If You Like “Fake News,” You Will Love “Fake Science”

February 22nd, 2018

Prestigious Science Journals Struggle to Reach Even Average Reliability by Björn Brembs.

Abstract:

In which journal a scientist publishes is considered one of the most crucial factors determining their career. The underlying common assumption is that only the best scientists manage to publish in a highly selective tier of the most prestigious journals. However, data from several lines of evidence suggest that the methodological quality of scientific experiments does not increase with increasing rank of the journal. On the contrary, an accumulating body of evidence suggests the inverse: methodological quality and, consequently, reliability of published research works in several fields may be decreasing with increasing journal rank. The data supporting these conclusions circumvent confounding factors such as increased readership and scrutiny for these journals, focusing instead on quantifiable indicators of methodological soundness in the published literature, relying on, in part, semi-automated data extraction from often thousands of publications at a time. With the accumulating evidence over the last decade grew the realization that the very existence of scholarly journals, due to their inherent hierarchy, constitutes one of the major threats to publicly funded science: hiring, promoting and funding scientists who publish unreliable science eventually erodes public trust in science.

Facts, even “scientific facts,” should be questioned, tested and never blindly accepted.

Knowing a report appears in Nature, or Science, or (zine of your choice), helps you find it. Beyond that, you have to read and evaluate the publication to credit it with more than a place of publication.

Reading beyond abstracts or click-bait headlines, checking footnotes or procedures, do those things very often and you will be in danger of becoming a critical reader. Careful!

Self-Inflicted Insecurity in the Cloud – Selling Legal Firm Data

February 21st, 2018

The self-inflicted insecurity phrase being “…behind your own firewall….”

You can see the rest of the Oracle huffing and puffing here.

The odds of breaching law firm security are increased by:

  • Changing to an unfamiliar computing environment (the cloud), or
  • Changing to unfamiliar security software (cloud firewalls).

Either one is sufficient but together, security breaching errors are nearly certain.

Even with an increase in vulnerability, hackers still face the question of how to monetize law firm data?

The economics and markets for stolen credit card and personal data are fairly well known. The Underground Economy of Data Breaches by Wade Williamson, and Once Stolen, What Do Hackers Do With Your Data?.

Dumping law firm data, such as the Panama Papers, generates a lot of PR but doesn’t add anything to your bank account.

Extracting value from law firm data is a variation on e-discovery, a non-trivial process, briefly described in: the Basics of E-Discovery.

However embarrassing law firm data may be, to its former possessors or their clients, market mechanisms akin to those for credit/personal data have yet to develop.

Pointers to the contrary?

The EFF, Privilege, Revolution

February 20th, 2018

The Revolution and Slack by Gennie Gebhart and Cindy Cohn.

From the post:

The revolution will not be televised, but it may be hosted on Slack. Community groups, activists, and workers in the United States are increasingly gravitating toward the popular collaboration tool to communicate and coordinate efforts. But many of the people using Slack for political organizing and activism are not fully aware of the ways Slack falls short in serving their security needs. Slack has yet to support this community in its default settings or in its ongoing design.

We urge Slack to recognize the community organizers and activists using its platform and take more steps to protect them. In the meantime, this post provides context and things to consider when choosing a platform for political organizing, as well as some tips about how to set Slack up to best protect your community.

Great security advice for organizers and activists who choose to use Slack.

But let’s be realistic about “revolution.” The EFF, community organizers and activists who would use Slack, are by definition, not revolutionaries.

How else would you explain the pantheon of legal cases pursued by the EFF? When the EFF lost, did it seek remedies by other means? Did it take illegal action to protect/avenge injured innocents?

Privilege is what enables people to say, “I’m using the law to oppose to X,” while other people are suffering the consequences of X.

Privilege holders != revolutionaries.

FYI any potential revolutionaries: If “on the Internet, no one knows your a dog,” it’s also true “no one knows you are a government agent.”

Evidence for Power Laws – “…I work scientifically!”

February 17th, 2018

Scant Evidence of Power Laws Found in Real-World Networks by Erica Klarreich.

From the post:

A paper posted online last month has reignited a debate about one of the oldest, most startling claims in the modern era of network science: the proposition that most complex networks in the real world — from the World Wide Web to interacting proteins in a cell — are “scale-free.” Roughly speaking, that means that a few of their nodes should have many more connections than others, following a mathematical formula called a power law, so that there’s no one scale that characterizes the network.

Purely random networks do not obey power laws, so when the early proponents of the scale-free paradigm started seeing power laws in real-world networks in the late 1990s, they viewed them as evidence of a universal organizing principle underlying the formation of these diverse networks. The architecture of scale-freeness, researchers argued, could provide insight into fundamental questions such as how likely a virus is to cause an epidemic, or how easily hackers can disable a network.

An informative and highly entertaining read that reminds me of an exchange between in The Never Ending Story between Atreyu and Engywook.

Engywook’s “scientific specie-ality” is the Southern Oracle. From the transcript:

Atreyu: Have you ever been to the Southern Oracle?

Engywook: Eh… what do YOU think? I work scientifically!

In the context of the movie, Engywook’s answer is deeply ambiguous.

Where do you land on the power law question?

Working with The New York Times API in R

February 17th, 2018

Working with The New York Times API in R by Jonathan D. Fitzgerald.

From the post:

Have you ever come across a resource that you didn’t know existed, but once you find it you wonder how you ever got along without it? I had this feeling earlier this week when I came across the New York Times API. That’s right, the paper of record allows you–with a little bit of programming skills–to query their entire archive and work with the data. Well, it’s important to note that we don’t get the full text of articles, but we do get a lot of metadata and URLs for each of the articles, which means it’s not impossible to get the full text. But still, this is pretty cool.

So, let’s get started! You’re going to want to head over to http://developer.nytimes.com to get an API Key. While you’re there, check out the selection of APIs on offer–there are over 10, including Article Search, Archive, Books, Comments, Movie Reviews, Top Stories, and more. I’m still digging into each of these myself, so today we’ll focus on Article Search, and I suspect I’ll revisit the NYT API in this space many times going forward. Also at NYT’s developer site, you can use their API Tool feature to try out some queries without writing code. I found this helpful for wrapping my head around the APIs.

A great “getting your feet wet” introduction to the New York Times API in R.

Caution: The line between the New York Times (NYT) and governments is a blurry one. It has cooperated with governments in the past and will do so in the future. If you are betrayed by the NYT, you have no one but yourself to blame.

The same is true for the content of the NYT, past or present. Chance is not the deciding factor on stories being reported in the NYT. It won’t be possible to discern motives in the vast majority of cases but that doesn’t mean they didn’t exist. Treat the “historical” record as carefully as current accounts based on “reliable sources.”

Distributed Systems Seminar [Accounting For Hostile Environments]

February 17th, 2018

Distributed Systems Seminar by Peter Alvaro.

From the webpage:

Description

This graduate seminar will explore distributed systems research, both current and historical, with a particular focus on storage systems and programming models.

Due to fundamental uncertainty in their executions arising from asynchronous communication and partial failure, distributed systems present unique challenges to programmers and users. Moreover, distributed systems are increasingly ubiquitous: nearly all non-trivial systems are now physically distributed. It is no longer possible to relegate responsibility for managing the complexity of distributed systems to a group of expert library or infrastructure writers: all programmers must now be distributed programmers. This is both a crisis and an opportunity.

A great deal of theoretical work in distributed systems establishes important impossibility results, including the famous FLP result, the CAP Theorem, the two generals problem and the impossibility of establishing common knowledge via protocol. These results tell us what we cannot achieve in a distributed system, or more constructively, they tell us about the properties we must trade off for the properties we require when designing or using large-scale systems. But what can we achieve? The history of applied distributed systems work is largely the history of infrastructures — storage systems as well as programming models — that attempt to manage the fundamental complexity of the domain with a variety of abstractions.

This course focuses on these systems, models and languages. We will cover the following topics:

  • Consistency models
  • Large-scale storage systems and data processing frameworks
  • Commit, consensus and synchronization protocols
  • Data replication and partitioning
  • Fault-tolerant design
  • Programming models
  • Distributed programming languages and program analysis
  • Seminal theoretical results in distributed systems

Readings

This course is a research seminar: we will focus primarily on reading and discussing conference papers. We will read 1-2 papers (typically 2) per session; for each paper, you will provide a brief summary (about 1 page). The summary should answer some or all of the following questions:

  • What problem does the paper solve? Is is important?
  • How does it solve the problem?
  • What alternative approaches are there? Are they adequately discussed in the reading?
  • How does this work relate to other research, whether covered in this course or not?
  • What specific research questions, if any, does the paper raise for you?

What a great list of readings!

An additional question of each paper: Does It Account For Hostile Environments?

As Alvaro says: “…nearly all non-trivial systems are now physically distributed.”

That’s a rather large attack surface to leave for unknown others, by unknown means, to secure to an unknown degree, on your behalf.

If you make that choice, add “cyber-victim” to your business cards.

If you aren’t already, you will be soon enough.

@GalaxyKate, Generators, Steganographic Fields Forever (+ Secure Message Tip)

February 16th, 2018

Before you skip this post as just being about “pretty images,” know that generators span grammars to constraint solvers. Artistry for sure, but exploration can lead to hard core CS rather quickly.

I stumbled upon a @GalaxyKate‘s Generative Art & Procedural Content Starter Kit

Practical Procedural Generation for Everyone: Thirty or so minutes on YouTube, 86,133 views when I checked the link.

So you want to build a generator: In depth blog post with lots of content and links.

Encyclopedia of Generativity: As far as I can tell, a one issue zine by @GalaxyKate but it will take months to explore.

One resource I found while chasing these links was: Procedural Generation.

Oh, and you owe it to yourself to visit GalaxyKate’s homepage:

The small scale of my blog presentation makes that screenshot a pale imitation of what you will find. Great resource!

There’s no shortage of visual content on the Web, one estimate says in 2017, 74% of all internet traffic was video.

Still, if you practice steganographic concealment of information, you should make the work of the hounds as difficult as possible. Generators are an obvious way of working towards that goal.

One secure message tip: Other than for propaganda, which you want discovered and read, omit any greetings, closings, or other rote content, such as blessings, religious quotes, etc.

The famous German Enigma was broken by messages having the same opening text, routine information, closing text (Heil Hitler!), sending the same message in different encodings. Exploring the Enigma

Or in other words, Don’t repeat famous cryptographic mistakes!

Krita (open source painting program)

February 15th, 2018

Krita

Do you know Krita? Not being artistically inclined, I don’t often encounter digital art tools. Judging from the examples though:

I’m missing some great imagery, even if I can’t create the same.

Great graphics can enhance your interfaces, education apps, games, propaganda, etc.

Don’t Delete Evil Data [But Remember the Downside of “Evidence”]

February 14th, 2018

Don’t Delete Evil Data by Lam Thuy Vo.

From the post:

The web needs to be a friendlier place. It needs to be more truthful, less fake. It definitely needs to be less hateful. Most people agree with these notions.

There have been a number of efforts recently to enforce this idea: the Facebook groups and pages operated by Russian actors during the 2016 election have been deleted. None of the Twitter accounts listed in connection to the investigation of the Russian interference with the last presidential election are online anymore. Reddit announced late last fall that it was banning Nazi, white supremacist, and other hate groups.

But even though much harm has been done on these platforms, is the right course of action to erase all these interactions without a trace? So much of what constitutes our information universe is captured online—if foreign actors are manipulating political information we receive and if trolls turn our online existence into hell, there is a case to be made for us to be able to trace back malicious information to its source, rather than simply removing it from public view.

In other words, there is a case to be made to preserve some of this information, to archive it, structure it, and make it accessible to the public. It’s unreasonable to expect social media companies to sidestep consumer privacy protections and to release data attached to online misconduct willy-nilly. But to stop abuse, we need to understand it. We should consider archiving malicious content and related data in responsible ways that allow for researchers, sociologists, and journalists to understand its mechanisms better and, potentially, to demand more accountability from trolls whose actions may forever be deleted without a trace.

By some unspecified mechanism, I would support preservation of all social media. As well as have it publicly available, if it were publicly posted originally. Any restriction or permission to see/use the data will lead to the same abuses we see now.

Twitter, among others, talks about abuse but no one can prove or disprove whatever Twitter cares to say.

There is a downside to preserving social media. You have probably seen the NBC News story on 200,000 tweets that are the smoking gun on Russian interference with the 2016 elections.

Well, except that if you look at the tweets, that’s about as far from a smoking gun on Russian interference as anything you can imagine.

By analogy, that’s why intelligence analysts always say they have evidence and give you their conclusions, but not the evidence. Too much danger you will discover their report is completely fictional.

Or when not wholly fictional, serves their or their agency’s interest.

Keeping evidence is risky business. Just so you are aware.

Wikileaks Has Sprung A Leak

February 14th, 2018

In Leaked Chats, WikiLeaks Discusses Preference for GOP over Clinton, Russia, Trolling, and Feminists They Don’t Like by Micah Lee, Cora Currier.

From the post:

On a Thursday afternoon in November 2015, a light snow was falling outside the windows of the Ecuadorian embassy in London, despite the relatively warm weather, and Julian Assange was inside, sitting at his computer and pondering the upcoming 2016 presidential election in the United States.

In little more than a year, WikiLeaks would be engulfed in a scandal over how it came to publish internal emails that damaged Hillary Clinton’s presidential campaign, and the extent to which it worked with Russian hackers or Donald Trump’s campaign to do so. But in the fall of 2015, Trump was polling at less than 30 percent among Republican voters, neck-and-neck with neurosurgeon Ben Carson, and Assange spoke freely about why WikiLeaks wanted Clinton and the Democrats to lose the election.

“We believe it would be much better for GOP to win,” he typed into a private Twitter direct message group to an assortment of WikiLeaks’ most loyal supporters on Twitter. “Dems+Media+liberals woudl then form a block to reign in their worst qualities,” he wrote. “With Hillary in charge, GOP will be pushing for her worst qualities., dems+media+neoliberals will be mute.” He paused for two minutes before adding, “She’s a bright, well connected, sadistic sociopath.”

Like Wikileaks, the Intercept treats the public like rude children, publishing only what it considers to be newsworthy content:


The archive spans from May 2015 through November 2017 and includes over 11,000 messages, more than 10 percent of them written from the WikiLeaks account. With this article, The Intercept is publishing newsworthy excerpts from the leaked messages.

My criticism of the Intercept’s selective publication of leaks isn’t unique to its criticism of Wikileaks. I have voiced similar concerns about the ICIJ and Wikileaks itself.

I want to believe the Intercept, ICIJ and Wikileaks when they proclaim others have been lying, unfaithful, dishonest, etc.

But that wanting/desire makes it even more important that I critically assess the evidence they advance for their claims.

Selective release of evidence undermines their credibility to be no more than those they accuse.

BTW, if anyone has a journalism 101 guide to writing headlines, send a copy to the Intercept. They need it.

PS: I don’t have an opinion one way or the other on the substance of the Lee/Currier account. I’ve never been threatened with a government missile so can’t say how I would react. Badly I would assume.

Russian Influence! Russian Influence! Get Your Russian Influence Here!

February 14th, 2018

Twitter deleted 200,000 Russian troll tweets. Read them here. by Ben Popken (NBC News)

From the post:

NBC News is publishing its database of more than 200,000 tweets that Twitter has tied to “malicious activity” from Russia-linked accounts during the 2016 U.S. presidential election.

These accounts, working in concert as part of large networks, pushed hundreds of thousands of inflammatory tweets, from fictitious tales of Democrats practicing witchcraft to hardline posts from users masquerading as Black Lives Matter activists. Investigators have traced the accounts to a Kremlin-linked propaganda outfit founded in 2013 known as the Internet Research Association (IRA). The organization has been assessed by the U.S. Intelligence Community to be part of a Russian state-run effort to influence the outcome of the 2016 U.S. presidential race. And they’re not done.

“There should be no doubt that Russia perceives its past efforts as successful and views the 2018 US midterm elections as a potential target for Russian influence operations,” Director of National Intelligence Dan Coats told the Senate Intelligence Committee Tuesday.

Wow!

What’s really amazing is that NBC keeps up the narrative of “Russian influence” while publishing data to the contrary!

No, I confess I haven’t read all 200K tweets but then neither has NBC, if they read any of them at all.

Download tweets.csv. (NBC link) (Don’t worry, I’ve stored a copy elsewhere should that one disappear.)

On Unix, try this: head -100 tweets.csv | awk -F "," '{ print $8 }' > 100-tweets.txt

The eight field of the csv file containing the text in each tweet.

Walk with me through the shadow of Russian influence and see how you feel:

  1. “RT @LibertyBritt: He’s the brilliant guy who shoots himself in the foot to spite his face. And tries to convince us to do it too. https:/…”
  2. “RT @K1erry: The Marco Rubio knockdown of Elizabeth Warren no liberal media outlet will cover https://t.co/Rh391fEXe3”
  3. “Obama on Trump winning: ‘Anything’s possible’ https://t.co/MjVMZ5TR8Y #politics”
  4. “RT @bgg2wl: Walmart
  5. “it’s impossible! #TexasJihad”
  6. “RT @LibsNoFun: Who will wave the flag? #DayWithoutImmigrants https://t.co/Cn6JKqzE6X”
  7. “Bewaffnete attackieren Bus mit koptischen Christen #Islamisten #ISIS
  8. “”
  9. “The bright example of our failing education https://t.co/DgboGgkgVj”
  10. “@sendavidperdue How are they gonna protect us if they just let a bunch of terrorist walk the cities of our city? #StopIslam #IslamKills”

Only ten “Russian influence” tweets and I’m already thinking about vodka. You?

Let’s try another ten:

  1. “FC Barcelonas youth academy! La Masia doin work! Double tap for these little guys! https://t.co/eo1qIvLjgS”
  2. “When I remember it’s #Friyay https://t.co/yjBTsaFaR2”
  3. “RT @Ladydiann2: Remove these Anti Americans from America enough is enough abuse American freedoms how dare you low lives https://t.co/G44E6…”
  4. “RT @BreitbartNews: This week’s “”Sweden incident.”” https://t.co/EINMeA9R2T”
  5. “RT @alisajoy331: Prayer sent Never stop fighting💔 https://t.co/B9Tno5REjm”
  6. “RT @RossMoorhouse: #ItsRiskyTo
  7. “”
  8. “RT @RedState: The KKK Says A&E Producers Tried to Stage Fake Scenes for Cancelled Documentary https://t.co/HwaebG2rdI”
  9. “RT @hldb73: Bryan or Ryan Adams #whenthestarsgoblue #RejectedDebateTopics @WorldOfHashtags @TheRyanAdams @bryanadams https://t.co/wFBdne8K…”
  10. “RT @WorldTruthTV: #mutual #respect https://t.co/auIjJ2RdBU”

Well comrade. Do you feel any different about the motherland? I don’t. Let’s read some more of her tweets!

