Skip to content

Justin's Linklog Posts

Links for 2015-09-29

Published September 29, 2015

Links for 2015-09-28

Published September 28, 2015

Links for 2015-09-24

Published September 24, 2015

  • Byteman

    a tool which simplifies tracing and testing of Java programs. Byteman allows you to insert extra Java code into your application, either as it is loaded during JVM startup or even after it has already started running. The injected code is allowed to access any of your data and call any application methods, including where they are private. You can inject code almost anywhere you want and there is no need to prepare the original source code in advance nor do you have to recompile, repackage or redeploy your application. In fact you can remove injected code and reinstall different code while the application continues to execute. The simplest use of Byteman is to install code which traces what your application is doing. This can be used for monitoring or debugging live deployments as well as for instrumenting code under test so that you can be sure it has operated correctly. By injecting code at very specific locations you can avoid the overheads which often arise when you switch on debug or product trace. Also, you decide what to trace when you run your application rather than when you write it so you don’t need 100% hindsight to be able to obtain the information you need.

    (tags: tracing java byteman injection jvm ops debugging testing)

  • Henry Robinson on testing and fault discovery in distributed systems

    ‘Let’s talk about finding bugs in distributed systems for a bit. These chaos monkey-style fault testing systems are all well and good, but by being application independent they’re a very blunt instrument. Particularly they make it hard to search the fault space for bugs in a directed manner, because they don’t ‘know’ what the system is doing. Application-aware scripting of faults in a dist. systems seems to be rarely used, but allows you to directly stress problem areas. For example, if a bug manifests itself only when one RPC returns after some timeout, hard to narrow that down with iptables manipulation. But allow a script to hook into RPC invocations (and other trace points, like DTrace’s probes), and you can script very specific faults. That way you can simulate cross-system integration failures, *and* write reproducible tests for the bugs they expose! Anyhow, I’ve been doing this in Impala, and it’s been very helpful. Haven’t seen much evidence elsewhere.’

    (tags: henry-robinson testing fault-discovery rpc dtrace tracing distributed-systems timeouts chaos-monkey impala)

  • The Best Bourbon Cocktail You’ve Never Heard Of

    The “Paper Plane”, by Sam Ross of Chicago’s “Violet Hour”: .75 oz Bourbon .75 oz Aperol .75 oz Amaro Nonino .75 oz Fresh lemon juice ice-filled shaker, shake, strain.

    (tags: bourbon drinks cocktails recipes aperol amaro-nonino lemon)

  • Seastar

    C++ high-performance app framework; ‘currently focused on high-throughput, low-latency I/O intensive applications.’ Scylla (Cassandra-compatible NoSQL store) is written in this.

    (tags: c++ opensource performance framework scylla seastar latency linux shared-nothing multicore)

Links for 2015-09-23

Published September 23, 2015

Links for 2015-09-22

Published September 22, 2015

  • Brotli: a new compression algorithm for the internet from Google

    While Zopfli is Deflate-compatible, Brotli is a whole new data format. This new format allows us to get 20–26% higher compression ratios over Zopfli. In our study ‘Comparison of Brotli, Deflate, Zopfli, LZMA, LZHAM and Bzip2 Compression Algorithms’ we show that Brotli is roughly as fast as zlib’s Deflate implementation. At the same time, it compresses slightly more densely than LZMA and bzip2 on the Canterbury corpus. The higher data density is achieved by a 2nd order context modeling, re-use of entropy codes, larger memory window of past data and joint distribution codes. Just like Zopfli, the new algorithm is named after Swiss bakery products. Brötli means ‘small bread’ in Swiss German.

    (tags: brotli zopfli deflate gzip compression algorithms swiss google)

Links for 2015-09-21

Published September 21, 2015

  • Nelson recommends Ubiquiti

    ‘The key thing about Ubiquiti gear is the high quality radios and antennas. It just seems much more reliable than most consumer WiFi gear. Their airOS firmware is good too, it’s a bit complicated to set up but very capable and flexible. And in addition to normal 802.11n or 802.11ac they also have an optional proprietary TDMA protocol called airMax that’s designed for serving several long haul links from a single basestation. They’re mostly marketing to business customers but the equipment is sold retail and well documented for ordinary nerds to figure out.’

