Archive for February, 2018

Liberals Amping Right Wing Conspiracies

Wednesday, February 28th, 2018

You read the headline correctly: Liberals Amping Right Wing Conspiracies.

It’s the only reasonable conclusion after reading Molly McKew‘s post: How Liberals Amped up a Paranoid Shooting Conspiracy Theory.

From the post:


This terminology camouflages the war for minds that is underway on social media platforms, the impact that this has on our cognitive capabilities over time, and the extent to which automation is being engaged to gain advantage. The assumption, for example, that other would-be participants in social media information wars who choose to use these same tactics will gain the same capabilities or advantage is not necessarily true. This is a playing field that is hard to level: Amplification networks have data-driven, machine learning components that work better with refinement over time. You can’t just turn one on and expect it to work perfectly.

The vast amounts of content being uploaded every minute cannot possibly be reviewed by human beings. Algorithms, and the poets who sculpt them, are thus given an increasingly outsized role in the shape of our information environment. Human minds are on a battlefield between warring AIs—caught in the crossfire between forces we can’t see, sometimes as collateral damage and sometimes as unwitting participants. In this blackbox algorithmic wonderland, we don’t know if we are picking up a gun or a shield.

McKew has a great description of the amplification in the Parkland shooting conspiracy case, but it’s after the fact and not a basis for predicting the next amplification event.

Any number of research projects suggest themselves:

  • Observing and testing social media algorithms against content
  • Discerning patterns in amplified content
  • Testing refinement of content
  • Building automated tools to apply lessons in amplification

No doubt all those are underway in various guises for any number of reasons. But are you going to share in those results to protect your causes?

Six Degrees of Wikipedia – Eye Candy or Opportunity for Serendipity?

Wednesday, February 28th, 2018

Six Degrees of Wikipedia

As the name implies, finds the shortest path between two Wikipedia pages.

Whatis.com defines serendipity in part as:

In general, serendipity is the act of finding something valuable or delightful when you are not looking for it. In information technology, serendipity often plays a part in the recognition of a new product need or in solving a design problem. Web surfing can be an occasion for serendipity since you sometimes come across a valuable or interesting site when you are looking for something else.

Serendipity requires exposure to things you aren’t looking for, search engines excel at that, but their results are so noisy that serendipity is a rare occurrence.

Six Degrees of Wikipedia may have a different result.

First and foremost, humans created the links, for reasons unknown, that form the six degrees of separation. The resulting six degrees is a snapshot of human input from dozens, if not hundreds, of human actors. All of who had an unknown motivation.

Second, the limitation to six degrees results in a graph and nodes that can be absorbed in a glance.

Compare to the “I can make big and dense graphs” so typical in the “analysis” of social media results. (Hint: If any US government agency is asking, “The Russians did it.” is the correct response. Gin up supporting data on your own.)

Six degrees between topics would make a fascinating way to explore a topic map, especially one that merged topics from different domains. Randomly select labels to appear along side those more familiar to a user. Provoke serendipity!

Covering Human Trafficking … Gulf Arab States (@GIJN)

Wednesday, February 28th, 2018

Guide to Covering Human Trafficking, Forced Labor & Undocumented Migration in Gulf Arab Countries by Migrant-Rights.org.

From the post:

Over 11 million migrant workers work in the six Middle Eastern countries — Saudi Arabia, Kuwait, the United Arab Emirates, Qatar, Bahrain and Oman — that make up the political and economic alliance known as the Gulf Cooperation Council (GCC). Migrants comprise an extraordinary 67 percent of the labor force in these countries. Reforms in labor laws, adopted by just a few Gulf countries, are rarely implemented.

Abuse of these workers is widespread, with contract violations, dangerous working conditions and unscrupulous traffickers, brokers and employers. Media outlets, both local and international, have generally not covered this topic closely. Journalists attempting to investigate human trafficking and forced labor in the region have faced a lack of information, restrictions on press freedom and security threats. Some have faced detention and deportation.

For these reasons, GIJN, in collaboration with human rights organizations, is launching this first bilingual guide to teach journalists best practices, tools and steps in reporting on human trafficking and forced labor in the Gulf region…

If you are reporting on any aspect of these issues, see also the GINJ’s global Reporting Guide to Human Trafficking & Slavery.

Be aware that residence in a Gulf Arab State isn’t a requirement for reporting on human trafficking.

The top port of entry for human trafficking in the United States is shown on this excerpt of a Google Map:

That’s right, the Hartsfield-Jackson Atlanta International Airport.

Despite knowing their port of entry, Hartsfield-Jackson has yet to make an arrest for human trafficking. (as of May 3, 2017)

Schemes such as Hartsfield-Jackson Wants Travelers to Be the ‘Eyes and Ears’ Detecting Sex Trafficking, may explain their lack of success. Making it everyone’s responsibility means it’s no one’s responsibility.

Improvements aren’t hard to imagine. Separating adults without minors from those traveling with minors would be a first step. Separating minors from their accompanying adults, with native speakers who can speak with the minors privately, plus advertised guarantees of protection in the United States, would be another.

Those who could greatly reduce human trafficking have made a cost/benefit analysis and chosen to allow it to continue. In both the Gulf Arab States, the United States and elsewhere.

I’m hopeful you will reach a different conclusion.

Supporting GIJN, Migrate-Rights.org, your local reporters, are all ways to assist in combating human trafficking. Data wranglers of all levels and hackers should volunteer their efforts.

Kiddie Hack – OPM

Tuesday, February 27th, 2018

Is it fair to point out the Office of Personnel Management (OMP) continues to fail to plan upgrades to its security?

That’s right, not OPM security upgrades are failing, but OPM is failing to plan for security upgrades. Three years after 21.5 million current and former fed data records were stolen from the OPM.

The inspector general report reads in part:


While we believe that the Plan is a step in the right direction toward modernizing OPM’s IT environment, it falls short of the requirements outlined in the Appropriations Act. The Plan identifies several modernization-related initiatives and allocates the $11 million amongst these areas, but the Plan does not
identify the full scope of OPM’s modernization effort or contain cost estimates for the individual initiatives or the effort as a whole. All of the other capital budgeting, project planning, and IT security requirements are similarly missing.

