Hacker News new | past | comments | ask | show | jobs | submit login
Army open-sources cyber defense code in new GitHub project (scienceblog.com)
161 points by JTF195 on Feb 1, 2015 | hide | past | web | favorite | 33 comments

The article didn't have a link to the GitHub project page, so here it is: https://github.com/USArmyResearchLab/Dshell

This is exactly what I was trying to point out. If you put an article about something, be sure to link it.

It drives me crazy when this doesn't happen– especially in news articles talking about some study here or there- why not link to the actual study?! I end up having to Google for it, click around a bunch of bad navigation... very painful.

I've recently (and when I say recently, I mean less than 24 hours ago) found out that one nationally known tabloid actually copied my work on their site without any indications on where they found out about it. Of course, they haven't even put a link to the original work (which I published on my blog), but they were kind enough to let their readers know that "researchers" found out about it.

I can't even explain how frustrated I currently am by their action.

Could you use a DMCA-like thing to get them to stop doing that?

Although they clearly broke my CY-BY-SA license by not sharing their work under the same license and not giving me any attribution, I'm not exactly sure what can I do to take it down, Hiring a lawyer for this is not an option for me considering that I'm just a student on a low budget.

As this comment's uncle pointed out, you can probably find a "fill in the blank" DMCA notice somewhere on the net.

If that doesn't work, many lawyers give free consultations (AFAIK), and there's probably someone willing to take the case in exchange for X% of the settlement.

Send to their ISP. Usually that's very efficient.

That could work, but I think that in the case of a "nationally known tabloid" chances are low.

AFAIK anybody can use the DMCA just like the record labels are using to take down tons of Youtube videos. There are customizable form letters out there for this very purpose.

DMCA only works in the USA. I work for a Portuguese record label and we get ignored when we ask the local Youtube copycats to remove our copyrighted content. I even suspect they download the videos from Youtube to upload on their services. And I'm talking about sites owned by the biggest telecommunications providers.

Sure, DMCA is an American legal construct. At this point it'd be a good idea to get in touch with a lawyer and see with the appropriate course of action for your country is.

Didn't you read the part about the sites being owned by the biggest telecom companies? They sue people for €10 debts (or they used to while they were allowed) because they have an army of lawyers receiving paychecks, needing to work to justify those paychecks... At most, we, a small indie record label, would be a welcome distraction to those guys.

I remember writing a blog post [1] (for another publication) about my project and the day it was published, I realized there was not a single link to my project (it had screenshots and all).

I immediately made a PR to fix it, but it was a funny and glaring omission. I just didn't realize the link was missing because I wrote it in Markdown and never looked at the rendered version.

[1] http://blog.gopheracademy.com/updating-your-go-packages-with...

This is pretty cool. I didn't know the Army Research Lab used Python in any of their projects.

Thanks for sharing this.

As of a decade ago the intelligence community loved open source, and in the domain I was in it took more than a song and dance to get them to accept Windows as an OS for your stuff instead of Linux.

We should rather be surprised if they aren't using wildly popular tools like Python (although not any particular one, since like in the civilian world different communities tend to pick out a small set of tools to work with, e.g. Google has only 4 or so blessed languages).

What is the relevance?

"An information security specialist with the US Army, O'Connor introduces the hacker's programming language Python to new users, and describes some advanced features to those who already know it."

Oops, thanks. I skimmed and ctrl+f'd for "army", but I guess I still missed it somehow.

From the author of `How I Penetration Tested Your Mother`?

Why is this better than tshark?

More fine-grained filtering and more options in general. For example, you can filter by country, or analyze NetFlow rather than pcaps.

I wonder if contribution to that repo (or alike, i.e. affiliated with some gov's defense orgs) would be considered a treason in some countries...

Where do they get the "2,000 unique visitors" bit from? And 100 downloads... are they referring to the 92 forks?

I think Public Affairs does not get Github.

I've never talked with the ARL PAO folks about open source, but in general you're right. They have several writers who have to cover everything ARL does (that they can talk about). So they're like most civilian reporters: generalists who talk to experts to learn enough about an event or subject to write a report for an audience that knows less -- or nothing -- about the subject.

Full disclosure: I work in the PAO at RDECOM, of which ARL is a part.

For a given repo Github gives you the daily number of visits and unique visitors, as well as the number of times the repo was cloned (they don't give you the number of downloads of the zipped sources).

Huh, where do I find those?

edit: Ah! They hide behind the bar chart diagram icon, /graphs/traffic

Dshell was released on December 17th; last month. Press release from the US Army on Jan 28th (3 days ago...) would be a better, more official source than this blog.


The guy looks, imho, a bit like Tony Stark. That's pretty cool, the money quote is this one: "If soldiers eat it, wear it, touch it, fly it, ride it or ship it, we make it." Makers. Gotta love 'em. Funny timing, December 17th is 4 days after my patent pending in cryptography. Then, the press release was same day I offered a small amount for my company, publicly.

Media's taken a few days to catch up, or a few weeks, depending on your POV.

This is leet.

(Released >1 month ago)

if i were in the intelligence community i would introduce cyber defense code with some very obscure flaws. Not flaws in the code itself but flaws in the algorithm.

If the code happens to gain traction. I would would then use that flaw to my advantage.

Considering the secret obsessed world of the military, this seems like the ultimate proof that "cyber warfare" is worthless to them.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact