Links for 2017-05-22

Posted in Uncategorized | Leave a comment

Links for 2017-05-20

Posted in Uncategorized | Leave a comment

Links for 2017-05-18

  • Spotting a million dollars in your AWS account · Segment Blog

    You can easily split your spend by AWS service per month and call it a day. Ten thousand dollars of EC2, one thousand to S3, five hundred dollars to network traffic, etc. But what’s still missing is a synthesis of which products and engineering teams are dominating your costs.  Then, add in the fact that you may have hundreds of instances and millions of containers that come and go. Soon, what started as simple analysis problem has quickly become unimaginably complex.  In this follow-up post, we’d like to share details on the toolkit we used. Our hope is to offer up a few ideas to help you analyze your AWS spend, no matter whether you’re running only a handful of instances, or tens of thousands.

    (tags: segment money costs billing aws ec2 ecs ops)

Posted in Uncategorized | Leave a comment

Links for 2017-05-17

  • Seeking medical abortions online is safe and effective, study finds | World news | The Guardian

    Of the 1,636 women who were sent the drugs between the start of 2010 and the end of 2012, the team were able to analyse self-reported data from 1,000 individuals who confirmed taking the pills. All were less than 10 weeks pregnant. The results reveal that almost 95% of the women successfully ended their pregnancy without the need for surgical intervention. None of the women died, although seven women required a blood transfusion and 26 needed antibiotics. Of the 93 women who experienced symptoms for which the advice was to seek medical attention, 95% did so, going to a hospital or clinic. “When we talk about self-sought, self-induced abortion, people think about coat hangers or they think about tables in back alleys,” said Aiken. “But I think this research really shows that in 2017 self-sourced abortion is a network of people helping and supporting each other through what’s really a safe and effective process in the comfort of their own homes, and I think is a huge step forward in public health.”

    (tags: health medicine abortion pro-choice data women-on-web ireland law repealthe8th)

Posted in Uncategorized | Leave a comment

Links for 2017-05-15

  • The World Is Getting Hacked. Why Don’t We Do More to Stop It? – The New York Times

    Zeynep Tufekci is (as usual!) on the money with this op-ed. I strongly agree with the following:

    First, companies like Microsoft should discard the idea that they can abandon people using older software. The money they made from these customers hasn’t expired; neither has their responsibility to fix defects. Besides, Microsoft is sitting on a cash hoard estimated at more than $100 billion (the result of how little tax modern corporations pay and how profitable it is to sell a dominant operating system under monopolistic dynamics with no liability for defects). At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, “pay extra money to us or we will withhold critical security updates” can be seen as its own form of ransomware. In its defense, Microsoft probably could point out that its operating systems have come a long way in security since Windows XP, and it has spent a lot of money updating old software, even above industry norms. However, industry norms are lousy to horrible, and it is reasonable to expect a company with a dominant market position, that made so much money selling software that runs critical infrastructure, to do more. Microsoft should spend more of that $100 billion to help institutions and users upgrade to newer software, especially those who run essential services on it. This has to be through a system that incentivizes institutions and people to upgrade to more secure systems and does not force choosing between privacy and security. Security updates should only update security, and everything else should be optional and unbundled.
    More on this twitter thread: https://twitter.com/zeynep/status/863734133188681732

    (tags: security microsoft upgrades windows windows-xp zeynep-tufekci worms viruses malware updates software)

  • Fireside Chat with Vint Cerf & Marc Andreessen (Google Cloud Next ’17) – YouTube

    In which Vint Cerf calls for regulatory oversight of software engineering. “It’s a serious issue now”

    (tags: vint-cerf gcp regulation oversight politics law reliability systems)

  • don’t use String.intern() in Java

    String.intern is the gateway to native JVM String table, and it comes with caveats: throughput, memory footprint, pause time problems will await the users. Hand-rolled deduplicators/interners to reduce memory footprint are working much more reliably, because they are working on Java side, and also can be thrown away when done. GC-assisted String deduplication does alleviate things even more. In almost every project we were taking care of, removing String.intern from the hotpaths was the very profitable performance optimization. Do not use it without thinking, okay?

    (tags: strings interning java performance tips)

  • Moom removed from sale due to patent violation claim | Hacker News

    Well this sucks. Some scumbag applied for a patent on tiling window management in 2008, and it’s been granted. I use Moom every day :(

    (tags: moom patents bullshit swpat software window-management osx)

  • V2V and the challenge of cooperating technology

    A great deal of effort and attention has gone into a mobile data technology that you may not be aware of. This is “Vehicle to Vehicle” (V2V) communication designed so that cars can send data to other cars. There is special spectrum allocated at 5.9ghz, and a protocol named DSRC, derived from wifi, exists for communications from car-to-car and also between cars and roadside transmitters in the infrastructure, known as V2I. This effort has been going on for some time, but those involved have had trouble finding a compelling application which users would pay for. Unable to find one, advocates hope that various national governments will mandate V2V radios in cars in the coming years for safety reasons. In December 2016, the U.S. Dept. of Transportation proposed just such a mandate. [….] “Connected Autonomous Vehicles — Pick 2.”

