Four short links: 27 March 2018
Database Attack, Death of Android Predicted, Predicting Recidivism, and Cybersecurity Law and Policy
- Deep Dive: Database Attacks — I enjoyed the description of how this attack worked: using Postgres to write and run executables, smuggling in an executable that sets up a cryptocurrency mining operation on the machine.
- Yegge on Android (Steve Yegge) — Remember that I said it could take 20 minutes to see a 1-line code change in the regular Android stack? That can happen in the biggest apps like Nest or Facebook, but even for medium-size apps it can be two or three minutes. Whereas with React Native, it’s instantaneous. You make a change; you see the change. And that, folks, means you get to launch features 10x faster, which means faster time to market, which means first-mover advantage, which means you win, win, win. Abandoning native programming in favor of fast-cycle cross-platform frameworks like React Native is a winning strategy. Tim Bray disagrees with some of Yegge’s points. (Also: Yegge’s hiring, which is why he’s blogging again)
- The Accuracy, Fairness, and Limits of Predicting Recidivism — We show, however, that the widely used commercial risk assessment software COMPAS is no more accurate or fair than predictions made by people with little or no criminal justice expertise. We further show that a simple linear predictor provided with only two features is nearly equivalent to COMPAS with its 137 features. (via Aravind Narayanan)
- Teaching Cybersecurity Law and Policy — My syllabus is much more than a one- or two-pager just listing the topics and weekly readings. Though there are a lot of reading assignments, the syllabus itself functions a bit like a casebook in that there also is a ton of narrative text framing each week’s topic, and also extensive questions for consideration matched to each reading. The full syllabus is 58 pages long. (via Bobby Chesney)