Film by Páraic McGloughlin

A brief look at the earth from above, based on the shapes we make, the game of life, our playing ground - Arena. Created using Google Earth imagery.

Pearse McGloughlin and I collaborated on the audio resulting in something between music and a soundtrack.
Audio mastered by TJ LippleHear
6 hours ago
HTTP/2 Test
'A simple HTTP/2.0 test tool'
The NSA Worked to “Track Down” Bitcoin Users, Snowden Documents Reveal
'Part of the NSA's Bitcoin access, codenamed MONKEYROCKET, involved essentially tricking targets into using privacy software (a VPN app?) that was actually feeding information directly to the agency.'
The AWS CLI tool supports aliases, a la git, so you can do things like "aws whoami" aliased to "aws sts get-caller-identity".
SXSW 2018: A Look Back at the 1960s PLATO Computing System - IEEE Spectrum
Author Brian Dear on how these terminals were designed for coursework, but students preferred to chat and play games [...]

“Out of the top 10 programs on PLATO running any day, most were games,” Dear says. “They used more CPU time than anything else.” In one popular game called Empire, players blast each other’s spaceships with phasers and torpedoes in order to take over planets.

And PLATO had code review built into the OS:

Another helpful feature that no longer exists was called Term Comment. It allowed users to leave feedback for developers and programmers at any place within a program where they spotted a typo or had trouble completing a task.

To do this, the user would simply open a comment box and leave a note right there on the screen. Term Comment would append the comment to the user’s place in the program so that the recipient could easily navigate to it and clearly see the problem, instead of trying to recreate it from scratch on their own system.

“That was immensely useful for developers,” Dear says. “If you were doing QA on software, you could quickly comment, and it would track exactly where the user left this comment. We never really got this on the Web, and it’s such a shame that we didn’t.”
plato  computing  history  chat  empire  gaming  code-review  coding  brian-dear 
2 days ago
A quantitive analysis of the impact of arbitrary blockchain content on Bitcoin
'People put all sorts of things into the Bitcoin blockchain - some of it objectionable, some of it illegal. Now what?'
blockchain  bitcoin  ledger  immutability  internet  law  crime  papers 
3 days ago
Ten Reasons Why I Don't Like Golang
When I first started programming in Go, my summary of it was, “The good things are great and the bad things are weird and I can live with them.” After another three years and a few large projects in Go, I no longer like the language and wouldn’t use it for a new project. Here are 10 reasons why, in no particular order.
golang  go  coding  languages  programming  gripes 
3 days ago
Ken Foxe's Beginner’s Guide to FOI
This guide is designed to be read by members of the public or journalists looking to dip their toes into the world of Freedom of Information in Ireland. It is not designed to be an authoritative guide to FOI, a history book, or an academic text … it is simply a useful introduction to the first steps, the language, and the things you need to know before you start.
foia  foi  government  ireland  ken-foxe 
6 days ago
Cameras as Traffic Cops – Hacker Noon
Guy trains model on NYC traffic camera video to detect blocked bike lanes and bus stops. Estimates "the number of tickets being given represents less than .0001% of infractions". (via lemonodor)
via:lemonodor  future  tickets  traffic  nyc  cameras  surveillance  bike-lanes  bus-stops  traffic-law 
6 days ago
Who Targets Me
Microtargeting. Misinformation. Psychographic profiling.
Install Who Targets Me [a Chrome plugin] to find out who’s trying to win your vote – and how they’re doing it.
ads  advertising  chrome  extensions  microtargeting  politics  facebook 
7 days ago
Interesting Twitter thread on email UI design, vs Slack
"When redesigning Outlook, we found two basic groups of users: pilers and filers. Pilers kept a single, ever-expanding list of mail in their Inbox and then worked it down to "inbox zero." Filers wrote rules or manually filed mail into folders, creating an organizational system.

Filers rely on their bespoke, highly customized knowledge of where things go in their email system, much like you might organize your kitchen in a way that makes sense to you. You know where the strainer or little corn-cob-holders go, and no one else does (or needs to.)

Pilers rely on search to find things in their huge amassed pile. We moved Outlook from the fundamental organization unit of "message" to "conversation" (or "thread") so that when pilers found mail via search, messages would return with the context of the surrounding conversation.

Both pilers and filers have one key thing in common: their systems require an affirmative, discrete action to take a mail out of their list. Filers file to a folder when done with a message, and pilers archive/delete. This turned out to be essential for people to feel in control."

really, "pilers" are using the UI that GMail pioneered, where credit is due (as far as I know at least).
mail  ux  ui  pilers-and-filers  filepile  email  slack  outlook 
8 days ago
Iterating over hash sets quickly in Java
Interesting datum:
My numbers are clear: in my tests, it is three times faster to sum up the values in a LinkedHashSet [than a HashSet].
performance  java  locality  memory  cache-friendly  data-structures  hashsets  linkedhashsets  sets 
9 days ago
7% of Scott Kelly's Genes Changed After a Year in Space - Universe Today
The study took into account possible genomic and cognitive changes between the two [twin] brothers. These findings were recently clarified by NASA, which indicated that 93% of Scott Kelly’s genes returned to normal after he returned to Earth while the remaining 7% points were missing. These were attributed to “longer-term changes in genes related to his immune system, DNA repair, bone formation networks, hypoxia, and hypercapnia.”

