The real reason Americans are so damn angry all the time
We are at war with ourselves, but not for the reasons you think.
At first glance this is just one of those satisfying political articles justifying one side over the other. But this is definitely a bit more than that - going into the history of polarization in America, this digs into some data around various sources of polarization to land on the conclusion that it’s likely Fox News and *not* other causes.
Yes, correlation is not causation, but this makes a solid argument.
“The recent battle over critical race theory is an instructive example of how all roads lead to Fox News. Turning a decades-old critical framework deployed mostly in grad school into the latest culture war was originally the brainchild of a conservative activist named Christopher Rufo, who appeared periodically on Fox last year to promote his cause. But it remained bubbling under the surface until early this year, when—facing flagging ratings and increased competition from the even more far-right outlets Newsmax and OAN—Fox suddenly decided to put it into heavy rotation. Starting in March, Fox mentioned CRT 1,300 times in the space of just three months. Six weeks after its campaign started, CRT began trending on Google. By the end of June, 26 states had introduced legislation that restricted or banned teaching CRT and related topics. Fox may not have invented this most recent conservative culture war, but it didn’t really go anywhere until Fox decided to make it the latest outrage of its white viewers.”Posted on 2021-07-31T16:02:08+0000
Safari isn't protecting the web, it's killing it
There's been a lot of discussion recently about how "Safari is the new IE" (1, 2, 3, 4, 5).I don't want to rehash the basics of that, but I…
Interesting comparison of browsers past and present; analysis of developer incentives and how safari is slowly causing havoc.
“It's not accurate to describe Safari's approach as protecting the web, and right now it looks more likely that it is making the web worse for everybody.”Posted on 2021-07-31T01:47:53+0000
US states brace for ‘avalanche’ of evictions as federal moratorium ends
Housing advocates are concerned that delays in rental assistance mean tenants will suddenly owe months of payments
This is going to be brutal.
“But only 6.5% of that money has been delivered, and advocates are concerned evictions will rise next week when renters are suddenly on the hook for months, if not a year, of unpaid rent.
Roughly 12.7 million renters told the census in late June and early July that they had no or slight confidence in being able to make next month’s rent payment.”
How do different fields review papers? Experiences from ICSE, PLDI, and CCS
What’s it like to review for ICSE, PLDI, or CCS? And how do the papers (and review culture) compare?
Interesting read on scientific paper evaluations across various communities.
And a harrowing indictment of one security conference. I can’t speak to the details here but the argument rings true.
“The papers I reviewed for CCS were all about finding bugs, and each and every paper bragged that they found more bugs than the state of the art. But none of my submissions came with even a whiff of discussion on whether the results would be generalizable, or why the algorithms would be correct. Not a single one would discuss statistical significance or effect size. Data sets, replication packages, threats to validity or even discussions of limitations were all absent.
“At any SE or PL conference, these CCS papers would have sunk in an instant””Posted on 2021-07-30T07:29:27+0000
The Simone Biles Culture War Traveled Faster Than The News
Twitter, please stop hyping internet beef
Very insightful read on social media, the culture war, and recent polarization.
“Maybe the best way to view the Biles controversy and every other controversy is through this intractable culture war lens. Maybe this garbage trending feature is actually a service that offers us a reliable indicator of how angry and fucked up we are as a country. It’s possible. But I’m curious what we gain, as a society, from engaging this way. I’ve stared into the toxic, beating heart of culture war Twitter for years, and I don’t believe I’ve ever received anything in return that has made me a better, more empathetic person. Instead, the process has stolen a great deal of my optimism and a bit of my trust in fellow humans. I’ve been able to temper this feeling by living in spaces that aren’t Twitter or social media. But it’s a lie to say there hasn’t been some damage.”Posted on 2021-07-30T05:22:00+0000
Why are wrongly-convicted people still imprisoned in Missouri?
Prosecutors have called for the release of Kevin Strickland and Lamar Johnson, who have served a combined 70 years in prison for murders they did not commit. And yet, innocence has not earned them their freedom. So, what's going on in the state of Missouri?
The new prosecutor uncovered past prosecutorial misconduct (paying off a witness to lie) that sent an innocent man to jail for 40+ years.
The prosecutor moved to overturn the conviction. Other prosecutors tried to dismiss saying this person had used up all his appeals. The state court agreed that his innocence doesn’t matter and he must stay in jail.
I can’t even…
“Sean O'Brien, a law professor at the University of Missouri Kansas City, said, "I do know that the Attorney General's office, for a long time, has had a practice of opposing every case regardless of its merit. They think that their duty is to defend every judgment, no matter the justice of it."
"Even with new evidence that shows that the wrong person was convicted?" asked Moriarty.
"Even with new evidence," he replied.
Gardner appealed, but this past March, the Missouri Supreme Court ruled against her, stating that, "This case is not about whether Johnson is innocent … This case presents only the issue of whether there is any authority to appeal … No such authority exists."”Posted on 2021-07-30T05:07:27+0000
Probably Are Gonna Need It: Application Security Edition - Jacob Kaplan-Moss
My list of “Probably Are Gonna Need It” security features for your web app – things that you should build up-front, not wait until you need them (when it’s already too late).
Bookmarking for later rereading - this was great, and the two articles it links to upfront are also great. Love the ideas - especially the mobile killswitch.
“Because I like attempting to coin phrases, I propose we call these PAGNIs — short for Probably Are Gonna Need Its.
I love this concept! It applies really well to security engineering: many risk mitigations are difficult to implement and address unlikely threats. You don’t want to over-invest in security engineering versus feature work early on: if you fail to get any customers it doesn’t matter how secure your app is. However, there is also some security engineering that is worth doing up-front: basic security mitigations that are easy to do at the beginning, but get progressively harder the longer you put them off.”Posted on 2021-07-30T03:25:38+0000
Have You Heard the Good News About Elixir? | X-Plane Developer
[This post is a “behind the scenes” look at the tech that makes up the X-Plane massive multiplayer (MMO) server. It’s only going to be of interest to programming nerds—there are no takeaways here for plugin devs or sim pilots.] [Update: If you’re interested in hearing more, I was on the Th...
