Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

February 24, 2019

LaTeX Cleaner (From Google)

Filed under: Publishing,TeX/LaTeX,Writing — Patrick Durusau @ 5:44 pm

arXiv LaTeX cleaner: safer and easier open source research papers by Jordi Pont-Tuset.

Scans LaTeX files to remove comments. Akin to the scrubbing revision meta-date from Word files.

Pont-Tuset says protecting the privacy of authors will encourage greater sharing of papers. A laudable goal but the monthly submission rate at arXiv exceeds 13,000/month presently. How many authors fail to submit now but will with scrubbed LaTeX files? The paper doesn’t say or offer a measure of submissions that would constitute “success.”

It’s an interesting utility but final papers now rarely document false starts, ideas not followed or other marks of authoring a paper. This utility will make the authoring process even less accessible, albeit by a small amount.

Rather that scrubbing comments from your LaTeX authored papers, insert more comments. What were false leads or ideas that didn’t survive the authoring or review process? Offer insight into your authoring so that others can learn how to write a publishable paper. Remember, you will be reading papers from current students when you are a journal editor. Won’t you prefer to read well-written papers?

Layout Land

Filed under: Graphics,Interface Research/Design — Patrick Durusau @ 5:19 pm

Layout Land (YouTube)

If you need help creating attractive web content with CSS, then Layout Land is one place to start. You can tell by my website and blog, I have yet to watch and implement, any of the advice you find here.

Don’t take my lack of effort as a commentary on the channel, which has approximately 38K subscribers. Content creation is a necessary first step, but then it has to be effectively delivered to users to make a difference.

Make a difference, learn effective layout of web resources.

eXist-db 5.0.0 RC6

Filed under: eXist,XML,XML Database,XPath,XQuery — Patrick Durusau @ 4:35 pm

eXist-db 5.0.0 RC6

RC5 was released on November 21, 2018 so there are a number of new features and bug fixes to grab your interest in RC 6.

Features:

  • New De-duplicating BLOB store for binary documents – see https://blog.adamretter.org.uk/blob-deduplication/
  • More elaborate XPath expressions in the Lucene index config of collection.xconf are now supported
  • New non-blocking lock-free implementation of the Transaction Manager
  • CData serialization now respects the output:cdata-section-elements option
  • New XQuery function util:eval-and-serialize for dynamic XQuery evaluation and serialization.
  • New XQuery function util:binary-doc-content-digest to retrieve a digest of a Binary Document
  • … and others.

Bug fixes:

  • Fixed Lucene term range queries
  • Copying an XML Resource now correctly removes any nodes that it replaces
  • Fixed a memory leak with XQuery serializers
  • Fixed Garbage Collection churn issue with serialization
  • Fixed Backup/Restore progress reporting
  • XQuery Library Modules on the Java Classpath are now correctly resolved from the importing XQuery module
  • … and others.

Although not ready for production, these new features and bug fixes should have you scurrying to download eXist-db 5.0.0 RC6!

PS: Remember there are only 48 days left for paper submissions to Balisage 2019! Are you going to be using the latest RC for eXist?

February 23, 2019

USA Confirms Hacking Only Viable Path To Transparency

Filed under: Government,Hacking,Transparency — Patrick Durusau @ 5:12 pm

After years of delays and democratic regression, USA releases weak open government plan from: E Pluribus Unum

From the post:

If the American public wants to see meaningful progress on transparency, accountability or ethics in U.S. government, it should call on Congress to act, not the Trump White House.
With little fanfare or notice, the United States of America has published a fourth National Action Plan for Open Government for the Open Government Partnership (OGP). The USA was automatically placed under review in January, but not because of two years of regression on transparency, accountability, and brazen corruption. The plan was was simply late, after failing to deliver a new plan for the multi-stakeholder initiative for years.
The new “national action plan” is notable for its lack of ambition, specificity or relevance to backsliding on democracy in the USA under the Trump administration.

Calling on the U.S. Congress for “…meaningful progress on transparency, accountability or ethics in U.S. government…” is a jest too cruel for laughter.

The current U.S. president has labored mightly to reduce government transparency but Congress is responsible for the crazy quilt laws enabling agencies to practice secrecy as their default position. Any sane system of transparency starts with transparency as the default setting, putting the burden of secrecy on those who desire it.

You can waste supporter dollars on yearly tilts at the transparency windmill in Congress, or bi-annual elections of members of Congress who promise (but don’t deliver) transparency, or presidential elections every four years. The resulting government structures will not be meaningfully more transparent at any future point in time.

