Tuesday, April 30, 2013

great stuff. sg got keyboard connoisseurs

Good stuff...from http://forums.vr-zone.com/hardware-depot/890488-vr-forums-mechanical-keyboard-club-guide-discussion-thread.html

Types of mechanical switches:

Brown Cherry MX:
- Tactile and non-clicky
- 45g to actuate

Blue Cherry MX:
- Tactile and clicky
- 50g to actuate

Red Cherry MX:
- Non-tactile(Linear) and non-clicky
- 45g to actuate

Black Cherry MX:
- Non-tactile(Linear) and non-clicky
- 60g to actuate

Clear Cherry MX:
- Tactile and non-clicky
- 60g to actuate

- Tactile and non-clicky (spring and rubber dome combined)
- Available @ 30g, 45g and 55g variation

Buckling Springs:
- Tactile and clicky
- 65g to actuate


Clicky refers a "click" sound is produced when the switch is actuated.

Tactile refers to a "bump" that is felt when the switch is actuated.

Nkey Rollover (NKRO) is the ability of the keyboard to recognize as many keys as you can press at once.
Most keyboards are 6-KRO or 2-KRO(99% of keyboards).

104 / Full-sized is the standard-sized keyboard.

87 / Tenkeyless / 80% is a keyboard without the Numpad. 

The man who invented Meritocracy


Down with meritocracy

The man who coined the word four decades ago wishes Tony Blair would stop using it
  • The Guardian
I have been sadly disappointed by my 1958 book, The Rise of the Meritocracy. I coined a word which has gone into general circulation, especially in the United States, and most recently found a prominent place in the speeches of Mr Blair.
The book was a satire meant to be a warning (which needless to say has not been heeded) against what might happen to Britain between 1958 and the imagined final revolt against the meritocracy in 2033.
Much that was predicted has already come about. It is highly unlikely the prime minister has read the book, but he has caught on to the word without realising the dangers of what he is advocating.
Underpinning my argument was a non-controversial historical analysis of what had been happening to society for more than a century before 1958, and most emphatically since the 1870s, when schooling was made compulsory and competitive entry to the civil service became the rule.
Until that time status was generally ascribed by birth. But irrespective of people's birth, status has gradually become more achievable.
It is good sense to appoint individual people to jobs on their merit. It is the opposite when those who are judged to have merit of a particular kind harden into a new social class without room in it for others.
Ability of a conventional kind, which used to be distributed between the classes more or less at random, has become much more highly concentrated by the engine of education.
A social revolution has been accomplished by harnessing schools and universities to the task of sieving people according to education's narrow band of values.
With an amazing battery of certificates and degrees at its disposal, education has put its seal of approval on a minority, and its seal of disapproval on the many who fail to shine from the time they are relegated to the bottom streams at the age of seven or before.
The new class has the means at hand, and largely under its control, by which it reproduces itself.
The more controversial prediction and the warning followed from the historical analysis. I expected that the poor and the disadvantaged would be done down, and in fact they have been. If branded at school they are more vulnerable for later unemployment.
They can easily become demoralised by being looked down on so woundingly by people who have done well for themselves.
It is hard indeed in a society that makes so much of merit to be judged as having none. No underclass has ever been left as morally naked as that.
They have been deprived by educational selection of many of those who would have been their natural leaders, the able spokesmen and spokeswomen from the working class who continued to identify with the class from which they came.
Their leaders were a standing opposition to the rich and the powerful in the never-ending competition in parliament and industry between the haves and the have-nots.
With the coming of the meritocracy, the now leaderless masses were partially disfranchised; as time has gone by, more and more of them have been disengaged, and disaffected to the extent of not even bothering to vote. They no longer have their own people to represent them.