At this rate, hackers are stockpiling gear slow enough to work with OPM systems.

Be careful on eBay and other online sources. No doubt the FBI is monitoring purchases of older computer gear.

FastPhotoStyle [Re-writing Dickens]

Monday, February 26th, 2018

Start Photo:

Style Photo:

Result Photo (start + style):

Impressive!

There are several other sample transformations at the webpage.

From the webpage:

This code repository contains an implementation of our fast photorealistic style transfer algorithm. Given a content photo and a style photo, the code can transfer the style of the style photo to the content photo. The details of the algorithm behind the code is documented in our arxiv paper. Please cite the paper if this code repository is used in your publications.

Yijun Li (UC Merced), Ming-Yu Liu (NVIDIA), Xueting Li (UC Merced), Ming-Hsuan Yang (NVIDIA, UC Merced), Jan Kautz (NVIDIA)A Closed-form Solution to Photorealistic Image Stylization” arXiv preprint arXiv:1802.06474

Re-writing Dickens:


Marley: Why do you not believe your own eyes?

Scrooge: Software makes them a cheat! A pass of PhotoShop or a round with Gimp, to say nothing of fast photorealistic style transfer algorithms.

Doesn’t have the same ring to it does it?

Forbes Vouches For Public Data Sources

Monday, February 26th, 2018

For Forbes readers, a demonstration with one of Bernard Marr’s Big Data And AI: 30 Amazing (And Free) Public Data Sources For 2018 (Forbes, Feb. 26, 2018), adds a ring of authenticity to your data. Marr and by extension, Forbes has vouched for these data sets.

Beats the hell out of opera, medieval boys choirs, or irises for your demonstration. 😉

These data sets show up everywhere but a reprint from Forbes to leave with your (hopefully) future client, sets your data set from others.

Tip: As interesting as it is, I’d skip the CERN Open Data unless you are presenting to physicists. Yes? Hint: Pick something relevant to your audience.

Guide to Searching CIA’s Declassified Archives

Monday, February 26th, 2018

The ultimate guide to searching CIA’s declassified archives Looking to dig into the Agency’s 70 year history? Here’s where to start by Emma Best.

From the webpage:

While the Agency deserves credit for compiling a basic guide to searching their FOIA reading room, it still omits information or leaves it spread out across the Agency’s website. In one egregious example, the CIA guide to searching the records lists only three content types that users can search for, a review of the metadata compiled by Data.World reveals an addition ninety content types. This guide will tell you everything you need to know to dive into CREST and start searching like a pro.

Great guide for anyone interested in the declassified CIA archives.

Enjoy!

#7 Believing that information leads to action (Myth of Liberals)

Monday, February 26th, 2018

Top 10 Mistakes in Behavior Change

Slides from Stanford University’s Persuasive Tech Lab, http://captology.stanford.edu.

A great resource whether you are promoting a product, service or trying to “interfere” with an already purchased election.

I have a special fondness for mistake #7 on the slides:

Believing that information leads to action

If you want to lose the 2018 mid-terms or even worse, the presidential election in 2020, you keep believing in “educating” voters.

Ping me if you want to be a winning liberal.

Governments Are Secure, But Only By Your Forbearance (happens-before (HB) graphs)

Monday, February 26th, 2018

MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols by Caroline Trippel, Daniel Lustig, Margaret Martonosi.

Abstract:

The recent Meltdown and Spectre attacks highlight the importance of automated verification techniques for identifying hardware security vulnerabilities. We have developed a tool for synthesizing microarchitecture-specific programs capable of producing any user-specified hardware execution pattern of interest. Our tool takes two inputs: a formal description of (i) a microarchitecture in a domain-specific language, and (ii) a microarchitectural execution pattern of interest, e.g. a threat pattern. All programs synthesized by our tool are capable of producing the specified execution pattern on the supplied microarchitecture.

We used our tool to specify a hardware execution pattern common to Flush+Reload attacks and automatically synthesized security litmus tests representative of those that have been publicly disclosed for conducting Meltdown and Spectre attacks. We also formulated a Prime+Probe threat pattern, enabling our tool to synthesize a new variant of each—MeltdownPrime and SpectrePrime. Both of these new exploits use Prime+Probe approaches to conduct the timing attack. They are both also novel in that they are 2-core attacks which leverage the cache line invalidation mechanism in modern cache coherence protocols. These are the first proposed Prime+Probe variants of Meltdown and Spectre. But more importantly, both Prime attacks exploit invalidation-based coherence protocols to achieve the same level of precision as a Flush+Reload attack. While mitigation techniques in software (e.g., barriers that prevent speculation) will likely be the same for our Prime variants as for original Spectre and Meltdown, we believe that hardware protection against them will be distinct. As a proof of concept, we implemented SpectrePrime as a C program and ran it on an Intel x86 processor, averaging about the same accuracy as Spectre over 100 runs—97.9% for Spectre and 99.95% for SpectrePrime.

A separate paper is under review for the “tool” used in this article so more joy is on your way!

As a bonus, “happens-before (HB) graphs” are used, enabling exercise of those graph skills you built making cluttered Twitter graphs.

Good hunting!

Learning Drawing Skills To Help You Communicate

Thursday, February 22nd, 2018

I sigh with despair every time I see yet another drawing by Julia Evans.

All of it is clever, clear and without effort on my part, beyond me.

Yeah, it’s the “without effort on my part” that keeps me from learning basic drawing skills.

You’re never going to say of a drawing by me, “There’s a proper Julia Evans!” but I don’t think basic drawing skills beyond me, provided I take the time to practice.

How expensive are guidebooks? Does free sound OK?

By E.G. Lutz, What to Draw and How to Draw It (1913), Drawing Made Easy (1935).

BTW, Lutz inspired Walt Disney with: Animated Cartoons: How They Are Made, Their Origin and Development.

I found this at The Public Domain Review. Support for them is always a good idea.

Of course I would rather be exploring nuances of XQuery, but that’s because XQuery is already familiar.

It’s trying the unfamiliar that leads to new skills, hopefully. 😉

Comparing Comprehensive English Grammars?

Thursday, February 22nd, 2018

Neal Goldfarb in SCOTUS cites CGEL (Props to Justice Gorsuch and the Supreme Court library) highlights two comprehensive grammars for English.

Both are known by the initials CGEL:

Being the more recent work, Cambridge Grammar of the English Language lists today for $279.30 (1860 pages), whereas Quirk’s 1985 Comprehensive Grammar of the English Language, can be had for $166.08 (1779 pages).

Interesting fact, the acronym CGEL was in use for 17 years by Comprehensive Grammar of the English Language before Cambridge Grammar of the English Language was published, using the same acronym.

Curious how much new information was added by the Cambridge grammar? If you had a machine readable text of both, excluded the examples and then calculated the semantic distance between sections on the same material, you could produce a measurement of the distance between the two texts.

Given the prices of academic texts, standardizing a method of comparison would be a boon to scholars and graduate students!

(No comment on the over-writing of the acronym for Quirk’s work by Cambridge.)

Deep Voice – The Empire Grows Steadily Less Secure

Thursday, February 22nd, 2018

Baidu AI Can Clone Your Voice in Seconds

From the post:

Baidu’s research arm announced yesterday that its 2017 text-to-speech (TTS) system Deep Voice has learned how to imitate a person’s voice using a mere three seconds of voice sample data.

The technique, known as voice cloning, could be used to personalize virtual assistants such as Apple’s Siri, Google Assistant, Amazon Alexa; and Baidu’s Mandarin virtual assistant platform DuerOS, which supports 50 million devices in China with human-machine conversational interfaces.

In healthcare, voice cloning has helped patients who lost their voices by building a duplicate. Voice cloning may even find traction in the entertainment industry and in social media as a tool for satirists.

Baidu researchers implemented two approaches: speaker adaption and speaker encoding. Both deliver good performance with minimal audio input data, and can be integrated into a multi-speaker generative model in the Deep Voice system with speaker embeddings without degrading quality.

See the post for links to three-second voice clips and other details.

Concerns?


The recent breakthroughs in synthesizing human voices have also raised concerns. AI could potentially downgrade voice identity in real life or with security systems. For example voice technology could be used maliciously against a public figure by creating false statements in their voice. A BBC reporter’s test with his twin brother also demonstrated the capacity for voice mimicking to fool voiceprint security systems.

That’s a concern? 😉

I think cloned voices of battlefield military commanders, cloned politician voices with sex partners, or “known” voices badgering help desk staff into giving up utility plant or other access, those are “concerns.” Or “encouragements,” depending on your interests in such systems.

If You Like “Fake News,” You Will Love “Fake Science”

Thursday, February 22nd, 2018

Prestigious Science Journals Struggle to Reach Even Average Reliability by Björn Brembs.

Abstract:

In which journal a scientist publishes is considered one of the most crucial factors determining their career. The underlying common assumption is that only the best scientists manage to publish in a highly selective tier of the most prestigious journals. However, data from several lines of evidence suggest that the methodological quality of scientific experiments does not increase with increasing rank of the journal. On the contrary, an accumulating body of evidence suggests the inverse: methodological quality and, consequently, reliability of published research works in several fields may be decreasing with increasing journal rank. The data supporting these conclusions circumvent confounding factors such as increased readership and scrutiny for these journals, focusing instead on quantifiable indicators of methodological soundness in the published literature, relying on, in part, semi-automated data extraction from often thousands of publications at a time. With the accumulating evidence over the last decade grew the realization that the very existence of scholarly journals, due to their inherent hierarchy, constitutes one of the major threats to publicly funded science: hiring, promoting and funding scientists who publish unreliable science eventually erodes public trust in science.

Facts, even “scientific facts,” should be questioned, tested and never blindly accepted.

Knowing a report appears in Nature, or Science, or (zine of your choice), helps you find it. Beyond that, you have to read and evaluate the publication to credit it with more than a place of publication.

Reading beyond abstracts or click-bait headlines, checking footnotes or procedures, do those things very often and you will be in danger of becoming a critical reader. Careful!

Self-Inflicted Insecurity in the Cloud – Selling Legal Firm Data

Wednesday, February 21st, 2018

The self-inflicted insecurity phrase being “…behind your own firewall….”

You can see the rest of the Oracle huffing and puffing here.

The odds of breaching law firm security are increased by:

  • Changing to an unfamiliar computing environment (the cloud), or
  • Changing to unfamiliar security software (cloud firewalls).

Either one is sufficient but together, security breaching errors are nearly certain.

Even with an increase in vulnerability, hackers still face the question of how to monetize law firm data?

The economics and markets for stolen credit card and personal data are fairly well known. The Underground Economy of Data Breaches by Wade Williamson, and Once Stolen, What Do Hackers Do With Your Data?.

Dumping law firm data, such as the Panama Papers, generates a lot of PR but doesn’t add anything to your bank account.

Extracting value from law firm data is a variation on e-discovery, a non-trivial process, briefly described in: the Basics of E-Discovery.

However embarrassing law firm data may be, to its former possessors or their clients, market mechanisms akin to those for credit/personal data have yet to develop.

Pointers to the contrary?

The EFF, Privilege, Revolution

Tuesday, February 20th, 2018

The Revolution and Slack by Gennie Gebhart and Cindy Cohn.

From the post:

The revolution will not be televised, but it may be hosted on Slack. Community groups, activists, and workers in the United States are increasingly gravitating toward the popular collaboration tool to communicate and coordinate efforts. But many of the people using Slack for political organizing and activism are not fully aware of the ways Slack falls short in serving their security needs. Slack has yet to support this community in its default settings or in its ongoing design.

We urge Slack to recognize the community organizers and activists using its platform and take more steps to protect them. In the meantime, this post provides context and things to consider when choosing a platform for political organizing, as well as some tips about how to set Slack up to best protect your community.

Great security advice for organizers and activists who choose to use Slack.

But let’s be realistic about “revolution.” The EFF, community organizers and activists who would use Slack, are by definition, not revolutionaries.

How else would you explain the pantheon of legal cases pursued by the EFF? When the EFF lost, did it seek remedies by other means? Did it take illegal action to protect/avenge injured innocents?

