).

What I would love to see is firstly a standard definition of what “engineering role” means.

The second, more revolutionary thing that I would like to see, is companies reporting not just the percentage of minority groups but the percentage of compensation going to minority groups (e.g. as determined via a standard measure, like taxation).

This removes the incentive to pad out “engineering” with less prestigious, and less well paid roles to make the numbers look better.

It makes hiring more senior people from under-represented groups, and paying those people equitably more important.

And for people looking at these numbers when evaluating companies, it would be a helpful metric. For myself, I’d prefer a company with 15% women in “engineering” roles receiving 13% of “engineering” compensation than one with 18% women in “engineering” roles receiving 12% of compensation. We know there is going to be a gap – women are better represented at lower levels. But the size of, and comparison of that gap would be very telling.

As in all things when it comes to diversity in the tech industry, we know that the data on people of color is even worse, and there is a racial pay gap as well as a gender one, generally.

I suspect we’ll never see this data. Because yeah we saw some progress, but we saw a lot more PR.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires. And few topics so reliably generate discussion on crime forums around this time of year as tax return fraud, as we’ll see in the conversations highlighted in this post.

File 'em Before the Bad Guys Can

File ‘em Before the Bad Guys Can

As several stories these past few months have noted, those involved in tax refund fraud shifted more of their activities away from the Internal Revenue Service and toward state tax filings. This shift is broadly reflected in discussions on several fraud forums from 2014, in which members lament the apparent introduction of new fraud “filters” by the IRS that reportedly made perpetrating this crime at the federal level more challenging for some scammers.

One outspoken and unrepentant tax fraudster — a ne’er-do-well using the screen name “Peleus” — reported that he had far more luck filing phony returns at the state level last year. Peleus posted the following experience to a popular fraud forum in February 2014:

“Just wanted to share a bit of my results to see if everyone is doing so bad or it just me…Federal this year has been a pain in the ass. I have about 35 applications made for federal with only 2 paid refunds…I started early in January (15-20) on TT [TurboTax] and HR [H&R Block] and made about 35 applications on Federal and State..My stats are as follows:

Federal: 35 applications (less than 10% approval rate) – average per return $2500

State: 35 apps – 15 approved (average per return $1600). State works just as great as last year, their approval rate is nearly 50% and processing time no more than 10 – 12 days.

I know that the IRS has new check filters this year but federals suck big time this year, i only got 2 refunds approved from 35 applications …all my federals are between $2300 – $2600 which is the average refund amount in the US so i wouldn’t raise any flags…I also put a small yearly salary like 25-30k….All this precautions and my results still suck big time compared to last year when i had like 30%- 35% approval rate …what the fuck changed this year? Do they check the EIN from last year’s return so you need his real employer information?”

A seasoned tax return fraudster discusses strategy.

A seasoned tax return fraudster discusses strategy.

Several seasoned members of this fraud forum responded that the IRS had indeed become more strict in validating whether the W2 information supplied by the filer had the proper Employer Identification Number (EIN), a unique tax ID number assigned to each company. The fraudsters then proceeded to discuss various ways to mine social networking sites like LinkedIn for victims’ employer information.


A sidebar is probably in order here. EINs are not exactly state secrets. Public companies publish their EINs on the first page of their annual 10-K filings with the Securities and Exchange Commission. Still, EINs for millions of small companies here in the United States are not so easy to find, and many small business owners probably treat this information as confidential.

Nevertheless, a number of organizations specialize in selling access to EINs. One of the biggest is Dun & Bradstreet, which, as I detailed in a 2013 exposé, Data Broker Giants Hacked by ID Theft Service, was compromised for six months by a service selling Social Security numbers and other data to identity thieves like Peleus.

Last year, I heard from a source close to the investigation into the Dun & Bradstreet breach who said the thieves responsible made off with more than six million EINs. In December 2014, I asked Dun &Bradstreet about the veracity of this claim, and received a blanket statement that did not address the six million figure, but stressed that EINs are not personally identifiable information and are available to the public.


By May of 2014, Peleus reported that he’d more or less worked out the best ways to avoid the IRS’s fraud filters, and was finding great success at the state level. The key, he said, was having the bogus refund sent to a unique prepaid debit card account for each filing. In this case, he found success with Green Dot — a widely-used prepaid card.

“The season is over, and my stats improved A LOT once I used one Greendot for one refund, instead of 1 checking account for 10 refunds,” he wrote.

The prepaid card industry has been an indispensable tool of tax fraudsters for several years, and remains one of the favorite means of cashing out phony refunds — as well as the proceeds from a broad range of other cybercrime activity.

At a March 12, 2015 hearing on the tax refund fraud epidemic, Utah State Tax Commission Chairman John Valentine told the U.S. Senate Finance Committee that all of the suspicious returns it has seen so far this year had the direct deposit information changed from the previous year’s bank account to prepaid debit cards — often Green Dot brand debit cards.

Once the funds are transferred to such cards, they cannot easily be traced or recovered, a perfect vehicle to commit fraud,” Valentine told the panel. “Prepaid debit cards appear to be preferable to fraudsters because the identity thief doesn’t have to bother with banks, credit unions or check-cashing stores that may become suspicious when one person starts bringing in multiple tax refund checks to be cashed or deposited.”

Valentine said one problem his state ran into when trying to isolate filings involving prepaid cards was that there is currently no uniformity in numbering that distinguishes traditional checking and savings accounts from prepaid debit cards.

“For example, a prepaid reloadable debit card sold by Green Dot appears to be linked to a bank account even though the debit card had no actual checking or savings account associated with it,” he said in his prepared remarks (PDF). “A simple fix would be to require a different series, letter or additional numbers to distinguish these cards from cards connected to bank or credit union checking and savings accounts.”


Judging from his fraud forum postings, our tax scammer Peleus was having more luck filing bogus refund requests with both the IRS and the states in this year’s tax season, which appears to have started in mid- to late January for phony filers.

Peleus’ 2015 tax tips for fellow fraudsters center around which payment instruments and banks to use and which to avoid like the plague. Peleus said prepaids are great, but getting your phony refunds deposited in a Suntrust account remains the safest option, while certain banks — particularly Wells Fargo — are to be avoided like the plague.

“Wells Fargo is old news and sucks big time,” Peleus wrote in a January 14, 2015 post. “It is one of the strictest banks and I do not recommend it. Try and get Suntrust. If Suntrust works like last year, you should have 5-7 refunds per account easy. They don’t seem to give a fuck.”

Peleus and other fraudsters continue to report strong success filing phony tax refund requests through TurboTax, the largest of the online tax preparation services — with nearly 30 million customers. Peleus urges like-minded crooks to consider asking TurboTax to credit the fraudulent refund amount as an Amazon gift code, which is apparently all the rage this year:

“You don’t even need your own bank accounts, you can use company checking accounts from Google or checking accounts from your older spam,” Peleus enthuses. “Basically, you need just an email to receive the Amazon code. Sure, it’s hard to sell it on eBay or Craigslist, but it works and they never get blocked, so it’s safe money.”

[In case you missed my recent series on how lax security and adherence to “know-your-customer” basics at TurboTax has contributed to the tax fraud epidemic, check out these stories.]

While the states and the IRS are becoming more vigilant about filtering out phony refund requests, the fraudsters are clearly responding by upping the volume of bogus filings. At least, that’s according to our virtual Virgil of the tax underworld:

“People, the secret still stays in numbers, so file as many applications as you can,” Peleus advises his fraudster friends. “No matter how accurate your tax info is, if you fly under the radar with small refunds (e.g. the average US refund was $2400 last year) you will be making money. Stop asking for $9k per refund you should make 3 of 3k, more refunds is better. Next year it will be harder I am sure, but we will all be smarter and fewer.”


Given the amount of cyber fraud that is committed with the help of the anonymity afforded to prepaid card users,  the Utah State Tax Commissioner’s suggestion about requiring a unique identifier for prepaid card account numbers seems like a sound one. Certainly, the prepaid card and tax preparation industries can up their game. As I’ve noted in previous stories, both industries probably need more encouragement from federal lawmakers and/or regulators to proactively institute more robust and effective “know-your-customer” policies.

Even so, tax refund fraud is a complex problem, with many core weaknesses contributing to the overall epidemic. Not least of which is that the IRS is required to process refund requests within a very short period of receiving the filing. Very often, the IRS has to make this decision even before companies finish sending out W2 information.

In an August 2014 report to Congress on the tax refund fraud epidemic, the Government Accountability Office said that for 2014, the IRS informed taxpayers that it would generally issue refunds in less than 21 days after receiving a tax return — primarily because the IRS is required by law to pay interest if it takes longer than 45 days after the due date of the return to issue a refund.

According to a January 2015 GAO report (PDF), the IRS estimated it prevented $24.2 billion in fraudulent identity theft refunds in 2013.  Unfortunately, the IRS also paid $5.8 billion that year for refund requests later determined to be fraud. The GAO noted that because of the difficulties in knowing the amount of undetected fraud, the actual amount could far exceed those estimates.

Further reading:

What Tax Fraud Victims Can Do.

All KrebsOnSecurity stories about tax refund fraud.

Update, Mar. 26, 4:56 p.m. ET: A previous version of this story incorrectly stated that Green Dot was managed by GE Money Bank. The latter sold part of its pre-praid business (Wal-Mart Money Card) to Green Dot back in 2013.

[syndicated profile] cakewrecks_feed

Posted by Jen

Say, just what kind of Mickey Mouse operation do you think they're running here?


Hey, laugh all you want; I'm just impressed they spelled it right.


It's like music to my eyes. Really.

Ok, not really.


And if you think e-mailing a picture to the bakery helps...think again.

Hey, a print-out of the entire Wikipedia source file still counts as a picture, right? Right?


Michael B., Jennifer C. & Jim H., Amber C., & Jessica C., I think I'd steal two icing roses in protest of that cake, too.


Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] sumana_feed
Now that I'm not all arrrrgh I just want to launch this thing I'll talk a little more about why I made Randomized Dystopia: to help us think about how dystopian fiction (and real repression) works, and to remind everybody of rights that don't get enough airtime, like variety in breakfast

wait, no, I mean:

Freedom of association

In January, I read Courtney Milan's Trade Me, in which protagonist Tina Chen mentions how hard it is for many Americans to wrap their heads around the oppression of Falun Gong practitioners. A stripped-down excerpt, from page 9 of my edition:

I hate trying to explain Falun Gong to Westerners. Sometimes, I wish my parents had been caught up in something comprehensible, like tax reform or Tiananmen Square....

No, it's not a freedom of speech issue. No, it's not a religion, not like you understand it. It's never going to make sense to you ... It's like free exercise of ... exercise...

Milan goes into more detail on this point in an interview about Trade Me. Again, a snipped-up excerpt:

...the communist regime is very, very jealous of concentrations of power in anyone but the Communist Party. And so near the end of the '90s, there were probably millions of people who were practicing Falun Gong, and they would get together in the park and they would practice and, you know, all of this stuff, and they, the Communist Party started getting a little worried about it, because they didn’t like the idea that there were these people.... he had followers, and they don't like, they didn't like the idea of somebody having followers, so they banned the practice. And to their amazement, people protested it, and they didn't know the protest was coming. So, like, 10,000 people showed up to protest in Beijing, and they were like, the fuck did these people come from?

And that, it scared the shit out of them, basically. You know, like, all these people care, and this is just sort of like what happened with, like, almost no organizing over a weekend? This is scary. So they cracked down on it, and they cracked down on it really, really hard.

One way to understand the Falun Gong crackdown is as a denial of freedom of association (articulated as "the right of the people peaceably to assemble" in the First Amendment to the US Constitution, to oversimplify). A totalitarian state only allows relationships that the state can surveil or break. We need not only privacy in the metadata of our group membership, but respect for our underlying freedom of association, the freedom to belong to a despised group.

But when I hear people talking about rights, including when we explore dystopias where someone's denying us those rights, I don't usually hear us explicitly mention freedom of association. We talk often about privacy, freedom of speech, reproductive and sexual freedom, fair and free elections, and judicial due process.

And so I'd also like to raise awareness (especially in the US) of more comprehensive lists of rights. In "Randomized Dystopia" I draw from The Universal Declaration of Human Rights, The Convention on the Rights of the Child, and The Convention on the Elimination of All Forms of Discrimination against Women. Too often in the US I hear people talk as though the first ten amendments to the US Constitution comprise all the rights we ought to honor, and humanity has done some more thinking on those topics in the intervening centuries.

Upon using Randomized Dystopia, several commenters noticed how the US falls short regarding many of the rights in the UDHR, CEDAW, and CRC. Yup.

How dystopias work

And then, in mid-March, I was talking with Sabrina Banes about current dystopian fiction, especially novels in English for the Young Adult market. She sketched out their basic themes and trajectory (and Sabrina I'd love for you to write more about your thoughts on what aspects cluster around Evil Villain Governments versus around Plucky Young Protagonists). And I realized how essential it is, as a plot mechanic, that cookie-cutter YA dystopias deny freedom of association.

Chapter 1. My parents, friends, and government tell me I can't ever go talk to Those People Over There. They're bad and wrong and subject to arbitrary arrest or execution. But sometimes I don't particularly want to be a WheelCog. But what else is there?


Chapter 5. So I talked to Those People Over There and hoo boy, I was spectacularly underinformed about the nature of my world, political system, and socially constructed values! [If freedom of association is limited, the author can more plausibly dribble out exposition to the reader -- it's easier to play keep-away with the MacGuffin -- and it gets easier for authorities to enforce limits on speech.]


Chapter 10. Oh wow, I am one of Those People Over There. In fact maybe quite a lot of us don't fit as WheelCogs, down underneath! [If you hang out with someone, it's a lot harder to treat them as a category, an object. And once you can talk freely with an ostracized group, you might see how you are like them; your perception of your own identity might change. I believe the standard YA dystopia character development arc depends on struggles around freedom of association.]


Chapter 12. However this is causing certain problems with, well, every other part of my life. Time to overthrow things!

What other rights have interesting properties as plot mechanics within dystopian fiction? I hope writers find "Randomized Dystopia" interesting as a writing prompt, and I'd be interested to hear others' thoughts on the interaction of rights and dystopian narrative.

Technical details

See the README in the code repository (go ahead and reuse the code and the idea -- the code is GPL). If you've never written a web application before, this kind of toy -- massage some text into structured-data form and use random.choice or random.sample to display a few selections to the reader -- is a fun starter project.


  1. Yeah the US is not doing so hot (and many other countries are not, either); there's a lot to be done
  2. Please write science fiction about Article 30 of the Convention on the Rights of the Child and Article 14, Section 2, Clause E of the Convention on the Elimination of All Forms of Discrimination against Women (or, failing that, please write about insurance fraud and/or Quakers in space, so I can read it)
  3. I launched a project making fun of the tropes of dystopian science fiction just before Taco Bell did, which means I'm an influencer and available for consulting at exorbitant rates


terriko: (Default)

March 2015

1 234567

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Apr. 2nd, 2015 12:19 am
Powered by Dreamwidth Studios