ENTRIES TAGGED "crypto"
Vanishing Money, Car Hackery, Data Literacy Course, and Cheaper CI
- The Programming Error That Cost Mt Gox 2609 Bitcoins — in the unforgiving world of crypto-currency, it’s easy to miscode and vanish your money.
- Ford Invites Open-Source Community to Tinker Away — One example: Nelson has re-tasked the motor from a Microsoft Xbox 360 game controller to create an OpenXC shift knob that vibrates to signal gear shifts in a standard-transmission Mustang. The 3D-printed prototype shift knob uses Ford’s OpenXC research platform to link devices to the car via Bluetooth, and shares vehicle data from the on-board diagnostics port. Nelson has tested his prototype in a Ford Mustang Shelby GT500 that vibrates at the optimal time to shift.
- Making Sense of Data — Google online course on data literacy.
- Cost-Efficient Continuous Integration at Mozilla — CI on a big project can imply hundreds if not thousands of VMs on Amazon spinning up to handle compiles and tests. This blog post talks about Mozilla’s efforts to reduce its CI-induced spend without reducing the effectiveness of its CI practices.
Android Crypto, Behaviour Trees, Complexity Cheatsheet, and Open Source Game Theory
- An Empirical Study of Cryptographic Misuse in Android Applications (PDF) We develop program analysis techniques to automatically check programs on the Google Play marketplace, that 10,327 out of 11,748 applications that use cryptographic APIs (88% overall) make at least one mistake.
- Introduction to Behaviour Trees — DAGs with codey nodes. Behavior trees replace the often intangible growing mess of state transitions of finite state machines (FSMs) with a more restrictive but also more structured traversal defining approach.
- P vs NP Cheat Sheet — the space and time Big-O complexities of common algorithms used in Computer Science.
- Game Theory and Network Effects in Open Source — delicate balance of incentives go into the decision for companies to Open Source or close source their software in the midst of discussions of Nash Equilibria. Enjoy.
NSA Crypto, Web Traps, Learn by Doing, and Distributed Testing
- On the NSA — intelligent unpacking of what the NSA crypto-weakening allegations mean.
- Overview of the 2013 OWASP Top 10 — rundown of web evil to avoid. (via Ecryption)
- Easy 6502 — teaches 6502 assembler, with an emulator built into the book. This is what programming non-fiction books will look like in the future.
- Kochiku — distributing automated test suites for faster validation in continuous integration.
Google Play Services, Self-Signed Kernels, Visualising Scientific Papers, and New Microcontroller
- How Google’s Defragging Android (Ars Technica) — Android’s becoming a pudgy microkernel for the Google Play Services layer that’s in userland, closed source, and a way to bypass carriers’ lag for upgrades.
- Booting a Self-Signed Linux Kernel (Greg Kroah-Hartman) — procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority.
- Paperscape — A map of scientific papers from the arXiv.
- Trinket — Adafruit’s latest microcontroller board. Small but perfectly formed.
Big Diner, Fab Future, Browser Crypto, and STEM Crisis Questioned
- In Search of the Optimal Cheeseburger (Hilary Mason) — playing with NYC menu data. There are 5,247 cheeseburgers you can order in Manhattan. Her Ignite talk from Ignite NYC15.
- James Burke Predicting the Future — spoiler: massive disruption from nano-scale personal fabbing.
- The STEM Crisis is a Myth (IEEE Spectrum) — Every year U.S. schools grant more STEM degrees than there are available jobs. When you factor in H-1B visa holders, existing STEM degree holders, and the like, it’s hard to make a case that there’s a STEM labor shortage.
- MegaPWN (GitHub) — Your MEGA master key is supposed to be a secret, but MEGA or anyone else with access to your computer can easily find it without you noticing. Browser crypto is only as secure as the browser and the code it runs.
- When Smart Homes Get Hacked (Forbes) — Insteon’s flaw was worse in that it allowed access to any one via the Internet. The researchers could see the exposed systems online but weren’t comfortable poking around further. I was — but I was definitely nervous about it and made sure I had Insteon users’ permission before flickering their lights.
- A Stick Figure Guide to Advanced Encryption Standard (AES) — exactly what it says.
Cryptanalysis Tools, Renaissance Hackers, MakerCamp Review, and Visual Regressions
- bletchley (Google Code) — Bletchley is currently in the early stages of development and consists of tools which provide: Automated token encoding detection (36 encoding variants); Passive ciphertext block length and repetition analysis; Script generator for efficient automation of HTTP requests; A flexible, multithreaded padding oracle attack library with CBC-R support.
- Hackers of the Renaissance — Four centuries ago, information was as tightly guarded by intellectuals and their wealthy patrons as it is today. But a few episodes around 1600 confirm that the Hacker Ethic and its attendant emphasis on open-source information and a “hands-on imperative” was around long before computers hit the scene. (via BoingBoing)
- Maker Camp 2013: A Look Back (YouTube) — This summer, over 1 million campers made 30 cool projects, took 6 epic field trips, and met a bunch of awesome makers.
- huxley (Github) — Watches you browse, takes screenshots, tells you when they change. Huxley is a test-like system for catching visual regressions in Web applications. (via Alex Dong)
Toxic Behaviour, Encryption Deception, Foursquare Strategy, and Problem-First Learning
- Toxic Behaviour — only 5% of toxic behavior comes from toxic people; 77% of it comes from people who are usually good.
- More Encryption Is Not The Solution (Poul-Henning Kamp) — To an intelligence agency, a well-thought-out weakness can easily be worth a cover identity and five years of salary to a top-notch programmer. Anybody who puts in five good years on an open source project can get away with inserting a patch that “on further inspection might not be optimal.”
- On Location With Foursquare (Anil Dash) — Foursquare switched from primarily being concerned with the game-based rewards around engagement and the recording of people’s whereabouts to a broader mission that builds on that base to be about location as a core capability of the Internet.
- The Flipped Flipped Classroom — the “exploration first” model is a better way to learn. You cannot have the answers before you think of the questions. (via Karl Fisch)
Startups Class, Container Deployment, Cryptopocalypse, and Program Design
- EP245 Downloads — class materials from the Udacity “How to Build a Startup” course.
- scrz.io — easy container deployment.
- The Factoring Dead: Preparing for the Cryptopocalypse — how RSA and Diffie-Helman crypto might be useless in the next few years.
- How to Design Programs — 2ed text is a work-in-progress.