News aggregator

Software Security (MOOC, Starts October 13, 2014!)

Another word for itWed, 10/08/2014 - 00:21

Categories:

Topic Maps

Software Security

From the post:

Weekly work done at your own pace and schedule by listening to lectures and podcasts, completing quizzes and exercises and peer evaluations. Estimated time commitment is 4 hours/week. Course runs for 9 weeks (ends December 5)


This MOOC introduces students to the discipline of designing, developing, and testing secure and dependable software-based systems. Students will be exposed to the techniques needed for the practice of effective software security techniques. By the end of the course, you should be able to do the following things:

  • Security risk management. Students will be able to assess the security risk of a system under development. Risk management will include the development of formal and informal misuse case and threat models. Risk management will also involve the utilization of security metrics.
  • Security testing. Students will be able to perform all types of security testing, including fuzz testing at each of these levels: white box, grey box, and black box/penetration testing.
  • Secure coding techniques. Students will understand secure coding practices to prevent common vulnerabilities from being injected into software.
  • Security requirements, validation and verification. Students will be able to write security requirements (which include privacy requirements). They will be able to validate these requirements and to perform additional verification practices of static analysis and security inspection.



This course is run by the Computer Science department at North Carolina State University.

Register

One course won’t make you a feared White/Black Hat but everyone has to start somewhere.

Looks like a great opportunity to learn about software security issues and to spot where subject identity techniques could help collate holes or fixes.

The Definitive “Getting Started” Tutorial for Apache Hadoop + Your Own Demo Cluster

Another word for itWed, 10/08/2014 - 00:11

Categories:

Topic Maps

The Definitive “Getting Started” Tutorial for Apache Hadoop + Your Own Demo Cluster by Justin Kestelyn.

From the post:

Most Hadoop tutorials take a piecemeal approach: they either focus on one or two components, or at best a segment of the end-to-end process (just data ingestion, just batch processing, or just analytics). Furthermore, few if any provide a business context that makes the exercise pragmatic.

This new tutorial closes both gaps. It takes the reader through the complete Hadoop data lifecycle—from data ingestion through interactive data discovery—and does so while emphasizing the business questions concerned: What products do customers view on the Web, what do they like to buy, and is there a relationship between the two?

Getting those answers is a task that organizations with traditional infrastructure have been doing for years. However, the ones that bought into Hadoop do the same thing at greater scale, at lower cost, and on the same storage substrate (with no ETL, that is) upon which many other types of analysis can be done.

To learn how to do that, in this tutorial (and assuming you are using our sample dataset) you will:

  • Load relational and clickstream data into HDFS (via Apache Sqoop and Apache Flume respectively)
  • Use Apache Avro to serialize/prepare that data for analysis
  • Create Apache Hive tables
  • Query those tables using Hive or Impala (via the Hue GUI)
  • Index the clickstream data using Flume, Cloudera Search, and Morphlines, and expose a search GUI for business users/analysts

I can’t imagine what “other” tutorials that Justin has in mind.

To be fair, I haven’t taken this particular tutorial. Hadoop tutorials you suggest as comparisons to this one? Your comparisons of Hadoop tutorials?

History of Apache Storm and lessons learned

Another word for itWed, 10/08/2014 - 00:00

Categories:

Topic Maps

History of Apache Storm and lessons learned by Nathan Marz.

From the post:

Apache Storm recently became a top-level project, marking a huge milestone for the project and for me personally. It’s crazy to think that four years ago Storm was nothing more than an idea in my head, and now it’s a thriving project with a large community used by a ton of companies. In this post I want to look back at how Storm got to this point and the lessons I learned along the way.

The topics I will cover through Storm’s history naturally follow whatever key challenges I had to deal with at those points in time. The first 25% of this post is about how Storm was conceived and initially created, so the main topics covered there are the technical issues I had to figure out to enable the project to exist. The rest of the post is about releasing Storm and establishing it as a widely used project with active user and developer communities. The main topics discussed there are marketing, communication, and community development.

