Links for 2015-04-17

Posted in Uncategorized | Leave a comment

Links for 2015-04-16

  • Extracting Structured Data From Recipes Using Conditional Random Fields

    nice probabilistic/ML approach to recipe parsing

    (tags: nytimes recipes parsing text nlp machine-learning probabilistic crf++ algorithms feature-extraction)

  • Large-scale cluster management at Google with Borg

    Google’s Borg system is a cluster manager that runs hundreds of thousands of jobs, from many thousands of different applications, across a number of clusters each with up to tens of thousands of machines. It achieves high utilization by combining admission control, efficient task-packing, over-commitment, and machine sharing with process-level performance isolation. It supports high-availability applications with runtime features that minimize fault-recovery time, and scheduling policies that reduce the probability of correlated failures. Borg simplifies life for its users by offering a declarative job specification language, name service integration, real-time job monitoring, and tools to analyze and simulate system behavior. We present a summary of the Borg system architecture and features, important design decisions, a quantitative analysis of some of its policy decisions, and a qualitative examination of lessons learned from a decade of operational experience with it.
    (via Conall)

    (tags: via:conall clustering google papers scale to-read borg cluster-management deployment packing reliability redundancy)

  • Keeping Your Car Safe From Electronic Thieves –

    In a normal scenario, when you walk up to a car with a keyless entry and try the door handle, the car wirelessly calls out for your key so you don’t have to press any buttons to get inside. If the key calls back, the door unlocks. But the keyless system is capable of searching for a key only within a couple of feet. Mr. Danev said that when the teenage girl turned on her device, it amplified the distance that the car can search, which then allowed my car to talk to my key, which happened to be sitting about 50 feet away, on the kitchen counter. And just like that, open sesame.
    What the hell — who designed a system that would auto-unlock based on signal strength alone?!!

    (tags: security fail cars keys signal proximity keyless-entry prius toyota crime amplification power-amplifiers 3db keyless)

  • Closed access means people die

    ‘We’ve paid 100 BILLION USD over the last 10 years to “publish” science and medicine. Ebola is a massive systems failure.’ See also : ‘The conventional wisdom among public health authorities is that the Ebola virus, which killed at least 10,000 people in Liberia, Sierra Leone and Guinea, was a new phenomenon, not seen in West Africa before 2013. [...] But, as the team discovered, that “conventional wisdom” was wrong. In fact, they found a bunch of studies, buried behind research paywalls, that revealed that there was significant evidence of antibodies to the Ebola virus in Liberia and in other nearby nations. There was one from 1982 that noted: “medical personnel in Liberian health centers should be aware of the possibility that they may come across active cases and thus be prepared to avoid nosocomial epidemics.”

    (tags: deaths liberia ebola open-access papers elsevier science medicine reprints)

  • Making Pinterest — Learn to stop using shiny new things and love MySQL

    ‘The third reason people go for shiny is because older tech isn’t advertised as aggressively as newer tech. The younger companies needs to differentiate from the old guard and be bolder, more passionate and promise to fulfill your wildest dreams. But most new tech sales pitches aren’t generally forthright about their many failure modes. In our early days, we fell into this third trap. We had a lot of growing pains as we scaled the architecture. The most vocal and excited database companies kept coming to us saying they’d solve all of our scalability problems. But nobody told us of the virtues of MySQL, probably because MySQL just works, and people know about it.’ It’s true! — I’m still a happy MySQL user for some use cases, particularly read-mostly relational configuration data…

    (tags: mysql storage databases reliability pinterest architecture)

  • Microservices and elastic resource pools with Amazon EC2 Container Service

    interesting approach to working around ECS’ shortcomings — bit specific to Hailo’s microservices arch and IPC mechanism though. aside: I like their version numbering scheme: ISO-8601, YYYYMMDDHHMMSS. keep it simple!

    (tags: versioning microservices hailo aws ec2 ecs docker containers scheduling allocation deployment provisioning qos)

  • Please Kill Me (Eventually) | Motherboard

    There is much that the wise application of technology can do to help us ease off this mortal coil, instead of tormenting ourselves at the natural end of life in a futile, undignified and excruciating attempt to keep it somehow duct-taped on. Train more people in geriatrics, for example. Learn new ways to make life safe, healthy, fun and interesting for the old. Think like a community, a brotherhood, not like atomized competing individuals a few of whom can somehow “beat the system” of the universe. Maybe it is better to examine clearly what we are with a view to understanding and acceptance than it is to try to escape what perhaps should be our inevitable ending.

