using secureconfig with multiple config files

I thought perhaps I’d start sharing some of the idioms I’ve developed whilst working with secureconfig — particularly the SecureConfigParser library.

Because of ConfigParser’s handy aggregation of `sections` from several config files, one way of making config file management easier is to split off all of the “credentials” and other sensitive data — passwords, api tokens, etc — into a separate config file. Then I encrypt those credentials and (usually) don’t ever have to touch them.

But, splitting sensitive data away from other variables may not make organizational sense. You may have different details for “development” and “production” sets of configurations.

For my projects, I have standardized to using the “.insecure” extension to indicate an ini config that hasn’t had its sensitive data encrypted yet. This practice helps me avoid accidentally committing credentials to the source repo simply by adding a line like the following to my .hgignore or .gitignore file:

*.insecure

Having done that, I can use an iPython shell or a short python script to encrypt those variables I want encrypted, and then write it back to the config file:

from secureconfig import SecureConfigParser

# upon first run, my key doesn't actually exist yet -- I let 
# SecureConfigParser generate one for me.

scfg = SecureConfigParser.from_file('.keys/demo.key')

scfg.read('demo.ini.insecure')

pwd = scfg.read('credentials', 'password')
token = scfg.read('api', 'token')

scfg.set('credentials', 'password', pwd, encrypt=True)
scfg.set('token', 'token', token, encrypt=True)

scfg.write(open('demo.ini', 'w'))

But I’m lazy, and I like using Fabric for automated deployment. I want all variables matching certain names — particular “password” and “token” — to be encrypted every time I make a change to any .ini.insecure file.

Here’s a function I call via fab protect that does the following — although you can just as easily strip away the Fabric specific stuff for another deployment library:

  • gets a list of all config files with the “insecure” extension
  • reads each config in separately and iterates through every option
  • compares each option against a manually entered list of variable names that should be encrypted
  • uses .set method with encrypt=True to set the specified variables back into the config, encrypted
  • writes config files back into the same directory but without the .insecure extension.
from __future__ import print_function

import os
from fabric.decorators import task
from secureconfig import SecureConfigParser

KEYPATH_LOCAL = '.keys/super_secret_key'
CONFIG_DIR_LOCAL = 'etc/configs'

INSECURE_CONFIG_FILES = [x for x in os.listdir(CONFIG_DIR_LOCAL) 
                            if x.endswith('insecure')]

VARS_TO_PROTECT = ['token', 'password']

@task
def protect(keypath=KEYPATH_LOCAL):
    'generate safe *.ini files from *.ini.insecure files'

    for cfgfile in INSECURE_CONFIG_FILES:
        configpath = os.path.join(CONFIG_DIR_LOCAL, cfgfile)
        scfg = SecureConfigParser.from_file(keypath)
        scfg.read(configpath) #'amqp.ini.insecure')

        for sec in scfg.sections():
            for opt in scfg.options(sec):
                if opt in VARS_TO_PROTECT:
                    val = scfg.get(sec, opt)
                    scfg.set(sec, opt, val, encrypt=True)

        outpath = configpath.rstrip('insecure')[:-1]
        print("Writing %s (don't forget to commit changes to the repo!)" % outpath)
        scfg.write(open(outpath, 'w'))

Post here if you have any trouble using this!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

pip install secureconfig

Back in January at Invitae, in response to an internal security audit, I took on the task of coming up with a set of Best Practices For Not Getting Instantly Pwned When Someone Leaves Their Laptop On A Plane Or Something.

What I found, in addition to lots of other things, was that the Python world lacked a sturdy, well-constructed module that allowed developers to keep the configuration management idioms many have baked into their code (e.g. ConfigParser and JSON) while keeping sensitive stuff out

TL;DR — I found a huge security-usability hole in the Python world, so I patched it, and you can RTFM and try it out here:

pip install secureconfig

The idea behind secureconfig is to make it dead simple to encrypt sensitive data that you might like to store in configuration files — API tokens, passwords, etc — and to do it in a way that makes the most secure default choices for you.

I sort of cheated on that last part: I met some of the guys who work on pip install cryptography at PyCon2014 and realized they’ve already got that problem surrounded. So secureconfig uses cryptography’s “Fernet” recipe, which is really just a way of bundling up a bunch of choices relating to AES-128. Go read there, if you’re curious.

