The Monday Project Meeting
The Week in Review is our weekly roundup of what’s new in open science from the past week. If you have news or announcements you’d like passed on to the community, be sure to share on Twitter with @mozillascience and @billdoesphysics, or join our mailing list and get in touch there.Blogs & Articles
- Erin McKiernan put the call out on Twitter last week for examples of collaborations arising from open science & open data, and got a great spectrum (from worm simulations to text mining Phillip K. Dick) of responses; see her summary here.
- Hackaday interviewed Charles Fracchia of the MIT Media Lab on the need and impact of open hardware in open science. Fracchia makes the observation that reproducibility is well-served by distributing standardized data collection hardware that can be deployed in many labs & conditions.
- Figshare blogged recently about decisions taken by the US Health & Human Services department obliging its operating divisions to make government funded research data available to the public.
- Jonathan Rochkind blogged on the general unusability of institutional library paywall & login systems, and discusses potential solutions in the form of LibX, bookmarklets and Zotero & co.
- Nature Biotechnology is engaging in more proactive editorial oversight to ensure the reproducibility of the computational studies it publishes, by way of ensuring the availability of relevant research objects.
- Shoaib Sufi blogged for the Software Sustainability Institute on their recent Collaborations Workshop 2015. In it, Sufi highlights some of the trends emerging in the conversation around developing research software, including the cultural battle in research with imposter phenomenon (see also our recent article on this matter), and the rising profile of containerization as a fundamental tool for reproducible research.
- OpenCon 2015 has been announced for 14-16 November, in Brussels, Belgium. From the conference’s website, ‘the event will bring together students and early career academic professionals from across the world to learn about the issues, develop critical skills, and return home ready to catalyze action toward a more open system for sharing the world’s information — from scholarly and scientific research, to educational materials, to digital data.‘ Applications for OpenCon open on 1 June; updates are available from their mailing list. Also, here’s Erin McKiernan’s thoughts on OpenCon 2014.
- Jake VanderPlas gave a great talk on Fast Numerical Computing with NumPy at PyCon 2015 on Friday.
- The European Space Agency is organizing a conference entitled Earth Observation Science 2.0 at ESRIN, Frascati, Italy, on 12-14 October. Topics include open science & data, citizen science, data visualization and data science as they pertain to earth observation; submissions are open until 15 May.
- The French National Natural History Museum is planning three open forums on biodiversity, designed to collect broad-based input to inform the theme and goals of a forthcoming observatory. The project extends the principles of citizen science to include the public in the discussion surrounding not just data collection, but scientific program design.
- Harvard’s Dataverse.org project has made CC0 the default license for all data deposited therein in their version 4.0, citing the license’s familiarity to the open data community.
- The US Federal government’s open data portal, data.gov, has created a new theme section highlighting climate & human health data. From their website, ‘The Human Health Theme section allows users to access data, information, and decision tools describing and analyzing climate change impacts on public health. Extreme heat and precipitation, air pollution, diseases carried by vectors, and food and water-borne illnesses are just some of the topics addressed in these resources.‘
- GitHub is inviting users to participate in a test of their forthcoming support for the new Git large file storage extension to the popular version control system.
- The Ocean Observation Initiative, a multi-site array of heavily instrumented underwater observatories, is set to come on-line in June. Data from the OOI is slated for open access distribution.
I love finding new extensions that do things I never even thought to search for. One of the best ways to find them is through word of mouth. In this case, I guess you can call it “word of blog”. I’m doing a series of blog posts about the extensions I use, and maybe you’ll see one that you want to use.
My previous posts have been about:
For this blog post, I’ll talk about Keyword Search.
In Firefox, whenever you do a web search from the location bar, it will use the same search engine as in the search bar. Keyword Search allows you to use a separate search engine for location bar web searches. This is really helpful to people like me who mainly use one search engine (for basic web searches) and others for content-specific use cases.
To set your location bar search engine, go to the add-ons manager.
- Beside “Keyword Search“, click Preferences.
- Beside “Keyword Search Engine“, select the search engine you want to use.
You can install it via the Mozilla Add-ons site.
Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Send me an email! Want to get involved? We love contributions.
Now you can follow breaking changes as they happen!Breaking Changes
- Set CLOEXEC for all fds on Unix by default
- Convert lifetime shadowing into a hard error
- Use discriminant_value intrinsic for derive(PartialOrd)
- Phil Dawes refactored a bunch of the parser to return Result insteadof panicking
- Implemented remaining string pattern API
- Implement reentrant mutexes and make stdio use them
- Prefer ObjectCandidate to ImplCandidate if both apply
- Michael Sproul added some more extended errors and improved their display
- Implement io::Seek on BufReader and BufWriter
- Allow plugins to register LLVM passes
- Stabilize clone_from
- Stabilize Error::from_raw_os_error
- Ben Ashford
- Christopher Chambers
- Dominick Allen
- Hajime Morrita
- Igor Strebezhev
- Josh Triplett
- Luke Gallagher
- Michael Alexander
- Michael Macias
- Remi Rampin
- Sean Bowe
- Tibor Benke
- Will Hipschman
- Xue Fuqiao
- RFC 218: Empty struct with braces
- RFC 639: discriminant_value intrinsic
- RFC 888: Compiler fences
- RFC 911: Const functions and inherent methods
- Expand the scope of std::fs
- Rename soft_link to symlink
- Clarify cast rules, especially regarding fat pointers
- Rename or replace str::words
- Redirecting stdio of child processes to open file handles
- Add Sync to io::Error
- Replace tail/init
- Fearless concurrency with Rust
- Featherweight musings: arrays and vectors in Rust.
- Newcomer to Rust: my experience
- Memcpy is backwards. There was a big silently-breaking change to copy_memory right before the beta.
- Bay Area Rust Meetup: Data Science. Video from the SF meetup.
- Weekly-meetings/2015-04-07: beta, abs, rustdoc, wiki, docs
- Steve Klabnik and Yehuda Katz talk about Rust on The Changelog #151
- Aaron Turon's Stanford talk (video).
- A page of useful links for new contributors.
- Racer progress update 5 (cargo support).
- multirust. The Rust toolchain manager, updated with new features and bugfixes.
- reforge. A multiplayer sandbox space combat MMO.
- The Hat Backup System.
- Piston 1.0 is released.
- gag. Redirect stderr/stdout.
- afl.rs. Integrating American Fuzzy-Lop with Rust.
- hyper on beta.
- Raft: Small status update.
- This Week in Servo 30.
- A Chef comunity cookbook for Rust.
- A Docker image for Rust.
- Rust_Classifier. A naive Bayes classifier.
- Pool. A pool for reusable values, from carllerche.
- ggp-rs. A library for General Game Playing.
- timer. A timer to make up for the lack of one in std.
- retry. Retry an operation until a condition is satisfied.
- query_rs. LINQ-like macros.
- analit. 'Analog' literals for geometric types.
- Google APIs for Rust - Dev Diary #1: How to write 78 APIs in 5s (video).
- All crates of the RustAudio project work with beta.
- eventual_io. Async I/O with mio and eventual.
- serde, the serialization library, is beta-compatible.
- nickel, the web framework, is on crates.io.
- coroutine-rs. Coroutines.
- rust-sdl2 is beta-compatible.
Thanks to BurntSushi for the tip. Submit your quotes for next week!.
Two more security notes.
First, as a followup, a couple of you pointed out that there is a writeconfig on 10.4 through 10.6 (and actually earlier) in /System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources. Yes, there is, and it's even setuid root (I wish Apple wouldn't do that). However, it is not exploitable, at least not by systemsetupusthebomb or a similar notion, because it appears to lack the functionality required for that sort of attack. I should have mentioned this in my prior posting.
Second, Darwin Nuke is now making the rounds, similar to the old WinNuke which plagued early versions of Windows until it was corrected in the Windows 95 days in that you can send a specially crafted packet to an OS X machine and kernel panic it. It's not as easy as WinNuke was, though -- that was as simple as opening a TCP connection to port 139 on the victim machine and sending it nonsense data with the Urgent Pointer flag set in the TCP header. Anyone could do that with a modified Telnet client, for example, and there were many fire-and-forget tools that were even easier. Unless you specifically blocked such connections on ingress, and many home users and quite a few business networks didn't at the time, WinNuke was a great means to ruin someone's day. (I may or may not have done this from my Power Mac 7300 a couple times to kick annoying people off IRC. Maybe.)
Darwin Nuke, on the other hand, requires you to send a specially crafted invalid ICMP packet. This is somewhat harder to trigger remotely as many firewalls and routers will drop this sort of malformed network traffic, so it's more of a threat on an unprotected LAN. Nevertheless, an attacker with a raw socket interface can engineer and transmit such packets, and the technical knowledge required is relatively commonplace.
That said, even on my test network I'm having great difficulty triggering this against the Power Macs; I have not yet been able to do so. It is also not clear if the built-in firewall protects against this attack, though the level at which the attack exists suggests to me it does not. However, the faulty code is indeed in the 10.4 kernel source, so if it's there and in 10.10, it is undoubtedly in 10.5 and 10.6 as well. For that reason, I must conclude that Power Macs are vulnerable. If your hardware (or non-OS X) firewall or router supports it, blocking incoming ICMP will protect you from the very small risk of being hit at the cost of preventing pings and traceroutes into your network (but this is probably what you want anyway).
Even if you do get nailed, the good news (sort of) is that your computer can't be hacked by this method that anyone is aware of; it's a Denial of Service attack, you'll lose your work, you may need to repair the filesystem if it does so at a bad time and that sucks, but it doesn't compromise the machine otherwise. And, because this is in open source kernel code, it should be possible to design a fix and build a new kernel if the problem turns out to be easier to exploit than it appears currently. (Please note I'm not volunteering, at least, not yet.)
So, you can all get out of your fridges now, mmkay?
10.4Fx 38 and IonPower update: 50% of V8 passes and I'm about 20% into the test suite. Right now wrestling with a strange bug with return values in nested calls, but while IonPower progress is slow, it's progress!
This is a report about the Mozilla March IRC Meeting (see the announcement here). The topics of the meeting can be found in this PAD (local copy of the PAD) and the IRC log (local copy of the IRC log) is also available.