Links for 2016-05-27

Posted in Uncategorized | Leave a comment

Links for 2016-05-26

  • Anti-Choice Groups Use Smartphone Surveillance to Target ‘Abortion-Minded Women’ During Clinic Visits – Rewire

    Geofencing used for evil:

    What Flynn realized is that he could use [ad targeting] to infer that a woman might be seeking an abortion, and to target her for ads from anti-choice groups [using geofenced advertising]. “We can reach every Planned Parenthood in the U.S.,” he wrote in a PowerPoint display sent to potential clients in February. The Powerpoint included a slide titled “Targets for Pro-Life,” in which Flynn said he could also reach abortion clinics, hospitals, doctors’ offices, colleges, and high schools in the United States and Canada, and then “[d]rill down to age and sex.” “We can gather a tremendous amount of information from the [smartphone] ID,” he wrote. “Some of the break outs include: Gender, age, race, pet owners, Honda owners, online purchases and much more.” Flynn explained that he would then use that data to send anti-choice ads to women “while they’re at the clinic.”

    (tags: geofencing grim-meathook-future abortion phones smartphones pro-choice ads)

  • Live Streaming Security Games

    Rapid Fire is a special event we started hosting at our own in-person CTFs in 2014. The idea is pretty simple: Create several CTF challenges that can be solved in a few minutes each. Set up the challenges on 4 identical computers with some basic tools. Mirror the player’s screens so the audience can watch their actions. Whoever solves the most challenges the fastest wins. This event is interesting for a number of reasons: the players are under intense pressure, as everything they do is being watched by several people; the audience can watch several different approaches to the same problems; and people can follow along fairly easily with what is going on with the challenges.
    With e-sports-style video!

    (tags: gaming hacking security e-sports streaming twitch ctf)

  • Open Sourcing Twitter Heron

    Twitter are open sourcing their Storm replacement, and moving it to an independent open source foundation

    (tags: open-source twitter heron storm streaming architecture lambda-architecture)

  • Why the Very Silly Oracle v. Google Trial Actually Matters

    If it’s illegal to write clean room implementations of APIs, then no one has clean hands. The now-shelved open source project Apache Harmony, like Android, reimplemented Java SE, and tech giant IBM contributed code to that project. Oracle itself built its business off a proprietary implementation of SQL, which was created by IBM. The proposition “Reimplementations of APIs are infringements” creates a recursive rabbit hole of liability that spans across the industry. Even the very 37 Java APIs at issue in this trial contain reimplementations of other APIs. Google witness Joshua Bloch—who, while at Sun Microsystems, wrote many of the Java APIs—testified that specific Java APIs are reimplementations of other APIs from Perl 5 and the C programming language.

    (tags: apis fair-use copyright ip android java google oracle law)

Posted in Uncategorized | Leave a comment

Links for 2016-05-24

Posted in Uncategorized | Leave a comment

Links for 2016-05-23

  • 100 thieves steal $13m in three hours from cash machines across Japan

    ‘Police believe that as many as 100 people, none of whom have been apprehended, worked together using forged credit cards containing account details illegally obtained from a bank in South Africa. The culprits used the fake cards at 1,400 convenience store automated teller machines on the morning of 15 May, according to police. Each made a single withdrawal of 100,000 yen – the maximum allowed by the cash machines.’ 1,600 forged/stolen credit card credentials from a single bank, then a synchronised attack made possible by the eventually-consistent ledger model of ATM accounting. (via William Gibson)

    (tags: atms banking japan fraud security credit-cards)

  • Revealed: How copyright law is being misused to remove material from the internet

    Automated DMCA takedowns used to fraudulently censor online content.

    In fact, no copyright infringement had occurred at all. Instead, something weirder had happened. At some point after Narey posted her comments on Mumsnet, someone had copied the entire text of one of her posts and pasted it, verbatim, to a spammy blog titled “Home Improvement Tips and Tricks”. The post, headlined “Buildteam interior designers” was backdated to September 14 2015, three months before Narey had written it, and was signed by a “Douglas Bush” of South Bend, Indiana. The website was registered to someone quite different, though: Muhammed Ashraf, from Faisalabad, Pakistan. Quite why Douglas Bush or Muhammed Ashraf would be reviewing a builder based in Clapham is not explained in “his” post. BuildTeam says it has no idea why Narey’s review was reposted, but that it had nothing to do with it. “At no material times have we any knowledge of why this false DCMA take down was filed, nor have we contracted any reputation management firms, or any individual or a group to take such action on our behalf. Finally, and in conjunction to the above, we have never spoken with a ‘Douglas Bush,’ or a ‘Muhammed Ashraf.’”

    (tags: fraud censorship mumsnet dmca takedowns google automation copyright)

  • 3 Reasons AWS Lambda Is Not Ready for Prime Time

    This totally matches my own preconceptions ;)

    When we at Datawire tried to actually use Lambda for a real-world HTTP-based microservice [...], we found some uncool things that make Lambda not yet ready for the world we live in: Lambda is a building block, not a tool; Lambda is not well documented; Lambda is terrible at error handling Lung skips these uncool things, which makes sense because they’d make the tutorial collapse under its own weight, but you can’t skip them if you want to work in the real world. (Note that if you’re using Lambda for event handling within the AWS world, your life will be easier. But the really interesting case in the microservice world is Lambda and HTTP.)

    (tags: aws lambda microservices datawire http api-gateway apis https python ops)

  • Machine Bias: There’s Software Used Across the Country to Predict Future Criminals. And it’s Biased Against Blacks. – ProPublica

    holy crap, this is dystopian:

    The first time Paul Zilly heard of his score — and realized how much was riding on it — was during his sentencing hearing on Feb. 15, 2013, in court in Barron County, Wisconsin. Zilly had been convicted of stealing a push lawnmower and some tools. The prosecutor recommended a year in county jail and follow-up supervision that could help Zilly with “staying on the right path.” His lawyer agreed to a plea deal. But Judge James Babler had seen Zilly’s scores. Northpointe’s software had rated Zilly as a high risk for future violent crime and a medium risk for general recidivism. “When I look at the risk assessment,” Babler said in court, “it is about as bad as it could be.” Then Babler overturned the plea deal that had been agreed on by the prosecution and defense and imposed two years in state prison and three years of supervision.

    (tags: dystopia law policing risk risk-assessment northpointe racism fortune-telling crime)

  • Guillermo Del Toro’s Tweetstorm About John Carpenter

    ‘Regarding [John] Carpenter: We all talk about inequalities in film. We can add a huge one: Genre inequality. Horror will always be punk rock!’

    (tags: horror punk john-carpenter movies film guillermo-del-toro)

Posted in Uncategorized | Leave a comment

Links for 2016-05-20

Posted in Uncategorized | Leave a comment

Links for 2016-05-19

  • PLOS ONE: Tyrannobdella rex N. Gen. N. Sp. and the Evolutionary Origins of Mucosal Leech Infestations

    Today in nose-leech news — the paper!

    Principal Findings: A new genus and species of leech from Perú was found feeding from the nasopharynx of humans. Unlike any other leech previously described, this new taxon has but a single jaw with very large teeth. Phylogenetic analyses of nuclear and mitochondrial genes using parsimony and Bayesian inference demonstrate that the new species belongs among a larger, global clade of leeches, all of which feed from the mucosal surfaces of mammals. Conclusions: This new species, found feeding from the upper respiratory tract of humans in Perú, clarifies an expansion of the family Praobdellidae to include the new species Tyrannobdella rex n. gen. n.sp., along with others in the genera Dinobdella, Myxobdella, Praobdella and Pintobdella. Moreover, the results clarify a single evolutionary origin of a group of leeches that specializes on mucous membranes, thus, posing a distinct threat to human health.

    (tags: leeches nose-leech papers science species tyrannobdella-rex horror)

  • Bike thief reveals tricks of the trade in this shockingly candid interview

    This is an eye-opener:

    A former bicycle thief has revealed the tricks of the trade in an interview, which clearly and shockingly shows the extent that thieves will go to in order to steal a bike. He talks about the motivations behind the theft, the tools used to crack locks and how the bikes were moved around and sold for a significant sum. He also gives tips on how to prevent your bike from being stolen. [...] ‘Don’t be fooled by Kryptonite locks, they’re not as tough as made out to be. Also D-bars with tubular locks, never use them, they’re the most easy to pick with a little tool. It’s small and discreet, no noise and it looks like you are just unlocking your bike. With the bolt cutters we would go out on high performance motorbikes, two men on a bike.’

    (tags: bikes locks bike-locks security london theft lockpicking d-locks)

Posted in Uncategorized | Leave a comment

Links for 2016-05-18

Posted in Uncategorized | Leave a comment

Links for 2016-05-17

Posted in Uncategorized | Leave a comment

Links for 2016-05-15

  • Westminster social engineering to blame for ‘Glasgow effect’ mortality rate

    This is quite significant — scientific proof that austerity/social engineering policies cause higher mortality rates:

    Researchers found that the historic effect of overcrowding was an important factor and highlighted the strategies of local government, which prioritised the regeneration of the city centre over investment in the cities housing schemes as having a significant impact on the health of Glaswegians. Data shows that Glasgow authorities spent far less on housing repairs, leaving people’s homes poorly maintained and subject to damp. David Walsh, of the Glasgow Centre for Population Health, said that their work proved that poor health had political causes and could not simply be attributed to individual lifestyle choices.

    (tags: glasgow-effect scotland poverty glasgow lifestyle health mortality housing policies uk)

Posted in Uncategorized | Leave a comment

Links for 2016-05-13

Posted in Uncategorized | Comments closed

Links for 2016-05-12

Posted in Uncategorized | Comments closed

Links for 2016-05-11

Posted in Uncategorized | Comments closed

Links for 2016-05-10

Posted in Uncategorized | Comments closed

Links for 2016-05-06

  • plainas/tq

    command line utility that performs an HTML element selection on HTML content passed to the stdin. Using css selectors that everybody knows. Since input comes from stdin and output is sent to stdout, it can easily be used inside traditional UNIX pipelines to extract content from webpages and html files. tq provides extra formating options such as json-encoding or newlines squashing, so it can play nicely with everyones favourite command line tooling.

    (tags: tq linux unix cli command-line html parsing css tools)

Posted in Uncategorized | Comments closed

Links for 2016-05-05

  • Apple Stole My Music. No, Seriously.

    some amazingly terrible product decisions here. Deleting local copies of unreleased WAV files — on the assumption that the user will simply listen to them streamed down from Apple Music — that is astonishingly bad, and it’s amazing they didn’t consider the “freelance composer” use case at all. (via Tony Finch)

    (tags: apple music terrible wav sound copyright streaming apple-music design product fail)

  • Rebel Without A Call.

