2013 05 28

From TheCommandLineWiki
Jump to: navigation, search

Contents

News Cast for 2013-05-28

(00:00:17.569) Intro

(00:04:06.473) Security alerts

(00:04:25.693) Microsoft warns of Facebook-hijacking extensions

  • http://www.h-online.com/security/news/item/Microsoft-warns-of-Facebook-hijacking-extensions-1861398.html
  • The H's security channel had news of an alert from Microsoft's Malware Protection Center
  • They claim to have identified browser extensions that can hijack a user's Facebook profile
  • The extensions, JS/Febipos.A, spotted at first in Brazil, target Chrome and Firefox
  • They are capable of monitoring a user's activity to spot when they are logged into Facebook
  • The extensions then can download a configuration file
    • The link for which looks like an ordinary web site
  • That file can instruct the malware to do any number of things on its own
    • Such as liking posts and links on Facebook, interacting with groups and with friends
      • And even post comments and messages via chat
  • A user gets infected via a trojan, requiring some way to trick the user
    • Into downloading and running a file whose payload installs the extension
  • The post includes some examples of the extension's activities
    • Some of which are clearly trying to trick users into clicking on a link to a malicious web site
      • Increasing the risk to users that much more
  • Microsoft is claiming that its security tools are capable of detecting and removing these extensions
  • Users on platforms other than windows are just as much at risk
    • Which is why the browser is such an attractive target for an attack like this
  • Users should be able to spot the bogus extensions if they just look at the list
    • Of the ones they have installed for any they don't recall installing themselves
  • I think this is somewhat ironic given that Microsoft has been caught out
    • Installing browser extensions without any explicit interaction from users
      • Though their intent was not to attack, just to expand their software

(00:07:09.582) Bitdefender Clueful exposes Android spies

  • http://www.h-online.com/open/news/item/Bitdefender-Clueful-exposes-Android-spies-1867358.html
  • The H's Open channel described a tool from BitDefender, called Clueful
    • That can identify applications that are privacy or security risks
  • It doesn't actually analysis what apps are doing as such
    • Rather using a sort of fingerprint approach
      • Where it identifies apps and looks for them in BitDefender's database
  • Problem apps are categorized as low, medium or high risk
    • Where the degree to which a user is exposed or has their info
      • Sent to advertising networks determines which bucket into which it falls
  • The post includes some sample work the author, along with heisse security did
  • Even though the approach is relatively simple, it appears to be effective
  • Clueful displays a notification when an app is installed, if it is identified as a risk
  • The post notes this could be annoying for users who install a lot of apps
  • It also is not possible to search the database independently
    • Which would allow for pre-screening apps, which would be more ideal
  • All the same, this sounds like it is worth checking out, especially since the app is free
  • There was even an iOS version of Clueful released earlier in the year
  • Unfortunately, Apple yanked it from the app store as there is apparently a policy
    • Against apps examining other apps running outside their own sandbox
  • That is unfortunate and highlights why an at least somewhat more open system
    • Affords more innovation, even in areas where walled gardnes
      • Are perceived to be better like security
  • Even if Google had a similar policy, the option to load apps from other stores
    • Preserves this ability to innovate and provide more value
      • Than a single channel can provide with any given set of rules or constraints

(00:09:57.546) News

(00:10:11.184) Has Supercomputing Hit a Brick Wall?

