- frak — transforms collections of strings into regular expressions for matching those strings. The primary goal of this library is to generate regular expressions from a known set of inputs which avoid backtracking as much as possible.
- The Boolean Trap — crappy APIs where true/false don’t mean what they seem. None of this is new, but every generation has to learn it anew. (via Pete Warden)
- Gumbo — open source pure C HTML5 parser.
- All Those People With Cheap Android Phones Have Started Buying Apps (Quartz) — revenue generated by the Google Play Store, from which many Android users get their apps, has grown 67% over the past half-year. By contrast, Apple’s App Store revenue grew 15%, according to Distimo estimates, which cover the top 18 countries. That sounds less impressive if you consider that the App Store brought in twice as much revenue in absolute terms. But the numbers are shifting fast. In February, the App Store was generating three times as much revenue, and last November it out-earned Google Play by a factor of four. Google is gaining.
ENTRIES TAGGED "html"
Robo Regex, Crappy Code, HTML5 Parsing, and Play v App Numbers
3D Code, Malbuffering, p2p Hardware, and Crypto Challenges
- Meshlab — open source, portable, and extensible system for the processing and editing of unstructured 3D triangular meshes.
- HTML5 Video on iOS (Steve Souders) — While it’s true that Mobile Safari on iOS doesn’t buffer any video data as a result of the PRELOAD attribute, it does make other video requests that aren’t counted as “buffered” video. The number and size of the requests and responses depends on the video. For larger videos the total amount of data for these behind-the-scenes requests can be significant.
- Space Monkey (Kickstarter) — distributed encrypted peer-to-peer cloud service using custom hardware. Not open source, which would make me nervous that I was buying a botnet client with storage capability. (via BERG London)
- Matasano Crypto Challenges — Counting is not a hard problem. But cryptography is. There are just a few things you can screw up to get the size of a buffer wrong. There are tens, probably hundreds, of obscure little things you can do to take a cryptosystem that should be secure even against an adversary with more CPU cores than there are atoms in the solar system, and make it solveable with a Perl script and 15 seconds. Don’t take our word for it: do the challenges and you’ll see. People “know” this already, but they don’t really know it in their gut, and we think the reason for that is that very few people actually know how to implement the best-known attacks. So, mail us, and we’ll give you a tour of them.
Bitcoin Bundle, HTML Escaping, Open as in Gongkai, and Glass Reflections
- The Well Deserved Fortune of Satoshi Nakamoto — I can’t assure with 100% certainty that the all the black dots are owned by Satoshi, but almost all are owned by a single entity, and that entity began mining right from block 1, and with the same performance as the genesis block. It can be identified by constant slope segments that occasionally restart. Also this entity is the only entity that has shown complete trust in Bitcoin, since it hasn’t spend any coins (as last as the eye can see). I estimate at eyesight that Satoshi fortune is around 1M Bitcoins, or 100M USD at current exchange rate. Author’s credible. (via Hacker News)
- Houdini (Github) — C library for escaping and unescaping UTF-8-encoded HTML, according to OWASP guidelines.
- The $12 Gongkai Phone (Bunnie Huang) — gongkai isn’t a totally lawless free-for-all. It’s a network of ideas, spread peer-to-peer, with certain rules to enforce sharing and to prevent leeching. It’s very different from Western IP concepts, but I’m trying to have an open mind about it.
- Jan Chipchase on Google Glass (All Things D) — Any idiot can collect data. The real issue is how to collect data in such a way that meets both moral and legal obligations and still delivers some form of value. An interesting observation, one of many within this overview of the usability and third-party user experience of Google Glass-like UIs.
HTML DRM, South Korean Cyberwar, Display Advertising BotNet, and Red Scares
- Defend the Open Web: Keep DRM Out of W3C Standards (EFF) — W3C is there to create comprehensible, publicly-implementable standards that will guarantee interoperability, not to facilitate an explosion of new mutually-incompatible software and of sites and services that can only be accessed by particular devices or applications. See also Ian Hickson on the subject. (via BoingBoing)
- Inside the South Korean Cyber Attack (Ars Technica) — about thirty minutes after the broadcasters’ networks went down, the network of Korea Gas Corporation also suffered a roughly two-hour outage, as all 10 of its routed networks apparently went offline. Three of Shinhan Bank’s networks dropped offline as well [...] Given the relative simplicity of the code (despite its Roman military references), the malware could have been written by anyone.
- BotNet Racking Up Ad Impressions — observed the Chameleon botnet targeting a cluster of at least 202 websites. 14 billion ad impressions are served across these 202 websites per month. The botnet accounts for at least 9 billion of these ad impressions. At least 7 million distinct ad-exchange cookies are associated with the botnet per month. Advertisers are currently paying $0.69 CPM on average to serve display ad impressions to the botnet.
- Legal Manual for Cyberwar (Washington Post) — the main reason I care so much about security is that the US is in the middle of a CyberCommie scare. Politicians and bureaucrats so fear red teams under the bed that they’re clamouring for legal and contra methods to retaliate, and then blindly use those methods on domestic disobedience and even good citizenship. The parallels with the 50s and McCarthy are becoming painfully clear: we’re in for another witch-hunting time when we ruin good people (and bad) because a new type of inter-state hostility has created paranoia and distrust of the unknown. “Are you now, or have you ever been, a member of the nmap team?”
HTML DRM, Visualizing Medical Sciences, Lifelong Learning, and Hardware Hackery
- What Tim Berners-Lee Doesn’t Know About HTML DRM (Guardian) — Cory Doctorow lays it out straight. HTML DRM is a bad idea, no two ways. The future of the Web is the future of the world, because everything we do today involves the net and everything we’ll do tomorrow will require it. Now it proposes to sell out that trust, on the grounds that Big Content will lock up its “content” in Flash if it doesn’t get a veto over Web-innovation. [...] The W3C has a duty to send the DRM-peddlers packing, just as the US courts did in the case of digital TV.
- Visualizing the Topical Structure of the Medical Sciences: A Self-Organizing Map Approach (PLOSone) — a high-resolution visualization of the medical knowledge domain using the self-organizing map (SOM) method, based on a corpus of over two million publications.
- What Teens Get About The Internet That Parents Don’t (The Atlantic) — the Internet has been a lifeline for self-directed learning and connection to peers. In our research, we found that parents more often than not have a negative view of the role of the Internet in learning, but young people almost always have a positive one. (via Clive Thompson)
- Portable C64 — beautiful piece of C64 hardware hacking to embed a screen and battery in it. (via Hackaday)
Complex Exploit, Better Coding Tools, Online Coding Tools, and DIY 3D-Printed Dolls
- Tale of Two Pwnies (Chromium Blog) — So, how does one get full remote code execution in Chrome? In the case of Pinkie Pie’s exploit, it took a chain of six different bugs in order to successfully break out of the Chrome sandbox. Lest you think all attacks come from mouth-breathing script kiddies, this is how the pros do it. (via Bryan O’Sullivan)
- The Future is Specific (Chris Granger) — In traditional web-MVC, the code necessary to serve a single route is spread across many files in many different folders. In a normal editor this means you need to do a lot of context switching to get a sense for everything going on. Instead, this mode replaces the file picker with a route picker, as routes seem like the best logical unit for a website. There’s a revolution coming in web dev tools: we’ve had the programmer adapting to the frameworks with little but textual assistance from the IDE. I am loving this flood of creativity because it has the promise to reduce bugs and increase the speed by which we generate good code.
- Makie — design a doll online, they’ll 3d-print and ship it to you. Hello, future of manufacturing, fancy seeing you in a dollhouse!
Yahoo's Mojito lets you run code where it's easiest.
Craft Pharma, Silly Toy, Failure, and Android Image/Audio Capture
- 3D-Printing Pharmaceuticals (BoingBoing) — Prof Cronin added: “3D printers are becoming increasingly common and affordable. It’s entirely possible that, in the future, we could see chemical engineering technology which is prohibitively expensive today filter down to laboratories and small commercial enterprises. “Even more importantly, we could use 3D printers to revolutionise access to health care in the developing world, allowing diagnosis and treatment to happen in a much more efficient and economical way than is possible now.
- Bolt Action Tactical Pen (Uncrate) — silliness.
- Ken Robinson’s Sunday Sermon (Vimeo) — In our culture, not to know is to be at fault socially… People pretend to know lots of things they don’t know. Because the worst thing to do is appear to be uninformed about something, to not have an opinion… We should know the limits of our knowledge and understand what we don’t know, and be willing to explore things we don’t know without feeling embarrassed of not knowing about them. If you work with someone who hides ignorance or failure, you’re working with a timebomb and one of your highest priorities should be to change that mindset or replace the person. (via Maria Popova)
- Using Android Camera in HTML Apps (David Calhoun) — From your browser you can now upload pictures and videos from the camera as well as sounds from the microphone. The returned data should be available to manipulate via the File API (via Josh Clark)