ENTRIES TAGGED "security"

Four short links: 21 October 2014

Four short links: 21 October 2014

Data Delusions, OS Robotics, Insecure Crypto, and Free Icons

  1. The Delusions of Big Data (IEEE) — When you have large amounts of data, your appetite for hypotheses tends to get even larger. And if it’s growing faster than the statistical strength of the data, then many of your inferences are likely to be false. They are likely to be white noise.
  2. ROSCON 2014 — slides and videos of talks from Chicago open source robotics conference.
  3. Making Sure Crypto Stays Insecure (PDF) — Daniel J. Bernstein talk: This talk is actually a thought experiment: how could an attacker manipulate the ecosystem for insecurity?
  4. Material Design Icons — Google’s CC-licensed (attribution, sharealike) collection of sweet, straightforward icons.
Comment
Four short links: 20 October 2014

Four short links: 20 October 2014

Leaky Search, Conditional Javascript, Software Proofs, and Fake Identity

  1. Fix Mac OS Xeach time you start typing in Spotlight (to open an application or search for a file on your computer), your local search terms and location are sent to Apple and third parties (including Microsoft) under default settings on Yosemite (10.10). See also Net Monitor, an open source toolkit for finding phone-home behaviour.
  2. A/B Testing at Netflix (ACM) — Using a combination of static analysis to build a dependency tree, which is then consumed at request time to resolve conditional dependencies, we’re able to build customized payloads for the millions of unique experiences across Netflix.com.
  3. Leslie Lamport Interview SummaryOne idea about formal specifications that Lamport tries to dispel is that they require mathematical capabilities that are not available to programmers: “The mathematics that you need in order to write specifications is a lot simpler than any programming language [...] Anyone who can write C code, should have no trouble understanding simple math, because C code is a hell of a lot more complicated than” first-order logic, sets, and functions. When I was at uni, profs worked on distributed data, distributed computation, and formal correctness. We have the first two, but so much flawed software that I can only dream of the third arriving.
  4. Fake Identity — generate fake identity data when testing systems.
Comment
Four short links: 17 October 2014

Four short links: 17 October 2014

2FA, Copy Image Text, Electric Garbage Trucks, and MSFT's Q

  1. Time to Enable Two-Factor Authentication on Everything (Gizmodo) — instructions for enabling 2fa on Google, Facebook, and other common consumer Internet services. (via BoingBoing)
  2. Project Napthaautomatically applies state-of-the-art computer vision algorithms on every image you see while browsing the web. The result is a seamless and intuitive experience, where you can highlight as well as copy and paste and even edit and translate the text formerly trapped within an image. Chrome extension. (via Anil Dash)
  3. Garbage Trucks and FedEx Vans (IEEE) — Foo alum, Ian Wright, found traction for his electric car biz by selling powertrains for garbage trucks and Fedex vans. Trucks have 20-30y lifetime, but powertrains are replaced several times; the trucks for fleets are custom; and “The average garbage truck in the U.S. spends $55,000 a year on fuel, and up to $30,000 a year on maintenance, mostly brake replacements.”
  4. Microsoft’s Quantum Mechanics (MIT TR) — the race for the “topological qubit”, involving newly-discovered fundamental particles and large technology companies racing to be the first to make something that works.
Comment
Four short links: 10 October 2014

Four short links: 10 October 2014

Evolving Malware, Male Advocates, Every BU is an Internal Startup, and Amazonian Warehouses

  1. Slow Release MalwareProf. Vigna outlined scenarios in which an increasingly sophisticated and opaque breed of malicious executable will evolve to ‘mimic’ the behaviour patterns of benign software, in an attempt to avoid wasting its payload behaviour on a sandbox or virtualised environment. (via Slashdot)
  2. Top 10 Ways to be a Male Advocate — pass to any men in tech that you know.
  3. All Businesses are Now Digital Businesses (Vikram Kumar) — given that your business units are buying their own IT and thus reinventing their own business, How many CEOs and CIOs think of business units acting as tech start-ups?
  4. Amazon Opens First Physical Store (WSJ, paywall) — in NYC, for pickups, returns, exchanges, and same-day delivery of some items from the accompanying warehouse. I’m curious to see what of Amazon’s infrastructure, analytics, and other thin-margin tricks they can bring to substantial physical presence.
Comment
Four short links: 3 October 2014

Four short links: 3 October 2014

Physical Web, USB Horrors, Microsoft Sway, and Startup Code

  1. The Physical Web — a discovery service for physical things. Interesting to see a Google angle: the list of available things might be huge, so it’ll be sorted, and ranking long lists of results is a Core Competency.
  2. Unfixable USB Attack Closer — researchers have released code implementing the omgdoom USB firmware attack. (Not its formal name) (Yet)
  3. Sway — looks to me like Microsoft have productised the Medium design sense.
  4. How 50+ Startups Manage Their Code — I’m a full stack voyeur. I like to look.
Comments: 2
Four short links: 2 October 2014

Four short links: 2 October 2014

I Heart Logs, CS50 Eating The World, Meeting Transcripts, Binary Analysis

  1. I Heart Logs — I linked to Jay Kreps’s awesome blog post twice, and now he’s expanded it into a slim O’Reilly volume which I shall press into the hands of every engineer I meet. Have you heard the Good News?
  2. CS50 Record Numbers — nearly 12% of Harvard now takes Intro to CS. (via Greg Linden)
  3. SayIt — open source from MySociety, a whole new way to organise, publish,
    and share your transcripts
    . They really want to make a better experience for sharing and organising transcripts of meetings.
  4. BAP — Binary Analysis Platform from CMU. Translates binary into assembly and then into an intermediate language which explicitly represents the side effects of assembly instructions, such as flag computations.
Comment
Four short links: 1 October 2014

Four short links: 1 October 2014

Robot Learning, Internet Confidentiality, Bootstrap Material Design, and Bitcoin Adoption

  1. Robotics Has Too Many Dreamers, Needs More Practical People (IEEE) — Grishin said that while looking for business opportunities, he saw too may entrepreneurs proposing cool new robots and concepts but with no business cases to support them. The robotics industry, he added, needs more startups to fail to allow entrepreneurs to learn from past mistakes and come up with more enduring plans. A reminder that first to found rarely correlates to biggest exit.
  2. Fixing the Internet for Confidentiality and Security (Mark Shuttleworth) — Every society, even today’s modern Western society, is prone to abusive governance. We should fear our own darknesses more than we fear others. I like the frame of “confidentiality” vs “privacy”.
  3. Bootstrap Material Design — a material design theme for Bootstrap. Material design (Google’s new design metaphor/language for interactive UIs) is important, to mobile and web what HIG was to MacOS, and it specifically tackles the noisy surprises that are app and web interfaces today.
  4. Simon Wardley on BitcoinWhy I think US will adopt bitcoin … it is currently backed by $284m in venture capital, you’re going to get it whether you like it or not.
Comment

Stop hacking random stuff. It’s getting trivial.

Once we acknowledge nearly everything is insecure, we can engage in a more nuanced discussion about security.

Keep_Gate_Closed_mt2ri_FlickrI was gratified to read Dave Aitel’s rant about junk hacking last week [via Peter Lewis and abridged below]:

“Yes, we get it. Cars, boats, buses, and those singing fish plaques are all hackable and have no security. Most conferences these days have a whole track called ‘Junk I found around my house and how I am going to scare you by hacking it.’ That stuff is always going to be hackable whetherornotyouarethecalvalry.org.

“Yes, there is Junk in your garage, and you can hack it, and if
you find someone else who happens to have that exact same Junk, you can probably hack that, too, but maybe not, because testing is hard.

“Cars are the pinnacle of junk hacking, because they are meant to be in your garage. Obviously there is no security on car computers. Nor (and I hate to break the suspense) *will there ever be*. Yes, you can connect a device to my midlife crisis car and update the CPU of the battery itself with malware, which can in theory explode my whole car on the way to BJJ. I personally hope you don’t. But I know it’s possible the same way I know it’s possible to secretly rewire my toaster oven to overcook my toast every time even when I put it on the lowest setting, driving me slowly but surely insane.

“So in any case, enough with the Junk Hacking, and enough with being amazed when people hack their junk.”

Read more…

Comment: 1
Four short links: 25 September 2014

Four short links: 25 September 2014

Elevation Data, Soft Robots, Clean Data, and Security Souk

  1. NGA Releases Hi-Res Elevation Data — 30-meter topographic data for the world.
  2. Soft Roboticsa collection of shared resources to support the design, fabrication, modeling, characterization, and control of soft robotic devices. From Harvard.
  3. OpenGovIn many domains, it’s not so much about “big data” yet as it is about “clean data.”
  4. Mitnick’s Zero-Day Exploit Shop — marketplace connecting “corporate and government” buyers and sellers of zero-day exploits. Claims to vet buyers. Another hidden economy becoming public.
Comment
Four short links: 22 September 2014

Four short links: 22 September 2014

OS X Javascript, Social Key Party, E-Fail, and Microservices Testing

  1. Significance of Javascript For OS X Scripting — not just for shell scripting-type automation, now you can build Cocoa applications with Javascript. This is huge.
  2. keybase.io — social media as trust vector.
  3. I Banned E-Mail At My CompanyEmail should not be used to share information. Especially if that information is a resource that might be useful again in the future.
  4. Building Microservices at KarmaThe biggest challenge with microservices is testing. With a regular web application, an end-to-end test is easy: just click somewhere on the website, and see what changes in the database. But in our case, actions and eventual results are so far from another that it’s difficult to see exact cause and effect. A problem might bubble up from a chain, but where in the chain did it go wrong? It’s something we still haven’t solved.
Comment