But as a good data-driven person, wouldn't it be nice to have numbers rather than just handwaving? In the absence of a good public dataset, I scraped Hacker Slide to get just over two months of data in the form of hourly snapshots of stories, their age, their score and their position. I then applied a trivial test:
- If the story is younger than any other story
- and the story has a higher score than that other story
- and the story has a worse ranking than that other story
- and at least one of these two stories is on the front page
(note: "penalised" can have several meanings. It may be due to explicit flagging, or it may be due to an automated system deciding that the story is controversial or appears to be supported by a voting ring. There may be other reasons. I haven't attempted to separate them, because for my purposes it doesn't matter. The algorithm is discussed here.)
Now, ideally I'd classify my dataset based on manual analysis and classification of stories, but I'm lazy (see ) and so just tried some keyword analysis:
A few things to note:
- Lots of stories are penalised. Of the front page stories in my dataset, I count 3240 stories that have some kind of penalty applied, against 2848 that don't. The default seems to be that some kind of detection will kick in.
- Stories containing keywords that suggest they refer to issues around social justice appear more likely to be penalised than stories that refer to technical matters
- There are other topics that are also disproportionately likely to be penalised. That's interesting, but not really relevant - I'm not necessarily arguing that social issues are penalised out of an active desire to make them go away, merely that the existing ranking system tends to result in it happening anyway.
This clearly isn't an especially rigorous analysis, and in future I hope to do a better job. But for now the evidence appears consistent with my innate prejudice - the Hacker News ranking algorithm tends to penalise stories that address social issues. An interesting next step would be to attempt to infer whether the reasons for the penalties are similar between different categories of penalised stories, but I'm not sure how practical that is with the publicly available data.
(Raw data is here, penalised stories are here, unpenalised stories are here)
 Moving to San Francisco has resulted in it making more sense, but really that just makes me even more depressed.
 Ha ha like fuck my PhD's in biology
 Perhaps stories about startups tend to get penalised because of voter ring detection from people trying to promote their startup, while stories about social issues tend to get penalised because of controversy detection?
It's impossible to overstate how important free software is. A movement that began with a quest to work around a faulty printer is now our greatest defence against a world full of hostile actors. Without the ability to examine software, we can have no real faith that we haven't been put at risk by backdoors introduced through incompetence or malice. Without the freedom to modify software, we have no chance of updating it to deal with the new challenges that we face on a daily basis. Without the freedom to pass that modified software on to others, we are unable to help people who don't have the technical skills to protect themselves.
Free software isn't sufficient for building a trustworthy computing environment, one that not merely protects the user but respects the user. But it is necessary for that, and that's why I continue to evangelise on its behalf at every opportunity.
Free software has a problem. It's natural to write software to satisfy our own needs, but in doing so we write software that doesn't provide as much benefit to people who have different needs. We need to listen to others, improve our knowledge of their requirements and ensure that they are in a position to benefit from the freedoms we espouse. And that means building diverse communities, communities that are inclusive regardless of people's race, gender, sexuality or economic background. Free software that ends up designed primarily to meet the needs of well-off white men is a failure. We do not improve the world by ignoring the majority of people in it. To do that, we need to listen to others. And to do that, we need to ensure that our community is accessible to everybody.
That's not the case right now. We are a community that is disproportionately male, disproportionately white, disproportionately rich. This is made strikingly obvious by looking at the composition of the FSF board, a body made up entirely of white men. In joining the board, I have perpetuated this. I do not bring new experiences. I do not bring an understanding of an entirely different set of problems. I do not serve as an inspiration to groups currently under-represented in our communities. I am, in short, a hypocrite.
So why did I do it? Why have I joined an organisation whose founder I publicly criticised for making sexist jokes in a conference presentation? I'm afraid that my answer may not seem convincing, but in the end it boils down to feeling that I can make more of a difference from within than from outside. I am now in a position to ensure that the board never forgets to consider diversity when making decisions. I am in a position to advocate for programs that build us stronger, more representative communities. I am in a position to take responsibility for our failings and try to do better in future.