If you see a viable (as in effective) alternative to hacking as a means of making government transparent, please leave it in a comment below.

February 22, 2019

Interpretable Machine Learning

Filed under: Machine Learning — Patrick Durusau @ 5:10 pm

Interpretatable Machine Learning: A Guide for Making Black Box Models Explainable by Christoph Molnar.

From the introduction:

Machine learning has great potential for improving products, processes and research. But computers usually do not explain their predictions which is a barrier to the adoption of machine learning. This book is about making machine learning models and their decisions interpretable.
After exploring the concepts of interpretability, you will learn about simple, interpretable models such as decision trees, decision rules and linear regression. Later chapters focus on general model-agnostic methods for interpreting black box models like feature importance and accumulated local effects and explaining individual predictions with Shapley values and LIME.
All interpretation methods are explained in depth and discussed critically. How do they work under the hood? What are their strengths and weaknesses? How can their outputs be interpreted? This book will enable you to select and correctly apply the interpretation method that is most suitable for your machine learning project.
The book focuses on machine learning models for tabular data (also called relational or structured data) and less on computer vision and natural language processing tasks. Reading the book is recommended for machine learning practitioners, data scientists, statisticians, and anyone else interested in making machine learning models interpretable.

I can see two immediate uses for this book.

First, as Molnar states in the introduction, you can peirce the veil around machine learning and be able to explain why your model has reached a particular result. Think of it as transparency in machine learning.

Second, after peircing the veil around machine learning you can choose the model or nudge a model, into the direction of a result specified by management. Or having gotten a desired result, you can train a more obscure technique to replicate it. Think of it as opacity in machine learning.

Enjoy!

Safer Porn Viewing

Filed under: Cybersecurity,Porn — Patrick Durusau @ 3:30 pm

Threats to Users of Adult Websites in 2018 by Kaspersky Lab.


2018 was a year that saw campaigns to decrease online pornographic content and traffic. For example, one of the most adult-content friendly platforms – Tumblr – announced it was banning erotic content (even though almost a quarter of its users consume adult content). In addition, the UK received the title of ‘The Second Most Porn-Hungry Country in the World‘ and is now implementing a law on age-verification for pornography lovers that will prohibit anyone below the age of 18 to watch this sort of content. This is potentially opening a world of new tricks for scammers and threat actors to take advantage of users. In addition, even commercial giant Starbucks declared a ‘holy war’ on porn as it was revealed that many visitors prefer to have their coffee while consuming adult content, rather than listening to music or reading the latest headlines on news websites.
Such measures might well be valid, at least from a cybersecurity perspective, as the following example suggests. According to news reports last year, an extremely active adult website user, who turned out to be a government employee, dramatically failed to keep his hobby outside of the workplace. By accessing more than 9,000 web pages with adult content, he compromised his device and subsequently infected the entire network with malware, leaving it vulnerable to spyware attacks. This, and other examples confirm that adult content remains a controversial topic from both a social and cybersecurity standpoint.
It is no secret that digital pornography has long been associated with malware and cyberthreats. While some of these stories are now shown to be myths, others are very legitimate. A year ago, we conducted research on the malware hidden in pornography and found out that such threats are both real and effective. One of the key takeaways of last year’s report was the fact that cybercriminals not only use adult content in multiple ways – from lucrative decoys to make victims install malicious applications on their devices, to topical fraud schemes used to steal victims’ banking credentials and other personal information – but they also make money by stealing access to pornographic websites and reselling it at a cheaper price than the cost of a direct subscription.

The U.S. Government, being itself untrustworthy, doesn’t trust Kaspersky Lab. There’s an odd logic to that position, tinged by a desire for a domestic cybersecurity industry. A domestic industry that would be subject to the orders of the U.S. Government. What it now suspects of Kaspsersky.

You can read Kaspersky’s Three common myths about Kaspersky Lab, or ask yourself, would I cheat while holding 6.25 percent of the world market for Windows anti-malware software? If the answer is no, then trust Kaspersky Lab until you have facts that compel a different choice.

The report details which types porn carry the greatest risk for malware and common techniques used to deliver the same. (You are using a VPN and a Tor browser to view porn. Yes?)

I trust Kaspersky because unlike the U.S. Government, it has no record of running porn sites to entrap viewers. (The FBI likely ran nearly half the child porn sites on the dark web in 2016.) Enjoy the report.

