Archive for March 12, 2020

Thursday, March 12, 2020

Is That Twitter Follower Fake?

NixIntel (via Dan Moren):

This Person Does Not Exist is a website that uses AI to generate random but realistic looking faces. It’s a great tool and has become a popular way of generating fake profiles for sock puppet accounts, but it is not without its limitations. There are a number common flaws and features in TPDNE-generated images that means it’s possible to spot them.


A common feature of TPDNE images is that the eyes and mouth of the person are always in exactly the same place in the picture. The eyes are always the same distance apart and centred in the same place. The mouth is always about one quarter of the way up from the bottom of the image and is also always centred. This occurs regardless of the angle of their head and can sometimes make for quite unusual looking faces.


TPDNE only creates a single image of a person, so if the person truly does not exist, we should never be able to find any image of them other than the fake one where they are staring directly at the camera.


TLS Increasingly Exists in Three Different Worlds

Chris Siebenmann:

The first world is web TLS, which is dominated by browsers. This is the familiar world of public HTTPS, with public Certificate Authorities, requirements for certificate transparency, and so on. The browsers increasingly are calling the shots here and they’re pushing for things like short certificate lifetimes, aggressively moving away from old TLS versions, and so on.


The second is non-web public TLS, where TLS is used for protocols like IMAP, SMTP (with STARTTLS), and so on. This world still uses public CAs, but it has a lot more old clients and servers and is a lot slower to deprecate old TLS and SSL versions, move to shorter certificate lifetimes, and so on.


The third world is internal TLS, where TLS is used inside an organization or a service to encrypt connections and often to authenticate them (and sometimes it’s used between organizations).


Oracle Responds to Java API Copyright Amicus Briefs

Ken Glueck, Oracle VP:

As we discussed in a previous post, this case is not about innovation, it is about theft. Google copied verbatim more than 11,000 lines of software code, and now attempts post hoc to change the rules in order to excuse its conduct. Any objective view of technological innovation during the pendency of this matter leads to the conclusion that strong copyright promotes innovation. The Federal Circuit decided in 2014 that Oracle’s Java copyrights were valid and enforceable and the period since 2014 has seen some of the greatest advances in technology.


Google has mastered the art of curating an atmosphere to support its views, spending well over $100 million over the past decade to create its echo-chamber. While Google’s approach is generally well understood, this case is the first time its artificial ecosystem was brought to bear at the Supreme Court, so we thought a little sunshine would help along the way.

We will admit to surprise when we saw the headline that 26 briefs were filed on Google’s behalf. Google attempted to create a narrative that tech supports Google’s position, and we already made the point that tech is clearly not supporting Google’s views.

Joshua Bloch (Hacker News):

In a corporate blog yesterday, Oracle attacked 83 computer scientists (including 13 Turing Award winners) who signed an amicus brief defending our right to reimplement APIs, on the grounds that some of us accepted research grants from Google.

This is nonsense. For example, Doug Lea—who is in in no small measure responsible for Java’s success—accepted one small grant from Google fourteen years ago, and promptly doled it out to deserving undergrads who were testing java.util.concurrent. Have you no shame, Oracle?

We are not Google shills. We are scientists and engineers. Some of us laid the theoretical groundwork for the profession, some designed the computers you grew up on, and some wrote the software you use every day.

We depend on the right to reimplement each others’ APIs, and we are truly afraid that your irresponsible lawsuit may deprive us of that right, which we’ve enjoyed throughout our long careers.


Amusingly, one of the APIs Oracle is accusing Google of infringing is Java’s reimplementation of the Perl 5 regex API ( @MadbotMcCloskey did the work, and I helped a bit). You can’t make this stuff up.


How (Some) Good Corporate Engineering Blogs Are Written

Dan Luu:

On the other hand, companies compete relatively directly when recruiting, so being more compelling relative to another company has value to them; replicating the playbook Cloudflare or Segment has used with their engineering “brands” would be a significant recruiting advantage. The playbook isn’t secret: these companies broadcast their output to the world and are generally happy to talk about their blogging process.

Despite the seemingly obvious benefits of having a “good” corp eng blog, most corp eng blogs are full of stuff engineers don’t want to read. Vague, high-level fluff about how amazing everything is, content marketing, handwave-y posts about the new hotness (today, that might be using deep learning for inappropriate applications; ten years ago, that might have been using “big data” for inappropriate applications), etc.

To try to understand what companies with good corporate engineering blog have in common, I interviewed folks at three different companies that have compelling corporate engineering blogs (Cloudflare, Heap, and Segment) as well as folks at three different companies that have lame corporate engineering blogs (which I’m not going to name).