[poem] Craftwork

Oct. 25th, 2014 11:39 am
kaberett: a patch of sunlight on the carpet, shaped like a slightly wonky heart (light hearted)
[personal profile] kaberett
For all of you; and specifically for [personal profile] jelazakazone, a bit.

I am living a borrowed life on
borrowed time, in that
the theft thereof has not been noticed yet--
my other selves are paper-thin;
they echo in the corners of my eyes,
their futures circumscribed by our own hand
and thereby written out of history.
Egal: perhaps they would be better, but
it's me who's living this, who's
strong or weak enough to hold on tight.
I will make a patchwork of my fractured nights,
my scraps of grace: as ever bound together
with the brilliant shining thread that you,
unknowing, trace.

Halloween at work

Oct. 24th, 2014 07:21 pm
azurelunatic: Azz and best friend grabbing each other's noses.  (Default)
[personal profile] azurelunatic
Not allowed to peck Purple with my long, dagger-like loon beak.
compilerbitch: That's me, that is! (Default)
[personal profile] compilerbitch

My new Queer of Swords post is up at Patheos. Halloween from a transgendered perspective, with a touch of rant just to be sure.


Grr Arg!




Please note: this was cross-posted from my main blog at http://www.mageofmachines.com/main/2014/10/24/new-queer-of-swords-post-halloween-the-secular-festival-of-becoming/ -- If you want me to definitely see your replies, please reply there rather than here.

#QueerofSwords, #TransgenderActivism

(no subject)

Oct. 24th, 2014 08:15 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
Sarah, sitting and putting labels on the 150-odd vials of BPAL I decanted today: "You know, I don't think it was an unreasonable request."

Me, opening 200-some vials that I bought secondhand to sniff them and determine if I like them or not: "What?"

Sarah: "'One of these days I should find a perfume I can wear to work', I said. And here we are, somehow that having turned into 'try everything BPAL has ever made'..."

Me: ...Hello, have you MET ME? YOU KNEW IT WAS ON FIRE WHEN YOU LAID DOWN ON IT.

(She is so very tolerant of the fact that "....that escalated quickly" is my life motto.)

Sometimes what comes next is the gym

Oct. 24th, 2014 04:27 pm
redbird: my head and chest, from in front (new gym icon)
[personal profile] redbird
The numbers from [profile] julian_tiger's most recent bloodwork are worse, and his weight is down; we aren't going to have him much longer. And I lost Velma less than a week ago. So, try to avoid making significant decisions, and I am doing quite a bit on habit. Things like having yogurt for breakfast, or timing on cups of tea.

One of those habits seems to be exercise, though that's not an everyday thing like the morning yogurt. I hadn't been to the fitness room since Monday, so I went this afternoon. I think it helped my mood, as well as being good for me on other levels. There were two other people in the exercise room, one telling the other what to do, setting the amounts of resistance on the machines, and so on. The one being instructed looked to be in his teens; it was weird realizing that I may have been doing this since before he was born. That's enough years to normalize it, and make it something to do when "normal" feels a bit out of reach.

numbers )

Working

Oct. 24th, 2014 02:44 pm
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
[personal profile] synecdochic
Working working working. Decanting decanting decanting. The cooking tv shows I'm watching in the background are making me hungry.

Read more... )

Note to self: sticky toffee pudding

Oct. 24th, 2014 03:44 pm
kaberett: Overlaid Mars & Venus symbols, with Swiss Army knife tools at other positions around the central circle. (Default)
[personal profile] kaberett
Nigella Lawson on the topic (semi-steamed); entirely baked version involving TINY FREEZABLE RAMEKINS; if doing the thing of soaking the dates first, lots of people recommend tea and you want to use overbrewed rooibos; this is totally a thing you can do, self.

PS you -- The Pioneer Woman makes creme brulee look not entirely terrifying, Rasa Malaysia wants to be your misguided friend, the Graun is your spiritual home, and the Beeb wants you to have two recipes.

Just One Thing (24 October 2014)

Oct. 24th, 2014 03:36 pm
nanila: me (Default)
[personal profile] nanila posting in [community profile] awesomeers
It's challenge time!

