The Rise of Adblocking | PageFair

The Rise of Adblocking: The PageFair 2013 Report; PageFair; 2013-08-21; 11 pages.

Mentions

  • PageFair is a “free service”
  • Available since 2012-09.
  • Average ad blocking rate: 22.7%

Remediation Suggestions

<quote>One approach is to simultaneously respect your visitors while educating them about how you pay the bills. Respect them by not intruding on their attention with interstitials, animations or sounds, and by ensuring that advertising is as appropriate and relevant as possible. Educate them by discussing the problem in articles and on Twitter. You can also display targeted appeals to adblock users to ask them to do their part by whitelisting your site (a service we offer at PageFair).</quote>

Previously

Outreach

Followup

Endorsements

Discussion

Via: backfill

Software Defined Networking (SDN) versus Network Functions Virtualization (NFV)

Mentions

  • Software Defined Networking (SDN)
  • Network Functions Virtualization (NFV)
  • Seems to be Enterprise Datacenter IT Culture (SDN) vs Big Telecom Culture (NFV)
  • Something vague about Intel and 40GbE or 100GbE through the rack, unto the server via photonics.
  • Concept (per NFV)
    • Separate Customer Premises Equipment (CPE) from “our network”; the big-telecom viewpoint.
    • Carrier Ethernet Demarcation Device.
    • Network Interface Device.

Camp: NFV

Camp: SDN

Referenced

Via: backfill

Graphical

Credits in the links …

Are you ready for IPv6 insecurities? | George Kargiotakis

George Kargiotakis; Are you ready for IPv6 insecurities?; At Ath.Con; 2012-03-05; 60 slides.

Referenced

People

Mentions

  • Stateful DHCPv6
    • IA_TA
    • IA_NA
    • IA_PD
  • Stateless DHCPv6
    • SLAAC+OtherConfig Flag = 1
  • Handwringing
    • IPv6 Security Hype
    • Common Local Attacks & mitigation
    • Remote Network Scanning
    • Local Network Scanning
    • IDS/Firewalling
      • OS Support
      • IPv6 Migration
      • Security
    • Scanning IPv6 Internet
    • Tools
    • Food for thought – IPv6 Security Overview
  • Attacks
    • Address Resolution
    • Redirect
    • Duplicate Address Detection DoS
    • First-Hop Router Attack
    • Address configuration DoS
    • DHCPv6 Spoofing
  • Mitigations
    • RFC 6105 IPv6 Router Advertisement Guard; IETF; E. Levy-Abegnoli, Van de Velde (Cisco), C. Popoviciu (Technodyne), J. Mohacsi (NIIF/Hungarnet); 2011-02.
      • RA-Guard
      • L2 Protection
      • SEcure Neighbor Discovery (SEND)
    • RFC 4890 Recommendations for Filtering ICMPv6 Messages in Firewalls; IETF; E. Davis (self), J. Mohacsi (NIIF,  HUNGARNET); 2007-03.
    • RFC 3971 SEcure Neighbor Discovery (SEND); IETF; Editor: J. Arkko (Ericsson); J. Kempf (DoCoMo USA), B. Zill (Microsoft), P. Nikander (Ericsson); 2005-03.
  • Network Scanning
    • Tools of the trade
      • nmap
      • thc-ipv6: dnsrevenum6 (not included in v1.8)
      • ip6-arpa-scan.py
      • dns-ip6-arpa-scan.nse
    • mDNS
  • Best Practices
    • Block unused transition techniques
      • protocol 41
      • 192.88.99.0/24 (6to4 tunnels)
    • Deny UDP 3544 (Teredo)
    • Deny TCP & UDP 3653 (Tunnel Setup Protocol, TSP)
  • Tunnel Setup Protocol
    • Jimi Wales’ Wiki
    • RFC 5572 IPv6 Tunnel Broker with the Tunnel Setup Protocol (TSP); IETF; M. Blanchet (Viagenie), F. Parent (Beon Solutions); 2010-02.
  • Not Covered
    • Mobile IPv6
    • IPv6 over 3G (telecom)
  • Tools
    • THC-IPv6
    • scapy
    • ndisc6
    • tcpdump, wireshark
    • nmap (-6) + NSE scripts
    • nc6/socat
    • 6tunnel
    • ndpmon

Via: backfill

Defining an IPv6-Ready CPE

Mentions

  • Address types
    • Link-Local (LL)
    • Unique Local Address (ULA)
    • Global
  • NAT
  • Dual Stack
  • Multicast Proxy Daemon
  • ICMPv6 Multicast
  • Recursive DNS Server (RDNSS)
    • RFC 6106 IPv6 Router Advertisement Options for DNS Configuration; IETF; J. Jeong (Brocade, ETRI), S. Park (Samsung), L. Beloeil (France Telecom), S. Madanapalli (iRam); 2010-11.
  • Privacy Extensions
  • EUI-64
  • Stateless Address Auto-Configuration (SLAAC)
  • DHCPv6
    • Stateful
    • Stateless
    • Prefix Delegation
  • Zeroconf (IPv4)
  • Point-to-Point Protocol (PPP)
    • Assigns /64
    • Assign /127 (/128)
    • Link Control Protocol (LCP)
    • Network Control Protocol (NCP)
    • IP6CP (IPv6CP) of Point-to-Point Protocol (PPP)
      • RFC 5172 Negotiation for IPv6 Datagram Compression Using IPv6 Control Protocol; IETF; Editor: S. Varada (Transwitch); 2008-03.
      • RFC 5072 IP Version 6 over PPP; IETF; Editor: S. Varada (Transwitch); D. Haskins, E. Allen; 2007-09; Obsoletes: RFC 2472.
  • Identity Association (IA)
    • Identity Association for Non-temporary Addresses (IA_NA)
      • RFC 3315 Dynamic Host Configuration Protocol for IPv6 (DHCPv6); IETF; Editor: R. Droms (Cisco), J. Bound (HP), B. Volz (Ericsson), T. Lemon (Nominum), C. Perkins (Nokia), M. Carney (Sun); 2003-07.
    • Identity Association for Temporary Addresses (IA_TA)
      • RFC 3041 Privacy Extensions for Stateless Address Autoconfiguration in IPv6; IETF; T. Narten (IBM), R. Draves (Microsoft); 2001-01.
  • Addressing LAN Clients
    • TR-101, Issue 1, Migration to Ethernet-Based DSL Aggregation; 2006-04; 101 pages.
      See TR-101 notes, backfill.
    • Claim: Prefix is at least /56 → 72 bits per TR-177.
  • Firewall
    • Statefull
    • User (Customer) managed
  • RFC 6106 IPv6 Router Advertisement Options for DNS Configuration; J. Jeong (Brocade, ETRI), S. Park, (Samsung), L. Beloeil (France Telecom), S. Madanapalli (iRam); 2010-11; Obsoletes: RFC 5006.
  • TR-069 Issue 1, Amendment 4, CPE Wan Management Protocol, Protocol Version v1.3; 2011-07; 190 pages.
  • Access
    • 6to4
    • 6rd
    • 6in4
      • Tunnelbroker.net
      • Hexago
      • Sixxs.net
    • A+P (Address plus Port)
    • NAT64
    • Dual-Stack Lite
    • 4rd

References

Broadband Forum

  • TR-187, Issue 1, IPv6 for PPP Broadband Access
  • TR-181, Amendment 2, TR-069 Data model extension for IPv6
  • TR-177, Issue 1, IPv6 in the context of TR-101
  • TR-124 Issue 2, Functional Requirements for Broadband Residential Gateway Device

IETF

  • RFC 6555 Happy Eyeballs: Success with Dual-Stack Hosts; IETF; D. Wing, A. Yourtchenko (Cisco); 2012-04.
  • RFC 6434 IPv6 Node Requirements; IETF; E. Jankiewicz (SRI), J. Loughney (Nokia), T. Narten (IBM); 2011-12.
  • RFC 6204 Basic Requirements for IPv6 Customer Edge Routers
  • RFC 6144 Framework for IPv4/IPv6 Translation
  • RFC 6092 Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service

Source

George Kargiotakis (GENNET Broadband Solutions); Defining an IPv6-Ready CPE; In Some Conference; 2011-05; 16 slides.
Via backfill

Broadband Forum’s Technical Reports on IPv6

Technical Reports of the Broadband Forum
Selected reports … in archaeological order

  • TR-254, Issue 1, Functionality Tests for Ethernet Based Access Nodes; 2012-06; 58 pages.
  • TR-242, Issue 1, IPv6 Transition Mechanisms for Broadband Networks; 2012-08; 64 pages.
  • TR-187, Issue 2, IPv6 for PPP Broadband Access; 2013-02; 32 pages.
    • TR-187, Issue 1; 2010-05; 32 pages.
  • TR-177, Issue 1, IPv6 in the context of TR-101; 2010-11; 64 pages.
  • TR-146, Issue 1, Subscriber Sessions; 2013-05; 46 pages.
  • TR-101, Issue 1, Migration to Ethernet-Based DSL Aggregation; 2006-04; 101 pages.

Promotions


Chris Van Fossen (Hurricane Electric); Webcast 41; On YouTube; 2010-12-28; 2:04.

AMD’s Catalyst 13.8 Beta1 is busted

Revert to catalyst-13.4 and stick with Kernel 3.9

Reversion

This is an operable configuration; with 4x Hewlett-Packard ZR30w

$ rpm -q -a | grep -Ee '(catalyst|kernel-[^d])' | sort
kernel-3.9.11-200.fc18.x86_64
kernel-3.9.2-200.fc18.x86_64
kernel-modules-extra-3.9.11-200.fc18.x86_64
kernel-modules-extra-3.9.2-200.fc18.x86_64
kmod-catalyst-3.9.11-200.fc18.x86_64-13.4-2.fc18.8.x86_64
kmod-catalyst-3.9.2-200.fc18.x86_64-13.4-2.fc18.x86_64
xorg-x11-drv-catalyst-13.4-1.fc18.x86_64
xorg-x11-drv-catalyst-libs-13.4-1.fc18.x86_64

Separately

As of 2013-08-24, the use of 4K displays, e.g. the ASUS PQ321, no longer functions.  The FirePro video system forces the 4K display back to a lowrez mode.  That is fully characterized here.   A configuration with 2x HP ZR30w and 1x ASUS PQ321 worked well for weeks.  Then one day, without any updating, it stopped functioning and won’t work (even a full powercycle of all components).  The  ASUS PQ321 had to be removed from the system; 4x HP ZR30w works fine (but only with catalyst-13.4)

Official

Resolutions

  • [381120] Kernel 3.10 support
  • [379176] “Testing use only” watermark removed
    … pesky but benign relative to the lethargy and breakage of catalyst-13.8

Breakage

catalyst-13.8 is broken and unusable.

  • Only “updates” the static GNOME desktop when there is motion; e.g. mouse motion.
  • In gnome-terminal, it has the feel of working on a 1970s very slow 100-baud tty.
  • There seems to be a ~20 sec to ~30 sec timeout after which pending graphics events are flushed.
  • Putting the desktop into full compositing mode (e.g. ALT-F2) allows the X events to stream freely (e.g. video playback functions).
  • glxgears doesn’t run the gears unless ALT-F2 or the mouse is used to move the window around.
  • This is unusable.

Rumor

The symptoms are all different (and different from mine):

Preventing the GNOME (Xorg) screen from blanking to operate the Hewlett-Packard ZR30w via AMD FirePro W9000 Eyefinity

Because the Hewlett-Packard ZR30w displays do not always recover from sleep mode, it is best to keep them “always on.” When they fail to recover from sleep mode, they have “snow” and are unusable. Xorg must be killed and you have to rebuild the desktop.

Remediation
sudo systemctl restart gdm

Propylaxis

  1. gsettings set org.gnome.desktop.screensaver idle-activation-enabled false
  2. xset -dpms

Also suggested, for /etc/X11/xorg.conf

Section "ServerFlags"
    Option "BlankTime" "0"
    Option "StandbyTime" "0"
    Option "SuspendTime" "0"
EndSection

xset -dpms s off s noblank s 0 0 s noexpose
xset -q

Via: backfill

LANGSEC (Language-Theoretic Security) from 2011-2016 | Meredith Patterson


Meredith L Patterson — LANGSEC (from) 2011 to 2016; At CONFidence; On YouTube; 2013-07-25; 40:10.

Meredith Patterson; LANGSEC 2011-2016; 2013-05-29. (seems busted).

