Links for 2016-02-10

Posted in Uncategorized | Leave a comment

Links for 2016-02-09

Posted in Uncategorized | Leave a comment

Links for 2016-02-08

Posted in Uncategorized | Leave a comment

Links for 2016-02-07

Posted in Uncategorized | Leave a comment

Links for 2016-02-05

  • The science behind “don’t drink when pregnant” is rubbish

    As the economist Emily Oster pointed out in her 2013 book Expecting Better, there is also no “proven safe” level of Tylenol or caffeine, and yet both are fine in moderation during pregnancy. Oster pored through reams of research on alcohol and pregnancy for her book and concluded that there is simply no scientific evidence that light drinking during pregnancy impacts a baby’s health. (In one frequently cited 2001 study that suggested light drinking in pregnancy increases the chances of a child displaying aggressive behaviors, the drinkers were also significantly likelier to have taken cocaine during pregnancy.)
    My wife also followed the paper trail on this issue in the past. In the papers from which these recommendations were derived, the level of drinking at which any effects were observed in babies was when women consumed at least *9 units every day* for the entire pregnancy. That’s an entire bottle of wine, daily!

    (tags: booze alcohol science facts papers medicine emily-oster babies pregnancy pre-pregnant research)

  • GCHQ’s Spam Problem

    ‘“Spam emails are a large proportion of emails seen in SIGINT [signals intelligence],” reads part of a dense document from the Snowden archive, published by Boing Boing on Tuesday. “GCHQ would like to reduce the impact of spam emails on data storage, processing and analysis.”’ (circa 2011). Steganography, anyone? (via Tony Finch)

    (tags: spam anti-spam gchq funny boing-boing sigint snowden surveillance)

  • ECHR: Websites not liable for readers’ comments

    ‘Lawyers for [a Hungarian news] site said the comments concerned had been taken down as soon as they were flagged. They said making their clients liable for everything readers posted “would have serious adverse repercussions for freedom of expression and democratic openness in the age of Internet”. The ECHR agreed. “Although offensive and vulgar, the incriminated comments did not constitute clearly unlawful speech; and they certainly did not amount to hate speech or incitement to violence,” the judges wrote.’

    (tags: echr law eu legal comments index-hu hungary)

  • research!rsc: Zip Files All The Way Down

    quine.zip, quine.gz, and quine.tar.gz. Here’s what happens when you mail it through bad AV software: https://twitter.com/FioraAeterna/status/694655296707297281

    (tags: zip algorithms compression quines fun hacks gzip)

  • The Nuclear Missile Sites of Los Angeles

    Great article by Geoff “bldgblog” Manaugh on the ruins of the Nike air-to-air missile emplacements dotted around California. I had absolutely no idea that these — the 1958-era Nike-Hercules missiles, at least — carried 30-kiloton nuclear warheads, intended to be detonated at 50,000 feet *above* the cities they were defending, in order to destroy in-flight bomber formations. Nuclear war was truly bananas.

    (tags: war history la sf california nike-missiles missiles nuclear-war nike-hercules cold-war 1950s)

Posted in Uncategorized | Leave a comment

Links for 2016-02-03

  • Exclusive: Snowden intelligence docs reveal UK spooks’ malware checklist / Boing Boing

    This is an excellent essay from Cory Doctorow on mass surveillance in the post-Snowden era, and the difference between HUMINT and SIGINT. So much good stuff, including this (new to me) cite for, “Goodhart’s law”, on secrecy as it affects adversarial classification:

    The problem with this is that once you accept this framing, and note the happy coincidence that your paymasters just happen to have found a way to spy on everyone, the conclusion is obvious: just mine all of the data, from everyone to everyone, and use an algorithm to figure out who’s guilty. The bad guys have a Modus Operandi, as anyone who’s watched a cop show knows. Find the MO, turn it into a data fingerprint, and you can just sort the firehose’s output into ”terrorist-ish” and ”unterrorist-ish.” Once you accept this premise, then it’s equally obvious that the whole methodology has to be kept from scrutiny. If you’re depending on three ”tells” as indicators of terrorist planning, the terrorists will figure out how to plan their attacks without doing those three things. This even has a name: Goodhart’s law. “When a measure becomes a target, it ceases to be a good measure.” Google started out by gauging a web page’s importance by counting the number of links they could find to it. This worked well before they told people what they were doing. Once getting a page ranked by Google became important, unscrupulous people set up dummy sites (“link-farms”) with lots of links pointing at their pages.

    (tags: adversarial-classification classification surveillance nsa gchq cory-doctorow privacy snooping goodharts-law google anti-spam filtering spying snowden)

Posted in Uncategorized | Leave a comment

Links for 2016-02-02

Posted in Uncategorized | Leave a comment

Links for 2016-02-01

Posted in Uncategorized | Leave a comment

Links for 2016-01-30

  • Seesaw: scalable and robust load balancing from Google

    After evaluating a number of platforms, including existing open source projects, we were unable to find one that met all of our needs and decided to set about developing a robust and scalable load balancing platform. The requirements were not exactly complex – we needed the ability to handle traffic for unicast and anycast VIPs, perform load balancing with NAT and DSR (also known as DR), and perform adequate health checks against the backends. Above all we wanted a platform that allowed for ease of management, including automated deployment of configuration changes. One of the two existing platforms was built upon Linux LVS, which provided the necessary load balancing at the network level. This was known to work successfully and we opted to retain this for the new platform. Several design decisions were made early on in the project — the first of these was to use the Go programming language, since it provided an incredibly powerful way to implement concurrency (goroutines and channels), along with easy interprocess communication (net/rpc). The second was to implement a modular multi-process architecture. The third was to simply abort and terminate a process if we ended up in an unknown state, which would ideally allow for failover and/or self-recovery.

    (tags: seesaw load-balancers google load-balancing vips anycast nat lbs go ops networking)

Posted in Uncategorized | Leave a comment

Links for 2016-01-29

Posted in Uncategorized | Leave a comment

Links for 2016-01-28

Posted in Uncategorized | Leave a comment

Links for 2016-01-27

Posted in Uncategorized | Comments closed

Links for 2016-01-26

Posted in Uncategorized | Comments closed

Links for 2016-01-25

  • Netflix Global Search

    handy — search Netflix in all regions, then show where the show/movie is available. Probably going to be less handy from now on now that Netflix is blocking region-spoofing

    (tags: movies video netflix films tv world)

  • Why Eircode is a shambles, by someone who works in the transport industry

    This is full of good points.

    Without having a distinct SORT KEY for a geographically distinct area, a postcode is of no real benefit to any type of transport firm or agency.  To take one example, Eircode have used the same sort key, F92, for Arranmore (Donegal’s largest inhabited island) and the north western Donegal mainland.  Cill Rónáin, Inis Mór, the largest of the Aran Islands, has the same sort key H91, as Connemara and Galway City.  Galway city and the Aran Islands may be in a relatively small geographical area, but keen eyes may have noticed that the Aran Islands are separated from the mainland by a small section of the Atlantic Ocean.  Sort codes which ignore clear and obvious boundaries, like seas or oceans, need to be redesigned. In two seconds a [UK] website could tell a Hebridean that his delivery will take 4 days at a cost of fifty quid by using the first three characters of the postcode.  The Eircode-using Irish equivalent website would need to lookup a large database to tell an Arranmore resident the cost and time for delivery – and they’d need the full exact code.  Any mistake made here, and your estimated delivery time, and cost for delivery will be wrong.

