Craig Maloney

Just another Linux / Ubuntu / Python hacker. Host of and co-host of

  • Christopher Allan Webber at 2017-05-08T21:53:54Z

    My short autobiography: "eternally on the losing end of the worse is better debate"

    Craig Maloney, Charles ☕ Stanhope likes this.

  • Christopher Allan Webber at 2017-05-09T03:05:22Z

    Sometimes when you stare into the abyss, the abyss just kills your best character in Dungeon Crawl Stone Soup.

    Craig Maloney, Elena ``of Valhalla'', Claes Wallin (韋嘉誠) likes this.

  • Christopher Allan Webber at 2017-05-03T18:36:08Z

    Removing items from my agenada like a boss.

    Actually I'm just removing due dates and tagging with "reschedule" like a wimp.

    Claes Wallin (韋嘉誠), Diane Trout, Craig Maloney likes this.

    Show all 6 replies

    My agenda is more like a switchable list of possible tasks.

    I have it divided in two groups of tasks: hard and soft. Any of the tasks can have dates or times (be it schedule, deadline, or simply reference of "good for" that date), but the general rule is to avoid using dates and times.

    Hard group is for things that don't repeat daily or that there is a penalty for missing it.

    Soft group is for things that repeat daily or that I can make up for the days missed in the next successful completion without prejudice of losing "uniqueness" from the previous misses.

    From this list I cycle through items by doing one from each group every 30min, starting from the group of hard tasks. Doing breaks of 5min for each task, and of 15min for each four tasks.

    Also, I avoid picking tasks that have an action in common to the one I'm currently doing. For example, if I must write an important message now, then the next task musn't involve writing.

    Adonay Felipe Nogueira at 2017-05-04T22:05:19Z

    Example of losing "uniqueness" would be a class that I must attend. It repeats daily, but it's a hard task due to uniqueness.

    Adonay Felipe Nogueira at 2017-05-04T22:08:19Z

    @ Adonay Felipe Noguera: Do you use a paper agenda, software?

    hammerron at 2017-05-05T14:39:59Z

    I use GNU Emacs Org mode. :)

    Adonay Felipe Nogueira at 2017-05-13T15:00:08Z

  • JanKusanagi at 2017-04-25T08:51:06Z

    >> Craig Maloney:

    “[...] Eterno vazio by Vazio from Vazio [...]”


    Craig Maloney likes this.

  • HERE WE GO...

    Stephen Michael Kellat at 2017-04-25T02:25:07Z

    Clock is running:

    If the US Congress doesn't figure things out before then, I get to be sent home on Leave Without Pay indefinitely as there won't be legal authority under Article I, Section 9, Clause 7 of the federal constitution to pay most anybody. The Department of Veterans Affairs and military construction projects are exempt from this as they already have full appropriations passed for the entirety of Fiscal Year 2017. The rest of the federal government does not.

    Yes, this will indirectly impact @Stephen Sekula as grant disbursements may stop if not already made to his employing institution. In my case, I lose my job for a period of time. Unlike the rest of the government which basically spends money, my job is part of the agency that brings in 92% of the gross so the other agencies have something to spend.

    Circumstances are a bit different this time as we basically have a madman in the White House. Riding 4 casinos into bankruptcy takes a special kind of person. He's already trying to wheel and deal on the budget for the remaining months of FY2017 and the last words from congressional negotiations being reported is that the bill being developed is kinda sorta a bit of a steaming pile of diseased goat turds. While there is happy talk of a shutdown not being expected by anybody, that's merely happy talk.

    In the end, only one thing matters. A bill being based by both the House of Representatives and the Senate in the same form that is presented to the President that is signed by him into law. You can be as positive as you want about negotiations, give happy talk to the media, and say all is well publicly. None of that meets the requirement of Article I, Section 9, Clause 7 of the federal constitution to pay the bills, dang it.

    Claes Wallin (韋嘉誠), Craig Maloney likes this.

    Thanks for your perspectives on all this, Stephen.

    Indeed, I can confirm that the entirety of US particle physics will grind to something of a halt if the Congress fails to ocntinue funding this year, or if the President vetos the funding and the Congress cannot override the veto. However, the money for our present grant year has already been dispersed to SMU (that happened just ahead of the start of our grant cycle, which is currently April 1, 2017 - March 30, 2018. So we can continue to pay people, etc.

    But the national laboratories, on which we depend for nearly ALL infrastructure (engineering, construction, testing, design, fabrication, and yes, even physics analysis tools like supercomputer clusters, and scientists who do research) will suffer. They will shutdown, or furlough people, or both, until the budget is resolved. So SMU will soldier on because the US DOE has already provided the funds for our "base grant" (basic spending on student, post-doc, scientist, and faculty summer salaries, as well as some travel) to spend for our grant cycle; but nearly everything else will grind to a halt. And, to add to this, any institution that HASN'T obtained its grant dispersement for the year will have no money if their fiscal year begins during the shutdown.

    So.... yeah... this is all very scary.

    Stephen Sekula at 2017-04-25T08:34:54Z

    Claes Wallin (韋嘉誠) likes this.'s own Even Stephen duo!

    Claes Wallin (韋嘉誠) at 2017-04-25T10:59:14Z

    Stephen Sekula likes this.

    Here are some arguments against the budget ceiling from Univ Kansas City MO, MMT/Modern Money theory:

    Intro/Promo/Wrapper for MMT

    cjiljdw at 2017-04-25T11:03:42Z

  • Christopher Allan Webber at 2017-04-21T21:36:32Z

    I finally sent Evan Prodromou the state of Pubstrate / ActivityPub tests

    Also now here's a HACKING file

    Time for some slacking and then more hacking

    der.hans, Craig Maloney, Claes Wallin (韋嘉誠) likes this.

    Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠) shared this.

  • Greg Grossmeier at 2017-04-16T21:56:42Z

    Why are people unfollowing me here?

    Craig Maloney, Christopher Allan Webber likes this.

    People, plural?

    I only know of one user who was "spring cleaning" =)

    JanKusanagi at 2017-04-16T22:05:45Z

    I unfollowed you only so I could follow you again

    Christopher Allan Webber at 2017-04-16T22:45:36Z

  • Christopher Allan Webber at 2017-04-17T00:00:59Z

    Despite feeling tired this morning, I'm feeling great now. Having the windows open and the breeze flowing through my office helped.

    (And so did that can of Tab.)

    Craig Maloney likes this.

    Glad you're feeling better and wow - I've not heard of Tab in ages.

    Jason Self at 2017-04-17T00:32:11Z

    Christopher Allan Webber likes this.

  • Muddy foundations

    Christopher Allan Webber at 2017-04-14T20:14:21Z

    So don't worry, ActivityPub's test suite isn't a MUD, despite me making that joke-threat.

    And yet it's using a bunch of the stuff from Mudsync (which you can see a demo of on the video on the 8sync homepage) so while it's not a MUD, it is using some of that as a foundation, har har har har har.

    Don't worry, input'ing things does not resemble a text adventure, as tempting as that was. But imagine the future that could have been:

    the computer prints out 'what is the name of your implementation'
    > input Pubstrate onto computer
    computer: Now running tests for 'Pubstrate onto computer'
    > No that's not what I wanted aughhhh
    Sorry, I don't know how to No that's not what I wanted aughhhh

    Craig Maloney, Claes Wallin (韋嘉誠), Clacke moved to and likes this.

    Clacke moved to and shared this.

    I don't see any reason not to use MUD text in your test cases though... ;)

    Diane Trout at 2017-04-14T21:36:46Z

    Claes Wallin (韋嘉誠), Christopher Allan Webber likes this.

    >> Diane Trout:

    “I don't see any reason not to use MUD text in your test cases though... ;)”

    Yep, just like the Romeo and Juliette theme is used in XMPP XEPs =)

    JanKusanagi at 2017-04-14T21:41:50Z alright, but for next April 1 I hope to see an announcement and initial implementation of the Full MUD Test Suite

    Kevin Everets at 2017-04-15T11:38:47Z

    Claes Wallin (韋嘉誠), Clacke moved to and, Christopher Allan Webber likes this.

    All jokes aside, that kind of reuse is pretty cool.

    Claes Wallin (韋嘉誠) at 2017-04-15T14:32:12Z

  • Christopher Allan Webber at 2017-04-14T22:52:08Z

    Maybe it's also important to keep in context that the original Charging Bull piece was guerilla art...

    Craig Maloney, Charles ☕ Stanhope likes this.

    Charles ☕ Stanhope shared this.

    I hope you don't mind that I boosted this. I didn't know about the history of the piece, and I thought others might be interested too.

    Charles ☕ Stanhope at 2017-04-14T23:43:29Z

    Christopher Allan Webber likes this.

    I don't mind (am entertained by using "boost")

    Christopher Allan Webber at 2017-04-14T23:47:13Z

    I haven't joined a mastodon node yet, but apparently the nomenclature has rubbed off already.

    Charles ☕ Stanhope at 2017-04-15T01:14:04Z It also got moved from where they originally placed it.

    Nathan Willis at 2017-04-15T08:01:13Z

  • meta-painting

    Christopher Allan Webber at 2017-04-15T02:46:22Z

    Wow, thanks WIkipedia Picture of the Day for introducing me to The Tribuna of the Uffizi, an incredible meta-painting if there ever was one.

    nukem, Craig Maloney, Jason Self likes this.

  • Mastodon

    Christopher Allan Webber at 2017-04-09T21:39:54Z

    I gotta say, I'm liking the interface of Mastodon. I never tried Tweetdeck, I guess it's based off of that.

    But I also appreciate the energy; conversations are happening quickly, and it feels a lot more like oldschool I guess that's literally true in the underlying tech decision to use ostatus, and thus probably also means connecting to many people who never left that segment of the fediverse.

    Some good conversations there today about maybe Mastodon using the ActivityPub standard maybe

    Clacke moved to and, ostfriesenmärz, Craig Maloney, mray likes this.

  • Charles ☕ Stanhope at 2017-04-07T18:37:30Z

    Having been on both sides of this (I once endured an interview that was ~8 hours with half of that being white boarding exercises), I don't think there is much value in live coding or white boarding. By the time you bring the candidate in to do that, you probably have a good idea that they are capable of programming. Yet we persist in these exercises for apparently a lack of better ideas. I feel your pain...

    Scott Sweeny, Craig Maloney, Christopher Allan Webber likes this.

  • RIP Daniel Bobrow

    Christopher Allan Webber at 2017-04-05T22:04:26Z

    Sad to hear that Daniel Bobrow has passed away. I never met Bobrow, but he's one of those people whom I've read about and have just been blown away by how much they've done. Some incredible things he did:

    • Was one of the original authors of LOGO
    • Worked on many cool lisps, including Interlisp and BBN Lisp
    • Wrote STUDENT, one of the big breakthrough AI programs
    • Worked on the TENEX operating system
    • Worked on the Common Lisp Object Standard, CLOS

    I loved watching the video of him talking about CLOS, both for the content, and for the entertaining clarity and crispness of his presentation style.

    Thanks for all you did, Bobrow. Best wishes to your family.

    Claes Wallin (韋嘉誠), Craig Maloney likes this.

    Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠) shared this.

    Oh, LOGO... one of the very first things I ever knew in CS.


    JanKusanagi at 2017-04-05T22:37:02Z

  • Possible routes for distributed anti-abuse systems

    Christopher Allan Webber at 2017-04-04T21:30:34Z

    Also on my blog

    I work on federated standards and systems, particularly ActivityPub. Of course, if you work on this stuff, every now and then the question of "how do you deal with abuse?" very rightly comes up. Most recently Mastadon has gotten some attention, which is great! But of course, people are raising the question, can federation systems really protect people from abuse? (It's not the first time to come up either; at LibrePlanet in 2015 a number of us held a "social justice for federated free software systems" dinner and were discussing things then.) It's an important question to ask, and I'm afraid the answer is, "not reliably yet". But in this blogpost I hope to show that there may be some hope for the future.

    A few things I think you want out of such a system:

    • It should actually be decentralized. It's possible to run a mega-node that everyone screens their content against, but then what's the point?
    • The most important thing is for the system to prevent attackers from being able to deliver hateful content. An attack in a social system means getting your message across, so that's what we don't want to happen.
    • But who are we protecting, and against what? It's difficult to know, because even very progressive groups often don't anticipate who they need to protect; "social justice" groups of the past are often exclusionary against other groups until they find out they need to be otherwise (eg in each of these important social movements, some prominent members have had problems including other social justice groups: racist sufferagists, civil rights activists exclusionary against gay and lesbian groups, gay and lesbian groups exclusionary against transgender individuals...). The point is: if we haven't gotten it all right in the past, we might not get it all right in the present, so the most important thing is to allow communities to protect themselves from hate.

    Of course, keep in mind that no technology system is going to be perfect; these are all mitigators. But what technical decisions you make do also affect who is empowered in a system, so it's also still important to work on these, though none of them are panaceas.

    With those core bits down, what strategies are available? There are a few I've been paying close attention to (keep in mind that I am an expert in zero of these routes at present):

    • Federated Blocklists: The easiest "starter" route. And good news! If you're using the ActivityPub standard, there's already a Block activity, and you could build up group-moderated collections of people to block. A decent first step, but I don't think it gets you very far; for one thing, being the maintainer of a public blocklist is a risky activity; trolls might use that information to attack you. That and merging/squashing blocklists might be awkward in this system.
    • Federated reputation systems: You could also take it a step further by using something like the Stellar consensus protocol (more info in paper form or even a graphic novel). Stellar is a cryptographically signed ledger. Okay, yes, that makes it a kind of blockchain, but it's not necessarily restricted to use of cryptocurrencies... you can track any kinds of transactions with it. Which means we could also track blocklists, or even less binary reputation systems! But what's most interesting about Stellar is that it's also federated... and in this case, federation means you can choose what groups you trust... but due to math'y concepts that I occasionally totally get upon being explained to me and then forget the moment someone asks me to explain to someone else, consensus is still enforced within the "slices" of groups you are following. You can imagine maybe the needs of an LGBT community and a Furry community might overlap, but they might not be the same, and maybe you'd be subscribed to just one or both, or neither. Or pick your other social groups, go wild. That said, I'm not sure how to make these "transactions" not public in this system, so it's very out there in the open, but since there's a voting system built-in maybe particular individuals won't be as liable for being attacked as individuals maintaining a blocklist are. Introducing a sliding-scale "social reputation system" may also introduce other dangerous problems, though I think Stellar's design is probably the least dangerous of all of these since it probably will still keep abusers out of a particular targeted group, but will allow marginalized-but-not-recognized-by-larger groups still avenues to set up their own slices as well.
    • "Charging" for disributing messages: Hoo boy, this one's going to be controvercial! This was suggested to me by someone smart in the whole distributed technology space. It's not necessarily what we would normally consider real money that would be charged to distribute things... it could be a kind of "whuffie" cryptocurrency that you have to pay. Well the upside to this is it would keep low-funded abusers out of a system... the downside is that you've now basically powered your decentralized social network through pay-to-play capitalism. Unfortunately, even if the cryptocurrency is just some "social media fun money", imaginary currencies have a way of turning into real currencies; see paying for in-game currency in any massively multiplayer game ever. I don't think this gives us the power dynamics we want in our system, but it's worth noting that "it's one way to do it"... with serious side effects.
    • Web of trust / Friend of a Friend networks: Well researched in crypto systems, though nobody's built really good UIs for them. Still, a lot of potential if the system was somehow made friendly and didn't require showing up to a nerd-heavy "keysigning party"... if the system could have marking who you trust and who you don't (and not just as in terms of verifying keys) built as an elegant part of the UI, then yes I think this could be a good component for recognizing who you might allow to send you messages. There are also risks in having these associations be completely public, though I think web of trust systems don't necessarily have to be public... you can recurse outward from the individuals you do already know.
    • Distributed recommendation systems: Think of recommender systems in (sorry for the centralized system references) Amazon, Netflix, or any of the major social networks (Twitter, Facebook, etc). Is there a way to tell if someone or some message may be relevant to you, depending on who else you follow? Almost nobody seems to be doing research here, but not quite nobody; here's one paper: Collaborative Filtering with Privacy. Would it work? I have no idea, but the paper's title sure sounds compelling.
    • Good ol' basyesian filtering: Unfortunately, I think that there's too many side channels for attacks for just processing a message's statistical contents to be good enough, though I think it's probably a good component of an anti-abuse system. In fact, maybe we should be talking about solutions that can use multiple components, and be very adaptive...
    • Distributed machine learning sets: Probably way too computationally expensive to run in a decentralized network, but maybe I'm wrong. Maybe this can be done in a the right way, but I get the impression that without the training dataset it's probably not useful? Prove me wrong! But I also just don't know enough about machine learning. Has the right property of being adaptive, though.
    • Genetic programs: Okay, I hear you saying, "what?? genetic programming?? as in programs that evolve?" It's a field of study that has quite a bit of research behind it, but very little application in the real world... but it might be a good basis for filtering systems in a federated network (I'm beginning to explore this but I have no idea if it will bear fruit). Programs might evolve on your machine and mine which adapt to the changing nature of social attacks. And best of all, in a distributed network, we might be able to send our genetic anti-abuse programs to each other... and they could breed and make new anti-abuse baby programs! However, for this to work the programs would have to carry part of the information of their "experiences" from parent to child. After all, a program isn't going to very likely randomly bump into finding out that a hateful group has started using "cuck" as a slur. But programs keep information around while they run, and it's possible that parent programs could teach wordlists and other information to their children, or to other programs. And if you already have a trust network, your programs could propagate their techniques and information with each other. (There's a risk of a side channel attack though: you might be able to find some of the content of information sent/received by checking the wordlists or etc being passed around by these programs.) (You'd definitely want your programs sandboxed if you took this route, and I think it would be good for filtering only... if you expose output methods, your programs might start talking on the network, and who knows what would happen!) One big upside to this is that if it worked, it should work in a distributed system... you're effectively occasionally bringing the anti-abuse hamster cages together now and then. However, you do get into an ontology problem... if these programs are making up wordlists and binding them to generated symbols, you're effectively generating a new language. That's not too far from human-generated language, and so at that point you're talking about a computer-generated natural language... but I think there may be evolutionary incentive to agree upon terms. Setting up the "fitness" of the program (same with the machine learning route) would also have to involve determining what filtering is useful / isn't useful to the user of the program, and that's a whole challenging problem domain of its own (though you could start with just manually marking correct/incorrect the way people train their spam filters with spam/ham). But... okay by now this sounds pretty far-fetched, I know, but I think it has some promise... I'm beginning to explore it with a derivative of some of the ideas from PushGP. I'm not sure if any of these ideas will work but I think this is both the most entertainingly exciting and crazy at the same time. (On another side, I also think there's an untapped potential for roguelike AI that's driven by genetic algorithms...) There's definitely one huge downside to this though, even if it was effective (the same problem machine learning groups have)... the programs would be nearly unreadable to humans! Would this really be the only source of information you'd want to trust?
    • Expert / constraint based systems: Everyone's super into "machine learning" based systems right now, but it's hard to tell what on earth those systems are doing, even when their results are impressive (not far off from genetic algorithms, as above! but genetic algorithms may not require the same crazy large centralized datasets that machine learning systems tend to). Luckily there's a whole other branch of AI involving "expert systems" and "symbolic reasoning" and etc. The most promising of these I think is the propagator model by Sussman / Radul / and many others (if you've seen the constraint system in SICP, this is a grandchild of that design). One interesting thing about the propagator model is that it can come to conclusions from exploring many different sources, and it can tell you how it came to those conclusions. These systems are incredible and under-explored, though there's a catch: usually they're hand-wired, or the rules are added manually (which is partly how you can tell where the conclusions came from, since the symbols for those sources may be labeled by a human... but who knows, maybe there's a way to map a machines concept of some term to a human's anyway). I think this won't probably be adaptive enough for the fast-changing world of different attack structures... but! but! we've explored a lot of other ideas above, and maybe you have some combination of a reputation system, and a genetic programming system, and etc, and this branch of study could be a great route to glue those very differing systems together and get a sense of what may be safe / unsafe from different sources... and at least understand how each source, on its macro level, contributed to a conclusion about whether or not to trust a message or individual.

