-
The intuition behind Hydra is something like this, “I have a lot of data, and there are a lot of things I could try to learn about it — so many that I’m not even sure what I want to know.” It’s about the curse of dimensionality — more dimensions means exponentially more cost for exhaustive analysis. Hydra tries to make it easy to reduce the number of dimensions, or the cost of watching them (via probabilistic data structures), to just the right point where everything runs quickly but can still answer almost any question you think you might care about.
Code: https://github.com/addthis/hydra Getting Started blog post: https://www.addthis.com/blog/2014/02/18/getting-started-with-hydra/(tags: hyrda hadoop data-processing big-data trees clusters analysis)
Stalled SCP and Hanging TCP Connections
a Cisco fail.
It looks like there’s a firewall in the middle that’s doing additional TCP sequence randomisation which was a good thing, but has been fixed in all current operating systems. Unfortunately, it seems that firewall doesn’t understand TCP SACK, which when coupled with a small amount of packet loss and a stateful host firewall that blocks invalid packets results in TCP connections that stall randomly. A little digging revealed that firewall to be the Cisco Firewall Services Module on our Canterbury network border.
(via Tony Finch)(tags: via:fanf cisco networking firewalls scp tcp hangs sack tcpdump)
Akamai’s “Secure Heap” patch wasn’t good enough
‘Having the private keys inaccessible is a good defense in depth move. For this patch to work you have to make sure all sensitive values are stored in the secure area, not just check that the area looks inaccessible. You can’t do that by keeping the private key in the same process. A review by a security engineer would have prevented a false sense of security. A version where the private key and the calculations are in a separate process would be more secure. If you decide to write that version, I’ll gladly see if I can break that too.’ Akamai’s response: https://blogs.akamai.com/2014/04/heartbleed-update-v3.html — to their credit, they recognise that they need to take further action. (via Tony Finch)
(tags: via:fanf cryptography openssl heartbleed akamai security ssl tls)
-
Colm MacCarthaigh writes about a simple sharding/load-balancing algorithm which uses randomized instance selection and optional additional compartmentalization. See also: continuous hashing, and http://aphyr.com/posts/278-timelike-2-everything-fails-all-the-time
(tags: hashing load-balancing sharding partitions dist-sys distcomp architecture coding)
Open Crypto Audit Project: TrueCrypt
phase I, a source code audit by iSEC Partners, is now complete. Bruce Schneier says: “I’m still using it”.
(tags: encryption security crypto truecrypt audits source-code isec matthew-green)
-
In the PNAS paper, Brad Bushman and colleagues looked at 107 couples over 21 days and found that people experiencing uncharacteristically low blood sugar were more likely to display anger toward their spouse. (The researchers measured this by having subjects stick needles into voodoo dolls representing their significant others.)
(tags: hangry hunger food eating science health blood-sugar voodoo-dolls glucose)
insane ESB health and safety policy
Where it is not possible to avoid reversing, it is ESB policy that staff driving on behalf of the company or anybody on company premises should reverse into car spaces/bays, allowing them to drive out subsequently.
BUT WHYYYYYYYYYY(tags: esb health-n-safety policies crazy funny driving reversing lol safety)