The Eighth Day

Oct. 23rd, 2014 10:09 pm
grrlpup: (rose)
[personal profile] grrlpup

Now reading: The Eighth Day by Dianne K. Salerni

Yesterday I was looking forward to reading my book after work. I’d missed out on my usual bus reading time, because on Tuesday I drove to work for the first time since I started my job in 2008, so that Sang and I could go to the suburban Powell’s in the evening and see Atul Gawande. And yesterday we drove across town for breakfast with Sang’s parents, who were on their way home from a reunion, and then parked on campus again. Such decadence. Actually, driving to work was completely tedious, even with the radio. I am relieved that I’d actually much rather ride the bus (since it’s way cheaper and greener).

But yesterday I walked through the pouring rain to the Stott Center before six p.m. to get seats for Sang and me for Winona LaDuke’s talk at seven. Sang was tutoring until 6:45, so it was just me and my book and my notebook on our two little white plastic folding chairs.

The Eighth Day is about a boy who turns twelve and suddenly starts experiencing a day between Wednesday and Thursday. No one else is there, the first time this happens. AWESOME, right? I love extra-time tropes! Except, they are always ruined. Nicholson Baker’s Fermata, so icky. I remember liking Jane Louise Curry’s Parsley Sage, Rosemary, and Time, but it turns out it’s a  time travel book. Where is the book about a character stopping time and catching up on studying, getting a little extra rest and tidying up the house? It’s like that wouldn’t make a good story or something, sheesh.

Anyway, this one turns into an Arthurian thing, with descendants of Merlin and the Pendragon and others in various factions, and for some reason it’s a bit of a trudge. It felt weird to be reading a Merlin story in a hall full of Indigenous Studies and Sustainability people. I overheard greetings in Chinuk Wawa nearby!

I’m glad I went to hear Winona LaDuke. I look up to her for finding a way to live as an activist and a leader without giving up on doing the cool stuff that’s important to her, her way. Growing corn and teaching the kids at her grandkids’ school how to braid it, and also running for vice president. Last year she and other Anishinaabe and Lakota riders traced the routes of three proposed oil pipelines, on horseback. Sometimes I feel like being an activist consists of going to a lot more meetings, ugh, and it’s good to see that it can be much more. Sang said on the way home that she’d been worried it would be like two hours of listening to Mo from Dykes to Watch Out For… but it wasn’t at all.

Celebrity dinner party: Winona LaDuke, Eileen Myles, Sarah Schulman.

This post also appears at read write run repeat. Comments read and welcomed in either place!

Midweek longreads

Oct. 23rd, 2014 02:24 pm
[personal profile] yendi
Work's been amazingly busy, so content's scarce (much as I'd love to be writing about horror flicks right now). So have some reads:

1. Buzzfeed notes that Hollywood has a pervasive blackface problem when working with stuntpeople.

2. Wired reports on the folks whose job it is to keep track of and block porn from unexpectedly hitting your social media feed. This sounds like an often-awful job to be in.

3. At The Oxford American, Sarah Menkedick writes about Spanglish and how how language shifts in their household affected her relationship. I'm a sucker for quotes like, "Our marriage started to look like a seventeenth-century arrangement, whereby I had died and Jorge had married my English-speaking sister."

4. Ay BKLYNR, Neima Johromi writes about Stephen Powers, the artist behind a lot of notable piece of public art in Brooklyn.

5. And this piece from Sports Illustrated from a few years ago is a great look at just how corrupt the sports agent business is.

And one bonus shorter read from The New Republic: The sheer clickbaity bullshit behind all those awful "humor" news sites.

Linux Container Security

Oct. 23rd, 2014 08:44 am
[personal profile] mjg59
First, read these slides. Done? Good.

Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment[1].

Does this mean containers provide reduced security? That's an arguable point. In the event of a new kernel vulnerability, container-based deployments merely need to upgrade the kernel on the host and restart all the containers. Full VMs need to upgrade the kernel in each individual image, which takes longer and may be delayed due to the additional disruption. In the event of a flaw in some remotely accessible code running in your image, an attacker's ability to cause further damage may be restricted by the existing seccomp and capabilities configuration in a container. They may be able to escalate to a more privileged user in a full VM.