    (tags: ubiquiti wifi wireless 802.11 via:nelson ethernet networking prosumer hardware wan)

  • httpry

    a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications.
    via Eoin Brazil

    (tags: via:eoinbrazil httpry http networking tools ops testing tcpdump tracing)

  • ustwo Reimagines the In-Car Cluster

    Designers behind the cult mobile game, Monument Valley, take on the legacy-bound in-car UI

    (tags: ux ui cars driving safety ustwo monument-valley speed)

  • Little Drummer Boy Challenge

    ‘It’s very easy: So long as you don’t hear “The Little Drummer Boy,” you’re a contender. As soon as you hear it on the radio, on TV, in a store, wherever, you’re out.’

    (tags: ldbc games funny xmas christmas music songs cheese)

Links for 2015-09-18

Published September 18, 2015

Links for 2015-09-14

Published September 14, 2015

  • Kate Heddleston: How Our Engineering Environments Are Killing Diversity

    ‘[There are] several problem areas for [diversity in] engineering environments and ways to start fixing them. The problems we face aren’t devoid of solutions; there are a lot of things that companies, teams, and individuals can do to fix problems in their work environment. For the month of March, I will be posting detailed articles about the problem areas I will cover in my talk: argument cultures, feedback, promotions, employee on-boarding, benefits, safety, engineering process, and environment adaptation.’ via Baron Schwartz.

    (tags: via:xaprb culture tech diversity sexism feminism engineering work workplaces feedback)

  • Michael Kagan | Prints

    ‘Heavily tinted blue paintings form space stations, spacesuits, and rockets just after blast. Michael Kagan paints these large-scale works to celebrate the man-made object—machinery that both protects and holds the possibility of instantly killing those that operate the equipment from the inside. To paint the large works, Kagan utilizes an impasto technique with thick strokes that are deliberate and unique, showing an aggression in his application of oil paint on linen. The New York-based artist focuses on iconic images in his practice, switching back and forth between abstract and representational styles. “The painting is finished when it can fall apart and come back together depending on how it is read and the closeness to the work,” said Kagan about his work. “Each painting is an image, a snapshot, a flash moment, a quick read that is locked into memory by the iconic silhouettes.”’ Via http://www.thisiscolossal.com/2015/08/michael-kagens-space-paintings/

    (tags: paintings prints art michael-kagan space abstract-art tobuy)

  • Dark corners of Unicode

    I’m assuming, if you are on the Internet and reading kind of a nerdy blog, that you know what Unicode is. At the very least, you have a very general understanding of it — maybe “it’s what gives us emoji”. That’s about as far as most people’s understanding extends, in my experience, even among programmers. And that’s a tragedy, because Unicode has a lot of… ah, depth to it. Not to say that Unicode is a terrible disaster — more that human language is a terrible disaster, and anything with the lofty goals of representing all of it is going to have some wrinkles. So here is a collection of curiosities I’ve encountered in dealing with Unicode that you generally only find out about through experience. Enjoy.

    (tags: unicode characters encoding emoji utf-8 utf-16 utf mysql text)

Links for 2015-09-08

Published September 8, 2015

Links for 2015-09-07

Published September 7, 2015

  • You’re probably wrong about caching

    Excellent cut-out-and-keep guide to why you should add a caching layer. I’ve been following this practice for the past few years, after I realised that #6 (recovering from a failed cache is hard) is a killer — I’ve seen a few large-scale outages where a production system had gained enough scale that it required a cache to operate, and once that cache was damaged, bringing the system back online required a painful rewarming protocol. Better to design for the non-cached case if possible.

    (tags: architecture caching coding design caches ops production scalability)

  • The Alternative Universe Of Soviet Arcade Games

    Unlike machines in the West, every single machine that was produced during Soviet-era Russia had to align with Marxist ideology. […] The most popular games were created to teach hand-eye coordination, reaction speed, and logical, focused thinking. Not unlike many American games, these games were influenced by military training, crafted to teach and instill patriotism for the state by making the human body better, stronger, and more willful. It also means no high scores, no adrenaline rushes, or self-serving feather-fluffing as you add your hard-earned initials to the list of the best. In Communist Russia, there was no overt competition.

    (tags: high-scores communism russia cccp ussr arcade-games games history)

Links for 2015-09-03

Published September 3, 2015

Links for 2015-09-02

Published September 2, 2015

Links for 2015-09-01

Published September 1, 2015

  • What Are the Worst Airports in the World?

    this is a great resource when picking a stopover for a 2-stop flight. Pity “best kids play area” isn’t a criterion

    (tags: airports comparison via:boingboing flying travel ranking world skytrax)

  • Using Samsung’s Internet-Enabled Refrigerator for Man-in-the-Middle Attacks

    Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google’s servers to download Gmail calendar information for the on-screen display. So, MITM the victim’s fridge from next door, or on the road outside and you can potentially steal their Google credentials.
    The Internet of Insecure Things strikes again.

    (tags: iot security fridges samsung fail mitm ssl tls google papers defcon)

  • Malware infecting jailbroken iPhones stole 225,000 Apple account logins | Ars Technica

    KeyRaider, as the malware family has been dubbed, is distributed through a third-party repository of Cydia, which markets itself as an alternative to Apple’s official App Store. Malicious code surreptitiously included with Cydia apps is creating problems for people in China and at least 17 other countries, including France, Russia, Japan, and the UK. Not only has it pilfered account data for 225,941 Apple accounts, it has also disabled some infected phones until users pay a ransom, and it has made unauthorized charges against some victims’ accounts.
    Ouch. Not a good sign for Cydia

    (tags: cydia apple security exploits jailbreaking ios iphone malware keyraider china)

  • GoTTY

    ‘a simple command line tool that turns your CLI tools into web applications’

    (tags: cli terminal web tools unix)

  • S3QL

    a file system that stores all its data online using storage services like Google Storage, Amazon S3, or OpenStack. S3QL effectively provides a hard disk of dynamic, infinite capacity that can be accessed from any computer with internet access running Linux, FreeBSD or OS-X. S3QL is a standard conforming, full featured UNIX file system that is conceptually indistinguishable from any local file system. Furthermore, S3QL has additional features like compression, encryption, data de-duplication, immutable trees and snapshotting which make it especially suitable for online backup and archival. S3QL is designed to favor simplicity and elegance over performance and feature-creep. Care has been taken to make the source code as readable and serviceable as possible. Solid error detection and error handling have been included from the very first line, and S3QL comes with extensive automated test cases for all its components.

    (tags: filesystems aws s3 storage unix google-storage openstack)

Links for 2015-08-31

Published August 31, 2015

Links for 2015-08-28

Published August 28, 2015

  • toxy

    toxy is a fully programmatic and hackable HTTP proxy to simulate server failure scenarios and unexpected network conditions. It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency capabilities of a system, especially in service-oriented architectures, where toxy may act as intermediate proxy among services. toxy allows you to plug in poisons, optionally filtered by rules, which essentially can intercept and alter the HTTP flow as you need, performing multiple evil actions in the middle of that process, such as limiting the bandwidth, delaying TCP packets, injecting network jitter latency or replying with a custom error or status code.

    (tags: toxy proxies proxy http mitm node.js soa network failures latency slowdown jitter bandwidth tcp)

  • Drone Oversight Is Coming to Construction Sites

    Grim Meathook Future

    (tags: grim-meathook-future drones work panopticon future sacramento building-sites)

  • grsecurity

    Open source security team has had enough of embedded-systems vendors taking the piss with licensing:

    This announcement is our public statement that we’ve had enough. Companies in the embedded industry not playing by the same rules as every other company using our software violates users’ rights, misleads users and developers, and harms our ability to continue our work. Though I’ve only gone into depth in this announcement on the latest trademark violation against us, our experience with two GPL violations over the previous year have caused an incredible amount of frustration. These concerns are echoed by the complaints of many others about the treatment of the GPL by the embedded Linux industry in particular over many years. With that in mind, today’s announcement is concerned with the future availability of our stable series of patches. We decided that it is unfair to our sponsors that the above mentioned unlawful players can get away with their activity. Therefore, two weeks from now, we will cease the public dissemination of the stable series and will make it available to sponsors only. The test series, unfit in our view for production use, will however continue to be available to the public to avoid impact to the Gentoo Hardened and Arch Linux communities. If this does not resolve the issue, despite strong indications that it will have a large impact, we may need to resort to a policy similar to Red Hat’s, described here or eventually stop the stable series entirely as it will be an unsustainable development model.