To make the point it is worth comparing the Attlee and Blair cabinets. The two most influential members of the 1945 cabinet were Ernest Bevin, acclaimed as foreign secretary, and Herbert Morrison, acclaimed as lord president of the council and deputy prime minister.
Bevin left school at 11 to take a job as a farm boy, and was subsequently a kitchen boy, a grocer's errand boy, a van boy, a tram conductor and a drayman before, at the age of 29, he became active locally in Bristol in the Dock Wharf, Riverside and General Labourers' union.
Herbert Morrison was in many ways an even more significant figure, whose rise to prominence was not so much through the unions as through local government.
His first job was also as an errand boy and assistant in a grocer's shop, from which he moved on to be a junior shop assistant and an early switchboard operator. He later became so influential as leader of the London county council partly because of his previous success as minister of transport in the 1929 Labour government.
He triumphed in the way Livingstone and Kiley hope to do now, by bringing all London's fragmented tube service, buses and trams under one unified management and ownership in his London passenger transport board.
It made London's public transport the best in the world for another 30-40 years and the LPTB was also the model for all the nationalised industries after 1945.
Quite a few other members of the Attlee cabinet, like Bevan and Griffiths (miners both), had similar lowly origins and so were also a source of pride for many ordinary people who could identify with them.
It is a sharp contrast with the Blair cabinet, largely filled as it is with members of the meritocracy.
In the new social environment, the rich and the powerful have been doing mighty well for themselves. They have been freed from the old kinds of criticism from people who had to be listened to. This once helped keep them in check - it has been the opposite under the Blair government.
The business meritocracy is in vogue. If meritocrats believe, as more and more of them are encouraged to, that their advancement comes from their own merits, they can feel they deserve whatever they can get.
They can be insufferably smug, much more so than the people who knew they had achieved advancement not on their own merit but because they were, as somebody's son or daughter, the beneficiaries of nepotism. The newcomers can actually believe they have morality on their side.
So assured have the elite become that there is almost no block on the rewards they arrogate to themselves. The old restraints of the business world have been lifted and, as the book also predicted, all manner of new ways for people to feather their own nests have been invented and exploited.
Salaries and fees have shot up. Generous share option schemes have proliferated. Top bonuses and golden handshakes have multiplied.
As a result, general inequality has been becoming more grievous with every year that passes, and without a bleat from the leaders of the party who once spoke up so trenchantly and characteristically for greater equality.
Can anything be done about this more polarised meritocratic society? It would help if Mr Blair would drop the word from his public vocabulary, or at least admit to the downside. It would help still more if he and Mr Brown would mark their distance from the new meritocracy by increasing income taxes on the rich, and also by reviving more powerful local government as a way of involving local people and giving them a training for national politics.
There was also a prediction in the book that wholesale educational selection would be reintroduced, going further even than what we have already. My imaginary author, an ardent apostle of meritocracy, said shortly before the revolution, that "No longer is it so necessary to debase standards by attempting to extend a higher civilisation to the children of the lower classes".
At least the fullness of that can still be avoided. I hope.
• Michael Young, when secretary of the policy committee of the Labour party, was responsible for drafting Let Us Face the Future, Labour's manifesto for the 1945 general election

