Apple totally screwed up SSL with a fundamentalbug in their certificate checking implementation in both MacOS10.9 and iOS 7. Every consumer iPhone, iPad, and Macintosh runningrecent versions of their OS is vulnerable. My understanding is SSLcertificate checking basically does not work and any securesite can be spoofed with a man-in-the-middle attack. It’sabout as deep a flaw as it goes. There’s a patch for iOS outbut not yet for MacOS. You can test if a browser is vulnerable here.

The bugboils down to a simple typo in the code, the good ol’ C gotcha thatindentation doesn’t match control flow. Bugs like that happen inC. What’s alarming is Apple didn’t catch the bug; not witha lint tool, not in code review, not in unit testing, not in integrationtesting. No aspect of Apple’s software development process caughtthis bug before releasing it to millions of users. That’s terribleengineering practice; in a critical security library it’s outrightnegligence.

At the moment MacOS users are entirelyvulnerable and there’s no fix. In the past Apple has taken manyweeks to fix critical bugs in things like Java, hopefullythey’ll be faster here. Using Chrome instead of Safariwill insulate you from malicious web servers, Chrome wiselyhas its own SSL implementation. But a whole lot of other Macsoftware is relying on the broken certificate library, presumably includingApple’s own software update system.

Nice of Apple to publish the exploit before the fix.

I love the Clear DarkSky Chart, a geeky little astronomer’s forecast. Also CSC Menu which putsit on a Mac OS menu bar. Here’s a sample image.

Above is the forecast for near Grass Valley, CA for the next twodays. Time goes from left to right, each row is for a different skycondition: cloud cover, transparency, seeing, and darkness. Also thetemperature, humidity, and wind for your backyard comfort. See the legend for details,but basically dark blue is good. Once you learn to read this presentationyou can quickly tell if it’s likely to be a good night to look atstars in thousandsof locations. Looks like it'll be clear but relatively poor tonight.

These charts are derived from a more traditional mapforecast prepared by the CanadianMeteorological Center. Their site shows you maps of things like cloudcover by the hour. The Clear Dark Sky site basicallysamples the pixels at a specific location and displays the timeseries as a strip chart. Simple and useful. The mysterious seeing forecast isparticularly idiosyncratic to astronomy, an experimental forecastof how bad atmospheric distortionis likely to be.

I’m about to go to Bali, home to Gamelan, one of themost interesting musical traditions in the world. Equal parts rhythmicand melodic, amazing harmony and counterpoint, and an interestingparticipatory music culture playing one-of-a-kind musical instrumentensembles. I’m fortunate enough to have a friend who hasstudied gamelan in Bali. Here's what Chris wrote me as on what I mayhear when I visit. (He also gave me a copy of AHouse in Bali, a 1947 book about a Canadian musician who went toBali to study.)

Most all links to video or music files, give it a listen!

Style: Gamelan “Gong Kebyar”

This is the style that is most associated with Balinesegamelan today. It’s a style that came into its own in theearly 1900s-1930s, evolving away from the slower Javanese-stylecourt gamelan that preceded it. A hallmark characteristic of thisvirtuosic style is the “kotekan”, or interlockingwherein different players each play one half of the melody at highspeed and it’s which are zippered together at high speed (example here). Itis also quite often accompanied by dance.

JagraParwata: This is a virtuosic gong kebyar piece, one of myfavorites. I believe it won the All-Bali competition about ten yearsago. It’s also the first piece I ever learned to play on Gamelan– a true “trial by fire”. Note the loose interpretationof time; it changes tempos both languidly and abruptly. This is a classicaspect of gong kebyar.

TarunaJaya: This is the most famous of the gong kebyar dancepieces, created around 1950. For a Balinese female dancer, this is thesingle most important piece and is used as a required dance to judgethe All-Bali competition. Taruna Jaya stands for “victoriousyouth”, and is intended to convey the wide range of emotionsof an impetuous youthful princess. It is danced by a young girl who(as it was described to me by my Balinese teachers) is pretendingto be a young man pretending to be a young girl. There’s a gooddescription here. Carefully controlled, intense eye and fingermovement are the hallmarks of this piece, and much of Balinese dance. Thedance requires so much energy that most Taruna Jaya dancers peak out ataround 15 years of age.

Style: Gamelan “Gender Wayang”

This is a ceremonial form of gamelan, used for religious ceremonies(weddings, tooth filings, etc) and also puppet shows. As opposed togong kebyar, this style is played with either two or four players whosit facing each other, each side playing one half of the melody in afashion similar to the gong kebyar kotekans.

