- The Surprising Predictability of Android Lock Patterns (Ars Technica) — people use the same type of strategy for remembering a pattern as a password
- Peer to Peer Markets (PDF) — We discuss elements of market design that make this possible, including search and matching algorithms, pricing, and reputation systems. We then develop a simple model of how these markets enable entry by small or flexible suppliers, and the resulting impact on existing firms. Finally, we consider the regulation of peer-to-peer markets, and the economic arguments for different approaches to licensing and certification, data, and employment regulation.
- 16 Product Things I learned at Imgur — You can A/B test individuals, but it’s nearly impossible to A/B test communities because they work based on a mutually reinforcing self-conception. Use a combination of intuition (which comes from experience), talking to other community managers and 1:1 contact with a sample of your community. But you’ll still be wrong a lot.
- kaldi — a toolkit for speech recognition written in C++ and licensed under the Apache License v2.0
Four core questions that every security team must ask itself to develop its strategy in dealing with attacks.
Massive software vulnerabilities have been surfacing with increasingly high visibility, and the world’s computer administrators are repeatedly thrust into the cycle of confusion, anxiety, patching and waiting for the Next Big One. The list of high profile vulnerabilities in widely used software packages and platforms continues to rise. A recent phenomenon has researchers borrowing from the National Hurricane Center’s tradition, to introduce a vulnerability with a formal name. Similar to hurricanes and weather scientists, security researchers, analysts, and practitioners observe and track vulnerabilities as more details unfold and the true extent of the risk (and subsequent damage) is known.
Take for example the Android vulnerability released at the beginning of August, 20151. This vulnerability, named “Stagefright” after its eponymous application, can lead to remote code execution (RCE) through several vectors including MMS, Email, HTTP, Media applications, Bluetooth, and more. These factors coupled with the fact that at its release there were no approved patches available for upwards of 95% of the world’s mobile Android footprint means the vulnerability is serious — especially to any organization with a significant Android population.