Practical advice for analysis of large, complex data sets [IC tl;dr]

November 11th, 2017

Practical advice for analysis of large, complex data sets by Patrick Riley.

From the post:

For a number of years, I led the data science team for Google Search logs. We were often asked to make sense of confusing results, measure new phenomena from logged behavior, validate analyses done by others, and interpret metrics of user behavior. Some people seemed to be naturally good at doing this kind of high quality data analysis. These engineers and analysts were often described as “careful” and “methodical”. But what do those adjectives actually mean? What actions earn you these labels?

To answer those questions, I put together a document shared Google-wide which I optimistically and simply titled “Good Data Analysis.” To my surprise, this document has been read more than anything else I’ve done at Google over the last eleven years. Even four years after the last major update, I find that there are multiple Googlers with the document open any time I check.

Why has this document resonated with so many people over time? I think the main reason is that it’s full of specific actions to take, not just abstract ideals. I’ve seen many engineers and analysts pick up these habits and do high quality work with them. I’d like to share the contents of that document in this blog post.

Great post and should be read and re-read until it becomes second nature.

I wave off the intelligence community (IC) with tl;dr because intelligence conclusions are policy and not fact, artifacts.

The best data science practices in the world have no practical application in intelligence circles, unless they support the desired conclusions.

Rather than sully data science, intelligence communities should publish their conclusions and claim the evidence cannot be shared.

Before you leap to defend the intelligence community, recall their lying about mass surveillance of Americans, lying about weapons of mass destruction in Iraq, numerous lies about US activities in Vietnam (before 50K+ Americans and millions of Vietnamese were killed).

The question to ask about American intelligence community reports isn’t whether they are lies (they are), but rather why they are lying?

For those interested in data driven analysis, follow Riley’s advice.

eXist-db Docker Image Builder

November 11th, 2017

eXist-db Docker Image Builder

From the webpage:

Pre-built eXist-db Docker images have been published on Docker Hub. You can skip to Running an eXist-db Docker Image if you just want to use the provided Docker images.

To ease your use of eXist-db or create a customized distribution of eXist-db, complete with additional resources, this rocks.

Who Has More Government Censorship of Social Media, Canada or US?

November 10th, 2017

Federal government blocking social media users, deleting posts by Elizabeth Thompson.

From the post:

Canadian government departments have quietly blocked nearly 22,000 Facebook and Twitter users, with Global Affairs Canada accounting for nearly 20,000 of the blocked accounts, CBC News has learned.

Moreover, nearly 1,500 posts — a combination of official messages and comments from readers — have been deleted from various government social media accounts since January 2016.

However, there could be even more blocked accounts and deleted posts. In answer to questions tabled by Opposition MPs in the House of Commons, several departments said they don’t keep track of how often they block users or delete posts.

It is not known how many of the affected people are Canadian.

It’s also not known how many posts were deleted or users were blocked prior to the arrival of Prime Minister Justin Trudeau’s government.

But the numbers shed new light on how Ottawa navigates the world of social media — where it can be difficult to strike a balance between reaching out to Canadians while preventing government accounts from becoming a destination for porn, hate speech and abuse.

US Legal Issues

Davison v. Loudoun County Board of Supervisors

Meanwhile, south of the Canadian border, last July (2017), a US district court decision carried the headline: Federal Court: Public Officials Cannot Block Social Media Users Because of Their Criticism.


Davison v. Loudoun County Board of Supervisors (Davidson) involved the chair of the Loudoun County Board of Supervisors, Phyllis J. Randall. In her capacity as a government official, Randall runs a Facebook page to keep in touch with her constituents. In one post to the page, Randall wrote, “I really want to hear from ANY Loudoun citizen on ANY issues, request, criticism, compliment, or just your thoughts.” She explicitly encouraged Loudoun residents to reach out to her through her “county Facebook page.”

Brian C. Davidson, a Loudon denizen, took Randall up on her offer and posted a comment to a post on her page alleging corruption on the part of Loudoun County’s School Board. Randall, who said she “had no idea” whether Davidson’s allegations were true, deleted the entire post (thereby erasing his comment) and blocked him. The next morning, she decided to unblock him. During the intervening 12 hours, Davidson could view or share content on Randall’s page but couldn’t comment on its posts or send it private messages.

Davidson sued, alleging a violation of his free speech rights. As U.S. District Judge James C. Cacheris explained in his decision, Randall essentially conceded in court that she had blocked Davidson “because she was offended by his criticism of her colleagues in the County government.” In other words, she “engaged in viewpoint discrimination,” which is generally prohibited under the First Amendment.

Blocking Twitter users by President Trump has lead to other litigation.

Knight First Amendment Institute at Columbia University v. Trump (1:17-cv-05205)

You can track filings in Knight First Amendment Institute at Columbia University v. Trump courtesy of the Court Listener Project. Please put the Court Listener project on your year end donation list.

US Factual Issues

The complaint outlines the basis for the case, both legal and factual, but does not recite any data on blocking of social media accounts by federal agencies. Would not have to, it’s not really relevant to the issue at hand but it would be useful to know the standard practice among US government agencies.

I can suggest where to start looking for that answer: U.S. Digital Registry, which as of today, lists 10877 social media accounts.

You could ask the agencies in question, FOIA requests for lists of blocked accounts.

Twitter won’t allow you to see the list of blocked users for accounts other than your own. Of course, that rule depends on your level of access. You’ll find similar situations for other social media providers.

Assuming you have blocked users by official or self-help means, comparing blocked users across agencies, by their demographics, etc., would make a nice data-driven journalism project. Yes?

New Maltese Investigative News Website – Security Suggestions

November 10th, 2017

Three Experienced Maltese Journalists Open Investigative News Website by Tim Diacono.

From the post:


“The vile execution of journalist Daphne Caruana Galizia is a wakeup call for civic action, to stop the greed and the rot and to assert the power of the pen over the might of criminals who want us to remain silent as they pile up their profits,” the journalists wrote in their first editorial. “It was nothing short of a declaration of war on our serenity and freedom to stand up to be counted.”

“We have come together to create The Shift months ago thinking that there could not have been a better time for a nonpartisan voice with a clear agenda for good governance, which speaks its truth to power respectfully but firmly, keeping a distance from economic and partisan agendas. We never could have anticipated that our country would descend into this nightmare,” they added.

“We have decided to take the plunge now because we also want to contribute to the civic awakening which followed the brutal elimination of a journalist who spoke her truths to power. We do not seek to step in Daphne Caruana Galizia’s shoes and our style and approach is very different. But we promise to honour the best part of her legacy, that of being a thorn in the side… of whoever is in power.”

To the extent The Shift can be “…a thorn in the side… of whoever is in power,” I’m all for it.

On the other hand, the organizers of The Shift should consider working with an umbrella organization that provides basic security.

The Shift organizers should retain their independence but among the more glaring flaws of their current site:

  1. http:// instead of https://
  2. No PGP key for encrypted email
  3. No secure drop box for leaks
  4. No advice on secure contacts
  5. Contact form requires name and email?
  6. … others I’m sure…

The Global Investigative Journalism Network (GIJN) maintains a great list of Digital Security resources.

Even if someone else in your organization is tasked with digital security, have a nodding acquaintance with the GIJN resources and revisit them on a regular basis.

Don’t be a passive consumer of security services.

Passive consumers of security services are also known as “victims.”

Introduction To ARM Assembly Basics [The Weakest Link?]

November 10th, 2017

Introduction To ARM Assembly Basics

The latest security fails by Intel and Microsoft capture media and blog headlines but ARM devices are more numerous.

ARM devices, like a Windows server in an unlocked closet, may be the weakest link in your next target.

From the webpage:

Welcome to this tutorial series on ARM assembly basics. This is the preparation for the followup tutorial series on ARM exploit development. Before we can dive into creating ARM shellcode and build ROP chains, we need to cover some ARM Assembly basics first.

The following topics will be covered step by step:

ARM Assembly Basics Tutorial Series:
Part 1: Introduction to ARM Assembly
Part 2: Data Types Registers
Part 3: ARM Instruction Set
Part 4: Memory Instructions: Loading and Storing Data
Part 5: Load and Store Multiple
Part 6: Conditional Execution and Branching
Part 7: Stack and Functions

To follow along with the examples, you will need an ARM based lab environment. If you don’t have an ARM device (like Raspberry Pi), you can set up your own lab environment in a Virtual Machine using QEMU and the Raspberry Pi distro by following this tutorial. If you are not familiar with basic debugging with GDB, you can get the basics in this tutorial. In this tutorial, the focus will be on ARM 32-bit, and the examples are compiled on an ARMv6.

Why ARM?

This tutorial is generally for people who want to learn the basics of ARM assembly. Especially for those of you who are interested in exploit writing on the ARM platform. You might have already noticed that ARM processors are everywhere around you. When I look around me, I can count far more devices that feature an ARM processor in my house than Intel processors. This includes phones, routers, and not to forget the IoT devices that seem to explode in sales these days. That said, the ARM processor has become one of the most widespread CPU cores in the world. Which brings us to the fact that like PCs, IoT devices are susceptible to improper input validation abuse such as buffer overflows. Given the widespread usage of ARM based devices and the potential for misuse, attacks on these devices have become much more common.

Yet, we have more experts specialized in x86 security research than we have for ARM, although ARM assembly language is perhaps the easiest assembly language in widespread use. So, why aren’t more people focusing on ARM? Perhaps because there are more learning resources out there covering exploitation on Intel than there are for ARM. Just think about the great tutorials on Intel x86 Exploit writing by Fuzzy Security or the Corelan Team – Guidelines like these help people interested in this specific area to get practical knowledge and the inspiration to learn beyond what is covered in those tutorials. If you are interested in x86 exploit writing, the Corelan and Fuzzysec tutorials are your perfect starting point. In this tutorial series here, we will focus on assembly basics and exploit writing on ARM.

Don’t forget to follow Azeria on Twitter, or her RSS Feed.

Enjoy!

PS: She recently posted an really cool cheatsheet: Assembly Basics Cheatsheet. I’m going to use it to lobby (myself) for a pair of 32″ monitors so I can enlarge it on one screen and have a non-scrolling display. (Suggestions on the monitors?)

Open Ownership Project

November 9th, 2017

Open Ownership Project

From about page:

OpenOwnership is driven by a steering group composed of leading transparency NGOs, including Global Witness, Open Contracting Partnership, Web Foundation, Transparency International, the ONE Campaign, and the B Team, as well as OpenCorporates.

OpenOwnership’s central goal is to build an open Global Beneficial Ownership Register, which will serve as an authoritative source of data about who owns companies, for the benefit of all. This data will be global and linked across jurisdictions, industries, and linkable to other datasets too.

Alongside the register, OpenOwnership is developing a universal and open data standard for beneficial ownership, providing a solid conceptual and practical foundation for collecting and publishing beneficial ownership data.

I first visited the Open Ownership Project site following two (of four) posts on verifying beneficial ownership.

What we really mean when we talk about verification (Part 1 of 4) by Zosia Sztykowski and Chris Taggart.

From the post:

This is the first of a series of blog posts in which we will discuss the critical but tricky issue of verification, particularly with respect to beneficial ownership.

‘Verification’ is frequently said to be a critical step in generating high-quality beneficial ownership information. What’s less clear is what is actually meant by verification, and what are the key factors in the process. In fact, verification is not one step, but three:

  1. Ensuring that the person making a statement about beneficial ownership is who they say they are, and that they have the right to make the claim (authentication and authorization);

  2. Ensuring that the data submitted is a legitimate possible value (validation);

  3. Verifying that the statement made is actually true (which we will call truth verification).

Another critical factor is whether these processes are done on individual filings, typically hand-written pieces of paper, or their PDF equivalents, or whole datasets of beneficial ownership data. While verification processes are possible on individual filings, this series will show that that public, digital, structured beneficial ownership data adds an additional layer of verification not possible with traditional filings.

Understanding precisely how verification takes place in the lifecycle of a beneficial ownership datum is an important step in knowing what beneficial ownership data can tell us about the world. Each of the stages above will be covered in more detail in this series, but let’s linger on the final one for a moment.

What we really mean when we talk about verification: Authentication & authorization (Part 2 of 4)

In the first post in this series on the principles of verification, particularly relating to beneficial ownership, we explained why there is no guarantee that any piece of beneficial ownership data is the absolute truth.

The data collected is still valuable, however, providing it is made available publicly as open data, as it exposes lies and half-truths to public scrutiny, raising red flags that indicate potential criminal or unethical activity.

We discussed a three-step process of verification:

  1. Ensuring that the person making a statement about beneficial ownership is who they say they are (authentication), and that they have the right to make the claim (authorization);

  2. Ensuring that the data submitted is a legitimate possible value (validation);

  3. Verifying that the statement made is actually true (which we will call truth verification).

In this blog post, we will discuss the first of these, focusing on how to tell who is actually making the claims, and whether they are authorized to do so.

When authentication and authorization have been done, you can approach the information with more confidence. Without them, you may have little better than anonymous statements. Critically, with them, you can also increase the risks for those who wish to hide their true identities and the nature of their control of companies.

Parts 3 and 4 are forthcoming (as of 9 November 2017).

A beta version of the Beneficial Ownership Data Standard (BODS) was released last April (2017). A general overview appeared in June, 2017: Introducing the Beneficial Ownership Data Standard.

Identity issues are rife in ownership data so when planning your volunteer activity for 2018, keep the Open Ownership project in mind.

Flight rules for git – How to Distinguish Between Astronauts and Programmers

November 9th, 2017

Flight rules for git by Kate Hudson.

From the post:

What are “flight rules”?

A guide for astronauts (now, programmers using git) about what to do when things go wrong.

Flight Rules are the hard-earned body of knowledge recorded in manuals that list, step-by-step, what to do if X occurs, and why. Essentially, they are extremely detailed, scenario-specific standard operating procedures. […]

NASA has been capturing our missteps, disasters and solutions since the early 1960s, when Mercury-era ground teams first started gathering “lessons learned” into a compendium that now lists thousands of problematic situations, from engine failure to busted hatch handles to computer glitches, and their solutions.

— Chris Hadfield, An Astronaut’s Guide to Life.

Hudson devises an easy test to distinguish between astronauts and programmers:

Astronauts – missteps, disasters and solutions are written down.

Programmers – missteps, disasters and solutions are programmer/sysadmin lore.

With Usenet and Stackover, you can argue improvement by programmers but it’s hardly been systematic. Even so it depends on a “good” query returning few enough “hits” to be useful.

Hudson is capturing “flight rules” for git.

Act like an astronaut and write down your missteps, disasters and solutions.

NASA made it to the moon and beyond by writing things down.

Who knows?

Writing down software missteps, disasters and solutions may help render all systems transparent, willingly or not.

A Primer for Computational Biology

November 9th, 2017

A Primer for Computational Biology by Shawn T. O’Neil.

From the webpage:

A Primer for Computational Biology aims to provide life scientists and students the skills necessary for research in a data-rich world. The text covers accessing and using remote servers via the command-line, writing programs and pipelines for data analysis, and provides useful vocabulary for interdisciplinary work. The book is broken into three parts:

  1. Introduction to Unix/Linux: The command-line is the “natural environment” of scientific computing, and this part covers a wide range of topics, including logging in, working with files and directories, installing programs and writing scripts, and the powerful “pipe” operator for file and data manipulation.
  2. Programming in Python: Python is both a premier language for learning and a common choice in scientific software development. This part covers the basic concepts in programming (data types, if-statements and loops, functions) via examples of DNA-sequence analysis. This part also covers more complex subjects in software development such as objects and classes, modules, and APIs.
  3. Programming in R: The R language specializes in statistical data analysis, and is also quite useful for visualizing large datasets. This third part covers the basics of R as a programming language (data types, if-statements, functions, loops and when to use them) as well as techniques for large-scale, multi-test analyses. Other topics include S3 classes and data visualization with ggplot2.

Pass along to life scientists and students.

This isn’t the primer that separates the CS material from domain specific examples and prose. Adaptation to another domain is a question of re-writing.

I assume an adaptable primer wasn’t the author’s intention and so that isn’t a criticism but an observation that basic material is written over and over again, needlessly.

I first saw this in a tweet by Christophe Lalanne.

Encouraging CS Careers – Six Backdoors in Less Than an Hour!

November 9th, 2017

Farmers Insurance for inspiration CS stories? If you doubt the answer is yes!, you haven’t read: “I HAD SIX BACKDOORS INTO THEIR NETWORK IN LESS THAN AN HOUR” by Jason Kersten.

From the post:

Hired hackers share real-world stories of breaking into computer systems (legally) through phishing scams and other high-tech mischief

It was a moment that would likely make any bank robber’s or computer hacker’s head spin: Joshua Crumbaugh talked his way behind the teller windows of a small bank in Maryland by posing as an IT technician working on the bank’s email system. As he installed malware designed to give him even more illegal access to the bank’s systems, he noticed the door to the vault was open. When no one was looking, he walked in. Piles of cash filled shelves, all within easy reach.

He turned around, held out his phone, and took a selfie. Later, he sent the picture to the bank’s CEO.

Fortunately, no crime had been committed. The CEO had hired Crumbaugh, a penetration tester (also known as a “pen tester”), to test the bank’s security. In his 10 years as a pen tester and CEO of PeopleSec, Crumbaugh has hacked everything from an NBA stadium to an oil rig. For the bank test, he identified the bank’s Internet Service Provider, called the bank pretending to be from the ISP’s customer service department, and set up a service appointment. “They were overly trusting,” says Crumbaugh, noting the bank’s own IT guy had also given him remote access to its systems without checking his credentials.

According to the 2016 State of Cybersecurity in Small & Medium-Sized Businesses report from the Ponemon Institute, a research center for global privacy, data and IT security issues, more than half of the 598 businesses surveyed had experienced a cyber attack in the prior year. A full half of respondents experienced data breaches involving customer and employee information. The companies surveyed spent an average of $900,000 cleaning up the mess, and many spent an additional $1 million to pay for disrupted workflow as a consequence of the security issues.

Teachers in middle or high school need only read the first story and allude to the others to have a diverse group of students clamoring to read the post.

There are boring CS careers where you squint at a lot of math but this article highlights more exciting life styles for those with CS training.

Here’s an inspiration picture to go with your pitch:

More details to go with the image: Inside the Secret Vault: $70 Billion in Gold.

Warn your students about the false claim that cybersecurity benefits everyone.

Correction: Cybersecurity benefits everyone who is happy with the current distribution of rewards and stripes.

People who are not happy with it, not so much.

Tanenbaum on Intel MINIX – Discourtesy is its Own Reward

November 9th, 2017

Andrew S. Tanenbaum has posted An Open Letter to Intel on its incorporation of a modified version of MINIX into its chips.

Tanenbaum points out Intel’s conduct in this case is clearly covered by the Berkeley license of MINIX but he has a valid point that common courtesy dictates a personal note from Intel to Tanenbaum on the widespread deployment of MINIX would have been a nice touch.

In this case, discourtesy carried its own reward because Intel adapted an older version of MINIX to lie at the heart of its chips. A version perhaps not as robust and secure as a later version. A flaw that would have been discovered following a courteous note, which was never sent by Intel.

The mother lode of resources on earlier (and current) versions of MINIX is: http://www.minix3.org/.

How widely deployed is the Intel version of MINIX? Aditya Tiwari says:


After the release of MINIX 3, it is being developed as Microkernel OS. You can find MINIX 3 running inside every Intel-powered desktop, laptop or server launched after 2015. This surely gives it the title of the most used operating system in the world. Although, you don’t use it at all.
… (What Is MINIX? Is The World’s Most Used OS A Threat?)

I haven’t located a “chips shipped with MINIX” number so if you see one, ping me with the source.

Do be courteous, even if not required by license.

Otherwise, you may “pull an Intel” as this mistake will come to be known.

Is That a Turtle in Your Pocket or Are You Just Glad To See Me?

November 9th, 2017

Apologies to Mae West for spoiling her famous line from Sexette:

Is that a gun in your pocket, or are you just glad to see me?

Seems appropriate since Anish Athalye, Logan Engstrom, Andrew Ilyas, and Kevin Kwok have created a 3-D turtle that is mistaken by neural networks as a rifle.

You can find the details in: Synthesizing Robust Adversarial Examples.

Abstract:

Neural network-based classifiers parallel or exceed human-level accuracy on many common tasks and are used in practical systems. Yet, neural networks are susceptible to adversarial examples, carefully perturbed inputs that cause networks to misbehave in arbitrarily chosen ways. When generated with standard methods, these examples do not consistently fool a classifier in the physical world due to viewpoint shifts, camera noise, and other natural transformations. Adversarial examples generated using standard techniques require complete control over direct input to the classifier, which is impossible in many real-world systems.

We introduce the first method for constructing real-world 3D objects that consistently fool a neural network across a wide distribution of angles and viewpoints. We present a general-purpose algorithm for generating adversarial examples that are robust across any chosen distribution of transformations. We demonstrate its application in two dimensions, producing adversarial images that are robust to noise, distortion, and affine transformation. Finally, we apply the algorithm to produce arbitrary physical 3D-printed adversarial objects, demonstrating that our approach works end-to-end in the real world. Our results show that adversarial examples are a practical concern for real-world systems.

All in good fun until you remember neural networks feed classification decisions to humans who make fire/no fire decisions and soon, fire/no fire decisions will be made by autonomous systems. Errors in classification decisions such as turtle vs. rifle will have deadly results.

What are the stakes in your neural net classification system? How easily can it be fooled by adversaries?

Google Doc Lock – Google As Censor

November 9th, 2017

Monica Chin reports in Google is locking people out of documents, and you should be worried, Google’s role as censor has taken an ugly turn.

From the post:


“This morning, we made a code push that incorrectly flagged a small percentage of Google docs as abusive, which caused those documents to be automatically blocked,” the company told Mashable. “A fix is in place and all users should have access to their docs.”

Google added, “We apologize for the disruption and will put processes in place to prevent this from happening again.”

Still, the incident raises important questions about the control Google Docs users have over their own content. The potential to lose access to an important document because it hasn’t yet been polished to remove certain references or sensitive material has concrete implications for the way Google Docs is used.

For many who work in media and communications, Google Docs serves as a drafting tool, allowing writers and editors to collaborate. And, of course, it’s necessary and important for writers to retain ownership of documents that are early versions of their final product — no matter how raw — so as to put a complete draft through the editorial process.

Nobody should be writing hate speech or death threats in their Google docs — or anywhere.

But if Google’s flagging system is so glitchy as to incorrectly target other content, a Google Docs user on a deadline needs to be on their toes. Bale tweeted that she no longer plans to write in Google Docs. Until Google fully resolves this issue, perhaps other journalists should follow her lead.

Chin’s suggestion:

Nobody should be writing hate speech or death threats in their Google docs — or anywhere.

Is clearly not the answer to Google censorship.

What if you are a novelist who is unfortunate enough to be using Google Docs to write about white supremacy in the Trump White House? Unlikely I know (sarcasm) but it isn’t hard to think of fictional content that qualifies as “hate speech” or “death threats.” Nor should novelists be required to mark their writings as “fiction” to escape Google censorship.

A Google Docs lock has No Notice, No Opportunity to Be Heard Prior to Lockout, and No Transparent Process.

Three very good reasons to not use Google Docs at all.

Metasploit for Machine Learning: Deep-Pwning

November 9th, 2017

Metasploit for Machine Learning: Deep-Pwning

From the post:

Deep-pwning is a lightweight framework for experimenting with machine learning models with the goal of evaluating their robustness against a motivated adversary.

Note that deep-pwning in its current state is no where close to maturity or completion. It is meant to be experimented with, expanded upon, and extended by you. Only then can we help it truly become the goto penetration testing toolkit for statistical machine learning models.

Metasploit for Machine Learning: Background

Researchers have found that it is surprisingly trivial to trick a machine learning model (classifier, clusterer, regressor etc.) into making an objectively wrong decisions. This field of research is called Adversarial Machine Learning. It is not hyperbole to claim that any motivated attacker can bypass any machine learning system, given enough information and time. However, this issue is often overlooked when architects and engineers design and build machine learning systems. The consequences are worrying when these systems are put into use in critical scenarios, such as in the medical, transportation, financial, or security-related fields.

Hence, when one is evaluating the efficacy of applications using machine learning, their malleability in an adversarial setting should be measured alongside the system’s precision and recall.

(emphasis in original)

As motivation for a deep dive into machine learning, looming reliance on machine learning to compensate for a shortage of cybersecurity defender talent is hard to beat. (Why Machine Learning will Boost Cyber Security Defenses amid Talent Shortfall)

Reducing cybersecurity to the level of machine learning is nearly as inviting as use of an older, less secure version of MINIX by Intel. If you are going to take advantage of a Berkeley software license, at least get the best stuff. Yes?

Machine learning is of growing importance, but since classifiers can be fooled into identifying a 3-D turtle as a rifle, it hasn’t reached human levels of robustness.

Or to put that differently, when was the last time you identified a turtle as a rifle?

Turtle vs. rifle is a distinction few of us would miss in language, even without additional properties, as in a topic map. But thinking of their properties or characteristics, maybe a fruitful way to understand why they can be confused.

Or even planning for their confusion and communicating that plan to others.

The Great Wall of Journalistic Secrecy – Paradise Papers

November 8th, 2017

At time mark 21:20, you learn the International Consortium of Investigative Journalists (ICIJ) is absolutely committed to being The Great Wall of Journalistic Secrecy between you and the Paradise Papers.

Even secrecy-before-effectiveness agencies of the U.S. government, the CIA, the FBI and the NSA, among others, pay more lip service to the idea of transparency than the ICIJ.

The ICIJ claim its secrecy protects the privacy of some while its members profit from violating the privacy of others, sounds more like the current US president than a credible news organization.

What were the conditions under which the ICIJ was entrusted with this leak? How are the interests of the leaker advanced by the ICIJ’s handling of this leak? Those are are only two questions the public will never have answered if the ICIJ has any say in the matter. Numerous others will occur to you.

Perhaps the ICIJ should have some preliminary period of exclusive access to the leaked materials, say 3 years from the first published report based on the leaked materials. But thirty-six months is more than long enough for the public to wait to confirm for itself the claims and stories published by ICIJ members.

If transparency is important for government, it is even more important for watchdogs of government.

IP Cultists Achieve Hollow Victory (American Chemical Society vs. Sci-Hub)

November 8th, 2017

Latest legal defeat unlikely to scuttle Sci-Hub by Rebecca Trager.

From the post:

A US court has handed a $4.8 million (£3.7 million) legal victory to the American Chemical Society (ACS), ordering Sci-Hub, which provides illegal access to millions of scientific papers, to be shut down for copyright and trademark infringement. But this is unlikely to be the end of the story.

The court granted the ACS a permanent injunction against Sci-Hub and its affiliates, and gave the organisation the right to potentially demand that internet search engines stop delivering Sci-Hub content in their search results. Representatives of Sci-Hub, including founder Alexandra Elbakyan who operates the site out of Russia, did not attend the court proceedings.

The ACS filed its lawsuit in June, right after another US court had awarded publishing giant Elsevier $15 million in damages from Sci-Hub, the Library of Genesis and similar sites.

The filed its lawsuitACS called the latest development ‘a victory for copyright law and the entire publishing enterprise’. The organisation said it was clear from the outset that Sci-Hub has pirated copyrighted and trademarked content on a massive scale, and that the group’s decision to not attend the court proceedings indicates that its position was indefensible.

President Trump’s speech writer must be moon-lighting.

The American Chemical Society files a lawsuit after Elsevier had won, the defendant doesn’t appear in court (it’s called a default judgment), and it recovers a judgment for less than 1/3 of what was awarded to Elsevier.

That’s ‘a victory for copyright law and the entire publishing enterprise’.

Really?

Sounds more like the American Chemical Society wasted money on somebody’s cousin who was a lawyer. A lawyer that with the defendant not showing up, worked really hard and got 2/3 less than Elsevier.

Oh, I do have a correction to offer for Trager’s post:

ACS is a global leader in providing access to chemistry-related information and research through its multiple databases, peer-reviewed journals and scientific conferences.

Should read:

ACS is a global leader in denying access to chemistry-related information and research found in its multiple databases, peer-reviewed journals and scientific conferences.

Why that is consistent with its mission and obligations to the scientific community, well, you need to address those questions to the American Chemical Society.

Responding to Bricking to Promote Upgrading

November 8th, 2017

The chagrin of Harmony Link device (Logitech) owners over the bricking of their devices on March 16, 2018 is understandable. But isn’t the “bricking to promote upgrading” strategy described in Cimpanu‘s: Logitech Will Intentionally Brick All Harmony Link Devices Next Year a dangerous one?

Dangerous because the intentional bricking will highlight:

  1. If Harmony Link devices can be remotely bricked on March 16, 2018, they can be bricked at any time prior to March 16, 2018.
  2. If Harmony Link devices can be remotely bricked, local re-installation of earlier firmware will unbrick them. (Backup your firmware today.
  3. If all smart devices can be remotely bricked, …, you knew that but hadn’t considered it operationally. Makes you wonder about other “smart” devices by Logitech can be bricked.

I can’t second Cimpanu‘s suggestion that you run to the Federal Trade Commission (FTC).

First, it would take years and several presidents for “bricking to promote upgrading” rules to be written and with loopholes that favor industry.

Second, successful enforcement of an FTC rule is akin to where Dilbert says “then their lawyers chewed my clothes off.” A long and tedious process.

Logitech’s proposed action suggests one response to this ill-advised bricking strategy.

What if other “smart” Logitech devices began bricking themselves on March 17, 2018? How would Logitech investors react? Impact management/investor relations?

March 16, 2018, Harmony Link Bricking Day (as it will be known in the future) falls on a Friday. The next business day is Monday, March 19, 2018.

Will present Logitech management survive until March 21, 2018, or be pursuing new opportunities and interests?

eTRAP (electronic Text Reuse Acquisition Project) [Motif Identities]

November 8th, 2017

eTRAP (electronic Text Reuse Acquisition Project)

From the webpage:

As the name suggests, this interdisciplinary team studies the linguistic and literary phenomenon that is text reuse with a particular focus on historical languages. More specifically, we look at how ancient authors copied, alluded to, paraphrased and translated each other as they spread their knowledge in writing. This early career research group seeks to provide a basic understanding of the historical text reuse methodology (it being distinct from plagiarism), and so to study what defines text reuse, why some people reuse information, how text is reused and how this practice has changed over history. We’ll be investigating text reuse on big data or, in other words, datasets that, owing to their size, cannot be manually processed.

While primarily geared towards research, the team also organises events and seminars with the aim of learning more about the activities conducted by our scholarly communities, to broaden our network of collaborations and to simply come together to share our experiences and knowledge. Our Activities page lists our events and we provide project updates via the News section.

Should you have any comments, queries or suggestions, feel free to contact us!

A bit more specifically, Digital Breadcrumbs of Brothers Grimm, which is described in part as:

Described as “a great monument to European literature” (David and David, 1964, p. 180), 2 Jacob and Wilhelm Grimm’s masterpiece Kinder- und Hausmärchen has captured adult and child imagination for over 200 years. International cinema, literature and folklore have borrowed and adapted the brothers’ fairy tales in multifarious ways, inspiring themes and characters in numerous cultures and languages. 3

Despite being responsible for their mainstream circulation, the brothers were not the minds behind all fairy tales. Indeed, Jacob and Wilhelm themselves collected and adapted their stories from earlier written and oral traditions, some of them dating back to as far as the seventh century BC, and made numerous changes to their own collection (ibid., p. 183) producing seven distinct editions between 1812 and 1857.

The same tale often appears in different forms and versions across cultures and time, making it an interesting case-study for textual and cross-lingual comparisons. Is it possible to compare the Grimm brothers’ Snow White and the Seven Dwarves to Pushkin’s Tale of the Dead Princess and the Seven Nights? Can we compare the Grimm brothers’ version of Cinderella to Charles Perrault’s Cinderella? In order to do so it is crucial to find those elements that both tales have in common. Essentially, one must find those measurable primitives that, if present in a high number – and in a similar manner – in both texts, make the stories comparable. We identify these primitives as the motifs of a tale. Prince’s Dictionary of Narratology describes motifs as “..minimal thematic unit[s]”, 4 which can be recorded and have been recorded in the Thompson Motif-index. 5 Hans-Jörg Uther, who expanded Aarne-Thompson classification system (AT number system) in 2004 defined a motif as:

“…a broad definition that enables it to be used as a basis for literary and ethnological research. It is a narrative unit, and as such is subject to a dynamic that determines with which other motifs it can be combined. Thus motifs constitute the basic building blocks of narratives.” (Uther, 2004)

From a topic maps perspective, what do you “see” in a tale that supports your identification of one or more motifs?

Or for that matter, how do you search across multiple identifications of motifs to discover commonalities between identifications by different readers?

It’s all well and good to tally which motifs were identified by particular readers, but clues as to why they differ requires more detail (read subjects).

Unlike the International Consortium of Investigative Journalists (ICIJ), sponsor of the Panama Papers and the Paradise Papers, the eTRAP data is available on Github.

There are only three stories, Snow White, Puss in Boots, and Fisherman and his Wife, in the data repository as of today.

Built-in Keylogger – Penetration Strategy?

November 7th, 2017

Built-in Keylogger Found in MantisTek GK2 Keyboards—Sends Data to China by Swati Khandelwal.

From the post:


The popular 104-key Mantistek GK2 Mechanical Gaming Keyboard that costs around €49.66 has allegedly been caught silently recording everything you type on your keyboard and sending them to a server maintained by the Alibaba Group.

Serious keylogging requires more stealth than Khandelwal reports but the idea is a good one.

When renting computers or a furnished office with computers, who is going to check all the systems for keyloggers?

Or if you sponsor a “contest” where the winner gets a new keyboard?

Or upgrades at a Fortune 100 or one of the top law firms includes new keyboards?

Or computers and keyboards are donated for use in public libraries?

Phishing is easier and cheaper than a built-in keylogger for a keyboard but don’t overlook hardware approaches for particularly tough cases.

Intel MINIX – Universal Vulnerability?

November 7th, 2017

MINIX — The most popular OS in the world, thanks to Intel by Bryan Lunduke

Unless most claims of being “widespread,” the claims about MINIX, a secret OS on Intel chips, appear to be true.

From the post:


MINIX is running on “Ring -3” (that’s “negative 3”) on its own CPU. A CPU that you, the user/owner of the machine, have no access to. The lowest “Ring” you have any real access to is “Ring 0,” which is where the kernel of your OS (the one that you actually chose to use, such as Linux) resides. Most user applications take place in “Ring 3” (without the negative).

The second thing to make my head explode: You have zero access to “Ring -3” / MINIX. But MINIX has total and complete access to the entirety of your computer. All of it. It knows all and sees all, which presents a huge security risk — especially if MINIX, on that super-secret Ring -3 CPU, is running many services and isn’t updated regularly with security patches.

For details, see Replace your exploit-ridden firmware with a Linux kernel, by Ron Minnich, et. al. (Seventy-one (71) slides. File name: Replace UEFI with Linux.pdf. I grabbed a copy just in case this one goes away.)

Intel material on UEFI.

Unified Extensible Firmware Interface Forum, consortium website. For the latest versions of specifications see: http://www.uefi.org/specifications but as of today, see:

ACPI Specification Version 6.2 (Errata A)

ACPI can first be understood as an architecture-independent power management and configuration framework that forms a subsystem within the host OS. This framework establishes a hardware register set to define power states (sleep, hibernate, wake, etc). The hardware register set can accommodate operations on dedicated hardware and general purpose hardware. [page 1.] 1177

UEFI Specification Version 2.7 (Errata A)

T
his Unified Extensible Firmware Interface (hereafter known as UEFI) Specification describes an interface between the operating system (OS) and the platform firmware. UEFI was preceded by the Extensible Firmware Interface Specification 1.10 (EFI). As a result, some code and certain protocol names retain the EFI designation. Unless otherwise noted, EFI designations in this specification may be assumed to be part of UEFI.

The interface is in the form of data tables that contain platform-related information, and boot and runtime service calls that are available to the OS loader and the OS. Together, these provide a standard environment for booting an OS. This specification is designed as a pure interface specification. As such, the specification defines the set of interfaces and structures that platform firmware must implement. Similarly, the specification defines the set of interfaces and structures that the OS may use in booting. How either the firmware developer chooses to implement the required elements or the OS developer chooses to make use of those interfaces and structures is an implementation decision left for the developer.

Using this formal definition, a shrink-wrap OS intended to run on platforms compatible with supported processor specifications will be able to boot on a variety of system designs without further platform or OS customization. The definition will also allow for platform innovation to introduce new features and functionality that enhance platform capability without requiring new code to be written in the OS boot sequence. [page 1.] 2575

UEFI Shell Specification Version 2.2

The UEFI Shell environment provides an API, a command prompt and a rich set of commands that extend and enhance the UEFI Shell’s capability. [page 1] 258

UEFI Platform Initialization Specification Version 1.6

This specification defines the core code and services that are required for an implementation of the Pre-EFI Initialization (PEI) phase of the Platform Initialization (PI) specifications (hereafter referred to as the “PI Architecture”). This PEI core interface specification (CIS) does the following:
[vol. 1, page 1] 1627

UEFI Platform Initialization Distribution Packaging Specification Version 1.1

This specification defines the overall architecture and external interfaces that are required for distribution of UEFI/PI source and binary files. [page 1] 359

TCG EFI Platform Specification

PC Client Work Group EFI Platform Specification, Version 1.22, Revision 15

This document is about the processes that boot an Extensible Firmware Interface (EFI) platform and load an OS on that platform. Specifically, this specification contains the requirements for measuring EFI unique events into TPM PCRs and adding boot event entries into the Event Log. [page 5] 43

TCG EFI Protocol Specification

PC Client Work Group EFI Protocol Specification, Family “2.0”, Level 00, Revision 00.13

The purpose of this document is to define a standard interface to the TPM on an EFI platform. This standard interface is useful on any instantiations of an EFI platform that conforms to the EFI Specification. This EFI Protocol Specification is a pure interface specification that provides no information on “how” to construct the underlying firmware implementation. [page 9] 46

By my count, 5,585 pages from the Unified Extensible Firmware Interface Forum, consortium website alone.

Of course, then you need to integrate it with other documentation, your test results and the results of others, not to mention blogs and other sources.

Breaking this content into useful subjects would be non-trivia, but how much are universal vulnerabilities worth?

Scope and Bracketing Public Officials – Schedules for Heads of Agencies

November 6th, 2017

Detailed Calendars/Schedules for Heads of Agencies by Russ Kirk

From the post:

One of the most important things we can know about high-level officials is their detailed scheduled. Who is the head of the EPA meeting with? Who’s been calling the chair of the Federal Reserve? Where has the Secretary of Education been traveling? What groups has the Attorney General been making speeches to?

Problem is, these crucial documents are almost never readily available. They’re released only due to FOIA requests, and sometimes not even then. I’ve filed requests with dozens of agencies for the daily schedules of their leaders covering the first half of 2017. I’ll be posting all the results here, as well as collecting the few calendars (usually from previous administrations) that are posted in the FOIA sections of some agencies’ websites. Keep checking back.

For an example of the important things that these calendars tell us, check out “E.P.A. Chief’s Calendar: A Stream of Industry Meetings and Trips Home” from the NYTimes.

Agency time servers will waive the “scope and bracketing” language in the title as justification for their secrecy but that’s not why they meet in secret.

Their secrets and alliances are too trivial for anyone to care about, save for the fact they are non-democratic and corrupt. No sane person spends $millions for a public office that has a starting salary less than a New York law firm.

Not without expecting non-salary compensation in the form of influencing federal agencies.

The information that Russ Kirk is gathering here is one clue in a larger puzzle of influence.

Enjoy!

Data Munging with R (MEAP)

November 6th, 2017

Data Munging with R (MEAP) by Dr. Jonathan Carroll.

From the description:

Data Munging with R shows you how to take raw data and transform it for use in computations, tables, graphs, and more. Whether you already have some programming experience or you’re just a spreadsheet whiz looking for a more powerful data manipulation tool, this book will help you get started. You’ll discover the ins and outs of using the data-oriented R programming language and its many task-specific packages. With dozens of practical examples to follow, learn to fill in missing values, make predictions, and visualize data as graphs. By the time you’re done, you’ll be a master munger, with a robust, reproducible workflow and the skills to use data to strengthen your conclusions!

Five (5) out of eleven (11) parts available now under the Manning Early Access Program (MEAP). Chapter one, Introducing Data and the R Language is free.

Even though everyone writes books from front to back (or at least claim to), it would be nice to see a free “advanced” chapter every now and again. There’s not much you can say about an introductory chapter other than it’s an introductory chapter. That’s no different here.

I suspect you will get a better idea about Dr. Carroll’s writing from his blog, Irregularly Scheduled Programming or by following him on Twitter: @carroll_jono.

Scoop Mainstream Media on “… 6 Russian Government Officials Involved In DNC Hack”

November 3rd, 2017

You have read US Identifies 6 Russian Government Officials Involved In DNC Hack or similar coverage on Russian “interference” with the 2016 presidential election.

Here’s your opportunity to scoop mainstream media on the identities of the “…6 Russian Government Officials Involved In DNC Hack.”

Resources to use:

Russian Political Directory 2017

The Russian Political Directory is the definitive guide to people in power throughout Russia. All the top decision-makers are included in this one-volume publication, which details hundreds of government ministries, departments, agencies, corporations and their connected bodies. The Directory is a trusted resource for studies and research in all matters of Russian government, politics and civil society activities. Government organization entries contain the names and titles of officials, postal and e-mail addresses, telephone, fax numbers plus an overview of their main activities.

Truly comprehensive in scope, and listing all federal and regional government ministries, departments, agencies, corporations and their connected bodies, this directory provides a uniquely comprehensive view of government activity.

For playing “…guess a possible defendant…,” $200 is a bit pricey but opening to a random page is a more principled approach than you will see from the Justice Department in its search for defendants.

If timeliness isn’t an issue, consider the Directory of Soviet Officials: Republic Organizations:

From the preface:

The Directory of Soviet Officials identifies individuals who hold positions in selected party, government, and public organizations of the USSR. It may be used to find the incumbents of given positions within an organization or the positions of given individuals. For some organizations, it serves as a guide to the internal structure of the organization.

This directory dates from 1987 but since Justice only needs Russian sounding names and not physical defendants, consider it a backup source for possible defendants.

For the absolute latest information, at least those listed, consider The Russian Government. The official site for the Russian government and about as dull as any website you are likely to encounter. Sorry, but that’s true.

Last but be no means least, check out Johnson’s Russia List, which is an enormous collection of resources on Russia. It has a 2001 listing of online databases for Russian personalities. It also has a wealth of Russian names for your defendant lottery list.

When Justice does randomly name some defendants, ask yourself and Justice:

  1. What witness statements or documents link this person to the alleged hacking?
  2. What witness statements or documents prove a direct order from Putin to a particular defendant?
  3. What witness statements or documents establish the DNC “hack?” (It may well have been a leak.)
  4. Can you independently verify the witness statements or documents?

Any evidence that cannot be disclosed because of national security considerations should be automatically excluded from your reporting. If you can’t verify it, then it’s not a fact. Right?

Justice won’t have any direct evidence on anyone they name or on Putin. It’s strains the imagination to think Russian security is that bad, assuming any hack took place at all.

No direct evidence means Justice is posturing for reasons best know to it. Don’t be a patsy of Justice, press for direct evidence, dates, documents, witnesses.

Or just randomly select six defendants and see if your random selection matches that of Justice.

XPath and XQuery Assertions in SoapUI

November 3rd, 2017

The video, XPath and XQuery assertions in SoapUI in depth, drew my attention to SoapUI, but be forewarned the sound quality was so bad I could not follow it. Still, I can now mention SoapUI and that’s not a bad thing.

The SoapUI documentation has extended examples for Validating XML Messages, Getting started with Assertions, and Transferring Property Values.

SoapUI has the usual hand-waving about security but since critical airport security plans can be found USB litter, I’m not sure anyone bothers. Your Amazon account root password is probably on a sticky note on someone’s monitor. Go check.

Academic Torrents Update

November 3rd, 2017

When I last mentioned Academic Torrents, in early 2014, it had 1.67TB of research data.

I dropped by Academic Torrents this week to find it now has 25.53TB of research data!

Some arbitrary highlights:

Richard Feynman’s Lectures on Physics (The Messenger Lectures)

A collection of sport activity datasets for data analysis and data mining 2017a

[Coursera] Machine Learning (Stanford University) (ml)

UC Berkeley Computer Science Courses (Full Collection)

[Coursera] Mining Massive Datasets (Stanford University) (mmds)

Wikilinks: A Large-scale Cross-Document Coreference Corpus Labeled via Links to Wikipedia (Original Dataset)

Your arbitrary highlights are probably different than mine so visit Academic Torrents to see what data captures your eye.

Enjoy!

MathB.in (Sharing Mathematical Text on the Web) [Leading Feds Into Woods of Logicism]

November 1st, 2017

MathB.in

From About MathB.in:

MathB.in is a website meant for sharing snippets of mathematical text with others on the web. This is a pastebin for mathematics. This website was born out of a one night hack on Sunday 25, 2012.

Posting and sharing

A new post can be composed by visiting the home page and writing or pasting code in the box on the left hand pane of the page. Once a post is composed and submitted, the page is saved and it becomes accessible with a new unique URL. The new page looks similar to this page and it has a unique URL of its own. The URL can be shared with anyone on the web and he or she will be able to visit your post.

Code

The post can be composed in a mixture of plain text, LaTeX, Markdown and HTML. HTML tags commonly used for formatting text elements are supported. For a demonstration on how LaTeX is rendered, see the demo page. To quickly get started with posting math, see the tutorial.

Bug reports and suggestions

If you come across any bugs, or if you have any suggestions, please email Susam Pal at susam@susam.in or report an issue at https://github.com/susam/mathb/issues.

Your mileage will vary but drawing on Principia Mathematica without citation will leave any government agents tracking your posts in the wilds of 20th century logicism. Unlikely they will damage anything.

If your Principia notation skills are weak, consider The Notation in Principia Mathematica to translate proofs into late 20th century logic notation.

Oracle Identity Manager Sets One Black Space Password – Functional “Lazy” Hacking?

November 1st, 2017

Oracle Identity Manager – Default User Accounts

From the webpage:


OIMINTERNAL

This account is set to a ‘run as’ user for Message Driven Beans (MDBs) executing JMS messages. This account is created during installation and is used internally by Oracle Identity Manager.

The password of this account is set to a single space character in Oracle Identity Manager database to prevent user login through Oracle Identity Manager Design console or Oracle Identity Manager System Administration Console.

Do not change the user name or password of this account.

That’s right! Hit the space bar once and you’ve got it!

What’s more, it’s a default account!

Is this “functional hacking?” Being lazy and waiting for Oracle to hack itself?

Poor Phone Support = Fake Website?

November 1st, 2017

Poor phone support is a sign of a fake website!

Lenny Zeltser in Ouch | November 2017 says:

Verify the website has a legitimate mailing address and a phone number for sale and support-related questions. If the site looks suspicious, call and speak to a human. If you can’t get a hold of someone to talk to, that is the first big sign you are dealing with a fake website. (emphasis added)

Even outside holiday shopping (the subject of Zeltser’s post), message only and deep phone trees merit a copy of Zeltzer’s column.

Bottery

October 30th, 2017

Bottery – A conversational agent prototyping platform by katecompton@

From the webpage:

Bottery is a syntax, editor, and simulator for prototyping generative contextual conversations modeled as finite state machines.

Bottery takes inspiration from the Tracery opensource project for generative text (also by katecompton@ in a non-google capacity) and the CheapBotsDoneQuick bot-hosting platform, as well as open FSM-based storytelling tools like Twine.

Like Tracery, Bottery is a syntax that specifies the script of a conversation (a map) with JSON. Like CheapBotsDoneQuick, the BotteryStudio can take that JSON and run a simulation of that conversation in a nice Javascript front-end, with helpful visualizations and editting ability.

The goal of Bottery is to help everyone, from designers to writers to coders, be able to write simple and engaging contextual conversational agents, and to test them out in a realistic interactive simulation, mimicking how they’d work on a “real” platform like API.AI.

Not a bot to take your place on social media but it does illustrate the potential of such a bot.

Drive your social “engagement” score with a bot!

Hmmm, gather up comments and your responses on say Facebook, then compare for similarity to a new comment, then select the closest response. With or without an opportunity to override the automatic response.

Enjoy!

Smart HTML Form Trick

October 30th, 2017

An HTML form trick to add some convenience to life by Bob DuCharme.

From the post:

On the computers that I use the most, the browser home page is an HTML file with links to my favorite pages and a “single” form that lets me search the sites that I search the most. I can enter a search term in the field for any of the sites, press Enter, and then that site gets searched. The two tricks that I use to create these fields have been handy enough that I thought I’d share them in case they’re useful to others.

I quote the word “single” above because it appears to be a single form but is actually multiple little forms in the HTML. Here is an example with four of my entries; enter something into any of the fields and press Enter to see what I mean:

As always, an immediately useful tip from DuCharme!

The multiple search boxes reminded me of the early metasearch engines that combined results from multiple search engines.

Will vary by topic but what resources would you search across day to day?

Russians Influence 2017 World Series #Upsidasium (Fake News)

October 30th, 2017

Unnamed sources close to moose and squirrel, who are familiar with the evidence, say Russians are likely responsible for contamination of 2017 World Series baseballs with Upsidaisium. The existence and properties of Upsidaisium was documented in the early 1960s. This is the first known use of Upsidaisium to interfere with the World Series.

Sports Illustrated has photographic evidence that world series baseballs are “slicker” that a “normal” baseball, one sign of the use of Upsidaisium.

Unfortunately, Upsidaisim decays completely after the impact of being hit, into a substance indistinguishable from cowhide.

Should you obtain more unattributed statements from sources close to:

By Source, Fair use, Link

or,

By Source, Fair use, Link

Please add it in the comments below.

Thanks!

Journalists/Fake News hunters: Part truth, part fiction, just like reports of Russian “influence” (whatever the hell that means) in the 2016 presidential election and fears of Kasperkey Lab software.

Yes, Russia exists; yes, there was a 2016 presidential election; yes, Clinton is likely disliked by Putin, so do millions of others; yes, Wikileaks conducted a clever ad campaign with leaked emails, bolstered by major news outlets; but like Upsidaisim, there is no evidence tying Russians, much less Putin to anything to do with the 2016 election.

A lot of supposes, maybes and could have beens are reported, but no evidence. But US media outlets have kept repeating “Russia influenced the 2016” election until even reasonable people assume it is true.

Don’t do be complicit in that lie. Make #Upsidasium the marker for such fake news.