Diane Trout diane@pump.ghic.org

Los Angeles

By day, IS generalist for an biology lab currently working on ENCODE, speciallizing in the python scientific stack. By night, trying to contribute to Debian and KDE. Also easily distracted by various kinds of role playing games.

  • 2017-08-18T21:05:18Z via ghic.org Web To: Public CC: Followers

    Saw this on @evacide's twitter feed.


    I wonder how humans are going to navigate our reactions to easily running into different cultures with different standards for acceptability.
  • 2017-08-09T04:46:29Z via ghic.org Web To: Public CC: Followers

    BTW, people might want to bug their representatives to support HR 669 "Restricting first use of nuclear weapons act of 2017"

    The Union of Concerned Scientists has a write up on what the law would do. http://www.ucsusa.org/sites/default/files/attach/2017/03/Markey-Lieu-First-Strike-Fact-Sheet.pdf

    Mike Linksvayer likes this.

    Mike Linksvayer shared this.

  • 2017-07-26T23:23:26Z via ghic.org Web To: Public CC: Followers

    Apropos of nothing .Debian's doc-central package is seriously dusty.

    Written in python 2 as a CGI scripts, with no tests, and using tabs for indents.
  • 2017-07-26T21:27:01Z via ghic.org Web To: Public CC: Followers

    News in the USA & UK is a constant horror show.

    How are things off in the rest of the world?

    I wish I could tell you that it's great over here... =)

    The good news is that even if the political party in power is _really_ corrupt, the corruption cases are actually being investigated more and more lately.

    Today the president (and head of said corrupt party) finally went to a very anticipated "hearing" (as a sort of witness) for the biggest case, even though his party tried very hard to avoid it. Progress!

    JanKusanagi at 2017-07-26T23:41:31Z

    Charles Stanhope likes this.

    In Sweden we outsourced for outsourcing's sake, steamrolled over security objections, and authorized non-security-cleared technicians at IBM Serbia to access our driver's license registry, including people with a protected identity, our civilian-registered military vehicles, etc.

    We also leaked protected identities to advertisers and when this was discovered, the Directory General sent out an e-mail in cleartext saying "these are the protected identities, please remove them from your registries".

    Claes Wallin (韋嘉誠) at 2017-07-27T07:11:23Z

  • 2017-07-18T21:01:19Z via ghic.org Web To: Public CC: Followers

    From twitter:

    Aeva [Any%]‏ @ladyaeva Jul 16
    considering giving literate programming in lisp a go, but unsure if the prose would outweigh the cons


    (I couldn't resist sharing the pun)
  • 2017-07-09T20:51:50Z via AndStatus To: Public

    Has anyone heard of a solar inverter that has source code available and can be easily reflashed? Some of the stories of the Ukrainian power grid being disabled were pretty disturbing. (Things like Ethernet adapters getting bricked to make it harder to fix)

    Disturbing, indeed :\

    JanKusanagi at 2017-07-10T18:32:34Z

  • 2017-06-21T02:25:07Z via ghic.org Web To: Public CC: Followers

    So 200m voting records were exposed on the Internet by a company called Deep Root Analytics.

    http://www.latimes.com/politics/la-na-pol-gop-data-breach-20170619-story.html (use an ad blocker, or noscript they don't clean their ads very well)

    I was curious how that worked. I found the companies website https://www.deeprootanalytics.com/platform/ and learned that they take advantage of set top boxes and smart tvs.
    We have developed models of more than 20 key audiences, how they consume media, and what drives them to make decisions. We merge our pre-built audience segments with additional data points that are important to you – like actual viewing behavior from set-top boxes and service providers and Smart TV data, available rate and inventory data and ad occurrence data
    That lead them to issue this report that "ESPN had become more liberal"


    They can do this because there's an address available for the set-top boxes, and voter registration is public, so they "just" have to merge on address, to make claims about political groups.

    I wonder how many people know their cable company is watching them?

    I had completely missed that part of the story. There is so much more buying and selling of information behind our backs than the vast majority of us realize. :/

    Charles Stanhope at 2017-06-21T12:48:12Z

  • 2017-06-09T05:42:50Z via ghic.org Web To: Public CC: Followers

    Instead of being productive I watched the UK election tonight.
  • 2017-06-01T22:33:29Z via ghic.org Web To: Public CC: Followers

    I'm feeling pessimistic about the web.

    There are just so many factions trying to manipulate everyone.

    Somehow this turns into: I should figure out how to make libreoffice more useful, and get my coworkers to use nextcloud.

    I share your feeling of pessimism. It seems like the web has been captured by a few large players to use as a foundation to build their closed silos that require their permission to participate: Google (browser and phone and AMP), Facebook, Apple, MS, etc. Not to mention the squeeze that ISPs are placing on everybody. Anyway, I like your positive impulse to do things to counter what is going on. I also want to share that feeling.

    Charles Stanhope at 2017-06-01T22:56:06Z

    Diane Trout likes this.

    Very productive turn though!

    Mike Linksvayer at 2017-06-02T03:02:57Z

  • 2017-05-02T18:33:22Z via ghic.org Web To: Public CC: Followers

    In the weird world of giving your children warped views of the world...

    Kid was watching youtube shows with other parent, and they skipped over the ads. She took the lesson that she shouldn't watch ads.

    Later I suggested "ads are for machines", a lesson she's repeated back to me several times.

    This isn't really true... but in the current world of ad blockers and spam filters it's not really untrue either...
  • 2017-05-02T18:28:47Z via ghic.org Web To: Public CC: Followers

    Whoa Nextcloud has some implementation of ActivityPub! (Go CWebber!)

    Working with others was also improved across servers, federating activities so you can see changes on remote shares in your activity feed through an implementation of the ActivityPub API developed by the W3C.

    from https://nextcloud.com/blog/nextcloud-12-beta-introduces-the-next-generation-of-secure-collaboration/

    sazius, Christopher Allan Webber, Elena ``of Valhalla'', Mike Linksvayer likes this.

    Christopher Allan Webber shared this.

    Wow! I knew they were planning on doing it but I didn't know this was happening yet

    Christopher Allan Webber at 2017-05-02T19:06:32Z

  • 2017-05-02T18:22:00Z via ghic.org Web To: Public CC: Followers

    Interesting on my Meanwhile, one person liked a note, and two favorited a note.

    I wonder what triggers the different verbs.

    It depends on what verb the client uses, but it's the exact same action =)

    The web interface, Dianara and others use "favorite", while Pumpa and at least one other use "like".

    JanKusanagi at 2017-05-02T18:27:52Z

  • 2017-05-02T00:49:02Z via AndStatus To: Public

    Also all of you who stayed pure with respects your freedom hardware here's your chance to relax while the rest of us struggle to patch our CPUs. https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr https://www.theregister.co.uk/AMP/2017/05/01/intel_amt_me_vulnerability/

    Christopher Allan Webber likes this.

    Christopher Allan Webber shared this.

    Easy to feel smug about it too (especially with people scoffing at free software types for worrying about it), but of course what's even more alarming is what a small portion of us (and a tech-privileged set too) are safe.

    But on the upside, hypernerd worry may mean a path for safety for everyone else.

    Whew! This stuff is hard!

    Christopher Allan Webber at 2017-05-02T00:59:00Z

    Claes Wallin (韋嘉誠) likes this.

    Some people may be safe from any sort of direct consequences for this security problem, but I suspect even those people are indirectly at risk due to how widespread the problem could turn out to be.

    Charles Stanhope at 2017-05-02T04:08:09Z

    Christopher Allan Webber likes this.

    One of the most irritating things is its pretty hard to tell if the computer actually has the vulnerable code.

    Linux thinks this laptop has the mei_me module, but nothing in the firmware setup refers to configuring AMT. I probably have to keep checking the vendor page to see if there's any newer BIOS updates.

    Diane Trout at 2017-05-02T05:00:06Z

    Christopher Allan Webber likes this.

  • 2017-05-02T00:00:17Z via ghic.org Web To: Public CC: Followers

    Interesting research via Zeynep Tufekci on twitter:

    Research: Repeated exposure makes fake news be believed more. Makes much sense. Fake news works via socialization.
    Paper: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2958246

    Apparently repeating statement enough makes people believe it.

    I am not infrequently horrified how how fragile rationality is.

    Christopher Allan Webber likes this.

  • 2017-04-19T21:39:09Z via ghic.org Web To: Public CC: Followers

    Surveillance trade offs:

    Today my partner got a message from InstaCart telling us a food product had been recalled because of an unexpected peanut contamination. That could honestly be a really important notice for someone.

    But then I also saw this law suit over on twitter.

    Bose Corp spies on its wireless headphone customers by using an app that tracks the music, podcasts and other audio they listen to, and violates their privacy rights by selling the information without permission, a lawsuit charged.

    The complaint filed on Tuesday by Kyle Zak in federal court in Chicago seeks an injunction to stop Bose's "wholesale disregard" for the privacy of customers who download its free Bose Connect app from Apple Inc or Google Play stores to their smartphones.
    via https://twitter.com/zeynep/status/854781604845281281

    Perhaps the problem isn't surveillance but the lack of power to hold business & state entities accountable for abusive practices.

    Mike Linksvayer likes this.

    I agree that "lack of power to hold business & state entities accountable for abusive practices" is a problem, but it's not clear to me this story is a datapoint in favor of that sentiment...we'll see how the case coms out:

    Zak is seeking millions of dollars of damages for buyers of headphones and speakers, including QuietComfort 35, QuietControl 30, SoundLink Around-Ear Wireless Headphones II, SoundLink Color II, SoundSport Wireless and SoundSport Pulse Wireless.
    He also wants a halt to the data collection, which he said violates the federal Wiretap Act and Illinois laws against eavesdropping and consumer fraud.Dore, a partner at Edelson PC, said customers do not see the Bose app's user service and privacy agreements when signing up, and the privacy agreement says nothing about data collection. Edelson specializes in suing technology companies over alleged privacy violations.

    When will someone demand, in addition to remedies like halting data collection and monetary damages, source code for all affected products, under an open license, so that consumers can use a different vendor to fix their products, rather than the one that has voided their trust.

    Mike Linksvayer at 2017-04-20T04:12:05Z

    ps I'm also not sure the InstaCart thing is rightly called surveillance. Your partner ordered some food from them that was later identified as contaminated, right? They don't need to see or gather any data they weren't already to send that notice.

    Mike Linksvayer at 2017-04-20T04:16:45Z

    My more paranoid tendency is to go in to a store and pay cash for things, which then avoids several easy options for profiling my purchase history...

    Buying something though a web or app is logged and is tracked... but sometimes that tracking is helpful. (with warranty or product recalls)

    and you're right, being able to customize the device with a different FOSS would provide the user options to protect their data.

    Diane Trout at 2017-04-20T06:44:17Z

  • 2017-04-18T22:33:33Z via ghic.org Web To: Public CC: Followers

    FWIW I upgraded my pump instance to 4.0.0.beta5.

    Seems to be mostly working.
    Well there's this bug where sometimes, eventually I stop being able to post.

    Diane Trout at 2017-04-19T00:18:27Z

    Ah... is that via web UI?

    JanKusanagi at 2017-04-19T00:21:31Z

    Yep. It was a bug in the webui

    Diane Trout at 2017-04-19T02:00:40Z

  • 2017-04-06T22:28:57Z via ghic.org Web To: Public CC: Followers

    I was reading the ActivityPub 2.0 specification and... I want to be able to do this:
    Alyssa P. Hacker likes to post to her ActivityPub powered blog via an Emacs client she has written, leveraging Org mode.

  • 2017-03-25T06:21:22Z via ghic.org Web To: Public CC: Followers

    New blog post, I confess to not reading my email, and link to a presentation by a #noemail early dropper. http://ghic.org/~diane/put-your-hand-in-the-inbox.html
  • 2017-03-25T04:41:53Z via ghic.org Web To: Public CC: Followers

    Google talk s2s federation is scheduled for termination on Jun 26.


    Weren't we just wondering why it was still around?

    There are a couple of projects to speak the hangouts protocol that might be usable as a gateway
    Show all 5 replies

    It'll impact me. I have few friends grandfathered in

    Diane Trout at 2017-03-27T01:51:15Z

    >> Diane Trout:

    “It'll impact me. I have few friends grandfathered in”

    As do I. Time to figure out if it's worth it to convince them to move off Hangouts (unlikely to work) or set up a transport.

    Scott Sweeny at 2017-03-27T12:57:29Z

    I have just a couple @gmail.com contacts on my Jabber roster. One of them already registered a real XMPP account a couple weeks ago for different reasons, and the other one is a family member who I was thinking of moving to a serious XMPP server anyway, since, really, very few servers keep the broken security needed to keep in touch with stupid Gmail...

    JanKusanagi at 2017-03-27T13:58:54Z

    Claes Wallin (韋嘉誠) likes this.

    If the uni computer society wasn't running a server, I wouldn't be on XMPP. And I only talk to one person on it. Pretty sad, really.

    Claes Wallin (韋嘉誠) at 2017-03-27T14:50:23Z

  • 2017-03-23T06:18:23Z via ghic.org Web To: Public CC: Followers

    I've been thinking about email for a while, and decided to start writing some of those thoughts down. http://ghic.org/~diane/what-about-email.html
    Show all 8 replies
    @clake as for "most email goes through gmail"

    Maybe most person to person email touches gmail.

    But I get a lot of notification emails that never touch gmail. Twitter, and github send messages directly, several newsletters are either direct or via a service like mailchimp.

    It's because of "transactional" messages like these that make it hard to completely opt out of email

    Diane Trout at 2017-03-23T18:08:44Z

    Claes Wallin (韋嘉誠) likes this.

    >> Diane Trout:

    “@jankusanagi@datamost.com I haven't managed to figure out how to subscribe to someone over Google's s2s connection since they deprecated it. But people I subscribed to prior to the spam waves still work. They didn't remove it must made it really hard to use”

    Well, first they'd need to be using their account from a standard XMPP client, or set GMail's web interface chat to "Classic" or "Old" or whatever's called.

    Bonus points if the person doing that gives them feedback to going back to """old chat""" such as "I want XMPP federation, not Hangouts silo" ;)

    Secondly, as you probably know, your server would need to have very lax encryption settings. I don't recall the exact name of the things, but something that most XMPP servers agreed to require back in 2014 or so, that GMail, of coooourse, doesn't.

    So yes, Google made it quite hard to use. I wonder why they didn't just kill it completely...

    JanKusanagi at 2017-03-23T19:13:40Z

    Claes Wallin (韋嘉誠), Diane Trout likes this.

    Well, at least prosody allows you to add a whitelist of servers for which strict verification of SSL is not enforced (and comes with gmail.com as the example content), so it is possibile to talk with people on gtalk without having to allow substandard settings with everybody else.

    It's definitely not something that I'd like to depend on, however, just something that currently makes it somewhat easy to have a migration plan to something else that doesn't require to be all-or-nothing-now.

    Elena ``of Valhalla'' at 2017-03-24T17:47:37Z

    @diane Good point!

    @JK@DM So much evil to do, so little time.

    Claes Wallin (韋嘉誠) at 2017-03-27T14:06:14Z