Any successful project requires two things:

  1. It solves a useful problem
  2. You are able to convince a significant number of people that your project is the best solution to their problem

What I think many developers fail to understand is that achieving that second condition is as hard and as interesting as building the project itself. I hope this becomes apparent as you read through Storm’s history.

Every project/case is somewhat different but this history of Storm is a relevant and great read!

I would highlight: It solves a useful problem.

I don’t read that to say:

  • It solves a problem I want to solve
  • It solves a problem you didn’t know you had
  • It solves a problem I care about
  • etc.

To be a “useful” problem, some significant segment of users must recognize it as a problem. If they don’t see it as a problem, then it doesn’t need a solution.

Boiling Sous-Vide Eggs using Clojure’s Transducers

Another word for itTue, 10/07/2014 - 23:45

Categories:

Topic Maps

Boiling Sous-Vide Eggs using Clojure’s Transducers by Stian Eikeland.

From the post:

I love cooking, especially geeky molecular gastronomy cooking, you know, the type of cooking involving scientific knowledge, -equipment and ingredients like liquid nitrogen and similar. I already have a sous-vide setup, well, two actually (here is one of them: sousvide-o-mator), but I have none that run Clojure. So join me while I attempt to cook up some sous-vide eggs using the new transducers coming in Clojure 1.7. If you don’t know what transducers are about, take a look here before you continue.

To cook sous-vide we need to keep the temperature at a given point over time. For eggs, around 65C is pretty good. To do this we use a PID-controller.

I was hoping that Clojure wasn’t just of academic interest and would have some application in the “real world.” Now, proof arrives of real world relevance!

For those of you who don’t easily recognize humor, I know that Clojure is used in many “real world” applications and situations. Comments to that effect will be silently deleted.

Whether the toast and trimmings were also prepared using Clojure the author does not say.

Magna Carta Ballot – Deadline 31 October 2014

Another word for itTue, 10/07/2014 - 21:46

Categories:

Topic Maps

Win a chance to see all four original 1215 Magna Carta manuscripts together for the first time #MagnaCartaBallot

From the post:

Magna Carta is one of the world’s most influential documents. Created in 1215 by King John and his barons, it has become a potent symbol of liberty and the rule of law.

Eight hundred years later, all four surviving original manuscripts are being brought together for the first time on 3 February 2015. The British Library, Lincoln Cathedral and Salisbury Cathedral have come together to stage a one-off, one-day event sponsored by Linklaters.

This is your chance to be part of history as we give 1,215 people the unique opportunity to see all four Magna Carta documents at the British Library in London.

The unification ballot to win tickets is free to enter. The closing date is 31 October 2014.

According to the FAQ you have to get yourself to London on the specified date and required time.

Good luck!

SearchCap: Google In The News, Bing Movie Carousel & Google PageRank Dead

Search Engine LandTue, 10/07/2014 - 21:00

Categories:

Search
Below is what happened in search today, as reported on Search Engine Land and from other places across the web. From Search Engine Land: Bing Shows What’s Playing At The Movies, In Remake Of Google’s Own Film Carousel Bing has a new way of showing you what’s playing in your local...

Please visit Search Engine Land for the full article.

Facebook Is Reportedly Working On A Secret Clone

Read/Write WebTue, 10/07/2014 - 19:50

Categories:

Web

Facebook may be sticking to its guns on its controversial "real names" policy that says people need to use their real identities when using the service, but it's apparently not ruling out anonymity altogether. The company is creating a new app that will let people communicate anonymously with one another, according to a report from the New York Times

The social network prides itself on being central to identity on the Internet—outside applications even rely on it to confirm that users are who they say they are. Of course, not everyone abides by those rules; people regularly use fake or pseudonymous names on the service, and unless they've been reported, Facebook won't necessarily know about them.

Facebook, however, is apparently experimenting with a new application that would mimic others like Secret and Whisper, which let people post anonymous words and photos to mobile apps for other people to see.

According to the Times:

[The point of the app] is to allow Facebook users to use multiple pseudonyms to openly discuss the different things they talk about on the Internet; topics of discussion which they may not be comfortable connecting to their real names.

