In software, especially cutting-edge software like Firefox, every developer is an inventor; coming up with new ways of doing things is not exceptional, it’s what our developers do every single day. Invention created at such a rate does not deserve or benefit from years of monopoly protection. Indeed, it will be crippled if we are forced to play the patent system “to the hilt”, to acquire vast numbers of our own software patents and to navigate the minefield of other people’s patents.

This echoes my instinctual feelings about software patents – where do you even start?  So much innovation happens so constantly in software development (ok, and so much reinvention of various wheels not invented here, but that’s another story…) that the patent system as is just doesn’t make sense.

A few weeks ago I went and got my nails done to try to rid myself of a life-long habit of biting my nails.  Some time later, I realized that the goop they put on my nails would be plenty to hold a small magnet and give me a sixth sense, as several others have done via subdermal magnetic implants.

ObDisclaimer before I go into the technical details: consult with a doctor/lawyer before doing this.  Consider carrying some kind of documentation (and a nail file) in case you have a medical emergency and need to be stuck in an MRI.  You may break things / lose data / get contact dermatitis from nail goo / kill kittens with your new magnet superpowers.  Don’t blame me :p

The basics of nail enhancements (the industry term; they are better known as fake nails :) ) are as follows: your natural nails get filed down, and acrylic or gel is applied in a multi-stage process.  With gel, the nails need less filing, and each layer gets cured under a UV light.  If the technician uses a combination of powder and liquid, you’re getting acrylics.  Even if there’s a UV light involved – powder means acrylics.  Some crappy salons will just put a UV topcoat on and call it “gel” – be warned.  Also, many nail techs are used to working with biters, so even if you have sad stubby nails, don’t despair – they have a whole bag of tricks involving plastic forms, more substantial gel, etc. to make your fingertips looks unbitten.

Implementation

Pablos, 3ric and I had our magnetic manicures done by Aiden at the Gene Juarez salon in downtown Seattle. You can reach them at 206.326.6000, and ask for her specifically.  She did a fantastic job and didn’t even blink at our weird request.  Expect to spend just under $100 with tip – it’s a fancy salon.  Bring your own magnets – we used the ones Nate recommended, tiny parylene-encases magnetic stirrers from here.  They are a buck a piece and come in a minimum quantity of 100, so find some friends who want to do this too.  Pablos’ and 3ric’s are clear gel with white tips; mine are all clear gel, with pink polish over top, because I like pink.  One of the benefits of the gel we used – as acetone doesn’t dissolve it, I can take the polish off and change it.  It was fairly thick, with a noticeable bump, seen here in profile.  The gel is lightweight though, and overall my nails feel less heavy than when I had acrylics (with no magnets) on.  The magnets in mine are visible through two layers of polish; I expect another layer or a darker colour would address that, if you care.

During Saturday evening’s Hackerbot Labs, a bunch of folks also had them stuck on with acrylics, using one of the cheap kits (made by Kiss Nails, I think)  one can get at the local pharmacy / big box / beauty supply etc.  Clamoring and Willow from Jigsaw Renaissance lead the way on that part of the project.

Results

I can feel ferrous materials strongly and easily with the backs of my fingers.  It’s a very gentle pull, and is totally fascinating.  I can’t feel much of anything through the pads of my fingers.  I feel a very light buzz near things with strong magnetic fields, but it’s really subtle to the point where I’m not yet convinced it’s real – I expect I’ll get more attuned to it in the next little bit.  For now it just tickles.

I can pick up pretty substantial objects, like the magnet from inside an old hard drive.  I’m bad with weights but it’s probably 50 grams.

Aiden was a pro at getting the polarities all lined up, but you’ll want to think about how to arrange them.  Fingers sticking together or repelling?  I went with sticking together.  Hours of entertainment, I tell you.

So far I haven’t managed to erase any credit cards or hard drives with them, and I’ve been told by others that these magnets just don’t have enough power to do either.

Oh and as for nailbiting – while I haven’t gone back to natural nails yet, the enhancements I’ve tried – gels without magnets, acrylics without magnets, and now gels with magnets – have all made my fingers completely incompatible with my teeth.  I simply have no desire to bite on them due to the foreign texture, and the general neatness of the nails.  I don’t know for sure that I’ve broken the habit, but it seems to be a damn effective temporary measure.

After-care

Nails with enhancements need to be “filled” about every 2-3 weeks as they grow out from the cuticle, and breaks need to be fixed promptly or they will get worse and you may end up in pain.  You’ll pay about 1/2 to 2/3 the cost to have a fill done compared to the original work, and a few bucks per nail if they break.  I do not yet know how these will grow out.  I expect to be filing them down until the magnet is a half millimetre from the “free edge” (outward edge), then letting them grow out a bit so I can clip the magnets off.  I’ll probably have a fill done right at week 2, and add a second set of magnets at week 4.  YMMV depending on the size of your fingernails and how fast they grow.

Product reference

Aiden used CND’s Brisa gel system on us.  If you’re into colours, look for a salon that does Calgel’s coloured gels, or Opi Axxium.  Those come in both file-off and soak-off varieties – the latter soak off with acetone, but are a bit softer from what I’ve read.  CND has a new product called Shellac which is more like a UV cured polish, but which may also be strong enough to retain the magnets.  YMMV; please let me know what works for you!  There are also plenty of products I didn’t list – these are the brands that seemed to have decent reputations on the intertubes and Amazon reviews.

Not only did I get to work all day while the upgrade was downloading, only having to reboot at the very end, but everything worked as I expected when I rebooted – which is to say that the only thing which didn’t work was VMWare, which I expected to not work as with every kernel upgrade.  I might even take this as an opportunity to give Virtualbox a proper try (it was less than amazing last time I did).

Let me make that really clear – I only had about twenty minutes of downtime for the entire upgrade, and it would have been less if the installer had left upgrading Firefox until the end, as that was the only thing which broke (and even then, only partly – no new urls, but clicking through links was fine) while the upgrade was going on.  Try that with Windows :)

Things feel just a little snappier, just a little shinier.  I’m really impressed so far.  The new theme and icon set is lovely.

If you’ve been putting off trying out Ubuntu or Linux in general, now’s a great time to start!

English Bread Sauce

Ingredients

• 10-15 cloves
• 1 medium onion
• 3 cups milk
• 1 tsp salt
• 1-2 cups bread crumbs (the ones you can get pre-made at the grocery store work, but bakery ones are better :) )
• butter

Directions

• Stick the cloves in the onion.
• Add onion to milk in a saucepan.
• Simmer for about one hour on low heat, so that milk is infused with the onion-clove flavour. Do not boil.
• Remove onion and discard.
• Add salt and about 1 cup bread crumbs, and simmer over low heat.  Again, do not  boil.
• The crumbs will swell up, and the sauce should have a thick consistency. If it is too runny after simmering for a few minutes, add some more bread crumbs.

Serve with turkey, ideally with more bread crumbs, these ones fried in butter.  About a half cup should be enough – use whatever you have left.

-!- zfe [n=Gianluca@88.252.29.47] has joined #ubuntu-women
<zfe> is this the kitchen?
<zfe> who would make me a sammich?
<redacted> zfe: No this is not the kitchen
<zfe> aren’t you women?
<redacted> zfe: you are welcome to go into your own kitchen and make yourself a sandwich.
<redacted> zfe: please read the channel guidelines in the topic
-!- mode/#ubuntu-women [+o hypa7ia] by ChanServ
<zfe> ok i will while you make me a sammich
-!- mode/#ubuntu-women [+b *!*=Gianluca@88.252.29.*] by hypa7ia
-!- zfe was kicked from #ubuntu-women by hypa7ia [http://xkcd.com/322]

Nicknames redacted to protect the innocent.

3D printing is so amazing. This is the MITS Altair of a DIY revolution whose shape I’m not at all certain of. I couldn’t be more exited to see what the hacklabbers make and how we improve the machine, too.

In alphabetical order, the donors were:

3ric Johanson
Alex Leitch
Byron Sonne
Chad Mounteny
Cheryl Mok
Chris Pilkington
Dale Babiy
Dan Kaminsky
Eric from NYC Resistor
Kate Raynes-Goldie
Sergio Martns
Seth Hardy

Welcome to the future, folks.

-Leigh

-Leigh

The debate over full disclosure goes back hundreds of years in the locksmithing world.  Locksmiths were historically very secretive about weaknesses in their products; interestingly, they still are – here’s an interesting note on the subject from a few years ago.

There’s nuance and detail to the recent history of disclosure practices which Wikipedia does a good treatment of, but it’s fair to say that today there are three broad categories of practices:

• silent patching (no disclosure) – this is a bad idea for fairly obvious reasons, except (some argue) in edge cases like the Linux kernel (the “every kernel bug is a security bug” argument) (one discussion of this, another)
• partial disclosure, where one issues the patch before explaining full details of the vulnerability
• full disclosure, where vulnerability details (and sometimes exploit code) are released at the same time as the patch is issued

Aside from how much is being disclosed, there’s the question of  responsible disclosure on the part of security researchers, which is in a nutshell the idea of giving software vendors a set amount of time to respond to security issues before going public with them.

How to Screw Up Disclosure

• don’t give credit in your vulnerability advisories
• don’t even bother publishing advisories (silent patching)
• be unresponsive
• demand excessive, unreasonable timeframes for patching (this is of course subjective)
• make people sign NDAs (!)
• threaten to sue people

The last two aren’t generally screwups committed by Open Source projects, of course :)
How to do it right – best practices

• have a clear security contact on your site, no more than a click away from the homepage, and easily googlable with the string “$projectname security”
• have a gpg key posted, with a good web of trust, for that contact
• have email to that contact go to an email list with a clear process for dealing with it so that you don’t drop the ball, or have it filed into the bugtracker automagically (in a private bug!!11)
• have an announce-only security mailing list for your users, and post issues to it ASAP when they come out!  An RSS feed works too.  Do both!
• ensure that someone in your project monitors lists such as full-disclosure and bugtraq for issues in both your project, upstream frameworks, and your infrastructure.  For just monitoring your project, a Google Alert works well too. “project name + bug or vulnerability or security”.  People sometimes announce vulns without disclosing at all; you want to catch these.
• if the project ends up getting abandoned at some point in the future, at the very least post a warning that it’s deprecated and unmaintained even for security issues, and possibly take down the code.

Specific Issues for web apps

• you may have a widely deployed base of users.  An auto-update system such as WordPress’s is awesome for getting them to $%^$&&* patch!
• the framework you’re building on may have (security) bugs too.
• your code may be customized by users, which makes them lazy about patching – a good plugin architecture can help mitigate this.

Places to get Arduinos and other electronic components in Toronto:

• Creatron has good prices on the Lilypad and regular Arduino, as well as a very friendly and helpful proprietor.  It’s on College just East of Spadina.
• Honson is just West of Spadina; they have a wider selection of things like LEDs, but don’t stock Arduinos.
• Active Surplus on Queen West is also worth a look, though their selection of components varies.

Project inspiration, resources, and other links:

• The Arduino homepage is probably a good place to start.
• LadyAda has awesome projects.
• MakeZine posts new things all the time.
• The High-Low Tech group at MIT, where Leah Buechley (creator of the Lilypad) is a professor, has really inspirational work.
• My bookmarks for Gr8 Girls have some more random projects.

I hope everyone has fun learning more about electronics and microcontrollers than what little I talked about in the workshops, and please feel free to email me if you have any questions – my address is leigh (at) hypatia.ca .

-Leigh