BC SCIENCE
Saved by @ThomassRichards

Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

 In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML
For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.
Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!
This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
Recent work targets The Cloud
* co-location of VMs from different users
* weak attackers with less subtle control

The cloud providers try to secure things, e.g. protections against Rowhammer
But can you use the weak attacks left after mitigations deployed by cloud compute providers?
DNNs are resilient to numerical perturbations: this is used both to make things more efficient (e.g. pruning) but also in security it's really hard to make accuracy drop

... BUT this focuses on the average or best case, not the worst cast!
What happens when you can mess with the memory at one of these steps?
* negligible effect on the average case accuracy
* but flipping one bit can make significant amount of damage for particular queries

How much damage can a single bit flip cause?
Try it out!
tl;dr in general, one bit flip can really mess with your model! (Looked for the worst bit to flip)
Well, can you use this? There's a lot less control in real life

Some strong attackers might be able to hit an "achilles" bit (one that's really going to mess with the model), but weaker attackers are going to hit bits more randomly.
So they tried it out!
tl;dr running a pretty weak Rowhammer attack is enough to mess with a ML model being trained.
How about side-channel attacks?

The attacker might want to get their hands on fancy DNNs which are considered trade secrets and proprietary to their creators. They're expensive to make! They need good training data! People want to protect them!
Prior work required that the ML-model-trainer uses an off-the-shelf architecture. But people often don't for the fancy models. So what this work does [... if I'm following correctly] is to basically guess from a lot of architecture possibilities and then filter it down
Why is this possible? Because there are regularities in deep-learning calculation.

Does this work? Apparently so: they tried it out using a cache side-channel attack and got back the architectures of the fancy DNN back.
This needs more study
* we need to understand the worst-case ML fails under hardware attack
* don't discount the ability of an attacker with access to a weak hardware attack to cause a disproportionate amount of damage
You can find a writeup of this research at https://t.co/qUx8nAHW52

[end of talk]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.

Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.

How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering

We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
TECH
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.

But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation

Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.

Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
TECH
Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS
Lea Kissner
Lea Kissner
@LeaKissner
Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.


But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework


We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law

But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
TECH , TEACH

More from Science

AKASH BHAT
AKASH BHAT
@AKASHBH95801446
EXPLANATION OF THE EXISTENCE OF DARK MATTER AND DARK ENERGY !

What Is Dark Energy ?

More is unknown than is known. We know how much dark energy there is because we know how it affects the universe's expansion. Other than that, it is a complete mystery.

But it is an important mystery. It turns out that roughly 68% of the universe is dark energy. Dark matter makes up about 27%. The rest - everything on Earth, everything ever observed with all of our instruments, all normal matter - adds up to less than 5% of the universe.

This diagram reveals changes in the rate of expansion since the universe's birth 15 billion years ago. The more shallow the curve, the faster the rate of expansion. The curve changes noticeably about 7.5 billion years ago, when objects in the universe began flying apart as


a faster rate. Astronomers theorize that the faster expansion rate is due to a mysterious, dark force that is pulling galaxies apart.

WHAT OUR SANATAN DHARMA SAYS IN THIS CONTEXT LET’S TAKE A LOOK

The verses of Taittiriya Aranyaka say that only one pada of the Lord

is this manifested universe and the remaining three padas are outside it.

According to the observations and realizations of ancient seers, nearly eighty percent of this universe is yet of unknown nature which remains inactive during the process of creation (rather, evolution).
SCIENCE
Benedikt Kuhnhaeuser
Benedikt Kuhnhaeuser
@BenKuhnhaeuser
The calamoid palms 🌴 have over 500 species spread across the world, but their higher-level relationships were a bit of a mystery. Until now.

Out today in #MolecularPhylogeneticsAndEvolution:

A robust phylogenomic framework for the calamoid palms https://t.co/JiCbSUlheH

1/10


First some background info, so that you know what we are talking about:

Calamoid palms look a bit like snakes 🐍 (don't they!?!), because their fruits are covered in overlapping scales. And with their often fierce spines, they are equally fearsome. 😱

2/10


They are classified into 17 genera, 10 subtribes and 3 tribes. They have an amazing variety of growth forms, from stemless to climbing to tree habit. 🌱🌴

3/10


But as I said, their relationships have been a bit of a mystery. Here's the varying relationships previous studies found over the last 20 years.