Monday, April 29, 2013

are you a art major writing crappy Python? take part in the matasano crypto challenge!



If you have any trouble with the math in these problems, you should be able to find a local 9th grader to help you out. It turns out that many modern crypto attacks don't involve much hard math.


None. That's the point.


You'll want to be able to code proficiently in any language. We've received submissions in C, C++, Python, Ruby, Perl, Visual Basic, X86 Assembly, Haskell, and Lisp. Surprise us with another language. Our friend Maciej says these challenges are a good way to learn a new language, so maybe now's the time to pick up Clojure or Rust.

The review...

Here are the cryptographic topics covered:
Going into the challenges, I worried that my math wouldn't be up to the task. My impression of Serious Crypto was that it required all kinds of group theory, abstract algebra, elliptic curves, vector spaces, and other scary stuff. But while this may be true, the math content for the practical challenges was much gentler:
While the math concepts weren't hard, getting a real feel for them took work (and this was the point of the exercise).
If you're an experienced programmer, the Matasano challenges are also a terrific excuse to try a new programming language. It's always much more fun to solve real problems than it is to write a Manager object that inherits from Employee.
Here are the language features I found myself using most:
  • string manipulation (ranges, substrings)
  • bitwise operators
  • lookup hashes
  • conversion between string and number formats
  • big integer operations
  • packing and unpacking binary data
  • pattern matching
  • url manipulation
  • client/server interaction over a socket
Altogether it took me about three weeks to do the full cycle, working pretty intensively. Skilled programmers will find the going much faster, especially if you're comfortable with bit twiddling. Very few of the problems were downright hard, though some required several hours of work. I spent most of my time stepping through algorithms in pursuit of bugs, and in the process really got a feel for the moving parts in various cryptographic constructions.
I would compare the experience to having only ever read cookbooks and watched cooking shows, and then being asked to fry an egg. You know exactly what to do... in principle.
Some of the challenges have a payoff, in that you decrypt a short bit of secret text. This is incredibly fun. Seeing a cracked message come up on the screen after an evening of bug chasing reminded me of how it felt to be a kid in front of my Apple ][, finally getting it to beep or draw a circle or print DONGS all over the screen. Some of the later challenges even display the answer 'Hollywood style', where you get to see it decrypt one letter at a time in a cascade of print statements.
While the rules don't stipulate it, I think it's a good idea not to look at anyone's code if you try the challenges. The goal here is to convert message-board levels of understanding into actual knowledge, and the only way that works is if you bang your head on the task without seeing how anyone else has done it. Sean was really helpful in helping me navigate difficult spots, and the challenges are not set up to intentionally trick you. But you will need the kind of graph paper with the small squares.
What surprised me most:
  1. How practical these attacks were. A lot of stuff that I knew was weak in principle (like re-using a nonce or using a timestamp as a 'random' seed) turns out to be crackable within seconds by an art major writing crappy Python.
  2. There is no difference, from the attacker's point of view, between gross and tiny errors. Both of them are equally exploitable. In at least three challenges, the mere fact of getting distinguishable error messages was enough to recover the entire message.
  3. This lesson is very hard to internalize. In the real world, if you build a bookshelf and forget to tighten one of the screws all the way, it does not burn down your house
  4. Timing attacks are much more effective than I imagined.
  5. Someone who can muck with your ciphertext is halfway to reading it, possibly with your secret key for dessert.
  6. Some mistakes are incredibly non-obvious. I had no idea you had to super-carefully pad RSA, for example.
  7. Even on a laptop, in 10 minutes you can do a terrifying amount of computation. It really is 2013.
I mentioned earlier that I thought every web programmer should try their hand at these. It is very illuminating to look at your own web app from the vantage point of an attacker actually writing code. At the very least, you will never be confused about cipher block modes again, or have to worry that someone will ask you to explain how a public key works in an interview. And there is a whole slew of dumb mistakes you will now avoid (replacing them with smarter mistakes that will become the subject matter of challenges 48-96).
The best part, from a web app developer's perspective, is that you never once write a SQL statement or HTML tag.
Here are some specific lessons from the challenges that I will apply to my own work:
  1. Keep meaningful data out of tokens (like cookies) that I hand out to clients. Use random values keyed against a database, memory store, or wherever.
  2. If I have to put data in tokens, include an integrity check, and pay a real crypto person to vet it.
  3. I must never seed a PRNG with a timestamp. I used to do this with microsecond precision thinking I was being clever. Then I went ahead and wrote a script that guessed the seed value in just a few seconds, and now I will never do that again.
  4. Use constant-time string comparisons when testing incoming data against some target value for authentication purposes. This is easy enough to do in most languages to make it cheap insurance.
  5. Anything related to authentication should only fail in one way. I must not provide distinguishable errors to the user.
  6. If possible, find a way to log the fact that someone is making a lot of weird queries against my site. For extra points, try not to make the logger itself hackable.
  7. No third-party javascript. I hated it already, now I hate it more.
  8. Cut off one of my fingers each time I re-use a nonce.

Wednesday, April 24, 2013

ciphercloud and weasels


Weasel wording filter:
Graf 1, sentence 1: "a few board threads" -> Internet's current most important programming forum.
Graf 1, sentence 1: "contributed to by our competitors" -> Smoke screen, unsupported, irrelevant.
Graf 2, sentence 2: "basically admitted they really didn't know the facts" -> Because the facts weren't provided, the contributors set about reversing them from published material, the point of the thread.
Graf 3, sentence 4: "does use publicly available, well researched, and NIST validated cryptographic algorithms" -> Virtually all cryptography anywhere can make a similar claim, and most of that code is broken. NIST validates primitives and a few basic constructions, but tying those primitives into a functional cryptosystem is outside their purview.
Graf 4, sentence 1: "for any customer deployments" -> Leaves open the question of whether they implement semantically insecure constructions in any setting.
Graf 5, sentence 2: "fundamental security features (full field encryption, randomization through IVs) were disabled" -> Randomized encryption isn't a feature, it's a fundamental property of a cryptographic construction.
Graf 6, sentence 1: "currently in the process of obtaining our FIPS 140-2 certification" -> FIPS 140-2 doesn't involve a rigorous analysis of cryptographic primitives; the crypto-specific components focus on use of NIST-approved ciphers and block modes, but do not assure that those primitives are used securely. To illustrate that point: every vulnerable version of SSL3 and TLS1.0 and TLS1.1 has had a FIPS-compliant implementation somewhere.
They should just be honest about their desire to suppress the use of their copyrighted IP in critiques of their product. They're in a competitive space, they're a small company, hard to manage their online reputation and build product, &c. The Reddit/HN/Stack Overflow scene wouldn't like that response, but it's better than this one, which actually creates more questions about their product capabilities.

