This week was a bit fractured for us. It started with Hannah breaking her thumb, and ended with the company potluck, and had a little bit of everything else sprinkled in.
Along with it all, I'm plugging away on the beginnings of a large new project at work, and still trying to keep up with duh Netz. So:
- 30 years ago, when I was just starting out programming, I was an avid reader of Peter Neumann's Risks Digest. Somewhere along the way I lost track of it, but it turns out that both the Digest and Dr Neumann himself are still going strong. There's a nifty writeup of him in the New York Times: PROFILES IN SCIENCE PETER G. NEUMANN: Killing the Computer to Save It. I hope I am still an active Computer Scientist when I am 80 years old!
- A super paper by a team including Professor Dan Boneh of Stanford: The most dangerous code in the world: validating SSL certificates in non-browser software.
We demonstrate that SSL certificate validation is completely broken in many security-critical applications and libraries. [...] Any SSL connection from any of these programs is insecure against a man-in-the-middle attack. The root causes of these vulnerabilities are badly designed APIs of SSL implementations (such as JSSE, OpenSSL, and GnuTLS) and data-transport libraries (such as cURL) which present developers with a confusing array of settings and options. We analyze perils and pitfalls of SSL certificate validation in software based on these APIs and present our recommendations.
- Facebook engineering has "crossed the Google threshold": they are now at the point where they re-write every piece of software to their own exact specifications, build their own hardware, etc. Only a handful of organizations are this sophisticated, and Facebook are now clearly one of them: Under the Hood: Scheduling MapReduce jobs more efficiently with Corona. Note that, if I'm understanding this correctly, high-end data centers are now at the point where they devote entire computers to just a single task.
Corona introduces a cluster manager whose only purpose is to track the nodes in the cluster and the amount of free resources. A dedicated job tracker is created for each job, and can run either in the same process as the client (for small jobs) or as a separate process in the cluster (for large jobs).
Once there was multi-processing, then there was multi-threading, but at a certain scale things go inverted and every thread of every process gets its own dedicated computer. - I'm not sure how this Niantic Project idea is going to turn out, but my son is on-board and playing, so more as it develops...
- Speaking of games, how did I manage to pick up every expansion of Carcassonne but this one? As we're mostly a 2-person gaming group right now (though my granddaughter is coming along fast), I'll be picking this up shortly.
- At the Counterparties blog, Ben Walsh tries to help us understand the drivers of tuition inflation. We were doing the math recently, and we're just crossing the $100K line for my youngest's college education (at a public university!), with still nearly a year to go. The overall costs tripled in just the 10 years between our oldest child and our youngest. Thankfully, we're one of those lucky families who've been able to afford it; how long will that last?
- I absolutely adored Wolf Hall, and am so looking forward to Bringing Up The Bodies, but I really need to get through several other (long) books first...
- The sub-heading on this Slate story seems to hit a bit close to home: The Secret History of the Aeron Chair: It wasn’t originally designed for office warriors. It was intended for the elderly.. I certainly can't call myself "elderly", but I'll tell you this: until I took my current job, I had a long procession of left-over office chairs purchased from various auction houses and office supply stores. But I've had my Herman Miller chair for 30 months now and it is fantastic!
- It's only been two weeks, but I'm enjoying my subscription to Weekend Sherpa's newsletter. Of course, this weekend is a big wet winter storm, but hopefully we'll sneak out for at least a little bit in-between the raindrops...
No comments:
Post a Comment