"security" entries

“Internet of Things” is a temporary term

The O'Reilly Radar Podcast: Pilgrim Beart on the scale, challenges, and opportunities of the IoT.

Hills_album_public_domain_Internet_Archive_Flickr

Subscribe to the O’Reilly Radar Podcast to track the technologies and people that will shape our world in the years to come.

In this week’s Radar Podcast, O’Reilly’s Mary Treseler chatted with Pilgrim Beart about co-founding his company, AlertMe, and about why the scale of the Internet of Things creates as many challenges as it does opportunities. He also talked about the “gnarly problems” emerging from consumer wants and behaviors.

Read more…

Comment: 1
Four short links: 11 June 2015

Four short links: 11 June 2015

Jeff Han, Google Closure, Software Verification, and Sapir-Whorf Software

  1. The Untold Story of Microsoft’s Surface Hub (FastCo) — great press placement from Microsoft, but good to hear what Jeff Han has been working on. And interesting comment on the value of manufacturing in the US: “I don’t have to send my folks over to China, so they’re happier,” Han says. “It’s faster. There’s no language, time, or culture barrier to deal with. To have my engineers go down the hallway to talk to the guys in the manufacturing line and tune the recipe? That’s just incredible.”
  2. Five Years of Google Closure (Derek Slager) — Despite the lack of popularity, a number of companies have successfully used Google Closure for their production applications. Medium, Yelp, CloudKick (acquired by Rackspace), Cue (acquired by Apple), and IMS Health (my company) all use (or have used) Google Closure to power their production applications. And, importantly, the majority of Google’s flagship applications continue to be powered by Google Closure.
  3. Moving Fast with Software Verification (Facebook) — This paper describes our experience in integrating a verification tool based on static analysis into the software development cycle at Facebook. Contains a brief description of dev and release processes at Facebook: no QA …
  4. The Death of the von Neumann ArchitectureA computer program is the direct execution of any idea. If you restrict the execution, you restrict the idea. The Sapir-Whorf hypothesis for software.

Comment
Four short links: 9 June 2015

Four short links: 9 June 2015

Parallelising Without Coordination, AR/VR IxD, Medical Insecurity, and Online Privacy Lies

  1. The Declarative Imperative (Morning Paper) — on Dataflow. …a large class of recursive programs – all of basic Datalog – can be parallelized without any need for coordination. As a side note, this insight appears to have eluded the MapReduce community, where join is necessarily a blocking operator.
  2. Consensual Reality (Alistair Croll) — Among other things we discussed what Inbar calls his three rules for augmented reality design: 1. The content you see has to emerge from the real world and relate to it. 2. Should not distract you from the real world; must add to it. 3. Don’t use it when you don’t need it. If a film is better on the TV watch the TV.
  3. X-Rays Behaving BadlyAccording to the report, medical devices – in particular so-called picture archive and communications systems (PACS) radiologic imaging systems – are all but invisible to security monitoring systems and provide a ready platform for malware infections to lurk on hospital networks, and for malicious actors to launch attacks on other, high value IT assets. Among the revelations contained in the report: A malware infection at a TrapX customer site spread from a unmonitored PACS system to a key nurse’s workstation. The result: confidential hospital data was secreted off the network to a server hosted in Guiyang, China. Communications went out encrypted using port 443 (SSL) and were not detected by existing cyber defense software, so TrapX said it is unsure how many records may have been stolen.
  4. The Online Privacy Lie is Unraveling (TechCrunch) — The report authors’ argue it’s this sense of resignation that is resulting in data tradeoffs taking place — rather than consumers performing careful cost-benefit analysis to weigh up the pros and cons of giving up their data (as marketers try to claim). They also found that where consumers were most informed about marketing practices they were also more likely to be resigned to not being able to do anything to prevent their data being harvested. Something that didn’t make me regret clicking on a TechCrunch link.
Comment
Four short links: 5 June 2015

Four short links: 5 June 2015

IoT and New Hardware Movement, OpenCV 3, FBI vs Crypto, and Transactional Datastore

  1. New Hardware and the Internet of Things (Jon Bruner) — The Internet of Things and the new hardware movement are not the same thing. The new hardware movement is driven by new tools for: Prototyping (inexpensive 3D printers, CNC machine tools, cheap and powerful microcontrollers, high-level programming languages on embedded systems); Fundraising and business development (Highway1, Lab IX); Manufacturing (PCH, Seeed); Marketing (Etsy, Quirky). The IoT is driven by: Ubiquitous connectivity; Cheap hardware (i.e., the new hardware movement); Inexpensive data processing and machine learning.
  2. OpenCV 3.0 Released — I hadn’t realised how much hardware acceleration comes out of the box with OpenCV.
  3. FBI: Companies Should Help us Prevent Encryption (WaPo) — as Mike Loukides says, we are in a Post-Modern age where we don’t trust our computers and they don’t trust us. It’s jarring to hear the organisation that (over-zealously!) investigates computer crime arguing that citizens should not be able to secure their communications. It’s like police arguing against locks.
  4. cockroacha scalable, geo-replicated, transactional datastore. The Wired piece about it drops the factoid that the creators of GIMP worked on Google’s massive BigTable-successor, Colossus. From Photoshop-alike to massive file systems. Love it.
Comment
Four short links: 4 June 2015

Four short links: 4 June 2015

DARPA Robotics Challenge, Math Instruction, Microservices Construction, and Crypto Hardware Sans Spooks

  1. Pocket Guide to DARPA Robotics Challenge Finals (Robohub) — The robots will start in a vehicle, drive to a simulated disaster building, and then they’ll have to open doors, walk on rubble, and use tools. Finally, they’ll have to climb a flight of stairs. The fastest team with the same amount of points for completing tasks will win. The main issues teams will face are communications with their robot and battery life: “Even the best batteries are still roughly 10 times less energy-dense than the kinds of fuels we all use to get around,” said Pratt.
  2. Dan Meyer’s Dissertation — Dan came up with a way to make math class social and the vocabulary sticky.
  3. Monolith First — echoes the idea that platforms should come from successful apps (the way AWS emerged from operating the Amazon store) rather than be designed before use.
  4. Building a More Assured Hardware Security Module (PDF) — proposal for An open source reference design for HSMs; Scalable, first cut in an FPGA and CPU, later allow higher speed options; Composable, e.g. “Give me a key store and signer suitable for DNSsec”; Reasonable assurance by being open, diverse design team, and an increasingly assured tool-chain. See cryptech.is for more info.
Comment
Four short links: 2 June 2015

Four short links: 2 June 2015

Toyota Code, Sapir-Wharf-Emoji, Crowdsourcing Formal Proof, and Safety-Critical Code

  1. Toyota’s Spaghetti CodeToyota had more than 10,000 global variables. And he was critical of Toyota watchdog supervisor — software to detect the death of a task — design. He testified that Toyota’s watchdog supervisor ‘is incapable of ever detecting the death of a major task. That’s its whole job. It doesn’t do it. It’s not designed to do it.’ (via @qrush)
  2. Google’s Design Icons (Kevin Marks) — Google’s design icons distinguish eight kinds of airline seats but has none for trains or buses.
  3. Verigames — DARPA-funded game to crowdsource elements of formal proofs. (via Network World)
  4. 10 Rules for Writing Safety-Critical Code — which I can loosely summarize as “simple = safer, use the built-in checks, don’t play with fire.”
Comment: 1
Four short links: 21 May 2015

Four short links: 21 May 2015

Font Design, Pro Go, ICANN Foolishness, and Bad Organisations

  1. On Font Design (Kris Sowersby) — The many pairs of hands and eyes involved have made this typeface special for me. For the first time I don’t feel I have ownership of a typeface I have ostensibly “created.” Lovely to read about the design journey for a font.
  2. Why We Use GoWe use Go because it’s boring. Previously, we worked almost exclusively with Python, and after a certain point, it becomes a nightmare. You can bend Python to your will. You can hack it, you can monkey patch it, and you can write remarkably expressive, terse code. It’s also remarkably difficult to maintain and slow.
  3. Unfortunately We Have Renewed Our ICANN AccreditationYou can thank ICANN for this policy, because if it were up to us, and you tasked us with coming up with the most idiotic, damaging, phish-friendly, disaster-prone policy that accomplishes less than nothing and is utterly pointless, I question whether we would have been able to pull it off at this level. We’re simply out of our league here.
  4. Why Good Developers Write Bad Code (PDF) — trigger warning: software development pathologies from the real world.
Comment
Four short links: 18 May 2015