Monday, April 22, 2013

Baseball, an explanation.

In baseball the object is to iterate as many tokens as you can through a 4 slotted dequeue FIFO (implemented internally as a self referencing doubly linked list); Iteration run time is earned by the batting team by causing the hardest to solve ball sorting problems possible for the other team (most entropic ball state). The opposing team manages a counter labeled "Outs" initialized to 0 each "inning". If the counter is incremented to 3 the teams switch objectives, and a the out counter is reset. Each full iteration of a player though the buffer increments a team's "run" variable. The team with the greatest runs wins (typically by earning the most loop execution time).
The team managing the out counter distributes themselves optimally around the field such that they'll be able to detect the ball's location within a short period of time -- AND -- so that they can sort the ball back to their prime ball holder, the "pitcher". To get a chance to increment the out counter (and thus eventually have their turn at bat, and increase their runs) the pitching team gives the batting team a chance to hit the ball (and cause the ball sorting problem). While the ball is being sorted player tokens can iterate through the FIFO buffer nodes (bases). Only one additional player can enter base queue per sorting problem created. The bases are allowed to be null (no players), and players can move in both directions around the loop.
A pitcher must give adequate chance for the ball sorting problem to be created by passing the ball through a volume called the "strike zone" which is created by clipping the prismatic space above home plate to the vertical interval between the batter's knees and the midpoint in their chest. The midpoint is a point half way between the shoulders and top of the pants. Note: Creating an impossible planar strike zone by pulling one's pants down to the knee and bending at the waste to bring the shoulders in line is considered extremely rude "unsportsmanlike conduct". If the batter does not swing at a valid pitch then it is counted against them as a "strike". If the bat is swung at the ball and no valid sorting problem is created it is considered a strike whether the ball passed through the strike zone or not. If a batter accumulates 3 strikes it is converted to an out and their iteration is preempted. The pitcher may throw outside the strike zone to trick the player into leaping at an unfair starting condition, but if the player does not swing at such invalid pitches then they are considered unfit "balls", four such balls allows the player to automatically reach 1st base safely, and if occupied the bases will increment, possibly causing a run to be scored. This is called Walking, since there is no danger of being interrupted. Walks in the park are quite nice, but do not make for good games.
A batter must cause a valid sorting problem with the ball within 3 attempts (swings) at valid pitches, or they lose their chance to enter the FIFO and the out counter is decremented. Valid sorting problems are those where the post-hit ball travel vector is within the area formed by rotating a ray extending from home through base 0 until it intersects base 3 (inclusive). If the valid ball is hit out of the park (or strikes the pole erected along the base lines to make the problem space visible, while above the fence) then the ball sorting problem is considered infinitely complex and the iteration queue can be emptied of all players actively in the FIFO buffer and they all count as runs -- This is called a home run. The ball sorting problem is considered too simple if the ball is caught from out of the air directly by the opposing team before it strikes the ground, and such counts as an immediate out, forfeiting the running player's iteration cycle. Hitting the ball outside the valid sorting problem space is called a foul ball, counting as a strike.
The player at bat begins at base zero (home) and, after hitting the ball, tries to iterate from base1 to base2 to base3 and back home around the diamond shape without getting touched by the ball (or a glove covered ball). If the opposing team touches with the ball a player in the process of updating the base (node) states (moving between them) then the out counter is incremented, the iterating player's value is considered corrupted, and they are immediately garbage collected from the iteration area and re-ineserted into the at-bat chance queue. While a player is stored in a node (touching a base) they are considered immutable (safe), and touching them with the ball does not remove them from the FIFO queue. If the destination base is touched while the player is iterating, and to return is impossible (due to 1st base iteration, or players behind pushing them forward) then they are considered "out" as well. The moment a running player touches home base on their final increment they are no longer considered in the FIFO queue and the run counter is incremented (this resolves the issue of a player running home while a player is at bat).
The players on the base nodes are in an unstable state, and can attempt to iterate to a non null base (or home) pretty much at any time, however, while the pitcher has control of the ball he creates a deadlock in the running iterations by threat of race condition due to of his ability to deliver the ball to a destination base or player who can tag the runner out -- Tossing the ball directly at the iterating players is considered illegal because of injury concerns. So, when the batter strikes the ball any on base players consider their chances of successful iteration and may attempt to run -- They take advantage of the length of time it takes for the opposing team to sort the ball back into a high risk state. Storing two "running" players per node or swapping player order is considered an illegal operation, the lower valued player must return to the prior node or be counted out.
The pitcher gives batters a chance to create sorting problems, while keeping runners in dead-lock, preventing iteration. The batter creates the most time consuming sorting problem possible (including just tapping the ball "bunting" it, leaving it near home plate). The runners look for opportunities to iterate without causing exceptions, all while some scoreboard software fails to implement a fucking doubly linked list properly!