    (tags: cars self-driving autonomous-vehicles v2v wireless connectivity networking security)

  • _Amazon Aurora: Design Considerations for High Throughput Cloud-Native Relational Databases_

    ‘Amazon Aurora is a relational database service for OLTP workloads offered as part of Amazon Web Services (AWS). In this paper, we describe the architecture of Aurora and the design considerations leading to that architecture. We believe the central constraint in high throughput data processing has moved from compute and storage to the network. Aurora brings a novel architecture to the relational database to address this constraint, most notably by pushing redo processing to a multi-tenant scale-out storage service, purpose-built for Aurora. We describe how doing so not only reduces network traffic, but also allows for fast crash recovery, failovers to replicas without loss of data, and fault-tolerant, self-healing storage. We then describe how Aurora achieves consensus on durable state across numerous storage nodes using an efficient asynchronous scheme, avoiding expensive and chatty recovery protocols. Finally, having operated Aurora as a production service for over 18 months, we share the lessons we have learnt from our customers on what modern cloud applications expect from databases.’

    (tags: via:rbranson aurora aws amazon databases storage papers architecture)

  • Hello Sandwich Tokyo Guide

    a guide for people who like travelling like a local and visiting hidden places off the beaten track. There are tips on where to rent a bike, the best bike path, the best coffee, the best craft shops, the coolest shops, the cheapest drinks, the most delicious pizza, the best izakaya, the cutest cafes, the best rooftop bar, the coolest hotels (and the cheap and cheerful hotels), the loveliest parks and soooo much more. It’s a list of all of the places I frequent, making it a local insiders guide to Tokyo. Also included in the Hello Sandwich Tokyo Guide are language essentials and travel tips. It’s the bloggers guide to Tokyo and if you’d like to visit the places seen on Hello Sandwich, then this guide is the zine for you.

    (tags: shops tourism japan tokyo guidebooks)

  • jantman/awslimitchecker

    A script and python module to check your AWS service limits and usage, and warn when usage approaches limits. Users building out scalable services in Amazon AWS often run into AWS’ service limits – often at the least convenient time (i.e. mid-deploy or when autoscaling fails). Amazon’s Trusted Advisor can help this, but even the version that comes with Business and Enterprise support only monitors a small subset of AWS limits and only alerts weekly. awslimitchecker provides a command line script and reusable package that queries your current usage of AWS resources and compares it to limits (hard-coded AWS defaults that you can override, API-based limits where available, or data from Trusted Advisor where available), notifying you when you are approaching or at your limits.
    (via This Week in AWS)

    (tags: aws amazon limits scripts ops)

Posted in Uncategorized | 1 Response

Links for 2017-05-13

Posted in Uncategorized | Leave a comment

Links for 2017-05-12

Posted in Uncategorized | Leave a comment

Links for 2017-05-11

  • Uuni

    “The world’s best portable wood-fired oven”. Fergal has one and loves it. $299

    (tags: uuni pizza oven outdoor food cooking gadgets)

  • Repair and Leasing Scheme – Peter Mc Verry Trust

    Minister Simon Coveney and the Department of Housing have provided funding of €32 million in 2017 for the Repair and Leasing Programme and set a target of 800 units to be delivered this year (2017). A total of €140 million has been allocated to the repair and leasing scheme over the lifetime of Rebuilding Ireland. The Repair and Leasing Scheme at a Glance: Targets Properties Empty or Derelict for 1 Year or more Grants to Property owners of up to €40,000 to get properties back into use Lease Terms of 10, 15 or 20 Years State Guaranteed Rental Income for Duration of Lease Property and Tenants Managed by Approved Housing Bodies [the Peter McVerry Trust in D1, D3, D7 and D9]

    (tags: peter-mcverry homelessness dublin housing repair derelict-buildings homes ireland property)

  • iKydz

    ‘Total Parent Control’ for kids internet access at home. Dublin-based product, dedicated wifi AP with lots of child-oriented filtering capabilities

    (tags: filtering security ikydz kids children internet wifi ap hardware blocking)

  • _Optimal Probabilistic Cache Stampede Prevention_ [pdf]

    ‘When a frequently-accessed cache item expires, multiple requests to that item can trigger a cache miss and start regenerating that same item at the same time. This phenomenon, known as cache stampede, severely limits the performance of databases and web servers. A natural countermeasure to this issue is to let the processes that perform such requests to randomly ask for a regeneration before the expiration time of the item. In this paper we give optimal algorithms for performing such probabilistic early expirations. Our algorithms are theoretically optimal and have much better performances than other solutions used in real-world applications.’ (via Marc Brooker)

    (tags: via:marcbrooker caching caches algorithm probabilistic expiration vldb papers expiry cache-miss stampedes)

Posted in Uncategorized | Leave a comment

Links for 2017-05-09

Posted in Uncategorized | Leave a comment

Links for 2017-05-08

  • The great British Brexit robbery: how our democracy was hijacked | Technology | The Guardian

    A map shown to the Observer showing the many places in the world where SCL and Cambridge Analytica have worked includes Russia, Lithuania, Latvia, Ukraine, Iran and Moldova. Multiple Cambridge Analytica sources have revealed other links to Russia, including trips to the country, meetings with executives from Russian state-owned companies, and references by SCL employees to working for Russian entities. Article 50 has been triggered. AggregateIQ is outside British jurisdiction. The Electoral Commission is powerless. And another election, with these same rules, is just a month away. It is not that the authorities don’t know there is cause for concern. The Observer has learned that the Crown Prosecution Service did appoint a special prosecutor to assess whether there was a case for a criminal investigation into whether campaign finance laws were broken. The CPS referred it back to the electoral commission. Someone close to the intelligence select committee tells me that “work is being done” on potential Russian interference in the referendum. Gavin Millar, a QC and expert in electoral law, described the situation as “highly disturbing”. He believes the only way to find the truth would be to hold a public inquiry. But a government would need to call it. A government that has just triggered an election specifically to shore up its power base. An election designed to set us into permanent alignment with Trump’s America. [….] This isn’t about Remain or Leave. It goes far beyond party politics. It’s about the first step into a brave, new, increasingly undemocratic world.

    (tags: elections brexit trump cambridge-analytica aggregateiq scary analytics data targeting scl ukip democracy grim-meathook-future)

  • Online security won’t improve until companies stop passing the buck to the customer

    100% agreed!

    Giving good security advice is hard because very often individuals have little or no effective control over their security. The extent to which a customer is at risk of being defrauded largely depends on how good their bank’s security is, something customers cannot know. Similarly, identity fraud is the result of companies doing a poor job at verifying identity. If a criminal can fraudulently take out a loan using another’s name, address, and date of birth from the public record, that’s the fault of the lender – not, as Cifas, a trade organisation for lenders, claims, because customers “don’t take the same care to protect our most important asset – our identities”.

    (tags: cifas uk passwords security regulation banking ncsc riscs advice)

  • Backdooring an AWS account

    eek. Things to look out for on your AWS setup:

    So you’ve pwned an AWS account?—?congratulations?—?now what? You’re eager to get to the data theft, amirite? Not so fast whipper snapper, have you disrupted logging? Do you know what you have? Sweet! Time to get settled in. Maintaining persistence in AWS is only limited by your imagination but there are few obvious and oft used techniques everyone should know and watch for.

    (tags: aws security hacks iam sts)

Posted in Uncategorized | Comments closed

Links for 2017-05-07

Posted in Uncategorized | Comments closed

Links for 2017-05-05

Posted in Uncategorized | Comments closed

Links for 2017-05-04

  • The Dark Secret at the Heart of AI – MIT Technology Review

    ‘The mysterious mind of [NVidia’s self-driving car, driven by machine learning] points to a looming issue with artificial intelligence. The car’s underlying AI technology, known as deep learning, has proved very powerful at solving problems in recent years, and it has been widely deployed for tasks like image captioning, voice recognition, and language translation. There is now hope that the same techniques will be able to diagnose deadly diseases, make million-dollar trading decisions, and do countless other things to transform whole industries. But this won’t happen—or shouldn’t happen—unless we find ways of making techniques like deep learning more understandable to their creators and accountable to their users. Otherwise it will be hard to predict when failures might occur—and it’s inevitable they will. That’s one reason Nvidia’s car is still experimental. Already, mathematical models are being used to help determine who makes parole, who’s approved for a loan, and who gets hired for a job. If you could get access to these mathematical models, it would be possible to understand their reasoning. But banks, the military, employers, and others are now turning their attention to more complex machine-learning approaches that could make automated decision-making altogether inscrutable. Deep learning, the most common of these approaches, represents a fundamentally different way to program computers. “It is a problem that is already relevant, and it’s going to be much more relevant in the future,” says Tommi Jaakkola, a professor at MIT who works on applications of machine learning. “Whether it’s an investment decision, a medical decision, or maybe a military decision, you don’t want to just rely on a ‘black box’ method.”’

    (tags: ai algorithms ml machine-learning legibility explainability deep-learning nvidia)

Posted in Uncategorized | Comments closed

Links for 2017-05-03

  • Prior Exposure Increases Perceived Accuracy of Fake News

    In other words, repeated exposure to fake news renders it believable. Pennycook, Gordon and Cannon, Tyrone D and Rand, David G., _Prior Exposure Increases Perceived Accuracy of Fake News_ (April 30, 2017):

    Collectively, our results indicate familiarity is used heuristically to infer accuracy. Thus, the spread of fake news is supported by persistent low-level cognitive processes that make even highly implausible and partisan claims more believable with repetition. Our results suggest that political echo chambers not only isolate one from opposing views, but also help to create incubation chambers for blatantly false (but highly salient and politicized) fake news stories.
    (via Zeynep Tufekci) See also: http://www.rand.org/content/dam/rand/pubs/perspectives/PE100/PE198/RAND_PE198.pdf , _The Russian “Firehose of Falsehood” Propaganda Model_, from RAND.

    (tags: propaganda psychology fake-news belief facebook echo-chambers lies truth media)

  • How your selfie could affect your life insurance

    Noping so hard. Imagine the levels of algorithmic discrimination inherent in this shit.

    “Your face is something you wear all your life, and it tells a very unique story about you,” says Karl Ricanek Jr., co-founder and chief data scientist at Lapetus Solutions Inc. in Wilmington, N.C. Several life insurance companies are testing Lapetus technology that uses facial analytics and other data to estimate life expectancy, he says. (Lapetus would not disclose the names of companies testing its product.) Insurers use life expectancy estimates to make policy approval and pricing decisions. Lapetus says its product, Chronos, would enable a customer to buy life insurance online in as little as 10 minutes without taking a life insurance medical exam.

