Diane Trout diane@pump.ghic.org

Los Angeles

By day, IS generalist for an biology lab currently working on ENCODE, speciallizing in the python scientific stack. By night, trying to contribute to Debian and KDE. Also easily distracted by various kinds of role playing games.

  • 2017-04-19T21:39:09Z via ghic.org Web To: Public CC: Followers

    Surveillance trade offs:

    Today my partner got a message from InstaCart telling us a food product had been recalled because of an unexpected peanut contamination. That could honestly be a really important notice for someone.

    But then I also saw this law suit over on twitter.

    Bose Corp spies on its wireless headphone customers by using an app that tracks the music, podcasts and other audio they listen to, and violates their privacy rights by selling the information without permission, a lawsuit charged.

    The complaint filed on Tuesday by Kyle Zak in federal court in Chicago seeks an injunction to stop Bose's "wholesale disregard" for the privacy of customers who download its free Bose Connect app from Apple Inc or Google Play stores to their smartphones.
    via https://twitter.com/zeynep/status/854781604845281281

    Perhaps the problem isn't surveillance but the lack of power to hold business & state entities accountable for abusive practices.

    Mike Linksvayer likes this.

    I agree that "lack of power to hold business & state entities accountable for abusive practices" is a problem, but it's not clear to me this story is a datapoint in favor of that sentiment...we'll see how the case coms out:

    Zak is seeking millions of dollars of damages for buyers of headphones and speakers, including QuietComfort 35, QuietControl 30, SoundLink Around-Ear Wireless Headphones II, SoundLink Color II, SoundSport Wireless and SoundSport Pulse Wireless.
    He also wants a halt to the data collection, which he said violates the federal Wiretap Act and Illinois laws against eavesdropping and consumer fraud.Dore, a partner at Edelson PC, said customers do not see the Bose app's user service and privacy agreements when signing up, and the privacy agreement says nothing about data collection. Edelson specializes in suing technology companies over alleged privacy violations.

    When will someone demand, in addition to remedies like halting data collection and monetary damages, source code for all affected products, under an open license, so that consumers can use a different vendor to fix their products, rather than the one that has voided their trust.

    Mike Linksvayer at 2017-04-20T04:12:05Z

    ps I'm also not sure the InstaCart thing is rightly called surveillance. Your partner ordered some food from them that was later identified as contaminated, right? They don't need to see or gather any data they weren't already to send that notice.

    Mike Linksvayer at 2017-04-20T04:16:45Z

    My more paranoid tendency is to go in to a store and pay cash for things, which then avoids several easy options for profiling my purchase history...

    Buying something though a web or app is logged and is tracked... but sometimes that tracking is helpful. (with warranty or product recalls)

    and you're right, being able to customize the device with a different FOSS would provide the user options to protect their data.

    Diane Trout at 2017-04-20T06:44:17Z

  • 2017-04-18T22:33:33Z via ghic.org Web To: Public CC: Followers

    FWIW I upgraded my pump instance to 4.0.0.beta5.

    Seems to be mostly working.
    Well there's this bug where sometimes, eventually I stop being able to post.

    Diane Trout at 2017-04-19T00:18:27Z

    Ah... is that via web UI?

    JanKusanagi at 2017-04-19T00:21:31Z

    Yep. It was a bug in the webui

    Diane Trout at 2017-04-19T02:00:40Z

  • 2017-04-06T22:28:57Z via ghic.org Web To: Public CC: Followers

    I was reading the ActivityPub 2.0 specification and... I want to be able to do this:
    Alyssa P. Hacker likes to post to her ActivityPub powered blog via an Emacs client she has written, leveraging Org mode.

  • 2017-03-25T06:21:22Z via ghic.org Web To: Public CC: Followers

    New blog post, I confess to not reading my email, and link to a presentation by a #noemail early dropper. http://ghic.org/~diane/put-your-hand-in-the-inbox.html
  • 2017-03-25T04:41:53Z via ghic.org Web To: Public CC: Followers

    Google talk s2s federation is scheduled for termination on Jun 26.


    Weren't we just wondering why it was still around?

    There are a couple of projects to speak the hangouts protocol that might be usable as a gateway
    Show all 5 replies

    It'll impact me. I have few friends grandfathered in

    Diane Trout at 2017-03-27T01:51:15Z

    >> Diane Trout:

    “It'll impact me. I have few friends grandfathered in”

    As do I. Time to figure out if it's worth it to convince them to move off Hangouts (unlikely to work) or set up a transport.

    Scott Sweeny at 2017-03-27T12:57:29Z

    I have just a couple @gmail.com contacts on my Jabber roster. One of them already registered a real XMPP account a couple weeks ago for different reasons, and the other one is a family member who I was thinking of moving to a serious XMPP server anyway, since, really, very few servers keep the broken security needed to keep in touch with stupid Gmail...

    JanKusanagi at 2017-03-27T13:58:54Z

    Claes Wallin (韋嘉誠) likes this.

    If the uni computer society wasn't running a server, I wouldn't be on XMPP. And I only talk to one person on it. Pretty sad, really.

    Claes Wallin (韋嘉誠) at 2017-03-27T14:50:23Z

  • 2017-03-23T06:18:23Z via ghic.org Web To: Public CC: Followers

    I've been thinking about email for a while, and decided to start writing some of those thoughts down. http://ghic.org/~diane/what-about-email.html
    Show all 8 replies
    @clake as for "most email goes through gmail"

    Maybe most person to person email touches gmail.

    But I get a lot of notification emails that never touch gmail. Twitter, and github send messages directly, several newsletters are either direct or via a service like mailchimp.

    It's because of "transactional" messages like these that make it hard to completely opt out of email

    Diane Trout at 2017-03-23T18:08:44Z

    Claes Wallin (韋嘉誠) likes this.

    >> Diane Trout:

    “@jankusanagi@datamost.com I haven't managed to figure out how to subscribe to someone over Google's s2s connection since they deprecated it. But people I subscribed to prior to the spam waves still work. They didn't remove it must made it really hard to use”

    Well, first they'd need to be using their account from a standard XMPP client, or set GMail's web interface chat to "Classic" or "Old" or whatever's called.

    Bonus points if the person doing that gives them feedback to going back to """old chat""" such as "I want XMPP federation, not Hangouts silo" ;)

    Secondly, as you probably know, your server would need to have very lax encryption settings. I don't recall the exact name of the things, but something that most XMPP servers agreed to require back in 2014 or so, that GMail, of coooourse, doesn't.

    So yes, Google made it quite hard to use. I wonder why they didn't just kill it completely...

    JanKusanagi at 2017-03-23T19:13:40Z

    Claes Wallin (韋嘉誠), Diane Trout likes this.

    Well, at least prosody allows you to add a whitelist of servers for which strict verification of SSL is not enforced (and comes with gmail.com as the example content), so it is possibile to talk with people on gtalk without having to allow substandard settings with everybody else.

    It's definitely not something that I'd like to depend on, however, just something that currently makes it somewhat easy to have a migration plan to something else that doesn't require to be all-or-nothing-now.

    Elena ``of Valhalla'' at 2017-03-24T17:47:37Z

    @diane Good point!

    @JK@DM So much evil to do, so little time.

    Claes Wallin (韋嘉誠) at 2017-03-27T14:06:14Z

  • 2017-03-13T18:04:18Z via ghic.org Web To: Public CC: Followers

    I discovered a bad thing about Emacs.

    Control-/ is bound to undo and one of my cats can stand on "Control", "/", ".", "left arrow"

    Two seconds undo with the occasional cursor movement made a mess of about 5 minutes of editing

    LUCKILY! You can get it back! Emacs' undo history provides a very nice system of both undo and redo.

    Try typing some text, or doing some various complex things, then type undo a few types. Now move the cursor, or do something that "interrupts" a sequence of undos. Now start typing undos again. You're now reversing your undos!

    The emacs manual includes more information on undo/redo... it's a pretty nice system. Of course, like anything in emacs, more can be done.

    Christopher Allan Webber at 2017-03-13T18:21:25Z

    I know, its just if you stop undoing and move the point, that breaks the undo chain and it starts undoing your undos, and the left arrow was also squished.

