ENTRIES TAGGED "security"

Four short links: 16 July 2014

Four short links: 16 July 2014

Distributed Systems Design 101, Patent Trolls, Intel's Half a Billion from IoT, and Google's Project Zero.

  1. Inside bit.ly’s Distributed Systems — this is a 101 for modern web distributed systems design.
  2. Patent Trolls are Now 67% of New Patent Lawsuits in USA (WaPo) — data from PwC.
  3. Intel Made Half a Billion from Internet of Things Last Year (Quartz) — half a billion here, half a billion there, pretty soon it adds up to real money.
  4. Google’s Project Zero (Wired) — G pays a team to attack common software and report the bugs to the manufacturer. Interesting hypothesis about how the numbers inbalance between Every Russian 14 Year Old and this small team doesn’t matter: modern hacker exploits often chain together a series of hackable flaws to defeat a computer’s defenses. Kill one of those bugs and the entire exploit fails. That means Project Zero may be able to nix entire collections of exploits by finding and patching flaws in a small part of an operating system, like the “sandbox” that’s meant to limit an application’s access to the rest of the computer. ”On certain attack surfaces, we’re optimistic we can fix the bugs faster than they’re being introduced,” Hawkes says. “If you funnel your research into these limited areas, you increase the chances of bug collisions.”
Comment
Four short links: 14 July 2014

Four short links: 14 July 2014

Scanner Malware, Cognitive Biases, Deep Learning, and Community Metrics

  1. Handheld Scanners Attack — shipping and logistics operations compromised by handheld scanners running malware-infested Windows XP.
  2. Adventures in Cognitive Biases (MIT) — web adventure to build your cognitive defences against biases.
  3. Quoc Le’s Lectures on Deep Learning — Machine Learning Summer School videos (4k!) of the deep learning lectures by Google Brain team member Quoc Le.
  4. FLOSS Community Metrics Talks — upcoming event at Puppet Labs in Portland. I hope they publish slides and video!
Comment: 1
Four short links: 10 July 2014

Four short links: 10 July 2014

Journalism Security, Inclusive Technology, Network Magic, and Python Anti-Patterns

  1. Ex-Google Hacker Taking On The World’s Spy Agencies (Wired) — profile of the security expert working on protecting reporters.
  2. Meet Google’s Security Princess (Elle) — would have preferred to see her story in Wired. Much is good here, but this is pithy and strong: “If you have ambitions to create technology for the whole world, you need to represent the whole world, and the whole world is not just white men.”
  3. snabb switch — open source Linux userspace executable for making network appliances. Processes millions of ethernet packets per second per core. Suitable for ISPs. Speaks natively to Ethernet hardware, Hypervisors, and the Linux kernel. You can program it with LuaJIT extensions to do anything you want.
  4. Anti-Patterns in Python Programming — gold.
Comment: 1
Four short links: 1 July 2014

Four short links: 1 July 2014

Efficient Representation, Page Rendering, Graph Database, Warning Effectiveness

  1. word2vecThis tool provides an efficient implementation of the continuous bag-of-words and skip-gram architectures for computing vector representations of words. These representations can be subsequently used in many natural language processing applications and for further research. From Google Research paper Efficient Estimation of Word Representations in Vector Space.
  2. What Every Frontend Developer Should Know about Page RenderingRendering has to be optimized from the very beginning, when the page layout is being defined, as styles and scripts play the crucial role in page rendering. Professionals have to know certain tricks to avoid performance problems. This arcticle does not study the inner browser mechanics in detail, but rather offers some common principles.
  3. Cayleyan open-source graph inspired by the graph database behind Freebase and Google’s Knowledge Graph.
  4. Alice in Warningland (PDF) — We performed a field study with Google Chrome and Mozilla Firefox’s telemetry platforms, allowing us to collect data on 25,405,944 warning impressions. We find that browser security warnings can be successful: users clicked through fewer than a quarter of both browser’s malware and phishing warnings and third of Mozilla Firefox’s SSL warnings. We also find clickthrough rates as high as 70.2% for Google Chrome SSL warnings, indicating that the user experience of a warning can have tremendous impact on user behaviour.
Comments: 7
Four short links: 30 June 2014

Four short links: 30 June 2014

Interacting with Connected Objects, Continuous Security Review, Chess AI, and Scott Hanselman is Hilarious

  1. Interacting with a World of Connected Objects (Tom Coates) — notes from one of my favourite Foo Camp sessions.
  2. Security Considerations with Continuous Deployment (IBM) — rundown of categories of security issues your org might face, and how to tackle them in the continuous deployment cycle. (via Emma Jane Westby)
  3. The Chess Master and the Computer (Garry Kasparov) — Increasingly, a move isn’t good or bad because it looks that way or because it hasn’t been done that way before. It’s simply good if it works and bad if it doesn’t. Although we still require a strong measure of intuition and logic to play well, humans today are starting to play more like computers. (via Alexis Madrigal)
  4. Virtual Machines, Javascript, and Assembler (YouTube) — hilarious Velocity keynote by Scott Hanselman.
Comment: 1
Four short links: 27 June 2014

Four short links: 27 June 2014

Google MillWheel, 20yo Bug, Fast Real-Time Visualizations, and Google's Speed King

