Four short links: 6 November 2009

Barcode Scanning, Downloadable Community Book, Gov Hack Day, Android Kludges

1. Red Laser -- "impossibly accurate barcode scanning". Uses Google Product Search to identify products that you scan using the camera on the phone. I remember Rael and I talking to Jeff Bezos about this years ago, before camphones had the resolution to decode barcodes. The future is here and it's $1.99 on the App Store ... (via Ed Corkery on Twitter)
2. The Art of Community For Free Download -- Jono Bacon's O'Reilly book on community management now available for free download (still available for purchase!).
3. Gov Hack -- Australian government ran a hack day with their open data, this is their writeup.
4. Android Mythbusters -- slides for talk by Matt Porter at Embedded Linux Conference Europe. A (long) catalogue of the kludges in Android.

Four short links: 5 November 2009

Heat Maps in R, EC2 Blackhat Tricks, Snickersome Unicode, and Decoding Statistics

1. Heat Maps in R -- We used financial data here because it's easier to access than the airline data, but it's actually a pretty interesting way of looking at a financial time series. Weekend and holiday effects are a bit more obvious, and it's a bit like being able to see the daily, weekly, monthly and yearly closes all at once (by scanning your eye over the calendar in different directions). Includes source code. (via migurski on Delicious)
2. BlackHat and EC2 -- Theft of resources is the red-headed step-child of attack classes and doesn't get much attention, but on cloud platforms where resources are shared amongst many users these attacks can have a very real impact. With this in mind, we wanted to show how EC2 was vulnerable to a number of resource theft attacks and the videos below demonstrate three separate attacks against EC2 that permit an attacker to boot up massive numbers of machines, steal computing time/bandwidth from other users and steal paid-for AMIs. (via straup on Delicious)
3. Funny Characters in Unicode -- I never get tired of the wacky stuff in Unicode. I love the thought of a Unicode committee somewhere arguing passionately about the number of buttons on the snowman .... (via Hacker News)
4. Statistics to English Translation -- The terms sensitivity and specificity generally refer to diagnostic or screening procedures, such as an HIV or allergy tests. The sensitivity of a test is its true positive rate; the specificity is its true negative rate, although it can be more intuitive to think of specificity as the complement of the false positive rate. This matters. Bandying around numbers with misleading labels, or misinterpreting numbers that have a precise and defined meaning, does not further understanding. (Said 78.4% of statisticians, with a 20% confidence factor probability of false positives)

Four short links: 4 November 2009

Electronics Hacking FAQs, Speech-To-Text Democracy, Open Source Column Database, Massive Online Analysis

1. ChipHacker -- collaborative FAQ site for electronics hacking. Based on the same StackExchange software as RedMonk's FOSS FAQ for open source software.
2. Democracy Live -- BBC launch searchable coverage of parliamentary discussion, using speech-to-text. One aspect we're particularly proud of is that we've managed to deliver good results for speech-to-text in Welsh, which, we're told, is unique. I think of this as the start of a They Work For You for video coverage. I'd love to be able to scale this to local government coverage, which is disappearing as local newspapers turn into delivery mechanisms for real estate advertisements.
3. InfiniDB: Open Source Column Database -- hooks into MySQL, uses MySQL for SQL parsing, security, etc. The commercial enterprise version has multi-server support (parallel scale-out). (via Brian Aker)
4. Massive Online Analysis -- MOA is a framework for data stream mining. Includes tools for evaluation and a collection of machine learning algorithms. Related to the WEKA project, also written in Java, while scaling to more demanding problems. . (via joshua on Delicious)

Four short links: 3 November 2009

Electoral Cryptography, Dataless Airport Security, Visualising Transport Data, Mathematically Insecure Social Asymmetry

