(no subject)

Apr. 20th, 2014 07:46 am
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
I'm fishing for cats!

Read more... )
ursamajor: people on the beach watching the ocean (Default)
[personal profile] ursamajor
Today's Lexington excitement: fire alarm @ridestudiocafe! Right as I pull up, of course.

(no subject)

Apr. 19th, 2014 05:41 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
This week's kitten pics in better quality than my crappy cameraphone include a video of Ginny and I playing "toss the kibble under the door" to distract her from the fact Gabe gets fed whenever he wants and Ginny does not need more than a little snack :P

(no subject)

Apr. 19th, 2014 01:25 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
Sparrows on the windowsill.
Read more... )

(no subject)

Apr. 19th, 2014 12:59 am
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
I follow Everest climbing season on and off -- my ex's father and sister are mountain climbers, and that got me into following mountaineering, especially the 8000-meter big ones. Today, news broke of an ice fall in the Khumba Icefall, on the South Col route -- historically one of the most deadly spots. Initial reports are saying anywhere between 12 and 16 dead, all Sherpas, with over a hundred people stranded above the Icefall (where they were trekking gear to Camp 1 or Camp 2), and unconfirmed reports that the ladder in the Icefall has been damaged or destroyed.

If the ladder is gone and can't be repaired, that pretty much drops the bottom out of this year's window -- maybe 10% (or less) of people who are trying to summit Everest these days have the technical skill and high-altitude mountain climbing experience to handle that area of the climb without the help. It's going to be an ugly season.

I can hold forth for a while on the state of Everest these days. I have a lot of opinions for somebody who would never dream of getting anywhere near it myself. Long story short: Everest climbing has turned into a perfect storm of the Western world marketing "climbing Everest" as one of those 'hardcore life-altering experiences', a number of unqualified people setting themselves up as guides to cash in on that marketing, a 'free market' for guiding where there's no regulation or objective standard of quality guiding so clueless hardcore-sports-tourists have no means by which to evaluate the capabilities of the expedition leaders to handle shit if shit gets ugly, a tendency to try to compete on price because aforementioned clueless mountaineering-tourists balk at paying what the non-shady expedition leaders charge, and over it all, the driving motivations (and associated ethical complications) of the Nepalese government depending on that Western money for support, thus creating incentives for them to maximize the number of people who buy permits every year. There's a lot of additional factors, but all of those combine to create a perfect storm of completely unqualified climbers being led by completely inadequate expedition leaders who rely on the Sherpas and don't give them anywhere near enough credit -- or pay -- which leads to resentment that's been bubbling for a while, to the point where last year there was a confrontation that nearly turned deadly. Everest is full of people who are trying to commit suicide in the messiest way possible and take a lot of people with them, and the honest and capable expedition leaders not only have to clean up the mess on the mountain but also deal with the market forces and the fallout later.

The fact is, though, that nobody would climb Sagarmatha (which is what the Sherpas call the mountain, although that's a recent coinage; before they used the Tibetan name, Chomolungma) without Sherpa aid and Sherpa knowledge. The Sherpas set the ropes up the entire mountain ahead of any other climbers, carry supplies up the mountain from camp to camp before any climbers start behind them, serve as porters for climbers throughout the process of climbing, and pack out all the trash (and I do mean all the trash, including human waste) behind. They're the first ones in at the beginning of the season and the last ones out at the end. Every person who's summitted the mountain in modern times has done so relying on the work of a Sherpa, and -- although this is changing somewhat (but not fast enough for a lot of the Sherpas) -- often without giving any credit to the Sherpas that make it possible.

So I'm saddened to hear that a dozen (or more) Sherpas died yesterday on the mountain (because the moutain will kill you as easily as not; it will not notice, it will not care), but I'm even more sad that they were there on that mountain because of alpine adventure tourism and Western demand. I've been pleased to see several news articles about the icefall include and acknowledge some of the ethical quandaries and the stark realities of Everest tourism. I wish this could help make meaningful change in how the commodified "climb Mt Everest" industry runs these days, and helps to get some of those unqualified people being duped by unethical expedition leaders off the mountain until they're at least a little more qualified, but I doubt it will.

Helpful Ginny is helpful

Apr. 18th, 2014 01:37 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
So, I've mentioned a few times that Noah (cat #3) is sort of a complete failure as a cat. We're pretty sure he was abandoned by his mother early, or that she was killed before he was brought in to the shelter -- he lacks many of the basic cat instincts. (Like knowing how to drink out of a bowl of water: he dips his paws and licks them instead of lapping up the water.)

One of the things he's not very good at is litterbox management. )

Names and identity

Apr. 18th, 2014 11:22 am
karen2205: Me with proper sized mug of coffee (Default)
[personal profile] karen2205
I have been of the opinion, since I was around 11 or 12 or so that my name is my name and I will never change it. My name is a key part of my personal/individual identity [I get that this isn't the case for other people, who see names as things binding them to particular parts of their closer family]. I spent my childhood dealing with the disadvantages of a name others couldn't pronounce or spell (certainly primary school teachers of mine would spell it incorrectly and tell me I was wrong when I corrected them) or would make fun of. It was reasonably clear then that it was unusual/an identifying feature and as an adult and particularly with the creation/expansion of the internet, a name that isn't easily muddled for someone else is one hell of an advantage to have.

Other people have different views/experiences on this, which they're perfectly entitled to have, where names are perhaps a more fluid part of identity, connecting people with close parts of their family of origin or to a particular partner or to their family of choice and the bit of family they are most connected with changes over time. Other people use different names in different parts of their lives - a name for work and a name for home. I suspect there's considerable influence on some people's choices by institutionalised sexism, but you don't deal with that by removing or discouraging particular choices.

My main complaint here is not what people choose to call themselves in different times/different places, it's that systems/structures are not in place to reflect what people are choosing to do in terms of names. With some obvious exceptions, most of the time people who have altered their names want to be findable by both old and new name (or both home name and work name) or by a number of different names all at the same time and social media is not geared up for this. It expects people to have one name only. The same is true of things like passports (GB driving licences at least provide space on the paper counterpart for alternative signatures) - why can't passports and driving licences show someone's current preferred name and then give a list of previous names/also current names?

A lot of the problems that come with changing names (think serious professional ones, like publication records for academics and more mundane ones, like trying to cash a cheque addressed in the wrong name, the administration and paperwork involved in changing your name) primarily affect women, because it tends to be more women than men who alter their names could be avoided if we set up systems to explicitly recognise that Mrs Bloggs is also Miss Jones and that Miss Jones is still one of her names, even if she now prefers to be addressed as Mrs Bloggs, so colleagues, at the level of acquaintances she's not dealt with for some years can still find her on LinkedIn and she can cash cheques made payable to either name. Systems are easier to alter than human behaviour, so why not adapt systems that work better for current trends?
ursamajor: people on the beach watching the ocean (Default)
[personal profile] ursamajor
Yes, that does say "Stage this hunk?" #github #babydev
tcpip: (Default)
[personal profile] tcpip
In an amusing case of life imitating art, rodents of unusual size have appeared recently in Cornwall, Iran, Sweden, and Liverpool (with either bigger ones predicted). All this reminds me of Bansky's display at the Natural History Museum, which came with the slogan Our Time Will Come. "You can laugh now ... but one day they may be in charge.". Assisting the process for our new rodent overloards, dropped off an aging (almost 90 in rat years now) Lucky at the vet this morning to have a tumour removed.

In the actual rat-race (which notably and ironically, rats don't participate in), work has been exceedingly good this week. Following the well-received MPI training course, we've received a petition (no less!) from researchers who were sufficiently interested to want an additional workshop to further develop their code. This also follows on some expressions of interest from a radiotherapy group, an international campus in Vietnam, and some bushfire and geospatial people. I've had a paw in each of these activities, and it must be said I'm feeling more positive about the workplace than I have for many months - and this is despite some of the usual hiccups, such one researcher filling a storage disk with their data and bringing down the logins for others users. As [livejournal.com profile] imajica_lj put it, "science didn't happen today".

This Saturday, after the LUV meeting on GNOME3, the Isocracy network is holding a meeting at the New International Bookstore on Human Rights and International Relations with an eye-witness guest speaker who is doing his thesis on the effectiveness of various diplomatic maneuvers. In a substantially more democratic and civil version of politics that describes itself as socialist, went to a well-attended a meeting for Labor's Socialist Left on Sunday. There's a vacancy for their policy convenor (which I used to do for the Pledge group for several years) and I've offered my services. They should know that I'll do this job very well, but having some years of not being deeply involved may act against me.

(no subject)

Apr. 16th, 2014 01:27 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
All that bird watching wore her out.
Read more... )

(no subject)

Apr. 16th, 2014 12:34 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
We spread birdseed on the office windowsill. Birds get fed (and stop flying into the window as frequently), cats get entertained. there are 2 pigeons and 3 starlings on the other side of the sill right now.
Read more... )

(no subject)

Apr. 16th, 2014 07:01 am
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
Someone is grumpy about all the attention being paid to the upstart.
Read more... )
ursamajor: people on the beach watching the ocean (Default)
[personal profile] ursamajor
Last slice of the hazelnut torte. #mine #vscocam
juliet: (waveform tree)
[personal profile] juliet

Mirrored from Twisting Vines.

I’m running a free Introduction to Permaculture one-day course at Burgess Park Food Project on the 26th April. Contact me, or the address on the website, to book.

There’s lots of other cool stuff going on there this summer, too. (JPG only at that link, sorry; have requested text version.)

i'm awake, really i am

Apr. 14th, 2014 08:34 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
Mondays, every week, let's celebrate ourselves, to start the week right. Tell me what you're proud of. Tell me what you accomplished last week, something -- at least one thing -- that you can turn around and point at and say: I did this. Me. It was tough, but I did it, and I did it well, and I am proud of it, and it makes me feel good to see what I accomplished. Could be anything -- something you made, something you did, something you got through. Just take a minute and celebrate yourself. Either here, or in your journal, but somewhere.

(And if you feel uncomfortable doing this in public, I've set this entry to screen any anonymous comments, so if you want privacy, comment anonymously and I won't unscreen it. Also: yes, by all means, cheer each other on when you see something you want to give props to!)

Real-world Secure Boot attacks

Apr. 13th, 2014 09:43 pm
[personal profile] mjg59
MITRE gave a presentation on UEFI Secure Boot at SyScan earlier this month. You should read the the presentation and paper, because it's really very good.

It describes a couple of attacks. The first is that some platforms store their Secure Boot policy in a run time UEFI variable. UEFI variables are split into two broad categories - boot time and run time. Boot time variables can only be accessed while in boot services - the moment the bootloader or kernel calls ExitBootServices(), they're inaccessible. Some vendors chose to leave the variable containing firmware settings available during run time, presumably because it makes it easier to implement tools for modifying firmware settings at the OS level. Unfortunately, some vendors left bits of Secure Boot policy in this space. The naive approach would be to simply disable Secure Boot entirely, but that means that the OS would be able to detect that the system wasn't in a secure state[1]. A more subtle approach is to modify the policy, such that the firmware chooses not to verify the signatures on files stored on fixed media. Drop in a new bootloader and victory is ensured.

But that's not a beautiful approach. It depends on the firmware vendor having made that mistake. What if you could just rewrite arbitrary variables, even if they're only supposed to be accessible in boot services? Variables are all stored in flash, connected to the chipset's SPI controller. Allowing arbitrary access to that from the OS would make it straightforward to modify the variables, even if they're boot time-only. So, thankfully, the SPI controller has some control mechanisms. The first is that any attempt to enable the write-access bit will cause a System Management Interrupt, at which point the CPU should trap into System Management Mode and (if the write attempt isn't authorised) flip it back. The second is to disable access from the OS entirely - all writes have to take place in System Management Mode.

The MITRE results show that around 0.03% of modern machines enable the second option. That's unfortunate, but the first option should still be sufficient[2]. Except the first option requires on the SMI actually firing. And, conveniently, Intel's chipsets have a bit that allows you to disable all SMI sources[3], and then have another bit to disable further writes to the first bit. Except 40% of the machines MITRE tested didn't bother setting that lock bit. So you can just disable SMI generation, remove the write-protect bit on the SPI controller and then write to arbitrary variables, including the SecureBoot enable one.

This is, uh, obviously a problem. The good news is that this has been communicated to firmware and system vendors and it should be fixed in the future. The bad news is that a significant proportion of existing systems can probably have their Secure Boot implementation circumvented. This is pretty unsurprisingly - I suggested that the first few generations would be broken back in 2012. Security tends to be an iterative process, and changing a branch of the industry that's historically not had to care into one that forms the root of platform trust is a difficult process. As the MITRE paper says, UEFI Secure Boot will be a genuine improvement in security. It's just going to take us a little while to get to the point where the more obvious flaws have been worked out.

[1] Unless the malware was intelligent enough to hook GetVariable, detect a request for SecureBoot and then give a fake answer, but who would do that?
[2] Impressively, basically everyone enables that.
[3] Great for dealing with bugs caused by YOUR ENTIRE COMPUTER BEING INTERRUPTED BY ARBITRARY VENDOR CODE, except unfortunately it also probably disables chunks of thermal management and stops various other things from working as well.

(no subject)

Apr. 12th, 2014 08:49 am
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
Can't type. shes asleep on my hand.
Read more... )
tcpip: (Default)
[personal profile] tcpip
Three days this week was pretty much taken up by conducting Linux, HPC, and MPI training courses for a number of postgrads, almost all from RMIT. Another good class who started with zero background in the subjects and who by the third day were working their way through MPI programming. Of some note was the attendance of the first economist in the three years or so that I've been running these courses. I've had a longstanding desire (and it really wouldn't be that hard) to compare local economic development with different council rating systems as a time series - not really requiring HPC but certainly does require a geospatial person, a valuer, an economist, and a programmer to be on the same project.

On another significant IT-related issue is Heartbleed which, hopefully, most people have heard of by now. From a technical perspective a failure in the bounds-checking by some versions of OpenSSL to malformed heartbeat requests allows for an attack vector on server memory of affected systems. From a user's perspective it means that passwords on many major sites have been compromised over the past two years. Whilst Filippo Valsorda has produced a useful tool to check whether a site is currently affected, there is no easy way to check if a certificate have been re-keyed. What can be provided is a handy list of many sites that were compromised last Tuesday, a day after the bug was made public.

Recently a study has been released claiming that the dingo is a separate species. Whilst it looks serious enough the university press release on a certain date, made me think that this could be an "poisson d'avril" as the proposition is so counterintuitive. Certainly species is a complex subject with some interesting edge cases (e.g., hybrids, ring species), but the general principle of species representing a population of organisms capable of interbreeding and producing fertile offspring is true. The paper argues - through morphological analysis of museum examples, not genetics - that the dingo was a separate species some five thousand years ago and is now being threatened by extensive hybrid speciation. Personally, I find their claim highly dubious. Not only is there significant evidence that the dingo's arrival was somewhat earlier, mitochondrial DNA analysis indicates that the dingo has much less differences with the domestic dog than wolves. So whilst morphological analysis is useful for a quick rule of thumb, genetic analysis is a much better determinant.
Page generated Apr. 20th, 2014 06:30 pm
Powered by Dreamwidth Studios