People can justifiably conclude that I'm making excuses, and I can make no argument against that other than to be asked to be judged by my actions. I hope to be able to look back at my time with the FSF and believe that I helped make a positive difference. But maybe this is hubris. Maybe I am just perpetuating the status quo. If so, I absolutely deserve criticism for my choices. We'll find out in a few years.
Neeble neeble neeble, neeble neeble— neeble neeble neeble neeble!!
LIZARD MUSIC broadcasting from east Portland
1:00-3:00 a.m. on Wednesdays
life is wonderful
This post also appears at read write run repeat. Comments read and welcomed in either place!
-I am.... intrigued? But it's a weird story and it feels very alien to a modern mindset and most anime literature retellings are kind of dull and by-the-book. Also, the Kaguya Hime of my heart is the one with organ donor clones and lots of complicated love triangles.
- It's REALLY REALLY PRETTY.
- It's about PERFORMATIVE FEMININITY and also AUTHENTICITY and also how well-meaning people can end up exploiting each other for their own gain.
I really really liked The Tale of Princess Kaguya. It reinterpreted the core of the original story a lot to make it into a movie that's more intelligible to modern audiences, I think, but in a way that doesn't totally overwrite the strangeness and oldness of the original tale.
(My one complaint is that the whole "the boy you knew when you were five is your FIRST LOVE FOREVER" thing is a little too Ghibli. Kaguya rings truer to me as a girl who's too overwhelmed by the status games and fakery at court to willingly marry somebody she's never met, than as a girl who's hung up on the guy she knew back home. But there's a lot that the movie gets right with gender performativity, and it's interesting to see a Ghibli movie whose heroine is sad and weird and not spunky.)
Gone Girl is the perfect anniversary movie for a couple that appreciates the macabre. I can't imagine anyone's not familiar with it at least to some extent by now, but it's about a woman who goes missing on her wedding anniversary. We'd both read the novel, which was better, but the movie's probably as good an adaptation as possible. Rosamund Pike will definitely get an Oscar nom, as will David Fincher for his directing, Trent Reznor and Atticus Ross for their score, and Gillian Flynn for her screenplay. I'd also imagine that Ben Affleck will get one for his performance, Carrie Coon for supporting actress, and there's an outside chance of Tyler Perry, of all folks, landing a supporting actor nomination. The rest of the cast is superb as well (particularly Missi Pyle, who steals scenes in everything she's in and has done so for years).
If Gone Girl was a perfect anniversary movie, Birdman's pretty much a perfect movie. The movie's full title is Birdman or (The Unexpected Virtue of Ignorance), and it's pitched like a meta joke, but it's so much more. Yes, Michael Keaton plays an actor named Riggan Thomson who gave up a big career when he stopped playing a superhero. Yes, Edward Norton plays an incredibly difficult-to-work-with actor. But the movie's not about either of them, at least not directly. It's about the making of a play, about what goes into art, and about the line between fiction and reality. Norton and Keaton will both walk away with nominations, and director/co-screenwriter Alejandro González Iñárritu and his co-writers should get a couple as well. Emma Stone is wonderful as Keaton's post-rehab daughter, and the rest of the cast -- Naomi Watts, Zach Galifianakis, Andrea Riseborough, Amy Ryan, Lindsay Duncan and more -- are all perfect in their parts. But it's Keaton and Norton who really drive this movie, with their conflicts as the show moves through previews and Keaton's Riggan hearing the voice of the titular Birdman egging him on. There's a lot going on here, and it's better to go in knowing no more than what I've said. Just a damned-near perfect film.
The holdings of the National Archives are vast. With more than 12 billion pages of textual records alone, it is essential that we continue to explore and employ innovative strategies to provide effective access. By understanding how you currently access our records and better understanding your unique needs, we will be better positioned to ensure your success in using the country’s records.
Analyzing our work.
