RESTful API Modeling Language (RAML)

RESTful API Modeling Language (RAML)


  • It’s an open specification, but …
  • The tools are in development(?, and will not be open?)
    • An editor, shown.
    • A compiler (checker), not shown.
  • Osprey & Osprey-CLI by Mulesoft
    • <quote>Osprey is a JavaScript framework, based on Node and Express, for rapidly building applications that expose APIs described via RAML, the RESTful API Modeling Language.</quote>
    • LICENSE -> Apache License, Version v2.0
    • Moribund since 2-4 months ago (2014-06)
    • examples




Trade (Earned)

Via: backfill

Pure URL for Firefox removes garbage like ‘utm_source’ from URLs

Pure URL for Firefox


More than the default settings (cut & paste this into) the config settings in about:addons

utm_cid, smprod, smid,it_source,wpmp_tp, utm_hp_ref,mod,tag,mbid, mtid,ncid,utm_cid,utm_source, utm_medium, utm_term, utm_content, utm_campaign, utm_reader, utm_place, ga_source, ga_medium, ga_term, ga_content, ga_campaign, ga_place, yclid, _openstat,, fb_action_ids, fb_action_types, fb_ref, fb_source, action_object_map, action_type_map, action_ref_map,,,,,

Named Data Networking (NDN)


  • Content Store (table)
  • Pending Interest Table (PIT)
  • Forwarding Information Base (FIB)
  • Data Packet
  • Interest Packet
  • thin waist
  • Data security (signing) at the thin waist.
  • Routers announce name prefixes.
  • Congestion collapse doesn’t occur
  • Sync
    • <quote ref=”here“>Built on top of NDN’s basic Interest-Data communication model, Sync utilizes naming conventions to enable multiple parties to synchronize their datasets by exchanging data digests, so that individual parties can discover and retrieve new and missing data in a most efficient and robust manner. We expect that Sync’s role in the NDN architecture will evolve to one similar to TCP’s in the IP architecture.</quote>

NDN Packets

NDN Node



  • An unbounded namespace => how to maintain control over the routing table sizes?
  • Can lookup of variable-length, hierarchical names can be done at line rate?
  • [They] are working on efficient signatures, usable trust management, network security, content protection and privacy.


  • BGP
  • IS-IS
  • OSPF


Via: backfill

XRay: Increasing the Web’s Transparency with Differential Correlation | Lecuyer, Ducoffe, Lan, Papancea, Petsios, Spahn, Chaintreau, Geambasu


Today’s Web services – such as Google, Amazon, and Facebook – leverage user data for varied purposes, including personalizing recommendations, targeting advertisements, and adjusting prices. At present, users have little insight into how their data is being used. Hence, they cannot make informed choices about the services they choose.

To increase transparency, we developed XRay, the first fine-grained, robust, and scalable personal data tracking system for the Web. XRay predicts which data in an arbitrary Web account (such as emails, searches, or viewed products) is being used to target which outputs (such as ads, recommended products, or prices). XRay’s core functions are service agnostic and easy to instantiate for new services, and they can track data within and across services. To make predictions independent of the audited service, XRay relies on the following insight: by comparing outputs from different accounts with similar, but not identical, subsets of data, one can pinpoint targeting through correlation. We show both theoretically, and through experiments on Gmail, Amazon, and YouTube, that XRay achieves high precision and recall by correlating data from a surprisingly small number of extra accounts.


  • Evaluated
    • Amazon
    • Gmail
    • YouTube
  • Criteria
    • How accurate are XRay’s inference models?
    • How does XRay scale with input size?
    • Does input matching reduce overlap?
    • How useful is XRay in practice?
  • Scope
    • Aspiration
      • Profile Targeting
      • Contextual Targeting
      • Behavioral Targeting
    • Practical
      • Email targeting
      • Prohibited subject matter targeting.
  • Components
    • Differential Correlation Engine
    • Shadow Account Manager
    • Audited Web Service
    • Browser Plugin
  • Implementation
    • Browser Plugin
    • Ruby
      • service => 3KLOC
      • service => 0.5KLOC