    Purpose-built in 1898, the telephone exchange in Temple Bar was Dublin’s first automatic telephone exchange. Much like its newer neighbor, Internet House, it stood as a technological beacon shining through the luddite fog. With this in mind the Irish Citizen Army targeted the Telephone Exchange in 1916 as one of the communication hubs for the island. While many of us grew up learning of a history of ‘blood sacrifice’ and the futility of the Easter Rising, the truth is that the attack was meticulously planned both militarily and logistically. Sixty communication points around Dublin were hit in an effort to cut off all contact between British military forces within Ireland and to the ‘mainland’. The hope being that reserves and reinforcements would be delayed or misinformed.[...] Unfortunately for the rebels they could not take the Temple Bar exchange. A failure that would prove disastrous.

    (tags: temple-bar history dublin telephones communications 1916)

Posted in Uncategorized | Comments closed

Links for 2016-05-04

Posted in Uncategorized | Comments closed

Links for 2016-05-03

Posted in Uncategorized | Comments closed

Links for 2016-05-01

  • CoreOS and Prometheus: Building monitoring for the next generation of cluster infrastructure

    Ooh, this is a great plan. :applause:

    Enabling GIFEE — Google Infrastructure for Everyone Else — is a primary mission at CoreOS, and open source is key to that goal. [....] Prometheus was initially created to handle monitoring and alerting in modern microservice architectures. It steadily grew to fit the wider idea of cloud native infrastructure. Though it was not intentional in the original design, Prometheus and Kubernetes conveniently share the key concept of identifying entities by labels, making the semantics of monitoring Kubernetes clusters simple. As we discussed previously on this blog, Prometheus metrics formed the basis of our analysis of Kubernetes scheduler performance, and led directly to improvements in that code. Metrics are essential not just to keep systems running, but also to analyze and improve application behavior. All things considered, Prometheus was an obvious choice for the next open source project CoreOS wanted to support and improve with internal developers committed to the code base.

    (tags: monitoring coreos prometheus metrics clustering ops gifee google kubernetes)

  • Let Them Make Noise: A ‘Dining Club’ Invites Toddlers – NYTimes.com

    This is a great idea. I miss eating out, and this is why:

    Throughout our three-hour meal, babies cried, mothers nursed, toddlers shrieked and farro grains flew, but the atmosphere was surprisingly leisurely. There was no reason to be self-conscious about a crying-nursing-dancing child because everyone knew every other parent was in the same boat. Or would be in a few seconds. So we relaxed and ate. This is not fine dining as I once knew it, and that’s O.K. That’s what date night is for. But my daughter got her first lesson in how to behave at a fancy restaurant. And I got to finish a delicious meal while it was still warm, toddler in tow.

    (tags: kids food restaurants eating children toddlers)

  • Image Dithering: Eleven Algorithms and Source Code

    Nice demos

    (tags: algorithms graphics coding dithering floyd-steinberg)

Posted in Uncategorized | Comments closed

Links for 2016-04-29

  • A poem about Silicon Valley, made up of Quora questions about Silicon Valley

    Why do so many startups fail? Why are all the hosts on CouchSurfing male? Are we going to be tweeting for the rest of our lives? Why do Silicon Valley billionaires choose average-looking wives? What makes a startup ecosystem thrive? What do people plan to do once they’re over 35? Is an income of $160K enough to survive? What kind of car does Mark Zuckerberg drive? Are the real estate prices in Palo Alto crazy? Do welfare programs make poor people lazy? What are some of the biggest lies ever told? How do I explain Bitcoin to a 6-year-old? Why is Powdered Alcohol not successful so far? How does UberX handle vomiting in the car? Is being worth $10 million considered ‘rich’? What can be causing my upper lip to twitch? Why has crowdfunding not worked for me? Is it worth pre-ordering a Tesla Model 3? How is Clinkle different from Venmo and Square? Can karma, sometimes, be unfair? Why are successful entrepreneurs stereotypically jerks? Which Silicon Valley company has the best intern perks? What looks easy until you actually try it? How did your excretions change under a full Soylent diet? What are alternatives to online dating? Is living in small apartments debilitating? Why don’t more entrepreneurs focus on solving world hunger? What do you regret not doing when you were younger?

    (tags: funny tech poetry silicon-valley humour bitcoin soylent 2016)

Posted in Uncategorized | Comments closed

Links for 2016-04-28

Posted in Uncategorized | Comments closed

Links for 2016-04-27

Posted in Uncategorized | Comments closed

Links for 2016-04-26

Posted in Uncategorized | Comments closed

Links for 2016-04-25

  • Bots won’t replace apps. Better apps will replace apps

    As I’ll explain, messenger apps’ apparent success in fulfilling such a surprising array of tasks does not owe to the triumph of “conversational UI.” What they’ve achieved can be much more instructively framed as an adept exploitation of Silicon Valley phone OS makers’ growing failure to fully serve users’ needs, particularly in other parts of the world. Chat apps have responded by evolving into “meta-platforms.” Many of the platform-like aspects they’ve taken on to plaster over gaps in the OS actually have little to do with the core chat functionality. Not only is “conversational UI” a red herring, but as we look more closely, we’ll even see places where conversational UI has breached its limits and broken down.

