Rolandt
Shared posts
Dynalist and Workflowy - storing docs locally - Dr Andus
It looks like it's been discontinued but it is still possible to install somehow. I can't vouch for the safety of this, but more here:
https://www.reddit.com/r/Workflowy/comments/ctlwds/workflowy_chrome_extension_gone/eyhqi7r/
The other option might be to use the Android version, if your computer can run it (e.g. a Chromebook):
https://play.google.com/store/apps/details?id=com.workflowy.android
RT @BBCkatyaadler: PM says heređthat UK could still leave EU by 31st October but âit depends on EUâ he says. Really? In theory UK could leaâŠ
|
mkalus
shared this story
from |
PM says heređthat UK could still leave EU by 31st October but âit depends on EUâ he says. Really? In theory UK could leave the EU today if A)the PM opted to leave without a deal B)If parliament didnât oblige him to ask for an extension to avoid no deal. All UK decisions not EU twitter.com/telegraph/statâŠ
Boris Johnson calls on Jeremy Corbyn to 'man up' over general election
bit.ly/2PiF2O9 pic.twitter.com/WfIVyeYJuV
332 likes, 127 retweets
piris_jc
on Friday, October 25th, 2019 1:52pm772 likes, 247 retweets
Apple Musicâs Beats 1 Introduces New Music Daily with Zane Lowe
On Friday, Apple Musicâs Beats 1 debuted a new Zane Lowe show called New Music Daily featuring the best new music across several genres along with interviews and commentary designed to complement Apple Musicâs playlist of the same name.
As described by Apple, New Music Daily is all about what is hot now:
Music moves fast. To keep up with hungry fans and tireless creators, Apple Music launched New Music Daily, our playlist for the latest and greatest must-hear songs from pop, hip-hop, Latin, and beyond. This show, broadcasting live on Apple Music every Friday, is the playlist brought to life: Hosted by Zane Lowe, it features interviews with todayâs most important artists, sharp commentary, and, of course, all the new songs you need to hear right now.
The show streams live on Apple Music every Friday at Noon New York time and can be replayed later.
Itâs time. â° @zanelowe debuts his #NewMusicDaily show on @AppleMusic! Lock in for interviews with @selenagomez, @taylorswift13, and @coldplayâs Chris Martin. https://t.co/paanEZ7Pu2 pic.twitter.com/E8HfwbOOT7
â Beats 1 (@Beats1) October 25, 2019
Loweâs new show is a companion to Apple Musicâs New Music Daily playlist, which is updated daily and is a rebranded version of its Best of the Week playlist. Listeners can visit a dedicated page in Appleâs Music app that collects the show and playlist as well as video interviews with recording artists in one place.
The inaugural episode of New Music Daily, which runs just over one hour, spotlights a wide range of music and interviews including appearances by Selena Gomez, Coldplayâs Chris Martin, and an excerpt from a longer interview with Taylor Swift that will be released next week. New Music Dailyâs Apple Music page also includes excerpts of upcoming video interviews with Taylor Swift and Kanye West.
In an interview with People.com, Lowe, who is Apple Musicâs global creative director, expanded on his vision for how the playlist and new show will work together:
Our New Music Daily playlist was built in the image of the artist and the fan. Music is constant and itâs in the hands of the artists now. Artists donât want to wait anymore, and we wanted a really big playlist that reflected that sentiment and could do it quickly. Iâll be in the studio with artists and I ask when theyâre putting something out and theyâll say, âI donât know, in an hour?â Weâve been clearing that space for artists for years, and with New Music Daily as a live show weâll continue to event-ize music, bringing an audience around shared listening moments, and reflecting the way artists want to release music on their own terms.
One of the consequences of streaming music services is that the release of an album is often not the way people hear the latest music from their favorite artists anymore. Instead, musicians release a steady stream of singles and EPs, only occasionally collecting them as full-length albums. Itâs the kind of continuous change that demands a different approach to how new material is surfaced.
Having listened to the first episode of New Music Daily, it strikes me as a formula that will work. The playlist currently includes 85 songs, which is a lot. What Loweâs new show does is provide context through his interviews and commentary that serve as an entry point into the larger playlist. By sending listeners to the playlist for the latest tracks from pop culture phenomenons like Swift and Gomez, New Music Daily can help spread awareness of lesser-known, emerging artists that included too.
You can check out the first episode of New Music Daily that aired Friday here.
Support MacStories Directly
Club MacStories offers exclusive access to extra MacStories content, delivered every week; itâs also a way to support us directly.
Club MacStories will help you discover the best apps for your devices and get the most out of your iPhone, iPad, and Mac. Plus, itâs made in Italy.
Join NowAzure Readiness Checklist
I love a good comprehensive checklist. This one is focused on large projects running on Azure but it's still fun to browse through if you are hosting elsewhere, mainly as a reminder of quite how much still goes into deploying large web services into production.
Via Charity Majors
Riding the Don Valley with TBN
Today was the last scheduled Saturday morning ride with TBN. I was a bit late getting started so I figured I would ride towards the start point, riding the first part of the route backwards until I met the group. Sure enough, I met them on the MGT just by Cherry Beach. A big group today, perhaps more than 30 cyclists!


Not the safest way to cross Lakeshore at Cherry St.

I think this is Tony blocking my view of the other riders ahead of us on the Lower Don Trail.


Turning left at the elephants to head towards Sunnybrook.

If I wasnât shooting straight into the sun, youâd be able to see the fall colours.

Bathroom and snack break at Sunnybrook.

The group heads off again.

I split off from the main group to head downtown via Leaside, Mt. Pleasant Cemetery, and then down through Forest Hill towards U of T. Here is the climb out of the valley.

Made it to the top, just behind Toronto Rehab.

A beautiful display in Mt. Pleasant Cemetery, with a fiery red Japanese maple.

Made a side trip to check out the new bicycle crossing at the top of Poplar Plains, which is the oldest bike lane in Toronto. As you approach St. Clair, you are directed to the left.

This sign would be more useful on the left side of the road, but perhaps it predates the intersection improvement?

Look, an actual button that is placed for the convenience of cyclists! The other one I know of that is not on an off road bike path is on Kilbarry at Oriole Parkway, but perhaps there are others. Note the bicycle crossing lights and the cut on the elevated curb where the streetcar runs.

Crossing this intersection must have been deeply unpleasant before these changes. Update: here is a Google street view shot from May 2019. The blue sign predates the revisions to the intersection.

Now a few pictures from the bike shop. The human powered submarine project is still ongoing.

Calvin repairing the biggest scratch on the fairing for TITAN.

Some of our past projects (plus TITAN), along with a couple of vehicles built by supermileage.

The team discusses if it is possible to build a vehicle that would be competitive at ASME while being decently fast at Battle Mountain. My tentative conclusion: high degree of difficulty.