  1. Adblock Plussurf the web without annoying ads!
  2. I. Amazon. Amazon taxonomy.
  3. P. Barford, I. Canadi, D. Krushevskaja, Q. Ma, S. Muthukrishnan. AdScape: Harvesting, Analyzing Online Display Ads. In Proceedings of the 23nd International Conference on World Wide Web (WWW). 2014.
  4. B. Beizer. Black-Box Testing. Techniques for Functional Testing of Software, Systems. John Wiley & Sons, May 1995.
  5. D. Boneh, G. Crescenzo, R. Ostrovsky, G. Persiano. Public Key Encryption with Keyword Search. In Proceedings of the ACM European Conference on Computer Systems (EuroSys), pages 506–522. Springer Berlin Heidelberg, Berlin, Heidelberg, 2004.
  6. C. Castelluccia, M. A. Kaafar, M. Tran. Betrayed by Your Ads! Reconstructing User Profiles from Targeted Ads. In Proceedings of the 12th International Conference on Privacy Enhancing Technologies (PETS), 2012.
  7. W. Cheng, Q. Zhao, B. Yu, S. Hiroshige. Tainttrace: Efficient Flow Tracing with Dynamic Binary Rewriting. In Proceedings of the 11th IEEE Symposium on Computers, Communications. IEEE Computer Society, 2006.
  8. Chrome Web Store – Collusion, for chrome.
  9. V. Dave, S. Guha, Y. Zhang. Measuring, Fingerprinting Click-Spam in Ad Networks. In Proceedings of ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, Protocols for Computer Communication. 2012-09.
  10. N. Diakopoulos. Algorithmic Accountability Reporting: On the Investigation of Black Boxes. Tow Center for Digital Journalism, Columbia University. February, 2014.
  11. R. Dingledine, N. Mathewson, P. Syverson. Tor: The Second-Generation Onion Router. Technical Report, 2004.
  12. W. Enck, P. Gilbert, B. gon Chun, L. P. Cox, J. Jung, P. McDaniel, A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the USENIX Symposium on Operating Systems Design, Implementation (OSDI), 2010.
  13. M. Fredrikson, B. Livshits. RePriv: Re-imagining Content Personalization, In-browser Privacy. In Proceedings of the 2011 IEEE Symposium on Security, Privacy (SP), pages 131–146, 2011.
  14. R. Geambasu, T. Kohno, A. Levy, H. M. Levy. Vanish: Increasing Data Privacy with Self-Destructing Data. In Proceedings of USENIX Security, 2009.
  15. C. Gentry. Fully Homomorphic Encryption Using Ideal Lattices. In Proceedings of the ACM Symposium on Theory of Computing (STOC), 2009.
  16. D. B. Giffin, A. Levy, D. Stefan, D. Terei. Hails: Protecting Data Privacy in Untrusted Web Applications. In Proceedings of the 10th Symposium on Something…, 2012.
  17. I. Google. Adsense categories.
  18. V. Goyal, O. Pandey, A. Sahai, B. Waters. Attribute-based Encryption for Fine-Grained Access Control of Encrypted Data. In Proceedings of the ACM Conference on Computer, Communications Security (CCS), 2006.
  19. Some Cub Reporter. Snapchat’s expired snaps are not deleted, just hidden. In The Guardian. DATE?
  20. S. Guha, B. Cheng, P. Francis. Challenges in Measuring Online Advertising Systems. In Proceedings of the 10th Annual Internet Measurement Conference (IMC). 2010-11.
  21. A. Hannak, P. Sapiezynski, A. M. Kakhki, B. Krishnamurthy, D. Lazer, A. Mislove, C. Wilson. Measuring Personalizationof Web search. In Proceedings of the 22nd International Conference on World Wide Web (WWW). 2013-05.
  22. A. L. Hughes, L. Palen. Twitter Adoption, Use In Mass Convergence, Emergency Events. In International Journal of Emergency Management, 2009.
  23. S. Jeff Gould. Google admits data mining student emails in its free education apps. In Their Blog. 2014-01-31.
  24. Some Cub Reporter. On Orbitz, MAC Users Steered to Pricier Hotels; In The Wall Street Journal (WSJ). DATE?
  25. Some Cub Reporter. Websites vary prices, deals based on users’  information. The Wall Street Journal (WSJ). DATE?
  26. A. Korolova. Privacy Violations Using Microtargeted Ads: A Case Study. In Proceedings of the International Conference on Data Mining Workshops (ICDMW). 2010. pages 474–482.
  27. B. Krishnamurthy, C. E. Wills. On The Leakage Of Personally Identifiable Information Via Online Social Networks. In Proceedings of the 2Nd ACM Workshop on Online Social Networks (WOSN) 2009. pages 7–12.
  28. J. Lanier. Who Owns the A Future? Simon, Schuster, 2013.
  29. Lightbeam for Firefox. Mozilla.
  30. B. Liu, A. Sheth, U. Weinsberg, J. Chandrashekar, R. Govindan. AdReveal: Improving Transparency into Online Targeted Advertising. In Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks (HotNets). 2013-11.
  31. Csomething LLP. Declaration of Kyle C. Wong in Support of Google Inc.’s Opposition to Plaintiffs’ Motion for Class Certification.
  32. J. Mikians, L. Gyarmati, V. Erramilli, N. Laoutaris. Detecting Price, Search Discrimination on the Internet. In Proceedings of the 11th ACM Workshop on Hot Topics in Networks (HotNets). pages 79–84.
  33. L. Olejnik, T. Minh-Dung, C. Castelluccia, et al. Selling Off privacy at Auction. In Proceedings of the Network, Distributed System Security Symposium (NDSS), 2013.
  34. R. A. Popa, C. M. S. Redfield, N. Zeldovich, H. Balakrishnan. CryptDB: Protecting Confidentiality with Encrypted Query Processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP). pages 85–100.
  35. F. Roesner. Sharemenot.
  36. F. Roesner, T. Kohno, D. Wetherall. Detecting, Defending Against Third-Party Tracking on the Web. In Proceedings of the 9th USENIX Conference on Networked Systems Design, Implementation (NSDI). USENIX Association. 2012-04.
  37. A. Sadilek, H. Kautz. Modeling the Impact of Lifestyle on Health at Scale. In Proceedings of the Sixth ACM International Conference on Web Search, Data Mining (WSDM). 2013-02.
  38. Snapchat
  39. Snapchat. How Snaps Are Stored, Deleted.
  40. L. Sweeney. Discrimination in Online Ad Delivery. In Communications of the ACM, 56(5). 2013-04.
  41. V. Toubiana, A. Narayanan, D. Boneh. Adnostic: Privacy Preserving Targeted Advertising. In Proceedings of the Networking and Distributed Systems Symposium (NDSS), 2010.
  42. X. Wang, M. Gerber, D. Brown. Automatic Crime Prediction Using Events Extracted From Twitter Posts. In S. Yang, A. Greenberg, M. Endsley, editors, Social Computing, Behavioral-Cultural Modeling, Prediction, Volume 7227 of Lecture Notes in Computer Science, pages 231–238. Springer Berlin Heidelberg, 2012.
  43. A. Whitten, J. D. Tygar. Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of USENIX Security, 1999.
  44. C. E. Wills, C. Tatar. Understanding What They Do with What They Know. In Proceedings of the 12th Annual  ACM Workshop on Privacy in the Electronic Society (WPES).
  45. ?. Xing, W. Meng, D. Doozan, N. Feamster, W. Lee, A. C. Snoeren. Exposing Inconsistent Web Search Results with Bobble. In Proceedings of the Passive, Active Measurements Conference, 2014.
  46. Y. Zhu, J. Jung, D. Song, T. Kohno, D. Wetherall. Privacy Scope: A Precise Information Flow Tracking System for Finding Application Leaks. Technical Report UCB/EECS-2009-145, EECS Department, University of California, Berkeley, 2009-10.
  47. P. R. Zimmermann. The Official PGP User’s Guide. 1995.

Via: backfill