    (tags: death mortality cryogenics alcor geriatrics life singularity mind-uploading ray-kurzweil)

  • CGA in 1024 Colors – a New Mode: the Illustrated Guide

    awesome hackery. brings me back to my C=64 demo days

    (tags: pc cga graphics hacks art 1024-colours)

Posted in Uncategorized | Leave a comment

Links for 2015-04-15

  • Keywhiz

    ‘a secret management and distribution service [from Square] that is now available for everyone. Keywhiz helps us with infrastructure secrets, including TLS certificates and keys, GPG keyrings, symmetric keys, database credentials, API tokens, and SSH keys for external services — and even some non-secrets like TLS trust stores. Automation with Keywhiz allows us to seamlessly distribute and generate the necessary secrets for our services, which provides a consistent and secure environment, and ultimately helps us ship faster. [...] Keywhiz has been extremely useful to Square. It’s supported both widespread internal use of cryptography and a dynamic microservice architecture. Initially, Keywhiz use decoupled many amalgamations of configuration from secret content, which made secrets more secure and configuration more accessible. Over time, improvements have led to engineers not even realizing Keywhiz is there. It just works. Please check it out.’

    (tags: square security ops keys pki key-distribution key-rotation fuse linux deployment secrets keywhiz)

Posted in Uncategorized | Leave a comment

Links for 2015-04-14

Posted in Uncategorized | Leave a comment

Links for 2015-04-13

  • Amazon Machine Learning

    Upsides of this new AWS service: * great UI and visualisations. * solid choice of metric to evaluate the results. Maybe things moved on since I was working on it, but the use of AUC, false positives and false negatives was pretty new when I was working on it. (er, 10 years ago!) Downsides: * it could do with more support for unsupervised learning algorithms. Supervised learning means you need to provide training data, which in itself can be hard work. My experience with logistic regression in the past is that it requires very accurate training data, too — its tolerance for misclassified training examples is poor. * Also, in my experience, 80% of the hard work of using ML algorithms is writing good tokenisation and feature extraction algorithms. I don’t see any help for that here unfortunately. (probably not that surprising as it requires really detailed knowledge of the input data to know what classes can be abbreviated into a single class, etc.)

    (tags: amazon aws ml machine-learning auc data-science)

  • Rob Pike’s 5 rules of optimization

    these are great. I’ve run into rule #3 (“fancy algorithms are slow when n is small, and n is usually small”) several times…

    (tags: twitter rob-pike via:igrigorik coding rules laws optimization performance algorithms data-structures aphorisms)

  • AWS Lambda Event-Driven Architecture With Amazon SNS

    Any message posted to an SNS topic can trigger the execution of custom code you have written, but you don’t have to maintain any infrastructure to keep that code available to listen for those events and you don’t have to pay for any infrastructure when the code is not being run. This is, in my opinion, the first time that Amazon can truly say that AWS Lambda is event-driven, as we now have a central, independent, event management system (SNS) where any authorized entity can trigger the event (post a message to a topic) and any authorized AWS Lambda function can listen for the event, and neither has to know about the other.

    (tags: aws ec2 lambda sns events cep event-processing coding cloud hacks eric-hammond)

  • Texting at the wheel kills more US teenagers every year than drink-driving

    Texting while behind the wheel has overtaken drink driving as the biggest cause of death among teenagers in America. More than 3,000 teenagers are killed every year in car crashes caused by texting while driving compared to 2,700 from drink driving. The study by Cohen Children’s Medical Center also discovered that 50 per cent of students admit to texting while driving.

    (tags: texting sms us driving car-safety safety drink-driving)

  • China’s Great Cannon

    Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China’s policy ends.  The repurposing of the devices of unwitting users in foreign jurisdictions for covert attacks in the interests of one country’s national priorities is a dangerous precedent — contrary to international norms and in violation of widespread domestic laws prohibiting the unauthorized use of computing and networked systems.

