- Efficient Algorithms for Public-Private Social Networks — Google Research paper on privacy-respecting algorithms for social networks. From the overview: the models of privacy we’re landing on (nodes or edges in the graph are marked as “private” by a user) mean that enforcing these privacy guarantees translates to solving a different algorithmic problem for each user in the network, and for this reason, developing algorithms that process these social graphs and respect these privacy guarantees can become computationally expensive. The paper shows how to efficiently approximate some of the graph operations required to run a social network.
- Rise of Networked Platforms for Physical World Services (Tim O’Reilly) — the central player begins by feeding its network of suppliers, but eventually begins to compete with it. […] Over time, as networks reach monopoly or near-monopoly status, they must wrestle with the issue of how to create more value than they capture — how much value to take out of the ecosystem, versus how much they must leave for other players in order for the marketplace to continue to thrive.
- Book Recommendations from BLDBLOG — Winslow memorably pointed out how farmers in the Sinaloa region of Mexico had been swept up into the cartel’s infinitely flexible method of production, and that, despite any ensuing role growing and harvesting marijuana or even poppies, the cartel offered them new jobs in logistics, not agriculture. “They didn’t want to be farmers,” Winslow said at Bookcourt, “they wanted to be FedEx.”
- The End of the Internet Dream (Jennifer Granick) — this is all gold. Something resonating with my current meditations: People are sick and tired of crappy software. And they aren’t going to take it any more. The proliferation of networked devices — the Internet of Things — is going to mean all kinds of manufacturers traditionally subject to products liability are also software purveyors. If an autonomous car crashes, or a networked toaster catches on fire, you can bet there is going to be product liability. […] I think software liability is inevitable. I think it’s necessary. I think it will make coding more expensive, and more conservative. I think we’ll do a crappy job of it for a really long time.
"security" entries
Batten down the hatches
Four core questions that every security team must ask itself to develop its strategy in dealing with attacks.
Massive software vulnerabilities have been surfacing with increasingly high visibility, and the world’s computer administrators are repeatedly thrust into the cycle of confusion, anxiety, patching and waiting for the Next Big One. The list of high profile vulnerabilities in widely used software packages and platforms continues to rise. A recent phenomenon has researchers borrowing from the National Hurricane Center’s tradition, to introduce a vulnerability with a formal name. Similar to hurricanes and weather scientists, security researchers, analysts, and practitioners observe and track vulnerabilities as more details unfold and the true extent of the risk (and subsequent damage) is known.
Take for example the Android vulnerability released at the beginning of August, 20151. This vulnerability, named “Stagefright” after its eponymous application, can lead to remote code execution (RCE) through several vectors including MMS, Email, HTTP, Media applications, Bluetooth, and more. These factors coupled with the fact that at its release there were no approved patches available for upwards of 95% of the world’s mobile Android footprint means the vulnerability is serious — especially to any organization with a significant Android population.
Four short links: 19 August 2015
Privacy-Respecting Algorithms, Dealers Growing, Book Recommendations, and End of Internet Dreams
Four short links: 14 August 2015
Jeep Hack, Blockchain for Beginners, Three Next:Economy Papers, and Signs of Self-Destruction
- The Jeep Cherokee Hack (Kaspersky) — details from the Black Hat talk.
- The Complete Beginner’s Guide to Blockchain Technology — in case you’ve been slipping on your nerd cred.
- Automation Angst (The Economist) — discusses three papers: (1) automation creates new jobs; (2) the sweet-spot of automation has been in mid-range intellectual, mid-rate physical tasks; and (3) know the history of automation/unemployment scares.
- Observational Signatures of Self-Destructive Civilisations (arXiv) — Using the Earth as an example, we consider a variety of scenarios in which humans could extinguish their own technological civilisation. Each scenario presents some form of observable signature that could be probed by astronomical campaigns to detect and characterise extrasolar planetary systems. I feel like there’s a business form of this paper, too …
Four short links: 12 August 2015
Economic Futures, Space War, State of Security, and Algorithmic Fairness
- Possible Economics Models (Jamais Cascio) — economic futures filtered through Doctorovian prose. Griefer Economics: Information is power, especially when it comes to finance, and the increasing use of ultra-fast computers to manipulate markets (and drive out “weaker” competitors) is moving us into a world where market position isn’t determined by having the best offering, but by having the best tool. Rules are gamed, opponents are beaten before they even know they’re playing, and it all feels very much like living on a PvP online game server where the referees have all gone home. Relevant to Next:Economy.
- War in Space May Be Closer Than Ever (SciAm) — Today, the situation is much more complicated. Low- and high-Earth orbits have become hotbeds of scientific and commercial activity, filled with hundreds upon hundreds of satellites from about 60 different nations. Despite their largely peaceful purposes, each and every satellite is at risk, in part because not all members of the growing club of military space powers are willing to play by the same rules — and they don’t have to, because the rules remain as yet unwritten. There’s going to be a bitchin’ S-1 risks section when Planet Labs files for IPO.
- Not Even Close: The State of Computer Security (Vimeo) — In this bleak, relentlessly morbid talk, James Mickens will describe why making computers secure is an intrinsically impossible task. He will explain why no programming language makes it easy to write secure code. He will then discuss why cloud computing is a black hole for privacy, and only useful for people who want to fill your machine with ads, viruses, or viruses that masquerade as ads. At this point in the talk, an audience member may suggest that bitcoins can make things better. Mickens will laugh at this audience member and then explain why trusting the bitcoin infrastructure is like asking Dracula to become a vegan. Mickens will conclude by describing why true love is a joke and why we are all destined to die alone and tormented. The first ten attendees will get balloon animals, and/or an unconvincing explanation about why Mickens intended to (but did not) bring balloon animals. Mickens will then flee on horseback while shouting “The Prince of Lies escapes again!”
- Algorithms and Bias (NYTimes) — interview w/Cynthia Dwork from Microsoft Research. Fairness means that similar people are treated similarly. A true understanding of who should be considered similar for a particular classification task requires knowledge of sensitive attributes, and removing those attributes from consideration can introduce unfairness and harm utility.
Coming up at Solid Amsterdam
A look at our unified program for unified creators.
.jpg)
Register now for Solid Amsterdam 2015, our conference exploring the intersections of manufacturing, design, hardware, software, and business strategy. The event will take place in Amsterdam on October 28, 2015.
Creating a great product means knowing something about many things: design, prototyping, electronics, software, manufacturing, marketing, and business strategy. That’s the blend that Solid brings together: over our one-day program at Solid Amsterdam on October 28, 2015, we’ll walk through a range of inspiration and insight that’s essential for anyone who creates physical products — consumer devices, industrial machines, and everything in between.
Start with design: it’s the first discipline that’s called on to master any new technology, and designers whose work has been confined to the digital realm are now expected to understand hardware and connected systems as well.
Design at Solid begins with our program co-chair, Marko Ahtisaari, who was head of product design at Nokia from 2009 to 2013, and is now CEO and co-founder of The Sync Project. We’ll also hear from Thomas Widdershoven, creative director at Design Academy Eindhoven and co-founder of thonik, a design studio whose work specializes in interaction and motion design. Read more…
Four short links: 4 August 2015
Data-Flow Graphing, Realtime Predictions, Robot Hotel, and Open-Source RE
- Data-flow Graphing in Python (Matt Keeter) — not shared because data-flow graphing is sexy new hot topic that’s gonna set the world on fire (though, I bet that’d make Matt’s day), but because there are entire categories of engineering and operations migraines that are caused by not knowing where your data came from or goes to, when, how, and why. Remember Wirth’s “algorithms + data structures = programs”? Data flows seem like a different slice of “programs.” Perhaps “data flow + typos = programs”?
- Machine Learning for Sports and Real-time Predictions (Robohub) — podcast interview for your commute. Real time is gold.
- Japan’s Robot Hotel is Serious Business (Engadget) — hotel was architected to suit robots: For the porter robots, we designed the hotel to include wide paths.” Two paths slope around the hotel lobby: one inches up to the second floor, while another follows a gentle decline to guide first-floor guests (slowly, but with their baggage) all the way to their room. Makes sense: at Solid, I spoke to a chap working on robots for existing hotels, and there’s an entire engineering challenge in navigating an elevator that you wouldn’t believe.
- bokken — GUI to help open source reverse engineering for code.
Four short links: 22 July 2015
Smart Headlights, Habitual Speed, AI Authors, and Programming Language Evolution
- Ford’s Smart Headlights — spotlights targeted by infra-red, and accumulating knowledge of fixed features to illuminate. Wonder what an attacker can do to it?
- Speed as a Habit — You don’t have to be militant about it, just consistently respond that today is better than tomorrow, that right now is better than six hours from now. This is chock full of good advice, and the occasional good story.
- Coding Creativity: Copyright and the Artificially Intelligent Author (PDF) — if AI creates cultural works (e.g., DeepDream images), who owns those works? Suggests that “work for hire” doctrine may be the way to answer that in the future. (via Andreas Schou)
- Punctuated Equilibrium in the Large-Scale Evolution of Programming Languages (PDF) — Here we study the large-scale historical development of programming languages, which have deeply marked social and technological advances in the last half century. We analyse their historical connections using network theory and reconstructed phylogenetic networks. Using both data analysis and network modeling, it is shown that their evolution is highly uneven, marked by innovation events where new languages are created out of improved combinations of different structural components belonging to previous languages. These radiation events occur in a bursty pattern and are tied to novel technological and social niches. The method can be extrapolated to other systems and consistently captures the major classes of languages and the widespread horizontal design exchanges, revealing a punctuated evolutionary path. (via Jarkko Hietaniemi)
Four short links: 20 July 2015
Less Spam, Down on Dropdowns, Questioning Provable Security, and Crafting Packets
- Spam Under Half of Email (PDF) — Symantec report: There is good news this month on the email-based front of the threat landscape. According to our metrics, the overall spam rate has dropped to 49.7%. This is the first time this rate has fallen below 50% of email for over a decade. The last time Symantec recorded a similar spam rate was clear back in September of 2003.
- Dropdowns Should be the UI of Last Resort (Luke Wroblewski) — Well-designed forms make use of the most appropriate input control for each question they ask. Sometimes that’s a stepper, a radio group, or even a dropdown menu. But because they are hard to navigate, hide options by default, don’t support hierarchies, and only enable selection not editing, dropdowns shouldn’t be the first UI control you reach for. In today’s software designs, they often are. So instead, consider other input controls first and save the dropdown as a last resort.
- Another Look at Provable Security — In our time, one of the dominant paradigms in cryptographic research goes by the name “provable security.” This is the notion that the best (or, some would say, the only) way to have confidence in the security of a cryptographic protocol is to have a mathematically rigorous theorem that establishes some sort of guarantee of security (defined in a suitable way) under certain conditions and given certain assumptions. The purpose of this website is to encourage the emergence of a more skeptical and less credulous attitude toward this notion and to contribute to a process of critical analysis of the positive and negative features of the “provable security” paradigm.
- Pig (github) — a Linux packet crafting tool. You can use Pig to test your IDS/IPS among other stuffs.
Four short links: 15 July 2015
OpeNSAurce, Multimaterial Printing, Functional Javascript, and Outlier Detection
- System Integrity Management Platform (Github) — NSA releases security compliance tool for government departments.
- 3D-Printed Explosive Jumping Robot Combines Firm and Squishy Parts (IEEE Spectrum) — Different parts of the robot grade over three orders of magnitude from stiff like plastic to squishy like rubber, through the use of nine different layers of 3D printed materials.
- Professor Frisby’s Mostly Adequate Guide to Functional Programming — a book on functional programming, using Javascript as the programming language.
- Tracking Down Villains — the software and algorithms that Netflix uses to detect outliers in their infrastructure monitoring.
Four short links: 3 July 2015
Storage Interference, Open Source SSL, Pub-Sub Reverse-Proxy, and Web Components Checklist
- The Storage Tipping Point — the performance optimization technologies of the last decade – log structured file systems, coalesced writes, out-of-place updates and, soon, byte-addressable NVRAM – are conflicting with similar-but-different techniques used in SSDs and arrays. The software we use is written for dumb storage; we’re getting smart storage; but smart+smart = fragmentation, write amplification, and over-consumption.
- s2n — Amazon’s open source ssl implementation.
- pushpin — a reverse proxy server that makes it easy to implement WebSocket, HTTP streaming, and HTTP long-polling services. It communicates with backend web applications using regular, short-lived HTTP requests (GRIP protocol). This allows backend applications to be written in any language and use any webserver.
- The Gold Standard Checklist for Web Components — This is a working draft of a checklist to define a “gold standard” for web components that aspire to be as predictable, flexible, reliable, and useful as the standard HTML elements.