ENTRIES TAGGED "security"

Four short links: 3 September 2014

Four short links: 3 September 2014

Distributed Systems Theory, Chinese Manufacturing, Quantified Infant, and Celebrity Data Theft

  1. Distributed Systems Theory for the Distributed Systems EngineerI tried to come up with a list of what I consider the basic concepts that are applicable to my every-day job as a distributed systems engineer; what I consider ‘table stakes’ for distributed systems engineers competent enough to design a new system.
  2. Shenzhen Trip Report (Joi Ito) — full of fascinating observations about how the balance of manufacturing strength has shifted in surprising ways. The retail price of the cheapest full featured phone is about $9. Yes. $9. This could not be designed in the US – this could only be designed by engineers with tooling grease under their fingernails who knew the manufacturing equipment inside and out, as well as the state of the art of high-end mobile phones.
  3. SproutlingThe world’s first sensing, learning, predicting baby monitor. A wearable band for your baby, a smart charger and a mobile app work together to not only monitor more effectively but learn and predict your baby’s sleep habits and optimal sleep conditions. (via Wired)
  4. Notes on the Celebrity Data Theft — wonderfully detailed analysis of how photos were lifted, and the underground industry built around them. This was one of the most unsettling aspects of these networks to me – knowing there are people out there who are turning over data on friends in their social networks in exchange for getting a dump of their private data.
Comment
Four short links: 28 August 2014

Four short links: 28 August 2014

Visual Python, Scraping and Screenshotting, Un-free Speech, IP Law Textbook

  1. PlotDeviceA Python-based graphics language for designers, developers, and tinkerers. More in the easy-to-get-started + visual realm, like Processing. (via Andy Baio)
  2. Scumblr and Sketchy Search — Netflix open sourcing some scraping, screenshot, and workflow tools their security team uses to monitor discussion of themselves.
  3. Should Twitter, Facebook and Google Executives be the Arbiters of What We See and Read? (Glenn Greenwald) — In the digital age, we are nearing the point where an idea banished by Twitter, Facebook and Google all but vanishes from public discourse entirely, and that is only going to become more true as those companies grow even further. Whatever else is true, the implications of having those companies make lists of permitted and prohibited ideas are far more significant than when ordinary private companies do the same thing.
  4. Intellectual Property: Law and the Information Society; Cases and Materials (PDF) — James Boyle and Jennifer Jenkins’ open law textbook on IP (which even explores the question of whether that’s a valid and meaningful term). (via James Boyle)
Comment
Four short links: 26 August 2014

Four short links: 26 August 2014

Public Exploit Construction, Robot Myths, Empathy, and Social Scaling

  1. The Poisoned NUL Byte, 2014 Edition (Project Zero) — from Google’s public security efforts, this detailed public description of how an exploit was constructed from a found vulnerability. They’re helping. Kudos!
  2. Myths About the Coming Robot Economy (Eric Sofge) — the entire discussion of the so-called robot economy, with its predictions of vast, permanent employment rates and glacial productivity gains, is nothing more than a wild guess. A strong pushback on the Pew Report (PDF): Frey and Osborne’s analysis is full of logical leaps, and far-reaching conclusions drawn from cursory observations about robots that have yet to replace humans.
  3. Content for Sensitive Situations (Luke Wroblewski) — People have all kinds of feelings when interacting with your content. When someone’s needs are being met they may feel very different then when their needs are not being met. How can you meet people’s needs?
  4. Urban Villages (Senseable City at MIT) — People who live in a larger town make more calls and call a larger number of different people. The scaling of this relation is ‘superlinear,’ meaning that on average, if the size of a town doubles, the sum of phone contacts in the city will more than double – in a mathematically predictable way. Surprisingly, however, group clustering (the odds that your friends mutually know one another) does not change with city size. It seems that even in large cities we tend to build tightly knit communities, or ‘villages,’ around ourselves. There is an important difference, though: if in a real village our connections might simply be defined by proximity, in a large city we can elect a community based on any number of factors, from affinity to interest to sexual preference. (via Flowing Data)
Comment
Four short links: 25 August 2014

Four short links: 25 August 2014

Digital Signs, Reverse Engineering Censorship, USB Protection, and Queue Software

  1. Greenscreen — Chromecast-based open source software for digital signs.
  2. Reverse Engineering Censorship in Chinese Cyberspace (PDF) — researchers create accounts and probe to see which things are blocked. Empirical transparency.
  3. USB CondomA protective barrier between your device and “juice-jacking” hackers.
  4. queues.io — long list of job queues, message queues, and other such implementations.
Comment
Four short links: 22 August 2014

Four short links: 22 August 2014

Crowd Problems, Robot Butler, Opportunistic Encryption, and A/B Framework

  1. Blame the Crowd, Not the Camera (Nina Simon) — Cameras weaponize an already unwieldy mob of people.
  2. The Botlr — the Cupertino Starwood hotel has a robot butler (botlr) doing room service.
  3. tcpcrypt — opportunistic encryption of all network traffic.
  4. Sixpack — language-agnostic A/B testing framework.
Comment
Four short links: 18 August 2014