I'm not really compelled by either of these arguments. Both argue that the security of your container is improved, but in almost all cases exploiting these vulnerabilities would require that an attacker already be able to run arbitrary code in your container. Many container deployments are task-specific rather than running a full system, and in that case your attacker is already able to compromise pretty much everything within the container. The argument's stronger in the Virtual Private Server case, but there you're trading that off against losing some other security features - sure, you're deploying seccomp, but you can't use selinux inside your container, because the policy isn't per-namespace[2].

So that seems like kind of a wash - there's maybe marginal increases in practical security for certain kinds of deployment, and perhaps marginal decreases for others. We end up coming back to the attack surface, and it seems inevitable that that's always going to be larger in container environments. The question is, does it matter? If the larger attack surface still only results in one more vulnerability per thousand years, you probably don't care. The aim isn't to get containers to the same level of security as hypervisors, it's to get them close enough that the difference doesn't matter.

I don't think we're there yet. Searching the kernel for bugs triggered by Trinity shows plenty of cases where the kernel screws up from unprivileged input[3]. A sufficiently strong seccomp policy plus tight restrictions on the ability of a container to touch /proc, /sys and /dev helps a lot here, but it's not full coverage. The presentation I linked to at the top of this post suggests using the grsec patches - these will tend to mitigate several (but not all) kernel vulnerabilities, but there's tradeoffs in (a) ease of management (having to build your own kernels) and (b) performance (several of the grsec options reduce performance).

But this isn't intended as a complaint. Or, rather, it is, just not about security. I suspect containers can be made sufficiently secure that the attack surface size doesn't matter. But who's going to do that work? As mentioned, modern container deployment tools make use of a number of kernel security features. But there's been something of a dearth of contributions from the companies who sell container-based services. Meaningful work here would include things like:

  • Strong auditing and aggressive fuzzing of containers under realistic configurations
  • Support for meaningful nesting of Linux Security Modules in namespaces
  • Introspection of container state and (more difficult) the host OS itself in order to identify compromises

These aren't easy jobs, but they're important, and I'm hoping that the lack of obvious development in areas like this is merely a symptom of the youth of the technology rather than a lack of meaningful desire to make things better. But until things improve, it's going to be far too easy to write containers off as a "convenient, cheap, secure: choose two" tradeoff. That's not a winning strategy.

[1] Companies using hypervisors! Audit your qemu setup to ensure that you're not providing more emulated hardware than necessary to your guests. If you're using KVM, ensure that you're using sVirt (either selinux or apparmor backed) in order to restrict qemu's privileges.
[2] There's apparently some support for loading per-namespace Apparmor policies, but that means that the process is no longer confined by the sVirt policy
[3] To be fair, last time I ran Trinity under Docker under a VM, it ended up killing my host. Glass houses, etc.

(no subject)

Oct. 21st, 2014 03:41 pm
owlectomy: A squashed panda sewing a squashed panda (Default)
[personal profile] owlectomy
My actual Free Will Astrology lololol:

Astronauts on the International Space Station never wash their underwear. They don't have enough water at their disposal to waste on a luxury like that. Instead, they fling the dirty laundry out into space. As it falls to Earth, it burns up in the atmosphere. I wish you had an amenity like that right now. In fact, I wish you had a host of amenities like that. If there was ever a time when you should be liberated from having to wash your underwear, make your bed, sweep the floor, and do the dishes, it would be now. Why? Because there are much better ways to spend your time. You've got sacred quests to embark on, heroic adventures to accomplish, historical turning points to initiate.

(no subject)

Oct. 19th, 2014 07:28 pm
owlectomy: A squashed panda sewing a squashed panda (Default)
[personal profile] owlectomy
Reading Jacqueline Woodson's new verse memoir, Brown Girl Dreaming, I was surprised to discover that she - like me - spent some of her very young years in a household of her mother, sibling(s), grandfather, and Jehovah's Witness grandmother.

It's always kind of great to find a book that speaks to your own experience - of being young and awkward and bored at the Kingdom Hall, let's say - but perhaps even more so when it comes from a place you never expected.

Revolution 60

Oct. 18th, 2014 06:01 pm
deborah: Kirkus Reviews: OM NOM NOM BRAINS (kirkus)
[personal profile] deborah
I realize I am actually sick of talking about terrible people and how they treat people badly. So I'm going to talk about something positive: This is my review of Revolution 60, the game created by Giant Spacekat. Disclaimer: I'm a book reviewer, not a game reviewer. I'm not going to review this in a critical, professional way, but only my very personal reaction.

As you know, Bob, I have pain and dexterity problems in my hands, severely limiting what I can do on a touchscreen. I'm not dexterous, I'm not fast, and I have to be enjoying myself a lot to spend spoons on a game. These days most of my gaming is shared with my housemates, where they drive the controller but we make decisions together. Many of the games I install on my iPhone get rapidly deleted for this reason, and even the ones that I do play I specifically don't play in timed modes, or modes that require dexterity.

So I was a little bit nervous about Revolution 60. I knew there was a combat system, which was necessarily going to push my limits. I picked up the game anyway, on the recommendation of a coworker. (This was when the game first launched, long before the Internet blew up at Brianna Wu.)

Revolution 60 review )

(no subject)

Oct. 18th, 2014 12:25 pm
owlectomy: A squashed panda sewing a squashed panda (Default)
[personal profile] owlectomy
Note to self:

Writing is a thing that takes time and also emotional energy.

"I have no time or emotional energy so I'm just going to feel awful about not writing" is not the best thing for me to be doing to myself here.

(This is a temporary thing, hopefully, and I'll be back on by Friday-ish, hopefully)

Weekend Longreads

Oct. 18th, 2014 09:49 am
[personal profile] yendi
1. From Buzzfeed (which yes, does do real journalism, even if it's not what the site's known for), here's what it's like to have drug-resistant tuberculosis these days.

2. The California Sunday Magazine has a heartbreaking article on a Peruvian reality show, the notoriety of fame, and murder.

3. Over at Vox, here's a story about the upcoming obsolescence of our urban water systems.

4. At Medium, Josh Ozersky writes about the pernicious influence MFK Fisher has had on the current state of food writing. I'm not always in agreement here -- I think he's a little too casual in writing off the exceptions (himself included) as being so rare, and I actually do like Fisher's writing -- but it's well worth a read.

5. Also at Medium, The Triumphs and Tragedies of Larry Smith discusses one of the pivotal -- and often forgotten -- hip-hop producers of the '80s.

(no subject)

Oct. 17th, 2014 10:04 am
owlectomy: A squashed panda sewing a squashed panda (Default)
[personal profile] owlectomy
Last year it was hyped, great-buzz books dealing with suicide. (I never did get around to reading Leonard Peacock)

This year it's hyped, great-buzz books with brutal rapes in them.

I'm not even mad except when they turn out to be actually pretty bad books. "Like a warmed-over slightly racist version of Laura Esquivel" is tolerable; "Like a warmed-over slightly racist version of Laura Esquivel with a brutal rape in it" is like, jeez, more than one serious critic thinks this is good writing? More than one magazine gave it a starred review?

I really am super cranky and impossible to please this year.

State of the body 2014

Oct. 15th, 2014 01:43 pm
[personal profile] yendi
(Obvious statement is obvious: If discussion of body/health issues is something you'd rather avoid, avoid this post.)

So last I checked, I weighed in at around 205 pounds on my 5'8" frame. I'm not from the cult of BMI, but trust me, that ain't good when that's largely fat, which it is. Three+ years back, when I was first diagnosed with Teh Diabetees, I was at 218. I'd managed to get down to around 180 before things started creeping back up over the last year and a half.

On the one hand, that's still a good thirteen off from where I've been. On the other, that's a lot of regression. It's purely the result of backsliding on my eating habits. As some of you might know, I stress eat. And I've had a lot of stress over the last two years (and yes, I stress over my body, which is a fun cycle, let me tell you). I've still generally been good about desserts other than when I travel, but resisting food has been a losing battle all too often, especially during the day. And naturally, almost none of the pants I wore last winter are an option as a result, and the smaller (size L) shirts I'd been buying in recent years all now either ride up or cling to demonstrate my gut.

I'm not happy with this, and want to change it. But it's tough. When I was good, I managed to really routinize my eating, and somehow overcame the cravings. But nowadays, I just seem to give in almost instantly. It's something I need to work on, but need to figure out how to short circuit (and without any obvious sign of stress reduction in the near future).

