Menu
"security" entries
Machine Music Learning, Cyber War, Backing Out Ads, and COBOL OF THE 2020s
-
The Hit Charade (MIT TR) — Spotify’s deep-learning system still has to be trained using millions of example songs, and it would be perplexed by a bold new style of music. What’s more, such algorithms cannot arrange songs in a creative way. Nor can they distinguish between a truly original piece and yet another me-too imitation of a popular sound. Johnson acknowledges this limitation, and he says human expertise will remain a key part of Spotify’s algorithms for the foreseeable future.
-
The Future of War is the Distant Past (John Birmingham) — the Naval Academy is hedging against the future by creating cybersecurity midshipmen, and by requiring every midshipman to learn how to do celestial navigation.
-
What Happens Next Will Amaze You (Maciej Ceglowski) — the next in Maciej’s amazing series of keynotes, where he’s building a convincing case for fixing the Web.
-
Go Will Dominate the Next Decade (Ian Eyberg) — COBOL OF THE 2020s. There, I saved you the trouble.
Google's Code, China's Pledge, MD5's Cracks, and Toyota's Robotics Hire
-
Google’s 2 Billion Lines of Code (Wired) — 85TB, 45,000 changes/day in Google’s DVCS “Piper.” They’re looking at Mercurial.
-
China Extracting Pledge of Compliance from US Firms (NY Times) — The letter also asks the American companies to ensure their products are “secure and controllable,” a catchphrase that industry groups said could be used to force companies to build so-called back doors — which allow third-party access to systems — provide encryption keys or even hand over source code.
-
MD5 To Be Considered Harmful Some Day (Adrian Colyer) — walkthrough of Dan Kaminsky’s paper on the growing number of cracks in MD5.
-
Toyota’s Robot Car Plans (IEEE Spectrum) — Toyota hired the former head of DARPA’s Robotics Challenge. Pratt explained that a U.S. $50 million R&D collaboration with MIT and Stanford is just the beginning of a large and ambitious program whose goal is developing intelligent vehicles that can make roads safer and robot helpers that can improve people’s lives at home.
Bricklaying Robots, Photographic Insecurity, Quantum-Resistant Crypto, and Garbage Subtraction
-
Bricklaying Robot Lays 3x Speed of Humans (MIT TR) — The robot can correct for the differences between theoretical building specifications and what’s actually on site, says Scott Peters, co-founder of Construction Robotics, a company based in Victor, New York, that designed SAM as its debut product. (via Audrey Watters)
-
When a Photo Ends Your Security (Bruce Schneier) — the TSA’s master key was shown in a Washington Post photo spread, so now it can be recreated from the photo.
-
Online Security Braces for Quantum Revolution (Nature) — PQCRYPTO, a European consortium of quantum-cryptography researchers in academia and industry, released a preliminary report on 7 September recommending cryptographic techniques that are resistant to quantum computers […] It favoured the McEliece system, which has resisted attacks since 1978, for public-key cryptography.
-
The New Wave is Garbage Subtracted (Adam Trachtenberg) — Adam found some amazingly prescient writing from Esther Dyson. The new wave is not value-added; it’s garbage-subtracted. The job of the future is PR guy, not journalist. I’m too busy reading, so why should I pay for more things to read? Anything anyone didn’t pay to send to me…I’m not going to read.
Serverless Microservers, Data Privacy, NAS Security, and Mobile Advertising
-
Microservices Without the Servers (Amazon) — By “serverless,” we mean no explicit infrastructure required, as in: no servers, no deployments onto servers, no installed software of any kind. We’ll use only managed cloud services and a laptop. The diagram below illustrates the high-level components and their connections: a Lambda function as the compute (“backend”) and a mobile app that connects directly to it, plus Amazon API Gateway to provide an HTTP endpoint for a static Amazon S3-hosted website.
-
Privacy vs Data Science — claims Apple is having trouble recruiting top-class machine learning talent because of the strict privacy-driven limits on data retention (Siri data: 6 months, Maps: 15 minutes). As a consequence, Apple’s smartphones attempt to crunch a great deal of user data locally rather than in the cloud.
-
NAS Backdoors — firmware in some Seagate NAS drives is very vulnerable. It’s unclear whether these are Seagate-added, or came with third-party bundled software. Coming soon to lightbulbs, doors, thermostats, and all your favorite inanimate objects. (via BetaNews)
-
Most Consumers Wouldn’t Pay Publishers What It Would Take to Replace Mobile Ad Income — they didn’t talk to this consumer.
Lock Patterns, Peer-to-Peer Markets, Community Products, and Speech Recognition
-
The Surprising Predictability of Android Lock Patterns (Ars Technica) — people use the same type of strategy for remembering a pattern as a password
-
Peer to Peer Markets (PDF) — We discuss elements of market design that make this possible, including search and matching algorithms, pricing, and reputation systems. We then develop a simple model of how these markets enable entry by small or flexible suppliers, and the resulting impact on existing firms. Finally, we consider the regulation of peer-to-peer markets, and the economic arguments for different approaches to licensing and certification, data, and employment regulation.
