Four Short Links

Nat Torkington's eclectic collection of curated links.

Four short links: 27 June 2017

Reading Papers, AR Kit, Demoing to Sell, and Secure Go

  1. How to Read a Scientific Paper: A Guide for Non-Scientists -- excellent advice. 1. Read the introduction (not the abstract). 2. Identify the BIG QUESTION. 3. Summarize the background in five sentences. 4. Identify the SPECIFIC QUESTION(S). 5. Identify the approach. 6. Draw a diagram for experiments, showing methods. 7. Summarize results from each experiment. 8. Do results answer the SPECIFIC QUESTION(S). 9. Read conclusion/discussion/interpretation section. 10. Now, read the abstract. 11. What do other researchers say about this paper?
  2. Made with ARKit -- selections of demos made with Apple's augmented reality framework. I may be shallow, but I'm excited to have this in my hands. The ruler made me go "wow."
  3. Everything I Wish I'd Known Before I Started Demoing SaaS -- the sales process turns on the pain points and the decision-maker, and this (good!) advice is how you make sure your demo moves you ahead on both.
  4. Go Language - Web Application Secure Coding Practices -- The main goal of this book is to help developers avoid common mistakes, while at the same time learning a new programming language through a "hands-on approach." This book provides a good level of detail on "how to do it securely," showing what kind of security problems could arise during development. (via Binni Shah)

Four short links: 26 June 2017

Howtoons Kidsets, Computational Thinking, Data Viz, and Affordable Genomics

  1. Howtoons Subscription -- this is brilliant! An amazing kit in the mail each month, with an interesting project each time. It's given me some priceless moments with my nephew. They're not so long that the kid loses interest, nor so mundane that you lose interest.
  2. CS Unplugged 2.0 -- an update to the classic "learn computational thinking without a computer" system. (via Jack Morgan)
  3. Data Visualization Pitfalls to Avoid (Tamara Munzner) -- latest iteration of this excellent evidence-based guide to making your visualizations accurate, useful, and generally free of the suck. If you're not periodically checking Tamara's talks page, then you're missing out.
  4. Oxford Nanopore -- I've been watching this for a while, and it's showing all the signs of enabling the promised genomics explosion: affordable real-time USB-powered DNA sequencing. Users are doing all sorts of interesting things from amateur soil metagenomics to real-time Zika sequencing.

Four short links: 23 June 2017

Neural Network Numbers, Pwning Android, Pwning America, and Putting the AR in Mario

  1. What I've Learned About Neural Network Quantization (Pete Warden) -- lots of nerdy gems—for example, on the importance of being able to exactly represent zero: The problem is that the real value of zero shows up a lot more often than you’d expect in neural network calculations. Convolutions are padded with zeros at the edges when filters overlap, and the Relu activation function gates any negative numbers at zero. This means that any error in the zero representation contributes disproportionately to overall results.
  2. Complete Control of the UI Feedback Loop -- paper on a design problem in Android, whereby with just two permissions you can then do all sorts of nasties: quietly mount practical, context-aware clickjacking attacks; perform (unconstrained) keystroke recording; steal user’s credentials, security PINs, and two factor authentication tokens; and silently install a God-mode app with all permissions enabled. (via Adrian Colyer)
  3. Election Data was Changed (Time) -- In one case, investigators found there had been a manipulation of voter data in a county database, but the alterations were discovered and rectified, two sources familiar with the matter tell TIME. Investigators have not identified whether the hackers in that case were Russian agents.
  4. AR Super Mario Brothers (YouTube) -- I recreated the iconic first level, dressed up as Mario and then played it in Central Park (NYC). Built in Unity3D for the Microsoft Hololens. This video was recorded entirely through the hololens with no post production. Oh. my. (via Sam Kinsley)

Four short links: 22 June 2017

Video Segmentation, Password Resets, Hackpocalypse Now, and Google Glass Updates

  1. Machine Learning and Coresets for Automated Real-Time Video Segmentation of Laparoscopic and Robot-Assisted Surgery -- they automatically split video into segments and identify representative frames for each segment, using coresets. (Google helpfully corrected my "mit coresets" search to "with corsets," but I'll let you find your own interesting links there.)
  2. The Password Reset MitM Attack -- has a great checklist at the end, which will help you get your password reset process right. (via Adrian Colyer)
  3. Extent of Ukrainian Hacks (Wired) -- A hacker army has systematically undermined practically every sector of Ukraine: media, finance, transportation, military, politics, energy. Wave after wave of intrusions have deleted data, destroyed computers, and in some cases paralyzed organizations’ most basic functions. “You can’t really find a space in Ukraine where there hasn’t been an attack,” says Kenneth Geers, a NATO ambassador who focuses on cybersecurity. In a public statement in December, Ukraine’s president, Petro Poroshenko, reported that there had been 6,500 cyberattacks on 36 Ukrainian targets in just the previous two months. You know how most intrusions in your country aren't reported? Imagine if those intrusions were used to shut down the organization in question: that's Ukraine.
  4. Mysterious Google Glass Updates -- "XE23" is the new firmware version, the first such update in nearly three years. In addition to the usual "bug fixes and performance improvements," Glass can now make use of paired Bluetooth input devices, like keyboards and mice. Android Police actually dusted off a unit and got the new firmware up and running, discovering that you'll actually get a mouse cursor on the unit if you pair a mouse.

Four short links: 21 June 2017

CTO Advice, Slurping Citations, Distrust Your Network, Encrypted Yet Insecure Databases

  1. CTO Advice -- When hiring candidates, ask for their operating manual. Tell candidates: “Imagine you're a robot. What does your manual say under 'ideal operating conditions.'” Once they answer, follow-up with this question: “What does the 'warning label' say?” You're likely to get insightful, unpredictable, and humorous answers in this very low-lift way of gauging self-awareness and revealing personality. Lots of really good advice.
  2. pdfx -- a script that pulls citations and references out of a PDF, downloads those references, even pulls the text out of the paper.
  3. Google Releases New BeyondCorp Paper -- their corporate identity and access system, which lets them distrust even their internal network. Nice.
  4. Why Your Encrypted Database Is Not Secure -- Encrypted databases, a popular approach to protecting data from compromised database management systems (DBMS’s), use abstract threat models that capture neither realistic databases, nor realistic attack scenarios.

Four short links: 20 June 2017

Dynamic Processes, Hardware Upgrades, Social Cooling, and RNC Data

  1. Close-Up View of DNA Replication Yields Surprises -- Conventional wisdom is that the polymerases on the leading and lagging strands are somehow coordinated so that one does not get ahead of the other. If that did happen, it would create stretches of single-stranded DNA that are highly susceptible to damaging mutations. Instead, what looks like coordination is actually the outcome of a random process of starting, stopping, and variable speeds. Over time, any one DNA polymerase will move at an average speed; look at a number of DNA polymerases synthesizing DNA strands over time, and they will have the same average speed.
  2. Hardware Is the New Software -- Microsoft researcher hypothesizes that Intel is releasing new features in chips at a faster rate because the end of Moore's Law means the end of reasons to keep upgrading CPUs. The graphs are great. (via Adrian Colyer)
  3. Social Cooling -- People are changing their behavior to get better scores. [...] Social Cooling describes the long-term negative side effects of living in a reputation economy.
  4. Inside the RNC Data Leak (Upguard) -- anyone with an internet connection could have accessed the Republican data operation used to power Donald Trump’s presidential victory, simply by navigating to a six-character Amazon subdomain: “dra-dw”. Interesting not just for this, but also for the glimpse at the CSV files.

Four short links: 19 June 2017

Telco Exploits, Property-Based Testing, Open Textbooks, and Energy Futures Fiction

  1. SigPloit -- a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators. It's not comforting to think of telcos as being run on a bunch of insecure protocols for which there are exploits everywhere. Then again, if that thought disturbs you, don't read up on BGP.
  2. Hypothesis -- lets you write tests which instead look like this: For all data matching some specification, perform some operations on the data; assert something about the result. This is [...] property-based testing.
  3. University of Minnesota's Open Textbook Library -- great collection across many subject areas. For nerds like me who like to curl up with a textbook in front of the fire.
  4. Telling Tomorrows: Science Fiction as Energy Futures Research Tool -- This paper makes a case for the utility of prose science fiction both as a methodological tool of representation and portrayal for energy futures research that meets these criteria, and as a storehouse of tools and strategies for the critique of energy futures. Because if someone can read a bunch of science fiction for their day job and get a publication of their own out of it, I'm going to link to that paper.

Four short links: 16 June 2017

Maciej Interview, GPU Visualization, Games Replacing Jobs, and History of Privacy

  1. Maciej Ceglowski on Why Fandom is Good for Business -- I didn't realize that it was Britta Gustafson, the former community manager of Delicious (from its glory days), who made him appreciate fandom. He's returned the favour: she now has the keys to the Delicious social media accounts.
  2. Stardust -- GPU-based Visualization Library.
  3. Young Men Are Playing Video Games Instead of Getting Jobs -- Even as the unemployment rate has dropped, labor force participation—the number of people who either work or want to work—has dwindled. In particular, young men without college degrees have become increasingly detached from the labor market. And what they appear to be doing instead is playing video games. [...] A young life spent playing video games can lead to a middle age without marketable skills or connections. "There is some evidence," Hurst pointed out, "that these young, lower-skilled men who are happy in their 20s become much less happy in their 30s or 40s."
  4. History of Privacy in 50 Images -- fascinating! Despite some high-profile opposition, the first American Census was posted publicly, for logistics reasons, more than anything else. Transparency was the best way to ensure every citizen could inspect it for accuracy.

Four short links: 15 June 2017

Positive Design Fiction, Gray Failure, OMGLOLWTF Blockchain, and AI Negotiations

  1. Various Sci Fi Projects Allegedly Creating a Better Future (Bruce Sterling) -- he's written for a lot of "imagine a better future" attempts counter to what seems to be a world lurching toward dystopia. The “better future” thing is jam-tomorrow and jam-yesterday talk, so it tends to become the enemy of jam today. You’re better off reading history and realizing that public aspirations that do seem great, and that even meet with tremendous innovative success, can change the tenor of society and easily become curses a generation later. Not because they were ever bad ideas or bad things to aspire to or do, but because that’s the nature of historical causality. Tomorrow composts today. (via Cory Doctorow)
  2. Gray Failure (PDF) -- component failures, whose manifestations are fairly subtle and thus defy quick and definitive detection. Examples of gray failure are severe performance degradation, random packet loss, flaky I/O, memory thrashing, capacity pressure, and non-fatal exceptions. [...] Our first-hand experience with production cloud systems reveals that gray failure is behind most cloud incidents. (via Adrian Colyer)
  3. Daisy: A Private Blockchain Where Blocks Are SQLite Databases, in Go -- as one Hacker News commenter described it: Everything about this feels like the most terrible idea ever, but in such a fascinating way. It's beautiful.
  4. Facebook's Negotiating AIs -- The FAIR researchers' key technical innovation in building such long-term planning dialog agents is an idea called dialog rollouts. Build a tree of possible conversation paths, and pick the one that has the greatest chance of success by simulating all those possible conversations. There were cases where agents initially feigned interest in a valueless item, only to later “compromise” by conceding it—an effective negotiating tactic that people use regularly. This behavior was not programmed by the researchers but was discovered by the bot as a method for trying to achieve its goals.

Four short links: 14 June 2017

Reducing Bias, Autonomous Shipping, Control Systems Malware, and Program Management

  1. 7 Practical Ways to Reduce Bias in Your Hiring Process -- nothing new, but it's nice to have it in a box to point your management at.
  2. Autonomous Ships -- the first commercial vessel to navigate entirely by itself could be a harbor tug or a ferry designed to carry cars the short distance across the mouth of a river or a fjord, and it or similar ships will be in commercial operation within the next few years. And we expect fully autonomous oceangoing cargo ships to be routinely plying the world’s seas in 10 or 15 years’ time.
  3. WIN32/INDUSTROYER (PDF) -- report on control systems malware. As described in this Wired article.
  4. When Your Startup Needs Program Management -- first time I'd encountered the Driver, Approver, Contributor, Informed (DACI) model.

Four short links: 13 June 2017

Drone Energy, Open Speech Data, Predicting Suicide, and Designing Amidst Algorithms

  1. Drone Energy Sources -- what to look for, what the choices are, who's doing interesting work.
  2. Can You Help Me Gather Open Speech Data? (Peter Warden) -- I’ve put together a website that asks you to speak about 100 words into the microphone, records the results, and then lets you submit the clips. I’m then hoping to release an open source data set out of these contributions, along with a TensorFlow example of a simple spoken word recognizer.
  3. Predicting Suicide Accurately -- the paper (use sci-hub for access) is interesting. This set of more than 5,000 cases was used to train the machine to identify those at risk of attempted suicide compared to those who committed self-harm but showed no evidence of suicidal intent. The researchers also built algorithms to predict attempted suicide among a group of 12,695 randomly selected patients with no documented history of suicide attempts. It proved even more accurate at making suicide risk predictions within this large general population of patients admitted to the hospital. Now the question becomes: how do we use this so as to minimize damage with false positives and false negatives, as well as true positives and negatives.
  4. Design in the Era of the Algorithm (Josh Clark) -- The design and presentation of data is just as important as the underlying algorithm. Algorithmic interfaces are a huge part of our future, and getting their design right is critical—and very, very hard to do. My work has begun to turn to the responsible and humane presentation of data-driven interfaces. And I suspect that yours will, too, in very short order. While constructing these machine learning models is indeed heavy-duty data science, using them is not. Tons of these machine learning models are available to all of us here to build upon right now.

Four short links: 12 June 2017

Modern Web Spellbook, GPU Gap, Measure What Matters, and Educational Robotics Toy

  1. Spellbook of Modern Web Dev -- This document originated from a bunch of most-commonly used links and learning resources I sent to every new web developer on our full-stack web development team. For each problem domain and each technology, I try my best to pick only one or a few links that are most important, typical, common, or popular and not outdated, based on clear trends, public data, and empirical observation.
  2. How AI Can Keep Accelerating After Moore’s Law -- answer: GPUs and innovation therein. Nvidia CEO Jensen Huang displayed a chart showing how his chips’ performance has continued to accelerate exponentially while growth in the performance of general purpose processors, or CPUs, has slowed. Doug Burger, a distinguished engineer at Microsoft’s NExT division that works on commercializing new technology, says a similar gap is opening between conventional and machine learning software. “You’re starting to see a [performance] plateau for general software—it has stopped improving at historical rates—but this AI stuff is still increasing rapidly,” he says. Also: Google's machine learning how-to-optimize-machine-learning result would cost you $250K to reproduce on Amazon GPUs.
  3. Gamified Wikipedia Tutorial Didn't Change Participation Rates (Benjamin Mako Hill) -- To our surprise, we found that, in both cases, there were no significant effects on any of the outcomes of interest. Being invited to play the Wikipedia Adventure, therefore, had no effect on new users’ volume of participation either on Wikipedia in general, or on talk pages specifically, nor did it have any effect on the average quality of edits made by the users in our study. Despite the very positive feedback that the system received in the survey evaluation stage, it did not produce a significant change in newcomer contribution behavior. We concluded that the system by itself could not reverse the trend of newcomer attrition on Wikipedia. A reminder that you should, as Mako Hill did, measure the behaviour you care about, not how much people enjoyed your intervention.
  4. Sony Toio -- the result of five years of research into developing a toy that’s simple enough for kids to use, but also sophisticated enough to create a figurative sandbox where kids can explore the inner workings of robotics engineering.

Four short links: 9 June 2017

Text Analysis, Specific Phones, AI Copyright, and Minecraft for R

  1. scattertext -- fun tool for finding distinguishing terms in small-to-medium-sized corpora. (via Lynn Cherny on Twitter)
  2. Shanzhai Archaeology (We Make Money Not Art) -- counterfeit consumer goods, sold at lower prices and boasting multifunctional performance, targeted at particular audiences. My favourite: The Power Bank Phone: Ghana is currently going through a major power grid crisis: blackouts in the city can last for 36 hours on end. As a result, a significant business activity has grown around the sale of portable USB chargers that can charge electronic devices or even power bulbs. The Power Bank Phone, designed for this particular market, combines a 10000 Mh USB charger, an LED flashlight, and 3 sim card slots to connect the entire family or to take advantage of promotions offered by different operators.
  3. Do Androids Dream of Electric Copyright? Comparative Analysis of Originality in Artificial Intelligence Generated Works -- paper on the vexing topic of copyright in works generated by AI. Modern copyright law has been drafted to consider originality as an embodiment of the author’s personality, and originality is one of the main requirements for the subsistence of copyright. So, what happens when you remove personality from the equation? Are machine-created works devoid of copyright? Do we need to change copyright law to accommodate autonomous artists?
  4. R Interface to Minecraft -- a project to interface the R language with Minecraft. The resulting R package, miner, is now available to install from Github. The goal of the package is to introduce budding programmers to the R language via their interest in Minecraft, and to that end there's also a book (R Programming with Minecraft) and associated R package (craft) under development to provide lots of fun examples of manipulating the Minecraft world with R.

Four short links: 8 June 2017

Google Brain, Chinese Robotics, Options Debunked, and Slender Reactive UI

  1. Google Brain Residency -- really interesting rundown on projects he worked on during his residency. The culture of testing has not sufficiently caught on yet. We need better ways of asserting during training, that various parts of networks maintain certain means and variances, don't oscillate too much, or stay within ranges. ML bugs make the heisenbugs of my systems past seem delightfully easy.
  2. 500 Chinese Robot Companies -- China installed 90,000 robots in 2016, 1/3 of the world's total and a 30% increase over 2015.
  3. Options vs. Cash -- omg, this.
  4. Moon.js -- reactive Javascript UI library with Vue's API. 5KB minified. (via Hacker Noon)

Four short links: 7 June 2017

Social CRM, Safe Data Exploration, Fruity Robots, and Malware Backchannel

  1. Monica -- open source social CRM.
  2. Safe Visual Data Exploration -- Brown visual data exploration system that interacts with users to formulate hypotheses based on visualizations and provides interactive control of false discoveries.
  3. Apple Picking Robot (PBS) -- “We grow in the United States, between 315,000 and 320,000 acres of apples for fresh market … the labor demand per year ranges from 250 to 350 man-hours per acre. That is not small,” Lewis said. “Every piece of tree-fruit in stores, in the world today is handpicked,” she said.
  4. Britney Spears as Malware Backchannel -- a recently discovered backdoor Trojan used comments posted to Britney Spears's official Instagram account to locate the control server that sends instructions and offloads stolen data to and from infected computers.

Four short links: 6 June 2017

P2P Browser, Learning RTS, Growth Hacking, and Apple's ARKit

  1. Beaker Browser -- A peer-to-peer web browser. Create and fork websites directly from your computer. You control your data. No blockchain required.
  2. TorchCraft -- a library that enables deep learning research on real-time strategy (RTS) games such as "StarCraft: Brood War" by making it easier to control these games from a machine learning framework—here, Torch. This white paper argues for using RTS games as a benchmark for AI research and describes the design and components of TorchCraft. Code on GitHub.
  3. GrowthHackers Conference Notes -- notes from all the sessions on the recent GrowthHackers Conference.
  4. Apple ARKit -- augmented reality framework for iPhone and iPad. I'm looking forward to their hardware entry, for which this greases the runway.

Four short links: 5 June 2017

Dancing Robot, Mario in Hololens, Lambda for Real, and Game AI

  1. Dance Teaching Robot -- the subtle art of leading and following—check out the video.
  2. Super Mario Hololens Project -- early teases (mocks?) from Twitter. (via Andy Baio)
  3. Serverlessness -- Michal Migurski's notes after using AWS Lambda for a few projects.
  4. AI and Games -- first draft of a book to be published by Springer.

Four short links: 2 June 2017

Bitcoin Miners, Facebook Not Open, Pinboard Wins, and Data Sketching

  1. Bitcoin Mining Companies Shut Down in China -- Local Bitcoin miners say they were not forced to relocate, but they are reluctant to talk more about the shutdown. The Bajiaoxi Mining Factory located in Bajiaoxi Hydropower Station is one of them. Gibsonian futures come at you fast. (via David ten Have)
  2. Facebook as Threat to Open Web -- not indexed, not archived. Stephen Fry called for social media to be regulated as a publisher, which is the corollary of "they're not the free and open web."
  3. Pinboard Acquires Delicious -- This is the fifth time Delicious has been sold. Founded in 2003, the site received funding from Union Square Ventures in 2005, and sold to Yahoo later that year for somewhere between $15-$30M. In December of 2010, Yahoo announced it was ‘sunsetting’ Delicious, an adventure I wrote about at length. The site was sold to the YouTube founders in 2011. They subsequently sold it to Science, Inc., in 2014. Science sold it to Delicious Media in 2016, and last month Delicious Media sold it to me. Do not attempt to compete with Pinboard.
  4. Data Sketching -- sketching is dealing with Too Much Data by using it as it streams by rather than storing it and massively computing the backlog. This article introduces the ideas behind sketching, with a focus on algorithmic innovations. It describes some algorithmic developments in the abstract, followed by the steps needed to put them into practice, with examples. The article also looks at four novel algorithmic ideas and discusses some emerging areas.

Four short links: 1 June 2017

Slack Topics, Internet Trends, Economics as UI, and Paper Fingerprinting

  1. A Bot That Helps Slack Users Stay On Topic -- very cute, it builds a signature for each channel based on the conversations that happen in it. When someone posts something better suited to another channel's fingerprint (the example given is talking about football in a channel for scuba diving), the bot tells them where it's better suited.
  2. Mary Meeker's Internet Trends -- looks like the rising tide of internet, web, and mobile adoption is past its maximum growth. The easy growth is over. As Buffett said, "when the tide goes out you can see who was swimming naked."
  3. Algorithmic Fallibility and Economic Organization (NESTA) -- a point that Jaron Lanier made in his 2010 book, "Who Owns the Future": 'with every passing year, economics must become more and more about the design of the machines that mediate human social behaviour. A networked information system guides people in a more direct, detailed, and literal way than does policy. Another way to put it is that economics must turn into a large-scale, systemic version of user interface design.'
  4. Texture to the Rescue: Practical Paper Fingerprinting based on Texture Patterns -- a novel paper fingerprinting technique based on analyzing the translucent patterns revealed when a light source shines through the paper. (via NCL)

Four short links: 31 May 2017

Open Data, Microsploit, Misunderstanding Secure Comms, and Interactive Dialogue

  1. csv,conf,v3 -- notes from the recent open data conference.
  2. Microsploit -- Fast and easy, create a backdoor office exploitation using module metasploit packet—Microsoft Office, Open Office, Macro attack, Buffer Overflow. (via Aditya Gupta)
  3. Obstacles to the Adoption of Secure Communication Tools -- of 60 participants, 57 participants provided various incorrect explanations of digital signatures, and that was representative of most questions about How Stuff Works. Video of the talk is also online. (via Trammell Hudson)
  4. YarnSpinner -- a C# library for interactive dialogue in games [...] similar to Twine. (via The Secret Lab)