It's not all bad, mind you. I still walk 6-13 miles a day (just think where my weight would be otherwise), and my calves are awesome, the sort that would convince a frost giant like Skaði to choose me in a convoluted husband-picking ceremony arranged by the Vanir. I suspect I'm at least a touch healthier (beyond the weight loss) than I'd be otherwise as a result.

I also started taking the belly dancing class a co-worker is offering. It's a short (five or six session) men-only* class that's not about getting us to perform (I have less rhythm than almost anyone you could think of, and although I'm reasonably well coordinated when playing certain video games, that fails at advanced levels), but it's an opportunity for some more exercise, and exercise that's using muscles I don't normally use. My long-term goal is to start doing more working out at home, and some of the routines I'm picking up here are helpful for that (and I've got a TV with a Roku in it in the basement; no reason I can't find a zillion easy workout channels there, too). On days I do at least eight miles of walking, I'm not going to worry too much about other exercise, but on other days (rainy and snowy ones especially, and weekends), I'm going to see about augmenting things here. Along with being stricter about my own diet and working on resisting temptation.

Anyway, that's the state of the body. Not great, but not apocalyptically awful, at least. Goal is to avoid that apocalypse for now.

*The other two students, though, are in much, much better shape. One's a rugby player, the other's thin and wiry in a way that I will never, ever be. Needless to say, they're both mastering the various hip movements at a much faster pace, although we all have our moments of utter incompetence; the teacher is incredibly patient.

CUFP notes, 2014

Oct. 14th, 2014 02:47 pm
tim: Tim with short hair, smiling, wearing a black jacket over a white T-shirt (Default)
[personal profile] tim
Long overdue, here are my notes on the talks at CUFP 2014 (September 6, 2014). This is the last in a series of conference write-up posts from me that cover CUFP, the Haskell Symposium, Erlang Workshop, and the three days of ICFP itself. CUFP is the workshop for Commercial Users of Functional Programming, and I was honored to have served on the program committee for it this year.

Joe Armstrong's invited talk, "Making Money with FP", was quite entertaining... for the most part anyway. His comment that you can't sell a language, and must sell a project written in it, harked back for me to working at Laszlo Systems in 2005.

He made the point, about adoption of FP, that "nobody ever got sacked for using Microsoft products (or Java, or C++" -- also this gem, "You get paid based on the number of people you manage, so people hate the idea that ten Haskell programmers can do what 100 C++ programmers can do." (I'm not confident that that generalization always holds, but it does seem to be true in my experience.)

One aside that marred an otherwise great talk was an unnecessary use of "guys" on a slide, when Armstrong said (while speaking to the same slide) "technical guys enjoy an argument". One or the other and I might have let it slide, but not all "technical guys" enjoy an argument, plus technical women who enjoy arguments are punished for that while technical women who don't enjoy arguments tend to get steamrolled.

Then, Armstrong went on to talk about different business models for making money from FP. Most of this advice seemed broadly applicable, but it was still good to hear it coming from one of the people who is most qualified to talk about "how to make money with FP". He implied, I think, that the best two routes for a person trying to get into business with FP were either a consultancy (where you are an independent businessperson who sells consulting hours or services to other companies) or a development/R&D company where the goal is to "develop a product and sell it to a bigger company that can sell it." He explained how a good way to gain a reputation is to participate in the standardization of a language or framework: either choose a new standard or invent one of your own, and then make the best and first implementation. Then, you sell or give away software to build your reputation (which is why you can't sell a language, I guess!) and finally, sell the company :D
Read more... )
sanguinity: woodcut by M.C. Escher, "Snakes" (Default)
[personal profile] sanguinity
I need to give y'all an actual update on my life at some point, but here are some fannish things:

[livejournal.com profile] holmestice sign-ups close today at midnight EDT. Holmestice is a bi-annual Holmesian fanworks exchange, ecumenical both in types of fanworks (fic, vids, art, icons, podfics) and in Holmesian fandoms. (As you might expect, BBC Sherlock dominates the requests, offers, and resultant works, but there are usually a half-dozen requests each for ACD, the Ritchie movies, and Elementary, with a smattering of requests for other things, such as Sherlock Hound, the Watson and Holmes comic, or the Irene Adler mysteries.)

