Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

December 19 2013

Four short links: 19 December 2013

  1. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis (PDF) — research uses audio from CPU to break GnuPG’s implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
  2. Bitcoin, Magic Thinking, and Political Ideology (Alex Payne) — In other words: Bitcoin represents more of the same short-sighted hypercapitalism that got us into this mess, minus the accountability. No wonder that many of the same culprits are diving eagerly into the mining pool.
  3. Why I Want Bitcoin to Die in a Fire (Charlie Stross) — Like all currency systems, Bitcoin comes with an implicit political agenda attached. Decisions we take about how to manage money, taxation, and the economy have consequences: by its consequences you may judge a finance system. Our current global system is pretty crap, but I submit that Bitcoin is worst. With a list of reasons why Bitcoin is bad, like Stolen electricity will drive out honest mining. (So the greatest benefits accrue to the most ruthless criminals.)
  4. iSeeYou: Disabling the MacBook Webcam Indicator LED — your computer is made up of many computers, each of which can be a threat. This enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non-root) application. The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system. We build two proofs-of-concept: (1) an OS X application, iSeeYou, which demonstrates capturing video with the LED disabled; and (2) a virtual machine escape that launches Terminal.app and runs shell commands. (via Washington Post)

November 08 2013

Four short links: 8 November 2013

  1. An Empirical Study of Cryptographic Misuse in Android Applications (PDF) — We develop program analysis techniques to automatically check programs on the Google Play marketplace, and *find that 10,327 out of 11,748 applications that use cryptographic APIs (88% overall) make at least one mistake.
  2. Introduction to Behaviour Trees — DAGs with codey nodes. Behavior trees replace the often intangible growing mess of state transitions of finite state machines (FSMs) with a more restrictive but also more structured traversal defining approach.
  3. P vs NP Cheat Sheet the space and time Big-O complexities of common algorithms used in Computer Science.
  4. Game Theory and Network Effects in Open Sourcedelicate balance of incentives go into the decision for companies to Open Source or close source their software in the midst of discussions of Nash Equilibria. Enjoy.

September 09 2013

Four short links: 11 September 2013

  1. On the NSA — intelligent unpacking of what the NSA crypto-weakening allegations mean.
  2. Overview of the 2013 OWASP Top 10 — rundown of web evil to avoid. (via Ecryption)
  3. Easy 6502 — teaches 6502 assembler, with an emulator built into the book. This is what programming non-fiction books will look like in the future.
  4. Kochiku — distributing automated test suites for faster validation in continuous integration.

September 08 2013

Four short links: 9 September 2013

  1. How Google’s Defragging Android (Ars Technica) — Android’s becoming a pudgy microkernel for the Google Play Services layer that’s in userland, closed source, and a way to bypass carriers’ lag for upgrades.
  2. Booting a Self-Signed Linux Kernel (Greg Kroah-Hartman) — procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority.
  3. PaperscapeA map of scientific papers from the arXiv.
  4. Trinket — Adafruit’s latest microcontroller board. Small but perfectly formed.

September 05 2013

Four short links: 6 September 2013

  1. In Search of the Optimal Cheeseburger (Hilary Mason) — playing with NYC menu data. There are 5,247 cheeseburgers you can order in Manhattan. Her Ignite talk from Ignite NYC15.
  2. James Burke Predicting the Future — spoiler: massive disruption from nano-scale personal fabbing.
  3. Stanford Javascript Crypto Librarya project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript.
  4. The STEM Crisis is a Myth (IEEE Spectrum) — Every year U.S. schools grant more STEM degrees than there are available jobs. When you factor in H-1B visa holders, existing STEM degree holders, and the like, it’s hard to make a case that there’s a STEM labor shortage.

September 04 2013

Four short links: 4 September 2013

  1. MegaPWN (GitHub) — Your MEGA master key is supposed to be a secret, but MEGA or anyone else with access to your computer can easily find it without you noticing. Browser crypto is only as secure as the browser and the code it runs.
  2. hammer.js (GitHub) — a Javascript library for multitouch gestures.
  3. When Smart Homes Get Hacked (Forbes) — Insteon’s flaw was worse in that it allowed access to any one via the Internet. The researchers could see the exposed systems online but weren’t comfortable poking around further. I was — but I was definitely nervous about it and made sure I had Insteon users’ permission before flickering their lights.
  4. A Stick Figure Guide to Advanced Encryption Standard (AES) — exactly what it says.

August 20 2013

Four short links: 22 August 2013

  1. bletchley (Google Code) — Bletchley is currently in the early stages of development and consists of tools which provide: Automated token encoding detection (36 encoding variants); Passive ciphertext block length and repetition analysis; Script generator for efficient automation of HTTP requests; A flexible, multithreaded padding oracle attack library with CBC-R support.
  2. Hackers of the RenaissanceFour centuries ago, information was as tightly guarded by intellectuals and their wealthy patrons as it is today. But a few episodes around 1600 confirm that the Hacker Ethic and its attendant emphasis on open-source information and a “hands-on imperative” was around long before computers hit the scene. (via BoingBoing)
  3. Maker Camp 2013: A Look Back (YouTube) — This summer, over 1 million campers made 30 cool projects, took 6 epic field trips, and met a bunch of awesome makers.
  4. huxley (Github) — Watches you browse, takes screenshots, tells you when they change. Huxley is a test-like system for catching visual regressions in Web applications. (via Alex Dong)

August 07 2013

Four short links: 7 August 2013

  1. Toxic Behaviouronly 5% of toxic behavior comes from toxic people; 77% of it comes from people who are usually good.
  2. More Encryption Is Not The Solution (Poul-Henning Kamp) — To an intelligence agency, a well-thought-out weakness can easily be worth a cover identity and five years of salary to a top-notch programmer. Anybody who puts in five good years on an open source project can get away with inserting a patch that “on further inspection might not be optimal.”
  3. On Location With Foursquare (Anil Dash) — Foursquare switched from primarily being concerned with the game-based rewards around engagement and the recording of people’s whereabouts to a broader mission that builds on that base to be about location as a core capability of the Internet.
  4. The Flipped Flipped Classroomthe “exploration first” model is a better way to learn. You cannot have the answers before you think of the questions. (via Karl Fisch)

August 05 2013

Four short links: 5 August 2013

  1. EP245 Downloads — class materials from the Udacity “How to Build a Startup” course.
  2. scrz.io — easy container deployment.
  3. The Factoring Dead: Preparing for the Cryptopocalypse — how RSA and Diffie-Helman crypto might be useless in the next few years.
  4. How to Design Programs — 2ed text is a work-in-progress.

July 27 2013

Four short links: 29 July 2013

  1. Applied Practical Cryptography — technical but readable article with lots of delicious lines. They’re a little magical, in the same sense that ABS brakes were magical in the 1970s and Cloud applications share metal with strangers, and thus attackers, who will gladly spend $40 to co-host themselves with a target and The conservative approach is again counterintuitive to developers, to whom hardcoding anything is like simony.
  2. Nukemap — interactive visualization of the fallout damage from a nuclear weapon. Now we can all be the scary 1970s “this is what it would look like if [big town] were nuked” documentaries that I remember growing up with. I love interactives for learning the contours of a problem, and making it real and personal in a way that a static visualization cannot. WIN. See also the creator’s writeup.
  3. Legalising WeedChuck, a dealer who switched from selling weed in California to New York and quadrupled his income, told WNYC, “There’s plenty of weed in New York. There’s just an illusion of scarcity, which is part of what I’m capitalizing on. Because this is a black market business, there’s insufficient information for customers.” Invisible economies are frequently inefficient, disrupted by moving online and made market-sense efficient.
  4. Can Software That Predicts Crime Pass Constitutional Muster? (NPR) — “I think most people are gonna defer to the black box,” he says. “Which means we need to focus on what’s going into that black box, how accurate it is, and what transparency and accountability measures we have [for] it.”

July 12 2013

Four short links: 12 July 2013

  1. How Well Does Name Analysis Work? (Pete Warden) — explanation of how those “turn a name into gender/ethnicity/etc” routines work, and how accurate they are. Age has the weakest correlation with names. There are actually some strong patterns by time of birth, with certain names widely recognized as old-fashioned or trendy, but those tend to be swamped by class and ethnicity-based differences in the popularity of names.
  2. Old Interfaces — a lazy-scrolling interface to Andy Baio’s collection of faux UIs from movies. (via Andy Baio)
  3. Pidder — browser-crypto’d social network, address book, messaging, RSS reader, and more.
  4. What I Learned From Researching Almost Every Single Smart Watch That Has Been Rumoured or Announced (Quartz) — interesting roundup of the different display technologies used in each of the smartwatches.

April 19 2013

Four short links: 19 April 2013

  1. Bruce Sterling on DisruptionIf more computation, and more networking, was going to make the world prosperous, we’d be living in a prosperous world. And we’re not. Obviously we’re living in a Depression. Slow first 25% but then it takes fire and burns with the heat of a thousand Sun Microsystems flaming out. You must read this now.
  2. The Matasano Crypto Challenges (Maciej Ceglowski) — To my delight, though, I was able to get through the entire sequence. It took diligence, coffee, and a lot of graph paper, but the problems were tractable. And having completed them, I’ve become convinced that anyone whose job it is to run a production website should try them, particularly if you have no experience with application security. Since the challenges aren’t really documented anywhere, I wanted to describe what they’re like in the hopes of persuading busy people to take the plunge.
  3. Tachyona fault tolerant distributed file system enabling reliable file sharing at memory-speed across cluster frameworks, such as Spark and MapReduce. Berkeley-licensed open source.
  4. Jammit (GitHub) — an industrial strength asset packaging library for Rails, providing both the CSS and JavaScript concatenation and compression that you’d expect, as well as YUI Compressor, Closure Compiler, and UglifyJS compatibility, ahead-of-time gzipping, built-in JavaScript template support, and optional Data-URI / MHTML image and font embedding. (via Joseph Misiti)

June 13 2012

Four short links: 13 June 2012

  1. Warren Buffett Lessons -- nice anthology of quotes, reordered into almost a narrative on different topics. (via Rowan Simpson)
  2. Silent Circle -- Phil Zimmermann's new startup, encrypting phone calls for iPhone and Android for $20/month. "I'm not going to apologize for the cost," Zimmermann told CNET, adding that the final price has not been set. "This is not Facebook. Our customers are customers. They're not products. They're not part of the inventory." (via CNET)
  3. New HTTP Code for "Legally Restricted" -- it's status code 451.
  4. PeerJ -- changing the business model for academic publishing: instead of charging you each time you publish, we ask for a single one off payment, giving you the lifetime right to publish articles with us, and to make those articles freely available. Lifetime plans start at just $99. O'Reilly a happy investor.

November 30 2011

October 28 2011

Four short links: 28 October 2011

  1. Open Access Week -- a global event promoting Open Access as a new norm in scholarship and research.
  2. The Copiale Cipher -- cracking a historical code with computers. Details in the paper: The book describes the initiation of "DER CANDIDAT" into a secret society, some functions of which are encoded with logograms. (via Discover Magazine)
  3. Coordino -- open source Quota-like question-and-answer software. (via Smashing Magazine)
  4. Baroque.me -- visualization of the first prelude from the first Cello Suite by Bach. Music is notoriously difficult to visualize (Disney's Fantasia is the earliest attempt that I know of) as there is so much it's possible to capture. (via Andy Baio)

June 02 2011

April 12 2011

Four short links: 12 April 2011

  1. The Email Game -- game mechanics to get you answering email more efficiently. Can't wait to hear that conversation with corporate IT. "You want us to install what on the Exchange server?" (via Demo Day Wrapup)
  2. Stratified B-trees and versioning dictionaries -- A classic versioned data structure in storage and computer science is the copy-on-write (CoW) B-tree -- it underlies many of today's file systems and databases, including WAFL, ZFS, Btrfs and more. Unfortunately, it doesn't inherit the B-tree's optimality properties; it has poor space utilization, cannot offer fast updates, and relies on random IO to scale. Yet, nothing better has been developed since. We describe the `stratified B-tree', which beats all known semi-external memory versioned B-trees, including the CoW B-tree. In particular, it is the first versioned dictionary to achieve optimal tradeoffs between space, query and update performance. (via Bob Ippolito)
  3. DisplayCabinet (Ben Bashford) -- We embedded a group of inanimate ornamental objects with RFID tags. Totems or avatars that represent either people, products or services. We also added RFID tags to a set of house keys and a wallet. Functional things that you carry with you. This group of objects combine with a set of shelves containing a hidden projector and RFID reader to become DisplayCabinet. (via Chris Heathcote)
  4. shairport -- Aussie pulled the encryption keys from an Airport Express device, so now you can have software pretend to be an Airport Express.

December 30 2010

Four short links: 30 December 2010

  1. Groupon Editorial Manual (Scribd) -- When introducing something nonsensical (fake history, mixed metaphors), don't wink at the reader to let them in on the joke. Don't call it out with quotes, parenthesis, or any other narrative device. Speak your ignorance with total authority. Assert it as fact. This is how you can surprise the reader. If you call out your joke, even in a subtle way, it spoils the surprise. Think of yourself as an objective, confident, albeit totally unqualified and frequently blatantly ignorant voice speaking at a panel you shouldn't have been invited to. It's interesting to see a quirky voice encoded in rules. Corporates obviously need this, to scale and to ensure consistency between staff, whereas in startups it emerges through the unique gifts and circumstance of employees (think Flickr's Friendly Hipster voice). (via Brady Forrest on Twitter)
  2. Deloitte Corporate gTLD (Slideshare) -- Deloitte one of the early bidders to buy their own top-level domain as a branding move. The application fee alone is $185,000.
  3. Haikuleaks -- automated finder of haiku from within the wikileaked cables. (via Andy Baio on Twitter)
  4. PS3 Code-signing Key Broken -- the private keys giving Sony a monopoly on distributing games for the PS3 have been broken. Claimed to be to let Linux run on the boxes, rather than pirated games. Remains to be seen whether the experience of the PS3 user will become richer for the lack of Sony gatekeeping. There's even a key generator now. (via Hacker News)

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl