Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

October 28, 2019

How-To Black Box Google’s Algorithm of Oppression

Filed under: Algorithms,Bias,Feminism,Search Algorithms,Search Data,Searching,sexism — Patrick Durusau @ 6:55 pm

Safiya Noble’s Algorithms of Oppression highlights the necessity of asking members of marginalized communities about their experiences with algorithms. I can read the terms that Noble uses in her Google searches and her analysis of the results. What I can’t do, as a older white male, is authentically originate queries of a Black woman scholar or estimate her reaction to search results.

That inability to assume a role in a marginalized community extends across all marginalized communities and in between them. To understand the impact of oppressive algorithms, such as Google’s search algorithms, we must:

  1. Empower everyone who can use a web browser with the ability to black box Google’s algorithm of oppression, and
  2. Listen to their reports of queries and experiences with results of queries.

Enpowering everyone to participate in testing Google’s algorithms avoids relying on reports about the experiences of marginalized communities. We will be listening to members of those communities.

In it’s simplest form, your black boxing of Google start with a Google search box, then:

your search terms site:website OR site:website

That search string states your search terms and is then followed by an OR list of websites you want searched. The results are Google’s ranking of your search against specified websites.

Here’s an example ran while working on this post:

terrorism trump IS site:nytimes.com OR site:fox.com OR site:wsj.com

Without running the search yourself, what distribution of articles to you expect to see? (I also tested this using Tor to make sure my search history wasn’t creating an issue.)

By count of the results: nytimes.com 87, fox.com 0, wsj.com 18.

Suprised? I was. I wonder how the Washington Post stacks up against the New York Times? Same terms: nytimes 49, washingtonpost.com 52.

Do you think those differences are accidental? (I don’t.)

I’m not competent to create a list of Black websites for testing Google’s algorithm of oppression but the African American Literature Book Club has a list of the top 50 Black-Owned Websites. In addition, they offer a list of 300 Black-owned websites and host the search engine Huria Search, which only searches Black-owned websites.

To save you the extraction work, here are the top 50 Black-owned websites ready for testing against each other and other sites in the bowels of Google:

essence.com OR howard.edu OR blackenterprise.com OR thesource.com OR ebony.com OR blackplanet.com OR sohh.com OR blackamericaweb.com OR hellobeautiful.com OR allhiphop.com OR worldstarhiphop.com OR eurweb.com OR rollingout.com OR thegrio.com OR atlantablackstar.com OR bossip.com OR blackdoctor.org OR blackpast.org OR lipstickalley.com OR newsone.com OR madamenoire.com OR morehouse.edu OR diversityinc.com OR spelman.edu OR theybf.com OR hiphopwired.com OR aalbc.com OR stlamerican.com OR afro.com OR phillytrib.com OR finalcall.com OR mediatakeout.com OR lasentinel.net OR blacknews.com OR blavity.com OR cassiuslife.com OR jetmag.com OR blacklivesmatter.com OR amsterdamnews.com OR diverseeducation.com OR deltasigmatheta.org OR curlynikki.com OR atlantadailyworld.com OR apa1906.net OR theshaderoom.com OR notjustok.com OR travelnoire.com OR thecurvyfashionista.com OR dallasblack.com OR forharriet.com

Please spread the word to “young Black girls” to use Noble’s phrase, Black women in general, all marginalized communities, they need not wait for experts with programming staffs to detect marginalization at Google. Experts have agendas, discover your own and tell the rest of us about it.

October 7, 2019

TLP:GREEN Leak to Lossen Your Bowels

Filed under: Classification,Government,Security — Patrick Durusau @ 4:45 pm

Zak Doffman in FBI Issues Surprise New Cyber Attack Warning posted a link to: Cyber Criminals Use Social Engineering and Technical Attacks to Circumvent Multi-Factor Authentication, which is clearly marked:

TLP:GREEN:

This PIN has been released TLP:GREEN: The information in this product is useful for the awareness of all participating organizations within their sector or community, but should not be shared via publicly accessible channels.

