I like figs. But are figs vegan? I never thought a fruit wouldn’t be, but there seems to be some discussion about that within the vegan community, because it turns out, and that’s the interesting bit, figs and wasps are involved in a very close relationship. Symbiotic? I’m afraid to claim that, because biologists no doubt have strict requirements for such categories. Anyway, a Quora post by Beth Goldowitz decribes the relationship, and because it’s a Quora post, I’ll quote it in full here:

If you aren’t a botanist, the life cycle of the fig is truly bizarre. If you’re a vegan, and you find out that figs contain dead wasps, it probably freaks you out a little.

To begin with, figs are not actually fruit. A fig is an inflorescence, a hollow stem filled with flowers. In order to pollinate the flowers, a female wasp that has gathered pollen from another fig (the one she was hatched in, and in which she mated with her brothers before they carved an escape hatch for her (but alas, not for themselves) must crawl through a tiny hole to enter the inflorescence, shedding her wings and her antennae (occasionally) as she does so. Once inside, she pollinates the flowers, lays her eggs, and dies. When her eggs hatch, the next generation continues the story, males mating with females, females gathering pollen, males making a hole for the females to escape, then, having performed their function in life, dying inside the fruit.

If this sounds odd to you, you aren’t reading enough biology and natural history texts. It’s one of my favorite responses to the anti-Darwinists who like to point to things like Emperor Penguins demonstrating that nature supports biblical families. I’ve often thought the Saga of the Fig and the Wasp would make a marvelous opera, or perhaps a ballet, with its chorus of tragic males spending their entire lives confined within a single fig, while their sisters escape, laden with pollen and possibilities.

It gets even more interesting when you find out that in some species of fig, if the female wasps don’t carry pollen to new inflorescences, the tree will drop its fruit, punishing them by eliminating their offspring from the gene pool. Cue dramatic fig tree aria. Or even more dramatic pas de deux, with sexy, but stand-offish female wasps.

But, and this is a big but, commercial figs aren’t grown this way.

The commercially cultivated fig tree is usually a female parthenocarpic variety of the ancient common fig (Ficus carica) and does not need pollination to produce fruit.

The story of the fig and its wasp

Most commercial figs do not need to be fertilized. They do not contain wasps, other than the incidental bits of insects and other debris that can be found on all fruit and vegetables everywhere. Many varieties of commercial figs are vegan. If you’re really worried about it, you can probably do a little research online.

Even the ones that do contain wasps can be considered vegan in my opinion. Veganism is about reducing harm and suffering, and these wasps aren’t being harmed. After all, no one is forcing the wasps to fertilize the figs. It’s part of their natural life cycle. They aren’t being carted around in commercial hives, like the honeybees that some vegans think make almonds and avocados unacceptable in their diet. These wasps are perfectly happy. They live inside figs, one of the world’s most delicious fruits. They hatch out of their eggs, reach maturity, and indulge in an incestuous orgy before the females go out into the world to carry on their species. They make it possible for the trees to grow more figs, which make it possible for the next generation of wasps to survive. Ain’t nothin’ wrong with that.

I’m not vegan anymore, but if I were, I would eat figs. Figs are delicious.

EDIT: Apparently, a ripe fig is actually an infructescence, which is the fruit that results when an inflorescence is fertilized. Thanks to Michael Williams for pointing this out.

What a story! Biology is so much more than survival of the fittest. It reminded by of a documentary I once watched on symbiosis, in particular the story of Lynn Margulis. She faced a lot of criticism from here (mostly male) colleagues for daring to argue and show that Darwinism is a too simplyfied a picture of evolution. As she puts it:

Natural selection eliminates and maybe maintains, but it doesn’t create.

Time for new biology textbooks!

Population density

A good analysis of population density. The lure of such statistics is so represent many numbers as one single number, but of course that introduces bias: what does the author of the single number think is representative? The mean is often taken, which is probably the most common measure of central tendency. However, it only works well for symmetric distributions, and prehaps only normal distributions. Complex data is nearly never normally distributed, and the choice of where to live could be argued is a complex decision: near work, near family, near a town or city center, or perhaps far away from it, near transport connections, and so on. On top of that, you can bin data in different ways, and looking at the distributions of the bins is not always the same as the distribution of the data (aliassing). What’s most interesting is this author’s population density over built up area. Spain apparently has very little built up area, so its people live in denser towns and cities. After this correction, Spain is (modulus a few city states) the densest country in Europe! Also nice, the fraction of non-buil-up square kilometers: the Netherlands has few, but more than I though (~20%).

A good example of how complex data can be sliced in many different ways, and that the mean is just about the least interesting. Let’s bury the mean!

New Multiplication

An article describes a new and more efficient method of (manual) multiplication. Here, efficiency is defined as fewer operations and simpler operations. Addition is considered easier than multiplication, e.g. multiplying two large numbers is usually done by adding their logarithms. I admit I did not read the scientific paper, but I did test out the Karatsuba method mentioned in the article. By chopping up larger numbers, calculating two products, two sums and two crossterms, and then adding/subtraction these components gives the answer. Fewer operations, even if you chop possible subterms (after chopping) once more and repeat the procedure.

However, since the idea is it make it easier to do the calcuation manually, I’m not sure I agree it’s simpler. THe simplest method is serial calculation of each digit with each other, is replaced with fewer mathimatical operations, but more bookkeeping operations. Something you absolutely need pen and paper for. And if you have to partition multiple times, you’re going to be plugging in numbers all over, which seems error prone to me. I guess if you frequently must multiple large number it pays off to train yourself in this method, but after a first try I think it replaces operations with bookkeeping.

Since computers are excellent at bookkeeping, I can see how a math library in compute-heavy operations might benefit from such methods.


Hij staat al heel lang op de lijst om over te posten: de Wetenschappelijke Raad voor het Regeringsbeleid waarschuwt voor een nieuwe economische crisis. Een klein aantal banken speelt een spilrol in de (Nederlandse) economie, en zijn toch niet zo ingericht om negatieve ontwikkelingen te dempen. Bovendien hebben we steeds meer schulden, als je hypotheken meerekent verslaan Nederlanders zelf Amerikanen als diepst in schulden gestoken. In ons marktdenken krijg je immers niets meer voor niets. Onder andere een soort burgermedezeggenschap in die banken wordt door het WRR rapport voorgesteld.

Netlify and Gitlab hosting

Because making websites (actually, hosting websites) is my favorite object of bike-shedding, I have once again used a new (combination of) services to host this personal website. I should really restyle (destyle?) it a little, and update it with my thesis by the way!

I used to host at Github, as a Github Pages project. Github however does not offer IPv6 access on custom domains, and that just won’t do! I moved the page therefore to a Google App Engine project, which is free, does have IPv6 through custom domains (of which you can have multiple, it’s really very flexbile which is nice). But, you need to work through their silly gcloud command, even for simple stuff such as static only pages. Also: 1GB/day bandwith… My millions of readers regularly have to wait till midnight to see if I posted something new 😉. So, I tried to see how Gitlab Pages was faring, after having failed to setup an automated build there a year or two ago. It turned out to be two GEMFILE(.lock)s in the root. BUT. Only after at least half a day, after seeing the builds were finally succeeding, did the pages become accesible on the web… That just won’t do.

What’s left in terms of cloud-scale free static hosting? Because I need to be cloud-scale. Obviously. Well, Netlify. I recall the founder perhaps being slightly obnoxiously pushing the service when it was just new, but it has evolved quite a bit, especially pricing (I’m not even sure I understand the things I get extra when I pay). Anyway, websites such as these are free, so maybe that’s better than Gitlab. Well it is! Provided I leave the Gemfiles, config was easy (although I couldn’t use Firefox and had to use Brave to setup a site from a Gitlab hosted repo). So you link your site to a repo, which it builds from on every push. Branches even become available at subdirectories, so you can host different stuff as you would with project pages on Github under your root. It has IPv6, even DNS if you wish (for the moment I’ll stick to Cloudflare) and, a very nice feature, a few dynamic things such as automatic form detections, which it intercepts and record (which you can then have mailed). In other words, my contact form is back! Nice! And I don’t even have to build locally anymore, just add/commit a new post and push to the linked repo.

Small update

Turns out, Netlify does NOT do IPv6, unless you use its DNS or ALIAS record. The former of which I tried, and works well enough, but then assigning multiple domains seems a bit buggy, and problematic with creating the proper SSL certs. The domain feature is in beta, so I’ve decided to switch back to Cloudflare, at the cost of no IPv6. But wait, it does! Cloudflare has CNAME flattening and provides AAAA records subsequently. Unfortunately Cloudflare don’t support ALIAS records, which are the ‘proper’ way of doing this, and is recommended and supported by Netlify, but this’ll do. For now.

Hourglass interfaces 2

A half year ago I discovered a presentation with code about hourglass interfaces. The principle of the hourglass interface is to add a C-layer between library and application, such that you don’t have to deal with C++ ABI differences between compilers, but can benefit from the fact that anything supports C foreign function interfaces, including C++ itself. A binary library can then swapped out and updated without needing to update the application, which is especially convenient if the library is your product that is used by third parties (who distribute their app plus your lib as a binary). Since anything can call into the C lib, you can now use different languages if you want to! I guess it’s no longer an hourglass interface, but a good old C binding, but they come down to the exact same thing.

Well, so far I was all talk, but now I have some meat to serve! My postdoc_tools repo has two interfaces to C components, one is supplied with it. One thing that became clear during writing these binding is fully understanding that the CFFI is a function interface. You can extern function, nothing else. No classes, no datatypes, nope. (Unless I missed something.) Basic types present in C89 are available, such as ints and floats, but not even bools. So for libgpumcd I wrote a bunch of structs, in the C wrapper and then in the Python binding, and these of course must match because otherwise the function will not recognize it.

I went from zero to writing GPUMCD simulations in Python within the week, so for me this week was good. I feel like I levelled up and think knowing how to do this will prove useful in the time to come. A Pascal wrapper is in the pipeline.

Difficult conversations

A brief guide to having difficult conversations by one Dave Bailey. He uses the Nonviolent Communication method, which sounds scarier than it is: don’t attack under any circumstance, which of course any communicator knows is never a good idea, unless you’re in a war. Articulating observations, needs and strategies separately are a good insight, and, something I’ve been slowsly practicing: brevity. I tend to use too many words, especially in these situations, and by focussing on that I see now that’s pretty common, and thus a common pitfall. Give it a read, it’s very much to the point.

Medische missers

Een boek geschreven door een slachtoffer van een medische misser is uitgekomen. Het UMC Utrecht is het plaats delict, ook bekend van de KNO afdeling een paar jaar terug. Naast de observaties van de schrijfster vond ik de opmerking van de KNO klokkenluider, die inmiddels in het Verenigd Koninkrijk werkt, interessant: die wijt het aan de hiërarchische aard van de organisatie. Dat vind ik interessant, omdat dat strookt met mijn eigen observaties, eerste persoons maar ook derde persoons. Misschien trekt de gezondheidszorg een bepaald volgzaam type, misschien zit het hem erin dat elke grote organisatie naar bureaucratie neigt, maar artsen en clinici lijken autoriteit en hiërarchie absoluut meer te respecteren dan wat ik gewend ben.

PGP vijf

If you search for email encryption on the f-droid ‘store’, you’ll find pEp, which stands for pretty easy privacy. As I documented here earlier, currently securing email isn’t easy. Even when you know what a public-private keypair is, you rely on a wide variety of software interfaces to present a consistent view on encrypted email, which of course is not consistent. In virtually all clients you need to go through a rather laboreous key creation procedure, where you must ensure that your pgp client and mail client are aware of eachother and so on. Then, you often need to find the other persons public key yourself (some clients don’t search automatically, only if you press a button, sometimes hidden in a settings page). Then, you must usually enable encryption manually for every email.

pEp aims to simplify that workflow. Using Autocrypt and a set of defaults, it wants to remove all of the manual labor described above. It is a client-side workflow, so a client can either support it or not. The basic workflow is as follows:

  1. In pEp clients, a keypair is generated automatically and enabled automatically. No work needed. On the Android app, you may wonder why you must wait a few minutes when you setup a new email account: it is precisely because it generated the keypair upon setup.
  2. Every outgoing email includes your public key. Each receiver therefore can, if they either use a pEp client or release you just send them your public key, use it to both send you encrypted mail and send your their public key. With both ends using pEp clients, this indeed worked flawlessly.
  3. Note that pEp, after it detected the receiver supports pEp too, will encrypt the subject line as well. It can also encrypt all message on the (IMAP server) for your eyes only (untrusted server).
  4. Note that keyservers aren’t used in the pEp workflow; it’s all peer to peer by design. I think this is both because it enables ephemeral keys which to my understanding is currently seen as prefered over the old style of keys for life or until expiry. This does not mean keyservers can’t be used to lookup keys: sending to a (previously uncontacted) user with a published key (on the usual keyservers) it detected this after a few seconds and offered to encrypt right away. This is a very nice backward compatibility. However, pEp clients seems to send their message in the pEp way in either case, which is that the email subject and body are empty, and the message (which includes the subject) and public key as sent as attachments. So, some clients may provide different UX for message in attachments as opposed to inline.

Clients include an iOS and Android app (based on K9mail), a Outlook plugin and the encryption add-on for Thunderbird, Enigmail, had a v2.0 release almost a year ago which renamed it Enigmail/pEp. So, that’s not bad. Here’s the good news: it worked! The bad news: if you use multiple devices/clients (and who doesn’t), things get messy fast. Any pEp client generates new keypairs upon setup, so you must move one keypair between devices. I forgot to mention that you can use your self-generated keypair that you were already using. However, at least in the Android app, there seems to be no way to remove the defaultly generated key, so prepare to accumulate many keys over time. This is of course by design (ephemeral keys), but mind that (especially in untrusted server mode), you’ll need to back them all up/transfer them everytime. Let’s go back to that topic: key transfer. If you’re using multiple devices and clients, you’ll need to have one keypair available everywhere, because otherwise other clients will get confused (they’ll encrypt with their last seen public key from you, and may give a warning if you change keys, after all, that may indicate you being compromised). So, Autocrypt provides a mechanism for key transfer, which I suppose is what pEp uses. In Enigmail, I could see one key transfer procedure, pEp on Android offered two (pEp and OpenPGP transfers seperate). Let me cut an hour story short: none of them worked. I saw many mails flying up and down and I followed instructions a best I could, and in various ways so as to ensure I tried various interpretations of the instructions. Here UI across clients really comes to a head: the intructions couldn’t always be followed exactly because different clients have different UIs. For instance, Kmail has a button to add you public key, but in Enigmail in pEp mode, the Thunderbird option does not work (the pEp part of Enigmail seems to have its own parallel key storage). By default, it should be sending its public key, but it hides all of that such that I can not (easily) verify what I’m sending. The other issue is the number of keys: the UI (Enigmail or Android) do not provide feedback on which key is being used for encryption, while that is of course important, and is underlined by the key transfer message send by the pEp client itself. I tried to use a non-pEp client, which does provide this feedback on which keys are used, but without success.

In the end, I transferred my private key by file, which worked immediately. Urfff… So then, while in theory crypto should work kinda like the Signal protocol, still seems to involve a manual step. This is unfortunately not a procedure I can yet recommend to my parents, which I’d hoped to. If everyone would be using 1 device or client, I’d given a 10/10, but of course nobody uses 1 device or client, and if you still have to move your private key by hand, you’re nearly back to the old-fashioned PGP workflow. A pEp client then offers the nice default of sending out your public key everywhere and retrieving others public keys automatically, which is in itself also a win, but not as much as I had hoped. The pEp project seems pretty new, and not that well known, or well funded, so perhaps that will change with time and these issues will be improved. There is a community, a (nearly) complete manual and source.

One more thing. Kmail is really finicky with multiple email adresses, where ‘identity’, imap and smtp servers aren’t automatically linked up, and neither are ‘sent items’, ‘trash’ or ‘concept’ folder. Even after setting them, this setting is often lost after a restart or so. Since Thunderbird and K9mail do this right, I’ve decided that, even though Kmails UI is otherwise pretty good, I’m going back to the bird. I also setup the autoconfig file, which works pretty nicely!

Small update: I disabled pEp in Enigmail. That means my private key and other peoples public keys are no longer found by default, I should run the setup wizard probably. However, I won’t. Even if pEp doesn’t solve key transfer yet, it does result in more PGP encrypted mails being sent. I did however discover that K9mail does not render attached message inline (i.e. you must open an app to read the msg.txt attachment). A strange default, because other clients such as Thunderbird and Kmail show (perhaps I should say render) the message inline, as oneee would expect. Therefore, I think I’ll simply stick to the pEp clients for now, which all in all do what they promise, apart from key transfer, which I can do myself. So far, it seems to be using my keypair and not the self-generated one consistently in both pEp Android or Enigmail.