Mentions

  • Zed Shaw
  • Exemplars
    • Twitter (Rails-era)
    • Rails, generally
    • Heroku
    • Github
  • Instances
    • Protocol Buffers
    • Unicorn
    • Puma
  • James Coglan, 2013
    • think they something like that
    • WebSocket driver
  • Flash
    • runs bad malformed files
    • who cares?
    • Use case: ads
    • redirect
    • 3rd party content
  • blitzableiter.recurity.com, Recurity Labs
  • Processing Fluency
    • a concept from psychology about working memory
  • X.509 parsers
    • Dan Kaminsky
    • Moxie Marlinspike
    • Exploits
      • CSR with \0 in the 1st byte
        • Get a signed cert.
        • Cert is 0-length.
        • Use it, the browser accepts it
      • CSR with multiple CN in it
        • Get a signed cert
      • OID parsing in ASN.1
        • OpenSSL treats it as a bignum.
        • IE treats it as a smallnum.
  • Cory Doctorow; Lockdown: The coming war on general-purpose computing; Chaos Computer Congress; 2011-12.
  • Travis Goodspeed; “packet-in-packet” PHY-layer injection (ZigBee)
    • an escape-code problem.
    • A packet is wherever a SYNC occurs.
  • James Oakley, Sergey Somebodysomebody, DWARF arbitrary code execution
  • Marshall Beddoe
  • Robert David Graham, 10M Connections
  • Ragel
    • state machine compiler
  • Hammer Parser Generator
    • Disambiguation
    • Concept
      • Beyond Ragel
        • like Antlr but different.
        • like Protocol Buffers, but different.
      • Inline Domains-Specific Languages
      • Like for Haskell & Scala
        • Parser Combinators from Haskell & Scala
      • Something about bitwise parsing is handled (and nobody else does).
      • UpstandingHackers/hammer
      • the future: Sickle
        • standard library
        • file formats
        • encodings
        • codecs
  • Emscripten
  • Idris
    • Dependent Types
    • Proving security properties
    • Composable properties (subroutines?)
    • Compiles to JavaScript
      • Something about Node.js applicability
    • Like these somehow
      • Coq
      • Agda
  • Future
    • Mareitje Schaake, Dutch MEP; quoted.
    • Something about infinite war, infinite cyberwar.
    • Something about the relevance to this body of work to “preventing war.”

Robert C. Martin, Bob Martin, Uncle Bob Consulting

Uncle Bob Consulting LLC

Concepts

  • The Boy Scout Rule = leave the campground cleaner than you found it (in this analogy the code base is the analogue of the campground).
  • Agile
  • Clean Architecture (his), Hexagonal Architecture (Cockburn’s), and discussion
  • OOD (Object-Oriented Design)
  • Design Patterns
  • UML
  • TDD (Test-Driven Design)
  • Design Principles
    • Open-Closed Principle (OCP)
    • Liskov Substitution Principle (LSP)
    • Dependency Inversion Principle (DIP)
  • Booch Method

Subtleties & Religiosities

  • Scrum, Scrum != Agile
  • Flaccid Scrum; attributed to ; 2009-01-29.
  • Agile works; Agile has disciplines
  • Disciplines
    • Test Driven Development
    • Continuous Integration
    • Simple Design
    • Refactoring
    • Pair Programming.

Clean Architecture

Clean Architecture; In His Blog; 2012-08-13.

Dependency Inversion Principle

  • Definition
    1. High-level modules should not depend uponl ow-level modules. Both should depend upon abstractions.
    2. Abstractions should not depend upon details. Details should depend upon abstractions.
  • The Dependency Inversion Principle; In C++ Report; 1996-05; 12 pages.

Promotions

Apropos that one who is too sloppy to spellcheck his variable names or his comments (so there’s some value here …)

History

In his own colorful way …

Robert C. Martin; The Land that Scrum Forgot; Norwegian Developer’s Conference; 2012-11-07; 45:43.

Reviews

  • The books have lots of code listings; this is unworkable/unreadable on the kindle
    • code samples are truncated
    • missing greater-than, less-than
    • variable-width font
    • impossible to page-flip back to listing examples.

Books

Via: backfill

RTBkit

Architecture

RTBkit

Promotions

Via: backfill

Documentation

Who

Standards

  • OpenRTB
  • HTTP
  • JSON, XML

Technology

  • C++11
  • Linux
    • Ubuntu 12.04
  • NodeJS

Custer Management

Statistics

Repositories

Submodules

Forks

(mentioned)

Package

Ancillary packages …

Ubuntu
The default, including an Amazon EC config; see Getting Started
Fedora
sudo yum install -y \
ant \
autoconf \
automake \
bash-completion \
bison \
doxygen \
emacs \
flex \
gcc-c++ \
gdb \
git-core \
gperftools gperftools-devel \
blas blas-devel \
bzip2 bzip2-devel \
cairomm cairomm-devel \
cppunit cppunit-doc cppunit-devel \
cryptopp cryptopp-devel \
libevent libevent-devel libevent-doc \
icu libicu libicu-devel \
lapack lapack-devel \
xz-lzma-compat lzma-libs lzma-sdk lzma-sdk-devel \
libpng libpng-devel \
libsigc++20 libsigc++20-devel \
libtool \
make \
mm-common mm-common-docs \
java-1.7.0-openjdk java-1.7.0-openjdk-devel java-1.7.0-openjdk-javadoc \
pkgconfig \
python-devel \
python-matplotlib python-matplotlib-doc python-matplotlib-tk \
numpy \
python-setuptools \
tkinter \
python-virtualenv \
scons \
sshfs \
strace \
time \
tk tk-devel \
uuid uuid-devel \
valgrind \
npm \
$end

Nonstandard & Unresolved

ADAPTIVE Communication Environment (ACE)
Fortran
Fortran … really?
2D Layout & Typography
Really? In a highany performance bid management service?

  • cairomm (cairomm 1.0)
  • freetype

Results

Doesn’t build.

$ git clone https://github.com/rtbkit/rtbkit.git
$ cd rtbkit
$ git submodule update --init
$ cp jml-build/sample.local.mk local.mk
$ make nodejs_dependencies
$ make compile
$ make test

Annoying

Fails at make nodejs_dependencies on Fedora 18

$ make nodejs_dependencies
/bin/bash: build/x86_64/bin/libmock_exchange.so.version.mk: No such file or directory
/bin/bash: build/x86_64/bin/libaugmentor_ex.so.version.mk: No such file or directory
<snip/>
npm install .
bash: npm: command not found...

Gonna have to grind it out on the ground debugging…

$ sudo yum install -y npm
<snip/>
--> Finished Dependency Resolution
Error: Package: nodejs-request-2.25.0-1.fc18.noarch (updates)
           Requires: npm(hawk) < 0.16
           Available: nodejs-hawk-1.0.0-1.fc18.noarch (updates)
               npm(hawk) = 1.0.0
Error: Package: nodejs-request-2.25.0-1.fc18.noarch (updates)
           Requires: npm(hawk) < 0.16
           Installing: nodejs-hawk-1.0.0-1.fc18.noarch (updates)
               npm(hawk) = 1.0.0
Error: Package: nodejs-request-2.25.0-1.fc18.noarch (updates)
           Requires: npm(form-data) < 0.1
           Available: nodejs-form-data-0.1.0-1.fc18.noarch (updates)
               npm(form-data) = 0.1.0
Error: Package: nodejs-request-2.25.0-1.fc18.noarch (updates)
           Requires: npm(form-data) < 0.1
           Installing: nodejs-form-data-0.1.0-1.fc18.noarch (updates)
               npm(form-data) = 0.1.0
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

And, yup, you really really do need ACE

$ make compile
/bin/bash: build/x86_64/bin/libmock_exchange.so.version.mk: No such file or directory
/bin/bash: build/x86_64/bin/libaugmentor_ex.so.version.mk: No such file or directory
<snip/>
           [C++] jml/boosting/tools/classifier_training_tool.cc
In file included from ./jml/boosting/feature_info.h:19:0,
                 from ./jml/boosting/feature_space.h:15,
                 from ./jml/boosting/classifier_generator.h:15,
                 from ./jml/boosting/tools/classifier_training_tool.cc:23:
./jml/arch/threads.h:26:23: fatal error: ace/Token.h: No such file or directory
compilation terminated.

Overview

Statistics

  • Total: 339 files
  • Python: 4 files
  • JavaScript: 4 files
  • C++: 220 files

Python

$ find rtbkit -name .git -prune -o -name '*.py' -print | sort  | xargs wc -l
  33 rtbkit/core/banker/banker_backup.py
  54 rtbkit/core/banker/banker_restore.py
  37 rtbkit/core/router/testing/convert_keys.py
  21 rtbkit/core/router/testing/copy_keys.py
 145 total

JavaScript (NodeJS)

 $ find rtbkit -name .git -prune -o -name '*.js' -print | sort  | xargs wc -l 
   36 rtbkit/core/router/testing/rtb_new_format_test.js
  106 rtbkit/core/router/testing/rtb_router_unit_test.js
  118 rtbkit/testing/bid_request_js_segments_test.js
  234 rtbkit/testing/rtb_test_client.js
  494 total

C++

$ find rtbkit -name .git -prune -o '(' -name '*.cc' -o -name '*.h' ')' -print | sort  | xargs wc -l
     53 rtbkit/common/account_key.cc
    188 rtbkit/common/account_key.h
    486 rtbkit/common/auction.cc
    663 rtbkit/common/auction_events.cc
    238 rtbkit/common/auction_events.h
    324 rtbkit/common/auction.h
    188 rtbkit/common/augmentation.cc
     92 rtbkit/common/augmentation.h
   1312 rtbkit/common/bid_request.cc
    445 rtbkit/common/bid_request.h
    304 rtbkit/common/bids.cc
    143 rtbkit/common/bids.h
    596 rtbkit/common/currency.cc
    518 rtbkit/common/currency.h
    180 rtbkit/common/exchange_connector.cc
    342 rtbkit/common/exchange_connector.h
     75 rtbkit/common/json_holder.cc
    136 rtbkit/common/json_holder.h
    126 rtbkit/common/messages.h
    634 rtbkit/common/segments.cc
    191 rtbkit/common/segments.h
     98 rtbkit/common/tags.h
    668 rtbkit/common/testing/bid_request_synth.cc
     40 rtbkit/common/testing/bid_request_synth.h
    162 rtbkit/common/testing/bid_request_synth_test.cc
     61 rtbkit/common/testing/currency_test.cc
    297 rtbkit/common/testing/exchange_source.cc
    111 rtbkit/common/testing/exchange_source.h
    174 rtbkit/common/win_cost_model.cc
     61 rtbkit/common/win_cost_model.h
   1093 rtbkit/core/agent_configuration/agent_config.cc
    431 rtbkit/core/agent_configuration/agent_config.h
    134 rtbkit/core/agent_configuration/agent_configuration_listener.cc
    127 rtbkit/core/agent_configuration/agent_configuration_listener.h
    258 rtbkit/core/agent_configuration/agent_configuration_service.cc
    121 rtbkit/core/agent_configuration/agent_configuration_service.h
     62 rtbkit/core/agent_configuration/agent_configuration_service_runner.cc
    170 rtbkit/core/agent_configuration/blacklist.cc
     84 rtbkit/core/agent_configuration/blacklist.h
    106 rtbkit/core/agent_configuration/include_exclude.cc
    497 rtbkit/core/agent_configuration/include_exclude.h
    474 rtbkit/core/banker/account.cc
   1556 rtbkit/core/banker/account.h
    310 rtbkit/core/banker/banker.cc
    393 rtbkit/core/banker/banker.h
     84 rtbkit/core/banker/banker_service.cc
    103 rtbkit/core/banker/banker_service_runner.cc
    658 rtbkit/core/banker/master_banker.cc
    304 rtbkit/core/banker/master_banker.h
     86 rtbkit/core/banker/migration/redis_migrate.cc
    257 rtbkit/core/banker/migration/redis_migration.cc
     25 rtbkit/core/banker/migration/redis_migration.h
    275 rtbkit/core/banker/migration/redis_old_types.cc
     64 rtbkit/core/banker/migration/redis_old_types.h
    177 rtbkit/core/banker/migration/redis_rollback.cc
     24 rtbkit/core/banker/migration/redis_rollback.h
     38 rtbkit/core/banker/migration/redis_utils.cc
     17 rtbkit/core/banker/migration/redis_utils.h
    120 rtbkit/core/banker/null_banker.cc
    128 rtbkit/core/banker/null_banker.h
    544 rtbkit/core/banker/slave_banker.cc
    251 rtbkit/core/banker/slave_banker.h
    798 rtbkit/core/banker/testing/banker_account_test.cc
    156 rtbkit/core/banker/testing/banker_behaviour_test.cc
    183 rtbkit/core/banker/testing/banker_temporary_server.cc
     46 rtbkit/core/banker/testing/banker_temporary_server.h
    110 rtbkit/core/banker/testing/master_banker_test.cc
     85 rtbkit/core/banker/testing/mock_banker_persistence.cc
     44 rtbkit/core/banker/testing/mock_banker_persistence.h
    111 rtbkit/core/banker/testing/redis_banker_deadlock_test.cc
    144 rtbkit/core/banker/testing/redis_banker_race_test.cc
    585 rtbkit/core/banker/testing/redis_banker_test.cc
    302 rtbkit/core/banker/testing/redis_persistence_test.cc
    394 rtbkit/core/banker/testing/slave_banker_test.cc
     98 rtbkit/core/monitor/monitor_client.cc
     78 rtbkit/core/monitor/monitor_client.h
    211 rtbkit/core/monitor/monitor_endpoint.cc
     67 rtbkit/core/monitor/monitor_endpoint.h
     51 rtbkit/core/monitor/monitor_indicator.h
     67 rtbkit/core/monitor/monitor_provider.cc
     64 rtbkit/core/monitor/monitor_provider.h
     59 rtbkit/core/monitor/monitor_service_runner.cc
     70 rtbkit/core/monitor/testing/mock_monitor_provider.h
    168 rtbkit/core/monitor/testing/monitor_behaviour_test.cc
     96 rtbkit/core/monitor/testing/monitor_client_test.cc
    139 rtbkit/core/monitor/testing/monitor_endpoint_test.cc
   1556 rtbkit/core/post_auction/post_auction_loop.cc
    476 rtbkit/core/post_auction/post_auction_loop.h
     64 rtbkit/core/post_auction/post_auction_runner.cc
    647 rtbkit/core/router/augmentation_loop.cc
    163 rtbkit/core/router/augmentation_loop.h
     10 rtbkit/core/router/configuration_service_runner.cc
     67 rtbkit/core/router/profiler.h
   2819 rtbkit/core/router/router.cc
    674 rtbkit/core/router/router.h
     87 rtbkit/core/router/router_rest_api.cc
     42 rtbkit/core/router/router_rest_api.h
    147 rtbkit/core/router/router_runner.cc
     55 rtbkit/core/router/router_runner.h
    173 rtbkit/core/router/router_stack.cc
    180 rtbkit/core/router/router_stack.h
    280 rtbkit/core/router/router_types.cc
    360 rtbkit/core/router/router_types.h
    134 rtbkit/core/router/testing/augmentation_test.cc
    118 rtbkit/core/router/testing/pending_list_test.cc
    539 rtbkit/core/router/testing/router_banker_test.cc
     54 rtbkit/core/router/testing/rtb_router_leak_test.cc
     87 rtbkit/examples/adserver_endpoint.cc
    211 rtbkit/examples/augmentor_ex.cc
     73 rtbkit/examples/augmentor_ex.h
     58 rtbkit/examples/augmentor_ex_runner.cc
    140 rtbkit/examples/bidding_agent_console.cc
    235 rtbkit/examples/bidding_agent_ex.cc
    132 rtbkit/examples/bid_request_endpoint.cc
    137 rtbkit/examples/data_logger_ex.cc
    172 rtbkit/examples/integration_endpoints.cc
     19 rtbkit/examples/mock_exchange_connector.cc
    111 rtbkit/examples/mock_exchange_connector.h
    382 rtbkit/examples/rtbkit_integration_test.cc
     93 rtbkit/examples/standalone_bidder_ex.cc
    229 rtbkit/js/auction_js.cc
     24 rtbkit/js/auction_js.h
    156 rtbkit/js/banker_js.cc
     30 rtbkit/js/banker_js.h
    301 rtbkit/js/bidding_agent_js.cc
     30 rtbkit/js/bidding_agent_js.h
   1822 rtbkit/js/bid_request_js.cc
     64 rtbkit/js/bid_request_js.h
    227 rtbkit/js/bids_js.cc
     40 rtbkit/js/bids_js.h
     46 rtbkit/js/config_validator_js.cc
    168 rtbkit/js/currency_js.cc
     49 rtbkit/js/currency_js.h
     33 rtbkit/js/rtb_js.cc
     19 rtbkit/js/rtb_js.h
    443 rtbkit/js/rtb_router_js.cc
     82 rtbkit/js/win_cost_model_js.cc
     31 rtbkit/js/win_cost_model_js.h
     61 rtbkit/openrtb/openrtb.cc
   1119 rtbkit/openrtb/openrtb.h
    313 rtbkit/openrtb/openrtb_parsing.cc
    350 rtbkit/openrtb/openrtb_parsing.h
    221 rtbkit/plugins/adserver/adserver_connector.cc
    105 rtbkit/plugins/adserver/adserver_connector.h
     69 rtbkit/plugins/adserver/adserver_runner.cc
    187 rtbkit/plugins/adserver/http_adserver_connector.cc
    110 rtbkit/plugins/adserver/http_adserver_connector.h
     99 rtbkit/plugins/adserver/mock_adserver_connector.cc
     56 rtbkit/plugins/adserver/mock_adserver_connector.h
    103 rtbkit/plugins/adserver/mock_win_source.cc
     27 rtbkit/plugins/adserver/mock_win_source.h
    264 rtbkit/plugins/adserver/standard_adserver_connector.cc
     65 rtbkit/plugins/adserver/standard_adserver_connector.h
     83 rtbkit/plugins/adserver/standard_win_source.cc
     27 rtbkit/plugins/adserver/standard_win_source.h
    324 rtbkit/plugins/augmentor/augmentor_base.cc
    263 rtbkit/plugins/augmentor/augmentor_base.h
    135 rtbkit/plugins/augmentor/redis_augmentor.cc
     72 rtbkit/plugins/augmentor/redis_augmentor.h
    145 rtbkit/plugins/augmentor/testing/augmentor_stress_test.cc
    233 rtbkit/plugins/augmentor/testing/redis_augmentor_test.cc
    584 rtbkit/plugins/bidding_agent/bidding_agent.cc
    295 rtbkit/plugins/bidding_agent/bidding_agent.h
    400 rtbkit/plugins/bid_request/appnexus_bid_request.cc
     43 rtbkit/plugins/bid_request/appnexus_bid_request.h
    249 rtbkit/plugins/bid_request/appnexus.h
     40 rtbkit/plugins/bid_request/appnexus_openrtb_mapping.h
    236 rtbkit/plugins/bid_request/appnexus_parsing.cc
     88 rtbkit/plugins/bid_request/appnexus_parsing.h
     86 rtbkit/plugins/bid_request/fbx_bid_request.cc
     44 rtbkit/plugins/bid_request/fbx_bid_request.h
    180 rtbkit/plugins/bid_request/fbx.h
     92 rtbkit/plugins/bid_request/fbx_parsing.cc
     63 rtbkit/plugins/bid_request/fbx_parsing.h
    116 rtbkit/plugins/bid_request/mock_bid_source.cc
     51 rtbkit/plugins/bid_request/mock_bid_source.h
    246 rtbkit/plugins/bid_request/openrtb_bid_request.cc
     44 rtbkit/plugins/bid_request/openrtb_bid_request.h
    102 rtbkit/plugins/bid_request/openrtb_bid_source.cc
     36 rtbkit/plugins/bid_request/openrtb_bid_source.h
    206 rtbkit/plugins/bid_request/testing/appnexus_bid_request_test.cc
    368 rtbkit/plugins/bid_request/testing/fbx_bid_request_test.cc
    382 rtbkit/plugins/bid_request/testing/openrtb_bid_request_test.cc
    112 rtbkit/plugins/data_logger/data_logger.cc
     63 rtbkit/plugins/data_logger/data_logger.h
    815 rtbkit/plugins/exchange/adx_exchange_connector.cc
    147 rtbkit/plugins/exchange/adx_exchange_connector.h
    176 rtbkit/plugins/exchange/appnexus_exchange_connector.cc
     62 rtbkit/plugins/exchange/appnexus_exchange_connector.h
    159 rtbkit/plugins/exchange/fbx_exchange_connector.cc
     60 rtbkit/plugins/exchange/fbx_exchange_connector.h
    293 rtbkit/plugins/exchange/gumgum_exchange_connector.cc
     74 rtbkit/plugins/exchange/gumgum_exchange_connector.h
    624 rtbkit/plugins/exchange/http_auction_handler.cc
    157 rtbkit/plugins/exchange/http_auction_handler.h
    325 rtbkit/plugins/exchange/http_exchange_connector.cc
    264 rtbkit/plugins/exchange/http_exchange_connector.h
    251 rtbkit/plugins/exchange/openrtb_exchange_connector.cc
     70 rtbkit/plugins/exchange/openrtb_exchange_connector.h
    268 rtbkit/plugins/exchange/rubicon_exchange_connector.cc
     73 rtbkit/plugins/exchange/rubicon_exchange_connector.h
    165 rtbkit/plugins/exchange/testing/gumgum_exchange_connector_test.cc
    331 rtbkit/plugins/exchange/testing/rubicon_exchange_connector_test.cc
    118 rtbkit/testing/agent_configuration_test.cc
    188 rtbkit/testing/augmentation_list_test.cc
    638 rtbkit/testing/bid_aggregator_test.cc
     68 rtbkit/testing/bid_request_test2.cc
     94 rtbkit/testing/bid_stack.h
    202 rtbkit/testing/generic_exchange_connector.cc
     76 rtbkit/testing/generic_exchange_connector.h
     32 rtbkit/testing/historical_bid_request_test.cc
    207 rtbkit/testing/json_feeder.cc
    203 rtbkit/testing/json_listener.cc
      7 rtbkit/testing/json_listener.h
    164 rtbkit/testing/mock_exchange.cc
     75 rtbkit/testing/mock_exchange.h
     54 rtbkit/testing/mock_exchange_runner.cc
    215 rtbkit/testing/static_filtering_test.cc
    214 rtbkit/testing/test_agent.h
     86 rtbkit/testing/win_cost_model_test.cc
  51804 total

