Security researcher Dragos Ruiu has been painstakingly untangling a weird, scary piece of malicious software that compromises the BIOS of the computers it attacks, allowing it to infect machines with different operating systems. He's dubbed it "badBIOS" and has seen it infect machines that aren't connected to the Internet. It appears that its initial vector may be a USB exploit, spreading by memory stick, but after that, it appears that it continues to communicate with other infected machines by ultrasonic networking through its hosts' mics and speakers (!). On Ars Technica, Dan Goodin has a deep dive into the strange, freaky world of badBIOS.
Read the rest
Black Perl is a famous 1990 poem written in the programming language perl, by its creator Larry Wall. It is both a poem and a program, and runs under perl 3.
Read the rest
Felienne describes how she, Daan van Berkel and some other friends went away for a weekend to hack a Turing machine out of Excel formulas. Lacking an infinitely long tape, they had to kludge around a bit, but the outcome is both cool and instructional (here's the machine itself). The Turing Machine is Alan Turing's "hypothetical device that manipulates symbols on a strip of tape," which formed the basis for modern, general-purpose computers.
Read the rest
Georg sez, "End to end cryptography is one of the few truly effective ways in which privacy and security can be protected. GnuPG is the central tool for this, recommended and used by security icons such as Bruce Schneier. While the software itself is easier to use than most people realize, key exchange is cumbersome. The authors of GnuPG have developed a concept that will solve this issue: STEED. So this is a call to action for tomorrow's Software Freedom Day. Help spread the word so one of the biggest obstacles to pervasive end to end cryptography will be solved for good. Let the STEED run!"
Read the rest
Ben West read my novel Little Brother in tandem with the Edward Snowden leaks about NSA spying, and it got him thinking about a browser plugin called Paranoid Browsing to make it harder to profile your traffic based on surveillance. He's posted the source-code to GitHub and looking for critical feedback about the robustness of the system -- remember, the only experimental methodology for validating a security system is public discussion, because otherwise, you never know if your system is secure, or just secure against people who are stupider than you.
Read the rest
Unsupervised joke generation from big data [PDF], a paper by University of Edinburgh researchers Sasa Petrovic and David Matthews, describes an ingenious and successful method for teaching a computer to make up jokes like "I like my relationships like I like my source, open;" "I like my coffee like I like my war, cold;" and "I like my boys like I like my sectors, bad." The researchers wrote code that called on Google's n-gram database to find noun-attribute pairs, zero in on nouns with ambiguous meaning, and automatically generate jokes.
Read the rest
K2G2 -- a wiki for "krafty knerds and geek girls" -- has a marvellous series of posts about "Computational Craft" through which traditional crafting practices, like knitting, are analyzed through the lens of computer science. The most recent post, A Computational Model of Knitting, point out the amazing parallels between knitting and computing, with knitting needles performing stack and dequeue operations, "While straight needles with caps store and retrieve their stitches according to the principle of LIFO (first in - last out), double pointed and circular needles additionally implement the functions of a queue or FIFO (first in – first out), effectively forming a double ended queue, also known as dequeue."
Read the rest
In Xerox scanners/photocopiers randomly alter numbers in scanned documents, computer scientist David Kriesel shows that the Xerox WorkCentre 7535 randomly changes the numbers in its scans. The copier has firmware that tries to compress images by recognizing the numbers and letters in the documents it scans, and when it misinterprets those numbers, it produces untrustworthy output. The bug also occurs in the Xerox 7556 and possibly other machines, and as Kriesel points out, this could mean that engineering diagrams, invoices, prescriptions, architectural drawings and other documents whose numeric values are potentially a matter of life-and-death (or at least financial stability) are being randomly edited by machines we count on to produce faithful copies.
Read the rest
Dr. Joseph Bonneau, an engineer at Google, is the first-ever winner of the NSA's new Science of Security (SoS) Competition, a prize for excellence in cyber-security research. On learning that he had won the first prize, he published a scorching blog-post excoriating the NSA for its dragnet surveillance and opining "I don’t think a free society is compatible with an organisation like the NSA in its current form."
Read the rest
The US Patent and Trademark Office is required by law to let the public submit "prior art" for pending patents -- essentially, evidence that the thing the patent-filer is claiming to have invented already exists. People who spot patents in need of killing post them to a Stack Exchange forum called Ask Patents, in the hopes that other forum members will come up with invalidating art.
Joel Spolsky writes about how he found -- in 15 minutes, mind you -- the prior art necessary to invalidate a dumb-ass Microsoft patent on scaling images. He documents the process by which he did it, and shows how easily you could do it, too. As Spolsky points out, software patents are all basically shit, and trivial to prove as such. It just takes a dedicated army of freedom fighters to find and submit the prior art that helps the overworked patent examiners at the USPTO to reject the garbage they get by the truckload.
Software patent applications are of uniformly poor quality. They are remarkably easy to find prior art for. Ask Patents can be used to block them with very little work. And this kind of individual destruction of one software patent application at a time might start to make a dent in the mountain of bad patents getting granted.
My dream is that when big companies hear about how friggin’ easy it is to block a patent application, they’ll use Ask Patents to start messing with their competitors. How cool would it be if Apple, Samsung, Oracle and Google got into a Mexican Standoff on Ask Patents? If each of those companies had three or four engineers dedicating a few hours every day to picking off their competitors’ applications, the number of granted patents to those companies would grind to a halt. Wouldn’t that be something!
Victory Lap for Ask Patents - Joel on Software
(via O'Reilly Radar)
Fast, Accurate Detection of 100,000 Object Classes on a Single Machine a prizewinning paper by Google Research scientists, describes a breakthrough in machine vision that can distinguish between a huge class of objects 20,000 times faster than before.
This so-called convolution operator is one of the key operations used in computer vision and, more broadly, all of signal processing. Unfortunately, it is computationally expensive and hence researchers use it sparingly or employ exotic SIMD hardware like GPUs and FPGAs to mitigate the computational cost. We turn things on their head by showing how one can use fast table lookup — a method called hashing — to trade time for space, replacing the computationally-expensive inner loop of the convolution operator — a sequence of multiplications and additions — required for performing millions of convolutions with a single table lookup.
We demonstrate the advantages of our approach by scaling object detection from the current state of the art involving several hundred or at most a few thousand of object categories to 100,000 categories requiring what would amount to more than a million convolutions. Moreover, our demonstration was carried out on a single commodity computer requiring only a few seconds for each image. The basic technology is used in several pieces of Google infrastructure and can be applied to problems outside of computer vision such as auditory signal processing.
Fast, Accurate Detection of 100,000 Object Classes on a Single Machine
(Image: Clutter, a Creative Commons Attribution Share-Alike (2.0) image from neofob's photostream)
My latest Locus column is Teaching Computers Shows Us How Little We Understand About Ourselves, an essay about how ideas we think of as simple and well-understood -- names, families, fairness in games -- turn out to be transcendentally complicated when we try to define them in rule-based terms for computers. I'm especially happy with how this came out.
Systems like Netflix and Amazon Kindle try to encode formal definitions of "family" based on assumptions about where you live -- someone is in your immediate family if you share a roof -- how you're genetically related -- someone is immediate family if you have a close blood-tie -- how you're legally related -- someone is in your family if the government recognizes your relationship -- or how many of you there are -- families have no more than X people in them. All of these limitations are materially incorrect in innumerable situations.
What's worse, by encoding errors about the true shape of family in software, companies and their programmers often further victimize the already-victimized -- for example, by not recognizing the familial relationship between people who have been separated by war, or people whose marriage is discriminated against by the state on the basis of religion or sexual orientation, or people whose families have been torn apart by violence.
The ambiguity that is inherent in our human lives continues to rub up against our computerized need for rigid categories in ways small and large. Facebook wants to collapse our relationships between one another according to categories that conform more closely to its corporate strategy than reality -- there's no way to define your relationship with your boss as "Not a friend, but I have to pretend he is."
Teaching Computers Shows Us How Little We Understand About Ourselves
He was one of the most influential, important and visionary
computer scientists of all time. He died peacefully at home
, in his sleep. Goodbye, Dr Englebart. Thank you for all you did.
I posted in 2011 about the Digi-Comp I, a 1963 mechanical digital computer made of polystyrene and used to teach the fundamentals of boolean logic, binary, and computer programming. I'd just discovered that Evil Mad Scientist Labs sells a wooden version of its successor, the Digi-Comp II, which uses a pachinko-style marble-run to do the same thing (the Evil version is CNC-milled and laser-cut). They call it a "Rolling-Ball Binary Digital Mechanical Computer." It is both beautiful and very clever indeed.
Overall, it is slightly smaller than the original (mid 1960′s) Digi-Comp II, which used half-inch diameter glass marbles. Rather than marbles, we’ve opted for pachinko balls, which are shiny steel balls 11 mm (about 7/16") in diameter. Using the smaller size has allowed us to reduce some of the feature sizes, and reduce the overall size of the machine from 14×28.5″ to 10×24", while retaining all of the original functions and remaining finger-friendly.
The Digi-Comp II: First Edition is CNC carved from rock-solid half-inch hardwood plywood, laser-engraved to provide it with labels, and hand fitted with over 60 laser-cut parts. It comes assembled, tested, and ready to use.
It sells for $279.
Digi-Comp II: First Edition
WiSee is a reasearch project at the University of Washington; as described in this paper, it uses standard WiFi hardware to sense the location and movements of people within range of the signal. Using machine-learning, it maps specific interference patterns to specific gestures, so that it knows that -- for example -- you're waving your hand in the air. This gesture-sensing can be used to control various devices in your home:
WiSee is a novel interaction interface that leverages ongoing wireless transmissions in the environment (e.g., WiFi) to enable whole-home sensing and recognition of human gestures. Since wireless signals do not require line-of-sight and can traverse through walls, WiSee can enable whole-home gesture recognition using few wireless sources (e.g., a Wi-Fi router and a few mobile devices in the living room).
WiSee is the first wireless system that can identify gestures in line-of-sight, non-line-of-sight, and through-the-wall scenarios. Unlike other gesture recognition systems like Kinect, Leap Motion or MYO, WiSee requires neither an infrastructure of cameras nor user instrumentation of devices. We implement a proof-of-concept prototype of WiSee and evaluate it in both an office environment and a two-bedroom apartment. Our results show that WiSee can identify and classify a set of nine gestures with an average accuracy of 94%...
WiSee takes advantage of the technology trend of MIMO, the fact that wireless devices today carry multiple antennas (which are primarily used to improve capacity). A WiSee/WiSee-enabled receiver would use these multiple antennas in a different way to focus only on the user in control, thus eliminating interference from other people.