The holdings of the National Archives are vast. With more than 12 billion pages of textual records alone, it is essential that we continue to explore and employ innovative strategies to provide effective access. By understanding how you currently access our records and better understanding your unique needs, we will be better positioned to ensure your success in using the country’s records.
Analyzing our work.
From Record Group 208: Records of the Office of War Information, 1926 – 1951. National Archives Identifier: 535579
Here’s what some of our data shows:
Number of visits to all NARA facilities in FY2014: 4,163,905; up from 4,112,813 in FY13
- Number of visits to our exhibits in FY2014: 3,451,044; up from 3,204,642 in FY13
- Number of researcher visits to all NARA facilities in FY2014: 104,366; down from 114,096 in FY13
Number of written requests answered by all NARA offices in FY2014: 1,065,513; down from 1,132,525 in FY13
- Number of written requests (includes fax, letter, email) received by all NARA archival offices in FY2014: 114,577; down from 122,442 in FY13
- Number of written requests received by the St. Louis Military Personnel Records Center in FY2014: 950,936; down from 1,010,083 in FY13
Website and Online Catalog:
- Traffic to Archives.gov: We had 31,093,042 visits from 22,869,469 visitors who viewed 86,729,808 pages, up 6% from FY13
- Percentage of online users
We celebrated with a obscene meal at our favorite restaurant last night (because Jewish holidays begin the night before, of course. And because it was easier to get a reservation on Thursday). Taking the day off work to spend more time together, with a show tonight.
We agreed last night that we're totally up for another ten years (and more). <3
Now reading: The Eighth Day by Dianne K. Salerni
Yesterday I was looking forward to reading my book after work. I’d missed out on my usual bus reading time, because on Tuesday I drove to work for the first time since I started my job in 2008, so that Sang and I could go to the suburban Powell’s in the evening and see Atul Gawande. And yesterday we drove across town for breakfast with Sang’s parents, who were on their way home from a reunion, and then parked on campus again. Such decadence. Actually, driving to work was completely tedious, even with the radio. I am relieved that I’d actually much rather ride the bus (since it’s way cheaper and greener).
But yesterday I walked through the pouring rain to the Stott Center before six p.m. to get seats for Sang and me for Winona LaDuke’s talk at seven. Sang was tutoring until 6:45, so it was just me and my book and my notebook on our two little white plastic folding chairs.
The Eighth Day is about a boy who turns twelve and suddenly starts experiencing a day between Wednesday and Thursday. No one else is there, the first time this happens. AWESOME, right? I love extra-time tropes! Except, they are always ruined. Nicholson Baker’s Fermata, so icky. I remember liking Jane Louise Curry’s Parsley Sage, Rosemary, and Time, but it turns out it’s a time travel book. Where is the book about a character stopping time and catching up on studying, getting a little extra rest and tidying up the house? It’s like that wouldn’t make a good story or something, sheesh.
Anyway, this one turns into an Arthurian thing, with descendants of Merlin and the Pendragon and others in various factions, and for some reason it’s a bit of a trudge. It felt weird to be reading a Merlin story in a hall full of Indigenous Studies and Sustainability people. I overheard greetings in Chinuk Wawa nearby!
I’m glad I went to hear Winona LaDuke. I look up to her for finding a way to live as an activist and a leader without giving up on doing the cool stuff that’s important to her, her way. Growing corn and teaching the kids at her grandkids’ school how to braid it, and also running for vice president. Last year she and other Anishinaabe and Lakota riders traced the routes of three proposed oil pipelines, on horseback. Sometimes I feel like being an activist consists of going to a lot more meetings, ugh, and it’s good to see that it can be much more. Sang said on the way home that she’d been worried it would be like two hours of listening to Mo from Dykes to Watch Out For… but it wasn’t at all.
Celebrity dinner party: Winona LaDuke, Eileen Myles, Sarah Schulman.
This post also appears at read write run repeat. Comments read and welcomed in either place!
1. Buzzfeed notes that Hollywood has a pervasive blackface problem when working with stuntpeople.
2. Wired reports on the folks whose job it is to keep track of and block porn from unexpectedly hitting your social media feed. This sounds like an often-awful job to be in.
3. At The Oxford American, Sarah Menkedick writes about Spanglish and how how language shifts in their household affected her relationship. I'm a sucker for quotes like, "Our marriage started to look like a seventeenth-century arrangement, whereby I had died and Jorge had married my English-speaking sister."
4. Ay BKLYNR, Neima Johromi writes about Stephen Powers, the artist behind a lot of notable piece of public art in Brooklyn.
5. And this piece from Sports Illustrated from a few years ago is a great look at just how corrupt the sports agent business is.
And one bonus shorter read from The New Republic: The sheer clickbaity bullshit behind all those awful "humor" news sites.
Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment.
Does this mean containers provide reduced security? That's an arguable point. In the event of a new kernel vulnerability, container-based deployments merely need to upgrade the kernel on the host and restart all the containers. Full VMs need to upgrade the kernel in each individual image, which takes longer and may be delayed due to the additional disruption. In the event of a flaw in some remotely accessible code running in your image, an attacker's ability to cause further damage may be restricted by the existing seccomp and capabilities configuration in a container. They may be able to escalate to a more privileged user in a full VM.
I'm not really compelled by either of these arguments. Both argue that the security of your container is improved, but in almost all cases exploiting these vulnerabilities would require that an attacker already be able to run arbitrary code in your container. Many container deployments are task-specific rather than running a full system, and in that case your attacker is already able to compromise pretty much everything within the container. The argument's stronger in the Virtual Private Server case, but there you're trading that off against losing some other security features - sure, you're deploying seccomp, but you can't use selinux inside your container, because the policy isn't per-namespace.
So that seems like kind of a wash - there's maybe marginal increases in practical security for certain kinds of deployment, and perhaps marginal decreases for others. We end up coming back to the attack surface, and it seems inevitable that that's always going to be larger in container environments. The question is, does it matter? If the larger attack surface still only results in one more vulnerability per thousand years, you probably don't care. The aim isn't to get containers to the same level of security as hypervisors, it's to get them close enough that the difference doesn't matter.
I don't think we're there yet. Searching the kernel for bugs triggered by Trinity shows plenty of cases where the kernel screws up from unprivileged input. A sufficiently strong seccomp policy plus tight restrictions on the ability of a container to touch /proc, /sys and /dev helps a lot here, but it's not full coverage. The presentation I linked to at the top of this post suggests using the grsec patches - these will tend to mitigate several (but not all) kernel vulnerabilities, but there's tradeoffs in (a) ease of management (having to build your own kernels) and (b) performance (several of the grsec options reduce performance).
But this isn't intended as a complaint. Or, rather, it is, just not about security. I suspect containers can be made sufficiently secure that the attack surface size doesn't matter. But who's going to do that work? As mentioned, modern container deployment tools make use of a number of kernel security features. But there's been something of a dearth of contributions from the companies who sell container-based services. Meaningful work here would include things like:
- Strong auditing and aggressive fuzzing of containers under realistic configurations
- Support for meaningful nesting of Linux Security Modules in namespaces
- Introspection of container state and (more difficult) the host OS itself in order to identify compromises
These aren't easy jobs, but they're important, and I'm hoping that the lack of obvious development in areas like this is merely a symptom of the youth of the technology rather than a lack of meaningful desire to make things better. But until things improve, it's going to be far too easy to write containers off as a "convenient, cheap, secure: choose two" tradeoff. That's not a winning strategy.
 Companies using hypervisors! Audit your qemu setup to ensure that you're not providing more emulated hardware than necessary to your guests. If you're using KVM, ensure that you're using sVirt (either selinux or apparmor backed) in order to restrict qemu's privileges.
 There's apparently some support for loading per-namespace Apparmor policies, but that means that the process is no longer confined by the sVirt policy
 To be fair, last time I ran Trinity under Docker under a VM, it ended up killing my host. Glass houses, etc.