Privilege is what enables people to say, “I’m using the law to oppose to X,” while other people are suffering the consequences of X.

Privilege holders != revolutionaries.

FYI any potential revolutionaries: If “on the Internet, no one knows your a dog,” it’s also true “no one knows you are a government agent.”

Evidence for Power Laws – “…I work scientifically!”

Saturday, February 17th, 2018

Scant Evidence of Power Laws Found in Real-World Networks by Erica Klarreich.

From the post:

A paper posted online last month has reignited a debate about one of the oldest, most startling claims in the modern era of network science: the proposition that most complex networks in the real world — from the World Wide Web to interacting proteins in a cell — are “scale-free.” Roughly speaking, that means that a few of their nodes should have many more connections than others, following a mathematical formula called a power law, so that there’s no one scale that characterizes the network.

Purely random networks do not obey power laws, so when the early proponents of the scale-free paradigm started seeing power laws in real-world networks in the late 1990s, they viewed them as evidence of a universal organizing principle underlying the formation of these diverse networks. The architecture of scale-freeness, researchers argued, could provide insight into fundamental questions such as how likely a virus is to cause an epidemic, or how easily hackers can disable a network.

An informative and highly entertaining read that reminds me of an exchange between in The Never Ending Story between Atreyu and Engywook.

Engywook’s “scientific specie-ality” is the Southern Oracle. From the transcript:

Atreyu: Have you ever been to the Southern Oracle?

Engywook: Eh… what do YOU think? I work scientifically!

In the context of the movie, Engywook’s answer is deeply ambiguous.

Where do you land on the power law question?

Working with The New York Times API in R

Saturday, February 17th, 2018

Working with The New York Times API in R by Jonathan D. Fitzgerald.

From the post:

Have you ever come across a resource that you didn’t know existed, but once you find it you wonder how you ever got along without it? I had this feeling earlier this week when I came across the New York Times API. That’s right, the paper of record allows you–with a little bit of programming skills–to query their entire archive and work with the data. Well, it’s important to note that we don’t get the full text of articles, but we do get a lot of metadata and URLs for each of the articles, which means it’s not impossible to get the full text. But still, this is pretty cool.

So, let’s get started! You’re going to want to head over to http://developer.nytimes.com to get an API Key. While you’re there, check out the selection of APIs on offer–there are over 10, including Article Search, Archive, Books, Comments, Movie Reviews, Top Stories, and more. I’m still digging into each of these myself, so today we’ll focus on Article Search, and I suspect I’ll revisit the NYT API in this space many times going forward. Also at NYT’s developer site, you can use their API Tool feature to try out some queries without writing code. I found this helpful for wrapping my head around the APIs.

A great “getting your feet wet” introduction to the New York Times API in R.

Caution: The line between the New York Times (NYT) and governments is a blurry one. It has cooperated with governments in the past and will do so in the future. If you are betrayed by the NYT, you have no one but yourself to blame.

The same is true for the content of the NYT, past or present. Chance is not the deciding factor on stories being reported in the NYT. It won’t be possible to discern motives in the vast majority of cases but that doesn’t mean they didn’t exist. Treat the “historical” record as carefully as current accounts based on “reliable sources.”

Distributed Systems Seminar [Accounting For Hostile Environments]

Saturday, February 17th, 2018

Distributed Systems Seminar by Peter Alvaro.

From the webpage:

Description

This graduate seminar will explore distributed systems research, both current and historical, with a particular focus on storage systems and programming models.

Due to fundamental uncertainty in their executions arising from asynchronous communication and partial failure, distributed systems present unique challenges to programmers and users. Moreover, distributed systems are increasingly ubiquitous: nearly all non-trivial systems are now physically distributed. It is no longer possible to relegate responsibility for managing the complexity of distributed systems to a group of expert library or infrastructure writers: all programmers must now be distributed programmers. This is both a crisis and an opportunity.

A great deal of theoretical work in distributed systems establishes important impossibility results, including the famous FLP result, the CAP Theorem, the two generals problem and the impossibility of establishing common knowledge via protocol. These results tell us what we cannot achieve in a distributed system, or more constructively, they tell us about the properties we must trade off for the properties we require when designing or using large-scale systems. But what can we achieve? The history of applied distributed systems work is largely the history of infrastructures — storage systems as well as programming models — that attempt to manage the fundamental complexity of the domain with a variety of abstractions.

This course focuses on these systems, models and languages. We will cover the following topics:

  • Consistency models
  • Large-scale storage systems and data processing frameworks
  • Commit, consensus and synchronization protocols
  • Data replication and partitioning
  • Fault-tolerant design
  • Programming models
  • Distributed programming languages and program analysis
  • Seminal theoretical results in distributed systems

Readings

This course is a research seminar: we will focus primarily on reading and discussing conference papers. We will read 1-2 papers (typically 2) per session; for each paper, you will provide a brief summary (about 1 page). The summary should answer some or all of the following questions:

  • What problem does the paper solve? Is is important?
  • How does it solve the problem?
  • What alternative approaches are there? Are they adequately discussed in the reading?
  • How does this work relate to other research, whether covered in this course or not?
  • What specific research questions, if any, does the paper raise for you?

What a great list of readings!

An additional question of each paper: Does It Account For Hostile Environments?

As Alvaro says: “…nearly all non-trivial systems are now physically distributed.”

That’s a rather large attack surface to leave for unknown others, by unknown means, to secure to an unknown degree, on your behalf.

If you make that choice, add “cyber-victim” to your business cards.

If you aren’t already, you will be soon enough.

@GalaxyKate, Generators, Steganographic Fields Forever (+ Secure Message Tip)

Friday, February 16th, 2018

Before you skip this post as just being about “pretty images,” know that generators span grammars to constraint solvers. Artistry for sure, but exploration can lead to hard core CS rather quickly.

I stumbled upon a @GalaxyKate‘s Generative Art & Procedural Content Starter Kit

Practical Procedural Generation for Everyone: Thirty or so minutes on YouTube, 86,133 views when I checked the link.

So you want to build a generator: In depth blog post with lots of content and links.