Here’sa video from someone playing at a local temple festival. Here’s anothervideo of someone practicing his half of the ankat ankatan melodyat about half speed; it gives you a good idea of how both hands worktogether and how half of the melody sounds. This song is the first oneI learned on the gender wayang, because it’s pretty simple andrepetitive. It translates to “walking music” and is usedas filler during the parts of the puppet shows when the characters aresupposed to be “walking around on a long journey”.

GendingRebong: This is a song used during puppet shows when twocharacters are expressing their love for each other.

Style: Balaganjur

This is a marching form of gamelan. You will see this in parades andcremation ceremonies. It has all the elements of gong kebyar but is muchsimpler and more repetitive and is easy enough that every villager learnsa couple belaganjur patterns so they can take part in ceremonies formembers of their village. In that sense it’s the form of gamelanthat most non-musician villagers take part in at least once or twice ayear.

The Belaganjur of group JayaSakti: I don’t think this even has a formal name, but it’sthe most awesome belaganjur I’ve ever heard. I love how it startsout incredibly simple and, simply through tempo change along, seems totransform from something calm and relaxing into something violent andexciting, and then back again. If this doesn’t make you want tomarch, nothing will.

The Awl has threatened us withnewsof a Liquid Sky sequel.The original film isone of my favorites,just check out the fashion show scene.I can't imagine a sequel being a good idea but it is a good excuse for meto share these animated GIFs.

The “angry rainbow” palette is the colors you get whenyou set saturation and value to 100% and then spin the hue wheel. Frombright red #ff0000, briefly through yellow, a long linger in #00ff00green, longer still around dark blue #0000ff, and finally back to red via aneye-searing trip through purple. The term “angry rainbow”isn’t in common usagebut I’m doing my best to spread it. I got the term from someone else, maybeanother student at the MIT Media Lab? (See also:angry fruit salad).

The angry rainbow is always the wrong palette for datavisualization. It’s too bright, too colorful, and too reliant onnon-uniform hue discrimination. But it pops up all the time, from randomweather maps to heatmapexamples to NYTimeswork sketches. It seems to be the default palette for variousvisualization tools, no doubt because it’s easy to generate insoftware. I’ve certainly been guilty of using it myself, somehowit’s always at my fingertips.

So what’s a better choice? Honestly, almost anything. Evenknocking saturation and value down to about 80% gives a more pleasingresult. If you have continuous data try plotting it with varyingbrightness instead of hue, or narrowing down to a red/blue color ramp (properlyinterpolated) instead of the full rainbow. if you want to do it rightconsider a ColorBrewer scale; theD3js implementationis a fine place to start. If you roll your own palette, work with colors thatare not fully saturated and not fully bright. Think carefully aboutwhether hue is really the thing you want to vary.

Angry Rainbow Dash by Uxyd
2014-02-13 18:02 Z

Sports fans had a choice yesterday: watch the Super Bowl or watchLeague of Legends via Twitch. I figured the SuperBowl would easily win out and no one would watch the eSport, but boywas I wrong.

Above is a graph of League of Legends viewers of the 4 LCS tournamentgames on Super Bowl Sunday. (I made the graph from Twitch’spublished data; there are viewers on other services, but Twitchis the majority.) About 230,000 people were watching on Twitch, a typical day forLCS. The surprise is viewership peaked at 286,000 for the last game at4pm, half an hour after the Super Bowl started. No noticeableviewer falloff at the 3:30pm kickoff either; just theusual slump after the previous match ended.

Why didn’t the Super Bowl cut into theLeague of Legends audience? It helped that the finalgame was an anticipated matchup between two of the bestteams with a strong fan base. The stereotypicalgamer nerd is not a sport fan, so maybe there was no conflict. OnReddit people noted that a lot of LoL fans are Europeans notinterested in the Super Bowl. (There’s an enormous Asian audiencetoo.) Some folks said they’d just watch both at the same time.

I’ve come to really enjoy watching League ofLegends tournaments. It’s an enormously popular game, 27million people play daily and 32million (8.5M peak) watchedlast season’s championship. Riot Games has investedheavily in making the game into a sports event. The broadcasts are alot of fun to watch with smart announcers, good storytelling, and excitinggameplay. I’ve generally been a skeptic that eSports would becomea phenomenon but League of Legends is winning me over.

If you’ve never watched LoL before, yesterday’sTSM v C9 game was pretty good. The whole 44 minutebroadcast is worth watching but here’s a 5minute highlight reel. The game is a bit complicated butbasically it’s two teams of five playersfighting to control the map. Here’san overview of the game with a lot more detail.Lots more recorded games on /r/LoLeventVoDs.