The New York Times generally presented fanfiction as a financial opportunity for the corporations that own the intellectual properties copied by fanfiction. Many articles asserted that franchises benefit from, and in some cases rely on, their fanfiction communities. For example, Harris (2008) ties the box office success of the X-Files film to the continued health of its fanfiction community, while Heffernan (2008) depicts a lack of homoerotic fanfiction as problematic for the success of any show with a large, attractive male cast. Thompson (2005) reports on the lucrative partnership between the Halo fan-film circle Rooster Teeth and Halo’s copyright holder Microsoft. This “co-opted/encouraged by industry” frame presents a view of fanfiction’s future as a marketing tool, rather than a fan-driven culture. The frame is frequently associated with the “self-branding” purpose frame; teenagers who desire to become part of their favored franchise show their solidarity with the product and fan subculture in ways which are extremely beneficial for intellectual property holders (Hitt 2008; Scott 2002).
Drew Emanuel Berkowitz, Framing the Future of Fanfiction: How The New York Times’ Portrayal of a Youth Media Subculture Influences Beliefs about Media Literacy Education ift.tt/1FA6vykTags: commercialization, fan fiction, Halo, Microsoft, quotes, X-files
Astronauts on the International Space Station never wash their underwear. They don't have enough water at their disposal to waste on a luxury like that. Instead, they fling the dirty laundry out into space. As it falls to Earth, it burns up in the atmosphere. I wish you had an amenity like that right now. In fact, I wish you had a host of amenities like that. If there was ever a time when you should be liberated from having to wash your underwear, make your bed, sweep the floor, and do the dishes, it would be now. Why? Because there are much better ways to spend your time. You've got sacred quests to embark on, heroic adventures to accomplish, historical turning points to initiate.
Beverly (MA) High School is a happening place! Last week BHS graduate Angie Miller, an American Idol finalist visited. And the day after, AOTUS spent the day—the first time since June of 1963!
As I said many times during the day, it was not the same Beverly High School that I left. I was tremendously impressed with the seamless integration of technology throughout, the active participation of the students in the learning experience, and the excitement of the students hosting a visitor from Washington.
I got to visit classrooms, chop onions and garlic in a culinary arts class, and speak to hundreds of students in an afternoon assembly. I wanted to make my time with them as meaningful as possible so suggested that we do some crowdsourcing of questions in advance. Lots of great questions arrived which sorted neatly into four categories: the records, the job, the institution, and personal questions.
What type of documents do you archive? Do you read all of them? What happens if you touch an historical document? What is your role in government? What are your daily duties? What is your salary? How do you keep it all organized? Is there very tight security in the archives? What do you wear to work? Have you ever … [ Read all ]
It's always kind of great to find a book that speaks to your own experience - of being young and awkward and bored at the Kingdom Hall, let's say - but perhaps even more so when it comes from a place you never expected.
As you know, Bob, I have pain and dexterity problems in my hands, severely limiting what I can do on a touchscreen. I'm not dexterous, I'm not fast, and I have to be enjoying myself a lot to spend spoons on a game. These days most of my gaming is shared with my housemates, where they drive the controller but we make decisions together. Many of the games I install on my iPhone get rapidly deleted for this reason, and even the ones that I do play I specifically don't play in timed modes, or modes that require dexterity.
So I was a little bit nervous about Revolution 60. I knew there was a combat system, which was necessarily going to push my limits. I picked up the game anyway, on the recommendation of a coworker. (This was when the game first launched, long before the Internet blew up at Brianna Wu.)
( Revolution 60 review )
Writing is a thing that takes time and also emotional energy.
"I have no time or emotional energy so I'm just going to feel awful about not writing" is not the best thing for me to be doing to myself here.
(This is a temporary thing, hopefully, and I'll be back on by Friday-ish, hopefully)
2. The California Sunday Magazine has a heartbreaking article on a Peruvian reality show, the notoriety of fame, and murder.
3. Over at Vox, here's a story about the upcoming obsolescence of our urban water systems.
4. At Medium, Josh Ozersky writes about the pernicious influence MFK Fisher has had on the current state of food writing. I'm not always in agreement here -- I think he's a little too casual in writing off the exceptions (himself included) as being so rare, and I actually do like Fisher's writing -- but it's well worth a read.
5. Also at Medium, The Triumphs and Tragedies of Larry Smith discusses one of the pivotal -- and often forgotten -- hip-hop producers of the '80s.