I should probably pick up Elixir at some point.
“The result of all this is that we can support thousands of clients on a single off-the-shelf cloud VM instance, with great reliability. Developer productivity has never been better, either—I went into this knowing zero Elixir, and by the time I had worked through the official Getting Started tutorial, I felt confident enough in the language to dive in.”Posted on 2021-07-30T03:19:10+0000
700,000 lines of code, 20 years, and one developer: How Dwarf Fortress is built - Stack Overflow Blog
Dwarf Fortress is one of those oddball passion projects that’s broken into Internet consciousness. It’s a free game where you play either an adventurer or a fortress full of dwarves in a randomly generated fantasy world. The simulation runs deep, with new games creating multiple civilizations wi...
Interesting and endearing read on dwarf fortress and the challenges of maintaining a long running software project.
“Q: What are the challenges in developing a single project for so long? Do you think this is easier to do by yourself? That is, because you wrote every line, is it easier to maintain and change?
A: It’s easy to forget stuff! Searching for ‘;’, which is a loose method but close enough, we’re up to 711,000 lines, so it’s just not possible to keep it all in my head now. I try to name my variables and objects consistently and memorably, and I leave enough comments around to remind myself of what’s going on when I arrive at a spot of code. Sometimes it takes several searches to find the exact thread I’m trying to tug on when I go and revisit some piece of the game I haven’t touched for a decade, which happens quite a bit. I’d say most changes are focused only on certain parts of the game, so there is kind of an active molten core that I have a much better working knowledge of. There are a few really crusty bits that I haven’t looked at since before the first release in 2006.”Posted on 2021-07-30T03:03:13+0000
Inside Blizzard Developers’ Infamous Bill ‘Cosby Suite’
Booze, sexual remarks, and a giant portrait of Cosby are all at the center of Activision lawsuit
While a lot of the articles on this have been repeating the Bloomberg story (based on the lawsuit) - Kotaku went and did some more investigating and reading of the original material and… holy crap.
“Another image from the same Facebook album shows a screenshot of a 2013 group chat called the “BlizzCon Cosby Crew.” In it, former Blizzard designer David Kosak writes, “I am gathering the hot chixx for the Coz.”
“Bring em,” replies Afrasiabi. “You can’t marry ALL of them Alex,” Kosak writes. “I can, I’m middle eastern,” responds Afrasiabi. Jesse McCree, currently a lead game designer at Blizzard, then writes, “You misspelled fuck.””Posted on 2021-07-29T01:13:27+0000
In Defense of Hard Counters in Real Time Strategy Games
This article is supported by my Patreon. If you like what you see, please consider contributing. I feel like hard counters get a bad rap in RTS games. There are a lot of arguments out there both fo…
Great read with an in depth analysis of RTS game design
“In my experience, weirdly, games with a lot of hard counters tend to (when the game is reasonably well balanced, anyway) average out into combat scenarios where the hard counter relationships smooth out the gameplay. If you have tanks, units that are good against tanks, air and units that are good against air, and infantry and units that are good against infantry, you don’t have a series of “Rock, Paper, Scissors” binary deletion interactions, but a dance of players trying to find good angles of attack and trying to preserve their units in order to deter or destroy or drive off pieces of the enemy army.”Posted on 2021-07-28T07:14:26+0000
Burnout in Tech - Part 1: Declaring war
And we all need to fight
This was an excellent 4 part read on the psychology of burnout, common stressors, and how to avoid it personally and organizationally.
““Why am I burned out? Because I’ve internalized the idea that I should be working all the time. Why have I internalized that idea? Because everything and everyone in my life has reinforced it—explicitly and implicitly—since I was young.””Posted on 2021-07-27T05:39:57+0000
Poisson's Equation is the Most Powerful Tool not yet in your Toolbox
Poisson's Equation is an incredibly powerful tool...
Been a while since I've read a good technical article focused on math.
"Poisson's equation comes up in many domains. Once you know how to recognize it and solve it, you will be capable of simulating a very wide range of physical phenomena.
The knowledge from this post is a jumping off point into many, much deeper fields.
For applications we've already discussed steady-state temperature distributions, electrostatics and magnetostatics, and computational fluid dynamics. But these same tools are also used in geophysics, image processing, caustics engineering, stress and strain modeling, Markov decision processes, the list goes on!"Posted on 2021-07-27T03:35:26+0000
We Need To Talk About The Insecurity Industry
The greatest danger to national security has become the companies claiming to protect it
Relevant and timely read in the aftermath of the Pegasus story breaking. Very well written and a great analysis of technology, policy, and socio-economic incentives w.r.t the security and software industry.
"If you want to see change, you need to incentivize change. For example, if you want to see Microsoft have a heart attack, talk about the idea of defining legal liability for bad code in a commercial product. If you want to give Facebook nightmares, talk about the idea of making it legally liable for any and all leaks of our personal records that a jury can be persuaded were unnecessarily collected. Imagine how quickly Mark Zuckerberg would start smashing the delete key.
Where there is no liability, there is no accountability... and this brings us to the State. "Posted on 2021-07-27T03:34:16+0000
Efficiency is the Enemy
If you ever find yourself stressed, overwhelmed, sinking into stasis despite wanting to change, or frustrated when you can’t respond to new opportunities, you need more slack in your life. Here’s how slack works and why you need more of it.
This was an interesting read on productivity and management. And it does align with some of my own prior personal experiences.