Encyclopedia of Generativity: As far as I can tell, a one issue zine by @GalaxyKate but it will take months to explore.

One resource I found while chasing these links was: Procedural Generation.

Oh, and you owe it to yourself to visit GalaxyKate’s homepage:

The small scale of my blog presentation makes that screenshot a pale imitation of what you will find. Great resource!

There’s no shortage of visual content on the Web, one estimate says in 2017, 74% of all internet traffic was video.

Still, if you practice steganographic concealment of information, you should make the work of the hounds as difficult as possible. Generators are an obvious way of working towards that goal.

One secure message tip: Other than for propaganda, which you want discovered and read, omit any greetings, closings, or other rote content, such as blessings, religious quotes, etc.

The famous German Enigma was broken by messages having the same opening text, routine information, closing text (Heil Hitler!), sending the same message in different encodings. Exploring the Enigma

Or in other words, Don’t repeat famous cryptographic mistakes!

Krita (open source painting program)

Thursday, February 15th, 2018

Krita

Do you know Krita? Not being artistically inclined, I don’t often encounter digital art tools. Judging from the examples though:

I’m missing some great imagery, even if I can’t create the same.

Great graphics can enhance your interfaces, education apps, games, propaganda, etc.

Don’t Delete Evil Data [But Remember the Downside of “Evidence”]

Wednesday, February 14th, 2018

Don’t Delete Evil Data by Lam Thuy Vo.

From the post:

The web needs to be a friendlier place. It needs to be more truthful, less fake. It definitely needs to be less hateful. Most people agree with these notions.

There have been a number of efforts recently to enforce this idea: the Facebook groups and pages operated by Russian actors during the 2016 election have been deleted. None of the Twitter accounts listed in connection to the investigation of the Russian interference with the last presidential election are online anymore. Reddit announced late last fall that it was banning Nazi, white supremacist, and other hate groups.

But even though much harm has been done on these platforms, is the right course of action to erase all these interactions without a trace? So much of what constitutes our information universe is captured online—if foreign actors are manipulating political information we receive and if trolls turn our online existence into hell, there is a case to be made for us to be able to trace back malicious information to its source, rather than simply removing it from public view.

In other words, there is a case to be made to preserve some of this information, to archive it, structure it, and make it accessible to the public. It’s unreasonable to expect social media companies to sidestep consumer privacy protections and to release data attached to online misconduct willy-nilly. But to stop abuse, we need to understand it. We should consider archiving malicious content and related data in responsible ways that allow for researchers, sociologists, and journalists to understand its mechanisms better and, potentially, to demand more accountability from trolls whose actions may forever be deleted without a trace.

By some unspecified mechanism, I would support preservation of all social media. As well as have it publicly available, if it were publicly posted originally. Any restriction or permission to see/use the data will lead to the same abuses we see now.

Twitter, among others, talks about abuse but no one can prove or disprove whatever Twitter cares to say.

There is a downside to preserving social media. You have probably seen the NBC News story on 200,000 tweets that are the smoking gun on Russian interference with the 2016 elections.

Well, except that if you look at the tweets, that’s about as far from a smoking gun on Russian interference as anything you can imagine.

By analogy, that’s why intelligence analysts always say they have evidence and give you their conclusions, but not the evidence. Too much danger you will discover their report is completely fictional.

Or when not wholly fictional, serves their or their agency’s interest.

Keeping evidence is risky business. Just so you are aware.

Wikileaks Has Sprung A Leak

Wednesday, February 14th, 2018

In Leaked Chats, WikiLeaks Discusses Preference for GOP over Clinton, Russia, Trolling, and Feminists They Don’t Like by Micah Lee, Cora Currier.

From the post:

On a Thursday afternoon in November 2015, a light snow was falling outside the windows of the Ecuadorian embassy in London, despite the relatively warm weather, and Julian Assange was inside, sitting at his computer and pondering the upcoming 2016 presidential election in the United States.

In little more than a year, WikiLeaks would be engulfed in a scandal over how it came to publish internal emails that damaged Hillary Clinton’s presidential campaign, and the extent to which it worked with Russian hackers or Donald Trump’s campaign to do so. But in the fall of 2015, Trump was polling at less than 30 percent among Republican voters, neck-and-neck with neurosurgeon Ben Carson, and Assange spoke freely about why WikiLeaks wanted Clinton and the Democrats to lose the election.

“We believe it would be much better for GOP to win,” he typed into a private Twitter direct message group to an assortment of WikiLeaks’ most loyal supporters on Twitter. “Dems+Media+liberals woudl then form a block to reign in their worst qualities,” he wrote. “With Hillary in charge, GOP will be pushing for her worst qualities., dems+media+neoliberals will be mute.” He paused for two minutes before adding, “She’s a bright, well connected, sadistic sociopath.”

Like Wikileaks, the Intercept treats the public like rude children, publishing only what it considers to be newsworthy content:


The archive spans from May 2015 through November 2017 and includes over 11,000 messages, more than 10 percent of them written from the WikiLeaks account. With this article, The Intercept is publishing newsworthy excerpts from the leaked messages.

My criticism of the Intercept’s selective publication of leaks isn’t unique to its criticism of Wikileaks. I have voiced similar concerns about the ICIJ and Wikileaks itself.

I want to believe the Intercept, ICIJ and Wikileaks when they proclaim others have been lying, unfaithful, dishonest, etc.

But that wanting/desire makes it even more important that I critically assess the evidence they advance for their claims.

Selective release of evidence undermines their credibility to be no more than those they accuse.

BTW, if anyone has a journalism 101 guide to writing headlines, send a copy to the Intercept. They need it.

PS: I don’t have an opinion one way or the other on the substance of the Lee/Currier account. I’ve never been threatened with a government missile so can’t say how I would react. Badly I would assume.

Russian Influence! Russian Influence! Get Your Russian Influence Here!

Wednesday, February 14th, 2018

Twitter deleted 200,000 Russian troll tweets. Read them here. by Ben Popken (NBC News)

From the post:

NBC News is publishing its database of more than 200,000 tweets that Twitter has tied to “malicious activity” from Russia-linked accounts during the 2016 U.S. presidential election.

