Diane Trout diane@pump.ghic.org

Los Angeles

By day, IS generalist for an biology lab currently working on ENCODE, speciallizing in the python scientific stack. By night, trying to contribute to Debian and KDE. Also easily distracted by various kinds of role playing games.

  • 2017-06-21T02:25:07Z via ghic.org Web To: Public CC: Followers

    So 200m voting records were exposed on the Internet by a company called Deep Root Analytics.

    http://www.latimes.com/politics/la-na-pol-gop-data-breach-20170619-story.html (use an ad blocker, or noscript they don't clean their ads very well)

    I was curious how that worked. I found the companies website https://www.deeprootanalytics.com/platform/ and learned that they take advantage of set top boxes and smart tvs.
    We have developed models of more than 20 key audiences, how they consume media, and what drives them to make decisions. We merge our pre-built audience segments with additional data points that are important to you – like actual viewing behavior from set-top boxes and service providers and Smart TV data, available rate and inventory data and ad occurrence data
    That lead them to issue this report that "ESPN had become more liberal"

    https://www.outkickthecoverage.com/analysis-espn-lost-republican-viewers-across-country-2016/

    They can do this because there's an address available for the set-top boxes, and voter registration is public, so they "just" have to merge on address, to make claims about political groups.

    I wonder how many people know their cable company is watching them?

    I had completely missed that part of the story. There is so much more buying and selling of information behind our backs than the vast majority of us realize. :/

    Charles Stanhope at 2017-06-21T12:48:12Z

  • 2017-06-09T05:42:50Z via ghic.org Web To: Public CC: Followers

    Instead of being productive I watched the UK election tonight.
  • 2017-06-01T22:33:29Z via ghic.org Web To: Public CC: Followers

    I'm feeling pessimistic about the web.

    There are just so many factions trying to manipulate everyone.

    Somehow this turns into: I should figure out how to make libreoffice more useful, and get my coworkers to use nextcloud.

    I share your feeling of pessimism. It seems like the web has been captured by a few large players to use as a foundation to build their closed silos that require their permission to participate: Google (browser and phone and AMP), Facebook, Apple, MS, etc. Not to mention the squeeze that ISPs are placing on everybody. Anyway, I like your positive impulse to do things to counter what is going on. I also want to share that feeling.

    Charles Stanhope at 2017-06-01T22:56:06Z

    Diane Trout likes this.

    Very productive turn though!

    Mike Linksvayer at 2017-06-02T03:02:57Z

  • 2017-05-02T18:33:22Z via ghic.org Web To: Public CC: Followers

    In the weird world of giving your children warped views of the world...

    Kid was watching youtube shows with other parent, and they skipped over the ads. She took the lesson that she shouldn't watch ads.

    Later I suggested "ads are for machines", a lesson she's repeated back to me several times.

    This isn't really true... but in the current world of ad blockers and spam filters it's not really untrue either...
  • 2017-05-02T18:28:47Z via ghic.org Web To: Public CC: Followers

    Whoa Nextcloud has some implementation of ActivityPub! (Go CWebber!)

    Working with others was also improved across servers, federating activities so you can see changes on remote shares in your activity feed through an implementation of the ActivityPub API developed by the W3C.

    from https://nextcloud.com/blog/nextcloud-12-beta-introduces-the-next-generation-of-secure-collaboration/

    sazius, Christopher Allan Webber, Elena ``of Valhalla'', Mike Linksvayer likes this.

    Christopher Allan Webber shared this.

    Wow! I knew they were planning on doing it but I didn't know this was happening yet

    Christopher Allan Webber at 2017-05-02T19:06:32Z

  • 2017-05-02T18:22:00Z via ghic.org Web To: Public CC: Followers

    Interesting on my Meanwhile, one person liked a note, and two favorited a note.

    I wonder what triggers the different verbs.

    It depends on what verb the client uses, but it's the exact same action =)


    The web interface, Dianara and others use "favorite", while Pumpa and at least one other use "like".

    JanKusanagi at 2017-05-02T18:27:52Z

  • 2017-05-02T00:49:02Z via AndStatus To: Public

    Also all of you who stayed pure with respects your freedom hardware here's your chance to relax while the rest of us struggle to patch our CPUs. https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr https://www.theregister.co.uk/AMP/2017/05/01/intel_amt_me_vulnerability/

    Christopher Allan Webber likes this.

    Christopher Allan Webber shared this.

    Easy to feel smug about it too (especially with people scoffing at free software types for worrying about it), but of course what's even more alarming is what a small portion of us (and a tech-privileged set too) are safe.

    But on the upside, hypernerd worry may mean a path for safety for everyone else.

    Whew! This stuff is hard!

    Christopher Allan Webber at 2017-05-02T00:59:00Z

    Claes Wallin (韋嘉誠) likes this.

    Some people may be safe from any sort of direct consequences for this security problem, but I suspect even those people are indirectly at risk due to how widespread the problem could turn out to be.

    Charles Stanhope at 2017-05-02T04:08:09Z

    Christopher Allan Webber likes this.

    One of the most irritating things is its pretty hard to tell if the computer actually has the vulnerable code.

    Linux thinks this laptop has the mei_me module, but nothing in the firmware setup refers to configuring AMT. I probably have to keep checking the vendor page to see if there's any newer BIOS updates.

    Diane Trout at 2017-05-02T05:00:06Z

    Christopher Allan Webber likes this.

  • 2017-05-02T00:00:17Z via ghic.org Web To: Public CC: Followers

    Interesting research via Zeynep Tufekci on twitter:

    Research: Repeated exposure makes fake news be believed more. Makes much sense. Fake news works via socialization.
     https://twitter.com/zeynep/status/859135691124559872
    Paper: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2958246

    Apparently repeating statement enough makes people believe it.

    I am not infrequently horrified how how fragile rationality is.

    Christopher Allan Webber likes this.

  • 2017-04-19T21:39:09Z via ghic.org Web To: Public CC: Followers

    Surveillance trade offs:

    Today my partner got a message from InstaCart telling us a food product had been recalled because of an unexpected peanut contamination. That could honestly be a really important notice for someone.

    But then I also saw this law suit over on twitter.
    http://mobile.reuters.com/article/idUSKBN17L2BT

    Bose Corp spies on its wireless headphone customers by using an app that tracks the music, podcasts and other audio they listen to, and violates their privacy rights by selling the information without permission, a lawsuit charged.

    The complaint filed on Tuesday by Kyle Zak in federal court in Chicago seeks an injunction to stop Bose's "wholesale disregard" for the privacy of customers who download its free Bose Connect app from Apple Inc or Google Play stores to their smartphones.
    via https://twitter.com/zeynep/status/854781604845281281

    Perhaps the problem isn't surveillance but the lack of power to hold business & state entities accountable for abusive practices.

    Mike Linksvayer likes this.

    I agree that "lack of power to hold business & state entities accountable for abusive practices" is a problem, but it's not clear to me this story is a datapoint in favor of that sentiment...we'll see how the case coms out:

    Zak is seeking millions of dollars of damages for buyers of headphones and speakers, including QuietComfort 35, QuietControl 30, SoundLink Around-Ear Wireless Headphones II, SoundLink Color II, SoundSport Wireless and SoundSport Pulse Wireless.
    He also wants a halt to the data collection, which he said violates the federal Wiretap Act and Illinois laws against eavesdropping and consumer fraud.Dore, a partner at Edelson PC, said customers do not see the Bose app's user service and privacy agreements when signing up, and the privacy agreement says nothing about data collection. Edelson specializes in suing technology companies over alleged privacy violations.

    When will someone demand, in addition to remedies like halting data collection and monetary damages, source code for all affected products, under an open license, so that consumers can use a different vendor to fix their products, rather than the one that has voided their trust.

    Mike Linksvayer at 2017-04-20T04:12:05Z

    ps I'm also not sure the InstaCart thing is rightly called surveillance. Your partner ordered some food from them that was later identified as contaminated, right? They don't need to see or gather any data they weren't already to send that notice.

    Mike Linksvayer at 2017-04-20T04:16:45Z

    My more paranoid tendency is to go in to a store and pay cash for things, which then avoids several easy options for profiling my purchase history...

    Buying something though a web or app is logged and is tracked... but sometimes that tracking is helpful. (with warranty or product recalls)

    and you're right, being able to customize the device with a different FOSS would provide the user options to protect their data.

    Diane Trout at 2017-04-20T06:44:17Z

  • 2017-04-18T22:33:33Z via ghic.org Web To: Public CC: Followers

    FWIW I upgraded my pump instance to 4.0.0.beta5.

    Seems to be mostly working.
    Well there's this bug where sometimes, eventually I stop being able to post.

    Diane Trout at 2017-04-19T00:18:27Z

    Ah... is that via web UI?

    JanKusanagi at 2017-04-19T00:21:31Z

    Yep. It was a bug in the webui

    Diane Trout at 2017-04-19T02:00:40Z

  • 2017-04-06T22:28:57Z via ghic.org Web To: Public CC: Followers

    I was reading the ActivityPub 2.0 specification and... I want to be able to do this:
    Alyssa P. Hacker likes to post to her ActivityPub powered blog via an Emacs client she has written, leveraging Org mode.


  • 2017-03-25T06:21:22Z via ghic.org Web To: Public CC: Followers

    New blog post, I confess to not reading my email, and link to a presentation by a #noemail early dropper. http://ghic.org/~diane/put-your-hand-in-the-inbox.html
  • 2017-03-25T04:41:53Z via ghic.org Web To: Public CC: Followers

    Google talk s2s federation is scheduled for termination on Jun 26.

    https://gsuiteupdates.googleblog.com/2017/03/updates-in-g-suite-to-streamline-hangouts-and-gmail.htm...

    Weren't we just wondering why it was still around?

    There are a couple of projects to speak the hangouts protocol that might be usable as a gateway
    Show all 5 replies

    It'll impact me. I have few friends grandfathered in

    Diane Trout at 2017-03-27T01:51:15Z

    >> Diane Trout:

    “It'll impact me. I have few friends grandfathered in”

    As do I. Time to figure out if it's worth it to convince them to move off Hangouts (unlikely to work) or set up a transport.

    Scott Sweeny at 2017-03-27T12:57:29Z

    I have just a couple @gmail.com contacts on my Jabber roster. One of them already registered a real XMPP account a couple weeks ago for different reasons, and the other one is a family member who I was thinking of moving to a serious XMPP server anyway, since, really, very few servers keep the broken security needed to keep in touch with stupid Gmail...

    JanKusanagi at 2017-03-27T13:58:54Z

    Claes Wallin (韋嘉誠) likes this.

    If the uni computer society wasn't running a server, I wouldn't be on XMPP. And I only talk to one person on it. Pretty sad, really.

    Claes Wallin (韋嘉誠) at 2017-03-27T14:50:23Z

  • 2017-03-23T06:18:23Z via ghic.org Web To: Public CC: Followers

    I've been thinking about email for a while, and decided to start writing some of those thoughts down. http://ghic.org/~diane/what-about-email.html
    Show all 8 replies
    @clake as for "most email goes through gmail"

    Maybe most person to person email touches gmail.

    But I get a lot of notification emails that never touch gmail. Twitter, and github send messages directly, several newsletters are either direct or via a service like mailchimp.

    It's because of "transactional" messages like these that make it hard to completely opt out of email

    Diane Trout at 2017-03-23T18:08:44Z

    Claes Wallin (韋嘉誠) likes this.

    >> Diane Trout:

    “@jankusanagi@datamost.com I haven't managed to figure out how to subscribe to someone over Google's s2s connection since they deprecated it. But people I subscribed to prior to the spam waves still work. They didn't remove it must made it really hard to use”

    Well, first they'd need to be using their account from a standard XMPP client, or set GMail's web interface chat to "Classic" or "Old" or whatever's called.


    Bonus points if the person doing that gives them feedback to going back to """old chat""" such as "I want XMPP federation, not Hangouts silo" ;)


    Secondly, as you probably know, your server would need to have very lax encryption settings. I don't recall the exact name of the things, but something that most XMPP servers agreed to require back in 2014 or so, that GMail, of coooourse, doesn't.



    So yes, Google made it quite hard to use. I wonder why they didn't just kill it completely...

    JanKusanagi at 2017-03-23T19:13:40Z

    Claes Wallin (韋嘉誠), Diane Trout likes this.

    Well, at least prosody allows you to add a whitelist of servers for which strict verification of SSL is not enforced (and comes with gmail.com as the example content), so it is possibile to talk with people on gtalk without having to allow substandard settings with everybody else.


    It's definitely not something that I'd like to depend on, however, just something that currently makes it somewhat easy to have a migration plan to something else that doesn't require to be all-or-nothing-now.

    Elena ``of Valhalla'' at 2017-03-24T17:47:37Z

    @diane Good point!

    @JK@DM So much evil to do, so little time.

    Claes Wallin (韋嘉誠) at 2017-03-27T14:06:14Z

  • 2017-03-13T18:04:18Z via ghic.org Web To: Public CC: Followers

    I discovered a bad thing about Emacs.

    Control-/ is bound to undo and one of my cats can stand on "Control", "/", ".", "left arrow"

    Two seconds undo with the occasional cursor movement made a mess of about 5 minutes of editing

    LUCKILY! You can get it back! Emacs' undo history provides a very nice system of both undo and redo.

    Try typing some text, or doing some various complex things, then type undo a few types. Now move the cursor, or do something that "interrupts" a sequence of undos. Now start typing undos again. You're now reversing your undos!

    The emacs manual includes more information on undo/redo... it's a pretty nice system. Of course, like anything in emacs, more can be done.

    Christopher Allan Webber at 2017-03-13T18:21:25Z

    I know, its just if you stop undoing and move the point, that breaks the undo chain and it starts undoing your undos, and the left arrow was also squished.

    Diane Trout at 2017-03-13T18:30:37Z

    Christopher Allan Webber likes this.

    Ah yeah, it can only protect so much against cat-like behaviors I guess. Sucks, sorry that your buffer got trashed.

    I wonder if, like in preventing tearing up the furniture, a cat tree would be of some help. (I have never used it...)

    Christopher Allan Webber at 2017-03-13T18:34:57Z

    I have yet to come to terms with Emacs' model of undo. I can deal with all the other "oddities" of Emacs I've encountered, but for whatever reasons, the undo model trips me up all the time.

    Charles Stanhope at 2017-03-13T19:42:31Z

  • 2017-03-09T07:31:28Z via ghic.org Web To: Public CC: Followers

    The simplest thing I could think of to help fight XMPP spam is a shared blocklist, and a utility save, merge, and upload ones block list.

    There's a little network of xmpp spammer lists at these repositories https://github.com/detrout/XMPPSpammer

    I have a small bit of code using sleekxmpp to download the block list. I next I need to get it to update the list on the server 

    Though what was most effective for me was blocking a few domains, which unfortunately requires administrator access.

  • 2017-03-06T22:24:53Z via ghic.org Web To: Public CC: Followers

    Grumble. Stupid Russian mafia computer criminals, This is why we can't have nice things.

    I've started getting SPAM on my jabber server, some open XMPP servers have unrestricted registration, which is only slightly less bad than running an open SMTP relay.

    Unfortunately the easiest solution is to blacklist domains generating a lot of SPAM. Which of course breaks federation.

    Christopher Allan Webber shared this.

    Show all 12 replies
    Well I feel guilt for thinking hey there's these unsolved problems... maybe I should work on them? But am instead too easily distracted by shiny video games.

    Diane Trout at 2017-03-06T23:56:09Z

    James Dearing 🐲, Christopher Allan Webber likes this.

    I feel your pain but in a different direction today.. Getting a lot of backscatter email because some asshat is using my address in their spam.


    On the XMPP side I had to shut down the Proxy65 part of my XMPP server because it was being abused and Eating tons on bandwidth. But that was a while ago now


    just Grrrr.

    Freemor at 2017-03-07T01:09:43Z

    Diane Trout likes this.

    @freemore I too hate backscatter email. I set some pretty strict SPF rules on my domain which cut down on the backscatter, Though I still need to learn how to set up DKIM and DMARC.

    Thanks for mentioning the Proxy65, I have that installed, and am not sure if its being misused, so another set of ACLs to go check.

    Diane Trout at 2017-03-07T19:14:30Z

    Right now I'm getting spammed by a request from one single user, which when I google it, pops next to scam and mail bombing. And the client I use, coyim, doesn't allow me to block for good....

    Can't have nice things.

    Hubert Figuière at 2017-03-08T21:58:24Z

  • 2017-02-23T04:16:07Z via AndStatus To: Public

    Rainbow

  • 2017-02-14T21:33:40Z via ghic.org Web To: Public CC: Followers

    Ok Win10 that's a good idea.

    The task manager shows breakdowns for CPU, Memory, Disk and Network both a total and per application.

    On desktop Linux its hard to get per application disk and network utilization

    For the record, Plasma's System Monitor (aka KSysGuard) can show per-process I/O along the many other table values.


    For per-process network use, you can use Nethogs. Not as nice, but certainly easy to use =)

    JanKusanagi @i at 2017-02-14T21:45:36Z

  • 2017-02-05T07:52:58Z via ghic.org Web To: Public CC: Followers

    I was helping archive some data for https://github.com/climate-mirror/datasets and wondered how would someone know if a DIY data mirror hadn't tampered with the data.

    Best I can think of is scientists really should sign their data.

    Perhaps data producing projects should generate indexes of files containing a couple of high quality hashes and then have several project members gpg sign the hash index.

    Stephen Sekula, Dana likes this.

    It might also help protect against bit rot. Some of the larger physics projects are generating enough data that the 1 error in 10^15 bits that a lot of hard disks are rated for is expected to occur.

    Diane Trout at 2017-02-05T07:55:05Z

    I smell an excellent use case for git-annex!

    Claes Wallin (韋嘉誠) at 2017-02-06T10:29:53Z

    Now I know that https://datproject.org/ has solutions for exactly this problem and more, with a focus on usability and the big-lump-o-data scientific dataset.

    Claes Wallin (韋嘉誠) at 2017-03-27T15:47:33Z