-
16 Product Things I learned at Imgur — You can A/B test individuals, but it’s nearly impossible to A/B test communities because they work based on a mutually reinforcing self-conception. Use a combination of intuition (which comes from experience), talking to other community managers and 1:1 contact with a sample of your community. But you’ll still be wrong a lot.
-
kaldi — a toolkit for speech recognition written in C++ and licensed under the Apache License v2.0
Linux Security Checklist, Devops for Water Bags, Summarising Reviews, and Exoskeleton with BMI
-
Linux Workstation Security Checklist — This is a set of recommendations used by the Linux Foundation for their systems administrators.
-
Giant Bags of Mostly Water (PDF) — on securing systems that are used by humans. This is what DevOps is about: running Ops like you’re Developing an app, not letting your devs run your ops.
-
Mining and Summarising Customer Reviews (Paper a Day) — redux of a 2004 paper on sentiment extraction from reviews.
-
Brain-Machine-Interface for Exoskeleton — no need to worry about the “think of sex every seven seconds” trope, the new system allows users to move forwards, turn left and right, sit and stand simply by staring at one of five flickering LEDs.
Ad Blockers, Self-Evaluation, Blockchain Podcast, and Mobile Fingerprints
-
10 Ad Blocking Extensions Tested for Best Performance — This test is about the performance of an ad blocker in terms of how quickly it loads a range of ad blocked pages, the maximum amount of memory it uses, and how much stress it puts on the CPU. µBlock Origin wins for Chrome. (via Nelson Minar)
-
Staff Evaluation of Me (Karl Fisch) — I also tried the Google Form approach. 0 responses, from which I concluded that nobody had any problems with me and DEFINITELY no conclusions could be drawn about my coworkers creating mail filters to mark my messages as spam.
-
Blockchain (BBC) — episode on the blockchain that does a good job of staying accurate while being comprehensible. (via Sam Kinsley)
-
Fingerprints On Mobile Devices: Abusing and Leaking (PDF) — We will analyze the mobile fingerprint authentication and authorization frameworks, and discuss several security pitfalls of the current designs, including: Confused Authorization Attack; Unsecure fingerprint data storage; Trusted fingerprint sensors exposed to the untrusted world; Backdoor of pre-embedding fingerprints.
Chrome as APT, Nature's Mimicry, Information Extraction, and Better 3D Printing
-
The Advanced Persistent Threat You Have: Google Chrome (PDF) — argues that if you can’t detect and classify Google Chrome’s self-updating behavior, you’re not in a position to know when you’re hit by malware that also downloads and executes code from the net that updates executables and system files.
-
Things Mimicking Other Things — nifty visual catalog/graph of camouflage and imitation in nature.
-
MITIE — permissively-licensed (Boost) tools for named entity extraction and binary relation detection as well as tools for training custom extractors and relation detectors.
-
MultiFab Prints 10 Materials At Once — and uses computer vision to self-calibrate and self-correct, as well as letting users embed objects (e.g., circuit boards) in the print. developed by CSAIL researchers from low-cost, off-the-shelf components that cost a total of $7,000
Microservices Anti-Patterns, Reverse Engineering Course, Graph Language, and Automation Research
-
Seven Microservices Anti-Patterns — One common mistake people made with SOA was misunderstanding how to achieve the reusability of services. Teams mostly focused on technical cohesion rather than functional regarding reusability. For example, several services functioned as a data access layer (ORM) to expose tables as services; they thought it would be highly reusable. This created an artificial physical layer managed by a horizontal team, which caused delivery dependency. Any service created should be highly autonomous – meaning independent of each other.
-
CSCI 4974 / 6974 Hardware Reverse Engineering — RPI CS course in reverse engineering.
-
The Gremlin Graph Traversal Language (Slideshare) — preso on a language for navigating graph data structures, which is part of the Apache TinkerPop (“Open Source Graph Computing”) suite.
-
Why Are There Still So Many Jobs? The History and Future of Workplace Automation (PDF) — paper about the history of technology and labour. The issue is not that middle-class workers are doomed by automation and technology, but instead that human capital investment must be at the heart of any long-term strategy for producing skills that are complemented by rather than substituted for by technological change. Found via Scott Santens’s comprehensive rebuttal.
Real World Security, Car Hacking, News Designs, and Graphs in Shared Memory
-
This World of Ours (PDF) — funny and accurate skewering of the modern security researcher. In the real world, threat models are much simpler (see Figure 1). Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://.
-
Highway to Hack: Why We’re Just at the Beginning of the Auto Hacking Era (Ars Technica) — detailed article covering the state of in-car networks and the security risks therein. (via BoingBoing)
-
64 Ways to Think about a News Homepage — design and content ideas.
-
Ligra — a lightweight graph processing framework for shared memory. It is particularly suited for implementing parallel graph traversal algorithms where only a subset of the vertices are processed in an iteration.