Archive for July, 2017

If You Believe in Parliaments

Wednesday, July 19th, 2017

If you believe in parliaments, other than as examples of how governments don’t “get it,” then the The Law Library of Congress, Global Legal Research Center has a treat for you!

Fifty (50) countries and seventy websites surveyed in: Features of (70)Parliamentary Websites in Selected Jurisdictions.

From the summary:

In recent years, parliaments around the world have enhanced their websites in order to improve access to legislative information and other parliamentary resources. Innovative features allow constituents and researchers to locate and utilize detailed information on laws and lawmaking in various ways. These include tracking tools and alerts, apps, the use of open data technology, and different search functions. In order to demonstrate some of the developments in this area, staff from the Global Legal Research Directorate of the Law Library of Congress surveyed the official parliamentary websites of fifty countries from all regions of the world, plus the website of the European Parliament. In some cases, information on more than one website is provided where separate sites have been established for different chambers of the national parliament, bringing the total number of individual websites surveyed to seventy.

While the information on the parliamentary websites is primarily in the national language of the particular country, around forty of the individual websites surveyed were found to provide at least limited information in one or more other languages. The European Parliament website can be translated into any of the twenty-four official languages of the members of the European Union.

All of the parliamentary websites included in the survey have at least basic browse tools that allow users to view legislation in a list format, and that may allow for viewing in, for example, date or title order. All of the substantive websites also enable searching, often providing a general search box for the whole site at the top of each page as well as more advanced search options for different types of documents. Some sites provide various facets that can be used to further narrow searches.

Around thirty-nine of the individual websites surveyed provide users with some form of tracking or alert function to receive updates on certain documents (including proposed legislation), parliamentary news, committee activities, or other aspects of the website. This includes the ability to subscribe to different RSS feeds and/or email alerts.

The ability to watch live or recorded proceedings of different parliaments, including debates within the relevant chamber as well as committee hearings, is a common feature of the parliamentary websites surveyed. Fifty-eight of the websites surveyed featured some form of video, including links to dedicated YouTube channels, specific pages where users can browse and search for embedded videos, and separate video services or portals that are linked to or viewable from the main site. Some countries also make videos available on dedicated mobile-friendly sites or apps, including Denmark, Germany, Ireland, the Netherlands, and New Zealand.

In total, apps containing parliamentary information are provided in just fourteen of the countries surveyed. In comparison, the parliamentary websites of thirty countries are available in mobile-friendly formats, enabling easy access to information and different functionalities using smartphones and tablets.

The table also provides information on some of the additional special features available on the surveyed websites. Examples include dedicated sites or pages that provide educational information about the parliament for children (Argentina, El Salvador, Germany, Israel, Netherlands, Spain, Taiwan, Turkey); calendar functions, including those that allow users to save information to their personal calendars or otherwise view information about different types of proceedings or events (available on at least twenty websites); and open data portals or other features that allow information to be downloaded in bulk for reuse or analysis, including through the use of APIs (application programming interfaces) (at least six countries).

With differing legal vocabularies and local personification of multi-nationals, this is a starting point for transparency based upon topic maps.

I first saw this in a tweet by the Global Investigative Journalism Network (GIJN).

Twitter – Government Censor’s Friend

Saturday, July 15th, 2017

Governments, democratic, non-democratic, kingships, etc. that keep secrets from the public, share a common enemy in Wikileaks.

Wikileaks self-describes in part as:

WikiLeaks is a multi-national media organization and associated library. It was founded by its publisher Julian Assange in 2006.

WikiLeaks specializes in the analysis and publication of large datasets of censored or otherwise restricted official materials involving war, spying and corruption. It has so far published more than 10 million documents and associated analyses.

“WikiLeaks is a giant library of the world’s most persecuted documents. We give asylum to these documents, we analyze them, we promote them and we obtain more.” – Julian Assange, Der Spiegel Interview.

WikiLeaks has contractual relationships and secure communications paths to more than 100 major media organizations from around the world. This gives WikiLeaks sources negotiating power, impact and technical protections that would otherwise be difficult or impossible to achieve.

Although no organization can hope to have a perfect record forever, thus far WikiLeaks has a perfect in document authentication and resistance to all censorship attempts.

Those same governments, share a common ally in Twitter, which has engaged in systematic actions to diminish the presence/influence of Julian Assange on Twitter.

Caitlin Johnstone documents Twitter’s intentional campaign against Assange in Twitter Is Using Account Verification To Stifle Leaks And Promote War Propaganda.

Catch Johnstone’s post for the details but then:

  1. Follow @JulianAssange on Twitter (watch for minor variations that are not this account.
  2. Tweet to your followers, at least once a week, urging them to follow @JulianAssange
  3. Investigate and support non-censoring alternatives to Twitter.

You can verify Twitter’s dilution of Julian Assange for yourself.

Type “JulianAssange_” in the Twitter search box (my results):

Twitter was a remarkably good idea, but has long since poisoned itself with censorship and pettiness.

Your suggested alternative?

Next Office of Personnel Management (OPM) Leak, When, Not If

Friday, July 14th, 2017

2 Years After Massive Breach, OPM Isn’t Sufficiently Vetting IT Systems by Joseph Marks.

From the post:

More than two years after suffering a massive data beach, the Office of Personnel Management still isn’t sufficiently vetting many of its information systems, an auditor found.

In some cases, OPM is past due to re-authorize IT systems, the inspector general’s audit said. In other cases, OPM did reauthorize those systems but did it in a haphazard and shoddy way during a 2016 “authorization sprint,” the IG said.

“The lack of a valid authorization does not necessarily mean that a system is insecure,” the auditors said. “However, it does mean that a system is at a significantly higher risk of containing unidentified security vulnerabilities.”

The full audit provides more details but suffice it to say OPM security is as farcical as ever.

Do you think use of https://www.opm.gov/ in hacking examples and scripts, would call greater attention to flaws at the OPM?

Detecting Leaky AWS Buckets

Friday, July 14th, 2017

Experts Warn Too Often AWS S3 Are Misconfigured, Leak Data by Tom Spring.

From the post:

A rash of misconfigured Amazon Web Services storage servers leaking data to the internet have plagued companies recently. Earlier this week, data belonging to anywhere between six million and 14 million Verizon customers were left on an unprotected server belonging to a partner of the telecommunications firm. Last week, wrestling giant World Wide Entertainment accidentally exposed personal data of three million fans. In both cases, it was reported that data was stored on AWS S3 storage buckets.

Reasons why this keeps on happening vary. But, Detectify Labs believes many leaky servers trace back to common errors when it comes to setting up access controls for AWS Simple Storage Service (S3) buckets.

In a report released Thursday, Detectify’s Security Advisor Frans Rosén said network administrators too often gloss over rules for configuring AWS’ Access Control Lists (ACL) and the results are disastrous.

Jump to the report released Thursday for the juicy details.

Any thoughts on the going rate for discovery of leaky AWS buckets?

Could be something, could be nothing.

In any event, you should be checking your own AWS buckets.

Successful Phishing Subject Lines

Friday, July 14th, 2017

Gone Phishing: The Top 10 Attractive Lures by Roy Urrico.

From the post:

The list shows there’s still a lot of room to train employees on how to spot a phishing or spoofed email. Here they are:

  • Security Alert – 21%
  • Revised Vacation and Sick Time Policy – 14%
  • UPS Label Delivery 1ZBE312TNY00015011 – 10%
  • BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO – 10%
  • A Delivery Attempt was made – 10%
  • All Employees: Update your Healthcare Info – 9%
  • Change of Password Required Immediately – 8%
  • Password Check Required Immediately – 7%
  • Unusual sign-in activity – 6%
  • Urgent Action Required – 6%

*Capitalization is as it was in the phishing test subject line

A puff piece for KnowBe4 but a good starting point. KnowBe4 has an online phishing test among others. The phishing test requires registration.

Enjoy!

Targets of Government Cybercrimnal Units

Friday, July 14th, 2017

The Unfortunate Many: How Nation States Select Targets

From the post:

Key Takeaways

  • It’s safe to assume that all governments are developing and deploying cyber capabilities at some level. It’s also safe to assume most governments are far from open about the extent of their cyber activity.
  • If you take the time to understand why nation states get involved with cyber activity in the first place, you’ll find their attacks are much more predictable than they seem.
  • Each nation state has its own objectives and motivations for cyber activity. Even amongst big players like China, Russia, and the U.S. there’s a lot of variation.
  • Most nation states develop national five-year plans that inform all their cyber activities. Understanding these plans enables an organization to prioritize preparations for the most likely threats.

There’s a name for those who rely on governments, national or otherwise, to protect their cybersecurity: victims.

Recorded Future gives a quick overview of factors that may drive the objectives of government cybercriminal units.

I use “cybercriminal units” to avoid the false dichotomy between alleged “legitimate” government hacking and that of other governments and individuals.

We’re all adults here and realize government is a particular distribution of reward and stripes, nothing more. It has no vision, no goal beyond self-preservation and certainly, beyond your locally owned officials, no interest in you or yours.

That is to say governments undertaking hacking to further a “particular distribution of reward and stripes” and their choices are no more (or less) legitimate than anyone else’s.

Government choices are certainly no more legitimate than your choices. Although governments claim a monopoly on criminal prosecutions, which accounts for why criminals acting on their behalf are never prosecuted. That monopoly also explains why governments, assuming they have possession of your person, may prosecute you for locally defined “criminal” acts.

Read the Recorded Future post to judge your odds of being a victim of a national government. Then consider which governments should be your victims.

Summer Pocket Change – OrientDB Code Execution

Friday, July 14th, 2017

SSD Advisory – OrientDB Code Execution

From the webpage:

Want to get paid for a vulnerability similar to this one?

Contact us at: ssd@beyondsecurity.com

Vulnerability Summary

The following advisory reports a vulnerability in OrientDB which allows users of the product to cause it to execute code.

OrientDB is a Distributed Graph Database engine with the flexibility of a Document Database all in one product. The first and best scalable, high-performance, operational NoSQL database.

Credit

An independent security researcher, Francis Alexander, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response

The vendor has released patches to address this vulnerability.

For more information: https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#security.

Some vulnerabilities require deep code analysis, others, well, just asking the right questions.

If you are looking for summer pocket change, check out default users, permissions, etc. on popular software.

Locate Your Representative/Senator In Hell

Thursday, July 13th, 2017

Mapping Dante’s Inferno, One Circle of Hell at a Time by Anika Burgess.

From the post:

I found myself, in truth, on the brink of the valley of the sad abyss that gathers the thunder of an infinite howling. It was so dark, and deep, and clouded, that I could see nothing by staring into its depths.”

This is the vision that greets the author and narrator upon entry the first circle of Hell—Limbo, home to honorable pagans—in Dante Alighieri’s Inferno, the first part of his 14th-century epic poem, Divine Comedy. Before Dante and his guide, the classical poet Virgil, encounter Purgatorio and Paradiso, they must first journey through a multilayered hellscape of sinners—from the lustful and gluttonous of the early circles to the heretics and traitors that dwell below. This first leg of their journey culminates, at Earth’s very core, with Satan, encased in ice up to his waist, eternally gnawing on Judas, Brutus, and Cassius (traitors to God) in his three mouths. In addition to being among the greatest Italian literary works, Divine Comedy also heralded a craze for “infernal cartography,” or mapping the Hell that Dante had created.
… (emphasis in original)

Burgess has collected seven (7) traditional maps of the Inferno. I take them to be early essays in the art of visualization. They are by no means, individually or collectively, the definitive visualizations of the Inferno.

The chief deficit of all seven, to me, is the narrowness of the circles/ledges. As I read the Inferno, Dante and Virgil are not pressed for space. Expanding and populating the circles more realistically is one starting point.

The Inferno has no shortage of characters in each circle, Dante predicting the fate of Pope Boniface VIII, to place him in the eight circle of Hell (simoniacs A subclass of fraud.). (Use the online Britannica with caution. It’s entry for Boniface VIII doesn’t even mention the Inferno. (As of July 13, 2017.)

I would like to think being condemned to Hell by no less than Dante would rate at least a mention in my biography!

Sadly, Dante is no longer around to add to the populace of the Inferno but new visualizations could take the opportunity to update the resident list for Hell!

It’s an exercise in visualization, mapping, 14th century literature, and, an excuse to learn the name of your representative and senators.

Enjoy!

DigitalGlobe Platform

Wednesday, July 12th, 2017

DigitalGlobe Platform

The Maps API offers:

Recent Imagery

A curated satellite imagery layer of the entire globe. More than 80% of the Earth’s landmass is covered with high-resolution (30 cm-60 cm) imagery, supplemented with cloud-free LandSat 8 as a backdrop.

Street Map

An accurate, seamless street reference map. Based on contributions from the OpenStreetMap community, this layer combines global coverage with essential “locals only” perspectives.

Terrain Map

A seamless, visually appealing terrain perspective of the planet. Shaded terrain with contours guide you through the landscape, and OpenStreetMap reference vectors provide complete locational context.

Prices start at $5/month and go up. (5,000 map views for $5.)

BTW, 30 cm is 11.811 inches, just a little less than a foot.

For planning constructive or disruptive activities, that should be sufficient precision.

I haven’t tried the service personally but the resolution of the imagery compels me to mention it.

Enjoy!

Graphing the distribution of English letters towards…

Tuesday, July 11th, 2017

Graphing the distribution of English letters towards the beginning, middle or end of words by David Taylor.

From the post:

(partial image)

Some data visualizations tell you something you never knew. Others tell you things you knew, but didn’t know you knew. This was the case for this visualization.

Many choices had to be made to visually present this essentially semi-quantitative data (how do you compare a 3- and a 13-letter word?). I semi-exhaustively explain everything at on my other, geekier blog, prooffreaderplus, and provide the code I used; I’ll just repeat the most crucial here:

The counts here were generated from Brown corpus, which is composed of texts printed in 1961.

Take Taylor’s post as an inducement to read both Prooffreader Plus and Prooffreader on a regular basis.

Media Verification Assistant + Tweet Verification Assistant

Tuesday, July 11th, 2017

Media Verification Assistant

From the welcome screen:

Who

We are a joint team of engineers and investigators from CERTH-ITI and Deutsche Welle, aiming to build a comprehensive tool for image verification on the Web.

Features

The Media Verification Assistant features a multitude of image tampering detection algorithms plus metadata analysis, GPS Geolocation, EXIF Thumbnail extraction and integration with Google reverse image search.

Alpha

It is constantly being developed, expanded and upgraded -our ambition is to include most state-of-the-art verification technologies currently available on the Web, plus unique implementations of numerous experimental algorithms from the research literature. As the platform is currently in its Alpha stage, errors may occur and some algorithms may not operate as expected.

Feedback

For comments, suggestions and error reports, please contact verifymedia@iti.gr.

Sharing

The source code of the Java back-end is freely distributed at GitHub.

Even in alpha, this is a great project!

Even though images can be easily altered, Photoshop and Gimp, they continue to be admissible in court, so long as a witness testifies the image
is a fair and accurate representation of the subject matter.

This project has spawned a related project: Tweet Verification Assistant, which leverages the image algorithms to verify tweets with an image or video.

Another first stop before retweeting or re-publishing an image with a story.

Open Islamicate Texts Initiative (OpenITI)

Tuesday, July 11th, 2017

Open Islamicate Texts Initiative (OpenITI)

From the description (Annotation) of the project:

Books are grouped into authors. All authors are grouped into 25 AH periods, based on the year of their death. These repositories are the main working loci—if any modifications are to be added or made to texts or metadata, all has to be done in files in these folders.

There are three types of text repositories:

  • RAWrabicaXXXXXX repositories include raw texts as they were collected from various open-access online repositories and libraries. These texts are in their initial (raw) format and require reformatting and further integration into OpenITI. The overall current number of text files is over 40,000; slightly over 7,000 have been integrated into OpenITI.
  • XXXXAH are the main working folders that include integrated texts (all coming from collections included into RAWrabicaXXXXXX repositories).
  • i.xxxxx repositories are instantiations of the OpenITI corpus adapted for specific forms of analysis. At the moment, these include the following instantiations (in progress):
    • i.cex with all texts split mechanically into 300 word units, converted into cex format.
    • i.mech with all texts split mechanically into 300 word units.
    • i.logic with all texts split into logical units (chapters, sections, etc.); only tagged texts are included here (~130 texts at the moment).
    • i.passim_new_mech with all texts split mechanically into 300 word units, converted for the use with new passim (JSON).
    • [not created yet] i.passim_new_mech_cluster with all text split mechanically into 900 word units (3 milestones) with 300 word overlap; converted for the use with new passim (JSON).
    • i.passim_old_mech with all texts split mechanically into 300 word units, converted for the use with old passim (XML, gzipped).
    • i.stylo includes all texts from OpenITI (duplicates excluded) that are renamed and slightly reformatted (Arabic orthography is simplified) for the use with stylo R-package.

A project/site to join to hone your Arabic NLP and reading skills.

Enjoy!

The Classical Language Toolkit

Tuesday, July 11th, 2017

The Classical Language Toolkit

From the webpage:

The Classical Language Toolkit (CLTK) offers natural language processing (NLP) support for the languages of Ancient, Classical, and Medieval Eurasia. Greek and Latin functionality are currently most complete.

Goals

  • compile analysis-friendly corpora;
  • collect and generate linguistic data;
  • act as a free and open platform for generating scientific research.

You are sure to find one or more languages of interest:

Collecting, analyzing and mapping Tweets can be profitable and entertaining, but tomorrow or perhaps by next week, almost no one will read them again.

The texts in this project survived by hand preservation for thousands of years. People are still reading them.

How about you?

Truth In Terrorism Labeling (TITL) – A Starter Set

Tuesday, July 11th, 2017

Sam Biddle‘s recent post: Facebook’s Tough-On-Terror Talk Overlooks White Extremists, is a timely reminder that “terrorism” and “terrorist” are labels with no agreed upon meaning.

To illustrate, here are some common definitions with suggestions for specifying the definition in use:

Terrorist/terrorism(Biddle): ISIS, Al Qaeda, and US white extremists. But not Tibetans and Uyghurs.

Terrorist/terrorism(China): From: How China Sees ISIS Is Not How It Sees ‘Terrorism’:

… in Chinese discourse, terrorism is employed exclusively in reference to Tibetans and Uyghurs. Official government statements typically avoid identifying acts of violence with a specific ethnic group, preferring more generic descriptors like “Xinjiang terrorists,“ “East Turkestan terror forces and groups,” the “Tibetan Youth Congress,” or the “Dalai clique.” In online Chinese chat-rooms, however, epithets like “Uyghur terrorist” or “Tibetan splittest” are commonplace and sometimes combine with homophonic racial slurs like “dirty Tibetans” or “raghead Uyghurs.”

Limiting “terrorism” to Tibetans and Uyghurs excludes ISIS, Al Qaeda, and US white extremists from that term.

Terrorist/terrorism(Facebook): ISIS, Al Qaeda, but no US white extremists (following US)

Terrorist/terrorism(Russia): Putin’s Flexible Definition of Terrorism

Who, exactly, counts as a terrorist? If you’re Russian President Vladimir Putin, the definition might just depend on how close or far the “terror” is from Moscow. A court in the Nizhniy Novgorod regional center last week gave a suspended two year sentence to Stanislav Dmitriyevsky, Chair of the local Russian-Chechen Friendship Society, and editor of Rights Defense bulletin. Dmitriyevsky was found guilty of fomenting ethnic hatred, simply because in March 2004, he published an appeal by Chechen rebel leader Aslan Maskhadov — later killed by Russian security services — and Maskhadov’s envoy in Europe, Akhmet Zakayev.

Maskhadov, you see, is officially a terrorist in the eyes of the Kremlin. Hamas, however, isn’t. Putin said so at his Kremlin press-conference on Thursday, where he extended an invitation — eagerly accepted — to Hamas’s leaders to Moscow for an official visit.

In fairness to Putin, as a practical matter, who is or is not a “terrorist” for the US depends on the state of US support. US supporting, not terrorists, US not supporting, likely to be terrorists.

Terrorist/terrorism(US): Generally ISIS, Al Qaeda, no US white extremists, for details see: Terrorist Organizations.

By appending parentheses and Biddle, China, Facebook, Russia, or US to terrorist or terrorism, the reading public has some chance to understand your usage of “terrorism/terrorist.”

Otherwise they are nodding along using their definitions of “terrorism/terrorist” and not yours.

Or was that vagueness intentional on your part?

New York Times, Fact Checking and Dacosta’s First OpEd

Friday, July 7th, 2017

Cutbacks on editors/fact-checking at the New York Times came at an unfortunate time for Marc Dacosta‘s first OpEd, The President Wants to Keep Us in the Dark (New York Times, 28 June 2017).

DaCosta decries the lack of TV cameras at several recent White House press briefings. Any proof the lack of TV cameras altered the information available to reporters covering the briefings? Here’s DaCosta on that point:


But the truth is that the decision to prevent the press secretary’s comments on the day’s most pressing matters from being televised is an affront to the spirit of an open and participatory government. It’s especially chilling in a country governed by a Constitution whose very First Amendment protects the freedom of the press.

Unfortunately, the slow death of the daily press briefing is only part of a larger assault by the Trump administration on a precious public resource: information.

DaCosta’s implied answer is no, a lack of TV cameras resulted in no diminishing of information from the press conference. But, his hyperbole gland kicks in, then he cites disjointed events claimed to diminish public access to information.

For example, Trump’s non-publication of visitor records:


Immediately after Mr. Trump took office, the administration stopped publishing daily White House visitor records, reversing a practice established by President Obama detailing the six million appointments he and administration officials took at the White House during his eight years in office. Who is Mr. Trump meeting with today? What about Mr. Bannon? Good luck finding out.

Really? Mark J. Rozell summarizes the “detailing the six million appointments he and administration officials took…” this way:


Obama’s action clearly violated his own pledge of transparency and an outpouring of criticism of his action somewhat made a difference. He later reversed his position when he announced that indeed the White House visitor logs would be made public after all.

Unfortunately, the president decided only to release lengthy lists of names, with no mention of the purpose of White House visits or even differentiation between tourists and people consulted on policy development.

This action enabled the Obama White House to appear to be promoting openness while providing no substantively useful information. If the visitor log listed “Michael Jordan,” there was no way to tell if the basketball great or a same-named industry lobbyist was the person at the White House that day and the layers of inquiry required to get that information were onerous. But largely because the president had appeared to have reversed himself in reaction to criticism for lack of transparency, the controversy died down, though it should not have.

Much of the current reaction to President Trump’s decision has contrasted that with the action of his predecessor, and claimed that Obama had set the proper standard by opening the books. The reality is different though, as Obama’s action set no standard at all for transparency.
…(Trump should open White House visitor logs, but don’t flatter Obama, The Hill, 18 April 2017)

That last line on White House visitor records under Obama is worth repeating:

The reality is different though, as Obama’s action set no standard at all for transparency.

Obama-style opaqueness would not answer the questions:

Who is Mr. Trump meeting with today? What about Mr. Bannon? [Questions by DaCosta.]

A fact-checker and/or editor at the New York Times knew that answer (hint to NYT management).

Even more disappointing is the failure of DaCosta, as the co-founder of Engima, to bring any data to a claim that White House press briefings are of value.

One way to test the value of White House press briefings is to extract the “facts” announced during the briefing and compare those to media reports in the prior twenty-four hours.

If DaCosta thought of such a test, the reason it went unperformed isn’t hard to guess:


The Senate had just released details of a health care plan that would deprive 22 million Americans of health insurance, and President Trump announced that he did not, as he had previously hinted, surreptitiously record his conversations with James Comey, the former F.B.I. director.
… (DaCosta)

First, a presidential press briefing isn’t an organ for the US Senate and second, Trump had already tweeted the news about not recording his conversations with James Comey. None of those “facts” broke at the presidential press briefing.

DaCosta is 0 for 2 for new facts at that press conference.

I offer no defense for the current administration’s lack of transparency, but fact-free and factually wrong claims against it don’t advance DaCosta’s cause:


Differences of belief and opinion are inseparable from the democratic process, but when the facts are in dispute or, worse, erased altogether, public debate risks breaking down. To have a free and democratic society we all need a common and shared context of facts to draw from. Facts or data will themselves never solve any problem. But without them, finding solutions to our common problems is impossible.

We should all expect better of President Trump, the New York Times and Marc DaCosta (@marc_dacosta).

Deanonymizing the Past

Thursday, July 6th, 2017

What Ever Happened to All the Old Racist Whites from those Civil Rights Photos? by Johnny Silvercloud raises an interesting question but never considers it from a modern technology perspective.

Silvercloud includes this lunch counter image:

I count almost twenty (20) full or partial faces in this one image. Thousands if not hundreds of thousands of other images from the civil rights era capture similar scenes.

Then it occurred to me, unlike prior generations with volumes of photographs, populated by anonymous bystanders/perpetrators to/of infamous acts, we have the present capacity to deanonimize the past.

As a starting point, may I suggest Deep Face Recognition by Omkar M. Parkhi, Andrea Vedaldi, Andrew Zisserman, one of the more popular papers in this area, with 429 citations as of today (06 July 2017).

Abstract:

The goal of this paper is face recognition – from either a single photograph or from a set of faces tracked in a video. Recent progress in this area has been due to two factors: (i) end to end learning for the task using a convolutional neural network (CNN), and (ii) the availability of very large scale training datasets.

We make two contributions: first, we show how a very large scale dataset (2.6M images, over 2.6K people) can be assembled by a combination of automation and human in the loop, and discuss the trade off between data purity and time; second, we traverse through the complexities of deep network training and face recognition to present methods and procedures to achieve comparable state of the art results on the standard LFW and YTF face benchmarks.

That article was written in 2015 so consulting a 2017 summary update posted to Quora is advised for current details.

Banks, governments and others are using facial recognition for their own purposes, let’s also uses it to hold people responsible for their moral choices.

Moral choices at lunch counters, police riots, soldiers and camp guards from any number of countries and time periods, etc.

Yes?

Kaspersky: Is Source Code Disclosure Meaningful?

Thursday, July 6th, 2017

Responding to a proposed ban of Kaspersky Labs software, Eugene Kaspersky, chief executive of Kaspersky, is quoted in Russia’s Kaspersky Lab offers up source code for US government scrutiny, as saying:

The chief executive of Russia’s Kaspersky Lab says he’s ready to have his company’s source code examined by U.S. government officials to help dispel long-lingering suspicions about his company’s ties to the Kremlin.

In an interview with The Associated Press at his Moscow headquarters, Eugene Kaspersky said Saturday that he’s also ready to move part of his research work to the U.S. to help counter rumors that he said were first started more than two decades ago out of professional jealousy.

“If the United States needs, we can disclose the source code,” he said, adding that he was ready to testify before U.S. lawmakers as well. “Anything I can do to prove that we don’t behave maliciously I will do it.”

Personally I think Kaspersky is about to be victimized by anti-Russia hysteria, where repetition of rumors, not facts, are the coin of the realm.

Is source code disclosure is meaningful? A question applicable to Kasperky disclosures to U.S. government officials, or Microsoft or Oracle disclosures of source code to foreign governments.

My answer is no, at least if you mean source code disclosure limited to governments or other clients.

Here’s why:

  • Limited competence: For the FBI in particular, source code disclosure is meaningless. Recall the FBI blew away $170 million in the Virtual Case File project with nothing to show and no prospect of a timeline, after four years of effort.
  • Limited resources: Guido Vranken‘s The OpenVPN post-audit bug bonanza demonstrates that after two (2) manual audits, vulnerabilities remain to be found in OpenVPN. Unlike OpenVPN, any source code given to a government will be reviewed at most once and then only by a limited number of individuals. Contrast that with OpenVPN, which has been reviewed for years by a large number of people and yets flaws remain to be discovered.
  • Limited staff: Closely related to my point about limited resources, the people in government who are competent to undertake a software review are already busy with other tasks. Most governments don’t have a corps of idle but competent programmers waiting for source code disclosures to evaluate. Whatever source code review takes place, it will be the minimum required and that only as other priorities allow.

If Kaspersky Labs were to open source but retain copyright on their software, then their source code could be reviewed by:

  • As many competent programmers as are interested
  • On an ongoing basis
  • By people with varying skills and approaches to software auditing

Setting a new standard, that is open source but copyrighted for security software, would be to the advantage of leaders in Gartner’s Magic Quadrant, others, not so much.

It’s entirely possible for someone to compile source code and avoid paying a license fee but seriously, is anyone going to pursue pennies on the ground when there are $100 bills blowing overhead? Auditing, code review, transparency, trust. (I know, the RIAA chases pennies but it’s run by delusional paranoids.)

Three additional reasons for Kaspersky to go open source but copyrighted:

  • Angst among its more poorly managed competitors will soar.
  • Example for government mandated open source but copyright for domestic sales. (Think China, EU, Russia.)
  • Front page news featuring Kaspersky Labs as breaking away from the pack.

Entirely possible for Kaspersky to take advantage of the narrow-minded nationalism now so popular in some circles of the U.S. government. Not to mention changing the landscape of security software to its advantage.

Full Fact is developing two new tools for automated fact-checking

Thursday, July 6th, 2017

Full Fact is developing two new tools for automated fact-checking by Mădălina Ciobanu.

From the post:

The first tool, Live, is based on the assumption that people, especially politicians, repeat themselves, Babakar explained, so a claim that is knowingly or unknowingly false or inaccurate is likely to be said more than once by different people.

Once Full Fact has fact-checked a claim, it becomes part of their database, and the next step is making sure that data is available every time the same assertion is being made, whether on TV or at a press conference. “That’s when it gets interesting – how can you scale the fact check so that it can be distributed in a much grander way?”

Live will be able to monitor live TV subtitles and eventually perform speech-to-text analysis, taking a live transcript from a radio programme or a press conference and matching it against Full Fact’s database.

The second tool Full Fact is building is called Trends, and it aims to record every time a wrong or false claim is repeated, and by whom, to enable fact-checkers to track who or what is “putting misleading claims out into the world”.

Because part of Full Fact’s remit is also to get corrections on claims they verify, the team wants to be able to measure the work of their impact, by looking at whether a claim has been said again once they have fact-checked it and requested a correction for it.

The work on Live and Trends has just been funded and the tools are scheduled to appear in 2018.

They are hiring, by the way: Automated Factchecking at Full Fact. Full Fact is also a charity, in case you want to donate to support this work.

I wonder how Full Fact rate stories such as Crowdstrike‘s, a security firm that lives in the back pocket of the Democratic Party (US), report claiming Russian hacks of the DNC? A report it later revised.

Personally since the claims were “confirmed” by a known liar, James Capper, former Director of National Intelligence, I would downgrade such reports and repetitions by others to latrine gossip.

In case you haven’t read in detail the various reports, there have been no records produced, but much looks like, “in our experience,” etc., but a positive dearth of facts. That interested “experts” say it is so, in the absence of evidence, doesn’t make their claims facts.

Looking forward to news on these projects as they develop!

The State of Automated Factchecking

Wednesday, July 5th, 2017

The State of Automated Factchecking by Mevan Babakar and Will Moy.

From the webpage:

The State of Automated Factchecking is an in-depth report looking at where we are with automated factchecking globally, and where we could get to with the necessary funding.

It sets out Full Fact’s roadmap for our own work on automated factchecking, and our design principles for the tools we are building.

We propose principles of collaboration for factchecking organisations, researchers and computer scientists around the world.

We hope that it will be the beginning of many fruitful conversations.

It’s split into two parts:

Part One: A roadmap for automated factchecking
Part Two: What we can do now and what remains to be done

Summary

  • We can scale up and speed up factchecking dramatically using technology that exists now.
  • We are months—and relatively small amounts of money—away from handing practical automated tools to factcheckers and journalists. This is not the horizon of artificial intelligence; it is simply the application of existing technology to factchecking.
  • Automated factchecking projects are taking place across the world, but they are fragmented. This means factcheckers and researchers are wasting time and money reinventing the wheel.
  • We propose open standards. Automated factchecking will come to fruition in a more coherent and efficient way if key players think in terms of similar questions and design principles, learn from existing language processing tasks, and build shared infrastructure.
  • International collaboration is vital so that the system works in several languages and countries.
  • Research into machine learning must continue, but we can make serious progress harnessing other technologies in the meantime.

Read the full report

Read The State of Automated Factchecking (pdf, 6Mb) and sign up below to keep up with the latest.

Stay up to date

To stay updated on our progress subscribe to our automated factchecking mailing list, or for any specific questions email Mevan Babakar at mevan@fullfact.org

I mention this report as background reading for the latest efforts by Full Fact to develop automated fact-checking tools.

Enjoy!

Media outrage on threatened violence against Assange?

Sunday, July 2nd, 2017

Assange Compiles Media Figures, Establishment Democrats Calling For His Death by Elizabeth Vos.

From the post:

Wikileaks Editor-in-Chief Julian Assange tweeted extensively overnight regarding what he labeled tolerant liberals who have called for his assassination and torture. Assange called such media figures “blue-ticks.” It is not clear at this time what may have prompted the series of tweets. Assange also referenced the torture and murder of what he called “alleged sources” during the series of tweets. He also implicated Hillary Clinton in some of the references. Some understood this to be a reference to the upcoming anniversary of Seth Rich’s murder, but it is not clear at this time who Assange may have been specifically referring to.

I won’t repeat the latest dust-up between the US media and the village idiot they helped elect with their fascination for “man bites dog” type news. Candidate X said Y or did outrageous act Z, so, why is that news? The “media” that reports meetings between US presidents and aliens in the Rose Garden needs something to print. Could have left such stories to them.

Now, however, the candidate they favored with $millions if not $billions in free coverage, is rough-housing with the media. Oh, my!

When you think about reporters in other countries who die on a regular basis, year in and year out, a little harsh talk pales by comparison.

Not to mention the hypocrisy of the US media that reacts to every unkind twitch of the current Whitehouse, but blandly reports calls for the murder of Julian Assange.

I disagree with Assange’s partial leaks*, but even with partial leaks, Assange has empowered public discussion of vital issues for years. You need to ask yourself why in the face of that history, he is not attracting support from mainstream media. Or outrage at calls for violence, explicit calls, against him. (Care to comment New York Times, Washington Post?)

* I disagree on partial leaks because full leaks are likely to be more damaging to those responsible for immoral and/or illegal activity. To that end, those harmed by leaks should have made better choices.