In other words, in addition to the well-documented effects of microgravity – such as muscle atrophy, bone density loss and loss of eyesight – Scott Kelly also experienced health effect caused by a deficiency in the amount of oxygen that was able to make it to his tissues, an excess of CO2 in his tissues, and long-term effects in how his body is able to maintain and repair itself.
nasa  space  iss  spaceflight  scott-kelly  zero-gravity  future  microgravity  health  via:elliot 
9 days ago
Charging the LEAF | Speak EV - Electric Car Forums
Excellent reference on charge times and connection types for the Nissan Leaf EV
nissan  leaf  ev  cars  charging  nissan-leaf 
10 days ago
YouTube, the Great Radicalizer - The New York Times
It seems as if you are never “hard core” enough for YouTube’s recommendation algorithm. It promotes, recommends and disseminates videos in a manner that appears to constantly up the stakes. Given its billion or so users, YouTube may be one of the most powerful radicalizing instruments of the 21st century.
youtube  culture  politics  radicalization  crazy  machine-learning  google  zeynep-tufekci 
11 days ago
BAD TRAFFIC: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?
This report describes our investigation into the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt. 

Shame on these vendors.
egypt  espionage  infrastructure  turkey  syria  procera  dpi  malware  hacking  sandvine 
13 days ago
The Myth of Authenticity Is Killing Tex-Mex
Overshadowed by barbecue in its home state, Tex-Mex is the most important, least understood regional cuisine in America

I, for one, welcome the revival of Tex-Mex
cuisine  food  tex-mex  mexican  texas  barbecue 
14 days ago
The Great Igloos of Storm Emma - YouTube
in a once-in-a-lifetime snowstorm, it appears the young Irish male's mind turns to (checks notes) building an igloo and having a party in it
igloos  funny  ireland  storm-emma  snow  wtf  humans-of-the-sesh 
15 days ago
Git, complicated? Of course not! Commits map to isomorphic contours in source-code phase space
The inspiration for the classic tweet.
it’s simplest to think of the state of your repository as a point in a high-dimensional ‘code-space’,  in which branches are represented as n-dimensional membranes, mapping the spatial loci of successive commits onto the projected manifold of each cloned repository
git  incomprehensible  funny  jargon  topology  dvcs 
18 days ago
how to deal with obnoxious political ads on Facebook
tl;dr: hide or report the ads. Both will drive up the cost for the advertiser and limit their reach
ads  facebook  social-media  reporting  antichoice  repeal-the-8th 
20 days ago
Yes, bacon really is killing us - The Guardian Long Read
Since we eat with our eyes, the main way we judge the quality of cured meats is pinkness. Yet it is this very colour that we should be suspicious of, as the French journalist Guillaume Coudray explains in a book published in France last year called Cochonneries, a word that means both “piggeries” and “rubbish” or “junk food”. The subtitle is “How Charcuterie Became a Poison”. Cochonneries reads like a crime novel, in which the processed meat industry is the perpetrator and ordinary consumers are the victims.

The pinkness of bacon – or cooked ham, or salami – is a sign that it has been treated with chemicals, more specifically with nitrates and nitrites. It is the use of these chemicals that is widely believed to be the reason why “processed meat” is much more carcinogenic than unprocessed meat. Coudray argues that we should speak not of “processed meat” but “nitro-meat”.

[...] When nitrates interact with certain components in red meat (haem iron, amines and amides), they form N-nitroso compounds, which cause cancer. The best known of these compounds is nitrosamine. This, as Guillaume Coudray explained to me in an email, is known to be “carcinogenic even at a very low dose”. Any time someone eats bacon, ham or other processed meat, their gut receives a dose of nitrosamines, which damage the cells in the lining of the bowel, and can lead to cancer.

You would not know it from the way bacon is sold, but scientists have known nitrosamines are carcinogenic for a very long time. More than 60 years ago, in 1956, two British researchers called Peter Magee and John Barnes found that when rats were fed dimethyl nitrosamine, they developed malignant liver tumours. By the 1970s, animal studies showed that small, repeated doses of nitrosamines and nitrosamides – exactly the kind of regular dose a person might have when eating a daily breakfast of bacon – were found to cause tumours in many organs including the liver, stomach, oesophagus, intestines, bladder, brain, lungs and kidneys.

But there IS some good news for Parma ham and sausages:

In 1993, Parma ham producers in Italy made a collective decision to remove nitrates from their products and revert to using only salt, as in the old days. For the past 25 years, no nitrates or nitrites have been used in any Prosciutto di Parma. Even without nitrate or nitrite, the Parma ham stays a deep rosy-pink colour. We now know that the colour in Parma ham is totally harmless, a result of the enzyme reactions during the ham’s 18-month ageing process.

[...] the average British sausage – as opposed to a hard sausage like a French saucisson – is not cured, being made of nothing but fresh meat, breadcrumbs, herbs, salt and E223, a preservative that is non-carcinogenic. After much questioning, two expert spokespeople for the US National Cancer Institute confirmed to me that “one might consider” fresh sausages to be “red meat” and not processed meat, and thus only a “probable” carcinogen.
bacon  sausages  meat  parma-ham  ham  food  cancer  carcinogens  big-meat  nitrates  nitrites 
21 days ago
Huy Fong sriracha hot sauce label - Fonts In Use
The fonts of the iconic sriracha bottle, analysed. Interestingly, the Chinese serif text is typeset in a universally-reviled font, PMingLiu:
For East Asian designers, PMingLiu was probably as despicable as Papyrus. Many have publicly voiced their disdain for PMingLiu, and some even see the elimination of PMingLiu from public sight as a career goal. Julius Hui, then consultant for Commercial Type, exclaims:

PMingLiu inhibits the type business, maims the public’s aesthetic judgment, and puts a bad face on the Minchō genre. As long as the public have not harbored a deep hatred against PMingLiu, it is futile to completely eliminate it from the world.
typography  packaging  sriracha  pmingliu  mincho  fonts  type  food  labels 
22 days ago
Palantir has secretly been using New Orleans to test its predictive policing technology - The Verge
Predictive policing technology has proven highly controversial wherever it is implemented, but in New Orleans, the program escaped public notice, partly because Palantir established it as a philanthropic relationship with the city through Mayor Mitch Landrieu’s signature NOLA For Life program. Thanks to its philanthropic status, as well as New Orleans’ “strong mayor” model of government, the agreement never passed through a public procurement process.

In fact, key city council members and attorneys contacted by The Verge had no idea that the city had any sort of relationship with Palantir, nor were they aware that Palantir used its program in New Orleans to market its services to another law enforcement agency for a multimillion-dollar contract.

Even James Carville, the political operative instrumental in bringing about Palantir’s collaboration with NOPD, said that the program was not public knowledge. “No one in New Orleans even knows about this, to my knowledge,” Carville said.
palantir  creepy  surveillance  crime  forecasting  precrime  new-orleans  us-politics  privacy 
22 days ago
30 kWh Leaf Nissan Connect Issues
seems there's some kind of firmware/importation issue with the Nissan Leaf app integration.... bit of a mess
nissan-leaf  nissan  leaf  apps  mobile  cars  driving 
22 days ago
Can I Extend and Renovate my “Fixer Upper” for €100,000? A First Time Buyer’s Renovation Budget Explained
In 2013, €100,000 was like a king’s ransom to most businesses in the Irish construction industry. Now clients approach us with budgets at this level and are shocked when we tell them how little can be achieved with such a large sum of money. We have decided to tackle this issue with a clear worked example.

In 2018, rates for some types of construction have increased 50% since the recession, client expectations have increased, there is a shortage of competent construction workers, and subcontractors are now more accountable for quality.

These pressures have inflated the many expenses which make up a typical renovation budget. Even the most seasoned commercial clients are struggling to achieve tenable construction prices, and first time buyers must understand the financial risk of buying a home in need of complete renovation.

renovation  homes  architecture  houses  building 
28 days ago
The Codex - I Do Not Like Go
Some gripes about Go from this blog, specifically around developer ergonomics (syntax highlighting and language-inherent error detection), politics, packaging and distribution, GOPATH, and the tuple-oriented error handling idiom. As R. I. Pienaar noted, the Go community seems full of "at-Google-wes", which is an excellent way of putting it.
golang  go  criticism  blogs  syntax-highlighting  coding  languages  google  at-google-we 
28 days ago
Containers Patterns
"There are a thousand ways to use containers" -- broken down into Development, Distribution and Runtime Patterns (via Tony Finch)
docker  containers  design-patterns  coding  packaging  deployment  via:fanf 
4 weeks ago
Artificial intelligence is going to supercharge surveillance - The Verge
What happens when governments can track huge numbers of people using CCTV? When police can digitally tail you around a city just by uploading your mugshot into a database?

Or, indeed, when CCTV combined with AI and big data is routinely tracking everybody all the time?
ai  surveillance  privacy  cctv  big-data  government  big-brother  anpr 
4 weeks ago
First bit of Tubular Bells played three times with slight delays so it takes 40 mins to sync - YouTube
'The intro of Tubular Bells played three times with slight delays so it takes 40 minutes to sync AND... randomly generated visual loops from the Exorcist.

That's what I've made happen tonight. No video editor, no music editor - all code.

And it's a trip.'
tubular-bells  the-exorcist  video  art  delay  hacks  trippy 
4 weeks ago
[Changelog] Republic of Ireland Patch notes for version : ireland
Hello and welcome, I’m Leo Varadkar, lead developer of the MMO “Republic of Ireland”, which currently has 4,700,000+ players, and today we’ll be discussing changes coming eventually with the new patch.

-- genius
changelog  funny  mmo  gaming  ireland  patches  comedy 
4 weeks ago
New DNA nanorobots successfully target and kill off cancerous tumors
This is amazing.
“Using tumor-bearing mouse models, we demonstrate that intravenously injected DNA nanorobots deliver thrombin specifically to tumor-associated blood vessels and induce intravascular thrombosis, resulting in tumor necrosis and inhibition of tumor growth,” the paper explains.

DNA nanorobots are a somewhat new concept for drug delivery. They work by getting programmed DNA to fold into itself like origami and then deploying it like a tiny machine, ready for action.
dna  nanorobots  origami  cancer  cures  medicine 
5 weeks ago
He Predicted The 2016 Fake News Crisis. Now He's Worried About An Information Apocalypse.
“In the next two, three, four years we’re going to have to plan for hobbyist propagandists who can make a fortune by creating highly realistic, photo realistic simulations,” Justin Hendrix, the executive director of NYC Media Lab, told BuzzFeed News. “And should those attempts work, and people come to suspect that there's no underlying reality to media artifacts of any kind, then we're in a really difficult place. It'll only take a couple of big hoaxes to really convince the public that nothing’s real.”
fake-news  reality  news  ai  propaganda  future  black-mirror  media  hoaxes  dystopia 
5 weeks ago
Single Trapped Atom Captures Science Photography Competition's top prize - EPSRC website
An image of a single positively-charged strontium atom, held near motionless by electric fields, has won the overall prize in a national science photography competition, organised by the Engineering and Physical Sciences Research Council (EPSRC).

