uitable — cute library for tabular data in console golang programs.
Did Carnegie Mellon Attack Tor for the FBI? (Bruce Schneier) — The behavior of the researchers is reprehensible, but the real issue is that CERT Coordination Center (CERT/CC) has lost its credibility as an honest broker. The researchers discovered this vulnerability and submitted it to CERT. Neither the researchers nor CERT disclosed this vulnerability to the Tor Project. Instead, the researchers apparently used this vulnerability to deanonymize a large number of hidden service visitors and provide the information to the FBI. Does anyone still trust CERT to behave in the Internet’s best interests? Analogous to the CIA organizing a fake vaccination drive to get close to Osama. “Intelligence” agencies.
Hospital Hacking (Bloomberg) — interesting for both lax regulation (“The FDA seems to literally be waiting for someone to be killed before they can say, ‘OK, yeah, this is something we need to worry about,’ ” Rios says.) and the extent of the problem (Last fall, analysts with TrapX Security, a firm based in San Mateo, Calif., began installing software in more than 60 hospitals to trace medical device hacks. […] After six months, TrapX concluded that all of the hospitals contained medical devices that had been infected by malware.). It may take a Vice President’s defibrillator being hacked for things to change. Or would anybody notice?
TensorFlow — Google released, as open source, their distributed machine learning system. The DataFlow programming framework is sweet, and the documentation is gorgeous. AMAZINGLY high-quality, sets the bar for any project. This may be 2015’s most important software release.
TensorFlow White Paper (PDF) — Compared to DistBelief [G’s first scalable distributed inference and training system], TensorFlow’s programming model is more flexible, its performance is significantly better, and it supports training and using a broader range of models on a wider variety of heterogeneous hardware platforms.
Neural Networks With Few Multiplications — paper with a method to eliminate most of the time-consuming floating point multiplications needed to update the intermediate virtual neurons as they learn. Speed has been one of the bugbears of deep neural networks.
Cybersecurity as RealPolitik — Dan Geer’s excellent talk from 2014 BlackHat. When younger people ask my advice on what they should do or study to make a career in cyber security, I can only advise specialization. Those of us who were in the game early enough and who have managed to retain an over-arching generalist knowledge can’t be replaced very easily because while absorbing most new information most of the time may have been possible when we began practice, no person starting from scratch can do that now. Serial specialization is now all that can be done in any practical way. Just looking at the Black Hat program will confirm that being really good at any one of the many topics presented here all but requires shutting out the demands of being good at any others.
Security and the Linux Kernel (WaPo) — the question is not “can the WaPo write intelligently about the Linux kernel and security?” (answer, by the way, is “yes”) but rather “why is the WaPo writing about Linux kernel and security?” Ladies and gentlemen, start your conspiracy engines.
TPP Might Prevent Governments from Auditing Source Code (Wired) — Article 14.17 of proposal, published at last today after years of secret negotiations, says: “No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.” The proposal includes an exception for critical infrastructure, but it’s not clear whether software involved in life or death situations, such as cars, airplanes, or medical devices would be included. One of many “what the heck does this mean for us?” analyses coming out. I’m waiting a few days until the analyses shake out before I get anything in a tangle.
Taiga — open source agile software project management tool (backlog, kanban, tasks, sprints, burndown charts, that sort of thing). (via Jef Vratny)
Confidant — a secret management system, for AWS, from Lyft. If you build services that need to talk to each other, it quickly gets difficult to distribute and manage permissions to those services. So, naturally, the solution is to add another service. (In accordance with the Fundamental Theorem of Computer Science.)
Emerging Cyber Threats Report (Georgia Tech) — no surprises, but another document to print and leave on the desk of the ostrich who thinks there’s no security problem.
Apple’s Secrecy Hurts Its AI Development (Bloomberg) — “Apple is off the scale in terms of secrecy,” says Richard Zemel, a professor in the computer science department at the University of Toronto. “They’re completely out of the loop.”
Swimming Robobees (Harvard) — The Harvard RoboBee, designed in Wood’s lab, is a microrobot, smaller than a paperclip, that flies and hovers like an insect, flapping its tiny, nearly invisible wings 120 times per second. It can fly and swim.
Android and Chrome — starting next year, the company will work with partners to build personal computers that run on Android, according to sources familiar with the company’s plans. The Chrome browser and operating systems aren’t disappearing — PC makers that produce Chromebooks will still be able to use Chrome.Security gurus sad because ChromeOS is most secure operating system in use.
Australia Floating the Idea of Cloud Passports — Under a cloud passport, a traveller’s identity and biometrics data would be stored in a cloud, so passengers would no longer need to carry their passports and risk having them lost or stolen. That sound you hear is Taylor Swift on Security, quoting “Wildest Dreams” into her vodka and Tang: “I can see the end as it begins.” This article is also notable for The idea of cloud passports is the result of a hipster-style-hackathon.
Jupyter — Python Notebooks that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Uses include: data cleaning and transformation, numerical simulation, statistical modeling, machine learning, and much more.
Telcos $24B Business In Your Data — Under the radar, Verizon, Sprint, Telefonica, and other carriers have partnered with firms including SAP, IBM, HP, and AirSage to manage, package, and sell various levels of data to marketers and other clients. It’s all part of a push by the world’s largest phone operators to counteract diminishing subscriber growth through new business ventures that tap into the data that showers from consumers’ mobile Web surfing, text messaging, and phone calls. Even if you do pay for it, you’re still the product.
Introducing Agate — a Python data analysis library designed to be useable by non-data-scientists, so leads to readable and predictable code. Target market: data journalists.
Little Rice: Smartphones, Xiaomi, and the Chinese Dream (Amazon) — Clay Shirky’s new 128-page book/report about how Xiaomi exemplifies the balancing act that China has to perfect to navigate between cheap copies and innovation, between the demands of local and global markets, and between freedom and control. I’d buy Clay’s shopping list, the same way I’d gladly listen to Neil Gaiman telling the time. (via BoingBoing)
Feed Siri Instructions From 16 Feet Away (Wired) — summary of a paywalled IEEE research paper Their clever hack uses those headphones’ cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone’s operating system to be audio coming from the user’s microphone. […] It generates its electromagnetic waves with a laptop running the open source software GNU Radio, a USRP software-defined radio, an amplifier, and an antenna.
User-Centered Design (Courtney Johnston) — the wall label should always give you cause to look back at the art work again. I love behaviour-based indirect measures of success like this.
Signals from Velocity New York — “If your company is creating a diversity plan and you’ve actually gone and counted people,” Liles said, “you’ve already lost.” If you’re motivated to count, then know you’ve already lost. You want to know by how much.
25 Women in Robotics You Need to Know About — The DARPA Robotics Challenge (DRC) Finals 2015 were similarly lacking; of the 444 robot builders representing 24 robot entrants, only 23 builders were women (though some of the most successful teams at the DRC had female team members). Given how multidisciplinary the field is, and how many different skills are required, we need to celebrate women who are achieving greatness in robotics until we are seeing more parity. Great list.
Awesome AWS — A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources.
The Web Authentication Arms Race — Cryptography can only be used to transfer existing trust or secrecy across time or space; if the attacker impersonates the defender before the user establishes anything, it becomes impossible for the user to tell which party is legitimate. This sentence, made in solid gold Yes.
The Uncertain Future of Emotion Analytics — A year before the launch of the first mass-produced personal computer, British academic David Collingridge wrote in his book “The Social Control of Technology” that “when change is easy, the need for it cannot be foreseen; when the need for change is apparent, change has become expensive, difficult, and time consuming.”
Automatic Face Recognition (Bruce Schneier) — Without meaningful regulation, we’re moving into a world where governments and corporations will be able to identify people both in real time and backwards in time, remotely and in secret, without consent or recourse.
Really Monitoring Your Systems — If you are not measuring and showing the maximum value, then you are hiding something. The number one indicator you should never get rid of is the maximum value. That’s not noise — it’s the signal; the rest is noise.
Haunted by Data (Maciej Ceglowski) — You can’t just set up an elaborate surveillance infrastructure and then decide to ignore it. These data pipelines take on an institutional life of their own, and it doesn’t help that people speak of the “data-driven organization” with the same religious fervor as a “Christ-centered life.”