From Record Group 208: Records of the Office of War Information, 1926 – 1951. National Archives Identifier: 535579
Here’s what some of our data shows:
Number of visits to all NARA facilities in FY2014: 4,163,905; up from 4,112,813 in FY13
- Number of visits to our exhibits in FY2014: 3,451,044; up from 3,204,642 in FY13
- Number of researcher visits to all NARA facilities in FY2014: 104,366; down from 114,096 in FY13
Number of written requests answered by all NARA offices in FY2014: 1,065,513; down from 1,132,525 in FY13
- Number of written requests (includes fax, letter, email) received by all NARA archival offices in FY2014: 114,577; down from 122,442 in FY13
- Number of written requests received by the St. Louis Military Personnel Records Center in FY2014: 950,936; down from 1,010,083 in FY13
Website and Online Catalog:
- Traffic to Archives.gov: We had 31,093,042 visits from 22,869,469 visitors who viewed 86,729,808 pages, up 6% from FY13
- Percentage of online users
We celebrated with a obscene meal at our favorite restaurant last night (because Jewish holidays begin the night before, of course. And because it was easier to get a reservation on Thursday). Taking the day off work to spend more time together, with a show tonight.
We agreed last night that we're totally up for another ten years (and more). <3
Now reading: The Eighth Day by Dianne K. Salerni
Yesterday I was looking forward to reading my book after work. I’d missed out on my usual bus reading time, because on Tuesday I drove to work for the first time since I started my job in 2008, so that Sang and I could go to the suburban Powell’s in the evening and see Atul Gawande. And yesterday we drove across town for breakfast with Sang’s parents, who were on their way home from a reunion, and then parked on campus again. Such decadence. Actually, driving to work was completely tedious, even with the radio. I am relieved that I’d actually much rather ride the bus (since it’s way cheaper and greener).
But yesterday I walked through the pouring rain to the Stott Center before six p.m. to get seats for Sang and me for Winona LaDuke’s talk at seven. Sang was tutoring until 6:45, so it was just me and my book and my notebook on our two little white plastic folding chairs.
The Eighth Day is about a boy who turns twelve and suddenly starts experiencing a day between Wednesday and Thursday. No one else is there, the first time this happens. AWESOME, right? I love extra-time tropes! Except, they are always ruined. Nicholson Baker’s Fermata, so icky. I remember liking Jane Louise Curry’s Parsley Sage, Rosemary, and Time, but it turns out it’s a time travel book. Where is the book about a character stopping time and catching up on studying, getting a little extra rest and tidying up the house? It’s like that wouldn’t make a good story or something, sheesh.
Anyway, this one turns into an Arthurian thing, with descendants of Merlin and the Pendragon and others in various factions, and for some reason it’s a bit of a trudge. It felt weird to be reading a Merlin story in a hall full of Indigenous Studies and Sustainability people. I overheard greetings in Chinuk Wawa nearby!
I’m glad I went to hear Winona LaDuke. I look up to her for finding a way to live as an activist and a leader without giving up on doing the cool stuff that’s important to her, her way. Growing corn and teaching the kids at her grandkids’ school how to braid it, and also running for vice president. Last year she and other Anishinaabe and Lakota riders traced the routes of three proposed oil pipelines, on horseback. Sometimes I feel like being an activist consists of going to a lot more meetings, ugh, and it’s good to see that it can be much more. Sang said on the way home that she’d been worried it would be like two hours of listening to Mo from Dykes to Watch Out For… but it wasn’t at all.
Celebrity dinner party: Winona LaDuke, Eileen Myles, Sarah Schulman.
This post also appears at read write run repeat. Comments read and welcomed in either place!
1. Buzzfeed notes that Hollywood has a pervasive blackface problem when working with stuntpeople.
2. Wired reports on the folks whose job it is to keep track of and block porn from unexpectedly hitting your social media feed. This sounds like an often-awful job to be in.
