ENTRIES TAGGED "crypto"

Four short links: 22 August 2014

Four short links: 22 August 2014

Crowd Problems, Robot Butler, Opportunistic Encryption, and A/B Framework

  1. Blame the Crowd, Not the Camera (Nina Simon) — Cameras weaponize an already unwieldy mob of people.
  2. The Botlr — the Cupertino Starwood hotel has a robot butler (botlr) doing room service.
  3. tcpcrypt — opportunistic encryption of all network traffic.
  4. Sixpack — language-agnostic A/B testing framework.
Comment
Four short links: 18 June 2014

Four short links: 18 June 2014

Browser Crypto, Real Time Consistency, Exploring CS, and CS as Social Movement

  1. Javascript Cryptography Considered Harmful — tl;dr: “don’t”. If you don’t trust the network to deliver a password, or, worse, don’t trust the server not to keep user secrets, you can’t trust them to deliver security code. The same attacker who was sniffing passwords or reading diaries before you introduce crypto is simply hijacking crypto code after you do.
  2. Eventual Consistency in Real Time Apps — answering How do you ensure that your local model is in sync with what’s stored on the backend?
  3. Exploring CSBoth courses are designed to teach the fundamental concepts and big ideas of computing along with coding, and to inspire kids about computer science’s creative potential to transform society.
  4. Why Computer Literacy Is Key To Winning the 21st Century (Mother Jones) — [teaching CS to] middle and high schoolers at the UCLA Community School, an experimental new public K-12 school. “I saw this as a new frontier in the social-justice fight,” she says. “I tell my students, ‘I don’t necessarily want to teach you how to get rich. I want to teach you to be a good citizen.'”
Comment: 1
Four short links: 10 June 2014

Four short links: 10 June 2014

Trusting Code, Deep Pi, Docker DevOps, and Secure Database

  1. Trusting Browser Code (Tim Bray) — on the fundamental weakness of the ‘net as manifest in the browser.
  2. Deep Learning in the Raspberry Pi (Pete Warden) — $30 now gets you a computer you can run deep learning algorithms on. Awesome.
  3. Announcing Docker Hub and Official Repositories — as Docker went 1.0 and people rave about how they use it, comes this. They’re thinking hard about “integrating into the build ship run loop”, which aligns well with DevOps-enabling tool use.
  4. Apple’s Secure Database for Users (Ian Waring) — excellent breakdown of how Apple have gone out of their way to make their cloud database product safe and robust. They may be slow to “the cloud” but they have decades of experience having users as customers instead of products.
Comment
Four short links: 4 June 2014

Four short links: 4 June 2014

Swift on GitHub, HTTP APIs, PGP in Gmail, and Comments vs Community

  1. Swift on GitHub — watch a thousand projects launch.
  2. HTTP API Design Guideextracted from work on the Heroku Platform API.
  3. End-to-End PGP in Gmail — Google releases an open source Chrome extension to enable end-to-end OpenPGP on top of gmail. This is a good thing. As noted FSF developer Ben Franklin wrote: Those who would give up awkward key signing parties to purchase temporary convenience deserve neither.
  4. Close Your Comments; Build Your Community (Annemarie Dooling) — I am rarely sad when a commenting platform collapses, because it usually means the community dissolved long before.
Comment
Four short links: 20 March 2014

Four short links: 20 March 2014

Smart Objects, Crypto Course, Culture Design, and Security v Usability

  1. Smart Interaction Lab — some interesting prototyping work designing for smart objects.
  2. Crypto 101 — self-directory crypto instruction. (via BoingBoing)
  3. Chipotle Culture — interesting piece on Chipotle’s approach to building positive feedback loops around training. Reminded me of Ben Horowitz’s “Why You Should Train Your People”.
  4. Keybase.io Writeup (Tim Bray) — Tim’s right, that removing the centralised attack point creates a usability problem. Systems that are hardest to attack are also the ones that are hardest for Normal People to use. (Can I coin this as the Torkington Conjecture, with the corollary that sufficiently stupid users are indistinguishable from intelligent attackers?)
Comment
Four short links: 3 March 2014