1. First Test for Election Cryptography (MIT Technology Review) -- The first government election to use a new cryptographic scheme that lets both voters and auditors check that votes were cast and recorded accurately will be held tomorrow in Takoma Park, MD. Founder of the company behind the technology is David Chaum, who ran the first electronic currency company in the 90s. That was ahead of its time (Internet faced a credibility problem, not a convenience problem), but his timing for this seems spot-on. (via timoreilly on Twitter)
2. Do I Have The Right To Refuse This Search? -- a former police officer questions the efficacy of TSA screenings and is doubly worried by by the lack of data collected. For years in policing, we relied on random patrols to curb crime. We relied upon this “strategy” until someone went out and captured some data, and did a study that demonstrated conclusively that random patrols do not work (Kansas City Study). As police have employed other types of “random” interventions, as in DWI checkpoints, they have had to develop policies, procedures and training to ensure that the “random” nature of these intrusions is truly random. Whether every car gets checked, or every tenth car, police must demonstrate that they have attempted to eliminate the effects of active and passive discrimination when using “random” strategies. No such accountability currently exists at TSA. Trend I see lately is a return to quantitative decision making, reality-based data-directed system interventions. (via BoingBoing)
3. Visualising Transport Data -- It can be hard to make meaningful information from huge amounts of data, a graph and a table doesn't always communicate all it should do. We have been working hard on technology to visualise big datasets into compelling stories that humans can understand. We were really pleased with what we came up with in just one and a half days. Like many places, the UK data.gov ran a dev camp to jumpstart people using their data. These appear to be successful, but I'm not aware of studies into the longterm effects nor the "value" of different types of developers.
4. Why Your Friends Have More Friends Than You Do -- there's a numerical optical illusion at work here: count your friends, then ask them to count their friends. If you average the friend counts of your peers, it'll probably be higher than your friend count. The reason for this is also why (on average!) your sexual partners seem to have had more sexual partners than you, and why previous generations seem more fecund than current generations. It's because connectors (with large numbers of friends) distort the average, so unless you're the connector (and if you're reading this, you might well be!) the average will be bigger than a normal person's friend count. Left unmentioned is what kind of person would count the number of friends they have, then ask their friends for their counts .... (via Hacker News)

Four short links: 2 November 2009

Inside Botnets, Creating Choropleths, Privacy Simplified, Massively Machiavellian Online Social Gaming

1. Your Botnet is My Botnet (PDF) -- 2008 USENIX Security paper analysing >70G of data gathered when security researchers hijacked the Torpig botnet. A major limitation of analyzing a botnet from the inside is the limited view. Most current botnets use stripped-down IRC or HTTP servers as their command and control channels, and it is not possible to make reliable statements about other bots. In particular, it is difficult to determine the size of the botnet or the amount and nature of the sensitive data that is stolen. One way to overcome this limitation is to “hijack” the entire botnet, typically by seizing control of the C&C channel. [...] As a result, whenever a bot resolves a domain (or URL) to connect to its C&C server, the connection is redirected or sinkholed. This provides the defender with a complete view of all IPs that attempt to connect to the C&C server as well as interesting information that the bots might send..
2. cartographer.js -- build thematic maps using Google Maps. To be precise, you can build a choropleth, which is my word of the day. (via Simon Willison)
3. Making Privacy Policies Not Suck (Aza Raskin) -- interested in developing a standard set of privacy policy components the way that Creative Commons has created a standard set of copyright license components.
4. Scamville: The Social Gaming Ecosystem of Hell (TechCrunch) -- many of those games on Facebook that your friends play are evil. To get in-game money or objects, they'll let you take a survey but at the end you're signed up for crap you never wanted. Related: this article on monetizing social networks which talks about social gaming's business model.

Four short links: 30 October 2009

Three Minute Theses, Google Wave RPGs, Public Metadata, and The Finitely-Zoomable Natural World

1. The3is In Three -- PhD students must explain their thesis topic in three minutes and one Powerpoint slide. Winner had written on the last words of Shakespearean characters as they met unlikely ends. No video alas, but what a great idea for an Ignite! (via sciblogs)
2. Google Wave: We Came, We Saw, We Played D&D (ArsTechnica) -- gamers using Wave to play RPGs. This can't be the killer app, however, because it is not pornographic. (via BoingBoing)
3. Metadata is Public Record (ArsTechnica) -- Arizone State Supreme Court rules that metadata on the public record is itself in the public record. The test case was a cop who suspected his performance reports had been created when he asked for them and then backdated. His employer had argued the inode info wasn't part of the public record, even though his report was. Sanity prevailed. (via glynmoody on Twitter)
4. Cell Size and Scale -- sweet zoomable interface to show the different relationships in size between everything from Times Regular 12pt to a Carbon atom (via salt, E. coli, hemoglobin, etc.). (via Tom Carden on Delicious)

Four short links: 29 October 2009

Learning Programming, Functional Javascript, Controlling Firefox, Kicking Ass (with SSDs)

1. Julie Learns to Program -- blog from our own Julie Steele as she learns her first programming language. The point is: it’s in me. I wasn’t sure that is was, and now I know—it is. And what, exactly, is “it”? It is the bug. It is the combination of native curiosity and stubbornness that made me play around with the code and take some wild guesses instead of running straight to Google (or choosing to stay within the bounds of the exercise). That might sound like a small thing, but I know it is not. I was determined to make the program do what I wanted it to do, I came up with a few guesses as to how to do that, and I kept trying different things until I succeeded (and then I felt thrilled). As much as I have to learn, I know now that I really am hooked. And that I’ll get there.
2. underscore.js -- new Javascript library of functional programming primitives (map, each, inject, etc.). (via Simon Willison)
3. WWW::Mechanize::Firefox -- Perl module to control Firefox, using the same interface as the WWW::Mechanize web robot module. (via straup on Delicious)
4. Anatomy of SSDs -- teeth-rattlingly technical Linux Magazine article explaining the different types of SSDs (Solid State Disks--imagine a hard drive made of rapid-access Flash memory). Artur Bergman told me that installing an SSD drive in his MacBook Pro gave the greatest performance increase of any computer upgrade he'd performed since he went from no computer to one.