I played last summer, and received a lovely story from [personal profile] language_escapes, "Un dì, felice, eterea," which I already posted about. But I never mentioned here what I wrote:
Persistence of Memory by [archiveofourown.org profile] sanguinity for [archiveofourown.org profile] amindamazed
Elementary, Sherlock Holmes in the 22nd Century
Joan Watson & Sherlock Holmes, Robot Watson, Beth Lestrade
AU - fusion; hurt/comfort; angst; earnest crack
approx 8K words
It is 2198, and everyone Joan Watson knows is dead. Everyone except Sherlock Holmes.
I had a lot of opinions about Joan Watson's role in Elementary S2 -- as well as about the adaptive traditions concerning Watsons in general -- and a lot of them get expressed here. There's no need to be familiar with 22nd Century for this story (and no spoilers beyond the 1x01, "The Fall and Rise of Sherlock Holmes"), but for those who are 22nd Century fans, this is a major break with that show's tone.

I'm working on a continuation for that story, but I took a break to write another bit of Elementary crack:
Holocene Park by [archiveofourown.org profile] sanguinity for [archiveofourown.org profile] language-escapes
Elementary, Asylum's Sherlock Holmes (aka The One With The Dinosaurs)
Joan Watson & Sherlock Holmes, Tommy Gregson, Marcus Bell
Dinosaurs, case-fic, action, suspense
approx 25K words.
“It’s fifteen feet tall, got claws as long as my hand, and teeth.” Trina’s expression dared Joan to contradict her.

Joan eyed the length of tooth Trina was indicating. “All right,” she said. “Tell me everything you know.”
So, yeah, this is an adaptation of The One With the Dinosaurs. Those familiar with the Asylum film know that it's an astonshingly stupid romp, achieving MST3K levels of terribleness. You will be either relieved or disappointed to know that I failed to live up to that extreme terribleness, but I can promise lots of screaming and running and derring-do, punctuated with egregious abuses of science and some high-octane mustache-twirling. I had a hella lotta fun writing it; I hope you have as much fun reading it.

But in the meanwhile, come sign up for Holmestice! I will be offering/requesting the game theory book! Also zombies! It'll be fun!
shadowspar: Members of the band B'z, sitting down (b'z sitting)
[personal profile] shadowspar

...when dealing with difficult people on the Internets.

Read more... )

SEEMS LEGIT

Oct. 12th, 2014 11:10 pm
shadowspar: An angry anime swordswoman, looking as though about to smash something (sabre - angry face)
[personal profile] shadowspar
CW: Gamergate... )
owlectomy: A squashed panda sewing a squashed panda (Default)
[personal profile] owlectomy
My high school boyfriend posted on Facebook, "Homophobic laws, you have failed me for the last time."

This is since the Supreme Court punted on deciding any of the same-sex marriage cases that were brought up, effectively legalizing same-sex marriage in North Carolina, despite the amendment in the state constitution against it.

This is good! I tend to be of the opinion that in a perfect world things like health care and immigration would not depend on your marital status, but we're not there yet and weddings are nice. Some weddings are nice, at least. Marriages are nice things to have if you want them.

But when I see a post like that I sure do see the point that there has been too much focus on marriage equality as, like, the only relevant important thing? Because you can still be fired for reasons of sexual orientation or gender identity in most counties in North Carolina. You still can't adopt children with a same-sex partner. (We'll see if that changes now that there's marriage equality? Because they outlawed it by outlawing all second-parent adoptions to non-married couples?) Bullying on the basis of sexual orientation or gender identity is against the law in public schools but not private schools. (I was actually surprised to find out that this had passed! It happened in 2009.)

And the thing is, this guy is married to a woman, so... I get that he may have felt like he was being failed by homophobic laws, he can have an ally cookie if he wants, but having to stay in the closet to avoid getting fired is a more pressing concern for a lot of people than not being able to get married, I think, so maybe "for the last time" can wait a while.

"Stay safe"

Oct. 11th, 2014 12:19 pm
badgerbag: (Default)
[personal profile] badgerbag
I get somewhat annoyed when I see people saying "stay safe". What the hell people? Is the point of life to stay safe? Since when?! Especially weird when saying it to women who get death threats on Twitter. What are the suppposed to do to stay safe? Go into hiding? I mean, I've seen several people DO that. I fucking refuse to ever do that. Seriously fuck it.