Four short links: 3 March 2014

Vanishing Money, Car Hackery, Data Literacy Course, and Cheaper CI

  1. The Programming Error That Cost Mt Gox 2609 Bitcoins — in the unforgiving world of crypto-currency, it’s easy to miscode and vanish your money.
  2. Ford Invites Open-Source Community to Tinker AwayOne example: Nelson has re-tasked the motor from a Microsoft Xbox 360 game controller to create an OpenXC shift knob that vibrates to signal gear shifts in a standard-transmission Mustang. The 3D-printed prototype shift knob uses Ford’s OpenXC research platform to link devices to the car via Bluetooth, and shares vehicle data from the on-board diagnostics port. Nelson has tested his prototype in a Ford Mustang Shelby GT500 that vibrates at the optimal time to shift.
  3. Making Sense of Data — Google online course on data literacy.
  4. Cost-Efficient Continuous Integration at Mozilla — CI on a big project can imply hundreds if not thousands of VMs on Amazon spinning up to handle compiles and tests. This blog post talks about Mozilla’s efforts to reduce its CI-induced spend without reducing the effectiveness of its CI practices.
Comment
Four short links: 19 December 2013

Four short links: 19 December 2013

Audio Key Extraction, Die Bitcoin, Keep Dying Bitcoin, Firmware Hacks

  1. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis (PDF) — research uses audio from CPU to break GnuPG’s implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
  2. Bitcoin, Magic Thinking, and Political Ideology (Alex Payne) — In other words: Bitcoin represents more of the same short-sighted hypercapitalism that got us into this mess, minus the accountability. No wonder that many of the same culprits are diving eagerly into the mining pool.
  3. Why I Want Bitcoin to Die in a Fire (Charlie Stross) — Like all currency systems, Bitcoin comes with an implicit political agenda attached. Decisions we take about how to manage money, taxation, and the economy have consequences: by its consequences you may judge a finance system. Our current global system is pretty crap, but I submit that Bitcoin is worst. With a list of reasons why Bitcoin is bad, like Stolen electricity will drive out honest mining. (So the greatest benefits accrue to the most ruthless criminals.)
  4. iSeeYou: Disabling the MacBook Webcam Indicator LED — your computer is made up of many computers, each of which can be a threat. This enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non-root) application. The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system. We build two proofs-of-concept: (1) an OS X application, iSeeYou, which demonstrates capturing video with the LED disabled; and (2) a virtual machine escape that launches Terminal.app and runs shell commands. (via Washington Post)
Comment
Four short links: 8 November 2013

Four short links: 8 November 2013

Android Crypto, Behaviour Trees, Complexity Cheatsheet, and Open Source Game Theory

  1. An Empirical Study of Cryptographic Misuse in Android Applications (PDF) We develop program analysis techniques to automatically check programs on the Google Play marketplace, that 10,327 out of 11,748 applications that use cryptographic APIs (88% overall) make at least one mistake.
  2. Introduction to Behaviour Trees — DAGs with codey nodes. Behavior trees replace the often intangible growing mess of state transitions of finite state machines (FSMs) with a more restrictive but also more structured traversal defining approach.
  3. P vs NP Cheat Sheetthe space and time Big-O complexities of common algorithms used in Computer Science.
  4. Game Theory and Network Effects in Open Sourcedelicate balance of incentives go into the decision for companies to Open Source or close source their software in the midst of discussions of Nash Equilibria. Enjoy.
Comments: 5
Four short links: 11 September 2013

Four short links: 11 September 2013

NSA Crypto, Web Traps, Learn by Doing, and Distributed Testing

  1. On the NSA — intelligent unpacking of what the NSA crypto-weakening allegations mean.
  2. Overview of the 2013 OWASP Top 10 — rundown of web evil to avoid. (via Ecryption)
  3. Easy 6502 — teaches 6502 assembler, with an emulator built into the book. This is what programming non-fiction books will look like in the future.
  4. Kochiku — distributing automated test suites for faster validation in continuous integration.
Comment
Four short links: 9 September 2013

Four short links: 9 September 2013

Google Play Services, Self-Signed Kernels, Visualising Scientific Papers, and New Microcontroller

  1. How Google’s Defragging Android (Ars Technica) — Android’s becoming a pudgy microkernel for the Google Play Services layer that’s in userland, closed source, and a way to bypass carriers’ lag for upgrades.
  2. Booting a Self-Signed Linux Kernel (Greg Kroah-Hartman) — procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority.
  3. PaperscapeA map of scientific papers from the arXiv.
  4. Trinket — Adafruit’s latest microcontroller board. Small but perfectly formed.
Comment