Do you think Forbes.com qualifies as a “publicly accessible channel?”

I ask just to highlight the absurdity of information restriction that has taken over government and cybersecurity in general. Notice that the evils doers in this scenario are already informed and the only people left uninformed, are members of the public.

I’m sure someone at the FBI has the authority to assign TPL:GREEN classification, but not anything lower or higher, plus they have auditing routines to check their work, monthly reports, etc. Now imagine all the turf protection and routines that must go on for other security classifications. All to hide information from the voting public.

Ask your 2020 candidates to sweep away all but launch code and location of nuclear submarine secrecy. It’s not like a modern army can conceal its intentions to invade. Think of all the classification staff that will become availabe to fill the front ranks.

October 6, 2019

Getting Started in Bug Bounty

Filed under: Bugs,Cybersecurity,Hacking — Patrick Durusau @ 8:11 pm

The key lesson here is that hours and hours of practice are required. There’s no shortcut to avoid putting in the time to learning your tools and the weaknesses they are best at detecting.

Reminder, as of October 7, 2019, there are 270 working days left until the 2020 elections in the United States. Use your time wisely!

October 5, 2019

Automatic News Comment Generation

Filed under: Artificial Intelligence,Natural Language Processing,Social Media — Patrick Durusau @ 3:09 pm

Read, Attend and Comment: A Deep Architecture for Automatic News Comment Generation by Ze Yang, Can Xu, Wei Wu, Zhoujun Li.

Abstract: Automatic news comment generation is beneficial for real applications but has not attracted enough attention from the research community. In this paper, we propose a “read-attend-comment” procedure for news comment generation and formalize the procedure with a reading network and a generation network. The reading network comprehends a news article and distills some important points from it, then the generation network creates a comment by attending to the extracted discrete points and the news title. We optimize the model in an end-to-end manner by maximizing a variational lower bound of the true objective using the back-propagation algorithm. Experimental results on two public datasets indicate that our model can significantly outperform existing methods in terms of both automatic evaluation and human judgment.

A tweet said this was a “dangerous” paper, so I had to follow the link.

This research could be abused, but how many news comments have you read lately? The comments made by this approach would have to degrade a lot to approach the average human comment.

Anyone who is interested in abusive and/or inane comments, can scrape comments on Facebook or Twitter, set up a cron file and pop off the next comment for posting. Several orders of magnitude less effort that the approach of this paper.

Wondering, would coherence of comments over a large number of articles be an indicator that a bot is involved?

October 4, 2019

Follow the Link: Exploiting Symbolic Links with Ease

Filed under: Hacking,Microsoft — Patrick Durusau @ 3:17 pm

Follow the Link: Exploiting Symbolic Links with Ease by Eran Shimony.

In the first part, we will explore the attack vector for abusing privileged file operations bugs along with how to fix those bugs. To start, we will walk through CVE-2019-1161, a vulnerability in Windows Defender that can be exploited to achieve Escalation of Privileges (EoP), which Microsoft released a patch for it in August patch Tuesday.

Hundreds of millions of Windows machines –- any machine running Windows 7 and above – are vulnerable to the arbitrary delete vulnerability. A malicious user can abuse Windows Defender to delete any file he wants with NT AUTHORITY\SYSTEM privileges. The vulnerability lies in a process named MpSigStub.exe, which is executed by Windows Defender with high privileges. This process suffers from an impersonation issue that could lead to EoP using Object Manager symlinks.

Prepare for the 2020 election season by refreshing your memory on Windows hacks. If MS marketing is to be believed, 1.5 billion people use Windows every day. Odds are an office or organization of interest to you uses Windows.

Shimony’s walk through on symbolic links leaves us at:

Nevertheless, we can either create a file in an arbitrary location or delete any desired file that might lead to full privilege escalation in certain cases.

It’s a starting place and I’m looking forward to the next installment!

rtweet (Collecting Twitter Data)

Filed under: R,Twitter — Patrick Durusau @ 2:18 pm

rtweet

A boat load of features and one of the easiest on-ramps to Twitter I have seen:

All you need is a Twitter account (user name and password) and you can be up in running in minutes!

Simply send a request to Twitter’s API (with a function like search_tweets(), get_timeline(), get_followers(), get_favorites(), etc.) during an interactive session of R, authorize the embedded rstats2twitter app (approve the browser popup), and your token will be created and saved/stored (for future sessions) for you.

Add to that high quality documentation and examples, what more would you ask for?

Not that I think Twitter data is representative for sentiment measures, etc., but that’s not something you need to share with clients who think otherwise. If they are footing the bill, collect and analyze the data that interests them.

Avoided Ethics Guidelines

Filed under: Ethics,Facebook,Google+,Government — Patrick Durusau @ 10:46 am

Ethical guidelines issued by engineers’ organization fail to gain traction by Nicolas Kayser-Bril.

The world’s largest professional association of engineers released its ethical guidelines for automated systems last March. A review by AlgorithmWatch shows that Facebook and Google have yet to acknowledge them.

In early 2016, the Institute of Electrical and Electronics Engineers, a professional association known as IEEE, launched a “global initiative to advance ethics in technology.” After almost three years of work and multiple rounds of exchange with experts on the topic, it released last April the first edition of Ethically Aligned Design, a 300-page treatise on the ethics of automated systems.

If you want to intentionally ignore these guidelines as well, they are at: Ethics in Action.

Understanding “ethics” are defined within and are supportive of a system, given the racist, misogynistic, homophobic, transphobic, capitalist exploitation economy of today, I find discussions of “ethics” quixotic.

Governments and corporations have no “ethics” even within the present system and following ethics based on what should be the system, only disarms you in the presence of impacable enemies. The non-responses by Google and Facebook are fair warning that you are “ethical” in your relationships with them, only with due regard for the police lurking nearby.

May I suggest you find a sharper stick than “you’re unethical” when taking on governments, corporations and systems. They shrug that sort of comment off like water off a duck’s back. Look around, new and sharper sticks are being invented everyday.

October 3, 2019

Awesome Applied Category Theory

Filed under: Category Theory — Patrick Durusau @ 10:54 am

Awesome Applied Category Theory by Statebox.

A curated set of resources on the application of category theory from databases to manufacturing and petri nets.

Did you know you can apply category theory to the assembly of Lego blocks? The authors of String Diagrams for Assembly Planning apply category theory to evaluate assembly of Lego blocks. Their abstract:

Assembly planning is a difficult problem for companies. Many disciplines such as design, planning, scheduling, and manufacturing execution need to be carefully engineered and coordinated to create successful product assembly plans. Recent research in the field of design for assembly has proposed new methodologies to design product structures in such a way that their assembly is easier. However, present assembly planning approaches lack the engineering tool support to capture all the constraints associated to assembly planning in a unified manner. This paper proposes CompositionalPlanning, a string diagram based framework for assembly planning. In the proposed framework, string diagrams and their compositional properties serve as the foundation for an engineering tool where CAD designs interact with planning and scheduling algorithms to automatically create high-quality assembly plans. These assembly plans are then executed in simulation to measure their performance and to visualize their key build characteristics. We demonstrate the versatility of this approach in the LEGO assembly domain. We developed two reference LEGO CAD models that are processed by CompositionalPlanning’s algorithmic pipeline. We compare sequential and parallel assembly plans in a Minecraft simulation and show that the time-to-build performance can be optimized by our algorithms.

I don’t have any Lego blocks at hand but suspect working through the exercise with them will produce a more intuitive understanding of the value of the author’s technique.

Perhaps a new meme: Category Theory, wherever Lego Blocks are sold!

Powered by WordPress