- Popular Chinese Android Smartphone Backdoored By Manufacturer — Coolpad is the third largest smartphone builder in China, and ranks sixth worldwide with 3.7 percent global market share. It trails only Lenovo and Xiaomi in China and is the leader of China’s 4G market with 16 percent market share. Coolpad outsells Samsung and Apple in China, and has said it plans to expand globally with a goal of 60 million phones worldwide. For now, its high-end Halo Dazen phones are the only ones containing the backdoor, Palo Alto said. Backdoor enabled installation of other apps, dial numbers, send messages, and report back to the mothership. The manufacturer even ran the command-and-control nodes for the malware.
- USB Driveby — dongle that plugs into USB, and tries to root the box. Specifically, when you normally plug in a mouse or keyboard into a machine, no authorization is required to begin using them. The devices can simply begin typing and clicking. We exploit this fact by sending arbitrary keystrokes meant to launch specific applications (via Spotlight/Alfred/Quicksilver), permanently evade a local firewall (Little Snitch), install a reverse shell in crontab, and even modify DNS settings without any additional permissions.
- Physical Data Visualisations — a chronological list of physical visualizations and related artifacts. (via Flowing Data)
- Dissent — an anonymous communication substrate intended primarily for applications built on a broadcast communication model: for example, bulletin boards, wikis, auctions, or voting. Users of an online group obtain cryptographic guarantees of sender and receiver anonymity, message integrity, disruption resistance, proportionality, and location hiding. And a pony.
Rich Text Editing, Structural Visualisation, DDoS Protection, Realtime DDoS Map
- Sir Trevor — nice rich-text editing. Interesting how Markdown has become the way to store formatted text without storing HTML (and thus exposing the CSRF-inducing HTML-escaping stuckfastrophe).
- Slate for Excel — visualising spreadsheet structure. I’d be surprised if it took MSFT or Goog 30 days to acquire them.
- Project Shield — Google project to protect against DDoSes.
- Digital Attack Map — DDoS attacks going on around the world. (via Jim Stogdill)
- RebelMouse — aggregates FB, Twitter, Instagram, G+ content w/Pinboard-like aesthetics. It’s like aggregators we’ve had since 2004, but in this Brave New World we have to authenticate to a blogging service to get our own public posts out in a machine-readable form. 2012: it’s like 2000 but now we have FOUR AOLs! We’ve traded paywalls for graywalls, but the walls are still there. (via Poynter)
- Data Visualization Course Wiki — wiki for Stanford course cs448b, covering visualization with examples and critiques.
- Peristaltic Pump — for your Arduino medical projects, a pump that doesn’t touch the liquid it moves so the liquid can stay sterile.
Why We Make, Kickstarter Stats, Dodgy Domains, and Pretty Pretty Pictures
- Reality Bytes — We make things because that’s how we understand. We make things because that’s how we pass them on, and because everything we have was passed on to us as a made object. We make things in digital humanities because that’s how we interpret and conserve our inheritance. Because that’s how we can make it all anew. Librarians, preservation, digital humanities, and the relationship between digital and physical. Existential threats don’t scare us. We’re librarians.
- Kickstarter Stats — as Andy Baio said, it’s the one Kickstarter feature that competitors won’t be rushing to emulate. Clever way to emphasize their early lead.
- ICANN is Wrong (Dave Winer) — Dave is right to ask why nobody’s questioning the lack of public registration in the new domains. You can understand why, say, the Australia-New Zealand bank wouldn’t let Joe Random register in .anz, but Amazon are proposing to keep domains like .shop, .music, .app for their own products. See all the bidders for the new gTLDs on the ICANN web site.
- The Art of GPS (Daily Mail) — beautiful visualizations of uncommon things, such as the flights that dead bodies make when they’re being repatriated to their home states. Personally, I think they tend too much to the “pretty” and insufficient to the “informative” or “revealing”, but then I’m notorious for being too revealing and insufficiently informative.
- Weave — web-based visualization platform designed to enable visualization of any available data by anyone for any purpose. GPL and MPL-licensed. (via Flowing Data)
- What Silicon Valley Gets Wrong About Math Education Again And Again (Dan Meyer) — nicely said: it’s hard to test true understanding, easy to automate only part of the testing and assessment support for learners.
- mitmproxy — GPLv3-licensed SSL-aware HTTP proxy which lets you snoop on the traffic being sent back to the mothership from apps.
Diego Valle-Jones' interactive map illustrates the toll of Mexico's drug war.
This week's visualization comes from Diego Valle-Jones, who has created a powerful interactive map of the drug-related homicides in Mexico since 2004.