    (tags: censorship ddos internet security china great-cannon citizen-lab reports web)

  • Sirius: An open end-to-end voice and vision personal assistant and its implications for future warehouse scale computers

    How to build an Intelligent Personal Assistant: ‘Sirius is an open end-to-end standalone speech and vision based intelligent personal assistant (IPA) similar to Apple’s Siri, Google’s Google Now, Microsoft’s Cortana, and Amazon’s Echo. Sirius implements the core functionalities of an IPA including speech recognition, image matching, natural language processing and a question-and-answer system. Sirius is developed by Clarity Lab at the University of Michigan. Sirius is published at the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) 2015.’

    (tags: sirius siri cortana google-now echo ok-google ipa assistants search video audio speech papers clarity nlp wikipedia)

  • Why We Will Not Be Registering easyDNS.SUCKS –

    If you’re not immersed in the naming business you may find the jargon in it hard to understand. The basic upshot is this: the IPC believes that the mechanisms that were enacted to protect trademark holders during the deluge of new TLD rollouts are being gamed by the .SUCKS TLD operator to extort inflated fees from trademark holders.
    (via Nelson)

    (tags: shakedown business internet domains dns easydns dot-sucks scams tlds trademarks ip)

Posted in Uncategorized | Leave a comment

Links for 2015-04-12

Posted in Uncategorized | Leave a comment

Links for 2015-04-11

Posted in Uncategorized | Leave a comment

Links for 2015-04-10

  • Hacked French network exposed its own passwords during TV interview


    (tags: passwords post-its fail tv5monde authentication security tv funny)

  • RADStack – an open source Lambda Architecture built on Druid, Kafka and Samza

    ‘In this paper we presented the RADStack, a collection of complementary technologies that can be used together to power interactive analytic applications. The key pieces of the stack are Kafka, Samza, Hadoop, and Druid. Druid is designed for exploratory analytics and is optimized for low latency data exploration, aggregation, and ingestion, and is well suited for OLAP workflows. Samza and Hadoop complement Druid and add data processing functionality, and Kafka enables high throughput event delivery.’

    (tags: druid samza kafka streaming cep lambda-architecture architecture hadoop big-data olap)

  • outbrain/gruffalo

    an asynchronous Netty based graphite proxy. It protects Graphite from the herds of clients by minimizing context switches and interrupts; by batching and aggregating metrics. Gruffalo also allows you to replicate metrics between Graphite installations for DR scenarios, for example. Gruffalo can easily handle a massive amount of traffic, and thus increase your metrics delivery system availability. At Outbrain, we currently handle over 1700 concurrent connections, and over 2M metrics per minute per instance.

    (tags: graphite backpressure metrics outbrain netty proxies gruffalo ops)

  • Privacy Security Talk in TOG – 22nd April @ 7pm – FREE

    Dublin is lucky enough to have great speakers pass through town on occasion and on Wednesday the 22nd April 2015, Runa A. Sandvik (@runasand) and Per Thorsheim (@thorsheim) have kindly offered to speak in TOG from 7pm. The format for the evening is a general meet and greet, but both speakers have offered to give a presentation on a topic of their choice. Anyone one interested in privacy, security, journalism, Tor and/or has previously attended a CryptoParty would be wise to attend. Doors are from 7pm and bring any projects with you you would like to share with other attendees. This is a free event, open to the public and no need to book. See you Wednesday. Runa A. Sandvik is an independent privacy and security researcher, working at the intersection of technology, law and policy. She contributes to The Tor Project, writes for Forbes, and is a technical advisor to both the Freedom of the Press Foundation and the TrueCrypt Audit project. Per Thorsheim as founder/organizer of, his topic of choice is of course passwords, but in a much bigger context than most people imagine. Passwords, pins, biometrics, 2-factor authentication, security/usability and all the way into surveillance and protecting your health, kids and life itself.