The way secureconfig makes encrypted configuration files easy is by providing an interface that gets the encryption steps out of the way of your “real code”. All you need to decide is where to store the private AES-128 key (that secureconfig will happily generate for you if you don’t have one yet).

You might say, “aren’t you just passing the buck to another config file?”

Yes, that’s technically true (the best kind of true!). But it comes back to the usability issue, especially when it comes to teams of developers sharing configuration files.

Within the industry status quo, sensitive data is stored in the clear and protected only by the will of every individual developer to avoid at all costs accidentally committing the “secret” config file to a repository.

When your sensitive data is encrypted in config files, then your imperative becomes keeping a single string of information (the key) safe. We’re finding that it’s far easier, usability-wise, to standardize the name of the key file (e.g. config.aes.key) and add *.key to a repo ignore list than it is to make sure that all types of config files are well-represented in our repo ignore lists.

It’s also nice to be able to keep config files under source control. Non-sensitive data do need to be changed from time to time. And when sensitive data change, you can still see that change reflected in the encrypted strings, even if you can’t tell at a glance whether Joe Schmoe committed bogus credentials that broke the deployment (you’ll find out another way, I’m sure).

And if you don’t like keeping keys in files, that’s cool — secureconfig lets you read and write keys to environment variables.

So, if you like using Jenkins, for example, you can set up a deployment that acquires all of the files it needs from a repository, and then the deployment engineer can manually lay-in the private key within the Jenkins configuration to set any arbitrary environment variable name you like.

All you have to do in your python code to be able to read the encrypted strings, assuming you have the environment variable set with your key, is the following:

from secureconfig import SecureConfigParser

config = SecureConfigParser.from_env('NAME_OF_ENVIRONMENT_VARIABLE')
config.read('/path/to/config_with_encrypted_stuff.ini')

That’s it. Your config then works exactly and seamlessly like any other ConfigParser you’ve ever used. Oh, and if you don’t like ConfigParser, there’s SecureJson too.

Go take a look at the docs or check out the code, there’s more to it than that! This is just an intro.

Or you could just pip install secureconfig and give it a try.

ps. I <3 the “pip install libraryname” linguistic construction. Absolutely brilliant: it succinctly identifies the library as belonging to a certain language (python) while simultaneously assuring the reader/listener that the library can be installed in a certain way.

pps. This is the first piece of FOSS I have ever unilaterally published that makes claims to “security”. I am hoping for heaps of criticism. Go ahead, see if you can overflow my buffer, I can take it!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Announcing Illuminate, a python module for Illumina sequencing metrics

Yesterday, my company, InVitae, allowed me to publicly open-source a library I’ve been working on for the past few months, a python module that provides programmatic access to the binary-formatted metrics output by sequencing runs on the Illumina HiSeq and MiSeq machines.

–> Illuminate <--

The aim of this tool was to provide a programmatic interface to the metrics resultant from MiSeq and HiSeq genetic sequencing runs. Up until now, there hasn’t been an Illumina metrics tool you could integrate into your automation pipeline — only Windows-based viewers where the data is stuck on the screen, online services requiring you to send your data over the wire, and a few tentative command-line efforts that feel more like proof-of-concept than tool.

You can use Illuminate as a command-line tool to “illuminate” your MiSeq and HiSeq runs. There’s some support for outputting to file but nothing fancy. (I wrote the CLI using docopt, which made the process actually fun! I hope docopt becomes part of standard python.)

But the real strength of Illuminate is its object-oriented encapsulation of the individual metrics and standardized approach to data delivery. Each parser delivers both a raw data dictionary and a pandas DataFrame, allowing researchers and bioinformaticians a familiar method of data manipulation (pandas feels a lot like R).

When I post something so specialized to a general-purpose personal blog like this one, I can’t help but feel a bit like Rick in one of my favorite episodes of The Young Ones:

“But now after years of stagnation, the TV people have finally woken up to the need for locally-based minority programs! made by amateurs! and perhaps of interest to only 2 or 3 people! It’s IMPORTANT, right?! It’s NOW!”

But I figure, the right folks will know what to do with this library.

There’s a detailed README on the Illuminate repository page, where you can find out what’s required to get this thing going. All feedback gratefully accepted.

