Menu
"crypto" entries
Mass Customization, Monolithic Codebase, Database Implementation, and Encrypted Databases
-
The Wild Wild East (The Economist) — Fung Retailing Limited, a related firm, has over 3,000 outlets, a third of them in China. Victor Fung, its honorary chairman, sees the era of mass production giving way to one of mass customization. Markets are fragmenting and smartphones are empowering consumers to get “directly involved in what they buy, where it is made and how they buy it.” Zhao Xiande of CEIBS in Shanghai points to Red Collar, a firm that used simply to make and export garments. Now it lets customers the world over design their own shirts online and makes them to order. Another outfit, Home Koo, offers custom-built furniture online.
-
Motivation for a Monolithic Codebase (YouTube) — interesting talk about Google’s codebase, the first time I know of that Google’s strategy for source code management was discussed in public.
-
SQL in CockroachDB: Mapping Table Data to Key-Value Storage — very easy-to-follow simple database implementation lesson.
-
cryptdb — A database system that can process SQL queries over encrypted data.
Google's Code, China's Pledge, MD5's Cracks, and Toyota's Robotics Hire
-
Google’s 2 Billion Lines of Code (Wired) — 85TB, 45,000 changes/day in Google’s DVCS “Piper.” They’re looking at Mercurial.
-
China Extracting Pledge of Compliance from US Firms (NY Times) — The letter also asks the American companies to ensure their products are “secure and controllable,” a catchphrase that industry groups said could be used to force companies to build so-called back doors — which allow third-party access to systems — provide encryption keys or even hand over source code.
-
MD5 To Be Considered Harmful Some Day (Adrian Colyer) — walkthrough of Dan Kaminsky’s paper on the growing number of cracks in MD5.
-
Toyota’s Robot Car Plans (IEEE Spectrum) — Toyota hired the former head of DARPA’s Robotics Challenge. Pratt explained that a U.S. $50 million R&D collaboration with MIT and Stanford is just the beginning of a large and ambitious program whose goal is developing intelligent vehicles that can make roads safer and robot helpers that can improve people’s lives at home.
Bricklaying Robots, Photographic Insecurity, Quantum-Resistant Crypto, and Garbage Subtraction
-
Bricklaying Robot Lays 3x Speed of Humans (MIT TR) — The robot can correct for the differences between theoretical building specifications and what’s actually on site, says Scott Peters, co-founder of Construction Robotics, a company based in Victor, New York, that designed SAM as its debut product. (via Audrey Watters)
-
When a Photo Ends Your Security (Bruce Schneier) — the TSA’s master key was shown in a Washington Post photo spread, so now it can be recreated from the photo.
-
Online Security Braces for Quantum Revolution (Nature) — PQCRYPTO, a European consortium of quantum-cryptography researchers in academia and industry, released a preliminary report on 7 September recommending cryptographic techniques that are resistant to quantum computers […] It favoured the McEliece system, which has resisted attacks since 1978, for public-key cryptography.
-
The New Wave is Garbage Subtracted (Adam Trachtenberg) — Adam found some amazingly prescient writing from Esther Dyson. The new wave is not value-added; it’s garbage-subtracted. The job of the future is PR guy, not journalist. I’m too busy reading, so why should I pay for more things to read? Anything anyone didn’t pay to send to me…I’m not going to read.
Encrypted Databases, Product Management, Patenting Machine Learning, and Programming Ethics
-
Zero Knowledge and Homomorphic Encryption (ZDNet) — coverage of a few startups working on providing databases that don’t need to decrypt the data they store and retrieve.
-
How Not to Suck at Making Products — Never confuse “category you’re in” with the “value you deliver.” Customers only care about the latter.
-
Google Patenting Machine Learning Developments (Reddit) — I am afraid that Google has just started an arms race, which could do significant damage to academic research in machine learning. Now it’s likely that other companies using machine learning will rush to patent every research idea that was developed in part by their employees. We have all been in a prisoner’s dilemma situation, and Google just defected. Now researchers will guard their ideas much more combatively, given that it’s now fair game to patent these ideas, and big money is at stake.
-
Machine Ethics (Nature) — machine learning ethics versus rule-driven ethics. Logic is the ideal choice for encoding machine ethics, argues Luís Moniz Pereira, a computer scientist at the Nova Laboratory for Computer Science and Informatics in Lisbon. “Logic is how we reason and come up with our ethical choices,” he says. I disagree with his premises.
IoT and New Hardware Movement, OpenCV 3, FBI vs Crypto, and Transactional Datastore
-
New Hardware and the Internet of Things (Jon Bruner) — The Internet of Things and the new hardware movement are not the same thing. The new hardware movement is driven by new tools for: Prototyping (inexpensive 3D printers, CNC machine tools, cheap and powerful microcontrollers, high-level programming languages on embedded systems); Fundraising and business development (Highway1, Lab IX); Manufacturing (PCH, Seeed); Marketing (Etsy, Quirky). The IoT is driven by: Ubiquitous connectivity; Cheap hardware (i.e., the new hardware movement); Inexpensive data processing and machine learning.
-
OpenCV 3.0 Released — I hadn’t realised how much hardware acceleration comes out of the box with OpenCV.
-
FBI: Companies Should Help us Prevent Encryption (WaPo) — as Mike Loukides says, we are in a Post-Modern age where we don’t trust our computers and they don’t trust us. It’s jarring to hear the organisation that (over-zealously!) investigates computer crime arguing that citizens should not be able to secure their communications. It’s like police arguing against locks.
-
cockroach — a scalable, geo-replicated, transactional datastore. The Wired piece about it drops the factoid that the creators of GIMP worked on Google’s massive BigTable-successor, Colossus. From Photoshop-alike to massive file systems. Love it.
DARPA Robotics Challenge, Math Instruction, Microservices Construction, and Crypto Hardware Sans Spooks
-
Pocket Guide to DARPA Robotics Challenge Finals (Robohub) — The robots will start in a vehicle, drive to a simulated disaster building, and then they’ll have to open doors, walk on rubble, and use tools. Finally, they’ll have to climb a flight of stairs. The fastest team with the same amount of points for completing tasks will win. The main issues teams will face are communications with their robot and battery life: “Even the best batteries are still roughly 10 times less energy-dense than the kinds of fuels we all use to get around,” said Pratt.
-
Dan Meyer’s Dissertation — Dan came up with a way to make math class social and the vocabulary sticky.
-
Monolith First — echoes the idea that platforms should come from successful apps (the way AWS emerged from operating the Amazon store) rather than be designed before use.
-
Building a More Assured Hardware Security Module (PDF) — proposal for An open source reference design for HSMs; Scalable, first cut in an FPGA and CPU, later allow higher speed options; Composable, e.g. “Give me a key store and signer suitable for DNSsec”; Reasonable assurance by being open, diverse design team, and an increasingly assured tool-chain. See cryptech.is for more info.
Manufacturer Rootkits, Dangerous Dongle, Physical Visualisation, and Cryptoed Comms
-
Popular Chinese Android Smartphone Backdoored By Manufacturer — Coolpad is the third largest smartphone builder in China, and ranks sixth worldwide with 3.7 percent global market share. It trails only Lenovo and Xiaomi in China and is the leader of China’s 4G market with 16 percent market share. Coolpad outsells Samsung and Apple in China, and has said it plans to expand globally with a goal of 60 million phones worldwide. For now, its high-end Halo Dazen phones are the only ones containing the backdoor, Palo Alto said. Backdoor enabled installation of other apps, dial numbers, send messages, and report back to the mothership. The manufacturer even ran the command-and-control nodes for the malware.
-
USB Driveby — dongle that plugs into USB, and tries to root the box. Specifically, when you normally plug in a mouse or keyboard into a machine, no authorization is required to begin using them. The devices can simply begin typing and clicking. We exploit this fact by sending arbitrary keystrokes meant to launch specific applications (via Spotlight/Alfred/Quicksilver), permanently evade a local firewall (Little Snitch), install a reverse shell in crontab, and even modify DNS settings without any additional permissions.
-
Physical Data Visualisations — a chronological list of physical visualizations and related artifacts. (via Flowing Data)
-
Dissent — an anonymous communication substrate intended primarily for applications built on a broadcast communication model: for example, bulletin boards, wikis, auctions, or voting. Users of an online group obtain cryptographic guarantees of sender and receiver anonymity, message integrity, disruption resistance, proportionality, and location hiding. And a pony.
Data Delusions, OS Robotics, Insecure Crypto, and Free Icons
-
The Delusions of Big Data (IEEE) — When you have large amounts of data, your appetite for hypotheses tends to get even larger. And if it’s growing faster than the statistical strength of the data, then many of your inferences are likely to be false. They are likely to be white noise.
-
ROSCON 2014 — slides and videos of talks from Chicago open source robotics conference.
-
Making Sure Crypto Stays Insecure (PDF) — Daniel J. Bernstein talk: This talk is actually a thought experiment: how could an attacker manipulate the ecosystem for insecurity?
-
Material Design Icons — Google’s CC-licensed (attribution, sharealike) collection of sweet, straightforward icons.
Crowd Problems, Robot Butler, Opportunistic Encryption, and A/B Framework
-
Blame the Crowd, Not the Camera (Nina Simon) — Cameras weaponize an already unwieldy mob of people.
-
The Botlr — the Cupertino Starwood hotel has a robot butler (botlr) doing room service.
-
tcpcrypt — opportunistic encryption of all network traffic.
-
Sixpack — language-agnostic A/B testing framework.
Browser Crypto, Real Time Consistency, Exploring CS, and CS as Social Movement
-
Javascript Cryptography Considered Harmful — tl;dr: “don’t”. If you don’t trust the network to deliver a password, or, worse, don’t trust the server not to keep user secrets, you can’t trust them to deliver security code. The same attacker who was sniffing passwords or reading diaries before you introduce crypto is simply hijacking crypto code after you do.
-
Eventual Consistency in Real Time Apps — answering How do you ensure that your local model is in sync with what’s stored on the backend?
-
Exploring CS — Both courses are designed to teach the fundamental concepts and big ideas of computing along with coding, and to inspire kids about computer science’s creative potential to transform society.
-
Why Computer Literacy Is Key To Winning the 21st Century (Mother Jones) — [teaching CS to] middle and high schoolers at the UCLA Community School, an experimental new public K-12 school. “I saw this as a new frontier in the social-justice fight,” she says. “I tell my students, ‘I don’t necessarily want to teach you how to get rich. I want to teach you to be a good citizen.'”