(no subject)

Oct. 24th, 2016 12:30 am
jeshyr: Blessed are the broken. Harry Potter. (Default)
[personal profile] jeshyr
New title idea:

Self-care Without Energy

Like it?

[ETA: "energy-free self care"? ]
nancylebov: (green leaves)
[personal profile] nancylebov
So [livejournal.com profile] james_nicoll linked to Card about the election and various other things on his mind.

Firstly, the temperature of tap water-- it's quite true that there's a big difference with the seasons. I will also note that there's much more hot water for showers precisely when long hot showers are least desirable.

I have seen complaints about Card's long discussion about tap water, but I found it fairly engaging, certainly much more so than Card's political rants. I was reminded that I used to be a Card fan.

I dropped him in the 80s or thereabouts. I realized that he had a recurring pattern of older males being physically and emotionally abusive to boys, and I was getting squicked. It actually seemed like psychological progress when Card had a father in Alvin Maker who wasn't comfortable with wanting to kill his son. Also, I got fascinated by Card's character torture in a way I didn't feel good about. People would look at me as though I was crazy when I talked about dropping an author for those reasons.

Anyway, Card likes McMullen, and in the comments to James Nicoll, Sean O'Hara links to an interview with McMullen.
No, McMullin said, the GOP is already mostly right on the issues. The party's real problem is something much more fundamental. "The Republican Party has a problem now with people, candidly, in its ranks, members and some voters, who don't embrace, I think, some foundational truths upon which our country was founded and which it has drawn nearer to over time."

"Number one is that we are all created equal," McMullin continued. "That is something that Donald Trump, I don't believe, has embraced, nor have some of his supporters. And it's a deep problem in the Republican Party, and that's just the truth."


McMullin explained that he, like other Republicans, has heard for years from Democrats that the GOP is racist. He always rejected that kind of thinking. He rejected it, that is, until the last few years, when he worked in a senior staff position for the GOP in the House of Representatives.

"I spent a lot of time in the Republican Party believing that that was something Democrats and liberals would say, [people] who weren't interested in really understanding who we were," McMullin said. "But I have to say in the time that I spent in the House of Representatives and leadership and in senior roles there, I realized that no, they're actually right. And Donald Trump made it ever more clear that there is a serious problem of racism in the Republican Party. That is the problem. Not conservative ideals. Racism is not conservatism. And that's what I'm talking about. That's the problem."

Weirdly, the Washington Examiner page looks vaguely like Facebook while being less cluttered and less readable. I have no idea how this is possible, but I'm forced to conclude that creating the Facebook look is harder than it seems.

Not connected to the Nicolls piece, but how American politics shifted from interests to values, and why this is a problem. I'm not sure this is right, but it's at least interesting and plausible.
rdm: (Default)
[personal profile] rdm
 Every year the Perth Disc Golf Club runs the Discraft Ace Race - which is effectively a hole-in-one competition with special frisbees.

Read more... )

You can see the photos Leece and I took here: https://goo.gl/photos/6hA8uqrYDD4jgPYz9 
vatine: books-related stuff (books)
[personal profile] vatine
Previously unread.

Third (but not final!) in Betancourt's Amber prequel trilogy (there's a fourth book published and a fifth one apparently planned).

So, well, this is the book where the enjoyment started dropping for me. I mean, it's competently written and while reading I was going "what next? what next?" but something was making these cries and that wish for knowledge less loud and insistent. I wish I could identify it, but the best I can articulate it is "there's sufficient difference in style".

There were some interesting bits, though, like how Suhuy became the Master of the Logrus. And some general betrayal, in pretty much imaginable direction.

Would I recommend this? If you've never read any of the Amber books and you're curious, I suspect this is not a bad place to start, actually. But, most people I know who want to read the Amber books probably already have. So, really, I can't say "do" or "don't" to this one.

Look what the cat..

Oct. 22nd, 2016 09:03 pm
rbarclay: Esme WILL be obeyed (esme)
[personal profile] rbarclay
..dragged in.

I am very proud, indeed - especially since that sparrow was not half-dead already, but actually still flightworthy.

(It was subsequently rescued.)

Catching another Don

Oct. 22nd, 2016 03:30 pm
lovingboth: (mini me + poo)
[personal profile] lovingboth

The current season of ENO opened with a new production of Don Giovanni, and I gave a little 'eek' when I realised that it was nearly at the end of the run before I'd got around to arranging to see it. I have seen 'quite a few' productions before,* but it is the greatest opera ever written and each of them has shone a new light on it even if, as in the case of ENO's last but one production, it was on how not to do it.** But if I am ever allowed to direct it, it's this one I shall shamelessly steal – erm, improve – the idea of the opening from.

For those of you who haven't seen it yet, the opening features Don Giovanni being disturbed with his latest conquest, Donna Anna, by the arrival of her father, the Commendatore. The latter is killed and given how long it is since it was first performed, it shouldn't be a spoiler that this is not the last we see of him… Watching and commentating on all this is Don Giovanni's servant, Leporello.

So there are two questions that the director has to think about because they affect how we see the Don from the start. The first is how consensual is the relationship between Don Giovanni and Donna Anna. The libretto has Don Giovanni masked and one of the problems between them is that he won't tell her who he is, but is it attempted rape? The second is how accidental is the killing of the Commendatore: is it murder, manslaughter or misadventure?

During the overture, this one has a series of women walk past Don Giovanni and Leporello, stop, turn round and go through one of a series of doors with him before coming out again. I've seen others where this sort of thing has happened, including ones like this where there's also been one man in the queue of conquests. What doesn't convince me is that he doesn't do anything to pick them up: we're expected to believe that merely walking past is enough to get the stream of nine or so people into bed. It's fair to say that the role isn't performed here by Brad Pitt. The other improvement would be to have some of the people exiting the door be adjusting their clothing / having their skirt tucked into their knickers at the back or something.

I guessed that the last in the queue would be Donna Anna and indeed it was. The moment I sat up was where the set opened up and there were two rooms, one of which had the pair inside. There is some mimed negotiation and Donna Anna wants a masked man wielding a knife to 'assault' her. Even better, her father enters the other room with a woman very unlikely to be his wife who he begins to top! He hears Donna Anna's cries, enters the other room and is 'You want it? You have it' stabbed by the Don.

It fails to work with the plot – Donna Anna is supposed to only realise later that Don Giovanni is the one who's killed her father etc – but it's nearly brilliant.

What I'd do is project something like the screen of someone using Tindr etc during the overture. With a masked profile picture, the Don is going 'yes' to anything in a skirt, and ends up in text conversation with Donna Anna who says that her fantasy is… But I'd keep the Commendatore being up to some extra-marital sex in the next room.

Alas, that's the highlight. Some of the other ideas – like having Donna Anna's boyfriend, Don Ottavio, be her husband rather than just engaged to her – are pointless and contradict small bits of the plot. Some – like having the statue of the Commendatore be as unlike marble (what they're singing he is) as it's possible to be.. up until he enters the room, when he's a bit marble, but more like the resurrected body – are 'huh?' Another of the latter is the number of doors people go through for no very good reason. Some ideas – like having Don Giovanni attempt to seduce a servant over the phone rather than by standing underneath her window*** – are mostly harmless, but serve to raise a question or two. The call's made from a phone box with a rotary dial, so when is this set?

The final idea – having Don Giovanni escape Hell by sending Leporello in his place – is something I've never seen before, is sort of in character, but only works here in terms of explaining WTF someone looking like Leporello's clone has been pointedly wandering through the scenes throughout: he just replaces Leporello as the servant and it's back to the opening corridor and its stream of walking past, stopping, and… It could work, perhaps, but my favourite ending is still that of the Francesca Zambello production for the ROH, where we see a naked Don in Hell, carrying an equally naked woman.****

The set design – a series of greys and drab olive (taken from tank camouflage paint tins?) – is uninspiring and the rest of the design isn't up to much either, with the exception of having Leporello look like Michael Caine. The English translation is also ok rather than great.