Related: Announcement of Illuminate on seqanswers.com

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Pepper Sprayed in Oakland: Aftermath

In no particular order, reflections on what happened to me on Monday night / Tuesday morning:

Pepper spray SUCKS. Oh man. I am truly grateful for the experience, because now I know how awful it is. I bet you really could asphyxiate if you got enough of it in your sinuses. I got just enough of it to feel like I was going to choke.

Pepper spray suuuuuckkks. I mean it’s no bullet-in-the-face, but the effects really linger. This stuff is sticky and tenacious. 48 hours and 6 full-body shampooings with Bronner’s got 99% of it out. That last 1% is still hanging around behind my ears and under my nails, aerosolizing in the shower, making me cough.

Those muggers: That was a coordinated, well-planned attack, not just a crime of opportunity. They made no vocalizations through the whole thing, and the girl who pepper sprayed me stepped in at just the right moment — quick enough to disable me before I could even understand what was happening, but not so quickly that her accomplices would experience even an iota of pepper shrapnel.

Transportation: what a bitch. Because of this crap I have to rethink basically my whole approach to what I do and how late I do it, because 20th and Broadway is… was… a major transit nexus for me. I don’t want a car — that’s just replacing one set of anxieties and risks with another set. And apparently bike-bound muggings also happen with enough regularity to make cycling not really a “safer” bet. Ugh. This Bay Area problem makes me so tired.

Self-Defense: I put myself in the LEAST defensible position humanly possible that night. I was sitting in the corner seat in a bus shelter, meaning I had absolutely no ability to run away. Sitting also meant that my kick would be at its least powerful, mechanically speaking — I would have been better off lying on the ground. And it’s pretty damn hard to make punches effective from a seated position when your attackers are all above you and far more mobile.

Glasses: I wouldn’t have suffered so badly if I’d been wearing my glasses. I always take them off when I don’t need them, because it keeps my prescription from drifting worse. But I will start wearing them at night no matter what. Who knows, maybe attackers with pepper spray won’t even make passes at girls who wear glasses.

Life: Going back to the office was harder than I thought it would be. I couldn’t take people asking me about what happened, because I had to refer them to the blog post, but after I’d done that, things felt touchy, like people couldn’t talk to me at all. Great, that’s worse. Reminding me that I am not very emotionally intelligent.

Healing: I’m going to spend some time at the Zen Meditation Center and talking to friends.

I’m also going to start taking combat-oriented martial arts again. Not because I think I could have beaten my attackers, but because I remember being far more perceptive and, well, FAST when I was taking karate three days a week.

All talk of victim-blaming aside, I fully believe that I put myself in a very vulnerable position that definitely increased my likelihood both of being attacked and of being at a severe disadvantage in defending myself (including just running away). And as any martial arts master will tell you, the best way to win a fight is to avoid getting in one.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Mugged and Pepper Sprayed in Downtown Oakland

What I write here is true and happened to me last night (April 8th, 2013) at about 11:45pm while I was waiting for the 72M at the 20th-and-Broadway stop in Oakland, CA.

I had just gotten off the train the 19th St BART station around 11:30pm, having come from Noisebridge. It takes me an hour to get home no matter how I slice it, and at this late s, the bus lines going to my neighborhood are extremely sparse. I knew, intellectually, that downtown Oakland is not a good place to be alone and carrying computer gear. But I had used this bus stop many times without incident, so I felt safe. The lights are bright here.

I walked over to the bus stop and took a look at the wait times. 18 minutes for the 72M, one of two buses I could take at this hour. I cursed Google Maps for being inaccurate yet again (it told me there was a bus coming in 5 minutes) and sat down.

In a move that would prove to be incredibly stupid, I decided to take my iPad out of my backpack to transfer to my purse so that it would be more accessible when I got on the bus. Some notifications had cropped up, so I decided to open the iPad to take a look at them, and wound up sucked in reading some article or another.

I looked up to see a police car driving down the street right in front of me. I remembered feeling safe.

I had headphones on, though I wasn’t listening to anything. I mention this because details like this probably contribute to a perception of vulnerability.

I was checking the arrival board frequently last night, and noted that the next 72M would arrive in 5 minutes.

What happened next occurred in the span of perhaps 10 seconds.