    Diane Trout at 2017-03-13T18:30:37Z

    Christopher Allan Webber likes this.

    Ah yeah, it can only protect so much against cat-like behaviors I guess. Sucks, sorry that your buffer got trashed.

    I wonder if, like in preventing tearing up the furniture, a cat tree would be of some help. (I have never used it...)

    Christopher Allan Webber at 2017-03-13T18:34:57Z

    I have yet to come to terms with Emacs' model of undo. I can deal with all the other "oddities" of Emacs I've encountered, but for whatever reasons, the undo model trips me up all the time.

    Charles ☕ Stanhope at 2017-03-13T19:42:31Z

  • 2017-03-09T07:31:28Z via ghic.org Web To: Public CC: Followers

    The simplest thing I could think of to help fight XMPP spam is a shared blocklist, and a utility save, merge, and upload ones block list.

    There's a little network of xmpp spammer lists at these repositories https://github.com/detrout/XMPPSpammer

    I have a small bit of code using sleekxmpp to download the block list. I next I need to get it to update the list on the server 

    Though what was most effective for me was blocking a few domains, which unfortunately requires administrator access.

  • 2017-03-06T22:24:53Z via ghic.org Web To: Public CC: Followers

    Grumble. Stupid Russian mafia computer criminals, This is why we can't have nice things.

    I've started getting SPAM on my jabber server, some open XMPP servers have unrestricted registration, which is only slightly less bad than running an open SMTP relay.

    Unfortunately the easiest solution is to blacklist domains generating a lot of SPAM. Which of course breaks federation.

    Christopher Allan Webber shared this.

    Show all 12 replies
    Well I feel guilt for thinking hey there's these unsolved problems... maybe I should work on them? But am instead too easily distracted by shiny video games.

    Diane Trout at 2017-03-06T23:56:09Z

    James Dearing 🐲, Christopher Allan Webber likes this.

    I feel your pain but in a different direction today.. Getting a lot of backscatter email because some asshat is using my address in their spam.

    On the XMPP side I had to shut down the Proxy65 part of my XMPP server because it was being abused and Eating tons on bandwidth. But that was a while ago now

    just Grrrr.

    Freemor at 2017-03-07T01:09:43Z

    Diane Trout likes this.

    @freemore I too hate backscatter email. I set some pretty strict SPF rules on my domain which cut down on the backscatter, Though I still need to learn how to set up DKIM and DMARC.

    Thanks for mentioning the Proxy65, I have that installed, and am not sure if its being misused, so another set of ACLs to go check.

    Diane Trout at 2017-03-07T19:14:30Z

    Right now I'm getting spammed by a request from one single user, which when I google it, pops next to scam and mail bombing. And the client I use, coyim, doesn't allow me to block for good....

    Can't have nice things.

    Hubert Figuière at 2017-03-08T21:58:24Z

  • 2017-02-23T04:16:07Z via AndStatus To: Public


  • 2017-02-14T21:33:40Z via ghic.org Web To: Public CC: Followers

    Ok Win10 that's a good idea.

    The task manager shows breakdowns for CPU, Memory, Disk and Network both a total and per application.

    On desktop Linux its hard to get per application disk and network utilization

    For the record, Plasma's System Monitor (aka KSysGuard) can show per-process I/O along the many other table values.

    For per-process network use, you can use Nethogs. Not as nice, but certainly easy to use =)

    JanKusanagi @i at 2017-02-14T21:45:36Z

  • 2017-02-05T07:52:58Z via ghic.org Web To: Public CC: Followers

    I was helping archive some data for https://github.com/climate-mirror/datasets and wondered how would someone know if a DIY data mirror hadn't tampered with the data.

    Best I can think of is scientists really should sign their data.

    Perhaps data producing projects should generate indexes of files containing a couple of high quality hashes and then have several project members gpg sign the hash index.

    Stephen Sekula, Dana likes this.

    It might also help protect against bit rot. Some of the larger physics projects are generating enough data that the 1 error in 10^15 bits that a lot of hard disks are rated for is expected to occur.

    Diane Trout at 2017-02-05T07:55:05Z

    I smell an excellent use case for git-annex!

    Claes Wallin (韋嘉誠) at 2017-02-06T10:29:53Z

    Now I know that https://datproject.org/ has solutions for exactly this problem and more, with a focus on usability and the big-lump-o-data scientific dataset.

    Claes Wallin (韋嘉誠) at 2017-03-27T15:47:33Z

  • 2017-01-31T05:37:07Z via ghic.org Web To: Public CC: Followers

    Ah so AndStatus's "combined" mode turned off it wasn't that no one was here.

    Also ahhh.... Everythings on fire (politically)

    Politically and socially, I guess

    JanKusanagi @i at 2017-01-31T09:40:59Z

  • 2016-11-17T03:55:46Z via AndStatus To: Public

    A long list of things to do as a community to help resist hate groups, from the southern poverty law center https://www.splcenter.org/20100216/ten-ways-fight-hate-community-response-guide

    Stephen Sekula likes this.

    Stephen Sekula shared this.

    Thanks for sharing this, Diane. I've been watching some hate-based events unfolding at my own University, and the student and faculty community (led by the students) has so far responded wonderfully, doing a lot of the very things that SPLC recommends.

    Stephen Sekula at 2016-11-17T11:30:24Z

    Diane Trout likes this.

    I realized after reading the SPLC's recommendations that many of Caltech's diversity centers actions & events fit. Apparently the people working directly on improving inclusiveness work and learn from each other. ;)

    Diane Trout at 2016-11-17T20:05:07Z

  • 2016-11-14T19:18:17Z via ghic.org Web To: Public CC: Followers

    I was thinking about the how hate groups and bot harassment cause serious problems on twitter. The problem of harassment is likely to be even worse for decentralized tools like pump or blog comments.

    I've wanted a way to restrict participating users to those who are likely to behave reasonably, without me having to moderate hate-speech comments.

    One idea I had was to use https://shibboleth.net/, it supports a form of curated federation. Federation members download a signed configuration file that lists the approved identity providers for all the members.

    One nice thing about shibboleth is that the identity provider site can control how much information is shared, and it can be as little as "yes the user is a member of our organization". This is a lot better than WebID (and probably Oauth) where you always get something like their home page or email address.

    The current users of shibboleth are mostly research & higher education, so for instance there's the US InCommon and the European eduGAIN federations which are also trying to work together, but since their professional they have professional fees.

    I was imaging the free software volunteer world might form its own federation. So we might start with technical groups like a federation between Debian, Fedora, FSF, Apache, and Python foundation.

    If it works then perhaps it could be extended to support other less technical civil society groups.

    I was hoping that by restricting access to groups that have a process to vet their memberships and are willing to kick people who are sufficiently obnoxious we could make it harder for trolls to slip in and attack people
    (or prevent spammers to just drown useful discussion).

    Though the more anarchistic types would probably still dislike that this gives groups power over them.
  • Anti-Trump protests in Los Angeles

    2016-11-14T07:18:27Z via ghic.org Web To: Public CC: Followers

    Also from twitter: https://twitter.com/sandyherr2/status/797625070134771713

    "Wilshire Blvd LOS Angeles Closed for Protest, INCREDIBLE SITE. PROUD OF THEM ALL"

    Dana likes this.

    Dana shared this.

  • Oakland anti-Trump protest

    2016-11-14T07:16:02Z via ghic.org Web To: Public CC: Followers

    California does not like Trump.

    From twitter. https://twitter.com/Bill_Palmer/status/797944601638223872

    Post said human chain 3.5 miles long

  • 2016-11-11T18:23:54Z via ghic.org Web To: Public CC: Followers

    Though to be fair, for some people I might currently recommend non-free software.

    I realized Office 365 is probably a good choice for people who still email attachments, because opening potential mal-ware on someone else's computer is probably safer for the recipient.

  • 2016-11-11T18:21:39Z via ghic.org Web To: Public CC: Followers

    Here's a story of Free software helping people.


    Christopher Allan Webber likes this.

  • 2016-11-09T18:42:11Z via ghic.org Web To: Public CC: Followers



    All of us who work in the production and dissemination of information need to engage in a serious reality check.
    We need to think about her research.