"open source" entries

Four short links: 23 December 2015

Four short links: 23 December 2015

Software Leaders, Hadoop Ecosystem, GPS Spoofing, and Explaining Models

  1. Things Software Leaders Should Know (Ben Gracewood) — If you have people things and tech things on your to-do list, put the people things first on the list.
  2. The Hadoop Ecosystem — table of the different projects across the Hadoop ecosystem.
  3. Narcos GPS-Spoofing Border Drones — not only are the border drones expensive and ineffective, now they’re being tricked. Basic trade-off: more reliability or longer flight times?
  4. A Model Explanation System (PDF) — you can explain any machine-learned decision, though not necessarily the way the model came to the decision. Confused? This summary might help. Explainability is not a property of the model.
Comment
Four short links: 21 December 2015

Four short links: 21 December 2015

Anomaly Detection, Contempt Culture, Deep Learning Robot, and Compromised Firewalls

  1. Bro — open source intrusion and anomaly detection service, turns everything into events that you can run scripts against. Good pedigree (Vern Paxson, a TCP/IP elder god) despite the wince-inducing name (at least it isn’t “brah”).
  2. Contempt Culture (Aurynn) — for a culture that now prides itself on continuous improvement and blameless post-mortems and so on, we’re blind to a contempt culture that produces cults of criticism like “PHP isn’t a real programming language,” etc., where the targets of the criticism are pathways disproportionately taken by women and minorities. I’m embarrassed by how much of 2001-era Nat I recognise in Aurynn’s description.
  3. Deep Learning RobotBuilt for advanced research in robotics and artificial intelligence (deep learning). Pre-installed Google TensorFlow, Robot Operating System (ROS), Caffe, Torch, Theano, CUDA, and cuDNN.
  4. Juniper ScreenOS Backdoor — here’s the ssh password that’ll get you into any unpatched Juniper firewall, courtesy a backdoor that will be keeping network admins and CEOs alike awake and unhappy around the world. The interesting analysis with long-term effects will be “how the hell did it get in there?”
Comment: 1
Four short links: 18 December 2015

Four short links: 18 December 2015

Malicious Traffic, Visual Analysis, C History, and Immersive Gaming

  1. Maltraila malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists[…]. Also, it has (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware). (via Nick Galbreath)
  2. Vega-Litehigh-level grammar for visual analysis, built on top of Vega. (via Curran Kelleher)
  3. C History — Dennis Ritchie’s 1993 notes on the history of the C programming language explains the origins of a.out and arrays as pointers, and has a reminder of how tight those systems were: Of the 24K bytes of memory on the machine, the earliest PDP-11 Unix system used 12K bytes for the operating system, a tiny space for user programs, and the remainder as a RAM disk.
  4. Zero Latency — immersive gaming with Oculus headsets. Detailed and positive.
Comment
Four short links: 15 December 2015

Four short links: 15 December 2015

Barbie Broken, JSON Database, Lightbulb DRM, and Graph Database

  1. Crypto is Hard says Hello BarbieWe discovered several issues with the Hello Barbie app including: it utilizes an authentication credential that can be re-used by attackers; it connects a mobile device to any unsecured Wi-Fi network if it has “Barbie” in the name; it shipped with unused code that serves no function but increases the overall attack surface. On the server side, we also discovered: client certificate authentication credentials can be used outside of the app by attackers to probe any of the Hello Barbie cloud servers; the ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack. (via Ars Technica)
  2. Kinto — Mozilla’s open source lightweight JSON storage service with synchronisation and sharing abilities. It is meant to be easy to use and easy to self-host.
  3. Philips Blocks 3rd Party Lightbulbs — DRM for light fixtures. cf @internetofsh*t
  4. gaffer — GCHQ-released open source graph database. …a framework that makes it easy to store large-scale graphs in which the nodes and edges have statistics such as counts, histograms, and sketches. These statistics summarise the properties of the nodes and edges over time windows, and they can be dynamically updated over time. Gaffer is a graph database, rather than a graph processing system. It is optimised for retrieving data on nodes of interest. IHNJH,IJLTS “nodes of interest.”
Comment
Four short links: 8 December 2015

Four short links: 8 December 2015

Open Source ZeroDB, HTTP Statuses, Project Activity, and Database Readings

  1. ZeroDB is Open Source — end-to-end encrypted database goes open source (AGPL, *ptui*).
  2. Choosing an HTTP Status Code — or “an alternative to engineers duelling.”
  3. Open Source Monthly — views of open source projects through their GitHub activity.
  4. Readings in Database Science (5ed) — HTML and PDF versions of the papers.
Comment: 1
Four short links: 7 December 2015

Four short links: 7 December 2015

Telepresent Axeman, Toxic Workers, Analysis Code, and Cryptocurrency Attacks

  1. Axe-Wielding Robot w/Telepresence (YouTube) — graphic robot-on-wall action at 2m30s. (via IEEE)
  2. Toxic Workers (PDF) — In comparing the two costs, even if a firm could replace an average worker with one who performs in the top 1%, it would still be better off by replacing a toxic worker with an average worker by more than two-to-one. Harvard Business School research. (via Fortune)
  3. Replacing Sawzall (Google) — At Google, most Sawzall analysis has been replaced by Go […] we’ve developed a set of Go libraries that we call Lingo (for Logs in Go). Lingo includes a table aggregation library that brings the powerful features of Sawzall aggregation tables to Go, using reflection to support user-defined types for table keys and values. It also provides default behavior for setting up and running a MapReduce that reads data from the logs proxy. The result is that Lingo analysis code is often as concise and simple as (and sometimes simpler than) the Sawzall equivalent.
  4. Attacks in the World of Cryptocurrency — a review of some of the discussed weakness, attacks, or oddities in cryptocurrency (esp. bitcoin).
Comment
Four short links: 2 December 2015

Four short links: 2 December 2015

Regulating Addictive Attention, Microservice Middleware, Better 3D Scanning, and Anti-Disassembly Tricks

  1. If the Internet is Addictive, Why Don’t We Regulate It? — an excellent look at behaviourism, gambling machine flow, design-for-addiction, attention, regulation. As Schüll puts it: ‘It just seems very duplicitous to design with the goal of capturing attention, and then to put the whole burden onto the individual.’
  2. Zipnish — using varnish as middleware for your microservices, with Zipnish to create Zipkin-style analysis of your API performance.
  3. Using Polarisation to Improve 3D Scanning (PDF) — The proposed technique can resolve finer detail than some laser scannners
  4. Anti-Disassembly Tricks Used in Malware — also “things I remember from trying to break copy protection in 1980s games.”
Comment
Four short links: 30 November 2015

Four short links: 30 November 2015

Chinese Manufacturing, Visual Question Answering, Editing Animal Genes, and AIs for RTS Games

  1. Behind the Hoverboard Craze (BoingBoing) — Bernstein is interested in this phenomenon as “memeufacturing” — a couple of social-media stars (or garden-variety celebs) post viral videos of themselves using an obscure gadget, and halfway around the world, factories shut down their e-cig lines and convert them, almost overnight, to hoverboard manufacturing lines. Bernstein cites a source who says that there are 1,000 hoverboard factories in South China.
  2. neural-vqaVIS+LSTM model for Visual Question Answering. Scroll to the end and see the questions it’s answering about photos.
  3. Open Season in Editing Genes of Animals (NY Times) — “We’re going to see a stream of edited animals coming through because it’s so easy,” said Bruce Whitelaw, a professor of animal biotechnology at the Roslin Institute at the University of Edinburgh. “It’s going to change the societal question from, ‘If we could do it, would we want it?’ to, ‘Next year we will have it; will we allow it?’”
  4. RTS AI (PDF) — standard techniques used for playing classic board games, such as game tree search, cannot be directly applied to solve RTS games without the definition of some level of abstraction, or some other simplification. Interestingly enough, humans seem to be able to deal with the complexity of RTS games, and are still vastly superior to computers in these types of games. Talks about the challenges in writing AIs for Real-Time Strategy games.
Comment
Four short links: 25 November 2015

Four short links: 25 November 2015

Faking Magstripes, Embedded Database, Another Embedded Database, Multicamera Array

  1. magspoofa portable device that can spoof/emulate any magnetic stripe or credit card “wirelessly,” even on standard magstripe readers.
  2. LittleD — open source relational database for embedded devices and sensors nodes.
  3. iondb — open source key-value datastore for resource constrained systems.
  4. Stanford Multicamera Array — 128 cameras, reconfigurable. If the cameras are packed close together, then the system effectively functions as a single-center-of-projection synthetic camera, which we can configure to provide unprecedented performance along one or more imaging dimensions, such as resolution, signal-to-noise ratio, dynamic range, depth of field, frame rate, or spectral sensitivity. If the cameras are placed farther apart, then the system functions as a multiple-center-of-projection camera, and the data it captures is called a light field. Of particular interest to us are novel methods for estimating 3D scene geometry from the dense imagery captured by the array, and novel ways to construct multi-perspective panoramas from light fields, whether captured by this array or not. Finally, if the cameras are placed at an intermediate spacing, then the system functions as a single camera with a large synthetic aperture, which allows us to see through partially occluding environments like foliage or crowds.
Comment
Four short links: 24 November 2015

Four short links: 24 November 2015

Tabular Data, Distrusting Authority, Data is the Future, and Remote Working Challenges

  1. uitable — cute library for tabular data in console golang programs.
  2. Did Carnegie Mellon Attack Tor for the FBI? (Bruce Schneier) — The behavior of the researchers is reprehensible, but the real issue is that CERT Coordination Center (CERT/CC) has lost its credibility as an honest broker. The researchers discovered this vulnerability and submitted it to CERT. Neither the researchers nor CERT disclosed this vulnerability to the Tor Project. Instead, the researchers apparently used this vulnerability to deanonymize a large number of hidden service visitors and provide the information to the FBI. Does anyone still trust CERT to behave in the Internet’s best interests? Analogous to the CIA organizing a fake vaccination drive to get close to Osama. “Intelligence” agencies.
  3. Google Open-Sourcing TensorFlow Shows AI’s Future is Data not Code (Wired) — something we’ve been saying for a long time.
  4. Challenges of Working Remote (Moishe Lettvin) — the things that make working remote hard aren’t, primarily, logistical; they’re emotional.
Comment