  • http://tech.slashdot.org/story/13/05/14/1534248/has-supercomputing-hit-a-brick-wall
  • Slashdot linked to a short blog post from someone working in the field of high performance computing
  • That is the area of computer science focused on build machines as fast and powerful as possible
  • The applications for such super computers is usually in physics, in particular simulations
  • The more operations that can be calculated a second, the more accurate models can be
  • The poster is a self identified skeptic of more far flung ideas
    • Such as the singularity and the roboapocalypse
      • Ideas predicated on runaway acceleration of computer power and AI
  • The person shared this presentation of interest is just a worker in the field
    • The presentation itself by a deputy director in a national lab involved in HPC
  • Horst Simon works at Lawrence Berkeley National Laboratory
    • And was presenting earlier this month to the Optical Interconnects Conference
  • Simon's core contention is that super computers won't hit exaflops by 2020
  • Exa is a prefix meaning 10 to the 18th or 1 with 18 zeros after it
  • Flops are floating point operations per second and a common benchmark of computer performance
  • He gives a good survey of the current state of the area
  • In so doing, he identifies three swim lanes for going forward
    • From systems benchmarked in the tens of petaflops
  • He points out one risk, that there is not a clear winner
  • Selecting a swim lane to pursue too earlier risks pursuing one to a dead end
    • But choosing too late could mean losing the opportunity to have a well ranked machine
  • The sense I get is that this reputation is key for lab directors
    • Both to secure necessary funding and projects of interest to use such machines
  • Not surprisingly, the other thing he identifies is power efficiency
  • In his stacks and stacks of graphs on the subject, there is one marked improvement
    • The adoption by some projects of using GPUs as a basis for super computers
  • Simon doesn't think this changes the slope of the graph of predicted future improvements
  • He is pretty clear in his assessment that this was a one time improvement
  • Several more slides cover from where the power efficiency arises
  • The issue isn't powering computational steps but in shuttling information around the system
  • This is a long standing problem area for super computers
    • Where the physical systems themselves take up way more space than even a desktop tower
  • Worse, as information has to be shared across a server room or data center
    • Electrical interconnects require additional power to amplify signals
  • This problem arises even on chip but is made worse at the total physical scale of these systems
  • Appropriate to the venue, he does point out that implementing practical optical interconnects
    • Can help as they don't require the same amplification over distance
  • Simon argues that the exaflops benchmark is a bit flawed, anyway
    • In that the entire field is shifting, exploring new challenges
      • Where raw number of computations per unit time may not be as valid a benchmark
  • Reading through his list, some of it resonates with questions I've seen discussed elsewhere
    • Around how programming still needs to catch up to make full use of just
      • The three swim lanes, as he calls them, available today
  • There are plenty of slides in the later portion of the deck
    • That discuss the sorts of specific applications exascale super computing supports
  • The most high profile, one focused on by the White House, is simulating the human brain
  • This one, though, really brings home the power efficiency problem in the thousands of watts
    • That a computer will need to even approach the brain which does what it does for meager watts
  • Regardless of Simon's skepticism on the timing, he concludes with a strong argument
    • For why the pursuit of exascale matters
  • The argument, then seems to be for patience, to allow sufficient time to solve key problems
    • Rather than over fixating on arbitrary targets for arbitrary reasons

(00:16:29.400) A Heartwarming Gamer Story About Sexy Gender-Swapped Mechanics

  • http://www.wired.com/underwire/2013/05/gender-swap-hawken-picture/
  • Laura Hudson at Wired's Underwire blog was one of many to discuss this story
    • Of some employees at a game company who tackled issues around gender representation
      • With grace, humor and ultimately to good effect
  • I actually read the employee at Meteor Entertainment's own account of this
    • Though I think both it and Hudson's commentary are worth the read
  • In short, despite working in what sounds like a very inclusive and aware environment
    • This person was bothered by a poster of some game art displayed prominently by the CEO
  • If you are familiar with the usual culture of gender dysfunction in tech, videogames more specifically
    • Then you may not even need to see the art reproduced in the wired piece
  • It combines a lot of the ridiculousness that projects like the Hawkeye Initiative highlight
    • In terms of unrealistic clothing, body portrayal and even accessories
      • In this case combining welding gear with a distinct lack of protective gear
  • The mention of the gender swapping Hawkeye Initiative is intentional on Hudson's part
    • As it foreshadows the arc of this story
  • If you are unfamiliar, the Hawkeye Initiative is a distributed hack on gender in comics
    • Where participating artist redo ridiculously unrealistic comic art portraying woman
      • To swap in the bright purple clad, bow toting Avenger
  • I have seen it touted for skewering these ridiculous representations
    • Without shaming those involved to the degree that dialogue is impossible
  • There is a fair amount of humor in those swapped depictions, as well
    • Which seems to invite more conversation and thought that otherwise
  • Back to this particular instance, the anonymous employee
    • Enlisted the aid of one of the game companies artists
      • To create a gender swapped version of the problematic artwork
  • In a move that could have been very disastrous, the pair then swapped the original poster
    • With the one they created, featuring Brosie the Riveter
  • When the CEO saw what they had done, this could have gone badly
    • As would be typical of most video game offices I've read or heard about
  • Consistent with the anonymous workers intro, giving the company credit for being way better than average
    • The CEO saw the prank for what it was and owned his lack of awareness
  • He restored the original art but with the new art right beside it
  • The main point the original post concludes with is the remind us all
    • That often sexism is performed by otherwise well intentioned people
      • Who could use gentle, maybe humorous if that works, reminders
      • Of their better natures to ensure they live up to their potential as allies
  • Hudson adds that since this story broke, the Hawkeye Initiative has put out a call
    • For Brosie moments where folks have moved from discussion to local constructive action
  • In paying more and more attention to issues around inclusion, as a manager
    • My gut often twists when it comes to trying to understand what to do
  • Not every situation will be appropriate for a Brosie intervention
    • But it does reinforce my feeling that we can improve things
      • Without seeing a lot of the distressing argument that often accompanies work in this space
  • How Brosie the Riveter Can Help Solve the Gender Problem in Gaming
  • http://www.wired.com/underwire/2013/05/hawken-brosie-meteor-k2/
  • Hudson followed up with an interview with K2
    • The pseudonym of the employee at the heart of this story
  • Reading through it, it really reinforces the positive lessons here
    • Clarifying both the intention, the reaction and the space of better possibilities

