Nat Torkington

Nat has chaired the O'Reilly Open Source Convention and other O'Reilly conferences for over a decade. He ran the first web server in New Zealand, co-wrote the best-selling Perl Cookbook, and was one of the founding Radar bloggers. He lives in New Zealand and consults in the Asia-Pacific region.

Four short links: 22 December 2014

Four short links: 22 December 2014

Manufacturers and Consumers, Time Management, Ethical Decisions, and Faux Faces

  1. Manufacturers and Consumers (Matt Webb) — manufacturers never spoke to consumers before. They spoke with distributors and retailers. But now products are connected to the Internet, manufacturers suddenly have a relationship with the consumer. And they literally don’t know what to do.
  2. Calendar Hacks (Etsy) — inspiration for your New Year’s resolution to waste less time.
  3. Making an Ethical Decision — there actually is an [web] app for that.
  4. Masks That Look Human to Computers — an artist creates masks that look like faces to face-recognition algorithms, but not necessarily to us. cf Deep Neural Networks are Easily Fooled.
Comment: 1
Four short links: 19 December 2014

Four short links: 19 December 2014

Statistical Causality, Clustering Bitcoin, Hardware Security, and A Language for Scripts

  1. Distinguishing Cause and Effect using Observational Data — research paper evaluating effectiveness of the “additive noise” test, a nifty statistical trick to identify causal relationships from observational data. (via Slashdot)
  2. Clustering Bitcoin Accounts Using Heuristics (O’Reilly Radar) — In theory, a user can go by many different pseudonyms. If that user is careful and keeps the activity of those different pseudonyms separate, completely distinct from one another, then they can really maintain a level of, maybe not anonymity, but again, cryptographically it’s called pseudo-anonymity. […] It turns out in reality, though, the way most users and services are using bitcoin, was really not following any of the guidelines that you would need to follow in order to achieve this notion of pseudo-anonymity. So, basically, what we were able to do is develop certain heuristics for clustering together different public keys, or different pseudonyms.
  3. A Primer on Hardware Security: Models, Methods, and Metrics (PDF) — Camouflaging: This is a layout-level technique to hamper image-processing-based extraction of gate-level netlist. In one embodiment of camouflaging, the layouts of standard cells are designed to look alike, resulting in incorrect extraction of the netlist. The layout of nand cell and the layout of nor cell look different and hence their functionality can be extracted. However, the layout of a camouflaged nand cell and the layout of camouflaged nor cell can be made to look identical and hence an attacker cannot unambiguously extract their functionality.
  4. Prompter: A Domain-Specific Language for Versu (PDF) — literally a scripting language (you write theatrical-style scripts, characters, dialogues, and events) for an inference engine that lets you talk to characters and have a different story play out each time.
Comment
Four short links: 18 December 2014

Four short links: 18 December 2014

Manufacturer Rootkits, Dangerous Dongle, Physical Visualisation, and Cryptoed Comms

  1. Popular Chinese Android Smartphone Backdoored By ManufacturerCoolpad is the third largest smartphone builder in China, and ranks sixth worldwide with 3.7 percent global market share. It trails only Lenovo and Xiaomi in China and is the leader of China’s 4G market with 16 percent market share. Coolpad outsells Samsung and Apple in China, and has said it plans to expand globally with a goal of 60 million phones worldwide. For now, its high-end Halo Dazen phones are the only ones containing the backdoor, Palo Alto said. Backdoor enabled installation of other apps, dial numbers, send messages, and report back to the mothership. The manufacturer even ran the command-and-control nodes for the malware.
  2. USB Driveby — dongle that plugs into USB, and tries to root the box. Specifically, when you normally plug in a mouse or keyboard into a machine, no authorization is required to begin using them. The devices can simply begin typing and clicking. We exploit this fact by sending arbitrary keystrokes meant to launch specific applications (via Spotlight/Alfred/Quicksilver), permanently evade a local firewall (Little Snitch), install a reverse shell in crontab, and even modify DNS settings without any additional permissions.
  3. Physical Data Visualisationsa chronological list of physical visualizations and related artifacts. (via Flowing Data)
  4. Dissentan anonymous communication substrate intended primarily for applications built on a broadcast communication model: for example, bulletin boards, wikis, auctions, or voting. Users of an online group obtain cryptographic guarantees of sender and receiver anonymity, message integrity, disruption resistance, proportionality, and location hiding. And a pony.
Comment
Four short links: 17 December 2014

Four short links: 17 December 2014

Security Stick, Spyware Toy, Bezos Time, and Popular JavaScript

  1. USB Armory — another Linux-on-a-stick, but this one has some nifty dimensions and security applications in mind.
  2. Who’s the Boss?The Elf on the Shelf essentially teaches the child to accept an external form of non-familial surveillance in the home when the elf becomes the source of power and judgment, based on a set of rules attributable to Santa Claus. Excellent deconstruction of ludic malware. (via Washington Post)
  3. Bezos on Time (Business Insider) — Where you are going to spend your time and your energy is one of the most important decisions you get to make in life. We all have a limited amount of time, and where you spend it and how you spend it is just an incredibly levered way to think about the world. This (he says at 9 p.m. in the office, in a different city from his family!).
  4. libscore — popularity of JavaScript scripts and libraries in the top million sites. But remember, just because all the cool kids do it doesn’t make right for you. (via Medium)
Comment
Four short links: 16 December 2014

Four short links: 16 December 2014

Memory Management, Stream Processing, Robot's Google, and Emotive Words

  1. Effectively Managing Memory at Gmail Scale — how they gathered data, how Javascript memory management works, and what they did to nail down leaks.
  2. tigonan open-source, real-time, low-latency, high-throughput stream processing framework.
  3. Robo Brain — machine knowledge of the real world for robots. (via MIT Technology Review)
  4. The Structure and Interpretation of the Computer Science Curriculum — convincing argument for teaching intro to programming with Scheme, but not using the classic text SICP.

Update: the original fourth link to Depeche Mood led only to a README on GitHub; we’ve replaced it with a new link.

Comments: 5
Four short links: 15 December 2014

Four short links: 15 December 2014

Transferable Learning, At-Scale Telemetry, Ugly DRM, and Fast Packet Processing

  1. How Transferable Are Features in Deep Neural Networks? — (answer: “very”). A final surprising result is that initializing a network with transferred features from almost any number of layers can produce a boost to generalization that lingers even after fine-tuning to the target dataset. (via Pete Warden)
  2. Introducing Atlas: Netflix’s Primary Telemetry Platform — nice solution to the problems that many have, at a scale that few have.
  3. The Many Facades of DRM (PDF) — Modular software systems are designed to be broken into independent pieces. Each piece has a clear boundary and well-defined interface for ‘hooking’ into other pieces. Progress in most technologies accelerates once systems have achieved this state. But clear boundaries and well-defined interfaces also make a technology easier to attack, break, and reverse-engineer. Well-designed DRMs have very fuzzy boundaries and are designed to have very non-standard interfaces. The examples of the uglified DRM code are inspiring.
  4. DPDKa set of libraries and drivers for fast packet processing […] to: receive and send packets within the minimum number of CPU cycles (usually less than 80 cycles); develop fast packet capture algorithms (tcpdump-like); run third-party fast path stacks.
Comment
Four short links: 12 December 2014

Four short links: 12 December 2014

Tech Ethics, Yahoo's KVS, Biology Inside, and Smart Luggage

  1. Do Artifacts Have Ethics? — 41 questions to ask yourself about the technology you create.
  2. MDBM — Yahoo’s fast key-value store, in use for over a decade. Super-fast, using mmap and passing around (gasp) raw pointers.
  3. The Revolution in Biology is Here, Now (Mike Loukides) — I’ve been asked plenty of times (and I’ve asked plenty of times), “what’s the killer product for synthetic biology?” BioFabricate convinced me that that’s the wrong question. We may never have some kind of biological iPod. That isn’t the right way to think. What I saw, instead, was real products that you might never notice. Bricks made from sand that are held together by microbes designed to excrete the binder. Bricks and packing material made from fungus (mycelium). Plastic excreted by bacteria that consume waste methane from sewage plants. You wouldn’t know, or care, whether your plastic Lego blocks are made from petroleum or from bacteria, but there’s a huge ecological difference.
  4. Bluesmart — Indiegogo campaign for a “connected carry-on,” aka a smart suitcase. From the mobile app you can track it, learn when it’s close (or too far away), (un)lock, weigh…and you can plug your devices in and recharge from the built-in battery. Sweet!
Comment
Four short links: 11 December 2014

Four short links: 11 December 2014

Crowdsourcing Framework, Data Team Culture, Everybody Scrolls, and Honeypot Data

  1. Hive — open source crowdsourcing framework from NYT Labs.
  2. Prezi Data Team Culture — good docs on logging, metrics, etc. The vision is a great place to start.
  3. Scroll Behaviour Across the Web (Chartbeat) — nobody reads above the fold, they immediately scroll.
  4. threat_research (github) — shared raw data and stats from honeypots.
Comment
Four short links: 10 December 2014

Four short links: 10 December 2014

Clearing Tor, Offline Cookbook, Burning Great Things, and Batch Pipelines

  1. Clearing the Air Around Tor (Quinn Norton) — Occasionally the stars align between spooks and activists and governments and anarchists. Tor, like a road system or a telephone network or many pieces of public infrastructure, is useful to all of these people and more (hence the debate on child pornographers and drug markets) because it’s just such a general architecture of encryption. The FBI may want Tor to be broken, but I promise any spies who are counting on it for mission and life don’t.
  2. Offline Cookbook — how Chrome intends to solve the offline problem in general. I hope it works and takes off because offline is the bane of this webapp-user’s life.
  3. The Pirate Bay, Down Forever?As a big fan of the KLF I once learned that it’s great to burn great things up. At least then you can quit while you’re on top.
  4. Luigi (Github) — a Python module that helps you build complex pipelines of batch jobs. It handles dependency resolution, workflow management, visualization, etc. It also comes with Hadoop support built in. (via Asana engineering blog)

Comment
Four short links: 9 December 2014

Four short links: 9 December 2014

Tab Tool, Ad Manifesto, Cultural Heritage, and Software Sustainability

  1. tab — command-line tool for doing heavy lifting with tab-separated files.
  2. Acceptable Ads — manifesto from the makers of AdBlock Plus. (via Monday Note)
  3. Cultural Heritage of Humanity (Matt Webb) — Matt points to UNESCO’s Representative List of the Intangible Cultural Heritage of Humanity and comments: When the aliens land and set up shop and they’re like, “Guys, so what have you got?” And we’re all… “Uh, lasers? We’ll trade you lasers for a starship drive.” And the aliens will be: “Nope, what else?” Then we’ll say: “Tsiattista poetic duelling. Turkish coffee. Jazz.” Bingo. Kudos to UNESCO for prepping our inventory ahead of time.
  4. Apache (and Other Foundations) Considered Useful (Chris Aniszczyk) — have over a decade of experience being built for the sole purpose of allowing independent open source communities to flourish with fair governance models […] This is important because the incentives between individuals small companies, large companies, heavily funded companies and even academics are different and need to be accounted for in a fair open source governance structure. Sustainability of software commons is an unsolved problem, but foundations make it tractable.
Comments: 5