Four Short Links

Nat Torkington's eclectic collection of curated links.

Four short links: 22 March 2017

W3C Sucks, 2038 Ahoy, Swagger 3.0, and Javascript Bundling

  1. W3C Enabling Suing Researchers (BoingBoing) -- your periodic reminder that the W3C is captured by the enemies of open.
  2. 2038 Just 21 Years Away (LWN) -- an update on work to ease the 2038 problem. 2038 is my retirement insurance policy. [T]he point in early 2038 when 32-bit time_t values can no longer represent times correctly is now less than 21 years away. That may seem like a long time, but the relatively long life cycle of many embedded systems means that some systems deployed today will still be in service when that deadline hits.
  3. Visual Guide to What's New in Swagger 3.0 -- Swagger is a sweet way to define and document an API. I do like the side-by-side diffs showing old and new ways to do things, as a good way to communicate changes.
  4. Getting Started with Javascript Bundling and Webpack (YouTube) -- In this talk from nz.js(con), Tanya Grey teaches basic bundling, and this functions as a good walk through the mysterious world of Javascript tooling ... all those things you need to Do The Javascripts Goodly, those packages with names like "grunt," "gulp," and "browserify."

Four short links: 21 March 2017

Face Scanners, Formal Specifications, Simulated NYC, and Open Source Motorbike

  1. Wiping Out Crime -- face scanners in Beijing public toilets to ration out toilet paper.
  2. Video Course in TLA+ -- Leslie Lamport's course on his specification language.
  3. Humans of Simulated New York -- somewhere in the simulation, a data structure skims Four Short Links and thinks "that's just silly." The model presented in this paper experiments with a comprehensive simulant agent in order to provide an exploratory platform in which simulation modelers may try alternative scenarios and participation in policy decision-making.
  4. Open Source Motorcycle -- putting the forks back in ... no, I can't just do it. I'm sorry.

Four short links: 20 March 2017

Time Series Database, Open Source Maintenance, Conversational Devices, and Google Glass's Act Two

  1. TimescaleDB -- an open source time series database optimized for fast ingest and complex queries. Fully compatible with Postgres.
  2. Managing an Open Source Project (Daniel Bachhuber) -- always interesting to see how open source maintainers manage their time and the flow of demands on it.
  3. Tom Coates on Conversational Devices -- podcast with Mr. Coates from Thington, talking about seamfulness, semantics, and the complexity of the scenarios of your home. If you disaggregate what people say they want, it gets more complicated—which leads into a thoughtful and restrained discussion of why "I just want the lights to come on when I move in my bedroom" might not be welcome if implemented in a straightforward fashion.
  4. Google Glass's Second Life in Manufacturing -- With Google Glass, she scans the serial number on the part she's working on. This brings up manuals, photos, or videos she may need. She can tap the side of headset or say "OK Glass" and use voice commands to leave notes for the next shift worker. Because your shift manager doesn't call you a "Glasshole" if you use it to do your job.

Four short links: 17 March 2017

Personalized Learning, Programming Programming Languages, Poker AI, and Technical Interviews

  1. Problems with Personalized Learning (Dan Meyer) -- a thorough and beautiful skewering of vapid edtech promises. Personalized learning is only as good as its technology, and in 2017, that technology isn’t good enough.
  2. Beautiful Racket -- a book on making programming languages, one that's written to be readable instead of academic.
  3. DeepStack: Expert-Level Artificial Intelligence in Heads-Up No-Limit Poker -- now the AIs are kicking ass at heads-up no-limit Texas Hold 'em.
  4. Acing the Technical Interview (Aphyr) -- satire, I hope. Beautiful beautiful satire.

Four short links: 16 March 2017

Werewolf AI, Board Games, Coin Tossing, and Glitch Platform

  1. Towards Deception Detection in a Language-Driven Game (PDF) -- This paper focuses exclusively on how the Explanation Generator generates hypotheses for the actions of human players based on observations of their conversational utterances. Werewolf is their test data. I do not think it is wise to teach the softwares to play Werewolf.
  2. CIA Trains Officers with Board Games (Ars Technica) -- where are the software/startup simulation board games? (via BoingBoing)
  3. The Impact of a Coin Toss on Major Life Decisions and Subsequent Happiness (PDF) -- Those who flipped heads were approximately 25% more likely to report making a change than those who got tails.
  4. Glitch -- sweet collaboratively edited code for web apps, with View Source, but clearly laying a path to being commercial PaaS. Neat.

Four short links: 15 Mar 2017

VR/AR Harm, Vulnerable Containers, Old-School Coding, and Complexity + Strategy

  1. Still Logged In: What AR and VR Can Learn from MMOs -- Raph Koster's GDC keynote forcefully makes the point that online immersive experiences are disproportionately used by people who are emotionally vulnerable, yet VR/AR is recreating the tragic mistakes made by game designers. (via BoingBoing)
  2. Docker Image Vulnerability Research -- 24% of the latest Docker images have significant vulnerabilities.
  3. 1965 Intro to Programming Course (PDF) -- old-school flowcharts to code, but I couldn't find a paragraph to quote because it's full of "the student ... his ... he ... him," which waters eyes these days.
  4. Complexity and Strategy -- In actual practice, if the product stays small, you can essentially “book” that initial productivity gain—a clear win. If the product starts to grow complex—and you can predict that fairly directly by looking at the size of the development team—then costs will come to be dominated by that increasing feature interaction and essential complexity. Project after project has demonstrated there is nothing about language or underlying technical infrastructure that changes that fundamental curve.

Four short links: 14 March 2017

Maps for Cars, Container Metrics, Game Patent, and QR Scams

  1. The Most Detailed Maps of the World Will Be for Cars Not Humans (Ars Technica) -- a great point, well stated.
  2. ctop -- top for container metrics.
  3. The Tapper Videogame Patent -- Video game in which a host image repels ravenous images by serving filled vessels.
  4. QR Code Scams -- paste your own QR code over the merchant's, and customers happily pay your account instead—e.g., Users normally can scan a code to unlock rental bikes; by attaching their own QR code to the bike, fraudsters can fool bike riders into transferring $43—the same amount as Mobike’s required deposit—to their account.

Four short links: 13 March 2017

Attention Prioritization, Event Sourcing, Containerized Dropbox, and Player Modeling

  1. ASAP: Automatic Smoothing for Attention Prioritization in Time Series -- automatically smooths time series plots to remove short-term noise while retaining large-scale deviations.
  2. PumpkinDB -- Event sourcing database engine that doesn't overwrite data.
  3. Run Dropbox in a Container -- keep its grubby fingers off your account.
  4. Ethical Considerations in Player Modeling -- We source categories of ethical issues in the application of artificial intelligence (AI) from work on AI ethics, and using these, we provide several specific examples of ethical issues in player modeling. Building from the examples, we suggest establishing a framework for understanding ethical issues in player modeling, and we propose a number of methodological approaches to address the identified challenges.

Four short links: 10 March 2017

Puma Surveillance, Illicit Domains, Ethics for Algorithms, and the Drama Triangle

  1. Puma Surveillance State Proceeds Apace (PDF) -- Acquiring reliable data on large felid populations is crucial for effective conservation and management. However, large felids, typically solitary, elusive, and nocturnal, are difficult to survey. [...] Classification accuracy was consistently > 90% for individuals, and for the correct classification of footprints within trails, and > 99% for sex classification. The technique has the potential to greatly augment the methods available for studying puma and other elusive felids, and is amenable to both citizen-science and opportunistic/local community data collection efforts, particularly as the data collection protocol is inexpensive and intuitive. I wonder whether dong deduction from footprint photos features in puma dystopic literature.
  2. Information Extraction in Illicit Domains (PDF) -- Illicit domains pose some formidable challenges for traditional IE systems, including deliberate information obfuscation, non-random misspellings of common words, high occurrences of out-of-vocabulary and uncommon words, frequent (and non-random) use of Unicode characters, sparse content and heterogeneous website structure, to only name a few. [...] We present a lightweight feature-agnostic information extraction system for a highly heterogeneous, illicit domain like human trafficking.
  3. Ethics for Powerful Algorithms (Abe Gong) -- video of Abe's talk at ODSC. He suggests four questions we should ask ourselves as we automate humans out of a loop: 1. Are the statistics solid? 2. Who wins? Who loses? 3. Are the changes in power structures helping? 4. How can we mitigate harms? (via O'Reilly)
  4. Karpman Drama Triangle -- I collect useful mental frameworks and models. This one does a great job of explaining "drama" (vs. genuine victimization), which you'll now recognize in interpersonal conflict at work and at home. The standard solution is the Winner's Triangle (where we should be vulnerable, caring, and assertive), but a book called The Power of TED suggests the participants look for roles as Creator, Challenger, and Coach for getting to a desired outcome. "You don't have to be a therapist to manage people, but it helps."

Four short links: 9 March 2017

Maintainer Pain, System Design, Javascript Crypto, USB Firewall

  1. What It Feels Like to Be An Open Source Maintainer -- One reason this situation is so frustrating is that, increasingly, I find that issue triage takes time away from the actual maintenance of a project. In other words, I often only have enough time to read through an issue and say, “Sorry, I don’t have time to look at this right now.” Just the mere act of responding can take up a majority of the time I’ve set aside for open source. (via Daniel Bachhuber)
  2. System Design Primer -- curriculum, overview, and flashcards around the subject of building high-traffic web systems.
  3. Mender -- Apache-licensed over-the-air update for embedded Linux devices. (putting the S back in IoT?)
  4. USG -- open source hardware for a USB firewall. It connects between your computer and an untrusted USB device, isolating the badness with an internal hardware firewall.

Four short links: 8 March 2017

Geriatric Javascript, AI Discrimination, Weaponizing AI, and Math for CS

  1. Outdated Javascript Libraries on the Web (Paper a Day) -- 36.7% of jQuery includes, 40.1% of Angular, and an astonishing 86.6% of Handlebars includes use a vulnerable version. [...] the root causes are systemic in the JavaScript ecosystem.
  2. Yuval Harari Interview -- Q: As a gay man, which discrimination do you prefer? A: There would really have to be some evil algorithm to do worse than human beings.
  3. Cooperation vs. Aggression (Mike Loukides) -- Machines learn what we teach them. If you don't want AI agents to shoot, don't give them guns.
  4. Mathematics for Computer Science (PDF) -- MIT coursebook, CC-BY-SA licensed.

Four short links: 7 March 2017

Robot Training, Modeling Complex Systems, AI Devalued, and Pointed Games

  1. Robot Training With EEG -- “As you watch the robot, all you have to do is mentally agree or disagree with what it is doing,” says Rus. “You don’t have to train yourself to think in a certain way—the machine adapts to you, and not the other way around.”
  2. Five Models for Making Sense of Complex Systems -- covers Mind Maps, to gather your thoughts; Concept Maps, to organize your understanding; System Maps, to map the system (a tautology, but an accurate one); Mental Models, to understand and communicate your user’s understanding; Concept models, to message a way to think about a complex system.
  3. AI Has Become Meaningless (The Atlantic) -- Deflationary examples of AI are everywhere.
  4. Snakisms -- playable pointed games from (Kiwi) game philosopher Pippin Barr. I admire the subtle alterations of the known form as well as the gap the creator left that you have to fill by playing.

Four short links: 6 Mar 2017

Container Paperwork, Security 101, HR Advice, and Claude Shannon

  1. Blockchain? (NYT) -- Maersk had found that a single container could require stamps and approvals from as many as 30 people, including customs, tax officials, and health authorities. While the containers themselves can be loaded on a ship in a matter of minutes, a container can be held up in port for days because a piece of paper goes missing, while the goods inside spoil. The cost of moving and keeping track of all this paperwork often equals the cost of physically moving the container around the world. (via Marginal Revolution)
  2. Security 101 for SaaS Startups -- capable of being endlessly debated, but the first part has a lot of things that I do when I set up a new company, so it passes the sniff test.
  3. Thirteen Thousand, Four Hundred, Fifty-Five Minutes of Talking to Get One Job -- quantified job hunting, with advice for HR departments. My best, though most unrealistic, suggestion to make this process better is to require everyone who is part of the hiring process at your company to go through the interview process somewhere else regularly. Of course, there is serious risk to this, but it is absolutely the best way to understand just how broken the system is, and it forces you to develop empathy (assuming you aren’t a sociopath).
  4. Claude Shannon Turns 1100100 -- Shannon built a machine that did arithmetic with Roman numerals, naming it THROBAC I, for Thrifty Roman-Numeral Backward-Looking Computer. He built a flame-throwing trumpet and a rocket-powered Frisbee. He built a chess-playing automaton that, after its opponent moved, made witty remarks. Inspired by the late artificial-intelligence pioneer Marvin Minsky, he designed what was dubbed the Ultimate Machine: flick the switch to “On” and a box opens up; out comes a mechanical hand, which flicks the switch back to “Off” and retreats inside the box. Shannon’s home, in Winchester, Massachusetts (Entropy House, he called it), was full of his gizmos, and his garage contained at least 30 idiosyncratic unicycles—one without pedals, one with a square tire, and a particularly confounding unicycle built for two.

Four short links: 3 March 2017

Product Prototyping, Web Server, Privacy Settings, VR Standard

  1. Superior Product Prototyping -- Most people increase their effort and focus as the product develops and they find issues they need to fix or address, peaking at the moment right before you ship. Although this is sometimes unavoidable, this is not what you want to do. Making changes at the end of development is far more difficult, dangerous and costly than in the beginning.
  2. Caddy Web Server -- two features caught my eye: no pain LetsEncrypt https, and can pipe stdin and stdout from any program to WebSocket clients. (via Taylor Swift)
  3. What (or Who) Is Public?: Privacy Settings and Social Media Content Sharing -- less than half of the participants in our data set (864) show multiple privacy settings across their six provided posts. Age and gender are the biggest predictors. Data set available on GitHub. (via Casey Fiesler)
  4. OpenXR -- working group—previously known as the Khronos VR Initiative—creating an open and royalty-free standard for VR and AR applications and devices. Samsung, Oculus, Google, Steam, and Unity are all in the consortium, so perhaps this is the Last VR Standard We'll Ever Need[tm].

Four short links: 2 March 2017

Data Brokers, Robo(mall)Cop, VR IDE, and Causal Inference

  1. Why Build a Muslim Registry When You Can Buy One? -- what data brokers sell and what the government can do with that. “When I talk about digital footprint, people usually think of it like this: if you regularly visit a Muslim website, we might guess that you are Muslim. But that is not what I am talking about. Nowadays, we can go to your Spotify playlist and make a highly accurate prediction that you’re Muslim based on which songs you listen to. You don’t have to have online associations with a political party for the algorithm to infer if you are a Republican or Democrat. By training an algorithm on a large enough data set, we can tell from the patterns in your Facebook likes.”
  2. Mobile Security Robot (IEEE) -- autonomous(ish) security robot that can navigate around pre-mapped areas in buildings, it can recognize people and read badges, and it has a pile of sensors (day-night cameras, lidar, microphone array, RFID and badge readers, and even smoke and CO2 detectors) that helps it to recognize potential security issues (unauthorized people, open doors and windows) and hazards (suspicious items, moved items, water leaks) and flag them for review.
  3. nunuStudio -- a JS-based IDE for 3D and VR applications that run directly on the browser.
  4. Inferring Causal Impact -- An R package for causal inference using Bayesian structural time-series models by Google.

Four short links: 1 March 2017

PaddlePaddle, Product Development, IoT Toy Leak, and Hacker News Mocked

  1. PaddlePaddle -- BAIDU's open source deep learning platform.
  2. Marrying Design Sprints and Product Development -- So, what our clients are really asking us is, “How do we get from validation to execution? How do we take what we’ve learned in the design sprint and code it into digital existence?” Here’s how we solved that challenge and how your team might think about approaching your product development process.
  3. CloudPets Teddy Bears Leaked and Ransomed (Troy Hunt) -- There are references to almost 2.2 million voice recordings of parents and their children exposed by databases that should never have contained production data. Databases that weren't secured with a password. The services sitting on top of the exposed database are able to point to the precise location of the profile pictures and voice recordings of children. Due to there being absolutely no password strength requirements whatsoever, anyone with the data could crack a large number of passwords, log on to accounts, and pull down the voice recordings.
  4. Webshit Weekly -- note-perfect savage annotated digest of the top "Hacker" "News" posts for the week. May not be funny to you, but I read a lot of Hacker News for 4sl so you don't have to.

Four short links: 28 February 2017

Fake Markets, Evil Growth, Robo Doom, and Secure Remote Passwords

  1. Tech and the Fake Market Tactic (Anil Dash) -- a very useful razor with which to cut the nonsense around worker automation companies. It seems this “market” has some awfully weird traits. Consumers can’t trust the information they’re being provided to make a purchasing decision. A single opaque algorithm defines which buyers are matched with which sellers. Sellers have no control over their own pricing or profit margins. Regulators see the genuine short-term consumer benefit but don’t realize the long-term harms that can arise. This is, by any reasonable definition, no market at all.
  2. Exponential Growth Devours and Corrupts -- David Heinemeier Hansson's fantastic essay about the poison of venture capital and the vicious circles of self-destruction that result from chasing exponential growth at all costs. It was originally intended to be a talk at Webstock, which is where Anil gave his Fake Market talk above. The two would have worked very well together.
  3. Deep Learning to Play Doom (PDF) -- is nothing sacred?
  4. Secure Remote Password Protocol (Wikipedia) -- an augmented password-authenticated key agreement (PAKE) protocol, specifically designed to work around existing patents.

Four short links: 27 Feb 2017

Meta Language, PDF Extraction, Collaborative Editing, Programming Principles

  1. A Representation Language Language (PDF) -- 1980 CS paper that really should have led with the "there's no problem that can't be solved with another layer of indirection" line.
  2. pdfabextract -- tools written in Python 3 with the aim to extract tabular data from (OCR-processed) PDF files.
  3. ChainPad -- real-time collaborative editor algorithm based on Nakamoto blockchains.
  4. Id Software Programming Principles -- As soon as you see a bug, you fix it. Do not continue on. If you don’t fix your bugs your new code will be built on a buggy codebase and ensure an unstable foundation. See a snake, kill a snake.

Four short links: 24 Feb 2017

Apple DRM, Automatic Forecasting, Conversation API, and API Idempotency

  1. Apple's SSAFE DRM -- development notes from a 1979-80 anti-piracy project, discovered in an interesting fashion. (via BoingBoing)
  2. Prophet -- open source forecasting procedure implemented in Python and R. It is fast and provides completely automated forecasts that can be tuned by hand by data scientists and analysts. From Facebook. (via Sean Taylor)
  3. Perspective API -- an API that makes it easier to host better conversations. The API uses machine learning models to score the perceived impact a comment might have on a conversation. Developers and publishers can use this score to give real-time feedback to commenters or help moderators do their job, or allow readers to more easily find relevant information, as illustrated in two experiments below. We’ll be releasing more machine learning models later in the year, but our first model identifies whether a comment could be perceived as “toxic" to a discussion.
  4. Idempotency -- nothing's reliable, so it’s important to design APIs and clients that will be robust in the event of failure, and will predictably bring a complex integration to a consistent state despite them. Let’s take a look at a few ways to do that.

Four short links: 23 Feb 2017

Arduino & Pi Bundle, Encryption Primer, Travel Mode, and API Design

  1. Make Arduino and Raspberry Pi Humble Bundle -- cornucopia of great Make books.
  2. Nuts and Bolts: An Encryption Primer (Ed Felten) -- a straightforward introduction to encryption, as it is implemented in modern systems, at a level of detail suitable for policy discussions. No prior background on encryption or data security is assumed.
  3. Social Media Needs a Travel Mode (Maciej Ceglowski) -- We need a 'trip mode' for social media sites that reduces our contact list and history to a minimal subset of what the site normally offers. Not only would such a feature protect people forced to give their passwords at the border, but it would mitigate the many additional threats to privacy they face when they use their social media accounts away from home.
  4. Google API Design Guide -- a general design guide for networked APIs. It has been used inside Google since 2014 and is the guide we follow when designing Cloud APIs and other Google APIs. It is shared here to inform outside developers and to make it easier for us all to work together.