Open Government Guide [“I Am Dorthy, the Small and Meek”]

Filed under: FOIA,MuckRock,Open Government,OpenMeetings — Patrick Durusau @ 12:58 pm

Open Government Guide

The Open Government Guide is a complete compendium of information on every state’s open records and open meetings laws. Each state’s section is arranged according to a standard outline, making it easy to compare laws in various states. If you’re a new user of this guide, be sure to read the Introduction to the Open Government Guide.  The Open Government Guide covers state laws. We also have a separate FOIA Wiki that covers the federal government.

Please note: We have not yet received the following chapters from our guide authors: Alabama, Florida, Massachusetts, Pennsylvania, and Wisconsin. You can find the 2011 guides for those states here.

See something that needs updating?  Please email guides@rcfp.org, so we can fix it!

If you are asking for government records or data, the go-to guide for your efforts.

If the “sky is falling” claims of cybersecurity experts are credited (which I suspect largely are correct), then government information is more accessible than not. It’s all there for a little hacking.

Using open record laws for states or FOIA (Freedom of Information Act) for the federal government, affirms their right to decide what the public may or may not know, delays your obtaining of the information and, and, acts as a filter on what is ultimately disclosed.

An enormous amount of great work has been done using such laws, MuckRock being one of the best examples. But it’s an information lossy proposition.

If you are going to be “…Dorthy, the small and meek” and ask for information, this is your handbook. Otherwise, you may discover information the government would rather its citizens did not know.

PS: When visiting government offices, be alert for open network or USB ports. Observe the color and markings on any removable media in use.

Mapping Manhattan In 3D [Data Science Playing “Favorites”]

Filed under: Mapping,Maps — Patrick Durusau @ 11:28 am

How we made the NY Manhattan Buildings 3D Map?

Partial of Mapli 3D Map of Manhattan

Partially a promotion for Mapli but not an unwelcome one. The starter package begins at $49/month (as of 22 Feb. 2019) so is within the range of most users.

This map used data already available from OpenStreetMap, but you can create your own data set for less well known locations.

The uses of 3D maps of urban locations range from planning the placement of surveillance cameras, sniper or counter-sniper locations, “high ground” positions in the event of civil disturbances, and others.

Data science plays “favorites,” but only for those with data.

Corporations and governments are collecting data. Shouldn’t you?

February 19, 2019

OnionShare 2 adds anonymous dropboxes, … [Potential Leakers/Cleaning Staff Take Note!]

Filed under: Cybersecurity,Tor — Patrick Durusau @ 1:28 pm

OnionShare 2 adds anonymous dropboxes, supports new Tor addresses, and is translated into a dozen new languages by Micah Lee.

From the post:

After nearly a year of work from a growing community of developers, designers, and translators, I’m excited that OnionShare 2 is finally ready. You can download it from onionshare.org.

OnionShare is an open source tool for securely and anonymously sending and receiving files using Tor onion services. It works by starting a web server directly on your computer and making it accessible as an unguessable Tor web address that others can load in Tor Browser to download files from you, or upload files to you. It doesn’t require setting up a separate server, using a third party file-sharing service, or even logging into an account.

Unlike services like email, Google Drive, DropBox, WeTransfer, or nearly any other way people typically send files to each other, when you use OnionShare you don’t give any companies access to the files that you’re sharing. So long as you share the unguessable web address in a secure way (like pasting it in an encrypted messaging app), no one but you and the person you’re sharing with can access your files.

Depending on the cyberfails at your organization (How to Block Tor (The Onion Router)), secure leaking may be as easy as installing OnionShare, adding the files you want to leak and transmitting an Onion address to a member of the media.

Well, some members of the media. Western main stream media is extremely risk adverse and will take no steps to assist leakers. That is leaks have to arrive on their doorsteps with no direct effort on their part. I suspect that applies to obtaining files with OnionShare but you would have to ask a reporter.

On the other hand, cleaning staff can read passwords off sticky notes as easily as users and with OnionShare 2 on a USB stick, could be sharing files during their shift. Deleting OnionShare 2 before leaving of course.

OnionShare 2 is a project to support, follow, use and share as widely as possible.

February 18, 2019

Kali Linux 2019.1 Release (With MetaSpoilt 5.0)

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 2:29 pm

Kali Linux 2019.1 Release

From the post:

Welcome to our first release of 2019, Kali Linux 2019.1, which is available for immediate download. This release brings our kernel up to version 4.19.13, fixes numerous bugs, and includes many updated packages.

The big marquee update of this release is the update of Metasploit to version 5.0, which is their first major release since version 4.0 came out in 2011.

To the extent any mainstream media outlet can be credited, information security in general continues to decline. Even so, it’s better to be at the top of your game with the best tools than not.

Enjoy!

r2con 2019 – A Sensible Call for Papers

Filed under: Conferences,Cybersecurity,Hacking,Radare2 — Patrick Durusau @ 2:20 pm

r2con 2019 – Call for Papers

The call for papers in its entirety:

Want to give a talk in r2con? Please send your submission to r2con@radare.org with the following information in plain-text format:

  • Your nick/name(s)
  • Contact information (e-mail, twitter, telegram)
  • Talk title and description with optional speaker bio
  • Length: (20 or 50 minutes)

Such a contrast from conferences with long and tiresome lists of areas included, implying those not listed are excluded. You know the type so I won’t embarrass anyone by offering examples.

For more details, check out r2con 2018, 22 videos, r2con 2017, 16 videos, or r2con 2016, 25 videos.

If after sixty-three (63) videos you are uncertain if your talk is appropriate for r2con 2019, perhaps it is not. Try elsewhere.

UK Parliament Pouts About Facebook – Alternative History

Filed under: Facebook,Fair Use — Patrick Durusau @ 10:39 am

I followed Facebook labelled ‘digital gangsters’ by report on fake news by David Pegg to find Disinformation and ‘fake news’: Final Report published, which does have a link to Disinformation and ‘fake news’: Final Report, an eleventy-one page pout labeling Facebook “digital gangsters” (pages 43 and 91, if you are interested).

The report recommends Parliament respond to the invention of the movable type printing press:

MPs conclude: “[Printing presses] cannot hide behind the claim of being merely a ‘platform’ and maintain that they have no responsibility themselves in regulating the content [they produce].” (alternative history edits added)

Further, the printing press has enable broadsheets, without indentifying the sources of their content, to put democracy at risk:

“Democracy is at risk from the malicious and relentless targeting of citizens with disinformation and personalised ‘dark adverts’ from unidentifiable sources, delivered through the major [broad sheets and newspapers] we use everyday. Much of this is directed from agencies working in foreign countries, including Russia.

For obscure reasons, the report calls for changing the current practice of foreign players interfering in elections and governments of others, saying:

“The UK is clearly vulnerable to covert digital influence campaigns and the Government should be conducting analysis to understand the extent of the targeting of voters, by foreign players, during past elections.” The Government should consider whether current legislation to protect the electoral process from malign influence is sufficient. Legislation should be explicit on the illegal influencing of the democratic process by foreign players.

The UK, its allies and enemies have been interfering in each others’ elections, governments and internal affairs for centuries. The rush to insulate the UK and its long time partner in interference, the United States, from “illegal interference” is a radical departure from current international norms.

On the whole, the report struts and pouts as only a UK parliament committee, spurned by Mark Zuckerberg, not once, not twice, but three times, can.

There’s no new information in the report but more repetition that can be stacked up and then cited to make questionable claims less so. Oh, that’s one of the alleged tactics of disinformation isn’t it?

Can we say that “disinformation,” “interference,” and “influencing” are in the eye of the beholder?

PS: The only legislation I would support for social media platform is the prohibition of any terms of service that bar any content. Social media platforms should be truly content neutral. If you can digitize it, it should be posted. Filtering is the answer to offensive content. Users have no right to censor what other readers choose to consume.

February 11, 2019

A Quick Guide to Spear Fishing

Filed under: Cybersecurity,Hacking,Phishing for Leaks — Patrick Durusau @ 4:28 pm

How cybercriminals harvest information for spear phishing by Anastasiya Gridasova.

From the post:

In analyzing targeted attacks over the past decade, we continually find a recurring theme: “It all started when the victim opened a phishing e-mail.” Why are spear-phishing e-mails so effective? It’s because they are contextualized and tailored to the specific victim.

Victims’ social networks are often used as a source of information. Naturally, that leads to the question: How? How do cybercriminals find these accounts? To a large extent, it depends on how public the victim is. If someone’s data is published on a corporate website, perhaps with a detailed biography and a link to a LinkedIn profile, it’s quite simple. But if the only thing the cybercriminal has is an e-mail address, the task is far more complicated. And if they just took a picture of you entering the office of the target company, their chances of finding your profile in social networks are even lower.

A quick but useful introduction to gathering social data for spear fishing. The more experience you gain at spear fishing the more sources you will add to those mentioned here.

Just as an observation: Detailed biographies of management terms for large institutional investors (think oil pipelines and the like) are published online and in a number of other sources.

BTW, to avoid being taken in by a phishing email, don’t use links sent in email. Ever. From any source. The act of copying them for use will direct your attention to the link. Or it should.

White/Black Hats – Swiss E-Voting Systems – $$$ (or rather CHF)

Filed under: Bugs,Cybersecurity,Government — Patrick Durusau @ 3:59 pm

Switzerland Launches Bug Bounty Program for E-Voting Systems by Eduard Kovacs

From the post:


Hackers can earn between $30,000 and $50,000 if they find vulnerabilities that can be exploited to manipulate votes without being detected by voters and auditors. Voting manipulation methods that are detectable can earn participants up to $20,000.

Server-side flaws that allow an attacker to find out who voted and what they voted can earn hackers as much as $10,000, while vote corruption issues can be worth up to $5,000. The smallest bounty, $100, will be paid out for server configuration weaknesses. Participants will be allowed to make their findings public.

The source code for the e-voting system is publicly available, but Swiss Post noted that source code vulnerabilities must be reported separately if they cannot be exploited against the test system.

If you are a registered White Hat hacker, submit your findings for awards as described.

If you are a Black Hat hacker, sell your hack to one of the participating White Hat hackers. 😉

Something for everyone.

February 7, 2019

SHARIAsource [Islamic Law – Don’t Make Your Readers Dumber]

Filed under: Islam,Journalism,News,Religion,Reporting — Patrick Durusau @ 8:44 pm

SHARIAsource

From the about page:

SHARIAsource is a team of advisors, scholars, and editors dedicated to providing content and context on Islamic law in a collective mission to organize the world’s information on Islamic law in a way that is accessible and useful. Find out more about our advisory boardeditorial boardregional editors, and senior scholars

What We Do

Harvard Law School’s Islamic Legal Studies Program: SHARIAsource (“ILSP: SHARIAsource” or “The Program”) is dedicated to providing content and context on Islamic law in a way that is accessible and useful. Working with a global team of editors, we provide a platform to house primary sources of Islamic law, organize the people to critically analyze them, and promote research to inform academic and public discourse about Islamic law. Our research portal, SHARIAsource (beta.shariasource.com) (“The Portal”) is our flagship project, and offers a home for wide-ranging sources and analysis of Islamic law. Other projects and special events serve legal scholars and lawyers, students, and generally interested readers; and we disseminate information, deliver cutting-edge analysis, and facilitate scholarly conversation and debate on Islamic law through our blog (shariasource.blog), newsletter (shariasource.blog/ archives/), social media outlets, listservs, and special events. The SHARIAsource Portal collects sources and scholarly commentary on Islamic law from the earliest periods of Islam to the modern era, covering both Muslim-majority and Muslim-minority contexts. SHARIAsource adheres to common principles of academic engagement, including attention to diverse perspectives, peer-reviewed analysis, and the free and open exchange of ideas. 

What We Cover

SHARIAsource includes sources and scholarly commentary on Islamic law from the earliest periods of Islam to the modern era, covering both Muslim-majority and Muslim-minority contexts.

Reporters looking to evaluate discussions or claims about Islamic law can hardly do better than SHARIAsource It offers an amazing range of primary and secondary resources, as well as authorities on Islamic law.

February 1, 2019

Google vs. IBM (Claw of Mordor) Licensing

Filed under: Intellectual Property (IP) — Patrick Durusau @ 10:54 am

Contrasting the licensing strategies between Google and IBM:

Google: Natural Questions Data: Licensed under: Creative Commons Share-Alike 3.0.

Terms (not the entire license):

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.

No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

Compare:

IBM: Diversity in Faces: Terms include:


Licensee grants to IBM a non-exclusive, irrevocable, unrestricted, worldwide and paid-up right, license and sublicense to: a) include in any product or service any idea, know-how, feedback, concept, technique, invention, discovery or improvement, whether or not patentable, that Licensee provides to IBM, b) use, manufacture and market any such product or service, and c) allow others to do any of the foregoing. (emphasis added)

I don’t doubt that Google has issues and behaviors we all would like to see changed, but the claw of Mordor licensing terms from IBM take your breath away.

If the question is: IBM?

The answer is: NO!

Powered by WordPress