These accounts, working in concert as part of large networks, pushed hundreds of thousands of inflammatory tweets, from fictitious tales of Democrats practicing witchcraft to hardline posts from users masquerading as Black Lives Matter activists. Investigators have traced the accounts to a Kremlin-linked propaganda outfit founded in 2013 known as the Internet Research Association (IRA). The organization has been assessed by the U.S. Intelligence Community to be part of a Russian state-run effort to influence the outcome of the 2016 U.S. presidential race. And they’re not done.

“There should be no doubt that Russia perceives its past efforts as successful and views the 2018 US midterm elections as a potential target for Russian influence operations,” Director of National Intelligence Dan Coats told the Senate Intelligence Committee Tuesday.

Wow!

What’s really amazing is that NBC keeps up the narrative of “Russian influence” while publishing data to the contrary!

No, I confess I haven’t read all 200K tweets but then neither has NBC, if they read any of them at all.

Download tweets.csv. (NBC link) (Don’t worry, I’ve stored a copy elsewhere should that one disappear.)

On Unix, try this: head -100 tweets.csv | awk -F "," '{ print $8 }' > 100-tweets.txt

The eight field of the csv file containing the text in each tweet.

Walk with me through the shadow of Russian influence and see how you feel:

  1. “RT @LibertyBritt: He’s the brilliant guy who shoots himself in the foot to spite his face. And tries to convince us to do it too. https:/…”
  2. “RT @K1erry: The Marco Rubio knockdown of Elizabeth Warren no liberal media outlet will cover https://t.co/Rh391fEXe3”
  3. “Obama on Trump winning: ‘Anything’s possible’ https://t.co/MjVMZ5TR8Y #politics”
  4. “RT @bgg2wl: Walmart
  5. “it’s impossible! #TexasJihad”
  6. “RT @LibsNoFun: Who will wave the flag? #DayWithoutImmigrants https://t.co/Cn6JKqzE6X”
  7. “Bewaffnete attackieren Bus mit koptischen Christen #Islamisten #ISIS
  8. “”
  9. “The bright example of our failing education https://t.co/DgboGgkgVj”
  10. “@sendavidperdue How are they gonna protect us if they just let a bunch of terrorist walk the cities of our city? #StopIslam #IslamKills”

Only ten “Russian influence” tweets and I’m already thinking about vodka. You?

Let’s try another ten:

  1. “FC Barcelonas youth academy! La Masia doin work! Double tap for these little guys! https://t.co/eo1qIvLjgS”
  2. “When I remember it’s #Friyay https://t.co/yjBTsaFaR2”
  3. “RT @Ladydiann2: Remove these Anti Americans from America enough is enough abuse American freedoms how dare you low lives https://t.co/G44E6…”
  4. “RT @BreitbartNews: This week’s “”Sweden incident.”” https://t.co/EINMeA9R2T”
  5. “RT @alisajoy331: Prayer sent Never stop fighting💔 https://t.co/B9Tno5REjm”
  6. “RT @RossMoorhouse: #ItsRiskyTo
  7. “”
  8. “RT @RedState: The KKK Says A&E Producers Tried to Stage Fake Scenes for Cancelled Documentary https://t.co/HwaebG2rdI”
  9. “RT @hldb73: Bryan or Ryan Adams #whenthestarsgoblue #RejectedDebateTopics @WorldOfHashtags @TheRyanAdams @bryanadams https://t.co/wFBdne8K…”
  10. “RT @WorldTruthTV: #mutual #respect https://t.co/auIjJ2RdBU”

Well comrade. Do you feel any different about the motherland? I don’t. Let’s read some more of her tweets!

  1. “tired of kids how to get rid #SearchesGoogleIsAshamedOf”
  2. “RT @crookedwren: “”Praise be to the Lord
  3. “RT @deepscreenshots: https://t.co/1IuHuiAIJB”
  4. “Kareem Abdul Jabber #OneLetterOffSports @midnight #HashtagWars”
  5. “#God can be realized through all paths. All #religions…”
  6. “RT @RawStory: ‘Star Wars’ Han Solo movie to begin production in January https://t.co/bkZq7F7IkD”
  7. “RT @KStreetHipster: Hamner-Brown is already on its way here. It’s been on it’s way for billions of years. #KSHBC https://t.co/TQh86xN3pJ”
  8. “RT @TrumpSuperPAC: Obama’s a Muslim & this video from @FoxNews proves it! Even @CNN admits Obama’s training protesters/jihadists! #MAGA htt…”
  9. “RT @schotziejlk: .@greta Who is your #SuperBowl favorite?”
  10. “RT @LefLaneLivin: @trueblackpower As Black People we need to Support

I’m going to change my middle name to Putin out of respect for our glorious leader!

Is it respectful to get a Putin tatoo on your hiney?

(Recovers from Russian influence)

This is NBC’s damning proof of Russian influence. Like I said at the beginning, Wow!

As in Wow! how dumb.

OK, to be fair, any tweet set will have a lot of trash in it and grepping for Clinton/clinton and Trump/trump returns 20,893 for Clinton and 49,669 for Trump.

I haven’t checked but liberals talking about Clinton/Trump pre-election ran about 2 1/2 times more mentions of Trump than Clinton. (Odd way to run a campaign.)

So, the usual grep/head, etc. and the first ten “Clinton” tweets are:

  1. “Clinton: Trump should’ve apologized more
  2. “RT @thomassfl: Wikileaks E-Mails:  Hillary Clinton Blackmailed Bernie Sanders https://t.co/l9X32FegV6.”
  3. “Clinton’s VP Choice: More Harm Than Good https://t.co/iGnLChFHeP”
  4. “Hillary Clinton vows to fight
  5. “RT @Rammer_Jammer84: I don’t know about Hilary Clinton having a body double but it’s super weird that she came out by herself considering s…”
  6. “RT @Darren32895836: After Hillary Clinton Caught 4attempting 2take advantage of Americans hardships &tears changes Strat #PrayForFlorida ht…”
  7. “RT @steph93065: Hillary Clinton: Donald Trump’s Veterans Press Conference ‘Disgraceful’ – Breitbart https://t.co/CVvBOrTJBX”
  8. “RT @DianeRainie1: Hey @HillaryClinton this message is for you. Pack it up & go home Hillary
  9. “”
  10. “”RejectedDebateTopics””

and the first ten “Trump” tweets are:

  1. “Clinton: Trump should’ve apologized more
  2. “RT @AriaWilsonGOP: 3 Women Face Charges After Being Caught Stealing Dozens Of Trump Signs https://t.co/JjlZxaW3JN https://t.co/qW2Ok9ROxH”
  3. “RT @America_1st_: CW: “”The thing that impressed me was that Trump is always comfortable in own skin
  4. “Dave Chappelle: “”Black Lives Matter”” is the worst slogan I’ve ever heard! How about “”enough is enough””? VotingTrump! https://t.co/5okvmoQhcj”
  5. “Obama on Trump winning: ‘Anything’s possible’ https://t.co/MjVMZ5TR8Y #politics”
  6. “RT @TrumpSuperPAC: Obama’s a Muslim & this video from @FoxNews proves it! Even @CNN admits Obama’s training protesters/jihadists! #MAGA htt…”
  7. “Deceitful Media caught on act when trying to drive the “”Donald Trump is racist”” rhetoric.
  8. “”
  9. “RT @Veteran4Trump: A picture you will never see on @CNN or @MSNBC #BlacksForTrump Thumbs up for Trump 👍#MakeAmericaGreatAgain #Blacks4Trump…”
  10. “RT @steph93065: Hillary Clinton: Donald Trump’s Veterans Press Conference ‘Disgraceful’ – Breitbart https://t.co/CVvBOrTJBX”

That’s a small part of NBC’s smoking gun on Russian influence?

Does it stand to reason that the CIA, NSA, etc., have similar cap-gun evidence?

Several options present themselves:

  • Intelligence operatives and their leaders have been caught lying, again. That is spinning tales any reasonable reading of the evidence doesn’t support.
  • Intelligence operatives are believing one more impossible thing before breakfast and ignoring the evidence.
  • Journalists have chosen to not investigate whether intelligence operatives are lying or believing impossible things and report/defend intelligence conclusions.

Perhaps all three?

In any event, before crediting any “Russian influence” story, do take the time to review at least some of the 200,000 pieces of “evidence” NBC has collected on that topic.

You will be left amazed that you ever believed NBC News on any topic.

Phaser (Game/Training Framework)

Wednesday, February 14th, 2018

Their graphic, certainly not mine!

From the webpage:

Desktop and Mobile HTML5 game framework. A fast, free and fun open source framework for Canvas and WebGL powered browser games.

Details: Phaser

Do you use games for learning?

For example, almost everyone recognizes the moral lepers in Congress, face on with a TV caption.

But how many of us could perform the same feat in a busy airport or in poor light?

Enter game learning/training!

Photos are easy enough to find and with Gimp you can create partially obscured faces.

Of course, points should be deducted for “recognizing” the wrong face or failing to recognize a “correct” face.

Game action after the point of recognition is up to you. Make it enjoyable if not addictive.

Ping me with your political action games, patrick@durusau.net. No prizes but if I see a particularly clever or enjoyable one, I’ll give a shout out to it.

Evolving a Decompiler

Wednesday, February 14th, 2018

Evolving a Decompiler by Matt Noonan.

From the post:

Back in 2016, Eric Schulte, Jason Ruchti, myself, Alexey Loginov, and David Ciarletta (all of the research arm of GrammaTech) spent some time diving into a new approach to decompilation. We made some progress but were eventually all pulled away to other projects, leaving a very interesting work-in-progress prototype behind.

Being a promising but incomplete research prototype, it was quite difficult to find a venue to publish our research. But I am very excited to announce that I will be presenting this work at the NDSS binary analysis research (BAR) workshop next week in San Diego, CA! BAR is a workshop on the state-of-the-art in binary analysis research, including talks about working systems as well as novel prototypes and works-in-progress; I’m really happy that the program committee decided to include discussion of these prototypes, because there are a lot of cool ideas out there that aren’t production-ready, but may flourish once the community gets a chance to start tinkering with them.

How wickedly cool!

Did I mention all the major components are open-source?


GrammaTech recently open-sourced all of the major components of BED, including:

  • SEL, the Software Evolution Library. This is a Common Lisp library for program synthesis and repair, and is quite nice to work with interactively. All of the C-specific mutations used in BED are available as part of SEL; the only missing component is the big code database; just bring your own!
  • clang-mutate, a command-line tool for performing low-level mutations on C and C++ code. All of the actual edits are performed using clang-mutate; it also includes a REPL-like interface for interactively manipulating C and C++ code to quickly produce variants.

The building of the “big code database” sounds like an exercise in subject identity doesn’t it?

Topic maps anyone?

Do You Have An ORCID identifier?

Tuesday, February 13th, 2018

ORCID: The number that every academic needs by Debbie Currie.

From the post:

Do you have your ORCID identifier yet? You might not even know what that is. But if you’re a researcher or academic, or planning to become one, you’re going to need one.

The Open Researcher and Contributor identifier—or ORCID—easily connects a researcher to his or her research output and allows others to access and share that body of work. ORCID streamlines publication submission and enhances discoverability. And, increasingly, granting bodies are requiring the ORCID as part of their application process.

“I tell my students it’s the social security number for a scientist,” says Denis Fourches, an assistant professor in the Department of Chemistry and a resident member of the Bioinformatics Research Center. “Then I show them an example of it that not only facilitates your life, but also the compilation of all the papers you reviewed, the compilation of all the papers you published, the compilation of all the presentations you gave at conferences.”

“‘Want that done automatically?’ I ask. And they say ‘Yeah, I like that.’”

The ORCID is a unique, 16-digit, ISO-compatible number. For instance, NCSU Libraries Chief Strategist for Research Collaboration Christopher Erdmann’s ID is 0000-0003-2554-180X. Once you register for free, you can then add information to your ORCID record (some of which will be automatically populated), and link your record to other identifier systems and profiles you might already have such as Scopus, ResearcherID, DataCite, or LinkedIn.

In lieu of the NSA sharing its global identifier for you, ORCID is your next best option. 😉

One of the advantages over your NSA global identifier is that people besides the NSA and its streams of careless contractors use your ORCID identifier.

Take the plunge, at least for your public persona.

I did, not much there (at present) but I’m now identified by: 0000-0003-3057-4833.

It doesn’t roll off the tongue but identifiers rarely do.

Register and start using your ORCID!

PS: Of course you can create an ORCID for your non-public personas as well. Bear in mind the risk of identity disclosing mistakes as you switch from one to the other.

Responsible Disclosure: You Lost 5 Months of Pwning Corporate/Government Computers

Tuesday, February 13th, 2018

Skype can’t fix a nasty security bug without a massive code rewrite by Zack Whittaker.

From the post:

A security flaw in Skype’s updater process can allow an attacker to gain system-level privileges to a vulnerable computer.

The bug, if exploited, can escalate a local unprivileged user to the full “system” level rights — granting them access to every corner of the operating system.

But Microsoft, which owns the voice- and video-calling service, said it won’t immediately fix the flaw, because the bug would require too much work.

Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user, like UXTheme.dll. The bug works because the malicious DLL is found first when the app searches for the DLL it needs.

Once installed, Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking.

Impact of responsible disclosure?

Microsoft sat on its ass for over five months, five months you could have been pwning corporate and government computers, only to say (paraphrase): “It’s too hard.”

It wasn’t too hard for them to completely break Skype for Ubuntu and possibly other flavors of Linux. But fixing a large bug? No, let us introduce some new ones and then we’ll think about the existing ones.

Most corporations and governments maintain secrets only by lack of effort on the part of the public.

Give that some thought when deciding how to spend your leisure time.

Improving Your Phishing Game

Monday, February 12th, 2018

Did you know that KnowBe4 publishes quarterly phishing test analysis? Ranks the top lines that get links in phishing emails followed.

The entire site of KnowBe4 is a reference source if you don’t want to fall for or look like a Nigerian spammer when it comes to phishing emails.

Their definition of phishing:

Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.

Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.

I think:

It’s a form of criminally fraudulent social engineering.

sounds a bit harsh and not nuanced at all.

For example, these aren’t criminally fraudulent cases of phishing:

  • CIA sends phishing emails to foreign diplomats
  • FBI sends phishing emails to anti-war and social reform groups
  • NSA sends phishing emails to government officials (ours, theirs, etc.)

Phishing is an amoral weapon, just like any other weapon.

If you use phishing to uncover child sex traffickers, is that a criminally fraudulent use of phishing? Not to me.

If you hear a different conclusion in a windy discussion of ethics, don’t bother to write. I’ll just treat it as spam.

Don’t let other people make broad ethical pronouncements on your behalf. They have an agenda and it’s not likely to be one in your interest.

Meanwhile, improve your phishing game!

Establishment is Gaslighting Us [Begging Bowl/Reduced Rates Ahead]

Monday, February 12th, 2018

How Establishment Propaganda Gaslights Us Into Submission by Caitlin Johnstone.

The dynamics of the establishment Syria narrative are hilarious if you take a step back and think about them. I mean, the Western empire is now openly admitting to having funded actual, literal terrorist groups in that country, and yet they’re still cranking out propaganda pieces about what is happening there and sincerely expecting us to believe them. It’s adorable, really; like a little kid covered in chocolate telling his mom he doesn’t know what happened to all the cake frosting.

Or least it would be adorable if it weren’t directly facilitating the slaughter of hundreds of thousands of people.

I recently had a pleasant and professional exchange with the Atlantic Council’s neoconservative propagandist Eliot Higgins, in which he referred to independent investigative journalist Vanessa Beeley as “bonkers” and myself as “crazy,” and I called him a despicable bloodsucking ghoul. I am not especially fond of Mr. Higgins.

You see this theme repeated again and again and again in Higgins’ work; the U.S.-centralized power establishment which facilitated terrorist factions in Syria is the infallible heroic Good Guy on the scene, and anyone who doesn’t agree is a mentally deranged lunatic.

If you want to see more journalism that you forward to others, post to Facebook, etc., then donate to Consortiumnews.com.

I should be begging for money for myself, blah, blah, blah, but considering the ongoing fail of the complicit mainstream media, donation to Consortiumnews.com will do more good than donating to me.

If you hire me for research, standards editing or semantic/topic maps work, discount rates are available for donors to Consortiumnews.com.

Reducing the Emotional Toll of Debating Bigots, Fascists and Misogynists

Monday, February 12th, 2018

Victims of bigots, fascists and misogynists on social media can (and many have) recounted the emotional toll of engaging with them.

How would you like to reduce your emotional toll and consume minutes if not hours of their time?

I thought you might be interested. 😉

Follow the link to DeepPavlov. (Ignore the irony of the name considering the use case I’m outlining.)

From the webpage:

An open source library for building end-to-end dialog systems and training chatbots.

We are in a really early Alfa release. You have to be ready for hard adventures.

An open-source conversational AI library, built on TensorFlow and Keras, and designed for

  • NLP and dialog systems research
  • implementation and evaluation of complex conversational systems

Our goal is to provide researchers with:

  • a framework for implementing and testing their own dialog models with subsequent sharing of that models
  • set of predefined NLP models / dialog system components (ML/DL/Rule-based) and pipeline templates
  • benchmarking environment for conversational models and systematized access to relevant datasets

and AI-application developers with:

  • framework for building conversational software
  • tools for application integration with adjacent infrastructure (messengers, helpdesk software etc.)

… (emphasis in the original)

Only one component for a social media engagement bot to debate bigots, fascists and misogynists but a very important one. A trained AI can take the emotional strain off of victims/users and at least in some cases, inflict that toll on your opponents.

For OpSec reasons, don’t announce the accounts used by such an AI backed system.

PS: AI ethics debaters. This use of an AI isn’t a meaningful interchange of ideas online. My goals are: reduce the emotional toll on victims, waste the time of their attackers. Disclosing you aren’t hurting someone on the other side (the bot) isn’t a requirement in my view.