4/10


We tackled this mystery with a phylogenomic approach: we sampled almost a thousand genes (a hundred times more than previous studies!) of 75 species representing all calamoid tribes, subtribes and genera.

The resulting data matrix is pretty massive...

5/10
SCIENCE
Advertisement
Katie Mack
Katie Mack
@AstroKatie
Light travels at about 1 foot per nanosecond.

Hold your hand up 12 inches from your face: you’re seeing your hand as it was a nanosecond ago. Everything you look at is, to one degree or another, in the past. The farther away in space, the more ancient in time.

You can’t see the Sun as it is now, but you can see it as it was about 8 minutes ago. You can’t see Alpha Centauri now, but you can see it 4.4 years ago. You can see the Andromeda Galaxy as it was 2.5 million years in the past. And so on.

With powerful telescopes, we can see galaxies whose light has been traveling to us for more than 13 billion years. We see them shining in a universe that’s still young, where gravity has just begun to pull matter together into stars and galaxies.

We can see something even more distant, and more ancient, than the first galaxies. If we peer out far enough, in between the galaxies, we can see parts of the Universe that are so far away, it has taken the light from that distance almost the entire age of the cosmos to reach us.
SCIENCE
Marit Kolby Zin\xf6cker
Marit Kolby Zinöcker...
@zinocker
Did we get dietary saturated fats all wrong? The #HADLmodel provides a new understanding and an opportunity to get it right. THREAD👇👇👇
@simondankel @kariannesve

Increased dietary saturated fatty acids lead to increased cholesterol in lipoproteins, but we don’t know why. Enter the #HADLmodel, which explains changes in lipoprotein cholesterol as adaptive homeostatic adjustments that ensure optimal cell membrane fluidity and cell function.

We propose that circulating lipoproteins enable appropriate redistribution of cholesterol molecules between specific cells and tissues, to accomodate changes in dietary fatty acid supply, due to our omnivore nature and variable intake of fatty acids. #HADLmodel

Our #HADLmodel implies that circulating levels of LDL change for protective, not for pathological reasons; an SFA-induced raise in LDL cholesterol in healthy individuals is a normal response, while a lack of this needed response may reflect a deeper pathology in lipid handling.

Circulating lipoproteins may change for pathological reasons, when regulatory mechanisms become disrupted by pathogenic processes related e.g. to inflammatory processes. Diverging lipoprotein responses in healthy versus metabolically unhealthy individuals support this view.
SCIENCE
Prof Francois Balloux
Prof Francois Balloux
@BallouxFrancois
@mugecevik is an excellent scientist and a responsible professional. She likely read the paper more carefully than most. She grasped some of its strengths and weaknesses that are not apparent from a cursory glance. Below, I will mention a few points some may have missed.
1/


The paper does NOT evaluate the effect of school closures. Instead it conflates all ‘educational settings' into a single category, which includes universities.
2/

The paper primarily evaluates data from March and April 2020. The article is not particularly clear about this limitation, but the information can be found in the hefty supplementary material.
3/


The authors applied four different regression methods (some fancier than others) to the same data. The outcomes of the different regression models are correlated (enough to reach statistical significance), but they vary a lot. (heat map on the right below).
4/


The effect of individual interventions is extremely difficult to disentangle as the authors stress themselves. There is a very large number of interventions considered and the model was run on 49 countries and 26 US States (and not >200 countries).
5/
SCIENCE

You May Also Like

SK
SK
@sk_diary1
#DoYouKnow -The place where
Lalitha Sahasranamam -1000 names of Devi originated.

It is in Lalithambigai temple -Thirumeeyachur,Near Mayiladuthurai,TN

There is a Legend #story & it is related to this beautiful #sculpture of Kshetrapuraneswarar & Ambal Lalithambigai #Thread 👇


#Legend #story
It is believed that this is birth place of Kashyapa Maharishi’s sons, Arunan& Garudan. Arunan(charioteer of Surya)was physically handicapped.He was a Shiva devotee.Arunan wanted to visit Kailash to have Shiva Darshan,but Surya Dev denied permission.

So Arunan disguised as a girl & was on his way to Kailash.On the way Surya Dev saw this girl & outraged her modesty.Shiva was very angry with Suryan for misbehaviour & cursed him to get darkened. Whole world plunged into darkness.Surya Dev pleaded to Bhagwan Shiv to forgive him.

