Archive for March, 2016

New La Résistance Forming At Apple – How You Can Help

Monday, March 21st, 2016

The New York Times reports that a new La Résistance may be forming at Apple in anticipation of a potential order conscripting Apple to create a new OS that breaks existing iPhone security. Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist.

High level architects are the focus of the article but software projects aren’t composed solely of high level architects.

The architects will readily find new positions but what of lower level resistance fighters? The software/hardware community needs to prepare now to aid and shelter lower level resistance fighters from Apple.

They will be defending our rights and should know ahead of time that they don’t stand alone. Against the U.S. or any other coercive government.

Ask your management to earmark and advertise Apple La Résistance positions so that potential resistance fighters know they aren’t in this fight alone.

Support Apple now and resistance fighters online, offline, in any manner available to you.

Conscription, let’s be honest, enslavement at government demand, is wrong. (full stop)

What are you doing to stop it?

How-To Maintain Project Delivery Dates – Skip Critical Testing

Sunday, March 20th, 2016

David William documents a tried and true way to maintain a project schedule, skip critical testing in: Pentagon skips tests on key component of U.S.-based missile defense system.

How critical?

Here’s part of David’s description:

Against the advice of its own panel of outside experts, the U.S. Missile Defense Agency is forgoing tests meant to ensure that a critical component of the nation’s homeland missile defense system will work as intended.

The tests that are being skipped would evaluate the reliability of small motors designed to help keep rocket interceptors on course as they fly toward incoming warheads.

The components, called alternate divert thrusters, are vital to the high-precision guidance required to intercept and destroy an enemy warhead traveling at supersonic speed – a feat likened to hitting one speeding bullet with another.

The interceptors, deployed in underground silos at Vandenberg Air Force Base in Santa Barbara County and at Ft. Greely, Alaska, are the backbone of the Ground-based Midcourse Defense system (GMD) – the nation’s main defense against a sneak attack by North Korea or Iran.

Hmmm, hitting a supersonic target with a supersonic bullet and you don’t test the aiming mechanism that makes them collide?

How critical does that sound?

The consequences of failure, assuming the entire program isn’t welfare for the contractors and their employees, could be a nuke landing on the West Coast of the United States.

Does that make it sound more critical?

Or do we need to guess which city? Los Angeles, San Diego, would increase property values in San Jose so there would be an off-set to take into account.

Here’s my advice: Don’t ever skip critical testing or continue to participate in a project that skips critical testing. Walk away.

Not quietly, tell everyone you know of the skipped testing. NDAs be damned.

No one is well served by skipped testing.

A lack of testing has lead to the broken Internet of Things.

Is that what you want?

Hiring Ethics: Current Skills versus 10 Years Out of Date – Your Call

Sunday, March 20th, 2016

Cyber-security ethics: the ex-hacker employment conundrum by Davey Winder.

From the post:

Secure Trading, a payments and cyber-security group, has announced that it has appointed Mustafa Al Bassam as a security advisor on the company’s technology and services, including a new blockchain research project. Al Bassam, however, is perhaps better known as Tflow, a former core member of the LulzSec hacker group.

According to Wikipedia, Tflow played an integral part in the Anonymous operation that hacked the HBGaryFederal servers in 2011, and leaked more than 70,000 private emails.

As director of a team that includes ethical hackers, Trustwave’s Lawrence Munro says he would “never knowingly hire someone with a criminal record, especially if their record included breaches of the Computer Misuse Act.” Munro reckons such a thing would be a red flag for him, and while it “may seem draconian to omit individuals who are open about their past brushes with the law” it’s simply not worth the risk when there are white hats available.

The most common figure I remember is that the black hats are ahead by about a decade in the cybersecurity race.

There’s an ethical dilemma, you can hire up to ten year out of date white hats or you can hire cutting edge black hat talent.

Hired “yeses” about your security or the security of your clients doesn’t impact the ability of others to hack those systems.

Are you going to hire “yes” talent or the best talent?

Adding custom menus to Google docs [productivity for writers]

Sunday, March 20th, 2016

Adding custom menus to Google docs by Bob DuCharme.

