"security" entries

Four short links: 2 December 2015

Four short links: 2 December 2015

Regulating Addictive Attention, Microservice Middleware, Better 3D Scanning, and Anti-Disassembly Tricks

  1. If the Internet is Addictive, Why Don’t We Regulate It? — an excellent look at behaviourism, gambling machine flow, design-for-addiction, attention, regulation. As Schüll puts it: ‘It just seems very duplicitous to design with the goal of capturing attention, and then to put the whole burden onto the individual.’
  2. Zipnish — using varnish as middleware for your microservices, with Zipnish to create Zipkin-style analysis of your API performance.
  3. Using Polarisation to Improve 3D Scanning (PDF) — The proposed technique can resolve finer detail than some laser scannners
  4. Anti-Disassembly Tricks Used in Malware — also “things I remember from trying to break copy protection in 1980s games.”
Comment
Four short links: 27 November 2015

Four short links: 27 November 2015

Android Insecurity, Clear Photos, Speech to Emotion, and Microexpressions from Video

  1. 87% of Android Devices Insecure — researchers find they’re vulnerable to malicious apps because manufacturers have not provided regular security updates. (via Bruce Schneier)
  2. A Computational Approach for Obstruction-Free Photography (Google Research) — take multiple photos from different angles through occlusions like a window with raindrops or reflections, and their software will assemble an unoccluded image. (via Greg Linden)
  3. Algorithms for Affective SensingResults show that the system achieves a six-emotion decision-level correct classification rate of 80% for an acted dataset with clean speech. This PhD thesis is research into algorithm for determining emotion from speech samples, which does so more accurately than humans in a controlled test. (via New Scientist)
  4. Software Learns to Recognise Microexpressions (MIT Technology Review) — Li and co’s machine matched human ability to spot and recognize microexpressions and significantly outperformed humans at the recognition task alone.
Comment
Four short links: 25 November 2015

Four short links: 25 November 2015

Faking Magstripes, Embedded Database, Another Embedded Database, Multicamera Array

  1. magspoofa portable device that can spoof/emulate any magnetic stripe or credit card “wirelessly,” even on standard magstripe readers.
  2. LittleD — open source relational database for embedded devices and sensors nodes.
  3. iondb — open source key-value datastore for resource constrained systems.
  4. Stanford Multicamera Array — 128 cameras, reconfigurable. If the cameras are packed close together, then the system effectively functions as a single-center-of-projection synthetic camera, which we can configure to provide unprecedented performance along one or more imaging dimensions, such as resolution, signal-to-noise ratio, dynamic range, depth of field, frame rate, or spectral sensitivity. If the cameras are placed farther apart, then the system functions as a multiple-center-of-projection camera, and the data it captures is called a light field. Of particular interest to us are novel methods for estimating 3D scene geometry from the dense imagery captured by the array, and novel ways to construct multi-perspective panoramas from light fields, whether captured by this array or not. Finally, if the cameras are placed at an intermediate spacing, then the system functions as a single camera with a large synthetic aperture, which allows us to see through partially occluding environments like foliage or crowds.
Comment
Four short links: 24 November 2015

Four short links: 24 November 2015

Tabular Data, Distrusting Authority, Data is the Future, and Remote Working Challenges

  1. uitable — cute library for tabular data in console golang programs.
  2. Did Carnegie Mellon Attack Tor for the FBI? (Bruce Schneier) — The behavior of the researchers is reprehensible, but the real issue is that CERT Coordination Center (CERT/CC) has lost its credibility as an honest broker. The researchers discovered this vulnerability and submitted it to CERT. Neither the researchers nor CERT disclosed this vulnerability to the Tor Project. Instead, the researchers apparently used this vulnerability to deanonymize a large number of hidden service visitors and provide the information to the FBI. Does anyone still trust CERT to behave in the Internet’s best interests? Analogous to the CIA organizing a fake vaccination drive to get close to Osama. “Intelligence” agencies.
  3. Google Open-Sourcing TensorFlow Shows AI’s Future is Data not Code (Wired) — something we’ve been saying for a long time.
  4. Challenges of Working Remote (Moishe Lettvin) — the things that make working remote hard aren’t, primarily, logistical; they’re emotional.
Comment
Four short links: 16 November 2015

Four short links: 16 November 2015

Hospital Hacking, Security Data Science, Javascript Face-Substitution, and Multi-Agent Systems Textbook

  1. Hospital Hacking (Bloomberg) — interesting for both lax regulation (“The FDA seems to literally be waiting for someone to be killed before they can say, ‘OK, yeah, this is something we need to worry about,’ ” Rios says.) and the extent of the problem (Last fall, analysts with TrapX Security, a firm based in San Mateo, Calif., began installing software in more than 60 hospitals to trace medical device hacks. […] After six months, TrapX concluded that all of the hospitals contained medical devices that had been infected by malware.). It may take a Vice President’s defibrillator being hacked for things to change. Or would anybody notice?
  2. Cybersecurity and Data Science — pointers to papers in different aspects of using machine learning and statistics to identify misuse and anomalies.
  3. Real-time Face Substitution in Javascript — this is awesome. Moore’s Law is amazing.
  4. Multi-Agent Systems — undergraduate textbook covering distributed systems, game theory, auctions, and more. Electronic version as well as printed book.
Comment
Four short links: 10 November 2015

Four short links: 10 November 2015

TensorFlow Released, TensorFlow Described, Neural Networks Optimized, Cybersecurity as RealPolitik

  1. TensorFlow — Google released, as open source, their distributed machine learning system. The DataFlow programming framework is sweet, and the documentation is gorgeous. AMAZINGLY high-quality, sets the bar for any project. This may be 2015’s most important software release.
  2. TensorFlow White Paper (PDF) — Compared to DistBelief [G’s first scalable distributed inference and training system], TensorFlow’s programming model is more flexible, its performance is significantly better, and it supports training and using a broader range of models on a wider variety of heterogeneous hardware platforms.
  3. Neural Networks With Few Multiplications — paper with a method to eliminate most of the time-consuming floating point multiplications needed to update the intermediate virtual neurons as they learn. Speed has been one of the bugbears of deep neural networks.
  4. Cybersecurity as RealPolitik — Dan Geer’s excellent talk from 2014 BlackHat. When younger people ask my advice on what they should do or study to make a career in cyber security, I can only advise specialization. Those of us who were in the game early enough and who have managed to retain an over-arching generalist knowledge can’t be replaced very easily because while absorbing most new information most of the time may have been possible when we began practice, no person starting from scratch can do that now. Serial specialization is now all that can be done in any practical way. Just looking at the Black Hat program will confirm that being really good at any one of the many topics presented here all but requires shutting out the demands of being good at any others.
Comment
Four short links: 6 November 2015

Four short links: 6 November 2015

Media Money, Linux Security, TPP and Source, and Robot Chefs

  1. Grantland and the Surprising Future of Publishing (Ben Thompson) — writing is good for reach, podcasts and video good for advertising $. The combination is powerful.
  2. Security and the Linux Kernel (WaPo) — the question is not “can the WaPo write intelligently about the Linux kernel and security?” (answer, by the way, is “yes”) but rather “why is the WaPo writing about Linux kernel and security?” Ladies and gentlemen, start your conspiracy engines.
  3. TPP Might Prevent Governments from Auditing Source Code (Wired) — Article 14.17 of proposal, published at last today after years of secret negotiations, says: “No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.” The proposal includes an exception for critical infrastructure, but it’s not clear whether software involved in life or death situations, such as cars, airplanes, or medical devices would be included. One of many “what the heck does this mean for us?” analyses coming out. I’m waiting a few days until the analyses shake out before I get anything in a tangle.
  4. Innit Future Kitchen — robots that cook. Is nothing sacred for these steely-hearted bastards?!
Comment: 1
Four short links: 5 November 2015

Four short links: 5 November 2015

Robotic Delivery, Materials Science, Open Source Project Management, and Open Source Secret Management

  1. Starship — robotic delivery, from Skype co-founders. Pilot in the U.K. next year, in U.S. the year after. (via Brad Templeton)
  2. Materials that Couple Sensing, Actuation, Computation, and Communication (PDF) — very readable rundown of the ways in which materials can be designed to sense, compute, actuate, and communicate. You should read this because if the Internet of Things is going to be big, then the real breakthroughs and leaps forward will be in the Things and not the Internet. (via CCC Blog)
  3. Taiga — open source agile software project management tool (backlog, kanban, tasks, sprints, burndown charts, that sort of thing). (via Jef Vratny)
  4. Confidant — a secret management system, for AWS, from Lyft. If you build services that need to talk to each other, it quickly gets difficult to distribute and manage permissions to those services. So, naturally, the solution is to add another service. (In accordance with the Fundamental Theorem of Computer Science.)
Comment
Four short links: 30 October 2015

Four short links: 30 October 2015

Cyber Threats, Secrecy Hurts R&D, Robot Bee, Long Live ChromeOS

  1. Emerging Cyber Threats Report (Georgia Tech) — no surprises, but another document to print and leave on the desk of the ostrich who thinks there’s no security problem.
  2. Apple’s Secrecy Hurts Its AI Development (Bloomberg) — “Apple is off the scale in terms of secrecy,” says Richard Zemel, a professor in the computer science department at the University of Toronto. “They’re completely out of the loop.”
  3. Swimming Robobees (Harvard) — The Harvard RoboBee, designed in Wood’s lab, is a microrobot, smaller than a paperclip, that flies and hovers like an insect, flapping its tiny, nearly invisible wings 120 times per second. It can fly and swim.
  4. Android and Chromestarting next year, the company will work with partners to build personal computers that run on Android, according to sources familiar with the company’s plans. The Chrome browser and operating systems aren’t disappearing — PC makers that produce Chromebooks will still be able to use Chrome. Security gurus sad because ChromeOS is most secure operating system in use.
Comment
Four short links: 29 October 2015

Four short links: 29 October 2015

Cloud Passports, Better Python Notebooks, Slippery Telcos, and Python Data Journalism

  1. Australia Floating the Idea of Cloud PassportsUnder a cloud passport, a traveller’s identity and biometrics data would be stored in a cloud, so passengers would no longer need to carry their passports and risk having them lost or stolen. That sound you hear is Taylor Swift on Security, quoting “Wildest Dreams” into her vodka and Tang: “I can see the end as it begins.” This article is also notable for The idea of cloud passports is the result of a hipster-style-hackathon.
  2. Jupyter — Python Notebooks that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Uses include: data cleaning and transformation, numerical simulation, statistical modeling, machine learning, and much more.
  3. Telcos $24B Business In Your DataUnder the radar, Verizon, Sprint, Telefonica, and other carriers have partnered with firms including SAP, IBM, HP, and AirSage to manage, package, and sell various levels of data to marketers and other clients. It’s all part of a push by the world’s largest phone operators to counteract diminishing subscriber growth through new business ventures that tap into the data that showers from consumers’ mobile Web surfing, text messaging, and phone calls. Even if you do pay for it, you’re still the product.
  4. Introducing Agate — a Python data analysis library designed to be useable by non-data-scientists, so leads to readable and predictable code. Target market: data journalists.
Comment