ENTRIES TAGGED "security"

Four short links: 30 June 2014

Four short links: 30 June 2014

Interacting with Connected Objects, Continuous Security Review, Chess AI, and Scott Hanselman is Hilarious

  1. Interacting with a World of Connected Objects (Tom Coates) — notes from one of my favourite Foo Camp sessions.
  2. Security Considerations with Continuous Deployment (IBM) — rundown of categories of security issues your org might face, and how to tackle them in the continuous deployment cycle. (via Emma Jane Westby)
  3. The Chess Master and the Computer (Garry Kasparov) — Increasingly, a move isn’t good or bad because it looks that way or because it hasn’t been done that way before. It’s simply good if it works and bad if it doesn’t. Although we still require a strong measure of intuition and logic to play well, humans today are starting to play more like computers. (via Alexis Madrigal)
  4. Virtual Machines, Javascript, and Assembler (YouTube) — hilarious Velocity keynote by Scott Hanselman.
Comment: 1
Four short links: 27 June 2014

Four short links: 27 June 2014

Google MillWheel, 20yo Bug, Fast Real-Time Visualizations, and Google's Speed King

  1. MillWheel: Fault-Tolerant Stream Processing at Internet Scale — Google Research paper on the tech underlying the new cloud DataFlow tool. Watch the video. Yow.
  2. The Integer Overflow Bug That Went to Mars — long-standing (20 year old!) bug in a compression library prompts a wave of new releases. No word yet on whether NASA will upgrade the rover to avoid being pwned by Martian script kiddies. (update: I fell for a self-promoter. The Martians will need to find another attack vector. Huzzah!)
  3. epoch (github) — Fastly-produced open source general purpose real-time charting library for building beautiful, smooth, and high performance visualizations.
  4. Achieving Rapid Response Times in Large Online Services (YouTube) — Jeff Dean‘s keynote at Velocity. He wrote … a lot of things for this. And now he’s into deep learning ….
Comment

Four short links: 25 June 2014

Mobile Hacks, Advertising Returns, Solid Writeup, and Predicted Future

  1. Researchers Find and Decode the Spy Tools Governments Use to Hijack Phones (Wired) — I’m fascinated to learn there’s an Italian company making (and selling) the mobile phone rootkits that governments use.
  2. On the Near Impossibility of Measuring the Returns on Advertising (PDF) — Statistical evidence from the randomized trials is very weak because the individual-level sales are incredibly volatile relative to the per capita cost of a campaign—a “small” impact on a noisy dependent variable can generate positive returns. (via Slate)
  3. Reflections on Solid Conference — recap of the conference, great for those of us who couldn’t make it. “Software is eating the world…. Hardware gives it teeth.” – Renee DiResta
  4. Cybernation: The Silent Conquest (1962)[When] computers acquire the necessary capabilities…speeded-up data processing and interpretation will be necessary if professional services are to be rendered with any adequacy. Once the computers are in operation, the need for additional professional people may be only moderate [...] There will be a small, almost separate, society of people in rapport with the advanced computers. These cyberneticians will have established a relationship with their machines that cannot be shared with the average man any more than the average man today can understand the problems of molecular biology, nuclear physics, or neuropsychiatry. Indeed, many scholars will not have the capacity to share their knowledge or feeling about this new man-machine relationship. Those with the talent for the work probably will have to develop it from childhood and will be trained as intensively as the classical ballerina. (via Simon Wardley)
Comment
Four short links: 23 June 2014

Four short links: 23 June 2014

Blockchain Intro, Machine Collaboration, Safety Systems Thinking, and Where Keystrokes Go To Die

  1. Minimum Viable Block ChainWhat follows is an attempt to explain, from the ground up, why the particular pieces (digital signatures, proof-of-work, transaction blocks) are needed, and how they all come together to form the “minimum viable block chain” with all of its remarkable properties.
  2. Common Ground and Coordination in Joint Activity (PDF) — research paper on the components and requirements and failure modes of collaboration, with an eye to how machine actors can participate as collaborators. (via John Allspaw)
  3. Engineering a Safer World (Nancy Leveson) — Systems thinking applied to safety. Free download of the MIT Press ebook. (via John Allspaw)
  4. Scott Hanselman’s TipsKeep your emails to 3-4 sentences, Hanselman says. Anything longer should be on a blog or wiki or on your product’s documentation, FAQ or knowledge base. “Anywhere in the world except email because email is where you keystrokes go to die,” he says.
Comment

Cloud security is not an oxymoron

Think your IT staff can protect you better than major cloud providers? Think again.

I just ran across Katie Fehrenbacher’s article in GigaOm that made a point I’ve been arguing (perhaps not strongly enough) for years. When you start talking to people about “the cloud,” you frequently run into a knee-jerk reaction: “Of course, the cloud isn’t secure.”

I have no idea what IT professionals who say stuff like this mean. Are they thinking about the stuff they post on Facebook? Or are they thinking about the data they’ve stored on Amazon? For me, the bottom line is: would I rather trust Amazon’s security staff, or would I rather trust some guy with some security cert that I’ve never heard of, but whom the HR department says is “qualified”? Read more…

Comments: 7
Four short links: 12 June 2014

Four short links: 12 June 2014

Our New Robot Overlords, Open Neuro, Anti-Surveillance Software, and LG's TV Made of Evil and Tears

  1. Norbert Weiner (The Atlantic) — His fears for the future stemmed from two fundamental convictions: We humans can’t resist selfishly misusing the powers our machines give us, to the detriment of our fellow humans and the planet; and there’s a good chance we couldn’t control our machines even if we wanted to, because they already move too fast and because increasingly we’re building them to make decisions on their own. To believe otherwise, Wiener repeatedly warned, represents a dangerous, potentially fatal, lack of humility.
  2. Open Ephys — open source/open hardware tools for neuro research. (via IEEE)
  3. Startups Selling Resistance to Surveillance (Inc) — growing breed of tools working on securing their customers’ communications from interception by competitors and states.
  4. Not-So-Smart TV (TechDirt) — LG’s privacy policy basically says “let us share your viewing habits, browsing, etc. with third parties, or we will turn off the `smart’ features in your smart TV.” The promise of smart devices should be that they get better for customers over time, not better for the vendor at the expense of the customer. See Weiner above.
Comment
Four short links: 11 June 2014

Four short links: 11 June 2014

Right to Mine, Summarising Microblogs, C Sucks for Stats, and Scanning Logfiles

  1. UK Copyright Law Permits Researchers to Data Mine — changes mean Copyright holders can require researchers to pay to access their content but cannot then restrict text or data mining for non-commercial purposes thereafter, under the new rules. However, researchers that use the text or data they have mined for anything other than a non-commercial purpose will be said to have infringed copyright, unless the activity has the consent of rights holders. In addition, the sale of the text or data mined by researchers is prohibited. The derivative works will be very interesting: if university mines the journals, finds new possibility for a Thing, is verified experimentally, is that Thing the university’s to license commercially for profit?
  2. Efficient Online Summary of Microblogging Streams (PDF) — research paper. The algorithm we propose uses a word graph, along with optimization techniques such as decaying windows and pruning. It outperforms the baseline in terms of summary quality, as well as time and memory efficiency.
  3. Statistical Shortcomings in Standard Math Libraries — or “Why C Derivatives Are Not Popular With Statistical Scientists”. The following mathematical functions are necessary for implementing any rudimentary statistics application; and yet they are general enough to have many applications beyond statistics. I hereby propose adding them to the standard C math library and to the libraries which inherit from it. For purposes of future discussion, I will refer to these functions as the Elusive Eight.
  4. fail2ban — open source tool that scans logfiles for signs of malice, and triggers actions (e.g., iptables updates).
Comment
Four short links: 10 June 2014

Four short links: 10 June 2014

Trusting Code, Deep Pi, Docker DevOps, and Secure Database

  1. Trusting Browser Code (Tim Bray) — on the fundamental weakness of the ‘net as manifest in the browser.
  2. Deep Learning in the Raspberry Pi (Pete Warden) — $30 now gets you a computer you can run deep learning algorithms on. Awesome.
  3. Announcing Docker Hub and Official Repositories — as Docker went 1.0 and people rave about how they use it, comes this. They’re thinking hard about “integrating into the build ship run loop”, which aligns well with DevOps-enabling tool use.
  4. Apple’s Secure Database for Users (Ian Waring) — excellent breakdown of how Apple have gone out of their way to make their cloud database product safe and robust. They may be slow to “the cloud” but they have decades of experience having users as customers instead of products.
Comment
Four short links: 6 June 2014

Four short links: 6 June 2014

Ethical UX, Personal Robots, Sharter URLs, and Magical Devices

  1. Ethics and UX Design (Slideshare) –We are the thieves of time. This excellent talk challenges you (via Aristotle) to understand what a good life is, and whether you’re designing to bring it about. (via Keith Bolland)
  2. Pepper Personal Robot — Japan’s lead in consumer-facing robotics is impressive. If this had been developed by an American company, it’d either have a Lua scripting interface or twin machine guns for autonomous death.
  3. shrturl — spoof, edit, rewrite, and general evil up webpages, hidden behind an URL shortening service.
  4. Lessons for Building Magical Devices (First Round Review) — The most interesting devices I’ve seen take elements of the physical world and expose them to software.[...] If you buy a Tesla Model S today, the behavior of the car six months from now could be radically different because software can reshape the capability of the hardware continuously, exceeding the speed of customer demand.
Comment
Four short links: 5 June 2014

Four short links: 5 June 2014

Open Autopilot, Record Robot Sales, NSA Myths Busted, and Informative Errors

  1. beaglepilot (Github) — open source open hardware autopilot for Beagleboard. (via DIY Drones)
  2. IFR Robot Sales Charts (PDF) — 2013: all-time high of 179,000 industrial robots sold and growth continues in 2014. (via Robohub)
  3. The Top 5 Claims That Defenders of the NSA Have to Stop Making to Remain Credible (EFF) — great Mythbusting.
  4. Netflix’s New Error Message — instead of “buffering”, they point the finger at the carrier between them and the customer who is to blame for slow performance. Genius!
Comment