From the post:

I’ve been using Google Docs more because at work it’s great for collaboration, and also, for shopping lists and notes to myself, I can easily edit the same documents from my phone, tablet, and laptop. I found out that it’s pretty easy to add menus that perform custom functions, so I created a few menu choices… and then found out that they weren’t available on my phone or tablet. Still, it’s good to know how easy it is to automate a few things.

Bob has a number of productivity tips for authors who use Google docs.

I prefer to make the NSA work for copies of my documents (not on Google docs) but each to his own.

😉

BTW, if you don’t know Bob’s work, you should. His writings about XML, XSLT and SPARQL are all useful but even more importantly, they are a joy to read.

Some authors can cover a subject correctly. It is a much smaller number who can cover it correctly and make it a pleasure to read.

Bob’s publications fall into the correct and pleasure to read category. (I won’t mention examples of candidates for the other categories.)

Enjoy!

sqlite3 test suite

Sunday, March 20th, 2016

sqlite3 test suite by Nelson Minar.

From the post:

I felt guilty complaining about sqlite3’s source distribution, so I went to look at the real source, what the authors work with. It’s not managed by git but rather in Fossil (an SCM written by the sqlite3 author). Happily the web view is quite good.

One of the miraculous things about sqlite3 is its incredible test suite. There are 683,932 lines of test code. Compare to 273,000 lines of C code for the library and all its extensions. sqlite3 has a reputation for being solid and correct. It’s not an accident.

The test size is overcounted a bit because there’s a lot of test data. For instance the test for the Porter Stemmer is 24k lines of code, but almost all of that is a giant list of words and their correct stemming. Still very useful tests! But not quite as much human effort as it looks on first blush.

Just a quick reminder that test suites have the same mixture of code and data subjects as the code being tested.

So your software passes the test. What was being tested? What was not (the weird machines input) being tested?

If you don’t think that is a serious question, consult the page of SQLite vulnerabilities.

I saw this in a tweet by Julia Evans.

Face2Face – Facial Mimicry In Real-Time Video

Sunday, March 20th, 2016

Is a video enough for you to attribute quotes to a public figure?

After reading This system instantly edits videos to make it look like you’re saying something you’re not by Greg Kumparak, you may not be so sure.

From the post:


The video up top shows a work-in-progress system called Face2Face (research paper here) being built by researchers at Stanford, the Max Planck Institute and the University of Erlangen-Nuremberg.

The short version: take a YouTube video of someone speaking like, say, George W. Bush. Use a standard RGB webcam to capture a video of someone else emoting and saying something entirely different. Throw both videos into the Face2Face system and, bam, you’ve now got a relatively believable video of George W. Bush’s face — now almost entirely synthesized — doing whatever the actor in the second video wanted the target’s face to do. It even tries to work out what the interior of their mouth should look like as they’re speaking.

Face2Face: Real-time Face Capture and Reenactment of RGB Videos by Justus Thies, Michael Zollhöfer, Marc Stamminger, Christian Theobalt, Matthias Nießner, offers the following abstract:

We present a novel approach for real-time facial reenactment of a monocular target video sequence (e.g., Youtube video). The source sequence is also a monocular video stream, captured live with a commodity webcam. Our goal is to animate the facial expressions of the target video by a source actor and re-render the manipulated output video in a photo-realistic fashion. To this end, we first address the under-constrained problem of facial identity recovery from monocular video by non-rigid model-based bundling. At run time, we track facial expressions of both source and target video using a dense photometric consistency measure. Reenactment is then achieved by fast and efficient deformation transfer between source and target. The mouth interior that best matches the re-targeted expression is retrieved from the target sequence and warped to produce an accurate fit. Finally, we convincingly re-render the synthesized target face on top of the corresponding video stream such that it seamlessly blends with the real-world illumination. We demonstrate our method in a live setup, where Youtube videos are reenacted in real time.

The video is most impressive:

If you want to dig deeper, consider from 2015: Real-time Expression Transfer for Facial Reenactment (PDF paper), by Justus Thies, Michael Zollhöfer, Matthias Nießner, Levi Valgaerts, Marc Stamminger, Christian Theobalt.

With its separately impressive video:

The facial mimicry isn’t perfect by any means but it is remarkably good.

Not a prediction but full body mimicry in 5 years would not surprise me.

The surprise will be the first non-consenting subject of full body mimicry.

What would you want to see Donald (short-fingers) Trump doing with a pumpkin?

PS: Apologies, I wasn’t able to locate a PDF of the 2016 paper.

LANGSEC: Taming the Weird Machines (Subject Identities in Code/Data)

Saturday, March 19th, 2016

LANGSEC: Taming the Weird Machines by Jacob Torrey.

From the post:

Introduction

I want to get some of my opinions on the current state of computer security out there, but first I want to highlight some of the most exciting, and in my views, promising recent developments in security: language-theoretic security (LangSec). Feel free to skip the next few paragraphs of background if you are familiar with the concepts to get to my analysis, otherwise, buckle up for a little ride!

Background

If I were to distill the core of the LangSec movement into a single thesis it would be this: The complexity of our computing systems (both software and hardware) have reached such a degree that data must treated as formally as code. A concrete example of this is return-oriented programming (ROP), where instead of executing shellcode loaded into memory by the attacker, a number of gadgets are found in existing code (such as libc) and their addresses chained together on the stack and as the ret instruction is repeatedly called, the semantics of the gadgets is executed. This hybrid execution environment of using existing code and driving it with a buffer-overflow of data is one example of a weird machine.

Such weird machines crop up in many sorts of places: viz. the Intel x86 MMU that has been shown to be Turing-complete, the meta-data of ELF executable files that can drive execution in the loading & dynamic-linking stage, etc… This highlights the fact that data can be treated as instructions or code on these weird machines, much like Java byte-code is data to an x86 CPU, it is interpreted as code by the JVM. The JVM is a formal, explicit machine, much like the x86 CPU; weird machines on the other hand are ad hoc, implicit and generally not intentionally created. Many exploits are simply shellcode developed for a weird machine instead of the native CPU.

The “…data must be formally treated as code…” caught my eye as the reverse of “…code-as-data…,” which is a characteristic of Lisp and Clojure.

From a topic map/subject identity perspective, the problem is accepting implied subject identities and therefore implied properties and associations.

Being “implied” and not “explicit,” the interaction of subjects can change when someone, perhaps a hacker (or a fat-fingered user), supplies values that fall within the range of implied subject identities, properties, or associations.

Implied subject identities, properties, or associations, in code or data, reside in the minds of programmers, making detection well nigh impossible. At least prior to some hacker discovering an implied subject identity, property or association.

Avoiding implied subject identities, properties and associations will require work, loathsome to all programmers, but making subject identities explicit, enumerating their properties and allowed associations, in code and data, is a countable activity.

Having made subject identities explicit, capturing those results in code based on those explicit subject identities more robust. You won’t be piling implied subject identities on top of implied subject identities, or in plainer English, you won’t be writing cybersecurity software.

PS: Using a subject identity discipline does not mean you must document all of your code using XTM. You could but DSLs designed for your code/data may be more efficient.

Sex Toy Privacy Incentive For A Safer IoT?

Friday, March 18th, 2016

Will sex toys provide the incentive for a safer Internet of Things (IoT)?

Robert Abel reports in Bad vibes: Researcher hacks sex toy of a live demonstration of a hack on a sex toy.

Robert also reports that no user personal information was disclosed by this particular hack, the same may not be true for all IoT sex toys or hacks.

Is sex toy privacy enough of an incentive for better IoT security? 😉

Pardon the Intermission

Friday, March 18th, 2016

Apologies for the absence of posts starting on March 15, 2016 until this one today.

I made an unplanned trip to the local hospital via ambulance around 8:00 AM on the 15th and managed to escape on the afternoon of March 17, 2016.

On the downside I didn’t have anyway to explain my sudden absence from the Net.

On the upside I had a lot of non-computer assisted time to think about topic maps, etc., while being poked, prodded, waiting for lab results, etc.

Not to mention I re-read the first two Harry Potter books. 😉

I have one interesting item for today and will be posting about my non-computer assisted thinking about topic maps in the near future.

Your interest in this blog and comments are always appreciated!

APL in R “The past isn’t dead. It isn’t even past.”*

Monday, March 14th, 2016

APL in R by Jan de Leeuw and Masanao Yajima.

From the introduction:

APL was introduced by Iverson (1962). It is an array language, with many functions to manipulate multidimensional arrays. R also has multidimensional arrays, but not as many functions to work with them.

In R there are no scalars, there are vectors of length one. For a vector x in R we have dim(x) equal to NULL and length(x) > 0. For an array, including a matrix, we have length(dim(x)) > 0. APL is an array language, which means everything is an array. For each array both the shape ⍴A and the rank ⍴⍴A are defined. Scalars are arrays with shape equal to one, vectors are arrays with rank equal to one.

If you want to evaluate APL expressions using a traditional APL virtual keyboard, we recommend the nice webpage at ngn.github.io/apl/web/index.html. EliStudio at fastarray.appspot.com/default.html is essentially an APL interpreter running in a Qt GUI, using ascii symbols and symbol-pairs to replace traditional APL symbols (Chen and Ching (2013)). Eli does not have nested arrays. It does have ecc, which compiles eli to C.

In 1994 one of us coded most APL array operations in XLISP-STAT. The code is still available at gifi.stat.ucla.edu/apl.

Certain this will be useful for R programmers but more generally curious if there is a genealogy of functions across programming languages?

Enjoy!

*Apologies to William Faulkner.

The Best Five Podcasts About Data Journalism

Monday, March 14th, 2016

The Best Five Podcasts About Data Journalism by Carla Pedret.

Carla has assembled five source of podcasts about data and data journalism in particular.

I’m not the biggest fan of podcasts.

I can read several times faster than taking in audio input and I have to turn off Metal Nation Radio in order to listen.

Still, I have heard podcasts that are quite compelling and when reduced to writing, seem to have lost something essential.

Make it a point to follow up on these podcast sources and to send Carla news of any new ones.

Podcasts may not be your favorite medium either but the question is what is the best means to reach your audience.

Yes?

DoD IG Testimony [and reports]

Monday, March 14th, 2016

Office of Inspector General – United States Department of Defense – DoD IG Testimony.

I saw a tweet today from @DoD_IG touting the availability of written testimony to Congress going back to 1998.

It’s not everything you might wish for but eighteen years of testimony is a good start.

Playing with the interface a bit, I found that reports by the DoD IG date back to January of 1990.

If you are interested in the recurrent patterns of fraud in DoD operations, this is certainly a good starting place.

Project AIX: Using Minecraft to build more intelligent technology

Monday, March 14th, 2016

Project AIX: Using Minecraft to build more intelligent technology by Allison Linn.

From the post:

In the airy, loft-like Microsoft Research lab in New York City, five computer scientists are spending their days trying to get a Minecraft character to climb a hill.

That may seem like a pretty simple job for some of the brightest minds in the field, until you consider this: The team is trying to train an artificial intelligence agent to learn how to do things like climb to the highest point in the virtual world, using the same types of resources a human has when she learns a new task.

That means that the agent starts out knowing nothing at all about its environment or even what it is supposed to accomplish. It needs to understand its surroundings and figure out what’s important – going uphill – and what isn’t, such as whether it’s light or dark. It needs to endure a lot of trial and error, including regularly falling into rivers and lava pits. And it needs to understand – via incremental rewards – when it has achieved all or part of its goal.

“We’re trying to program it to learn, as opposed to programming it to accomplish specific tasks,” said Fernando Diaz, a senior researcher in the New York lab and one of the people working on the project.

The research project is possible thanks to AIX, a platform developed by Katja Hofmann and her colleagues in Microsoft’s Cambridge, UK, lab and unveiled publicly on Monday. AIX allows computer scientists to use the world of Minecraft as a testing ground for conducting research designed to improve artificial intelligence.

The project is in closed beta now but said to be going open source in the summer of 2016.

Someone mentioned quite recently the state of documentation on Minecraft. Their impression was there is a lot of information but poorly organized.

If you are interested in exploring Minecraft for the release this summer, see: How to Install Minecraft on Ubuntu or Any Other Linux Distribution.

You Can Help Increase Frustration at the FBI, Yes! You!

Monday, March 14th, 2016

Skype co-founder launches ultra-private messaging, with video by Eric Auchard.

From the post:

A group of former Skype technologists, backed by the co-founder of the messaging platform, has introduced a new version of its own messaging service that promises end-to-end encryption for all conversations, including by video.

Wire, a 50-person start-up mostly made up of engineers, is stepping into a global political debate over encryption that pits privacy against security advocates, epitomized by the standoff between the U.S. government and Apple.

The company said on Thursday it was adding video calling to a package of private communications services that go beyond existing messaging providers.

See the post and/or check out new service: https://wire.com/privacy/

From the homepage of Wire:

Our personal and professional data is at the center of a new economy. The information we share on social networks, via email, and messaging services is being used to build profiles. These profiles are in turn used to sell us products and services through targeted advertising and suggestion. The data collected is vast, detailed, and often very personal. Vast resources are being spent to refine the profiles, all without transparency, policy or oversight.

Our personal and professional online communications should not be part of this economy. In the physical world we talk with each other directly. We can lower our voices or close a door to share private thoughts. In the online world we should be able to communicate directly without passing our private communications through these corporate data mines.

Wire is different.

You will also find this FBI heartburn product comparison matrix, suitable for framing, to let everyone know you are serious about security (select for larger image):

wire-matrix

There’s a web version of the service so I don’t have to buy a phone just to use it and/or annoy the FBI.

I’m signed up.

What about you?

FAQ: Why the emphasis on annoying the FBI?

Good question!

During my lifetime the FBI has illegally spied on civil rights leaders and organizations, the same for anti-war movements and virtually every other departure from the “norm.”

The more ordinary folks annoy the FBI, the less time and resources it has to conduct illegal operations against other citizens.

It won’t stop the FBI any more than being covered with 10,000 fleas would prevent you from driving. It would make driving, however, a very unpleasant experience.

Open Source Clojure Projects

Monday, March 14th, 2016

Open Source Clojure Projects by Daniel Higginbotham.

Daniel Higginbotham of Clojure for the Brave and True, has posted this listing of open source Clojure projects with the blurb:

Looking to improve your skills and work with real code? These projects are under active development and welcome new contributors.

You can see the source at: https://github.com/braveclojure/open-source, where it says:

Pull requests welcome!

Do you know of any other open source Clojure projects that welcome new contributors?

Like yours?

Just by way of example, marked as “beginner friendly,” you will find:

alda – A general purpose music programming language

Avi – A lively vi (a spec & implementation of vim)

clj-rethinkdb – An idomatic RethinkDB client for Clojure

For the more sure-footed:

ClojureCL – Parallel computations on the GPU with OpenCL 2.0 in Clojure

Enjoy!

PyGame, Pong and Tensorflow

Monday, March 14th, 2016

Daniel Slater has a couple of posts of interest to AI game followers:

How to run learning agents against PyGame

Deep-Q learning Pong with Tensorflow and PyGame

If you like low-end video games… 😉

Seriously, the principles here can be applied to more complex situations and video games.

Enjoy!

Lee Sedol “busted up” AlphaGo – Game 4

Monday, March 14th, 2016

Lee Sedol defeats AlphaGo in masterful comeback – Game 4 by David Ormerod.

From the post:

Expectations were modest on Sunday, as Lee Sedol 9p faced the computer Go program AlphaGo for the fourth time.

Lee Sedol 9 dan, obviously relieved to win his first game.

After Lee lost the first three games, his chance of winning the five game match had evaporated.

His revised goal, and the hope of millions of his fans, was that he might succeed in winning at least one game against the machine before the match concluded.

However, his prospects of doing so appeared to be bleak, until suddenly, just when all seemed to be lost, he pulled a rabbit out of a hat.

And he didn’t even have a hat!

Lee Sedol won game four by resignation.

A reversal of roles but would you say that Sedol “busted up” AlphaGo?

Looking forward to the results of Game 5!

Enlist to Fight in Crypto Wars 2.0

Monday, March 14th, 2016

Nat Cardozo writes in The Next Front in the New Crypto Wars: WhatsApp:

From the post:

In Saturday’s edition of the New York Times, Matt Apuzzo reports that the Department of Justice is locked in a “prolonged standoff” with WhatsApp. The government is frustrated by its lack of real-time access to messages protected by the company’s end-to-end encryption. The story may represent a disturbing preview of the next front in the FBI’s war against encryption.

I’m sure the government is “frustrated” by it lack of access to messages but that has been possible long before WhatsApp. Anyone using PGP with email has been able to achieve end-to-end encryption for years.

The real difference: WhatsApp makes encryption is convenient for users.

If you want to fight on the side of privacy, make encryption for your app as secure and convenient as possible.

Inconvenient encryption will not be used and result in clear text streams and speech.

You can increase the level of frustration in governments around the world by engineering convenient and strong encryption.

Opportunities to afflict governments around the globe don’t come up very often.

Step up and take this one.

Guidelines for Effective Collaboration – (anything over 1 is poor use of others)

Sunday, March 13th, 2016

Guidelines for Effective Collaboration by

From the webpage:

We are a remote team, therefore effective communication is one of the most important foundations on which we build our technology and our company. Below you will find a thorough guide to enable your work and empower your teammates to get their stuff done, while keeping interruptions to a minimum. These guidelines apply to Ride employees and consultants who work under the Engineering Team.

Before you scan these and nod in agreement, take out a pencil and make a tick for each of the first seven suggestions you have followed before asking others for help in the last week.

😉

Here’s the equation for each request for help:

7/your-tick-count = (anything over 1 is poor use of others)

Now destroy the written evidence and try to do better this week.

Elm explained

Sunday, March 13th, 2016

Elm explained by Nik Silver.

From the webpage:

Some demonstration code and commentary to explain various fundamental features of the Elm language. The idea is mainly just to be able to read and understand Elm code, not so much how to use it well.

I will still be posting about the FBI’s efforts to rape Apple but I want to get back to delivering more technical content as well.

Enjoy!

I first saw this in a tweet by Jessica Kerr.

PS: See also: Discovering the Elm Language.

2015 Open Source Yearbook (without email conscription)

Sunday, March 13th, 2016

Publication of the 2015 Open Source Yearbook is good news!

Five or six “clicks” and having my email conscripted to obtain a copy, not so much.

For your reading pleasure with one-click access:

The 2015 Open Source Yearbook.

Impressive work, but marred by convoluted access and email conscription.

If you want to make a resource “freely” available, do so. Don’t extort contact information for “free” information.

I’m leading conference calls tomorrow or else I would be reading the 2015 Open Source Yearbook during my calls!

Obama’s Magic Pony Transcript

Saturday, March 12th, 2016

If you are going to write about President Obama’s magic pony speech on encryption, this transcript, courtesy of Philip Elmer-DeWitt, Here’s What Obama Said at SXSW About Apple vs. FBI.

I think your options are to believe that President Obama is so poorly informed by his technical advisers that he doesn’t understand the encryption issue and/or that he understands the issue and is simply lying.

I don’t see a third option.

Do you?

Laypersons vs. Scientists – “…laypersons may be prone to biases…”

Saturday, March 12th, 2016

The “distinction” between laypersons and scientists is more a world view about some things than “all scientists are rational” or “all laypersons are irrational.” Scientists and laypersons can be just as rational and/or irrational, depending upon the topic at hand.

Having said that, The effects of social identity threat and social identity affirmation on laypersons’ perception of scientists by Peter Nauroth, et al., finds, unsurprisingly, that if a layperson’s social identity is threatened by research, they have a less favorable view of the scientists involved.

Abstract:

Public debates about socio-scientific issues (e.g. climate change or violent video games) are often accompanied by attacks on the reputation of the involved scientists. Drawing on the social identity approach, we report a minimal group experiment investigating the conditions under which scientists are perceived as non-prototypical, non-reputable, and incompetent. Results show that in-group affirming and threatening scientific findings (compared to a control condition) both alter laypersons’ evaluations of the study: in-group affirming findings lead to more positive and in-group threatening findings to more negative evaluations. However, only in-group threatening findings alter laypersons’ perceptions of the scientists who published the study: scientists were perceived as less prototypical, less reputable, and less competent when their research results imply a threat to participants’ social identity compared to a non-threat condition. Our findings add to the literature on science reception research and have implications for understanding the public engagement with science.

Perceived attacks on personal identity have negative consequences for the “reception” of science.

Implications for public engagement with science

Our findings have immediate implications for public engagement with science activities. When laypersons perceive scientists as less competent, less reputable, and not representative of the scientific community and the scientist’s opinion as deviating from the current scientific state-of-the-art, laypersons might be less willing to participate in constructive discussions (Schrodt et al., 2009). Furthermore, our mediation analysis suggests that these negative perceptions deepen the trench between scientists and laypersons concerning the current scientific state-of-the-art. We speculate that these biases might actually even lead to engagement activities to backfire: instead of developing a mutual understanding they might intensify laypersons’ misconceptions about the scientific state-of-the-art. Corroborating this hypothesis, Binder et al. (2011) demonstrated that discussions about controversial science topics may in fact polarize different groups around a priori positions. Additional preliminary support for this hypothesis can also be found in case studies about public engagement activities in controversial socio-scientific issues. Some of these reports (for two examples, see Lezaun and Soneryd, 2007) indicate problems to maintain a productive atmosphere between laypersons and experts in the discussion sessions.

Besides these practical implications, our results also add further evidence to the growing body of literature questioning the validity of the deficit model in science communication according to which people’s attitudes toward science are mainly determined by their knowledge about science (Sturgis and Allum, 2004). We demonstrated that social identity concerns profoundly influence laypersons’ perceptions and evaluations of scientific results regardless of laypersons’ knowledge. However, our results also question whether involving laypersons in policy decision processes based upon scientific evidence is reasonable in all socio-scientific issues. Particularly when the scientific evidence has potential negative consequences for social groups, our research suggests that laypersons may be prone to biases based upon their social affiliations. For example, if regular video game players were involved in decision-making processes concerning potential sales restrictions of violent video games, they would be likely to perceive scientific evidence demonstrating detrimental effects of violent video games as shoddy and the respective researchers as disreputable (Greitemeyer, 2014; Nauroth et al., 2014, 2015).(emphasis added)

The principle failure of this paper is its failure to study the scientific community and its reaction within science to research that attacks the personal identity of its participants.

I don’t think it is reading too much into the post: Academic, Not Industrial Secrecy, where one group said:

We want restrictions on who could do the analyses.

to say that attacks on personal identity leads to boorish behavior on the part of scientists.

Laypersons and scientists emit a never ending stream of examples of prejudice, favoritism, sycophancy, sloppy reasoning, to say nothing of careless and/or low quality work.

Reception of science among laypersons might improve if the scientific community abandoned its facade of “it’s objective, it’s science.”

That facade was tiresome by WWII and to keep repeating now is a disservice to the scientific community.

All of our efforts, in any field, are human endeavors and thus subject to the vagaries and uncertainties human interaction.

Live with it.

The First Time A User Tests Your Product

Saturday, March 12th, 2016

Two humorous reminders that design and user testing should go hand in hand.

Enjoy!

Academic, Not Industrial Secrecy

Saturday, March 12th, 2016

Data too important to share: do those who control the data control the message? by Peter Doshi (BMJ 2016;352:i1027).

Read Peter’s post for the details but the problem in a nutshell:


“The main concern we had was that Fresenius was involved in the process,” Myburgh explained. He said there was never any question of Krumholz’s independence or credentials. Rather, it was a “concern that this was a way for Fresenius to get the data once they were in the public domain. We want restrictions on who could do the analyses.

Under the YODA model Krumholz proposed, the data would be reanalysed by independent parties before being made more broadly available.

“We have no issue with the concept of data sharing,” Myburgh said. “The concerns we have come down to the people with ulterior motives which contradict or do not adhere to the scientific principles we adhere to. That’s the danger.”

Myburgh described himself as an impartial scientist, in contrast to those who have challenged his study. “I’ve heard some of the protagonists of starch. Senior figures wanted to make a point. We do research to answer a question. They do analyses to prove a point.” (emphasis added)

You can hear the echoes of Myburgh’s position of:

We want restrictions on who could do the analyses.

in every government claim for not releasing data that supports government conclusions.

If “terrorists” really are the danger the government claims, don’t you think releasing the data on which that claim is based would convince everyone? Or nearly everyone?

Ah, but some of us might not think opposing corrupt, puppet governments in the Middle East is the same thing as “terrorism.”

And still others of us might not think opposing an oppressive theocracy is the same as “terrorism.”

Yes, more data could lead to more informed discussion, but it could also lead to inconvenient questions.

If Myburgh and colleagues were to find this is the last funded study from any source, unless and until they release this and other trial data, they would sing a different tune.

Anyone with a list of the funders for Myburgh and his colleagues?

Email addresses would be a good start.

Wait until he is in an ambulance, then we’ll get him…

Saturday, March 12th, 2016

The Facts Are In: Ambulances vulnerable to hackers

From the post:

Reports from multiple sources lead to a horrible conclusion. Almost all ambulances are vulnerable to hacking.

There are many compelling reasons for ambulances to be connected and computerized. Emergency responders can take advantage of connectivity to learn more about patients and use that info to deliver better emergency care. And patient status can be communicated to emergency rooms to better prepare for response. This is a life-saving capability.

But you can tell what can go wrong, right?

The Threat Brief calls out three reports that all reach the same conclusion: ambulances can be hacked.

The details remain an exercise for readers but that is likely just a matter of time.

Easy to imagine an online vulnerability store where you enter year, make/model and you are supplied with the latest hacks for that vehicle.

I wonder if the DARPA Improv competition will have many of these?

NICAR 2016 Slides, Links & Tutorials #NICAR16

Saturday, March 12th, 2016

NICAR 2016 Slides, Links & Tutorials #NICAR16

Chrys Wu has posted a great listing of resources from NICAR 2016 (National Institute for Computer-Assisted Reporting).

At the very bottom of the page you will find links to tutorials, videos, presentations and tips from 2011, 2012, 2013, 2014, and 2015.

Enjoy!

Improv at DARPA (No, Not Comedy)

Saturday, March 12th, 2016

Improv Proposers Day Webcast Special Notice March 29 and March 30, 2016 (DARPA SN-16-26)

From the notice:

PROGRAM OBJECTIVE AND DESCRIPTION

The DARPA/DSO Improv program is seeking prototype products and systems that have the potential to threaten current military operations, equipment, or personnel and are assembled primarily from commercially available technology. The technology scope of Improv is broad, and the program is structured to encourage participation by a wide range of technical specialists, researchers, developers, and skilled hobbyists. Performers may reconfigure, repurpose, program, reprogram, modify, combine, or recombine commercially available technology in any way within the bounds of local, state, and federal laws and regulations. Use of components, products, and systems from non-military technical specialties (e.g., transportation, construction, maritime, and communications) is of particular interest.

Pre-recorded seven hour webcast and recording is prohibited:

Tuesday, March 29, 2016 at 10:00 a.m. – 5:00 p.m., and Wednesday, March 30, 2016 at 10:00 a.m. – 5:00 p.m.

No cost but pre-registration is required:

http://www.sa-meetings.com/ImprovProposersDay

This looks like fun!

Your effort won’t be wasted in any event. If your idea isn’t funded here, you can still market it to others.

PS: I tried to register on 12 March 2016 and the website was down. 🙁 Will try again next week.

Do You Believe in Magic Ponies? (Apply at 1600 Pennsylvania Ave NW, Washington, DC 20500)

Saturday, March 12th, 2016

Obama: cryptographers who don’t believe in magic ponies are “fetishists,” “absolutists” by Cory Doctorow.

President Obama is looking for a few good men and women who think it is possible to have strong cryptography, that becomes upon demand.

Here’s part of what Cory has to say about the matter:


Obama conflated cryptographers’ insistence that his plan was technically impossible with the position that government should never be able to serve court orders on its citizens. This math denialism, the alternative medicine of information security.

He focused his argument on the desirability of having crypto that worked in this impossible way, another cheap rhetorical trick. Wanting it badly isn’t enough.

As a former constitutional law professor, President Obama should have pointed to historical precedent for believing impossible things:

Alice laughed. “There’s no use trying,” she said: “one can’t believe impossible things.”

“I daresay you haven’t had much practice,” said the Queen. “When I was your age, I always did it for half-an-hour a day. Why, sometimes I’ve believed as many as six impossible things before breakfast.” (Through the Looking Glass, Lewis Carroll)

If you don’t already believe in magic ponies, start practicing today!

Your ability to believe impossible things may be the key to your next position in big data, national security and a host of other positions.

PS: “Absolutists” are easy to spot. Among other things, they believe math operators give everyone the same results; gravity exists in all known frames of reference; the Earth is an oblate spheroid, i.e., not flat, etc. Feel free to contribute other beliefs that identify “absolutists” in your comments.

Chihuahau or Muffin?

Friday, March 11th, 2016

chihuahua-muffin

Adversarial images for deep learning.

Too cute not to re-post.

I first saw it in a tweet by Yhat, Inc.