    (tags: culture gpl linux opensource security grsecurity via:nelson gentoo arch-linux gnu)

  • London Calling: Two-Factor Authentication Phishing From Iran

    some rather rudimentary anti-2FA attempts, presumably from Iranian security services

    (tags: authentication phishing security iran activism 2fa mfa)

  • Vegemite May Power The Electronics Of The Future

    Professor Marc in het Panhuis at the ARC Centre of Excellence for Electromaterials Science figured out that you can 3D print the paste and use it to carry current, effectively creating Vegemite bio-wires. What does this mean? Soon you can run electricity through your food. “The iconic Australian Vegemite is ideal for 3D printing edible electronics,” said the professor. “It contains water so it’s not a solid and can easily be extruded using a 3D printer. Also, it’s salty, so it conducts electricity.”
    I’m sure the same applies for Marmite…

    (tags: vegemite marmite 3d-printing electronics bread food silly)

  • Beoir.org Community – Recent Attack on McGargles

    bizarre conspiracy theory going around about McGargles microbrewery being owned by Molson in an “astroturf craft beer” operation — they apparently were set up by a bunch of ex-Molson employees. Their beer is getting stickered in off-licenses. Mental!

    (tags: beer craft-beer ireland mcgargles conspiracy-theories bizarre beoir)

Links for 2015-08-27

Published August 27, 2015

  • Mining High-Speed Data Streams: The Hoeffding Tree Algorithm

    This paper proposes a decision tree learner for data streams, the Hoeffding Tree algorithm, which comes with the guarantee that the learned decision tree is asymptotically nearly identical to that of a non-incremental learner using infinitely many examples. This work constitutes a significant step in developing methodology suitable for modern ‘big data’ challenges and has initiated a lot of follow-up research. The Hoeffding Tree algorithm has been covered in various textbooks and is available in several public domain tools, including the WEKA Data Mining platform.

    (tags: hoeffding-tree algorithms data-structures streaming streams cep decision-trees ml learning papers)

  • Chinese scammers are now using Stingray tech to SMS-phish

    A Stingray-style false GSM base station, hidden in a backpack; presumably they detect numbers in the vicinity, and SMS-spam those numbers with phishing messages. Reportedly the scammers used this trick in “Guangzhou, Zhuhai, Shenzhen, Changsha, Wuhan, Zhengzhou and other densely populated cities”. Dodgy machine translation:

    March 26, Zhengzhou police telecommunications fraud cases together, for the first time seized a small backpack can hide pseudo station equipment, and arrested two suspects. Yesterday, the police informed of this case, to remind the general public to pay attention to prevention. “I am the landlord, I changed number, please rent my wife hit the bank card, card number ×××, username ××.” Recently, Jiefang Road, Zhengzhou City Public Security Bureau police station received a number of cases for investigation brigade area of ??the masses police said, frequently received similar phone scam messages. Alarm, the police investigators to determine: the suspect may be in the vicinity of twenty-seven square, large-scale use of mobile pseudo-base release fraudulent information. […] Yesterday afternoon, the Jiefang Road police station, the reporter saw the portable pseudo-base is made up of two batteries, a set-top box the size of the antenna box and a chassis, as well as a pocket computer composed together at most 5 kg.
    (via t byfield and Danny O’Brien)

    (tags: via:mala via:tbyfield privacy scams phishing sms gsm stingray base-stations mobile china)

Links for 2015-08-25

Published August 25, 2015

Links for 2015-08-23

Published August 23, 2015

Links for 2015-08-22

Published August 22, 2015

Links for 2015-08-19

Published August 19, 2015

Links for 2015-08-18

Published August 18, 2015

Links for 2015-08-17

Published August 17, 2015

  • The world beyond batch: Streaming 101 – O’Reilly Media

    To summarize, in this post I’ve: Clarified terminology, specifically narrowing the definition of “streaming” to apply to execution engines only, while using more descriptive terms like unbounded data and approximate/speculative results for distinct concepts often categorized under the “streaming” umbrella. Assessed the relative capabilities of well-designed batch and streaming systems, positing that streaming is in fact a strict superset of batch, and that notions like the Lambda Architecture, which are predicated on streaming being inferior to batch, are destined for retirement as streaming systems mature. Proposed two high-level concepts necessary for streaming systems to both catch up to and ultimately surpass batch, those being correctness and tools for reasoning about time, respectively. Established the important differences between event time and processing time, characterized the difficulties those differences impose when analyzing data in the context of when they occurred, and proposed a shift in approach away from notions of completeness and toward simply adapting to changes in data over time. Looked at the major data processing approaches in common use today for bounded and unbounded data, via both batch and streaming engines, roughly categorizing the unbounded approaches into: time-agnostic, approximation, windowing by processing time, and windowing by event time.

    (tags: streaming batch big-data lambda-architecture dataflow event-processing cep millwheel data data-processing)

  • What the hell is going on with SoundCloud?

    tl;dr: major labels.

    Despite having revenue coming in from ads and subscriptions, SoundCloud still relies on outside investment. While the company received $150 million in a funding round at the end of last year, it pales next to the reported $526 million Spotify gained in June, and if one report is to be believed, SoundCloud is running very low on cash. Furthermore, sources suggest that potential investors are waiting to see what happens with Sony and Universal before ploughing in more money. With the high sums reported to be involved, it’s a stalemate that could potentially break the company whether it decides to pay or not.

    (tags: soundcloud music mp3 copyright sony universal spotify funding startups)

  • GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies

    Holy shit.

    Air-gapped networks are isolated, separated both logically and physically from public networks. Although the feasibility of invading such systems has been demonstrated in recent years, exfiltration of data from air-gapped networks is still a challenging task. In this paper we present GSMem, a malware that can exfiltrate data through an air-gap over cellular frequencies. Rogue software on an infected target computer modulates and transmits electromagnetic signals at cellular frequencies by invoking specific memory-related instructions and utilizing the multichannel memory architecture to amplify the transmission. Furthermore, we show that the transmitted signals can be received and demodulated by a rootkit placed in the baseband firmware of a nearby cellular phone.

    (tags: gsmem gsm exfiltration air-gaps memory radio mobile-phones security papers)

Links for 2015-08-16

Published August 16, 2015

Links for 2015-08-12

Published August 12, 2015

Links for 2015-08-11

Published August 11, 2015

  • Reddit comments from a nuclear-power expert

    Reddit user “Hiddencamper” is a senior nuclear reactor operator in the US, and regularly posts very knowledgeable comments about reactor operations, safety procedures, and other details. It’s fascinating (via Maciej)

    (tags: via:maciej nuclear-power nuclear atomic power energy safety procedures operations history chernobyl scram)

  • Amazon EC2 2015 Benchmark: Testing Speeds Between AWS EC2 and S3 Regions

    Here we are again, a year later, and still no bloody percentiles! Just amateurish averaging. This is not how you measure anything, ffs. Still, better than nothing I suppose

    (tags: fail latency measurement aws ec2 percentiles s3)

  • background doc on the Jeep hack

    “Remote Exploitation of an Unaltered Passenger Vehicle”, by Dr. Charlie Miller (cmiller@openrce.org) and Chris Valasek (cvalasek@gmail.com). QNX, unauthenticated D-Bus, etc.

    ‘Since a vehicle can scan for other vulnerable vehicles and the exploit doesn’t require any user interaction, it would be possible to write a worm. This worm would scan for vulnerable vehicles, exploit them with their payload which would scan for other vulnerable vehicles, etc. This is really interesting and scary. Please don’t do this. Please.’

    (tags: jeep hacks exploits d-bus qnx cars safety risks)

  • Care.data and access to UK health records: patient privacy and public trust

    ‘In 2013, the United Kingdom launched care.data, an NHS England initiative to combine patient records, stored in the machines of general practitioners (GPs), with information from social services and hospitals to make one centralized data archive. One aim of the initiative is to gain a picture of the care being delivered between different parts of the healthcare system and thus identify what is working in health care delivery, and what areas need greater attention and resources. This case study analyzes the complications around the launch of care.data. It explains the historical context of the program and the controversies that emerged in the course of the rollout. It explores problems in management and communications around the centralization effort, competing views on the safety of “anonymous” and “pseudonymous” health data, and the conflicting legal duties imposed on GPs with the introduction of the 2012 Health and Social Care Act. This paper also explores the power struggles in the battle over care.data and outlines the tensions among various stakeholders, including patients, GPs, the Health and Social Care Information Centre (HSCIC), the government, privacy experts and data purchasers. The predominant public policy question that emerges from this review centers on how best to utilize technological advances and simultaneously strike a balance between the many competing interests around health and personal privacy.’

    (tags: care.data privacy healthcare uk nhs trust anonymity anonymization gps medicine)

Links for 2015-08-10

Published August 10, 2015

Links for 2015-08-07

Published August 7, 2015

Links for 2015-08-06

Published August 6, 2015

Links for 2015-08-05

Published August 5, 2015