I was leaning over looking at something on the iPad. All-at-once, I heard footsteps and felt and saw a pair of hands grab the iPad that was in my hands. I looked up to see a dark-skinned male in a dark hoodie, whose face I didn’t get a clean look at, with his hands pulling at my iPad.

Thoughts in as much of a sequence as consciousness allows:

  • Hey, what, is this guy crazy? Why is he grabbing my stuff?
  • Oh, I get it, I’m being mugged.

I kicked the dude in the chest, hard enough to knock him back, but not as hard as I would have wanted. These were my instincts; reasoning didn’t kick in until afterwards.

  • Um, what am I doing? He might want to cause me serious harm… let it go…

Immediately, an accomplice — a teenage black female — joined him on his right side and added her hands to the fray. Four hands against my two managed to wrench the iPad away, and they ran off with it towards Telegraph.

Before any cohesive thoughts cropped up at all, so perhaps in the span of half a second, a third accomplice — a heavyset black female wearing jeans and a black T-shirt — stepped directly in front of me. I got a flash of a red metallic design on her shirt as her arm raised towards me. I heard three or four “spray” sounds and then her footsteps away, presumably to join the first two.

  • What just happened?! …Why didn’t they take my purse and backpack?
  • Something in my eyes.

Then, fiery hot pain.

  • Oh wow, pepper spray. Finally happened to me.
  • Eek! Can’t open my eyes!
  • Holy crap this hurts. WOW.
  • Shit! When is the bus coming? I can’t see the board!
  • Fuck, I just have to stand around like this until the bus comes!?

The pain grew and spread. Tears emerged and sinuses swelled. I started making noises to mitigate the pain.

Something gave me the presence of mind to grab my backpack and purse. I stood up and started pacing.

  • This could be very bad. I’m a sitting duck. I’m all alone and blinded and still carrying a lot of stuff. (Why didn’t those kids take the rest of my stuff!?
  • What do people do in this situation?
  • People scream in this situation.

I screamed. I screamed in anger. I screamed in fear. I screamed for “HELP!!!!”

I’m a trained singer; I get very good volume. No doubt my scream was heard all down the block.

A few people were around, but I was alone on this part of the street. A taxi slowed down in front of me as I screamed. I glared (as much as one can glare with capsaicin in one’s eyes) and considered getting in.

A woman who had just emerged from the nearby subway station cautiously crossed the street and observed.

I was standing just off the sidewalk, screaming into the night, hyperventilating, completely unable to make eye contact.

What’s more, I couldn’t sit down. My nervous system all jacked up, I felt like I needed to keep pacing.

  • How will anybody differentiate me from just some raving lunatic? What can I do, or say?

“I need help!!!”

A bus pulled up, the 18. It slid into position at its scheduled stop, hovered for 10 seconds, and then took off.

A woman in an interesting hat covered in medals emerged and said, “did those three kids just spray you!? I saw them walk up and then run away, I wondered what on earth would make them run like that.”

Me: “They grabbed my iPad and then sprayed me at point blank!”

The woman from the subway, blonde and posh, called an emergency number. I overheard her saying, “yeah this woman was just mugged… over on, umm, I think 14th?”

Me: “20th!!!!”

“And they sprayed her with pepper spray.”

Me: “In the eyes!! At point blank!!”

At that point the 72M pulled up, right on time. All of the above had happened in 5 minutes.

Me (sardonic): “Oh, now there’s my bus.”

The driver of the 72M opened the door, looked at me. I tried to look at him back, but it didn’t work too well with a chemical impediment. He clearly wanted to do something to help, to his credit, and I was clearly considering getting on the bus. But the people around me were entreating me to stay until the police got there. So the bus drove off.

An older black man with very weak control over his articulation walked up to me, saying words I couldn’t make out. I shouted at him, “I just got mugged and maced!!”

(Dear pedants: I don’t care that pepper spray and mace are two separate things. I used them interchangeably. Go get pepper-sprayed and then see how well your brain works.)

The guy said, “I just came to help, I just… <unintelligible>…”

  • Oh, shit. I just assumed he was a crazy guy coming to join in the crazy party.

Me: “I’m sorry, I just got maced, I’m sorry, I didn’t mean to…” He wandered off.

  • Oh good, even when I’m injured and needing help, I’m a racist. Great.

