ENTRIES TAGGED "security"
Modern Security Ethics, Punk'd Chinese Cyberwarriors, Web Tracing, and Lightweight Server OS
- White Hat’s Dilemma (Google Docs) — amazeballs preso with lots of tough ethical questions for people in the computer field.
- Chinese Hacking Team Caught Taking Over Decoy Water Plant (MIT Tech Review) — Wilhoit went on to show evidence that other hacking groups besides APT1 intentionally seek out and compromise water plant systems. Between March and June this year, 12 honeypots deployed across eight different countries attracted 74 intentional attacks, 10 of which were sophisticated enough to wrest complete control of the dummy control system.
- Web Tracing Framework — Rich tools for instrumenting, analyzing, and visualizing web apps.
- CoreOS — Linux kernel + systemd. That’s about it. CoreOS has just enough bits to run containers, but does not ship a package manager itself. In fact, the root partition is completely read-only, to guarantee consistency and make updates reliable. Docker-compatible.
Startups Class, Container Deployment, Cryptopocalypse, and Program Design
- EP245 Downloads — class materials from the Udacity “How to Build a Startup” course.
- scrz.io — easy container deployment.
- The Factoring Dead: Preparing for the Cryptopocalypse — how RSA and Diffie-Helman crypto might be useless in the next few years.
- How to Design Programs — 2ed text is a work-in-progress.
Security Sensor, Mobile Speed, Rate Limiting, and Self-Assembling Drone
- Canary (IndieGogo) — security sensor with video, motion, temperature, microphone, speaker, accelerometer, and smartphone remote control.
- Page Speed is Only The Beginning — 73% of mobile internet users say they’ve encountered Web pages that are too slow. A 1 second delay can result in a 7% reduction in conversions.
- Rate Limiting and Velocity Checking (Jeff Atwood) — I was shocked how little comprehensive information was out there on rate limiting and velocity checking for software developers, because they are your first and most important line of defense against a broad spectrum of possible attacks. It’s amazing how many attacks you can mitigate or even defeat by instituting basic rate limiting. (via Alex Dong)
- Self-Assembling Multicopter (DIY Drones) — The true accomplishment of this research is that there is not one robot in control – each unit in itself decides what actions to take to keep the group in the air in what’s known as Distributed Flight Array. (via Slashdot)
Antivirus Numbers, 3D Printer Explosion, 3D Printing's Particulate Problem, and Simulating Touch
- The Anti-Virus Age is Over — for every analyst that an AV company hires, the bad guys can hire 10 developers.
- 3D Printing’s 2014 Renaissance (Quartz) — patents on sintering about to expire which will open up hi-res production. Happened in the past when patents on fixed deposition modelling expired: Within just a few years of the patents on FDM expiring, the price of the cheapest FDM printers fell from many thousands of dollars to as little as $300.
- Ultrafine Particle Emissions from Desktop 3D Printers (Science Direct) — Because most of these devices are currently sold as standalone devices without any exhaust ventilation or filtration accessories, results herein suggest caution should be used when operating in inadequately ventilated or unfiltered indoor environments. (via Slashdot)
- Aireal — focussed changes in air pressure simulate sensations of touch. The machine itself is essentially a set of five speakers in a box–subwoofers that track your body through IR, then fire low frequencies through a nozzle to form donut-like vortices (I imagine the system as a cigar-smoking Microsoft Kinect). [...] In practice, Aireal can do anything from creating a button for you to touch in midair to crafting whole textures by pulsing its bubbles to mimic water, stone, and sand. (via BoingBoing)
Rules of the Internet, Bigness of the Data, Wifi ADCs, and Google Flirts with Client-Side Encryption
- Ten Rules of the Internet (Anil Dash) — they’re all candidates for becoming “Dash’s Law”. I like this one the most: When a company or industry is facing changes to its business due to technology, it will argue against the need for change based on the moral importance of its work, rather than trying to understand the social underpinnings.
- Data Storage by Vertical (Quartz) — The US alone is home to 898 exabytes (1 EB = 1 billion gigabytes)—nearly a third of the global total. By contrast, Western Europe has 19% and China has 13%. Legally, much of that data itself is property of the consumers or companies who generate it, and licensed to companies that are responsible for it. And in the US—a digital universe of 898 exabytes (1 EB = 1 billion gigabytes)—companies have some kind of liability or responsibility for 77% of all that data.
- x-OSC — a wireless I/O board that provides just about any software with access to 32 high-performance analogue/digital channels via OSC messages over WiFi. There is no user programmable firmware and no software or drivers to install making x-OSC immediately compatible with any WiFi-enabled platform. All internal settings can be adjusted using any web browser.
- Google Experimenting with Encrypting Google Drive (CNet) — If that’s the case, a government agency serving a search warrant or subpoena on Google would be unable to obtain the unencrypted plain text of customer files. But the government might be able to convince a judge to grant a wiretap order, forcing Google to intercept and divulge the user’s login information the next time the user types it in. Advertising depends on the service provider being able to read your data. Either your Drive’s contents aren’t valuable to Google advertising, or it won’t be a host-resistant encryption process.
- Product Strategy Means Saying No — a resource for strength in saying ‘no’ to unplanned features and direction changes. My favourite illustration is for “but my cousin’s neighbour said”. Yes, this.
- git-imerge — incremental merge for git.
- The Paranoid #! Security Guide — Networked-Evil-Maid-Attacks (Attacker steals the actual SED and replaces it with another containing a tojanized OS. On bootup victim enters it’s password which is subsequently send to the attacker via network/local attacker hot-spot. Different method: Replacing a laptop with a similar model [at e.g. airport/hotel etc.] and the attacker’s phone# printed on the bottom of the machine. Victim boots up enters “wrong” password which is send to the attacker via network. Victim discovers that his laptop has been misplaced, calls attacker who now copies the content and gives the “misplaced” laptop back to the owner.)
Tracking Bitcoin, Gaming Deflation, Bloat-Aware Design, and Mapping Entity Relationships
- Quantitative Analysis of the Full Bitcoin Transaction Graph (PDF) — We analyzed all these large transactions by following in detail the way these sums were accumulated and the way they were dispersed, and realized that almost all these large transactions were descendants of a single transaction which was carried out in November 2010. Finally, we noted that the subgraph which contains these large transactions along with their neighborhood has many strange looking structures which could be an attempt to conceal the existence and relationship between these transactions, but such an attempt can be foiled by following the money trail in a succinctly persistent way. (via Alex Dong)
- Majority of Gamers Today Can’t Finish Level 1 of Super Mario Bros — Nintendo test, and the President of Nintendo said in a talk, We watched the replay videos of how the gamers performed and saw that many did not understand simple concepts like bottomless pits. Around 70 percent died to the first Goomba. Another 50 percent died twice. Many thought the coins were enemies and tried to avoid them. Also, most of them did not use the run button. There were many other depressing things we noted but I can not remember them at the moment. (via Beta Knowledge)
- Bloat-Aware Design for Big Data Applications (PDF) — (1) merging and organizing related small data record objects into few large objects (e.g., byte buffers) instead of representing them explicitly as one-object-per-record, and (2) manipulating data by directly accessing buffers (e.g., at the byte chunk level as opposed to the object level). The central goal of this design paradigm is to bound the number of objects in the application, instead of making it grow proportionally with the cardinality of the input data. (via Ben Lorica)
- Poderopedia (Github) — originally designed for investigative journalists, the open src software allows you to create and manage entity profile pages that include: short bio or summary, sheet of connections, long newsworthy profiles, maps of connections of an entity, documents related to the entity, sources of all the information and news river with external news about the entity. See the announcement and website.
Mobile Numbers, SSL Best Practices, Free and Open No More, and PRISM Budget
- Mobile Email Numbers (Luke Wroblewski) — 79% use their smartphone for reading email, a higher percentage than those who used it for making calls and in Feb ’12, mobile email overtook webmail client use.
- ProperSSL — a series of best practices for establishing SSL connections between clients and servers.
- How We Are Losing the War for the Free and Open Internet (Sue Gardner) — The internet is evolving into a private-sector space that is primarily accountable to corporate shareholders rather than citizens. It’s constantly trying to sell you stuff. It does whatever it wants with your personal information. And as it begins to be regulated or to regulate itself, it often happens in a clumsy and harmful way, hurting the internet’s ability to function for the benefit of the public.
- The Amazingly Low Cost of PRISM — breaks down costs to store and analyse the data gathered from major Internet companies. Total hardware cost per year for 3.75 EB of data storage: €168M
Huxley Beat Orwell?, Cloud Keys, Motorola's DARPA, and Internet Archive Credit Union
- Huxley vs Orwell — buy Amusing Ourselves to Death if this rings true. The future is here, it’s just not evenly surveilled. (via rone)
- KeyMe — keys in the cloud. (Digital designs as backups for physical objects)
- Motorola Advanced Technology and Products Group — The philosophy behind Motorola ATAP is to create an organization with the same level of appetite for technology advancement as DARPA, but with a consumer focus. It is a pretty interesting place to be. And they hired the excellent Johnny Chung Lee.
- Internet Credit Union — Internet Archive starts a Credit Union. Can’t wait to see memes on debit cards.