Software Engineering
34 views | +0 today
Follow
Your new post is loading...
Your new post is loading...
Scooped by Kevin Olson
Scoop.it!

How Your Phone Number Became the Only Username That Matters

How Your Phone Number Became the Only Username That Matters | Software Engineering | Scoop.it
Guard it with your life, because it is your life.
Kevin Olson's insight:
There are numerous articles on passwords and the inability of people to securely manage (or remember) them. In addition, having a ton of username/passwords is simply mentally taxing. This article suggests that, in effect, the phone number -- thanks to the prevalence of the individual cell phone -- is the only username that matters. Moreover, by moving the authentication to the phone, the issue of password management is reduced.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

How to Communicate Clearly During Organizational Change

How to Communicate Clearly During Organizational Change | Software Engineering | Scoop.it
Unscramble your signals.
Kevin Olson's insight:
Dealing with organizational change is a difficult topic. Too many managers simply attempt to dictate without explaining why, and then use bullying tactics of, "You need to be on-board with this project." DevOps -- which is where this article ties to software engineering -- requires organizational change, but it is a change that is often recognized first at the technical levels, making it even more difficult since the need change was the brainchild of management.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Forward Scattering - The Weblog of Nicholas Chapman

Kevin Olson's insight:
Many questions of performance issues look only at the choice of a poor algorithm. The author noted that in many cases, there are other "performance bugs" -- such as zeroing memory multiple times -- that crop up, and these other types of issues are frequently seen. These types of issues tend to pass unit tests, since the result is "correct", but just less efficient than it should be.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

0-days hitting Fedora and Ubuntu open desktops to a world of hurt

0-days hitting Fedora and Ubuntu open desktops to a world of hurt | Software Engineering | Scoop.it
If your desktop runs a mainstream release of Linux, chances are you're vulnerable.
Kevin Olson's insight:
There are a few things that should always be in a sandbox, and media decoding/players would be one of them. Browsers themselves should be carefully sandboxed as well. It is interesting that to date, browsers do not launch themselves into their own virtual machine. One would think that having a VM to separate the browser would be a useful security approach as well.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Google AI invents its own cryptographic algorithm; no one knows how it works

Google AI invents its own cryptographic algorithm; no one knows how it works | Software Engineering | Scoop.it
Neural networks seem good at devising crypto methods; less good at codebreaking.
Kevin Olson's insight:
In a standard Alice, Bob, Eve setup, Alice and Bob derived an algorithm to encrypt their communications. It is an interesting look at how we are starting to design tools that can design tools, and the results are not easily understandable.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

As we speak, teen social site is leaking millions of plaintext passwords

As we speak, teen social site is leaking millions of plaintext passwords | Software Engineering | Scoop.it
i-Dressup operators fail to fix bug that exposes up to 5.5 million credentials.
Kevin Olson's insight:
Another day, another exploit of passwords. But in this case, I think the company is almost criminally negligent. In this era, who doesn't hash passwords? Seriously, storing passwords in plain text? SQL injection is usually pretty easy to foil just by using the correct statements when dealing with the database. Seems like this site was put together by complete amateurs. Oh, the login screen doesn't use HTTPS, so passwords could be intercepted anyway. Yep -- total amateur hour.

Upshot: if your kids (or you) have an account here, close it immediately, and then watch our for phishing attacks. Make sure passwords on any other site are unique from this one.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

One of the world’s oldest biblical texts read for the first time

One of the world’s oldest biblical texts read for the first time | Software Engineering | Scoop.it
The En-Gedi scroll was a lump of crumbling coal for over 1,700 years, but a new technique "unwrapped" it.
Kevin Olson's insight:
Though the bulk of the article is about the text itself, it is an interesting application of computing algorithms to recover text. The article notes at the end how the techniques may be applied to other fields.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Group claims to hack NSA-tied hackers, posts exploits as proof

Group claims to hack NSA-tied hackers, posts exploits as proof | Software Engineering | Scoop.it
Extraordinary claim gets attention of security experts everywhere.
Kevin Olson's insight:
An auction of potential NSA hacking scripts. However, it appears that "poorly written python" is sufficient to hack around the world. Good to know that software engineering practices need not be applied to steal data.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

10 million-core supercomputer hits 93 petaflop/s, tripling speed record

10 million-core supercomputer hits 93 petaflop/s, tripling speed record | Software Engineering | Scoop.it
There's a new world's fastest supercomputer for the first time in three years.
Kevin Olson's insight:
Supercomputing is a race to allow for greater research insights. China is far outpacing the U.S. at this point in time in its supercomputing infrastructure.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Thanks For Ruining Another Game Forever, Computers

Thanks For Ruining Another Game Forever, Computers | Software Engineering | Scoop.it
Kevin Olson's insight:
An interesting take on the evolution from brute-force approaches to chess to the AI (or machine learning) used in the recent Go game. The article suggested that the increase in GPU capability is at the base of the change. One problem with the move away from faster CPUs to multi-core CPUs is that the processing speed of a given core -- that is, how well it can handle a singe tasks -- has not changed much recently. Multi-core CPUs are really only helpful if the problem can be tackled in parallel. In addition, the articled noted the rise in GPU speed has specific ramifications for password security.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Certified Ethical Hacker website caught spreading crypto ransomware

Certified Ethical Hacker website caught spreading crypto ransomware | Software Engineering | Scoop.it
Major security certification group ignored private warnings for more than 3 days.
Kevin Olson's insight:
The whole remove ad-blocker approach needs to stop. Unless sites become wholly responsible for the ads that are displayed, it is wholly irresponsible not to block every ad possible.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Two Years Later, Java Security Still Broken Due to Faulty Oracle Patch

Two Years Later, Java Security Still Broken Due to Faulty Oracle Patch | Software Engineering | Scoop.it
Oracle failed to properly address CVE-2013-5838
Kevin Olson's insight:
Java is threatening to become like Flash in terms of the number of updates it pushes. OK, that is a bit of hyperbole, but nonetheless it is extremely disconcerting to see patches not actually fixing the underlying problem. It appears the Software Engineers did not properly classify, diagnose, or test the problem or the patch.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

How a Hacker's Typo Foiled a Billion-Dollar Bank Heist

How a Hacker's Typo Foiled a Billion-Dollar Bank Heist | Software Engineering | Scoop.it
A spelling mistake in an online bank transfer prevented a nearly $1 billion heist involving the Bangladesh central bank and the NY Federal Reserve.
Kevin Olson's insight:
It is probably not good that the last line of defense for a bank is a spell checker. Nonetheless, that simple check did thwart a $20 million transfer. Still an interesting example of layered security, though not in the way many people would expect.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

How Checkers Was Solved

How Checkers Was Solved | Software Engineering | Scoop.it
The story of a duel between two men, one who dies, and the nature of the quest to build artificial intelligence
Kevin Olson's insight:
An interesting story about how an individual came to develop a checkers program.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

'Crash Override': The Malware That Took Down a Power Grid

'Crash Override': The Malware That Took Down a Power Grid | Software Engineering | Scoop.it
In Ukraine, researchers have found the first real-world malware that attacks physical infrastructure since Stuxnet.
Kevin Olson's insight:
Using malware to attack physical infrastructure. If a State actor did this, it would likely be akin to an act of war.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

The CIA's "Development Tradecraft DOs and DON'Ts" - Schneier on Security

The CIA's "Development Tradecraft DOs and DON'Ts" - Schneier on Security | Software Engineering | Scoop.it
Kevin Olson's insight:
Aside from the fact that it makes it potentially easier for Malware writers to know what to do, it raises interesting approaches for what all software might need to do in a world of increasing data insecurity.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

How security flaws work: SQL injection

How security flaws work: SQL injection | Software Engineering | Scoop.it
This easily avoidable mistake continues to put our finances at risk.
Kevin Olson's insight:
A nice overview of SQL injection attacks.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

New Take on an Ancient Method Improves Way to Find Prime Numbers

New Take on an Ancient Method Improves Way to Find Prime Numbers | Software Engineering | Scoop.it
The modified version of the sieve of Eratosthenes could accelerate computer calculations
Kevin Olson's insight:
A new way of looking at prime numbers. Since modern cryptography relies upon primes (and their factorization), the approach could have interesting implications.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net

Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net | Software Engineering | Scoop.it
“Free speech in the age of the Internet is not really free,” journalist warns.
Kevin Olson's insight:
The discussion about the "Internet of Things" and its place in the DDoS is very interesting. Poor programming, poor updating, and a push to have IoT sales over security helped support the largest DDoS on record (to date). The amount of junk data at over 600Gbps is astounding.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

People ignore software security warnings up to 90 percent of the time

People ignore software security warnings up to 90 percent of the time | Software Engineering | Scoop.it
Software developers listen up: if you want people to pay attention to your security warnings on their computers or mobile devices, you need to make them pop up at better times.
Kevin Olson's insight:
The article suggested most users ignore security warnings (such as the Windows UAC). It is just "noise" to most people. The article hypothesized that displaying the warnings at better times (such as not interrupting the user?) would result in users paying closer attention.

The problem is more likely that any given dialog provides insufficient information to determine if there really is a problem. And it is unclear how a developer is supposed to delay presenting a warning message.

There was also a study from years ago about pop-ups with acceptance criteria (I believe it was in a Word Processor). When the overwhelming majority of the time one selects "OK" (or yes), one quits reading the text of the dialog, often to the determent when an actual issue needs to be addressed.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

7 bad programming ideas that work

7 bad programming ideas that work | Software Engineering | Scoop.it
Cheaper, easier, faster, safer -- sometimes bad habits are better than good enough
Kevin Olson's insight:
Sometimes programming does not follow a completely optimal path. This article looks at a few things that not necessarily considered "the best" but still work anyway. 

Though the specifics differ, we have these types of issues when we bring in interns for the summer. For the most part, students are graded by making "optimal" choices, and they usually work from green fields. In a world where the code base has evolved, there are numerous suboptimal implementations to be found. Yet at the end of the day, users do not care about how the code is implemented, only if it helps them achieve some goal.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Why Developers Never Use State Machines

Why Developers Never Use State Machines | Software Engineering | Scoop.it
I decided to engage in a bit of introspection and figure out why we tend to manage our "state" and "status" fields in an ad-hoc fashion rather than doing what
Kevin Olson's insight:
An interesting article that asks why State Machines are not frequently used in software development. An individual asked a question here (http://stackoverflow.com/questions/36296234/using-switches-inside-switches-java) about a flow chart, and coded a large number of switch (could have been if/else conditions) statements. Instead, generating a state machine would be easier, and eventually more maintainable. Yet software development tends to push state machine considerations to later, and almost never emphasizes maintainability as a consideration. Nonetheless, why are state machines (petri nets, etc.) so delayed in software training, and why aren't they used more?
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Microsoft backtracks, resumes development of a modern Skype app

Microsoft backtracks, resumes development of a modern Skype app | Software Engineering | Scoop.it
Company discovers that desktop users don't really care for the separated apps.
Kevin Olson's insight:
Ignoring a bit of snarkiness in the article, the crucial question is developing techniques to understand how users actually interact with an application. UX design is insufficient, as one can effectively implement a UX without addressing the actual way in which users want to accomplish there goals. Furthermore, assuming that all users are the same or that the same user is the same in any situation, is a poor assumption. To truly understand user behavior, applications must collect information that reveals exactly how users interact with the applications.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

Microsoft Took Its New A.I. Chatbot Offline After It Started Spewing Racist Tweets

Microsoft Took Its New A.I. Chatbot Offline After It Started Spewing Racist Tweets | Software Engineering | Scoop.it
This post originally appeared on Business Insider. On Wednesday, Will Oremus wrote about why Microsoft’s A.I. chatbot starting hitting on people. Micr
Kevin Olson's insight:
As noted elsewhere, the problem with certain AI algorithms is that they may become subtlety discriminatory due to the training data. Of course, without any content knowledge, it appears they can also become directly offensive. I am not certain that just adding word filters would solve the problem, as at some level the AI would have learned and would operate upon these underlying algorithms, it simply suppress the output.
more...
No comment yet.
Scooped by Kevin Olson
Scoop.it!

After an easy breach, hackers leave “TIPS WHEN RUNNING A SECURITY COMPANY”

After an easy breach, hackers leave “TIPS WHEN RUNNING A SECURITY COMPANY” | Software Engineering | Scoop.it
DDoS protection firm Staminus apparently stored customers' credit card data in the clear.
Kevin Olson's insight:
Some useful tips about securing a company graciously left by a hacker. Yet another example, however, of lazy programming with the credit card info being stored in plain text. Tell me again what good those auditors from PCI do?
more...
No comment yet.