‘Single Atom in an Ion Trap’, by David Nadlinger, from the University of Oxford, shows the atom held by the fields emanating from the metal electrodes surrounding it. The distance between the small needle tips is about two millimetres.

When illuminated by a laser of the right blue-violet colour the atom absorbs and re-emits light particles sufficiently quickly for an ordinary camera to capture it in a long exposure photograph. The winning picture was taken through a window of the ultra-high vacuum chamber that houses the ion trap.
atom  photography  science  strontium  ion-traps  light 
5 weeks ago
Thousands of websites hijacked by hidden crypto-mining code after Browsealoud hacked
The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud.

For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.

A list of 4,200-plus affected websites can be found here: they include The City University of New York (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe.

Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on.
browsealoud  accessibility  http  sri  coinhive  monero  hacks  ico  nhs 
5 weeks ago
Car Hacker's Handbook

Modern cars are more computerized than ever. Infotainment and navigation systems, Wi-Fi, automatic software updates, and other innovations aim to make driving more ­convenient. But vehicle technologies haven't kept pace with today's more hostile security environment, leaving ­millions vulnerable to attack.

The Car Hacker's Handbook will give you a deeper understanding of the computer systems and embedded software in modern ­vehicles. It begins by examining vulnerabilities and providing detailed explanations of communications over the CAN bus and ­between devices and systems.

Then, once you have an understanding of a vehicle's communication network, you'll learn how to intercept data and perform specific hacks to track vehicles, unlock doors, glitch engines, flood communication, and more.

Creative Commons Attribution-Noncommercial-ShareAlike license.
cars  books  hacking  exploits  can-bus 
5 weeks ago
Russia Did It, Y’all. And Nobody Fucking Cares.
That’s right, that’s CRAZY LIBERAL CONSPIRACY THEORIST George W. Bush [...] saying it’s still an open question whether Russia actually successfully rigged the 2016 election. What a Code Pink Occupy Democracy Now liberal George W. Bush is being, to even ask that question!
wonkette  elections  donald-trump  2016  us-politics  george-w-bush  hacking 
5 weeks ago
Last orders: Ireland's vanishing 'quirky' shopfronts – in pictures | Cities | The Guardian
Graphic designer Trevor Finnegan spent seven years documenting traditional shopfronts throughout Ireland.

Lovely examples of a vanishing vernacular style.
architecture  ireland  rural  shopfronts  signs  history 
5 weeks ago
How the Game Genie worked
"Sometimes it was really easy to find cheats, because the code was very straightforward, and sometimes it was a massive pain in the arse," recalls Jon. "In simple terms, if a game started you with three lives I'd set up the logic analyser to stop when it found the value three being written to RAM. Then I'd use the Game Genie to change that 3 to say a 5, reboot the game and see if I started with 5 lives. If not, then I'd let it find the next time it wrote 3 into RAM and try that.

"Infinite lives codes were always the best. Once I'd found where in RAM the lives value was stored I'd then monitor when it got decremented. What I was looking for was where the game's original coder used -most likely - the DEC A (&H3D) instruction after reading the lives value from RAM, and then storing it back into RAM. If I found this then all I had to do was swap out the DEC A (&H3D) decrement operation with a NOP (&H00), which performed no operation. So the lives value would be left as-is and voila the player had infinite lives."
games  gameboy  game-genie  via:its  logic-analysers  reverse-engineering  history  hacking 
5 weeks ago
why Cheddar Man was dark skinned
'But why should that be surprising? He's over 10,000 years old, while mutations that led to white skin [the depigmentation gene SLC24A5] only began to spread widely [across Europe] 5,800 years old!'
europe  history  prehistory  skin-colour  cheddar-man  race  skin  slc24a5  genetics  david-grimes 
6 weeks ago
Horslips respond angrily to xenophobic #irexit use of their hit "Dearg Doom"
Some of you may have spotted that the saddos in the Eirexit conference had the feckin' temerity to use Dearg Doom as a soundtrack and to show the image of the album cover on the big screen.
Needless to say, they didn't ask us.
If they had, we'd have pointed out that we wouldn't piss on them if they were on fire -which they're unlikely to be, anytime soon. Five hundred damp, self regarding eejits being patronised by the Crazy Frog lookalike Nigel Farage ... isn't going to set the heather blazing in the near future.
Horslips stood for a hopeful, outward looking, inclusive vision of Ireland with plenty of drink and a Blue Range Rover.
This lot stand for a diminished, fearful, xenophobic state. Little Irelanders.
Checking out whether we can do them for copyright infringement.
We'll keep you posted.Feel free to share.

horslips  music  1970s  irexit  facebook  copyright 
6 weeks ago
Pubs reveal drinks firms' exclusive deals
'You could be offered €100,000 - it's big money': Pubs reveal drinks firms' exclusive deals; Heineken has already been accused of using its clout to squeeze out rivals.
heineken  beer  ireland  craft-beer  payola  scams  pubs 
6 weeks ago
Generate Mozilla Security Recommended Web Server Configuration Files
this is quite cool -- generate web server configs to activate current best-practice TLS settings
web  openssl  nginx  lighttpd  apache  haproxy  hsts  security  ssl  tls  ops 
6 weeks ago
'Fiction is outperforming reality': how YouTube's algorithm distorts truth
"no matter which political side the researcher started from, the platform pushed pro-Trump, anti-Clinton videos."
youtube  truth  fake-news  conspiracy-theories  google  algorithms  politics  brexit  trump 
6 weeks ago
Amazon Aurora Parallel Query is Available for Preview
Looks very nifty (at least once it's GA)
Parallel Query improves the performance of large analytic queries by pushing processing down to the Aurora storage layer, spreading processing across hundreds of nodes.
With Parallel Query, you can run sophisticated analytic queries on Aurora tables with an order of magnitude performance improvement over serial query processing, in many cases. Parallel Query currently pushes down predicates used to filter tables and hash joins. 
parallel  aurora  amazon  mysql  sql  performance  joins  architecture  data-model 
6 weeks ago
How $800k Evaporated from the PoWH Coin Ponzi Scheme Overnight
'In 282 lines of code, PoWH Coin managed to give away $800,000 in Etherium.'
etherium  blockchain  coding  powh  4chan  fail  fraud  cryptocurrency  javascript 
7 weeks ago
Playboy is suing Boing Boing - but linking is not copyright infringement
Boing Boing linked to a an imgur archive of all Playboy centerfolds,
and Playboy is suing them:
Playboy’s lawsuit is based on an imaginary (and dangerous) version of US copyright law that bears no connection to any US statute or precedent. Playboy -- once legendary champions for the First Amendment -- now advances a fringe copyright theory: that it is illegal to link to things other people have posted on the web, on pain of millions in damages -- the kinds of sums that would put us (and every other small publisher in America) out of business.
intellectual-property  copyright  playboy  boing-boing  centerfolds  porn  history  linking  web 
7 weeks ago
airlift/aircompressor: A port of Snappy, LZO and LZ4 to Java
This library contains implementations of LZ4, Snappy, and LZO written in pure Java. They are typically 10-40% faster than the JNI wrapper for the native libraries.
lz4  lzo  lzop  snappy  java  libraries  airlift  compression  performance 
7 weeks ago
My £300 32Amp Charging Station Install
good writeup of a DIY EV car charger install
ev  cars  diy  car-chargers  home 
7 weeks ago
Amazing thread from @gavinsblog on the Strava leak
'This often led to the same results you see with Strava. In low population countries, or countries with low smartphone penetration, it was often easy to detect Westerners (usually soldiers) in remote areas.

this usually led to being able to identify bases and other types of things based solely on social data. Iraq, Afghanistan = always easy to find US troops (Instagram being a common sharing tool). Same true of IDF troops in staging areas before invasion of Gaza in 2014.

and the same true in 2014 with Russian troops in Ukraine. All too easy. Of course the other thing you might be nosey about [is] known military facilities. Social geotagging can give you staff/visitor lists if you persist long enough.

the difference between this technique and Strava was you could usually quickly deduce first name/last name if you wanted, and infer other social profiles eg LinkedIn -> FB -> FB friends -> work colleagues. Not only that but it was possible to automate.'
strava  privacy  military  security  geotagging  geodata  gavin-sheridan 
7 weeks ago
Strava app gives away location of secret US army bases
This is a privacy nightmare. Even with anonymized userids the data was far too user-specific.
The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.
strava  privacy  fail  army  us-army  data 
7 weeks ago
'A Look into 30 Years of Malware Development from a Software Metrics Perspective'
'During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today’s cyber attacks and has consolidated as a commodity in the underground economy. In this work, we analyze the evolution of malware since the early 1980s to date from a software engineering perspective. We analyze the source code of 151 malware samples and obtain measures of their size, code quality, and estimates of the development costs (effort, time, and number of people). Our results suggest an exponential increment of nearly one order of magnitude per decade in aspects such as size and estimated effort, with code quality metrics similar to those of regular software. Overall, this supports otherwise confirmed claims about the increasing complexity of malware and its production progressively becoming an industry.'
malware  coding  metrics  software  history  complexity  arms-race 
7 weeks ago
'DolphinAttack: Inaudible Voice Commands' [pdf]
'Speech recognition (SR) systems such as Siri or Google Now have become an increasingly popular human-computer interaction method, and have turned various systems into voice controllable systems(VCS). Prior work on attacking VCS shows that the hidden voice commands that are incomprehensible to people can control the systems. Hidden voice commands, though hidden, are nonetheless audible. In this work, we design a completely inaudible attack, DolphinAttack, that modulates voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve inaudibility. By leveraging the nonlinearity of the microphone circuits, the modulated low frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the speech recognition systems. We validate DolphinAttack on popular speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa. By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile. We propose hardware and software defense solutions. We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice controllable systems to be resilient to inaudible voice command attacks.'

via Zeynep (https://twitter.com/zeynep/status/956520320504123392)
alexa  siri  attacks  security  exploits  google-now  speech-recognition  speech  audio  acm  papers  cortana 
8 weeks ago
Rocket Lab secretly launched a disco ball satellite on its latest test flight - The Verge
I'm quite conflicted about this -- I think I like it:
Shaped a bit like a disco ball, the Humanity Star is a 3-foot-wide carbon fiber sphere, made up of 65 panels that reflect the Sun’s light. The satellite is supposed to spin in space, too, so it’s constantly bouncing sunlight. In fact, the probe is so bright that people can see it with the naked eye. The Humanity Star’s orbit also takes it all over Earth, so the satellite will be visible from every location on the planet at different times. Rocket Lab has set up a website that gives real-time updates about the Humanity Star’s location. People can find out when the satellite will be closest to them, and then go outside to look for it. The goal of the project is to create “a shared experience for all of humanity,” according to Rocket Lab.
rocket-lab  disco-balls  satellites  humanity-star  orbit  space 
8 weeks ago
Targeted Audio Adversarial Examples
This is phenomenal:
We have constructed targeted audio adversarial examples on speech-to-text transcription neural networks: given an arbitrary waveform, we can make a small perturbation that when added to the original waveform causes it to transcribe as any phrase we choose.

In prior work, we constructed hidden voice commands, audio that sounded like noise but transcribed to any phrases chosen by an adversary. With our new attack, we are able to improve this and make an arbitrary waveform transcribe as any target phrase.

The audio examples on this page are impressive -- a little bit of background noise, such as you might hear on a telephone call with high compression, hard to perceive if you aren't listening out for it.

Paper here: https://arxiv.org/abs/1801.01944

(Via Parker Higgins, https://twitter.com/xor )
papers  audio  adversarial-classification  neural-networks  speech-to-text  speech  recognition  voice  attacks  exploits  via:xor 
8 weeks ago
The Gremlin Loader
Writeup of one of the classic tape loaders used on the ZX Spectrum, both for fast loading and piracy protection
piracy  reverse-engineering  history  zx-spectrum  tape  loaders  gremlin 
8 weeks ago
Remote Code Execution on the Smiths Medical Medfusion 4000 Infusion Pump
'Between March and June of 2017 I spent around 400 hours of personal time analyzing the Smiths Medical Medfusion 4000 infusion pump for security vulnerabilities. The devices analyzed had software versions 1.1.2 and 1.5.0. The flaws discovered (the most critical of which was a DHCP buffer overflow in the MQX operating system used) were disclosed in a coordinated fashion and are detailed by ICS-CERT in ICSMA-250-02A and CERT in VU#590639.

The goal of this exercise was to help protect patients that rely on therapy provided by the pump, to raise awareness of the risk present in unpatched versions of the device, and, finally, to contribute to the corpus of embedded/IoT security research.'
medical  infusion-pumps  security  iot  safety  exploits  embedded-systems  reversing 
8 weeks ago
The 29 Stages Of A Twitterstorm In 2018
'14. Then suddenly there are Nazis everywhere.'
twitter  twitterstorms  funny  2018  nazis  alt-right  memes 
8 weeks ago
Securing Docker Containers on AWS | nearForm
'On most projects at nearForm we are deploying our solutions within Docker containers. There are tasks that are repeated on each project to secure and harden off those deployments and we built this packer template to produce a quick and easy way for you to spin up an AWS AMI that passes the Docker-Bench-Security script. The Docker-Bench-Security repo is a work product of the above mentioned consolidation efforts by the Docker team.'
docker  aws  security  nearform  containers  linux  packer 
9 weeks ago
OpenCensus: A Stats Collection and Distributed Tracing Framework
Google open sourcing their internal Census lib for service metrics and distributed tracing
google  monitoring  service-metrics  metrics  census  opencensus  open-source  tracing  zipkin  prometheus 
9 weeks ago
How To Measure the Working Set Size on Linux
A nifty metric:
The Working Set Size (WSS) is how much memory an application needs to keep working. Your app may have populated 100 Gbytes of main memory, but only uses 50 Mbytes each second to do its job. That's the working set size. It is used for capacity planning and scalability analysis.

You may never have seen WSS measured by any tool (I haven't either). OSes usually show you virtual memory and resident memory, shown as the "VIRT" and "RES" columns in top. Resident memory is real memory: main memory that has been allocated and page mapped. But we don't know how much of that is in heavy use, which is what WSS tells us.

In this post I'll introduce some new things I've developed for WSS estimation: two Linux tools, and WSS profile charts. The tools use either the referenced or the idle page flags to measure a page-based WSS, and were developed out of necessity for another performance problem.

(via Amy Tobey)
via:amytobey  memory  linux  rss  wss  proc  ps  processes  metrics  working-set-size  ram 
9 weeks ago
Sarah Jeong's hilarious Twitter thread on Bitcoin
"People are sick of the Federal Reserve, sick of bailouts, sick of inflation. You know what we need? Internet money with the usability of PGP and the reliability of BART" and much, much more
bitcoin  funny  sarah-jeong  comedy  lols  pgp  twitter  threads 
9 weeks ago
Boost your immunity: Cold and flu treatments suppress innate immune system
The next time you feel a cold coming on, maybe what you really want is just a little teensy bit of innate immune suppression, not an immunity boost. Over-the-counter medications like ibuprofen and antihistamines should help you feel better. Meanwhile, sit back while your acquired B and T cells do the rest. And if you aren't yet sick, stay up-to-date on your vaccines, including the yearly influenza vaccine. Most importantly, practice vigorous hand washing — after all, the skin is also a component of your natural defenses and one that actually can be enhanced by good hygiene. Take care of yourself by keeping a balanced diet, maintaining good sleep habits, and minimizing stress. These are interventions that have been shown to help keep your immune system at its best. These alone can "boost" your odds of staving off an infection this cold season.
immunity  health  immune-system  colds  b-cells  t-cells  flu 
9 weeks ago
Actual screenshot of the broken UX of the Hawaii ballistic missile alert system
"This is the screen that set off the ballistic missile alert on Saturday. The operator clicked the PACOM (CDW) State Only link. The drill link is the one that was supposed to be clicked."

This is terrible, terrible UX.
ux  ui  hawaii  alerting  alerts  testing  safety  fail 
9 weeks ago
Don Norman on "Human Error", RISKS Digest Volume 23 Issue 07 2003
It is far too easy to blame people when systems fail. The result is that
over 75% of all accidents are blamed on human error. Wake up people! When
the percentage is that high, it is a signal that something else is at fault
-- namely, the systems are poorly designed from a human point of view. As I
have said many times before (even within these RISKS mailings), if a valve
failed 75% of the time, would you get angry with the valve and simply
continual to replace it? No, you might reconsider the design specs. You would
try to figure out why the valve failed and solve the root cause of the
problem. Maybe it is underspecified, maybe there shouldn't be a valve there,
maybe some change needs to be made in the systems that feed into the valve.
Whatever the cause, you would find it and fix it. The same philosophy must
apply to people.
don-norman  ux  ui  human-interface  human-error  errors  risks  comp.risks  failures 
9 weeks ago
Shanzhai 山寨 China & its Contents
As he drinks Sino-coffee for around RMB 10, Comrade X might well be wearing the latest ‘ZARE’ couture while watching the TV news streaming on his HiPhone.[2] Back in Guangdong, his girlfriend — a sales consultant at a small stall in one of Shenzhen’s many wholesale electronics markets — sports a ‘high-end replica’ 高仿 Louis Vuitton bag and makes a living selling ‘domestically produced’ 国产 and ‘smuggled’ 水货 smartphones. The imitation products that festoon the couple’s lives are part of ‘shanzhai 山寨 China’.

Shanzhai, the word means roughly ‘mass-produced imitation goods’, has created a Chinese landscape that is littered with products derided by the media, Chinese and international, as ‘copycat’, ‘guerrilla counterfeits’ and ‘knockoffs’, all the work of thieves.[3] Those who feel that their intellectual property and copyright has been infringed by shanzhai producers describe the products as ‘rubbish’, ‘piracy in disguise’ and ‘hooligan’.[4] Regardless of such righteous outrage, shanzhai — the producers, the products and the mentality — continues to flourish as an essential, quasi-legitimate shadow dimension of the Chinese economy. And, in practical terms, shanzhai products give disenfranchised ‘non-consumers’ of the orthodox economy — that is, people who would like to own but can’t afford the ‘original’ products — cut-price access to high-end technologies, as well as offering aspirational shoppers consumer satisfaction.
shanzai  china  fakes  consumerism  hiphone  smartphones  copycat  knockoffs  imitation  consumption 
9 weeks ago
Do algorithms reveal sexual orientation or just expose our stereotypes?
'A study claiming that artificial intelligence can infer sexual orientation from facial images caused a media uproar in the Fall of 2017. [...] Michal Kosinski, who co-authored the study with fellow researcher Yilun Wang, initially expressed surprise, calling the critiques “knee-jerk” reactions. However, he then proceeded to make even bolder claims: that such AI algorithms will soon be able to measure the intelligence, political orientation, and criminal inclinations of people from their facial images alone.'

'In [this paper], we have shown how the obvious differences between lesbian or gay and straight faces in selfies relate to grooming, presentation, and lifestyle  —  that is, differences in culture, not in facial structure. [...] We’ve demonstrated that just a handful of yes/no questions about these variables can do nearly as good a job at guessing orientation as supposedly sophisticated facial recognition AI. Therefore — at least at this point — it’s hard to credit the notion that this AI is in some way superhuman at “outing” us based on subtle but unalterable details of our facial structure.'
culture  facial-recognition  ai  papers  facial-structure  sexual-orientation  lgbt  computer-vision 
9 weeks ago
The Death of Microservice Madness in 2018
Quite a good set of potential gotchas, which I've run into myself, including:

'Real world systems often have poorly defined boundaries'
'The complexities of state are often ignored'
'The complexitities of communication are often ignored'
'Versioning can be hard'
'Microservices can be monoliths in disguise'
architecture  devops  microservices  services  soa  coding  monoliths  state  systems 
9 weeks ago
The likely user interface which led to Hawaii's false-alarm incoming-ballistic-missile alert on Saturday 2018-01-13
@supersat on Twitter:

"In case you're curious what Hawaii's EAS/WEA interface looks like, I believe it's similar to this. Hypothesis: they test their EAS authorization codes at the beginning of each shift and selected the wrong option."

This is absolutely classic enterprisey, government-standard web UX -- a dropdown template selection and an easily-misclicked pair of tickboxes to choose test or live mode.
testing  ux  user-interfaces  fail  eas  hawaii  false-alarms  alerts  nuclear  early-warning  human-error 
9 weeks ago
‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown
“Our first priority has been to have a complete mitigation in place,” said Intel’s Parker. “We’ve delivered a solution.” Some in the cybersecurity community aren’t so sure. Kocher, who helped discover Spectre, thinks this is just the beginning of the industry’s woes. Now that new ways to exploit chips have been exposed, there’ll be more variations and more flaws that will require more patches and mitigation.
"This is just like peeling the lid off the can of worms," he said.
meltdown  spectre  speculative-execution  security  exploits  intel  amd  cpus 
9 weeks ago
Brain Cells Share Information With Virus-Like Capsules - The Atlantic
...a gene called Arc which is active in neurons, and plays a vital role in the brain. A mouse that’s born without Arc can’t learn or form new long-term memories. If it finds some cheese in a maze, it will have completely forgotten the right route the next day. “They can’t seem to respond or adapt to changes in their environment,” says Shepherd, who works at the University of Utah, and has been studying Arc for years. “Arc is really key to transducing the information from those experiences into changes in the brain.”

