"privacy" entries

Four short links: 25 November 2014

Four short links: 25 November 2014

NSA Playset, Open Access, XSS Framework, and Security Test Cases

  1. Michael Ossman and the NSA Playset — the guy who read the leaked descriptions of the NSA’s toolchest, built them, and open sourced the designs. One device, dubbed TWILIGHTVEGETABLE, is a knock off of an NSA-built GSM cell phone that’s designed to sniff and monitor Internet traffic. The ANT catalog lists it for $15,000; the NSA Playset researchers built one using a USB flash drive, a cheap SDR, and an antenna, for about $50. The most expensive device, a drone that spies on WiFi traffic called PORCUPINEMASQUERADE, costs about $600 to assemble. At Defcon, a complete NSA Playset toolkit was auctioned by the EFF for $2,250.
  2. Gates Foundation Announces World’s Strongest Policy on Open Access Research (Nature) — Once made open, papers must be published under a license that legally allows unrestricted re-use — including for commercial purposes. This might include ‘mining’ the text with computer software to draw conclusions and mix it with other work, distributing translations of the text, or selling republished versions. CC-BY! We believe that published research resulting from our funding should be promptly and broadly disseminated.
  3. Xenotixan advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 4700+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. Xenotix Scripting Engine allows you to create custom test cases and addons over the Xenotix API. It is incorporated with a feature-rich Information Gathering module for target Reconnaissance. The Exploit Framework includes offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.
  4. Firing Range — Google’s open source set of web security test cases for scanners.
Comment
Four short links: 14 November 2014

Four short links: 14 November 2014

Completing Maps, ChatOps, Career Design, and Data Privacy

  1. Missing Maps Fill In the Blanks (New Scientist) — OpenStreetMap project to crowdmap slums around the world.
  2. Chatops — devops deployment chatter with Hubot.
  3. Alternatives to Tech Career Ladders — Spotify trying to figure out how to keep engineers challenged as they become more senior.
  4. Mozilla’s Data Privacy Principles — well-articulated and useful: without pre-defined principles, it’s so easy to accidentally collect or poorly protect data.
Comment
Four short links: 11 November 2014

Four short links: 11 November 2014

High-Volume Logs, Regulated Broadband, Oculus Web, and Personal Data Vacuums

  1. Infrastructure for Data Streams — describing the high-volume log data use case for Apache Kafka, and how it plays out in storage and infrastructure.
  2. Obama: Treat Broadband and Mobile as Utility (Ars Technica) — In short, Obama is siding with consumer advocates who have lobbied for months in favor of reclassification while the telecommunications industry lobbied against it.
  3. MozVR — a website, and the tools that made it, designed to be seen through the Oculus Rift.
  4. All Cameras are Police Cameras (James Bridle) — how the slippery slope is ridden: When the Wall was initially constructed, the public were informed that this [automatic license plate recognition] data would only be held, and regularly purged, by Transport for London, who oversee traffic matters in the city. However, within less than five years, the Home Secretary gave the Metropolitan Police full access to this system, which allowed them to take a complete copy of the data produced by the system. This permission to access the data was granted to the Police on the sole condition that they only used it when National Security was under threat. But since the data was now in their possession, the Police reclassified it as “Crime” data and now use it for general policing matters, despite the wording of the original permission. As this data is not considered to be “personal data” within the definition of the law, the Police are under no obligation to destroy it, and may retain their ongoing record of all vehicle movements within the city for as long as they desire.
Comment
Four short links: 30 October 2014

Four short links: 30 October 2014

Security and Privacy, ISP Measurement, Github for Education, and Mobile Numbers

  1. A Critique of the Balancing Metaphor in Privacy and SecurityThe arguments presented by this paper are built on two underlying assertions. The first is that the assessment of surveillance measures often entails a judgement of whether any loss in privacy is legitimised by a justifiable increase in security. However, one fundamental difference between privacy and security is that privacy has two attainable end-states (absolute privacy through to the absolute absence of privacy), whereas security has only one attainable end-state (while the absolute absence of security is attainable, absolute security is a desired yet unobtainable goal). The second assertion, which builds upon the first, holds that because absolute security is desirable, new security interventions will continuously be developed, each potentially trading a small measure of privacy for a small rise in security. When assessed individually each intervention may constitute a justifiable trade-off. However, when combined together, these interventions will ultimately reduce privacy to zero. (via Alistair Croll)
  2. ISP Interconnection and its Impact on Consumer Internet Performance (Measurement Lab) — In researching our report, we found clear evidence that interconnection between major U.S. access ISPs (AT&T, Comcast, CenturyLink, Time Warner Cable, and Verizon) and transit ISPs Cogent, Level 3, and potentially XO was correlated directly with degraded consumer performance throughout 2013 and into 2014 (in some cases, ongoing as of publication). Degraded performance was most pronounced during peak use hours, which points to insufficient capacity and congestion as a causal factor. Further, by noting patterns of performance degradation for access/transit ISP pairs that were synchronized across locations, we were able to conclude that in many cases degradation was not the result of major infrastructure failures at any specific point in a network, but rather connected with the business relationships between ISPs.
  3. The Emergence of Github as Collaborative Platform for Education (PDF) — We argue that GitHub can support much of what traditional learning systems do, as well as go beyond them by supporting collaborative activities.
  4. Mobile is Eating the World (A16Z) — mobile becoming truly ubiquitous, bringing opportunities to use the construct “X is eating Y.”
Comment
Four short links: 20 October 2014