  1. “tired of kids how to get rid #SearchesGoogleIsAshamedOf”
  2. “RT @crookedwren: “”Praise be to the Lord
  3. “RT @deepscreenshots: https://t.co/1IuHuiAIJB”
  4. “Kareem Abdul Jabber #OneLetterOffSports @midnight #HashtagWars”
  5. “#God can be realized through all paths. All #religions…”
  6. “RT @RawStory: ‘Star Wars’ Han Solo movie to begin production in January https://t.co/bkZq7F7IkD”
  7. “RT @KStreetHipster: Hamner-Brown is already on its way here. It’s been on it’s way for billions of years. #KSHBC https://t.co/TQh86xN3pJ”
  8. “RT @TrumpSuperPAC: Obama’s a Muslim & this video from @FoxNews proves it! Even @CNN admits Obama’s training protesters/jihadists! #MAGA htt…”
  9. “RT @schotziejlk: .@greta Who is your #SuperBowl favorite?”
  10. “RT @LefLaneLivin: @trueblackpower As Black People we need to Support

I’m going to change my middle name to Putin out of respect for our glorious leader!

Is it respectful to get a Putin tatoo on your hiney?

(Recovers from Russian influence)

This is NBC’s damning proof of Russian influence. Like I said at the beginning, Wow!

As in Wow! how dumb.

OK, to be fair, any tweet set will have a lot of trash in it and grepping for Clinton/clinton and Trump/trump returns 20,893 for Clinton and 49,669 for Trump.

I haven’t checked but liberals talking about Clinton/Trump pre-election ran about 2 1/2 times more mentions of Trump than Clinton. (Odd way to run a campaign.)

So, the usual grep/head, etc. and the first ten “Clinton” tweets are:

  1. “Clinton: Trump should’ve apologized more
  2. “RT @thomassfl: Wikileaks E-Mails:  Hillary Clinton Blackmailed Bernie Sanders https://t.co/l9X32FegV6.”
  3. “Clinton’s VP Choice: More Harm Than Good https://t.co/iGnLChFHeP”
  4. “Hillary Clinton vows to fight
  5. “RT @Rammer_Jammer84: I don’t know about Hilary Clinton having a body double but it’s super weird that she came out by herself considering s…”
  6. “RT @Darren32895836: After Hillary Clinton Caught 4attempting 2take advantage of Americans hardships &tears changes Strat #PrayForFlorida ht…”
  7. “RT @steph93065: Hillary Clinton: Donald Trump’s Veterans Press Conference ‘Disgraceful’ – Breitbart https://t.co/CVvBOrTJBX”
  8. “RT @DianeRainie1: Hey @HillaryClinton this message is for you. Pack it up & go home Hillary
  9. “”
  10. “”RejectedDebateTopics””

and the first ten “Trump” tweets are:

  1. “Clinton: Trump should’ve apologized more
  2. “RT @AriaWilsonGOP: 3 Women Face Charges After Being Caught Stealing Dozens Of Trump Signs https://t.co/JjlZxaW3JN https://t.co/qW2Ok9ROxH”
  3. “RT @America_1st_: CW: “”The thing that impressed me was that Trump is always comfortable in own skin
  4. “Dave Chappelle: “”Black Lives Matter”” is the worst slogan I’ve ever heard! How about “”enough is enough””? VotingTrump! https://t.co/5okvmoQhcj”
  5. “Obama on Trump winning: ‘Anything’s possible’ https://t.co/MjVMZ5TR8Y #politics”
  6. “RT @TrumpSuperPAC: Obama’s a Muslim & this video from @FoxNews proves it! Even @CNN admits Obama’s training protesters/jihadists! #MAGA htt…”
  7. “Deceitful Media caught on act when trying to drive the “”Donald Trump is racist”” rhetoric.
  8. “”
  9. “RT @Veteran4Trump: A picture you will never see on @CNN or @MSNBC #BlacksForTrump Thumbs up for Trump 👍#MakeAmericaGreatAgain #Blacks4Trump…”
  10. “RT @steph93065: Hillary Clinton: Donald Trump’s Veterans Press Conference ‘Disgraceful’ – Breitbart https://t.co/CVvBOrTJBX”

That’s a small part of NBC’s smoking gun on Russian influence?

Does it stand to reason that the CIA, NSA, etc., have similar cap-gun evidence?

Several options present themselves:

  • Intelligence operatives and their leaders have been caught lying, again. That is spinning tales any reasonable reading of the evidence doesn’t support.
  • Intelligence operatives are believing one more impossible thing before breakfast and ignoring the evidence.
  • Journalists have chosen to not investigate whether intelligence operatives are lying or believing impossible things and report/defend intelligence conclusions.

Perhaps all three?

In any event, before crediting any “Russian influence” story, do take the time to review at least some of the 200,000 pieces of “evidence” NBC has collected on that topic.

You will be left amazed that you ever believed NBC News on any topic.

Phaser (Game/Training Framework)

February 14th, 2018

Their graphic, certainly not mine!

From the webpage:

Desktop and Mobile HTML5 game framework. A fast, free and fun open source framework for Canvas and WebGL powered browser games.

Details: Phaser

Do you use games for learning?

For example, almost everyone recognizes the moral lepers in Congress, face on with a TV caption.

But how many of us could perform the same feat in a busy airport or in poor light?

Enter game learning/training!

Photos are easy enough to find and with Gimp you can create partially obscured faces.

Of course, points should be deducted for “recognizing” the wrong face or failing to recognize a “correct” face.

Game action after the point of recognition is up to you. Make it enjoyable if not addictive.

Ping me with your political action games, patrick@durusau.net. No prizes but if I see a particularly clever or enjoyable one, I’ll give a shout out to it.

Evolving a Decompiler

February 14th, 2018

Evolving a Decompiler by Matt Noonan.

From the post:

Back in 2016, Eric Schulte, Jason Ruchti, myself, Alexey Loginov, and David Ciarletta (all of the research arm of GrammaTech) spent some time diving into a new approach to decompilation. We made some progress but were eventually all pulled away to other projects, leaving a very interesting work-in-progress prototype behind.

Being a promising but incomplete research prototype, it was quite difficult to find a venue to publish our research. But I am very excited to announce that I will be presenting this work at the NDSS binary analysis research (BAR) workshop next week in San Diego, CA! BAR is a workshop on the state-of-the-art in binary analysis research, including talks about working systems as well as novel prototypes and works-in-progress; I’m really happy that the program committee decided to include discussion of these prototypes, because there are a lot of cool ideas out there that aren’t production-ready, but may flourish once the community gets a chance to start tinkering with them.

How wickedly cool!

Did I mention all the major components are open-source?


