"security" entries

Four short links: 22 July 2015

Four short links: 22 July 2015

Smart Headlights, Habitual Speed, AI Authors, and Programming Language Evolution

  1. Ford’s Smart Headlights — spotlights targeted by infra-red, and accumulating knowledge of fixed features to illuminate. Wonder what an attacker can do to it?
  2. Speed as a HabitYou don’t have to be militant about it, just consistently respond that today is better than tomorrow, that right now is better than six hours from now. This is chock full of good advice, and the occasional good story.
  3. Coding Creativity: Copyright and the Artificially Intelligent Author (PDF) — if AI creates cultural works (e.g., DeepDream images), who owns those works? Suggests that “work for hire” doctrine may be the way to answer that in the future. (via Andreas Schou)
  4. Punctuated Equilibrium in the Large-Scale Evolution of Programming Languages (PDF) — Here we study the large-scale historical development of programming languages, which have deeply marked social and technological advances in the last half century. We analyse their historical connections using network theory and reconstructed phylogenetic networks. Using both data analysis and network modeling, it is shown that their evolution is highly uneven, marked by innovation events where new languages are created out of improved combinations of different structural components belonging to previous languages. These radiation events occur in a bursty pattern and are tied to novel technological and social niches. The method can be extrapolated to other systems and consistently captures the major classes of languages and the widespread horizontal design exchanges, revealing a punctuated evolutionary path. (via Jarkko Hietaniemi)
Comment
Four short links: 20 July 2015

Four short links: 20 July 2015

Less Spam, Down on Dropdowns, Questioning Provable Security, and Crafting Packets

  1. Spam Under Half of Email (PDF) — Symantec report: There is good news this month on the email-based front of the threat landscape. According to our metrics, the overall spam rate has dropped to 49.7%. This is the first time this rate has fallen below 50% of email for over a decade. The last time Symantec recorded a similar spam rate was clear back in September of 2003.
  2. Dropdowns Should be the UI of Last Resort (Luke Wroblewski) — Well-designed forms make use of the most appropriate input control for each question they ask. Sometimes that’s a stepper, a radio group, or even a dropdown menu. But because they are hard to navigate, hide options by default, don’t support hierarchies, and only enable selection not editing, dropdowns shouldn’t be the first UI control you reach for. In today’s software designs, they often are. So instead, consider other input controls first and save the dropdown as a last resort.
  3. Another Look at Provable SecurityIn our time, one of the dominant paradigms in cryptographic research goes by the name “provable security.” This is the notion that the best (or, some would say, the only) way to have confidence in the security of a cryptographic protocol is to have a mathematically rigorous theorem that establishes some sort of guarantee of security (defined in a suitable way) under certain conditions and given certain assumptions. The purpose of this website is to encourage the emergence of a more skeptical and less credulous attitude toward this notion and to contribute to a process of critical analysis of the positive and negative features of the “provable security” paradigm.
  4. Pig (github) — a Linux packet crafting tool. You can use Pig to test your IDS/IPS among other stuffs.
Comment
Four short links: 15 July 2015

Four short links: 15 July 2015

OpeNSAurce, Multimaterial Printing, Functional Javascript, and Outlier Detection

  1. System Integrity Management Platform (Github) — NSA releases security compliance tool for government departments.
  2. 3D-Printed Explosive Jumping Robot Combines Firm and Squishy Parts (IEEE Spectrum) — Different parts of the robot grade over three orders of magnitude from stiff like plastic to squishy like rubber, through the use of nine different layers of 3D printed materials.
  3. Professor Frisby’s Mostly Adequate Guide to Functional Programming — a book on functional programming, using Javascript as the programming language.
  4. Tracking Down Villains — the software and algorithms that Netflix uses to detect outliers in their infrastructure monitoring.
Comment
Four short links: 3 July 2015

Four short links: 3 July 2015

Storage Interference, Open Source SSL, Pub-Sub Reverse-Proxy, and Web Components Checklist

  1. The Storage Tipping Pointthe performance optimization technologies of the last decade – log structured file systems, coalesced writes, out-of-place updates and, soon, byte-addressable NVRAM – are conflicting with similar-but-different techniques used in SSDs and arrays. The software we use is written for dumb storage; we’re getting smart storage; but smart+smart = fragmentation, write amplification, and over-consumption.
  2. s2n — Amazon’s open source ssl implementation.
  3. pushpina reverse proxy server that makes it easy to implement WebSocket, HTTP streaming, and HTTP long-polling services. It communicates with backend web applications using regular, short-lived HTTP requests (GRIP protocol). This allows backend applications to be written in any language and use any webserver.
  4. The Gold Standard Checklist for Web ComponentsThis is a working draft of a checklist to define a “gold standard” for web components that aspire to be as predictable, flexible, reliable, and useful as the standard HTML elements.
Comment

“Internet of Things” is a temporary term

The O'Reilly Radar Podcast: Pilgrim Beart on the scale, challenges, and opportunities of the IoT.

Hills_album_public_domain_Internet_Archive_Flickr

Subscribe to the O’Reilly Radar Podcast to track the technologies and people that will shape our world in the years to come.

In this week’s Radar Podcast, O’Reilly’s Mary Treseler chatted with Pilgrim Beart about co-founding his company, AlertMe, and about why the scale of the Internet of Things creates as many challenges as it does opportunities. He also talked about the “gnarly problems” emerging from consumer wants and behaviors.

Read more…

Comment: 1
Four short links: 11 June 2015

Four short links: 11 June 2015

Jeff Han, Google Closure, Software Verification, and Sapir-Whorf Software

  1. The Untold Story of Microsoft’s Surface Hub (FastCo) — great press placement from Microsoft, but good to hear what Jeff Han has been working on. And interesting comment on the value of manufacturing in the US: “I don’t have to send my folks over to China, so they’re happier,” Han says. “It’s faster. There’s no language, time, or culture barrier to deal with. To have my engineers go down the hallway to talk to the guys in the manufacturing line and tune the recipe? That’s just incredible.”
  2. Five Years of Google Closure (Derek Slager) — Despite the lack of popularity, a number of companies have successfully used Google Closure for their production applications. Medium, Yelp, CloudKick (acquired by Rackspace), Cue (acquired by Apple), and IMS Health (my company) all use (or have used) Google Closure to power their production applications. And, importantly, the majority of Google’s flagship applications continue to be powered by Google Closure.
  3. Moving Fast with Software Verification (Facebook) — This paper describes our experience in integrating a verification tool based on static analysis into the software development cycle at Facebook. Contains a brief description of dev and release processes at Facebook: no QA …
  4. The Death of the von Neumann ArchitectureA computer program is the direct execution of any idea. If you restrict the execution, you restrict the idea. The Sapir-Whorf hypothesis for software.

Comment
Four short links: 9 June 2015

Four short links: 9 June 2015

Parallelising Without Coordination, AR/VR IxD, Medical Insecurity, and Online Privacy Lies

  1. The Declarative Imperative (Morning Paper) — on Dataflow. …a large class of recursive programs – all of basic Datalog – can be parallelized without any need for coordination. As a side note, this insight appears to have eluded the MapReduce community, where join is necessarily a blocking operator.
  2. Consensual Reality (Alistair Croll) — Among other things we discussed what Inbar calls his three rules for augmented reality design: 1. The content you see has to emerge from the real world and relate to it. 2. Should not distract you from the real world; must add to it. 3. Don’t use it when you don’t need it. If a film is better on the TV watch the TV.
  3. X-Rays Behaving BadlyAccording to the report, medical devices – in particular so-called picture archive and communications systems (PACS) radiologic imaging systems – are all but invisible to security monitoring systems and provide a ready platform for malware infections to lurk on hospital networks, and for malicious actors to launch attacks on other, high value IT assets. Among the revelations contained in the report: A malware infection at a TrapX customer site spread from a unmonitored PACS system to a key nurse’s workstation. The result: confidential hospital data was secreted off the network to a server hosted in Guiyang, China. Communications went out encrypted using port 443 (SSL) and were not detected by existing cyber defense software, so TrapX said it is unsure how many records may have been stolen.
  4. The Online Privacy Lie is Unraveling (TechCrunch) — The report authors’ argue it’s this sense of resignation that is resulting in data tradeoffs taking place — rather than consumers performing careful cost-benefit analysis to weigh up the pros and cons of giving up their data (as marketers try to claim). They also found that where consumers were most informed about marketing practices they were also more likely to be resigned to not being able to do anything to prevent their data being harvested. Something that didn’t make me regret clicking on a TechCrunch link.
Comment
Four short links: 5 June 2015

Four short links: 5 June 2015

IoT and New Hardware Movement, OpenCV 3, FBI vs Crypto, and Transactional Datastore

  1. New Hardware and the Internet of Things (Jon Bruner) — The Internet of Things and the new hardware movement are not the same thing. The new hardware movement is driven by new tools for: Prototyping (inexpensive 3D printers, CNC machine tools, cheap and powerful microcontrollers, high-level programming languages on embedded systems); Fundraising and business development (Highway1, Lab IX); Manufacturing (PCH, Seeed); Marketing (Etsy, Quirky). The IoT is driven by: Ubiquitous connectivity; Cheap hardware (i.e., the new hardware movement); Inexpensive data processing and machine learning.
  2. OpenCV 3.0 Released — I hadn’t realised how much hardware acceleration comes out of the box with OpenCV.
  3. FBI: Companies Should Help us Prevent Encryption (WaPo) — as Mike Loukides says, we are in a Post-Modern age where we don’t trust our computers and they don’t trust us. It’s jarring to hear the organisation that (over-zealously!) investigates computer crime arguing that citizens should not be able to secure their communications. It’s like police arguing against locks.
  4. cockroacha scalable, geo-replicated, transactional datastore. The Wired piece about it drops the factoid that the creators of GIMP worked on Google’s massive BigTable-successor, Colossus. From Photoshop-alike to massive file systems. Love it.
Comment
Four short links: 4 June 2015

Four short links: 4 June 2015

DARPA Robotics Challenge, Math Instruction, Microservices Construction, and Crypto Hardware Sans Spooks

  1. Pocket Guide to DARPA Robotics Challenge Finals (Robohub) — The robots will start in a vehicle, drive to a simulated disaster building, and then they’ll have to open doors, walk on rubble, and use tools. Finally, they’ll have to climb a flight of stairs. The fastest team with the same amount of points for completing tasks will win. The main issues teams will face are communications with their robot and battery life: “Even the best batteries are still roughly 10 times less energy-dense than the kinds of fuels we all use to get around,” said Pratt.
  2. Dan Meyer’s Dissertation — Dan came up with a way to make math class social and the vocabulary sticky.
  3. Monolith First — echoes the idea that platforms should come from successful apps (the way AWS emerged from operating the Amazon store) rather than be designed before use.
  4. Building a More Assured Hardware Security Module (PDF) — proposal for An open source reference design for HSMs; Scalable, first cut in an FPGA and CPU, later allow higher speed options; Composable, e.g. “Give me a key store and signer suitable for DNSsec”; Reasonable assurance by being open, diverse design team, and an increasingly assured tool-chain. See cryptech.is for more info.
Comment
Four short links: 2 June 2015

Four short links: 2 June 2015

Toyota Code, Sapir-Wharf-Emoji, Crowdsourcing Formal Proof, and Safety-Critical Code

  1. Toyota’s Spaghetti CodeToyota had more than 10,000 global variables. And he was critical of Toyota watchdog supervisor — software to detect the death of a task — design. He testified that Toyota’s watchdog supervisor ‘is incapable of ever detecting the death of a major task. That’s its whole job. It doesn’t do it. It’s not designed to do it.’ (via @qrush)
  2. Google’s Design Icons (Kevin Marks) — Google’s design icons distinguish eight kinds of airline seats but has none for trains or buses.
  3. Verigames — DARPA-funded game to crowdsource elements of formal proofs. (via Network World)
  4. 10 Rules for Writing Safety-Critical Code — which I can loosely summarize as “simple = safer, use the built-in checks, don’t play with fire.”
Comment: 1