    Okay, well that's it I think! Those are all the routes I've been thinking about. None of these routes are proven, but I hope that gives some evidence that there are avenues worth exploring... and that there is likely hope for the federated web to protect people... and maybe we could even do it better for the silos. After all, if we could do filtering as well as the big orgs, even if it were just at or nearly at the same level (which isn't as good as I'd like), that's already a win: it would mean we could protect people, and also preserve the autonomy of marginalized groups... who aren't very likely to be well protected by centralized regimes if push really does come to shove.

    I hope that inspires some people! If you have other routes that should be added to this list or you're exploring or would like to explore one of these directions, please contact me. Once the W3C Social Working Group wraps up, I'm to be co-chair of the following Social Community Group, and this is something we want to explore there.

    der.hans, Gergely Nagy, Sean Tilley, Scott Sweeny and 4 others likes this.

    Sarah Elkins, Mike Linksvayer shared this.

    I'm happy to see that the Matrix folks also see this as "the single biggest existential threat" and "a problem that the whole decentralised web community has in common"... apparently they already have been looking at the Stellar approach. More from their FOSDEM talk slides. I agree that this is a problem facing the whole decentralized web, and I'm glad / hopeful that there's interest in working together. Now's a good time to be implementing and experimenting!

    Christopher Allan Webber at 2017-04-05T01:33:00Z

    Sean Tilley, Charles ☕ Stanhope, Mike Linksvayer likes this.

    Seems I cannot like, share or comment from datamost at the moment.

    Patchwork people are also already thinking about these issues.

    Clacke moved to and at 2017-04-05T07:25:09Z

  • Christopher Allan Webber at 2017-04-02T18:08:29Z

    I have never once gotten Guile's "do" looping syntax right on the first try.

    Claes Wallin (韋嘉誠), Craig Maloney likes this.

    Claes Wallin (韋嘉誠) shared this.

    Named let is so much easier to read. Just never mind "do".

    Claes Wallin (韋嘉誠) at 2017-04-03T18:35:51Z

    Christopher Allan Webber likes this.

  • Amitai Schleier at 2017-03-31T12:10:08Z

    Last day on the job!

    I got up early to finish something fun I was coding. Self-career-tip: consider that I may want to get into programming

    Ben Sturmfels, Craig Maloney likes this.

  • at 2017-03-30T18:45:36Z

    For my first job as a software development coach, I wanted to never be without a whiteboard. Peeling it off the company laptop now.

    Craig Maloney likes this.

  • watch this!

    joeyh at 2017-03-29T15:27:50Z

    Has Sumana Harihareswara invented a new form of presentation? her LibrePlanet keynote was a menu of 35 lightening talks, with the audience selecting between them.

    Planning to rewatch this, it went so fast and there was so much in there. Also, got a little bit busy with politicking that resulted in the final pick of #15.

    She could give this talk a dozen times and it would be a dozen different experiences I'll bet.

    BenCook2, der.hans, Tyng-Ruey Chuang, Mike Linksvayer and 5 others likes this.

    Claes Wallin (韋嘉誠) shared this.

    Working link to the talk:

    (For some reason I sometimes can't edit posts.)

    joeyh at 2017-03-29T15:30:49Z

    A 1-person unconference!

    Claes Wallin (韋嘉誠) at 2017-03-29T16:09:13Z

    Tyng-Ruey Chuang likes this.