Comment with Just One Thing that you've accomplished in the past 24 hours or so. It doesn't have to be a hard thing, or even a thing you think is particularly awesome. Just a thing that you did.

Feel free to share more than one thing if you're feeling accomplished!

Extra credit: find someone in the comments and give them props for what they achieved!

Nothing is too big, too small, too strange, or too cryptic. And in case you'd rather do this in private, anonymous comments are screened. I will only unscreen if you ask me to.

Go!

[counselling log] Bits & pieces

Oct. 24th, 2014 11:52 am
kaberett: a watercolour painting of an oak leaf floating on calm water (leaf-on-water)
[personal profile] kaberett
  • At least some of my being terrified of writing for people other than myself (so - blog posts, technical writing, etc) is related to my dad's terrible thing of going "too slow!" at us whenever he asked us a question over dinner. Ergo I baulk and dig in my heels and refuse to write anything until the deadline's gone wooshing past because I'm too scared, and at least when it has gone wooshing past I am safe in the knowledge that I have disappointed people and can therefore can just get on with things (to some extent with a cocktail of sleep deprivation and adrenaline driving me forward). (Don't hesitate/it'll never push you forward/don't waste the time you've been given...) (There is a poem trying to happen about how I am living on time borrowed from my other selves.)
  • I look despairing when talking about TOG, and open and happy and secure when talking about P-the-no-longer-unethical or Awesome Ex-Housemate C. (And realised myself, somewhat wryly, that towards the end of our relationship I felt that I was without hope on the topic of Us; out the other side of that I find that I am not, in fact, as hopeless as might be good for me.)
  • Joking and current music fields aside, I'm pretty confident that I do love TOG in the knowledge of who and what he is, as opposed to an image of him disconnected from reality. I was very clear that I didn't expect that he would quit and that I loved him in that knowledge and belief; unfortunately nothing much has changed there except for developing a hard limit. Which makes not worrying about him difficult, alas, and means I have all these feelings that I need to work out what to do with.
  • I am all tangled up and sad & trying to carry other people's burdens all unasked at the moment; it's not good for me and I need to work out how to set them aside. Homework for the week was lots of breathing exercises (we know they work for me) and some focussing on the serenity prayer (at my own wry suggestion; counsellor said "Will that help?" and I replied "Well, it'll make me grin wryly, so yes, in a sense....").

Next session late Friday afternoon next week. Counsellor is once again attempting to charge me less money...
azurelunatic: Jago guarding Bren, captioned "man'chi". (Cover art from C.J. Cherryh's Foreigner series.)  (man'chi)
[personal profile] azurelunatic
It turns out that I have some unprocessed emotions from the final months of LiveJournal volunteering. I found this out due to a superficially similar thing adjacent to me triggering those emotions last night. Once I identified it as both having tripped off some stored-up trauma, and also (thanks to a timely comment from [personal profile] sithjawa) affecting my man'chi, it was easier to cope.

Easier didn't mean actually easy. I still started out my morning in a right state. I was underslept a bit, so I was a bit woobly, and the main thing keeping me from hiding under somebody's desk with some fairly terrible raspberry vodka was that it would be unseemly. So I didn't do that. And then Fishie said something on Twitter which struck my funny bone, and I laughed a lot about it and then I was basically okay. And then my Overlady called me into her office for some advice and a pep talk, and that was good.

And then it was time for an A-Team training session on some in-house software made by the same team which makes my participant database tool. Of whom I have grown increasingly fond in contrast to the everloving helpdesk software, which is out-house. (Which also explains why I could not find anything online when searching up the name of the tool.) The thing is a front end for the awkward automated coupling of Mailman with arguments against certain fields in the company directory, via a nightly cronjob. The highlight was the awkward attempt to not explain boolean logic when explaining some of the less intuitive settings. The dev also wasn't sure quite what the Bugzilla category was for it.

I did catch the tail end of lunch with Purple, which irrationally pleased me (as he'd put off going to lunch as long as possible in order to possibly overlap with me, as I'd told him my schedule).

After that there was a team meeting. The grandmanager has returned.

Researcher Carmageddon was surprised to see me in early. He wasn't having the greatest of days either, due to having parked the previous evening inside what later became a crime scene due to the discovery of some explosives or something, just in time for him to not be able to drive in search of dinner. This did not start his morning off the best.

