Thursday, September 25, 2014

its probably good for your moral character..

from lizard's ghost

mostly cgi

Exploit details: The way this bug is exploited is anything that that first sticks some Internet parameter in an environmental variable, and then executes a bash script. Thus, simply calling bash isn't the problem. Thus, some things (like PHP apparently) aren't necessarily vulnerable, but other things (like CGI shell scripts) are vulnerable as all get out. For example, a lot of wireless routers shell out to "ping" and "traceroute" -- these are all likely vulnerable.

from lizard's ghost

cirque du quadcopter..

from lizard's ghost

can some designer verify this?

from lizard's ghost

Tuesday, September 23, 2014

a business plan

Bought my chair years ago, luckely my carpenter doesn't come by once a month to ask me money for every time i sat in his chair (there is a counter build in)under the argument that he (or most of the times a greedy somebody else, but he who bought the 'legal' right) made it so many years ago and that was such hard work that he wants to be paid for it for the rest of his life, so he can sit on the beach.

Oh, and he also used poor quality paint, and the contract states that you have to pay him every year to repaint it and you are not allowed to do it yourself or force him to use quality paint....he can take away the chair any time you do not comply.

  • from a steam review for "The Mighty Quest For Epic Loot"

from lizard's ghost

the difference between terry and linus

see what fellow programmers say about him and his os

and the actualy videos -

from lizard's ghost

Monday, September 22, 2014

you're not the only fatty - over the past 20 years or more, as the American people were getting fatter, so were America’s marmosets. As were laboratory macaques, chimpanzees, vervet monkeys and mice, as well as domestic dogs, domestic cats, and domestic and feral rats from both rural and urban areas. In fact, the researchers examined records on those eight species and found that average weight for every one had increased. The marmosets gained an average of nine per cent per decade. Lab mice gained about 11 per cent per decade. Chimps, for some reason, are doing especially badly: their average body weight had risen 35 per cent per decade. Allison, who had been hearing about an unexplained rise in the average weight of lab animals, was nonetheless surprised by the consistency across so many species. ‘Virtually in every population of animals we looked at, that met our criteria, there was the same upward trend,’ he told me.

from lizard's ghost

Sunday, September 21, 2014

grades are a function of how you do scoring, not how good the kid is

girls tend to get better grades than boys -

there's no statistically significant difference between male and female grades -

from lizard's ghost

Thursday, September 18, 2014

the world's default mail server

fedora wanted to remove it

openbsd is removing it

from lizard's ghost

Wednesday, September 17, 2014

a good idea

leni536 1 hour ago | link

Just put a smart card chip and the pin code entering mechanism on the card (or authentication token. It doesn't necessarily need to be a "card"). This way you don't have to trust the ATMs. (Or any other device you don't control. How many times do you buy stuff using your credit card?)


artr 21 minutes ago | link

Commonwealth Bank in Australia does something like that. They have a feature in their iOS/Android app that lets you withdraw cash without a card. It generates a code on the phone and also sends you a 4 digit code via sms. Then you enter both codes to their nearest atm. Good for when you've forgotten your card or the atm looks dodhy.


from lizard's ghost

google maps mmorpg dream.2

its not that far fetched actually..this was 2008!

from lizard's ghost

launching today, mathematica online

or alternatively(?),

from lizard's ghost

Tuesday, September 16, 2014

maybe they just need to open source their implementation and stop blabbering

which key? what key? how is key exchange accomplished? how is key management done?

from lizard's ghost

Monday, September 15, 2014

from one second to the next - werner herzog

from lizard's ghost


All sorts of people tell me about their memories,

about all the things I left in the playground called Earthbound.

From the tiny safety pins, broken pieces of colored glass to the withering leaves.

When I ask them, "how do you remember so much?"

With their eyes gleaming, they say,

"I love that world so much I remember everything about it." I reply right away saying "me too."

Ah hah! That may be it.

Maybe I wanted to make a playground.

A playground filled with things no matter how small or unwanted,

they would all be kept dear in people's hearts.

It looks like all my friends from around the world have discovered the theme to the game as they were playing – even though I didn't think I gave it one.

That's right, that's something I also wanted to do all along.

  • Shigesato Itoi

from lizard's ghost

Friday, September 12, 2014

a bank that seems to get it

tech outage post mortem..

who are they?

from lizard's ghost

Thursday, September 11, 2014

cow sense

from lizard's ghost

a space monkey bites the dust..

Founded in 2011, the company has raised only $2.7 million of venture capital in a Series A round led by Google Ventures in 2012 as well as raising $349,625 in a Kickstarter campaign last year.

from lizard's ghost

Wednesday, September 10, 2014

unfortunately i run a antispam gateway on my edis vps..

Dear Ladies and Gentlemen,

EDIS customer can enjoy complete protection from viruses and happy about SPAM-free mailboxes. Operated by EDIS in Austria Barracuda Spam and Anti Virus Firewall-Cluster is an enterprise system to block unwanted content and viruses.

The Barracude e-mail security solution is now included free of charge with every EDIS Web hosting product.

You can log in with your email address and your email password to meet your personal settings there.

We hope you will enjoy this new service and remain

With best regards,

Your EDIS team

from lizard's ghost

Monday, September 08, 2014

Living in the Fantasy Land by Yukihiro "Matz" Matsumoto

from lizard's ghost

a personal journey : stephen hawking

from lizard's ghost

how complex systems fail

How Systems Fail

Copyright © 1998, 1999, 2000 by R.I.Cook, MD, for CtL Revision D (00.04.21)

Page 1

How Complex Systems Fail

(Being a Short Treatise on the Nature of Failure; How Failure is Evaluated; How Failure is Attributed to Proximate Cause; and the Resulting New Understanding of Patient Safety)

Richard I. Cook, MD

Cognitive technologies Laboratory

University of Chicago

1) Complex systems are intrinsically hazardous systems.

All of the interesting systems (e.g. transportation, healthcare, power generation) are

inherently and unavoidably hazardous by the own nature. The frequency of hazard

exposure can sometimes be changed but the processes involved in the system are

themselves intrinsically and irreducibly hazardous. It is the presence of these hazards

that drives the creation of defenses against hazard that characterize these systems.

2) Complex systems are heavily and successfully defended against failure.

The high consequences of failure lead over time to the construction of multiple layers of

defense against failure. These defenses include obvious technical components (e.g.

backup systems, ‘safety’ features of equipment) and human components (e.g. training,

knowledge) but also a variety of organizational, institutional, and regulatory defenses

(e.g. policies and procedures, certification, work rules, team training). The effect of these measures isto provide a series of shields that normally divert operations away from


3) Catastrophe requires multiple failures –single point failures are not enough..

The array of defenses works. System operations are generally successful. Overt

catastrophic failure occurs when small, apparently innocuous failures join to create

opportunity for a systemic accident. Each of these small failures is necessary to cause

catastrophe but only the combination is sufficient to permit failure. Put another way,

thereare many more failure opportunities than overt system accidents. Most initial

failure trajectories are blocked by designed system safety components. Trajectories that

reach the operational level are mostly blocked, usually by practitioners.

4) Complex systems contain changing mixtures of failures latent within them.

The complexity of these systems makes it impossible for them to run without multiple

flaws being present. Because these are individually insufficient to cause failure they are

regarded as minor factors during operations. Eradication of all latent failures is limited

primarily by economic cost but also because it is difficult before the fact to see how such

failures might contribute to an accident. The failures change constantly because of

changing technology, work organization, and efforts to eradicate failures.

5) Complex systems run in degraded mode.

A corollary to the preceding point is that complex systems run as broken systems. The

system continues to function because it contains so many redundancies and because

people can make it function, despite the presence of many flaws. After accident reviews

nearly always note that the system has a history of prior ‘proto-accidents’ that nearly

generated catastrophe. Arguments that these degraded conditions should have been

recognized before the overt accident are usually predicated on naïve notions of system

performance. System operations are dynamic, with components (organizational, human,

technical) failing and being replaced continuously.

How Systems Fail

Copyright © 1998, 1999, 2000 by R.I.Cook, MD, for CtL Revision D (00.04.21)

Page 2

6) Catastrophe is always just around the corner.

Complex systems possess potential for catastrophic failure. Human practitioners are

nearly always in close physical and temporal proximity to these potential failures –

disaster can occur at any time and in nearlyany place. The potential for catastrophic

outcome is a hallmark of complex systems. It is impossible to eliminate the potential for

such catastrophic failure; the potential for such failure is always present by the system’s

own nature.

7) Post-accident attribution accident to a ‘root cause’ is fundamentally wrong.

Because overt failure requires multiple faults, there is no isolated ‘cause’ of an accident.

There are multiple contributors to accidents. Each of these is necessary insufficient in

itself to create an accident. Only jointly are these causes sufficient to create an accident.

Indeed, it is the linking of these causes together that creates the circumstances required

for the accident. Thus, no isolation of the ‘root cause’ of an accident is possible. The

evaluations based on such reasoning as ‘root cause’ do not reflect a technical

understanding of the nature of failure but rather the social, cultural need to blame

specific, localized forces or events for outcomes.


8) Hindsight biases post-accidentassessments of human performance.

Knowledge of the outcome makes it seem that events leading to the outcome should have

appeared more salient to practitioners at the time than was actually the case. This means

that ex post factoaccident analysis of humanperformance is inaccurate. The outcome

knowledge poisons the ability of after-accident observers to recreate the view of

practitioners before the accident of those same factors. It seems that practitioners “should

have known” that the factors would “inevitably” lead to an accident.


Hindsight bias

remains the primary obstacle to accident investigation, especially when expert human performance

is involved.

9) Human operators have dual roles: as producers & as defenders against failure.

The system practitioners operate the system in order to produce its desired product and

also work to forestall accidents. This dynamic quality of system operation, the balancing

of demands for production against the possibility of incipient failure is unavoidable.

Outsiders rarely acknowledge the duality of this role. In non-accident filled times, the

production role is emphasized. After accidents, the defense against failure role is

emphasized. At either time, the outsider’s view misapprehends the operator’s constant,

simultaneous engagement with both roles.

10) All practitioner actions are gambles.

After accidents, the overt failure often appears to have been inevitable and the

practitioner’s actions as blunders or deliberate willful disregard of certain impending

failure. Butall practitioner actions are actually gambles, that is, acts that take place in the

face of uncertain outcomes. The degree of uncertainty may change from moment to

moment. That practitioner actions are gambles appears clear after accidents; in general,


Anthropological field research provides the clearest demonstration of the socialconstruction of the notion

of ‘cause’ (cf. Goldman L (1993), The Culture of Coincidence: accident and absolute liability in Huli, New York:

Clarendon Press; and also Tasca L (1990), The Social Construction of Human Error, Unpublished doctoral

dissertation, Department of Sociology, State University of New York at Stonybrook.


This is not a feature of medical judgements or technical ones, but rather of all human cognition about past

events and their causes.

How Systems Fail

Copyright © 1998, 1999, 2000 by R.I.Cook, MD, for CtL Revision D (00.04.21)

Page 3

post hocanalysis regards these gambles as poor ones. But the converse: that successful

outcomes are also the result of gambles; is not widely appreciated.

11) Actions at the sharp end resolve all ambiguity.

Organizations are ambiguous, often intentionally,about the relationship between

production targets, efficient use of resources, economy and costs of operations, and

acceptable risks of low and high consequence accidents. All ambiguity is resolved by

actions of practitioners at the sharp end of the system. After an accident, practitioner

actions may be regarded as ‘errors’ or ‘violations’ but these evaluations are heavily

biased by hindsight and ignore the other driving forces, especially production pressure.

12) Human practitioners are the adaptable element of complex systems.

Practitioners and first line management actively adapt the system to maximize

production and minimize accidents. These adaptations often occur on a moment by

moment basis. Some of these adaptations include: (1) Restructuring the system in order

to reduce exposure of vulnerable parts to failure. (2) Concentrating critical resources in

areas of expected high demand. (3) Providing pathways for retreat or recovery from

expected and unexpected faults. (4) Establishing means for early detection of changed

system performance in order to allow graceful cutbacks in production or other means of

increasing resiliency.

13) Human expertise in complex systems is constantly changing

Complex systems require substantial human expertise in their operation and

management. This expertise changes in character as technology changes but it also

changes because of the need to replace experts who leave. In every case, training and

refinement of skill and expertise is one part of the function of the system itself. At any

moment, therefore, a given complex system will contain practitioners and trainees with

varying degrees of expertise. Critical issues related to expertise arise from (1) the need to

use scarce expertise as a resource for the most difficult or demanding production needs

and (2) the need to develop expertise for future use.

14) Change introduces new forms of failure.

The low rate of overt accidents in reliable systems may encourage changes, especially the

use of new technology, to decrease thenumber of low consequence but high frequency

failures. These changes maybe actually create opportunities for new, low frequency but

high consequence failures. When new technologies are used to eliminate well

understood system failures or to gain high precision performance they often introduce

new pathways to large scale, catastrophic failures. Not uncommonly, these new, rare

catastrophes have even greater impact than those eliminated by the new technology.

These new forms of failure are difficult to see before the fact; attention is paid mostly to

the putative beneficial characteristics of the changes. Because these new, high

consequence accidents occur at a low rate, multiple system changes may occur before an

accident, making it hard to see the contribution of technology to the failure.

15) Views of ‘cause’ limit the effectiveness of defenses against futureevents.

Post-accident remedies for “human error” are usually predicated on obstructing activities

that can “cause” accidents. These end-of-the-chain measures do little to reduce the

likelihood of further accidents. In fact that likelihood of an identical accident is already

extraordinarily low because the pattern of latent failures changes constantly. Instead of

increasing safety, post-accident remedies usually increase the coupling and complexity of

How Systems Fail

Copyright © 1998, 1999, 2000 by R.I.Cook, MD, for CtL Revision D (00.04.21)

Page 4

the system. This increases the potential number of latent failures and also makes the

detection and blocking of accident trajectories more difficult.

16) Safety is a characteristic of systems and not of their components

Safety is an emergent property of systems; it does not reside in a person, device or

department of an organization or system. Safety cannot be purchased or manufactured; it

is not a feature that is separate from the other components of thesystem. This means that

safety cannot be manipulated like a feedstock or raw material. The state of safety in any

system is always dynamic; continuous systemic change insures that hazard and its

management are constantly changing.

17) People continuously create safety.

Failure free operations are the result of activities of people who work to keep the system

within the boundaries of tolerable performance. These activities are, for the most part,

part of normal operations and superficially straightforward.But because system

operations are never trouble free, human practitioner adaptations to changing conditions

actually create safety from moment to moment. These adaptations often amount to just

the selection of a well-rehearsed routine from a store of available responses; sometimes,

however, the adaptations are novel combinations or de novocreations of new approaches.

18) Failure free operations require experience with failure.

Recognizing hazard and successfully manipulating system operations to remain inside

the tolerable performance boundaries requires intimate contact with failure. More robust

system performance is likely to arise in systems where operators can discern the “edge of

the envelope”. This is where system performance begins to deteriorate, becomes difficult

to predict, or cannot be readily recovered. In intrinsically hazardous systems, operators

are expected to encounter and appreciate hazards in ways that lead to overall

performance that is desirable. Improved safety depends on providing operators with

calibrated views of the hazards. It also depends on providing calibration about how their

actions move system performance towards or away from the edge of the envelope.

Other materials:

Cook, Render, Woods (2000). Gaps in the continuity of care and progress on patient

safety. British Medical Journal320: 791-4.

Cook (1999). A Brief Look at the New Look in error, safety, and failure of complex

systems. (Chicago: CtL).

Woods & Cook (1999). Perspectives on Human Error: Hindsight Biases and Local

Rationality. In Durso, Nickerson, et al., eds., Handbook of Applied Cognition. (New

York: Wiley) pp. 141-171.

Woods & Cook (1998). Characteristics of Patient Safety: Five Principles that Underlie

Productive Work. (Chicago: CtL)

Cook & Woods (1994), “Operating at the Sharp End: The Complexity of Human Error,”

in MS Bogner, ed., Human Error in Medicine,Hillsdale, NJ; pp. 255-310.

How Systems Fail

Copyright © 1998, 1999, 2000 by R.I.Cook, MD, for CtL Revision D (00.04.21)

Page 5

Woods, Johannesen, Cook, & Sarter (1994), Behind Human Error: Cognition, Computers and

Hindsight,Wright Patterson AFB: CSERIAC.

Cook, Woods, & Miller (1998), A Tale of Two Stories: Contrasting Views of Patient Safety,

Chicago, IL: NPSF, (available as PDF file on the NPSF web site at

from lizard's ghost

the okcupid blog

cbhl 8 hours ago | link

I really enjoyed reading OkTrends posts, but having near radio silence for three years (apart from one post last July) followed by a full-on PR blitz for a new book (comes out on Tuesday) makes me a little sad.

This piece almost makes it sound as if Rudder has been blogging based on OkCupid results this whole time... and if you go to the OkTrends site, you see huge inline placement for Rudder's new book.

beloch 7 hours ago | link

OKTrends went dormant when OKCupid was sold to the company that operates I don't know what Rudder's involvement with OKCupid was after that, but he was no longer one of the owners. He might have still worked there, but kept his blog silent under pressure from management.

shawndrost 6 hours ago | link

The blog went silent b/c Christian was put in charge of everydamnthing at the OKC office as Sam (the old CEO) moved up after the acquisition. I don't think there was any pressure from management, which would have been dumb -- the blog was a great asset to OKC/Match aside from that one post that they deleted for obvious reasons.

(Source: I used to work at OkCupid Labs, one of the things that Sam went on to do under Match, where he is now CEO.)

tgb 4 hours ago | link

What was the subject of the post that was deleted? (Is there an archive of it?)

Edit: from other comments:

CDRdude 4 hours ago | link

The title of the post was: "Why you should never pay for online dating". This appears to be a rehosted version of it:

chimeracoder 5 hours ago | link

I used to work at OkCupid, on OkTrends.

You're not the first person to propose this question - there's a comment like this almost every time OkCupid makes the front page - and here's what I wrote the last time[0], which I think explains it well:

There were a number of factors. A bit part is that, in 2010, there were 2.5 people working full-time[1] on doing research for OkTrends, which allowed us to research, write, and publish posts much more often.

The blog posts took a lot of work. "The Real Stuff White People Like"[2] took almost two months of my time, plus some from Max and Christian as well. (Much like the product design process, since we didn't start each post off with a clear end result in mind, not all the work was visible in the final product).

I left to go back to school. Max ended up taking on more responsibility for other data/stats work, which slowed the pace a bit, and he left at the beginning of 2012 to do his own stuff. And Christian became in charge of running OkCupid after the acquisition, which meant he had even less time then he did before Max and I joined.

People asked me for the last three years whether the reason OkTrends hadn't posted since 2011 was because of the acquisition and whether Match shut them down and I had to tell everyone "No, trust me, they're still around! It's just a coincidence!". Thankfully I no longer have to. :)


[1] 2.5 full-time means: Two of us full-time, as well as Christian, though he split his work time between OkTrends (the blog) and other stuff.


from lizard's ghost

"When I was forced to use Windows..." or "Back when I used Windows..." or "Whenever I have to use Windows..."

people who say those things use these:

from lizard's ghost

mdk3 in a box?

Deathentication / Disassociation Amok Mode

This is used to kick clients from an AP.

In this case I created a txt file with the AP MAC and used this as the blacklist.

echo 00:13:D4:09:32:60 > mdk3test.txt

mdk3 mon0 d -b mdk3test.txt -c 1 -s 250


This didn't actually kick my client off as an aireplay attack with sufficient packets would have done, but it effectively stopped all communication between the AP and the client.

from -

in a box?

from lizard's ghost

Sunday, September 07, 2014

ALS ice bucket challenge and wikipedia

Infographic: Ice Bucket Challenge Raises ALS Awareness Around the World | Statista

You will find more statistics at Statista

from lizard's ghost

Saturday, September 06, 2014

Friday, September 05, 2014

experience the power of a bookbook!

from lizard's ghost

Thursday, September 04, 2014

google maps mmorpg dream

i await the day google has finished 3d mapping the entire world. so that i can play skyrim-google maps edition. or something like that. wasd movement and mouse aiming(aim what though? camera? ha, its a screenshot!), e to jump and spacebar to interact. with mumble or teamspeak built in. and game lobby.

maybe i shall login to the vietnam server and play the hcmc map or something. and buy things from shops that have marked up their goods and services on the map just like some in-game vendor. if she's online we might even speak over the game chat.

too bad i probably can't buy bbq lady's fingers that way. or maybe she can send a thermos of streetside pho by fedex/dhl and i could have still-hot pho next morning.

from lizard's ghost

google maps feature request

add a button to the phone app that marks my location on the map. a small red dot perhaps. then display all the red dots as a map layer - a cab hailing heat map.

from lizard's ghost

i think i might donate to their kickstarter

the dream

and the response

from lizard's ghost

Wednesday, September 03, 2014

i thought the amount of 'mesh' traffic goes up with the number of mesh nodes..

It's not a traffic [bandwidth] problem, really. You have two basic kinds of wireless mesh networks: infrastructure mesh, and ad-hoc mesh. With the former, you can design the network so that each directly-connected node has a dedicated channel and you preserve full bandwidth across the spectrum. You also have only a few gateway nodes so your network updates are very few. With the latter you might be using one channel in half duplex to communicate with whatever nodes are closest to you and propagate joins/parts throughout the network. That will have less bandwidth and be slower to communicate as you add nodes, partly due to number of additional hops.

If the number of nodes who deal with routing increases, that's more nodes that need to be informed of each join/part, so technically it takes longer to update the network. But if the joins/parts are few and the signal is strong, this is a rare event. More nodes can make the whole system faster, or it can make the whole system slower. It depends on the implementation. But there's not a constant flow of mesh routing data that multiplies with nodes; that bandwidth used is tiny.

from Lizard's Ghost

good job, singapore dnc

Register by SMS

Send an SMS with the message ‘DNC’ to the following numbers:


78772 Express registration on all 3 Registers

78773 Express registration on No Voice Call Register only

78774 Express registration on No Text Message Register only

78771 Guided menu for all options (including to deregister)

Note: You can only register the number that you SMS from and normal SMS charges will apply.

from Lizard's Ghost

Tuesday, September 02, 2014

optimistic consistency

This document describes Tsync (pronounced "sink"), which provides transparent synchronization across a set of machines for existing files and directories. A transparent synchronization system makes keeping a set of files consistent across many machines---possibly with differing degrees of connectivity and availability---as simple as possible while requiring minimal effort from the user and maintaining security, robustness to failure, and fast performance.

Traditional synchronization tools, such as the popular Rsync and Unison, require that the user manually synchronize her files after changing them. Moreover, these tools are designed to only synchronize a pair of hosts: if the user wishes to synchronize N machines, then she must run the tool N-1 times. Not only is it inefficient to unicast the same data N-1 times, but the user is also burdened with remembering to restart synchronizations that are interrupted and manually recovering failed hosts.

Tsync will solve the problem of providing transparent synchronization under the assumption of optimistic consistency. Optimistic conistency assumes that the same file is not modified on two hosts at the same time. In the Tsync usage model, the user writes a simple configuration file, similar to /etc/exports, describing which directories should be synchronized, and listing one or more other hosts that are part of the Tsync group (although this list does not have to contain all the hosts in the group). The user runs the Tsync daemon, tsyncd, on each machine in the group. Then when the user creates/modifies/deletes files on one machine, those changes are automatically propagated to all the others. So if the user were to add a bookmark on her machine at the university, it would be reflected on her desktops at home. Even if not all of the computers are connected at the same time (such as if her laptop were powered off), then the next time the disconnected machine regained connectivity, it would automatically learn about the change and update itself.

A synchronization system for widely distributed hosts faces scalability and reliability challenges. The system must gracefully scale to accommodate tens or even hundreds of hosts. Of course, to make managing the system simple, the user cannot be required to manually configure each host with every other host. Hosts must have a way of learning about other hosts, as well as efficiently distributing control messages and data to all other hosts. Furthermore, the system must automatically adapt as hosts are powered off, lose connectivity, or crash, and must rapidly re-synchronize these computers when they re-join. Similarly, adding new hosts should be a simple process, and they should rapidly be brought up-to-date. The design of Tsync uses peer-to-peer and overlay techniques to provide scalable and efficient mechanisms for transparently synchronizing many hosts. Tsync organizes a user's machines into an overlay network with a tree topology. The overlay network, through probing and a root fail-over protocol, ensures that each node remains connected with all other connected nodes. The overlay network also provides a scalable means by which a Tsync node can learn about other hosts, besides the bootstrap host with which it was configured. The tree topology allows any Tsync host to efficiently multicast a message to all the other hosts. The overlay also handles authentication and encryption: hosts authenticate each other using RSA-keys, and all data is encrypted using TLS.

from Lizard's Ghost


i can't wait

here is a user guide

from Lizard's Ghost