ENTRIES TAGGED "security"
Android Control, Privacy Eluded, Design Challenges, and "Watson, What's This Lump?"
- Google’s Iron Grip on Android (Ars Technica) — While Google will never go the entire way and completely close Android, the company seems to be doing everything it can to give itself leverage over the existing open source project. And the company’s main method here is to bring more and more apps under the closed source “Google” umbrella.
- How to Live Without Being Tracked (Fast Company) — this seems appropriate: she assumes that every phone call she makes and every email she sends will be searchable by the general public at some point in the future. Full of surprises, like To identify tires, which can come in handy if they’re recalled, tire manufacturers insert an RFID tag with a unique code that can be read from about 20 feet away by an RFID reader..
- method.ac — Complete 50 challenges. Each challenge is a small, design related task. They cover theory and practice of one specific design subject. Challenges are progressively more difficult, and completing them gives you access to more intricate challenges.
- IBM Watson’s Cancer Moonshot (Venture Beat) — IBM is ready to make a big a bet on Watson, as it did in the 1970s when it invested in the emergence of the mainframe. Watson heralds the emergence of “thinking machines,” which learn by doing and already trump today’s knowledge retrieval machines. I for one welcome the opportunity to be a false negative.
GUI Prototyping, Linux Containerisation, Searchable Apple Text, and Infosec Wargames
- Pencil — An open-source GUI prototyping tool that’s available for ALL platforms.
- lmctfy — open source version of Google’s container stack, which provides Linux application containers.
- ASCII WWDC — searchable full-text transcriptions of WWDC sessions.
- Cryptogeddon — an online infosec wargame.
Video Editing, Game Engine, Python Debugger, and P2P VPN
- Lightworks — open source non-linear video editing software, with quite a history.
- Puzzlescript — open source puzzle game engine for HTML5.
- pudb — full-screen (text-mode) Python debugger.
- Freelan — free, open-source, multi-platform, highly-configurable and peer-to-peer VPN software.
Connecting Things, Eye Tracker, Retro Browser, Human Filter
- The Thing System — connects to Things in your home, whether those things are media players such as the Sonos or the Apple TV, your Nest thermostat, your INSTEON home control system, or your Philips Hue lightbulbs — whether your things are connected together via Wi-Fi, USB or Bluetooth Low Energy (BLE). The steward will find them and bring them together so they can talk to one another and perform magic.
- The Eye Tribe — $99 eye-tracker with SDK.
- Line Mode — CERN emulator for the original web client. I remember coding for this, and hacking new features into it. Roar says the dinosaur, in 80×24 pixelated glory.
- 2M Person Internet Filter — (BBC) China apparently employs 2 million people to read Weibo and other Internet content sites, to identify critical opinions. That’s 40% of my country’s population. Crikey.
Insecure Hardware, Doc Database, Kids Programming, and Ad-Blocking AP
- Researchers Can Slip an Undetectable Trojan into Intel’s Ivy Bridge CPUs (Ars Technica) — The exploit works by severely reducing the amount of entropy the RNG normally uses, from 128 bits to 32 bits. The hack is similar to stacking a deck of cards during a game of Bridge. Keys generated with an altered chip would be so predictable an adversary could guess them with little time or effort required. The severely weakened RNG isn’t detected by any of the “Built-In Self-Tests” required for the P800-90 and FIPS 140-2 compliance certifications mandated by the National Institute of Standards and Technology.
- rethinkdb — open-source distributed JSON document database with a pleasant and powerful query language.
- Teach Kids Programming — a collection of resources. I start on Scratch much sooner, and 12+ definitely need the Arduino, but generally I agree with the things I recognise, and have a few to research …
- Raspberry Pi as Ad-Blocking Access Point (AdaFruit) — functionality sadly lacking from my off-the-shelf AP.
Verified Web, Verified Base64, Theorem Prover, and Fast Events in C
- Quark — a web browser with a formally-proven kernel.
- High-Assurance Base64 — formally verified C implementation of Base64.
- z3 — fast theorem prover from Microsoft Research.
- libphenom (GitHub) — Facebook’s open sourced eventing framework. (High-scalability, natch)
NSA Crypto, Web Traps, Learn by Doing, and Distributed Testing
- On the NSA — intelligent unpacking of what the NSA crypto-weakening allegations mean.
- Overview of the 2013 OWASP Top 10 — rundown of web evil to avoid. (via Ecryption)
- Easy 6502 — teaches 6502 assembler, with an emulator built into the book. This is what programming non-fiction books will look like in the future.
- Kochiku — distributing automated test suites for faster validation in continuous integration.
Google Play Services, Self-Signed Kernels, Visualising Scientific Papers, and New Microcontroller
- How Google’s Defragging Android (Ars Technica) — Android’s becoming a pudgy microkernel for the Google Play Services layer that’s in userland, closed source, and a way to bypass carriers’ lag for upgrades.
- Booting a Self-Signed Linux Kernel (Greg Kroah-Hartman) — procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority.
- Paperscape — A map of scientific papers from the arXiv.
- Trinket — Adafruit’s latest microcontroller board. Small but perfectly formed.
- MegaPWN (GitHub) — Your MEGA master key is supposed to be a secret, but MEGA or anyone else with access to your computer can easily find it without you noticing. Browser crypto is only as secure as the browser and the code it runs.
- When Smart Homes Get Hacked (Forbes) — Insteon’s flaw was worse in that it allowed access to any one via the Internet. The researchers could see the exposed systems online but weren’t comfortable poking around further. I was — but I was definitely nervous about it and made sure I had Insteon users’ permission before flickering their lights.
- A Stick Figure Guide to Advanced Encryption Standard (AES) — exactly what it says.