Shiva Bhagwan asked him to go to Thirumiyachur & worship him there. As advised, Surya Dev performed rigorous penance, placed murthi of Shiva& Parvathy on an elephant & took them to the clouds.Shiva in this temple is known as Meganathaswamy,Devi is known as Lalithambigai


Even after severe penance,Shiva does appear,so Surya Dev cries out in agony.Disturbed by his call, Parvathy protests.Siva pacifies her & offers relief to Surya Dev.The sculpture of Shiva pacifying Ambal shows her sullen from one angle &smiling from another.
RELIGION
Panic! in the Discord
Panic! in the Discord
@discord__panic
Neo-nazi group #PatriotFront held a photo op in #Chicago last weekend & is currently marching around #DC so it's as good time as any to compile a list of their identified members for folks to watch for

Who are these chuds?

Patriot Front broke away from white nationalist org Vanguard America following #unitetheright in #charlottesville after James Alex Fields was seen with a VA shield before driving his car into a crowd, murdering Heather Heyer & injuring dozens of others

Syed Robbie Javid a.k.a. Sayed Robbie Javid or Robbie Javid of Alexandria,


Antoine Bernard Renard (a.k.a. “Charlemagne MD” on Discord) from Rockville, MD.

https://t.co/ykEjdZFDi6


Brandon Troy Higgs, 25, from Reisterstown,
EXTREMISM
Advertisement
Naval
Naval
@naval
How to Get Rich (without getting lucky):

Seek wealth, not money or status. Wealth is having assets that earn while you sleep. Money is how we transfer time and wealth. Status is your place in the social hierarchy.

Understand that ethical wealth creation is possible. If you secretly despise wealth, it will elude you.

Ignore people playing status games. They gain status by attacking people playing wealth creation games.

You’re not going to get rich renting out your time. You must own equity - a piece of a business - to gain your financial freedom.
LIFE , STARTUPS , NAVAL1
Kieran Snyder
Kieran Snyder
@KieranSnyder
1 There's a chasm between an NLP technology that works well in the research lab and something that works for applications that real people use. This was eye-opening when I started my career, and every time I talk to an NLP engineer at @textio, it continues to strike me even now.

2 Research conditions are theoretical and/or idealized. A huge problem for so-called NLP or AI startups with highly credentialed academic founders is that they bring limited knowledge of what it takes to build real products outside the lab.

3 A product is ultimately a thing that people pay for - not just cool technology or user experience. But I’m not even talking about knowledge gaps in go-to-market work. I'm talking purely technical gaps: how you go from science project to performant + delightful user experience.

4 Most commoditized NLP packages solve well-understood problems in standard ways that sacrifice either precision or performance. In a research lab, this is not usually a hard trade-off; in general, no one is using what you make, so performance is less important than precision.

5 In software, when you’re making something for real people to use, these tradeoffs are a big deal. Especially if you’re asking those people to pay for what you’ve made (can’t get away from that pesky GTM thinking). They expect quality, which includes precision AND performance.
MACHINE LEARNING
Seth Abramson
Seth Abramson
@SethAbramson
(MAJOR NOTE) The reason Manafort took over Trump's campaign in just 3 weeks despite being hired as a mere delegate counter is that ROGER STONE initiated a whisper campaign against Corey Lewandowski. That campaign started...days after Manafort returned from meeting with WikiLeaks.

2/ Stone and Manafort are longtime business partners; we'd expect Manafort to tell Stone what Assange told him, and for him to expect Stone to then pressure the campaign not only to hire him but quickly elevate him.

And who was Stone in touch with at the campaign? Trump himself.

3/ I bet you Manafort's late March emails are very interesting and that some of them are to/from his longtime business associate Roger Stone. And I bet Roger Stone's late March phone calls are very interesting and that some of them are to/from his longtime friend Donald Trump.

4/ At the end of March 2016, Trump suddenly convenes a NatSec meeting. At that meeting he directs his NatSec team to change the RNC platform in July to benefit Putin. Who later takes credit for that change?

Paul Manafort's business associate, Kremlin agent Konstantin Kilimnick.

5/ Why did Donald Trump suddenly convene a NatSec meeting 3 days after he finally hired Manafort? Why did he issue a pro-Kremlin directive at that meeting that Manafort's camp would later take credit for? What did Manafort tell Trump in the days leading up to that NatSec meeting?
POLITICS