Also weirdly irksome, when people say it to journalists going into war zones. I know what people mean is, I hope you come back ok from this. Still, if they were planning on staying safe they wouldn't go into a war zone to report from the front lines.

Annoying recent fad of language. I don't think I ever heard anyone say "stay safe" before about ... maybe 10 years ago, maybe less. When I hear it I hear a double message of "I'm worried about you" and "Be afraid and in fact I'm judging on you right now for not being afraid and behaving cowardly enough and whatever happens to you is your own fault"

Curmudgeonishly, me.

Chaff and flares; flares and chaff

Oct. 11th, 2014 04:20 am
shadowspar: An angry anime swordswoman, looking as though about to smash something (sabre - angry face)
[personal profile] shadowspar

Serious trigger warning for violent misogyny, harassment, abuse, and threats.

Seriously, TW for GamerGate and all the things associated therewith. )

The smell of wealth

Oct. 10th, 2014 10:43 pm
badgerbag: (Default)
[personal profile] badgerbag
In a book I'm reading right now (the dragons in Detroit one) the protagonist notices "the smell of wealth" as he joins a horrible sibling for dinner. apparently the smell of wealth in this fancy restaurant is hardwood and truffle oil. Fair enough. I suddenly wondered what the smell of wealth would be or not be for different people.

Things that are definitely not the smell of wealth:
* Pine-sol
* Patchouli
* Feet smelling carpet in the YMCA dressing room
* Those air freshener candles in the gross smelling aisle at the drug store

Add your own to this list. It has a lot of potential.

I then had a memory not for the first time of this amazing lady I used to work with. We didn't work together directly, but were acquaintances from different departments and I would be around in her in various work contexts. She was a couple levels of hierarchy up from me. Once at dinner I was suddenly struck by realizing she was wearing like, a super simple sheath dress and some sandals and nothing else noticable, with her air in a ponytail. But she looked wealthy in a way I could not fathom. Why did she look like she was sort of burnished and definitely rich. It came down to I think, plastic surgeries, and super white teeth, and years of very regular spa visits. Like she must have got not just her hair cut every week but had the full run of things that can happen to you in a day spa/salon (a thing i was only dimly aware of at the time. ) She absolutely glowed. Nothing was out of control or out of place and she also projected an air of being extremely relaxed. She was also *nice* all the time. It was very odd. Her simple dress was also very structured and perfectly tailored to her. If you look around in the world, most 60 year old people don't look like that. I think celebrities must do this high level of work to look super polished. (this was near L.A. so she wasn't the only one to look like this) to me that is what wealthy looks like. They look like perfect dolls of humans. It isn't even the amount of consistent long term labor that goes into it. It's like the lifetime of never dropping that labor. And being really relaxed and comfortable because of leisure, at the same time. It was just their normal. It goes so far beyond a regular person's dressing up for an occasion (like, you can't get there by just doing your hair.)

Middle class people (when I'm definitely in middle class landia and not strange silicon valley land where different signifiers hold true) look like the current season's mall clothes. This is unmistakeable. Most of the people getting off a plane from Dallas or Houston will be wearing a current Mall from head to toe and it won't be more than 6 months old, not a fray or an inkstain.

This has been my painkiller fueled ramble of the day. You're welcome.
alixtii: (weather)
[personal profile] alixtii
The antepenultimate chapter of "Where the Heart Is"! I was hoping to have the entire thing finished before this year's Yuletide assignments were sent out. I . . . don't think that's going to happen.

Where the Heart Is (15423 words) by Alixtii
Chapters: 6/8
Fandom: Folgers Holiday Commercial (2009), Folgerscest - Fandom, Original Work, Ghost Soup Infidel Blue
Relationships: Brother/Sister, Folgerscest
Summary: After spending five years in West Africa, a young man returns home to the United States for the holidays. But sometimes home isn't a place so much as it is a person.

Luke and Lexie go to the Hendersons' New Years Eve Eve party. But so does Gwen, and drama ensues.


( Where the Heart Is, 6/8 )
Page generated Oct. 24th, 2014 07:01 am
Powered by Dreamwidth Studios