Thankful Thursday

Apr. 17th, 2014 09:07 pm
mdlbear: the positively imaginary half of a cubic mandelbrot set (Default)
[personal profile] mdlbear

So... today I'm thankful for...

  • Music and musicians.
  • A room big enough for house concerts!
  • Kids and cats.
  • Gin.
  • The ability to hold things more or less together in public.

I'd add "getting the taxes done" except that I didn't. Bit of a short list today. Sorry about that.

Recovering....

Apr. 16th, 2014 05:33 pm
badgerbag: (Default)
[personal profile] badgerbag
Did ok on my trip, but just ok. I also got through work today. And I wrote a blog post because it seemed like it had to be done. But now I'm totally done touching a keyboard. Exhausted, in pain, a bit fevery feeling all over. I have not managed to unpack yet. Moomin helped me put away clean laundry. Zond7 ordered us groceries and cleaned up and we have a helpful house cleaner coming tomorrow. I need serious rest.

Read The Goblin Emperor, which I highly recommend! OMG... more like this!

Also, Pen Pal by Francesca Forrest.

Both excellent!!!

Done this week (20140406 Su - 12 Sa)

Apr. 13th, 2014 01:37 pm
mdlbear: the positively imaginary half of a cubic mandelbrot set (Default)
[personal profile] mdlbear

The big news here at Rainbow's End is the first of our house concerts -- Heather Dale is singing here tonight! Doors open at 7:30, and there's still space. Probably.

The big news everywhere else on the internet is the Heartbleed Bug. Yes, it's bad. Most banking sites, fortunately, aren't affected, but Google (for example) is. Wait until a site has installed patches before you bother changing your password. And if you're using the same password on multiple sites, Don't Do That Anymore! -- you know better, don't you?

Essentially no work on the taxes. Ouch! I'm going to overestimate, put it on installments, and file for an extension. Though, every deduction I can find today and tomorrow will help.

Lots of links in the notes.

raw notes, with links )
skud: (Default)
[personal profile] skud
This is a crosspost from Infotropism. You can comment here or there.

This is probably going to be a wildly unpopular opinion and IDGAF. So many of my non-technical friends are freaking out that I feel the need to provide a bit of reassurance/reality.

First, an analogy.

In 2005 we learned that you can open a Kryptonite U-lock with a ballpoint pen. Everyone freaked out and changed their bike locks ASAP. Remember that?

Now, I wasn’t riding a bike at the time, but I started riding a bike a few years later in San Francisco, and I know how widespread bike theft is there. I used multiple levels of protection for my bike: a good lock, fancy locking posts on the seat and handlebars, and I parked my bike somewhere secure (work, home) about 90% of the time and only locked it up in public for short periods. Everywhere I went I saw sad, dismembered bike frames hanging forlornly from railings, reminding me of the danger. Those were paranoid times, and if I’d been riding in SF in 2005 you can bet I would have been first in line to replace my U-lock.

These days I live in Ballarat, a country town in Victoria, Australia. Few people ride bikes here and even fewer steal them. I happily leave my bike unlocked on friends’ front porches, dump it under a tree while I watch birds on the lake, lean it against the front of a shop just locked to itself while I grab a coffee, or park it outside divey music venues while I attend gigs late at night. I have approximately zero expectation of anything happening to it. If I heard that my bike lock had been compromised, I wouldn’t be in too desperate a hurry to change it.

Here’s the thing: if you are an ordinary Jane or Joe living the Internet equivalent of my cycling life in Ballarat, you don’t need to freak out about this thing.

Here are some websites I use where I’m not going to bother changing my password:

  • The place where I save interesting recipes
  • The one I go to to look at gifs of people in bands
  • That guitar forum
  • The one with the cool jewelry
  • The wiki I edit occasionally
  • The social network I only signed up for out of a sense of obligation but never use

Why? Because a) probably nobody’s going to bother trying to steal the passwords from there, and b) even if they did, so what?

This Heartbleed bug effectively reduces the privacy of an SSL-protected site (one whose URL starts with https://, which will probably show a lock in your browser’s address bar) to that of one without. Would you login to a site without SSL? Do you even know if the site uses SSL? If you’d login to your pet/recipe/knitting/music site anyway — if you’d do it from a coffee shop or airport — if you’d do it from a laptop or tablet or phone doesn’t have a strong password on it — if you don’t use two-factor authentication or don’t know what that means — then basically this won’t matter to you.

(I’m not saying it shouldn’t matter. You should probably set strong passwords and use VPNs and two-factor authentication. Just like you should probably lock your bike up everywhere you go, floss, and get your pap smears on the regular. Right? Right? *crickets*)

So if you’re a regular Jane — not working in IT security, not keeping state secrets, etc — here’s where you really need to change your passwords:

  • Any site you use to login to other sites (eg. Google, Facebook)
  • Any site that gives access to a good chunk of your money with just your password (eg. your bank, PayPal, Amazon)

(To do this: use this site to check if the site in question is affected, then if it’s “all clear” change your password. Don’t bother changing your password on a still-affected site, as that defeats the purpose. Oh, and you should probably change your passwords on those sites semi-regularly anyway, like maybe when you change the batteries in your smoke alarm. Which I just realised I should have done the other day and didn’t. Which tells you everything, really.)

Beyond those couple of key websites, you need to do a little risk assessment. Ask yourself questions like:

  • Has anyone ever heard of this site? Does anyone care? Is it likely to be a target of ominous dudes in balaclavas?
  • If I lost my login to this site, or someone could snoop what I had on that account, what is the worst that could happen?

If your answer is “I’d lose my job” or “I absolutely cannot survive without my extensive collection of Bucky/Steve fanart” then by all means change your password.