Four short links: 18 May 2015

Javascript Tools, Elements of Scale, 2FA Adoption, and Empathy

  1. Tools are the Problem Tools don’t solve problems any more; they have become the problem. There’s just too many of them, and they all include an incredible number of features that you don’t use on your site –but that users are still required to download and execute.
  2. Elements of Scale: Composing and Scaling Data Platforms (Ben Stopford) — today’s data platforms range greatly in complexity, from simple caching layers or polyglotic persistence right through to wholly integrated data pipelines. There are many paths. They go to many different places. In some of these places at least, nice things are found. So, the aim for this talk is to explain how and why some of these popular approaches work. We’ll do this by first considering the building blocks from which they are composed. These are the intuitions we’ll need to pull together the bigger stuff later on.
  3. Estimating Google’s 2FA AdoptionIf we project out to the current day (965 days later), that’s a growth of ~25M users (25,586,975). Add that to the ~14M base number of users (13,886,058) exiting the graph and we end up at a grand total of…nearly 40 million users (39,473,033) enrolled in Google’s 2SV. NB there’s a lot on the back of this envelope.
  4. Empathy and Product DevelopmentNone of this means that you shouldn’t A/B test or have other quantitative measure. But all of those will mean very little if you don’t have the qualitative context that only observation and usage can provide. Empathy is central to product development.
Comment: 1
Four short links: 12 May 2015

Four short links: 12 May 2015

Data Center Numbers, Utility Computing, NSA Art, and RIP CAP

  1. We Used to Build Steel Mills Near Cheap Sources of Power, but Now That’s Where We Build DatacentersHennessy & Patterson estimate that of the $90M cost of an example datacenter (just the facilities – not the servers), 82% is associated with power and cooling. The servers in the datacenter are estimated to only cost $70M. It’s not fair to compare those numbers directly since servers need to get replaced more often than datacenters; once you take into account the cost over the entire lifetime of the datacenter, the amortized cost of power and cooling comes out to be 33% of the total cost, when servers have a three-year lifetime and infrastructure has a 10-15 year lifetime. Going back to the Barroso and Holzle book, processors are responsible for about a third of the compute-related power draw in a datacenter (including networking), which means that just powering processors and their associated cooling and power distribution is about 11% of the total cost of operating a datacenter. By comparison, the cost of all networking equipment is 8%, and the cost of the employees that run the datacenter is 2%.
  2. Microsoft Invests in 3 Undersea Cable Projects — utility computing is an odd concept, given how quickly hardware cycles refresh. In the past, you could ask whether investors wanted to be in a high-growth, high-risk technology business or a stable blue-chip utility.
  3. Secret Power — Simon Denny’s NSA-logo-and-Snowden-inspired art makes me wish I could get to Venice. See also The Guardian piece on him.
  4. Please Stop Calling Databases CP or AP (Martin Kleppman) — The fact that we haven’t been able to classify even one datastore as unambiguously “AP” or “CP” should be telling us something: those are simply not the right labels to describe systems. I believe that we should stop putting datastores into the “AP” or “CP” buckets. So readable!
Comment
Four short links: 7 May 2015

Four short links: 7 May 2015

Predicting Hits, Pricing Strategies, Quis Calculiet Shifty Custodes, Docker Security

  1. Predicting a Billboard Music Hit (YouTube) — Shazam VP of Music and Platforms at Strata London. With relative accuracy, we can predict 33 days out what song will go to No. 1 on the Billboard charts in the U.S.
  2. Psychological Pricing Strategies — a handy wrap-up of evil^wuseful pricing strategies to know.
  3. What Two Programmers Have Revealed So Far About Seattle Police Officers Who Are Still in Uniformthrough their shrewd use of Washington’s Public Records Act, the two Seattle residents are now the closest thing the city has to a civilian police-oversight board. In the last year and a half, they have acquired hundreds of reports, videos, and 911 calls related to the Seattle Police Department’s internal investigations of officer misconduct between 2010 and 2013. And though they have only combed through a small portion of the data, they say they have found several instances of officers appearing to lie, use racist language, and use excessive force—with no consequences. In fact, they believe that the Office of Professional Accountability (OPA) has systematically “run interference” for cops. In the aforementioned cases of alleged officer misconduct, all of the involved officers were exonerated and still remain on the force.
  4. Understanding Docker Security and Best Practices — explanation of container security and a benchmark for security practices, though email addresses will need to be surrendered in exchange for the good info.
Comment