    (tags: apps bots chatops chat ui messaging silicon-valley agents alexa siri phones)

Posted in Uncategorized | Comments closed

Links for 2016-04-22

  • How I Hacked Facebook, and Found Someone’s Backdoor Script

    Great writeup of a practical pen test. Those crappy proprietary appliances that get set up “so the CEO can read his email on the road” etc. are always a weak spot

    (tags: facebook hacking security exploits pen-tests backdoors)

  • Anti-innovation: EU excludes open source from new tech standards

    EC up to its old anti-competitive tricks:

    The European Commission is surprisingly coy about what exactly ['open'] means in this context. It is only on the penultimate page of the ICT Standardisation Priorities document that we finally read the following key piece of information: “ICT standardisation requires a balanced IPR [intellectual property rights] policy, based on FRAND licensing terms.” It’s no surprise that the Commission was trying to keep that particular detail quiet, because FRAND licensing—the acronym stands for “fair, reasonable, and non-discriminatory”—is incompatible with open source, which will therefore find itself excluded from much of the EU’s grand new Digital Single Market strategy. That’s hardly a “balanced IPR policy.”

    (tags: open-source open frand eu ec)

  • I am Alex St. John’s Daughter, and He is Wrong About Women in Tech — Medium

    Great, great post from Amilia St. John, responding to the offensive sexist crap spewed by her father, Alex St. John

    (tags: sexism career tech amilia-st-john alex-st-john jobs work feminism)

  • The Rise of Pirate Libraries

    The history of this is fascinating:

    Today’s pirate libraries have their roots in the work of Russian academics to digitize texts in the 1990s. Scholars in that part of the world had long had a thriving practice of passing literature and scientific information underground, in opposition to government censorship—part of the samizdat culture, in which banned documents were copied and passed hand to hand through illicit channels. Those first digital collections were passed freely around, but when their creators started running into problems with copyright, their collections “retreated from the public view,” writes Balázs Bodó, a piracy researcher based at the University of Amsterdam. “The text collections were far too valuable to simply delete,” he writes, and instead migrated to “closed, membership-only FTP servers.” [....] There’s always been osmosis within the academic community of copyrighted materials from people with access to scholar without. “Much of the life of a research academic in Kazakhstan or Iran or Malaysia involves this informal diffusion of materials across the gated walls of the top universities,” he says.

    (tags: pirates pirate-libraries libraries archival history russia ussr samizdat samizdata academia papers)

Posted in Uncategorized | Comments closed

Links for 2016-04-21

Posted in Uncategorized | Comments closed

Links for 2016-04-20

  • ZIP SIM

    Prepaid talk+text+data or data-only mobile SIM cards, delivered to your home or hotel, prior to visiting the US. great service for temporary US business visits

    (tags: visiting us usa zip-sim sims mobile-phones travel phones mobile travelling data)

  • Detecting the use of “curl | bash” server side

    tl;dr:

    The better solution is never to pipe untrusted data streams into bash. If you still want to run untrusted bash scripts a better approach is to pipe the contents of URL into a file, review the contents on disk and only then execute it.

    (tags: bash security shell unix curl tcp buffers)

  • The Melancholy Mystery of Lullabies – NYTimes.com

    Fascinating article on lullabies:

    One way a mother might bond with a newborn is by sharing her joy; another way is by sharing her grief or frustration. We see this in songs across time. A 200-year-old Arabic lullaby still sung today goes: I am a stranger, and my neighbors are strangers; I have no friends in this world. Winter night and the husband is absent. And an old Spanish lullaby from Asturias, written down by the poet Federico García Lorca, goes: This little boy clinging so Is from a lover, Vitorio, May God, who gave, end my woe, Take this Vitorio clinging so. We assume the sound of these songs is sweet, as no lullaby endures without being effective at putting babies to sleep. Think of ‘‘Rock-a-bye Baby,’’ the way it tenderly describes an infant and its cradle falling to the ground: The singer gets to speak a fear, the baby gets to rest; the singer tries to accommodate herself to a possible loss that has for most of human history been rela­tively common, and the baby gets attentive care. In the Arabic and Spanish lullabies, the singers get to say something to the one being — their new burden, their new love — who can’t and won’t judge or discipline them for saying it. When even relatively happy, well-supported people become the primary caretaker of a very small person, they tend to find themselves eddied out from the world of adults. They are never alone — there is always that tiny person — and yet they are often lonely. Old songs let us feel the fellowship of these other people, across space and time, also holding babies in dark rooms.

    (tags: lullabies songs singing history folk babies children)

  • New Oil-Based Cityscapes Set at Dawn and Dusk by Jeremy Mann

    lovely art via This Is Colossal

    (tags: art pictures cities paintings graphics)

  • Amazon S3 Transfer Acceleration

    The AWS edge network has points of presence in more than 50 locations. Today, it is used to distribute content via Amazon CloudFront and to provide rapid responses to DNS queries made to Amazon Route 53. With today’s announcement, the edge network also helps to accelerate data transfers in to and out of Amazon S3. It will be of particular benefit to you if you are transferring data across or between continents, have a fast Internet connection, use large objects, or have a lot of content to upload. You can think of the edge network as a bridge between your upload point (your desktop or your on-premises data center) and the target bucket. After you enable this feature for a bucket (by checking a checkbox in the AWS Management Console), you simply change the bucket’s endpoint to the form BUCKET_NAME.s3-accelerate.amazonaws.com. No other configuration changes are necessary! After you do this, your TCP connections will be routed to the best AWS edge location based on latency.  Transfer Acceleration will then send your uploads back to S3 over the AWS-managed backbone network using optimized network protocols, persistent connections from edge to origin, fully-open send and receive windows, and so forth.

    (tags: aws s3 networking infrastructure ops internet cdn)

  • Darts, Dice, and Coins

    Earlier this year, I asked a question on Stack Overflow about a data structure for loaded dice. Specifically, I was interested in answering this question: “You are given an n-sided die where side i has probability pi of being rolled. What is the most efficient data structure for simulating rolls of the die?” This data structure could be used for many purposes. For starters, you could use it to simulate rolls of a fair, six-sided die by assigning probability 1616 to each of the sides of the die, or a to simulate a fair coin by simulating a two-sided die where each side has probability 1212 of coming up. You could also use this data structure to directly simulate the total of two fair six-sided dice being thrown by having an 11-sided die (whose faces were 2, 3, 4, …, 12), where each side was appropriately weighted with the probability that this total would show if you used two fair dice. However, you could also use this data structure to simulate loaded dice. For example, if you were playing craps with dice that you knew weren’t perfectly fair, you might use the data structure to simulate many rolls of the dice to see what the optimal strategy would be. You could also consider simulating an imperfect roulette wheel in the same way. Outside the domain of game-playing, you could also use this data structure in robotics simulations where sensors have known failure rates. For example, if a range sensor has a 95% chance of giving the right value back, a 4% chance of giving back a value that’s too small, and a 1% chance of handing back a value that’s too large, you could use this data structure to simulate readings from the sensor by generating a random outcome and simulating the sensor reading in that case. The answer I received on Stack Overflow impressed me for two reasons. First, the solution pointed me at a powerful technique called the alias method that, under certain reasonable assumptions about the machine model, is capable of simulating rolls of the die in O(1)O(1) time after a simple preprocessing step. Second, and perhaps more surprisingly, this algorithm has been known for decades, but I had not once encountered it! Considering how much processing time is dedicated to simulation, I would have expected this technique to be better- known. A few quick Google searches turned up a wealth of information on the technique, but I couldn’t find a single site that compiled together the intuition and explanation behind the technique.
    (via Marc Brooker)

    (tags: via:marcbrooker algorithms probability algorithm coding data-structures alias dice random)

Posted in Uncategorized | Comments closed

Links for 2016-04-19

Posted in Uncategorized | Comments closed

Links for 2016-04-18

Posted in Uncategorized | Comments closed

Links for 2016-04-15

Posted in Uncategorized | Comments closed

Links for 2016-04-14

  • Google Cloud Status

    Ouch, multi-region outage:

    At 14:50 Pacific Time on April 11th, our engineers removed an unused GCE IP block from our network configuration, and instructed Google’s automated systems to propagate the new configuration across our network. By itself, this sort of change was harmless and had been performed previously without incident. However, on this occasion our network configuration management software detected an inconsistency in the newly supplied configuration. The inconsistency was triggered by a timing quirk in the IP block removal – the IP block had been removed from one configuration file, but this change had not yet propagated to a second configuration file also used in network configuration management. In attempting to resolve this inconsistency the network management software is designed to ‘fail safe’ and revert to its current configuration rather than proceeding with the new configuration. However, in this instance a previously-unseen software bug was triggered, and instead of retaining the previous known good configuration, the management software instead removed all GCE IP blocks from the new configuration and began to push this new, incomplete configuration to the network. One of our core principles at Google is ‘defense in depth’, and Google’s networking systems have a number of safeguards to prevent them from propagating incorrect or invalid configurations in the event of an upstream failure or bug. These safeguards include a canary step where the configuration is deployed at a single site and that site is verified to still be working correctly, and a progressive rollout which makes changes to only a fraction of sites at a time, so that a novel failure can be caught at an early stage before it becomes widespread. In this event, the canary step correctly identified that the new configuration was unsafe. Crucially however, a second software bug in the management software did not propagate the canary step’s conclusion back to the push process, and thus the push system concluded that the new configuration was valid and began its progressive rollout.

    (tags: multi-region outages google ops postmortems gce cloud ip networking cascading-failures bugs)

  • Using jemalloc to get to the bottom of an off-heap Java memory leak

    Good technique

    (tags: debugging java jvm memory jemalloc off-heap)

Posted in Uncategorized | Comments closed

Links for 2016-04-13

Posted in Uncategorized | Comments closed

Links for 2016-04-12

  • AWSume

    ‘AWS Assume Made Awesome’ — ‘Here are Trek10, we work with many clients, and thus work with multiple AWS accounts on a regular (daily) basis. We needed a way to make managing all our different accounts easier. We create a standard Trek10 administrator role in our clients’ accounts that we can assume. For security we require that the role assumer have multifactor authentication enabled.’

    (tags: mfa aws awsume credentials accounts ops)

  • Gil Tene on benchmarking

    ‘I would strongly encourage you to avoid repeating the mistakes of testing methodologies that focus entirely on max achievable throughput and then report some (usually bogus) latency stats at those max throughout modes. The techempower numbers are a classic example of this in play, and while they do provide some basis for comparing a small aspect of behavior (what I call the “how fast can this thing drive off a cliff” comparison, or “pedal to the metal” testing), those results are not very useful for comparing load carrying capacities for anything that actually needs to maintain some form of responsiveness SLA or latency spectrum requirements.’ Some excellent advice here on how to measure and represent stack performance. Also: ‘DON’T use or report standard deviation for latency. Ever. Except if you mean it as a joke.’

    (tags: performance benchmarking testing speed gil-tene latency measurement hdrhistogram load-testing load)

  • Data Protection Mishap Leaves 55M Philippine Voters at Risk

    Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC). While initial reports have downplayed the impact of the leak, our investigations showed a huge number of sensitive personally identifiable information (PII)–including passport information and fingerprint data–were included in the data dump. [....] Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible to everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and a list of people running for office since the 2010 elections. In addition, among the data leaked were files on all candidates running on the election with the filename VOTESOBTAINED. Based on the filename, it reflects the number of votes obtained by the candidate. Currently, all VOTESOBTAINED file are set to have NULL as figure.

    (tags: fingerprints biometrics philippines authentication data-dumps security hacks comelec e-voting pii passports voting)

  • The dark side of Guardian comments | Technology | The Guardian

    Excellent data on abusive commenters

    (tags: comments data guardian journalism abuse twitter racism sexism)

  • Emmet Connolly on Twitter: “Stick around after the end credits for a preview of Batman vs Pintman https://t.co/xgWWcvfpc9″

    The saddest superhero ever

    (tags: funny pintman dublin ireland alcoholics twitter history pubs)

Posted in Uncategorized | Comments closed

Links for 2016-04-11

Posted in Uncategorized | Comments closed

Links for 2016-04-10

Posted in Uncategorized | Comments closed

Links for 2016-04-08

  • GCHQ intervenes to prevent catastrophically insecure UK smart meter plan – The Inquirer

    GCHQ barged in after spooks cast their eyes over the plans and realised that power companies were proposing to use a single decryption key for communications from the 53 million smart meters that will eventually be installed in the UK.
    holy crap.

    (tags: gchq security smart-meters power uk electricity gas infrastructure)

  • AWS Billing And Cost Control [slides]

    (tags: aws ec2 costs money hosting ops)

  • Irish drone register allowed access to personal details of 2,000 members

    The breach, which allowed registered users to view names, addresses, email addresses and phone numbers of other people registered on the site, was brought to the attention of the authority on Sunday night. In a statement to TheJournal.ie, the IAA revealed it was aware of four users who downloaded the file.

    (tags: fail drones ireland iaa security)

  • Running Docker on AWS from the ground up

    Advantages/disavantages section right at the bottom is good.

    ECS, believe it or not, is one of the simplest Schedulers out there. Most of the other alternatives I’ve tried offer all sorts of fancy bells & whistles, but they are either significantly more complicated to understand (lots of new concepts), take too much effort to set up (lots of new technologies to install and run), are too magical (and therefore impossible to debug), or some combination of all three. That said, ECS also leaves a lot to be desired.

    (tags: aws docker ecs ec2 schedulers)

  • Hungary proposes anti-crypto law

    up to 2 years imprisonment for use of apps for encrypted communication

    (tags: crypto hungary laws internet crackdown encryption)

  • good example of Application-Level Keepalive beating SO_KEEPALIVE

    we have now about 100 salt-minions which are installed in remote areas with 3G and satellite connections. We loose connectivity with all of those minions in about 1-2 days after installation, with test.ping reporting “minion did not return”. The state was each time that the minions saw an ESTABLISHED TCP connection, while on the salt-master there were no connection listed at all. (Yes that is correct). Tighter keepalive settings were tried with no result. (OS is linux) Each time, restarting the salt-minion fixes the problem immediately. Obviously the connections are transparently proxied someplace, (who knows what happens with those SAT networks) so the whole tcp-keepalive mechanism of 0mq fails.
    Also notes in the thread that the default TCP timeout for Azure Load Balancer is 4 minutes: https://azure.microsoft.com/en-us/blog/new-configurable-idle-timeout-for-azure-load-balancer/ . The default Linux TCP keepalive doesn’t send until 2 hours after last connection use, and it’s a system-wide sysctl (/proc/sys/net/ipv4/tcp_keepalive_time). Further, http://networkengineering.stackexchange.com/questions/7207/why-bgp-implements-its-own-keepalive-instead-of-using-tcp-keepalive notes “some firewalls filter TCP keepalives”.

    (tags: tcp keep-alive keepalive protocol timeouts zeromq salt firewalls nat)

Posted in Uncategorized | Comments closed

Links for 2016-04-07

  • “Racist algorithms” and learned helplessness

    Whenever I’ve had to talk about bias in algorithms, I’ve tried be  careful to emphasize that it’s not that we shouldn’t use algorithms in search, recommendation and decision making. It’s that we often just don’t know how they’re making their decisions to present answers, make recommendations or arrive at conclusions, and it’s this lack of transparency that’s worrisome. Remember, algorithms aren’t just code. What’s also worrisome is the amplifier effect. Even if “all an algorithm is doing” is reflecting and transmitting biases inherent in society, it’s also amplifying and perpetuating them on a much larger scale than your friendly neighborhood racist. And that’s the bigger issue. [...] even if the algorithm isn’t creating bias, it’s creating a feedback loop that has powerful perception effects.

    (tags: feedback bias racism algorithms software systems society)

  • The revenge of the listening sockets

    More adventures in debugging the Linux kernel:

    You can’t have a very large number of bound TCP sockets and we learned that the hard way. We learned a bit about the Linux networking stack: the fact that LHTABLE is fixed size and is hashed by destination port only. Once again we showed a couple of powerful of System Tap scripts.

    (tags: ops linux networking tcp network lhtable kernel)

  • s3git

    git for Cloud Storage. Create distributed, decentralized and versioned repositories that scale infinitely to 100s of millions of files and PBs of storage. Huge repos can be cloned on your local SSD for making changes, committing and pushing back. Oh yeah, and it dedupes too due to BLAKE2 Tree hashing. http://s3git.org

    (tags: git ops storage cloud s3 disk aws version-control blake2)

  • BLAKE2: simpler, smaller, fast as MD5

    ‘We present the cryptographic hash function BLAKE2, an improved version of the SHA-3 finalist BLAKE optimized for speed in software. Target applications include cloud storage, intrusion detection, or version control systems. BLAKE2 comes in two main flavors: BLAKE2b is optimized for 64-bit platforms, and BLAKE2s for smaller architectures. On 64-bit platforms, BLAKE2 is often faster than MD5, yet provides security similar to that of SHA-3. We specify parallel versions BLAKE2bp and BLAKE2sp that are up to 4 and 8 times faster, by taking advantage of SIMD and/or multiple cores. BLAKE2 has more benefits than just speed: BLAKE2 uses up to 32% less RAM than BLAKE, and comes with a comprehensive tree-hashing mode as well as an efficient MAC mode.’

    (tags: crypto hash blake2 hashing blake algorithms sha1 sha3 simd performance mac)

Posted in Uncategorized | Comments closed

Links for 2016-04-06

  • When It Comes to Age Bias, Tech Companies Don’t Even Bother to Lie

    HubSpot’s CEO and co-founder, Brian Halligan, explained to the New York Times that this age imbalance was not something he wanted to remedy, but in fact something he had actively cultivated. HubSpot was “trying to build a culture specifically to attract and retain Gen Y’ers,” because, “in the tech world, gray hair and experience are really overrated,” Halligan said.  I gasped when I read that. Could anyone really believe this? Even if you did believe this, what CEO would be foolish enough to say it out loud? It was akin to claiming that you prefer to hire Christians, or heterosexuals, or white people. I assumed an uproar would follow. As it turned out, nobody at HubSpot saw this as a problem. Halligan didn’t apologize for his comments or try to walk them back. The lesson I learned is that when it comes to race and gender bias, the people running Silicon Valley at least pay lip service to wanting to do better — but with age discrimination they don’t even bother to lie. 

    (tags: hiring startups tech ageism age hubspot gen-y discrimination)

  • Gaeltacht development company defends sale of State seaweed company to Canadian multinational

    FFS. Fine Gael government sells off more of our national assets for cheap:

    Mr John O’Sullivan, chief executive of Bioatlantis Ltd in Co Kerry called on the Oireachtas environment committee to investigate the sale, or ask the Oireachtas public accounts committee to do so. Mr O’Sullivan said that his company had made a bid of €5.7 million for Arramara, comprising €1.5 million initially and €4.2 million in the post-investment phase, and had been given just 12 days to prepare the bid. He understood that two foreign companies – the Canadian Acadian Seaplants and French company Setalg – had been given over a year to prepare their bids. He said that Acadian’s bid was €1.8 million, and the French bid was €2 million, for initial purchase, and that the rating was “changed” when the final bids were in. No details had been released and the lack of transparency was “frightening” in relation to the final sale, he said.

    (tags: seaweed acadian setalg arramara bioatlantis government ireland selloff gaeltacht unag)

  • Not ‘Going Dark’: 15 Out Of 15 Most Recent EU Terrorists Were Known To The Authorities In Multiple Ways | Techdirt

    Comprehensive surveillance appears as seemingly inexpensive because it is a solution that scales thanks to technology: troubleshooting at the press of a button. Directly linked with the aim of saving more and more, just as with the State in general. But classic investigative work, which is proven to work, is expensive and labor intensive. This leads to a failure by the authorities because of a faith in technology that is driven by economics.

    (tags: tech surveillance techdirt terrorism brussels crypto going-dark)

  • So you’re thinking of coming to Dublin…

    A really excellent list of stuff to do/see/eat/drink in Ireland, from Colin @ 3FE. top notch recommendations! (also, god I need to get out more)

    (tags: dublin travel food drink ireland tourism 3fe)

  • Nest Reminds Customers That Ownership Isn’t What It Used to Be

    EFF weigh in on the internet of shit:

    Customers likely didn’t expect that, 18 months after the last Revolv Hubs were sold, instead of getting more upgrades, the device would be intentionally, permanently, and completely disabled. …. Nest Labs and Google are both subsidiaries of Alphabet, Inc., and bricking the Hub sets a terrible precedent for a company with ambitions to sell self-driving cars, medical devices, and other high-end gadgets that may be essential to a person’s livelihood or physical safety.

    (tags: nest legal tech google alphabet internetofshit iot law)

  • Primary Online Database: POD now (mostly) not compulsory (for now)

    Ever since the introduction of the Primary Online Database of schoolchildren by the Department of Education, the Department and its Minister have been eager to point out that any parent who refused to allow a child’s data to be transferred would see that child’s education defunded. Well, for all children other than this week’s crop of new Junior Infants, that threat has now collapsed. This is despite the Minister and her department having claimed that the drastic threat of defunding was because it simply wasn’t possible to give grants without a child’s full data being transferred. [...] Oddly, as the prospect of defunding the education of 30% of the nation’s children in the run up to an election loomed large, the Department discovered it could, after all, pay for a child’s education without all its POD data.

    (tags: pod law ireland data-protection privacy children school)

  • Wired on the new O’Reilly SRE book

    “Site Reliability Engineering: How Google Runs Production Systems”, by Chris Jones, Betsy Beyer, Niall Richard Murphy, Jennifer Petoff. Go Niall!

    (tags: google sre niall-murphy ops devops oreilly books toread reviews)

Posted in Uncategorized | Comments closed

Links for 2016-04-05

  • Google’s Nest killing off old devices

    Google is making customers’ existing devices useless, less than 2 years after the devices were available for sale, with only 2 months warning. This is one of the reasons I won’t spend money on the Internet Of Things shitshow. ‘”Which hardware will Google choose to intentionally brick next?” asks Arlo Gilbert. “If they stop supporting Android will they decide that the day after warranty expires that your phone will go dark? Is your Nexus device safe? What about your Nest fire alarm? What about your Dropcam? What about your Chromecast device?”‘

    (tags: iot fail google alphabet nest revolv home shutdown)

  • ‘Devastating’ bug pops secure doors at airports, hospitals

    “A command injection vulnerability exists in this function due to a lack of any sanitisation on the user-supplied input that is fed to the system() call,” Lawshae says.
    :facepalm:

    (tags: security iot funny fail linux unix backticks system udp hid vertx edge)

  • Counting with domain specific databases — The Smyte Blog — Medium

    whoa, pretty heavily engineered scalable counting system with Kafka, RocksDB and Kubernetes

    (tags: kafka rocksdb kubernetes counting databases storage ops)

  • Is anyone concerned about the future of Nest?

    wow, looks like Nest is fucked:

    As a Nest engineer, I won’t say any numbers that aren’t public, but this company is already on deathwatch. Once that happens, most people will quickly have shiny paperweights because it’s a constant firefight keeping these systems up. We have $340M in revenue, not profit, against a ~$500M budget. No new products since the purchase, and sales/growth numbers are dire. Our budget deal expires soon, and all the good engineers on my teams have discreetly indicated they are going to flee once their golden handcuffs unlock (many have already left despite sacrificing a lot of money to do so). Tony and his goons demand crazy timelines so much that “crunch time” has basically lost meaning. Just when your labor bears fruit, they swoop in, 180 the specs you just delivered on, then have the gall to call your team “incompetent” for not reading their mind and delivering on these brand-new specs. I waste most of my time in pointless meetings, or defending my teams so they don’t flip their desks and walk out. People fall asleep in corners and cry in the bathrooms, health and marriages are suffering. Already the churn is insane, close to half the company if not more. Skilled engineers can tell the environment is toxic, so we’re filling vacancies with mostly sub-par talent.

    (tags: nest google business dotcoms churn iot)

Posted in Uncategorized | Comments closed

Links for 2016-04-04

  • JitPack

    Publish JVM and Android libraries direct from github — it’ll build and package a lib on the fly, caching them via CDN

    (tags: build github java maven gradle dependencies packaging libraries)

  • Illicit trade in prescription drugs a growing problem for Dublin’s north inner city

    ughh. The latest scourge is Zopiclone, “zimmos”, which are being dealt openly due to a bureaucratic loophole in enforcement.

    (tags: zopiclone zimmos drugs dublin northside drug-abuse)

  • A programming language for E. coli

    Mind = blown.

    MIT biological engineers have created a programming language that allows them to rapidly design complex, DNA-encoded circuits that give new functions to living cells. Using this language, anyone can write a program for the function they want, such as detecting and responding to certain environmental conditions. They can then generate a DNA sequence that will achieve it. “It is literally a programming language for bacteria,” says Christopher Voigt, an MIT professor of biological engineering. “You use a text-based language, just like you’re programming a computer. Then you take that text and you compile it and it turns it into a DNA sequence that you put into the cell, and the circuit runs inside the cell.”

    (tags: dna mit e-coli bacteria verilog programming coding biohacking science)

  • GitHub now supports “squash on merge”

    yay. On the other hand — http://www.thecaucus.net/#/content/caucus/tech_blog/516 is a good explanation of why not to adopt it. Pity GitHub haven’t made it a per-review option…

    (tags: github code-reviews squashing merges git coding)

  • bcc

    Dynamic tracing tools for Linux, a la dtrace, ktrace, etc. Built using BPF, using kernel features in the 4.x kernel series, requiring at least version 4.1 of the kernel

    (tags: linux tracing bpf dynamic ops)

  • US government commits to publish publicly financed software under Free Software licenses

    Wow, this is significant:

    At the end of last week, the White House published a draft for a Source Code Policy. The policy requires every public agency to publish their custom-build software as Free Software for other public agencies as well as the general public to use, study, share and improve the software. At the Free Software Foundation Europe (FSFE) we believe that the European Union, and European member states should implement similar policies. Therefore we are interested in your feedback to the US draft.

    (tags: government open-source coding licenses fsf free-software source-code us-politics usa)

  • Elias gamma coding

    ‘used most commonly when coding integers whose upper-bound cannot be determined beforehand.’

    (tags: data-structures algorithms elias-gamma-coding encoding coding numbers integers)

  • A Decade Of Container Control At Google

    The big thing that can be gleaned from the latest paper out of Google on its container controllers is that the shift from bare metal to containers is a profound one – something that may not be obvious to everyone seeking containers as a better way – and we think cheaper way – of doing server virtualization and driving up server utilization higher. Everything becomes application-centric rather than machine-centric, which is the nirvana that IT shops have been searching for. The workload schedulers, cluster managers, and container controllers work together to get the right capacity to the application when it needs it, whether it is a latency-sensitive job or a batch job that has some slack in it, and all that the site recovery engineers and developers care about is how the application is performing and they can easily see that because all of the APIs and metrics coming out of them collect data at the application level, not on a per-machine basis. To do this means adopting containers, period. There is no bare metal at Google, and let that be a lesson to HPC shops or other hyperscalers or cloud builders that think they need to run in bare metal mode.

    (tags: google containers kubernetes borg bare-metal ops)

  • How wet is a cycling commute in Ireland?

    It turns out that you’ll get wet 3 times more often if you’re a Galway cyclist when compared to a Dubliner. Dublin is Ireland’s driest cycling city.
    Some good data and visualization on this extremely important issue

    (tags: rain rainfall-radar ireland climate weather dublin galway cycling)

Posted in Uncategorized | Comments closed

Links for 2016-03-31

Posted in Uncategorized | Comments closed