A recent post on Reactive Programming triggered discussions about what is and isn’t considered Reactive Logic. In fact, many have already discovered that Reactive Programming can help improve quality and transparency, reduce programming time and decrease maintenance. But for others, it raises questions like:
- How does Reactive differ from conventional event-oriented programming?
- Isn’t Reactive just another form of triggers?
- What kind of an improvement in coding can you expect using Reactive and why?
So to help clear things up, here is a real-life example that will show the power and long-term advantages Reactive offers. In this scenario, we’ll compare what it takes to implement business logic using Reactive Programming versus two different conventional procedural Programming models: Java with Hibernate and MySQL triggers.
Zero-Day Flaws Found, Patched In Siemens Switches
The Siemens switch zero-day vulnerabilities are in the Web server interface to the devices. The researcher says the first of the two zero-day flaws he found in the Siemens SCALANCE X-200 switch was basic: a poorly constructed session ID setup, which would allow an attacker to hijack an administrative session on the switch without credentials. The session ID basically exposes the client’s IP address so an attacker could then hijack the admin’s Web-based session while managing the switch. “But you don’t log onto these switches very often — maybe once a year– so, in that sense, it’s a weak vulnerability,” he says.
The more critical zero-day Leverett found in the switch was the second one, which would let an attacker take over the admin operations of the switch — no authentication required. The attacker could then download any network configuration information, or upload a malware-ridden firmware update, for example, Leverett says. “The device assumes if you know the URL, you must have authentication. But it never asks you to authenticate [for it],” he says.
via Zero-Day Flaws Found, Patched In Siemens Switches — Dark Reading.
xkcd 1313: Regex Golf
I found that the hover text, “/bu|[rn]t|[coy]e|[mtg]a|j|iso|n[hl]|[ae]d|lev|sh|[lnd]i|[po]o|ls/ matches the last names of elected US presidents but not their opponents.“, contains a confusing contradiction. There are several last names (like “Nixon”) that denote both elected presidents and opponents. So no regular expression could both match and not match “Nixon”. I could only assume that Randall meant for these names to be winners and not losers (and in fact he later confirmed that was the correct interpretation).
So that got me thinking: can I come up with an algorithm to find a short regex that covers the winners and not the losers?
I started by finding a page that lists winners and losers of US presidential elections through 2000. Adding the 2004-2012 results I get: …
Apparently there is a Regex Golf game.
Type a regex in the box. You get ten points per correct match. Hit Enter to go to the next ‘level’.
Nook sales crashed by over 66 percent during 2013 holiday season
On Thursday, Barnes & Noble announced that “device and accessories sales” plummeted to $88.7 million during the October through December 2013 holiday period, a drop of 66.7 percent. The company attributed the drop to “lower unit selling volume and lower average selling prices.” Of course, that’s prime shopping season, when most retailers see a spike in sales. The company added that “digital content sales” were $36.5 million during the same time frame, a drop of 27.3 percent.
via Nook sales crashed by over 66 percent during 2013 holiday season | Ars Technica.
Weaknesses – Bitcoin
An attacker that controls more than 50% of the network’s computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:
- Reverse transactions that he sends while he’s in control. This has the potential to double-spend transactions that previously had already been seen in the block chain.
- Prevent some or all transactions from gaining any confirmations
- Prevent some or all other miners from mining any valid blocks
via Weaknesses – Bitcoin.
With less than 50%, the same kind of attacks are possible, but with less than 100% rate of success. For example, someone with only 40% of the network computing power can overcome a 6-deep confirmed transaction with a 50% success rate.
Many eyes on Earth
By contrast, the swarm satellites’ cameras will always be on, photographing everything in their path and, owing to their numbers, will pass over the same points on Earth with a frequency of hours to a few days, depending on latitude.
The biggest customers of conventional commercial imaging satellites are governments, in particular intelligence agencies and the military. Prices can be prohibitive for many other potential users, including researchers,
via Many eyes on Earth : Nature News & Comment.
Because the swarms are still to be launched, scientists have yet to fully assess the quality of the imagery. But the satellites’ spatial resolutions of 1–5 metres are much higher than those of most scientific satellites. Landsat, NASA’s Earth-observation workhorse, for example, has a resolution of 15–100 metres depending on the spectral frequency, with 30 metres in the visible-light range.
How Not To Sort By Average Rating
PROBLEM: You are a web programmer. You have users. Your users rate stuff on your site. You want to put the highest-rated stuff at the top and lowest-rated at the bottom. You need some sort of “score” to sort by.
via How Not To Sort By Average Rating.
CORRECT SOLUTION: Score = Lower bound of Wilson score confidence interval for a Bernoulli parameter
Say what: We need to balance the proportion of positive ratings with the uncertainty of a small number of observations. Fortunately, the math for this was worked out in 1927 by Edwin B. Wilson. What we want to ask is: Given the ratings I have, there is a 95% chance that the “real” fraction of positive ratings is at least what? Wilson gives the answer. Considering only positive and negative ratings (i.e. not a 5-star scale), the lower bound on the proportion of positive ratings is given by:
Backtracking, justifications, and the shitty shoe shuffle, but how will the world respond?
As I know many of you know Huawei were investigated by the American Congress and we were given a “clean bill of health”. Well as journalists and analysts said “lots of ifs buts and maybe’s but no evidence of wrongdoing”, or my favourite “a report for vegetarians, no meat”, so in my definition no evidence of wrongdoing is a clean bill of health. Based on this lack of evidence of any wrongdoing, the American Congress said that Huawei should not be allowed into America, so based on all of these revelations, and there will be many more on America, should all other Governments ban American technology companies, especially Cisco and Juniper given their position in critical infrastructures?
a P2P microblogging platform
This paper proposes a new microblogging architecture based on peer-to-peer networks overlays. The proposed platform is comprised of three mostly independent overlay networks. The first provides distributed user registration and authentication and is based on the Bitcoin protocol. The second one is a Distributed Hash Table DHT overlay network providing key/value storage for user resources and tracker location for the third network. The last network is a collection of possibly disjoint “swarms” of followers, based on the Bittorrent protocol, which can be used for efficient near-instant notification delivery to many users. By leveraging from existing and proven technologies, twister provides a new microblogging platform offering security, scalability and privacy features. A mechanism provides incentive for entities that contribute processing time to run the user registration network, rewarding such entities with the privilege of sending a single unsolicited “promoted” message to the entire network. The number of unsolicited messages per day is defined in order to not upset users.
via [1312.7152] twister – a P2P microblogging platform.
Reverse engineering my bank’s security token
The toolset
Reverse engineering Android apps requires a few software tools. Here’s what I used for this project:
- Android SDKProvides the adb command-line tool, which can pull APKs, data files and settings from the phone.
- dex2jarConverts Android’s Dalvik executables into JARs, which are easier to reverse engineer.
- JD, JD-GUIAn excellent Java bytecode decompiler.
- EclipseA Java IDE to validate discoveries during the reverse engineering process.
via Reverse engineering my bank’s security token | Thiago Valverde.