-
Java 8 HotSpot feature to monitor and diagnose native memory leaks
(tags: java jvm memory native-memory malloc debugging coding nmt java-8 jcmd)
This Heroic Captain Defied His Orders and Stopped America From Starting World War III
Captain William Bassett, a USAF officer stationed at Okinawa on October 28, 1962, can now be added alongside Stanislav Petrov to the list of people who have saved the world from WWIII:
By [John] Bordne’s account, at the height of the Cuban Missile Crisis, Air Force crews on Okinawa were ordered to launch 32 missiles, each carrying a large nuclear warhead. […] The Captain told Missile Operations Center over the phone that he either needed to hear that the threat level had been raised to DEFCON 1 and that he should fire the nukes, or that he should stand down. We don’t know exactly what the Missile Operations Center told Captain Bassett, but they finally received confirmation that they should not launch their nukes. After the crisis had passed Bassett reportedly told his men: “None of us will discuss anything that happened here tonight, and I mean anything. No discussions at the barracks, in a bar, or even here at the launch site. You do not even write home about this. Am I making myself perfectly clear on this subject?”
(tags: wwiii history nukes cuban-missile-crisis 1960s usaf okinawa missiles william-bassett)
malware piggybacking on CCleaner
On September 13, 2017 while conducting customer beta testing of our new exploit detection technology, Cisco Talos identified a specific executable which was triggering our advanced malware protection systems. Upon closer inspection, the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers. Talos began initial analysis to determine what was causing this technology to flag CCleaner. We identified that even though the downloaded installation executable was signed using a valid digital signature issued to Piriform, CCleaner was not the only application that came with the download. During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner’s download server as recently as September 11, 2017.
Justin's Linklog Posts
Malicious typosquatting packages in PyPI
skcsirt-sa-20170909-pypi vulnerability announcement from SK-CSIRT:
SK-CSIRT identified malicious software libraries in the official Python package repository, PyPI, posing as well known libraries. A prominent example is a fake package urllib-1.21.1.tar.gz, based upon a well known package urllib3-1.21.1.tar.gz. Such packages may have been downloaded by unwitting developer or administrator by various means, including the popular “pip” utility (pip install urllib). There is evidence that the fake packages have indeed been downloaded and incorporated into software multiple times between June 2017 and September 2017.
London police’s use of AFR facial recognition falls flat on its face
A “top-of-the-line” automated facial recognition (AFR) system trialled for the second year in a row at London’s Notting Hill Carnival couldn’t even tell the difference between a young woman and a balding man, according to a rights group worker invited to view it in action. Because yes, of course they did it again: London’s Met police used controversial, inaccurate, largely unregulated automated facial recognition (AFR) technology to spot troublemakers. And once again, it did more harm than good. Last year, it proved useless. This year, it proved worse than useless: it blew up in their faces, with 35 false matches and one wrongful arrest of somebody erroneously tagged as being wanted on a warrant for a rioting offense. […] During a recent, scathing US House oversight committee hearing on the FBI’s use of the technology, it emerged that 80% of the people in the FBI database don’t have any sort of arrest record. Yet the system’s recognition algorithm inaccurately identifies them during criminal searches 15% of the time, with black women most often being misidentified.
(tags: face-recognition afr london notting-hill-carnival police liberty met-police privacy data-privacy algorithms)
Universal adversarial perturbations
in today’s paper Moosavi-Dezfooli et al., show us how to create a _single_ perturbation that causes the vast majority of input images to be misclassified.
(tags: adversarial-classification spam image-recognition ml machine-learning dnns neural-networks images classification perturbation papers)
“Use trees. Not too deep. Mostly ensembles.”
snarky summary of ‘Data-driven Advice for Applying Machine Learning to Bioinformatics Problems’, a recent analysis paper of ML algorithms
(tags: algorithms machine-learning bioinformatics funny advice classification)
“You Can’t Stay Here: The Efficacy of Reddit’s 2015 Ban Examined Through Hate Speech”
In 2015, Reddit closed several subreddits—foremost among them r/fatpeoplehate and r/CoonTown—due to violations of Reddit’s anti-harassment policy. However, the effectiveness of banning as a moderation approach remains unclear: banning might diminish hateful behavior, or it may relocate such behavior to different parts of the site. We study the ban of r/fatpeoplehate and r/CoonTown in terms of its effect on both participating users and affected subreddits. Working from over 100M Reddit posts and comments, we generate hate speech lexicons to examine variations in hate speech usage via causal inference methods. We find that the ban worked for Reddit. More accounts than expected discontinued using the site; those that stayed drastically decreased their hate speech usage—by at least 80%. Though many subreddits saw an influx of r/fatpeoplehate and r/CoonTown “migrants,” those subreddits saw no significant changes in hate speech usage. In other words, other subreddits did not inherit the problem. We conclude by reflecting on the apparent success of the ban, discussing implications for online moderation, Reddit and internet communities more broadly.
(Via Anil Dash)(tags: abuse reddit research hate-speech community moderation racism internet)
The Immortal Myths About Online Abuse – Humane Tech – Medium
After building online communities for two decades, we’ve learned how to fight abuse. It’s a solvable problem. We just have to stop repeating the same myths as excuses not to fix things.
Here are the 8 myths Anil Dash picks out: 1. False: You can’t fix abusive behavior online. 2. False: Fighting abuse hurts free speech! 3. False: Software can detect abuse using simple rules. 4. False: Most people say “abuse” when they just mean criticism. 5. False: We just need everybody to use their “real” name. 6. False: Just charge a dollar to comment and that’ll fix things. 7. False: You can call the cops! If it’s not illegal, it’s not harmful. 8. False: Abuse can be fixed without dedicated resources.(tags: abuse comments community harassment racism reddit anil-dash free-speech)
-
Simon McGarr and John Looney’s slides from their SRECon ’17 presentation
(tags: simon-mcgarr data-privacy privacy data-protection gdpr slides presentations)
The React license for founders and CTOs – James Ide – Medium
Decent explanation of _why_ Facebook came up with the BSD+Patents license: “Facebook’s patent grant is about sharing its code while preserving its ability to defend itself against patent lawsuits.”
The difficulty of open sourcing code at Facebook, including React in 2013, was one of the reasons the company’s open-source contributions used to be a fraction of what they are today. It didn’t use to have a strong reputation as an open-source contributor to front-end technologies. Facebook wanted to open source code, though; when it grew communities for projects like React, core contributors emerged to help out and interview candidates often cited React and other Facebook open source as one of the reasons they were interested in applying. People at Facebook wanted to make it easier to open source code and not worry as much about patents. Facebook’s solution was the Facebook BSD+Patents license.