Later in the evening, I was poking at the mail tool to see what lists there were in the live version. Within about twenty minutes, I found myself raiding Bugzilla, because I'd discovered a bit of a little UI bug. This touched off a rediscovery of how strong a case of impostor syndrome I actually have, with concurrent pep talk from Purple. It is apparently patently obvious to anyone within looning distance of me how much delight I take in finding these things. The surprise to me this time was how easy the first one was to find. I do this. I'm good at this. I should stop being surprised that I'm good at this. It does help to have someone who knows exactly what kind of pressure cooker filled with dry ice DeVry was.

Tomorrow will be an utter zoo.

Tonight, I'm putting a few more touches on the costume. It's going to be very hot, but I think it's worth it.

(no subject)

Oct. 23rd, 2014 10:16 pm
staranise: A star anise floating in a cup of mint tea (Default)
[personal profile] staranise
Wagner's Das Rheingold is playing at the opera in town this weekend. It's got good reviews and I'm kind of tempted to go just to, well, have seen it.

On the other hand my dad is on the Island for the next few days, so the timing may not work out in any event. I think it's going well? We're talking a bit more. Today we drove up to Lake Cowichan, which was beautiful as ever and sang to me and my shoulders unwound until we left.

The Games I'm Playing Lately

Oct. 24th, 2014 07:16 am
megpie71: Vincent Valentine pointing Cerberus toward the camera (BFG)
[personal profile] megpie71
When I bought this laptop (say "hi", Orac) it came with a program for "Wild Tangent Games" on it and some games pre-loaded. I was sorta interested, so I took a look, and it turned out to be quite rewarding.

For those not in the know, Wild Tangent are basically a "small games" (what the industry calls "casual games"[1]) publishing and distribution house. They provide marketing opportunities for small games, and offer them on a try-rent-buy basis to people like you and me who can't be arsed chasing things around Steam or Origin or whatever. They're the ones who introduced me to Bejewelled and Plants vs Zombies, so they're not all bad, and every week their little launch application updates with a new selection of games to choose from, as well as links to various MMO flash games out there on the web.

If you download a game from their "store", you get one free play (so you can decide whether or not you like it) and then subsequent plays are on a rental basis, paid for with "WildCoins" - you get 50 WildCoins for about $8.50 Australian, and a typical game use costs between 4 and 6 coins, usually about 5. Lately, they're offering the "buy for WildCoins" option as well - pay about 20 WildCoins, and you get to have the game for unlimited use. It probably isn't the best bargain for the developers, but for an unemployed person like me, it's pretty damn great.

Lately I've been downloading a lot of Hidden Object games. The basic thing about hidden object games is they're built around the old "find the objects listed below we've hidden in this picture" puzzles, and they're often quite challenging. There seem to be a few separate sub-genres - one in which you're participating in an interactive storyline (where one of the objects you're finding is going to be useful to you in overcoming the next set of puzzles you're going to be facing); another in which you're given a reward for finding the objects (points or money) and you "spend" your reward on improving a scenario (renovating a mansion, updating a farm, decorating a garden, updating a room etc); and a third where the object is basically just to complete all the puzzles and have done with it. I'm fondest of the "interactive storyline" games, because they're usually fairly interesting, and I've always been a plot junkie.

The thing I find about these games as well is they're generally pretty good for sitting down and ploughing through in one sustained burst (which means I can download an "interactive-storyline" hidden object game, and play it all through in one day) and they have (for me) very low re-playability (which means I can do that one burst as the "free try" play through, and then delete the game). If I have to split the game into a couple of play throughs (say if I start one in the evening after dinner but before I go to bed) then I'll usually get about half to three-quarters of the way through before I need to stop.

So this is how I'm doing most of my gaming these days - I download games from Wild Tangent, play them through, and then delete them off the hard drive.

