Nat has chaired the O'Reilly Open Source Convention and other O'Reilly conferences for over a decade. He ran the first web server in New Zealand, co-wrote the best-selling Perl Cookbook, and was one of the founding Radar bloggers. He lives in New Zealand and consults in the Asia-Pacific region.
Maltrail — a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists[…]. Also, it has (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware). (via Nick Galbreath)
C History — Dennis Ritchie’s 1993 notes on the history of the C programming language explains the origins of a.out and arrays as pointers, and has a reminder of how tight those systems were: Of the 24K bytes of memory on the machine, the earliest PDP-11 Unix system used 12K bytes for the operating system, a tiny space for user programs, and the remainder as a RAM disk.
Zero Latency — immersive gaming with Oculus headsets. Detailed and positive.
Visual Genome — a data set, a knowledge base, an ongoing effort to connect structured image concepts to language.
Google’s Software Defined Networking — [What was the biggest risk you faced rolling out the network? …] we were breaking the fate-sharing principle—which is to say we were putting ourselves in a situation where either the controller could fail without the switch failing, or the switch could fail without the controller failing. That generally leads to big problems in distributed computing, as many people learned the hard way once remote procedure calls became a dominant paradigm.
Philips Backtrack on Lightbulb DRM — In view of the sentiment expressed by our customers, we have decided to reverse the software upgrade so that lights from other brands continue to work as they did before with the Philips Hue system.
Pwning Tomorrow — EFF Publishes SF Anthology. You can expect liberties and freedoms to feature.
Face Director — Disney software to match faces between takes. We demonstrate that our method can synthesize visually believable performances with applications in emotion transition, performance correction, and timing control.
Move Fast and Fix Things — blow by blow of an engineering rewrite of some key functionality at GitHub, interesting from a “oh so that’s how they do it” point of view (if blow-by-blow engineering rewrites qualify as “interesting” to you).
Old Book Illustrations — public domain book illustrations, tagged and searchable. Yes, like Font Awesome of engraving.
Crypto is Hard says Hello Barbie — We discovered several issues with the Hello Barbie app including: it utilizes an authentication credential that can be re-used by attackers; it connects a mobile device to any unsecured Wi-Fi network if it has “Barbie” in the name; it shipped with unused code that serves no function but increases the overall attack surface. On the server side, we also discovered: client certificate authentication credentials can be used outside of the app by attackers to probe any of the Hello Barbie cloud servers; the ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack. (via Ars Technica)
Kinto — Mozilla’s open source lightweight JSON storage service with synchronisation and sharing abilities. It is meant to be easy to use and easy to self-host.
gaffer — GCHQ-released open source graph database. …a framework that makes it easy to store large-scale graphs in which the nodes and edges have statistics such as counts, histograms, and sketches. These statistics summarise the properties of the nodes and edges over time windows, and they can be dynamically updated over time. Gaffer is a graph database, rather than a graph processing system. It is optimised for retrieving data on nodes of interest. IHNJH,IJLTS “nodes of interest.”
Access Denied (The Awl) — media had power because they had an audience, but social media gives celebrities, sports people, and politicians a bigger audience than media outlets. So, the media outlets aren’t needed, and consequently, they’re losing “access.” A reporter that depends on access to a compelling subject is by definition a reporter compromised. A publication that depends on cooperation from the world that it specializes in is likewise giving up something in terms of its ability to tell the truth about it. And nearly the entire media as it exists today is built around these negotiations.
Stockfighter — a series of free, fun programming challenges […] suitable for programmers at all experience levels.
Real-world Probabilistic Algorithms (Tyler McMullen) — This article addresses two types of probabilistic algorithms: those that explicitly introduce randomness through a rand() call, and those that convert input data into a uniform distribution to achieve a similar effect.
Class of 2016 — those whose works will, on 1st January 2016, be entering the public domain in many countries around the world. Le Corbusier, T.S. Eliot, Malcolm X, Bela Bartok, Winston Churchill, and W. Somerset Maugham among others. (Which person in which country depends on copyright term. Not for you, America. Nor us after TPP)
Distributed Reactive Programming (A Paper a Day) — this week’s focus on reactive programming has been eye-opening for me. I find the implementation details less interesting than the simple notion that we can define different consistency models for reactive programs and reason about them.
Attacking HTTP/2 Implementations — Our talk focused on threats, attack vectors, and vulnerabilities found during the course of our research. Two Firefox, two Apache Traffic Server (ATS), and four Node-http2 vulnerabilities will be discussed alongside the release of the first public HTTP/2 fuzzer. We showed how these bugs were found, their root cause, why they occur, and how to trigger them.
The Autonomous Winter is Coming — The future of any given manufacturer will be determined by how successfully they manage their brands in a market split between Mobility customers and Driving customers.
Toxic Workers (PDF) — In comparing the two costs, even if a firm could replace an average worker with one who performs in the top 1%, it would still be better off by replacing a toxic worker with an average worker by more than two-to-one. Harvard Business School research. (via Fortune)
Replacing Sawzall (Google) — At Google, most Sawzall analysis has been replaced by Go […] we’ve developed a set of Go libraries that we call Lingo (for Logs in Go). Lingo includes a table aggregation library that brings the powerful features of Sawzall aggregation tables to Go, using reflection to support user-defined types for table keys and values. It also provides default behavior for setting up and running a MapReduce that reads data from the logs proxy. The result is that Lingo analysis code is often as concise and simple as (and sometimes simpler than) the Sawzall equivalent.