"Only when we are 0 percent busy can we step back and look at the bigger picture of what we’re doing. Slack allows us to think ahead. To consider whether we’re on the right trajectory. To contemplate unseen problems. To mull over information. To decide if we’re making the right trade-offs. To do things that aren’t scalable or that might not have a chance to prove profitable for a while. To walk away from bad deals."Posted on 2021-07-27T03:17:47+0000
Police Are Telling ShotSpotter to Alter Evidence From Gunshot-Detecting AI
Prosecutors in Chicago are being forced to withdraw evidence generated by the technology, which led to the police killing of 13-year-old Adam Toledo earlier this year.
I’ve read this twice today and it keeps getting worse as I process the implications. This is one reason we need more accountability in the systems we build and a higher standard for ethical considerations in the work being done in tech.
“Had the Cook County State’s Attorney’s office not withdrawn the evidence in the Williams case, it would likely have become the first time an Illinois court formally examined the science and source code behind ShotSpotter, Jonathan Manes, an attorney at the MacArthur Justice Center, told Motherboard.
“Rather than defend the evidence, [prosecutors] just ran away from it,” he said. “Right now, nobody outside of ShotSpotter has ever been able to look under the hood and audit this technology. We wouldn’t let forensic crime labs use a DNA test that hadn’t been vetted and audited.””Posted on 2021-07-27T02:39:32+0000
Activision Blizzard employees call leadership response to harassment suit ‘abhorrent and insulting’
More than 800 employees have signed an open letter to leadership
As with so many stories these days - this is worth reading, listening to, and reflecting upon to see how we must all do much better.
“Our company executives have claimed that actions will be taken to protect us, but in the face of legal action — and the troubling official responses that followed — we no longer trust that our leaders will place employee safety above their own interests. To claim this is a “truly meritless and irresponsible lawsuit,” while seeing so many current and former employees speak out about their own experiences regarding harassment and abuse, is simply unacceptable.”Posted on 2021-07-27T02:20:21+0000
Ex-diplomat’s daughter brutally murdered in Islamabad
ISLAMABAD - In a barbaric incident, the 28-year-old daughter of a former Pakistani diplomat was beheaded during an illegal detention
The more that comes out about this story the more horrifying it is. Because it’s… just so normalized - how many stories do we just not hear about?
““Oh my God, these moments were horrible because Zahir was detaining Noor in the room and we all were standing outside his house and could not do anything for her. Zahir time and again came out of the room and chatted with us. He also asked us if we could lend him pliers,” said a common friend of Noor while talking to The Nation. He said it took 10 minutes to kill and behead Noor by Zahir Jaffar.”Posted on 2021-07-26T03:01:35+0000
Time to assume that health research is fraudulent until proven otherwise? - The BMJ
Health research is based on trust. Health professionals and journal editors reading the results of a clinical trial assume that the trial happened and that the results were honestly reported. [...]More...
This is a pretty harrowing indictment of fraud in medical research.
“We have long known that peer review is ineffective at detecting fraud, especially if the reviewers start, as most have until now, by assuming that the research is honestly reported. I remember being part of a panel in the 1990s investigating one of Britain’s most outrageous cases of fraud, when the statistical reviewer of the study told us that he had found multiple problems with the study and only hoped that it was better done than it was reported. We asked if had ever considered that the study might be fraudulent, and he told us that he hadn’t.
We have now reached a point where those doing systematic reviews must start by assuming that a study is fraudulent until they can have some evidence to the contrary. “Posted on 2021-07-25T00:36:05+0000
How concerned should we be about breakthrough coronavirus infections?
Céline Gounder speaks with STAT about the Delta variant, vaccinations, and the future of the Covid-19 pandemic.
“ And finally, socializing outdoors as much as possible to minimize your risk. Those would be the things that I think we do need to be thinking about. At the beginning of the pandemic, the CDC said that a close contact was somebody that you’re indoors with unmasked for 15 minutes or more. The equivalent of that with the Delta variant is not 15 minutes, it’s one second.”Posted on 2021-07-24T19:08:45+0000
A Fencer Made It To The Olympics In Spite Of Multiple Accusations Of Sexual Assault. His Teammates Say The System Is Broken.
The US Center for SafeSport was tasked with investigating sexual abuse claims at Olympic programs. But in the first Summer Games since the agency’s creation, Team USA fencers say the system failed them.
The olympics stuff and news keeps getting worse and worse.
“Acknowledging the severity of the allegations facing Hadzic, USA Fencing, the athletic federation in charge of selecting the country’s Olympic competitors, created a “safety plan” to keep him away from women and out of the Olympic Village: He flew in on a separate plane from his teammates, is staying at a hotel 30 minutes away from the other athletes, and won't be allowed to practice alongside women teammates. After he appealed those conditions, the entire roster of Team USA fencers signed a letter demanding the restriction stay in place.”Posted on 2021-07-24T06:22:34+0000
Companies Are Embracing Empathy to Keep Employees Happy. It’s Not That Easy
How do you cultivate a healthy workplace culture when it’s rooted in poisoned soil?
Enlightening, albeit depressing read on the modern American workplace. This was the most recent TIME cover story.
“Why do the declarations of empathy feel so hollow? Because growth and profit do not reward it. Companies, HR professionals, managers, even the best trained can do only so much. A large portion of the dissatisfaction that employees feel is the result of actively toxic company policy, thoughtless management and executives clinging to the status quo. But a lot of it, too, is anger at systems that extend beyond the office: the fraying social safety nets, the decaying social bonds, the frameworks set up to devalue women’s work, the stubborn endurance of racism, the lack of protections or fair pay for the workers whose labor we ostensibly value most. We don’t know how to make people care about other people. No wonder workplace initiatives can feel so laughably incomplete. How do you cultivate a healthy workplace culture when it’s rooted in poisoned soil? “It’s not just a workplace empathy deficit,” Taylor told me. “It’s an American cultural deficit.””Posted on 2021-07-23T15:46:43+0000
A case against security nihilism
This week a group of global newspapers is running a series of articles detailing abuses of NSO Group’s Pegasus spyware. If you haven’t seen any of these articles, they’re worth re…
Really good read on software security and practices within the security community - relevant in light of the recent Pegasus stuff.