(00:20:15.569) One-Time Pad Reinvented to Make Electronic Copying Impossible

  • http://www.technologyreview.com/view/515016/one-time-pad-reinvented-to-make-electronic-copying-impossible/
  • MIT Technology Review has news of research that could make one-time pads more practical
  • There is a good description of what a one-time pad is in the article
  • In short, it is some random sequence of information with which messages can be combined
  • A receiver needs a copy of the same pad, subtracts it from an encrypted message to decrypt
  • As the article goes on to explain, one-time pads have a couple of challenges
  • The first is a source of truly random information, one that can create amounts
    • At least as large as any given message
  • In the earliest days of secret messages, things like bingo tumblers were used
  • For a pad to be effective, though, whatever is used has to not introduce any inadvertent patterns
    • Like a lazy operator not turning a tumbler sufficient times
  • This problem has been largely solved with modern systems, like ones based on radioactive decay
  • The other problem is that if an attacker gets a copy of a pad
    • It makes the pad utterly useless
  • With paper pads, that was bad enough, but in computer systems
    • Making copies is pretty much what they do best
  • Researchers at California Institute of Tech and colleagues think they have a solution
  • Like quantum crypto systems, it relies on distinct physical properties of a system
  • What the article goes on to describe is how an optical diffusing glass
    • Can be used as a source of random information by shining a pattern of light through it
  • Unlike a paper or electronic copy of a pad, the glass itself isn't enough to decrypt messages
    • The pattern of light is needed as well
  • It is still a possible attack vector and the article mentions someone swiping the glass
    • As needing as much as twenty-four hours to find the right pattern
  • The limiter is that shining light through generates heat
  • Too much heat can shift the microstructure of the glass which would break its ability
    • To reproduce the same key parts originall produced
  • Already encoded messages would be exposed but the users could switch to new glass slabs
  • Both parties would not need exact copies of the same glass, another thought I had reading this
  • The glass is actually used to created a combined key, one that still needs to be as long as a message
  • Actually, when the two parties come together to use their glass for this purpose
    • They need to generate a key large enough for quite a few messages
      • Otherwise they'd constantly need to meet up to generate new keys
  • The system, though, can handle this quite well, in theory
  • Basically, rather than generating just one key, many could be created with the same glass pairs
    • Just by changing the patterns of light sent through them
  • The researchers have already demonstrated creating keys sufficient for 10 gigabits of data
  • Once they have exhausted the reasonable sequences they can get from the glass
    • They can heat the glass to alter its microstructure, effectively create new generators
  • I don't expect this to end up on the desktops of typical users
    • But could easily see something practical coming of this soon
      • For the kinds of critical communications where one-time pads were original used

(00:25:13.581) The Phosphorous Atom Quantum Computing Machine

  • http://www.technologyreview.com/view/515286/the-phosphorous-atom-quantum-computing-machine/
  • MIT Technology Review has news of a breakthrough for a particular model of quantum computing
  • The article provides some good background on a model proposed by Bruce Kane in the 90's
  • An Australian physicist, he suggested using a single phosphorous atom embedded in silicon
  • The materials involved are easily produced in modern fabs
    • And using the spin of the phosphrous atom would allow it to store a qubit value for a long time
  • Reading and writing the spin state also requires readily available NMR components
    • And can be interfaced with traditional electronics
  • The challenge with this idea is that two atoms' spin states cannot be made to interact
  • In order to scale up this simple and practical approach, Kane refined it
    • To use the spin state of one of the electrons orbiting the phosphorus atom
  • Addressing two electrons allows two qubit operations and can be scaled by involving more electrons
  • Unfortunately, reading and writing the spin state of the orbiting electrons
    • Is not as simple as doing so with the spin of the atom itself
  • This past week, Jarryd Pla at the University of New South Wales in Sydney and colleagues
    • Say they have surmounted this obstacle that Australian researchers have been working on for a decade
  • The researchers embedded a phosphorous atom in a silicon nanostructure
  • They placed this in a strong magnetic field at super low temperature
    • Then were able to flip its spin state with a microwave pulse
  • Reading that state proved a bit harder but they were able to demonstrate a technique
    • That utilizes a process called spin-to-charge conversion
  • This device potentially could be scaled to involve 2 qubits, fully implementing Kane's idea
  • Kane's model, as it turns out, is not the only way to approach this milestone
    • And the article mentions both D-wave, which has been in the news
    • And another bit of research using nitrogen vacancies in a diamond lattice
  • I have talked about both of these before but the key advantage explained in the article
    • Is that the phosphorous atom model is much easier to interface with traditional electronics
  • The work here is still very much in the lab stages, temperature being an obvious barrier
    • To a more commercially viable version
  • As the article points out, there are still probably at least a few years ahead
    • Before a Kane style quantum system will compete with the already available D-Wave model
      • Though the electron spin technique is definitely much closer
      • To a more general purpose quantum computer

(00:29:46.149) Following Up

(00:30:03.523) France Set To Dump 3 Strikes Anti-Piracy Law But Automated Fines Will Live On

  • http://torrentfreak.com/france-set-to-dump-3-strikes-anti-piracy-law-but-automated-fines-will-live-on-130514/
  • TorrentFreak was one source that covered the news a couple weeks ago
    • That France's three strikes system is being brought to an end as it is
  • Prompted by the French culture minister last year, a nine member panel
    • Just issued a report making clear that Hadopi, the body responsible for the system
      • Has been anything but a success
  • The key detail mentioned in the post is that after spending millions of euro
    • The agency only collected a single 150 euro fine
  • Unfortunately, the panel is recommending that the copyright enforcement scheme not be ended
    • But rather that it should be transferred to a new, existing agency
    • And to continue though without the threat of disconnection that was the most troubling aspect
  • Instead, after two offenses, an automated system would issue fines of a fixed size
  • This was one recommendation of many that will be reviewed by lawmakers
    • For a report back later in the Summer

(00:31:21.881) Xbox One won't allow indies to self-publish games

  • Microsoft's next console, the XBox One, was announced this past week
  • http://www.shacknews.com/article/79309/xbox-one-wont-allow-indies-to-self-publish-games
  • According to Shacknews.com via <a href="http://radar.oreilly.com/nat">Nat Torkington's Four short links</a>
    • It will continue policies with the 360 that make it impossible for indie gamers
      • To self publish their titles through the sole online distribution channel
  • Instead, smaller gamers will need to get a publishing deal with Microsoft
    • Or through some other third party who has such a deal
  • This is entirely consistent with the lack of backward compatibility by default
    • That I posted about earlier
  • In both cases, the issue seems to be money and control
    • That while these things are technically possible
      • They cannot be done without paying for the privilege
  • I am hoping that new entrants, like the Steambox and the Ouya
    • Make popular less restrictive, more open alternatives
      • To show that those models can be as successful while being more fair to gamers

(00:29:46.149) Outro

Personal tools