(tags: facebook bsd licenses licensing asf patents swpats react license software-patents open-source rocksdb)
HN thread on the new Network Load Balancer AWS product
looks like @colmmacc works on it. Lots and lots of good details here
(tags: nlb aws load-balancing ops architecture lbs tcp ip)
Java Flame Graphs Introduction: Fire For Everyone!
lots of good detail on flame graph usage in Java, and the Honest Profiler (honest because it’s safepoint-free)
(tags: profiling java safepoints jvm flame-graphs perf measurement benchmarking testing)
Teaching Students to Code – What Works
Lynn Langit describing her work as part of Microsoft Digigirlz and TKP to teach thousands of kids worldwide to code. Describes a curriculum from “K” (4-6-year olds) learning computational thinking with a block-based programming environment like Scratch, up to University level, solving problems with public clouds like AWS’ free tier.
(tags: education learning coding teaching tkp lynn-langit scratch kids)
So much for that Voynich manuscript “solution”
boo.
The idea that the book is a medical treatise on women’s health, however, might turn out to be correct. But that wasn’t Gibbs’ discovery. Many scholars and amateur sleuths had already reached that conclusion, using the same evidence that Gibbs did. Essentially, Gibbs rolled together a bunch of already-existing scholarship and did a highly speculative translation, without even consulting the librarians at the institute where the book resides. Gibbs said in the TLS article that he did his research for an unnamed “television network.” Given that Gibbs’ main claim to fame before this article was a series of books about how to write and sell television screenplays, it seems that his goal in this research was probably to sell a television screenplay of his own. In 2015, Gibbs did an interview where he said that in five years, “I would like to think I could have a returnable series up and running.” Considering the dubious accuracy of many History Channel “documentaries,” he might just get his wish.
(tags: crypto history voynich-manuscript historians tls)
How to Optimize Garbage Collection in Go
In this post, we’ll share a few powerful optimizations that mitigate many of the performance problems common to Go’s garbage collection (we will cover “fun with deadlocks” in a follow-up). In particular, we’ll share how embedding structs, using sync.Pool, and reusing backing arrays can minimize memory allocations and reduce garbage collection overhead.
Firms involved in biometric database in India contracted by Irish government
Two tech firms – one owned by businessman Dermot Desmond – involved in the creation of a controversial biometric database in India, are providing services for the Government’s public services card and passports. Known as the Aadhaar project, the Indian scheme is the world’s largest ever biometric database involving 1.2 billion citizens. Initially voluntary, it became mandatory for obtaining state services, for paying taxes and for opening a bank account. […] Dermot Casey, a former chief technology officer of Storyful, said that if the Daon system was used to store the data and carry out the facial matching then the Government “appears to have purchased a biometric database system which can be extended to include voice, fingerprint and iris identification at a moment’s notice”. Katherine O’Keefe, a data protection consultant with Castlebridge, said if the departments were using images of people’s faces to single out or identify an individual, they were “by legal definition processing biometric data”.
(tags: biometrics databases aadhar id-cards ireland psc daon morpho)
-
racist tries to make a “Blue Lives Matter” tee shirt as gaeilge, accidentally writes “Black Lives Matter” instead. perfect
(tags: racists duh stupid translation fail daoine-gorme irish blm cops funny)
New Network Load Balancer – Effortless Scaling to Millions of Requests per Second | AWS Blog
Looks like the EC2 Networking team got their way and got to rewrite LBs in AWS
(tags: load-balancing aws elb alb nlb networking ec2 ops architecture)
The solution to the Voynich manuscript
To those who have studied medieval medicine, and possess a good knowledge of its origins, the classical physicians Galen (AD 129–210), Hippocrates (460–370 BC) and Soranus (AD 98–138) among them, the Voynich manuscript’s incorporation of an illustrated herbarium (collection of plant remedies), Zodiac charts, instructions on thermae (baths) and a diagram showing the influence of the Pleiades side by side will not be surprising. They are all in tune with contemporary medical treatises, part and parcel of the medieval world of health and healing. Bathing as a remedy is a time-honoured tradition: practised by the Greeks and the Romans, advocated by the classical physicians, and sustained during the Middle Ages. The central theme of the Voynich manuscript is just such an activity, and one of its chief characteristics is the presence of naked female figures immersed in some concoction or other. Classical and medieval medicine had separate divisions devoted to the complaints and diseases of women, mostly but not exclusively in the area of gynaecology, and covered other topics such as hygiene, food, purgatives, bloodletting, fumigations, tonics, tinctures and even cosmetics and perfumes: all involved “taking the waters”, by bathing or ingesting.
(tags: history voynich-manuscript codes medieval-medicine thermae herbaria)
-
You do not need to be a Stanford student or faculty or staff member to access the vast treasures of the Rumsey Map collection, nor do you need to visit the university or its new Center. Since 1996, the Rumsey collection’s online database has been open to all, currently offering anyone with an internet connection access to 67,000 maps from all over the globe, spanning five centuries of cartography.
(via Oisin)(tags: via:oisin maps art graphics open-access mapping history david-rumsey collections)
-
TJ McIntyre nails the problem here:
‘Mandatory but not compulsory”. This ill-judged hair-splitting seems likely to stick to Social Protection Minister Regina Doherty in the same way that “an Irish solution to an Irish problem” and “on mature recollection” did to politicians before her. The minister used that phrase to defend against the criticism that the public services card (PSC) is being rolled out as a national ID card by stealth, without any clear legal basis or public debate. She went on to say that the PSC is not compulsory as “nobody will drag you kicking and screaming to have a card”. This is correct, but irrelevant. The Government’s strategy is one of making the PSC effectively rather than legally compulsory – by cutting off benefits such as pensions and refusing driving licences and passports unless a person registers. Whether or not the PSC is required by law is immaterial if you cannot function in society without it.
(tags: psc id-cards ireland social-welfare id privacy data-protection)
The data for the Irish theory driving test is stored in the US
Prometric is the company which adminsters the test and they appear to store it on US-based servers
(tags: prometric data privacy data-protection driving-test ireland theory-test)
-
‘It is our intention to open source all of Basho’s products and all of the source code that they have been working on. We’ll do this as quickly as we are able to organise it, and we would appreciate some input from the community on how you would like this done.’