Whose Knowledge?
The lovely thing about Mozfest, is that you can rock up to a session, already in mid-flow, and learn new things from wonderful people. In fact, I think itâs the only way to do Mozfest; the best sessions are those you chance upon, that expose you to new worlds, and new people.
Hereâs a visual thought from the Decolonizing the Internet session, with Anasuya Sengupta.
The post Whose Knowledge? appeared first on Visual Thinkery.
A portable Makefile for continuous delivery with Hugo and GitHub Pages
Fun fact: I first launched this GitHub Pages site 1,018 days ago.
Since then, weâve grown together. From early cringe-worthy commit messages, through eighty-six versions of Hugo, and up until last week, a less-than-streamlined multi-app continuous integration and deployment (CI/CD) workflow.
If you know me at all, you know I love to automate things. Iâve been using a combination of AWS Lambda, Netlify, and Travis CI to automatically build and publish this site. My workflow for the task includes:
- Build with Hugo on push to master, and on a schedule (Netlify and Lambda);
- Optimize and resize images (Netlify);
- Test with HTMLProofer (Travis CI); and
- Deploy to my separate, public, GitHub Pages repository (Netlify).
Thanks to the introduction of GitHub Actions, Iâm able to do all the above with just one portable Makefile.
Next week Iâll cover my Actions set up; today, Iâll take you through the nitty-gritty of my Makefile so you can write your own.
Makefile portability
POSIX-standard-flavour Make runs on every Unix-like system out there. Make derivatives, such as GNU Make and several flavours of BSD Make also run on Unix-like systems, though their particular use requires installing the respective program. To write a truly portable Makefile, mine follows the POSIX standard. (For a more thorough summation of POSIX-compatible Makefiles, I found this article helpful: A Tutorial on Portable Makefiles.) I run Ubuntu, so Iâve tested the portability aspect using the BSD Make programs bmake, pmake, and fmake. Compatibility with non-Unix-like systems is a little more complicated, since shell commands differ. With derivatives such as Nmake, itâs better to write a separate Makefile with appropriate Windows commands.
While much of my particular use case could be achieved with shell scripting, I find Make offers some worthwhile advantages. I enjoy the ease of using variables and macros, and the modularity of rules when it comes to organizing my steps.
The writing of rules mostly comes down to shell commands, which is the main reason Makefiles are as portable as they are. The best part is that you can do pretty much anything in a terminal, and certainly handle all the workflow steps listed above.
My continuous deployment Makefile
Hereâs the portable Makefile that handles my workflow. Yes, I put emojis in there. Iâm a monster.
.POSIX:
DESTDIR=public
HUGO_VERSION=0.58.3
OPTIMIZE = find $(DESTDIR) -not -path "*/static/*" \( -name '*.png' -o -name '*.jpg' -o -name '*.jpeg' \) -print0 | \
xargs -0 -P8 -n2 mogrify -strip -thumbnail '1000>'
.PHONY: all
all: get_repository clean get build test deploy
.PHONY: get_repository
get_repository:
@echo "đ Getting Pages repository"
git clone https://github.com/victoriadrake/victoriadrake.github.io.git $(DESTDIR)
.PHONY: clean
clean:
@echo "đ§č Cleaning old build"
cd $(DESTDIR) && rm -rf *
.PHONY: get
get:
@echo "â Checking for hugo"
@if ! [ -x "$$(command -v hugo)" ]; then\
echo "đ€” Getting Hugo";\
wget -q -P tmp/ https://github.com/gohugoio/hugo/releases/download/v$(HUGO_VERSION)/hugo_extended_$(HUGO_VERSION)_Linux-64bit.tar.gz;\
tar xf tmp/hugo_extended_$(HUGO_VERSION)_Linux-64bit.tar.gz -C tmp/;\
sudo mv -f tmp/hugo /usr/bin/;\
rm -rf tmp/;\
hugo version;\
fi
.PHONY: build
build:
@echo "đł Generating site"
hugo --gc --minify -d $(DESTDIR)
@echo "đ§ Optimizing images"
$(OPTIMIZE)
.PHONY: test
test:
@echo "đ Testing HTML"
docker run -v $(GITHUB_WORKSPACE)/$(DESTDIR)/:/mnt 18fgsa/html-proofer mnt --disable-external
.PHONY: deploy
deploy:
@echo "đ Preparing commit"
@cd $(DESTDIR) \
&& git config user.email "hello@victoria.dev" \
&& git config user.name "Victoria via GitHub Actions" \
&& git add . \
&& git status \
&& git commit -m "đ€ CD bot is helping" \
&& git push -f -q https://$(TOKEN)@github.com/victoriadrake/victoriadrake.github.io.git master
@echo "đ Site is deployed!"
Sequentially, this workflow:
- Clones the public Pages repository;
- Cleans (deletes) the previous build files;
- Downloads and installs the specified version of Hugo, if Hugo is not already present;
- Builds the site;
- Optimizes images;
- Tests the built site with HTMLProofer, and
- Prepares a new commit and pushes to the public Pages repository.
If youâre familiar with command line, most of this may look familiar. Here are a couple bits that might warrant a little explanation.
Checking if a program is already installed
I think this bit is pretty tidy:
if ! [ -x "$$(command -v hugo)" ]; then\
...
fi
I use a negated if conditional in conjunction with command -v to check if an executable (-x) called hugo exists. If one is not present, the script gets the specified version of Hugo and installs it. This Stack Overflow answer has a nice summation of why command -v is a more portable choice than which.
Image optimization
My Makefile uses mogrify to batch resize and compress images in particular folders. It finds them automatically using the file extension, and only modifies images that are larger than the target size of 1000px in any dimension. I wrote more about the batch-processing one-liner in this post.
There are a few different ways to achieve this same task, one of which, theoretically, is to take advantage of Makeâs suffix rules to run commands only on image files. I find the shell script to be more readable.
Using Dockerized HTMLProofer
HTMLProofer is installed with gem, and uses Ruby and Nokogiri, which adds up to a lot of installation time for a CI workflow. Thankfully, 18F has a Dockerized version that is much faster to implement. Its usage requires starting the container with the built site directory mounted as a data volume, which is easily achieved by appending to the docker run command.
docker run -v /absolute/path/to/site/:/mounted-site 18fgsa/html-proofer /mounted-site
In my Makefile, I specify the absolute site path using the default environment variable GITHUB_WORKSPACE. Iâll dive into this and other GitHub Actions features in the next post.
In the meantime, happy Making!
SQL injection and XSS: what white hat hackers know about trusting user input
Rolandtj
Software developers have a lot on their minds. There are are myriad of questions to ask when it comes to creating a website or application: What technologies will we use? How will the architecture be set up? What functions do we need? What will the UI look like? Especially in a software market where shipping new apps seems more like a race for reputation than a well-considered process, one of the most important questions often falls to the bottom of the âUrgentâ column: how will our product be secured?
If youâre using a robust, open-source framework for building your product (and if one is applicable and available, why wouldnât you?) then some basic security concerns, like CSRF tokens and password encryption, may already be handled for you. Still, fast-moving developers would be well served to brush up on their knowledge of common threats and pitfalls, if only to avoid some embarrass ing rookie mistakes. Usually, the weakest point in the security of your software is you.
Iâve recently become more interested in information security in general, and practicing ethical hacking in particular. An ethical hacker, sometimes called âwhite hatâ hacker, and sometimes just âhacker,â is someone who searches for possible security vulnerabilities and responsibly (privately) reports them to project owners. By contrast, a malicious or âblack hatâ hacker, also called a âcracker,â is someone who exploits these vulnerabilities for amusement or personal gain. Both white hat and black hat hackers might use the same tools and resources, and generally try to get into places they arenât supposed to be; however, white hats do this with permission, and with the intention of fortifying defences instead of destroying them. Black hats are the bad guys.
When it comes to learning how to find security vulnerabilities, it should come as no surprise that Iâve been devouring whatever information I can get my hands on; this post is a distillation of some key areas that are specifically helpful to developers when handling user input. These lessons have been collectively gleaned from these excellent resources:
- The Open Web Application Security Project guides
- The Hacker101 playlist from HackerOneâs YouTube channel
- Web Hacking 101 by Peter Yaworski
- Brute Logicâs blog
- The Computerphile YouTube channel
- Videos featuring Jason Haddix (@jhaddix) and Tom Hudson (@tomnomnom) (two accomplished ethical hackers with different, but both effective, methodologies)
You may be familiar with the catchphrase, âsanitize your inputs!â However, as I hope this post demonstrates, developing an application with robust security isnât quite so straightforward. I suggest an alternate phrase: pay attention to your inputs. Letâs elaborate by examining the most common attacks that take advantage of vulnerabilities in this area: SQL injection and cross site scripting.
SQL injection attacks
If youâre not yet familiar with SQL (Structured Query Language) injection attacks, or SQLi, here is a great explain-like-Iâm-five video on SQLi. You may already know of this attack from xkcdâs Little Bobby Tables. Essentially, malicious actors may be able to send SQL commands that affect your application through some input on your site, like a search box that pulls results from your database. Sites coded in PHP can be especially susceptible to these, and a successful SQL attack can be devastating for software that relies on a database (as in, your Users table is now a pot of petunias).
You have no chance to survive make your time.
You can test your own site to see if youâre susceptible to this kind of attack. (Please only test sites that you own, since running SQL injections where you donât have permission to be doing so is, possibly, illegal in your locality; and definitely, universally, not very funny.) The following payloads can be used to test inputs:
-
' OR 1='1evaluates to a constant true, and when successful, returns all rows in the table. -
' AND 0='1evaluates to a constant false, and when successful, returns no rows.
This video demonstrates the above tests, and does a great job of showing how impactful an SQL injection attack can be.
Thankfully, there are ways to mitigate SQL injection attacks, and they all boil down to one basic concept: donât trust user input.
SQL injection mitigation
In order to effectively mitigate SQL injections, developers must prevent users from being able to successfully submit raw SQL commands to any part of the site.
Some frameworks will do most of the heavy lifting for you. For example, Django implements the concept of Object-Relational Mapping, or ORM, with its use of QuerySets. We can think of these as wrapper functions that help your application query the database using pre-defined methods that avoid the use of raw SQL.
Being able to use a framework, however, is never a guarantee. When dealing directly with a database, there are other methods we can use to safely abstract our SQL queries from user input, though they vary in efficacy. These are, by order of most to least preferred, and with links to relevant examples:
- Prepared statements with variable binding (or parameterized queries),
- Stored procedures; and
- Whitelisting or escaping user input.
If you want to implement the above techniques, the linked cheatsheets are a great starting point for digging deeper. Suffice to say, the use of these techniques to obtain data instead of using raw SQL queries helps to minimize the chances that SQL will be processed by any part of your application that takes input from users, thus mitigating SQL injection attacks.
The battle, however, is only half wonâŠ
Cross Site Scripting (XSS) attacks
If youâre a malicious coder, JavaScript is pretty much your best friend. The right commands will do anything a legitimate user could do (and even some things they arenât supposed to be able to) on a web page, sometimes without any interaction on the part of an actual user. Cross Site Scripting attacks, or XSS, occur when JavaScript code is injected into a web page and changes that pageâs behavior. Its effects can range from prank nuisance occurrences to more severe authentication bypasses or credential stealing. This incident report from Apache in 2010 is a good example of how XSS can be chained in a larger attack to take over accounts and machines.
The annual DOM dance-off receives an unexpected guest);
XSS can occur on the server or on the client side, and generally comes in three flavors: DOM (Document Object Model) based, stored, and reflected XSS. The differences amount to where the attack payload is injected into the application.
DOM based XSS
DOM based XSS occurs when a JavaScript payload affects the structure, behavior, or content of the web page the user has loaded in their browser. These are most commonly executed through modified URLs, such as in phishing emails.
To see how easy it would be for injected JavaScript to manipulate a page, we can create a working example with an HTML web page. Try creating a file on your local system called xss-test.html (or whatever you like) with the following HTML and JavaScript code:
<html>
<head>
<title>My XSS Example</title>
</head>
<body>
<h1 id="greeting">Hello there!</h1>
<script>
var name = new URLSearchParams(document.location.search).get('name');
if (name !== 'null') {
document.getElementById('greeting').innerHTML = 'Hello ' + name + '!';
}
</script>
</h1>
</html>
This web page will display the title âHello there!â unless it receives a URL parameter from a query string with a value for name. To see the script work, open the page in a browser with an appended URL parameter, like so:
file:///path/to/file/xss-test.html?name=Victoria
Fun, right? Our insecure (in the safety sense, not the emotional one) page takes the URL parameter value for name and displays it in the DOM. The page is expecting the value to be a nice friendly string, but what if we change it to something else? Since the page is owned by us and only exists on our local system, we can test it all we like. What happens if we change the name parameter to, say, <img+src+onerror=alert("pwned")>?

This is just one example, largely based on one from Bruteâs post, that demonstrates how an XSS attack could be executed. Funny pop-up alerts may be amusing, but JavaScript can do a lot of harm, including helping malicious attackers steal passwords and personal information.
Stored and reflected XSS
Stored XSS occurs when the attack payload is stored on the server, such as in a database. The attack affects a victim whenever that stored data is retrieved and rendered in the browser. For example, instead of using a URL query string, an attacker might update their profile page on a social site to include a hidden script in, say, their âAbout Meâ section. The script, improperly stored on the siteâs server, would successfully execute at a later time when another user views the attackerâs profile.
One of the most famous examples of this is the Samy worm that all but took over MySpace in 2005. It propagated by sending HTTP requests that replicated it onto a victimâs profile page whenever an infected profile was viewed. Within just 20 hours, it had spread to over a million users.
Reflected XSS similarly occurs when the injected payload travels to the server, however, the malicious code does not end up stored in a database. It is instead immediately returned to the browser by the web application. An attack like this might be executed by luring the victim to click a malicious link that sends a request to the vulnerable websiteâs server. The server would then send a response to the attacker as well as the victim, which may result in the attacker being able to obtain passwords, or perpetrate actions that appear to originate from the victim.
XSS attack mitigation
In all of these cases, XSS attacks can be mitigated with two key strategies: validating form fields, and avoiding the direct injection of user input on the web page.
Validating form fields
Frameworks can again help us out when it comes to making sure that user-submitted forms are on the up-and-up. One example is Djangoâs built-in Field classes, which provide fields that validate to some commonly used types and also specify sane defaults. Djangoâs EmailField, for instance, uses a set of rules to determine if the input provided is a valid email. If the submitted string has characters in it that are not typically present in email addresses, or if it doesnât imitate the common format of an email address, then Django wonât consider the field valid and the form will not be submitted.
If relying on a framework isnât an option, we can implement our own input validation. This can be accomplished with a few different techniques, including type conversion, for example, ensuring that a number is of type int(); checking minimum and maximum range values for numbers and lengths for strings; using a pre-defined array of choices that avoids arbitrary input, for example, months of the year; and checking data against strict regular expressions.
Thankfully, we neednât start from scratch. Open source resources are available to help, such as the OWASP Validation Regex Repository, which provides patterns to match against for some common forms of data. Many programming languages offer validation libraries specific to their syntax, and we can find plenty of these on GitHub. Additionally, the XSS Filter Evasion Cheat Sheet has a couple suggestions for test payloads we can use to test our existing applications.
While it may seem tedious, properly implemented input validation can protect our application from being susceptible to XSS.
Avoiding direct injection
Elements of an application that directly return user input to the browser may not, on a casual inspection, be obvious. We can determine areas of our application that may be at risk by exploring a few questions:
- How does data flow through our application?
- What does a user expect to happen when they interact with this input?
- Where on our page does data appear? Does it become embedded in a string or an attribute?
Here are some sample payloads that we can play with in order to test inputs on our site (again, only our own site!) courtesy of Hacker101. The successful execution of any of these samples can indicate a possible XSS vulnerability due to direct injection.
"><h1>test</h1>'+alert(1)+'"onmouserover="alert(1)http://"onmouseover="alert(1)
As a general rule, if you are able to design around directly injecting input, do so. Alternatively, be sure to completely understand the effect of the methods you choose; for example, using innerText instead of innerHTML in JavaScript will ensure that content will be set as plain text instead of (potentially vulnerable) HTML.
Pay attention to your inputs
Software developers are at a marked disadvantage when it comes to competing with black hat, or malicious, hackers. For all the work we do to secure each and every input that could potentially compromise our application, an attacker need only find the one we missed. Itâs like installing deadbolts on all the doors, but leaving a window open!
By learning to think along the same lines as an attacker, however, we can better prepare our software to stand up against bad actors. Exciting as it may be to ship features as quickly as possible, weâll avoid racking up a lot of security debt if we take the time beforehand to think through our applicationâs flow, follow the data, and pay attention to our inputs.
How to quickly batch resize, compress, and convert images with a Bash one-liner
Part of my Hugo site continuous deployment workflow is the processing of 210 images, at time of writing.
Hereâs my one-liner:
find public/ -not -path "*/static/*" \( -name '*.png' -o -name '*.jpg' -o -name '*.jpeg' \) -print0 | xargs -0 -P8 -n2 mogrify -strip -thumbnail '1000>' -format jpg
I use find to target only certain image file formats in certain directories. With mogrify, part of ImageMagick, I resize only the images that are larger than a certain dimension, compress them, and strip the metadata. I tack on the format flag to create jpg copies of the images.
Hereâs the one-liner again (broken up for better reading):
# Look in the public/ directory
find public/ \
# Ignore directories called "static" regardless of location
-not -path "*/static/*" \
# Print the file paths of all files ending with any of these extensions
\( -name '*.png' -o -name '*.jpg' -o -name '*.jpeg' \) -print0 \
# Pipe the file paths to xargs and use 8 parallel workers to process 2 arguments
| xargs -0 -P8 -n2 \
# Tell mogrify to strip metadata, and...
mogrify -strip \
# ...compress and resize any images larger than the target size (1000px in either dimension)
-thumbnail '1000>' \
# Convert the files to jpg format
-format jpg
Thatâs it. Thatâs the post.
What You Do Not Know

Look closely: focus on the space in between
the instant passed, that moment
just a moment ago,
that we somehow thought was real,
and the instant upon us,
that we somehow think will really come â
what is that between the two?
Look closer and that space, too, seems made up
of many tinier moments, past or yet to come,
so that you have to gaze even more closely
looking for the still point weâre sure we know
lies just after one and just before another.
But it, too, is just, on closer examination,
an infinite line,
and the more you look,
it doesnât even quite seem a continuous one â
how do you know
that moment âfollowedâ this,
or âprecededâ another?
Go all the way down the rabbit hole
and, up very close,
itâs seen that there are no moments,
not even the grand imaginary Now,
the only moment
we must believe in â
all there is
is that lonely space in between.
How could we be so deluded?
What magic trick is this, and whoâs behind it?
Now â turn your careful gaze to this leaf,
and to the tiny aphid
crawling across it. Put your strongest lens on it
and suddenly it isnât an aphid,
it isnât any âthingâ,
but rather an array of quarks and gluons,
in an unfathomable pattern
comprised mostly of nothing at all.
Look closer still,
and the quarks have disappeared
and in their place are some things tinier still,
each still
with the illusion of solidity,
of being substantial, until
you magnify by another order of magnitude
and then theyâre gone too.
Now you search in vain,
because there was something tiny there
one turn of the lens ago,
but now you can see nothing â
all there is
is that forsaken space in between.
Another trick! â
surely we just arenât looking right,
we havenât got the right point of view,
the right tools
to see the solid end
to this fathomless mystery.
This is not fair! Weâre being tricked
and not told what the trick is, the answer
that makes sense of it all â aha!
No?
Yet there is something inside us,
or somewhere,
whispering to us
that it is no trick,
that it doesnât make sense,
that it doesnât have to make sense,
and that in fact there are only appearances,
nothing ârealâ at all.
There are only figments of reality,
sleights of mind.
No matter!
But this is not acceptable â
if there is no real time, or space,
or thing, then how, who�
Look out! Think like that
and you might disappear.
And then what?
Well, then everything.
Â
image of aphid from USFDA via Wikipedia, public domain
RT @goetheguy: The new monument in Berlin. A Book Tower in memory of the Nazi book burning. Arendt second from top. @Arendt_Center https://âŠ
|
mkalus
shared this story
from |
The new monument in Berlin.
A Book Tower in memory of the Nazi book burning. Arendt second from top. @Arendt_Center pic.twitter.com/C8lx3TqFGz
IanDunt
on Sunday, October 27th, 2019 6:31pm767 likes, 310 retweets
Exposed database reveals 7.5 million Adobe Creative Cloud accounts

Adobe left almost 7.5 million Creative Cloud accounts exposed to anyone with a web browser.
According to a Comparitech report, an Elastisearch database containing email address and other Creative Cloud account information was accessible without a password or other authentication.
Comparitech partnered with security researcher Bob Diachenko to uncover the exposed database and reported it to Adobe on October 19th. Adobe secured the database the same day.
Diachenko estimates the database remained accessible for about a week. Itâs not clear if anyone else accessed the database.
Thankfully, Comparitech reports that the exposed data wasnât particularly sensitive. Below is a list of all data included in the database:
- Email addresses
- Account creation date
- Which Adobe products that account owns
- Subscription Status
- Whether the user is an Adobe employee
- Member IDs
- Country
- Time since last login
- Payment status
The data didnât include payment information or passwords. However, the real danger with the exposed data is that scammers could use it to build targeted phishing scams.
Armed with the above information, fraudsters could pose as Adobe and try to trick users into giving up further data, such as passwords or payment details.
Adobe confirmed the details of the Comparitech report to Gizmodo in an email statement. It noted that the database âcontained Creative Cloud customer information, including email addresses, but did not include any passwords or financial information.â
âThis issue was not connected to, nor did it affect, the operation of any Adobe core products or services,â the company said.
Adobe also said it was reviewing its âdevelopment processes to help prevent a similar issue occurring in the future.â
Adobe Creative Cloud users should be wary of any emails they receive asking them to log in to the service and never click links provided in an email. Instead, open a new tab and sign in to Adobe directly through the companyâs website.
You can learn more about the breach and how Comparitech uncovered it here.
Source: Comparitech Via: Gizmodo
The post Exposed database reveals 7.5 million Adobe Creative Cloud accounts appeared first on MobileSyrup.
Leaked audio from Google all-hands meeting details companyâs trust problem

Leaked audio from an all-hands meeting at Google includes executivesâ responses to employee questions on several issues, including trust.
The Washington Post published the recording from the meeting, which took place on Thursday. Execs discussed the hiring of a former Department of Homeland Security staffer, a recent Chrome extension for employees that many consider a âspy toolâ and trust.
On the trust front, Google CEO Sundar Pichai can be heard saying that trust is âone of the most foundational things for the company.â However, he also noted that Google had trouble with âtransparency at scaleâ and âhow to do it.â
âEspecially at a time when everything we do doesnât stay within the walls,â Pichai said.
Googleâs vice president for government affairs, Karan Bhatia, defended the hiring of Miles Taylor, a former chief of staff to Kirstjen Nielsen when she was homeland security secretary. Employees questioned the hiring of Taylor, who backed the Trump administrationâs travel ban.
The ban targetted immigration from some majority-Muslim countries and supported family separation at the border.
Bhatia said Taylorâs expertise was in counterterrorism and national security, and that Taylor would be playing that role with Google and ânot in the immigration space.â
Further, Bhatia said press reports about Taylor were inaccurate because Taylor didnât formulate the travel ban. Bhatia did acknowledge that Taylor publicly defended the ban.
Bhatia appeared to reference a BuzzFeed News report that said Taylor defended the travel ban.
Finally, the recording included questions around a Chrome extension employees believed was meant to monitor large gatherings. The extension automatically reported any staffer that created a meeting event with more than ten rooms or 100 participants. Managers claimed the extension was to help reduce potential calendar spam.
Those interested in listening to the full recording can find it here.
Source: Washington Post Via: Engadget
The post Leaked audio from Google all-hands meeting details companyâs trust problem appeared first on MobileSyrup.
Dynalist and Workflowy - storing docs locally - Beck
Franz Grieser wrote:
>the fact that they won't allow me to do and that they don't let me work
>offline that tells me clearly that I shouldn't spend any more time with
>them.
I often use the Workflowy app offline (both free and pro mode). Perhaps it's a beta feature? I have that box checked in settings.
Despair, Inc. issues a funny apology
Despair, Inc. makes posters and tchotchkes that satirize motivational sayings (you know, like âTradition: Just Because Youâve Always Done It That Way Doesnât Mean Itâs Not Incredibly Stupid.â). And like any other business, they screw up. Unlike other businesses, their apology is self-deprecating and funny. Hereâs the email a friend of mine got from Despair ⊠Continued
The post Despair, Inc. issues a funny apology appeared first on without bullshit.
The Best Two-Factor Authentication App
The most important thing you can do to increase your online security, alongside using a password manager, is to enable two-factor authentication. After interviewing three experts and testing seven authenticator apps, we think Authy has the best combination of compatibility, usability, security, and reliability.
ï»żThe Camera, My Therapist

âModelling is superficial, and anything superficial in the long run will never be good for the psycheââthis seems to be intuitively true. Although modelling might boost self-esteem, it cannot fill an inner emptiness. However, several years of participant observation, surveys and interviews in the scene of amateur modelling draw a different picture. Models seem to agree on the fact, that it makes them feel better. Â How is this possible?
Broadly speaking, there are two reasons apart from the fact that for many there is something pleasurable about it: Modelling can teach some skills relevant in everyday life and modelling can help to cope with identity.
Letâs look at the first aspect: For every successful photo shoot, a minimum of communication is inevitable. Theorists such as Pierre Bourdieu observed that taking pictures is communicative. His work focused on family photography but whether youâre taking a picture of your children or yourself, the resulting image says something about the photographer and the subject. Models, as well as photographers often choose topics that emotionally matter to them. Thus, they have to put them into words, they have to develop an expressible idea and take over their vis-Ă -visâ perspective. In this context, emotions are made tangible.
Another skill being practised is creativity, a skill that is often seen in connection to the courage to try new things and solve problems. In model photography, creativity often means to cope with realityâs deficiencies: The set might not be as fabulous as expected, the dress too small and not lavish enough, the weather not as it should beâyet, somehow, everything must fall into place. The need to cope with realityâs deficiencies is due to photographyâs indexicality, it leaves a trace to something in the real world. Therefore, creativity is not fully unbound and relates more to the handling of everyday problems.
One more skill practised as a model is the ability to present oneself. This means to play certain roles or to act out partial identities and thus to gain a feeling for successful impression management, to exercise for everyday lifeâs different requirements.
Moreover, modelling helps to gain cultural insights: The model is confronted with very different individualsâthe scene comprises members from different social layers, educational backgrounds and income groups, so meeting them can expand the horizon. When looking for topics to stage, third parties can come into play and even more lifestyles are experienced: One might learn the history of the castle they choose for a backdrop, or may be posed with a bird of prey and learn how to handle him. Photography is the reason to get in touch with new aspects of life and moreover, events often exist because of photographyâbe it that without photography they would not be important or not have happened at all: Model Dunja (above) would not have worn a dress of newspaper and Model Destiny (below) would not have climed the waterfalls without photography.
Ultimately, the event of taking pictures, the experiences gained during this process might be more interesting than the resulting photo. Still, some theorists might consider this aspect as rather ambivalent, criticising the tendency to take pictures of something instead of experiencing it: âA way of certifying experience, taking photographs is also a way of refusing itâby limiting experience to a search for the photogenic, by converting experience into an image, a souvenirâ states Susan Sontag in her famous book On Photography.
However, even if the experiences stay relatively shallow, it is not any more mediated than reading or watching an event which has its own kind of value. Furthermore, theorists like Nathan Jurgenson have called into question the idea that experience and documentation have a zero-sum relationship.
Whereas the aspects mentioned so far can be viewed in the context of skills, there are also more psychological aspects that make modelling beneficial. Identity, understood as the self-conception of a coherent, yet not fixed creature with its own traits and history, is a topic broadly discussed nowadays as postmodern times question this concept. Photography has always been understood as associated with identity. Its focus on the outer appearance might be seen in a critical light, yet it is indisputable that humans create their looks to communicate their identity. Postmodernity offers them countless options to construct styles meaningful to them. Models can experiment with their identity in a protected terrain. In front of the camera they can act out character traits that in their real lives are undesirable or that they usually would like to hide. This is possible because photography is open to different interpretations: Without any written explanation the recipient does not know if the model is âacting as herselfâ or âplaying a roleâ.
Further, modeling offers an opportunity to try various identities that might not necessarily be linked to the âreal selfâ, to try what can be done with the body as âraw materialâ. Looking at the online profiles of girls, A.F. Coleman comes to the conclusion: âThe desire is for photography not to capture a personality as it is  but rather a body as it might beâ. In todayâs multi-option society this might lead to rather negative emotions and to the exhaustion of the individual. Yet, this is a general condition of postmodernism and nothing specific to modellingâwe all have to be architects of our own lives and modelling can rather help to do so.
However, modelling is also able to offer one very concrete identity: The identity as a model that stays stable throughout all the different shooting. Modeling shows in mainstream media demonstrate that this identity is understood to be very desirable. There is something special about it too: unlike most identities, it is not constituted by a certain look but by a multitude of different looks, not by stability, but by a way in which instability can offer an identity.
Modelling, counterintuitively, also offers a way to surpass the body. This is possible due to its connection to the web, where many model activities such as the organization of shootings and especially the presentation of the pictures take place. In the digitally processed pictures, the bodyâs weaknesses are often concealed or retouched. The final image does not need to, is often not even expected to have much in common with the modelâs real appearance. Most probably she is aware of the differences. The image does not show the model but tells something about her that has not necessarily to do with her looks, but with her dreams, her ideas, her fears, or her values, and thus loses its indexicality in favour of a symbolic quality. It is not âthe body in the pictureâ but can be âthe idea in itâ.
As shown, modelling gives people an opportunity to practise skills for everyday life and to work on identity. This does not mean that it cannot be subject to criticism, nor that it can be used as a tool for therapy for all kind of disorders. But it definitely can be more than just superficial.
Maja Tabea Jerrentrup works both as associate professor at the Ajeenkya DY Patil University in Pune and as journalist in the field of photography. Her areas of research include staged and documentary photography and advertisement.
Facebook and Speech: Itâs All About Power
I agree with the observations in this post, and would apply them to educational technology as well. "We have to break the fundamental asymmetry that each end user is limited to their thumbs and their brain while the networks operate supercomputers. As long as there is one Facebook algorithm, one Twitter algorithm, one Instagram algorithm, etc. there will always be way too much power in one place. We all need to be able to programmatically interact with these services." If your MOOC provider, LMS, publications archive, or whatever, doesn't include an open API, then it is perpetuating a power imbalance. Via Metafilter, which follows up this idea with a ton of links.
Web: [Direct Link] [This Post]"In summary: humans that manage to work well as a team are pretty resilient"
From todayâs Studio D Radar mailing list:
There are typically two visceral reactions when people first hear about the Short Walk expeditions. The first is the assumption that we are venturing into a war zone, when the reality is that this corner of Badakhshan province has been peaceful for thirty+ years. If the Taliban or any other armed group was active in our field of operation the expeditions will be delayed or cancelled and weâd instigate a Plan B.
The second reaction is an assumption around fitness. While one needs to be physically fit, our screening interviews focus on cultural and team dynamicsâeveryone needs to be aligned to the mission, and be willing to work for the wellbeing of the group, something we refer to as âone body principleâ a term coined by our 2018 Medic Sam Kellogg. When interviewing candidates there are four major challenges we discuss in addition to fitness: operating at high altitude for extended periods, long distance trekking, developing country, and higher risk travel. All of our 2019 Short Walk team had experience of at least one of these attributes, but no-one (other than Jan, the expedition leader with experience in all five) had experience in more than three on a single trek. In summary: humans that manage to work well as a team are pretty resilient.
File this in the same folder as the references I quoted in Human Infrastructure, Sex and Cycling last week: embrace your infrastructure as you find it, and focus, instead, on the personal, cultural and social issues layered on top of it.
The Best Deals on Apple Accessories Weâve Seen This Week
The Wirecutter Deals team scans the virtual aisles of the Internet, searching for great discounts on Wirecutter-recommended items so you donât have to. In our deal blogs (like this one), we highlight the discounts that we think Wirecutter readers will love. For more deals, check out our Deals page, follow us on Twitter @WirecutterDeals, and subscribe to our daily deals newsletter.
Teaching Tech Together Is Out
I am pleased to announce that Teaching Tech Together has now been published by Taylor & Francis. You can buy it from them directly or get it through your local library or favorite bookstore.
Greg Wilson: Teaching Tech Together. Taylor & Francis, 2019, 978-0-367-35328-5.
This book would not exist without the contributions of Laura Acion, Jorge Aranda, Mara Averick, Erin Becker, Azalee Bostroem, Hugo Bowne-Anderson, Neil Brown, Gerard Capes, Francis Castro, Daniel Chen, Dav Clark, Warren Code, Ben Cotton, Richie Cotton, Karen Cranston, Katie Cunningham, Natasha Danas, Matt Davis, Neal Davis, Mark Degani, Tim Dennis, Paul Denny, Michael Deutsch, Brian Dillingham, Kathi Fisler, Denae Ford, Auriel Fournier, Bob Freeman, Nathan Garrett, Mark Guzdial, Rayna Harris, Ahmed Hasan, Ian Hawke, Felienne Hermans, Kate Hertweck, Toby Hodges, Roel Hogervorst, Mike Hoye, Dan Katz, Christina Koch, Shriram Krishnamurthi, Katrin Leinweber, Colleen Lewis, Dave Loyall, PaweĆ Marczewski, Lenny Markus, Sue McClatchy, Jessica McKellar, Ian Milligan, Julie Moronuki, Lex Nederbragt, Aleksandra Nenadic, Jeramia Ory, Joel Ostblom, Elizabeth Patitsas, Aleksandra Pawlik, Sorawee Porncharoenwase, Emily Porta, Alex Pounds, Thomas Price, Danielle Quinn, Ian Ragsdale, Erin Robinson, Rosario Robinson, Ariel Rokem, Pat Schloss, Malvika Sharan, Florian Shkurti, Dan Sholler, Juha Sorva, Igor Steinmacher, Tracy Teal, Tiffany Timbers, Richard Tomsett, Preston Tunnell Wilson, Matt Turk, Fiona Tweedie, Anelda van der Walt, StĂ©fan van der Walt, Allegra Via, Petr Viktorin, Belinda Weaver, Hadley Wickham, Jason Williams, Simon Willison, Karen Word, John Wrenn, and Andromeda Yelton. I am grateful to Lukas Blakk for the original logo, to Shashi Kumar for LaTeX help, to Markku Rontu for making the diagrams look better, and to everyone who has done instructor training over the past eight years with the Carpentries or RStudio. Any mistakes that remain are mine.
For my mother, Doris Wilson,
who taught hundreds of children to read and to believe in themselves.And for my brother Jeff, who did not live to see it finished.
"Remember, you still have a lot of good times in front of you."All royalties from the sale of this book are being donated to the Carpentries, a volunteer organization that teaches foundational coding and data science skills to researchers worldwide.
Ridings with better cell service voted Liberal: Opensignal

On average, people in the ridings where the Liberal Party won seats in the federal election have better smartphone experiences.
The federal election is over now and Canadaâs next Prime Minister is Liberal leader Justin Trudeau.Â
Analytics firm Opensignal measured its smartphone usersâ experience based on the results of the 2019 federal election. It found that people in ridings that voted for Liberal MPs had higher experience across four metrics. This included download speed, upload speed, availability of 4G and video experience.
NDP districts had very similar mobile experiences to Liberal ridings. Conservative and Bloc Québécois ridings, however, tended to have worse mobile experiences.
Opensignal says its usersâ 4G availability and video experience varied by less than 10 percent across the ridings where these four parties won seats.

Download and upload speed, on the other hand, had a more significant difference. Conservative and Bloc Québécois users had a 16.9 percent and 20.2 percent lower download speed experience than users in Liberal ridings. The upload speed gap was more extensive, seeing 30.2 percent and 19.2 percent lower speeds respectively.
Opensignal says the reason for the correlation to mobile speeds is because the election results reflected an urban-rural divide. Urban areas were more likely to vote for left-leaning, progressive parties while rural areas tended towards right-leaning, conservative parties.
Comparatively, urban areas tend to significantly better mobile download speeds than rural areas.
To learn more about the results, check out Opensignal for a full breakdown.
Source: Opensignal
The post Ridings with better cell service voted Liberal: Opensignal appeared first on MobileSyrup.
Google Pixelbook Go Review: Impressive, but still expensive
Googleâs Pixelbook Go is one of the best Chromebooks available right now.
Its understated design is stunning and features impressive build quality despite being positioned by Google as an âentry-levelâ device. In every sense of the phrase, Googleâs Pixelbook Go feels decidedly high-end. Iâd even go so far as to say the Pixelbook Go has made me forget about last yearâs disappointing Pixel Slate tablet.
This brings me to my main issue with Googleâs latest Chromebook offering beyond Chrome OSâ limitations as operating system that mostly stem from it being relatively new.
While the laptop is undeniably impressive and a little cheaper than the original Pixelbook, itâs still pricey in Canada when compared to other similar Chromebooks from third-party manufacturers like Asus and HP.
Specs
- Processor: 8th Gen Intel Core m3, i5, or i7
- RAM: 8GB, 16GB of RAM
- Storage: 64GB, 128GB, 256GB SSD
- Weight: 1.04kg
- Thickness: 13.4 mm
- Battery: 12 hours, fast-charging support
- Display: 13.3-inch, 16:9 touchscreen, 108p (1920 x 1080) or 4K (3840 x 2160)
- Camera: Front-facing 2-megapixel, 60fps, 1080p video
- Wi-Fi: 802.11 a/b/g/n/ac, 2Ă2 (MIMO), dual-band (2.4 GHz, 5.0 GHz)
- Bluetooth: 4.2
Not the Pixelbook 2
The Chrome OS-powered Pixelbook Go is not the true successor to Googleâs previous Chromebook. Unlike 2017âs Pixelbook, which was capable of transforming into a tablet thanks to its innovative 360-degree hinge, the Go adopts the form of a traditional laptop.
The Pixelbook Goâs 13.3-inch, 16:9 aspect ratio, 1920 x 1080 pixel resolution screen opens and closes smoothly. Its hinge is even weighted in a way that allows it to open and close with one hand easily. While the display is 1080p, thereâs also a 4K version of the laptop measuring in at a 3840 x 2160 pixel resolution, though itâs unclear why anyone would ever need a 4K Chromebook. The screen itself features accurate colour and is overall vibrant, though its LCD panel doesnât stand out in any particular way
The Go ditches the 3:2 aspect ratio of the original Pixelbook for a far wider 16:9 aspect ratio, making the laptop better for watching video but arguably less ideal for tasks like writing or working on a spreadsheet. The screen also has thin bezels when compared to the original Pixelbook, which features dated-looking substantial edges running around the circumference of its display.
That said, the Pixelbook Go does include one of the Pixelbookâs best features. The excellent keyboard from Googleâs first Chromebook is back, and itâs even quieter this time.
In short, the Pixelbook Go is a joy to type on and way ahead of any laptop Iâve ever used over the last few years. The keys feature just enough travel to feel satisfying and always remain responsive.
The laptop itself features a âJust Blackâ painted magnesium finish, which Google says it opted for to keep the price down. Thereâs also a âNot Pinkâ variant on the way, but itâs currently listed as âcoming soonâ on Googleâs website. Even with these cost-saving measures, the Go still looks sleek and feels like a high-quality device, despite ditching the Pixelbookâs more premium finish and design. However, thereâs nothing in particular that makes its aesthetic stand out from other laptops.
The only noticeable design feature is the Pixelbook Goâs ribbed bottom. While strange-looking and a little offputting, the ridges add grip to the laptopâs base, making it more difficult to slide out of your hand. Iâm not particularly fond of the ridges, but theyâre barely noticable, and I can appreciate that they have a practical purpose. Flanking both sides of the keyboard is a very MacBook-like speaker grill. The Go actually resembles a more curved, black-coloured version of Appleâs MacBook Air in some ways.Â
Thickness comes in at 13.4mm and 1.04kg. While the Pixelbook Go isnât exactly the lightest or most svelte laptop around, its rounded corners help make it feel smaller than it is.
Itâs worth noting that the rubberized palm rests featured in the Pixelbook are not part of the Pixelbook Go. While a subtle design change, these raised rubberized grips prevented the laptopâs display from being squished into its keys and scratching the screen, a common issue a lot of laptops, particularly Appleâs MacBooks, suffer from.
Itâs disappointing Google didnât include the same design in the Pixelbook Go.
The rest of the hardware
Regarding hardware, the entry-level $849 CAD Pixelbook Go features Intelâs 8th-generation Core M3 processor, 8GB of RAM and 64GB of storage. Any way you look at it, this is a steep price tag for a Chromebook powered by an m3 chip.
Bumping up to Intelâs Core i5 processor pushes the price to $1,099, with the highest-end Intel Core i7, 4K variant costing an astounding $1,849 CAD. All of the Goâs chips are also Intelâs lower-power Y-series variants, which is disappointing.
This brings me to my main issue with the Pixelbook Go. Itâs an undeniably great Chromebook, but its price tag, particularly in Canada, is far from entry-level. To put the cost in perspective, the standard Pixelbookâs starting $1,299 price tag is only $200 more expensive than the i5 iteration of the Go. This makes the Pixelbook Go a tough sell in Canada, especially when there are similar Chromebooks from other manufacturers that cost far less.
The laptop also features two USB-C ports on each side, just like its predecessor, and supports fast-charging. Google claims the Pixelbook Go is capable of two hours of use after just 20 minutes of charging. In my experience, this estimate is pretty accurate. In total, the Go made it through a day with moderate use, clocking in at roughly 11 to 12 hours.
Thereâs also a 3.5mm headphone jack and a not-very-good 2-megapixel camera that is capable of shooting 1080p at 60fps.
Notably absent from the Go is a microSD slot, a feature commonly found in other Chromebooks. Thereâs also no fingerprint sensor, though if you have an Android phone with a fingerprint sensor, you can use it to unlock the Go.
Finally, the Pixelbook Go also features Googleâs Titan C chip that Google says protects the Chromebook from malicious attacks.
Chrome OS is still limited
Chrome OS is fast, responsive and straightforward, but I still find it limiting, especially when it comes to doing my day-to-day job at MobileSyrup. While the operating systemâs selection of apps has improved over the last few years, it still isnât great. For example, even though Adobeâs Creative Cloud-adapted Android apps are now available on Chrome OS, theyâre slow, awkward and feel like a mobile app that has been stretched to fit a 13.3-inch laptop screen â which is precisely what they are.
While Iâve grown accustomed to Chrome OS during my time with the original Pixelbook, first-time users will likely find the experience a little jarring. Googleâs desktop operating system shares similarities with Windows 10 and macOS Catalina, but itâs also a very different beast at the same time.
If you typically use web-based services like Google Docs, Gmail and Googleâs Chrome web browser, like myself, youâll be okay with a Chromebook. On the other hand, if you tend to use a lot of local programs, thereâs a strong chance there isnât a Chrome OS version of that particular app you need. With that in mind, Microsoft does offer Chrome OS expanded versions of its Office Android apps similar to Adobe.
I find Chrome OS to be the perfect operating system for surfing the web, watching YouTube videos, movies and even writing stories with WordPress. While I primarily use Apple devices, I live in a Google services world.
This makes it easy for me to jump between macOS and Chrome OS. When it comes to video or photo editing, I run into issues with Googleâs lightweight operating system.
Though this is one specific workflow and use case, I suspect first-time Chrome OS users may experience similar problems.
The post Google Pixelbook Go Review: Impressive, but still expensive appeared first on MobileSyrup.
Brexit in limbo
More âunforced errorsâ
That may still turn out to be the case. The fact that it is not so today is in large part attributable to yet another of what the influential and insightful law and policy commentator David Allen Green has aptly described as the âunforced errorsâ of the Brexit saga. Specifically, it has arisen because of the Governmentâs ludicrous and unnecessary attempt to drastically curtail the time parliament had to discuss the Withdrawal Agreement Bill (WAB), and to do so without the provision of any economic impact assessment. The proposed timescale was, as the Director of the Hansard Society, Ruth Fox â not known for hyperbole - put it âridiculousâ. Parliament thought so too, and voted against the Programme Motion that set out the timetable for the Bill.
This was just the latest of the long string of ways, some outlined in my previous post, that Mayâs and now Johnsonâs government have treated parliament contemptuously and found, in the absence of a majority, that parliament has many ways of biting back. There was no need for it, any more than for what was quaintly described in parliament as the âjiggery-pokeryâof this weekâs failed attempt to hold a Meaningful Vote. By the same token, Johnsonâs latest, and third, refusal to appearbefore the Commons Liaison Committee reeks of his dismissive attitude to parliament at the very moment he is so dependent upon it.
In the case of the WAB timetable, it was totally unnecessary: the 31 October date would (all but) certainly have been breached anyway if only to allow European Parliament ratification, the extension letter had already been sent, and there could be no doubt that a short technical extension would be agreed if the WAB had passed. If the concern was âwrecking amendmentsâ it was pointless, as such amendments could have been laid anyway. As so often, it was just macho posturing.
The bad winners of Brexit
Tactically, the attempt was, as has been shown by its failure, ill-judged. But it was also strategically ill-judged and in a way which has a wider significance than this particular episode. Suppose it had succeeded? Then, Brexit would for years be dogged by accusations of having been achieved through hole-in-the corner means, without proper parliamentary oversight. If so, that would be added to a whole strong of similar accusations that Brexit is going to face anyway, if it occurs. Everything from the dishonest manner in which the referendum campaign was fought and won, the unnecessary legal battles over parliamentary involvement, prorogation and, even, whether the PM had to obey the law all mean that any sense of victory will be sour.
If I were a Brexiter, who genuinely believed that this was a project for national liberation and national revival, I cannot imagine taking any pleasure in having achieved it through such squalid and disreputable means. It is one of many ways in which Brexitersâ graceless response to their referendum victory gives the impression that they would have been happier if they hadnât won.
For that matter, as the WAB debate speeches this week by ERGers such as John Redwood and Owen Paterson show, the Brexit Ultras feel no joy in the deal that they have signed up to, and do not regard it as the Brexit they had really envisaged (like the apologists for every failed managerial fad and political ideology, Brexiters are always going to say that it would have been fine had it just been implemented âproperlyâ). As I remarked in my previous post, the national tragedy of Brexit is that, even if it is done, the most ardent Brexiters will be as bitterly unhappy as remainers.
The WABâs nasty surprises
Returning to the WAB itself, the impression given was that the government had something to hide in seeking to ram it through so quickly. It is no good saying, as some did, that parliament had had years to discuss every aspect of Brexit. The fact is that, after all those years, this was the first time that anyone had seen in precise, detailed, legal terms what Brexit (at this stage) meant. And on examination the legislation revealed at least four areas of controversy over and above those that were already clear from the broad outlines of Johnsonâs deal (for detailed, expert, legal analysis of the Bill, see Steve Peersâ excellent blog).
First, it emerged(initially, it seemed, to the surprise of the Brexit Secretary himself) that the new arrangements for Northern Ireland (NI) would involve new customs processes (not necessarily declarations) for goods travelling both from Great Britain (GB) to NI and from NI to GB. This further underscored the reasons for the DUP objections to the deal for, indeed, it shows how transactions between the two parts of the same country are now pretty much on a par with importing and exporting goods between separate countries. There could hardly be a greater affront to unionism nor, though for mirror-image reasons, to Scottish nationalism.
This, along with the different regulatory arrangements for NI, leads to an observation, which I had not thought of or seen before in these terms, made by the finance and economics writer Frances Coppola in a tweet this week: Johnsonâs deal means that after Brexit the UK will no longer be a single market. Expressed that way it is quite remarkable. There have been long debates about whether or not the UK could and should remain in the European Single Market after Brexit. Never was in envisaged, in terms, that the UK single market would be brought to an end.
The second issue to emerge was over workersâ rights protections. It was already controversial that these had been moved from the Withdrawal Agreement (WA) to the non-binding Political Declaration (PD). In the legislation, a bizarre pair of clauses has it that a minister introducing any future legislation must state that it doesnât reduce such rights compared with EU provision or that the minister is unable to state that but wants to proceed with the legislation anyway! I suppose it is conceivable that this was a drafting error but if so, given the political charge of the issue, an extraordinary one.
Thirdly, the proposed legislation requires that future terms negotiations with the EU be constrained to the ambitions set out in the PD. This is particularly sneaky, because one argument to waverers on both the Tory and Labour sides has always been that since the PD is not legally binding (i.e. unlike the WA it would not form part of an international treaty) then there is âall to play forâ once the WA is ratified. The WAB would use British law to undercut that (albeit that, I suppose, a future government could legislate to change that law).
Fourthly, and perhaps most controversial of all, the WAB deprives parliament of the right to force the government to seek an extension to the Transition Period (TP) in order to prolong post-Brexit trade talks. This is enormously significant to what would happen â and very soon â after Brexit day if we get there. As discussed in my previous post, a potential new cliff-edge arises if there is no trade agreement in place by the end of the TP at end 2020 and if the UK has not asked for an extension by 1 July 2020 (more detail on the likely timetable and issues arising from it here).
No one serious thinks the trade talks will be to any degree advanced by then â especially given that whether held before or after Brexit an election will shave a couple of months off the time available â and Johnson has said that he will not apply for a TP extension. That could of course be bluster, but if not then there is the prospect that, without any parliamentary agreement, there would be a new kind of no-deal Brexit at end of 2020. (In passing, it is perhaps not sufficiently explained in the media that this would be a new kind, and not the same as the no-deal we talk about now, in that there would be a WA in place but, equally, by that point there would be no ârevoke Article 50â option available as a final defence against the new version of no deal).
This may be what some Brexiters actually want. Others may still nurture the fantasy that this will be âthe easiest deal in historyâ because the UK would be starting from a position of alignment with the EU. I discussed that myth a couple of years ago but this week there was a reminder of one of the reasons why it is a myth. A ânormalâ preferential trade deal takes a long time partly because various businesses and sectors lobby to be excluded from regulatory alignment (usually for protectionist reasons). In this trade negotiation the delays will be for the mirror-image reason: lobbying to remain aligned. Businesses have already begun (ÂŁ) to make the opening salvos in that process.
A General Election?
The various controversial issues just identified in the WAB, and others, may well be the subject of amendment if it emerges from its present âin limboâ status (this, apparently, is the correct term for it, and it could just as well be applied to the entire Brexit situation). If so, it may yet pass, and Brexit may yet happen. However, the possibility is now intensifying that events will be delayed by a General Election and, if so, that represents possibly the last chance for Brexit to be averted.
That may sound a strange thing to say, given that Johnson himself is pushing for an election, now, weirdly, tying this giving more time to debate the WAB (not that much more, in fact). But - barring some very dramatic event - the only realistic route to remain now lies in a Labour administration â whether majority or minority â organizing another referendum (this would in turn entail yet another request to the EU for an extension).
The present parliament almost certainly isnât going to vote, and legislate, for another referendum. On the other hand, if the WAB ever is debated by the present parliament then it is quite likely to end up passing. The Second Reading, after all, passed by 30 votes â allowing Johnson to make the wholly dishonest claim that his deal had been âpassedâ â and ...
The Electricity of Learning
I'm going to tell a story of why education is failing. We have a design error.
1.
This is a battle of two groups of people. There was an information shortage. So industry started schools. But today everything has changed. But today we have an information glut. If we are passionate about something we can learn. This information flow changes the world from 2D flat to a world that is changing. 3D. Changing all the time. So we have the story of the 2D-Smarts and the 3D-Smarts. And there's a fight between them.
We have a legacy - me, old people - toward a legacy system. In this system, you don't get a degree because you followed your passion, you get a degree because you studied stuff you didn't want to study. Then you go to work, and you don't follow your passion, you do what your boss tells you to do. So the result is 80% of people are not engaged in what they do. They just go to work to earn money, to earn security, and gain a pension. And these people - 80% - are incompetent. And incompetence is driving us to the edge of existence, creating waste, creating smog, and people are dying.
Is we want to reinvent education, we have to focus on who we are.
2.
Children are the future. We have to re-engineer for the next generation. So we have to build systems that support passionate talents.
Why do some people learn really fast and some don't? Real learning only happens when you are in the groove with your talents. Everybody knows this, when you do what you are best at, you are better than everyone else. So we need to find out what we're good at, what we love.
Diversity is what we are made for.
So, how do we know our talents? One word: it's called 'passion'. It means 'suffering'. If people tell you they're passionate, you can see them suffering. A passionate teacher who is engaged, you can see them trying to create a better education. If you are passionate in love, you suffer.
But they don't want to suffer, they want to suffer less. The only way to do this is use information. They use information, suffer less, and do more. This is what makes you the best, and your system rewards you with dopamine.
Training programs don't instill passion.
"The two most important days of your life are the day you were born and the day you find out why." Mark Twain.
3.
I try to find out about what learning is. How do 3D smart learn?
Learning is a physical process. People who are passionate, who jump into the information flow, and online you get the fastest information, and the most people, and your brain lights up. And when people are passionate they want to share information. I don't know anyone who is passionate about a subject who refuses to answer a question - because when you answer a question you grow more.
So you should fire 30% of the teachers. Why? Because students who want to learn also want to teach. These become part of giving and taking.
(Demo of learning with a 3D brain that lights up. That happens when you learn, when you teach.)
Real teachers understand this. Real teachers create an environment that supports this.
4.
This has consequences.
I think we should create an environment where people with passions can accelerate. And where people who don't have the passion have the freedom to choose another course. If we don't have this, we don't have an educational system, we have a prison.
We have to invent learning technologies to make this happen.
The 'Power Defect'. It's about competence development. This has two meanings. The first is, you have to have people who are capable. But the second meaning is, you have to have the organization to do something with it. If you have the learning, but you can't do anything, you're not competent.
So we have four squares:
- not capable and not authorized = you're a machine (80% of people)
- capable and authorized = real competence.
- capable but not authorized = the power defect. This group is growing.
- not capable, but authorized = burnout/com - and this group is increasing also.
A lot of people my age have this huge responsibility, to hand over the authority. Because if we don't do this, there will be very bad consequences.
Turning Talent into Skills and Skills into Success
The challenge for everyone is to find out how gto give back before moving to the next level of existence. Mentorship is one very important way to do so.
Also to pick up on what Jef said about talent and passion. It's a very important dimension of this discussion. But for those of us in Cote d'Ivoire, very few will say they want to be framers or policemen, garbage collectors, work that may not be pleasant. They want to be rock stars.
We have to work through Maslow's hierarchy here. There are fundamentals of economics that we have not yet mastered needed in order to make this happen. Cote d'Ivoire is a poor country and so is mine (Ghana), and now after 60 years of independence we have only now looked at how to pool production.
We grow cocoa and it's processed in Belgium. Yet how many of us can write a one-page summary of how cocoa is processed. It was not taught to us. I ask many people, they can't do it. They know about music, dancing, other things.
If you go to Ghana today to ask people to write a one-page summary of how rock is processed into gold, they can't do it. I went to three universities and asked them, and except for one that specializes in kines, they can't do it.
So as much as I respect the other views, in our countries, our challenge is employment, and job creation. We need to grow, so people can really get jobs. So we need to learn to process gold, or diamonds, etc.
Looking at the purpose of learning:
- acquire knowledge "to be" - UNESCO1972
- learning 'for the treasure within"
etc.
The state of African education. 20% of children 6-11 out of school. 33% of children 13-14. 60% of youth 16-17. 5 million boys will never go to school - they go to fishing, of farming, or go to markets. 50% of the workforce is illiterate. They can't read or write in any language. But between 1990-2018 primary enrollment tripled from 62 million to more than 200 million today.
Where skills are really needed - I appreciate what other countries have done. Technical and Vocational Education and Training (TVET) enrollment is less than 10% of senior high school youth. It gets about 2-6% of national funds. We're not getting enough young people to do this.
We missed the agricultural age, the industrial age, and we are behind in the information age.
Africa is facing a bigger skills training challenge. As we speak we have 200 million youth age 15-35. By 2049 Africa will have the world's largest labor force.
Africa;s skills development must be directly reflated to economic structures.
The new workforce needs new kinds of training. More literacy, more adult education. Churches and Moques should be active. Radio and TV should be involved.
We need to catch up to meet the 4th industrial age. But there are fundamentals. We need the basic skills. Stakeholder ust work together to avoid an unemployment tim bomb.
The reason subscriptions are not such a great idea - Hugh
Messenger :: Telegram gewinnt

Ich benutze so wenig Apps wie möglich. Und die regelmĂ€Ăig benutzten sind alle auf der Frontseite. Messages und Facetime sind fĂŒr Apple User, Signal fĂŒr alle, die besonderen Wert auf Privacy legen. Nachteil dieser Lösungen: Ich muss mein iPhone benutzen. Und da kommt Telegram ins Spiel. Ich benutze das Programm fĂŒr vowe's magic flying cirus und schon bei der Installation fiel mir auf, wie viele meiner Kontakte dort erreichbar sind.
Und dann siegt die Bequemlichkeit. Telegram lĂ€uft auf allen meinen GerĂ€ten, parallel. TĂ€glich wechsele ich zwischen Android, iPhone, X1 Yoga, Surface Pro und iPad Pro. Und ĂŒberall zeigt mir Telegram das Gleiche. Neben den vielen Chats betreibe ich dort zwei Dinge:
- t.me/vowedotnet als Kanal, d.h. ich sende, viele lesen.
- t.me/vowecircus als offenen Chat, der sich ganz prima entwickelt.
FĂŒr mich nicht wichtig, fĂŒr viele andere schon: Man muss seine Telefonnummer nicht rausrĂŒcken, um erreichbar zu sein. So sehen die Teilnehmer im Circus auch gegenseitig nicht ihre Nummern, können sich aber anschreiben. Was wir verlangen, ist ein freundliches Portraitbild, den vollen Namen und Respekt. Das hat sich bewĂ€hrt. So eine hilfsbereite und erfolgreiche Community!
Ich bin t.me/vowe_net und auf Telegram erreichbar. Immer öfter.
Greta Thunberg: "Planet's on fire, here's the science." Conservatives: "Brainwashed pawn!" Imaginary 4-year old: "Don't cancel the Brexit vote I was 17 years away from casting!" Conservatives: "What a hilarious and bold free thinker precociously grasping the issues. " twitter.com/oflynnsocial/sâŠ
|
mkalus
shared this story
from |
Greta Thunberg: "Planet's on fire, here's the science."
Conservatives: "Brainwashed pawn!"
Imaginary 4-year old: "Don't cancel the Brexit vote I was 17 years away from casting!"
Conservatives: "What a hilarious and bold free thinker precociously grasping the issues. " twitter.com/oflynnsocial/sâŠ
On a train pulling into Doncaster. A 4-yr-old just got up and said: "This is Yorkshire and if any of you are southern snobs who believe in cancelling our Brexit votes then don't bother getting off here."
The whole carriage stood up and applauded!
11953 likes, 2895 retweets
625 likes, 139 retweets
Five Years Of The Bandcamp Subscription!
This last weekend, I went to a gig by Richard Lomax AKA Granfalloon â a singer from Manchester. He was explaining where the band name Granfalloon came from â its origins being in Kurt Vonnegutâs book Catâs Cradle. A Granfalloon represents a false or absurd sense of connection felt between a group of people who arenât really connected in any meaningful way. And its meaningful opposite is a Karass â as Wikipedia puts it, âa group of people linked in a cosmically significant manner, even when superficial links are not evident.â
Which obviously got me thinking about the strange and wonderful group of people that make up my subscriber community on Bandcamp, having just reached the fifth anniversary of the subscriptionâs inception!
Restless by Steve Lawson and Pete Fraser
The people who subscribe to me represent the last 20 years of my solo career in breadth and depth, with some old friends and very long time listeners in there alongside people whoâve found my music more recently, and even a few who I imagine are there because they think the venture is worthwhile even without having a particularly deep connection to the music⊠Those âsuperficialâ links are absent purely because of the diversity of their backgrounds and ways of relating to this central community â theyâre from all over the world, of a pretty huge age range, and Iâd be hard pushed to pigeonhole the interests of the typical Steve Lawson subscriber, beyond there being a statistically significant number of bass players present in the sample 
We are a Karass, gathered around a bunch of music and a way of making it available that cuts across so many of the assumptions about how and why recorded music is supposed to exist, itâs relationship with live concerts, the economics around how musicians are supposed to leverage some value from their work, and the balance of significance given to the actual recordings vs the conversations, discussions, questions and contextual ramblings that frame their existence.
The exchange is, from where Iâm sat, very much two-way in so many ways other than the economic sustainability that is so evident at the heart of it. Releasing live recordings throughout the year gives room for the development of my music-making ideas and focus to be influenced by the discussions and responses that happen in between those gigs â earlier this year I released three live albums in the space of a month or so, giving the subscribers who wanted to dig into it the space to consider how my set of tools and ideas manifests itself differently across multiple nights of what in any other context might have been part of a tour, but which almost none of my audience would ever be able to attend across multiple nights.
The kind of exalted status any artist needs to have in order to inspire their listeners â fans â to turn up to multiple nights on the same tour is neither a desirable state to be in nor a practical one if I want to continue to play in small-scale, intimate, community spaces in the way that I do. Recognising that the upper ceiling on my audience size for doing things the way I really want to is actually pretty small has been a huge relief in terms of letting go of many of the expectations of scale that go with having any kind of music career in the age of streaming.
How do I get to make loads of music, release it, and find a community that are willing to engage with it, be present IN it and shape it by giving me permission to keep experimenting (as opposed to withholding their economic support from what I do until I do a farewell or greatest hits tour)? Those were the big questions I set out to try and explore when I launched my Bandcamp subscription on Oct 23rd 2014. FIVE years ago this week.
Iâm so, so grateful to everyone who has subscribed over the years â whether or not youâve since unsubscribed. This was never meant to be a social engineering project, aimed at trapping/tricking people into remaining subscribed beyond the point where itâs useful or meaningful for them to be so. The first yearâs offering is by far the biggest if you bring normal industry metrics to bear on things, because you get some crazy number of albums from across the last 20 years immediately. And theyâre yours to keep, not contingent on you remaining subscribed. Unlike so many other platforms, Bandcamp doesnât do access rental. The music is yours to keep.
But that initial offering is the raw material needed to get caught up with Where We Are Now. My own focus is not âhow can I leverage value from my back catalog?â â this isnât my retirement fund in any way, shape or form â my focus is forward-looking, and the back catalog is all context for where we are. Iâm deeply proud of all of it, and am happy for people to listen to it in a focused way, to dump it all in a folder and listen across the two decades represented on shuffle, to have favourites and to have projects that donât work for themâŠ
The most amazing thing for me about the subscription, other than the friendships and conversation perhaps, is that I no longer need to think about the direct marketable âvalueâ of any one album. I donât prepare music for release thinking âwill people buy this?â My thought process is episodic â I make music that advances the story, I release music that builds on where weâve come from and where weâre heading. I have favourite episodes, for sure, and certainly the guest stars are an absolute joy for me, but itâs the totality of it that feels like âthe workâ â that 20 year story arc that shows no sign of stopping or slowing.
Just under a year after I launched the subscription I was inspired by a recording session with Divinity Roxx to add a MIDI controller to my set up and to start playing drums and keyboards and later to incorporate found sound and field recordings into my music. Even at that stage, the sense of cushioning that the subscription gave me from the raw economic impact of wrong-footing my audience gave me the creative latitude to try things out, to in one sense trash the âsolo bass steveâ brand as an accurate descriptor of what I did as a music maker, but to significantly broaden the sonic scope of my work. The âall live, no editsâ rule is still in place â not because itâs an ethically superior state for music (thatâs a wholly absurd notion) but because that particular constraint focusses my thoughts around a kind of music making that results in the gradual and constant evolution of my language, my ability to construct compelling and meaningful stories in sound, and to perform in a way that allows for every gig to be at the same high standard as the recordings, but also to then be released as a unique event for those who couldnât be there.
Beauty And Desolation by Steve Lawson
There is in music scholarship a large amount of energy and effort given over to peopleâs perceptions of the relative merits of the experience of live vs recorded music â the idea that a live recording has no value because it doesnât capture the atmosphere and the experience, or the idea that a live gig can never scale the heights of the production of a well conceived recording. That, to me, is an entirely false dichotomy that misses the interrelatedness of liveness and the documentary process. A record is different from a gig, in the same way that a meal is different from going to the park. They serve different needs, and the availability of the experience means that they have wholly different levels of exclusivity in terms of who may experience them.
A gig is geographically and temporally bound to the where and when of its happening. A recording is wedded to the technology required for its experiencing and the emphasis that tech brings to the sound as envisaged by the person recording, mixing and mastering it. A live recording isnât comparable as an experience to a gig because one is repeatable and relocatable and the other is not. But the possibility of RE-hearing an improvised show you were at is a magical one. The option to experience and compare multiple nights across a fixed time period, to compare, to listen again, to even transcribe and learn the music if youâre a performer â to do that without the frankly ridiculous limitations to the time required to manufacture product, distribute it, market it, promote it and then focus ones energies on drawing attention to it â that is an amazing, breathless liberty.
Thereâs no such thing as âcreativity free from influence or constraintâ â the mythology of the entire liberated auteur magicking music from the ether is a marketing construct like any other, elevating the creative path to that of the alchemist. Instead, if weâre aware of them, we can deliberately curate our influences and shape our context to best create the affordance for the kind of creative exploration that feels most meaningful to as at any one time.
My own path requires me to stay as unburdened by my own history as possible. âSolo bassâ carries its own set of expectations and distractions that I try to remain conscious of. Iâd hate to have a hit record that brought with it an audience offering the promise of economic enrichment for my willingness to tread that same ground over and over. Itâs not that songs are bad, or that touring with a setlist is some lesser creative path. Thatâd be both offensive and wholly disingenuous to try and elevate small scale improvised performance to some loftier creative plain.. But it is MY path, itâs where my curiosity leads, and itâs the area within which I can best explore how to soundtrack the world in all its beauty and desolateness.
And the Bandcamp subscription is UTTERLY vital to not only me being able to do that, but to helping define that emerging sense of it even being a possibility. Itâs a very different way of thinking about the purpose and value of performing and recording, of developing my creativity and presenting it to people for their enjoyment, edification and often bemusement 
So thank you. Thank you subscribers, thank you Bandcamp, and well done if youâve read this far. Send me an email and Iâll send you a download code for my latest album as a reward for actually reaching the end of this 
Subscribe now at stevelawson.bandcamp.com/subscribe