    (tags: discrimination computer-says-no algorithms selfies face lapetus photos life-insurance life-expectancy)

  • After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts • The Register

    Experts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other. […] O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7. In other words, thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers, allowing them to empty their accounts. The thefts occurred over the past few months, according to multiple sources.

    (tags: o2 telefonica germany ss7 mobile 2fa security hacks cellphones)

Posted in Uncategorized | Comments closed

Links for 2017-05-02

  • explainshell.com

    This is pretty excellent work — paste a UNIX command line and it’ll contextually inline manual page snippets to match, highlighting the matching part of the command line.

    (tags: cli unix documentation explainshell shell scripting syntax manual-pages)

  • Sufjan Stevens – Carrie & Lowell Live on Vimeo

    the entire concert set. This was the highlight concert for me in 2015

    (tags: music video sufjan-stevens concerts 2015)

  • Exclusive: The Leaked Fyre Festival Pitch Deck Is Beyond Parody | Vanity Fair

    This is the worst future ever.

    As the pitch deck claims, within the first 48 hours of the social-media blitz, the Fyre Starters had reached “300 million social impressions”—impressions being the kind of dumb synonym one uses instead of the word “people,” in the same way someone at a bar tries to sound smart by saying he is “inebriated” instead of “drunk.” (And to be fair, an impression isn’t even a sentient person. It’s essentially reaching a person when they aren’t paying attention.) To pull off the 300 million impressions, McFarland and Ja Rule partnered with a P.R. agency, a creative agency, and Elliot Tebele, a once-random nobody who has created a social-media empire by siphoning other people’s jokes into the Instagram account @FuckJerry. One of the biggest deceits of the entire media campaign was that almost all of the 400 influencers who shared the promotional videos and photos never noted they were actually advertising something for someone else, which the Federal Trade Commission requires. This kind of advertising has been going on for years, and while the F.T.C. has threatened to crack down on online celebrities and influencers deceitfully failing to disclose that they are paid to post sponsorships, so far those threats have been completely ignored.

    (tags: fyre fail grim influencers instagram ftc pr advertising festivals)

  • Towards true continuous integration – Netflix TechBlog – Medium

    Netflix discuss how they handle the eternal dependency-management problem which arises with lots of microservices:

    Using the monorepo as our requirements specification, we began exploring alternative approaches to achieving the same benefits. What are the core problems that a monorepo approach strives to solve? Can we develop a solution that works within the confines of a traditional binary integration world, where code is shared? Our approach, while still experimental, can be distilled into three key features: Publisher feedback?—?provide the owner of shared code fast feedback as to which of their consumers they just broke, both direct and transitive. Also, allow teams to block releases based on downstream breakages. Currently, our engineering culture puts sole responsibility on consumers to resolve these issues. By giving library owners feedback on the impact they have to the rest of Netflix, we expect them to take on additional responsibility. Managed source?—?provide consumers with a means to safely increment library versions automatically as new versions are released. Since we are already testing each new library release against all downstreams, why not bump consumer versions and accelerate version adoption, safely. Distributed refactoring?—?provide owners of shared code a means to quickly find and globally refactor consumers of their API. We have started by issuing pull requests en masse to all Git repositories containing a consumer of a particular Java API. We’ve run some early experiments and expect to invest more in this area going forward.
    What I find interesting is that Amazon dealt effectively with the first two many years ago, in the form of their “Brazil” build system, and Google do the latter (with Refaster?). It would be amazing to see such a system released into an open source form, but maybe it’s just too heavyweight for anyone other than a giant software company on the scale of a Google, Netflix or Amazon.

    (tags: brazil amazon build microservices dependencies coding monorepo netflix google refaster)

  • acksin/seespot: AWS Spot instance health check with termination and clean up support

    When a Spot Instance is about to terminate there is a 2 minute window before the termination actually happens. SeeSpot is a utility for AWS Spot instances that handles the health check. If used with an AWS ELB it also handles cleanup of the instance when a Spot Termination notice is sent.

    (tags: aws elb spot-instances health-checks golang lifecycle ops)

  • cristim/autospotting: Pay up to 10 times less on EC2 by automatically replacing on-demand AutoScaling group members with similar or larger identically configured spot instances.

    A simple and easy to use tool designed to significantly lower your Amazon AWS costs by automating the use of the spot market. Once enabled on an existing on-demand AutoScaling group, it launches an EC2 spot instance that is cheaper, at least as large and configured identically to your current on-demand instances. As soon as the new instance is ready, it is added to the group and an on-demand instance is detached from the group and terminated. It continuously applies this process, gradually replacing any on-demand instances with spot instances until the group only consists of spot instances, but it can also be configured to keep some on-demand instances running.

    (tags: aws golang ec2 autoscaling asg spot-instances ops)

  • Rule by Nobody

    ‘Algorithms update bureaucracy’s long-standing strategy for evasion.’

