ENTRIES TAGGED "security"

Four short links: 22 April 2014

Four short links: 22 April 2014

In-Browser Data Filtering, Alternative to OpenSSL, Game Mechanics, and Selling Private Data

  1. PourOver — NYT open source Javascript for very fast in-browser filtering and sorting of large collections.
  2. LibreSSL — OpenBSD take on OpenSSL. Unclear how sustainable this effort is, or how well adopted it will be. Competing with OpenSSL is obviously an alternative to tackling the OpenSSL sustainability question by funding and supporting the existing OpenSSL team.
  3. Game Mechanic Explorer — helps learners by turning what they see in games into the simple code and math that makes it happen.
  4. HMRC to Sell Taxpayers’ Data (The Guardian) — between this and the UK govt’s plans to sell patient healthcare data, it’s clear that the new government question isn’t whether data have value, but rather whether the collective has the right to retail the individual’s privacy.
Comment
Four short links: 15 April 2014

Four short links: 15 April 2014

Open Access, Lego Scanner, Humans Return, and Designing Security into IoT

  1. Funders Punish Open Access Dodgers (Nature) — US’s NIH and UK’s Wellcome Trust are withholding funding from academics who haven’t released their data despite it being a condition of past funding. It’s open access’s grab twist and pull move.
  2. Digitize Books with Mindstorms and Raspberry Pi — Lego to turn the page, Pi to take photo.
  3. Humans Steal Jobs from Robots at Toyota (Bloomberg) — Toyota’s next step forward is counter-intuitive in an age of automation: Humans are taking the place of machines in plants across Japan so workers can develop new skills and figure out ways to improve production lines and the car-building process.
  4. Implementer’s Guide to Security for Internet of Things, Devices and Beyond (PDF) — This white paper outlines a set of practical and pragmatic security considerations for organisations designing, developing and, testing Internet of Things (IoT) devices and solutions. The purpose of this white paper is to provide practical advice for consideration as part of the product development lifecycle.
Comment

Security and the Internet of stuff in your life

The IoT isn't just a new attack surface to get into your enterprise — it's giving the Internet eyes and arms.

Your computer is important. It has access to your Amazon account, probably your bank, your tax returns, and maybe even your medical records. It’s scary when it gets pwnd, and it gets pwned regularly because it’s essentially impossible to fully secure a general purpose computing device. But the good news is that, at least for now, your computer can’t climb up the stairs and bludgeon you to death in your sleep. The things it manipulates are important to you, but they are (mostly) contained in the abstract virtual realm of money and likes.

The Internet of Things is different. We are embarking on an era where the things we own will be as vulnerable as our PCs, but now they interact with the real world via sensors and actuators. They have eyes and arms, and some of them in the not-too-distant future really will be able to climb the stairs and punch you in the face.

This piece from the New York Times has been getting some attention because it highlights how smart things represent an increased attack surface for infiltration. It views smart devices as springboards into an enterprise rather than the object of the attack, and that will certainly be true in many cases. Read more…

Comments: 3
Four short links: 7 April 2014

Four short links: 7 April 2014

Auto Ethics, Baio on Medium, Internet of Insecure Things, New Unlicensed Spectrum

  1. Can We Design Systems to Automate Ethics — code in self-driving cars will implement a solution to the trolley problem. But which solution?
  2. My First Post on Medium (Andy Baio) — one or two glitches but otherwise fine demonstration of what’s possible with Medium.
  3. SCADA Vulnerability: 7600 Plants at Risk (BBC) — the vulnerabilities are in unpatched Centum CS 3000 software. The real business for IoT is secure remote updates and monitoring. (via Slashdot)
  4. New Unlicensed SpectrumThe unanimous vote frees up 100 MHz of airwaves in the lower part of 5 GHz spectrum band. Previously, the FCC reserved those airwaves for exclusive use by a satellite phone company. The FCC vote opens those unlicensed airwaves so they can be used by consumer electronics equipment, including Wi-Fi routers. With the new airwaves, Wi-Fi equipment can handle more traffic at higher speeds.
Comment: 1

Pursuing adoption of free and open source software in governments

LibrePlanet explores hopes and hurdles.

Free and open source software creates a natural — and even necessary — fit with government. I joined a panel this past weekend at the Free Software Foundation conference LibrePlanet on this topic and have covered it previously in a journal article and talk. Our panel focused on barriers to its adoption and steps that free software advocates could take to reach out to government agencies.

LibrePlanet itself is a unique conference: a techfest with mission — an entirely serious, feasible exploration of a world that could be different. Participants constantly ask: how can we replace the current computing environment of locked-down systems, opaque interfaces, intrusive advertising-dominated services, and expensive communications systems with those that are open and free? I’ll report a bit on this unusual gathering after talking about government.
Read more…

Comment: 1
Four short links: 20 March 2014

Four short links: 20 March 2014

Smart Objects, Crypto Course, Culture Design, and Security v Usability

  1. Smart Interaction Lab — some interesting prototyping work designing for smart objects.
  2. Crypto 101 — self-directory crypto instruction. (via BoingBoing)
  3. Chipotle Culture — interesting piece on Chipotle’s approach to building positive feedback loops around training. Reminded me of Ben Horowitz’s “Why You Should Train Your People”.
  4. Keybase.io Writeup (Tim Bray) — Tim’s right, that removing the centralised attack point creates a usability problem. Systems that are hardest to attack are also the ones that are hardest for Normal People to use. (Can I coin this as the Torkington Conjecture, with the corollary that sufficiently stupid users are indistinguishable from intelligent attackers?)
Comment
Four short links: 17 March 2014

Four short links: 17 March 2014

Wireframe Quiz, Business Values, Mobile Dev, and the Bad Guy Mindset

  1. De-Design the Web — quiz, can you recognise common websites from just their wireframes? For the non-designer (like myself) it’s a potent reminder of the power of design. Design’s front of mind as we chew on the Internet of Affordances. (via USvsTHEM)
  2. Words I Hold Dear (Slideshare) — short but effective presentation on values in business. If you are confident that you can bear responsibility, and will not do anything immoral, illegal, or unethical, then it is not too hard to choose the path that promises the most adventure.
  3. Android Development for iOS Devs — in case you had forgotten that developing for multiple mobile platforms is like a case of fire-breathing butt warts. (not good)
  4. The World Through the Eyes of Hackers (PDF) — I’ve long thought that the real problem is that schools trains subordinates to meet expectations and think like a Nice Person, but defence is only possible when you know how to break expectations and think like a Bad Guy.
Comment: 1
Four short links: 11 March 2014

Four short links: 11 March 2014

Game Analysis, Brave New (Disney)World, Internet of Deadly Things, and Engagement vs Sharing

  1. In-Game Graph Analysis (The Economist) — one MLB team has bought a Cray Ulrika graph-processing appliance for in-game analysis of data. Please hold, boggling. (via Courtney Nash)
  2. Disney Bets $1B on Technology (BusinessWeek) — MyMagic+ promises far more radical change. It’s a sweeping reservation and ride planning system that allows for bookings months in advance on a website or smartphone app. Bracelets called MagicBands, which link electronically to an encrypted database of visitor information, serve as admission tickets, hotel keys, and credit or debit cards; a tap against a sensor pays for food or trinkets. The bands have radio frequency identification (RFID) chips—which critics derisively call spychips because of their ability to monitor people and things. (via Jim Stogdill)
  3. Stupid Smart Stuff (Don Norman) — In the airplane, the pilots are not attending, but when trouble does arise, the extremely well-trained pilots have several minutes to respond. In the automobile, when trouble arises, the ill-trained drivers will have one or two seconds to respond. Automobile designers – and law makers – have ignored this information.
  4. What You Think You Know About the Web Is WrongChartbeat looked at deep user behavior across 2 billion visits across the web over the course of a month and found that most people who click don’t read. In fact, a stunning 55% spent fewer than 15 seconds actively on a page. The stats get a little better if you filter purely for article pages, but even then one in every three visitors spend less than 15 seconds reading articles they land on. The entire article makes some powerful points about the difference between what’s engaged with and what’s shared. Articles that were clicked on and engaged with tended to be actual news. In August, the best performers were Obamacare, Edward Snowden, Syria and George Zimmerman, while in January the debates around Woody Allen and Richard Sherman dominated. The most clicked on but least deeply engaged-with articles had topics that were more generic. In August, the worst performers included Top, Best, Biggest, Fictional etc while in January the worst performers included Hairstyles, Positions, Nude and, for some reason, Virginia. That’s data for you.
Comment
Four short links: 10 March 2014

Four short links: 10 March 2014

Wolfram Language, Historic Innovation, SF Culture Wars, and Privacy's Death

  1. Wolfram Language — a broad attempt to integrate types, operations, and databases along with deployment, parallelism, and real-time I/O. The demo video is impressive, not just in execution but in ambition. Healthy skepticism still necessary.
  2. Maury, Innovation, and Change (Cory Ondrejka) — amazing historical story of open data, analysis, visualisation, and change. In the mid-1800’s, over the course of 15 years, a disabled Lieutenant changed the US Navy and the world. He did it by finding space to maneuver (as a trouble maker exiled to the Navy Depot), demonstrating value with his early publications, and creating a massive network effect by establishing the Naval Observatory as the clearing house for Navigational data. 150 years before Web 2.0, he built a valuable service around common APIs and aggregated data by distributing it freely to the people who needed it.
  3. Commuter Shuttle and 21-Hayes EB Bus Stop Observations (Vimeo) — timelapse of 6:15AM to 9:15AM at an SF bus stop Worth watching if you’re outside SF and wondering what they’re talking about when the locals rage against SF becoming a bedroom community for Valley workers.
  4. A Day of Speaking Truth to Power (Quinn Norton) — It was a room that had written off privacy as an archaic structure. I tried to push back, not only by pointing out this was the opening days of networked life, and so custom hadn’t caught up yet, but also by recommending danah boyd’s new book It’s Complicated repeatedly. To claim “people trade privacy for free email therefore privacy is dead” is like 1800s sweatshop owners claiming “people trade long hours in unpleasant conditions for miserable pay therefore human rights are dead”. Report of privacy’s death are greatly exaggerated.
Comment

Big data and privacy: an uneasy face-off for government to face

MIT workshop kicks off Obama campaign on privacy

Thrust into controversy by Edward Snowden’s first revelations last year, President Obama belatedly welcomed a “conversation” about privacy. As cynical as you may feel about US spying, that conversation with the federal government has now begun. In particular, the first of three public workshops took place Monday at MIT.

Given the locale, a focus on the technical aspects of privacy was appropriate for this discussion. Speakers cheered about the value of data (invoking the “big data” buzzword often), delineated the trade-offs between accumulating useful data and preserving privacy, and introduced technologies that could analyze encrypted data without revealing facts about individuals. Two more workshops will be held in other cities, one focusing on ethics and the other on law.

Read more…

Comment