Britta Blvd – The Marauders’ Map
lovely bit of papercraft
(tags: harry-potter papercraft origami kids)
How to Easily Unsubscribe from Bulk Emails in Gmail – Unroll.me Alternative
nice Google Script which runs in the background and scrapes out unsubscribe links. I’m drowning in single-opt-in mainsleaze newsletters at this stage so this is very welcome
(tags: mainsleaze unsubscribe spam gmail google email one-bite-of-the-apple)
-
Log analyser and visualiser for the HotSpot JIT compiler. Inspect inlining decisions, hot methods, bytecode, and assembly. View results in the JavaFX user interface.
(tags: analysis java jvm performance tools debugging optimization jit)
-
‘Reviews of U2F [Universal Second Factor] devices’ — ie. Yubico keys et al.
(tags: u2f totp oath otp one-time-passwords authentication devices gadgets security 2fa)
-
good set of tourist tips for a foodie Dublin weekender
(tags: dublin tourism food eating dining restaurants tips weekend)
Linux Load Averages: Solving the Mystery
Nice bit of OS archaeology by Brendan Gregg.
In 1993, a Linux engineer found a nonintuitive case with load averages, and with a three-line patch changed them forever from “CPU load averages” to what one might call “system load averages.” His change included tasks in the uninterruptible state, so that load averages reflected demand for disk resources and not just CPUs. These system load averages count the number of threads working and waiting to work, and are summarized as a triplet of exponentially-damped moving sum averages that use 1, 5, and 15 minutes as constants in an equation. This triplet of numbers lets you see if load is increasing or decreasing, and their greatest value may be for relative comparisons with themselves.
(tags: load monitoring linux unix performance ops brendan-gregg history cpu)
-
Gabriel recently bought a distillery in Barbados, where he says the majority of his team is of African descent. “The sugar industry is a painful past for them, but my understanding, from my team, is that they do see it as the past,” Gabriel explained. “There was great suffering, but their take is like, ‘We built this island.’ They are reclaiming it, and we are seeing that in efforts to preserve farming land and not let it all go to tourism.” I rather liked this narrative, or at least the potential of it. Slavery was appalling across the board, but countries and cultures throughout the African Diaspora have managed their paths forward in ways that don’t mimic the American aftermath. A plurality of narratives was possible here, which was thrilling to me. I am often disappointed by the mainstream perception of one-note blackness. One could easily argue the root of colonization is far from removed in the Caribbean. But if I understood Gabriel, and if he accurately captured the sentiments of his Barbadian colleagues, plantation sugarcane offered career opportunities to some, and was perhaps not solely a distressing connection to a shared global history. We chewed on this thought, together, in silence.
(tags: history distilling rum barbados african-diaspora slavery american-history booze language etymology)
-
‘Easy to use tool that automatically replaces some or even all on-demand AutoScaling group members with similar or larger identically configured spot instances in order to generate significant cost savings on AWS EC2, behaving much like an AutoScaling-backed spot fleet.’
(tags: asg autoscaling ec2 aws spot-fleet spot-instances cost-saving scaling)
Going Multi-Cloud with AWS and GCP: Lessons Learned at Scale
Metamarkets splits across AWS and GCP, going into heavy detail here
Cycling to work: major new study suggests health benefits are staggering
We found that cycling to work was associated with a 41% lower risk of dying overall compared to commuting by car or public transport. Cycle commuters had a 52% lower risk of dying from heart disease and a 40% lower risk of dying from cancer. They also had 46% lower risk of developing heart disease and a 45% lower risk of developing cancer at all.
(tags: cycling transport health medicine science commuting life statistics)
NASA’s Sound Suppression Water System
If you’ve ever watched a rocket launch, you’ve probably noticed the billowing clouds around the launch pad during lift-off. What you’re seeing is not actually the rocket’s exhaust but the result of a launch pad and vehicle protection system known in NASA parlance as the Sound Suppression Water System. Exhaust gases from a rocket typically exit at a pressure higher than the ambient atmosphere, which generates shock waves and lots of turbulent mixing between the exhaust and the air. Put differently, launch ignition is incredibly loud, loud enough to cause structural damage to the launchpad and, via reflection, the vehicle and its contents. To mitigate this problem, launch operators use a massive water injection system that pours about 3.5 times as much water as rocket propellant per second. This significantly reduces the noise levels on the launchpad and vehicle and also helps protect the infrastructure from heat damage.
(tags: water rockets launch nasa space sound-suppression sound science)
The White Lies of Craft Culture – Eater
Besides field laborers, [Southern US] planter and urban communities both depended on proficient carpenters, blacksmiths, gardeners, stable hands, seamstresses, and cooks; the America of the 1700s and 1800s was literally crafted by people of color. Part of this hidden history includes the revelation that six slaves were critical to the operation of George Washington’s distillery, and that the eponymous Jack Daniel learned to make whiskey from an enslaved black man named Nathan “Nearest” Green. As Clay Risen reported for the New York Times last year, contrary to the predominant narrative that views whiskey as an ever “lily-white affair,” black men were the minds and hands behind American whiskey production. “In the same way that white cookbook authors often appropriated recipes from their black cooks, white distillery owners took credit for the whiskey,” he writes. Described as “the best whiskey maker that I know of” by his master, Dan Call, Green taught young Jack Daniel how to run a whiskey still. When Daniel later opened his own distillery, he hired two of Green’s sons. The popular image of moonshine is a product of the white cultural monopoly on all things ‘country’ Over time, that legacy was forgotten, creating a gap in knowledge about American distilling traditions — while English, German, Scottish, and Irish influences exist, that combination alone cannot explain the entirely of American distilling. As bourbon historian Michael Veach suggests, slave culture pieces together an otherwise puzzling intellectual history.
(tags: history craft-beer craft-culture food drink whiskey distilling black-history jack-daniels nathan-nearest-green)
Meet the Espresso Tonic, Iced Coffee’s Bubbly New Cousin
Bit late on this one but YUM
To make the drink, Box Kite baristas simply load a glass with ice, fill it about three quarters of the way with chilled tonic, and then top it off with an espresso shot — typically from roasters like Madcap (MI) and Ritual (SF). Often, baristas pull the espresso shot directly on top of the tonic and ice mixture, forgoing the process of first pulling it into a cup and then pouring the espresso from cup to glass.
(tags: tonic-water recipes espresso coffee drinks cocktails)
-
Foursquare’s open source repo, where they extract reusable components for open sourcing — I like the approach of using a separate top level module path for OSS bits
(tags: open-source oss foursquare libraries maintainance coding git monorepos)
GTK+ switches build from Autotools to Meson
‘The main change is that now GTK+ takes about ? of the time to build compared to the Autotools build, with likely bigger wins on older/less powerful hardware; the Visual Studio support on Windows should be at least a couple of orders of magnitude easier (shout out to Fan Chun-wei for having spent so, so many hours ensuring that we could even build on Windows with Visual Studio and MSVC); and maintaining the build system should be equally easier for everyone on any platform we currently support.’ Looking at http://mesonbuild.com/ it appears to be Python-based and AL2-licensed open source. On the downside, though, the Meson file is basically a Python script, which is something I’m really not fond of :( more details at http://taint.org/2011/02/18/001527a.html .
-
good thread on fitting out a bike with crazy LED light tape; see also EL string. Apparently it’ll run off a 4.5V (3xAAA) battery pack nowadays which makes it pretty viable!
(tags: bikes cycling safety led-lights el-tape led-tape hacks via:mathowie)
-
a beautifully-glitched photo of the moon by Giacomo Carmagnola; more on his art at http://www.bleaq.com/2015/giacomo-carmagnola . (Via Archillect)
(tags: via:archillect art giacomo-carmagnola glitch-art moon glitch images)
-
From the aptly-named Aliholic.com. Thanks, Elliot — the last thing I needed was something to feed my addiction to cheap tat from China!
(tags: china aliexpress dealextreme gearbest gadgets buying tat aliholic stuff)
TIL you shouldn’t use conditioner if you get nuked
If you shower carefully with soap and shampoo, Karam says [Andrew Karam, radiation expert], the radioactive dust should wash right out. But hair conditioner has particular compounds called cationic surfactants and polymers. If radioactive particles have drifted underneath damaged scales of hair protein, these compounds can pull those scales down to create a smooth strand of hair. “That can trap particles of contamination inside of the scale,” Karam says. These conditioner compounds are also oily and have a positive charge on one end that will make them stick to negatively charged sections of a strand of hair, says Perry Romanowski, a cosmetics chemist who has developed personal hygiene formulas and now hosts “The Beauty Brains” podcast on cosmetics chemistry. “Unlike shampoo, conditioners are meant to stay behind on your hair,” Romanowski says. If the conditioner comes into contact with radioactive material, these sticky, oily compounds can gum radioactive dust into your hair, he says.
(tags: factoids conditioner surfactants nuclear-bombs fallout hair bizarre til via:boingboing)
-
During the late 1970s, [Professor Thomas J.] Allen undertook a project to determine how the distance between engineers’ offices affects the frequency of technical communication between them. The result of that research, produced what is now known as the Allen Curve, revealed that there is a strong negative correlation between physical distance and the frequency of communication between work stations. The finding also revealed the critical distance of 50 meters for weekly technical communication. With the fast advancement of internet and sharp drop of telecommunication cost, some wonder the observation of Allen Curve in today’s corporate environment. In his recently co-authored book, Allen examined this question and the same still holds true. He says[2] “For example, rather than finding that the probability of telephone communication increases with distance, as face-to-face probability decays, our data show a decay in the use of all communication media with distance (following a “near-field” rise).” [p. 58]
Apparently a few years back in Google, some staff mined the promotion data, and were able to show a Allen-like curve that proved a strong correlation between distance from Jeff Dean’s desk, and time to getting promoted.(tags: jeff-dean google history allen-curve work communication distance offices workplace teleworking remote-work)
-
Arq backup for OSX now supports B2 (as well as S3) as a storage backend. “it’s a super-cheap option ($.005/GB per month) for storing your backups.” (that is less than half the price of $0.0125/GB for S3’s Infrequent Access class)
After Charlottesville, I Asked My Dad About Selma
Dad told me that he didn’t think I was going to have to go through what he went through, but now he can see that he was wrong. “This fight is a never-ending fight,” he said. “There’s no end to it. I think after the ‘60s, the whole black revolution, Martin Luther King, H. Rap Brown, Stokely Carmichael and all the rest of the people, after that happened, people went to sleep,” he said. “They thought, ‘this is over.’”
(tags: selma charlottesville racism nazis america race history civil-rights 1960s)
Computer says no: Irish vet fails oral English test needed to stay in Australia
An Irish veterinarian with degrees in history and politics has been unable to convince a machine she can speak English well enough to stay in Australia. Louise Kennedy is a native English speaker, has excellent grammar and a broad vocabulary. She holds two university degrees – both obtained in English – and has been working in Australia as an equine vet on a skilled worker visa for the past two years. But she is now scrambling for other visa options after a computer-based English test – scored by a machine – essentially handed her a fail in terms of convincing immigration officers she can fluently speak her own language.
This is idiotic. Computer-based voice recognition is in no way reliable enough for this kind of job. It’s automated Kafkaesque bureaucracy — “computer says no”. Shame on Oz (via James Kelleher)(tags: via:etienneshrdlu kafkaesque bureaucracy computer-says-no voice-recognition australia immigration english voice testing)
-
‘By All Means, Compare These Shitheads to the Nazis’
(tags: mike-godwin nazis shitheads funny godwins-law internet)
-
produces a randomized permutation of a list, with exactly one cycle (which guarantees that we will reach every element of the list even though we’re traversing it in random order)
(tags: algorithms lists permutation random randomization cycles)
Working with multiple AWS accounts at Ticketea
AWS STS/multiple account best practice described
A general purpose counting filter
This paper introduces a new AMQ data structure, a Counting Quotient Filter, which addresses all of these shortcomings and performs extremely well in both time and space: CQF performs in-memory inserts and queries up to an order of magnitude faster than the original quotient filter structure from which it takes its inspiration, several times faster than a Bloom filter, and similarly to a cuckoo filter. The CQF structure is comparable or more space efficient than all of them too. Moreover, CQF does all of this while supporting counting, outperforming all of the other forms in both dimensions even though they do not. In short, CQF is a big deal!
(tags: cqf counting-quotient-filters data-structures via:acolyer coding approximate bloom-filters)
consistent hashing with bounded loads
‘an algorithm that combined consistent hashing with an upper limit on any one server’s load, relative to the average load of the whole pool.’ Lovely blog post from Vimeo’s eng blog on a new variation on consistent hashing — incorporating a concept of overload-avoidance — and adding it to HAProxy and using it in production in Vimeo. All sounds pretty nifty! (via Toby DiPasquale)
(tags: via:codeslinger algorithms networking performance haproxy consistent-hashing load-balancing lbs vimeo overload load)
AWS Lambda Deployment using Terraform – Build ACL – Medium
Fairly persuasive that production usage of Lambda is much easier if you go full Terraform to manage and deploy.
A complete picture of what it takes to deploy your Lambda function to production with the same diligence you apply to any other codebase using Terraform. […] There are many cases where frameworks such as SAM or Serverless are not enough. You need more than that for a highly integrated Lambda function. In such cases, it’s easier to simply use Terraform.