“But Apple isn’t going to do any of this if they don’t think they have to, and they won’t think they have to if people aren’t calling for their heads. The only people who can fix Apple devices are Apple (very much by their own design) and that means Apple has to feel responsible each time an innocent victim gets pwned while using an Apple device. If we simply pat Apple on the head and say “gosh, targeted attacks are hard, it’s not your fault” then this is exactly the level of security we should expect to get — and we’ll deserve it.”Posted on 2021-07-22T05:36:21+0000
A monorepo misconception - atomic cross-project commits
Are cross-project changes in a single atomic commit the key advantage of monorepos? I do not think so.
Good read on managing and updating code at scale in a monorepo environment.
“I think it's true that monorepos make refactoring easier. So that's not the problem. It's also true that they have atomic commits across projects. But the two facts have nothing to do with each other. The reasons monorepos make refactoring simpler all boil down to everyone in the organization having a shared view of what the current state is”Posted on 2021-07-22T05:33:47+0000
‘I’m sorry, but it’s too late’: Alabama doctor tells unvaccinated, dying COVID patients
“And now all you really see is their fear and their regret. And even though I may walk into the room thinking, ‘Okay, this is your fault, you did this to yourself,’ when I leave the room, I just see a person that's really suffering, and that is so regretful for the choice that they made.”
““You kind of go into it thinking, ‘Okay, I’m not going to feel bad for this person, because they make their own choice,’” Cobia said. “But then you actually see them, you see them face to face, and it really changes your whole perspective, because they’re still just a person that thinks that they made the best decision that they could with the information that they have, and all the misinformation that’s out there.”Posted on 2021-07-22T00:10:01+0000
Revealed: leak uncovers global abuse of cyber-surveillance weapon
Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests
The articles coming out on this are really scary.
“The phone number of a freelance Mexican reporter, Cecilio Pineda Birto, was found in the list, apparently of interest to a Mexican client in the weeks leading up to his murder, when his killers were able to locate him at a carwash. His phone has never been found so no forensic analysis has been possible to establish whether it was infected.”Posted on 2021-07-18T23:34:58+0000
I'm a Frito-Lay Factory Worker. I Work 12-Hour Days, 7 Days a Week
Hundreds of workers at the Frito-Lay plant in Topeka, Kansas are striking for the first time.
This is horrifying.
“Many of the 850 workers at the facility say they work 84 hours a week with no days off. Workers are nominally supposed to work eight-hour shifts, but because of shortages, workers are often forced to add on an extra four hours before or after their shifts. Workers call these extended shifts "suicides," because they say the schedule kills you over time. Some workers haven't had a single day off in five months, including Saturdays and Sundays.”Posted on 2021-07-18T16:34:02+0000
How Many Numbers Exist? Infinity Proof Moves Math Closer to an Answer. | Quanta Magazine
For 50 years, mathematicians have believed that the total number of real numbers is unknowable. A new proof suggests otherwise.
I’m not sure why I’m reading this at 1am but this was pretty engaging!
““It’s an amazing time,” Kennedy said. “It’s one of the most intellectually exciting, absolutely dramatic things that has ever happened in the history of mathematics, where we are right now.””Posted on 2021-07-18T08:00:16+0000
Pay secrecy: Why some workers can't discuss salaries
Transparency around salaries can arm marginalised workers and close the wage gap. But in the US, many workers still can't talk about pay.
"Ricardo Perez-Truglia, associate professor of economics at the University of California, Berkeley, points to Denmark, where the government required mid-sized companies to share information about the pay gap between men and women. Soon after, data shows the gaps at those companies got smaller. “In Canada, there was a similar mandate for academics,” he adds. “What happened was the gender pay gap for faculty positions in Canadian universities shrunk from 10% to, like, 9%. It wasn’t a magical solution, but it moved things in the right direction.”
It’s likely, Perez-Truglia hypothesises, that the simple act of forcing companies to go public is enough to make them re-evaluate their pay scale. “The leadership is thinking: this looks really bad, and I’m worried the employees will be demoralised if they found out. Or it might leak, and it’ll be a scandal, and we’ll lose clients and it’ll be terrible. So, as soon as they’re mandated to release the information, they start giving raises and trying to fix the problem.”"Posted on 2021-07-17T18:56:54+0000
Delta Variant: Everything You Need to Know
Cases are growing exponentially across the world. Again. If you don’t know where this is going, a historical refresher might help. India has suffered about two million COVID deaths, the majority of them during its latest surge caused by Delta.Victims of COVID-19 are cremated in funeral pyres in Ne...
Enlightening read on the Delta variant and how it’s spreading.
“The original Coronavirus variant has an R0 of ~2.71. Alpha—the “English variant” that caused a spike around the world around Christmas—is about 60% more infectious. Now it appears that Delta is about 60% more transmissible yet again. Depending on which figure you use, it would put Delta’s R0 between 4 and 9, which could make it more contagious than smallpox. “Posted on 2021-07-17T06:10:53+0000
Climate scientists shocked by scale of floods in Germany
Deluge raises fears human-caused disruption is making extreme weather even worse than predicted
This goes into the extent of really bad weather patterns in the last few weeks across the world - caused by climate change.
““I am surprised by how far it is above the previous record,” Dieter Gerten, professor of global change climatology and hydrology at the Potsdam Institute for Climate Impact Research, said. “We seem to be not just above normal but in domains we didn’t expect in terms of spatial extent and the speed it developed.””Posted on 2021-07-17T05:51:32+0000
This was a really interesting read on product thinking and how to avoid the death by a thousand papercuts problem.