Facebook recently announced Anonymous Login, a way for people to connect to apps without sharing their Facebook information with them. However, even though these apps can't access a user's Facebook data, Facebook will knows which apps people are using anonymously. It's not yet clear how Facebook will connect with an anonymous app of its own, and whether it will collect data on users.

See also: Can Anyone Remember Facebook's Last Original Idea?

With Facebook's track record of controversial privacy policies, the real question is whether people trust their secrets and anonymous posts to Facebook, especially since the company has prided itself on being a place for people to share and communicate by using their true identities. 

There are some things people don't want even their friends to know.

(Failed) Attack Of The Clones

Considering Facebook's streak of failure when trying to emulate other applications, a Whisper clone might not be a huge success. But it does suggest the social network realizes people don't always want to be tied to their real names online.

Facebook is quick to jump on trends that it doesn't have its hands in yet. It's copied numerous features from Twitter, tried multiple times to clone Snapchat, and duplicated newsreaders like Flipboard when it launched Paper earlier this year. None of these clones appear to have taken off.

While Facebook might want people to share their dirty little secrets on an application that supposedly isn't tied to their identity, people probably don't want to ditch the apps they're already using in favor of Facebook's, which arrived at the party a little too late.

Facebook's Secret or Whisper copycat would effectively be the anti-Facebook—no names, no identity, and no way of knowing who posts what. That could make it a Facebook users might like, though maybe not trust, a little bit more.

Lead image by Amnesty International UK

SPONSOR MESSAGE: Test your social marketing intelligence – you could win a free trip to SMX Social!

Search Engine LandTue, 10/07/2014 - 19:00

Categories:

Search
Enter the first annual SMX Biggest Social Geek Contest, sponsored by Marin Software, and see how you stack up against your peers. Take the SMX Social Media Marketing quiz. First prize is a trip to SMX Social in Las Vegas and your choice of an iPad mini, Playstation 4 or an Xbox One! So play...

Please visit Search Engine Land for the full article.

The Feds Think It’s OK To Impersonate You On Facebook Using What's On Your Phone

Read/Write WebTue, 10/07/2014 - 18:41

Categories:

Web

A special agent with the U.S. Drug Enforcement Administration impersonated a woman by creating a fake Facebook profile and posting photos from her phone in an attempt to communicate with criminals. That woman, Sondra Arquiett, is now suing the agent and the federal government for at least $750,000.

Arquiett's court filing, first discovered by BuzzFeed, and related legal documents describe her 2010 arrest following a joint investigation into local drug trafficking by the DEA and other agencies. Investigators seized her phone at the time of her arrest. Arquiett pled guilty to an "intent to distribute" drug charge and received five years of probation.

Soon after her arrest, however, Timothy Sinnigen—the DEA agent and defendant in the lawsuit—set up a fake Facebook profile page using Arquiett's name and photos taken from her seized cellphone in an apparent attempt to communicate with other members of the alleged drug ring. In her complaint, Arquiett claims the agent used this data from her phone without her knowledge or consent.

In response, the Justice Department claims that Sinnigen set up and used the fake Facebook profile for a “legitimate law enforcement purpose,” though without specifying what that legitimate purpose was. The department denies any wrongdoing. Sinnigen sent and received friend requests while impersonating Arquiett, including one to a wanted fugitive who was evading arrest.

The agency says that while Arquiett did not give explicit consent for the photos to be used on an account impersonating her, she granted access to the information stored in her device to aid in ongoing criminal investigations.

Arguiett charges in her complaint that some of the photos used were “revealing and suggestive,” such as one of her in her bra and panties. Sinnigen also posted photos of Arquiett’s young son and niece. Arquiett claims she didn’t know about the page until a friend showed it to her, since no one ever told her that a federal agent might post her personal photos and other information on a public Facebook profile under her name. She says she suffered “fear and great emotional distress” as a result.

The Justice Department’s response goes on to argue that:

  • Plaintiff does not have a First Amendment Right to Privacy in the photographs contained on her cell phone.
  • Plaintiff relinquished any expectation of privacy she may have had to the photographs contained on her cell phone.
  • Plaintiff consented to the search of her cell phone.
  • Plaintiff consented to use of information contained on her cell phone in ongoing criminal investigations.
  • Plaintiff cannot establish a violation of her substantive due process rights because she has not, and cannot, allege that Defendant Sinnigen’s alleged actions were taken with the absence of a legitimate governmental interest.

A number of law and privacy experts told BuzzFeed the government's actions are hugely problematic, and that consenting to use the contents of a device does not grant permission to steal someone's identity. 

Whether or not the Justice Department has a legal right to impersonate Arquiett, Sinnigen's actions appear to have violated Facebook's terms of service, which state that, "Pretending to be anything or anyone isn't allowed." The fake-Arquiett Facebook page has also apparently vanished from the site.

Lead image by Ryan Lackey

Freelock : Importing foreign key references with Migrate

Planet DrupalTue, 10/07/2014 - 17:04

Categories:

Drupal

One of our clients wanted to regularly update a list of dealers along with the parts carried at that dealer, and show them on a map. As I dug into the challenge, I was a bit surprised to find very little information on the web about how to hook up a migration that would essentially import a join table. So I had to create it myself!

MigrateDrupalDrupal PlanetERPRetailManufacturingDealersentityreferenceTechnical

What To Expect At The Grace Hopper Conference

Read/Write WebTue, 10/07/2014 - 17:00

Categories:

Web

There are a few things I look forward to each October: Halloween and pumpkin beer are among my favorites. But this year, the one thing I’m most excited about is happening this week, and as luck would have it, it’s in my hometown.

The Grace Hopper Celebration of Women in Computing is one of the biggest events in the world dedicated to women technologists. Aptly named after legendary computer scientist Grace Hopper and sponsored by the Anita Borg Institute and the Association for Computing Machinery, the conference takes up all four floors of the Phoenix Convention Center in Arizona.

It’s like South by Southwest—but for women in technology who would rather listen to technical talks by some of the industry’s leading computer scientists and researchers than spend a day attending 20 parties sponsored by startups.

This is my first Grace Hopper Celebration. After working with the Anita Borg Institute and Harvey Mudd College on a series about women in computer science, I decided this conference was one I absolutely could not miss.

I’ll be spending three days at the conference, which is broken up into a variety of different tracks. Day one focuses on future careers; day two is all about emerging technologies like the Internet of Things and human computing interaction; and day three offers sessions on wearables, software engineering, and privacy and security.

It sounds like a lot. So I’ve planned ahead to make sure I’ll be attending panels I think our readers will be most interested in, including tuning in to keynotes featuring Microsoft CEO Satya Nadella, Nest’s Yoky Matsuoka, and the director of DARPA, Arati Prabhakar.

Wednesday is open source day, and companies like GitHub are hosting how-to sessions for technologists interested in contributing to open source. Though the first day isn’t just for discussing best open source practices, but also how to make companies and workplaces more open and welcoming.

There is a trend in technology to release numbers that illustrate diversity data in the workplace, and the numbers at big tech companies all skew white and male. To improve these statistics, companies are dedicated to bringing more women and minorities into the technical workforce, and drop the brogrammer, sexist stereotypes that permeate tech culture. On Wednesday night, a talk called “Male Allies Plenary Panel” will take a look at different ways male leadership at companies like Google and Facebook advocate for women in the workplace.

Thursday kicks off with a conversation between Nadella and the president of Harvey Mudd College, Maria Klawe. (I’ll also be interviewing Klawe to discuss how universities are working to get more female and minority students in computer science.)

Machine learning and human interaction will be a hot topic throughout the day, and I’ll find out from Matsuoka what it will be like for humans to live in the connected homes of the future with devices that talk to one another, and how smartening our products will provide opportunities for life-saving technology.

On Friday, I’ll be attending a wearable fashion show, and I'm hoping to find some cute new technologies to add to our Pretty Geeky series for women who are looking for some fashion in a piece of technology strapped to their wrist. Bonnie Ross, studio head of 343 Industries and manager of the Halo franchise, will describe how technology has changed the way we show, and tell, stories in entertainment.

There’s so much more I won’t be able to check out while I’m there—there's no way one person could take in all the conference has to offer. Still, it's going to be a great opportunity.

Not only do I get to hang out with some old friends while in Phoenix, I get to make new ones at the biggest and best women-in-tech conference in the world. I hope you'll follow along with me when I'm there.

Lead photo by the Anita Borg Institute

Beer judging considered harmful

Lars MariusTue, 10/07/2014 - 16:45

Categories:

Topic Maps
I don't mean that all beer judging is harmful all the time, but it's definitely the case that an education in beer judging can lead people astray. Michael Jackson once explained how scientifically trained brewers used to attack him for the way he described beers. They would come up to him saying he knew nothing about tasting beer, and that the proper terms for describing flavour were words like sulphury, rancid, solvent like, etc. What did he mean by using terms like spicy, floral, seductive? Did he have no education in tasting? To which Jackson's fantastic reply was "I understand. I will try to do better next time. Do you want me to describe your beer as sulphury, rancid or solvent like?"

How Students Can Get Free Developer Tools Through GitHub

Read/Write WebTue, 10/07/2014 - 16:00

Categories:

Web

Hacking new technologies can be time-consuming ... and expensive. So to help students create technical projects or learn how to use new tools, social coding site GitHub and a handful of technology partners have created the GitHub Student Developer Pack that provides access to 14 developer tools for free.

The project has been in the works for over a year, said John Britton, education evangelist at GitHub. The company already provides a free "micro account" to students, which provides them with five free private code repositories; this plan normally costs $7 a month. (GitHub's normal free plan requires all such "repos" to be public). Now it's expanding on that offer with limited free access to tools like Stripe for payment processing and DigitalOcean for cloud hosting.

See also: GitHub May Be Dragging Government Into The 21st Century

Many companies offer free services to students who aren’t shy about asking for them. But Britton says most companies make these offers on an individual basis, because it takes time and effort to manage an entire student services database.

“Students would write and ask GitHub for tools—a lot of companies are happy to do it, but it’s ad-hoc,” Britton said. “It’s an administrative burden. We thought, 'If we’re going to do the administrative work anyway, why not offer other tools as well and take the admin responsibility?'”

Over 100,000 students have already used a free GitHub account.

While it’s a charitable move on GitHub's part, it won't just benefit students. Once aspiring coders and engineers have grown accustomed to certain services, they’ll likely stick with the ecosystems they know when the free trial expires. That means more customers for companies like Stripe, which is waving fees for students on the first $1000 in revenue processed.

It will also benefit teachers who want to teach a class in something like game development. If they want to use the Unreal game engine, for instance, teachers can tell students to sign up for a GitHub Student Developer Pack, which will save each student almost $20 per month.

See also: GitHub Gets Its Science On

Students must sign up through GitHub and show proof of student status such as a university dot-edu email address or a student ID card. If neither is available, GitHub says an enrollment letter or transcript will work as well. Any student aged 13 or older can sign up for an account.

Participating companies will rely on GitHub’s student verification. So once students sign up through the company, they’ll get coupon codes or unique access links and can begin to use the full suite of services.

The offerings are as follows:

  • Atom: A free text editor from GitHub
  • Bitnami: Business 3 plan ($49/month for non-students) for one year
  • Crowdflower: Access to the Crowdflower platform (normally $2,500/month) and $50 in worker credit
  • DigitalOcean: $100 in platform credit
  • DNSimple: Bronze hosted DNS plan ($3/month for non-students) for two years
  • GitHub: Micro account (usually $7/month) with five private repositories while you're a student
  • HackHands: $25 in credit for live programming help
  • Namecheap: Free domain name registration on the .me TLD and one free SSL certificate for one year
  • Orchestrate: Free developer accounts for students (normally $49/month)
  • Screenhero: Free individual account while you're a student (saves students $10/month)
  • SendGrid: Free student plan for one year (saves students $5/month)
  • Stripe: No fees on first $1000 in revenue processed
  • Travis CI: Free private builds (normally $69/month)
  • Unreal Engine: Free access to the service (usually $19/month) 

Lead image by HackNY

Yahoo Says Goodbye, ZEEF Says Hello

Search Engine LandTue, 10/07/2014 - 15:12

Categories:

Search
Human-curated directories have long been a staple of the internet, but ultimately they're very hard to scale. See how newcomer ZEEF hopes to tackle this challenge. The post Yahoo Says Goodbye, ZEEF Says Hello appeared first on Search Engine Land.

Please visit Search Engine Land for the full article.

Deeson: Six talks, two Deeson Drupal devs and Symfony Live London

Planet DrupalTue, 10/07/2014 - 15:00

Categories:

Drupal

Dan and I went to Symfony Live London last Friday to find out what was happening in the world of Symfony.

Here's a summary of the six talks we attended:

1. The Dependency Trap

Jakub Zalas gave an interesting talk about the difficulties of relying too heavily on third-party services and classes.

He went through the process of thinking about writing code while avoiding being overly reliant on a third-party. The main benefit is when you need to change your code or third-party service at a later date, it should be easy enough to do without having to re-write half of your application.

2. How Kris Builds Symfony Apps

Although I haven't been working with Symfony that long, the name 'Kris Wallsmith' keeps coming up when looking around at various bundles. He talked about his approach to building apps.

He went through the different layers involved in building an app, such as controller, models, services, event handlers, etc. He dismissed the myth of 'thin controllers, fat models', by looking at what the controllers, models and services actually do at each level.

In his view they are all just 'mapping layers' between the different data abstraction layers apps have. When you look at it like this, you end up with 'thin controllers, thin models' and 'thin services with thin events'.

3. The Naked Bundle

Matthias Noback introduced the self-titled, 'Noback's Principle: Code shouldn't rely on something that it doesn't truly need'.

He suggested we should limit our dependency on the framework as much as possible. 

We should try to limit to the point where pretty much everything that you would normally put inside a Symfony Bundle (which is a concept very much tied to the framework) can be moved in some way into framework agnostic, re-usable components.

The talk was enlightening, but it made me wonder whether I am ready to break away from Symfony so soon!

4. One Commit, One Release. Continuously Delivering a Symfony Project

Javier Lopez went through the continuous integration process they used on a project. The talk explained that a release to production doesn't have to be a such a daunting task.

Interestingly, they had managed to reduce the time it took to deploy a release from 30 minutes to 30 seconds. They released most days, rather than once a week or each fortnight. Also the product owner could trigger a release rather than relying on a developer to do it.

At Deeson we are using continuous integration for our web build projects more and more.

5. Converting a Website to a New Religion: Symfony

Michael Cullum has been involved in the rebuild of phpBB using Symfony and went through their approach to rebuilding such a large scale app.

When looking at rebuilding a site, you can be tempted to copy and paste a lot of code.

Michael highlighted the problems with repasting code. In fact when we have the opportunity to rewrite code, we should be tackling it head on.  

We all write code which we look at six months or a year later and think, "what was I thinking when I wrote that?" He told us to understand what we are trying to achieve and write efficient code now.

What was interesting is that they had looked at a section of phpBB at a time. They started with the home page and got that working, then moved onto the next page. 

This is different from the norm of building the functionality and then getting theming working across the entire site as a second step.  

6. Decorating Applications with Stack

Beau Simensen was introducing 'Stack' - a convention for composing HttpKernelInterface middlewares into your application.  

He went through its history, which applications can currently use it (Symfony, Silex, Laravel 4, and Drupal 8) and a brief overview of how it can be used.

Although an interesting concept, it didn't seem immediately relevant to our experience.

A worthwhile event

As we're using Symfony more and more, it was interesting to be part of the event and to attend such a range of interesting talks.

Subscribe to The Universal Pantograph aggregator