Four short links: 23 July 2014

Four short links: 23 July 2014

Selfless Machines, Docker Security, Voice Hacks, and Choiceless Programming

  1. Talking to Big Machines (Jon Bruner) — “Selfless machines” coordinate across networks and modify their own operation to improve the output of the entire system.
  2. Docker SecurityContainers do not contain and Stop assuming that Docker and the Linux kernel protect you from malware.
  3. Your Voice Assistant is Mine (PDF) — Through Android Intent mechanism, VoicEmployer triggers Google Voice Search to the foreground, and then plays prepared audio files (like “call number 1234 5678”) in the background. Google Voice Search can recognize this voice command and execute corresponding operations. With ingenious designs, our GVS-Attack can forge SMS/Email, access privacy information, transmit sensitive data and achieve remote control without any permission.
  4. escher (GitHub) — choiceless programming and non-Turing coding. Mind: blown.
Four short links: 17 July 2014

Four short links: 17 July 2014

Software Ethics, Learning Challenges, Workplace Harassment, and Logging for Postmortems

  1. Misjudgements Will Drive Social Trials Underground (Nature) — 34 ethicists write to explain why they see Facebook’s mood-influence trials as not an egregious breach of either ethics or law. Notable: No one knows whether exposure to a stream of baby announcements, job promotions and humble brags makes Facebook’s one billion users sadder or happier. The exposure is a social experiment in which users become guinea pigs, but the effects will not be known unless they are studied.[...] But the extreme response to this study, some of which seems to have been made without full understanding of what it entailed or what legal and ethical standards require, could result in such research being done in secret or not at all. Compare wisdom of the ethicists to wisdom of the crowd. (via Kate Crawford)
  2. Problem-Free Activity in the Mathematics Classroom (PDF) — interesting not just for the bland crap work we make kids do, but for the summary of five types of need that stimulate learning: for certainty (“which of the two is right?”), for causality (“did X cause Y?”, “what will happen next?”), for computation (“how much will it cost?”, “how long will it take?”), for communication and persuasion (“it’s more fun when we work on this together”, “let me show you why I’m right!”), and for connection and structuring (“that can’t be right, it goes against all I know!”, “ah, that makes sense because …”). (via Kathy Sierra)
  3. Survey of Academic Field Experiences (PLoSone) — Our survey revealed that conducting research in the field exposes scientists to a number of negative experiences as targets and as bystanders. The experiences described by our respondents ranged from inadvertent alienating behavior, to unwanted verbal and physical sexual advances, to, most troublingly, sexual assault including rape. is immediately followed by These proportions of respondents experiencing harassment are generally consistent with other studies of workplace harassment in other professional settings. This will change when men’s behaviour and expectations change. Male readers, do your part: don’t harass and don’t tolerate it. This message brought to you from future generations who will wonder how the hell we turned a blind eye to it.
  4. sentry (github) — a realtime, platform-agnostic error logging and aggregation platform. It specializes in monitoring errors and extracting all the information needed to do a proper post-mortem without any of the hassle of the standard user feedback loop.
Four short links: 16 July 2014

Four short links: 16 July 2014

Distributed Systems Design 101, Patent Trolls, Intel's Half a Billion from IoT, and Google's Project Zero.

  1. Inside bit.ly’s Distributed Systems — this is a 101 for modern web distributed systems design.
  2. Patent Trolls are Now 67% of New Patent Lawsuits in USA (WaPo) — data from PwC.
  3. Intel Made Half a Billion from Internet of Things Last Year (Quartz) — half a billion here, half a billion there, pretty soon it adds up to real money.
  4. Google’s Project Zero (Wired) — G pays a team to attack common software and report the bugs to the manufacturer. Interesting hypothesis about how the numbers inbalance between Every Russian 14 Year Old and this small team doesn’t matter: modern hacker exploits often chain together a series of hackable flaws to defeat a computer’s defenses. Kill one of those bugs and the entire exploit fails. That means Project Zero may be able to nix entire collections of exploits by finding and patching flaws in a small part of an operating system, like the “sandbox” that’s meant to limit an application’s access to the rest of the computer. ”On certain attack surfaces, we’re optimistic we can fix the bugs faster than they’re being introduced,” Hawkes says. “If you funnel your research into these limited areas, you increase the chances of bug collisions.”

Four short links: 4 July 2014

Deleted Transparency, Retro Theme, MPA Suckage, and Ultrasonic Comms

  1. The Flipside of the Right To Be Forgotten (Business Insider) — deletion requests were granted for a former politician who wanted to remove links to a news article about his behavior when previously in office – so that he can have a clean slate when running for a new position – and a man who was convicted of possessing child sexual abuse imagery.
  2. BOOTSTRA.386 — gorgeously retro theme for Bootstrap.
  3. Multi-Process Architectures Suck — detailed and painful look at the computational complexity and costs of multiprocess architectures.
  4. Chromecast Ultrasonic CommsIn the new system, Chromecast owners first allow support for nearby devices. A nearby device then requests access to the Chromecast, and the Chromecast plays an ultrasonic sound through the connected TV’s speakers. The sound is then picked up by the microphone in the device, which allows it to pair with the TV. (via Greg Linden)

Revisiting “What is DevOps”

If all companies are software companies, then all companies must learn to manage their online operations.


Two years ago, I wrote What is DevOps. Although that article was good for its time, our understanding of organizational behavior, and its relationship to the operation of complex systems, has grown.

A few themes have become apparent in the two years since that last article. They were latent in that article, I think, but now we’re in a position to call them out explicitly. It’s always easy to think of DevOps (or of any software industry paradigm) in terms of the tools you use; in particular, it’s very easy to think that if you use Chef or Puppet for automated configuration, Jenkins for continuous integration, and some cloud provider for on-demand server power, that you’re doing DevOps. But DevOps isn’t about tools; it’s about culture, and it extends far beyond the cubicles of developers and operators. As Jeff Sussna says in Empathy: The Essence of DevOps:

…it’s not about making developers and sysadmins report to the same VP. It’s not about automating all your configuration procedures. It’s not about tipping up a Jenkins server, or running your applications in the cloud, or releasing your code on Github. It’s not even about letting your developers deploy their code to a PaaS. The true essence of DevOps is empathy.

Read more…

Comments: 4
Four short links: 30 June 2014

Four short links: 30 June 2014

Interacting with Connected Objects, Continuous Security Review, Chess AI, and Scott Hanselman is Hilarious

  1. Interacting with a World of Connected Objects (Tom Coates) — notes from one of my favourite Foo Camp sessions.
  2. Security Considerations with Continuous Deployment (IBM) — rundown of categories of security issues your org might face, and how to tackle them in the continuous deployment cycle. (via Emma Jane Westby)
  3. The Chess Master and the Computer (Garry Kasparov) — Increasingly, a move isn’t good or bad because it looks that way or because it hasn’t been done that way before. It’s simply good if it works and bad if it doesn’t. Although we still require a strong measure of intuition and logic to play well, humans today are starting to play more like computers. (via Alexis Madrigal)
  4. Virtual Machines, Javascript, and Assembler (YouTube) — hilarious Velocity keynote by Scott Hanselman.
Comment: 1

Four short links: 26 June 2014

IoT Future, Latency Numbers, Mobile Performance, and Minimum Viable Bureaucracy

  1. Charlie Stross on 2034every object in the real world is going to be providing a constant stream of metadata about its environment — and I mean every object. The frameworks used for channeling this firehose of environment data are going to be insecure and ramshackle, with foundations built on decades-old design errors. (via BoingBoing)
  2. Latency Numbers Every Programmer Should Know — awesome animation so you can see how important “constants” which drive design decisions have changed over time.
  3. Extreme Web Performance for Mobile Devices (Slideshare) — notes from Maximiliano Firtman’s Velocity tutorial.
  4. Minimum Viable Bureaucracy (Laura Thomson) — notes from her Velocity talk. A portion of engineer’s time must be spent on what engineer thinks is important. It may be 100%. It may be 60%, 40%, 20%. But it should never be zero.
Four short links: 23 June 2014

Four short links: 23 June 2014

Blockchain Intro, Machine Collaboration, Safety Systems Thinking, and Where Keystrokes Go To Die

  1. Minimum Viable Block ChainWhat follows is an attempt to explain, from the ground up, why the particular pieces (digital signatures, proof-of-work, transaction blocks) are needed, and how they all come together to form the “minimum viable block chain” with all of its remarkable properties.
  2. Common Ground and Coordination in Joint Activity (PDF) — research paper on the components and requirements and failure modes of collaboration, with an eye to how machine actors can participate as collaborators. (via John Allspaw)
  3. Engineering a Safer World (Nancy Leveson) — Systems thinking applied to safety. Free download of the MIT Press ebook. (via John Allspaw)
  4. Scott Hanselman’s TipsKeep your emails to 3-4 sentences, Hanselman says. Anything longer should be on a blog or wiki or on your product’s documentation, FAQ or knowledge base. “Anywhere in the world except email because email is where you keystrokes go to die,” he says.
Four short links: 20 June 2014

Four short links: 20 June 2014

Available Data, Goal Setting, Real Tech, and Gamification Numbers

  1. Dynamo and BigTable — good preso overview of two approaches to solving availability and consistency in the event of server failure or network partition.
  2. Goals Gone Wild (PDF) — In this article, we argue that the beneficial effects of goal setting have been overstated and that systematic harm caused by goal setting has been largely ignored. We identify specific side effects associated with goal setting, including a narrow focus that neglects non-goal areas, a rise in unethical behavior, distorted risk preferences, corrosion of organizational culture, and reduced intrinsic motivation.
  3. Tech Isn’t All Brogrammers (Alexis Madrigal) — a reminder that there are real scientists and engineers in Silicon Valley working on problems considerably harder than selling ads and delivering pet food to one another. (via Brian Behlendorf)
  4. Numbers from 90+ Gamification Case Studies — cherry-picked anecdata for your business cases.
Four short links: 13 June 2014

Four short links: 13 June 2014

Decentralized Web, Reproducibility Talk, Javascript Microcontroller, and Docker Maturity

  1. Mapping the Decentralized Movement (Jon Udell) — the pendulum is about to swing back toward a more distributed Web.
  2. John Ioannidis: Reproducible Research, True or False? (YouTube) — his talk at Google. (via Paul Kedrosky)
  3. Tessel — a microcontroller that runs Javascript. For those who can’t handle C.</troll>
  4. Docker MisconceptionsThis is not impossible and can all be done – several large companies are already using Docker in production, but it’s definitely non-trivial. This will change as the ecosystem around Docker matures (via Flynn, Docker container hosting, etc), but currently if you’re going to attempt using Docker seriously in production, you need to be pretty skilled at systems management and orchestration.