If your answer is “Eh, I’d sign up for a new one” or “Wait, even I’d forgotten that site existed” then you can probably stop freaking out quite so much.


DISCLAIMER: I am not an Internet security expert, just a moderately well-informed techhead. Some people, including better-informed ones, will disagree with me. You take this advice at your own risk. La la la what the fuck ever, you’ll most likely be fine.

"Heartbleed" security vulnerability

Apr. 8th, 2014 08:16 pm
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
[staff profile] denise posting in [site community profile] dw_maintenance
For those who have seen reference today in the press to the "Heartbleed" security vulnerability in OpenSSL, we'd like to reassure you that although we (like a large portion of the internet) were running the affected software, we patched our servers last night and were no longer vulnerable from that point.

We have no reason to believe that anyone was exploiting this vulnerability against us or that any user data has been compromised. We'll be changing our security certificates for extra confidence.

On the other hand, the nature of this vulnerablity means that it's impossible for a website to know for absolute certain whether someone was exploiting it. If someone was exploiting the vulnerability, against us or against any other website, they potentially have access to any information you sent to the site, including your username/password for the site and any data you sent to the site under HTTPS. It's a good idea to change your passwords pretty much everywhere, but don't do it until you can verify that a site is no longer vulnerable.

If you have any questions, feel free to ask!
skud: (Default)
[personal profile] skud
This is a crosspost from Infotropism. You can comment here or there.

As you might know, I’ve been working on 3000 Acres over the last few months. My time there is almost up and they’re looking for volunteers to continue developing the site. If anyone in the Melbourne area is interested in working with me on this, and then taking it over, please get in touch! It would be a great way to get involved in a tech project for sustainability/social good, and the 3000 Acres team are lovely people with a great vision. Feel free to drop me an email or ping me via whatever other means is convenient, and please help us get the word out.


3000 Acres connects people with vacant land to help them start community gardens. In 2013 3000 Acres was the winner of the VicHealth Seed Challenge, and is supported by VicHealth and The Australian Centre for Social Innnovation (TACSI) along with a range of partners from the sustainability, horticulture, and urban planning fields. We are in the process of incorporating as a non-profit.

Our website, which is the main way people interact with us, launched in February 2014. The site helps people map vacant lots, connect with other community members, and find community garden resources. Since our launch we have continued to improve and add features to our site.

So far, our web development has been done by one part-time developer. We are looking for another (or multiple) volunteer developers to help us continue to improve the site, and to help make our code ready to roll out to other cities.

We’re looking for someone with the following skills and experience:

  • Intermediate level Rails experience (or less Rails experience but strong backend web experience in general). You should be comfortable using an MVC framework, designing data structures, coding complex features, etc.
  • Comfort with CSS and Javascript (we mostly use Bootstrap 3.0 and Leaflet.js) and with light design work (eg. layout, icons)
  • Familiarity with agile software development, including iteration planning, test driven development, continuous integration, etc.
  • Strong communication skills: you’ll particularly use them for writing web copy, advising on information architecture, and project management.
  • You should be in Melbourne or able to travel regularly to Melbourne to meet with us. Phone, Skype, and screen sharing may also be used — our current developer is based in Ballarat.

We welcome applications from people of diverse backgrounds, and are flexible in our requirements; if you think you have skills that would work, even if they don’t match the above description exactly, please get in touch.

We envision this role being around 8 hours a week ongoing (somewhat flexible, and mostly from your own location). Initially you will work closely with our current developer, who can provide in-depth training/mentoring and documentation on our existing infrastructure and processes. Over the next 3 months you will become increasingly independent, after which time you will be expected to be able to create and maintain high-quality code without close technical supervision.

For more information you can check out:

If you’re interested in working with us, please drop Alex an email at skud@growstuff.org. No resume required — just let us know a bit about yourself, your experience, and why you want to work with us. If you can show us an example of some relevant work you’ve done in the past, that would be fantastic.

mdlbear: the positively imaginary half of a cubic mandelbrot set (Default)
[personal profile] mdlbear

Lots of puttering. In part because we're getting ready for Heather Dale's house concert this coming Sunday (contact me or Naomi if you're interested in attending), and in part because it's a way of feeling that I'm doing something useful while avoiding the taxes.

I was on tap for jury duty Wednesday and Thursday -- had to go in, but didn't get picked, or even assigned to a case. Oh, well. I've only been on a jury once -- very educational. The people running the jury assembly room were very competent, and did their best to make it a good experience. Successfully, in my opinion.

Three of Colleen's roses arrived on Tuesday; they finally got planted today.

A little noodling -- I need to practice more. And we need to encourage Colleen to sing more.

Links, as usual.

raw notes, with links )

Garden share collective, April 2014

Apr. 6th, 2014 09:31 pm
skud: (Default)
[personal profile] skud
This is a crosspost from Chez Skud. You can comment here or there.

Time for another Garden Share Collective, hosted by Lizzie at Strayed from the Table. You should definitely head on over there to see how everyone’s garden is going!

The Garden Share Collective

Last month, my garden had exploded and I was picking zucchini, eggplant, and other high-summer veg. I was planning for winter planting, and had just laid out some new no-dig beds to do it in.

Sigh.

It’s been a very rough month, with a lot of personal, health, and work stuff going on, and I have to admit I haven’t been paying much attention to the garden. Many of the seedlings I had started, that I wanted to plant out, died through lack of attention and the predations of cabbage moth (at least I presume cabbage moth, as they went for the brassicas first and hardest).

This is what last month’s jungle of greenery looks like now:

dead sunflowers and tomatoes

dead sunflowers and tomatoes

Read the rest of this entry  )

Page generated Apr. 19th, 2014 10:34 pm
Powered by Dreamwidth Studios