A taxi driver came over to me with a bottle of water. He advised me to pour it over my eyes. I did, gratefully, but then wished I hadn’t. The burning sensations all reignited, and I felt more areas of my face and neck light up in hot pain.

Meanwhile, the woman helping me saw a police car drive by. She decided to give the emergency dispatch another ring to check in. They asked if she was reporting a new incident. “No, I’m just calling to check because no one has come yet. This woman was attacked and needs medical attention.”

Me: “And I can’t breathe!!” My airways were continuing to inflame and fill with mucous.

Feelings of desperation.

At T+8 minutes, a fire engine arrived on the scene carrying a handful of EMTs. They looked concerned but didn’t feel they could help much, apart from pouring saline water on my eyes, which seemed to help and soothe. However, the voluminous mucous and wild inflammation in my sinuses combined with having water poured over my breathing apparatus felt, well, torturous. I had to take it slow.

They asked if I wanted to be taken to a hospital.

Me: “You mean do I want to sit in an emergency room for 2 hours? No. I’d rather go home.”

Just then, a police car arrived. I read their nametags but only remembered officer Beltran, an impeccably groomed Latina who talked about how getting pepper sprayed was part of the OPD training. “I’d rather be punched in the face,” she emphasized. “So I know.”

Beltran took my report and wrote it down on the form. I later got the chance to read it in full. She left out the part about my kicking the guy in the chest, replacing it with “there was a struggle.”

Meanwhile, a third officer asked, “Do you have Find my Phone installed on the device?”

Me: “Yeah. I do.”

I wrote my password down for them (mental note: change password ASAP). Within a minute, the officer had a location for the iPad and they were tracking it down. Apparently they had gotten as far as 14th street (6 city blocks away).

At that point, the OPD and the Fire Dept EMTs completed a hand off so that the fire engine could leave the scene. I was in the cops’ hands now.

The police officers asked if I would be willing to come along in the car and look at the suspects they’d apprehended to see if they were the muggers who attacked me. “Yeah. Let’s do it.”

At that point I realized the pepper spray had mostly cleared my eyes, though I was still shaking and hyperventilating, and breaking into tears every 3-4 minutes. My eyelids were also inflamed, and bright light sources (like emergency lights) made me wince.

“Ever been in the back of a cop car before?” I said I hadn’t, which was true.

The woman who helped me gave me her card and said she’d be standing by, but that she was going home. She also mentioned that she had slipped some tissues into my jacket pocket. I gave her a hug and a very Canadian “so sorry, thanks so much”, and then I got into the cop car.

The officer along with Beltran, whose name I don’t remember, seemed more senior by how he interacted with the others, and he had a downright cheerful disposition about the whole thing. I figured it must be fun to be able to apprehend suspects within a few minutes of an incident. Nice and neat.

Roughly 20 minutes had elapsed since the mugging when we pulled up in front of the apprehended suspects, held there by 4 officers. They had separated the two they’d caught (out of three, just to be clear), and the senior officer said they’d found a guy in a hoodie and a female.

“Now remember, these people may or may not be the ones who mugged you. And don’t worry, they won’t be able to see you.”

I know that memory is a slippery concept, and that wanting to positively (or negatively) ID a suspect greatly influences what you “remember” about something. I tried to be objective as they got the male to stand up in front of the light.

There was a tallish, black male with a long thin nose and a mustache and beard wearing a dark grey hoodie. I didn’t remember there being facial hair. I had him turn to the side, but it didn’t help — I wasn’t sure, and I said as much. “Sorry, I can’t be sure.”

“That’s OK! Alright. Now we’re going to move up the block and have you look at the second suspect.”

I saw the female suspect struggling with the officers who were holding her. She was trying to hide her face from the light, and sported a huge nervous grin.

Her body shape gave her away immediately, but I couldn’t help but feel like her behaviors were influencing my “memory”. I never saw this person’s face, I only got a glimpse at her midsection as she maced me.

But there, quite plainly, was the red metallic design that flashed just before the burning sensations began.

“Yep! That’s the one who sprayed me in the face. I can tell by her body shape and that T-shirt.” Officer Beltran wrote this down and communicated my ID to the attendant team. The senior officer told them to take her in and let the first guy go.

  • Wow. Is that how it works. I have too much control here.

The senior officer bounded over to me.

“Well, we recovered an iPad that responded to the tracking beacon. We have it now. Did you have a wallpaper on the device that you can describe?” I described it to him. A few seconds later, there was the iPad — out of its protective case and bearing its first ever crack in the screen.

Feelings of revulsion.

  • I don’t want it back… why?

“You don’t need to hold it for evidence, or fingerprint it or anything?”

The policeman laughed. “No, this isn’t like the shows you see on TV.”

  • Um. Okay. So what is it like?

I then watched and overheard the police banter as the senior officer explained to the more junior officers that he’d probably be able to “get” the other two suspects by playing testimonies off each other. They had to let the guy go because I didn’t positively ID him, but they would pay him a visit later.

Hearing all of this, I felt less like I had any control over these kids’ fate, and more like a hapless wanderer dipping my toes into a foreign stream.

The rest is fairly mundane. I had to sign my report in about half a dozen places (they make you initial any mistakes or even weird pen marks they accidentally made), and then they drove me home.

Arrival time at home: 1 AM.

Who says there’s nothing to do in downtown Oakland.

At this point, 24 hours post-incident, I’ve spent the better part of my day washing pepper spray out of my skin and hair — this stuff is ridiculously tenacious — and taking naps. My eyes still sting.

I’m feeling traumatized but incredibly grateful that it was spray and not a bullet.

And I still have mixed feelings about getting my iPad back. That’s emotional investigation for another day.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Using the Raspberry Pi as a Streaming Radio Source

A friend of mine from Mutiny Radio picked up a Raspberry Pi as a potential replacement for their on-the-fly mp3-encoding / up-streaming machine. Theoretically the 700MHz chip on this little computer should be able to handle the job, so this past weekend I started the process of exploring its capabilities.

Raspberry Pi: "It takes a while!"

After deactivating Raspbian’s tremendously greedy GUI, the rPi has horsepower to spare. However, its Linux distro “raspbian” is limited by the fact that it is itself a subset of a limited debian distribution for ARM processors.

Consequently, while darkice can be found in raspbian’s standard repositories, you can’t get mp3 streaming due to debian’s draconian anti-mp3 laws, and you won’t get mp3 support just by installing liblame. You gotta compile darkice from source.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Higher Voices Win Mates, Lower Voices Win Elections

Tags: ,

Which is your favorite Margaret Thatcher?

No surprise to most heterosexual men has been the consistent finding that women with higher-pitched voices attract more male attention. This finding has been observed even at the subtlest levels, such as measured differences in attractiveness between different stages of the menstrual cycle. In hunter-gatherer populations, women with higher pitched voices achieve better reproductive success in terms of number of children, a finding you won’t be able to match in a modernized nation with family planning.

Shifts in estrogen drive these involuntary shifts in vocal pitch, theoretically signaling higher fertility levels as well as indicating age. In general, younger women sport higher voices, which fall dramatically during and after menopause. Women about 2 days from ovulation (a high point for estrogen) usually have the highest pitched voice that they will have at any point in their menstrual cycle.

These pitch adjustments can also be driven by cultural cues, with women changing their vocal approach to acute situations both subconsciously and knowingly. Listen to a woman you’re currently familiar with when she answers the phone or approaches the object of her affections. Generally her vocal pitch will increase, perhaps subtly or perhaps not so subtly.

But where a higher voice can increase sexual attractiveness, a lower voice tends to be required to gain respect.

“To be taken seriously, I put on a certain voice the way I put on a certain dress, a voice that lashes my Valley Girl intonations. I try to meet anyone I need to impress down in the lower registers,” writes Katrina Onstad in the Globe and Mail.

Several studies from the past 2 years resulted in evidence supporting the theory that lower voices command a greater sense of authority across both genders. A study published late last year in PLoS One revealed that elections featuring roles typically held by females (e.g. PTA leadership), in which two or more female candidates ran against each other, resulted by and large in the deeper-voiced candidate winning the election.

Former UK Prime Minister Margaret Thatcher serves as the contemporary model of a strong and commanding woman, one whose voice sounds authoritative. But Thatcher famously went through a program of vocal training to achieve this style.

Are attractiveness and respectability mutually exclusive aesthetics for women? Men don’t need to walk this tightrope: many studies confirm that not only are deeper male voices more sexually attractive to women, they’re also more likely to win elections and hold more powerful positions in corporate leadership.

