ENTRIES TAGGED "security"
Internet Filter Creep, Innovating in E-Mail/Gmail, Connected Devices Business Strategy, and Ecology Recapitulates Photography
- Australian Filter Scope Creep — The Federal Government has confirmed its financial regulator has started requiring Australian Internet service providers to block websites suspected of providing fraudulent financial opportunities, in a move which appears to also open the door for other government agencies to unilaterally block sites they deem questionable in their own portfolios.
- Embedding Actions in Gmail — after years of benign neglect, it’s good to see Gmail worked on again. We’ve said for years that email’s a fertile ground for doing stuff better, and Google seem to have the religion. (see Send Money with Gmail for more).
- What Keeps Me Up at Night (Matt Webb) — Matt’s building a business around connected devices. Here he explains why the category could be owned by any of the big players. In times like this I remember Howard Aiken’s advice: Don’t worry about people stealing your ideas. If it is original you will have to ram it down their throats.
- Image Texture Predicts Avian Density and Species Richness (PLOSone) — Surprisingly and interestingly, remotely sensed vegetation structure measures (i.e., image texture) were often better predictors of avian density and species richness than field-measured vegetation structure, and thus show promise as a valuable tool for mapping habitat quality and characterizing biodiversity across broad areas.
Privacy: Gone in 150ms, Pen-Testing Tablet, Low-Level in Lua, and Metaphor Identification Shootout
- Behind the Banner — visualization of what happens in the 150ms when the cabal of data vultures decide which ad to show you. They pass around your data as enthusiastically as a pipe at a Grateful Dead concert, and you’ve just as much chance of getting it back. (via John Battelle)
- pwnpad — Nexus 7 with Android and Ubuntu, high-gain USB bluetooth, ethernet adapter, and a gorgeous suite of security tools. (via Kyle Young)
- Terra — a simple, statically-typed, compiled language with manual memory management [...] designed from the beginning to interoperate with Lua. Terra functions are first-class Lua values created using the terra keyword. When needed they are JIT-compiled to machine code. (via Hacker News)
- Metaphor Identification in Large Texts Corpora (PLOSone) — The paper presents the most comprehensive study of metaphor identification in terms of scope of metaphorical phrases and annotated corpora size. Algorithms’ performance in identifying linguistic phrases as metaphorical or literal has been compared to human judgment. Overall, the algorithms outperform the state-of-the-art algorithm with 71% precision and 27% averaged improvement in prediction over the base-rate of metaphors in the corpus.
Exploiting Glass, Teaching Probability, Product Design, and Subgraph Matching
- Exploiting a Bug in Google Glass — unbelievably detailed and yet easy-to-follow explanation of how the bug works, how the author found it, and how you can exploit it too. The second guide was slightly more technical, so when he returned a little later I asked him about the Debug Mode option. The reaction was interesting: he kind of looked at me, somewhat confused, and asked “wait, what version of the software does it report in Settings”? When I told him “XE4″ he clarified “XE4, not XE3″, which I verified. He had thought this feature had been removed from the production units.
- Probability Through Problems — motivating problems to hook students on probability questions, structured to cover high-school probability material.
- Connbox — love the section “The importance of legible products” where the physical UI interacts seamless with the digital device … it’s glorious. Three amazing videos.
- The Index-Based Subgraph Matching Algorithm (ISMA): Fast Subgraph Enumeration in Large Networks Using Optimized Search Trees (PLoSONE) — The central question in all these fields is to understand behavior at the level of the whole system from the topology of interactions between its individual constituents. In this respect, the existence of network motifs, small subgraph patterns which occur more often in a network than expected by chance, has turned out to be one of the defining properties of real-world complex networks, in particular biological networks. [...] An implementation of ISMA in Java is freely available.
Paperclip Computing, Packet Capture, Offline Wikipedia, and Sensor Databases
- How to Build a Working Digital Computer Out of Paperclips (Evil Mad Scientist) — from a 1967 popular science book showing how to build everything from parts that you might find at a hardware store: items like paper clips, little light bulbs, thread spools, wire, screws, and switches (that can optionally be made from paper clips).
- Moloch (Github) — an open source, large scale IPv4 packet capturing (PCAP), indexing and database system with a simple web GUI.
- Offline Wikipedia Reader (Amazon) — genius, because what Wikipedia needed to be successful was to be read-only. (via BoingBoing)
- Storing and Publishing Sensor Data — rundown of apps and sites for sensor data. (via Pete Warden)
Raspberry Pi MITM, Industrial Robot SDK, Cheap Mill, and Open Source State Replication in Go
- Raspberry Pi Wireless Attack Toolkit — A collection of pre-configured or automatically-configured tools that automate and ease the process of creating robust Man-in-the-middle attacks. The toolkit allows your to easily select between several attack modes and is specifically designed to be easily extendable with custom payloads, tools, and attacks. The cornerstone of this project is the ability to inject Browser Exploitation Framework Hooks into a web browser without any warnings, alarms, or alerts to the user. We accomplish this objective mainly through wireless attacks, but also have a limpet mine mode with ettercap and a few other tricks.
