ENTRIES TAGGED "security"

Cloud security is not an oxymoron

Think your IT staff can protect you better than major cloud providers? Think again.

I just ran across Katie Fehrenbacher’s article in GigaOm that made a point I’ve been arguing (perhaps not strongly enough) for years. When you start talking to people about “the cloud,” you frequently run into a knee-jerk reaction: “Of course, the cloud isn’t secure.”

I have no idea what IT professionals who say stuff like this mean. Are they thinking about the stuff they post on Facebook? Or are they thinking about the data they’ve stored on Amazon? For me, the bottom line is: would I rather trust Amazon’s security staff, or would I rather trust some guy with some security cert that I’ve never heard of, but whom the HR department says is “qualified”? Read more…

Comments: 7
Four short links: 12 June 2014

Four short links: 12 June 2014

Our New Robot Overlords, Open Neuro, Anti-Surveillance Software, and LG's TV Made of Evil and Tears

  1. Norbert Weiner (The Atlantic) — His fears for the future stemmed from two fundamental convictions: We humans can’t resist selfishly misusing the powers our machines give us, to the detriment of our fellow humans and the planet; and there’s a good chance we couldn’t control our machines even if we wanted to, because they already move too fast and because increasingly we’re building them to make decisions on their own. To believe otherwise, Wiener repeatedly warned, represents a dangerous, potentially fatal, lack of humility.
  2. Open Ephys — open source/open hardware tools for neuro research. (via IEEE)
  3. Startups Selling Resistance to Surveillance (Inc) — growing breed of tools working on securing their customers’ communications from interception by competitors and states.
  4. Not-So-Smart TV (TechDirt) — LG’s privacy policy basically says “let us share your viewing habits, browsing, etc. with third parties, or we will turn off the `smart’ features in your smart TV.” The promise of smart devices should be that they get better for customers over time, not better for the vendor at the expense of the customer. See Weiner above.
Comment
Four short links: 11 June 2014

Four short links: 11 June 2014

Right to Mine, Summarising Microblogs, C Sucks for Stats, and Scanning Logfiles

  1. UK Copyright Law Permits Researchers to Data Mine — changes mean Copyright holders can require researchers to pay to access their content but cannot then restrict text or data mining for non-commercial purposes thereafter, under the new rules. However, researchers that use the text or data they have mined for anything other than a non-commercial purpose will be said to have infringed copyright, unless the activity has the consent of rights holders. In addition, the sale of the text or data mined by researchers is prohibited. The derivative works will be very interesting: if university mines the journals, finds new possibility for a Thing, is verified experimentally, is that Thing the university’s to license commercially for profit?
  2. Efficient Online Summary of Microblogging Streams (PDF) — research paper. The algorithm we propose uses a word graph, along with optimization techniques such as decaying windows and pruning. It outperforms the baseline in terms of summary quality, as well as time and memory efficiency.
  3. Statistical Shortcomings in Standard Math Libraries — or “Why C Derivatives Are Not Popular With Statistical Scientists”. The following mathematical functions are necessary for implementing any rudimentary statistics application; and yet they are general enough to have many applications beyond statistics. I hereby propose adding them to the standard C math library and to the libraries which inherit from it. For purposes of future discussion, I will refer to these functions as the Elusive Eight.
  4. fail2ban — open source tool that scans logfiles for signs of malice, and triggers actions (e.g., iptables updates).
Comment
Four short links: 10 June 2014

Four short links: 10 June 2014

Trusting Code, Deep Pi, Docker DevOps, and Secure Database

  1. Trusting Browser Code (Tim Bray) — on the fundamental weakness of the ‘net as manifest in the browser.
  2. Deep Learning in the Raspberry Pi (Pete Warden) — $30 now gets you a computer you can run deep learning algorithms on. Awesome.
  3. Announcing Docker Hub and Official Repositories — as Docker went 1.0 and people rave about how they use it, comes this. They’re thinking hard about “integrating into the build ship run loop”, which aligns well with DevOps-enabling tool use.
  4. Apple’s Secure Database for Users (Ian Waring) — excellent breakdown of how Apple have gone out of their way to make their cloud database product safe and robust. They may be slow to “the cloud” but they have decades of experience having users as customers instead of products.
Comment
Four short links: 6 June 2014

Four short links: 6 June 2014

Ethical UX, Personal Robots, Sharter URLs, and Magical Devices

  1. Ethics and UX Design (Slideshare) –We are the thieves of time. This excellent talk challenges you (via Aristotle) to understand what a good life is, and whether you’re designing to bring it about. (via Keith Bolland)
  2. Pepper Personal Robot — Japan’s lead in consumer-facing robotics is impressive. If this had been developed by an American company, it’d either have a Lua scripting interface or twin machine guns for autonomous death.
  3. shrturl — spoof, edit, rewrite, and general evil up webpages, hidden behind an URL shortening service.
  4. Lessons for Building Magical Devices (First Round Review) — The most interesting devices I’ve seen take elements of the physical world and expose them to software.[...] If you buy a Tesla Model S today, the behavior of the car six months from now could be radically different because software can reshape the capability of the hardware continuously, exceeding the speed of customer demand.
Comment
Four short links: 5 June 2014

Four short links: 5 June 2014

Open Autopilot, Record Robot Sales, NSA Myths Busted, and Informative Errors

  1. beaglepilot (Github) — open source open hardware autopilot for Beagleboard. (via DIY Drones)
  2. IFR Robot Sales Charts (PDF) — 2013: all-time high of 179,000 industrial robots sold and growth continues in 2014. (via Robohub)
  3. The Top 5 Claims That Defenders of the NSA Have to Stop Making to Remain Credible (EFF) — great Mythbusting.
  4. Netflix’s New Error Message — instead of “buffering”, they point the finger at the carrier between them and the customer who is to blame for slow performance. Genius!
Comment
Four short links: 4 June 2014

Four short links: 4 June 2014

Swift on GitHub, HTTP APIs, PGP in Gmail, and Comments vs Community

  1. Swift on GitHub — watch a thousand projects launch.
  2. HTTP API Design Guideextracted from work on the Heroku Platform API.
  3. End-to-End PGP in Gmail — Google releases an open source Chrome extension to enable end-to-end OpenPGP on top of gmail. This is a good thing. As noted FSF developer Ben Franklin wrote: Those who would give up awkward key signing parties to purchase temporary convenience deserve neither.
  4. Close Your Comments; Build Your Community (Annemarie Dooling) — I am rarely sad when a commenting platform collapses, because it usually means the community dissolved long before.
Comment
Four short links: 28 May 2014

Four short links: 28 May 2014

Targeted Breakage, Driverless Cars, BitCoin Bigness, and IoT Approaching

  1. Maciej Ceglowski on Our Internet — If you haven’t already read this because someone pushed it into your hands, read it now. If these vast databases are valuable enough, it doesn’t matter who they belong to. The government will always find a way to query them. Who pays for the servers is just an implementation detail.
  2. Design Changes Possible With Robot Cars (Brad Templeton) — While a nice windshield may be good for visibility for forward-facing passengers, there is no need to have a large unobstructed view for safety. The windshield can be reinforced with bars, for example, allowing it to be much stronger in the case of impacts, notably impacts with animals. Other than for passenger comfort, the windshield barely has to be there at all. On behalf of everyone who has ever driven in Australia at dusk … I for one welcome our new robot chauffeurs. (via The Atlantic)
  3. Bitcoin Set to Overtake Paypal Transaction Volumes“In the next one or two years, Bitcoin can surpass the dollar transaction volumes of other established payment companies including Discover, and even American Express, MasterCard, and Visa,” said SmartMetric CEO Chaya Hendrick. (via Hamish McEwan)
  4. 1 in 5 Americans Has Their Physical Environment on the Internet (Quartz) — One in five adult American internet users already has a device at home that connects the physical environment to the internet, according to a Forrester Research report (paywall) out last week.
Comment: 1
Four short links: 21 May 2014

Four short links: 21 May 2014

Funnel Tool, Security Tools, Inside Mac Malware, and Everything is Broken

  1. EventHub — open source funnel/cohort/a-b analysis tool.
  2. Mantra — a collection of free/open source security tools, integrated into a browser (Firefox or Chromium).
  3. Reverse Engineering Mac Malware (PDF) — fascinating to see how it’s shipped, bundled, packaged, and distributed.
  4. Everything is Broken (Quinn Norton) — Computers have gotten incredibly complex, while people have remained the same gray mud with pretensions of Godhood. Today’s required read, because everything is broken and it’s the defining characteristic of this age of software. We have built computers in our image: our cancerous STD-addled diabetic alcoholic lead-sniffing telomere-decaying bacteria- and virus-addled image.
Comment
Four short links: 19 May 2014

Four short links: 19 May 2014

Surveillance Devices, Economic Apologies, Logo Trends, and Block Chain API

  1. Your Coffee Machine is Watching You (Mary Beard) — the future of surveillance isn’t more CCTV cameras, it’s every device ratting you out, all the time.
  2. Economics of Apologiesapologies work to restore relationships but are costly for the apologiser.
  3. Logo TrendsDimension and detail are necessarily removed so that these logos read properly on mobile screens. Designs have become more and more flat. Surfaces are plain and defined by mono-weight lines. Great examples.
  4. Chainthe Block Chain API for developers.
Comment