Why am I stepping up to mention this, and starting to review these games? Well, blame the charming young fools from #gamergate for that. I'm female, I'm forty-three, and I've been playing one form or another of electronic game since I was about twelve. I have been an electronic game player for over thirty years now, and I'm annoyed at these nincompoops trying to claim MY identity as being either inferior to their own, or disclaiming it entirely, or trying to claim I stand with them. So I'm going to be looking at games with a mind to reviewing them in future, as a woman, as an older woman, and as a person who isn't socially permitted to claim the label of "gamer" without getting pilloried for it. Just so these little darlings can see they aren't the only fish in the pond, and that there's more to gaming than buying what's latest and greatest on the X-box or Playstation. Hey, if it helps some developers get an idea of what I'm looking for, and what does and doesn't work for people like me, all the better.

[1] I don't like the term "casual gamer" because of the implication it carries that someone who sinks multiple hours into playing Bejewelled or Chuzzles on the "infinite play" levels as part of their daily commuting routine, spends ages trying to get each level of a time management game completed to "gold" standard, and goes through a couple of different hidden object games every month across PC, console and smartphone platforms is somehow inherently not as committed to playing electronic games as someone who only sinks their hours into playing FPPPMSEU[2] on their console on Saturday nights. So I use "small games" instead - because they only ask for a small block of contiguous time, rather than the multi-hour chunks required by the larger games.
[2] First Person Perspective Pseudo-Military Shoot-'Em-Ups.

Just One Thing! (23 October 2014)

Oct. 23rd, 2014 07:35 am
kate: a dirt path through a bright green forest (trees: road less traveled)
[personal profile] kate posting in [community profile] awesomeers
It's challenge time!

Comment with Just One Thing that you've accomplished in the past 24 hours or so. It doesn't have to be a hard thing, or even a thing you think is particularly awesome. Just a thing that you did.

Feel free to share more than one thing if you're feeling accomplished!

Extra credit: find someone in the comments and give them props for what they achieved!

Nothing is too big, too small, too strange, or too cryptic. And in case you'd rather do this in private, anonymous comments are screened. I will only unscreen if you ask me to.

Go!

(no subject)

Oct. 23rd, 2014 01:56 am
staranise: A star anise floating in a cup of mint tea (Default)
[personal profile] staranise
Thoughts on the recent Agents of SHIELD episode (2x05, "A Hen in the Wolf House"):

Spoilers! )

Linux Container Security

Oct. 23rd, 2014 08:44 am
[personal profile] mjg59
First, read these slides. Done? Good.

Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment[1].

Does this mean containers provide reduced security? That's an arguable point. In the event of a new kernel vulnerability, container-based deployments merely need to upgrade the kernel on the host and restart all the containers. Full VMs need to upgrade the kernel in each individual image, which takes longer and may be delayed due to the additional disruption. In the event of a flaw in some remotely accessible code running in your image, an attacker's ability to cause further damage may be restricted by the existing seccomp and capabilities configuration in a container. They may be able to escalate to a more privileged user in a full VM.

I'm not really compelled by either of these arguments. Both argue that the security of your container is improved, but in almost all cases exploiting these vulnerabilities would require that an attacker already be able to run arbitrary code in your container. Many container deployments are task-specific rather than running a full system, and in that case your attacker is already able to compromise pretty much everything within the container. The argument's stronger in the Virtual Private Server case, but there you're trading that off against losing some other security features - sure, you're deploying seccomp, but you can't use selinux inside your container, because the policy isn't per-namespace[2].

So that seems like kind of a wash - there's maybe marginal increases in practical security for certain kinds of deployment, and perhaps marginal decreases for others. We end up coming back to the attack surface, and it seems inevitable that that's always going to be larger in container environments. The question is, does it matter? If the larger attack surface still only results in one more vulnerability per thousand years, you probably don't care. The aim isn't to get containers to the same level of security as hypervisors, it's to get them close enough that the difference doesn't matter.

I don't think we're there yet. Searching the kernel for bugs triggered by Trinity shows plenty of cases where the kernel screws up from unprivileged input[3]. A sufficiently strong seccomp policy plus tight restrictions on the ability of a container to touch /proc, /sys and /dev helps a lot here, but it's not full coverage. The presentation I linked to at the top of this post suggests using the grsec patches - these will tend to mitigate several (but not all) kernel vulnerabilities, but there's tradeoffs in (a) ease of management (having to build your own kernels) and (b) performance (several of the grsec options reduce performance).