(tags: infrastructure aws lambda serverless ops terraform sam)
GitHub – jorgebastida/awslogs: AWS CloudWatch logs for Humans™
This feature alone is a bit of a killer app:
$ awslogs get /var/log/syslog ip-10-1.* –start=’2h ago’ | grep ERROR
Nice.
-
a high-performance multiple regex matching library. It follows the regular expression syntax of the commonly-used libpcre library, yet functions as a standalone library with its own API written in C. Hyperscan uses hybrid automata techniques to allow simultaneous matching of large numbers (up to tens of thousands) of regular expressions, as well as matching of regular expressions across streams of data. Hyperscan is typically used in a DPI library stack. Hyperscan began in 2008, and evolved from a commercial closed-source product 2009-2015. First developed at Sensory Networks Incorporated, and later acquired and released as open source software by Intel in October 2015. Hyperscan is under a 3-clause BSD license. We welcome outside contributors.
This is really impressive — state of the art in parallel regexp matching has improved quite a lot since I was last looking at it. (via Tony Finch)(tags: via:fanf regexps regular-expressions text matching pattern-matching intel open-source bsd c dpi scanning sensory-networks)
Beard vs Taleb: Scientism and the Nature of Historical Inquiry
The most interesting aspect of this Twitter war is that it is representative of a malaise that has stricken a good chunk of academics (mostly scientists, with a peppering of philosophers) and an increasing portion of the general public: scientism. I have co-edited an entire book, due out soon, on the topic, which features authors who are pro, con, and somewhere in the middle. Scientism is defined as the belief that the assumptions, methods of research, etc., of the natural sciences are the only ways to gather valuable knowledge or to answer meaningful questions. Everything else, to paraphrase Taleb, is bullshit. Does Taleb engage in scientism? Indubitably. I have already mentioned above his generalization from what one particular historian (Beard) said to “historians” tout court. But there is more, from his Twitter feed: “there is this absence of intellectual rigor in humanities.” “Are historians idiots? Let’s be polite and say that they are in the majority no rocket scientists and operate under a structural bias. It looks like an empirically rigorous view of historiography is missing.”
(tags: history science scientism nassim-taleb argument debate proof romans britain mary-beard)
-
A workplace-discrimination lawyer writes:
Stray remarks are not enough. But a widespread workplace discussion of whether women engineers are biologically capable of performing at the same level as their male counterparts could suffice to create a hostile work environment. As another example, envision the racial hostility of a workplace where employees, as Google put it, “feel safe” to espouse their “alternative view” that their African-American colleagues are not well-represented in management positions because they are not genetically predisposed for leadership roles. In short, a workplace where people “feel safe sharing opinions” based on gender (or racial, ethnic or religious) stereotypes may become so offensive that it legally amounts to actionable discrimination.
(tags: employment sexism workplace discrimination racism misogyny women beliefs)
a list of all the nuclear war scenarios stored in the W.O.P.R. computer
For fans of the movie WARGAMES: a list of all the nuclear war scenarios stored in the W.O.P.R. computer. (self.movies)
(via burritojustice)(tags: via:burritojustice wargames movies wopr global-thermonuclear-war wwiii)
Nextflow – A DSL for parallel and scalable computational pipelines
Data-driven computational pipelines Nextflow enables scalable and reproducible scientific workflows using software containers. It allows the adaptation of pipelines written in the most common scripting languages. Its fluent DSL simplifies the implementation and the deployment of complex parallel and reactive workflows on clouds and clusters.
GPLv3 licensed, open source(tags: computation workflows pipelines batch docker ops open-source)
BinaryAlert: Serverless, Real-time & Retroactive Malware Detection
This is a serverless stack built on AWS, deployed with Terraform. Not sure what to think about this — it still makes me shudder a little
(tags: aws serverless lambda airbnb malware yara binaryalert architecture)
-
The node.js packaging system is being exploited by bad guys to steal auth tokens at build time. This is the best advice they can come up with:
Always check the name of packages you’re installing. You can look at the downloads number: if a package is popular but the downloads number is low, something is wrong.
:facepalm: What a mess. Security needs to become a priority….(tags: javascript security npm node packaging packages fail)
-
“’Just culture’ as a term emerged from air traffic control in the late 1990s, as concern was mounting that air traffic controllers were unfairly cited or prosecuted for incidents that happened to them while they were on the job,” Sidney Dekker, a professor, writer, and director of the Safety Science Innovation Lab at Griffith University in Australia, explains to Quartz in an email. Eurocontrol, the intergovernmental organization that focuses on the safety of airspace across Europe, has “adopted a harmonized ‘just culture’ that it encourages all member countries and others to apply to their air traffic control organizations.” […] One tragic example of what can happen when companies don’t create a culture where employees feel empowered to raise questions or admit mistakes came to light in 2014, when an investigation into a faulty ignition switch that caused more than 100 deaths at GM Motors revealed a toxic culture of denying errors and deflecting blame within the firm. The problem was later attributed to one engineer who had not disclosed an obvious issue with the flawed switch, but many employees spoke of extreme pressure to put costs and delivery times before all other considerations, and to hide large and small concerns.
(via JG)(tags: just-culture atc air-traffic-control management post-mortems outages reliability air-canada disasters accidents learning psychological-safety work)
Dark forces, Brexit and Irexit
The EU have made it clear, as they have to, that there will be no frictionless borders between the union and the UK. Brexit will be dislocative. As smaller irish companies start to go to the wall post Brexit expect the calls for “something to be done” to start to include Irexit [an Irish exit from the EU a la Brexit]. But this way madness lies. […] we export more in education services than in beverages ; we exportthree times or more manufactured goods than food; we export six times more in chemicals and related; value added by industry or by distribution and transport is more than 10 times that of agriculture. Seeking Irexit on the basis that it would be good for agribusiness is seeking to amputate a hand for a broken finger.
(tags: agribusiness ireland irexit brexit economics eu politics)
APOLLO 13 EARTH ORBITAL CHART | Artsy
Some nice catalogue details around this Apollo 13 AEO:
Apollo Earth Orbit Chart (AEO), Apollo Mission 13 for April 1970 Launch Date. March 3, 1970. Color Earth map, first edition. 13 by 42 inches. From the Catalogue: SIGNED and INSCRIBED: “JAMES LOVELL, Apollo 13 CDR and FRED HAISE, Apollo 13 LMP.” Additionally INSCRIBED by HAISE with mission events: “Launch at 2:13 pm EST, April 11, 1970” and “Splash – April 17, 1970.” He has marked the splashdown area with an “X.” Circular plots in black represent the ground station communication coverage areas with the red circle being the tracking ship Vanguard in the Atlantic Ocean. Orbital paths show the full launch range azimuths of 72 to 108 degrees. The first orbit is plotted in light blue with the second orbit in dark blue. The planned TLI (TransLunar Injection) burn occurred on time during the mission and is plotted with a red dashed line. The point above the Earth as Apollo 13 headed toward the Moon is shown with a brown line and continues for 24 hours of mission elapsed time. This line moves over the Pacific Ocean and into the continental United States. Then it moves backwards (relative to the Earth’s rotation) over the Pacific Ocean and ends near the west coast of Africa. The Service Module explosion occurred some 32 hours after end point of the TLI brown line tracking plot.
