Quotulatiousness

February 11, 2014

Michael Geist on what Canadians can do about mass surveillance

Filed under: Cancon, Government, Liberty, Technology — Tags: , , — Nicholas @ 12:21

A post at Michael Geist’s website advises Canadians about their options to protest the government’s role in internet surveillance:

… we know that U.S. law provides fewer protections to personal information of non-U.S. citizens, suggesting that Canadian data residing in cloud-based servers in the U.S. are particularly vulnerable. Meanwhile, the Canadian legal rules remain largely shrouded in secrecy, with officials maintaining that programs fall within the law despite the obvious privacy interests in metadata and statutory restrictions on domestic surveillance.

[…]

Today is the day that Canadians can send a message that this official is wrong. The Day We Fight Back Against Mass Surveillance is a global effort to galvanize people around the world to speak out against ubiquitous surveillance. Canadians can learn more here, but the key ask is to contact your Member of Parliament. If you are concerned with widespread surveillance in Canada, take a couple of moments to send an email or letter (no stamp required) to your MP and let them know how you feel (alternatively, you can fill out the form at this site). In addition, you can sign onto a global petition supported by hundreds of groups around the world.

I’ve written about the need for changes here and many others — including Interim Privacy Commissioner Chantal Bernier, Kent Roach, Wesley Wark, Ron Diebert, David Fraser, Ontario Privacy Commissioner Ann Cavoukian and Avner Levin, Craig Forcese, and Lisa Austin — have highlighted other potential changes. There are no shortage of ideas for reform. What we need now are Canadians to speak out to demand an open review and reform of Canadian surveillance law and policy.

February 9, 2014

“A car is a mini network … and right now there’s no security implemented”

Filed under: Technology — Tags: , , , — Nicholas @ 11:48

Driving your car anywhere soon? Got anti-hacking gear installed?

Spanish hackers have been showing off their latest car-hacking creation; a circuit board using untraceable, off-the-shelf parts worth $20 that can give wireless access to the car’s controls while it’s on the road.

The device, which will be shown off at next month’s Black Hat Asia hacking conference, uses the Controller Area Network (CAN) ports car manufacturers build into their engines for computer-system checks. Once assembled, the smartphone-sized device can be plugged in under some vehicles, or inside the bonnet of other models, and give the hackers remote access to control systems.

“A car is a mini network,” security researcher Alberto Garcia Illera told Forbes. “And right now there’s no security implemented.”

Illera and fellow security researcher Javier Vazquez-Vidal said that they had tested the CAN Hacking Tool (CHT) successfully on four popular makes of cars and had been able to apply the emergency brakes while the car was in motion, affect the steering, turn off the headlights, or set off the car alarm.

The device currently only works via Bluetooth, but the team says that they will have a GSM version ready by the time the conference starts. This would allow remote control of a target car from much greater distances, and more technical details of the CHT will be given out at the conference.

February 7, 2014

Hackers, “technologists”, … and girls

Filed under: Technology — Tags: , , , , — Nicholas @ 13:35

An interesting post by Susan Sons illustrating some of the reasons women do not become hackers in the same proportion that men do:

Looking around at the hackers I know, the great ones started before puberty. Even if they lacked computers, they were taking apart alarm clocks, repairing pencil sharpeners or tinkering with ham radios. Some of them built pumpkin launchers or LEGO trains. I started coding when I was six years old, sitting in my father’s basement office, on the machine he used to track inventory for his repair service. After a summer of determined trial and error, I’d managed to make some gorillas throw things other than exploding bananas. It felt like victory!

[…]

Twelve-year-old girls today don’t generally get to have the experiences that I did. Parents are warned to keep kids off the computer lest they get lured away by child molesters or worse — become fat! That goes doubly for girls, who then grow up to be liberal arts majors. Then, in their late teens or early twenties, someone who feels the gender skew in technology communities is a problem drags them to a LUG meeting or an IRC channel. Shockingly, this doesn’t turn the young women into hackers.

Why does anyone, anywhere, think this will work? Start with a young woman who’s already formed her identity. Dump her in a situation that operates on different social scripts than she’s accustomed to, full of people talking about a subject she doesn’t yet understand. Then tell her the community is hostile toward women and therefore doesn’t have enough of them, all while showing her off like a prize poodle so you can feel good about recruiting a female. This is a recipe for failure.

[…]

I’ve never had a problem with old-school hackers. These guys treat me like one of them, rather than “the woman in the group”, and many are old enough to remember when they worked on teams that were about one third women, and no one thought that strange. Of course, the key word here is “old” (sorry guys). Most of the programmers I like are closer to my father’s age than mine.

The new breed of open-source programmer isn’t like the old. They’ve changed the rules in ways that have put a spotlight on my sex for the first time in my 18 years in this community.

When we call a man a “technologist”, we mean he’s a programmer, system administrator, electrical engineer or something like that. The same used to be true when we called a woman a “technologist”. However, according to the new breed, a female technologist might also be a graphic designer or someone who tweets for a living. Now, I’m glad that there are social media people out there — it means I can ignore that end of things — but putting them next to programmers makes being a “woman in tech” feel a lot like the Programmer Special Olympics.

February 6, 2014

TAFTA/TTIP – The US is negotiating from a position of unassailable strength

Filed under: Europe, Technology, USA — Tags: , , , , , — Nicholas @ 11:02

At Techdirt, Glyn Moody explains why the EU is insane not to demand that the negotiations with the US government over TAFTA/TTIP be made fully public:

On the one side is the US, on the other, the 28 nations that go to make up the European Union. Because they have differing views on the TAFTA/TTIP negotiations, it’s necessary to pass around many documents conveying information about the current negotiations, and seek to obtain some kind of consensus on future EU proposals and flexibilities.

In the wake of Snowden’s revelations, security will doubtless be much better than during the Copenhagen Summit, when supposedly secret messages were sent using unencrypted emails. But it only needs one weak link in the European Union’s security chain — somebody who forgets to encrypt his or her message, or who leaves it on a system that has been compromised — and the NSA will be able to access that information, and pass it on to the US negotiators, just as it did in Copenhagen.

The key point is that there is a profound information asymmetry in the TAFTA/TTIP talks. Although the spy agencies of the EU countries will doubtless be trying their best to obtain confidential information about US negotiating tactics, it will be much harder than it is for the US to do the same about EU positions. That’s because the NSA is far larger, and far more expert than the EU agencies. GCHQ is probably the nearest in terms of capabilities, but is so closely allied with the NSA in other areas that it probably won’t be trying too hard so as not to annoy its paymaster.

This more or less guarantees that the US will know everything about the EU’s negotiating plans during TAFTA/TTIP, while the EU will remain in the dark about the US intentions. That not only undercuts the European Commission’s argument that releasing documents is not possible because they must remain secret during the negotiations — they won’t be — it also gives the EU a huge incentive to insist on full transparency for the talks. That way, the EU negotiators would be able to see at least some US documents that currently are hidden from them, whereas the US would gain little that it didn’t already know through more dubious means.

E-cigarettes – growth industry or doomed by regulatory overstretch

Filed under: Business, Health, Technology — Tags: , , , — Nicholas @ 09:03

Megan McArdle discusses the past, present, and potential future for the e-cigarette industry:

In its simplest form, an e-cigarette is a cartridge filled with a nicotine solution and a battery powering a coil that heats the solution into vapor, which one sucks in and exhales like smoke. Typically, it looks like a regular cigarette, except the tip, embedded with an LED, often glows blue instead of red. The active ingredient in e-cigarettes is the same nicotine found in cigarettes and nicotine patches.

