Rolandt

If you work on a project every day for 40 years, pouring your heart and soul into it, your time and treasure, every drop of hope and optimism you can call up in the face of rank ignorance, prejudice and wrong-headedness, you sometimes lose track of how far you’ve come. Squeezing out of yourself as many bright ideas and persuasive words as you can come up with while borrowing what else you need from others, biting your tongue when people take potshots at you, misrepresenting what you said or not bothering to represent it at all, you can feel worn out and forget the good that’s come of all the work.  Calling for help—when you don’t know where else to turn—from whatever spirit presides over lost children and misunderstood adults can help. When you’ve done all this for many decades in efforts to enlighten people and provide them with the good and liberating news about how people learn, you should take a moment to stop and look around. Like climbing a mountain, you don’t often look down to see how far you’ve come.

When I chatted with Bob Broudo, retiring head of the Landmark School in Prides Crossing, Massachusetts, I got a chance to do just that. Bob has spent even more years than I have plowing in the fields of learning differences, doing his best to cultivate understanding and success for the millions of us whose brains work a little differently.  

We’ve come a long way since 1971, when Bob started, and 1981, when I started. We’ve come even further if you go back to when we were kids. In those days there were basically two words to describe a child’s—or adult’s—brain: smart and stupid. For stupid, there was but one treatment, try harder. To motivate you to try harder you’d get humiliated, punished, or ultimately set aside if the trying harder didn’t produce the desired results.

How difficult it was to persuade people how much more there is to intelligence and creativity than smart and stupid. How hard it was for people to believe that some of the greatest contributors to human civilization, some of our greatest geniuses, were actually deemed stupid as children. And how many of our most productive, innovative adults never went to college or didn’t even graduate from high school because they either couldn’t do the work or got bored with what was offered, or both.

Having both ADHD and dyslexia myself, I knew firsthand that these conditions, if managed properly, could actually propel a person make unique and lasting contributions. I also knew how often the gifts these people possessed got destroyed growing up by the shame and humiliation they were subjected to.

But now, after decades of climbing, we’re nearing the top of the mountain. Now, as Bob Broudo is retiring and I’m heading into my 73rd year, we’re finally seeing the truth nip at the heels and overtake ignorance, bias, and the cruel practices they beget. 

After I interviewed Bob, I took a deep breath, and said to myself words I rarely let myself say. “Good job, Ned”. I also want to say those words to the multitude who’ve helped, from the early scientists to all of you reading this piece today. You wouldn’t be reading this if you weren’t also part of this great and momentous effort, part of the ongoing mission to free millions from the shackles of misunderstanding, mistreatment, and subsequent underachievement if not failure, incarceration, addiction, depression, marginalization, and early death caused by ignorance about how the brain works.

Take a moment to give three cheers and a hip-hip-hooray for all of us, today and before. Pause and pat yourselves on the back. If ever there were an invisible minority, we’re it. If ever there were a misunderstood group, we’re it. And if ever a group had more to give, more potential to tap, and more white-fire passion to deliver the goods once we’re freed up and our talent unleashed, we’re it.

Bless you, all of you different ones. Bless all of you who’ve worked and continue to work to free these people to add their special destinies to benefit our world.

The post How Far We’ve Come appeared first on Dr. Hallowell.

From the “Note to Reader” in East West Street:

The city of Lviv occupies an important place in this story. Through the nineteenth century, it was generally known as Lemberg, located on the eastern outskirts of the Austro-Hungarian Empire. Soon after World War I, it became part of newly independent Poland, called Lwów, until the outbreak of World War I, when it was occupied by the Soviets, who knew it as Lyov. In July 1941, the Germans unexpectedly conquered the city and made it the capital of Distrikt Galizien in the General Government, known once more as Lemberg. After the Red Army vanquished the Nazis in the summer of 1944, it became part of Ukraine and was called Lviv, the name that is generally used today. Exceptionally, if you fly to the city from Munich, the airport screens identify the destination as Lemberg.

Lemberg, Lviv, Lyov, and Lwów are the same place. The name has changed, as has the composition and nationality of its inhabitants, but the location and the buildings have remained. This is even as the city changed hands, no fewer than eight times in the years between 1914 and 1945.

The city is again at the heart of geopolitics, reports The Economist:

When Russia’s president sends 190,000 troops to invade your country, which he refers to as “historically Russian lands”, one logical place of retreat stands out. That is Lviv, a city that was Polish from 1918 to 1939 and part of other central European states before that. It is a place of baroque buildings, art academies and fiercely anti-Russian sentiment. Its location, in the far west of the country, could make it the last place in Ukraine that Russia tries to conquer. That makes it appealing not just for those fleeing the rest of the country, but also for those eyeing up a potential seat for Ukraine’s government if Vladimir Putin’s forces manage to seize the capital, Kyiv.

Lviv is four hours drive north of my Ukrainian family’s home place in Serafyntsi (Серафинці).

Here’s what morning sounds like in Serafyntsi—and, for that matter, in much of rural Ukraine, when left to its own devices.

My heart is with my family there, and with all peace-loving Ukrainians.

I wanted to run a query against the GitHub GraphQL API using curl on the command line, while keeping the query itself as readable as possible. Here's the recipe I came up with (tested in both bash and zsh), with TOKEN replaced by my GitHub API personal access token:

curl -s https://api.github.com/graphql -X POST \
-H "Authorization: Bearer TOKEN" \
-H "Content-Type: application/json" \
-d "$(jq -c -n --arg query '
{
  search(type: REPOSITORY, query: "user:simonw topic:git-scraping", first: 100) {
    repositoryCount
    nodes {
      __typename
      ... on Repository {
        nameWithOwner
        description
        defaultBranchRef {
          name
          target {
            ... on Commit {
              committedDate
              url
              message
            }
          }
        }
      }
    }
  }
}' '{"query":$query}')"

As you can see, the GraphQL query itself is embedded in plain text inside a complex set of escaping tricks.

Building a JSON document with jq

I needed to encode the query as part of a JSON document that looks like this:

{"query":"\n{\n  search(type: REPOSITORY, query: \"user:simonw topic:git-scraping\", first: 100) {\n    repositoryCount\n    nodes {\n      __typename\n      ... on Repository {\n        nameWithOwner\n        description\n        defaultBranchRef {\n          name\n          target {\n            ... on Commit {\n              committedDate\n              url\n              message\n            }\n          }\n        }\n      }\n    }\n  }\n}"}

The jq recipe handles the construction of that document for me:

jq -c -n --arg query '
{
  search(type: REPOSITORY, query: "user:simonw topic:git-scraping", first: 100) {
    repositoryCount
    nodes {
      __typename
      ... on Repository {
        nameWithOwner
        description
        defaultBranchRef {
          name
          target {
            ... on Commit {
              committedDate
              url
              message
            }
          }
        }
      }
    }
  }
}' '{"query":$query}'

jq -c means "compact syntax" - so the JSON itself is produced as a single line.

The -n option stands for --null-input - which is described as:

Don´t read any input at all! Instead, the filter is run once using null as the input. This is useful when using jq as a simple calculator or to construct JSON data from scratch.

Then --arg query '...' sets a variable within jQuery to the string representing my GraphQL query.

Finally I evaluate the jQuery expression '{"query":$query}' which constructs the final document with my GraphQL query as the value for the "query" key.

Passing that to curl with "$()"

Having constructed the JSON document, I needed to pass it to the curl -d option to submit it to the server.

The recipe for doing that is:

-d "$(jq -c -n --arg query ...)"

I tried doing this with -d $(jq ...) first, and it didn't work - because whitespace inside the substition was treated as separate tokens passed to curl.

Adding the wrapping double quotes caused the substition result to be treated as a single value.

I was worried that double quotes within the string itself would break out of the pattern, but this Stackoverflow answer reassured me otherwise:

Once one is inside $(...), quoting starts all over from scratch.

In other words, "..." and $(...) can nest within each other. Command substitution, $(...), can contain one or more complete double-quoted strings.

The resulting (but truncated) JSON from the GraphQL query looks like this:

{
  "data": {
    "search": {
      "repositoryCount": 22,
      "nodes": [
        {
          "__typename": "Repository",
          "nameWithOwner": "simonw/csv-diff",
          "description": "Python CLI tool and library for diffing CSV and JSON files",
          "defaultBranchRef": {
            "name": "main",
            "target": {
              "committedDate": "2021-02-23T02:53:11Z",
              "url": "https://github.com/simonw/csv-diff/commit/33e0a5918283c02a339a1fb507fc7a9cda89a198",
              "message": "Handle missing JSON keys, refs #13"
            }
          }
        },

Combining it with sqlite-utils insert

My end goal was to create a SQLite database with a record for each of my GitHub repositories that were tagged git-scraping that included the date of their most recent commit. Here's how I did that:

curl https://api.github.com/graphql -X POST \
-H "Authorization: Bearer ..." \
-H "Content-Type: application/json" \
-d "$(jq -c -n --arg query '
{
  search(type: REPOSITORY, query: "user:simonw topic:git-scraping", first: 100) {
    repositoryCount
    nodes {
      __typename
      ... on Repository {
        nameWithOwner
        description
        defaultBranchRef {
          name
          target {
            ... on Commit {
              committedDate
              url
              message
            }
          }
        }
      }
    }
  }
}' '{"query":$query}')" \
  | jq .data.search.nodes | sqlite-utils insert /tmp/github.db repos - --flatten

The line doing the work at the end is:

| jq .data.search.nodes | sqlite-utils insert /tmp/github.db repos - --flatten

This uses jq to pull out the {"data": {"search": {"nodes": [...] array from the returned JSON, then pipes that into sqlite-utils insert.

This line does the rest:

sqlite-utils insert /tmp/github.db repos - --flatten

That reads from standard input (-) and creates a repos table in the new github.db SQLite file.

The --flatten option at the end ensures that nested fields such as {"defaultBranchRef": {"target": {"committedDate": ... are flattened to columns with names like defaultBranchRef_target_committedDate.

The final table schema looks like this:

% sqlite-utils schema /tmp/github.db 
CREATE TABLE [repos] (
   [__typename] TEXT,
   [nameWithOwner] TEXT,
   [description] TEXT,
   [defaultBranchRef_name] TEXT,
   [defaultBranchRef_target_committedDate] TEXT,
   [defaultBranchRef_target_url] TEXT,
   [defaultBranchRef_target_message] TEXT
);

A great laptop charger should charge your machine fast, well, and safely—and do it all without a price tag that will send you looking for a fainting couch. Our favorite replacement laptop charger does all that and more.

The Nekteck 60W USB-C GaN Charger can charge any MacBook or MacBook Pro (other than the 14-, 15- and 16-inch models), plus most PCs, the iPad Pro, and even non-USB-C–based devices at full speed.

The Dutch participation in the Olympic winter games was dominated by Ireen Wüst (she’s the first ever athlete to win gold at 5 Olympics) and Irene Schouten, who won 3 gold and a bronze these games. Schouten won her final gold today. Y made a golden banner in celebration in time for the medal ceremony on tv.

She also made a silver one to cheer on a French cross country skier, and a large general one to cheer on all athletes.

I have just got a hang of Tiktok. I like it much better than Youtube because it encourages short videos. I don’t even have two hundred followers yet, but this can improve quickly. At least I hope so.

Last year I got a Benks Headphone Stand that I like very much. It’s beautiful and it has been holding my AirPods Max ever since. Now I have the Benks Grand Pro Headphone Stand with a wireless charging base, where I can charge my earbuds. It has the same headset holder with a slightly thicker base which holds a Qi compatible charger capable of charging with up to 15 W.

The stand comes disassembled and you do not need any extra tools. Everything is provided in the box: base, stand, allen wrench, machine screw. I like that Bench is including a charging cable with USB-C on both ends.

It has the same headset holder with a slightly thicker base which holds a Qi compatible charger capable of charging with up to 15 W.

The Grand Pro stand is significantly more expensive, so you must decide if the charger is worth the added cost. You will also need to bring your own power supply.

More >

Panic erupted on February 19 as a few users saw their wallets emptied of valuable NFTs without knowing why, and many others feared the same could happen to them. Early explanations blamed a new contract that OpenSea had rolled out, or an airdrop from a new NFT marketplace called X2Y2. People urged NFT owners to revoke permissions for both the OpenSea contract and for X2Y2 until more was known, although one of the most popular websites helping people do so went down shortly after from the high traffic.

An hour and a half after users began to report missing NFTs, OpenSea finally acknowledged the issue. They tweeted that they were "actively investigating rumors of an exploit associated with OpenSea related smart contracts", and wrote that they believed it was a phishing attack coming from outside of OpenSea, rather than an issue with their contract. It was later determined that an attacker had successfully phished 17 OpenSea users into signing a malicious contract, which allowed the attacker to take the NFTs and then flip them. Bizarrely, the hacker returned some of the NFTs to their original owners, and one victim inexplicably received 50 ETH ($130,000) from the attacker as well as some of his stolen NFTs back. The attacker later transferred 1,115 ETH obtained from the attack to a cryptocurrency tumbler, worth around $2.9 million.

• Tweet by Jon_HQ
• Tweet from AJFromDiscord
• Tweet by MikeBurgersburg
• Etherscan transactions for phishing attacker's wallet

mkalus shared this story from jwz.

SELECT UNIX_TIMESTAMP("2038-01-18 19:14:07") → 2147483647;
SELECT UNIX_TIMESTAMP("2038-01-18 19:14:08") → NULL;
SELECT VERSION() → 10.4.22-MariaDB-log

Previously, previously, previously, previously, previously.'

I released a new tool this week: google-drive-to-sqlite. It's a CLI utility for fetching metadata about files in your Google Drive and writing them to a local SQLite database.

It's pretty fun!

Here's how to create a SQLite database of every file you've started in your Google Drive, including both files created in Google Docs/Sheets and files you've uploaded to your drive:

% pip install google-drive-to-sqlite
% google-drive-to-sqlite auth
Visit the following URL to authenticate with Google Drive

https://accounts.google.com/o/oauth2/v2/auth?access_type=offline&...

Then return here and paste in the resulting code:
Paste code here: 
# Authentication is now complete, so run:
% google-drive-to-sqlite files starred.db --starred
% ls -lah starred.db
-rw-r--r--@ 1 simon  staff    40K Feb 20 14:14 starred.db

The OAuth client ID it is using hasn't been verified by Google yet, which I think means that only the first 100 people to use it will be able to authenticate. If you need to you can work around that by creating your own client ID, as described in the README.

Having created that starred.db file you can explore the resulting database using Datasette or Datasette Desktop:

datasette starred.db

# or if you have the Datasette Desktop macOS app installed:
open starred.db

Here's Datasette running against one of my larger metadata collections:

Why build this?

I recently got involved with a participatory journalism project, where a team of reporters have used FOIA requests to gather a huge corpus of thousands of files. The files are in a complex folder hierarchy a Google Drive. I wanted to start getting a feel for what's in there.

Pulling the metadata - file names, sizes, file types, file owners, creation dates - into a SQLite database felt like a great way to start understanding the size and scope of what had been collected so far.

Outside of that project, there's something very exciting to me about being able to use Google Drive to collate all kinds of different data and then tie it into the larger Datasette and Dogsheep ecosystems. I think there's a lot of potential here for all kinds of interesting projects.

How it works

The tool is written in Python using Click (based on my click-app template) and sqlite-utils. It works by calling the Google Drive API.

The auth command needs to get hold of an OAuth access token scoped to make read-only calls to the user's Google Drive contents.

This took a bit of figuring out. I wrote up what I learned in this TIL: Google OAuth for a CLI application

Notably, the end result of that flow is a JSON response containing both an access_token and a refresh_token.

The access token can be used to make authenticated API calls, but it expires after an hour and that expiration cannot be extended.

The refresh token lasts forever, and can be used at any time to obtain a fresh access token.

So the auth command writes the refresh token to a file called auth.json, then future calls to other commands use that token to retrieve a fresh access token on every run.

The most useful command is google-drive-to-sqlite files, which retrieves file metadata based on various criteria, then either writes that to a SQLite database or dumps it out as JSON or newline-delimited JSON. It does this by paginating through results from the Google Drive files list API.

The files --folder ID option is a special case. It retrieves every nested file and subfolder starting at the specified folder. The Google Drive API doesn't support this operation directly, so the tool instead has to recursively call directory listings on every folder until it has pulled back all of the data. See my TIL Recursively fetching metadata for all files in a Google Drive folder for more details.

This operation took over an hour for the largest folder I tested it against! So long that the access token it was using expired and I had to implement code to refresh the token in the middle of the operation.

Some other neat tricks

The download command downloads the specified file to disk:

google-drive-to-sqlite download \
  0B32uDVNZfiEKLUtIT1gzYWN2NDI4SzVQYTFWWWxCWUtvVGNB

It detects the file type and uses that as the extension - in the above example, it saves the file as 0B32uDVNZfiEKLUtIT1gzYWN2NDI4SzVQYTFWWWxCWUtvVGNB.pdf.

The export command only works against the file IDs for docs, sheets and presentations create using Google Apps. It can export to a variety of different formats:

google-drive-to-sqlite export html \
  10BOHGDUYa7lBjUSo26YFCHTpgEmtXabdVFaopCTh1vU

This writes to 10BOHGDUYa7lBjUSo26YFCHTpgEmtXabdVFaopCTh1vU-export.html.

The get command takes a URL to a Google Drive API endpoint and fetches it using a valid access token. This is a great tool for debugging and API exploration - my github-to-sqlite tool has this too.

google-drive-to-sqlite get 'https://www.googleapis.com/drive/v3/about?fields=*'

It also knows how to paginate! Adding --paginate files will cause it to fetch all of the subsequent pages of the API and return just the items from the "files" key combined into a single JSON array, for example:

google-drive-to-sqlite get \
  https://www.googleapis.com/drive/v3/files \
  --paginate files

Exploring other APIs with the same tools

While I was building this, I realized that with just a little extra work the auth and get commands could be used to explore other Google APIs too.

If you are a developer, you can create your own OAuth credentials and enable access to other APIs using the Google Cloud console. You can then take the resulting client ID and secret, pick a scope and run the following:

google-drive-to-sqlite auth -a calendar-auth.json \
  --scope 'https://www.googleapis.com/auth/calendar.readonly' \
  --google-client-id '184325416553-nu5ci563v36rmj9opdl7mah786anbkrq.apps.googleusercontent.com' \
  --google-client-secret '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'

calendar-auth.json will now be a JSON file that looks something like this:

{
  "google-drive-to-sqlite": {
    "refresh_token": "1//...",
    "google_client_id": "184325416553-nu5ci563v36rmj9opdl7mah786anbkrq.apps.googleusercontent.com",
    "google_client_secret": "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",
    "scope": "https://www.googleapis.com/auth/calendar.readonly"
  }
}

You can now fetch your Google Calendar items by adding your email address to the following:

google-drive-to-sqlite get \
  https://www.googleapis.com/calendar/v3/calendars/...@gmail.com/events \
  --auth calendar-auth.json

This will output JSON to the console. For newline-delimited JSON, add --nl.

Since we can paginate with --paginate items, this means we can pipe the results to sqlite-utils insert and create a SQLite database of our calendar items!

google-drive-to-sqlite get \
  https://www.googleapis.com/calendar/v3/calendars/...@gmail.com/events \
  --auth calendar-auth.json \
  --paginate items --nl \
  | sqlite-utils insert calendar.db events \
    - --pk id --nl --alter --replace

Maybe google-drive-to-sqlite wasn't the right name for this after all!

What's next?

Google severely tightened their policies on apps that can access Google Drive a few years ago. I'm currently waiting to see if my app will make it through their verification process, see issue #15.

If it doesn't the tool will still be usable, but users will have to jump through some extra hoops to set up their own client ID. I don't see this as a huge concern.

I've started thinking about ways to import additional data from the Google Drive APIs. I'm particularly interested in the idea of creating a full-text search index in SQLite based on plain text exports of documents created in Google Docs, see issue #28.

For other short-term future plans, take a look at the project's open issues.

Yes, this is a satire.

cartoon in the New Yorker by Will McPhail

Tired of being inundated with (and led around by the nose by) the blatherings of lying politicians, slick propagandists, megalomanic tech billionaires, badly dressed ad-men, neckbeard con artists, well-remunerated “both-sidesing” pundits, windbag podcasters, deranged ex-university professors, gas-lighters, former reality show contestants and dimwitted rap singers who, for no sensible reason, have become media ‘superstars’ and ‘influencers’ of note?

Now you, too, can be an influencer. You can get your writings published by influential media outlets. You can get millions of ‘followers’ on social media, hanging on your every word. You can get millions in venture capital funding for your brilliant and unrecognized idea. You can earn millions a month on Patreon as a “thought leader”.

Just send $US 99 to Paypal account magicalthinking@influencer.org and we’ll send you our secret, proven Influencer Template, that you can use to compose influential op-eds, podcasts, blog posts, ‘viral’ social media posts, IPO proposals or, if you’re old, letters to the editor, in just minutes.

Here is just a taste of the hundreds of amazing secrets you’ll learn from The Template:

1. You must make sure the proposal, idea, or belief you are advocating is presented in such grandiose and ambiguous terms that everybody reading it will think you’re saying what they believe is right. Something like The Better World We All Know is Possible. That could include everything from ensuring all babies get lots of cuddles, to that “those kind of people” get sent “back where they came from”. It could include things like “a return to a world where people get the respect they deserve”, where it’s up to the reader to fill in the blank about who is deserving of what. Who wouldn’t want The Better World We All Know is Possible, when it includes fifty unarguable but ill-defined things like “happiness”, “freedom”, and “real democracy”, and then lets you add in everything that you personally equate with a “better world”?
2. Come up with some vague catch-all term for implementing your idea or proposal that allows every reader to fit everything they believe into it. For example, call your idea something like “Plan B for Civilization’s Reset”. This should include everything you (and your readers) think to be worthy, while “Plan A” (ugggh! boooo!) would be everything in the status quo that you (and your readers) dislike. Everyone wants Plan B, even those who believe it includes burning abortion doctors alive, or abolishing all corporations and redistributing all their assets equally to everyone else, since we each have the freedom to choose what’s in Plan B. Yay plan B! Better than Plan A any day! (A note of caution: Avoid terms like The New Order in your idea name, unless your audience is Davos gnomes. And if you don’t know who the Davos gnomes are, don’t worry, they’ll be calling you to speak at their next conference soon!)
3. Make your solution for getting to The Better World/Plan B/Whatever, as simple as possible. Clauses like “All we have to do is …” and “We really need to … ” and “There is now no excuse to not … ” are perfect. They don’t say who has to do what, or grapple with whether those “must-dos” are even vaguely feasible. That’s for the detail people to worry about. Don’t get bogged down in the pesky ‘hows’ of strategy when you can stay above the fray by sticking to wonderful-sounding ‘objectives’, the more etherial the better. So “We really need to transition quickly to more renewable forms of energy, before it’s too late” is completely unassailable. No one can really disagree, even Big Oil executives who are banking on getting huge government subsidies for trying vainly to do just that.
4. Make it clearly someone else’s responsibility to do what “must be done”, so that you don’t get your readers thinking they’ll have to do anything, or at least anything more than “like” your post or send an email to a politician or maybe even attend a rally if they’re not too busy and if it sounds like fun. Even better, be completely unclear about whose responsibility what “must be done” actually is. Use the royal “We”, so that the reader feels part of “We” but isn’t obliged to do anything difficult or unpalatable that “We” “really need to” do.
5. Offer your readers simple things to do that appear to be easy, fun, and at least vaguely related to your idea. A particularly good approach is the “Ten easy steps” or “Ten simple ways” list. The list should have exactly ten items on it, no more or less, even if you have to pad it a bit. Make sure the “steps” align with your audience’s cognitive biases, and avoid anything too controversial (though “inflammatory” is fine as long as it appeals to your audience’s sense of righteous indignation). If an action is complicated, don’t include it in the list, but instead include “Make a plan to (achieve that action)” on your list instead.
6. Stir up the idealist in your reader, and squelch the depressing realist, by saying things like “Imagine if we suddenly had the power” (eg to change all the laws in the world), followed by things that no one could argue with but which no one actually has the power to do. But be vague enough that they don’t think you’re going to do something they don’t agree with, like tax the rich or demilitarize the police or take away people’s guns. Stick to things like “replacing despots with democratic governments” or “ensuring every child gets three healthy meals a day”. Under no circumstances get into the practicalities of any of these lovely intentions.
7. Sidestep any questions about whether or where your proposed idea has ever been applied, successfully or unsuccessfully. The simple fact that your idea has merit means it goes without saying that it could work if it was applied properly. Shrug off any detractors who say it might not work, and their reasons, by calling them “defeatists” and quoting Margaret Mead’s “Never doubt …” homily. If the detractors still won’t shut up, frame them as luddites by quoting Buckie Fuller’s “You never change things by …” bromide. If they ask for examples, it’s great to cite Elon Musk’s vision to colonize Mars, or any recent activity by any of the other high-tech billionaire space-race buffoons, except Bill Gates. Our package comes with a complete set of such examples, some of them signed.
8. If you’re ever challenged on matters of fact, we have a complete chapter of bafflegab guaranteed to shut up any critic. These scripts include clauses like “We all have a piece of the truth” and “The truth is what we make of it”, so that your entire audience will come to doubt that there even is such a thing as truth. Other than what you’re telling them, of course.
9. At some point some idiot will challenge you that what you’re calling for is just vague objectives, and what is your specific strategy for achieving them when thousands of bright people have failed to do so? We can help you with that, too. Your “strategy” — how you are going to achieve what you propose — should normally be another objective disguised as a strategy or action. So if your objective is to “replace all hydrocarbons to achieve net zero by 2050”, then your strategy should not be anything attackable like “install two billion hydrogen fuelling stations”, but rather something like “Explore the potential of the hydrogen economy, carbon capture, nuclear fusion and other technologies to…”. Ta da! You’ve just reduced an intractable problem to a research project! Way to go, influencer! If challenged further, on who’s going to do this and how, respond with “The way to do this is to help bring together and empower those who know and care most about this problem to collaborate and implement…” If you ever reach the point at which your strategy or action doesn’t beg the question of by whom or how this will be done, stop! You’ve reached a dangerous level of (im)practicality, vulnerable to attack by skeptics and opponents. Replace with a “Research…” or “Explore…” or “Identify…” strategy or action instead. And if a critic says the technology you propose doesn’t exist, simply smile and say “Well it could exist if we put our collective minds to it!”
10. Next you will want to create a posse of followers. You can’t be an influencer unless you have influencees! Their job will be primarily to uncritically retweet or otherwise replicate what you’ve written, so it has ‘credibility’. If you can’t assemble enough of your own, we can sell you a bot and a clickfarm that will immediately show millions of people, with names of varying ethnicities (excluding Russian and Chinese-sounding names of course), passionately ‘liking’ and ‘sharing’ and ‘following’ your posts.
11. These millions of followers will of course get the attention of idle young journalists and older hack journalists in the ‘mainstream media’ wondering what all the fuss is about. It’s important that you now start to publicize your upcoming book, in order to cement your reputation as an influencer. We can provide you with affidavits about millions of ‘preorders’ that your adoring (bot/clickfarm) fans have placed for your book, and bold, pre-crafted ‘excerpts’ from your book suitable for easy placement in op-ed columns in mainstream media, that are guaranteed to ‘sell’ across the entire political spectrum.
12. And of course you will want your own ‘meme’ posters and merch with catchy and stirring but banal sayings no one could disagree with, with beautiful tasteful backgrounds and with your name and lovely signature, so no one can ‘steal’ them and detract from your influence.
13. At some point you will be faced with the decision on identifying one or more “bad guys” blocking implementation of your brilliant idea(s). This can be very effective if done well, but treacherous if done badly. Our package includes a complete set of straw man “bad guys”, real and theoretical, you can safely attack. They include eg Vladimir Putin, the Chinese Communist Party (since no one can remember China’s current leader’s name), “Syria”, “Iran”, terrorists, luddites, “the powers that be”, “vested interests”, “anarchists”, “illegal aliens”, “freedom-haters” and (non-specifically) “the government”. But be careful not to include local political parties or people or groups like trucker freedom convoys, since they and their supporters could end up being your biggest funders. For the same reason, don’t attack “the 1%”, “capitalism”, or “Wall Street”, and definitely avoid terms like “deplorables”. Also be careful with nutbar groups who might go after you personally. (Our package has a list, but we won’t list them here because we’re afraid they might attack us.)

Oops! Thirteen items on our list, instead of the obligatory ten. Oh, well, we’re just generous that way. Order now, because eventually everyone will figure this out, and if the future is bereft of influencers like you, who will be left to tell us what to do?

See you in the op-ed pages, and on the speakers’ circuit, soon!

Your friends,
The Influencer Template team.

Guler2019 Emre Güler, Cornelius Aschermann, Ali Abbasi, and Thorsten Holz: "AntiFuzz: Impeding Fuzzing Audits of Binary Executables". 2019 USENIX Security Symposium.

A general defense strategy in computer security is to increase the cost of successful attacks in both computational resources as well as human time. In the area of binary security, this is commonly done by using obfuscation methods to hinder reverse engineering and the search for software vulnerabilities. However, recent trends in automated bug finding changed the modus operandi. Nowadays it is very common for bugs to be found by various fuzzing tools. Due to ever-increasing amounts of automation and research on better fuzzing strategies, large-scale, dragnet-style fuzzing of many hundreds of targets becomes viable. As we show, current obfuscation techniques are aimed at increasing the cost of human understanding and do little to slow down fuzzing.

In this paper, we introduce several techniques to protect a binary executable against an analysis with automated bug f inding approaches that are based on fuzzing, symbolic/concolic execution, and taint-assisted fuzzing (commonly known as hybrid fuzzing). More specifically, we perform a systematic analysis of the fundamental assumptions of bug finding tools and develop general countermeasures for each assumption. Note that these techniques are not designed to target specific implementations of fuzzing tools, but address general assumptions that bug finding tools necessarily depend on. Our evaluation demonstrates that these techniques effectively impede fuzzing audits, while introducing a negligible performance overhead. Just as obfuscation techniques increase the amount of human labor needed to find a vulnerability, our techniques render automated fuzzing-based approaches futile.

Here it is: the ed tech conference proposal generator. The adjectives don't really work but the titles are otherwise realistic. It would be a fun conference game to challenge people to give a two-minute impromptu talk based on generaled proposal titles.

Hey everybody,

Please join me to welcome Cindi Jordan into our Customer Experience team as a Sr. Customer Experience Program Manager.

Here’s a short introduction from Cindi:

Hi there, I’m Cindi Jordan joining Mozilla as a Sr. Customer Experience Program Manager. I will be working closely with the team to find process efficiencies, document team strategy, and proactively identify ways we all can work together more effectively. I am a huge advocate for the user experience and it’s vast amount of support channels within the community, through content and in product. I’m looking forward to learning much more about the organization and all of you, using my experience managing a social support team and in content/strategy management to help how I can.

Welcome, Cindi!

Apple will debut seven new Apple Silicon-powered Macs this March, according to Bloomberg's Mark Gurman. Gurman reported as a part of his Power On newsletter that the new Macs will feature either a new M2 chip, last year's M1 Pro and M1 Max chips or super-powered versions of the M1 Max.

The Bloomberg reporter listed the following seven new Macs in the report:

• New Mac mini with an M1 Pro chip
• 13-inch MacBook Pro with an M2 chip
• Mac mini with an M2 chip
• 24-inch iMac with an M2 chip
• Redesigned MacBook Air with an M2 chip
• Larger iMac Pro with M1 Pro and M1 Max chip options
• Half-sized Mac Pro

Gurman says that all seven of the new Macs will arrive sometime in 2022. Further, he says that the entry-level MacBook Pro and Mac mini will be the first to get the upgrade as they are some of the oldest in Apple's current lineup.

This means a new Mac Mini and entry-level Mac MacBook Pro could arrive as soon as March 8th at Apple's next event rumoured keynote. From there, Gurman says Apple is ramping up for the next wave of Mac releases for May or June.

That second round of Mac releases could potentially focus on a new iMac Pro and Mac Pro. These new Macs will reportedly sport souped-up versions of the M1 Max. This new iMac Pro was first rumoured to come earlier in the year, but its release has seemingly been pushed back.

Gurman finishes his newsletter by mentioning that he thinks a Pro and Max version of the M2 chip is further down the line and will launch in 2023 alongside the M3.

Source: Mark Gurman Via: Bloomberg

To decide who’s doing best at the Olympics you have to define what “best” means. Do you go by total medal count? Do you give more weight to gold medals over silver and bronze? Josh Katz, for NYT’s The Upshot, has been updating an interactive that ranks countries based on how you answer.

Each heatmap represents a country. The horizontal axis represents how much more a silver is worth over a bronze, and the vertical axis is how much a gold is worth over a silver. So the bottom left corner is all medals equal. Color represents possible ranking. The list of countries on the right updates as you move the cursor over spots.

Katz has been updating for each Olympics since PyeongChang 2018. It’s my favorite medal count tracker. I like the original best, which spaced countries in the list when there were ties.

Tags: Josh Katz, medal, Olympics, ranking, Upshot

Surface Laptop Studio löst das Surface Book ab. Bei der Vorstellung fand ich es noch sehr merkwürdig, aber seit ich es in der Hand halte, bin ich überzeugt.

Während im kopflastigen Book noch der ganze Computer mit relativ kleinem Akku im Display-Deckel war, ist der Laptop-Studio wie ein Sandwich aufgebaut. Der Display-Deckel hat ein mittiges Scharnier und schützt das eigentliche Display. Davon merkt man zunächst nichts. Das Gerät verhält sich wie ein normaler Laptop mit Touchdisplay und Stiftbenutzung.

Erst wenn man den Deckel mit beiden Händen greift und das Oberteil nach hinten knickt, löst sich die magnetische Verbindung zwischen Display und dem Unterteil des Deckels und man kann es vorschwenken. Das passiert niemals zufällig. Wenn man es nicht erzwingt, dann bleiben Display und Deckel stets solide verbunden.

Hat man das Display gelöst, wirkt die Konstruktion wackelig. Der Deckel ist nicht sehr torsionssteif. Das ändert sich, wenn man das Display in seine neue Position gebracht hat. Die Magnete an der Unterseite halten sich entweder unterhalb der Tastatur oder an der Vorderkante fest und man hat wieder eine stabile Einheit.

Diese Konfiguration ohne Tastatur eignet sich für verschiedene Szenarien, bei denen man kein Keyboard braucht, wohl aber ein Touchpad oder einen Xbox-Controller. Spannender ist für mich das komplett flachgelegte Display.

Dabei entsteht kein Tablet, das man in der Hand halten will, sondern ein leicht angeschrägtes Pult. Im Detail sieht man, dass der Displaydeckel eine schiefe Ebene schafft, die das Display sauber unterstützt. Das ist solide, ohne jeden Flex.

Ich kann das Gerät stundenlang anschauen und finde immer wieder kleine, wohldurchdachte Details, etwa die nur im Gegenlicht erkennbaren Füßchen, welche die Oberseite des Laptops schützen.

Bei einer schnellen Präsentation erschließen sich die Details nicht richtig. Das zurückgesetzte Kellergeschoss empfand ich zunächst als befremdlich, aber es hat viele Vorteile. So hat das Laptop Studio großzügig bemessene Lüftungsschlitze, die man nicht wahrnimmt. Kühlende Luft lässt sich mit geringer Geschwindigkeit quer durch das Gerät pusten. Die zusätzliche Kante führt außerdem dazu, dass man das Laptop Studio leichter als andere Laptops vom Tisch hochheben kann. Da das Display vom Deckel leicht zurückgesetzt ist, lässt es sich außerdem leicht öffnen. An der Vorderkante findet der Surface Slim Pen einen sichereren Parkplatz

Wie alle andern aktuellen Surface-Geräte hat der Laptop Studio nur zwei Thunderbolt-Ports sowie den magnetisch gehaltenen Surface-Connector. Dazu gesellt sich ein 3.5mm Audio-Port für Headsets, der meinem Surface Pro x bereits fehlte, aber im Surface Pro 8 wieder drin ist. Ich schließe am Surface Connector mein Surface Dock 2 und daran die Peripherie an.

Unterwegs kann man auch das mitgelieferte Netzteil verwenden. Alternativ lässt sich der Laptop Studio auch mit ausreichend starken USB-Netzteilen mit Strom versorgen oder mittels eines geeigneten Thunderbolt-Kabels an einem Monitor anschließen und mit Strom versorgen. Sowohl mein Surface Pro 8 als auch der Laptop Studio sind mit Intel-Prozessoren der 11. Generation ausgestattet und nehmen sich deshalb in der Leistung nichts. Beide kommen auf ca 186k beim JetStream Benchmark, jeweils mit der aktuellen Edge-Version gemessen.

Das Surface Laptop Studio Testgerät hat zusätzlich eine GeForce RTX 3050 Ti Laptop GPU, welche die mit Geekbench gemessene Leistung von 19k auf 51k anhebt. Ich kann das nicht einordnen, weil ich kein Gamer bin und keine Anwendungen habe, die von einer GPU profitieren.

Ich stelle fest, dass der Laptop Studio ein stimmiges Konzept, ein edles Design, aber eine spärliche Ausstattung mit Schnittstellen hat. Mit exzellenter Tastatur, großem Touchpad, Touchscreen, Stift und variablem Gehäuse wäre er für mich persönlich der ideale Laptop, wenn ich nicht bereits das leichtere und schlankere Surface Pro 8 hätte.

Das Testgerät ist mit 2199 Euro angemessen bepreist, wäre für mich aber auch 500 Euro günstiger unverändert einsetzbar. Wer mit weniger zufrieden ist und das schwenkbare Display nicht braucht, kann ab 649 Euro beim Surface Laptop einsteigen.

Meeting … Black Technology Talent at The New York Times

“Meeting …” is an ongoing series that features colleagues from different corners of The New York Times Company.

The technology behind The Times is driven by the contributions of different technologists across the organization. For Black History Month, we are highlighting a few of our Black colleagues who have helped shape The New York Times Company with their work, from engineering to information technology. Learn how they describe themselves in this ever-changing industry.

Shonta’ Singleton, QA engineer
David Morant, senior software engineer
Lisa Godwin, creative technologist consultant
Stephen Sebro, senior software engineering manager
Loren Hinkson, data and insights manager
Nickesha K. Lindsay, senior QA engineer
Rickardin Richard, technical support specialist
Seble Asfaw, program manager
Precious Yeboah, associate product designer
Cherena Bradley, associate software engineer

Shonta Singleton

What are your pronouns? She/Her

What is your title and what does it mean? QA engineer on the photo team. We work on applications, most recently Loupe, that are used by the newsroom to build high-quality visual stories.

How does your identity shape the way you think about technology? How do you approach your career? How do you uplift others?
Technology plays a significant role in my personal and professional life. From my perspective, it allows me to communicate, connect and learn. When my career first began more than 15 years ago, there weren’t many people who looked like me in my profession. The industry has evolved since that time and I am optimistic about diversity continuing to improve in the future. I approach my career with the understanding that my point of view and authenticity as a Black woman is valuable. When it comes to uplifting others, I like to keep it simple by being supportive and positive. I listen. I don’t judge. I show empathy.

What is a passage or quote (from a book, movie, text) that has stuck with you? How do you apply it to your life?
“Don’t Postpone Joy” has been my motto for a long time. Since the pandemic this quote has become more meaningful to me. I wake up every morning and ask myself “How can I bring joy to my day?” Joy doesn’t have to be extravagant, it can be a trip to my local cafe to get my favorite latte, going for a run on the boardwalk or cooking one of my favorite meals.

What is the approach to mental health in your culture? What are some methods that you practice to look after your mental health and well-being?
I believe there is an awakening happening in my culture where my generation is more open to discussing mental health and exploring the methods available to them.

Dealing with mental health/well-being during a pandemic has been a journey. However, I’ve incorporated methods that help me keep peace of mind. Here are some:

• Daily ritual that starts with prayer, meditation and journaling.
• Moving my body by running, and practicing yoga.
• Learning new skills. I took tennis lessons last year.
• Watching a funny show (“Golden Girls” fan here) or movie. Laughter is a form of therapy for me.
• Spending time with family and friends.
• Helping others!

David Morant

What are your pronouns? He/Him/His

What is your title and what does it mean? Senior software engineer, audio Android app. We are building a new app that brings our new New York Times audio experience to Android users (coming soon!).

What is a passage or quote (from a book, movie, text) that has stuck with you? How do you apply it to your life?
“If you’re a high visibility player, it’s on you to move the community in a positive direction” — Jonas Neubauer

Not from a movie or book, but from a former Tetris world champion (I waste a lot of time on the internet). I try my best to be welcoming and encouraging to people in any space that I feel comfortable in. If I can feel comfortable, maybe I can help make it easier for others.

How has your career shaped your understanding of the world and vice versa?
When I first started working in a large codebase I thought that the code was sacred and it must be flawless because it was here before me, and I assumed that everyone else agreed. If I didn’t understand why we were doing something, I assumed I was always wrong. But now I realize that they were just decisions that were made by other people just like me, and we can change it if it doesn’t suit us.

Lisa Godwin

What are your pronouns? She/Her

What is your title? Creative technologist consultant on the growth team.

I provide technical solutions to stakeholders for monetization of our digital products. I consult within early pitch phases of a project to research and determine technical execution methods and feasibility. I collaborate with teams of developers, marketers and vendors; interfacing with production and creative departments from concept to delivery.

Are there any passion projects that you work on during your free time?
One of my passion projects is a platform and network that I have created which gives you the self-evaluation tools, industry information and social access to strategize your next career move, and make an impact in the tech industry. Helping people, especially individuals from marginalized communities recognize their place in tech is a life mission of mine. I recently authored a Career Journal Planner that will help the user make a decisive move toward a new and exciting career in tech. I believe that there is a place in the tech industry for everyone and my goal is to help the user discover that place within the ecosystem.

What is a passage or quote (from a book, movie, text) that has stuck with you? How do you apply it to your life?
“Comparison is the thief of joy.” Not one path in life is the same and I apply this to my life and career as well. Speaking at various conferences in the past, I have been asked “What is your superpower?” My response, “me.” You are your own superpower. What you bring to the table is your own magic that you add to all your work. I often remind myself that leaders become great not because of their power but because of the ability to empower.

Stephen Sebro

What are your pronouns?: He/Him

What is your title and what does it mean? I’m a senior software engineering manager for the User Experience Foundations (UXF) home and UXF sustainability teams. The UXF home team is responsible for the home page, and the UXF sustainability team solves unowned problems to unblock teams in the UXF group.

How does your identity shape the way you think about technology?
A friend recently pointed out that visually distinguishable minorities often feel like they constantly have to prove themselves and to continually earn their place in the room. I’ve realized that this is true of me as well, and it sits at the core of how I think, driving my choice of a major in college (economics), my choice of career (software engineering/engineering management) and the structure of my daily thoughts. This deep-seated insecurity is directly driven by my identity as a Black man in America, and for better or worse, has shaped my passion.

While I enjoy problem-solving and I take pleasure in writing elegant code and achieving strong technical craftsmanship, what I am really passionate about is creating value. I chase the most valuable problems, wherever they may be.

How has your career shaped your understanding of the world?
Being a software engineer helped me see how to organize things to make life easier and to make little chores more efficient. For example, instead of putting them in a stack, I store my T-shirts in a directly addressable “data” structure which gives me both high visibility into all my options and direct access to remove any of them while minimizing the disturbance to the others.

Becoming a manager forced me to harness empathy and become more emotionally self-aware. This initially helped me to become a better leader, but at the same time also made me a better partner and a better communicator in all aspects of my life.

And vice versa?
Years ago, my wife and I were resident fellows responsible for an ethnic theme dorm at Stanford. That experience taught me how to identify and solve hidden D.E.I. issues — we successfully campaigned to change university policy so disadvantaged students would have equal access to meals. As a manager, the same skill helps me notice and rectify hard-to-see imbalances that if left unchecked would let an unfair system propagate.

Loren Hinkson

What are your pronouns? She/Her

What is your title and what does it mean? Data and insights manager on the messaging and personalization (MAPS) team. I work on interpreting trends in user behavior and results from analyses and A/B tests for our newsletter and push notification products to help inform product strategy decisions.

How does your identity shape the way you think about technology? How do you approach your career? How do you uplift others?
As a Black woman and a former policy student, I think a lot about access, and how the smallest decisions can include or exclude whole populations: from the colors we choose on websites and whether we capitalize words in hashtags to choosing to open a cashless business in a largely unbanked community. I try to mitigate how I contribute to these types of access barriers by surrounding myself with people who have wide-ranging backgrounds and experiences that I can learn from or use as sounding boards. More personally, I have an incredible amount of respect for people who have nontraditional career routes, and try to share information about technical programs and preparation tools I know of whenever helpful — it makes me happy to help other people get to where they want to be. I am also a big evangelizer of the importance of user research and understanding end users.

Do you think tech literacy is important for future generations?
I think tech literacy is important for every generation. There are too many nefarious actors who are willing to take advantage of people who don’t understand things like internet security, the importance of reading/skimming terms and conditions, or how to choose passwords that aren’t easily hacked. As more and more of our lives end up online, and more data is made available through open data initiatives and FOIA (Freedom of Information Act), it’s important to know how to protect ourselves, our identities and our rights, as well as how to utilize all the opportunities that are becoming available to us.

Nickesha K. Lindsay

What are your pronouns? She/Her

What is your title and what does it mean? Senior QA engineer, for the engagement mission. I test software applications and features.

How has your career shaped your understanding of the world and vice versa?
My career has allowed me to constantly view things from another perspective. It’s one thing to find things useful and positive from your own point of view, but how useful and positive is it for everyone else? We don’t just build software and technology for the pleasure of a few, we build it for everyone to experience. When testing software, the definition of a “good” experience can be subjective to the person using the application and they’ll form their own opinions on what that actually means to them. You just have to take whatever feedback given and try to apply it in a positive way to make it better — in QA testing and in life.

What is the approach to mental health in your culture? What are some methods that you practice to look after your mental health and well-being?
Honestly, I don’t think mental health is taken seriously in my culture but this is true everywhere. We need to give people the safe space to express how they’re really feeling about themselves, their lives and what they are going through without judging. Life is hard and life is always challenging people in ways they can’t cope with. When it comes to my own mental health, I try to take things one day at a time, be thankful for the little accomplishments and positive things going on in my life. If I’m not feeling right mentally — it’s okay to NOT be okay and step away for a bit or take care of myself. Admittedly this is something I had to learn later in my life and am still working on. Sometimes I use my art as an escape — it’s not just something I enjoy doing, it’s often the thing that I go to sort my feelings either by drawing, creating things or writing stuff down. It keeps me grounded. We’re taught to suck it up and deal with issues on our own — but our well-being is important and we have to give ourselves permission to step away when we need time to heal and reflect.

Rickardin Richard

What are your pronouns? He/Him

What is your title and what does it mean? Technical support specialist, end user support team, provide hands-on IT support and solutions.

What is a passage or quote (from a book, movie, text) that has stuck with you? How do you apply it to your life?
“Where your fear is, there is your task.” — Carl Jung. I often recite this quote to myself whenever I have any doubts about starting a new project, completing a task or simply sparking a conversation with someone new. Sometimes we let our fears, whether big or small, enable our procrastination, and this quote is a reminder to just get up and do it … “If I fail, I fail, it’s not that deep.”

What is the approach to mental health in your culture? What are some methods that you practice to look after your mental health and well-being?
As a first generation Haitian American, I find that mental health isn’t widely acknowledged in our culture. Having immigrant parents that have worked hard to establish themselves and provide for our family, it was often expressed that we cannot be depressed living in America. One just has to work hard and essentially “get over it.” Today, it seems that mental health from one’s personal life to work is taken into consideration. Simply going for a drive to reflect or unplugging myself from technology for a weekend are some ways I look after my mental wellbeing.

Seble (Seb-la) Asfaw

What are your pronouns? She/Her

What is your title and what does it mean? Program manager for the RISC department (technology risk, information security, and compliance). I work across all our RISC teams and manage activities and deliverables between multiple projects. I track our milestones and ensure we’re meeting our organizational goals.

Are there any passion projects that you work on during your free time
I’m passionate about classical/tribal African art and artifacts (figures, masks, sculptures and textiles). I’ve been studying pieces from cultures across the continent and I’ve fallen in love with understanding the history, intention and diversity of African art. Early on, I recognized that there are few Black dealers, gallerists and even collectors of classical African art. This was disheartening for many reasons but gave me the inspiration I needed to start sharing my interest with others like me. In 2020, I started a resource for learning about art from the continent. My goal is to expose more people of African descent to our art and artifacts with the hopes of more Black people collecting African art.

What is your ethnic background and how do you celebrate it?
I am Ethiopian-American. I was the first in my family to be born outside of Ethiopia. My parents were refugees and left Ethiopia in the early 1980s. Although they have lived outside of Ethiopia for about 40 years, they have very much kept their culture and instilled that into our family. My love for art and having a deeper understanding of history, culture and traditions comes from them.

Precious Yeboah

What are your pronouns? She/Her

What is your title and what does it mean? Associate product designer, customer care. I help design experiences that allow our customer care agents to assist customers in a more efficient way.

Are there any passion projects that you work on during your free time
I’ve been working on a social enterprise project that partners up with Ghana-based artisans to create sustainable women’s clothing. It’s still very much in its infancy but the hope is that by supporting the local artisanal sector and creating businesses that operate fairly, we’ll help build up the Ghanaian economy. I was born in Ghana and spent the first 13 years of my life there so I’m very passionate about supporting the local economy there.

How does your identity shape the way you think about technology? How do you approach your career? How do you uplift others?
Being a Black woman makes me very much aware of inclusivity or the lack thereof in every space I find myself in. As such, I’m always considering how technology can be used as a vehicle to foster more inclusivity. Specifically within design, thinking about how to design experiences that are equitable for all our users with different needs. I also think about how I can contribute to the creation of a work environment that allows people to bring their whole selves to work. Practically, that looks like listening more and allowing others to shine, giving credit where it’s due, including others in the conversation.

How do you prioritize yourself and your family?
I try to be more intentional about not allowing work to creep into my personal time with family and friends. I try to work on other projects that are not about profit or advancing my career — things that I just want to do to have fun. I paint a lot, I find that very therapeutic. I’ve found that really questioning my intentions for doing the things I do allows me to be honest with myself and confront myself if I realize that I’m attaching my sense of identity to my achievements or the things I’m doing.

Cherena Bradley

What are your pronouns: She/Her

What is your title? Associate software engineer on the accelerated digital growth team in care. I work on creating tools that assist customers with their online subscription experience.

How do you prioritize yourself and your family?
I prioritize myself by unplugging myself from social media and turning my phone off. It is very easy to get lost online comparing yourself to others and how much they have achieved in a short amount of time. I usually spend time with my mom and we’ll just relax together and pre-Covid, we would sit in the park and enjoy nature.

What is a passage or quote (from a book, movie, text) that has stuck with you? How do you apply it to your life?
“Stay gold, Ponyboy. Stay gold.” — “The Outsiders”

This quote stuck with me because it is so easy now to get wrapped up in a false reality due to social media. Many people become shallow and narcissistic and this is seen as the new norm. So I always remember to stay true to myself and enjoy the simpler things in life.

What is your ethnic background and how do you celebrate it?
I am Haitian, and one way I celebrate being Haitian is a big bowl of soup joumou on January 1st.

We’re hiring. Apply to work with us here.

Meeting…Black Technology Talent at The New York Times was originally published in NYT Open on Medium, where people are continuing the conversation by highlighting and responding to this story.

This article is a mix of fantasy and reality and it's sometimes hard to separate the two. And it's hard to know exactly what OECD's education chief Andreas Schleicher is advocating here as he swing from saying "students go to university to learn from great professors, do ground-breaking research, collaborate with their peers on projects and experience the social life of campus living" to saying "the current model of studying four years for a degree and then going out to build a career, will not work any more." It demonstrates a tension, I think, between what universities actually do, and what OECD would like them to do. We see a very similar message in a report (behind a spamwall) from EY. "Universities must prepare for a future where students could demand degrees, low-cost options or asynchronous learning. Otherwise, institutions risk becoming obsolete."

I usually wouldn’t do a post about this, but I was so surprised I had to share. I picked up a Jabra Evolve2 30 UC wired headset, with USB-C, because my friend Hugo loves the wireless Jabra and I’ve been using an older USB-A headset and thought it would be nice to not need an adapter. I also thought for $89 it must be good. The reviews were also really solid (4.3 on Amazon right now).

Do not buy this headset. There was a constant buzz/hum in the speaker, people sounded lower quality, and the mic also was lower quality. On the plus side, it was a nice build quality and comfort.

For $29 cheaper ($60) the Sennheiser SC 135 USB-C had better speaker, way better mic quality, very nice build and comfort. Get that one instead.

So don’t mute, get a better headset. Krisp.ai is still great, too.

Vaccines

This preprint says that if you are unvaccinated and get Omicron, that protects you against Omicron, but your protection against anything else is pretty crappy. If you get Omicron after getting vaccinated, you get really really good protection against all known variants.

Treatments

Two articles have come out in the past week which say that nasal irrigation is really, surprisingly helpful at keeping a COVID-19 infection from progressing to a severe illness:

• This preprint found that irrigating twice per day for fourteen days with salt plus either sodium bicarbonate or povidone-iodine (a disinfectant) cut hospitalization or death by almost 9x.
• If using salt and baking soda seems too low-class for you, there is a nasal nitric-oxide spray (SaNOtize) developed by a Vancouver-based company which this article says just got approved in India. A study found that people using SaNOtize cleared the virus in four days, vs. eight for the control group.

Recommended Reading

Yeah, things are messed up. But read this article to remind yourself of just how amazing — even with all the problems — this vaccine rollout has been.

This article argues that the best thing to do to cut COVID-19 cases is to vaccinate the elderly. Even though they are well-vaxxed, they have severe consequences at such an amazingly higher rate (Someone over 85 is 320x more likely to die that someone in their 20s!), that it’s worth spending effort to vax the unvaxxed elderly.

This article looks at the so-called “Russian flu” of ~1890, which people are more and more willing to pin on a coronavirus, OC43, which is now one of the “common cold” coronaviruses.

When searching for a pattern that might be present in source code contained in multiple files, what is the best tool to use?

The obvious answer is grep, and grep is great for character-based pattern searches. But patterns that are token based, or include information on language semantics, fall outside grep‘s model of pattern recognition (which does not stop people trying to cobble something together, perhaps with the help of complicated sed scripts).

Those searching source code written in C have the luxury of being able to use Coccinelle, an industrial strength C language aware pattern matching tool. It is widely used by the Linux kernel maintainers and people researching complicated source code patterns.

Over the 15+ years that Coccinelle has been available, there has been a lot of talk about supporting other languages, but nothing ever materialized.

About six months ago, I noticed semgrep and thought it interesting enough to add to my list of tool bookmarks. Then, a few days ago, I read a brief blog post that was interesting enough for me to check out other posts at that site, and this one by Yoann Padioleau really caught my attention. Yoann worked on Coccinelle, and we had an interesting email exchange some 13-years ago, when I was analyzing if-statement usage, and had subsequently worked on various static analysis tools, and was now working on semgrep. Most static analysis tools are created by somebody spending a year or so working on the implementation, making all the usual mistakes, before abandoning it to go off and do other things. High quality tools come from people with experience, who have invested lots of time learning their trade.

The documentation contains lots of examples, and working on the assumption that things would be a lot like using Coccinelle, I jumped straight in.

The pattern I choose to search for, using semgrep, involved counting the number of clauses contained in Python if-statement conditionals, e.g., the condition in: if a==1 and b==2: contains two clauses (i.e., a==1, b==2). My interest in this usage comes from ideas about if-statement nesting depth and clause complexity. The intended use case of semgrep is security researchers checking for vulnerabilities in code, but I’m sure those developing it are happy for source code researchers to use it.

As always, I first tried building the source on the Github repo, (note: the Makefile expects a git clone install, not an unzipped directory), but got fed up with having to incrementally discover and install lots of dependencies (like Coccinelle, the code is written on OCaml {93k+ lines} and Python {13k+ lines}). I joined the unwashed masses and used pip install.

The pattern rules have a yaml structure, specifying the rule name, language(s), message to output when a match is found, and the pattern to search for.

After sorting out various finger problems, writing C rather than Python, and misunderstanding the semgrep output (some of which feels like internal developer output, rather than tool user developer output), I had a set of working patterns.

The following two patterns match if-statements containing a single clause (if.subexpr-1), and two clauses (if.subexpr-2). The option commutative_boolop is set to true to allow the matching process to treat Python’s or/and as commutative, which they are not, but it reduces the number of rules that need to be written to handle all the cases when ordering of these operators is not relevant (rules+test).

rules:
- id: if.subexpr-1
  languages: [python]
  message: if-cond1
  patterns:
   - pattern: |
      if $COND1:  # we found an if statement
         $BODY
   - pattern-not: |
      if $COND2 or $COND3: # must not contain more than one condition
         $BODY
   - pattern-not: |
      if $COND2 and $COND3:
         $BODY
  severity: INFO

- id: if.subexpr-2
  languages: [python]
  options:
   commutative_boolop: true # Reduce combinatorial explosion of rules
  message: if-cond2
  pattern-either:
   - patterns:
      - pattern: |
         if $COND1 or $COND2: # if statement containing two conditions
            $BODY
      - pattern-not: |
         if $COND3 or $COND4 or $COND5: # must not contain more than two conditions
            $BODY
      - pattern-not: |
         if $COND3 or $COND4 and $COND5:
            $BODY
   - patterns:
      - pattern: |
         if $COND1 and $COND2:
            $BODY
      - pattern-not: |
         if $COND3 and $COND4 and $COND5:
            $BODY
      - pattern-not: |
         if $COND3 and $COND4 or $COND5:
            $BODY
  severity: INFO

The rules would be simpler if it were possible for a pattern to not be applied to code that earlier matched another pattern (in my example, one containing more clauses). This functionality is supported by Coccinelle, and I’m sure it will eventually appear in semgrep.

This tool has lots of rough edges, and is still rapidly evolving, I’m using version 0.82, released four days ago. What’s exciting is the support for multiple languages (ten are listed, with experimental support for twelve more, and three in beta). Roughly what happens is that source code is mapped to an abstract syntax tree that is common to all supported languages, which is then pattern matched. Supporting a new language involves writing code to perform the mapping to this common AST.

It’s not too difficult to map different languages to a common AST that contains just tokens, e.g., identifiers and their spelling, literals and their value, and keywords. Many languages use the same operator precedence and associativity as C, plus their own extras, and they tend to share the same kinds of statements; however, declarations can be very diverse, which makes life difficult for supporting a generic AST.

An awful lot of useful things can be done with a tool that is aware of expression/statement syntax and matches at the token level. More refined semantic information (e.g., a variable’s type) can be added in later versions. The extent to which an investment is made to support the various subtleties of a particular language will depend on its economic importance to those involved in supporting semgrep (Return to Corp is a VC backed company).

Outside of a few languages that have established tools doing deep semantic analysis (i.e., C and C++), semgrep has the potential to become the go-to static analysis tool for source code. It will benefit from the network effects of contributions from lots of people each working in one or more languages, taking their semgrep skills and rules from one project to another (with source code language ceasing to be a major issue). Developers using niche languages with poor or no static analysis tool support will add semgrep support for their language because it will be the lowest cost path to accessing an industrial strength tool.

How are the VC backers going to make money from funding the semgrep team? The traditional financial exit for static analysis companies is selling to a much larger company. Why would a large company buy them, when they could just fork the code (other company sales have involved closed-source tools)? Perhaps those involved think they can make money by selling services (assuming semgrep becomes the go-to tool). I have a terrible track record for making business predictions, so I will stick to the technical stuff.

Datasette table diagram using Mermaid

Mermaid is a DSL for generating diagrams from plain text, designed to be embedded in Markdown. GitHub just added support for Mermaid to their Markdown pipeline, which inspired me to try it out. Here's an Observable Notebook I built which uses Mermaid to visualize the relationships between Datasette tables based on their foreign keys.

Via @simonw

There truly are no original ideas, but at least this one is tied to a pretty cool looking roughly 40-year-old car.

In a new brief teaser, the DeLorean Motor Company showed off a glimpse of the return of its iconic car, stating that "The future was never promised" and "Reimagine today."

The approximately 15-second video also offers a glimpse of the DeLorean's iconic gull-wing doors and includes several search-friendly hashtags, but beyond this, nothing else is revealed about the car. It's unclear how close the new electric vehicle (EV) DeLorean will stick to the original car's design, but based on this short teaser, it seems to be a more modern take on the iconic car's blocky design.

The new DeLorean is set to be revealed at some point in 2022.

https://twitter.com/deloreanmotorco/status/1492922696094519296?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1492922696094519296%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.ign.com%2Farticles%2Fdelorean-return-back-to-the-future

The original DeLorean was sold between 1981 and 1982. Along with its unique design, the $25,000 USD (roughly $31,000 CAD) -- equivalent to $71,000 USD (about $90,000 CAD) as of 2020 -- car is best known for being a very underpowered vehicle. The original DeLorean Motor Company shuttered operations back in 1982.

Most likely know the original DeLorean from Robert Zemeckis' Back to the Future film franchise, which released several years after the car's demise in 1985.

It's unclear if Back to the Future is also getting a remake to go alongside the new DeLorean EV.

Image credit: @deloreanmotorco

Source: @deloreanmotorco

The ability to post to my site using a personal Micropub client is greatly reducing the friction I feel when posting something. Whether it is posting from my Obsidian notes, or responding directly from within my feed reader, it all goes very smoothly. As a consequence I found myself thinking about how to increase the scope of things where my micropub client can be useful: adding other websites to it, such as my company’s website.

I added a selector to my micropub client, which determines which website it will submit the posting to. That means I can now post to my blog, my company’s website, indiewebcamp.nl and others, also directly from my feedreader and my Obsidian notes etc.

(also posted to Indienews)