GrammaTech recently open-sourced all of the major components of BED, including:

  • SEL, the Software Evolution Library. This is a Common Lisp library for program synthesis and repair, and is quite nice to work with interactively. All of the C-specific mutations used in BED are available as part of SEL; the only missing component is the big code database; just bring your own!
  • clang-mutate, a command-line tool for performing low-level mutations on C and C++ code. All of the actual edits are performed using clang-mutate; it also includes a REPL-like interface for interactively manipulating C and C++ code to quickly produce variants.

The building of the “big code database” sounds like an exercise in subject identity doesn’t it?

Topic maps anyone?

Do You Have An ORCID identifier?

February 13th, 2018

ORCID: The number that every academic needs by Debbie Currie.

From the post:

Do you have your ORCID identifier yet? You might not even know what that is. But if you’re a researcher or academic, or planning to become one, you’re going to need one.

The Open Researcher and Contributor identifier—or ORCID—easily connects a researcher to his or her research output and allows others to access and share that body of work. ORCID streamlines publication submission and enhances discoverability. And, increasingly, granting bodies are requiring the ORCID as part of their application process.

“I tell my students it’s the social security number for a scientist,” says Denis Fourches, an assistant professor in the Department of Chemistry and a resident member of the Bioinformatics Research Center. “Then I show them an example of it that not only facilitates your life, but also the compilation of all the papers you reviewed, the compilation of all the papers you published, the compilation of all the presentations you gave at conferences.”

“‘Want that done automatically?’ I ask. And they say ‘Yeah, I like that.’”

The ORCID is a unique, 16-digit, ISO-compatible number. For instance, NCSU Libraries Chief Strategist for Research Collaboration Christopher Erdmann’s ID is 0000-0003-2554-180X. Once you register for free, you can then add information to your ORCID record (some of which will be automatically populated), and link your record to other identifier systems and profiles you might already have such as Scopus, ResearcherID, DataCite, or LinkedIn.

In lieu of the NSA sharing its global identifier for you, ORCID is your next best option. 😉

One of the advantages over your NSA global identifier is that people besides the NSA and its streams of careless contractors use your ORCID identifier.

Take the plunge, at least for your public persona.

I did, not much there (at present) but I’m now identified by: 0000-0003-3057-4833.

It doesn’t roll off the tongue but identifiers rarely do.

Register and start using your ORCID!

PS: Of course you can create an ORCID for your non-public personas as well. Bear in mind the risk of identity disclosing mistakes as you switch from one to the other.

Responsible Disclosure: You Lost 5 Months of Pwning Corporate/Government Computers

February 13th, 2018

Skype can’t fix a nasty security bug without a massive code rewrite by Zack Whittaker.

From the post:

A security flaw in Skype’s updater process can allow an attacker to gain system-level privileges to a vulnerable computer.

The bug, if exploited, can escalate a local unprivileged user to the full “system” level rights — granting them access to every corner of the operating system.

But Microsoft, which owns the voice- and video-calling service, said it won’t immediately fix the flaw, because the bug would require too much work.

Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user, like UXTheme.dll. The bug works because the malicious DLL is found first when the app searches for the DLL it needs.

Once installed, Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking.

Impact of responsible disclosure?

Microsoft sat on its ass for over five months, five months you could have been pwning corporate and government computers, only to say (paraphrase): “It’s too hard.”

It wasn’t too hard for them to completely break Skype for Ubuntu and possibly other flavors of Linux. But fixing a large bug? No, let us introduce some new ones and then we’ll think about the existing ones.

Most corporations and governments maintain secrets only by lack of effort on the part of the public.

Give that some thought when deciding how to spend your leisure time.

Improving Your Phishing Game

February 12th, 2018

Did you know that KnowBe4 publishes quarterly phishing test analysis? Ranks the top lines that get links in phishing emails followed.

The entire site of KnowBe4 is a reference source if you don’t want to fall for or look like a Nigerian spammer when it comes to phishing emails.

Their definition of phishing:

Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.

Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.

I think:

It’s a form of criminally fraudulent social engineering.

sounds a bit harsh and not nuanced at all.

For example, these aren’t criminally fraudulent cases of phishing:

  • CIA sends phishing emails to foreign diplomats
  • FBI sends phishing emails to anti-war and social reform groups
  • NSA sends phishing emails to government officials (ours, theirs, etc.)

Phishing is an amoral weapon, just like any other weapon.

If you use phishing to uncover child sex traffickers, is that a criminally fraudulent use of phishing? Not to me.

If you hear a different conclusion in a windy discussion of ethics, don’t bother to write. I’ll just treat it as spam.

Don’t let other people make broad ethical pronouncements on your behalf. They have an agenda and it’s not likely to be one in your interest.

Meanwhile, improve your phishing game!

Establishment is Gaslighting Us [Begging Bowl/Reduced Rates Ahead]

February 12th, 2018

How Establishment Propaganda Gaslights Us Into Submission by Caitlin Johnstone.

The dynamics of the establishment Syria narrative are hilarious if you take a step back and think about them. I mean, the Western empire is now openly admitting to having funded actual, literal terrorist groups in that country, and yet they’re still cranking out propaganda pieces about what is happening there and sincerely expecting us to believe them. It’s adorable, really; like a little kid covered in chocolate telling his mom he doesn’t know what happened to all the cake frosting.

Or least it would be adorable if it weren’t directly facilitating the slaughter of hundreds of thousands of people.

I recently had a pleasant and professional exchange with the Atlantic Council’s neoconservative propagandist Eliot Higgins, in which he referred to independent investigative journalist Vanessa Beeley as “bonkers” and myself as “crazy,” and I called him a despicable bloodsucking ghoul. I am not especially fond of Mr. Higgins.

You see this theme repeated again and again and again in Higgins’ work; the U.S.-centralized power establishment which facilitated terrorist factions in Syria is the infallible heroic Good Guy on the scene, and anyone who doesn’t agree is a mentally deranged lunatic.

If you want to see more journalism that you forward to others, post to Facebook, etc., then donate to Consortiumnews.com.

I should be begging for money for myself, blah, blah, blah, but considering the ongoing fail of the complicit mainstream media, donation to Consortiumnews.com will do more good than donating to me.

If you hire me for research, standards editing or semantic/topic maps work, discount rates are available for donors to Consortiumnews.com.

Reducing the Emotional Toll of Debating Bigots, Fascists and Misogynists

February 12th, 2018

Victims of bigots, fascists and misogynists on social media can (and many have) recounted the emotional toll of engaging with them.

How would you like to reduce your emotional toll and consume minutes if not hours of their time?

I thought you might be interested. 😉

Follow the link to DeepPavlov. (Ignore the irony of the name considering the use case I’m outlining.)

From the webpage:

An open source library for building end-to-end dialog systems and training chatbots.

We are in a really early Alfa release. You have to be ready for hard adventures.

An open-source conversational AI library, built on TensorFlow and Keras, and designed for

  • NLP and dialog systems research
  • implementation and evaluation of complex conversational systems

Our goal is to provide researchers with:

  • a framework for implementing and testing their own dialog models with subsequent sharing of that models
  • set of predefined NLP models / dialog system components (ML/DL/Rule-based) and pipeline templates
  • benchmarking environment for conversational models and systematized access to relevant datasets

and AI-application developers with:

  • framework for building conversational software
  • tools for application integration with adjacent infrastructure (messengers, helpdesk software etc.)

… (emphasis in the original)

Only one component for a social media engagement bot to debate bigots, fascists and misogynists but a very important one. A trained AI can take the emotional strain off of victims/users and at least in some cases, inflict that toll on your opponents.

For OpSec reasons, don’t announce the accounts used by such an AI backed system.

PS: AI ethics debaters. This use of an AI isn’t a meaningful interchange of ideas online. My goals are: reduce the emotional toll on victims, waste the time of their attackers. Disclosing you aren’t hurting someone on the other side (the bot) isn’t a requirement in my view.

The Complexity of Neurons are Beyond Our Current Imagination

February 10th, 2018

The Complexity of Neurons are Beyond Our Current Imagination by Carlos E. Perez.

From the post:

One of the biggest misconceptions around is the idea that Deep Learning or Artificial Neural Networks (ANN) mimic biological neurons. At best, ANN mimic a cartoonish version of a 1957 model of a neuron. Neurons in Deep Learning are essentially mathematical functions that perform a similarity function of its inputs against internal weights. The closer a match is made, the more likely an action is performed (i.e. not sending a signal to zero). There are exceptions to this model (see: Autoregressive networks) however it is general enough to include the perceptron, convolution networks and RNNs.

Jeff Hawkins of Numenta has always lamented that a more biologically-inspired approach is needed. So, in his research on building cognitive machinery, he has architected system that more mimic the structure of the neo-cortex. Numenta’s model of a neuron is considerably more elaborate than the Deep Learning model of a neuron:

I rather like the line “ANN mimic a cartoonish version of a 1957 model of a neuron.”

You need not worry about the MIT Intelligence Quest replicating neurons anytime soon.

In part because no one really knows how neurons work or how much more we need to learn to replicate them.

The AI crowd could train a neural network to recognize people and to fire weapons at them. Qualifies as destruction of humanity by an AI but if we are really that stupid, perhaps its time to make space for others.

JanusGraph + YugaByte (Does Cloud-Native Mean I Call Langley For Backup Support?)

February 10th, 2018

JanusGraph + YugaByte

Short tutorial on setting up JanusGraph to work with YugaByte DB.

I know JanusGraph so looked for more on YugaByte DB and found (overview):


Purpose-built for mission-critical applications

Mission-critical applications have a strong need for data correctness and high availability. They are typically composed of microservices with diverse workloads such as key/value, flexible schema, graph or relational. The access patterns vary as well. SaaS services or mobile/web applications keeping customer records, order history or messages need zero-data loss, geo-replication, low-latency reads/writes and a consistent customer experience. Fast data infrastructure use cases (such as IoT, finance, timeseries data) need near real-time & high-volume ingest, low-latency reads, and native integration with analytics frameworks like Apache Spark.

YugaByte DB offers polyglot persistence to power these diverse workloads and access patterns in a unified database, while providing strong correctness guarantees and high availability. You are no longer forced to create infrastructure silos for each workload or choose between different flavors SQL and NoSQL databases. YugaByte breaks down the barrier between SQL and NoSQL by offering both.

Cloud-native agility

Another theme common across these microservices is the move to a cloud-native architecture, be it on the public cloud, on-premises or hybrid environment. The primary driver is to make infrastructure agile. Agile infrastructure is linearly scalable, fault-tolerant, geo-distributed, re-configurabile with zero downtime and portable across clouds. While the container ecosystem led by Docker & Kubernetes has enabled enterprises to realize this vision for the stateless tier, the data tier has remained a big challenge. YugaByte DB is purpose-built to address these challenges, but for the data tier, and serves as the stateful complement to containers.

Only partially joking about “cloud-native” meaning you call Langley (CIA) for backup support.

Anything that isn’t air-gapped in a secure facility has been compromised. Note the use of past tense.

Disclosures about government spying, to say nothing of your competitors and lastly hackers, makes any other assumption untenable.

MIT Intelligence Quest

February 10th, 2018

MIT Intelligence Quest

From the webpage:

The MIT Intelligence Quest will advance the science and engineering of both human and machine intelligence. Launched on February 1, 2018, MIT IQ seeks to discover the foundations of human intelligence and drive the development of technological tools that can positively influence virtually every aspect of society.

The Institute’s culture of collaboration will encourage life scientists, computer scientists, social scientists, and engineers to join forces to investigate the societal implications of their work as they pursue hard problems lying beyond the current horizon of intelligence research. By uniting diverse fields and capitalizing on what they can teach each other, we seek to answer the deepest questions about intelligence.

We are setting out to answer two big questions: How does human intelligence work, in engineering terms? And how can we use that deep grasp of human intelligence to build wiser and more useful machines, to the benefit of society?

Drawing on MIT’s deep strengths and signature values, culture, and history, MIT IQ promises to make important contributions to understanding the nature of intelligence, and to harnessing it to make a better world.

The most refreshing aspect of the MIT Intelligence Quest page is that it ends a contact form.

That’s right, a contact form.

Unlike the ill-fated EU brain project that had pre-chosen approaches and had a roadmap for replicating a human brain. Are they still consuming funds with meetings, hotel rooms, etc.?

You know my mis-givings about creating intelligence in the absence of understanding our own.

On the other hand, mimicking how human intelligence works in bounded situations is a far more tractable problem.

Not too tractable but tractable enough to yield useful results.

XML periodic table

February 10th, 2018

XML periodic table

It’s a visual thing and my small blog format style won’t do it justice. Follow the link.

XML grouped by Business language, QA, Document format, Internet format, Graphic format, Metadata standard, Transformation.

What a cool listing!

Lots of old friends but some potential new ones as well!

Enjoy!

XML Prague 2018 Conference Proceedings – Weekend Reading!

February 9th, 2018

XML Prague 2018 Conference Proceedings

Two Hundred and Sixty (260) pages of high quality content on XML!

From the table of contents:

  • Assisted Structured Authoring using Conditional Random Fields – Bert Willems
  • XML Success Story: Creating and Integrating Collaboration Solutions to Improve the Documentation Process – Steven Higgs
  • xqerl: XQuery 3.1 Implementation in Erlang – Zachary N. Dean
  • XML Tree Models for Efficient Copy Operations – Michael Kay
  • Using Maven with XML development projects – Christophe Marchand and Matthieu Ricaud-Dussarget
  • Varieties of XML Merge: Concurrent versus Sequential – Tejas Pradip Barhate and Nigel Whitaker
  • Including XML Markup in the Automated Collation of Literary Text – Elli Bleeker, Bram Buitendijk, Ronald Haentjens Dekker, and Astrid Kulsdom
  • Multi-Layer Content Modelling to the Rescue – Erik Siegel
  • Combining graph and tree – Hans-Juergen Rennau
  • SML – A simpler and shorter representation of XML – Jean-François Larvoire
  • Can we create a real world rich Internet application using Saxon-JS? – Pieter Masereeuw
  • Implementing XForms using interactive XSLT 3.0 – O’Neil Delpratt and Debbie Lockett
  • Life, the Universe, and CSS Tests – Tony Graham
  • Form, and Content – Steven Pemberton
  • tokenized-to-tree – Gerrit Imsieke

I just got a refurbished laptop for reading in bed. Now I have to load XML parsers, etc. on it to use along with reading these proceedings!

Enjoy!

PS: Be sure to thank Jirka Kosek for his tireless efforts promoting XML and XML Prague!

Alexandra Elbakyan (Sci-Hub) As Freedom Fighter

February 9th, 2018

Recognizing Alexandra Elbakyan:

Alexandra Elbakyan is the freedom fighter behind Sci-Hub, a repository of 64.5 million papers, or “two-thirds of all published research, and it [is] available to anyone.”

Ian Graber-Stiehl, in Science’s Pirate Queen, misses an opportunity to ditch the mis-framing of Elbakyan as a “pirate,” and to properly frame her as a freedom fighter.

To set the background for why you too should see Elbakyan as a freedom fighter, it’s necessary to review, briefly, the notion of “sale” and your intellectual freedom prior to widespread use of electronic texts.

When I started using libraries in the ’60’s, you had to physically visit the library to use its books or journals. The library would purchase those items, what is known as first sale, and then either lend them or allow patrons to read them. No separate charge or income for the publisher upon reading. And once purchased, the item remained in the library for use by others.

With the advent of electronic texts, plus oppressive contracts and manipulation of the law, publishers began charging libraries even more than when libraries purchased and maintained access to material for their patrons. Think of it as a form of recurrent extortion, you can’t have access to materials already purchased, save for paying to maintain that access.

Which of course means that both libraries and individuals have lost their right to pay for an item and to maintain it separate and apart from the publisher. That’s a serious theft and it took place in full public view.

There are pirates in this story, people who stole the right of libraries and individuals to purchase items for their own storage and use. Some of the better known ones include: American Chemical Society, Reed-Elsevier (a/k/a RELX Group),Sage Publishing, Springer, Taylor & Francis, and, Wiley-Blackwell.

Elbakyan is trying to recover access for everyone, access that was stolen.

That doesn’t sound like the act of a pirate. Pirates steal for their own benefit. That sounds like the pirates I listed above.

Now that you know Elbakyan is fighting to recover a right taken from you, does that make you view her fight differently?

BTW, when publishers float the false canard of their professional staff/editors/reviewers, remember their retraction rates are silent witnesses refuting their claims of competence.

Read any recent retraction for the listed publishers. Use RetractionWatch for current or past retractions. “Unread” is the best explanation for how most of them got past “staff/editors/reviewers.”

Do you support freedom fighters or publisher/pirates?

If you want to support publisher/pirates, no further action needed.

If you want to support freedom fighters, including Alexandra Elbakyan, the Sci-Hub site has a donate link, contact Elbakyan if you have extra cutting edge equipment to offer, promote Sci-Hub on social media, etc.

For making the lives of publisher/pirates more difficult, use your imagination.

To follow Elbakyan, see her blog and Facebook page.

Fear Keeps People in Line (And Ignorant of Apple Source Code)

February 9th, 2018

Apple’s top-secret iBoot firmware source code spills onto GitHub for some insane reason by Chris Williams.

From the post:

The confidential source code to Apple’s iBoot firmware in iPhones, iPads and other iOS devices has leaked into a public GitHub repo.

The closed-source code is top-secret, proprietary, copyright Apple, and yet has been quietly doing the rounds between security researchers and device jailbreakers on Reddit for four or so months, if not longer.

We’re not going to link to it. Also, downloading it is not recommended. Just remember what happened when people shared or sold copies of the stolen Microsoft Windows 2000 source code back in the day.

Notice that Williams cites scary language about the prior Windows source code but not a single example of an actual prosecution for downloading or sharing that source code. I have strong suspicions why no examples were cited.*

You?

The other thing to notice is “security researchers” have been sharing it for months, but if the great unwashed public gets to see it, well, that’s a five alarm fire.

Williams has sided with access only for the privileged, although I would be hard pressed to say why?

BTW, if you want to search Github for source code that claims to originate from Apple, use the search term iBoot.

No direct link because in the DCMA cat and mouse game, any link will be quickly broken and I have no way to verify whether a repository is or isn’t Apple source code.

Don’t let fear keep you ignorant.

*My suspicions are that anyone reading Microsoft Windows 2000 source code became a poorer programmer and that was viewed as penalty enough.

OpenStreetMap, R + Revival of Cold War Parades

February 8th, 2018

Cartographic Explorations of the OpenStreetMap Database with R by Timothée Giraud.

From the post:

This post exposes some cartographic explorations of the OpenStreetMap (OSM) database with R.

These explorations begin with the downloading and the cleaning of OSM data. Then I propose a set of map visualizations of the spatial distributions of bars and restaurants in Paris. Of course, these examples could be adapted to other spatial contexts and thematics (e.g. pharmacies in Roma, bike parkings in Dublin…).

This reproducible analysis is hosted on GitHub (code + data + walk-through).

What a timely post! The accidental president of the United States hungers for legitimacy and views a military parade, Cold War style, as a way to achieve that end.

If it weren’t for all those pesky cable news channels, the military could station the reviewing stand in a curve and run the same tanks, same missiles, same troops past the review stand until the president gets bored.

A sensible plan won’t suggest itself to them so expect it to be a more traditional and expensive parade.

Just in case you want to plan other “festivities” at or to intersect with those planned for the president, the data at the OpenStreetMap will prove helpful.

Once the city and parade route becomes known, what questions would you ask of OpenStreetMap data?

Porn, AI and Open Source Ethics

February 8th, 2018

Google Gave the World Powerful AI Tools, and the World Made Porn With Them by Dave Gershgorn.

From the post:

In 2015, Google announced it would release its internal tool for developing artificial intelligence algorithms, TensorFlow, a move that would change the tone of how AI research and development would be conducted around the world. The means to build technology that could have an impact as profound as electricity, to borrow phrasing from Google’s CEO, would be open, accessible, and free to use. The barrier to entry was lowered from a Ph.D to a laptop.

But that also meant TensorFlow’s undeniable power was now out of Google’s control. For a little over two years, academia and Silicon Valley were still the ones making the biggest splashes with the software, but now that equation is changing. The catalyst is deepfakes, an anonymous Reddit user who built around AI software that automatically stitches any image of a face (nearly) seamlessly into a video. And you can probably imagine where this is going: As first reported by Motherboard, the software was being used to put anyone’s face, such as a famous woman or friend on Facebook, on the bodies of porn actresses.

After the first Motherboard story, the user created their own subreddit, which amassed more than 91,000 subscribers. Another Reddit user called deepfakeapp has also released a tool called FakeApp, which allows anyone to download the AI software and use it themselves, given the correct hardware. As of today, Reddit has banned the community, saying it violated the website’s policy on involuntary pornography.

According to FakeApp’s user guide, the software is built on top of TensorFlow. Google employees have pioneered similar work using TensorFlow with slightly different setups and subject matter, training algorithms to generate images from scratch. And there are plenty of potentially fun (if not inane) uses for deepfakes, like putting Nicolas Cage in a bunch of different movies. But let’s be real: 91,000 people were subscribed to deepfakes’ subreddit for the porn.

While much good has come from TensorFlow being open source, like potential cancer detection algorithms, FakeApp represents the dark side of open source. Google (and Microsoft and Amazon and Facebook) have loosed immense technological power on the world with absolutely no recourse. Anyone can download AI software and use it for anything they have the data to create. That means everything from faking political speeches (with help from the cadre of available voice-imitating AI) to generating fake revenge porn. All digital media is a series of ones and zeroes, and artificial intelligence is proving itself proficient at artfully arranging them to generate things that never happened.

You can imagine the rest or read the rest of Gershgon’s (deep voice): “dark side of open source.”

While you do, remember that Gershgon would have made the same claims about:

  1. Telephones
  2. Photography
  3. Cable television
  4. Internet
  5. etc.

The simplest rejoinder is that the world did not create porn with AI. A tiny subset of the world signed up to see porn created by an even smaller subset of the world.

The next simplest rejoinder is the realization that Gershgon wants a system that dictates ethics to users of open source software. Gershgon should empower an agency to enforce ethics on journalists and check back in a couple of years to report on their experience.

I’m willing to be ahead of time it won’t be a happy report.

Bottom line: Leave the ethics of open source software to the people using such software. May not always have a happy outcome but will always be better than the alternatives.

Introducing HacSpec (“specification language for cryptographic primitives”)

February 8th, 2018

Introducing HacSpec by Franziskus Kiefer.

From the post:

HacSpec is a proposal for a new specification language for cryptographic primitives that is succinct, that is easy to read and implement, and that lends itself to formal verification. It aims to formalise the pseudocode used in cryptographic standards by proposing a formal syntax that can be checked for simple errors. HacSpec specifications are further executable to test against test vectors specified in a common syntax.

The main focus of HacSpec is to allow specifications to be compiled to formal languages such as cryptol, coq, F*, and easycrypt and thus make it easier to formally verify implementations. This allows a specification using HacSpec to be the basis not only for implementations but also for formal proofs of functional correctness, cryptographic security, and side-channel resistance.

The idea of having a language like HacSpec stems from discussions at the recent HACS workshop in Zurich. The High-Assurance-Cryptographic-Software workshop (HACS) is an invite-only workshop co-located with the Real World Crypto symposium.

Anyone interested in moving this project forward should subscribe to the mailing list or file issues and pull requests against the Github repository.

Cryptography projects should be monitored like the NSA does NIST cryptography standards. If you see an error or weakness, you’re under no obligation to help. The NSA won’t.

Given security fails from software, users, etc., end-to-end encryption resembles transporting people from one homeless camp to another in an armored car.

Secure in transit but not secure at either end.

Running a Tor Relay (New Guide)

February 8th, 2018

The New Guide to Running a Tor Relay

Have we told you lately how much we love our relay operators? Relays are the backbone of the Tor network, providing strength and bandwidth for our millions of users worldwide. Without the thousands of fast, reliable relays in the network, Tor wouldn’t exist.

Have you considered running a relay, but didn’t know where to start? Perhaps you’re just looking for a way to help Tor, but you’ve always thought that running a relay was too complicated or technical for you and the documentation seemed daunting.

We’re here to tell you that you can become one of the many thousands of relay operators powering the Tor network, if you have some basic command-line experience.

If you can’t help support the Tor network by running a relay, don’t despair! There’s are always ways to volunteer and of course to donate.

Your support helps everyone who uses Tor and sometimes results in really cool graphics, like this one for running a Tor relay:

If you want something a bit closer to the edge, try creating a graphic where spy rays from corporations and governments bounce off of secure autos, computers, homes, phones.

Kali Linux 2018.1 Release

February 7th, 2018

Kali Linux 2018.1 Release

From the post:

Welcome to our first release of 2018, Kali Linux 2018.1. This fine release contains all updated packages and bug fixes since our 2017.3 release last November. This release wasn’t without its challenges–from the Meltdown and Spectre excitement (patches will be in the 4.15 kernel) to a couple of other nasty bugs, we had our work cut out for us but we prevailed in time to deliver this latest and greatest version for your installation pleasure.

Churn, especially in security practices and software, is the best state imaginable for generating vulnerabilities.

New software means new bugs, unfamiliar setup requirements, newbie user mistakes, in addition to the 33% or more of users who accept phishing emails.

2018 looks like a great year for security churn.

How stable is your security? (Don’t answer over a clear channel.)