CH

November 15, 2015

Links 2015-11-15 Sun: PumPum, evidence of an oil glut, garbage text generators, "information security", constraint-solving and pattern matching in Common Lisp, and a roboticized freight terminal!

Filed under: Uncategorized — @ 12:00 a.m.
Links 2015-11-15 Sun: PumPum, evidence of an oil glut, garbage text generators, "information security", constraint-solving and pattern matching in Common Lisp, and a roboticized freight terminal!

Gigablast API Documentation

Search is interesting, yo.

Graffitimundo interview with PumPum

When I first found her work, PumPum did big pieces in what I'd call "vector art" style. Either they're more Flash-gradient-style these days or I simply never noticed the gradients. Whatever, I love PumPum.

Git manpage generator

Garbage text—another name for that which comes out of Robert Viragh and other Markov chain text generators. See also: Baba, a grammar designer application, written (inexplicably) in javascript.

Infosec Institute 2016 Presidential Candidate Security Investigation

The computer "security industry" is an insane scam. The money is all made by scaring people who are tech-illiterate into buying various kinds of snake oil. Largely these tech-illiterate people also run Windows, which opens them up to a myriad of "antivirus" and "trusted software" scams. The Infosec Institute sells brainwashing into the cult of modern computer security.

Say what you will about their core business, they do know how to mimic the tried-and-true PR strategy of attaching oneself to a hot story, which is the story of the link above. The Institute has "reviewed" the "candidates'" "website security". There's not enough here for a full-blown adnotation, but do indulge me in calling out some of Jonathan Lampe's (CISSPLOL), particular idiocies:


Candidate Pros Cons
Hillary Clinton Building a security team. Runs up-to-date software. Large attack surface that relies on a quickly-built custom application.

Leaving aside the claims around "building a security team" and the speed of website development, which in the first case is a guess from job postings and in the second case is a completely unsubstantiated claim in the PDF that nominally goes into detail about all of this. "Attack surface" here is a term of art meaning more or less "all of the possible ways someone might compromise this website", and its usage here should be read as "this site doesn't yield to any of the scripts we teach the use of at the Infosec Institute, therefore it must be a custom job and super vulnerable". Granted, the thing runs on Node.js, and there might be merits to vulnerability claims predicated on its use of that particular set of idiocies, but Lampe fails to make that argument, instead falling back to the "IT professional"'s mainstay: "it's custom and ergo has a large attack surface".

Despite her campaign’s woman-first messaging, Clinton’s website seems to be built on a stereotypical “brogrammer stack” of Node.js, Rudy and other technologies…

I know—let's conflate the campaign messaging with the technologies used to build the campaign website. Firstly, this isn't a "stereotypical brogrammer stack" (whatever that would be), this is a smorgasbord of technologies that the Clinton campaign would like to see experience with from candidates. What would the team have had to write here in order to avoid the "brogrammer" claim? Are there "stereotypical babegrammer stacks" that I'm unaware of, or is this just a cheap attempt to tar Clinton's campaign with the "no true feminist in tech" brush?

Moving on, it's interesting to compare the unsubstantiated claims of the Clinton site's "large attack surface" with the one can only assume smaller attack surfaces of the other sites running WordPress. Yes, the festering open sore source PHP shitpile with a legacy of being broken and open wider for access by random derps than the village prostitute is, according to Jonathan Lampe and the Infosec Institute, more secure than something written by hand. It's not an unfair guess to make, but he presents this guess as a substantiated conclusion after failing to present evidence to support that claim.

The "infosec" industry is a bunch of script kiddies who assume that anything the scripts they downloaded from some other script kiddie can't identify and enumerate the flaws of must of necessity have a large attack surface. Pay attention to these fearmongers and snake-oil salesmen at your own risk.

iOS Secure Coding Workshop

My brief sojurn through the Infosec Institute's website revealed this lolarious gem as well. Dig:

Our classroom trainings come with a number of easy-to-understand exercises providing live hacking fun.

Once again we encounter the pernicious notion that work should be fun and easy.

REGRESSION (iOS 8): <select> values are not properly updated in a form with multiple <select>s

Apple can't ship quality software any more, doesn't address ancient and outstanding bugs, etc etc, old and tired thread.

Tern

A JavaScript code analysis engine. Looks neat, but given that 99% of JS in the wild is only accidentally able to refer to other code imported into the same page with script tags, I'm going to bet that this is pretty useless. I do have a mega-JS project sitting on my HDD right now that I could test this on…

CL-MATCH

An interesting Common Lisp library that emulates the pattern-matching functionality of Haskell or other ML languages. I just crapped out my first pile of CL (a noob project, an implementation of Stan's V), relying pretty heavily on CLOS and methods defined on the objects (more on this later when I get around to the "literate programming" post of my V implementation).

Relatedly, Clojure has a notion of "multiple arity", eg functions defined to behave differently based on the number of arguments with which they're called:

(defn my-multi-arity
  ([x] (println x))
  ([x y] (println x) (println y)))

Naively, I'd implement this in CL with generic functions:

(defmethod my-multi-arity1
  (print x))

(defmethod my-multi-arity2
  (print x)
  (print y))

But with CL-MATCH, could do something along the lines of the Clojure-style multiple arity functions. Not that I'm going to, the library in question seems more of a self-entertainment project than something ever intended to go into production. Nevertheless, a good example of how easily actual good ideas can be folded into Common Lisp, and how many of them are implemented perhaps better in the core language already.

robo terminal

Super roboticized shipping terminal—watch for the ABB box! Via Gcaptain.

Screamer

Constraint solving in Common Lisp.

Screamer: A Portable Efficient Implementation of Nondeterministic Common Lisp

In spite of the fact that Screamer's compilation techniques require global analysis, Screamer does support incremental redefinition of procedures. Screamer maintains a who-calls database to identify those code blocks requiring recompilation. Thus if f, g, and h are initially deterministic—and f calls g which in turn calls h/—redefining /h to be nondeterministic will cause Screamer to automatically recompile f and g as well after performing the appropriate CPS conversion.

Badass. Lovely example of the power of a programming language that can eat itself. Other nifty papers at the first link as well.

Magit Introduction and Demonstration

I've had the pleasure of meeting Howard Abrams a few times. The man has an exquisitely curated .emacs, and has lent me some powerful insight at least once.

It's hard to believe today, but 10 years ago Wikipedia was considered a doomed experiment run by utopian radicals.

However, it's a runaway financial and cultural success today with pages for the Dune character Chani but not MPEx.

Oil Tanker Backlog in U.S. Gulf Seen as New Symbol of Glut

I also just finished listening to the episode of Ritholtz' Masters in Business podcast with Gary Shilling, wherein (among other things) Shilling predicts that we're headed into a new world of oil production with a price bottom per barrel somewhere in the ~20/30 USD range. His reasoning being that's the marginal cost of operating the extant infrastructure, and that if the commodity wars between the OPEC cartel and the rest of the world continue, that producers will fall back away from the floor that is currently the cost required to pay for new infrastructure, and simply rely on what they have in the field.

The oil glut is reeeeeal!

  1. x string []
  2. x string) (y string []

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Reply

« veh patch: overall improvements --- CORRECTION: multiple channel patches for irc/logbot »