But this isn't intended as a complaint. Or, rather, it is, just not about security. I suspect containers can be made sufficiently secure that the attack surface size doesn't matter. But who's going to do that work? As mentioned, modern container deployment tools make use of a number of kernel security features. But there's been something of a dearth of contributions from the companies who sell container-based services. Meaningful work here would include things like:

  • Strong auditing and aggressive fuzzing of containers under realistic configurations
  • Support for meaningful nesting of Linux Security Modules in namespaces
  • Introspection of container state and (more difficult) the host OS itself in order to identify compromises

These aren't easy jobs, but they're important, and I'm hoping that the lack of obvious development in areas like this is merely a symptom of the youth of the technology rather than a lack of meaningful desire to make things better. But until things improve, it's going to be far too easy to write containers off as a "convenient, cheap, secure: choose two" tradeoff. That's not a winning strategy.

[1] Companies using hypervisors! Audit your qemu setup to ensure that you're not providing more emulated hardware than necessary to your guests. If you're using KVM, ensure that you're using sVirt (either selinux or apparmor backed) in order to restrict qemu's privileges.
[2] There's apparently some support for loading per-namespace Apparmor policies, but that means that the process is no longer confined by the sVirt policy
[3] To be fair, last time I ran Trinity under Docker under a VM, it ended up killing my host. Glass houses, etc.

Saw Elise; the cat is doing better

Oct. 22nd, 2014 10:00 pm
redbird: tea being poured into a cup (cup of tea)
[personal profile] redbird
I had talked to [personal profile] elisem on Monday about getting together again today, and last night she proposed that we both go visit Soren, as we had on Monday. He said "any time after noon," though I was skeptical after getting an email from him this morning that he had sent at 3:30 a.m. Nonetheless, I took the bus up to his neighborhood, had clams at Ivar's, and then walked over to his apartment. No answer; since the doorbell is hooked up to the phone, I left a message. Then I heard from Elise; Soren had told her "not feeling well, give me an hour" more than an hour earlier. She was worried, and a neighbor let me into the building, so I went up and knocked, loudly. Soren was sleepy and not up for company, but there was nothing seriously wrong, so I got back on the bus and met Elise in Fremont. We hung out a while in a burger restaurant while she had lunch and I drank iced tea, then walked for a bit, back to where she is staying. There was good conversation, again much of it about Velma ([personal profile] roadnotes.

Also, I posted about Velma's death and notifying people on the "I need a hug" section of the Friends of Captain Awkward site, using real names in the post because it was easier than inventing pseudonyms. I got a PM this morning from someone who knew Velma from a fountain pen forum, asking "I hope not, but is that the same Velma?" I've also gotten a Faceboorequest for Soren's email address from someone who says he's an old friend of theirs—I replied and asked him for a non-Facebook address Soren can reach him at—and a very ill-timed FB friend request on Sunday from an ex of hers, which I hope is coincidence rather than some sort of vulturine response to the bad news.

Meanwhile, our cat [livejournal.com profile] julian_tiger has gotten very good at not taking pills, and had almost no appetite yesterday. (He was trying, but after a few nibbles of chicken sausage he had that "I want to be hungry for that" look.) This morning I tried him on bell pepper (again, he ate a little and clearly wanted to be hungry for more) and then plain yogurt. He was happy to lick some off my finger, then licked the bowl, so I gave him another tablespoonful. Then, on a hunch, I offered him some peach jam. Happy cat! He asked for seconds, and thirds, and fourths.

I found clementines at the supermarket this morning, and he was happy to help me with one. OK, he wants soft/moist things, and we're back in "orange food for orange cats." I bought salmon and a sweet potato for dinner. He was very happy to help us with them, in larger quantities than we would normally give him, which is a relief, because the vet confirmed that he can't live on just yogurt and fruit, he needs protein. Rationally, "orange food for orange cats" is as silly a basis for a menu as basing it on blood type, but everything there except maybe the peach jam is something I already knew he liked. We are much more optimistic than we were 24 hours ago, and I have at least enough cooked fish left to give him healthy treats tomorrow.

Profile

tim: Tim with short hair, smiling, wearing a black jacket over a white T-shirt (Default)
Tim Chevalier

October 2014

S M T W T F S
    1234
56 7891011
1213 1415161718
19202122232425
262728293031 

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags