Apple totally screwed up SSL with a fundamental bug in their certificate checking implementation in both MacOS 10.9 and iOS 7. Every consumer iPhone, iPad, and Macintosh running recent versions of their OS is vulnerable. My understanding is SSL certificate checking basically does not work and any secure site can be spoofed with a man-in-the-middle attack. It’s about as deep a flaw as it goes. There’s a patch for iOS out but not yet for MacOS. You can test if a browser is vulnerable here.
The bug boils down to a simple typo in the code, the good ol’ C gotcha that indentation doesn’t match control flow. Bugs like that happen in C. What’s alarming is Apple didn’t catch the bug; not with a lint tool, not in code review, not in unit testing, not in integration testing. No aspect of Apple’s software development process caught this bug before releasing it to millions of users. That’s terrible engineering practice; in a critical security library it’s outright negligence.
At the moment MacOS users are entirely vulnerable and there’s no fix. In the past Apple has taken many weeks to fix critical bugs in things like Java, hopefully they’ll be faster here. Using Chrome instead of Safari will insulate you from malicious web servers, Chrome wisely has its own SSL implementation. But a whole lot of other Mac software is relying on the broken certificate library, presumably including Apple’s own software update system.
Nice of Apple to publish the exploit before the fix.
Above is the forecast for near Grass Valley, CA for the next two days. Time goes from left to right, each row is for a different sky condition: cloud cover, transparency, seeing, and darkness. Also the temperature, humidity, and wind for your backyard comfort. See the legend for details, but basically dark blue is good. Once you learn to read this presentation you can quickly tell if it’s likely to be a good night to look at stars in thousands of locations. Looks like it'll be clear but relatively poor tonight.
These charts are derived from a more traditional map forecast prepared by the Canadian Meteorological Center. Their site shows you maps of things like cloud cover by the hour. The Clear Dark Sky site basically samples the pixels at a specific location and displays the time series as a strip chart. Simple and useful. The mysterious seeing forecast is particularly idiosyncratic to astronomy, an experimental forecast of how bad atmospheric distortion is likely to be.
I’m about to go to Bali, home to Gamelan, one of the most interesting musical traditions in the world. Equal parts rhythmic and melodic, amazing harmony and counterpoint, and an interesting participatory music culture playing one-of-a-kind musical instrument ensembles. I’m fortunate enough to have a friend who has studied gamelan in Bali. Here's what Chris wrote me as on what I may hear when I visit. (He also gave me a copy of A House in Bali, a 1947 book about a Canadian musician who went to Bali to study.)
Most all links to video or music files, give it a listen!
Style: Gamelan “Gong Kebyar”
This is the style that is most associated with Balinese gamelan today. It’s a style that came into its own in the early 1900s-1930s, evolving away from the slower Javanese-style court gamelan that preceded it. A hallmark characteristic of this virtuosic style is the “kotekan”, or interlocking wherein different players each play one half of the melody at high speed and it’s which are zippered together at high speed (example here). It is also quite often accompanied by dance.
Jagra Parwata: This is a virtuosic gong kebyar piece, one of my favorites. I believe it won the All-Bali competition about ten years ago. It’s also the first piece I ever learned to play on Gamelan – a true “trial by fire”. Note the loose interpretation of time; it changes tempos both languidly and abruptly. This is a classic aspect of gong kebyar.
Taruna Jaya: This is the most famous of the gong kebyar dance pieces, created around 1950. For a Balinese female dancer, this is the single most important piece and is used as a required dance to judge the All-Bali competition. Taruna Jaya stands for “victorious youth”, and is intended to convey the wide range of emotions of an impetuous youthful princess. It is danced by a young girl who (as it was described to me by my Balinese teachers) is pretending to be a young man pretending to be a young girl. There’s a good description here. Carefully controlled, intense eye and finger movement are the hallmarks of this piece, and much of Balinese dance. The dance requires so much energy that most Taruna Jaya dancers peak out at around 15 years of age.
Style: Gamelan “Gender Wayang”
This is a ceremonial form of gamelan, used for religious ceremonies (weddings, tooth filings, etc) and also puppet shows. As opposed to gong kebyar, this style is played with either two or four players who sit facing each other, each side playing one half of the melody in a fashion similar to the gong kebyar kotekans.