    (tags: postcodes eircode loc8code fail couriers delivery geodata geocoding galway aran-islands)

Posted in Uncategorized | Comments closed

Links for 2016-01-23

Posted in Uncategorized | Comments closed

Links for 2016-01-22

Posted in Uncategorized | Comments closed

Links for 2016-01-21

Posted in Uncategorized | Comments closed

Links for 2016-01-20

Posted in Uncategorized | Comments closed

Links for 2016-01-19

Posted in Uncategorized | Comments closed

Links for 2016-01-16

  • Yosemite agrees to change the names of its significant locations to appease trademark troll / Boing Boing

    This is absolutely appalling. IP law gone mad:

    DNC Parks & Resorts at Yosemite, Inc (a division of one of the largest privately owned companies in the world) used to have the concessions to operate various businesses around Yosemite National Park. Now that they’ve been fired, they’re using some decidedly dubious trademark to force the Park Service to change the names of buildings and locations that have stood for as much as a century, including some that have been designated national landmarks. The Parks Service has caved to these requests as it readies the park for its centennial celebration. It will not only change the names of publicly owned landmarks — such as the Ahwahnee hotel, Yosemite Lodge, the Wawona Hotel, Curry Village, and Badger Pass ski area — it will also have to change all its signs, maps and guidebooks.

    (tags: yosemite ip trademarks law fiasco national-parks usa)

Posted in Uncategorized | Comments closed

Links for 2016-01-15

Posted in Uncategorized | Comments closed

Links for 2016-01-14

Posted in Uncategorized | Comments closed

Links for 2016-01-12

Posted in Uncategorized | Comments closed

Links for 2016-01-11

Posted in Uncategorized | Comments closed

Links for 2016-01-08

Posted in Uncategorized | Comments closed

Links for 2016-01-07

Posted in Uncategorized | Comments closed

Links for 2016-01-06

Posted in Uncategorized | Comments closed

Links for 2016-01-04

Posted in Uncategorized | Comments closed

Links for 2015-12-31

Posted in Uncategorized | Comments closed

Links for 2015-12-27

Posted in Uncategorized | Comments closed

Links for 2015-12-22

  • Amazon EC2 Container Registry

    hooray, Docker registry here at last

    (tags: ecs docker registry ops containers aws)

  • How to inspect SSL/TLS traffic with Wireshark 2

    turns out it’s easy enough — Mozilla standardised a debugging SSL session-key logging file format which Wireshark and Chrome support

    (tags: chrome ssl browser firefox wireshark debugging tls)

  • ImperialViolet – Juniper: recording some Twitter conversations

    Adam Langley on the Juniper VPN-snooping security hole:

    … if it wasn’t the NSA who did this, we have a case where a US gov­ern­ment back­door ef­fort (Dual-EC) laid the ground­work for some­one else to at­tack US in­ter­ests. Cer­tainly this at­tack would be a lot eas­ier given the pres­ence of a back­door-friendly RNG al­ready in place. And I’ve not even dis­cussed the SSH back­door. [...]

    (tags: primes ecc security juniper holes exploits dual-ec-drbg vpn networking crypto prngs)

  • Excellent post from Matthew Green on the Juniper backdoor

    For the past several years, it appears that Juniper NetScreen devices have incorporated a potentially backdoored random number generator, based on the NSA’s Dual_EC_DRBG algorithm. At some point in 2012, the NetScreen code was further subverted by some unknown party, so that the very same backdoor could be used to eavesdrop on NetScreen connections. While this alteration was not authorized by Juniper, it’s important to note that the attacker made no major code changes to the encryption mechanism — they only changed parameters. This means that the systems were potentially vulnerable to other parties, even beforehand. Worse, the nature of this vulnerability is particularly insidious and generally messed up. [....] The end result was a period in which someone — maybe a foreign government — was able to decrypt Juniper traffic in the U.S. and around the world. And all because Juniper had already paved the road. One of the most serious concerns we raise during [anti-law-enforcement-backdoor] meetings is the possibility that encryption backdoors could be subverted. Specifically, that a back door intended for law enforcement could somehow become a backdoor for people who we don’t trust to read our messages. Normally when we talk about this, we’re concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that. The problem with cryptographic backdoors is not that they’re the only way that an attacker can break intro our cryptographic systems. It’s merely that they’re one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes.
    (via Tony Finch)

    (tags: via:fanf crypto backdoors politics juniper dual-ec-drbg netscreen vpn)

  • 2016 Wish List for AWS?

    good thread of AWS’ shortcomings — so many services still don’t handle VPC for instance

    (tags: vpc aws ec2 ops wishlist)

Posted in Uncategorized | Comments closed

Links for 2015-12-18

Posted in Uncategorized | Comments closed

Links for 2015-12-17

Posted in Uncategorized | Comments closed

Links for 2015-12-16

Posted in Uncategorized | Comments closed

Links for 2015-12-15

Posted in Uncategorized | Comments closed

Links for 2015-12-14

  • Files Are Hard

    This is basically terrifying. A catalog of race conditions and reliability horrors around the POSIX filesystem abstraction in Linux — it’s a wonder anything works. ‘Where’s this documented? Oh, in some mailing list post 6-8 years ago (which makes it 12-14 years from today). The fs devs whose posts I’ve read are quite polite compared to LKML’s reputation, and they generously spend a lot of time responding to basic questions, but it’s hard for outsiders to troll [sic] through a decade and a half of mailing list postings to figure out which ones are still valid and which ones have been obsoleted! I don’t mean to pick on filesystem devs. In their OSDI 2014 talk, the authors of the paper we’re discussing noted that when they reported bugs they’d found, developers would often respond “POSIX doesn’t let filesystems do that”, without being able to point to any specific POSIX documentation to support their statement. If you’ve followed Kyle Kingsbury’s Jepsen work, this may sound familiar, except devs respond with “filesystems don’t do that” instead of “networks don’t do that”.I think this is understandable, given how much misinformation is out there. Not being a filesystem dev myself, I’d be a bit surprised if I don’t have at least one bug in this post.’

    (tags: filesystems linux unix files operating-systems posix fsync osdi papers reliability)

  • [LUCENE-6917] Deprecate and rename NumericField/RangeQuery to LegacyNumeric – ASF JIRA

    Interesting performance-related tweak going into Lucene — based on the Bkd-Tree I think: https://users.cs.duke.edu/~pankaj/publications/papers/bkd-sstd.pdf . Being used for all numeric index types, not just multidimensional ones?

    (tags: lucene performance algorithms patches bkd-trees geodata numeric indexing)

  • Kevin Lyda’s mega pension post

    Cutting and pasting from Facebook for posterity… there are some really solid tips in here. ‘Some people plan their lives out and then there are people like me who randomly do things and suddenly, in retrospect, it looks like a grand plan has come together. In reality it’s more like my subconscious pulls in useful info and pokes me to go learn things as required. If you live/work in Ireland, the following “grand plan” might be useful. This year has apparently been “figure out how to retire” year. It started late last year with finally organising all my private Irish pensions (2 from employers, 1 personal). In the process I learned the following: * Many Irish pension plans allow you to start drawing down from them at age 50. There are downsides to this, but if you have several of them it allows you more room to avoid stock market downturns when you purchase annuities. * You can get 25% of each pension as a tax-free lump sum. I also learned a few property things. The key thing is that if you have a buy-to-let property you should *not* pay off its mortgage early. You can deduct 75% of the interest you pay against the taxes you’d owe for rental income. That means the interest you pay will essentially be close to or even under the rate of inflation. A residential mortgage might have a lower interest rate nominally, but the effective interest rate is higher. The Irish state pension is changing. If you are 68 after 2020 the rules have changed – and they’re now much simpler. Work for 10 years and you get the minimum state pension (1/3 of a full pension). Work for 20, you get 2/3 of of a state pension. Work for 30, you get a full pension. But you can’t collect it till you’re 68 and remember that Irish employers can apparently force you to “retire” at 65 (ageism is legal). So you need to bridge those 3 years (or hope they change the law to stop employers from doing that). When I “retired” I kept a part time job for a number of reasons, but one was because I suspected I needed more PRSI credits for a pension. And it turns out this was correct. Part-time work counts as long as you make more than €38/week. And self-employment counts as long as you make more than €5,000/year. You can also make voluntary PRSI contributions (around €500/year but very situation dependent). If you’ve worked in Europe or the US or Canada or a few other countries, you can get credits for social welfare payments in those countries. But if you have enough here and you have enough for some pension in the other country, you can draw a pension from both. Lastly most people I’ve talked to about retirement this year have used the analogy of legs on a stool. Every source of post-retirement income is a leg on the stool – the more legs, the more secure your retirement. There are lots of options for legs: * Rental income. This is a little wobbly as legs go at least for me. But if you have more than one rental property – and better yet some commercial rental property – this leg firms up a bit. Still, it’s a bit more work than most. * Savings. This isn’t very tax-efficient, but it can help fill in blank spots some legs have (like rental income or age restrictions) or maximise another legs value (weathering downturns for stock-based legs). And in retirement you can even build savings up. Sell a house, the private pension lump sum, etc. But remember you’re retired, go have fun. Savings won’t do you much good when you’re dead. * Stocks. I’ve cashed all mine in, but some friends have been more restrained in cashing in stocks they might have gotten from employers. This is a volatile leg, but it can pay off rather well if you know what you’re doing. But be honest with yourself. I know I absolutely don’t know what I’m doing on this so stayed away. * Government pension. This is generally a reliable source of income in retirement. It’s usually not a lot, but it does tend to last from retirement to death and it shows up every month. You apply once and then it just shows up each month. If you’ve worked in multiple countries, you can hedge some bets by taking a pension in each country you qualify from. You did pay into them after all. * Private pension. This can also give you a solid source of income but you need to pay into it. And paying in during your 20s and 30s really pays off later. But you need to make your investments less risky as you get into your late 50s – so make sure to start looking at them then. And you need to provide yourself some flexibility for starting to draw it down in order to survive market drops. The crash in 2007 didn’t fully recover until 2012 – that’s 5 years. * Your home. Pay off your mortgage and your home can be a leg. Not having to pay rent/mortgage is a large expense removed and makes the other legs more effective. You can also “sell down” or look into things like reverse mortgages, but the former can take time and has costs while the latter usually seems to have a lot of fine print you should read up on. * Part-time work. I know a number of people who took part-time jobs when they retired. If you can find something that doesn’t take a huge amount of time that you’d enjoy doing and that people will pay you for, fantastic! Do that. And it gets you out of the house and keeping active. For friends who are geeks and in my age cohort, I note that it will be 2037 around the time we hit 65. If you know why that matters, ka-ching!’ Another particularly useful page about the state pension: “Six things every woman needs to know about the State pension”, Irish Times, Dec 1 2015, https://www.irishtimes.com/business/personal-finance/six-things-every-woman-needs-to-know-about-the-state-pension-1.2448981 , which links to this page to get your state pension contribution record: http://www.welfare.ie/en/pages/secure/ RequestSIContributionRecord.aspx

    (tags: pensions money life via:klyda stocks savings shares property ireland old-age retirement)

  • Big Brother Watch on Twitter: “Anyone can legally have their phone or computer hacked by the police, intelligence agencies, HMRC and others #IPBill https://t.co/3ZS610srCJ”

    As Glynn Moody noted, if UK police, intelligence agencies, HMRC and others call all legally hack phones and computers, that also means that digital evidence can be easily and invisibly planted. This will undermine future court cases in the UK, which seems like a significant own goal…

    (tags: hmrc police gchq uk hacking security law-enforcement evidence law)

  • Why We Chose Kubernetes Over ECS

    3 months ago when we, at nanit.com, came to evaluate which Docker orchestration framework to use, we gave ECS the first priority. We were already familiar with AWS services, and since we already had our whole infrastructure there, it was the default choice. After testing the service for a while we had the feeling it was not mature enough and missing some key features we needed (more on that later), so we went to test another orchestration framework: Kubernetes. We were glad to discover that Kubernetes is far more comprehensive and had almost all the features we required. For us, Kubernetes won ECS on ECS’s home court, which is AWS.

    (tags: kubernetes ecs docker containers aws ec2 ops)

Posted in Uncategorized | Comments closed

Links for 2015-12-12

Posted in Uncategorized | Comments closed

Links for 2015-12-11

Posted in Uncategorized | Comments closed

Links for 2015-12-10

Posted in Uncategorized | Comments closed

Links for 2015-12-09

Posted in Uncategorized | Comments closed