Nat Torkington

Nat has chaired the O'Reilly Open Source Convention and other O'Reilly conferences for over a decade. He ran the first web server in New Zealand, co-wrote the best-selling Perl Cookbook, and was one of the founding Radar bloggers. He lives in New Zealand and consults in the Asia-Pacific region.

Four short links: 18 December 2015

Four short links: 18 December 2015

Malicious Traffic, Visual Analysis, C History, and Immersive Gaming

  1. Maltraila malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists[…]. Also, it has (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware). (via Nick Galbreath)
  2. Vega-Litehigh-level grammar for visual analysis, built on top of Vega. (via Curran Kelleher)
  3. C History — Dennis Ritchie’s 1993 notes on the history of the C programming language explains the origins of a.out and arrays as pointers, and has a reminder of how tight those systems were: Of the 24K bytes of memory on the machine, the earliest PDP-11 Unix system used 12K bytes for the operating system, a tiny space for user programs, and the remainder as a RAM disk.
  4. Zero Latency — immersive gaming with Oculus headsets. Detailed and positive.
Comment
Four short links: 17 December 2015

Four short links: 17 December 2015

Structured Image Concepts, Google's SDN, Lightbulb DeDRMing, and EFF SF

  1. Visual Genomea data set, a knowledge base, an ongoing effort to connect structured image concepts to language.
  2. Google’s Software Defined Networking[What was the biggest risk you faced rolling out the network? …] we were breaking the fate-sharing principle—which is to say we were putting ourselves in a situation where either the controller could fail without the switch failing, or the switch could fail without the controller failing. That generally leads to big problems in distributed computing, as many people learned the hard way once remote procedure calls became a dominant paradigm.
  3. Philips Backtrack on Lightbulb DRMIn view of the sentiment expressed by our customers, we have decided to reverse the software upgrade so that lights from other brands continue to work as they did before with the Philips Hue system.
  4. Pwning Tomorrow — EFF Publishes SF Anthology. You can expect liberties and freedoms to feature.
Comment
Four short links: 16 December 2015

Four short links: 16 December 2015

Face Matching, Engineering Rewrites, Public Domain Illustrations, and Robotic Wrapup

  1. Face Director — Disney software to match faces between takes. We demonstrate that our method can synthesize visually believable performances with applications in emotion transition, performance correction, and timing control.
  2. Move Fast and Fix Things — blow by blow of an engineering rewrite of some key functionality at GitHub, interesting from a “oh so that’s how they do it” point of view (if blow-by-blow engineering rewrites qualify as “interesting” to you).
  3. Old Book Illustrations — public domain book illustrations, tagged and searchable. Yes, like Font Awesome of engraving.
  4. The State of Robotics for 2015 (TechCrunch) — nice summary/wrapup of what’s out there now.
Comment
Four short links: 15 December 2015

Four short links: 15 December 2015

Barbie Broken, JSON Database, Lightbulb DRM, and Graph Database

  1. Crypto is Hard says Hello BarbieWe discovered several issues with the Hello Barbie app including: it utilizes an authentication credential that can be re-used by attackers; it connects a mobile device to any unsecured Wi-Fi network if it has “Barbie” in the name; it shipped with unused code that serves no function but increases the overall attack surface. On the server side, we also discovered: client certificate authentication credentials can be used outside of the app by attackers to probe any of the Hello Barbie cloud servers; the ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack. (via Ars Technica)
  2. Kinto — Mozilla’s open source lightweight JSON storage service with synchronisation and sharing abilities. It is meant to be easy to use and easy to self-host.
  3. Philips Blocks 3rd Party Lightbulbs — DRM for light fixtures. cf @internetofsh*t
  4. gaffer — GCHQ-released open source graph database. …a framework that makes it easy to store large-scale graphs in which the nodes and edges have statistics such as counts, histograms, and sketches. These statistics summarise the properties of the nodes and edges over time windows, and they can be dynamically updated over time. Gaffer is a graph database, rather than a graph processing system. It is optimised for retrieving data on nodes of interest. IHNJH,IJLTS “nodes of interest.”
Comment
Four short links: 14 December 2015

Four short links: 14 December 2015

Design for the Surveilled, Concept Learning, Media Access, and Programming Challenges

  1. Please Stop Making Secure Messaging Systems — how to design for the surveilled, and the kinds of tools they need BEYOND chat.
  2. Human Level Concept Learning through Probabilistic Program Induction — paper and source code for the nifty “learn handwriting from one example” paper that’s blowing minds.
  3. Access Denied (The Awl) — media had power because they had an audience, but social media gives celebrities, sports people, and politicians a bigger audience than media outlets. So, the media outlets aren’t needed, and consequently, they’re losing “access.” A reporter that depends on access to a compelling subject is by definition a reporter compromised. A publication that depends on cooperation from the world that it specializes in is likewise giving up something in terms of its ability to tell the truth about it. And nearly the entire media as it exists today is built around these negotiations.
  4. Stockfightera series of free, fun programming challenges […] suitable for programmers at all experience levels.
Comment
Four short links: 11 December 2015

Four short links: 11 December 2015

Probabilistic Algorithms, Copyright-Free, AI Hardware, and Autonomous Vehicle Policy

  1. Real-world Probabilistic Algorithms (Tyler McMullen) — This article addresses two types of probabilistic algorithms: those that explicitly introduce randomness through a rand() call, and those that convert input data into a uniform distribution to achieve a similar effect.
  2. Class of 2016those whose works will, on 1st January 2016, be entering the public domain in many countries around the world. Le Corbusier, T.S. Eliot, Malcolm X, Bela Bartok, Winston Churchill, and W. Somerset Maugham among others. (Which person in which country depends on copyright term. Not for you, America. Nor us after TPP)
  3. Facebook to Open Source AI Hardware DesignBig Sur is our newest Open Rack-compatible hardware designed for AI computing at a large scale. Eight GPUs, and designs to be released through Open Compute Project.
  4. Driving Changes (PDF) — policy impacts, benefits, and considerations for autonomous vehicles. Written for Toronto but applicable to many more cities. (via David Ticoll)
Comment
Four short links: 10 December 2015

Four short links: 10 December 2015

Reactive Programming Theory, Attacking HTTP/2, Distributed Systems Explainer, and Auto Futures

  1. Distributed Reactive Programming (A Paper a Day) — this week’s focus on reactive programming has been eye-opening for me. I find the implementation details less interesting than the simple notion that we can define different consistency models for reactive programs and reason about them.
  2. Attacking HTTP/2 ImplementationsOur talk focused on threats, attack vectors, and vulnerabilities found during the course of our research. Two Firefox, two Apache Traffic Server (ATS), and four Node-http2 vulnerabilities will be discussed alongside the release of the first public HTTP/2 fuzzer. We showed how these bugs were found, their root cause, why they occur, and how to trigger them.
  3. What We Talk About When We Talk About Distributed Systems — a great intro/explainer to the different concepts in distributed systems.
  4. The Autonomous Winter is ComingThe future of any given manufacturer will be determined by how successfully they manage their brands in a market split between Mobility customers and Driving customers.
Comment
Four short links: 9 December 2015

Four short links: 9 December 2015

Graph Book, Data APIs, Mobile Commerce Numbers, and Phone Labs

  1. Networks, Crowds, and Markets — network theory (graph analysis), small worlds, network effects, power laws, markets, voting, property rights, and more. A book that came out of a Cornell course by ACM-lauded Jon Kleinberg.
  2. Qua framework for building data APIs. From a government department, no less. (via Nelson Minar)
  3. Three Most Common M-Commerce Questions Answered (Facebook) — When we examined basket sizes on an m-site versus an app, we found people spend 43 cents in app to every $1 spent on m-site. (via Alex Dong)
  4. Phonelabs — science labs with mobile phones. All open sourced for maximum spread.
Comments: 2
Four short links: 8 December 2015

Four short links: 8 December 2015

Open Source ZeroDB, HTTP Statuses, Project Activity, and Database Readings

  1. ZeroDB is Open Source — end-to-end encrypted database goes open source (AGPL, *ptui*).
  2. Choosing an HTTP Status Code — or “an alternative to engineers duelling.”
  3. Open Source Monthly — views of open source projects through their GitHub activity.
  4. Readings in Database Science (5ed) — HTML and PDF versions of the papers.
Comment: 1
Four short links: 7 December 2015

Four short links: 7 December 2015

Telepresent Axeman, Toxic Workers, Analysis Code, and Cryptocurrency Attacks

  1. Axe-Wielding Robot w/Telepresence (YouTube) — graphic robot-on-wall action at 2m30s. (via IEEE)
  2. Toxic Workers (PDF) — In comparing the two costs, even if a firm could replace an average worker with one who performs in the top 1%, it would still be better off by replacing a toxic worker with an average worker by more than two-to-one. Harvard Business School research. (via Fortune)
  3. Replacing Sawzall (Google) — At Google, most Sawzall analysis has been replaced by Go […] we’ve developed a set of Go libraries that we call Lingo (for Logs in Go). Lingo includes a table aggregation library that brings the powerful features of Sawzall aggregation tables to Go, using reflection to support user-defined types for table keys and values. It also provides default behavior for setting up and running a MapReduce that reads data from the logs proxy. The result is that Lingo analysis code is often as concise and simple as (and sometimes simpler than) the Sawzall equivalent.
  4. Attacks in the World of Cryptocurrency — a review of some of the discussed weakness, attacks, or oddities in cryptocurrency (esp. bitcoin).
Comment