Four short links: 20 October 2014

Leaky Search, Conditional Javascript, Software Proofs, and Fake Identity

  1. Fix Mac OS Xeach time you start typing in Spotlight (to open an application or search for a file on your computer), your local search terms and location are sent to Apple and third parties (including Microsoft) under default settings on Yosemite (10.10). See also Net Monitor, an open source toolkit for finding phone-home behaviour.
  2. A/B Testing at Netflix (ACM) — Using a combination of static analysis to build a dependency tree, which is then consumed at request time to resolve conditional dependencies, we’re able to build customized payloads for the millions of unique experiences across Netflix.com.
  3. Leslie Lamport Interview SummaryOne idea about formal specifications that Lamport tries to dispel is that they require mathematical capabilities that are not available to programmers: “The mathematics that you need in order to write specifications is a lot simpler than any programming language […] Anyone who can write C code, should have no trouble understanding simple math, because C code is a hell of a lot more complicated than” first-order logic, sets, and functions. When I was at uni, profs worked on distributed data, distributed computation, and formal correctness. We have the first two, but so much flawed software that I can only dream of the third arriving.
  4. Fake Identity — generate fake identity data when testing systems.
Comment
Four short links: 8 October 2014

Four short links: 8 October 2014

Tracking Awareness, Simple GUIs, Service Design, and Pull-Based Development

  1. Floodwatcha Chrome extension that tracks the ads you see as you browse the internet. It offers tools to help you understand both the volume and the types of ads you’re being served during the course of normal browsing, with the goal of increasing awareness of how advertisers track your browsing behavior, build their version of your online identity, and target their ads to you as an individual.
  2. slfsrvcreate simple, cross-platform GUI applications, or wrap GUIs around command-line applications, using HTML/JS/CSS and your own browser.
  3. Service Design Toolkit downloads — posters and templates for workshops, posters, and exercises.
  4. Work Practices and Challenges in Pull-Based Development: The Integrator’s Perspective (PDF) — Our key findings are that integrators struggle to maintain the quality of their projects and have difficulties with prioritizing contributions that are to be merged. To which every open-source project maintainer says, “no shit Sherlock” and “thank god it’s not just me” simultaneously.
Comment
Four short links: 1 October 2014

Four short links: 1 October 2014

Robot Learning, Internet Confidentiality, Bootstrap Material Design, and Bitcoin Adoption

  1. Robotics Has Too Many Dreamers, Needs More Practical People (IEEE) — Grishin said that while looking for business opportunities, he saw too may entrepreneurs proposing cool new robots and concepts but with no business cases to support them. The robotics industry, he added, needs more startups to fail to allow entrepreneurs to learn from past mistakes and come up with more enduring plans. A reminder that first to found rarely correlates to biggest exit.
  2. Fixing the Internet for Confidentiality and Security (Mark Shuttleworth) — Every society, even today’s modern Western society, is prone to abusive governance. We should fear our own darknesses more than we fear others. I like the frame of “confidentiality” vs “privacy”.
  3. Bootstrap Material Design — a material design theme for Bootstrap. Material design (Google’s new design metaphor/language for interactive UIs) is important, to mobile and web what HIG was to MacOS, and it specifically tackles the noisy surprises that are app and web interfaces today.
  4. Simon Wardley on BitcoinWhy I think US will adopt bitcoin … it is currently backed by $284m in venture capital, you’re going to get it whether you like it or not.
Comment
Four short links: 17 September 2014

Four short links: 17 September 2014

Bubble Talk, Pants Build, HTML Processing, and Use Regulation

  1. Bill Gurley on Startups and Risk (Business Insider) — No one’s fearful, everyone’s greedy, and it will eventually end.
  2. Pants — a build system from Twitter and others.
  3. pup — commandline tool for parsing and processing HTML.
  4. Use Regulation (Slate) — the take on privacy that says that data collection isn’t inherently bad, it’s the (mis)use of the data that should be policed. The author of this piece is not a believer.
Comment
Four short links: 8 September 2014

Four short links: 8 September 2014

Glasshole Wiper, Complex Failures, Mail Startup, and Digital Media Disappointments

  1. Cyborg UnPlug — sits on your wifi network and will alert you if it finds Google Glass, Dropcam, spycams, and other unwanted wifi Klingons. Or it can automatically send deauth packets to those devices to try and boot them off the network.
  2. How Complex Systems Fail (PDF) — That practitioner actions are gambles appears clear after accidents; in general, post hoc analysis regards these gambles as poor ones. But the converse: that successful outcomes are also the result of gambles; is not widely appreciated.
  3. Schnail Mail — exciting new startup idea.
  4. Mapping Digital Media (Open Society) — analysis of media, online and off, in various regions and discussion of how it’s changing. Among the global findings: digitization has brought no pressure to reform state broadcasters, less than one-third of countries found that digital media have helped to expand the social impact of investigative journalism, and digitization has not significantly affected total news diversity.
Comment: 1
Four short links: 4 September 2014

Four short links: 4 September 2014

Makerspace Libraries, xkcd Author Profiled, On Victim Shaming, and Generated Covers

  1. Makerspaces Coming to Libraries (Wired) — [W]hile I’m just as sentimental about the primacy of hard copy, the librarians aren’t. As they all tell me, their job is helping with access to knowledge—not all of which comes in codex form and much of which is deeply social. Libraries aren’t just warehouses for documents; they’re places to exchange information.
  2. Rolling Stone Feature on Randall MunroeWhen you’re talking about pure research, every year it’s a longer trip to the cutting edge. Students have to spend a larger percentage of their careers catching up to the people who have gone before them. My solution to that is to tackle problems that are so weird that no one serious has ever spent any time on them. (via BoingBoing)
  3. Not Safe for Working On (Dan Kaminsky) — some things that needed to be said, and which couldn’t have been said better, about security, victim shaming, and separating the 2% from the 98%.
  4. Generative eBook Covers — very cool (with code) system for programmatically generating aesthetic and interesting ebook covers. I particularly like the face-recognition-in-engravings look.
Comment