- Fix Mac OS X — each time you start typing in Spotlight (to open an application or search for a file on your computer), your local search terms and location are sent to Apple and third parties (including Microsoft) under default settings on Yosemite (10.10). See also Net Monitor, an open source toolkit for finding phone-home behaviour.
- A/B Testing at Netflix (ACM) — Using a combination of static analysis to build a dependency tree, which is then consumed at request time to resolve conditional dependencies, we’re able to build customized payloads for the millions of unique experiences across Netflix.com.
- Leslie Lamport Interview Summary — One idea about formal specifications that Lamport tries to dispel is that they require mathematical capabilities that are not available to programmers: “The mathematics that you need in order to write specifications is a lot simpler than any programming language […] Anyone who can write C code, should have no trouble understanding simple math, because C code is a hell of a lot more complicated than” first-order logic, sets, and functions. When I was at uni, profs worked on distributed data, distributed computation, and formal correctness. We have the first two, but so much flawed software that I can only dream of the third arriving.
- Fake Identity — generate fake identity data when testing systems.
Once we acknowledge nearly everything is insecure, we can engage in a more nuanced discussion about security.
“Yes, we get it. Cars, boats, buses, and those singing fish plaques are all hackable and have no security. Most conferences these days have a whole track called ‘Junk I found around my house and how I am going to scare you by hacking it.’ That stuff is always going to be hackable whetherornotyouarethecalvalry.org.
“Yes, there is Junk in your garage, and you can hack it, and if
you find someone else who happens to have that exact same Junk, you can probably hack that, too, but maybe not, because testing is hard.
“Cars are the pinnacle of junk hacking, because they are meant to be in your garage. Obviously there is no security on car computers. Nor (and I hate to break the suspense) *will there ever be*. Yes, you can connect a device to my midlife crisis car and update the CPU of the battery itself with malware, which can in theory explode my whole car on the way to BJJ. I personally hope you don’t. But I know it’s possible the same way I know it’s possible to secretly rewire my toaster oven to overcook my toast every time even when I put it on the lowest setting, driving me slowly but surely insane.
“So in any case, enough with the Junk Hacking, and enough with being amazed when people hack their junk.”