(tags: aeo apollo history spaceflight collectibles antiques james-lovell fred-haise 1970 apollo-13 charts)
-
“pipelint.sh” — command line Jenkins pipeline linting
Rule that patients must finish antibiotics course is wrong, study says
Patients have traditionally been told that they must complete courses of antibiotics, the theory being that taking too few tablets will allow the bacteria causing their disease to mutate and become resistant to the drug. But Martin Llewelyn, a professor in infectious diseases at Brighton and Sussex medical school, and colleagues claim that this is not the case. In an analysis in the British Medical Journal, the experts say “the idea that stopping antibiotic treatment early encourages antibiotic resistance is not supported by evidence, while taking antibiotics for longer than necessary increases the risk of resistance”.
(tags: health medicine antibiotics bmj bacteria)
Repair a Road or Footpath – Dublin City Council
how to report a pothole or other problem with a road or cycle path online. Keeping for future use
How the coffee-machine took down a factories control room : talesfromtechsupport
A coffee machine was plugged into both a secure network and also connected to the main wifi network, and became a vector for malware to take down the factory’s control room. Security is hard
(tags: coffee-machines fail security networking wifi)
Ireland’s staggering hypocrisy on climate change | Environment | The Guardian
The national climate policy is a greenwash – the country is certain to miss its 2020 emissions target and still handing out drilling licences
(tags: guardian green greenwashing ireland politics energy future climate-change nmp oil fossil-fuels)
EBS gp2 I/O BurstBalance exhaustion
when EBS volumes in EC2 exhaust their “burst” allocation, things go awry very quickly
(tags: performance aws ebs ec2 burst-balance ops debugging)
Breaking open the MtGox case, part 1
Earlier today news broke of an arrest in Greece of a Russian national suspected of running a large-scale money laundering operation focused on Bitcoin. The man has since been publicly identified as Alexander Vinnik, 38, and over $4 billion USD is said to have been trafficked through the operation since 2011. We won’t beat around the bush with it: Vinnik is [WizSec’s] chief suspect for involvement in the MtGox theft (or the laundering of the proceeds thereof).
The 38 Essential Dublin Restaurants
Irish Times resto reviewer @catherineeats with her 38 top recommendations for Dublin. a solid list
Kubernetes Best Practices // Speaker Deck
A lot of these are general Docker/containerisation best practices, too. (via Devops Weekly)
(tags: k8s kubernetes devops ops containers docker best-practices tips packaging)
terrible review for Solidity as a programming environment in HN
“Solidity/EVM is by far the worst programming environment I have ever encountered. It would be impossible to write even toy programs correctly in this language, yet it is literally called “Solidity” and used to program a financial system that manages hundreds of millions of dollars.”
Via Tony Finch(tags: blockchain ethereum programming coding via:fanf funny fail floating-point money json languages bugs reliability)
“This War of Mine” review by survivor of the siege of Sarajevo
‘Big Kudos to designers of this game. I can’t imagine how much research it was for them to make this. It is as if they were in Sarajevo during whole Siege of Sarajevo, and they weren’t doing anything else but taking notes. Will you like this game? Well, I do not know. If you want to know how a siege works, then YES. If you want to play great game with theme that is a bit dark, YES. If you want to play amazingly heavy solo or coop game, YES. But, also, I can see why someone would never play this game. My board game collection, before This war of mine, was just “The wall of fun”, and now, amongst other boxes, there is this one that is also fun, but different than any other. This is one really unique game.’
(tags: reviews siege sarajevo history war boardgames this-war-of-mine heavy)
Decoding the Enigma with Recurrent Neural Networks
I am blown away by this — given that Recurrent Neural Networks are Turing-complete, they can actually automate cryptanalysis given sufficient resources, at least to the degree of simulating the internal workings of the Enigma algorithm given plaintext, ciphertext and key:
The model needed to be very large to capture all the Enigma’s transformations. I had success with a single-celled LSTM model with 3000 hidden units. Training involved about a million steps of batched gradient descent: after a few days on a k40 GPU, I was getting 96-97% accuracy!
(tags: machine-learning deep-learning rnns enigma crypto cryptanalysis turing history gpus gradient-descent)
-
Amazon Web Services Elastic Compute Cloud (EC2) Rescue for Linux is a python-based tool that allows for the automatic diagnosis of common problems found on EC2 Linux instances.
Most of the modules appear to be log-greppers looking for common kernel issues.
SECURITY ALERT – Critical bug in Parity’s MultiSig-Wallet
‘Together, we were able to determine that malicious actors had exploited a flaw in the Parity Multisig code, which allowed a known party to steal over 153,000 ETH from several projects including Edgeless Casino, Aeternity, and Swarm City.’ by leaving “internal” (a visibility restricting keyword) off of the wallet contract, it was possible for attackers to steal millions from a “secure” multi-sig wallet in Ethereum: https://press.swarm.city/parity-multisig-wallet-exploit-hits-swarm-city-funds-statement-by-the-swarm-city-core-team-d1f3929b4e4e https://twitter.com/ncweaver/status/887821804038873088 : ‘Time from “OMFG there is a bug” to “geez, someone steal $16M”? 2 hours. Gotta love JavaScript FunBukx, err Ethereum’
timeX.google.com provide non standard time · Issue #437 · systemd/systemd
Google ask systemd not to use timeX.google.com due to nonstandard ticking behaviour; systemd dev tells them to FO. lovely
-
‘AP Placement – A Job For the Work Experience Kid? | Scott Stapleton | WLPC EU Budapest 2016’
Xiaomi Mi robot vacuum cleaner
sounds like a decent enough vac at a low price point, word of mouth is good
Amazon Global Product Price Check
price compare across global Amazon sites, by ASIN. there are some major differences
(tags: prices amazon via:its price-check comparison shopping eu uk asin)
[LEGAL-303] ASF, RocksDB, and Facebook’s BSD+patent grant licensing
Facebook’s licensing includes a “nuclear option” if a user acts in a way interpreted by Facebook as competing with them; the ASF has marked the license as “Category-X”, and may not be included in Apache projects as a result. Looks like RocksDB are going to relicense as dual GPLv2/ASL2 to clear this up, but React.js has not shown any plans to do so yet
(tags: react rocksdb licensing asl2 apache asf facebook open-source patents)
Will the last person at Basho please turn out the lights? • The Register
Basho, once a rising star of the NoSQL database world, has faded away to almost nothing […] According to sources, the company, which developed the Riak distributed database, has been shedding engineers for months, and is now operating as a shadow of its former self, as at least one buy-out has fallen through.
Developer Experience Lessons Operating a Serverless-like Platform at Netflix
Very interesting writeup on how Netflix are finding operating a serverless scripting system; they offer scriptability in their backend and it’s used heavily by devs to provide features. Lots of having to reinvent the wheel on packaging, deployment, versioning, and test/staging infrastructure
(tags: serverless dependencies packaging deployment versioning devex netflix developer-experience dev testing staging scripting)
OVH suffer 24-hour outage (The Register)
Choice quotes: ‘At 6:48pm, Thursday, June 29, in Room 3 of the P19 datacenter, due to a crack on a soft plastic pipe in our water-cooling system, a coolant leak causes fluid to enter the system’; ‘This process had been tested in principle but not at a 50,000-website scale’
(tags: postmortems ovh outages liquid-cooling datacenters dr disaster-recovery ops)
-
“With a sufficient number of users of an API, it doesn’t matter what you promised in the contract, all observable behaviours of your interface will be depended upon by somebody.”
(tags: laws funny apis reliability hyrum-wright hyrums-law compatibilty interfaces)
-
good tip for “aws s3 sync” performance
Novartis CAR-T immunotherapy strongly endorsed by FDA advisory panel
This is very exciting stuff, cytokine release syndrome risks notwithstanding.
The new treatment is known as CAR-T cell immunotherapy. It works by removing key immune system cells known as T cells from the patient so scientists can genetically modify them to seek out and attack only cancer cells. That’s why some scientists refer to this as a “living drug.” Doctors then infuse millions of the genetically modified T cells back into the patient’s body so they can try to obliterate the cancer cells and hopefully leave healthy tissue unscathed. “It’s truly a paradigm shift,” said Dr. David Lebwohl, who heads the CAR-T Franchise Global Program at the drug company Novartis, which is seeking the FDA’s approval for the treatment. “It represents a new hope for patients.” The drug endorsed by the advisory panel is known as CTL019 or tisagenlecleucel. It was developed to treat children and young adults ages 3 to 25 who have relapsed after undergoing standard treatment for B cell acute lymphoblastic leukemia, which is the most common childhood cancer in the United States. While this blood cell cancer can be highly curable, some patients fail to respond to standard treatments; and a significant proportion of patients experience relapses that don’t respond to follow-up therapies. “There is a major unmet medical need for treatment options” for these patients, Dr. Stephen Hunger, who helped study at the Children’s Hospital of Philadelphia, told the committee. In the main study that the company submitted as evidence in seeking FDA approval, doctors at 25 sites in 11 countries administered the treatment to 88 patients. The patients, ages 3 to 23, had failed standard treatment or experienced relapses and failed to respond to follow-up standard treatment. CTL019 produced remissions in 83 percent of patients, the company told the committee.
(tags: car-t immunotherapy cancer novartis trials fda drugs t-cells immune-system medicine leukemia ctl019)
Chris’s Wiki :: blog/sysadmin/UnderstandingIODNSIssue
On the ns-a1.io security screwup for the .io CCTLD:
Using data from glue records instead of looking things up yourself is common but not mandatory, and there are various reasons why a resolver would not do so. Some recursive DNS servers will deliberately try to check glue record information as a security measure; for example, Unbound has the harden-referral-path option (via Tony Finch). Since the original article reported seeing real .io DNS queries being directed to Bryant’s DNS server, we know that a decent number of clients were not using the root zone glue records. Probably a lot more clients were still using the glue records, through.
(via Tony Finch)(tags: via:fanf dns security dot-io cctlds glue-records delegation)
-
‘A Java Virtual Machine written in 100% JavaScript.’ Wrapping outbound TCP traffic in websockets, mad stuff
(tags: jvm java javascript js hacks browser emulation websockets)
One Man’s Plan to Make Sure Gene Editing Doesn’t Go Haywire – The Atlantic
Open science – radical transparency where gene-editing and CRISPR is involved. Sounds great.
“For gene drive, the closed-door model is morally unacceptable. You don’t have the right to go into your lab and build something that is ineluctably designed to affect entire ecosystems. If it escapes into the wild, it would be expected to spread and affect people’s lives in unknown ways. Doing that in secret denies people a voice.”
Also this is a little scary:in 2015, he was shocked to read a paper, due to be published in … Science, in which Californian researchers had inadvertently created a gene drive in fruit flies, without knowing what gene drives are. They developed it as a research tool for spreading a trait among lab populations, and had no ambitions to alter wild animals. And yet, if any of their insects had escaped, that’s what would have happened.
(tags: science openness open-source visibility transparency crispr gene-editing mice nantucket gene-drive)
AI Movie Posters – mickstorm.com
Neural-network generative movie posters. “What would you do to gave you?”
(tags: fun generators neural-networks funny movies posters)
Scheduled Tasks (cron) – Amazon EC2 Container Service
ECS now does cron jobs. But where does AWS Batch fit in? confusing
(tags: aws batch ecs cron scheduling recurrence ops)
-
Eater.com posts comically misinformed video about some kind of imaginary brit comfort food. John Gallagher’s response thread is a virtuoso performance
(tags: mince-on-toast disgusting food funny wtf twitter)
Here’s every total solar eclipse happening in your lifetime
Excellent infographic (sadly, none in Ireland for the rest of my lifetime)
(tags: eclipse space maps science infographic solar-eclipse sun)
When Will Climate Change Make the Earth Too Hot For Humans?
The Earth has experienced five mass extinctions before the one we are living through now, each so complete a slate-wiping of the evolutionary record it functioned as a resetting of the planetary clock, and many climate scientists will tell you they are the best analog for the ecological future we are diving headlong into. Unless you are a teenager, you probably read in your high-school textbooks that these extinctions were the result of asteroids. In fact, all but the one that killed the dinosaurs were caused by climate change produced by greenhouse gas. The most notorious was 252 million years ago; it began when carbon warmed the planet by five degrees, accelerated when that warming triggered the release of methane in the Arctic, and ended with 97 percent of all life on Earth dead. We are currently adding carbon to the atmosphere at a considerably faster rate; by most estimates, at least ten times faster.