Wringing out Water on the ISS - for Science! by canadianspaceagency

Sunday, April 21, 2013

ciphercloud - cloud encryption gateway that resides within your network

mirror of the discussion on scala.sh

another mirror

because ciphercloud would rather people not talk about how their stuff work, or not..

ahahhahaa...from https://news.ycombinator.com/item?id=5585797

There are two rules of crypto:
1) There are 6 people on the planet smart enough to invent new crypto schemes.
2) You're not one of them.

and because, (from https://news.ycombinator.com/item?id=5579538 ):

Encryption and security does usually not get any better by pretending its secure and not letting anyone dig around the solution.

Tuesday, April 16, 2013

Software Curmudgeon's Phrasebook and the System Development Lifecycle

Software Curmudgeon's Phrasebook
- It was hard to write, it should be hard to understand 
- Users exist to be served. I like mine fricasseed. 
- Debugging is vastly overrated. They pay you to create the bugs, they pay you to fix the bugs. Why debug? 
- What, me test?! And put all the users out of a job?!? 
- Failure to plan on your part does not constitute an emergency on my part. 

the System Development Lifecycle:
1. Write the programs 
2. Deploy to production 
3. Test 
4. Get requirements from users 
5. Growing panic 
6. Search for the guilty 
7. Punishment of the innocent 
8. Bonuses and promotions for the non-participants

alice and bob : must read




is your hobby embarrassingly parallel?

is apparently almost ready...

is already in production...

or if your hobby is not embarrassingly parallel, how about a http://www.kickstarter.com/projects/1106670630/mojo-digital-design-for-the-hobbyist

in the clouds

who is using which stack?

and fair enough, openstack is the most active of the open stacks...

Tuesday, April 9, 2013

dont pay for it, dont build your own

the wordpress maintainers are far more in number and are probably highly competent. they also work for you for free. and due to the popularity of wordpress, people who encounter problems with it are far more in number than anything out there...

is slightly less optimal because its a far smaller project, open sourced by a firm. if it doesnt gather a community around it, one day the firm will lose interest in maintaining it and you'll be stuck with old software forever.
similarly http://plasticscm.com/buy.aspx, but it looks damn nice..haiz.....

if i not wrong, this is built on top of firebase , which is bad, excellent as firebase is. firepad is open source, yes, but it'll likely not run without access to firebase. one day firebase will close shop or raise your prices 10x or something and you'll have no option to run it in-house or find a drop in replacement.

i.t. only ever gets cheaper.

i now slightly regret my us$12/yr chicagovps instance..these people are doing us$15/yr 512mb ram!

is close as well..

Monday, April 8, 2013

give it a minute

Does it matter that what you’ve achieved, with your online special and your tour can’t be replicated by other performers who don’t have the visibility or fan base that you do?
Why do you think those people don’t have the same resources that I have, the same visibility or relationship? What’s different between me and them?
You have the platform. You have the level of recognition.
So why do I have the platform and the recognition?
At this point you’ve put in the time.
There you go. There’s no way around that. There’s people that say: “It’s not fair. You have all that stuff.” I wasn’t born with it. It was a horrible process to get to this. It took me my whole life. If you’re new at this — and by “new at it,” I mean 15 years in, or even 20 — you’re just starting to get traction. Young musicians believe they should be able to throw a band together and be famous, and anything that’s in their way is unfair and evil. What are you, in your 20s, you picked up a guitar? Give it a minute. 

people who buy things

now mendeley customers can look forward to more spending!

God damn it. After the recent MySQL/OpenOffice/Java and Google Reader fiascos, my lab had a huge internal debate about whether to continue using Mendeley or choose a FLOSS alternative that wouldn't bite us later. Obviously we miscalculated.
I don't blame the Mendeley team -- too much -- since $100M is a lot of money. Although they shouldn't try to pretend that this isn't a complete sellout.
The fault really lies in the community's willingness to fall over and over for these shiny but not-quite-free alternatives. Two years ago, I would have said that Stallman is a nut; now, I think he's quite right. 
- https://news.ycombinator.com/item?id=5515526

so heroku tells you whats going on and how to work around the problem while instacart says sorry convincingly.

- https://news.ycombinator.com/item?id=5515039

Wanting companies to be humble, of all possible things, seems like insanity to me. Companies are not people; they do not have emotions; they do not participate in psychosocial guilt/submission demonstrations as a way to signal status transfer.A (B2B) company is a machine you rely on to run your own business--sort of like an office printer. When the printer stops working, do you expect an apology? The best thing the printer can do is to just start working again--to make you money now. Everything that has happened in the past is a sunk cost. Time spent apologizing is time spent not printing. (Imagine how much time Mr. Wiggins has spent giving people apologies instead of making Heroku work better.)"Peace of mind" is for consumers. When you run a business, the only thing you should think about the B2Bs higher in your supply chain is "wow they're good at what they do." Whether they whimper believably will not help your own business succeed.
rdtsc 2 hours ago | link

> When the printer stops working, do you expect an apology?Actually, the better thing a printer can do is explain to me _why_ it failed so I know how to avoid, work around it, or understand what to do next. I feel the FAQ is tons better than "sorry". My printer already says "sorry, print job failed". Try again, "sorry, print job failed". Then it is me cursing at it "piece of shit! tell me why it failed, I need to get my stuff printed"..."sorry, PC load letter"..."Arghhhh!"So actually I like Heroku's response more. Technical info for technical users.
derefr 2 hours ago | link

Exactly. This is part of the make me money now idea: you need some information from the printer to get back to using it, so to make you money, it has to first teach you what you need to know to use it. It doesn't have to bow and scrape while doing it; it just needs to get you back to it being useful.reply

no shit this is funny!

OGinparadise 1 day ago | link

"Linked" is too weak of a word, but sadly, by the time the link it's proven it may be too late.Before the government bans the product you make or use, causing you a lot of monetary loss, reason says that they should think twice. So, IMO nothing will be done, just yet. They are too many special interests and evidence apparently is not conclusive. Last year I remember reading that cell towers might be the culprit, interfering with their navigation or something like that.
spodek 1 day ago | link

If only people had this perspective before taking the risk at first, we wouldn't act like pollution was the norm and unpolluted nature was the aberration. I like your logic, but I would have applied it before introducing something that kills a species we don't want to kill."Before the government allows the use of the product never before seen in nature, causing you a lot of monetary loss, reason says that they should think twice. So, IMO nothing will be done, just yet. They are too many special interests and evidence apparently is not conclusive."The cell tower stuff was a red herring.
OGinparadise 1 day ago | link

Before the government allows the use of the product never before seen in nature, causing you a lot of monetary loss, reason says that they should think twice.They think and experiment more than twice and pesticides are heavily regulated. The problem is that by the time symptoms show, it can be too late. On the other hand, virtually everything is a tradeoff: the houses we live in, newspapers we read, the meat we eat, the beer we drink etc etc is harmful to some habitat. So if you want certain things, you have to tolerate some other things. Pesticides, fertilizers and GM crops enable us to get much more from the same acre so they are very tempting to use.Not saying that I'm cool with having all bees die off though.
unclebucknasty 1 day ago | link

The problem with your logic is that it assumes everyone is forthright and honest, even with tremendous amounts of money involved. We know what history and human nature teach us about that assumption.These pesticides were initially sold as unharmful or minimally toxic to bees. Now that we are using it, we have experts telling us that it will absolutely kill bees. That's a pretty dramatic distinction.Do you honestly believe that in all of their "thinking and experimenting more than twice", no one ever observed that this stuff killed bees and, on the contrary, everyone actually believed it to be unharmful to them?
OGinparadise 1 day ago | link

IIRC new pesticides have to be tested by the government, no need to trust just about everyone that mixed something in their factory or bathtub.http://www.epa.gov/pesticides/about/aboutus.htm https://secure.pesticides.gov.uk/pestreg/
unclebucknasty 1 day ago | link

See my reply to waterlesscloud below. In short, I understand how the process is supposed to work, but like much else in government, the revolving door between regulatory agencies and industry, combined with paid-for politicians, undermines the integrity of the process.reply
waterlesscloud 1 day ago | link

If you don't trust the experimental results, exactly what process are you proposing?More experiments? Will you trust those?
unclebucknasty 1 day ago | link

Your comments beg the question. The "experimental results" you reference are meaningless if they are not properly disclosed and utilized.In fact, seems to me that an investigation is in order as to how these supposedly stringent regulatory processes gave us pesticides that were purportedly safe for bees and other beneficial insects, while we now know that they are clearly lethal to bees. They specifically stated that their chemicals do not do something that they clearly do, and that something is ecologically and agriculturally devastating. I find it very difficult to believe that this was completely unknown prior to approval. If you are telling me that you believe it was unknown after utilizing the best processes we have to test and model, then I would say that we clearly need to ban these pesticides and approve nothing else until we are better at determining outcomes.
Beyond that, what I would trust is a regulatory process that does not involve revolving doors between government bureaucrats on the regulatory side and industry. That and a true democracy wherein politicians are not bought by the highest bidder. Those are just starting points.
So, no, I would not trust more experiments performed by the same people, processes, and "oversight" that brought us the last round. You would?
waterlesscloud 1 day ago | link

What's the practical alternative, then?Not the ideal alternative, which we all agree would be nice, but what is something that might actually work?
unclebucknasty 1 day ago | link

I'm not sure that I understand your line of questioning. Are you agreeing that there seems to be foul play here? Or are you saying that everyone is honest, but our systems are woefully insufficient? Or both?Because either would be unacceptable in my view. Yet your point seems to be that it's the best we have, so we should make do. In fact, if you agree that the system as-is is very much less than ideal, then it seems that you would join me in calling for remedy, perhaps using the starting points I've already identified as a basis.
Instead the very nature of your questioning seems to suggest that people who call attention to the problem are somehow in the wrong because they don't have a set of concrete legislation for regulatory change at the ready. It's a bit of a red herring, wherein you agree with me on principle, but rather than demanding answers or solutions from those who are at fault, you instead immediately turn to me and demand solutions, essentially letting those responsible off the hook.
waterlesscloud 1 day ago | link

What starting points have you identified for a practical solution?EDIT-
To simplify what I had here before (and make it hopefully less argumenative):
What system would be verifiable and trustworthy? How would that differ from what we have now?
unclebucknasty 1 day ago | link

I never claimed to offer a specific, "practical" solution and my last comment pointed out the oddness of you asking me for one vs asking those responsible.And I'm still not sure why you continue to make that the issue. It's not so much argumentative as it is odd.
In any event, what I did point out are some of the underlying issues that make the current system corruptable (i.e. untrustworthy). I don't really feel like retyping that, so if you're earnestly interested, perhaps you can check my ancestor comment on this thread.
As far as devising "practical" solutions, surely identifying and addressing those core issues might be a starting place.
EDIT: But perhaps the real question is: what exactly is your point?

Sunday, April 7, 2013

A modest proposal: Lets do our part for the nation.

How about lets have all our MPs and Ministers work pro-bono for their first 5 years?
We can provide them with NTUC food vouchers and perhaps a expenses fund too..lets peg it to the singapore poverty line or to the NS corporal pay.
Its about "doing your part for the nation", you see. Half of all singaporeans do National Service.
In my time it was 2.5 years long, now its 2.
For me it wasn't a 9-5 job, this NS. I was on call 24 hours a day. Anytime anybody wanted anything from me they can do so. And then there's real work done after office hours, like guard duty and missions in the middle of the night. Rightly , i'd say the 16 hours of non-office hours should be compensated at least 2x of normal pay. 2 years of this is actually more than 5 years of income if this were work in the private sector, really, if you measure it this way.
If half the population can do it, so can our ministers, MPs and everyone who don't do NS, really.
Work the 5 years pro bono. Get sg$500/mth and free SFI/NTUC FoodFare meal vouchers.
If not, then pay it back as tax. Male singaporeans are essentially forgoing 5 years of income. Thats easily 10% of accumulated lifetime earnings. Let anyone who doesn't work pro bono 5 years pay 10% of their income always, as some sort of in-lieu-of-NS tax. Maybe we could even offer this to everyone, including singaporean males, since DOING YOUR PART FOR THE NATION should not be discriminatory..every one should.
And we're just talking NS, not yet reservist and the ippt/ipt/rt cycle. Assuming it takes 2 hours of exercise a day, 3 days a week , for 8 weeks, to reach a level of fitness required to pass the ippt..lets have every singaporean be liable for exactly that..8 weeks a year, 3 days a week, 2 hours each time...to work pro bono.  How about social work? taking care of old folks in old folks homes? help with hospital chores?
That covers the ippt/ipt/rt cycle.
Then finally we look into reservist. Thats 10 years, 2 weeks a year. Lets do the same and get people to DO THEIR PART FOR THE NATION for a while. But this time, lets pay people fairly, since reservists(or their employers) do get to claim their work pay.
Thats all. In reality some who serve NS have office hours and stay at home, and some people have longer reservist cycles and so on. I'm imagining a sort of average burden. If the singaporean males can do this, then so can every MP or minister, or in fact, singaporean.
Or rather, why is there a tax for being a male singaporean? why is the rest of singapore exempt from this tax or its equivalent? I can understand taxing the rich, because they have more money, but how is taxing maleness justifiable? Can we really exercise the 'justice and equality' part of the pledge and apply the NS tax fairly?
Why am I picking on the MPs and ministers as well, since some of them do serve NS?
was just thinking they may demonstrate they're twice the singaporean i am...

Friday, April 5, 2013

fairly amazing, the usps

  • Most Unusual Delivery Method — mule trains in AZ. Each mule carries about 130 pounds of mail, food, supplies and furniture down the 8-mile trail to the Havasupai Indians at the bottom of the Grand Canyon, averaging 4,000 pounds per day.
  • Another Unusual Delivery Method — boat in MI. The JW Westcott is a 45-foot contract mail boat out of Detroit, MI, that delivers mail to passing ships in the Detroit River. The JW Westcott has its own ZIP Code — 48222.
  • Another Unusual Delivery Method — dock- to-dock delivery on the Magnolia River in AL. A 17-foot contract mail boat delivers to 176 dock-side mailboxes on a 31-mile stretch of the river.

  • https://about.usps.com/who-we-are/postal-facts/welcome.htm

    laws have to be reasonable to be followed?

    26873 signatures to fire steve heymann

    54922 signatures to fire carmen ortiz

    since there'd been no response to the petitions...

    Thursday, April 4, 2013

    play with Grizzly!

    play withit at home..http://devstack.org/

    or play withit for a while...http://trystack.org/

    amazon pokes, google reacts

    amazon dropped some EC2 prices by 27.7% in Feb 2013

    then dropped S3 prices by ~50-60% yesterday..

    google responds with a 4% price cut.....

    dotcloud of course went one better..

    another dig at journos..

    somewhere in there the thing says..

    VMware’s RabbitMQ, an open source middleware-type application deployment project, is also used heavily within the OpenStack community.

    lets see what's the problem with that...

    mullr 7 days ago | link

    "VMware’s RabbitMQ, an open source middleware-type application deployment project, ..."Perhaps it's mean to poke fun at reporters, but this is pretty brazen.
    lflux 7 days ago | link

    Not quite sure what you're getting at here.reply
    mullr 7 days ago | link

    More than being wrong, the description is almost entirely without content. "Open source": true. "middleware-type": true, but doesn't mean much. "application deployment": not right, but also pretty vague itself.The text straight from the results page tells an interested party that it's an "enterprise messaging system", which should be good enough for any blog on forbes.com. I really have no idea where they got the gobbledygook that they used.
    yes, if u didnt get 'straight from the results page', it means if u googled 'rabbitmq', google provides a summary of what rabbitmq is..and its...

    RabbitMQ is a complete and highly reliable enterprise messaging system based on the emerging AMQP standard.

    one doesnt even have to go to www.rabbitmq.com to see that...

    archipel, a vsphere for kvm


    actually i just looked around for deployment numbers to compare between esxi, hyperv,kvm, xen, openvz..
    i mean, i think google uses quite a bit of kvm, since i think google compute instances are kvm.
    amazon sounds like they use xen. rackspace i think also xen. linode also.
    of course azure is hyperv.
    i wonder what facebook, twitter, linkedin use...
    and i wonder who uses esxi.
    i can see that vmware often claims marketshare of 80% or so.
    however, in those charts its competitors are always citrix and microsoft, not the actual hypervisors.
    its like this. when people talk about web server marketshare, they acknowledge apache and nginx.
    why when talking about hypervisors they talk about vendors and not hypervisors?