Despite its importance, Arc has been a very difficult gene to study. Scientists often work out what unusual genes do by comparing them to familiar ones with similar features—but Arc is one-of-a-kind. Other mammals have their own versions of Arc, as do birds, reptiles, and amphibians. But in each animal, Arc seems utterly unique—there’s no other gene quite like it. And Shepherd learned why when his team isolated the proteins that are made by Arc, and looked at them under a powerful microscope.

He saw that these Arc proteins assemble into hollow, spherical shells that look uncannily like viruses. “When we looked at them, we thought: What are these things?” says Shepherd. They reminded him of textbook pictures of HIV, and when he showed the images to HIV experts, they confirmed his suspicions. That, to put it bluntly, was a huge surprise. “Here was a brain gene that makes something that looks like a virus,” Shepherd says.

That’s not a coincidence. The team showed that Arc descends from an ancient group of genes called gypsy retrotransposons, which exist in the genomes of various animals, but can behave like their own independent entities.* They can make new copies of themselves, and paste those duplicates elsewhere in their host genomes. At some point, some of these genes gained the ability to enclose themselves in a shell of proteins and leave their host cells entirely. That was the origin of retroviruses—the virus family that includes HIV.
brain  evolution  retroviruses  viruses  genes  arc  gag  proteins  memory  biology 
9 weeks ago
google/highwayhash: Fast strong hash functions: SipHash/HighwayHash
HighwayHash: 'We have devised a new way of mixing inputs with AVX2 multiply and permute instructions. The multiplications are 32x32 -> 64 bits and therefore infeasible to reverse. Permuting equalizes the distribution of the resulting bytes. The internal state occupies four 256-bit AVX2 registers. Due to limitations of the instruction set, the registers are partitioned into two 512-bit halves that remain independent until the reduce phase. The algorithm outputs 64 bit digests or up to 256 bits at no extra cost. In addition to high throughput, the algorithm is designed for low finalization cost. The result is more than twice as fast as SipTreeHash.

We also provide an SSE4.1 version (80% as fast for large inputs and 95% as fast for short inputs), an implementation for VSX on POWER and a portable version (10% as fast). A third-party ARM implementation is referenced below.

Statistical analyses and preliminary cryptanalysis are given in https://arxiv.org/abs/1612.06257.'

(via Tony Finch)
siphash  highwayhash  via:fanf  hashing  hashes  algorithms  mac  google  hash 
9 weeks ago
The Stress of Remote Working – Martin De Wulf – Medium
There is a lot of good to say about remote working, and I see a lot of rabid defence of the practice. That said, I have been working remotely for a little more than 5 years now, and I now must acknowledge that it does not come without stress. This might come as a surprise for some, but in the end, I think that remote working has taken some toll on me over the last two years, especially when I went almost fully remote for a year.

I have to say, I agree with this 100% -- I spent a few years remote working full time, and by the end of it I was absolutely delighted to return to a mainly office-based job.
business  work  life  coding  teleworking  remote-work  stress  anxiety  mental-health 
10 weeks ago
[1801.02780] Rogue Signs: Deceiving Traffic Sign Recognition with Malicious Ads and Logos
Well, so much for that idea.
We propose a new real-world attack against the computer vision based systems of autonomous vehicles (AVs). Our novel Sign Embedding attack exploits the concept of adversarial examples to modify innocuous signs and advertisements in the environment such that they are classified as the adversary's desired traffic sign with high confidence. Our attack greatly expands the scope of the threat posed to AVs since adversaries are no longer restricted to just modifying existing traffic signs as in previous work. Our attack pipeline generates adversarial samples which are robust to the environmental conditions and noisy image transformations present in the physical world. We ensure this by including a variety of possible image transformations in the optimization problem used to generate adversarial samples. We verify the robustness of the adversarial samples by printing them out and carrying out drive-by tests simulating the conditions under which image capture would occur in a real-world scenario. We experimented with physical attack samples for different distances, lighting conditions, and camera angles. In addition, extensive evaluations were carried out in the virtual setting for a variety of image transformations. The adversarial samples generated using our method have adversarial success rates in excess of 95% in the physical as well as virtual settings.
signs  road-safety  roads  traffic  self-driving-cars  cars  avs  security  machine-learning  computer-vision  ai 
10 weeks ago
Collision Course: Why This Type Of Road Junction Will Keep Killing Cyclists
This aspect of road design had never occurred to me, but once explained it makes sense. Great article on the design of an oblique crossroads junction and how it's unexpectedly dangerous due to human factors and car design.
“Human error” may be real, but so are techniques to mitigate or eliminate its effects — and driver training is poor when it comes to equipping people with those techniques, let alone habituating them. (And let alone reviewing knowledge of those techniques every few years.)
cars  cycling  road-safety  safety  accidents  traffic  junctions  road-design  design  human-error  human-factors 
10 weeks ago
« earlier      

Copy this bookmark: