Friday, January 18, 2013

Stuff I'm reading this weekend

OK, admit it: you've been spending way too much time reading about Manti Te'o's bizarre story and you're ready to move on and read about something else.

Well, here's a few things that you might find interesting...

  • A nicely illustrated article by Josh More on the RJS Security blog describing some of the social engineering tricks that scammers do to try to fool you into giving them your money: Internet Theft and the Holidays
    However, it did puzzle me how the scam worked. After all, I hadn’t given them any useful data. How would they get my money? Were they just incompetent criminals? This was well outside the realm of photography and I now had a professional interest.
  • Kevin Kelly highlights this bizarre story uncovered by a Verizon security audit: Case Study: Pro-active Log Review Might Be A Good Idea
    As it turns out, Bob had simply outsourced his own job to a Chinese consulting firm. Bob spent less that one fifth of his six-figure salary for a Chinese firm to do his job for him. Authentication was no problem, he physically FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average 9 to 5 work day.
  • I love the idea of this tool that helps you find free books for your e-reader: Freebook Sifter
  • I hadn't been following Jeremy Kun's blog, but I will now. There's some great stuff there! For example check out Probability Theory — A Primer
    In this post, we will begin with a naive version of probability theory. That is, everything will be finite and framed in terms of naive set theory without the aid of measure theory. This has the benefit of making the analysis and definitions simple.
  • Moxie Marlinspike offers some Career Advice
    Jobs at software companies are typically advertised in terms of the difficult problems that need solving, the impact the project will have, the benefits the company provides, the playful color of the bean bag chairs. Likewise, jobs in other fields have their own set of metrics that they use to position themselves within their domains.

    As a young person, though, I think the best thing you can do is to ignore all of that and simply observe the older people working there.

    They are the future you. Do not think that you will be substantially different. Look carefully at how they spend their time at work and outside of work, because this is also almost certainly how your life will look.

  • Leonard Cohen is coming to the Paramount Theatre in early March. The show has received wildly rave reviews, so I went to see about buying tickets. Tickets start at $275/seat and range up to $600/seat! As my wife said, "we can take an awfully nice vacation, and still buy every one of his records, for less than $1200."
  • Last December, Gary Brecher published another of his epic works: The War Nerd’s Twelve Days of 1812. As usual, his writing is solid and well-researched, while still being wildly entertaining.
    The British Army has had some wild ups and downs over the past 300 years, unlike their navy, which has been damn good straight through. The redcoats we faced in 1776 weren’t much of an army—the troops were seldom-fed unemployables and the officers mostly dim-bulb second sons. That was one of the reasons the US woofed so loud at the Brits leading up to 1812: we were bigger and stronger and figured if we beat them back in the 1780s it’d be a cakewalk now.
  • A nice article about Industrial Light and Magic's latest work over at Wired: How ILM Built the Best Hulk Ever for The Avengers (And Earned an Oscar Nom)
    ILM’s Jeff White told Wired that job number one in building a better Hulk was building the elements of character within the CGI, and shared five key steps that helped them create the most impressive visualization of the Hulk to hit any screen, big or small
  • For a solid breakdown of the Java vulnerability that's getting all the attention this month, try Esteban Guillardoy's writeup: Java MBeanInstantiator.findClass 0Day Analysis
    what is happening here is that they forgot to skip the frames related to the new Reflection API and only the old reflection API is taken into account.
  • David Lang's short paper about wireless network efficiencies is very practical: Building a Wireless Network for a High Density of Users
    Wireless networks for conferences and schools tend to work very well when tested, and then collapse completely when all the users show up to use them. This pattern is repeated time and time again to the point where people tend to think that it's a fundamental limitation of Wi-Fi technology. There are real limitations that you have to deal with, but if you keep them in mind it is very possible to build a wireless network for thousands of people and have it be rock solid and reliable.
  • I'm still mostly baffled by Locator/ID Separation Protocol, but this paper by a team at Cisco is helpful: Network-Based Protocol Innovations in Secure Encryption Environments
    The use of dynamic discovery of the routes to the secure networks the IVDs are protecting could increase demand on hardware resources and IVD functionality in order to process and hold a potentially larger number of IP prefixes being received from the protected network. This could prove challenging, particularly if the IVD hardware design was not originally intended to hold a large amount of IP prefixes.
  • The Networking Nerd wonders what the IP address equivalent of the famous "555-nnnn" phone numbers are: IP Addresses in Entertainment
    Hollywood has been trying for some time to come up with IP addresses that look real enough to pass the sniff test but are totally false. Sometimes that works. Other times, you end up with Law and Order. In particular, the SVU flavor of that show has been known to produce IP address ranges that don’t even come close to looking real.
  • Both Coursera and Udacity continue to roll out new material. Here's a couple upcoming classes that look intriguing:
  • The story about the way the Nokia mobile browser handles https traffic was well-covered, but still somehow didn't seem to get the attention it deserves, perhaps because the Java 7 exploit stole all the media attention. Anyway, start here: Nokia phone forcing traffic through proxy and then go here: Nokia’s MITM on HTTPS traffic from their phone
    Just upgraded my Nokia browser, the version now is 2.3.0.0.48, and as expected there is a change in HTTPS behaviour. There is a good news and a bad news. The good news is with this browser, they are no more doing Man-In-The-Middle attack on HTTPS traffic, which was originally the issue, and the bad news is the traffic is still flowing through their servers. This time they are tunneling HTTPS traffic over HTTP connection to their server.
  • Lastly, I'm sure you've already seen it, but if not, don't miss this great story about code review in the open source world: 'SHUT THE F**K UP!' The moment Linus Torvalds ruined a dev's year.
    Last year Torvalds insisted he was a mild-mannered man of peace who is mischaracterised as angry because only his outbursts are reported.

    But the dad-of-three admitted it's not in his nature to be overly nurturing and gentle when dealing with Linux development matters and noted he tends to get involved in issues at the gasket-blowing stage.

    Here's the actual email traffic. Although it's strongly worded, observe that it's actually a highly important subject, and the strong language is due to passion, not to crudity.

    In other words, the reason people respect Linus, and want to work with him, learn from him, and use his software, is because he actually cares about making great software. That's something deserving of respect.

No comments:

Post a Comment