hrbrmstr, Author at rud.is

Author Archives: hrbrmstr

Don't look at me…I do what he does — just slower. #rstats avuncular • ?Resistance Fighter • Cook • Christian • [Master] Chef des Données de Sécurité @ @rapid7

Ugly Tables vs Slopegraphs : PC Maker Shipments & Marketshare

2013-04-11 – 07:05
Posted in Charts & Graphs, Data Visualization, DataVis, DataViz
Leave a Comment

Andrew Cunningham (@IT_AndrewC) posted an article—If you make PCs and you’re not Lenovo, you might be in trouble—on the always #spiffy @arstechnica that had this horrid table in it:

That table was not made by Andrew (so, don’t blame him) but Ars graphics folk *could* have made the post a bit more readable.

I’m not going to bother making a prettier table (it’s possible, but table formatting is not the point of this post), but I am going to show two slopegraphs that communicate the point of the post (that Lenovo is sitting pretty) much better:

PC Maker Market Share pcs-share

PC Maker Shipments (in thousands)
pcs

They’re a little long (a problem I’ve noted with slopegraphs previously) but I think they are much better at conveying message intended by the story. I may try to tweak them a bit or even finish the D3 port of my slopegraph library when I’m back from Bahrain.

Bahrain eGov Conference “Risk Reality” Slides

2013-04-10 – 15:52
Posted in Information Security, Risk, Risk Assessment, Risk Management
Leave a Comment

For those finding this post from the Bahrain eGov conference, I’d like to re-extend a hearty “Thank you!” for being one of most engaging, interactive and intelligent audiences I’ve ever experienced. I truly enjoyed talking with all of you.

You can find the slides on my Dropbox [PDF] and please do not hesitate to bounce any questions here or on Twitter (@hrbrmstr).

Off to Bahrain

2013-04-08 – 07:21
Posted in Information Security, Site News
Leave a Comment

As a result of a prod by @djbphaedrus I’m off to the Bahrain International eGovernment Forum this week to host a two hour workshop on “information risk reality”. As a result, blogging & tweeting will be at significantly reduced levels, so enjoy the brief respite from my blatherings while you can :-)

If you happen to be in Bahrain while I’m there, drop me a note and I’m sure I can find time between Tuesday night and Thursday afternoon to say hello!

It’s Never About The Security…

2013-03-30 – 23:29
Posted in Information Security, Security Awareness
Tagged doctor who
Leave a Comment

it’s about the people… (click for clip)

A Wish for Snow in Spring

2013-03-27 – 18:56
Posted in Breach, Cybersecurity, Data Analysis, Data Visualization, DataVis, DataViz, Information Security, RSA
Comments (3)

The basic technique of cybercrime statistics—measuring the incidence of a given phenomenon (DDoS, trojan, APT) as a percentage of overall population size—had entered the mainstream of cybersecurity thought only in the previous decade. Cybersecurity as a science was still in its infancy, as many of its basic principles had yet to be established.

At the same time, the scientific method rarely intersected with the development and testing of new detection & prevention regimens. When you read through that endless stream of quack cybercures published daily on the Internet and at conferences like RSA, what strikes you most is not that they are all, almost without exception, based on anecdotal or woefully inadequately small evidence. What’s striking is that they never apologize for the shortcoming. They never pause to say, “Of course, this is all based on anecdotal evidence, but hear me out.” There’s no shame in these claims, no awareness of the imperfection of the methods, precisely because it seems to eminently reasonable that the local observation of a handful of minuscule cases might serve the silver bullet for cybercrime, if you look hard enough.

But, cybercrime couldn’t be studied in isolation. It was as much a product of the internet expansion as news and social media, where it was so uselessly anatomized. To understand the beast, you needed to think on the scale of the enterprise, from the hacker’s-eye view. You needed to look at the problem from the perspective of Henry Mayhew’s balloon. And you needed a way to persuade others to join you there.

Sadly, that’s not a modern story. It’s an adapted quote from chapter 4 (pp. 97-98, paperback) of The Ghost Map, by Steven Johnson, a book on the cholera epidemic of 1854.

I won’t ruin the book nor continue my attempt at analogy any further. Suffice it to say, you should read the book—if you haven’t already—and join me in calling out for the need for the John Snow of our cyber-time to arrive.

Interactive Slopegraphs With Processing

2013-03-19 – 13:53
Posted in Charts & Graphs, Data Analysis, Data Visualization, DataViz
Tagged Processing, sloepgraphs
Leave a Comment

Given my [obsession](http://rud.is/b/?s=slopegraphs) with slopegraphs, I’m not sure how I missed this [post](http://neoformix.com/2013/ObesitySlopegraph.html) back in late February by @JeffClark that includes a very nicely executed [interactive sloepgraph](http://neoformix.com/Projects/ObesitySlope/) on the global obesity problem. He used [Processing](http://processing.org/) & [Processing JS](http://processingjs.org/) to build the visualization and I think it illustrates how well animation/interaction and slopegraphs work together. It would be even spiffier if demographic & obesity details (perhaps even a dynamic map) were displayed as you select a country/region.

You can try your hand at an alternate implementation by [grabbing the data](https://www.google.com/fusiontables/DataSource?snapid=S887706wZVv) and playing along at home.

My Picks From #PyCon2013

2013-03-19 – 07:20
Posted in Big Data, Data Analysis, Data Visualization, Development, MongoDB, Open Source, Programming, Python
Tagged Automation, RaspberryPi
Leave a Comment

alogo While you can (and should) view [all the presentations](https://speakerdeck.com/pyconslides) from #PyCon2013, here are my picks for the ones that interested me the most, as they focus on scaling, mapping, automation (both web & electronics) and data analysis:

– [Chef: Why you should automate your web infrastructure](https://speakerdeck.com/pyconslides/chef-why-you-should-automate-your-web-infrastructure-by-kate-heddleston) by Kate Heddleston
– [Messaging at Scale at Instagram](https://speakerdeck.com/pyconslides/messaging-at-scale-at-instagram-by-rick-branson) by Rick Branson
– [Python at Netflix](https://speakerdeck.com/pyconslides/python-at-netflix-by-jeremy-edberg-corey-bertram-and-roy-rapoport) by Jeremy Edberg, Corey Bertram, and Roy Rapoport
– [Real-time Tracking and Mapping of Geographic Objects](https://speakerdeck.com/pyconslides/real-time-tracking-and-mapping-of-geographic-objects-by-ragi-burhum) by Ragi Burhum
– [Scaling Realtime at DISQUS](https://speakerdeck.com/pyconslides/scaling-realtime-at-disqus-by-adam-hitchcock) by Adam Hitchcock
– [A Crash Course in MongoDB](https://speakerdeck.com/pyconslides/a-crash-course-in-mongodb)
– [Server Log Analysis with Pandas](https://speakerdeck.com/pyconslides/server-log-analysis-with-pandas-by-taavi-burns) by Taavi Burns
– [Who’s There – Home Automation with Arduino and RaspberryPi](https://speakerdeck.com/pyconslides/whos-there-home-automation-with-arduino-and-raspberrypi-by-rupa-dachere) by Rupa Dachere
x
– [Why you should use Python 3 for text processing](https://speakerdeck.com/pyconslides/why-you-should-use-python-3-for-text-processing-by-david-mertz) by David Mertz
– [Awesome Big Data Algorithms](https://speakerdeck.com/pyconslides/awesome-big-data-algorithms-by-titus-brown) by Titus Brown

A huge thanks to the speakers and conference organizers for making these resources freely available, especially to those of us who were not able to attend the conference.

Chrome App for Tiny Tiny RSS

I’m still getting my self-hosted [Tiny Tiny RSS](http://tt-rss.org/redmine/projects/tt-rss/wiki) configuration just the way I want it prior to doing a full blog post on it, but I thought it would be helpful to share a basic Chrome App for it. I ended up creating it to replace the Google Reader Chrome App icon. Making these “Chrome App bookmarks” is dead simple: just create a manifest.json with the following contents:

{
     "name": "TT-RSS",
     "description": "Tiny Tiny RSS Reader",
     "version": "1.0.0.0",
     "app": {
          "urls": [
               "http://example.com/"
          ],
          "launch": {
               "web_url": "http://example.com/"
          }
     },
     "icons": {
          "128": "rss_128.png",
          "16": "rss_16.png"
     },
     "permissions": [
          "clipboardRead",
          "clipboardWrite",
          "notifications",
          "unlimitedStorage"
     ],
     "manifest_version": 2
}

Change the salient strings and put it in a directory along with the images below.

Then, enable “Developer Mode” under Chrome→Extensions, select “Load Unpacked Extensions…” and navigate to the folder you made.

You can also just [download a pre-built folder](http://rud.is/b/?attachment_id=2358) with the above files, but you’ll still need to edit the manifest.json to customize the strings.

If you can make a more “TT-RSS-like” set of images, please drop a note in the comments with their location and I’ll incorporate them into the download (and may even setup a github for the whole project if there’s interest).