The feminine-or-professional Faustian bargain can be observed in all aspects of the choices women make when making appearances in the workplace and the public eye. Advisers of female professionals, quite aware of the disadvantage a woman’s voice has in the male-dominated boardroom, tell women to lower pitch “to sound authoritative and credible.”

Now, many men will say, “but I like women with lower voices.” Great. Good for you. You have instantly demonstrated the limitations of relying on statistical tendencies to dictate truths. Give yourself a high five.

Empirically, I can find many examples of men decrying the tonality of the voice of a woman in political power. News anchor Mark Rudov, for example, spends 8 minutes of network time lambasting Hillary Clinton’s “nagging” voice, while his female correspondent throws inconvenient facts at him that fly in the face of his assertion that “men don’t like her” (the statistics she cites paint a very different picture — worth a listen if you want more anecdotal evidence in support of the idea that men are actually the more emotional gender when it comes to public dialog.)

When Hillary Clinton speaks, men hear “Take out the garbage!”

Now I truly find Clinton’s voice annoying, but not because of her hoarseness — the only vocal quality named and harped on in the dialog above — more because of her nasality. Maybe that’s what sounds like “nagging” to some men and what older women like my mom seem to like about it.

And what of Meg Whitman, whose voice the male anchor so prizes? “I’ll listen to her any day of the week,” he says.

Huh, funny. In Whitman’s voice I hear “grown up valley girl” and quite a lot of vocal fry / creaky voice — the subject of quite a bit of curiosity and ire lately, and also the subject of my next blog post.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Kickstart the New Year 2013

Learn new ways to make yourself better, stronger, faster, and smarter.

I’ve been mentioning in other places that I was working on a book back in November. That fitness book, authored by Dick Talens (creator of Fitocracy and all-around great guy), became “Hack Your Body by Hacking Your Brain”, a subject I’ve been researching ever since I left Dangerously Hardcore this past summer.

Though I only contributed a few sections and some editing — the actual training and diet program is completely the brainchild of Dick Talens (who in turn credits several other pundits) — the book contains many mind-body connection elements that I plan to expound upon in 2013.

The book had a destiny from the beginning as the fitness piece of an 8-book self-improvement bundle dubbed “Kickstart the Year”.

KtY-Logo-Take-6

This bundle is designed to help you in every aspect of your life: productivity, business, creativity, and (my area) metabolism / fitness — but in ways that are probably more off-beat and creative than you may have seen before.

This bundle will only be sold for the next 6 days (I believe), after which time we have no idea if this stuff will be sold individually. So give it a try!

Within the next 1-2 days (toddler permitting) I will post my slides from a recent talk I gave at Noisebridge pertaining to tangential but extremely usefuL concepts that can be found within the Kickstart the Year book.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Feliz Navidad Forever (dot com)

In a fit of long-overdue crazypants this Ecsmas Eve, I hacked this new internet radio station into existence:

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

It’s… a streaming station that plays nothing but nonstop Feliz Navidad. I have always wanted to do this!

Feliz Navidad Forever wreath

With a little hitting-up of fellow crazies as well as an hour’s worth of searching for mp3s using the time-tested “index of” search phrase method, I assembled over 60 renditions of “Feliz Navidad” — everything from a cowbell-laden salsa version lasting 10 minutes long to a death metal version to a solo flute version.

My mom commented that she has been fascinated by the flexibility of the basic “Feliz Navidad” construction, which allows a huge variety of interpretations. Of course you could also argue that it’s the listener who is “allowing” the interpretations, with the artists essentially doing whatever they want and slapping “Feliz Navidad” on it.

Well, whatever your epistemological approach to the atomic integrity of cultural information, I think you’ll enjoy this rarified frivolity.

So, feliz navidad, everybody!

Brought to you by icecast2, liquidsoap, contributions from Noisebridge hackers, and suckers like you.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Pretty Busy Right Now

Tags: ,

What have I been doing? In order of time commitment (with the most time spent at the top):

Oh yeah, and then there’s that kid I’m raising, who is pretty well tied for the #1 spot on that list.

So if you were hoping to track me down for a project, I gotta say, I’m pretty booked right now… Talk to me if you’re interested in setting something up for the longer term, though! You can email me at Naomi @ [this domain] dot com

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS