BC TECH
Saved by @ThomassRichards

We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

 A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.
But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation
Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.
Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
Every nuclear material has its own spectrum. By looking at the spectrum it tells inspectors what materials (and how much) are present at a site.
This is an example of the graph for uranium
Why hasn't someone done this yet?
* It's expensive! We haven't had computers fast enough before.
* The inspectors need to be *sure* that it will work. They want tried and true, not latest and greatest.
* It's a small field with a limited budget.
MPC explainer (it's cool but not magic)

Make a circuit which does some kind of computational task, like whether A < B
Garbled circuits build on these logic circuits.

Let's think about a case with two parties where we want to compare two inputs. That can be done with this circuit.

[accessibility apology: I'm livetweeting this really fast and can't render these diagrams in text]
Then we stick random numbers as labels on each of the inputs
Then encrypt all the inputs -- you can only decrypt the output which gives you the correct output.

[Also go watch this talk -- it's a good explanation but very hard to livetweet]
Up until this point, everything was done by one party. They create this whole garbled circuit thingie.

Then we use this crypto thingie called oblivious transfer. That lets the other party get the keys to do the decryption of the correct output for each gate.
Eventually they get to the end, and sucess! The answer to the garbled circuit, which gives them the correct answer to the circuit.
How to use this in the real world?

Want to use pre-existing software (to give confidence to the inspectors). But not every system can work for this: they can't scale enough, they're too bleeding-edge fancy (hard to use!), etc.
So built a prototype of their own, called CipherCircuit in Python. (Yes, it's slow, but more accessible and easier to use.)
Looked for a test application -- something easier than that whole nuclear signature example!

Instead did electrocardiogram analysis as a proof of concept to give the analysis without revealing the actual heartbeat.
Moved on to analyzing radiation signatures, looking for a particular movement of 233Pa along a road. Could they find this movement without ever looking at the detector's output?
[I definitely cannot render this animated data visualization please see talk.]

Spoiler: yes! They detected the spike!
It's still slow to build the circuit [... and I suspect to run it]

Can we be resilient to malicious adversaries? Maybe commitment scheme?

Believe this is more important than ever with increasing international tensions... and want to push for MPC to go mainstream

[End of talk]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML

For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.


Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!


This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
SCIENCE
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.

Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.

How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering

We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
TECH
Lea Kissner
Lea Kissner
@LeaKissner
Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.


But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework


We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law

But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
TECH , TEACH
Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS

More from Tech

Michael Dearing
Michael Dearing
@mcgd
An irony of facebook's situation.

Sheryl got her MBA at Harvard. One of the most famous cases (Extra Strength Tylenol) in one of the most famous classes (Business History) she took: in 1982, someone put cyanide in Extra Strength Tylenol capsules and killed 7 people in Chicago.

What do you do when someone turns your product into a weapon? When they use the system you built to harm? James Burke, CEO of J&J, was shockingly open with the public, he pulled the product and made significant packaging changes to make product safer (but not tamper-proof).

He over-shared every step along the way re investigation, redesign, stood up as both CEO and human. The reintroduction of new Extra Strength Tylenol succeeded. Burke saved the brand.

But four years later it happened again. A killer put cyanide in the capsules, this time a woman in Yonkers died. Same CEO, Burke, pulled the product again, completely changed the form factor from capsule to caplet and relaunched *again*. It worked *again*. How'd they do that?

Burke (CEO) tapped J&Js goodwill bank account w/ the public. Two big withdrawals from that bank account in four years + 8 dead bodies! But his honesty, openness, humanity (choked up about the deaths more than once), humility kept the goodwill bank balance positive the whole time.
TECH
foone
foone
@Foone
I went looking for a remote-controlled power switch (the wireless christmas kind, not the modern IoT kind) and didn't find it, but I did find this thing I bought just to figure out why it exists.
It's a timer outlet, but you program it from your phone... but it's not wireless.


Yeah instead it plugs into your phone's HEADPHONE PORT


I got it on sale.
probably because iphone dropped the headphone port and they had to get with the 21st century and make it bluetooth


So inside the box is the device. it's got a little 2-prong polarized outlet with no ground.


on top is the only controls: on/off/timer.
TECH
Advertisement
Jared Spool
Jared Spool
@jmspool
A common misunderstanding about Agile and “Big Design Up Front”:

There’s nothing in the Agile Manifesto or Principles that states you should never have any idea what you’re trying to build.

You’re allowed to think about a desired outcome from the beginning.

It’s not Big Design Up Front if you do in-depth research to understand the user’s problem.

It’s not BDUF if you spend detailed time learning who needs this thing and why they need it.

It’s not BDUF if you help every team member know what success looks like.

Agile is about reducing risk.

It’s not Agile if you increase risk by starting your sprints with complete ignorance.

It’s not Agile if you don’t research.

Don’t make the mistake of shutting down critical understanding by labeling it Bg Design Up Front.

It would be a mistake to assume this research should only be done by designers and researchers.

Product management and developers also need to be out with the team, conducting the research.

Shared Understanding is the key objective


Big Design Up Front is a thing to avoid.

Defining all the functionality before coding is BDUF.

Drawing every screen and every pixel is BDUF.

Promising functionality (or delivery dates) to customers before development starts is BDUF.

These things shouldn’t happen in Agile.
TECH
Devdutta
Devdutta
@Devdutta96
Please please please take your cyber security seriously even if you don’t consider yourself a high risk person. Here are a few easy things to start with. 1/n

Switch from WhatsApp to Signal and enable disappearing messages. Most of us cannot stop using WhatsApp entirely but at least turn off back ups to Google Drive or iCloud. 2/n

Do not have private conversations using the messaging service on any social media platform like Facebook, Instagram or Twitter. 3/n

Switch from Gmail to ProtonMail or any other secure email service provider. 4/n


Switch from Google Docs to CryptPad or RiseUp Pad.
CYBER SECURITY , IT PRIVACY , CYBER SECURITY STEPS
John McMaster
John McMaster
@johndmcmaster
#RaspberryPiPico silicon teardown time!


Board as received optical + x-ray images


Inspecting package. X-ray shows bond wires easier after removing thermal slug


Thermal slug removed w/ HCl + H2O2


Decapped to show copper bond wires connecting die to package pins. Initially used only nitric acid which destroyed copper bond wires (last image). Fixed by switching to mixed nitric + sulfuric acid
TECH

You May Also Like

Jaya_Upadhyaya
Jaya_Upadhyaya
@Jayalko1
DEVI KARUMARIAMMAN, THIRUVERKADU (TN)

Devi is worshipped here as both Swayambhu (self-manifested) and as Parashakti (with 4 arms holding skull,sword,trishul,udukkai/damru).

Here, Muruga got Vel from Devi to fight Suran. So the place was called Vel kadu which became Verkadu.


It is said that there was an anthill here long ago. Devi appeared in the dream of a devotee and asked him to build a shrine at that spot. When the anthill was removed, the swayambhu murti of Devi emerged. So Devi is called Karuvil Illadha Karumari ( not in the womb of mother).


Once, Devi went to Surya in the form of an old woman but Surya neglected her. Devi’s anger made Surya lose his brightness.
To appease her, Surya said that His rays would fall on Her directly twice in a year and touch her feet. Also, Sunday is celebrated as day of Devi Karumari.


There is also a wooden image of Devi (Marachilai Amman) here. Devotees offer locks to her in the belief that She would safe guard their houses.
Temple tank (Thiruchamber Poigai) is said to have been created by Subramanya. Taking dip in it is said to cure skin related disorders.
ALL
Vibhu Vashisth
Vibhu Vashisth
@VIBHU_Tweet
ANCIENT BHARAT WAS CALLED VISHWAGURU, AND IT REALLY DESERVED IT.

India had a well developed education system centuries before the westerners arrived and called us uncivilized. Education was always given a great importance in Indian civilisation since times immemorial.


Ancient India had the Gurukulas and Ashramas as the epicentres of the knowledge and enlightenment. Bigger Gurukulas served as the centres of higher education called universities. Besides these universities, temples also emerged as the major learning centres.

Studying the Holy Scriptures, character building, personality development, responsibilities towards self,family and society,discipline and preservation of the ancient culture and heritage were the key embodiments of education.

This kind of education system made ancient India, a centre of knowledge all over the world. Many foreign students came to India for education and India was called the 'Vishwaguru'.
Takshshila and Nalanda were the two prominent universities of ancient India.


But were these only Universities of ancient India?The answer is 'No'.Let's learn about these gems of our education system that flourished across ancient India & be proud.

NALANDA UNIVERSITY
This was the oldest university of ancient India.Situated in Nalanda distt. of Bihar...
ALL
Advertisement
Reshu Nath
Reshu Nath
@ReshuNath
'Tera mera rishta kya, hindu, hindu,hindutva' is a clear take on 'tera mera rishta kya,la ilaha illallah'. As much as Hindutva hates the monotheistic religions especially Islam, there's a strange wistfulness and subliminal need at display now, to BE that they hate. 1


Charlie Hebdo doesn’t come up as a cautionary tale now but rather 'why cant we be like that'?
Growing up, Hanuman was an adorable deity for us, who swallowed the sun, or who couldn’t figure out what was Sanjeevani booti so he picked up a whole mountain and came back with it. 2

Or he was loyal, admirable and when he cleaved his chest, you saw both Ram and Sita. Now we have a lot of “Angry Hanuman” stickers. Why is a cute childlike God angry? We don’t know. It's a convenient blank space where to paint all the angst of Hindu Khatre mein hain narrative. 3


The other strange thing that has started happening is pictures of Ram appearing sans Sita. “Jai Siya Ram” has become “Jai Shri Ram”. Some people disingenuously explain it as being the same thing - because Shri is a name of Lakshmi. Not really. Siya is an apbhransh of Sita. 4


Shri is a prefix of respect in this case. Hinduism is being militarised. A woman/Sita has no place in it. Even the militaristic Goddess that is Durga has no place in this conception of neo-Hindu divinity, as evidenced by Dilip Mandal wondering where Durga came from. 5
RELIGION
Andrew Chen
Andrew Chen
@andrewchen
👇Thread.

Published a new essay: The red flags and magic numbers that investors look for in your startup’s metrics – 80 slide deck included!


This was a deck that I created on my (longish) interview process with @a16z. It was a long path, starting with meeting folks at the firm 10 years ago. But the purpose of the deck was to explain how I would use my superpower in an investing context

Here's what I explain in the deck. As investors (whether angel or VC) we're often confronted with an up-and-to-the-right graph. Is it going to go up? Or down?


One solution to forecast these growth curves is the Growth Accounting Framework, where you add up New+Reactivated and subtract churned users. In each time period that gives you the difference in monthly actives.


The problem with this is that it's a lagging metric, not a leading one. We need to go one level deeper and look at the underlying loops that drive these numbers, to understand the quality.
STARTUPS
Pulp Librarian
Pulp Librarian
@PulpLibrarian
Many readers have asked me "why do so many pulp covers feature women in ripped red blouses standing in swamps while a man fights off an unusual animal attack?"

The answer is artist Will Hulsey...


Will Hulsey was the undisputed king of the animal attack pulp cover. You name it, he'd paint it attacking you in a pool of stagnant water.


Very little is known about Will Hulsey, but he worked on a number of men's pulp magazines in the 1950s and early 1960s including Man's Life, True Men, Guilty, Trapped and Peril.


Their audience was ex-GIs: during WWII the US Council of Books in Wartime had given away over 122 million books to American servicemen to read; this led to a post-war surge in paperback and magazine sales amongst these newly enthusiastic readers.


As a result the 1950s saw a raft of men's pulp magazines being published to tap into this market - almost 200 different titles!
CULTURE