3. At The Oxford American, Sarah Menkedick writes about Spanglish and how how language shifts in their household affected her relationship. I'm a sucker for quotes like, "Our marriage started to look like a seventeenth-century arrangement, whereby I had died and Jorge had married my English-speaking sister."
4. Ay BKLYNR, Neima Johromi writes about Stephen Powers, the artist behind a lot of notable piece of public art in Brooklyn.
5. And this piece from Sports Illustrated from a few years ago is a great look at just how corrupt the sports agent business is.
And one bonus shorter read from The New Republic: The sheer clickbaity bullshit behind all those awful "humor" news sites.
(Edit: Just to clarify - these are not my slides. They're from a presentation Jerome Petazzoni gave at Linuxcon NA earlier this year)
Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment.
Does this mean containers provide reduced security? That's an arguable point. In the event of a new kernel vulnerability, container-based deployments merely need to upgrade the kernel on the host and restart all the containers. Full VMs need to upgrade the kernel in each individual image, which takes longer and may be delayed due to the additional disruption. In the event of a flaw in some remotely accessible code running in your image, an attacker's ability to cause further damage may be restricted by the existing seccomp and capabilities configuration in a container. They may be able to escalate to a more privileged user in a full VM.
I'm not really compelled by either of these arguments. Both argue that the security of your container is improved, but in almost all cases exploiting these vulnerabilities would require that an attacker already be able to run arbitrary code in your container. Many container deployments are task-specific rather than running a full system, and in that case your attacker is already able to compromise pretty much everything within the container. The argument's stronger in the Virtual Private Server case, but there you're trading that off against losing some other security features - sure, you're deploying seccomp, but you can't use selinux inside your container, because the policy isn't per-namespace.
So that seems like kind of a wash - there's maybe marginal increases in practical security for certain kinds of deployment, and perhaps marginal decreases for others. We end up coming back to the attack surface, and it seems inevitable that that's always going to be larger in container environments. The question is, does it matter? If the larger attack surface still only results in one more vulnerability per thousand years, you probably don't care. The aim isn't to get containers to the same level of security as hypervisors, it's to get them close enough that the difference doesn't matter.
I don't think we're there yet. Searching the kernel for bugs triggered by Trinity shows plenty of cases where the kernel screws up from unprivileged input. A sufficiently strong seccomp policy plus tight restrictions on the ability of a container to touch /proc, /sys and /dev helps a lot here, but it's not full coverage. The presentation I linked to at the top of this post suggests using the grsec patches - these will tend to mitigate several (but not all) kernel vulnerabilities, but there's tradeoffs in (a) ease of management (having to build your own kernels) and (b) performance (several of the grsec options reduce performance).
But this isn't intended as a complaint. Or, rather, it is, just not about security. I suspect containers can be made sufficiently secure that the attack surface size doesn't matter. But who's going to do that work? As mentioned, modern container deployment tools make use of a number of kernel security features. But there's been something of a dearth of contributions from the companies who sell container-based services. Meaningful work here would include things like:
- Strong auditing and aggressive fuzzing of containers under realistic configurations
- Support for meaningful nesting of Linux Security Modules in namespaces
- Introspection of container state and (more difficult) the host OS itself in order to identify compromises
These aren't easy jobs, but they're important, and I'm hoping that the lack of obvious development in areas like this is merely a symptom of the youth of the technology rather than a lack of meaningful desire to make things better. But until things improve, it's going to be far too easy to write containers off as a "convenient, cheap, secure: choose two" tradeoff. That's not a winning strategy.
 Companies using hypervisors! Audit your qemu setup to ensure that you're not providing more emulated hardware than necessary to your guests. If you're using KVM, ensure that you're using sVirt (either selinux or apparmor backed) in order to restrict qemu's privileges.
 There's apparently some support for loading per-namespace Apparmor policies, but that means that the process is no longer confined by the sVirt policy
 To be fair, last time I ran Trinity under Docker under a VM, it ended up killing my host. Glass houses, etc.