- Industrial Robot with SDK For Researchers (IEEE Spectrum) — $22,000 industrial robot with 7 degrees-of-freedom arms, integrated cameras, sonar, and torque sensors on every joint. [...] The Baxter research version is still running a core software system that is proprietary, not open. But on top of that the company built the SDK layer, based on ROS (Robot Operation System), and this layer is open source. In addition, there are also some libraries of low level tasks (such as joint control and positioning) that Rethink made open.
- OtherMill (Kickstarter) — An easy to use, affordable, computer controlled mill. Take all your DIY projects further with custom circuits and precision machining. (via Mike Loukides)
- go-raft (GitHub) — open source implementation of the Raft distributed consensus protocol, in Go. (via Ian Davis)
Intelligence and Entropy, Trademarked Memes, Wink UI, and Swiss Cheese Military Security
- Causal Entropic Forces (PDF) — new paper from Sci Foo alum Alex Wissner-Gross connecting intelligence and entropy. (via Inside Science)
- Nyan Cat and Keyboard Cat Are Trademarked Memes (Ars Technica) — the business of this (presumably there will be royalties in the end) is less interesting to me than the murky tension between authorship, ownership, sharing, popularity, and profit. We still lack a common expectation for how memes can be owned and exploited.
- Wink UI — Mike DiGiovanni wrote a Glass app to take photos when you wink. (via Ars Technica)
- Stealing US Military Secrets (Bloomberg) — One former intelligence official described internal Pentagon discussions over whether another Lockheed Martin fighter jet, the F-22 Raptor, could safely be deployed in combat, because several subcontractors had been hacked. The article is full of horror stories about Chinese penetration of US military contractors.
China Threat, China Opportunity, Open Source Sustainability, and SQL for Cohort Analysis
- China = 41% of World’s Internet Attack Traffic (Bloomberg) — numbers are from Akamai’s research. Verizon Communications said in a separate report that China accounted for 96 percent of all global espionage cases it investigated. One interpretation is that China is a rogue Internet state, but another is that we need to harden up our systems. (via ZD Net)
- Open Source Cannot Live on Donations Alone — excellent summary of some of the sustainability questions facing open source projects.
- China Startups: The Gold Rush (Steve Blank) — dense fact- and insight-filled piece. Not only is the Chinese ecosystem completely different but also the consumer demographics and user expectations are equally unique. 70% of Chinese Internet users are under 30. Instead of email, they’ve grown up with QQ instant messages. They’re used to using the web and increasingly the mobile web for everything, commerce, communication, games, etc. (They also probably haven’t seen a phone that isn’t mobile.) By the end of 2012, there were 85 million iOS and 160 million Android devices in China. And they were increasing at an aggregate 33 million IOS and Android activations per month.
- Calculating Rolling Cohort Retention with SQL — just what it says. (via Max Lynch)
Massive Security Problems, Hardware Locks, Closed Libraries, and Entrepreneurial Chaos in Detroit
- Information Security Breaches 2013 Report (UK Gov) — over 80% of small UK firms reported a breach, and over 90% of large. (via The Register)
- Google Glass Forbids Resales (Wired) — leaving aside the braying naysayers with their “GLASS WILL DESTROY THE SOCIAL FABRIC AND OUR ESSENTIAL HUMANITY”, there’s a valid point about software being used to control what users do with their devices. Given that this run of Glass is limited edition and they’ve hand-picked to whom they go and for what reason, Ed from Philadelphia is both greedy and naive if he believes Google’s letting him buy a pair to resell on eBay.
- Locked Stacks — As the British Library makes a glacially paced transition from being an analog behemoth to being a digitized one, an opportunity arises to lower the institution’s ivory tower-like walls and to create extensive access to its impressive catalog. The only problems, of course, are a lack of money and the currently insurmountable problem of UK copyright law.
- Young Community Entrepreneurs Rebuilding Detroit (Fast Company) — from information-sharing real estate ventures to transportation startups and doomsday clocks to see how close the city is to bankruptcy, it’s a crazy world out there. Should be easy for them: Detroit comes pre-disrupted.
Engagement Cliff, SSL Best Practices, Public Domain Numbers, and GitHub License Sniffing
- The Engagement Cliff — Gallup surveyed nearly 500,000 students in grades five through 12 from more than 1,700 public schools in 37 states in 2012 and found that by the time students get to high school only about 4 in 10 qualify as engaged.
- SSL/TLS Deployment Best Practices — clear and concise instructions to help overworked administrators and programmers spend the minimum time possible to obtain a secure site or web application. In pursue of clarity, we sacrifice completeness, foregoing certain advanced topics. The focus is on advice that is practical and easy to understand.
- Do Bad Things Happen When Works Enter The Public Domain? — research to answer that question. Spoiler: no. (via Surprisingly Free)
- Most GitHub Projects Not Open-Source Licensed (The Register) — 1,692,135 code repositories scanned, 219,326 (14.9%) percent had a file in their top-level directories that identified any kind of license at all. Of those, 28 per cent only announced their licenses in a README file, as opposed to recommended filenames such as LICENSE or COPYING. MIT license overwhelmingly popular compared to the different reciprocal (GPL-like) ones.