    (tags: privacy security runa-sandvik per-thorsheim passwords tor truecrypt tog via:oisin events dublin)

Posted in Uncategorized | Leave a comment

Links for 2015-04-09

Posted in Uncategorized | Leave a comment

Links for 2015-04-08

Posted in Uncategorized | Leave a comment

Links for 2015-04-07

Posted in Uncategorized | 2 Responses

Links for 2015-04-06

Posted in Uncategorized | Leave a comment

Links for 2015-04-04

Posted in Uncategorized | Leave a comment

Links for 2015-04-03

  • Twitter’s new anti-harassment filter

    Twitter is calling it a “quality filter,” and it’s been rolling out to verified users running Twitter’s iOS app since last week. It appears to work much like a spam filter, except instead of hiding bots and copy-paste marketers, it screens “threats, offensive language, [and] duplicate content” out of your notifications feed.
    via Nelson

    (tags: via:nelson harassment spam twitter gamergame abuse ml)

  • 5% of Google visitors have ad-injecting malware installed

    Ad injectors were detected on all operating systems (Mac and Windows), and web browsers (Chrome, Firefox, IE) that were included in our test. More than 5% of people visiting Google sites have at least one ad injector installed. Within that group, half have at least two injectors installed and nearly one-third have at least four installed.
    via Nelson.

    (tags: via:nelson ads google chrome ad-injectors malware scummy)

  • On Ruby

    The horrors of monkey-patching:

    I call out the Honeybadger gem specifically because was the most recent time I’d been bit by a seemingly good thing promoted in the community: monkey patching third party code. Now I don’t fault Honeybadger for making their product this way. It provides their customers with direct business value: “just require ‘honeybadger’ and you’re done!” I don’t agree with this sort of practice. [....] I distrust everything [in Ruby] but a small set of libraries I’ve personally vetted or are authored by people I respect. Why is this important? Without a certain level of scrutiny you will introduce odd and hard to reproduce bugs. This is especially important because Ruby offers you absolutely zero guarantee whatever the state your program is when a given method is dispatched. Constants are not constants. Methods can be redefined at run time. Someone could have written a time sensitive monkey patch to randomly undefined methods from anything in ObjectSpace because they can. This example is so horribly bad that no one should every do, but the programming language allows this. Much worse, this code be arbitrarily inject by some transitive dependency (do you even know what yours are?).

    (tags: ruby monkey-patching coding reliability bugs dependencies libraries honeybadger sinatra)

Posted in Uncategorized | Comments closed

Links for 2015-04-02

Posted in Uncategorized | Comments closed

Links for 2015-04-01

Posted in Uncategorized | Comments closed

Links for 2015-03-31

Posted in Uncategorized | Comments closed

Links for 2015-03-30

Posted in Uncategorized | Comments closed

Links for 2015-03-28

Posted in Uncategorized | Comments closed

Links for 2015-03-27

Posted in Uncategorized | Comments closed

Links for 2015-03-26

Posted in Uncategorized | Comments closed

Links for 2015-03-25

Posted in Uncategorized | Comments closed

Links for 2015-03-24

Posted in Uncategorized | Comments closed

Links for 2015-03-23

Posted in Uncategorized | Comments closed

Links for 2015-03-22

Posted in Uncategorized | Comments closed

Links for 2015-03-20

Posted in Uncategorized | Comments closed

Links for 2015-03-19

  • Stairs to nowhere, trap streets, and other Toronto oddities

    ‘There’s a set of stairs on Greenwood Avenue that lead nowhere. At the top, a wooden fence at the end of someone’s back yard blocks any further movement, forcing the climber to turn around and descend back to the street. What’s remarkable about the pointless Greenwood stairs, which were built in 1959 as a shortcut to a now-demolished brickyard, is that someone still routinely maintains them: in winter, some kindly soul deposits a scattering of salt lest one of the stairs’ phantom users slip; in summer someone comes with a broom to sweep away leaves. These urban leftovers are lovingly called “Thomassons” after Gary Thomasson, a former slugger for the San Francisco Giants, Oakland As, Yankees, Dodgers, and, most fatefully, the Yomiuri Giants in Tokyo.’

    (tags: trap-streets maps ip google via:bldgblog mapping copyright thomassons orphaned-roads)

Posted in Uncategorized | Comments closed

Links for 2015-03-18

  • President’s message gets lost in (automated) translation

    In a series of bizarre translations, YouTube’s automated translation service took artistic licence with the [President's] words of warmth. When the head of state sent St Patrick’s Day greetings to viewers, the video sharing site said US comedian Tina Fey was being “particular with me head”. As President Higgins spoke of his admiration for Irish emigrants starting new communities abroad, YouTube said the President referenced blackjack and how he “just couldn’t put the new iPhone” down. And, in perhaps the most unusual moment, as he talked of people whose hearts have sympathy, the President “explained” he was once on a show “that will bar a gift card”.
    (via Daragh O’Brien)

    (tags: lol president ireland michael-d-higgins automation translation machine-learning via:daraghobrien funny blackjack iphone tina-fey st-patrick fail)

  • Irish government under fire for turning its back on basic research : Nature News & Comment

    Pretty much ALL of Ireland’s research scientists have put their names to an open letter to the Irish government, decrying the state of science funding, published this week in “Nature”. ‘Although total spending on research and development grew through the recession, helped by foreign investments, Ireland’s government has cut state spending on research (see ‘Celtic tiger tamed’). It also prioritized grants in 14 narrow areas — ones in which either large global markets exist, or in which Irish companies are competitive. These include marine renewable energy, smart grids, medical devices and computing. The effect has been to asphyxiate the many areas of fundamental science — including astrophysics, particle physics and areas of the life sciences — that have been deprived of funding, several researchers in Ireland told Nature. “The current policies are having a very significant detrimental effect on the health and viability of the Irish scientific ecosystem,” says Kevin Mitchell, a geneticist who studies the basis of neurological disorders at Trinity College Dublin. “Research that cannot be shoehorned into one of the 14 prioritized areas has been ineligible for most funding,” he says.’ That’s another fine mess Sean Sherlock has gotten us into :(

    (tags: sean-sherlock fail ireland research government funding grants science tcd kevin-mitchell life-sciences nature)

  • Mars One finalist Dr. Joseph Roche rips into the project

    So, here are the facts as we understand them: Mars One has almost no money. Mars One has no contracts with private aerospace suppliers who are building technology for future deep-space missions. Mars One has no TV production partner. Mars One has no publicly known investment partnerships with major brands. Mars One has no plans for a training facility where its candidates would prepare themselves. Mars One’s candidates have been vetted by a single person, in a 10-minute Skype interview. “My nightmare about it is that people continue to support it and give it money and attention, and it then gets to the point where it inevitably falls on its face,” said Roche. If, as a result, “people lose faith in NASA and possibly even in scientists, then that’s the polar opposite of what I’m about. If I was somehow linked to something that could do damage to the public perception of science, that is my nightmare scenario.”

    (tags: science space mars-one tcd joseph-roche nasa mars exploration scams)

Posted in Uncategorized | Comments closed

Links for 2015-03-17

Posted in Uncategorized | Comments closed

Links for 2015-03-13

  • demonstration of the importance of server-side request timeouts

    from MongoDB, but similar issues often apply in many other TCP/HTTP-based systems

    (tags: tcp http requests timeout mongodb reliability safety)

  • Heka

    an open source stream processing software system developed by Mozilla. Heka is a “Swiss Army Knife” type tool for data processing, useful for a wide variety of different tasks, such as: Loading and parsing log files from a file system. Accepting statsd type metrics data for aggregation and forwarding to upstream time series data stores such as graphite or InfluxDB. Launching external processes to gather operational data from the local system. Performing real time analysis, graphing, and anomaly detection on any data flowing through the Heka pipeline. Shipping data from one location to another via the use of an external transport (such as AMQP) or directly (via TCP). Delivering processed data to one or more persistent data stores.
    Via feylya on twitter. Looks potentially nifty

    (tags: heka mozilla monitoring metrics via:feylya ops statsd graphite stream-processing)

Posted in Uncategorized | Comments closed

Links for 2015-03-12

Posted in Uncategorized | Comments closed

Links for 2015-03-11

Posted in Uncategorized | Comments closed

Links for 2015-03-10

  • Epsilon Interactive breach the Fukushima of the Email Industry (CAUCE)

    Upon gaining access to an ESP, the criminals then steal subscriber data (PII such as names, addresses, telephone numbers and email addresses, and in one case, Vehicle Identification Numbers). They then use ESPs’ mailing facility to send spam; to monetize their illicit acquisition, the criminals have spammed ads for fake Adobe Acrobat and Skype software. On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially.  Email lists of at least eight financial institutions were stolen.  Thus far, puzzlingly, Epsilon has refused to release the names  of compromised clients. [...] The obvious issue at hand is the ability of the thieves to now undertake targeted spear-phishing problem as critically serious as it could possibly be.