    The need to optimize yourself for a network of opaque algorithms induces a sort of existential torture. In The Utopia of Rules: On Technology, Stupidity, and the Secret Joys of Bureaucracy, anthropologist David Graeber suggests a fundamental law of power dynamics: “Those on the bottom of the heap have to spend a great deal of imaginative energy trying to understand the social dynamics that surround them — including having to imagine the perspectives of those on top — while the latter can wander about largely oblivious to much of what is going on around them. That is, the powerless not only end up doing most of the actual, physical labor required to keep society running, they also do most of the interpretive labor as well.” This dynamic, Graeber argues, is built into all bureaucratic structures. He describes bureaucracies as “ways of organizing stupidity” — that is, of managing and reproducing these “extremely unequal structures of imagination” in which the powerful can disregard the perspectives of those beneath them in various social and economic hierarchies. Employees need to anticipate the needs of bosses; bosses need not reciprocate. People of color are forced to learn to accommodate and anticipate the ignorance and hostility of white people. Women need to be acutely aware of men’s intentions and feelings. And so on. Even benevolent-seeming bureaucracies, in Graeber’s view, have the effect of reinforcing “the highly schematized, minimal, blinkered perspectives typical of the powerful” and their privileges of ignorance and indifference toward those positioned as below them.

    (tags: algorithms bureaucracy democracy life society via:raycorrigan technology power)

  • Reverse engineering the 76477 “Space Invaders” sound effect chip from die photos

    Now _this_ is reversing:

    Remember the old video game Space Invaders? Some of its sound effects were provided by a chip called the 76477 Complex Sound Generation chip. While the sound effects1 produced by this 1978 chip seem primitive today, it was used in many video games, pinball games. But what’s inside this chip and how does it work internally? By reverse-engineering the chip from die photos, we can find out. (Photos courtesy of Sean Riddle.) In this article, I explain how the analog circuits of this chip works and show how the hundreds of transistors on the silicon die form the circuits of this complex chip.

    (tags: space-invaders games history reverse-engineering chips analog sound-effects)

Posted in Uncategorized | Comments closed

Links for 2017-04-28

Posted in Uncategorized | Comments closed

Links for 2017-04-26

  • Put Down the Pink Dumbbell

    So, ladies, let’s first put down the two-pound, pink dumbbells. We have been sold a false story about fitness, health (and its connection to weight loss). I was exercised by wolves. And I’m going to tell you all the secrets and tricks I learned by avoiding the fitness-industrial complex. Most of what I’ll say applies to men, but I have discovered that most of the outrageously wrong advice is given to women. […] So, here: truth number one. Very few of us consider strength-training as essential exercise, but it is. It is especially crucial as one ages, because a natural part of the aging process is losing muscle. Women, especially, need to lift weights, and the trick to lifting weights is stressing muscles. And that weight has to be a real weight, progressively increased, and barring health issues, an average woman should not even bother with two pound weights because that won’t stress your muscles enough to benefit you. Exercise industry is surely partially to blame for why people don’t exercise regularly: they promise the wrong thing (weight loss) and then don’t push/guide people to do the right thing.

    (tags: exercise health fitness weight-loss zeynep-tufekci strength aging weights training)

  • ECJ rules sale of multimedia player enabling streaming of illegal content onto TV screen breaches copyright

    via Simon McGarr

    (tags: via:tupp_ed piracy streaming dodgyboxes tv ecj eu)

Posted in Uncategorized | Comments closed

Links for 2017-04-25

  • Ireland’s Content Pool

    Bring your content to life with our free resource for positive tourism related purposes. Our image, video and copy collections show people, landscapes and the Irish lifestyle across a range of experiences including festivals, activities, cities, rural life and food.
    Interesting idea — but the licensing terms aren’t 100% clear. This would have been much easier if it was just CC licensed!

    (tags: open-data licensing ireland tourism via:damienmulley landscapes photos pictures content failte-ireland)

  • Here’s Why Juicero’s Press is So Expensive – Bolt Blog

    Our usual advice to hardware founders is to focus on getting a product to market to test the core assumptions on actual target customers, and then iterate. Instead, Juicero spent $120M over two years to build a complex supply chain and perfectly engineered product that is too expensive for their target demographic. Imagine a world where Juicero raised only $10M and built a product subject to significant constraints. Maybe the Press wouldn’t be so perfectly engineered but it might have a fewer features and cost a fraction of the original $699. Or maybe with a more iterative approach, they would have quickly found that customers vary greatly in their juice consumption patterns, and would have chosen a per-pack pricing model rather than one-size-fits-all $35/week subscription. Suddenly Juicero is incredibly compelling as a product offering, at least to this consumer.

    (tags: juicero design electronics hardware products startups engineering teardowns)

  • AWS Greengrass

    AWS Greengrass is software that lets you run local compute, messaging & data caching for connected devices in a secure way. With AWS Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet. Using AWS Lambda, Greengrass ensures your IoT devices can respond quickly to local events, operate with intermittent connections, and minimize the cost of transmitting IoT data to the cloud. AWS Greengrass seamlessly extends AWS to devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With Greengrass, you can use familiar languages and programming models to create and test your device software in the cloud, and then deploy it to your devices. AWS Greengrass can be programmed to filter device data and only transmit necessary information back to the cloud. AWS Greengrass authenticates and encrypts device data at all points of connection using AWS IoT’s security and access management capabilities. This way data is never exchanged between devices when they communicate with each other and the cloud without proven identity.