(tags: climate future grim climate-change extinction earth carbon anthropocene)
Burning Fossil Fuels Almost Ended All Life on Earth – The Atlantic
“what I like to talk about is ‘the Great Weirding’ and not just the Great Dying because the Great Dying seems to have been a relatively quick event at the very end. But if you just talk about the Great Dying you’re missing all of this other crazy stuff that led up to it,” he said. “The Earth was getting really weird in the Permian. So we’re getting these huge lakes with these negative pHs, which is really weird, we don’t know why that happened. Another thing is that the whole world turned red. Everything got red. You walk around today and you’re like, ‘Hey, there’s a red bed, I bet it’s Permian or Triassic.’ The planet started looking like Mars. So that’s really weird. We don’t know why it turned red. Then you have a supercontinent, which is weird in the first place. Plate tectonics has to be acting strangely when you have all the continents together. Eventually it rifts apart and we go back into normal plate tectonics mode, but during the Permian-Triassic everything’s jammed together. So there has to be something strange going on. And then at the end, the Earth opens up and there’s all these volcanoes. But we’re not talking about normal volcanoes, we’re talking about weird volcanoes.”
(tags: extinction history geology permian-era earth climate-change carbon-dioxide scary pangaea)
EU Prepares “Right to Repair” Legislation to Fight Short Product Lifespans
I 100% support this
(tags: right-to-repair repair eu law hacking planned-obsolescence hardware consumer)
Everybody lies: how Google search reveals our darkest secrets | Technology | The Guardian
What can we learn about ourselves from the things we ask online? US data scientist Seth Stephens?Davidowitz analysed anonymous Google search results, uncovering disturbing truths about [America’s] desires, beliefs and prejudices
Fascinating. I find it equally interesting how flawed the existing methodologies for polling and surveying are, compared to Google’s data, according to this(tags: science big-data google lying surveys polling secrets data-science america racism searching)
mozilla/sops: Secrets management stinks, use some sops!
sops is an editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP.
(tags: secrets encryption security kms pgp gpg editors configuration)
-
Some decent benchmark data on SQS:
We were looking at four values in the tests: total number of messages sent per second (by all nodes) total number of messages received per second 95th percentile of message send latency (how fast a message send call completes) 95th percentile of message processing latency (how long it takes between sending and receiving a message)
(tags: sqs benchmarking measurement aws latency)
The Guardian view on patient data: we need a better approach | Editorial | Opinion | The Guardian
The use of privacy law to curb the tech giants in this instance, or of competition law in the case of the EU’s dispute with Google, both feel slightly maladapted. They do not address the real worry. It is not enough to say that the algorithms DeepMind develops will benefit patients and save lives. What matters is that they will belong to a private monopoly which developed them using public resources. If software promises to save lives on the scale that drugs now can, big data may be expected to behave as big pharma has done. We are still at the beginning of this revolution and small choices now may turn out to have gigantic consequences later. A long struggle will be needed to avoid a future of digital feudalism. Dame Elizabeth’s report is a welcome start.
Hear hear.(tags: privacy law uk nhs data google deepmind healthcare tech open-source)
Why People With Brain Implants Are Afraid to Go Through Automatic Doors
In 2009, Gary Olhoeft walked into a Best Buy to buy some DVDs. He walked out with his whole body twitching and convulsing. Olhoeft has a brain implant, tiny bits of microelectronic circuitry that deliver electrical impulses to his motor cortex in order to control the debilitating tremors he suffers as a symptom of Parkinson’s disease. It had been working fine. So, what happened when he passed through those double wide doors into consumer electronics paradise? He thinks the theft-prevention system interfered with his implant and turned it off. Olhoeft’s experience isn’t unique. According to the Food and Drug Administration’s MAUDE database of medical device reports, over the past five years there have been at least 374 cases where electromagnetic interference was reportedly a factor in an injury involving medical devices including neural implants, pacemakers and insulin pumps. In those reports, people detailed experiencing problems with their devices when going through airport security, using massagers or simply being near electrical sources like microwaves, cordless drills or “church sound boards.”
(tags: internet-of-things iot best-buy implants parkinsons-disease emi healthcare devices interference)
-
This is an extremely detailed post on the state of dynamic checkers in C/C++ (via the inimitable Marc Brooker):
Recently we’ve heard a few people imply that problems stemming from undefined behaviors (UB) in C and C++ are largely solved due to ubiquitous availability of dynamic checking tools such as ASan, UBSan, MSan, and TSan. We are here to state the obvious — that, despite the many excellent advances in tooling over the last few years, UB-related problems are far from solved — and to look at the current situation in detail.
(tags: via:marc-brooker c c++ coding testing debugging dynamic-analysis valgrind asan ubsan tsan)
Talos Intelligence review of Nyetya and the M.E.Doc compromise
Our Threat Intelligence and Interdiction team is concerned that the actor in question burned a significant capability in this attack. They have now compromised both their backdoor in the M.E.Doc software and their ability to manipulate the server configuration in the update server. In short, the actor has given up the ability to deliver arbitrary code to the 80% of UA businesses that use M.E.Doc as their accounting software, along with any multinational corporations that leveraged the software. This is a significant loss in operational capability, and the Threat Intelligence and Interdiction team assesses with moderate confidence that it is unlikely that they would have expended this capability without confidence that they now have or can easily obtain similar capability in target networks of highest priority to the threat actor.
(tags: security malware nyetya notpetya medoc talos ransomware)
Use AWS WAF to Mitigate OWASP’s Top 10 Web Application Vulnerabilities
‘describes how you can use AWS WAF, a web application firewall, to address the top application security flaws as named by the Open Web Application Security Project (OWASP). Using AWS WAF, you can write rules to match patterns of exploitation attempts in HTTP requests and block requests from reaching your web servers. This whitepaper discusses manifestations of these security vulnerabilities, AWS WAF–based mitigation strategies, and other AWS services or solutions that can help address these threats.’
-
Some Mac third party keyboards used to (or maybe still do for all I know) have a little feature where if you didn’t type anything for a while they would themselves type ‘welcome datacomp’.
(via RobS)(tags: via:rsynnott funny welcome-datacomp keyboards hardware fail ghost-typing haunted)
La història del gran tauró blanc de Tossa de Mar
Amazing pic and newspaper report regarding a great white shark which washed up on the beach at Tossa de Mar in the Costa Brava in the 1980s
(tags: tossa-de-mar costa-brava spain sharks nature great-white-shark 1980s history photos wildlife)