- Talking to Big Machines (Jon Bruner) — “Selfless machines” coordinate across networks and modify their own operation to improve the output of the entire system.
- Docker Security — Containers do not contain and Stop assuming that Docker and the Linux kernel protect you from malware.
- Your Voice Assistant is Mine (PDF) — Through Android Intent mechanism, VoicEmployer triggers Google Voice Search to the foreground, and then plays prepared audio files (like “call number 1234 5678”) in the background. Google Voice Search can recognize this voice command and execute corresponding operations. With ingenious designs, our GVS-Attack can forge SMS/Email, access privacy information, transmit sensitive data and achieve remote control without any permission.
- escher (GitHub) — choiceless programming and non-Turing coding. Mind: blown.
ENTRIES TAGGED "open source"
OpenStack creates a structure for managing change without a benevolent dictator
Can education and peer review keep a huge open source project on track?
When does a software project grow to the point where one must explicitly think about governance? The term “governance” is stiff and gawky, but doing it well can carry a project through many a storm. Over the past couple years, the crucial OpenStack project has struggled with governance at least as much as with the technical and organizational issues of coordinating inputs from thousands of individuals and many companies.
A major milestone was the creation of the OpenStack Foundation, which I reported on in 2011. This event successfully started the participants’ engagement with the governance question, but it by no means resolved it. This past Monday, I attended some of the Open Cloud Day at O’Reilly’s Open Source convention, and talked to a lot of people working for or alongside the OpenStack Foundation about getting contributors to work together successfully in an open community. Read more…
Four short links: 23 July 2014
Selfless Machines, Docker Security, Voice Hacks, and Choiceless Programming
Online communities could benefit from the power of offline meetings
Face-to-face engagement can cement relationships and build depth in online communities.
As software vendors, open source projects, and companies in all fields rush to gather communities around themselves, I’m bothered that we haven’t spent much time studying the lessons face-to-face communities have forged over decades of intensive work by a dynamic community organizing movement. I have spoken twice at the Community Leadership Summit (CLS) about the tradition of community organizing as practiced by the classic social action group, Saul Alinsky’s Industrial Areas Foundation. Because we all understand that a community is people — not software, not meeting places, not rules or norms — it’s worth looking at how face-to-face communities flourish.
Storytelling and urban organizing session at CLS
Last week’s CLS event had several talks and sessions about face-to-face organizing, which the attendees liked to call offline meetings because we assume so much interaction between groups takes place nowadays on the Internet. As one can find at CLS, a passionate confluence and sharing among dedicated “people people,” there’s a great deal of power in offline meetings. An evening at a bar — or an alternative location for those who are uncomfortable in bars — can cement relationships and provide depth to the formal parts of the day. Read more…
Four short links: 22 July 2014
English lint, Scalable Replicated Datastore, There's People in my Software, and Sci-Fi for Ethics
- write-good — a naive `lint’ for English prose.
- cockroachdb — a scalable, geo-replicated, transactional datastore from a team that includes the person who built Spanner for Google. Spanner requires atomic clocks, cockroach does not (which has corresponding performance consequences). (via Wired)
- The Deep Convergence of Networks, Software, and People — as we wire up our digital products increasingly with interconnected networks, their nature is increasingly a product of the responses that come back from those networks. The experience cannot be wholly represented in mock prototypes that are coded to respond in predictable ways, or even using a set of preset random responses. The power of the application is seeing the emergent behaviour of the system, and recognizing that you are a participant in that emergent behaviour. (via Tim O’Reilly)
- An Ethics Class for Inventors, via Sci-Fi — “Reading science fiction is kind of like ethics class for inventors,” says Brueckner. Traditionally, technology schools ask ‘how do we build it?’ This class asks a different question: ‘should we?’
Transparency and transformation at PayPal
PayPal has gone through a cultural transformation with radical transparency as a cornerstone of the plan.
Three years ago, PayPal was growing exponentially, staying profitable and was considered the most successful online payments company in the world. This should have been the recipe of a company that was attracting top talent across the globe, and keeping their core engineers happy, thriving, and innovative. But, at the time, the PayPal engineering team wasn’t where they needed to be to stay ahead of the curve — they didn’t have the process, the tools, or the resources to extend their talent and stay engaged in creating amazing products and services.
Leadership had encouraged the formation of engineering silos to “concentrate expertise,” but this made it incredibly challenging to get things done. At the same time, popular services such as Google and Amazon were raising the bar for everybody. All businesses — not just software-focused businesses — needed to have websites (and mobile apps) that were snazzy and responsive in addition to being reliable. PayPal engineering needed to push the proverbial envelope to stay competitive in a fierce and unrelenting industry landscape.
For PayPal, the transformation started at the edge of the stack. The Kraken project, which was started by an internal team to support a new checkout system, proved that an open source platform could reduce time to market and still perform at scale. This was achieved largely in spite of the silo culture that ran rampant and tended to restrict innovation and creativity. Support from senior management and perception of less risk at the edge of the stack helped the project and ultimately unleashed a gold rush of interest in repeating the win with releases of internally developed improvements to other open source projects. When I came into PayPal, I received an avalanche of mail from teams who wanted to “open source something.”
Four short links: 17 July 2014
Software Ethics, Learning Challenges, Workplace Harassment, and Logging for Postmortems
- Misjudgements Will Drive Social Trials Underground (Nature) — 34 ethicists write to explain why they see Facebook’s mood-influence trials as not an egregious breach of either ethics or law. Notable: No one knows whether exposure to a stream of baby announcements, job promotions and humble brags makes Facebook’s one billion users sadder or happier. The exposure is a social experiment in which users become guinea pigs, but the effects will not be known unless they are studied.[...] But the extreme response to this study, some of which seems to have been made without full understanding of what it entailed or what legal and ethical standards require, could result in such research being done in secret or not at all. Compare wisdom of the ethicists to wisdom of the crowd. (via Kate Crawford)
- Problem-Free Activity in the Mathematics Classroom (PDF) — interesting not just for the bland crap work we make kids do, but for the summary of five types of need that stimulate learning: for certainty (“which of the two is right?”), for causality (“did X cause Y?”, “what will happen next?”), for computation (“how much will it cost?”, “how long will it take?”), for communication and persuasion (“it’s more fun when we work on this together”, “let me show you why I’m right!”), and for connection and structuring (“that can’t be right, it goes against all I know!”, “ah, that makes sense because …”). (via Kathy Sierra)
- Survey of Academic Field Experiences (PLoSone) — Our survey revealed that conducting research in the field exposes scientists to a number of negative experiences as targets and as bystanders. The experiences described by our respondents ranged from inadvertent alienating behavior, to unwanted verbal and physical sexual advances, to, most troublingly, sexual assault including rape. is immediately followed by These proportions of respondents experiencing harassment are generally consistent with other studies of workplace harassment in other professional settings. This will change when men’s behaviour and expectations change. Male readers, do your part: don’t harass and don’t tolerate it. This message brought to you from future generations who will wonder how the hell we turned a blind eye to it.
- sentry (github) — a realtime, platform-agnostic error logging and aggregation platform. It specializes in monitoring errors and extracting all the information needed to do a proper post-mortem without any of the hassle of the standard user feedback loop.
Four short links: 15 July 2014
Data Brokers, Car Data, Pattern Classification, and Hogwild Deep Learning
- Inside Data Brokers — very readable explanation of the data brokers and how their information is used to track advertising effectiveness.
- Elon, I Want My Data! — Telsa don’t give you access to the data that your cars collects. Bodes poorly for the Internet of Sealed Boxes. (via BoingBoing)
- Pattern Classification (Github) — collection of tutorials and examples for solving and understanding machine learning and pattern classification tasks.
- HOGWILD! (PDF) — the algorithm that Microsoft credit with the success of their Adam deep learning system.
Four short links: 14 July 2014
Scanner Malware, Cognitive Biases, Deep Learning, and Community Metrics
- Handheld Scanners Attack — shipping and logistics operations compromised by handheld scanners running malware-infested Windows XP.
- Adventures in Cognitive Biases (MIT) — web adventure to build your cognitive defences against biases.
- Quoc Le’s Lectures on Deep Learning — Machine Learning Summer School videos (4k!) of the deep learning lectures by Google Brain team member Quoc Le.
- FLOSS Community Metrics Talks — upcoming event at Puppet Labs in Portland. I hope they publish slides and video!
Four short links: 11 July 2014
Curated Code, Hackable Browser, IoT Should Be Open, and Better Treemaps
- Awesome Awesomeness — list of curated collections of frameworks and libraries in various languages that do not suck. They solve the problem of “so, I’m new to (language) and don’t want to kiss a lot of frogs before I find the right tool for a particular task”.
- Breach — a hackable, modular web browser.
- The CompuServe of Things (Phil Windley) — How we build the Internet of Things has far-reaching consequences for the humans who will use—or be used by—it. Will we push forward, connecting things using forests of silos that are reminiscent the online services of the 1980′s, or will we learn the lessons of the Internet and build a true Internet of Things? (via Cory Doctorow)
- FoamTree — nifty treemap layouts and animations, in Javascript. (via Flowing Data)
Four short links: 10 July 2014
Journalism Security, Inclusive Technology, Network Magic, and Python Anti-Patterns
- Ex-Google Hacker Taking On The World’s Spy Agencies (Wired) — profile of the security expert working on protecting reporters.
- Meet Google’s Security Princess (Elle) — would have preferred to see her story in Wired. Much is good here, but this is pithy and strong: “If you have ambitions to create technology for the whole world, you need to represent the whole world, and the whole world is not just white men.”
- snabb switch — open source Linux userspace executable for making network appliances. Processes millions of ethernet packets per second per core. Suitable for ISPs. Speaks natively to Ethernet hardware, Hypervisors, and the Linux kernel. You can program it with LuaJIT extensions to do anything you want.
- Anti-Patterns in Python Programming — gold.