Four short links: 18 August 2014

Space Trading, Robot Capitalism, Packet Injection, and CAP Theorem

  1. Oolite — open-source clone of Elite, the classic space trading game from the 80s.
  2. Who Owns the Robots Rules The World (PDF) — interesting finding: As companies substitute machines and computers for human activity, workers need to own part of the capital stock that substitutes for them to benefit from these new “robot” technologies. Workers could own shares of the firm, hold stock options, or be paid in part from the profits. Without ownership stakes, workers will become serfs working on behalf of the robots’ overlords. Governments could tax the wealthy capital owners and redistribute income to workers, but that is not the direction societies are moving in. Workers need to own capital rather than rely on government income redistribution policies. (via Robotenomics)
  3. Schrodinger’s Cat Video and the Death of Clear-Text (Morgan Marquis-Boire) — report, based on leaked information, about use of network injection appliances targeted unencrypted pages from major providers. Compromising a target becomes as simple as waiting for the user to view unencrypted content on the Internet.
  4. CAP 12 Years Later: How the Rules Have Changed — a rundown of strategies available to deal with partitions (“outages”) in a distributed system.
Comment
Four short links: 8 August 2014

Four short links: 8 August 2014

Synchronization, Security Pi, YouTube Stardom, and Javascript Logging

  1. Everything You Wanted to Know About Synchronization But Were Too Afraid to Ask (PDF) — This paper presents the most exhaustive study of synchronization to date. We span multiple layers, from hardware cache-coherence protocols up to high-level concurrent software. We do so on different types of architectures, from single-socket — uniform and non- uniform — to multi-socket — directory and broadcast-based many-cores. We draw a set of observations that, roughly speaking, imply that scalability of synchronization is mainly a property of the hardware.
  2. Raspberry Pi as Low-Cost Security Camera (Instructables) — $120 HD motion-sensing web-viewable security camera.
  3. Inside YouTube’s Fame Factory (FastCompany) — great article about the tipping point where peer-to-peer fame becomes stage-managed corporate fame, as Vidcon grows. See also Variety: If YouTube stars are swallowed by Hollywood, they are in danger of becoming less authentic versions of themselves, and teenagers will be able to pick up on that,” Sehdev says. “That could take away the one thing that makes YouTube stars so appealing.”
  4. Sherlog.js (Github) — Javascript error and event tracker application. Honestly, I have no idea if this is any good but the name is golden. I’m such a sucker.
Comment
Four short links: 31 July 2014

Four short links: 31 July 2014

OCR in Javascript, Insecure IoT, USB Considered Insecure, and Use AdBlock Plus

  1. Ocrad.js — open source OCR in Javascript, a port of GNU Ocrad software.
  2. HP’s IoT Security Research (PDF) — 70% of devices use unencrypted network services, 90% of devices collected at least one piece of personal information, 60% of those that have UIs are vulnerable to things like XSS, 60% didn’t use encryption when downloading software updates, …
  3. USB Security Flawed From Foundation (Wired) — The element of Nohl and Lell’s research that elevates it above the average theoretical threat is the notion that the infection can travel both from computer to USB and vice versa. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device’s owner to detect it. And likewise, any USB device could silently infect a user’s computer. “It goes both ways,” Nohl says. “Nobody can trust anybody.” [...] “In this new way of thinking, you can’t trust a USB just because its storage doesn’t contain a virus. Trust must come from the fact that no one malicious has ever touched it,” says Nohl. “You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer. And that’s incompatible with how we use USB devices right now.”
  4. AdBlock vs AdBlock Plus — short answer: the genuinely open source AdBlock Plus, because AdBlock resiled from being open source, phones home, has misleading changelog entries, …. No longer trustworthy.
Comment
Four short links: 28 July 2014

Four short links: 28 July 2014

Secure Server, Angular Style, Recursion History (see Recursion History), Aerospike Open Source

  1. streisandsets up a new server running L2TP/IPsec, OpenSSH, OpenVPN, Shadowsocks, Stunnel, and a Tor bridge. It also generates custom configuration instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
  2. Angular.js Style Guidemy opinionated styleguide for syntax, building and structuring Angular applications.
  3. How Recursion Got into ProgrammingCommittee member F.L. Bauer registered his protest by characterizing the addition of recursion to the language as an “Amsterdam plot”.
  4. aerospike — open source database server and client, with bold claims of performance.
Comment
Four short links: 23 July 2014

Four short links: 23 July 2014

Selfless Machines, Docker Security, Voice Hacks, and Choiceless Programming

  1. Talking to Big Machines (Jon Bruner) — “Selfless machines” coordinate across networks and modify their own operation to improve the output of the entire system.
  2. Docker SecurityContainers do not contain and Stop assuming that Docker and the Linux kernel protect you from malware.
  3. Your Voice Assistant is Mine (PDF) — Through Android Intent mechanism, VoicEmployer triggers Google Voice Search to the foreground, and then plays prepared audio files (like “call number 1234 5678”) in the background. Google Voice Search can recognize this voice command and execute corresponding operations. With ingenious designs, our GVS-Attack can forge SMS/Email, access privacy information, transmit sensitive data and achieve remote control without any permission.
  4. escher (GitHub) — choiceless programming and non-Turing coding. Mind: blown.
Comment