    (tags: aws cloud iot lambda devices offline synchronization architecture)

  • Immunotherapy Pioneer James Allison Has Unfinished Business with Cancer – MIT Technology Review

    On the discovery and history of ipilimumab (trade named Yervoy), one of the first immunotherapy drugs

    (tags: ipilimumab cancer yervoy immunotherapy medicine melanoma)

  • FactCheck: No, the reported side effects of the HPV vaccine do NOT outweigh the proven benefits

    The Journal FactCheck team take a shortcut through Regret.ie’s bullshit

    (tags: hpv antivaxxers gardasil safety vaccination health medicine fact-checking)

Posted in Uncategorized | Comments closed

Links for 2017-04-24

  • Unroll.me sold your data to Uber

    ‘Uber devoted teams to so-called competitive intelligence, purchasing data from Slice Intelligence, which collected customers’ emailed Lyft receipts via Unroll.me and sold the data to Uber’. Also: ‘Unroll.me allegedly “kept a copy of every single email that you sent or received” in “poorly secured S3 buckets”‘: https://news.ycombinator.com/item?id=14180463 Unroll.me CEO: ‘felt bad “to see that some of our users were upset to learn about how we monetise our free service”.’ https://www.theguardian.com/technology/2017/apr/24/unrollme-mail-unsubscription-service-heartbroken-sells-user-inbox-data-slice

    (tags: uber unroll.me gmail google privacy data-protection lyft scumbags slice-intelligence)

  • Capturing all the flags in BSidesSF CTF by pwning Kubernetes/Google Cloud

    good exploration of the issues with running a CTF challenge (or any other secure infrastructure!) atop Kubernetes and a cloud platform like GCE

    (tags: gce google-cloud kubernetes security docker containers gke ctf hacking exploits)

  • How To Add A Security Key To Your Gmail (Tech Solidarity)

    Excellent how-to guide for Yubikey usage on gmail

    (tags: gmail yubikey security authentication google)

  • Ethics – Lyrebird

    ‘Lyrebird is the first company to offer a technology to reproduce the voice of someone as accurately and with as little recorded audio. [..] Voice recordings are currently considered as strong pieces of evidence in our societies and in particular in jurisdictions of many countries. Our technology questions the validity of such evidence as it allows to easily manipulate audio recordings. This could potentially have dangerous consequences such as misleading diplomats, fraud and more generally any other problem caused by stealing the identity of someone else. By releasing our technology publicly and making it available to anyone, we want to ensure that there will be no such risks. We hope that everyone will soon be aware that such technology exists and that copying the voice of someone else is possible. More generally, we want to raise attention about the lack of evidence that audio recordings may represent in the near future.’

    (tags: lyrebird audio technology scary ethics)

Posted in Uncategorized | Comments closed

Links for 2017-04-22

Posted in Uncategorized | Comments closed

Links for 2017-04-21

Posted in Uncategorized | Comments closed

Links for 2017-04-20

  • Amazon DynamoDB Accelerator (DAX)

    Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second. DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management.
    No latency percentile figures, unfortunately. Also still in preview.

    (tags: amazon dynamodb aws dax performance storage databases latency low-latency)

  • I Just Love This Juicero Story So Much

    When we signed up to pump money into this juice company, it was because we thought drinking the juice would be a lot harder and more expensive. That was the selling point, because Silicon Valley is a stupid libertarian dystopia where investor-class vampires are the consumers and a regular person’s money is what they go shopping for. Easily opened bags of juice do not give these awful nightmare trash parasites a good bargain on the disposable income of credulous wellness-fad suckers; therefore easily opened bags of juice are a worse investment than bags of juice that are harder to open.

    (tags: juicero juicebros techbros silicon-valley funny dystopia fruit bags juice)

  • Zeynep Tufekci: Machine intelligence makes human morals more important | TED Talk | TED.com

    Machine intelligence is here, and we’re already using it to make subjective decisions. But the complex way AI grows and improves makes it hard to understand and even harder to control. In this cautionary talk, techno-sociologist Zeynep Tufekci explains how intelligent machines can fail in ways that don’t fit human error patterns — and in ways we won’t expect or be prepared for. “We cannot outsource our responsibilities to machines,” she says. “We must hold on ever tighter to human values and human ethics.”
    More relevant now that nVidia are trialing ML-based self-driving cars in the US…

    (tags: nvidia ai ml machine-learning scary zeynep-tufekci via:maciej technology ted-talks)

  • ‘Mathwashing,’ Facebook and the zeitgeist of data worship

    Fred Benenson: Mathwashing can be thought of using math terms (algorithm, model, etc.) to paper over a more subjective reality. For example, a lot of people believed Facebook was using an unbiased algorithm to determine its trending topics, even if Facebook had previously admitted that humans were involved in the process.

    (tags: maths math mathwashing data big-data algorithms machine-learning bias facebook fred-benenson)

  • Build a Better Monster: Morality, Machine Learning, and Mass Surveillance

    We built the commercial internet by mastering techniques of persuasion and surveillance that we’ve extended to billions of people, including essentially the entire population of the Western democracies. But admitting that this tool of social control might be conducive to authoritarianism is not something we’re ready to face. After all, we’re good people. We like freedom. How could we have built tools that subvert it? As Upton Sinclair said, “It is difficult to get a man to understand something, when his salary depends on his not understanding it.” I contend that there are structural reasons to worry about the role of the tech industry in American political life, and that we have only a brief window of time in which to fix this.

