ENTRIES TAGGED "web"
NSA Crypto, Web Traps, Learn by Doing, and Distributed Testing
- On the NSA — intelligent unpacking of what the NSA crypto-weakening allegations mean.
- Overview of the 2013 OWASP Top 10 — rundown of web evil to avoid. (via Ecryption)
- Easy 6502 — teaches 6502 assembler, with an emulator built into the book. This is what programming non-fiction books will look like in the future.
- Kochiku — distributing automated test suites for faster validation in continuous integration.
Big Diner, Fab Future, Browser Crypto, and STEM Crisis Questioned
- In Search of the Optimal Cheeseburger (Hilary Mason) — playing with NYC menu data. There are 5,247 cheeseburgers you can order in Manhattan. Her Ignite talk from Ignite NYC15.
- James Burke Predicting the Future — spoiler: massive disruption from nano-scale personal fabbing.
- The STEM Crisis is a Myth (IEEE Spectrum) — Every year U.S. schools grant more STEM degrees than there are available jobs. When you factor in H-1B visa holders, existing STEM degree holders, and the like, it’s hard to make a case that there’s a STEM labor shortage.
- MegaPWN (GitHub) — Your MEGA master key is supposed to be a secret, but MEGA or anyone else with access to your computer can easily find it without you noticing. Browser crypto is only as secure as the browser and the code it runs.
- When Smart Homes Get Hacked (Forbes) — Insteon’s flaw was worse in that it allowed access to any one via the Internet. The researchers could see the exposed systems online but weren’t comfortable poking around further. I was — but I was definitely nervous about it and made sure I had Insteon users’ permission before flickering their lights.
- A Stick Figure Guide to Advanced Encryption Standard (AES) — exactly what it says.
Fanout Architectures, In-Browser Emulation, Paean to Programmability, and Social Hardware
- Achieving Rapid Response Times in Large Online Services (PDF) — slides from a talk by Jeff Dean on fanout architectures. (via Alex Dong)
- Go Ahead, Mess with Texas Instruments (The Atlantic) — School typically assumes that answers fall neatly into categories of “right” and “wrong.” As a conventional tool for computing “right” answers, calculators often legitimize this idea; the calculator solves problems, gives answers. But once an endorsed, conventional calculator becomes a subversive, programmable computer it destabilizes this polarity. Programming undermines the distinction between “right” and “wrong” by emphasizing the fluidity between the two. In programming, there is no “right” answer. Sure, a program might not compile or run, but making it offers multiple pathways to success, many of which are only discovered through a series of generative failures. Programming does not reify “rightness;” instead, it orients the programmer toward intentional reading, debugging, and refining of language to ensure clarity.
- When A Spouse Puts On Google Glass (NY Times) — Google Glass made me realize how comparably social mobile phones are. [...] People gather around phones to watch YouTube videos or look at a funny tweet together or jointly analyze a text from a friend. With Glass, there was no such sharing.
Autocomplete, Tor Security, News Glitches, Moz Persona
- Tor Users Get Routed (PDF) — research into the security of Tor, with some of its creators as authors. Our results show that Tor users are far more susceptible to compromise than indicated by prior work.
- Glitch News — screencaps from glitches in video news.
- FC4: Persona (Tim Bray) — Mozilla Persona, reminds us just because you’re using a protocol that allows tracking avoidance, that doesn’t mean you’ll get it.
Flexible Layouts, Web Components, Distributed SQL Database, and Reverse-Engineering Dropbox Client
- intention.js — manipulates the DOM via HTML attributes. The methods for manipulation are placed with the elements themselves, so flexible layouts don’t seem so abstract and messy.
- F1: A Distributed SQL Database That Scales — a distributed relational database system built at Google to support the AdWords business. F1 is a hybrid database that combines high availability, the scalability of NoSQL systems like Bigtable, and the consistency and usability of traditional SQL databases. F1 is built on Spanner, which provides synchronous cross-datacenter replication and strong consistency. Synchronous replication implies higher commit latency, but we mitigate that latency by using a hierarchical schema model with structured data types and through smart application design. F1 also includes a fully functional distributed SQL query engine and automatic change tracking and publishing.
- Looking Inside The (Drop)Box (PDF) — This paper presents new and generic techniques, to reverse engineer frozen Python applications, which are not limited to just the Dropbox world. We describe a method to bypass Dropbox’s two factor authentication and hijack Dropbox accounts. Additionally, generic techniques to intercept SSL data using code injection techniques and monkey patching are presented. (via Tech Republic)
Web Broken, Android Ads, Password Cracking, and Adobe Brackets
- Bomb in the Garden (Matthew Butterick) — design excellence is inhibited by two structural flaws in the web. First flaw: the web is good at making information free, but terrible at making it expensive. So the web has had to rely largely on an advertising economy, which is weakening under the strain. Second flaw: the process of adopting and enforcing web standards, as led by the W3C, is hopelessly broken. (via Alex Dong)
- Google’s New Play Store Policies on Ads (The Next Web) — the walls of civilisation holding back the hordes of assclowns. Imagine the behaviour responsible for each of these restrictions.
- Inside Password Cracking (Wired) — how pros go about cracking your password once they have the encrypted hash. (And gosh, how those “but I used numbers and symbols!” passwords fall)
- Brackets (Github) — open source web code editor by Adobe.
- Peruvian Archaeologists Use Drones (Guardian) — Small drones have been helping a growing number of researchers produce three-dimensional models of Peruvian sites instead of the usual flat maps – and in days and weeks instead of months and years.
- Drone Crashes Into Crowd at Great Bull Run (WTVR) — just what it says. (via DIY Drones)
- Let’s Make Robots: BoB — instructions on building a bipedal robot. (via Makezine)
Modern Security Ethics, Punk'd Chinese Cyberwarriors, Web Tracing, and Lightweight Server OS
- White Hat’s Dilemma (Google Docs) — amazeballs preso with lots of tough ethical questions for people in the computer field.
- Chinese Hacking Team Caught Taking Over Decoy Water Plant (MIT Tech Review) — Wilhoit went on to show evidence that other hacking groups besides APT1 intentionally seek out and compromise water plant systems. Between March and June this year, 12 honeypots deployed across eight different countries attracted 74 intentional attacks, 10 of which were sophisticated enough to wrest complete control of the dummy control system.
- Web Tracing Framework — Rich tools for instrumenting, analyzing, and visualizing web apps.
- CoreOS — Linux kernel + systemd. That’s about it. CoreOS has just enough bits to run containers, but does not ship a package manager itself. In fact, the root partition is completely read-only, to guarantee consistency and make updates reliable. Docker-compatible.
Transit and Peering, Quick Web Interfaces, Open Source Licensing, and RC Roach
- Why YouTube Buffers (ArsTechnica) — When asked if ISPs are degrading Netflix and YouTube traffic to steer users toward their own video services, Crawford told Ars that “the very powerful eyeball networks in the US (and particularly Comcast and Time Warner Cable) have ample incentive and ability to protect the IP services in which they have economic interests. Their real goal, however, is simpler and richer. They have enormous incentives to build a moat around their high-speed data networks and charge for entry because data is a very high-margin (north of 95 percent for the cable companies), addictive, utility product over which they have local monopoly control. They have told Wall Street they will do this. Yes, charging for entry serves the same purposes as discrimination in favor of their own VOD [video-on-demand], but it is a richer and blunter proposition for them.”
- Ink — MIT-licensed interface kit for quick development of web interfaces, simple to use and expand on.
- Licensing in a Post-Copyright World — This article is opening up a bit of the history of Open Source software licensing, how it seems to change and what we could do to improve it. Caught my eye: Oracle that relicensed Berkeley DB from BSD to APGLv3 [... effectively changing] the effective license for 106 other packages to AGPLv3 as well.
- RC Cockroaches (Vine) — video from Dale Dougherty of Backyard Brains Bluetooth RoboRoach. (via Dale Dougherty)