  1. MillWheel: Fault-Tolerant Stream Processing at Internet Scale — Google Research paper on the tech underlying the new cloud DataFlow tool. Watch the video. Yow.
  2. The Integer Overflow Bug That Went to Mars — long-standing (20 year old!) bug in a compression library prompts a wave of new releases. No word yet on whether NASA will upgrade the rover to avoid being pwned by Martian script kiddies. (update: I fell for a self-promoter. The Martians will need to find another attack vector. Huzzah!)
  3. epoch (github) — Fastly-produced open source general purpose real-time charting library for building beautiful, smooth, and high performance visualizations.
  4. Achieving Rapid Response Times in Large Online Services (YouTube) — Jeff Dean‘s keynote at Velocity. He wrote … a lot of things for this. And now he’s into deep learning ….
Comment

Four short links: 25 June 2014

Mobile Hacks, Advertising Returns, Solid Writeup, and Predicted Future

  1. Researchers Find and Decode the Spy Tools Governments Use to Hijack Phones (Wired) — I’m fascinated to learn there’s an Italian company making (and selling) the mobile phone rootkits that governments use.
  2. On the Near Impossibility of Measuring the Returns on Advertising (PDF) — Statistical evidence from the randomized trials is very weak because the individual-level sales are incredibly volatile relative to the per capita cost of a campaign—a “small” impact on a noisy dependent variable can generate positive returns. (via Slate)
  3. Reflections on Solid Conference — recap of the conference, great for those of us who couldn’t make it. “Software is eating the world…. Hardware gives it teeth.” – Renee DiResta
  4. Cybernation: The Silent Conquest (1962)[When] computers acquire the necessary capabilities…speeded-up data processing and interpretation will be necessary if professional services are to be rendered with any adequacy. Once the computers are in operation, the need for additional professional people may be only moderate [...] There will be a small, almost separate, society of people in rapport with the advanced computers. These cyberneticians will have established a relationship with their machines that cannot be shared with the average man any more than the average man today can understand the problems of molecular biology, nuclear physics, or neuropsychiatry. Indeed, many scholars will not have the capacity to share their knowledge or feeling about this new man-machine relationship. Those with the talent for the work probably will have to develop it from childhood and will be trained as intensively as the classical ballerina. (via Simon Wardley)
Comment
Four short links: 23 June 2014

Four short links: 23 June 2014

Blockchain Intro, Machine Collaboration, Safety Systems Thinking, and Where Keystrokes Go To Die

  1. Minimum Viable Block ChainWhat follows is an attempt to explain, from the ground up, why the particular pieces (digital signatures, proof-of-work, transaction blocks) are needed, and how they all come together to form the “minimum viable block chain” with all of its remarkable properties.
  2. Common Ground and Coordination in Joint Activity (PDF) — research paper on the components and requirements and failure modes of collaboration, with an eye to how machine actors can participate as collaborators. (via John Allspaw)
  3. Engineering a Safer World (Nancy Leveson) — Systems thinking applied to safety. Free download of the MIT Press ebook. (via John Allspaw)
  4. Scott Hanselman’s TipsKeep your emails to 3-4 sentences, Hanselman says. Anything longer should be on a blog or wiki or on your product’s documentation, FAQ or knowledge base. “Anywhere in the world except email because email is where you keystrokes go to die,” he says.
Comment

Cloud security is not an oxymoron

Think your IT staff can protect you better than major cloud providers? Think again.

I just ran across Katie Fehrenbacher’s article in GigaOm that made a point I’ve been arguing (perhaps not strongly enough) for years. When you start talking to people about “the cloud,” you frequently run into a knee-jerk reaction: “Of course, the cloud isn’t secure.”

I have no idea what IT professionals who say stuff like this mean. Are they thinking about the stuff they post on Facebook? Or are they thinking about the data they’ve stored on Amazon? For me, the bottom line is: would I rather trust Amazon’s security staff, or would I rather trust some guy with some security cert that I’ve never heard of, but whom the HR department says is “qualified”? Read more…

Comments: 7
Four short links: 12 June 2014

Four short links: 12 June 2014

Our New Robot Overlords, Open Neuro, Anti-Surveillance Software, and LG's TV Made of Evil and Tears

  1. Norbert Weiner (The Atlantic) — His fears for the future stemmed from two fundamental convictions: We humans can’t resist selfishly misusing the powers our machines give us, to the detriment of our fellow humans and the planet; and there’s a good chance we couldn’t control our machines even if we wanted to, because they already move too fast and because increasingly we’re building them to make decisions on their own. To believe otherwise, Wiener repeatedly warned, represents a dangerous, potentially fatal, lack of humility.
  2. Open Ephys — open source/open hardware tools for neuro research. (via IEEE)
  3. Startups Selling Resistance to Surveillance (Inc) — growing breed of tools working on securing their customers’ communications from interception by competitors and states.
  4. Not-So-Smart TV (TechDirt) — LG’s privacy policy basically says “let us share your viewing habits, browsing, etc. with third parties, or we will turn off the `smart’ features in your smart TV.” The promise of smart devices should be that they get better for customers over time, not better for the vendor at the expense of the customer. See Weiner above.
Comment