But you could close your eyes and listen to this one, and I'm very glad to have seen it.

Two more performances: Monday and Wednesday. I'd bought a 'secret ticket' – you pay £20 and only find out where you're seated the day before. I'd guessed that it having been at the Tkts booth in Leicester Square for £30 meant that it was likely to be a good seat rather than up in the balcony, and ended up in the middle of the fourth row of the dress circle, normal price £125.

* A quick count says about twelve 'live in theatre' ones, some of which were seen more than once, plus a couple of 'live from..' satellite broadcasts and at least half a dozen on DVD.

** Normally, if the production is badly directed and designed, you can shut your eyes and listen, but even the singing was poor in this one.

*** Best line from any 'outside the window' production was one in the mid-90s: 'This worked quicker at Kensington Palace…' Now Princess Diana is long dead but we've another woman PM, you could have 'Downing Street'.

**** This was the production I paid HOW MUCH to see live and was definitely worth the money. Sky Arts were showing it at one point and it's also available on DVD.

Mirrored from my website's blog, The deranged mad of a brain man.

tcpip: (Default)
[personal profile] tcpip
Nearly every international trip has issues, and for us it was the journey from Freiburg to Geneva. The bus from Freiburg was about ninety minutes late (for a one hour trip). To make matters worse, at Basel discovered that our train tickets had been allocated for the day of purchase, rather than the booked day - a rather expensive problem which I am following up. The journey itself, via Basel and Neuchatel was pleasant enough, as we passed through semi-mountainous countryside with deciduous foliage and small towns. Despite these various problems and a few emails explaining our situation, we made it to Geneva unscathed and eventually made it through to CERN itself where were very well received by Gav and the compute team who gave us a tour of the facilities as well as presentations on the the subject - it even became an "official" CERN event. It was, of course, highly educational in the relatively simplified manner of how the particle physics experiments are conducted and unsurprisingly in the huge quantities of data used.

CERN itself is perhaps the single-most famous scientific institution in the world responsible for two massively important discoveries - W and Z (weak nuclear), antimatter and a Higgs boson. Crossing multiple countries (we walked across the Swiss-French border a few times), it has the feel of a cross between a postgraduate university campus and workshop. This may be obvious enough in terms of personnel (they circulate through international physicists at an notable rate) and the lack of business attire, but is was also particularly evident in resourcing. Expenditure is not on offices or furnishings, which mostly could have easily been cheap fashions from three decades old at least - but rather on the engineering and scientific equipment. Essentially it the world's most expensive "skunkworks" - and it works. Now let that be a message to those who disdain their scruffiness, irreverence, and informalities. Because at the same time, the same culture works with extreme precision, seriousness, and commitment.

Fixing the IoT isn't going to be easy

Oct. 21st, 2016 11:35 pm
[personal profile] mjg59
A large part of the internet became inaccessible today after a botnet made up of IP cameras and digital video recorders was used to DoS a major DNS provider. This highlighted a bunch of things including how maybe having all your DNS handled by a single provider is not the best of plans, but in the long run there's no real amount of diversification that can fix this - malicious actors have control of a sufficiently large number of hosts that they could easily take out multiple providers simultaneously.

To fix this properly we need to get rid of the compromised systems. The question is how. Many of these devices are sold by resellers who have no resources to handle any kind of recall. The manufacturer may not have any kind of legal presence in many of the countries where their products are sold. There's no way anybody can compel a recall, and even if they could it probably wouldn't help. If I've paid a contractor to install a security camera in my office, and if I get a notification that my camera is being used to take down Twitter, what do I do? Pay someone to come and take the camera down again, wait for a fixed one and pay to get that put up? That's probably not going to happen. As long as the device carries on working, many users are going to ignore any voluntary request.