The effects of inhaling nicotine vapor are not totally understood, but there is no evidence to date that it causes cancer. Experts and logic seem to agree that it’s a lot better than setting chopped-up tobacco leaves on fire and inhaling the nicotine along with thousands of combustion byproducts, some of which are definitely carcinogenic. Because cancer is the main drawback of smoking for a lot of people, the delivery of nicotine without lighting a cigarette is very attractive. And because it produces a wispy vapor instead of acrid smoke, an e-cigarette lets you bring your smoking back indoors, where lighting up in an enclosed space is no longer socially, or legally, acceptable.

[…]

A primitive, battery-operated “smokeless non-tobacco cigarette” was patented as early as 1963 and described in Popular Mechanics in 1965. Thomas Schelling, a Nobel prize-winning economist who helped start the Institute for the Study of Smoking Behavior and Policy at Harvard University’s Kennedy School in the 1980s, recalls that people in the 1960s were talking about a charcoal-based vaporizer that would heat some sort of nicotine solution. While those early versions might have been safer than a regular cigarette, they were too expensive and cumbersome to become a substitute for a pack of Camels in a country where, as Schelling notes, “you’re never more than 5 or 10 minutes away from a smoke.”

In a way, electronic cigarettes were made possible by cell phones. The drive to make phones smaller and lengthen their battery life led to the development of batteries and equipment small enough to fit in a container the size and shape of a cigarette. There’s some dispute over who invented the modern e-cigarette, but the first commercially marketed device was created by a Chinese pharmacist, Hon Lik, and introduced to the Chinese market as a smoking cessation device in 2004.

In the same way that alcohol comes in various guises (many carefully crafted to appeal to beginners: sweet as soda pop, for example), e-cigarettes are available in many different flavours:

E-cigarette cartridges come in classic tobacco and menthol flavors — Verleur’s company even offers V2 Red, Sahara, and Congress, clearly aimed at loyal smokers of Marlboros, Camels, and Parliaments. But most companies also have less conventional flavors. Blu offers Peach Schnapps, Java Jolt, Vivid Vanilla, Cherry Crush, and Piña Colada, presumably for people who don’t just like a drink with a cigarette, but in one.

February 5, 2014

The Internet and the defenestration of the gatekeepers

Filed under: Government, Liberty, Technology — Tags: , , , — Nicholas @ 08:51

In the latest Libertarian Enterprise, L. Neil Smith talks about the recent movie The Fifth Estate, prominent whistleblowers, and how the Internet upset so many top-down information models:

The top three “whistle-blowers”, of course, in no particular order, are Assange himself, Bradley/Chelsea Manning, and Edward Snowden. I’m interested in these individuals for a number of reasons, not the least of which, is that I wrote about them (actually, I anticipated them) long before most people in the world ever knew they existed.

Including me.

Eleven years ago, in a speech I delivered to the Libertarian Party of New Mexico entitled “Empire of Lies“, I asserted that every human being on Earth is swimming — drowning — in an ocean of lies, mostly told by governments of one variety or another. I pointed out that lies of that kind — for example, the Gulf of Tonkin “incident” that never happened, and yet cost the lives of 60,000 Americans and 2,000,000 Vietnamese — are deadly. I proposed, therefore, that any politician, bureaucrat, or policeman caught telling a lie to any member of the public for any reason — a well as any among their ilk keeping secrets — ought to be subject to capital punishment, preferably by public hanging.

On network television.

Some time later, I stumbled on what I think is the true historical significance of the Internet. For as long as human beings have been communicating with one another, except among family and friends (and even then, sometimes) communications have been vertical and one-way, from the top down. Just to take it back to the Middle Ages, you can’t talk back to, or argue with a church bell. You either do what you are trained to do when it rings — wake, pray, eat, go to bed — or you do not, and suffer whatever consequences society has arranged for you to suffer.

This sorry situation was not improved materially by later “great” inventions like the printing press, movies, radio, or television. Such innovations only made it easier and more convenient to issue orders. The elite laid down the law to the peons (that’s us) and there was no way of contradicting them. Letters to the Editor are limited to 400 words.

But the Internet, and all of the technical, political, and social phenomena associated with it, turned this communications hierarchy sideways. Almost overnight, it was now possible for anybody on the planet to talk to anybody else, and to speak privately with a single individual, or to millions, without obtaining anyone’s permission, judged not by their power or authority, but by the cogency of their arguments.

Atlas didn’t shrug, Authority wigged.

Traditional Big Media, newspaper, magazine, and book publishers, movie studios, radio and television network executives, held onto their monopoly gatekeeper position, inherited from a more primitive era, desperately and at any cost. Only they were fit to judge what word could be sent by mere individuals to the Great Unwashed (that’s us, again). What it cost them is their very existence. They were incapable of divining that the Age of Authority, including theirs, was over.

For governments all over the world, subsisting as they all do on lies, intimidation, and violence, it was a nightmare. They have tried to fight back, but they will lose. The tide of history is against them. The idea of “peer-to-peer” communication is out there, and — short of the mass slaughter some of them seem to be preparing against us: a measure of their utter despair — it can never be called back or contained.

February 3, 2014

New technology invades the vineyards – is it now the Côte-du-Drône?

Filed under: Europe, France, Technology, Wine — Tags: , — Nicholas @ 09:48

Jack Flanagan talks about the most recent technological intrusions into innovations being introduced into traditional European winemaking:

It is a new age in winemaking. The old days of doing everything by hand is ending. And while large-scale harvesters and flood-lights might not be news, the vintners of tomorrow have a few tricks up their sleeves.

[…]

And yet as advanced technology, the sort-of thing that requires a Masters of Science to understand, becomes available at lower prices (well, hovering among the thousands), vineyards in France and areas outside are adopting them.

Perhaps least surprising, if you’ve noticed a trend lately, is the addition of drones. Right now, they have a simple task: flying over vineyards, checking for damage or anything suspicious.

In the future, however, they may be required to do more labour-intensive tasks such as vine maintenance, e.g. pruning and checking how ripe the grapes are. This, specifically, is the task of a little droid resembling a rover: it skates along the vineyard floor, analysing and remembering the details of the vines. If they’re getting too long, the robot prunes them back.

January 31, 2014

(Micro-)Break it to make a material stronger

Filed under: Science, Technology — Tags: , , — Nicholas @ 14:18

Another example of how sometimes we can benefit by using biomimicry:

Engineers intrigued by the toughness of mollusc shells, which are composed of brittle minerals, have found inspiration in their structure to make glass 200 times stronger than a standard pane.

Counter-intuitively, the glass is strengthened by introducing a network of microscopic cracks, according to a study published in the journal Nature Communications on Tuesday.

A team at McGill University in Montreal began their research with a close-up study of natural materials like mollusc shells, bone and nails which are astonishingly resilient despite being made of brittle minerals.

The secret lies in the fact that the minerals are bound together into a larger, tougher unit.

The binding means the shell contains abundant tiny fault lines called interfaces. Outwardly, this might seem a weakness, but in practice it is a masterful deflector of external pressure.

To take one example, the shiny, inner shell layer of some molluscs, known as nacre or mother of pearl, is some 3,000 times tougher than the minerals it is made of.

The maple-flavoured NSA used airport Wi-Fi to track travellers

Filed under: Cancon, Government, Technology — Tags: , , , — Nicholas @ 09:17

With so much talk about the NSA and GCHQ using every electronic means at their disposal, it was inevitable that some of the documents being released by Edward Snowden would implicate Canadian intelligence in similar activities:

A top secret document retrieved by U.S. whistleblower Edward Snowden and obtained by CBC News shows that Canada’s electronic spy agency used information from the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal.

After reviewing the document, one of Canada’s foremost authorities on cyber-security says the clandestine operation by the Communications Security Establishment Canada (CSEC) was almost certainly illegal.

Ronald Deibert told CBC News: “I can’t see any circumstance in which this would not be unlawful, under current Canadian law, under our Charter, under CSEC’s mandates.”