Personalization & Interest Graphs

Data Sources

a.k.a. pure-play (3rd-party) data providers

  • Expect Labs
  • Google Now
  • Gravity
    • Amit Kapur, CEO
  • MIT Media Lab
  • Nara, Nara.me, Nara Logics, Inc.
    • A cluster of companies, perhaps
    • Tom Copeman, founder
    • Nathan Wilson, CTO
    • Digital DNATM; trade name of the auto-generated profiles
    • Something about a neural network in “big processes”
    • Why? <quote>“The solution we came up with for Nara is called the ‘why’ button,” Nathan Wilson says. “If a user clicks on this, it will tell them what connections the neural network drew on to make a particular suggestion.”</quote> ref
    • Major customer: SingTel
  • Outbrain
  • Ranker
  • Syntertainment
    • Will Wright
    • Term: “decimated reality,” reality aggregator; contra “augmented reality”

Products

Users of the data sources

Theory

Attributions are from the TNW articles, not the promotions of the works.

Promotions

Largely recirculating against their own (TNW) material …  The NSA, Guardian, PRISM stuff seems to be there because of some sort of privacy angle, and it recirculates well.

Susan Patton, and then came the blowback and forth, and forth and back

After Ms. Patton’s outburst, the chattering classes are still going at it … months later … In fact the mommy track concept has been up for ping-pong debate for more than half a decade now … in fact one can say that this subject is evergreen …

In archaeological order (original at the bottom)

Responses

Original Trigger

Susan Patton; Advice for the young women of Princeton: the daughters I never had; letter to the editor of the Daily Princetonian; 2013-03-29; landing.

The Previous Generation

  • ; Marry Him!; In The Atlantic; 2008-03-01; 5800 words (very long)
    Teaser: The case for settling for Mr. Good Enough
    Mentions

    • Why Smart Men Marry Smart Women, a book, 2007.
    • Men Are Like Fish: What Every Woman Needs to Know About Catching a Man
    • Find a Husband After 35 Using What I Learned at Harvard Business School.
    • Mikki Morrissette; Choosing Single Motherhood: The Thinking Woman’s Guide,

Expect Labs, MindMeld

Expect Labs and MindMeld Logos

Product

  • MindMeld
    • iOS only
  • Facebook login
    • Identify contacts for a group
  • Audio signalling, framing:
    • start OK MindMeld
    • end: silence
  • Features
    • Sharing with the group
    • Group conversations
    • Shared screens
  • Something about
    • ambient speec recognition
    • natural language processing
    • immediate search query response
    • output as cards
    • cards layered on a timeline
    • scrollable.

Background

  • 10 patents
  • 12 employees
  • Funding: $4.8 million (nobody knows)
  • Affiliations:
    • Samsung
    • Telefonica
    • Google

Concept

  • Anticipatory Computing Engine
  • continuous, context-driven search engine technology
  • Machine learning with multiple sensors, multiple factors; outputs recommendations.

Who

  • Tim Tuttle, CEO, founder
  • Marsal Gavaldà, ex-Nexidia, “a researcher”
  • Simon Handley, ex-DNANexus, machine learning
  • Pete Kocks, scalability

Referenced

  • Siri, it’s “like Siri” “but different”

Promotions

Groklaw Shutdown Announcement ‘Forced Exposure’ | Pamela Jones

Pamela Jones; Forced Exposure; Groklaw; 2013-08-20.

Mentions

  • tl;dr => and with this, I fall on my sword.  Bye.
  • Something about being a newbie in New York, about being burgled in New York.
  • Something about her underwear (srsly!)
  • Off to CH (via email) where they respect privacy.

Referenced

Google Open Bidder

Mentions

  • In beta now, 2013-08.
    • The beta is “closed,” you need an invite.
    • Was announced at alpha at Google I/O 2013.
  • Google Compute Engine (GCE)
  • Google App Engine
  • Prediction API

Technology

  • Google Open Bidder; at Google Code.  The beta is closed, remember?
    403. That’s an error.
    Your client does not have permission to get URL /p/google-open-bidder/ from this server. That’s all we know.
  • Java 7 (OpenJDK ok; Oracle Java not required)
  • Maven 3.1.0
  • Protocol Buffers 2.5.0
  • Puppet

References

Source: Google, unless otherwise noted.

Promotions

Via: backfill

The War on Football: Saving America’s Game | Daniel Flynn

Daniel J. Flynn; The War on Football: Saving America’s Game; Regnery; 2013-08-19; 256 pages; kindle: $15.

Promotions

Biography

Background

Previously

Daniel Flynn;

Modules in C++ | N3347=12-0037

Daveed Vandevoorde; Modules in C++; n3347; Revision 6; 2012-01-11; 23 pages.

Syntax

import modulename; (semicolon)
import modulename.partitionname; (semicolon)
import {
    ... declarations ...
}
export modulename: (colon)
export modulename.partitionname: (colon)
public:
private:
(not protected:)

Properties

  • New name class:
    • module name
    • similar to namespace name, class name, enum name, etc.
  • Module names may look like nested namespace qualifiers
    • but are not nested namespace qualifiers
    • e.g. module Boost::MPL might contain
      namespace Boost {
        namespace MPL {
          ...declarations...
        }
      }
  • Module declarations must precede all other declarations.
  • Module names are not namespace names; they cannot be used as qualifiers in a qualified name
  • Inline imports are not members of any module and are thus not exportable.
  • A module may span multiple translation units.
  • The module import dependency order is necessarily a partial order.
  • The module dependency order provides for accurate initialization guarantees.

Implied Invariants & Requirements

  • The dependencies among partitions within a module must form a directed acyclic graph.
  • Within a module partition the module variables are initialized in the order currently specified for a translation unit (see [basic.start.init] §3.6.2). The module variables and local static variables of a program are destroyed in reverse order of initialization (see [basic.start.term] §3.6.3)
  • Every import directive implicitly defines anonymous namespace scope variables associated with each module partition being imported. These variables require dynamic initialization. The first of such variables associated with a partition to be initialized triggers by its initialization the initialization of the associated partition; the initialization of the other variables associated with the same partition is without effect.
  • In modules, public entities cannot have internal linkage.
  • An imported class type is incomplete unless its definition was public or a public declaration requires the type to be complete.
  • Outside the module containing a derived class, its private base classes are not considered for derived-to-base or base-to-derived conversions.

Considerations

  • Build-time considerations.
  • How will make work?

Options

-M /path/location
The location of modules for use, like a -I searchpath?
-X /path/location
Where the module is to be created for later use.

Mentions

  • Precompiled Interface File (PIF)
  • <quote>An internal project at Intel has been tracking the ratio of C++ code in “.cpp” files to the amount of code in header files: In the early nineties, header files only contained about 10% of all that project’s code; a decade later, well over half the code resided in header files.</quote>
  • common template instantiation strategies
    • greedy
    • queried
    • iterated

Cited

  • N1400 Toward standardization of dynamic libraries; Matt Austern; 2002.
  • N1602 Class Scope Using Declarations & private Members; Francis Glassborow; 2004.
  • N1614 #scope: A simple scoping mechanism for the C/C++ preprocessor; Bjarne Stroustrup; 2004.
  • N1664 Toward Improved Optimization Opportunities in C++0X; Walter E. Brown, Marc F. Paterno; 2004.

openPDS – The privacy-preserving Personal Data Store

Buzzy Terms

  • A full Trust Network reference platform.
  • Privacy-preserving group computation.

Concept

  • A Personal Data Store (PDS) is a service (a server) that answers questions, rather than aggregating and (re-)serving a profile.
  • Respond to questions about claims; e.g. is over 18, is-righthanded, has driver license.

Mentions

Via backfill

ID3 Popularizations

References

Code

Implementations of a PDS to hold personal data, and provide answers to questions about that data.

HumanDynamics/openPDS

  • 16624 LOC overall
  • 2801 LOC Python
  • 4255 LOC JavaScript
$ find openPDS -name .git -prune -o -print | sort
openPDS
openPDS/celerytest
openPDS/celerytest/__init__.py
openPDS/celerytest/models.py
openPDS/celerytest/task.py
openPDS/celerytest/tests.py
openPDS/celerytest/views.py
openPDS/conf
openPDS/conf/requirements.txt
openPDS/.gitignore
openPDS/LICENSE.txt
openPDS/manage.py
openPDS/oms_pds
openPDS/oms_pds/apache
openPDS/oms_pds/apache/django.wsgi
openPDS/oms_pds/authentication.py
openPDS/oms_pds/authorization.py
openPDS/oms_pds/discovery
openPDS/oms_pds/discovery/__init__.py
openPDS/oms_pds/discovery/urls.py
openPDS/oms_pds/discovery/views.py
openPDS/oms_pds/django-crossdomainxhr-middleware.py
openPDS/oms_pds/extract-user-middleware.py
openPDS/oms_pds/forms
openPDS/oms_pds/forms/__init__.py
openPDS/oms_pds/forms/settingsforms.py
openPDS/oms_pds/__init__.py
openPDS/oms_pds/pds
openPDS/oms_pds/pds/api.py
openPDS/oms_pds/pds/create.py
openPDS/oms_pds/pds/fixtures
openPDS/oms_pds/pds/fixtures/initial_data.json
openPDS/oms_pds/pds/forms.py
openPDS/oms_pds/pds/__init__.py
openPDS/oms_pds/pds/models.py
openPDS/oms_pds/pds/templatetags
openPDS/oms_pds/pds/templatetags/__init__.py
openPDS/oms_pds/pds/templatetags/mustache.py
openPDS/oms_pds/pds/templatetags/straight_include.py
openPDS/oms_pds/pds/templatetags/verbatim.py
openPDS/oms_pds/pds/tests.py
openPDS/oms_pds/pds/tools.py
openPDS/oms_pds/pds/urls.py
openPDS/oms_pds/pds/views.py
openPDS/oms_pds/settings.py
openPDS/oms_pds/settings.py.orig
openPDS/oms_pds/sharing
openPDS/oms_pds/sharing/fixtures
openPDS/oms_pds/sharing/fixtures/initial_data.json
openPDS/oms_pds/sharing/forms
openPDS/oms_pds/sharing/forms/__init__.py
openPDS/oms_pds/sharing/forms/settingsforms.py
openPDS/oms_pds/sharing/__init__.py
openPDS/oms_pds/sharing/models.py
openPDS/oms_pds/sharing/urls.py
openPDS/oms_pds/sharing/views.py
openPDS/oms_pds/static
openPDS/oms_pds/static/css
openPDS/oms_pds/static/css/audit.css
openPDS/oms_pds/static/css/bootstrap.css
openPDS/oms_pds/static/css/bootstrap.min.css
openPDS/oms_pds/static/css/bootstrap-responsive.css
openPDS/oms_pds/static/css/bootstrap-responsive.min.css
openPDS/oms_pds/static/css/jquery.ui.datepicker.mobile.css
openPDS/oms_pds/static/css/sharing.css
openPDS/oms_pds/static/css/style.css
openPDS/oms_pds/static/img
openPDS/oms_pds/static/img/glyphicons-halflings.png
openPDS/oms_pds/static/img/glyphicons-halflings-white.png
openPDS/oms_pds/static/js
openPDS/oms_pds/static/js/admin.js
openPDS/oms_pds/static/js/audit.js
openPDS/oms_pds/static/js/backbone-min.js
openPDS/oms_pds/static/js/backbone-tastypie.js
openPDS/oms_pds/static/js/bootstrap.js
openPDS/oms_pds/static/js/bootstrap.min.js
openPDS/oms_pds/static/js/box.js
openPDS/oms_pds/static/js/heatmap-gmaps.js
openPDS/oms_pds/static/js/heatmap.js
openPDS/oms_pds/static/js/ICanHaz.min.js
openPDS/oms_pds/static/js/jQuery.ui.datepicker.js
openPDS/oms_pds/static/js/jquery.ui.datepicker.mobile.js
openPDS/oms_pds/static/js/modernizr.custom.56582.js
openPDS/oms_pds/static/js/radialScriptRealityAnalysis.js
openPDS/oms_pds/static/js/radialScriptSimple.js
openPDS/oms_pds/static/js/role.js
openPDS/oms_pds/static/js/sharing.js
openPDS/oms_pds/static/js/underscore-min.js
openPDS/oms_pds/tastypie_mongodb
openPDS/oms_pds/tastypie_mongodb/__init__.py
openPDS/oms_pds/tastypie_mongodb/resources.py
openPDS/oms_pds/templates
openPDS/oms_pds/templates/auditEntryTemplate.mustache
openPDS/oms_pds/templates/audit.html
openPDS/oms_pds/templates/backboneLayout.html
openPDS/oms_pds/templates/base.html
openPDS/oms_pds/templates/discovery
openPDS/oms_pds/templates/discovery/members.html
openPDS/oms_pds/templates/home.html
openPDS/oms_pds/templates/permissions.html
openPDS/oms_pds/templates/purpose.html
openPDS/oms_pds/templates/reality_analysis
openPDS/oms_pds/templates/reality_analysis/reality_analysis
openPDS/oms_pds/templates/reality_analysis/reality_analysis/boxPlot.html
openPDS/oms_pds/templates/reality_analysis/reality_analysis/login.html
openPDS/oms_pds/templates/reality_analysis/reality_analysis/map.html
openPDS/oms_pds/templates/reality_analysis/reality_analysis/morley.csv
openPDS/oms_pds/templates/reality_analysis/reality_analysis/settings.html
openPDS/oms_pds/templates/reality_analysis/reality_analysis/simpleDialog2
openPDS/oms_pds/templates/reality_analysis/reality_analysis/simpleDialog2/jquery.mobile.simpledialog2.min.js
openPDS/oms_pds/templates/reality_analysis/reality_analysis/simpleDialog2/jquery.mobile.simpledialog.min.css
openPDS/oms_pds/templates/reality_analysis/reality_analysis/simpleRadial.html
openPDS/oms_pds/templates/reality_analysis/reality_analysis/visualizationCSS.css
openPDS/oms_pds/templates/reality_analysis/reality_analysis/visualization.html
openPDS/oms_pds/templates/roles.html
openPDS/oms_pds/templates/roleTemplate.mustache
openPDS/oms_pds/templates/sharing
openPDS/oms_pds/templates/sharing/edit.html
openPDS/oms_pds/templates/sharing/sharingTemplate.mustache
openPDS/oms_pds/templates/sharing/sharingThumbTemplate.mustache
openPDS/oms_pds/templates/sharing/update.html
openPDS/oms_pds/templates/trust
openPDS/oms_pds/templates/trust/add.html
openPDS/oms_pds/trust
openPDS/oms_pds/trust/fixtures
openPDS/oms_pds/trust/fixtures/initial_data.json
openPDS/oms_pds/trust/__init__.py
openPDS/oms_pds/trust/models.py
openPDS/oms_pds/trust/urls.py
openPDS/oms_pds/trust/views.py
openPDS/oms_pds/urls.py
openPDS/oms_pds/views.py
openPDS/oms_pds/wsgi.py
openPDS/README.md

SSL, TLS & Perfect Forward Secrecy

Mentions

  • CRL
  • OSCP
  • Perfect Forward Secrecy (PFS)
  • Elliptic Curve Cryptography (ECC)

Protocols

  • HTTPS
  • SSL
  • TLS

Theory

Algorithms

  • AES128-SHA

Perfect Forward Secrecy (PFS)

  • DHE-RSA-AES128-SHA
  • ECDHE-RSA-AES128-SHA
  • DHE-RSA-AES128-SHA

Cipher Suites

  • ECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHA
    • Optional
  • ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:EDH-DSS-DES-CBC3-SHA
    • Required

Standards

  • RFC 6090 Fundamental Elliptic Curve Cryptography Algorithms; D. McGrew (Cisco), K. Igoe, M. Salter (NSA); 2011-02.
  • RFC 5246 The Transport Layer Security (TLS) Protocol, Version 1.2; T. Dierks (self), E. Rescoria (RTFM); 2008-08.
  • RFC 5077 Transport Layer Security (TLS) Session Resumption without Server-Side State; J. Salowey (Cisco), H. Zhou (Cisco), P. Eronen (Nokia), H. Tschofenig (Nokia Siemens); 2008-01.
  • RFC 4492 Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS); S. Blake-Wilson (SafeNet), N. Bolyard (Sun), V. Gupta (Sun), C. Hawk (Corriente), B. Moeller (Ruhr-Uni Bochum), 2006-05.
  • NIST P-256
  • NIST P-521
  • NIST P-224

Patents

Who

  • Bodo Möller, Emilia Käsper  (Google), Adam Langley (Google) => 64bit optimized versions of NIST P-224, P-256 and P-521 for OpenSSL
  • Emilia Käsper (Google)

Package Support

OpenSSL

Yet Fedora does not have ECC in OpenSSL

$ openssl ciphers ECDH
Error in cipher list
139915857282912:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1314:
$ rpm -q openssl
openssl-1.0.1e-4.fc18.x86_64
$ cat /etc/fedora-release 
Fedora release 18 (Spherical Cow)

Mozilla Network Security Services (NSS)

  • Version?

Client Support

Support for NIST P-256, P-384 and P-521

  • “Recent” versions of Firefox and Chrome (circa 2011-11) “should”
  • “Most” versions, Internet Explorer do not support

Server Support

Apache httpd

  • httpd-2.3.3
  • ensure the order of cipher suites is respected.
    • SSLHonorCipherOrder on
  • Curve is what?
    • Specify with what?

nginx

  • nginx-1.0.6.
  • nginx-1.1.0.
  • ensure the order of cipher suites is respected.
    • ssl_prefer_server_ciphers on.
  • Curve is NIST P-256
    • Specify with ssl_ecdh_curve

stud

  • pull/61; Adding support for ECDHE in stud

Cited & Referenced

General

Implementation

Background

Indirect

Cited in Cryptographic Key Length Recommendation

Via & transitively via: backfill, backfill. backfill