We're left with more aggressive remedies. If ISPs threaten to cut off customers who host compromised devices, we might get somewhere. But, inevitably, a number of small businesses and unskilled users will get cut off. Probably a large number. The economic damage is still going to be significant. And it doesn't necessarily help that much - if the US were to compel ISPs to do this, but nobody else did, public outcry would be massive, the botnet would not be much smaller and the attacks would continue. Do we start cutting off countries that fail to police their internet?

Ok, so maybe we just chalk this one up as a loss and have everyone build out enough infrastructure that we're able to withstand attacks from this botnet and take steps to ensure that nobody is ever able to build a bigger one. To do that, we'd need to ensure that all IoT devices are secure, all the time. So, uh, how do we do that?

These devices had trivial vulnerabilities in the form of hardcoded passwords and open telnet. It wouldn't take terribly strong skills to identify this at import time and block a shipment, so the "obvious" answer is to set up forces in customs who do a security analysis of each device. We'll ignore the fact that this would be a pretty huge set of people to keep up with the sheer quantity of crap being developed and skip straight to the explanation for why this wouldn't work.

Yeah, sure, this vulnerability was obvious. But what about the product from a well-known vendor that included a debug app listening on a high numbered UDP port that accepted a packet of the form "BackdoorPacketCmdLine_Req" and then executed the rest of the payload as root? A portscan's not going to show that up[1]. Finding this kind of thing involves pulling the device apart, dumping the firmware and reverse engineering the binaries. It typically takes me about a day to do that. Amazon has over 30,000 listings that match "IP camera" right now, so you're going to need 99 more of me and a year just to examine the cameras. And that's assuming nobody ships any new ones.

Even that's insufficient. Ok, with luck we've identified all the cases where the vendor has left an explicit backdoor in the code[2]. But these devices are still running software that's going to be full of bugs and which is almost certainly still vulnerable to at least half a dozen buffer overflows[3]. Who's going to audit that? All it takes is one attacker to find one flaw in one popular device line, and that's another botnet built.

If we can't stop the vulnerabilities getting into people's homes in the first place, can we at least fix them afterwards? From an economic perspective, demanding that vendors ship security updates whenever a vulnerability is discovered no matter how old the device is is just not going to work. Many of these vendors are small enough that it'd be more cost effective for them to simply fold the company and reopen under a new name than it would be to put the engineering work into fixing a decade old codebase. And how does this actually help? So far the attackers building these networks haven't been terribly competent. The first thing a competent attacker would do would be to silently disable the firmware update mechanism.

We can't easily fix the already broken devices, we can't easily stop more broken devices from being shipped and we can't easily guarantee that we can fix future devices that end up broken. The only solution I see working at all is to require ISPs to cut people off, and that's going to involve a great deal of pain. The harsh reality is that this is almost certainly just the tip of the iceberg, and things are going to get much worse before they get any better.

Right. I'm off to portscan another smart socket.

[1] UDP connection refused messages are typically ratelimited to one per second, so it'll take almost a day to do a full UDP portscan, and even then you have no idea what the service actually does.

[2] It's worth noting that this is usually leftover test or debug code, not an overtly malicious act. Vendors should have processes in place to ensure that this isn't left in release builds, but ha well.

[3] My vacuum cleaner crashes if I send certain malformed HTTP requests to the local API endpoint, which isn't a good sign

(no subject)

Oct. 21st, 2016 08:20 pm
jeshyr: Blessed are the broken. Harry Potter. (Default)
[personal profile] jeshyr
Help needed! I've been working on a project around self-care for the severely sick folk like me. Most self-care says stuff like "Take a walk, go see a movie, go to a restaurant, take a swim" or similar stuff - none of which I can do as a bedridden person... so I've been making cards with things I *can* do.

I'd love to start a Facebook page to put up what I've been working on but the project needs a name. Originally in my head I've been saying "Spoonie Self-Care" but I'd like to stay away from the "spoon" idea because not everybody who's chronically its identifies with the spoon theory idea. There's a fairly limited set of options, given that it has to be fairly short and fairly self-evident what it means. I don't want to, for example, call them 'Penguin Cards' because nobody can tell what that means unless they already know.

Current favourite idea is "Low-energy self care", partially because Trump thinks that "low energy" is an insult so it must be good. Any better ideas?

view from the hamster wheel

Oct. 20th, 2016 05:11 pm
the_siobhan: (Sweetums)
[personal profile] the_siobhan
This morning I got to have yet another novel medical experience; an ultrasound of my heart. It was kind of uncomfortable because she had to push the wand reallyreally hard on my sternum and diaphragm and one lower left rib and I know I'm going to have some very flowery bruises later. The diaphragm was the only one that really got close to painful. Still, I got to watch and hear my heart beat and that was kind of neat. In movies your heartbeat sounds all bass and important, in real life it swooshes and gurgles. So that was fun.

I can't say that my vacation was very restful. I did manage to sort three boxes of "What the hell is this crap?" into a box to sell, (Mostly action figures. So now when I look at any site with sponsored ads it presents me with actions figures.) a box to scan & file, (95% emptied) and a final box full of things where I have to figure out whether it's worth spending the time to do something with it or just say fuck it and throw it away. Some of the things I put into the "needs more time to decide" box are old notebooks where I wrote story segments all old school, with pen and paper. I need to sit down and go through them and see if some of it might be worth mining for new material. One of them I identified as the old research I did once for a story about a reality show, so that's already been typed up and stored for later.

The point of all this is to get everything out of the storage locker before January when the lease is up for renewal so I don't have to pay any more for it. The boxes-all-over-living room is just the transitional stage. Or so I keep promising myself.

I also got some medical shit out of the way and did a lot of housework. Every time I take time off work I swear I'm not going to waste my time cleaning because it's undone within a week of going back. But then I hit a point where I just can't fucking deal with the squalor any more and I start cleaning anyway. Then I get really pissed off and drink heavily.

So it goes.

However I did get a couple of writing sessions in and it's been cool enough that I was able to do things like exercise and go for walks. So yay for fall.

Now if I can just get caught up at work.
tamaranth: (Default)
[personal profile] tamaranth
2016/52: The Trespasser -- Tana French
I was doing exactly the same thing as Aislinn: getting lost so deep inside the story in my head, I couldn’t see past its walls to the outside world. I feel those walls shift and start to waver, with a rumble that shakes my bones from the inside out. I feel my face naked to the ice-flavoured air that pours through the cracks and keeps coming. A great shiver is building in my back. [loc. 7950]

slightly spoilery maybe )
tcpip: (Default)
[personal profile] tcpip
Second day in Stuttgart involved a visit to the local university, where is the home of the High Performance Computing Centre, which includes a Department of Philosophy of Science and Technology of Computer Simulation. From the latter group I received a summary presentation of each of the research projects. From the main body, attended the large (sixty plus) advanced parallel programming class lead by Dr. Rolf Rabenseifner and a visit, of course, to the data centre. The HPCC is home of one of the most powerful (currently 9th) computer systems in the world; Hazel Hen, a Cray XC40-system - along with the remains of a Cray II. Afterwards took a two hour walk home which was mostly through dense urban forest, a surprisingly delightful detour courtesy of Google Maps recommended path. That evening took the family to Weinstube Froehlich an excellent traditional Swabian restaurant. The lovely Kinder had already received their special present - a couple of Australian Menagerie and all the supplements we could find.