    (tags: cauce epsilon-interactive esp email pii data-protection spear-phishing phishing identity-theft security ads)

  • In Ukraine, Tomorrow’s Drone War Is Alive Today

    Drones, hackerspaces and crowdfunding:

    The most sophisticated UAV that has come out of the Ukrainian side since the start of the conflict is called the PD-1 from developer Igor Korolenko. It has a wingspan of nearly 10 feet, a five-hour flight time, carries electro-optical and infrared sensors as well as a video camera that broadcasts on a 128 bit encrypted channel. Its most important feature is the autopilot software that allows the drone to return home in the event that the global positioning system link is jammed or lost. Drone-based intelligence gathering is often depicted as risk-free compared to manned aircraft or human intelligence gathering, but, says Korolenko, if the drone isn’t secure or the signature is too obvious, the human coasts can be very, very high. “Russian military sometimes track locations of ground control stations,” he wrote Defense One in an email. “Therefore UAV squads have to follow certain security measures – to relocate frequently, to move out antennas and work from shelter, etc. As far as I know, two members of UAV squads were killed from mortar attacks after [their] positions were tracked by Russian electronic warfare equipment.”
    (via bldgblog)

    (tags: via:bldgblog war drones uav future ukraine russia tech aircraft pd-1 crowdfunding)

  • Javascript Acid Machine

    a 303 and an 808 in your browser. this is deadly

    (tags: acid 303 music javascript hacks via:hn techno)

Posted in Uncategorized | Comments closed

Links for 2015-03-09

  • Ubuntu To Officially Switch To systemd Next Monday – Slashdot

    Jesus. This is going to be the biggest shitfest in the history of Linux…

    (tags: linux slashdot ubuntu systemd init unix ops)

  • uselessd

    A project to reduce systemd to a base initd, process supervisor and transactional dependency system, while minimizing intrusiveness and isolationism. Basically, it’s systemd with the superfluous stuff cut out, a (relatively) coherent idea of what it wants to be, support for non-glibc platforms and an approach that aims to minimize complicated design. uselessd is still in its early stages and it is not recommended for regular use or system integration.
    This may be the best option to evade the horrors of systemd.

    (tags: init linux systemd unix ops uselessd)

  • Japan’s Robot Dogs Get Funerals as Sony Looks Away

    in July 2014, [Sony's] repairs [of Aibo robot dogs] stopped and owners were left to look elsewhere for help. The Sony stiff has led not only to the formation of support groups–where Aibo enthusiasts can share tips and help each other with repairs–but has fed the bionic pet vet industry. “The people who have them feel their presence and personality,” Nobuyuki Narimatsu, director of A-Fun, a repair company for robot dogs, told AFP. “So we think that somehow, they really have souls.” While concerted repair efforts have kept many an Aibo alive, a shortage of spare parts means that some of their lives have come to an end.

    (tags: sony aibo robots japan dogs pets weird future badiotday iot gadgets)

  • “Cuckoo Filter: Practically Better Than Bloom”

    ‘We propose a new data structure called the cuckoo filter that can replace Bloom filters for approximate set membership tests. Cuckoo filters support adding and removing items dynamically while achieving even higher performance than Bloom filters. For applications that store many items and target moderately low false positive rates, cuckoo filters have lower space overhead than space-optimized Bloom filters. Our experimental results also show that cuckoo filters outperform previous data structures that extend Bloom filters to support deletions substantially in both time and space.’

    (tags: algorithms paper bloom-filters cuckoo-filters cuckoo-hashing data-structures false-positives big-data probabilistic hashing set-membership approximation)

  • Amazing cutting from Vanity Fair, 1896, for International Women’s Day

    “The sisters make a pretty picture on the platform ; but it is not women of their type who need to assert themselves over Man. However, it amuses them–and others ; and I doubt if the tyrant has much to fear from their little arrows.” Constance Markievicz was one of those sisters, and the other was Eva Gore-Booth.

    (tags: markievicz history ireland sligo vanity-fair 19th-century dismissal sexism iwd women)

  • Anatomy of a Hack

    Authy doesn’t come off well here: ‘Authy should have been harder to break. It’s an app, like Authenticator, and it never left Davis’ phone. But Eve simply reset the app on her phone using a address and a new confirmation code, again sent by a voice call. A few minutes after 3AM, the Authy account moved under Eve’s control.’

    (tags: authy security hacking mfa authentication google apps exploits)

  • Ask the Decoder: Did I sign up for a global sleep study?

    How meaningful is this corporate data science, anyway? Given the tech-savvy people in the Bay Area, Jawbone likely had a very dense sample of Jawbone wearers to draw from for its Napa earthquake analysis. That allowed it to look at proximity to the epicenter of the earthquake from location information. Jawbone boasts its sample population of roughly “1 million Up wearers who track their sleep using Up by Jawbone.” But when looking into patterns county by county in the U.S., Jawbone states, it takes certain statistical liberties to show granularity while accounting for places where there may not be many Jawbone users. So while Jawbone data can show us interesting things about sleep patterns across a very large population, we have to remember how selective that population is. Jawbone wearers are people who can afford a $129 wearable fitness gadget and the smartphone or computer to interact with the output from the device. Jawbone is sharing what it learns with the public, but think of all the public health interests or other third parties that might be interested in other research questions from a large scale data set. Yet this data is not collected with scientific processes and controls and is not treated with the rigor and scrutiny that a scientific study requires. Jawbone and other fitness trackers don’t give us the option to use their devices while opting out of contributing to the anonymous data sets they publish. Maybe that ought to change.

    (tags: jawbone privacy data-protection anonymization aggregation data medicine health earthquakes statistics iot wearables)

  • Pinterest’s highly-available configuration service

    Stored on S3, update notifications pushed to clients via Zookeeper

    (tags: s3 zookeeper ha pinterest config storage)

  • A Journey into Microservices | Hailo Tech Blog

    Excellent three-parter from Hailo, describing their RabbitMQ+Go-based microservices architecture. Very impressive!

    (tags: hailo go microservices rabbitmq amqp architecture blogs)

  • soundcloud/lhm

    The Large Hadron Migrator is a tool to perform live database migrations in a Rails app without locking.

    The basic idea is to perform the migration online while the system is live, without locking the table. In contrast to OAK and the facebook tool, we only use a copy table and triggers. The Large Hadron is a test driven Ruby solution which can easily be dropped into an ActiveRecord or DataMapper migration. It presumes a single auto incremented numerical primary key called id as per the Rails convention. Unlike the twitter solution, it does not require the presence of an indexed updated_at column.

    (tags: migrations database sql ops mysql rails ruby lhm soundcloud activerecord)

  • Biased Locking in HotSpot (David Dice’s Weblog)

    This is pretty nuts. If biased locking in the HotSpot JVM is causing performance issues, it can be turned off:

    You can avoid biased locking on a per-object basis by calling System.identityHashCode(o). If the object is already biased, assigning an identity hashCode will result in revocation, otherwise, the assignment of a hashCode() will make the object ineligible for subsequent biased locking.

    (tags: hashcode jvm java biased-locking locking mutex synchronization locks performance)

Posted in Uncategorized | Comments closed

Links for 2015-03-07

  • A Zero-Administration Amazon Redshift Database Loader – AWS Big Data Blog


    (tags: lambda amazon aws redshift etl)

  • Archie Markup Language (ArchieML)

    ArchieML (or “AML”) was created at The New York Times to make it easier to write and edit structured text on deadline that could be rendered in web pages, or more specifically, rendered in interactive graphics. One of the main goals was to make it easy to tag text as data, without having type a lot of special characters. Another goal was to allow the document to contain lots of notes and draft text that would not be read into the data. And finally, because we make extensive use of Google Documents’s concurrent-editing features — while working on a graphic, we can have several reporters, editors and developers all pouring information into a single document — we wanted to have a format that could survive being edited by users who may never have seen ArchieML or any other markup language at all before.

    (tags: aml archie markup text nytimes archieml writing)

  • California Says Motorcycle Lane-Splitting Is Hella Safe

    A recent yearlong study by the California Office of Traffic Safety has found motorcycle lane-splitting to be a safe practice on public roads. The study looked at collisions involving 7836 motorcyclists reported by 80 police departments between August 2012 and August 2013. “What we learned is, if you lane-split in a safe or prudent manner, it is no more dangerous than motorcycling in any other circumstance,” state spokesman Chris Cochran told the Sacramento Bee. “If you are speeding or have a wide speed differential (with other traffic), that is where the fatalities came about.”

    (tags: lane-splitting cycling motorcycling bikes road-safety driving safety california)

  • Try Server

    Good terminology for this concept:

    The try server runs a similar configuration to the continuous integration server, except that it is triggered not on commits but on “try job request”, in order to test code pre-commit.
    See also for the Moz take on it.

    (tags: build ci integration try-server jenkins buildbot chromium development)

  • metrics-sql

    A Dropwizard Metrics extension to instrument JDBC resources and measure SQL execution times.

    (tags: metrics sql jdbc instrumentation dropwizard)

  • HP is trying to patent Continuous Delivery

    This is appalling bollocks from HP:

    On 1st March 2015 I discovered that in 2012 HP had filed a patent (WO2014027990) with the USPO for ‘Performance tests in a continuous deployment pipeline‘ (the patent was granted in 2014). [....] HP has filed several patents covering standard Continuous Delivery (CD) practices. You can help to have these patents revoked by providing ‘prior art’ examples on Stack Exchange.
    In fairness, though, this kind of shit happens in most big tech companies. This is what happens when you have a broken software patenting system, with big rewards for companies who obtain shitty troll patents like these, and in turn have companies who reward the engineers who sell themselves out to write up concepts which they know have prior art. Software patents are broken by design!

    (tags: cd devops hp continuous-deployment testing deployment performance patents swpats prior-art)

Posted in Uncategorized | Comments closed

Links for 2015-03-05

Posted in Uncategorized | Comments closed

Links for 2015-03-04

Posted in Uncategorized | Comments closed

Links for 2015-03-03

Posted in Uncategorized | Comments closed

Links for 2015-03-02

  • Glowroot

    “Open source APM for Java” — profiling in production, with a demo benchmark showing about a 2% performance impact. Wonder about effects on memory/GC, though

    (tags: apm java metrics measurement new-relic profiling glowroot)

  • “Everything you’ve ever said to Siri/Cortana has been recorded…and I get to listen to it”

    This should be a reminder.

    At first, I though these sound bites were completely random. Then I began to notice a pattern. Soon, I realized that I was hearing peoples commands given to their mobile devices. Guys, I’m telling you, if you’ve said it to your phone, it’s been recorded…and there’s a damn good chance a 3rd party is going to hear it.

    (tags: privacy google siri cortana android voice-recognition outsourcing mobile)

  • Halcyon Days

    Fantastic 1997-era book of interviews with the programmers behind some of the greatest games in retrogaming history:

    Halcyon Days: Interviews with Classic Computer and Video Game Programmers was released as a commercial product in March 1997. At the time it was one of the first retrogaming projects to focus on lost history rather than game collecting, and certainly the first entirely devoted to the game authors themselves. Now a good number of the interviewees have their own web sites, but none of them did when I started contacting them in 1995. [...] If you have any of the giddy anticipation that I did whenever I picked up a magazine containing an interview with Mark Turmell or Dan [M.U.L.E.] Bunten, then you want to start reading.

    (tags: book games history coding interviews via:walter)

  • Pub Table Quiz – In Aid of Digital Rights Ireland

    Jason Roe is organising a Table Quiz in Dublin on March 26th to support fundraising efforts by Digital Rights Ireland. We will supply tables, questions and a ready supply of beer and maybe finger food.

    (tags: dri pub-quiz fun dublin quizzes)

  • Why are transhumanists such dicks?

    Good discussion from a transhumanist forum (via Boing Boing):

    “I’ve been around and interviewed quite a lot of self-identified transhumanists in the last couple of years, and I’ve noticed many of them express a fairly stark ideology that is at best libertarian, and at worst Randian. Very much “I want super bionic limbs and screw the rest of the world”. They tend to brush aside the ethical, environmental, social and political ramifications of human augmentation so long as they get to have their toys. There’s also a common expression that if sections of society are harmed by transhumanist progress, then it is unfortunate but necessary for the greater good (the greater good often being bestowed primarily upon those endorsing the transhumanism). That attitude isn’t prevalent on this forum at all – I think the site tends to attract more practical body-modders than theoretical transhumanists – but I wondered if anyone else here had experienced the same attitudes in their own circles? What do you make of it?”

    (tags: transhumanism evolution body-modding surgery philosophy via:boingboing libertarianism society politics)

Posted in Uncategorized | Comments closed

Links for 2015-02-27

Posted in Uncategorized | Comments closed