Do We Still Need Third-Party Ad Servers? | AdExchanger

Marcus Pratt (Mediasmith); Do We Still Need Third-Party Ad Servers?; In Ad Exchanger; 2013-09-24.
Marcus Pratt is director of insights and technology at Mediasmith.


  • tl;dr => per Betteridge’s Law, He answers “No.”  But waffles.
  • Ends the essay with a question <quote>But will they? Can the ad server adapt or will it become part of a legacy, commoditized technology stack?</quote>


  • Microsoft acquires aQuantive (Atlas, DrivePM, Avenue A/Razorfish) circa 2007
  • Google acquires DoubleClick 2007
  • The purpose of a 3rd-party ad server is
    • bookkeeping of record (impression counting, etc.)
    • unified reporting
    • conversion tracking
  • Changes and impacts remove the ad server as a central bookkeeping clearing point
    • Viewability => selling by accredited viewability metrics (MRC accredited viewability) means numbers-of-record are with the viewability assessor, not the ad server
    • Attribution modeling => multitouch attribution, custom attribution models require full-data (“big data”) access to primary logs by service providers.
  • Opportunities to support the category, rejuvenate the concept
    • Tag Management
      • DoubleClick Floodlight tags
      • Google AdWords “smarter tags”
      • BrightTag
      • Tealium
    • Verification => brand safety, delivery validation & proofing
      • Doubleverify
      • Integral Ad Science
    • Privacy, Notification & Regulatory Compliance
      • Evidon

Via: backfill

Why we need a ‘Don Draper’ mentality to redistribute $200B in TV ad spending from broadcast to the web | Menlo Ventures on VentureBeat

Shawn Carolan, Derek Chu; Why we need a ‘Don Draper’ mentality to redistribute $200B in TV ad spending from broadcast to the web; In VentureBeat; 2013-09-28.

Shawn Carolan is a managing director at Menlo Ventures.
Derek Chu is an Associate at Menlo Ventures.


A (native) advertisement for the Menlo Ventures portfolio companies and their investment direction in general.  Something about the Don Draper character from the AMC’s television serial period-drama Mad Men, as a vision of greatness to which they aspire and to whose ideas they hew.


Via: backfill

When cookies go away: Google, ad exchanges, and ISPs fighting to control the future of the Internet | VentureBeat

John Koetsier; When cookies go away: Google, ad exchanges, and ISPs fighting to control the future of the Internet; In VentureBeat; 2013-09-27.


  • Track-n-targ solutions can be implemented at any layer
    1. operating system layer (Google, Apple, Microsoft)
    2. browser layer (Google, Microsoft, Apple, Firefox, Opera)
    3. ISP layer (e.g. Comcast, AT&T, any telecom)
    4. application layers
      1. social layer (Facebook, Twitter, Google)
      2. search layer (Google, Microsoft, Yahoo!)
      3. ad exchange layer (DoubleClick, Google, Facebook, Microsoft, Right Media, Quantcast, etc.)


Gratuitously and to set the mood …

Via: backfill

A Very Short History Of Big Data | Gill Press, Forbes

Gil Press; A Very Short History Of Big Data; In Forbes; 2013-05-09.

Via: A Very Short History of Big Data on


Indirect Sources

i.e. not listed directly, but cited.

  • Istvan Dienes; National Accounting of Information; Reference Manual of SNIA, Version v1.1; 1994; 291 pages.

    • SNA vs SNIA
      • S-something N-something Accounting
      • S-something N-something Information Accounting
    • SNA92 is authoritative
  • Alistair D. Duff; The Information Society Studies; Routledge; 2000-06-01; 216 pages; $200.
  • Andrew Odlyzko (started) Minnesota Internet Traffic Studies (MINTS); 2002-2009; tracking the growth in Internet traffic.
  • Martin Hilbert; How to Measure “How Much Information”? Theoretical, Methodological, and Statistical Challenges for the Social Sciences; In International Journal of Communications(IJOC); Vol 6; 2012; 14 pages.
    • This is an introduction to a ‘special section’ issue of the IJOC on information & measurement studies.
    • Conclusions (in the article and the subsequent articles of the special section)
      1. It is not only statistically feasible, but also analytically insightful to quantify the amount of information handled by society.
      2. However, many of the available sources are not very solid, and the methodologies are still maturing.
      3. The research question and its theoretical framework have defined the methodology, including the choice of the indicator.
      4. There is still no consensus on how to define the most fundamental measures for data and information.
      5. Information quantity is not equal to information quality or information value, but the second requires the first.
      6. Will it be possible and/or useful to harmonize information accounts?

Open Web Application Security Project (OWASP) – Top Ten Lists

Open Web Application Security Project (OWASP)

Top Ten Project


OWASP Top 10 – 2010
OWASP Top 10 – 2013
A1 – Injection A1 – Injection
A3 – Broken Authentication and Session Management A2 – Broken Authentication and Session Management
A2 – Cross-Site Scripting (XSS) A3 – Cross-Site Scripting (XSS)
A4 – Insecure Direct Object References A4 – Insecure Direct Object References
A6 – Security Misconfiguration A5 – Security Misconfiguration
A7 – Insecure Cryptographic Storage – Merged with A9-2013 A6 – Sensitive Data Exposure
A8 – Failure to Restrict URL Access – Broadened into A7-2013 A7 – Missing Function Level
A5 – Cross-Site Request Forgery (CSRF) A8 – Cross-Site Request Forgery (CSRF)
buried in A6: Security Misconfiguration A9 – Using Known Vulnerable Components
A10 – Unvalidated Redirects and Forwards A10 – Unvalidated Redirects and Forwards
A9 – Insufficient Transport Layer Protection Merged with 2010-A7 into new 2013-A6


Via: backfill




  • Product: Docker
  • Linux Container Engine (LCE)
    • not a virtual machine solution
  • Requires special kernel versions (to run the container)
  • Docker and Red Hat have had incompatible versions of the Linux kernel (hence the collaboration announcement)


Support roadmap (all future tense)

  • (Docker will be supported on …)
    • Fedora => soon
    • OpenShift => subsequently
    • Red Hat Enterprise Linux (RHEL) => eventually.
  • Introduction of libvirt for container interface management
  • Remove Docker’s dependency on AuFS
    • Something vague about a “new approach to provisioning” based on device mapper.
  • Harmonize Docker and OpenShift Gears
  • Docker with OpenShift’s cartridge model for application orchestration.


Exemplars & Projects


  • Solomon Hykes, founder
  • Ben Golub, CEO



  • Joe Fernandes, OpenShift product management, Red Hat.
  • Requires “container” support in kernel; conceptually supported as



Via: backfill


Docker Logo


  • Linux
  • lxc, Linux Container management scripts.
  • AuFS, a copy-on-write union filesystem.
  • Go, a programming language.
  • Ubuntu is the “native culture”, all others use an Ubuntu VM.






Stealthy Dopant-Level Hardware Trojans | Becker, Regazzoni, Paar, Burleson

Georg T. Becker, Francesco Regazzoni, Christof Paar, Wayne P. Burleson; Stealthy Dopant-Level Hardware Trojans; unpublished?; promoted 2013-09-09; 18 pages.


In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientifi c community. One of the main concerns is that integrated circuits, e.g., for military or criticalinfrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like, and how difficult it would be in practice to implement one. In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modi ed circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including ne-grain optical inspection and checking against “golden chips”. We demonstrate the eff ectiveness of our approach by inserting Trojans into two designs – a digital post-processing derived from Intel’s cryptographically secure RNG design used in the Ivy Bridge processors and a side-channel resistant SBox implementation – and by exploring their detectability and their eff ects on security.

Via: backfill

RFC 5746 and CVE-2009-3555 in SSL/TLS session renegotiation


Problem Definition

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a “plaintext injection” attack, aka the “Project Mogul” issue.


  • Microsoft Internet Information Services (IIS) 7.0.
  • mod_ssl in the Apache HTTP Server 2.2.14 and earlier.
  • OpenSSL before 0.9.8l.
  • GnuTLS 2.8.5 and earlier.
  • Mozilla Network Security Services (NSS) 3.12.4 and earlier.
  • Cisco products.
  • Other products.


  • CVE-2009-3555, at MITRE
  • CVE-2009-3555, at National Vulnerability Database
  • RFC 5746 Transport Layer Security (TLS) Renegotiation Indication Extension; IETF; E Rescorla (RTFM), M. Ray, S. Dispensa (PhoneFactor), N. Oskov (Microsoft); 2010-02.

Install Chromium on Fedora 19

Via If !1 0

  1. Acquire the yum repo file fedora-chromium-stable.repo
  2. Install with yum, the usual recipe


$ cd /etc/yum.repos.d
$ sudo wget
$ sudo yum install -y chromium
$ /usr/bin/google-chrome


$ cd /etc/yum.repos.d
$ sudo wget
--2013-09-19 13:49:10--
Resolving (, 2610:28:3090:3001:5054:ff:fedb:7f5a
Connecting to (||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 513 [text/plain]
Saving to: ‘fedora-chromium-stable.repo’

100%[================================================================>] 513         --.-K/s   in 0s      

2013-09-19 13:49:10 (93.3 MB/s) - ‘fedora-chromium-stable.repo’ saved [513/513]
$ sudo yum install -y chromium
Loaded plugins: langpacks, refresh-packagekit
Resolving Dependencies
--> Running transaction check
---> Package chromium.x86_64 0:27.0.1453.93-2.fc19 will be installed
--> Processing Dependency: v8 >= 1: for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Processing Dependency: re2 >= 20130115-3 for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Processing Dependency: libvpx >= 1.2.0-2.git5e3439b for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Processing Dependency: for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Processing Dependency: for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Processing Dependency: for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Processing Dependency: for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Processing Dependency: for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Processing Dependency: for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Processing Dependency: for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Processing Dependency: for package: chromium-27.0.1453.93-2.fc19.x86_64
--> Running transaction check
---> Package chromium-ffmpegsumo.x86_64 0:27.0.1453.93-1.fc19 will be installed
---> Package libvpx.x86_64 0:1.2.0-1.fc19 will be updated
---> Package libvpx.x86_64 0:1.2.0-2.git5e3439b.fc19 will be an update
---> Package libyuv.x86_64 0:0-0.19.20121221svn522.fc19 will be installed
---> Package minizip.x86_64 0:1.2.7-10.fc19 will be installed
---> Package re2.x86_64 0:20130115-3.fc19 will be installed
---> Package v8.x86_64 1: will be updated
---> Package v8.x86_64 1: will be an update
---> Package webrtc.x86_64 0:0.1-0.11.20130531svn3704.fc19 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

 Package      Arch   Version                       Repository              Size
 chromium     x86_64 27.0.1453.93-2.fc19           fedora-chromium-stable  37 M
 v8           x86_64 1:            fedora-chromium-stable 1.8 M
Installing for dependencies:
              x86_64 27.0.1453.93-1.fc19           fedora-chromium-stable 458 k
 libyuv       x86_64 0-0.19.20121221svn522.fc19    fedora                  77 k
 minizip      x86_64 1.2.7-10.fc19                 fedora                  33 k
 re2          x86_64 20130115-3.fc19               fedora-chromium-stable 158 k
 webrtc       x86_64 0.1-0.11.20130531svn3704.fc19 fedora-chromium-stable 1.1 M
Updating for dependencies:
 libvpx       x86_64 1.2.0-2.git5e3439b.fc19       fedora-chromium-stable 446 k

Transaction Summary
Install  1 Package (+5 Dependent packages)
Upgrade  1 Package (+1 Dependent package)

Total download size: 41 M
Downloading packages:
<snip>...mirror timeout warning messages elided...<snip>
Trying other mirror.
Total                                           202 kB/s |  41 MB     03:28     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : libvpx-1.2.0-2.git5e3439b.fc19.x86_64                       1/10 
  Installing : libyuv-0-0.19.20121221svn522.fc19.x86_64                    2/10 
  Installing : webrtc-0.1-0.11.20130531svn3704.fc19.x86_64                 3/10 
  Installing : chromium-ffmpegsumo-27.0.1453.93-1.fc19.x86_64              4/10 
  Installing : minizip-1.2.7-10.fc19.x86_64                                5/10 
  Installing : re2-20130115-3.fc19.x86_64                                  6/10 
  Updating   : 1:v8-                                7/10 
  Installing : chromium-27.0.1453.93-2.fc19.x86_64                         8/10 
  Cleanup    : libvpx-1.2.0-1.fc19.x86_64                                  9/10 
  Cleanup    : 1:v8-                               10/10 
  Verifying  : 1:v8-                                1/10 
  Verifying  : webrtc-0.1-0.11.20130531svn3704.fc19.x86_64                 2/10 
  Verifying  : chromium-27.0.1453.93-2.fc19.x86_64                         3/10 
  Verifying  : libyuv-0-0.19.20121221svn522.fc19.x86_64                    4/10 
  Verifying  : re2-20130115-3.fc19.x86_64                                  5/10 
  Verifying  : libvpx-1.2.0-2.git5e3439b.fc19.x86_64                       6/10 
  Verifying  : chromium-ffmpegsumo-27.0.1453.93-1.fc19.x86_64              7/10 
  Verifying  : minizip-1.2.7-10.fc19.x86_64                                8/10 
  Verifying  : libvpx-1.2.0-1.fc19.x86_64                                  9/10 
  Verifying  : 1:v8-                               10/10 

  chromium.x86_64 0:27.0.1453.93-2.fc19                                         

Dependency Installed:
  chromium-ffmpegsumo.x86_64 0:27.0.1453.93-1.fc19                              
  libyuv.x86_64 0:0-0.19.20121221svn522.fc19                                    
  minizip.x86_64 0:1.2.7-10.fc19                                                
  re2.x86_64 0:20130115-3.fc19                                                  
  webrtc.x86_64 0:0.1-0.11.20130531svn3704.fc19                                 

  v8.x86_64 1:                                                  

Dependency Updated:
  libvpx.x86_64 0:1.2.0-2.git5e3439b.fc19                                       


Domain Specific Languages (DSL) of Martin Fowler

Martin Fowler (with Rebecca Parsons); Domain-Specific Languages; Addison-Wesley; 2010-09-23; 640 pages; kindle: $28, hardcover: $39, $41; promotion.



video: 10:35

Defining and Mapping the Native Advertising Landscape | Leib, Altimeter

Rebecca Leib (Altimeter); Defining and Mapping the Native Advertising Landscape; a report; 2013-09-10; 19 slides.

  1. transparency
  2. a content strategy
  3. collaboration
  4. an earned media component
  5. content portability
  6. training
  7. an ability to scale
  8. measurement.


Via: backfill

Abrupt rise of new machine ecology beyond human response time | Johnson, Zhao, Hunsader, Qi, Johnson, Meng, Tivnan

Niel Johnson, Guannan Zhao, Eric Hunsader, Hong Qi, Nicholas Johnson, Jing Meng, Brian Tivnan; Abrupt rise of new machine ecology beyond human response time; In Nature Scientific Reports; 2013-09-11; landing


Society’s techno-social systems are becoming ever faster and more computer-orientated. However, far from simply generating faster versions of existing behaviour, we show that this speed-up can generate a new behavioural regime as humans lose the ability to intervene in real time. Analyzing millisecond-scale data for the world’s largest and most powerful techno-social system, the global financial market, we uncover an abrupt transition to a new all-machine phase characterized by large numbers of subsecond extreme events. The proliferation of these subsecond events shows an intriguing correlation with the onset of the system-wide financial collapse in 2008. Our findings are consistent with an emerging ecology of competitive machines featuring ‘crowds’ of predatory algorithms, and highlight the need for a new scientific theory of subsecond financial phenomena.


Via: backfill

Flutter Wireless

Flutter Wireless

  • Flutter Wireless
  • Flutter; a kickstarter; 2013-08-27 -> 2013-09-27.
    A $20 Wireless Arduino with half mile (1km) range.
  • Taylor Alexander

Concept & Specifications

  • Atmel ATSHA204
  • ~1 km range (aspiration)
  • ~925MHz band
  • ~600Kb/s (aspiration)
  • Products:
    • Basic, $20
    • Pro, $30, antenna screw, more memory (shown above)
  • Something about ad hoc mesh networks
    • <quote>Specify networks in Arduino code or configure Flutter with our mobile app.</quote>
  • Flutterboard
  • Something about “AES in hardware”
  • Scalability: “two to thousands”
  • Configurations (“Shields”)
    • Breakout board and socket headers.
    • Network Shield (Flutter Base Station)
    • RC Shield (hobby Radio Control)
    • Bluetooth Shield, something about mobile phone tethering, and an app.
    • USB connectivity

The Genre


Novena, Bunnie Studios


Work Areas


<quote>As for the inevitable question about if these will be sold, and for how much…once we’re done building the system (and, “done” is a moving target — really, the whole idea is this is continuously under development and improving) I’ll make it available to qualified buyers. Because it’s open-source and a bit quirky, I’m shy on the idea of just selling it to anyone who comes along wanting a laptop. I’m worried about buyers who don’t understand that “open” also means a bit of DIY hacking to get things working, and that things are continuously under development. This could either lead to a lot of returns, or spending the next four years mired in basic customer support instead of doing development; neither option appeals to me. So, I’m thinking that the order inquiry form will be a python or javascript program that has to be correctly modified and submitted via github; or maybe I’ll just sell the kit of components, as this would target buyers who know what they are getting into, and can RTFM. And probably, it will be priced in accordance with what you’d expect to pay for a bespoke digital oscilloscope meant to take a position at the lab bench for years, and not a generic craptop that you’ll replace within a year. Think “heirloom laptop”.</quote>


CPU and GPU:

  • Freescale iMX6 CPU — same footprint can support dual-lite and quad versions:
  • Quad-core Cortex A9 CPU with NEON FPU @ 1.2 GHz
  • Vivante GC2000 OpenGL ES2.0 GPU, 200Mtri/s, 1Gpix/s (*)
  • NDA-free datasheet and programming manual

Internal memory:

  • Boot from microSD firmware
  • 64-bit, DDR3-1066 SO-DIMM, upgradable to 4GB
  • SATA-II (3Gbps)
  • Internal ports & sensors: mini PCI-express slot (for blob-free wifi, bluetooth, mobile data, etc.)
  • UIM slot for mPCIe mobile data cards
  • Dual-channel 24-bit LVDS LCD connector
  • with USB2.0 side-channel for a display-side camera
  • Resistive touchscreen controller (note: captouch displays typically come with a controller)
  • 1.1W, 8-ohm internal speaker connectors
  • 2x USB2.0 internal connectors for keyboard and mouse/trackpad
  • Digital microphone
  • 3-axis accelerometer
  • header for optional AW-NU137 wifi module (*)

External ports:

  • HDMI
  • SD card reader
  • headphone + mic port (compatible with most mobile phone headsets, supports sensing in-line cable buttons)
  • 2x USB 2.0 ports, supporting high-current (1.5A) device charging
  • 1Gbit ethernet


  • 100 Mbit ethernet — dual Ethernet capability allows laptop to be used as an in-line packet filter or router
  • USB OTG — enables laptop to spoof/fuzz ethernet, serial, etc. over USB via gadget interface to other USB hosts
  • Utility serial EEPROM — for storing crash logs and other bits of handy data
  • Spartan-6 LX45 FPGA
  • High speed expansion header
  • 8x FPGA-driven digital I/O
  • 8x FPGA-driven PWM headers, compatible with hobby ESC and PWM pinouts — enables direct interfacing with various RC motor/servo configurations & quad-copter controllers
  • 13x CPU-driven supplemental digital I/Os
  • 3x internal UART ports


Via: backfill

The Surveillant Assemblage | Haggerty, Ericson

Kevin D. Haggerty, Richard V. Ericson; The Surveillant Assemblage; In British Journal of Sociology; Vol. 51, No. 4; 2000-12; 18 pages.


George Orwell’s ‘Big Brother’ and Michel Foucault’s ‘panopticon’ have dominated discussion of contemporary developments in surveillance. While such metaphors draw our attention to important attributes of surveillance, they also miss some recent dynamics in its operation. The work of Gilles Deleuze and Félix Guattari is used to analyse the convergence of once discrete surveillance systems. The resultant ‘surveillant assemblage’ operates by abstracting human bodies from their territorial settings, and separating them into a series of discrete flows. These flows are then reassembled in different locations as discrete and virtual ‘data doubles’. The surveillant assemblage transforms the purposes of surveillance and the hierarchies of surveillance, as well as the institution of privacy.

Via: backfill