From Stuttgart we caught the dawn bus service to Freiburg im Breisgau, a visit which, alas, all too brief for a single day. We stayed next to the Stadtgarten on the edge of the Albert-Ludwigs-Universität district and the old city. The (often reconstructed) medieval area does feature the extremely impressive Freiburg Minster, a massive high-gothic construction which was first built in the 1100s, then added to successively over the next four hundred years. The internals are quite a sight, almost enough to convert someone if only in recognition of the human effort and creativity involved. The main part of the day of course was a visit to the university HPC centre (consisting of a a tour of the facilities, a long discussion and comparison of differing architecture and management) was very valuable. It is interesting that they are also doing a cloud-HPC hybrid system, albeit with quite a different architecture - which can be summarised as the differences between a chimera and a cyborg. We have a multi-headed system, and they have cloud instances within their compute nodes. I am already seeing several papers coming out and much closer collaboration from these visits.
tamaranth: (Default)
[personal profile] tamaranth
2016/51: A Darker Shade of Magic -- V.E Schwab
Kell wore a very peculiar coat. It had neither one side, which would be conventional, nor two, which would be unexpected, but several, which was, of course, impossible. The first thing he did whenever he stepped out of one London and into another was take off the coat and turn it inside out once or twice (or even three times) until he found the side he needed. [loc. 66]

There are several Londons, in different worlds: the one we might think of as 'ours' is Grey London. Kell, an Antari blood-magician raised as a prince's foster-brother in Red London, is one of the few who has travelled to Grey London (where mad King George III reigns) and White London (the latter a starving post-apocalyptic wasteland) and knows the stories of Black London, destroyed by the magic it embraced. not significantly spoilery )
rbarclay: (stinkefinger)
[personal profile] rbarclay
Seems the SOs credit card details are in the wrong hands. Bank sent a letter informing of this, in the ensuing phone conversation it turned out that someone had placed orders with local outfits (and an .. interesting mix it was: Media Markt, Kleider Bauer, Libro) for ~3k€, complete with "verified by Visa" credentials.

Now to find out where she could've lost a.) the CC details and b.) the extra password (only ever used on her 'droid devices). The latter one seems to rule out it happened on the last vacation. But online ordering stuff that needs shipping, at very much local outfits, pretty much rules out hacked client - the international fraudster gangs ain't dumb enough to get caught via shipping addresses.

Maybe local mule? But their MO is more buying internationally-valid gift cards, and then shipping those.
Anyway, the shipping address should give LE a nice lead to follow.

Please, talk about masturbation

Oct. 19th, 2016 07:14 pm
marnanel: (Default)
[personal profile] marnanel
[I commented this in a discussion about the "birds and the bees" talk. I think it's worth posting separately.] Please, talk about masturbation too, and don't wait until puberty. Here's a (very personal) story I've never told in full before. I discovered masturbation when I was about ten, before I started puberty. Nobody had talked about it, so I didn't know it was normal; I didn't even know there was a word for it. So I worried. About a year later I started puberty and of course I became able to ejaculate. And again, nobody had talked about that. They'd mentioned wet dreams, but never this. So I didn't know it was normal, and I worried. A few months later, I got what I now think was some kind of fungal skin infection. The skin where my pubic hair would soon be growing was alternately red and painful, or dry, cracked, and itchy. For all I knew, this was another weird side-effect of masturbation, like ejaculation. And since nobody had talked about the other stuff, I wasn't comfortable with asking anyone about it. So I put up with the discomfort for months. Even after my pubic hair grew, the rash was still visible and I remember deflecting questions in the changing-rooms after games lessons about whether it was a scar from an operation. All that worry and discomfort could have been avoided. Please, remember to talk about it.
nancylebov: (green leaves)
[personal profile] nancylebov
Discussion of sf which portrays catastrophe as bringing back the Good Old Days

So, who does a good job? For purposes of this discussion, I'm talking about rebuilding which isn't a simple matter of playing out dreams or nightmares, plausibly fits its setting, and doesn't look much like the past.

Offhand, the only one I'm thinking of is Three Parts Dead (seriously alien society after a magical catastrophe), but there must be others.