- Michael Ossman and the NSA Playset — the guy who read the leaked descriptions of the NSA’s toolchest, built them, and open sourced the designs. One device, dubbed TWILIGHTVEGETABLE, is a knock off of an NSA-built GSM cell phone that’s designed to sniff and monitor Internet traffic. The ANT catalog lists it for $15,000; the NSA Playset researchers built one using a USB flash drive, a cheap SDR, and an antenna, for about $50. The most expensive device, a drone that spies on WiFi traffic called PORCUPINEMASQUERADE, costs about $600 to assemble. At Defcon, a complete NSA Playset toolkit was auctioned by the EFF for $2,250.
- Gates Foundation Announces World’s Strongest Policy on Open Access Research (Nature) — Once made open, papers must be published under a license that legally allows unrestricted re-use — including for commercial purposes. This might include ‘mining’ the text with computer software to draw conclusions and mix it with other work, distributing translations of the text, or selling republished versions. CC-BY! We believe that published research resulting from our funding should be promptly and broadly disseminated.
- Xenotix — an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 4700+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. Xenotix Scripting Engine allows you to create custom test cases and addons over the Xenotix API. It is incorporated with a feature-rich Information Gathering module for target Reconnaissance. The Exploit Framework includes offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.
- Firing Range — Google’s open source set of web security test cases for scanners.
There's a disconnect between Uber the company, the people driving the cars, and the people buying the services. That situation is ripe for abuse — and abuse is what we're seeing. Uber has built a great service. Why do they feel the need to use dirty tricks to succeed? Read more...
Google has asked the U.S. Supreme Court to review the CAFC’s ruling that Oracle's Java APIs are copyrightable.
Editor’s note: this is a forthcoming article for the March 2015 issue of Communications of the ACM (CACM); it is published here with permission.
For more than 20 years, the prevailing view has been that application program interfaces (APIs) are unprotectable elements of copyrighted computer programs. Under this view, programmers are free to reimplement other firms’ APIs in independently written code. Competition and innovation in the software industry has thrived amazingly well in part because of rulings upholding this understanding.
Challenging this view is the Court of Appeals of the Federal Circuit (CAFC) May 2014 decision in Oracle v. Google. The CAFC held that the “structure, sequence, and organization” (SSO) of Oracle’s Java APIs that Google reimplemented in its Android software are protectable expression under copyright law. It reversed a lower court ruling that the Java APIs were not copyrightable.
Google has asked the U.S. Supreme Court to review the CAFC’s ruling. Several amicus curiae (friend of the court) briefs have been filed in support of this effort. Hewlett-Packard, Red Hat, and Yahoo! (PDF) are among these amici (as am I and 77 computer scientists).
The Supreme Court may take the case because the CAFC’s decision is in conflict with other appellate court rulings that exclude APIs from copyright protection.
This article will explain the Oracle and Google theories about the copyrightability of Java APIs and the precedents on which each relies. The stakes in this case could not be higher. Read more…
Martin Charlier on design teams, responsibility, and service.
Industrial designers and interaction designers are joining forces to create the best services for Internet of Things (IoT). I sat down with Martin Charlier, a design strategist with a unique distinction of having both interaction and industrial design experience to talk about how the IoT is changing the design landscape, including team dynamics, responsible design, and value-driven design. Charlier is the co-author of the forthcoming Designing Connected Products and a contributor to Designing for Emerging Technologies. For a free download of sample chapters from Designing Connected Products click here.
Charlier discusses the key ingredients for teams working on a product together and how to achieve a unified vision:
“I think every field needs to know a little bit about others, just a basic understanding of the other side. In some of the most interesting projects I’ve seen, the team was made up of somebody with an industrial design background, somebody doing more technology and somebody doing more interaction and user experience.
“The key, though, to some of the projects I’ve seen was that they started to work together as one team before splitting up into their respective domain areas so that there was a joined vision. I think that’s the most important thing: to come up with a joined vision. I think that’s where interaction design and industrial design, for example, need to think of either sides of the coin.”
Tom Greever talks about the evolution of experience design and the challenges — and opportunities — facing designers today.
It’s no secret that design is playing a more prominent role within many organizations. Designers are becoming fundamentally linked to the development and success of products and services versus their more historical role polishing the appearance of those products and services. I recently sat down with Tom Greever, UX Director at Bitovi, to talk about the evolution of UX design, challenges that design professionals face today, and some of the keys to the success of the modern UX designer. Greever describes the evolution:
“Traditionally, the only problem we were trying to solve was to make something look better. It was a problem of just aesthetics, but now our designs have to solve for things like ease of use, or conversion, or user engagement. We’re solving business problems. We’re helping businesses achieve their goals through design, and if we can’t do that, then our designs aren’t any good. We’re not creating the right experience. They’re not providing value.”
From the Internet of Things to data-driven fashion, here are key insights from Strata + Hadoop World in Barcelona 2014.
Experts from across the big data world came together for Strata + Hadoop World in Barcelona 2014. We’ve gathered insights from the event below.
#IoTH: The Internet of Things and Humans
“If we could start over with these capabilities we have now, how would we do it differently?” Tim O’Reilly continues to explore data and the Internet of Things through the lens of human empowerment and the ability to “use technology to give people superpowers.”
Rajiv Maheswaran talks about the tools and techniques required to analyze new kinds of sports data.
Many data scientists are comfortable working with structured operational data and unstructured text. Newer techniques like deep learning have opened up data types like images, video, and audio.
Other common data sources are garnering attention. With the rise of mobile phones equipped with GPS, I’m meeting many more data scientists at start-ups and large companies who specialize in spatio-temporal pattern recognition. Analyzing “moving dots” requires specialized tools and techniques. A few months ago, I sat down with Rajiv Maheswaran founder and CEO of Second Spectrum, a company that applies analytics to sports tracking data. Maheswaran talked about this new kind of data and the challenge of finding patterns:
“It’s interesting because it’s a new type of data problem. Everybody knows that big data machine learning has done a lot of stuff in structured data, in photos, in translation for language, but moving dots is a very new kind of data where you haven’t figured out the right feature set to be able to find patterns from. There’s no language of moving dots, at least not that computers understand. People understand it very well, but there’s no computational language of moving dots that are interacting. We wanted to build that up, mostly because data about moving dots is very, very new. It’s only in the last five years, between phones and GPS and new tracking technologies, that moving data has actually emerged.”