DebCamp16 day 2
Review wiki RecentChanges since my bookmark.
Usual spam reporting.
Mention microG on #debian-mobile.
Answer pkg-config question on #debian-mentors.
Suggest using UUIDs in response to a debian-arm query.
Reported Debian bug #828103 against needrestart.
A giant yellow SOS crane between the balcony hacklab and a truly misty city.
Locate the 2014 Debian & stuff podcast on archive.org.
Poke the SPARC porters in response to a suggestion on debian-www.
systemctl daemon-reload wrt buildd service changes.
Automate updating some extension lists from check-all-the-things.
Reported wishlist Debian bug #828128 against debsources.
Engage lizard mode! Wish for better display technology.
Nice vegetarian food with nice folks and
interesting discussions with interesting locals.
Polish and release check-all-the-things.
Close bugs I forgot to close in the changelog.
Add link to debian-boot on Debootstrap wiki page.
Notice first mockup of a theme for Debian stretch.
Answer a question about package naming on #debian-mentors.
Discuss the future of cross compilation on Debian.
Notice a talk about FOSSology & update a wiki page.
Mention AsteroidOS and MaruOS on the mobile wiki page.
Contemplate how close to the FSDG Debian might be
and approaches to improving that.
Recent public allegations against Jacob Appelbaum
In recent days, various public allegations have been brought forward against Jacob Appelbaum. The allegations rank from plagiarism to sexual assault and rape.
I find it deeply disturbing that the alleged victims are putting up the effort of a quite slick online campaign to defame Jakes's name, using a domain name consisting of only his name and virtually any picture you can find online of him from the last decade, and - to a large extent - hide in anonymity.
I'm upset about this not because I happen to know Jake personally for many years, but because I think it is fundamentally wrong to bring up those accusations in such a form.
I have no clue what is the truth or what is not the truth. Nor does anyone else who has not experienced or witnessed the alleged events first hand. I'd hope more people would think about that before commenting on this topic one way or another on Twitter, in their blogs, on mailing lists, etc. It doesn't matter what we believe, hypothesize or project based on a personal like or dislike of either the person accused or of the accusers.
We don't live in the middle ages, and we have given up on the pillory for a long time (and the pillory was used after a judgement, not before). If there was illegal/criminal behavior, then our societies have a well-established and respected procedure to deal with such: It is based on laws, legal procedure and courts.
So if somebody has a claim, they can and should seek legal support and bring those claims forward to the competent authorities, rather than starting what very easily looks like a smear campaign (whether it is one or not).
Please don't get me wrong: I have the deepest respect and sympathies for victims of sexual assault or abuse - but I also have a deep respect for the legal foundation our societies have built over hundreds of years, and it's principles including the human right "presumption of innocence".
No matter who has committed which type of crime, everyone deserve to receive a fair trial, and they are innocent until proven guilty.
I believe nobody deserves such a public defamation campaign, nor does anyone have the authority to sentence such a verdict, not even a court of law. The Pillory was abandoned for good reasons.
DebCamp16 day 1
Hating jetlag based headache.
Disturbed to see the Brexit result.
Review wiki RecentChanges.
Answer some questions about Launchpad on #debian-mentors.
Whitelisted one user in the wiki anti-spam system.
Reviewed and sponsored yamllint 1.2.2-1 upload.
Noted OFSET repo is broken and updated Freeduc info.
Noted the Epidemic-Linux website is having database issues.
Noted that Facebook finally completely dropped their RSS
feeds, dropped Facebook RSS feed URL generation
from the Debian derivatives census scripts and
notified the affected derivatives.
Cleared up Tanglu hash sum mismatches again.
Minor changes to Planet Debian derivatives.
Enjoyed the photos from Valessio.
Hazy city away from the mountain and tablecloth clouds
flowing over the mountain on the way to a pub lunch.
Jet lag headaches seem to be subsiding thankfully.
Ping someone generating a bounce when changing their SSH key.
Mention autorevision and other suggestions in an IRC discussion
about mesa & reproducible builds.
Review some DebConf16 announcements and add minor fix.
Push out some TODO items to check-all-the-things.
Ask for a dd-list for the GCC 6 transition.
Usual spam reporting throughout the day via manual List-Archive
copy-paste, feeding mboxen to my
report-spam-debian-bugs scripts and manual BTS clicks.
Usual wondering why there isn't an RFC for MUA spam reporting.
Disturbed by the sudden appearance of an astronautess in the
orga room but placated by a plentiful supply of crisps.
Ask x32 folks about debian-x32.org vs x32 on ports.d.o.
Glad to just avoid the room shuffle dance.
Finish mime support for check-all-the-things.
Disappointed that piz.za does not actually resolve.
Amused by pollito's virtual tour of UTC.
Completely stuffed full of Butleritos.
I was reading this two days ago. It needs saying today.
DebCamp16 day 0
Today is officially the first day of DebCamp 2016. The night wasn't as cold as I had feared. Woke at 5am for some reason. Noted the network still blocks port 6697 and 7000, worked around in IRC client configuration using 9999. Reply to network discussion to point that out. Minor changes to the empathy Debian RTC wiki page. Answer firstname.lastname@example.org bug email about shared company OpenPGP keys and suggest moving to individual keys. Review wiki RecentChanges. Comment on NetworkManager upstream bug #705545 that MAC address privacy is a complicated feature with many use cases. Warn another person that reporting Alioth to SpamCop does nothing and link to the unsubscription URL. Talk to Brown about IP address conflict sparc64 porters found with the setup of notker (sparc64 build machine). Filed Debian wishlist bug #827944 against at asking for support for using an editor to write at jobs. Woke up properly, discussed spam over breakfast. Notice Point Linux in the Distrowatch feed and invite them to the derivatives census. Point out reproducible builds in a discussion about source-only uploads. Commented that I encountered evolution upstream crash bug #680471 again. Reported gnome-shell upstream crash bug #767969. Joined the tour around the campus, enjoyed the view from the outdoor hacklab at the top of the hill. Confirmed that "Monkey Gland" from the pub menu is not in fact derived from monkeys in any way. Noted that Pollito did not eat chicken from the buffet. Beat head against VPN/SIP/WebRTC for a while but oncoming jetlag put me out of business for some hours. Pointed out the future Packages.gz removal in favour of Packages.xz to the popcon developers.
the Holy Spirit versus cardboard
A story I was told at St Mark’s, a “high” Anglican church:
St Mark’s has a rather large contingent of de jure Roman Catholics in its congregation, who argued with the local parish priest or the Vatican and just decamped down the road. Many times this only gets discovered when they die and ask for their ashes to be interred in St Mark’s columbarium, whereupon the local RC priest turns up and objects.
So after this had happened a few times, they agreed that a small part of the columbarium would be dedicated as a RC burial place. And so that God wouldn’t get confused, they put a cardboard divider between them.
The person telling me this story concluded, “So apparently cardboard can block the Holy Spirit, just like alpha particles… wait. Don’t mitres have cardboard inside to keep the shape? I think we’ve discovered something here…”This entry was originally posted at http://marnanel.dreamwidth.org/371398.html. Please comment there using OpenID.
DebCamp16 day -1
Landed late due to technical delays. Mountains! Mountains are everywhere! Beautiful sunny day with clear blue skies. Ran into Valessio as I was shown to my room. Wandered around the campus for a bunch of hours. Ate an all you can eat yum buffet lunch at the pub. Wandered down the hill and ended up on the train and wandering around a lake with lilies in a park. Arriving back at UCT we ran into a beer mission along with some wonderful arriving folks. The warm DebConf nervous centre was quite inviting and soon had plentiful beer, pizza and discussion.
I've bought some more awful IoT stuff
I bought some awful WiFi lightbulbs a few months ago. The short version: they introduced terrible vulnerabilities on your network, they violated the GPL and they were also just bad at being lightbulbs. Since then I've bought some other Internet of Things devices, and since people seem to have a bizarre level of fascination with figuring out just what kind of fractal of poor design choices these things frequently embody, I thought I'd oblige.
Today we're going to be talking about the KanKun SP3, a plug that's been around for a while. The idea here is pretty simple - there's lots of devices that you'd like to be able to turn on and off in a programmatic way, and rather than rewiring them the simplest thing to do is just to insert a control device in between the wall and the device andn ow you can turn your foot bath on and off from your phone. Most vendors go further and also allow you to program timers and even provide some sort of remote tunneling protocol so you can turn off your lights from the comfort of somebody else's home.
The KanKun has all of these features and a bunch more, although when I say "features" I kind of mean the opposite. I plugged mine in and followed the install instructions. As is pretty typical, this took the form of the plug bringing up its own Wifi access point, the app on the phone connecting to it and sending configuration data, and the plug then using that data to join your network. Except it didn't work. I connected to the plug's network, gave it my SSID and password and waited. Nothing happened. No useful diagnostic data. Eventually I plugged my phone into my laptop and ran adb logcat, and the Android debug logs told me that the app was trying to modify a network that it hadn't created. Apparently this isn't permitted as of Android 6, but the app was handling this denial by just trying again. I deleted the network from the system settings, restarted the app, and this time the app created the network record and could modify it. It still didn't work, but that's because it let me give it a 5GHz network and it only has a 2.4GHz radio, so one reset later and I finally had it online.
The first thing I normally do to one of these things is run nmap with the -O argument, which gives you an indication of what OS it's running. I didn't really need to in this case, because if I just telnetted to port 22 I got a dropbear ssh banner. Googling turned up the root password ("p9z34c") and I was logged into a lightly hacked (and fairly obsolete) OpenWRT environment.
It turns out that here's a whole community of people playing with these plugs, and it's common for people to install CGI scripts on them so they can turn them on and off via an API. At first this sounds somewhat confusing, because if the phone app can control the plug then there clearly is some kind of API, right? Well ha yeah ok that's a great question and oh good lord do things start getting bad quickly at this point.
I'd grabbed the apk for the app and a copy of jadx, an incredibly useful piece of code that's surprisingly good at turning compiled Android apps into something resembling Java source. I dug through that for a while before figuring out that before packets were being sent, they were being handed off to some sort of encryption code. I couldn't find that in the app, but there was a native ARM library shipped with it. Running strings on that showed functions with names matching the calls in the Java code, so that made sense. There were also references to AES, which explained why when I ran tcpdump I only saw bizarre garbage packets.
But what was surprising was that most of these packets were substantially similar. There were a load that were identical other than a 16-byte chunk in the middle. That plus the fact that every payload length was a multiple of 16 bytes strongly indicated that AES was being used in ECB mode. In ECB mode each plaintext is split up into 16-byte chunks and encrypted with the same key. The same plaintext will always result in the same encrypted output. This implied that the packets were substantially similar and that the encryption key was static.
Some more digging showed that someone had figured out the encryption key last year, and that someone else had written some tools to control the plug without needing to modify it. The protocol is basically ascii and consists mostly of the MAC address of the target device, a password and a command. This is then encrypted and sent to the device's IP address. The device then sends a challenge packet containing a random number. The app has to decrypt this, obtain the random number, create a response, encrypt that and send it before the command takes effect. This avoids the most obvious weakness around using ECB - since the same plaintext always encrypts to the same ciphertext, you could just watch encrypted packets go past and replay them to get the same effect, even if you didn't have the encryption key. Using a random number in a challenge forces you to prove that you actually have the key.
At least, it would do if the numbers were actually random. It turns out that the plug is just calling rand(). Further, it turns out that it never calls srand(). This means that the plug will always generate the same sequence of challenges after a reboot, which means you can still carry out replay attacks if you can reboot the plug. Strong work.
But there was still the question of how the remote control works, since the code on github only worked locally. tcpdumping the traffic from the server and trying to decrypt it in the same way as local packets worked fine, and showed that the only difference was that the packet started "wan" rather than "lan". The server decrypts the packet, looks at the MAC address, re-encrypts it and sends it over the tunnel to the plug that registered with that address.
That's not really a great deal of authentication. The protocol permits a password, but the app doesn't insist on it - some quick playing suggests that about 90% of these devices still use the default password. And the devices are all based on the same wifi module, so the MAC addresses are all in the same range. The process of sending status check packets to the server with every MAC address wouldn't take that long and would tell you how many of these devices are out there. If they're using the default password, that's enough to have full control over them.
There's some other failings. The github repo mentioned earlier includes a script that allows arbitrary command execution - the wifi configuration information is passed to the system() command, so leaving a semicolon in the middle of it will result in your own commands being executed. Thankfully this doesn't seem to be true of the daemon that's listening for the remote control packets, which seems to restrict its use of system() to data entirely under its control. But even if you change the default root password, anyone on your local network can get root on the plug. So that's a thing. It also downloads firmware updates over http and doesn't appear to check signatures on them, so there's the potential for MITM attacks on the plug itself. The remote control server is on AWS unless your timezone is GMT+8, in which case it's in China. Sorry, Western Australia.
It's running Linux and includes Busybox and dnsmasq, so plenty of GPLed code. I emailed the manufacturer asking for a copy and got told that they wouldn't give it to me, which is unsurprising but still disappointing.
The use of AES is still somewhat confusing, given the relatively small amount of security it provides. One thing I've wondered is whether it's not actually intended to provide security at all. The remote servers need to accept connections from anywhere and funnel decent amounts of traffic around from phones to switches. If that weren't restricted in any way, competitors would be able to use existing servers rather than setting up their own. Using AES at least provides a minor obstacle that might encourage them to set up their own server.
Overall: the hardware seems fine, the software is shoddy and the security is terrible. If you have one of these, set a strong password. There's no rate-limiting on the server, so a weak password will be broken pretty quickly. It's also infringing my copyright, so I'd recommend against it on that point alone.
Why I'm voting Remain
If I had to choose either Strasbourg or Westminster to run this country, I'd choose Strasbourg. It has a better separation of powers. Someone asked what I mean by that, so I'll explain more fully.
A bit of civics background-- sorry if you know this already: There are three branches to every government: the legislature which makes laws, the executive which implements those laws, and the judiciary which deals with people who break them. In a carefully-designed system such as the American federal government, the three branches act as checks on one another's power. (In the US, executive=President, legislature=Congress, judiciary=federal courts.) This means that it's much more difficult for one or two people to fuck up the system.
But in the UK and the EU we don't have a complete separation of powers. In particular in the EU we have the executive (the Commission) having the sole power to propose bills to the legislature (the Parliament). This is undemocratic, and it's a problem. The legislature can veto bills, so it acts as a check on the power of the executive. But it cannot act alone.
In the UK, however, the problem is even worse. In our case executive=Downing Street, legislature=Parliament, judiciary=courts. Parliament was originally a check on the power of the King (when the King was the executive). But for the last few centuries, the Crown's ministers have effectively been the executive, and these ministers are always drawn from Parliament. A PM must necessarily almost always be able to order Parliament to do anything they wish, because they must belong to the majority party in the Commons, and MPs almost always vote as the whips tell them to.
So if for example we happened to get someone as PM who was determined to starve the poor and destroy the NHS, there's nobody at all who can stand up to him. In the US or in France it's routine for the legislature to say no to the executive (and vice versa). But it's near-impossible in the UK.
...there is, at present, one organisation which can say no to the PM.
That organisation is the EU.
That is why I'm voting Remain.
This entry was originally posted at http://marnanel.dreamwidth.org/371177.html. Please comment there using OpenID.
（最初刊载于《华侨日报 文艺副刊》 第二期，1944年2月6日）
please do not press this button again
I was once in a psychiatrist's waiting room and they had a coffee machine with enough buttons to belong to Captain Picard. You know the sort of thing-- buttons for white coffee, black coffee, cappucino, hot chocolate, and so on and on. But one of them was unlabelled, and THAT was the one I wanted.
It took a while to brew me a cup. When it had cooled, I took a sip. The stuff was utterly foul-- like a sort of hot instant coffee made with lemons and ammonia. I can still taste it in memory.
Just then, the psychiatrist arrived, and asked what I was grimacing about. I explained the story and showed him the button. "Right," he said. "That's the self-cleaning function."
This entry was originally posted at http://marnanel.dreamwidth.org/370903.html. Please comment there using OpenID.
The Physical Web. Yeah, thats a good idea.
In the last week I've discovered the Physical Web from google, and I'm sold on the idea. Apart from the "what's around here" geeky stuff, it's a great idea for sensible 'distant' digital signage. For example, $dayjob is at the Pawsey Supercomputing Centre, but we don't plaster our URL over the visitor area - what if guests could be gently prompted to the right URL by beacon?
Again tonight (while watching WASO play the Indiana Jones score) I noticed a set of three A3 posters explaining to users of another part of the conference centre how to connect to wifi and download <exhibit> app. This isn't even Scott Jensen's complaint of a 'dos prompt on the browser' - it's more a dig out the index card from the library, then go to the dos prompt...
猴年马月 述诗情。。。in solidarity with victims of Orlando shooting
茅境 在 寒山小径 发贴
每到六月／总有些人要哭泣／ 在没有性别的夜里／ 有些叮当响的树叶／ 在地上跌碎。
痛苦总要找到归宿的／ 从一扇敞开的门到另一扇敞开的门／ 一直走到冷冷清清的六月／ 走到属于放浪者的夜里。
当世界一片漆黑／ 黑得象老蜈蚣的后背／ 水也深得发黑／ 所有的光被吞入／ 甚至足以吞没整个太阳。
你还会狠狠地挖掘／ 每一块煤中贮存的太阳吗？／ 你还会让黑眼睛发出／ 萤火虫一样的冷光吗？
把这扇门关上／ 让想来的在此回头／ 让想走的永远绝望／
刀中的光，映出砺石的纹路／ 象指纹一样永恒／ 而刀，只是悲哀地听着／ 从耳边吹过的一阵风。
那只空心的玻璃杯／ 骤然收缩／ 但是，一声或许要震耳欲聋的破碎声／ 被无形的绞索勒住／ 只发出乌龟临死前的吱的一声。
直到一种声音占据了这个六月／ 直到六月象海里的章鱼张开肉须／ 直到所有的哭泣声象浪花飞溅／ 直到火盆里的炭火烤焦了／ 六月的根。
六月，是梦游者的六月／ 我们买票进入／ 尘埃满地的六月／ 遍地是六月的碎片／ 零零落落。
所有从六月盗窃的财物／ 在废墟中躲藏／ 六月的石榴树／ 枝叶疯狂。
I am in thep process of translating it into English to express my personal solidarity to victims of Orlandor shooting.
According to one media report I read, Shooter's father said, 'this has nothing to do with Islam!'. Do I believe him? Usually father knows his son the best, yes?
Yet it has everything to do with religion and identity politics. What is identity politics? A friend of mine on WeChat asked. She believed it's the failure of American Foreign policy that come to haunt all of us, living in America.
This Sunday, I heard Sermon of 2 Samuel 11:26-12:10, 13-15. It was hard for me to take in the message:
King David said to prophet Nathan, "I have sinned against the Lord." Nathan said to David, "Now the Lord has put away your sin; you shall not die. Nevertheless, because by this deed you have utterly scorned the Lord, the child that is born to you shall die."
This is the God of Old Testament. Then Christians have the new Testament, God send his very own son to die for all others' sin ... Identity Poltics started RIGHT THERE !
Do we have Identity Politics in China? How many of you remember our fable 为虎作伥 ？Not just the idiom but the whole story and how it has blend into people's psyche ?
Can you spot the Tiger in Orlando shooting? Is it Foreign Policy? Is it Islamic Belief? Is it the Father, is it the son? Why gay club?
I am trying to explain the whole story 为虎作伥 to an American friend... On the first hearing, he said, 'As always, your story makes utterly no sense to me... All those ghosts cried for Tiger when it was killed by a righteous and courageous young person in the end ? ' ... After a second and third reading and our dialogue developed, he exclaimed, "If you ask me, I would say, the Tiger in Orlando shooting is THE prevailing 'American Value'!
I was surprised by his conclusion. How could it be? What is prevailing American value? Gun ownership? Freedom of speech and freedom of love the same sex lead to freedom of shooting people? As my friend protested, the shooter could very well start his rampage right in the Disneyland. If there is prevailing values, is there hidden values that I know nothing about, having lived in my adopted country close to a quarter of century? What those protected values pointing to? A set of inalienable rights and more perfect union of all men, under one God? Does it take an American to know American value and its downside of it? Does it take a Christian to know Christ's salvation ? Does it take a Muslim to propogate Peace at the border of Afganistan and Pakistan, as the father believed?
I'll leave the question to you all. What is the Tiger in the most recent shooting in Orlando. And if the shooter shoots 49 tigers, do you think his sin would be less or more in the Creator's eye? And if my American friend believed that Tiger is 'prevailing American value', I would propse that Tiger is 普遍的思想僵化. We get used to allow our representatives, politicians to direct our life with other people more than we CAN grant the benefit of doubt to other way of life, no matter how alien that other way of life is to our own upbringing and our own patterns of thoughts, and mostly our own fear of living a life without much meaning in it.
Thank you for reading.
We show up
It’s really common for pitches to managements within companies about Linux kernel upstreaming to focus on cost savings to vendors from getting their code into the kernel, especially in the embedded space. These benefits are definitely real, especially for vendors trying to address the general market or extend the lifetime of their devices, but they are only part of the story. The other big thing that happens as a result of engaging upstream is that this is a big part of how other upstream developers become aware of what sorts of hardware and use cases there are out there.
From this point of view it’s often the things that are most difficult to get upstream that are the most valuable to talk to upstream about, but of course it’s not quite that simple as a track record of engagement on the simpler drivers and the knowledge and relationships that are built up in that process make having discussions about harder issues a lot easier. There are engineering and cost benefits that come directly from having code upstream but it’s not just that, the more straightforward upstreaming is also an investment in making it easier to work with the community solve the more difficult problems.
Fundamentally Linux is made by and for the people and companies who show up and participate in the upstream community. The more ways people and companies do that the better Linux is likely to meet their needs.
The Social Stack: what’s in and what’s out at the various layers
Ritual to read to each other
by William Stafford
If you don't know the kind of person I am
and I don't know the kind of person you are
a pattern that others made may prevail in the
and following the wrong god home we may miss
For there is many a small betrayal in the mind,
a shrug that lets the fragile sequence break
sending with shouts the horrible errors of
storming out to play through the broken dike.
And as elephants parade holding each
but if one wanders the circus won't find the
I call it cruel and maybe the root of all cruelty
to know what occurs but not recognize the fact.
And so I appeal to a voice, to something
a remote important region in all who talk:
though we could fool each other, we should
lest the parade of our mutual life get lost in the
For it is important that awake people be awake,
or a breaking line may discourage them back to
the signals we give — yes or no, or maybe —
should be clear: the darkness around us is deep.
The Ritual to Read to each other
所有信誓旦旦的人 是非多寡 务必言从心镜：
( 叶子 译 June 2016)
Do not go gentle into that good night
Do Not Go Gentle into That Good Night
Do not go gentle into that good night,
Old age should burn and rave at close of day;
Rage, rage against the dying of the light.
Though wise men at their end know dark is right,
Because their words had forked no lightning they
Do not go gentle into that good night.
Good men, the last wave by, crying how bright
Their frail deeds might have danced in a green bay,
Rage, rage against the dying of the light.
Wild men who caught and sang the sun in flight,
And learn, too late, they grieved it on its way,
Do not go gentle into that good night.
Grave men, near death, who see with blinding sight
Blind eyes could blaze like meteors and be gay,
Rage, rage against the dying of the light.
And you, my father, there on that sad height,
Curse, bless, me now with your fierce tears, I pray.
Do not go gentle into that good night.
Rage, rage against the dying of the light.
A short 2009 article about Microsoft's group with responsibility for spellchecking that mentions the calendar/calender masking problem. Sometimes you probably do want correctly spelled words to be flagged.
Be wary of heroes
Inspiring change is difficult. Fighting the status quo typically means being able to communicate so effectively that powerful opponents can't win merely by outspending you. People need to read your work or hear you speak and leave with enough conviction that they in turn can convince others. You need charisma. You need to be smart. And you need to be able to tailor your message depending on the audience, even down to telling an individual exactly what they need to hear to take your side. Not many people have all these qualities, but those who do are powerful and you want them on your side.
But the skills that allow you to convince people that they shouldn't listen to a politician's arguments are the same skills that allow you to convince people that they shouldn't listen to someone you abused. The ability that allows you to argue that someone should change their mind about whether a given behaviour is of social benefit is the same ability that allows you to argue that someone should change their mind about whether they should sleep with you. The visibility that gives you the power to force people to take you seriously is the same visibility that makes people afraid to publicly criticise you.
We need these people, but we also need to be aware that their talents can be used to hurt as well as to help. We need to hold them to higher standards of scrutiny. We need to listen to stories about their behaviour, even if we don't want to believe them. And when there are reasons to believe those stories, we need to act on them. That means people need to feel safe in coming forward with their experiences, which means that nobody should have the power to damage them in reprisal. If you're not careful, allowing charismatic individuals to become the public face of your organisation gives them that power.
There's no reason to believe that someone is bad merely because they're charismatic, but this kind of role allows a charismatic abuser both a great deal of cover and a great deal of opportunity. Sometimes people are just too good to be true. Pretending otherwise doesn't benefit anybody but the abusers.
Netflix and Hurricane Electric's IPv6 service
For a few years now, I've used Hurricane Electric to get a native IPv6 tunnel to the internet. I've also been using Netflix streaming since it was first introduced. Life was good.
Netflix, on behest of its content suppliers, has started to crack down on folks using VPNs or proxys, because they're often used to work around artificial geographical restrictions.
A day or two, that blocked proxy list grew to include Hurricane Electric's IPv6 service, which I make heavy use of. Despite a US billing address, being physically located in the US, and using a US tunnel endpoint, Netflix treats me as an eeeevil bad person.
Their only advice is "disable your proxy", which is not an option as I have IPv6-attached servers that need to remain online.
Netflix's applications don't provide a way to utilize IPv4 only, which basically means I had to figure out a way to force netflix traffic to travel over IPv4. Ideally, I'd block the IPv6 AAAA dns lookups, but there's no simple way to do that.
However, one can just null-route the entire Netflix IPv6 address range:
ip -6 route add blackhole 2406:DA00:FF00::/48
This will, after a little delay, cause Netflix to fall back to using IPv4, and all is well.
Ironically, being able to avoid this sort of BS is one of the reasons why Netflix was such a compelling service, but the balance is tilting back towards piracy providing a better overall user experience. Part of me hopes that the stats show a nice correlation between making legal services less useful and piracy rates going back up.
Addendum: About a year ago, my ISP (Comcast Business) rolled out native IPv6 service which by all acconts works quite well. Unfortunately, they don't offer a static IPv6 allocation, which renders the whole thing useless for my needs.
Tech Tip: Checking the Latest Build in Travis CI
If you are using Travis CI, you can check the latest build after a failed build by going to the “Build History” tab in your project’s main page (= https://travis-ci.org/shlomif/fc-solve or equivalent), and selecting the new commit.
Copyright by Shlomi Fish, 2016.
Civic Republicanism by Iseult Honohan
The School of Athens by Raphael
In 2013, I wrote a review of the excellent book, Common as Air by Lewis Hyde, about the history of the commons. I became interested in learning more about the history of “Civic Republicanism” while reading that book, which touches on the relationship of republicanism to pursuit of the common good. In later correspondence with Lewis, I asked for a recommendation on a good general book on the concept. He recommended Civic Republicanism by Iseult Honohan. So I picked it up from Amazon and it sat in my reading queue until recently. Now I’ve read it and it’s time to write a review.
To start off, let’s clear up some terms. A “republic” is likely a form of government you remember from high school or college. We’re interested in a particular type of republic known as a “Civic Republic” – that is, a form of government in which citizens rule themselves either directly or through representative leaders. If you live in the United States, you are familiar with the basics of a civic republic because it’s the system on which our country is based. It’s also important to point out that the terms republican and republicanism have absolutely nothing to do with the modern American right-wing Republican political party. When founded in 1854 by anti-slavery activists, the political party took its name from the idea of republicanism and originally advocated principles of republicanism and classic liberalism. Over the years it abandoned those principles, shifting right towards conservatism as the Democratic party shifted left towards modern liberalism. Eventually, the two parties reversed their original positions. More recently, the Republican political party seems to have broken into factions that advocate theocracy, plutocracy, or authoritarian nationalism. Ironically, republicanism is anathema to modern Republicans. The author is not an American and the book doesn’t address this difference between republicans and Republicans, which can lead to some confusion if the reader is unaware of it.
I read Civic Republicanism shortly after reading Steven Pinker’s enjoyable book, The Sense of Style. Unfortunately, this made me more aware than I might otherwise have been that Civic Republicanism is rife with examples of the problems Pinker describes in academic writing including “highfalutin gobbledygook”, overly abstract metaconcepts, and the curse of knowledge. It’s a hard book to read and definitely not an enjoyable way to pass the time. I found myself having to re-read paragraphs and sometime single sentences several times to work out what the author was trying to say. Here are a couple of random sample sentences from an early section of the book describing Aristotle’s views:
Because people are naturally undetermined as wholly good or wholly bad, but develop their character through acting, the social and political relationships in which they live are crucial to their possibility of self-realisation
Moreover, the hierarchical division of human nature means that the obligations of citizens to anyone outside the political community are very limited.
Decoding 300 pages of that sort of writing takes a bit of work! That’s the bad news about the book.
The good news is that it does provide an excellent survey of the major historical thinkers on republicanism including Aristotle, Cicero, Machiavelli, Harrington, Rousseau, Wollstonecraft, and Madison (who designed our republic). It also covers modern political philosophers’ attempts to bring republicanism into the 21st century to compete with the currently more popular ideas of modern liberalism on the left (what we in the US might call “direct democracy” or “universal democracy”) and nationalism on the right (basically the modern Republican Party in the US – think flag waving, patriotism, belief in exceptionalism). The book is divided into two parts, the historical overview and the modern debates. The book does a good job of laying out the evolution of republicanism and points the way to all the original material if you have the time to pursue it.
The basics of a republic seem pretty simple. You get some people together, form a community, agree on rules for self-government and go to it. Generally, the goals are to maximize individual freedom while collectively pursuing common goods. If you want your republic to survive, it must have the qualities of civic virtue, political participation, personal and political freedom, equal political recognition, and equality of wealth. All the philosophers agree that a republic cannot survive long if there is corruption (a lack of civic virtue), lack of participation, or unequal distribution of wealth. So my earlier comment about the Republican political party having nothing to do with republicanism should be further clarified now. Their policy choices are a recipe for destroying a republic by maximizing wealth inequality and stamping out civic virtues.
Nothing is that simple of course and where our philosophers disagree is over the exact definitions of each of the desired qualities and the relative importance of each. For example, is freedom the complete lack of government coercion? To live in a community is to be interdependent on each other under the rule of law. But even if we make our own law, we must be subject to it. Does that limit our freedom or is the law an expression of our freedom? When Odysseus begs his crew to untie him as he listens to the siren song, does the crews’ lack of compliance indicate that Odysseus is not free? It was his own order that he be tied and that the crew refuse any plea to untie him until they are safely past the sirens. If citizens of a republic agree to jointly fund some common good through the collection of taxes, does being coerced later to fulfill that obligation represent a lack of freedom or an expression of the freedom?
Who should be counted as citizens of a republic? This was another question that evolved over time. Aristotle would have excluded women, slaves, young men, and many others. The circle of citizenship gradually expands with time. Eventually Wollstonecraft includes women, making republics encompass nearly everyone in time for Madison to pick up the idea and run with it.
What is the exact nature of civic virtue and corruption? Corruption as thought of in republicanism may seem non-intuitive to a modern reader. Today we think of corruption as a problem with politicians but in a republic, corruption is the problem of citizens who place their private interests above those of the common good or community interests, so political corruption is merely a subset of a larger problem. The citizen who avoids paying a fair share of taxes, who out of greed tries to influence politicians, citizens who avoid jury duty, voting, or participation in local government – those are the forms of corruption that will eventually destroy even the strongest republic.
What are the common goods that a republic should seek? There’s more agreement on this one. Common goods include building infrastructure such as roads, maintaining military strength for defensive purposes, providing universal education, and any other long term goals that are the will of the citizens and from which all citizens benefit such as protecting the environment, scientific research, universal healthcare.
The problem of wealth distribution is particularly interesting given our modern situation in the United States. Historical republicans from Aristotle to Madison would not be surprised to see the Occupy Wall Street movement given that corruption has resulted in so much of our nation’s wealth becoming concentrated in a tiny percentage of the population, a condition which is fatal to republics. For a good explanation of how wealth inequality became so severe in the US, see the excellent documentary by the economist Robert Reich called Inequality for All.
The sheer size of the Unites States would have presented problems to the earliest republicans, but not Madison. His improvements included the idea of a multi-level government that broke citizen participation into local, state, and federal levels. He added the concept that “representation” could be a partial substitute for participation in government among those who were incompetent to participate or merely apathetic. He dropped an idea held by earlier theorists that a republic needed a common religion or a religious test for participation in government, thus allowing a republic with the added freedom that a citizen could choose any religion or none. With these improvements, Madison hoped the United States could defy the expectations of earlier republicans that all large republics were doomed to fail.
Finally, how about a personal anecdote to take this from theory to practice.
On 23 May, 1745, an ancestor of mine, John Rainwater, went to the Edgecomb County, North Carolina court in order to record a deed. He came home having been appointed by the court to provide room and board to a fellow named John Jones who was overseeing the construction of a road through the county. It’s likely John Rainwater was appointed merely because of his presence in the court that day. Being a citizen of a republic who strove to exhibit civic virtue, he fulfilled his obligation because it promoted a common good from which he and others in his community would benefit. Can you imagine being asked to contribute towards a modern road construction project by hosting a construction foreman? We have little civic virtue left in this country. I have some conservative friends who believe what was once known as civic virtue is “government intrusion” on their freedom. They believe paying taxes is equivalent to the government taking their money (or even “stealing” their money). They not only wouldn’t be willing to contribute their time or money to building a road that benefits the community, they often actively oppose the very concept of the government pursuing any common good (e.g. roads, public schools, protecting our common environment).
Civic virtue remains as an idealistic goal for many but often a goal they hope someone else will achieve for them. Aristotle, Cicero, Rousseau, Wollstonecraft, Madison agree – all citizens in a republic should participate directly. Paying taxes is essential but not enough. Citizens need to learn how their government works and take part in it. Run for public office; volunteer for military service; take a civil service job; volunteer for a community board; join a CERT team; become a civic hacker. Today there are an endless number of ways to participate on many different levels of government.
I was inspired to join an Advisory Board in my hometown of Irving, TX. Coming from the business world, I had to adjust to the slower pace of government. But having been involved for over a year now, I’m beginning to see that what I’m doing is really making a difference. Ideas I’ve initiated have wound their way through city government and slowly taken effect. Here’s one way to look at it. If you’re like me, you’ve probably wasted hours of your life arguing politics online. No real change ever comes from those arguments. Instead, devote that time to learning about and participating in your local government. It’s a simple reallocation of your time that will result in less stress and real changes for the better.
[blood, guns, Islamophobia]
February 2016: Trump tells (untrue) story about General Pershing stopping terrorism by shooting Muslims with bullets dipped in pig blood. http://www.politifact.com/truth-o-meter/statements/2016/feb/23/donald-trump/donald-trump-cites-dubious-legend-about-gen-pershi/
May 2016: Texans are dipping their bullets in pig blood. http://www.independent.co.uk/news/world/americas/texas-men-train-to-shoot-muslims-and-dip-bullets-in-pig-blood-so-victims-go-straight-to-hell-a7053086.html
This entry was originally posted at http://marnanel.dreamwidth.org/369631.html. Please comment there using OpenID.
Oryx and Crake
|I bought this book ages ago, on the recommendation of a friend (I don't remember who), but I only just got around to reading it. Its a hard book to read in places -- its not hopeful, or particularly fun, and its confronting in places -- especially the plot that revolves around child exploitation. There's very little to like about the future society that Atwood posits here, but perhaps that's the point.
Despite not being a happy fun story, the book made me think about things like genetic engineering in a way I didn't before and I think that's what Atwood was seeking to achieve. So I'd have to describe the book as a success.
Tags for this post: book margaret_atwood apocalypse genetic_engineering
Related posts: The Exterminator's Want Ad; Cyteen: The Vindication; East of the Sun, West of the Moon; The White Dragon; Runner; Cyteen: The Betrayal
Algunos recursos de investigación sobre calidad del software aplicada a proyectos de software libre
Con la excusa de responder a una solicitud de información sobre este tema he preparado un repaso, informal e incompleto, OjO, de recursos relacionados que tenía en mente. Y ya puestos lo cuelgo en el blog. Aquí está.
Here I am casually using GDB with Infinity
However he was leading an active social life. Tennyson met him in 1850 and recorded how while another guest fell downstairs and broke his arm, "Old Landor went on eloquently discoursing of Catullus and other Latin poets as if nothing had happened". Thomas Carlyle visited him and wrote "He was really stirring company: a proud irascible, trenchant, yet generous, veracious, and very dignified old man". In 1851 Landor expressed interest in Church reform with a pamphlet "Popery, British and Foreign", and Letters to Cardinal Wiseman. He published various other articles in The Examiner, Fraser's Magazine and other journals. During the year he learnt of the death of his beloved Ianthe and wrote in tribute to her.
Sophia! whom I seldom call'd by name,
And trembled when I wrote it; O my friend
Severed so long from me! one morn I dreamt
That we were walking hand in hand thro' paths
Slippery with sunshine: after many years
Had flown away, and seas and realms been crost,
And much (alas how much!) by both endured
We joined our hands together and told our tale.
And now thy hand hath slipt away from mine,
And the cold marble cramps it; I dream one,
Dost thou dream too? and are our dreams the same?
In 1853 he published the collected "Imaginary Conversations of the Greeks and Romans" which he dedicated to Dickens. Dickens in this year published "Bleak House" which contained the amazingly realistic characterisation of Landor as Boythorn. He also published "The Last Fruit off an Old Tree", containing fresh conversations, critical and controversial essays, miscellaneous epigrams, lyrics and occasional poems of various kind and merit, closing with Five Scenes on the martyrdom of Beatrice Cenci. Swinburne described these as "unsurpassed even by their author himself for noble and heroic pathos, for subtle and genial, tragic and profound, ardent and compassionate insight into character, with consummate mastery of dramatic and spiritual truth." At this time Landor was interesting himself in foreign affairs, in particular Czarist oppression as he saw it and Louis Napoleon. At the end of 1854 his beloved sister Elizabeth died and he wrote a touching memorial.
"Sharp crocus wakes the froward year;
In their old haunts birds reappear;
From yonder elm, yet black with rain,
The cushat looks deep down for grain
Thrown on the gravel-walk; here comes
The redbreast to the sill for crumbs.
Fly off! fly off! I can not wait
To welcome ye, as she of late.
The earliest of my friends is gone.
Alas! almost my only one!
The few as dear, long wafted o'er,
Await me on a sunnier shore."
In 1856 at the age of 81 he published Antony and Octavius: Scenes for the Study, twelve consecutive poems in dialogue, and "Letter to Emerson", as well as continuing Imaginary Conversations.
美术家·杨淑卿［1934—2006］ 女, 台湾人。1954年毕业于中央美术学院雕塑系，1956年毕业于中央美术学院雕塑系研究生班，后在中央美院雕塑艺术创作研究所从事创作工作。生前为该创作研究所研究员、中国美术家协会会员。主要作品有《姐妹》、《春》、《泼水节》、《蓓蕾》、《生命之树》、《舞影婆娑》、《延河情》等，其中《姐妹》、《春》为中国美术馆收藏。
QoTD: Walt Mossberg
But we were seated next to the head of this
advertising company, who said to me something like,
'Well, I really always liked AllThingsD and in your
first week I think Recode's produced some really
interesting stuff.' And I said, 'Great, so you're going
to advertise there, right? Or place ads there.' And he
said, 'Well, let me just tell you the truth. We're
going to place ads there for a little bit, we're going
to drop cookies, we're going to figure out who your
readers are, we're going to find out what other
websites they go to that are way cheaper than your
website and then we're gonna pull our ads from your
website and move them there.'
Flattening Circular Buffers
A few weeks ago I discovered TPCircularBuffer, a circular buffer implementation for Darwin operating system implementations, including Mac OS X and iOS. Now, I’ve implemented circular buffers before, so I though there wasn’t much need for yet another circular buffer implementation (let alone one specific to iOS), until I noticed something very interesting in the code.
A trick TPCircularBuffer uses is to map two adjacent memory blocks to the same buffer. The buffer holds the actual data, and the virtual memory manager ensures that both maps contain the exact same data, since effectively both virtual memory blocks remaps to the same memory. This makes things a lot easier than my naive implementations: Rather than dealing with convoluted pointer arithmetics each time the producer or consumer reads or writes a sequence of values that cross the end of the buffer, a simple linear read or write works. In fact, the pointers from that doubly-mapped memory can be safely given to any normal function that accepts a pointer, removing the need to make memory copies before each use of the buffer by an external function.
In fact, this optimization is so common that a previous version of the Wikipedia page for circular buffers had some sample code using common POSIX functions. There’s even a 10-year-old VRB - Virtual Ring Buffer library for Linux systems. As for Windows, I’ve yet to seen some good sample code, but you can do the equivalent with CreateFileMapping and MapViewOfFile.
Both Wikipedia’s and VRB’s implementations can be misleading, and not very portable though. On Darwin, and I suspect BSD and many other systems, the mapped memory must be fully aligned to the size of a memory page (”allocation granularity” in Windows terms). On POSIX, that means using the value of
sysconf(_SC_PAGESIZE). Since most of the times the page size is a power of 2, that could explain the otherwise strange
buffer->count_bytes = 1UL << order from Wikipedia’s sample code.
By the way, I’d like to reiterate how poor the built-in Mac OS X documentation is for POSIX and UNIX-like functions. Though it does warn pretty well about page size alignment and the risks involved with
mmap, the rest of the documentation fails to mention how to set permissions of the memory map. Thankfully, the latest Linux man pages for the same functions are far better documented.
I went to Potato Point with the Scouts for a weekend wide game. Very nice location, apart from the ticks!
See more thumbnails
Tags for this post: blog pictures 20160523 photo coast scouts bushwalk
Related posts: Exploring the Jagungal; Scout activity: orienteering at Mount Stranger
like a night in the forest
When John Denver says "you fill up my senses like a night in the forest", is that supposed to be a compliment? Because I don't get it.
Forest floors are full of stones and roots, and dead needles if it's a pine forest, and you can't get comfortable. There are mosquitos hanging around, as well as other nasties that want to bite you. It pours with rain, and then the trees carry on dripping on you for hours.
It gets really really dark, with weird rustling noises, which is terrifying if you can't find your way out of the forest. And if you CAN find your way out of the forest, why the hell are you still in the forest?
I'd assume forests are different where John Denver comes from, except I know they're even worse because there are venomous snakes and poison ivy.
So if someone said I filled up their senses like a night in the forest, I'd think they meant I look pretty good from a distance, but when you get up close you'll wish you hadn't. IDK, maybe that's what John Denver meant too.
This entry was originally posted at http://marnanel.dreamwidth.org/368835.html. Please comment there using OpenID.
All around the water tank, waiting for the rain...
Having the luxury of mains water means that I don't really care in fanatical detail about the state of the dam water levels for Perth (except that "it's lower than it should really be"). However with our new place being entirely dependant on rainwater collection off the roof into storage tanks, I'd like to know the levels of the various tanks (and therefore the volume remaining).
Your project's RCS history affects ease of contribution (or: don't squash PRs)
Github recently introduced the option to squash commits on merge, and even before then several projects requested that contributors squash their commits after review but before merge. This is a terrible idea that makes it more difficult for people to contribute to projects.
I'm spending today working on reworking some code to integrate with a new feature that was just integrated into Kubernetes. The PR in question was absolutely fine, but just before it was merged the entire commit history was squashed down to a single commit at the request of the reviewer. This single commit contains type declarations, the functionality itself, the integration of that functionality into the scheduler, the client code and a large pile of autogenerated code.
I've got some familiarity with Kubernetes, but even then this commit is difficult for me to read. It doesn't tell a story. I can't see its growth. Looking at a single hunk of this diff doesn't tell me whether it's infrastructural or part of the integration. Given time I can (and have) figured it out, but it's an unnecessary waste of effort that could have gone towards something else. For someone who's less used to working on large projects, it'd be even worse. I'm paid to deal with this. For someone who isn't, the probability that they'll give up and do something else entirely is even greater.
I don't want to pick on Kubernetes here - the fact that this Github feature exists makes it clear that a lot of people feel that this kind of merge is a good idea. And there are certainly cases where squashing commits makes sense. Commits that add broken code and which are immediately followed by a series of "Make this work" commits also impair readability and distract from the narrative that your RCS history should present, and Github present this feature as a way to get rid of them. But that ends up being a false dichotomy. A history that looks like "Commit", "Revert Commit", "Revert Revert Commit", "Fix broken revert", "Revert fix broken revert" is a bad history, as is a history that looks like "Add 20,000 line feature A", "Add 20,000 line feature B".
When you're crafting commits for merge, think about your commit history as a textbook. Start with the building blocks of your feature and make them one commit. Build your functionality on top of them in another. Tie that functionality into the core project and make another commit. Add client support. Add docs. Include your tests. Allow someone to follow the growth of your feature over time, with each commit being a chapter of that story. And never, ever, put autogenerated code in the same commit as an actual functional change.
People can't contribute to your project unless they can understand your code. Writing clear, well commented code is a big part of that. But so is showing the evolution of your features in an understandable way. Make sure your RCS history shows that, otherwise people will go and find another project that doesn't make them feel frustrated.
(Edit to add: Sarah Sharp wrote on the same topic a couple of years ago)
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!