“I recently shipped two things at GitHub that had an impact beyond my wildest dreams. The amount of gratitude and love that spilled out of the community is like nothing I’ve seen before. But the things I shipped weren’t these huge, meaty projects. They were tiny.”Posted on 2021-07-17T03:25:37+0000
Google separates with Cloud VP after employees complain about manifesto
Google has separated with its VP of developer relations for Google Cloud after a contentious all-hands where the employees voiced concern about manifesto.
I don’t even…
“Awadallah, who is well-known in the cloud industry, also posted his manifesto on YouTube and Twitter in attempts to decry antisemitism by recounting how he became enlightened after he "hated all jews." In an awkward attempt to decry hate amid the Israel-Palestinian conflict, he listed all the Jews he knew that were good people. “Posted on 2021-07-16T05:51:24+0000
Embrace the Grind - Jacob Kaplan-Moss
Sometimes, programming feels like magic: you chant some arcane incantation and a fleet of robots do your bidding. But sometimes, magic is mundane. If you’re willing to embrace the grind, you can pull off the impossible.
So relatable and very solid advice. I can relate to the given example of triaging a large backlog of issues - sometimes my best work and ideas have come through looking at every single bug (out of hundreds) looking for patterns and improvements. There is a fine line between pointless grind and useful grind but most folks seem to shy away from both - at a large cost.
“I often have people newer to the tech industry ask me for secrets to success. There aren’t many, really, but this secret — being willing to do something so terrifically tedious that it appears to be magic — works in tech too.”Posted on 2021-07-16T01:52:45+0000
The ugly, geeky war for web privacy is playing out in the W3C
The inside story of how the World Wide Web Consortium, one of the internet’s geekiest corners, became a key battleground in the global fight for web privacy.
Very interesting read on something I didn’t have much visibility into before.
“One of the web's geekiest corners, the W3C is a mostly-online community where the people who operate the internet — website publishers, browser companies, ad tech firms, privacy advocates, academics and others — come together to hash out how the plumbing of the web works. It's where top developers from companies like Google pitch proposals for new technical standards, the rest of the community fine-tunes them and, if all goes well, the consortium ends up writing the rules that ensure websites are secure and that they work no matter which browser you're using or where you're using it.”Posted on 2021-07-15T05:49:53+0000
How the Kaseya VSA Zero Day Exploit Worked - TRUESEC Blog
This article explains the pre-auth remote code execution exploit against Kaseya VSA that was used in the recent REvil ransomware attack.
I don’t even know where to begin with this.
“The last two statements is where the interesting thing happens. In case the password equals row[password] the login will fail. However, in the case that all checks failed, it would default to an else clause that sets “loginOK” to true.
Because no password was provided in the request, the “password” variable would be NULL and loginOK would end up being true. When loginOK is set to true, the application sends the login session cookie and will eventually (if no other parameters are provided like in the attacker’s request) end up in an if clause that returns 302 redirect to the userPortal.”Posted on 2021-07-15T04:54:44+0000
The unreasonable effectiveness of just showing up everyday
When I first started working on Typesense six years ago, I set myself a simple rule: I shall write some code everyday before or after work. That’s it. No deadlines, no quarterly goals, no milestones. I did not have a choice really — I was about to get married and was already working full-time in...
This is a really motivating read. Definitely shows the importance of persistence and hard work. It’s a common tendency especially amongst engineers to spend forever automating something to avoid doing just a bit of “grind” - and put off getting things done that way. I know I’ve run into that before too. But showing up and making slow and steady progress always works.
“We did not quit our day jobs to start working on Typesense full-time immediately. We did not seek venture capital or attempt to “corner” the market by chasing hyper growth. We did not have personal brands or wide networks to tap into. We did not even earn the first dollar till the 5th year.”Posted on 2021-07-15T04:05:29+0000
Give me /events, not webhooks
Webhooks come with some challenges. We prefer polling an /events endpoint instead when possible.
Interesting read on systems and eventual consistency. Also, +1 for modeling your APIs after Stripe’s!
“In general, you can't rely on webhooks alone to keep two systems consistent. Every integration I've ever worked on has realized this fact by eventually augmenting webhooks with polling. This is due to a few problem areas.”Posted on 2021-07-14T05:57:32+0000
SoftBank rewrote the VC rules. Now it’s Tiger’s turn.
Both Tiger Global and SoftBank have upended VC thinking by paying high prices and moving quickly on deals. But Tiger’s lighter touch could be helping it win deals.
This taught me a lot about VC markets in general, and is some interesting insight into the current investment market.
“A lot of what Silicon Valley investors offer is just "fluff," said Polyakov. In a survey of startups Polyakov referenced, founders ranked relationship, deal terms and speed as the three most important factors for making a deal. Operational support ranked second to last.
In a sign of the disconnect between founders and funders, VCs saw speed as the least important factor in making the deal.
"The rise of Tiger Global exposes an uncomfortable truth for VCs," Eniac Ventures co-founder Hadley Harris pointed out on Twitter. "That there's a good chunk of founders who just want to be left alone."”Posted on 2021-07-13T05:10:35+0000
Who’s Afraid of the Four Day Work Week?
This is the weekend edition of Culture Study — the newsletter from Anne Helen Petersen, which you can read about here. If you like it and want more like it in your inbox, consider subscribing. If you’re a “full-time” employee, your work week is likely five days (if not more), and spans 40 ho...
This was a really interesting and engaging read on the 5 day / 40 hour work week and experiments that have been done trying to bring it down to 4 days, both pre and during the pandemic.
“Some Perpetual Guardian workers took off Mondays, some Fridays, others loved a day off in the middle of the work week, but everyone took it, from the newest hires to the most senior managers. The effect was startling: at the end of a two-month trial, productivity had risen 20% — and “work-life” balance scores rose from 54% to 78%. After making the change permanent, overall revenue went up 6% — and profitability went up 12.5%.”Posted on 2021-07-12T07:40:36+0000
Gas Sellers Reaped $11 Billion Windfall During Texas Freeze
The official autopsy of the great Texas winter blackout of February 2021 quickly established a clear timeline of events: Electric utilities cut off power to customers and distributors as well as natural gas producers, which in turn triggered a negative feedback loop that sunk the state deeper and de...