The spy agency is supposed to be collecting primarily foreign intelligence by intercepting overseas phone and internet traffic, and is prohibited by law from targeting Canadians or anyone in Canada without a judicial warrant.

As CSEC chief John Forster recently stated: “I can tell you that we do not target Canadians at home or abroad in our foreign intelligence activities, nor do we target anyone in Canada.

“In fact, it’s prohibited by law. Protecting the privacy of Canadians is our most important principle.”

But security experts who have been apprised of the document point out the airline passengers in a Canadian airport were clearly in Canada.

CSEC said in a written statement to CBC News that it is “mandated to collect foreign signals intelligence to protect Canada and Canadians. And in order to fulfill that key foreign intelligence role for the country, CSEC is legally authorized to collect and analyze metadata.”

Metadata reveals a trove of information including, for example, the location and telephone numbers of all calls a person makes and receives — but not the content of the call, which would legally be considered a private communication and cannot be intercepted without a warrant.

“No Canadian communications were (or are) targeted, collected or used,” the agency says.

In the case of the airport tracking operation, the metadata apparently identified travelers’ wireless devices, but not the content of calls made or emails sent from them.

January 28, 2014

3D printing about to get more colourful

Filed under: Technology — Tags: — Nicholas @ 09:49

In The Register, Lester Haines looks at a new 3D printer that promises a lot more colour:

Those of you frustrated by the monochrome, single material output of 3D printers, and who happen to have very deep pockets, are directed to the Stratasys Objet500 Connex3, hailed as the world’s first full-colour machine.

Stratasys colour 3D printed helmet

The tech behind these impressive capabilities is Stratysys’s proprietary “PolyJet 3D“. The company explains this is “similar to inkjet document printing, but instead of jetting drops of ink onto paper, PolyJet 3D Printers jet layers of liquid photopolymer onto a build tray and instantly cure them with UV light”.

It continues: “The most advanced PolyJet systems combine diverse 3D printing materials in one model by jetting multiple materials simultaneously. This means you can selectively position multiple materials in one printed prototype and even combine two or three materials to create composite digital materials with distinct, predictable properties.”

Stratasys colour 3D printed gears

However, as you might expect, the new printer isn’t cheap — £200,000 ($330,000) is the quoted starting price.

January 27, 2014

The not-so-humble torpedo and the genesis of the military-industrial complex

Filed under: History, Military, Technology, USA, Weapons, WW1 — Tags: , , — Nicholas @ 10:18

In the Boston Globe, Katherine C. Epstein makes a strong case for the origin of the military-industrial complex not being the era that President Eisenhower warned about, but actually in the run-up to the First World War:

The phrase [Eisenhower] popularized to describe the emerging system — the “military-industrial complex” — has since become a watchword, and Eisenhower’s account of its rise has struck most observers as accurate: It was a product of an immense war effort and the new attitudes spawned in the aftermath.

But what if Eisenhower — and others — had the origin story wrong? Although the military-industrial complex unquestionably became far larger and more deeply entrenched as a result of World War II and the Cold War, a closer reading of the history suggests that its essential dynamics were actually decades older. An armaments industry in close collaboration with the military — coping with global and national arms markets, sophisticated technology, intense geopolitical rivalries, and a government prone to expand its power in the name of national security — had its roots in the way geopolitics, industrialization, and globalization collided at the turn of the 20th century. And one key innovation that helped to tip the United States over into the national security regime that we recognize today was, of all things, the torpedo.

The torpedo didn’t just threaten to change naval warfare. It was a sophisticated new weapon so important to the US Navy that it forced the government to form a novel relationship with industry — and to introduce the trump card of national security as a rationale for demanding secrecy from private companies. The policy that developed along with the torpedo set the terms for the efforts to control information in the name of national security that we’re seeing now. To appreciate just how far back that policy runs — back to a time not of war, but of peace — gives us a new lens on our current struggles over the military-industrial complex, and perhaps a different reason to worry.

January 25, 2014

War in the 21st century

Filed under: Military, Technology — Tags: , , , , — Nicholas @ 00:01

Jim Dunnigan wrote this short piece as a proposal for a longer work to follow-on to his book The Perfect Soldier in 2003.

There are many new trends producing the dramatic changes in warfare. Many of these changes are missed by the media and even many military analysts because so much has changed so quickly. The new technologies and trends include;

Robots. Combat robots have actually been around for over a century. Naval mines and torpedoes are robotic weapons that proved themselves in the early years of the 20th century. There were some more robotic weapons in World War II (cruise and ballistic missiles plus the first “smart shells”), but the momentum for combat robots really didn’t get going until the late 20th century, when smaller, cheaper and more reliable microprocessors and similar electronics made it possible to create inexpensive, “smart”, dependable and useful battle droids. Combat robots have sneaked into the military, without many people in, or out of, uniform paying a lot of attention. That’s still the case, especially because the media and even many senior military and political leaders don’t fully understand the technology nor how it is implemented. One example of this confusion can be seen with the constant reference to UAVs (unmanned aerial vehicles) as “drones” or “robots.” They are neither, they are simply remotely controlled aircraft, something that’s been around for over half a century. But these UAVs are being given more and more robotic (operating autonomously) capabilities. This isn’t new either, as torpedoes have had this ability for over 60 years and missiles for over 50 years.

Battlefield Internet. The Internet appeared as a mass-market product in the mid-1990s just as a generation of PC savvy officers were rising up the chain of command. These guys had encountered the first PCs as teenagers and then had access to the pre-World Wide Web Internet in college. PCs and the web were not mysteries, but tools they were familiar with. By 2001 these men and women were majors and colonels, the people the generals turn to when they want something done, or explained. When the World Wide Web showed up in the mid-1990s, generals turned to the majors and colonels for an update and were told, “no problem sir, good stuff. We can use it.” There followed a scramble to create a workable “battlefield Internet.” But there was another trend operating, the 1980s effort to implement “information technology.” But as the ideas merged with workable and affordable hardware and software, sparks began to fly. Unlike earlier ventures into new technology, this was not just a case of the troops being given new gadgets and shown how to use them. With Internet stuff, and Internet savvy troops, a lot of the new technology was being invented by the users. This has created high speed development of new technology, putting new stuff through development, testing and into use much faster than ever before.

[…]

Commandos. These specialists have always been around. Think of the “Knights of the Round Table” or any legendary super warrior. During the 20th century, methods were developed to produce commando class troops at will. This was not possible in the past. While commandos are specialist troops that are only useful in certain situations, when you can use them, they often have a devastating effect. Those nations with large commando forces (the US, Britain, Russia, etc.) have a military advantage that is often the margin of victory.

Off the Shelf Mentality. Since the 1980s, the military has increasingly looked to commercial companies for the latest combat equipment. This recognizes that military procurement has become too slow, and technological advances too rapid to get the latest gear into the hands of troops before it becomes obsolete. In most cases, civilian equipment works fine, as is, for the military. This is because over half the troops that work at jobs that never take them from shops or offices indistinguishable from the work places civilians use. But even the combat troops can find a lot of equipment that is rugged enough for the battlefield. Soldiers have long noted that civilian camping equipment is superior to most of the stuff they are issued, and many soldiers have supplemented, or replaced, issued equipment with better off-the-shelf gear. In the last decade, it’s been common for combat troops to bring civilian electronics gear with them. Everything from laser range finders to GPS units, all of which are issued, but the official stuff tends to be heavier and less capable.

January 23, 2014

Machinima falls for the old “novelty death warrant” trick

Filed under: Business, Media, Technology — Tags: , , , — Nicholas @ 11:10

At Techdirt, Timothy Geigner recounts the potential PR disaster facing Machinima after they attempted to buy positive coverage from their own contributors for the Xbox One:

It began with a thread on NeoGAF that included text from an email Machinima was sending out to their partners which offered bonus CPM (cost per thousand views, the standard way advertising is priced) payments on videos covering Microsoft’s new console. Their requirements for this “promotion” in the email were already problematic, including gameplay footage from an Xbox One game, a mention of playing the game on the Xbox One console in the video, and a vague reference to following the “guidelines listed in the assignment.” Just in those lines, most journalists would find deal-killers. While the line on whether or not YouTube video makers covering games like this being journalists may be a bit blurry, there’s little doubt that thousands of YouTubers look to these folks for help on their purchasing decisions. In other words, they’re fame rests squarely on their reputations for honest reviews. Minus those reputations, these people have no following.

Which is what makes the details in those “guidelines” mentioned above so misguided.

    Now here’s where we enter really sketchy territory: Ars Technica tracked down a copy of Machinima‘s contract for the promotion, and there’s one line that stands out: “You may not say anything negative or disparaging about Machinima, Xbox One or any of its Games in your Campaign Video.” What’s more, these YouTubers can’t even be transparent about this arrangement, according to the contract:

    “You agree to keep confidential at all times all matters relating to this Agreement, including, without limitation, the Promotional Requirements, and the CPM Compensation, listed above. You understand that You may not post a copy of this Agreement or any terms thereof online or share them with any third party (other than a legal or financial representative). You agree that You have read the Nondisclosure Agreement (attached hereto and marked as Exhibit “A”) and You understand and agree to all of terms of the Nondisclosure Agreement, which is incorporated as part of this Agreement.”

Hear that sound? That’s the sound of this entire promotion exploding with enough payload-force to also take out both the guilty and innocent Machinima video-producers. What this does is put everyone under suspicion. Given what we said about the importance of reputations above, this could be the meteor that destroys Machinima‘s world.

Yes, if you’re following along a home, the post title is a Blackadder reference.

January 21, 2014

Coming soon – ShapeShifter’s “polymorphic” defence against malware

Filed under: Technology — Tags: , , , — Nicholas @ 11:11

In The Register, John Leyden discusses a new start-up’s plans for defending websites against hackers:

Startup Shape Security is re-appropriating a favourite tactic of malware writers in developing a technology to protect websites against automated hacking attacks.

Trojan authors commonly obfuscate their code to frustrate reverse engineers at security firms. The former staffers from Google, VMWare and Mozilla (among others) have created a network security appliance which takes a similar approach (dubbed real-time polymorphism) towards defending websites against breaches — by hobbling the capability of malware, bots, and other scripted attacks to interact with web applications.

Polymorphic code was originally used by malicious software to rewrite its own code every time a new machine was infected. Shape has invented patent-pending technology that is able to implement “real-time polymorphism” — or dynamically changing code — on any website. By doing this, it removes the static elements which botnets and malware depend on for their attacks.

January 20, 2014

XKCD on the problem with attempting to automate tasks

Filed under: Humour, Technology — Tags: , — Nicholas @ 09:47

xkcd_automation

I’m not a programmer, although I’ve spent much of my working life around programmers, which is why I recognize the pattern so well: I’ve seen it in action so often.

The few times I’ve needed to create a program to do something (usually a text transformation of one sort or another), this has been exactly the way the “labour-saving” automation has gone. My personal version of the chart would have an additional phase at the beginning: I have to begin by learning or re-learning the tool I need to use. I learn just enough of how to use a given tool to do the task at hand, then the knowledge atrophies from lack of use and the next time I need to do something similar, the first priority is figuring out the right tool and then learning the same basic tasks all over again.

I started out with REXX when I was a co-op student at IBM. Several years later, I needed to convert a large set of documents from one markup language to another on a Unix system and that meant learning (just enough) shell scripting, sed and awk. A few years after that the right tool seemed to be Perl. In every case, the knowledge doesn’t stick with me because I don’t need to do anything with the language after I’ve finished the immediate task. I remember being able to do it but I don’t recall exactly how to do it.

« Newer PostsOlder Posts »

Powered by WordPress