Four short links: 28 October 2009

Great Mail Feature, Speed Talks, Virtualisation History, Science Literacy

1. GMail Labs: Got The Wrong Bob? -- When's the last time you got an email from a stranger asking, "Are you sure you meant to send this to me?" and promptly realized that you didn't? Looks at the clusters of CCs you send and, if you normally send to Bob X but are trying to send it to Bob Y, asks you "did you mean Bob X?". This might be the best thing to happen to email since webmail and full-text search--it's ridiculous how little innovation is happening in email given how widely and heavily it is used.
2. Speedgeeks LA at Shopzilla -- eight talks about making websites faster. Latency Improvements for PicasaWeb - Gavin Doughtie (Google) - Great tips from a web guru about what makes PicasaWeb fast. Watch for when the slides to more talks become available.
3. 10 Years of Virtual Machine Performance Semi-Demystified -- fascinating history of virtualisation from someone who worked for VMware. Since 2005, VMware and Xen have gradually reduced the performance overheads of virtualization, aided by the Moore’s law doubling in transistor count, which inexorably shrinks overheads over time. AMD’s Rapid Virtualization Indexing (RVI - 2007) and Intel’s Extended Page Tables (EPT - 2009) substantially improved performance for a class of recalcitrant workloads by offloading the mapping of machine-level pages to Guest OS “physical” memory pages, from software to silicon. In the case of operations that stress the MMU—like an Apache compile with lots of short lived processes and intensive memory access—performance doubled with RVI/EPT. (Xen showed similar challenges prior to RVI/EPT on compilation benchmarks.)
4. Pew Research Science Quiz -- To test your knowledge of scientific concepts and recent scientific findings and events, we invite you to take this 12-question science knowledge quiz. Then see how you did in comparison with the 1,005 randomly sampled adults asked the same questions.

Four short links: 27 October 2009

Digital Art Programming, DIY Construction Set, Open Source Pedant, Design Principles

1. Field -- a development environment for "experimental code" and digital art. We think that, for many uses, Field is a better Processing than Processing. Includes Python and Java bridges, goal is to connect to as many different programming systems as possible. OS X only at the moment.
2. Contraptor -- a DIY open source construction set for experimental personal fabrication, desktop manufacturing, prototyping and bootstrapping. (via Hacker News)
3. After The Deadline -- open source contextual spelling and grammar checker. (via Hacker News)
4. Design Principles to Choose the Right Ideas -- Often people ask me how we know which ideas to choose from all the hundreds of ideas we’ve generated during brainstorm sessions. Apart from our gut feelings and experience there’s a method that could help us decide: define design principles. Interesting for the different sets of design principles used by Google and Microsoft teams. (via egoodman on Delicious)

Four short links: 26 October 2009

Data Exploration, Evidence-Based Coding, API to the English Language, Dual Licensing

1. Toiling in the Data Mines -- Tom Armitage describes the process that Berg calls "material exploration". Programmers very rarely talk about what their work feels like to do, and that's a shame. Material explorations are something I've really only done since I've joined BERG, and both times have felt very similar - in that they were very, very different to writing production code for an understood product. They demand code to be used as a sculpting tool, rather than as an engineering material, and I wanted to explain the knock-on effects of that: not just in terms of what I do, and the kind of code that's appropriate for that, but also in terms of how I feel as I work on these explorations. Even if the section on the code itself feels foreign, I hope that the explanation of what it feels like is understandable.
2. Bits of Evidence -- Slides for a talk, "What we actually know about software development and why we believe it is true". (via Simon Willison)
3. Wordnik API -- definitions, frequencies, examples APIs. See the announcement from the Web 2.0 Summit.
4. The Peculiar Institution of Dual Licensing -- Brian Aker eloquently describes why he feels that dual licensing is anti-open source. Brian obviously has considerable experience informing this opinion--his years as Director of Technology for MySQL.

Recent Posts

• Four short links: 23 October 2009 on October 23, 2009
• Four short links: 22 October 2009 on October 22, 2009
• Four short links: 21 October 2009 on October 21, 2009
• Four short links: 20 October 2009 on October 20, 2009
• Four short links: 19 October 2009 on October 19, 2009
• Four short links: 16 October 2009 on October 16, 2009
• Four short links: 15 October 2009 on October 15, 2009
• Four short links: 14 October 2009 on October 14, 2009
• Four short links: 13 October 2009 on October 13, 2009
• Four short links: 12 October 2009 on October 12, 2009