Here’s a video from someone playing at a local temple festival. Here’s another video of someone practicing his half of the ankat ankatan melody at about half speed; it gives you a good idea of how both hands work together and how half of the melody sounds. This song is the first one I learned on the gender wayang, because it’s pretty simple and repetitive. It translates to “walking music” and is used as filler during the parts of the puppet shows when the characters are supposed to be “walking around on a long journey”.
Gending Rebong: This is a song used during puppet shows when two characters are expressing their love for each other.
This is a marching form of gamelan. You will see this in parades and cremation ceremonies. It has all the elements of gong kebyar but is much simpler and more repetitive and is easy enough that every villager learns a couple belaganjur patterns so they can take part in ceremonies for members of their village. In that sense it’s the form of gamelan that most non-musician villagers take part in at least once or twice a year.
The Belaganjur of group Jaya Sakti: I don’t think this even has a formal name, but it’s the most awesome belaganjur I’ve ever heard. I love how it starts out incredibly simple and, simply through tempo change along, seems to transform from something calm and relaxing into something violent and exciting, and then back again. If this doesn’t make you want to march, nothing will.
The “angry rainbow” palette is the colors you get when you set saturation and value to 100% and then spin the hue wheel. From bright red #ff0000, briefly through yellow, a long linger in #00ff00 green, longer still around dark blue #0000ff, and finally back to red via an eye-searing trip through purple. The term “angry rainbow” isn’t in common usage but I’m doing my best to spread it. I got the term from someone else, maybe another student at the MIT Media Lab? (See also: angry fruit salad).
The angry rainbow is always the wrong palette for data visualization. It’s too bright, too colorful, and too reliant on non-uniform hue discrimination. But it pops up all the time, from random weather maps to heatmap examples to NYTimes work sketches. It seems to be the default palette for various visualization tools, no doubt because it’s easy to generate in software. I’ve certainly been guilty of using it myself, somehow it’s always at my fingertips.
So what’s a better choice? Honestly, almost anything. Even knocking saturation and value down to about 80% gives a more pleasing result. If you have continuous data try plotting it with varying brightness instead of hue, or narrowing down to a red/blue color ramp (properly interpolated) instead of the full rainbow. if you want to do it right consider a ColorBrewer scale; the D3js implementation is a fine place to start. If you roll your own palette, work with colors that are not fully saturated and not fully bright. Think carefully about whether hue is really the thing you want to vary.
Angry Rainbow Dash by Uxyd
Above is a graph of League of Legends viewers of the 4 LCS tournament games on Super Bowl Sunday. (I made the graph from Twitch’s published data; there are viewers on other services, but Twitch is the majority.) About 230,000 people were watching on Twitch, a typical day for LCS. The surprise is viewership peaked at 286,000 for the last game at 4pm, half an hour after the Super Bowl started. No noticeable viewer falloff at the 3:30pm kickoff either; just the usual slump after the previous match ended.
Why didn’t the Super Bowl cut into the League of Legends audience? It helped that the final game was an anticipated matchup between two of the best teams with a strong fan base. The stereotypical gamer nerd is not a sport fan, so maybe there was no conflict. On Reddit people noted that a lot of LoL fans are Europeans not interested in the Super Bowl. (There’s an enormous Asian audience too.) Some folks said they’d just watch both at the same time.
I’ve come to really enjoy watching League of Legends tournaments. It’s an enormously popular game, 27 million people play daily and 32 million (8.5M peak) watched last season’s championship. Riot Games has invested heavily in making the game into a sports event. The broadcasts are a lot of fun to watch with smart announcers, good storytelling, and exciting gameplay. I’ve generally been a skeptic that eSports would become a phenomenon but League of Legends is winning me over.
If you’ve never watched LoL before, yesterday’s TSM v C9 game was pretty good. The whole 44 minute broadcast is worth watching but here’s a 5 minute highlight reel. The game is a bit complicated but basically it’s two teams of five players fighting to control the map. Here’s an overview of the game with a lot more detail. Lots more recorded games on /r/LoLeventVoDs.