    (tags: advertising facebook google internet politics surveillance democracy maciej-ceglowski talks morality machine-learning)

Posted in Uncategorized | Comments closed

Links for 2017-04-13

Posted in Uncategorized | Comments closed

Links for 2017-04-12

Posted in Uncategorized | Comments closed

Links for 2017-04-11

Posted in Uncategorized | Comments closed

Links for 2017-04-10

Posted in Uncategorized | Comments closed

Links for 2017-04-07

  • Research Blog: Federated Learning: Collaborative Machine Learning without Centralized Training Data

    Great stuff from Google – this is really nifty stuff for large-scale privacy-preserving machine learning usage:

    It works like this: your device downloads the current model, improves it by learning from data on your phone, and then summarizes the changes as a small focused update. Only this update to the model is sent to the cloud, using encrypted communication, where it is immediately averaged with other user updates to improve the shared model. All the training data remains on your device, and no individual updates are stored in the cloud. Federated Learning allows for smarter models, lower latency, and less power consumption, all while ensuring privacy. And this approach has another immediate benefit: in addition to providing an update to the shared model, the improved model on your phone can also be used immediately, powering experiences personalized by the way you use your phone.
    Papers: https://arxiv.org/pdf/1602.05629.pdf , https://arxiv.org/pdf/1610.05492.pdf

    (tags: google ml machine-learning training federated-learning gboard models privacy data-privacy data-protection)

  • /r/ireland map

    The denizens of /r/ireland have put together a map of their favourite tourist spots around the country. Some slightly odd choices but definitely a few that may be worth a visit. Thread: https://www.reddit.com/r/ireland/comments/5b0634/i_am_starting_a_rireland_recommended_map_for/

    (tags: ireland tourist tourism attractions reddit)

Posted in Uncategorized | Comments closed

Links for 2017-04-06

Posted in Uncategorized | Comments closed

Links for 2017-04-05

Posted in Uncategorized | Comments closed

Links for 2017-04-04

Posted in Uncategorized | Comments closed

Links for 2017-04-03

  • Introducing the Faves & Flags roleplaying system | MetaTalk

    awesome D&D-spoofing April Fool from MeFi

    (tags: metafilter funny dungeons-and-dragons community spoofs rpg 1970s)

  • Watching the hearings, I learned my “Bernie bro” harassers may have been Russian bots

    However, the rest of the abuse came from accounts purporting to be supporters of Vermont Independent Senator Bernie Sanders. And these were “people” with whom I believed I shared common values and policy interests. Almost all of the accounts presented as men — mostly young and white — and used sexist and misogynistic tones and words. I was called “mom” and “grandma” as epithets by these “young men.” I was called every vile sexualized name you can imagine. For some reason that I did not understand at the time, they liked to call me a “vagina.” (I now believe non-native English — i.e. Russian — speakers wrote the algorithms controlling these bots and perhaps imagined “vagina” to be the equivalent of the c-word when hurled at a woman.) Not being conversant in the mechanisms of Russian psychological warfare techniques at the time, it never occurred to me that, like the #MAGA bots, these “Bernie Bro” accounts were actually bots too. And the abuse from these accounts was much harder to dismiss. It went in further, emotionally speaking. The vitriol of the attacks felt like a painful betrayal. After all, “we” probably shared 99 percent of our political perspective; we just supported different candidates — which is something I said repeatedly in my attempts to appeal to reason with some of the attackers over the course of those long months. Nonetheless, even the mildest criticism of Sanders or comment of support for Clinton would bring out a swarm of these “Bernie Bro” accounts spouting off with abusive language and mockery.

    (tags: bernie-bros abuse twitter russia security bots elections hilary-clinton)

Posted in Uncategorized | Comments closed

Links for 2017-03-31

Posted in Uncategorized | Comments closed

Links for 2017-03-30

Posted in Uncategorized | Comments closed

Links for 2017-03-28

  • Automated unemployment insurance fraud detection system had a staggering 93% error rate in production

    Expect to see a lot more cases of automated discrimination like this in the future. There is no way an auto-adjudication system would be allowed to have this staggering level of brokenness if it was dealing with the well-off:

    State officials have said that between Oct. 1, 2013, when the MiDAS [automated unemployment insurance fraud detection] system came on line, and Aug. 7, 2015, when the state halted the auto-adjudication of fraud determinations and began to require some human review of MiDAS findings, the system had a 93% error rate and made false fraud findings affecting more than 20,000 unemployment insurance claims. Those falsely accused of fraud were subjected to quadruple penalties and aggressive collection techniques, including wage garnishment and seizure of income tax refunds. Some were forced into bankruptcy. The agency is now reviewing about 28,000 additional fraud determinations that were made during the relevant period, but which involved some human review. An unknown number of those fraud findings were also false.

    (tags: fraud broken fail michigan detroit social-welfare us-politics computer-says-no automation discrimination fraud-detection)

Posted in Uncategorized | Comments closed

Links for 2017-03-27

Posted in Uncategorized | Comments closed

Links for 2017-03-26

  • American Snoper – Medium

    The grugq on Putin vs France:

    How modern conflicts play out in the informatics sphere, what I mean when I talk about cyber war, is happening in France. After France there will be Germany, then the Scandinavian countries have their elections. There is no chance that Putin attempting to shape the world to best suit Russian interests will abate. Currently, the strongest area that he can contend in is the informatics sphere, the cyber realm, where human perception of reality is shaped.

    (tags: putin france elections russia cyber-war hacking security wikileaks)

Posted in Uncategorized | Comments closed

Links for 2017-03-24

  • That thing about pwning N26

    Whitehat CCC hacker thoroughly pwns N26 bank — there’s a lot of small leaks and insecurities here. Sounds like N26 are dealing with them though

    (tags: ccc hacks exploits n26 banks banking security)

  • ‘For decades, the transaction concept has played a central role in database research and development. Despite this prominence, transactional databases today often surface much weaker models than the classic serializable isolation guarantee—and, by default, far weaker models than alternative,“strong but not serializable” models such as Snapshot Isolation. Moreover, the transaction concept requires the programmer’s involvement: should an application programmer fail to correctly use transactions by appropriately encapsulating functionality, even serializable transactions will expose programmers to errors. While many errors arising from these practices may be masked by low concurrency during normal operation, they are susceptible to occur during periods of abnormally high concurrency. By triggering these errors via concurrent access in a deliberate attack, a determined adversary could systematically exploit them for gain. In this work, we defined the problem of ACIDRain attacks and introduced 2AD, a lightweight dynamic analysis tool that uses traces of normal database activity to detect possible anomalous behavior in applications. To enable 2AD, we extended Adya’s theory of weak isolation to allow efficient reasoning over the space of all possible concurrent executions of a set of transactions based on a concrete history, via a new concept called an abstract history, which also applies to API calls. We then applied 2AD analysis to twelve popular self-hosted eCommerce applications, finding 22 vulnerabilities spread across all but one application we tested, affecting over 50% of eCommerce sites on the Internet today. We believe that the magnitude and the prevalence of these vulnerabilities to ACIDRain attacks merits a broader reconsideration of the success of the transaction concept as employed by programmers today, in addition to further pursuit of research in this direction. Based on our early experiences both performing ACIDRain attacks on self-hosted applications as well as engaging with developers, we believe there is considerable work to be done in raising awareness of these attacks—for example, via improved analyses and additional 2AD refinement rules (including analysis of source code to better highlight sources of error)—and in automated methods for defending against these attacks—for example, by synthesizing repairs such as automated isolation level tuning and selective application of SELECT FOR UPDATE mechanisms. Our results here—as well as existing instances of ACIDRain attacks in the wild—suggest there is considerable value at stake.’

    (tags: databases transactions vulnerability security acidrain peter-bailis storage isolation acid)

  • Scientists made a detailed “roadmap” for meeting the Paris climate goals. It’s eye-opening. – Vox

    tl;dr: this is not going to happen and we are fucked.

    (tags: climate environment global-warming science roadmap future grim-meathook-future)

  • HyperBitBit

    jomsdev notes: ‘Last year, in the AofA’16 conference Robert Sedgewick proposed a new algorithm for cardinality estimation. Robert Sedgwick is a professor at Princeton with a long track of publications on combinatorial/randomized algorithms. He was a good friend of Philippe Flajolet (creator of Hyperloglog) and HyperBitBit it’s based on the same ideas. However, it uses less memory than Hyperloglog and can provide the same results. On practical data, HyperBitBit, for N < 2^64 estimates cardinality within 10% using only 128 + 6 bits.'

    (tags: algorithms programming cs hyperloglog estimation cardinality counting hyperbitbit)

Posted in Uncategorized | Comments closed

Links for 2017-03-23

Posted in Uncategorized | Comments closed

Links for 2017-03-22

  • Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware

    DRM working as expected:

    To avoid the draconian locks that John Deere puts on the tractors they buy, farmers throughout America’s heartland have started hacking their equipment with firmware that’s cracked in Eastern Europe and traded on invite-only, paid online forums. Tractor hacking is growing increasingly popular because John Deere and other manufacturers have made it impossible to perform “unauthorized” repair on farm equipment, which farmers see as an attack on their sovereignty and quite possibly an existential threat to their livelihood if their tractor breaks at an inopportune time.
    (via etienneshrdlu)

    (tags: hacking farming drm john-deere tractors firmware right-to-repair repair)

Posted in Uncategorized | Comments closed

Links for 2017-03-21

  • Don’t Get Trampled: The Puzzle For “Unicorn” Employees

    ‘One of my sad predictions for 2017 is a bunch of big headline-worthy acquisitions and IPOs that leave a lot of hard working employees at these companies in a weird spot. They’ll be congratulated by everyone they know for their extraordinary success while scratching their heads wondering why they barely benefited. Of course, the reason is that these employees never understood their compensation in the first place (and they were not privy to the terms of all the financings before and after they were hired).’

    (tags: share-options shares unicorns funding employment jobs compensation)

  • GitHub’s new Balanced Employee IP Agreement (BEIPA) lets workers keep the IP when they use company resources for personal projects — Quartz

    Huh, interesting development:

    If it’s on company time, it’s the company’s dime. That’s the usual rule in the tech industry—that if employees use company resources to work on projects unrelated to their jobs, their employer can claim ownership of any intellectual property (IP) they create. But GitHub is throwing that out the window. Today the code-sharing platform announced a new policy, the Balanced Employee IP Agreement (BEIPA). This allows its employees to use company equipment to work on personal projects in their free time, which can occur during work hours, without fear of being sued for the IP. As long as the work isn’t related to GitHub’s own “existing or prospective” products and services, the employee owns it.

    (tags: github law tech jobs work day-job side-projects hacking ip copyright)

Posted in Uncategorized | Comments closed