"crypto" entries

Four short links: 5 June 2015

Four short links: 5 June 2015

IoT and New Hardware Movement, OpenCV 3, FBI vs Crypto, and Transactional Datastore

  1. New Hardware and the Internet of Things (Jon Bruner) — The Internet of Things and the new hardware movement are not the same thing. The new hardware movement is driven by new tools for: Prototyping (inexpensive 3D printers, CNC machine tools, cheap and powerful microcontrollers, high-level programming languages on embedded systems); Fundraising and business development (Highway1, Lab IX); Manufacturing (PCH, Seeed); Marketing (Etsy, Quirky). The IoT is driven by: Ubiquitous connectivity; Cheap hardware (i.e., the new hardware movement); Inexpensive data processing and machine learning.
  2. OpenCV 3.0 Released — I hadn’t realised how much hardware acceleration comes out of the box with OpenCV.
  3. FBI: Companies Should Help us Prevent Encryption (WaPo) — as Mike Loukides says, we are in a Post-Modern age where we don’t trust our computers and they don’t trust us. It’s jarring to hear the organisation that (over-zealously!) investigates computer crime arguing that citizens should not be able to secure their communications. It’s like police arguing against locks.
  4. cockroacha scalable, geo-replicated, transactional datastore. The Wired piece about it drops the factoid that the creators of GIMP worked on Google’s massive BigTable-successor, Colossus. From Photoshop-alike to massive file systems. Love it.
Comment
Four short links: 4 June 2015

Four short links: 4 June 2015

DARPA Robotics Challenge, Math Instruction, Microservices Construction, and Crypto Hardware Sans Spooks

  1. Pocket Guide to DARPA Robotics Challenge Finals (Robohub) — The robots will start in a vehicle, drive to a simulated disaster building, and then they’ll have to open doors, walk on rubble, and use tools. Finally, they’ll have to climb a flight of stairs. The fastest team with the same amount of points for completing tasks will win. The main issues teams will face are communications with their robot and battery life: “Even the best batteries are still roughly 10 times less energy-dense than the kinds of fuels we all use to get around,” said Pratt.
  2. Dan Meyer’s Dissertation — Dan came up with a way to make math class social and the vocabulary sticky.
  3. Monolith First — echoes the idea that platforms should come from successful apps (the way AWS emerged from operating the Amazon store) rather than be designed before use.
  4. Building a More Assured Hardware Security Module (PDF) — proposal for An open source reference design for HSMs; Scalable, first cut in an FPGA and CPU, later allow higher speed options; Composable, e.g. “Give me a key store and signer suitable for DNSsec”; Reasonable assurance by being open, diverse design team, and an increasingly assured tool-chain. See cryptech.is for more info.
Comment
Four short links: 18 December 2014

Four short links: 18 December 2014

Manufacturer Rootkits, Dangerous Dongle, Physical Visualisation, and Cryptoed Comms

  1. Popular Chinese Android Smartphone Backdoored By ManufacturerCoolpad is the third largest smartphone builder in China, and ranks sixth worldwide with 3.7 percent global market share. It trails only Lenovo and Xiaomi in China and is the leader of China’s 4G market with 16 percent market share. Coolpad outsells Samsung and Apple in China, and has said it plans to expand globally with a goal of 60 million phones worldwide. For now, its high-end Halo Dazen phones are the only ones containing the backdoor, Palo Alto said. Backdoor enabled installation of other apps, dial numbers, send messages, and report back to the mothership. The manufacturer even ran the command-and-control nodes for the malware.
  2. USB Driveby — dongle that plugs into USB, and tries to root the box. Specifically, when you normally plug in a mouse or keyboard into a machine, no authorization is required to begin using them. The devices can simply begin typing and clicking. We exploit this fact by sending arbitrary keystrokes meant to launch specific applications (via Spotlight/Alfred/Quicksilver), permanently evade a local firewall (Little Snitch), install a reverse shell in crontab, and even modify DNS settings without any additional permissions.
  3. Physical Data Visualisationsa chronological list of physical visualizations and related artifacts. (via Flowing Data)
  4. Dissentan anonymous communication substrate intended primarily for applications built on a broadcast communication model: for example, bulletin boards, wikis, auctions, or voting. Users of an online group obtain cryptographic guarantees of sender and receiver anonymity, message integrity, disruption resistance, proportionality, and location hiding. And a pony.
Comment
Four short links: 21 October 2014

Four short links: 21 October 2014

Data Delusions, OS Robotics, Insecure Crypto, and Free Icons

  1. The Delusions of Big Data (IEEE) — When you have large amounts of data, your appetite for hypotheses tends to get even larger. And if it’s growing faster than the statistical strength of the data, then many of your inferences are likely to be false. They are likely to be white noise.
  2. ROSCON 2014 — slides and videos of talks from Chicago open source robotics conference.
  3. Making Sure Crypto Stays Insecure (PDF) — Daniel J. Bernstein talk: This talk is actually a thought experiment: how could an attacker manipulate the ecosystem for insecurity?
  4. Material Design Icons — Google’s CC-licensed (attribution, sharealike) collection of sweet, straightforward icons.
Comment
Four short links: 22 August 2014

Four short links: 22 August 2014

Crowd Problems, Robot Butler, Opportunistic Encryption, and A/B Framework

  1. Blame the Crowd, Not the Camera (Nina Simon) — Cameras weaponize an already unwieldy mob of people.
  2. The Botlr — the Cupertino Starwood hotel has a robot butler (botlr) doing room service.
  3. tcpcrypt — opportunistic encryption of all network traffic.
  4. Sixpack — language-agnostic A/B testing framework.
Comment
Four short links: 18 June 2014

Four short links: 18 June 2014

Browser Crypto, Real Time Consistency, Exploring CS, and CS as Social Movement

  1. Javascript Cryptography Considered Harmful — tl;dr: “don’t”. If you don’t trust the network to deliver a password, or, worse, don’t trust the server not to keep user secrets, you can’t trust them to deliver security code. The same attacker who was sniffing passwords or reading diaries before you introduce crypto is simply hijacking crypto code after you do.
  2. Eventual Consistency in Real Time Apps — answering How do you ensure that your local model is in sync with what’s stored on the backend?
  3. Exploring CSBoth courses are designed to teach the fundamental concepts and big ideas of computing along with coding, and to inspire kids about computer science’s creative potential to transform society.
  4. Why Computer Literacy Is Key To Winning the 21st Century (Mother Jones) — [teaching CS to] middle and high schoolers at the UCLA Community School, an experimental new public K-12 school. “I saw this as a new frontier in the social-justice fight,” she says. “I tell my students, ‘I don’t necessarily want to teach you how to get rich. I want to teach you to be a good citizen.'”
Comment: 1
Four short links: 10 June 2014

Four short links: 10 June 2014

Trusting Code, Deep Pi, Docker DevOps, and Secure Database

  1. Trusting Browser Code (Tim Bray) — on the fundamental weakness of the ‘net as manifest in the browser.
  2. Deep Learning in the Raspberry Pi (Pete Warden) — $30 now gets you a computer you can run deep learning algorithms on. Awesome.
  3. Announcing Docker Hub and Official Repositories — as Docker went 1.0 and people rave about how they use it, comes this. They’re thinking hard about “integrating into the build ship run loop”, which aligns well with DevOps-enabling tool use.
  4. Apple’s Secure Database for Users (Ian Waring) — excellent breakdown of how Apple have gone out of their way to make their cloud database product safe and robust. They may be slow to “the cloud” but they have decades of experience having users as customers instead of products.
Comment
Four short links: 4 June 2014

Four short links: 4 June 2014

Swift on GitHub, HTTP APIs, PGP in Gmail, and Comments vs Community

  1. Swift on GitHub — watch a thousand projects launch.
  2. HTTP API Design Guideextracted from work on the Heroku Platform API.
  3. End-to-End PGP in Gmail — Google releases an open source Chrome extension to enable end-to-end OpenPGP on top of gmail. This is a good thing. As noted FSF developer Ben Franklin wrote: Those who would give up awkward key signing parties to purchase temporary convenience deserve neither.
  4. Close Your Comments; Build Your Community (Annemarie Dooling) — I am rarely sad when a commenting platform collapses, because it usually means the community dissolved long before.
Comment
Four short links: 20 March 2014

Four short links: 20 March 2014

Smart Objects, Crypto Course, Culture Design, and Security v Usability

  1. Smart Interaction Lab — some interesting prototyping work designing for smart objects.
  2. Crypto 101 — self-directory crypto instruction. (via BoingBoing)
  3. Chipotle Culture — interesting piece on Chipotle’s approach to building positive feedback loops around training. Reminded me of Ben Horowitz’s “Why You Should Train Your People”.
  4. Keybase.io Writeup (Tim Bray) — Tim’s right, that removing the centralised attack point creates a usability problem. Systems that are hardest to attack are also the ones that are hardest for Normal People to use. (Can I coin this as the Torkington Conjecture, with the corollary that sufficiently stupid users are indistinguishable from intelligent attackers?)
Comment
Four short links: 3 March 2014

Four short links: 3 March 2014

Vanishing Money, Car Hackery, Data Literacy Course, and Cheaper CI

  1. The Programming Error That Cost Mt Gox 2609 Bitcoins — in the unforgiving world of crypto-currency, it’s easy to miscode and vanish your money.
  2. Ford Invites Open-Source Community to Tinker AwayOne example: Nelson has re-tasked the motor from a Microsoft Xbox 360 game controller to create an OpenXC shift knob that vibrates to signal gear shifts in a standard-transmission Mustang. The 3D-printed prototype shift knob uses Ford’s OpenXC research platform to link devices to the car via Bluetooth, and shares vehicle data from the on-board diagnostics port. Nelson has tested his prototype in a Ford Mustang Shelby GT500 that vibrates at the optimal time to shift.
  3. Making Sense of Data — Google online course on data literacy.
  4. Cost-Efficient Continuous Integration at Mozilla — CI on a big project can imply hundreds if not thousands of VMs on Amazon spinning up to handle compiles and tests. This blog post talks about Mozilla’s efforts to reduce its CI-induced spend without reducing the effectiveness of its CI practices.
Comment