““If you’re producing half as much gas as normal but selling at 70 to 100 times the price, then that math is working for you,” said one executive who declined to be named. “You just had the greatest week in the history of the gas market.”
CPS Energy, the biggest utility in San Antonio, was blunt in its assessment.
“Egregious natural price gouging,” CEO Paula Gold-Williams said of Energy Transfer, the biggest winner to date. CPS claims the pipeline operator generated two years’ worth of profits in the first quarter of 2021 and is suing to reclaim some of the $1 billion it lost during the storm.”Posted on 2021-07-11T06:36:58+0000
Climate crimes: a new series investigating big oil’s role in the climate crisis
A new Guardian series examines attempts to hold the fossil-fuel industry accountable for the havoc they have created
I for one am looking forward to this series.
“The Guardian’s new series, Climate crimes, launched in collaboration with the global media consortium Covering Climate Now, will examine these attempts to hold the industry accountable and investigate the tactics used by the companies to elide their own role in global heating. It will also interrogate the central question that emerges from these lawsuits: is the climate crisis in fact a crime scene? Much of the content produced for the series will be made available for Covering Climate Now’s 400-plus partner news outlets to publish.”Posted on 2021-07-10T06:43:33+0000
When France extorted Haiti – the greatest heist in history
After enduring decades of exploitation at the hands of the French, Haiti somehow ended up paying reparations – to the tune of nearly $30 billion in today's money.
I just learned about this from Twitter and had to look up a written article on it. Haiti was forced compensate French colonists for the money they “lost” - the slaves were forced to pay reparations to slave owners. Sigh…
“Although the colonists claimed that the indemnity would only cover one-twelfth the value of their lost properties, including the people they claimed as their slaves, the total amount of 90 million francs was actually five times France’s annual budget.”
“These discrepancies are the concrete consequence of stolen labor from generations of Africans and their descendants. And because the indemnity Haiti paid to France is the first and only time a formerly enslaved people were forced to compensate those who had once enslaved them, Haiti should be at the center of the global movement for reparations.”Posted on 2021-07-10T05:06:32+0000
Mark Zuckerberg and Sheryl Sandberg’s Partnership Did Not Survive Trump
The company they built is wildly successful. But her Washington wisdom didn’t hold up, and neither did their close working relationship.
“Toward the end of the conversation, Ms. Couric posed the question that few were bold enough to ask Ms. Sandberg directly: “Since you are so associated with Facebook, how worried are you about your personal legacy as a result of your association with this company?” Ms. Sandberg didn’t skip a beat as she reverted to the message she had delivered from her first days at Facebook.
“I really believe in what I said about people having voice. There are a lot of problems to fix. They are real, and I have a real responsibility to do it. I feel honored to do it,” she said, with a steady voice and calm smile. She later told aides that inside, she was burning with humiliation.”Posted on 2021-07-09T06:56:21+0000
‘Financially Hobbled for Life’: The Elite Master’s Degrees That Don’t Pay Off
Columbia and other top universities push master’s programs that fail to generate enough income for graduates to keep up with six-figure federal loans.
“Mr. Morrison said the job market for aspiring screenwriters and directors looked bleak for someone with a six-figure debt load. He recalled Mr. Bollinger saying he understood the concern but that Columbia was a really good school.
“My immediate takeaway is that there’s a huge disconnect between the administration’s perception of the School of the Arts,” Mr. Morrison wrote to a faculty member a few days after the meeting, “and what’s actually happening for students.””Posted on 2021-07-09T01:40:35+0000
Google's 'hypocritical' remote work policies anger employees
Employees were already stirred up over opaque policies on remote work. Then a senior executive announced he's moving to New Zealand in what some workers consider special treatment.
Thoughts on remote work aside; I think being fair and consistent with policies makes an incredible difference in morale when they are rolled out. I think there will be a decent number of employees who were considering leaving that will finally make the jump after seeing this.
“Two Google employees said Hölzle's situation encapsulated the company's "hypocritical" policies. Both complained that the relocation represented a double standard in which different rules apply to executives in senior ranks. While his approval came last year, Google employees now undergoing the remote work application process have been told decisions won't come until August, at the earliest. Approval for Hölzle's move came before the procedure was instituted.
News of Hölzle's relocation especially stung because he has been particularly vocal against remote work, employees said. De Vesine, the resigning Googler, said Hölzle had a policy of not letting people work remotely unless they were assigned to an office and that he wouldn't consider remote work for people who hadn't reached a certain level of seniority. “Posted on 2021-07-08T20:03:31+0000
Depth and Persistence: What Researchers Need to Know About Impostor Syndrome
Understanding impostor syndrome's complexity and its effect on research persistence.
Really important read on impostor syndrome and how it manifests.
“While my daughter was pounding a handball against the outer wall of a public restroom, I vividly remember feeling like a loser, a big one. I was in a trance, standing under a tree, staring at spotty shadows of leaves on the ground.
My sense of failure was profound and overwhelming. Even though I had many important accomplishments (three U.S. patents on system anomaly detection and document integrity; DARPA, ONR, ARO, and NSF projects; degrees from Peking University, Princeton, Indiana, and Brown; multiple best paper awards, NSF CAREER, and ARO YIP; technical news about my work; and many cybersecurity publications in respectable venues), at that moment, I felt that I knew nothing; I had done nothing useful, nothing that mattered.”Posted on 2021-07-08T15:36:27+0000
Haiti President Jovenel Moise assassinated in attack on his residence
Haiti's President Jovenel Moise was killed during an attack on his private residence early on Wednesday, according to the country's acting Prime Minister Claude Joseph.
Uh oh. Also, initial reports claimed the DEA was involved, which would take quite a while to straighten out (to determine whether it’s true or not)
“Joseph said in a statement that a group of unidentified individuals stormed Moise's home at around 1 a.m. and fatally wounded the head of state. He described the assassination as a "heinous, inhumane and barbaric act."”Posted on 2021-07-07T16:00:54+0000
‘So, So Angry’: Reporters Who Survived the Capitol Riot Are Still Struggling
The reporters who survived the insurrection are still covering Congress. But things don’t feel normal.
“He says looking back on it, he should have covered events like the early days of the Tea Party movement differently. At one early Tea Party rally he heard a protestor use the N word, but he decided against writing about it because he didn’t think it represented the broader crowd.
“We used a lot of euphemisms. That was white rage and we should have covered it as white rage, and we didn’t, we covered it as conservative backlash. They were booing John Lewis, for god’s sake,” he said.”Posted on 2021-07-07T06:06:20+0000
Amazon Delivery Companies Revolt Against Amazon, Shut Down
The recent shutdown of two Amazon delivery companies in Portland appears to be the first public example in the United States of such companies using their leverage to protest against Amazon.
“The incident is notable as it appears to be the first public example in the United States of Amazon delivery service partners, small businesses that deliver packages exclusively for Amazon, using their leverage to protest against Amazon—which has been known to enforce strict rules that squeeze productivity out of their delivery drivers, putting drivers and the public at risk. “Posted on 2021-07-06T21:26:56+0000
Apple Decentralizes From Silicon Valley, but Workers Just Want to Be Remote
This week: Apple ramps up its decentralization from Silicon Valley, Safari’s upcoming redesign on the iPhone is a giant step back, and accessory makers are struggling to get their hands on Apple Watch charger supplies.
I’m not sure why Apple keeps hamstringing itself here. A lot of other tech companies are also doing this, to be fair (c.f a 17 year tenured googler leaving due to a bureaucratic mixup related to remote work) but still…
“But Apple realizes that many valuable employees don’t want to be in Silicon Valley, period. Its solution of building new offices in other cities and offering hybrid schedules that grant a day or two a week from home—despite being a reasonable compromise—will still restrict Apple’s talent pool. A sizable portion of workers simply don’t want to be in an office at all.”Posted on 2021-07-06T16:34:42+0000
Nikole Hannah-Jones will not join UNC-Chapel Hill faculty after tenure controversy
New York Times journalist Nikole Hannah-Jones said she will not be teaching at UNC-Chapel Hill this fall, even after being awarded tenure by trustees last week.
As someone pointed out this is also interesting because at the end of the day it was about racism and money: one big donor who gave $25M to the school. And Hannah-Jones has already brought in $15M for the new chair at Howard and I’m sure more will come in soon.
“Hannah-Jones said she fought the battle that she wanted to fight, which is being treated equally and to have a vote on her tenure appointment.
“I won that battle. But it’s not my job to heal the University of North Carolina,” Hannah-Jones said. “That’s the job of the people in power who created this situation in the first place.””Posted on 2021-07-06T16:27:45+0000
Four-day work week trial in Iceland hailed an 'overwhelming success'
The world's largest ever trial of a four-day working week in Iceland was an "overwhelming success" and should be trialled in the UK, researchers have suggested.
It would be pretty great to see the 4 day workweek take hold in more places.
“Will Stronge, Director of Research at Autonomy, said: "This study shows that the world’s largest ever trial of a shorter working week in the public sector was by all measures an overwhelming success.”Posted on 2021-07-06T05:54:09+0000
Sick Kids Are Just the Beginning of America’s Lead Crisis
The hidden villain behind violent crime, lower IQs, and the ADHD epidemic.
This is from a few years ago, and while I’ve read more stuff on the lead poisoning theory nothing has been this comprehensive or well researched. Great take on sociology, biology, and criminology.
“Put all this together and you have an astonishing body of evidence. We now have studies at the international level, the national level, the state level, the city level, and even the individual level. Groups of children have been followed from the womb to adulthood, and higher childhood blood lead levels are consistently associated with higher adult arrest rates for violent crimes. All of these studies tell the same story: Gasoline lead is responsible for a good share of the rise and fall of violent crime over the past half century.”Posted on 2021-07-05T17:18:17+0000
These Chinese Millennials Are ‘Chilling,’ and Beijing Isn’t Happy
Young people in China have set off a nascent counterculture movement that involves lying down and doing as little as possible.
“Xiang Biao, a professor of social anthropology at Oxford University who focuses on Chinese society, called tangping culture a turning point for China. “Young people feel a kind of pressure that they cannot explain and they feel that promises were broken,” he said. “People realize that material betterment is no longer the single most important source of meaning in life.””Posted on 2021-07-05T06:31:43+0000
Britney Spears’s Conservatorship Nightmare
How the pop star’s father and a team of lawyers seized control of her life—and have held on to it for thirteen years.
This is really scary to read. Goes into the life of a celebrity but this is so much more: indictments of our legal system, approaches to mental health care, family drama, and so much more. There were a lot of things to pick out - horrible treatment from family, being forced to pay for all of this at her own expense, and it was hard to pick just one white to highlight.
“According to Jonathan Martinis, the senior director for law and policy at a center for disability rights at Syracuse University, one of the most dangerous aspects of guardianships is the way that they prevent people from getting their own legal counsel. “The rights at stake in guardianship are analogous to the rights at stake in criminal cases,” Martinis said. “Britney could have been found holding an axe and a severed head, saying ‘I did it,’ and she still would’ve had the right to an attorney. So, under guardianship, you don’t have the same rights as an axe murderer.””Posted on 2021-07-03T19:48:08+0000
‘Unlike anything I’ve seen at the FTC’: Biden’s chair makes her public debut
Under Biden nominee Lina Khan, the agency met in public for the first time in decades — and split along party lines on an aggressive enforcement agenda.
Will be interesting to watch how these play out. I for one welcome the changes.
“Now, antitrust staff will need only one commissioner's approval to subpoena information for certain kinds of investigations, including those that involve repeat offenders, technology companies or digital platforms and pharmaceutical companies or hospitals. Cases where staff are seeking information on the Covid-19 pandemic or harms to labor or small businesses will also only need one commissioner’s approval.”Posted on 2021-07-02T16:01:07+0000
Worker Rescued From Collapsed Building in Northwest DC, 4 Others Injured
Firefighters sawed through layers of rubble for more than an hour Thursday evening to rescue a construction worker from the wreckage of a building that collapsed in Northwest D.C. A special operations team with D.C. Fire and EMS talked to the man throughout the process, and he was alert, conscious a...
Second collapse in a week. And in the Miami case an official on TV was like “this is a third world country thing and doesn’t happen here”…
“Edward Constable said he was in his bedroom getting ready to take a nap when the building nextdoor collapsed, taking part of his home with it.”Posted on 2021-07-02T15:30:58+0000
Bigots Have Finally Accomplished Their Goal of Gutting the Voting Rights Act
The Supreme Court’s decision upholding voter restrictions in Arizona paves the way for widespread disenfranchisement of voters of color.
“Conservatives will never stop trying to take away the right of nonwhite citizens to vote. That has been their unyielding position since the end of the Civil War. You can have a free and fair democracy, or you can have conservatives in control of the judiciary, but the history of this country says that you can’t have both. “Posted on 2021-07-02T14:42:09+0000
Supreme Court invalidates California's donor disclosure requirement
The Supreme Court on Thursday invalidated a California rule that requires charitable organizations to disclose the names of contributors in a case that could impact the future of "dark money" politics.
The Supreme Court Deals A New Blow To Voting Rights, Upholding Arizona Restrictions
The justices, in a 6-3 opinion, narrowed the only major section of the landmark Voting Rights Act that remains in effect.
Voting reform is desperately needed at a federal level, though I’m not sure how successful it can be if the courts strike things down like this.
“At the same time, GOP lawyers defending the laws candidly admitted during the oral argument in the case, that the Republican legislature's motive in enacting the Arizona voting restrictions was less anti-fraud and more political.
Not having such restrictions "puts us at a competitive disadvantage," said lawyer Michael Carvin, on behalf of the GOP. " Politics is a zero sum game, and every law they get through an unlawful interpretations of Section 2 hurts us."”Posted on 2021-07-01T15:10:44+0000
Pluralistic: 29 Jun 2021 – Pluralistic: Daily links from Cory Doctorow
The Child Tax Credit is a seriously good piece of policy, in which America's poorest families are eligible for $2-3k/year in subsidies, a move projected to cut American child poverty in half.
“Intuit is perfectly capable of making usable websites – but more importantly, they are criminally capable of making unusable websites. They are infamous for it.
If Intuit wanted to make a CTC enrolment website that ensured that the parents of children living in poverty could find and use it, they could. Moreover, when Intuit builds websites that deprives people of the service they're entitled to, it's deliberate.”Posted on 2021-07-01T06:26:51+0000
Globally Distributed Postgres
Author Name Kurt Mackey Twitter @mrkurt Fly runs apps (and databases) close to users, by taking Docker images and transforming them into Firecracker micro-vms running on our hardware around the world. You should try deploying an app: it only takes a few minutes.This is a story about a cool hack we c...
This is some pretty cool distributed systems stuff.
“If you're scaling out Postgres instead of scaling it up, there's a good chance you're doing it because you want to scale your application geographically. That's why people use Fly.io; it's our whole premise. We do some lifting to make sure that running an app close to your users on Fly.io doesn't involve a lot of code changes. This strategy, of exploiting our proxy to steer database writes, is sort of in keeping with that idea.”Posted on 2021-07-01T06:19:56+0000
At least 16 hurt in explosion during LAPD bomb squad seizure of illegal fireworks
Authorities were in the process of seizing more than 5,000 pounds of illegal fireworks at the time of the explosion.
Big yikes here. Looks like the police confiscated 5000lbs of fireworks and for some reason tried to safely detonate them in the same neighborhood (tv cameras recorded them on the scene saying “fire in the hole!”) and then it blew up, injuring people.
The passive voice from LATimes on Twitter is something else - as is the early reporting from Fox where they first gleefully talk about the seizure of illegal fireworks and then after it blew up called them “homemade explosives”.
“Officers found several thousand pounds of fireworks and other improvised explosive devices, Im said. The fireworks were to be put in storage, and officials had planned to explode the improvised devices at the scene because they were too unstable to move.”Posted on 2021-07-01T05:51:45+0000
A sci-fi writer got meta about gender. The internet responded by ruining her life.
Isabel Fall’s sci-fi story "I Sexually Identify as an Attack Helicopter" drew the ire of the internet. A year later, she’s still picking through the wreckage.
This is the first I’m hearing of this story, and… wow. Interesting read on internet mobs, sci-fi, transphobia, and the human experience. And a terrible situation at heart.
“I believe the story’s detractors were hurt by the title or some of the content or the very idea of the story. I believe they truly feel that trans stories should only be written by trans people and that Fall should have had to out herself before publishing. I believe they believe — still — that they did the right thing.
They still destroyed a woman’s life.”Posted on 2021-07-01T05:36:22+0000
Revealed: ExxonMobil’s lobbying war on climate change legislation
A senior ExxonMobil lobbyist has been captured on camera revealing how the oil giant is using its power and influence to water down US climate legislation.
“Mr McCoy said: “Did we aggressively fight against some of the science? Yes. Did we hide our science? Absolutely not. Did we join some of these shadow groups to work against some of the early efforts? Yes, that’s true. But there’s nothing, there’s nothing illegal about that.
“We were looking out for our investments. We were looking out for our shareholders.””Posted on 2021-07-01T02:44:26+0000