Four short links: 31 July 2014

Four short links: 31 July 2014

OCR in Javascript, Insecure IoT, USB Considered Insecure, and Use AdBlock Plus

  1. Ocrad.js — open source OCR in Javascript, a port of GNU Ocrad software.
  2. HP’s IoT Security Research (PDF) — 70% of devices use unencrypted network services, 90% of devices collected at least one piece of personal information, 60% of those that have UIs are vulnerable to things like XSS, 60% didn’t use encryption when downloading software updates, …
  3. USB Security Flawed From Foundation (Wired) — The element of Nohl and Lell’s research that elevates it above the average theoretical threat is the notion that the infection can travel both from computer to USB and vice versa. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device’s owner to detect it. And likewise, any USB device could silently infect a user’s computer. “It goes both ways,” Nohl says. “Nobody can trust anybody.” [...] “In this new way of thinking, you can’t trust a USB just because its storage doesn’t contain a virus. Trust must come from the fact that no one malicious has ever touched it,” says Nohl. “You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer. And that’s incompatible with how we use USB devices right now.”
  4. AdBlock vs AdBlock Plus — short answer: the genuinely open source AdBlock Plus, because AdBlock resiled from being open source, phones home, has misleading changelog entries, …. No longer trustworthy.

Jeremy Rifkin unveils a return to the local in an interconnected future

Internet of Things, local energy sources, and online collaboration underlie the Zero Marginal Cost Society.


Stratasys’ Education, R&D departments and MIT’s Self-Assembly Lab are researching 4D printing — manufacturing one-off objects that can change their shapes or other physical characteristics in response to their environment. (View the video.)

Jeremy Rifkin is always predicting an avalanche of change: substitutes for human labor in The End of Work, pervasive genetic engineering in Algeny, and so on. Several interlocking themes run through his latest book, The Zero Marginal Cost Society. Behind everything lies the renewed importance of local resources: local energy production, local manufacturing, local governance. And the Internet that ties us all together (evolving into the Internet of Things) will, ironically, bolster local power.
Read more…

Four short links: 16 July 2014

Four short links: 16 July 2014

Distributed Systems Design 101, Patent Trolls, Intel's Half a Billion from IoT, and Google's Project Zero.

  1. Inside bit.ly’s Distributed Systems — this is a 101 for modern web distributed systems design.
  2. Patent Trolls are Now 67% of New Patent Lawsuits in USA (WaPo) — data from PwC.
  3. Intel Made Half a Billion from Internet of Things Last Year (Quartz) — half a billion here, half a billion there, pretty soon it adds up to real money.
  4. Google’s Project Zero (Wired) — G pays a team to attack common software and report the bugs to the manufacturer. Interesting hypothesis about how the numbers inbalance between Every Russian 14 Year Old and this small team doesn’t matter: modern hacker exploits often chain together a series of hackable flaws to defeat a computer’s defenses. Kill one of those bugs and the entire exploit fails. That means Project Zero may be able to nix entire collections of exploits by finding and patching flaws in a small part of an operating system, like the “sandbox” that’s meant to limit an application’s access to the rest of the computer. ”On certain attack surfaces, we’re optimistic we can fix the bugs faster than they’re being introduced,” Hawkes says. “If you funnel your research into these limited areas, you increase the chances of bug collisions.”

Governments can bridge costs and services gaps with sensor networks

Government sensor networks can streamline processes, cut labor costs, and improve services.

Contributing authors: Andre Bierzynski and Kevin Chrapaty.

Screenshot from the Waze app.

What if government agencies followed in the footsteps of Waze, a community-driven mobile phone app that collects location data through GPS and allows its users to report accidents and traffic jams, providing real-time, location-specific traffic alerts?

It’s not news to anyone who works in government that we live in a time of ever-tighter budgets and ever-increasing needs. The 2013 federal shutdown only highlighted this precarious situation: government finds it increasingly difficult to summon the resources and manpower needed to meet its current responsibilities, yet faces new ones after each Congressional session.

Sensor networks are an important emerging technology that some areas of government already are implementing to bridge the widening gap between the demand to reduce costs and the demand to improve services. The Department of Defense, for instance, uses RFID chips to monitor its supply chain more accurately, while the U.S. Geological Survey employs sensors to remotely monitor the bacterial levels of rivers and lakes in real time. Additionally, the General Services Administration has begun using sensors to measure and verify the energy efficiency of “green” buildings (PDF), and the Department of Transportation relies on sensors to monitor traffic and control traffic signals and roadways. All of which is productive, but more needs to be done. Read more…

Comment: 1

Mesh networking extends IoT reach

A suitable network topology for building automation.

XBee_Series_2_with_Whip_AntennaEditor’s note: this article is part of a series exploring the role of networking in the Internet of Things.

Today we are going to consider the attributes of wireless mesh networking, particularly in the context of our building monitoring and energy application.

A host of new mesh networking technologies came upon the scene in the mid-2000s through start-up ventures such as Millennial Net, Ember, Dust Networks, and others. The mesh network topology is ideally suited to provide broad area coverage for low-power, low-data rate applications found in application areas like industrial automation, home and commercial building automation, medical monitoring, and agriculture.

Read more…

Comment: 1
Four short links: 11 July 2014

Four short links: 11 July 2014

Curated Code, Hackable Browser, IoT Should Be Open, and Better Treemaps

  1. Awesome Awesomeness — list of curated collections of frameworks and libraries in various languages that do not suck. They solve the problem of “so, I’m new to (language) and don’t want to kiss a lot of frogs before I find the right tool for a particular task”.
  2. Breach — a hackable, modular web browser.
  3. The CompuServe of Things (Phil Windley) — How we build the Internet of Things has far-reaching consequences for the humans who will use—or be used by—it. Will we push forward, connecting things using forests of silos that are reminiscent the online services of the 1980’s, or will we learn the lessons of the Internet and build a true Internet of Things? (via Cory Doctorow)
  4. FoamTree — nifty treemap layouts and animations, in Javascript. (via Flowing Data)
Comment: 1

There are many use cases for graph databases and analytics

Business users are becoming more comfortable with graph analytics.

GraphLab graphThe rise of sensors and connected devices will lead to applications that draw from network/graph data management and analytics. As the number of devices surpasses the number of people — Cisco estimates 50 billion connected devices by 2020 — one can imagine applications that depend on data stored in graphs with many more nodes and edges than the ones currently maintained by social media companies.

This means that researchers and companies will need to produce real-time tools and techniques that scale to much larger graphs (measured in terms of nodes & edges). I previously listed tools for tapping into graph data, and I continue to track improvements in accessibility, scalability, and performance. For example, at the just-concluded Spark Summit, it was apparent that GraphX remains a high-priority project within the Spark1 ecosystem.

Read more…

Comments: 4
Four short links: 3 July 2014

Four short links: 3 July 2014

Go Libraries, Salary Transparency, Printed Houses, and IoT Alliance

  1. DropBox Opensources Go Libraries — including memcache and a general abstraction for caching layers.
  2. Transparency with Salaries (NPR) — Atkison has meetings like this all the time. He says it gives him a chance to explain why some employees make more than others — and to explain to employees how they can make more. For a lot of employees, knowing what everyone makes is less exciting than it seems. By moving from negotiation to clear expectations of salary levels, bumps, etc., I can also see it helping the company understand what it values.
  3. Printing Buildings from Recycled Materials (ComputerWorld) — The printers, supplied by WinSun Decoration Design Engineering, are 20 feet tall, 33 feet wide and 132 feet long. Like their desktop counterparts, the construction-grade WinSun 3D printers use a fused deposition modeling (FDM) technology to deposit materials one layer at a time in a process that’s similar to squeezing frosting from a pastry bag. 10 single-room buildings in a day. (via Slashdot)
  4. Microsoft Joins Internet-of-Things Alliance (Computerworld) — more vendors joining AllSeen Alliance to agree on the open comms standards for IoT apps and devices. Google/Nest notable by their absence.
Four short links: 30 June 2014

Four short links: 30 June 2014

Interacting with Connected Objects, Continuous Security Review, Chess AI, and Scott Hanselman is Hilarious

  1. Interacting with a World of Connected Objects (Tom Coates) — notes from one of my favourite Foo Camp sessions.
  2. Security Considerations with Continuous Deployment (IBM) — rundown of categories of security issues your org might face, and how to tackle them in the continuous deployment cycle. (via Emma Jane Westby)
  3. The Chess Master and the Computer (Garry Kasparov) — Increasingly, a move isn’t good or bad because it looks that way or because it hasn’t been done that way before. It’s simply good if it works and bad if it doesn’t. Although we still require a strong measure of intuition and logic to play well, humans today are starting to play more like computers. (via Alexis Madrigal)
  4. Virtual Machines, Javascript, and Assembler (YouTube) — hilarious Velocity keynote by Scott Hanselman.
Comment: 1

Four short links: 26 June 2014

IoT Future, Latency Numbers, Mobile Performance, and Minimum Viable Bureaucracy

  1. Charlie Stross on 2034every object in the real world is going to be providing a constant stream of metadata about its environment — and I mean every object. The frameworks used for channeling this firehose of environment data are going to be insecure and ramshackle, with foundations built on decades-old design errors. (via BoingBoing)
  2. Latency Numbers Every Programmer Should Know — awesome animation so you can see how important “constants” which drive design decisions have changed over time.
  3. Extreme Web Performance for Mobile Devices (Slideshare) — notes from Maximiliano Firtman’s Velocity tutorial.
  4. Minimum Viable Bureaucracy (Laura Thomson) — notes from her Velocity talk. A portion of engineer’s time must be spent on what engineer thinks is important. It may be 100%. It may be 60%, 40%, 20%. But it should never be zero.