BC SCIENCE
Saved by @ThomassRichards

Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

 In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML
For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.
Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!
This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
Recent work targets The Cloud
* co-location of VMs from different users
* weak attackers with less subtle control

The cloud providers try to secure things, e.g. protections against Rowhammer
But can you use the weak attacks left after mitigations deployed by cloud compute providers?
DNNs are resilient to numerical perturbations: this is used both to make things more efficient (e.g. pruning) but also in security it's really hard to make accuracy drop

... BUT this focuses on the average or best case, not the worst cast!
What happens when you can mess with the memory at one of these steps?
* negligible effect on the average case accuracy
* but flipping one bit can make significant amount of damage for particular queries

How much damage can a single bit flip cause?
Try it out!
tl;dr in general, one bit flip can really mess with your model! (Looked for the worst bit to flip)
Well, can you use this? There's a lot less control in real life

Some strong attackers might be able to hit an "achilles" bit (one that's really going to mess with the model), but weaker attackers are going to hit bits more randomly.
So they tried it out!
tl;dr running a pretty weak Rowhammer attack is enough to mess with a ML model being trained.
How about side-channel attacks?

The attacker might want to get their hands on fancy DNNs which are considered trade secrets and proprietary to their creators. They're expensive to make! They need good training data! People want to protect them!
Prior work required that the ML-model-trainer uses an off-the-shelf architecture. But people often don't for the fancy models. So what this work does [... if I'm following correctly] is to basically guess from a lot of architecture possibilities and then filter it down
Why is this possible? Because there are regularities in deep-learning calculation.

Does this work? Apparently so: they tried it out using a cache side-channel attack and got back the architectures of the fancy DNN back.
This needs more study
* we need to understand the worst-case ML fails under hardware attack
* don't discount the ability of an attacker with access to a weak hardware attack to cause a disproportionate amount of damage
You can find a writeup of this research at https://t.co/qUx8nAHW52

[end of talk]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS
Lea Kissner
Lea Kissner
@LeaKissner
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.

But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation

Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.

Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
TECH
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.


But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework


We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law

But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
TECH , TEACH
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD
Lea Kissner
Lea Kissner
@LeaKissner
Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.

Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.

How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering

We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
TECH

More from Science

Nick Hudson \U0001f642
Nick Hudson 🙂
@NickHudsonCT
Here is another very enjoyable conversation, with @Pandata19’s scientific advisory board member, Dr Jay Bhattacharya. Key ideas in this thread.

We are making world-changing decisions on the basis of evidence that is not very good. Vast scientific evidence tells us that infection fatality rates are much lower than originally expected. A small fraction of people get severe illness. 2/10

The scientific community has been resistant to evidence not supporting the majoritarian view, preferring instead to gin up panic, focusing on the worst case for everything the virus does & the best case for everything lockdowns do, and ignoring the range of uncertainty. 3/10

Academe is a strange place now, with debate stifled. But there's a sense some are opening up to considering opposing views. This is key, since suppression of views stops knowledge from progressing—the end of science. Public health norms of unified messaging complicate this. 4/10

Why did we, from the start, assume we knew nothing about this virus, instead of assuming a reasonable prior? Low susceptibility was evident early on. Assuming any virus is new is hard to square with our deep-time co-evolution with viruses, & their slow evolution. 5/10
SCIENCE
\u0b9a\u0bcb\u0bae\u0bbe Soma
சோமா Soma...
@Soma70317358
Why English as the Universal Language of Science Is a Problem for Research

Where do most of the researchers and inventors around the world appear today? What is their mother tongue?
1/8

The obstacle to many researches in our country is that many of the documents and research articles that they need to do research are available in English only 80-90%.

Can't anyone read and understand research articles so easily? Why is that?
2/8

Today most scientific papers are published in English. What is lost when other languages ​​leave?

Plagiarism in research articles Should not be. What is Plagiarism?
3/8

Plagiarism is the representation of another author's language, thoughts, ideas, or expressions as one's own original work.

In educational contexts, there are differing definitions of plagiarism depending on the institution.
4/8

plagiarism is the representation of another author's language, thoughts, ideas, or expressions as one's own original work.

In educational contexts, there are differing definitions of plagiarism depending on the institution.
5/8
SCIENCE
Advertisement
Max Fagin
Max Fagin
@MaxFagin
November is here, and that means a massive shift is coming. And by "massive" I am of course referring to the redefinition of the kilogram unit of mass that the world has been building up to for more than 100 years. Let me explain:


1/ I've had an unhealthy fascination with metrology (the study of measurement) ever since my 2nd year as a physics major when I took a class devoted to duplicating historic physics experiments, so please indulge me for going into heavy detail (get it?) about the kilogram.

2/ So what actually *defines* a unit of measurement? If you're American, you probably know a mile is 5280 feet and a foot is 12 inches and an inch is 2.54 centimeters etc. But where does this chain of definitions end? Is it turtles all the way down?

3/ It's actually not! For all units (even the imperial units used in America) the answers all end with the Système International (SI) unit definitions established and maintained for over 100 years by the Bureau International des Poids et Mesures (BIMP) in France.

4/ At the base of this tower are the SI base units. Just 7 SI base units define every other unit in existence. They are:

Kilogram, kg (mass)
Meter, m (distance)
Second, s (time)
Kelvin, K (temp)
Ampere, A (electric current)
Candela, cd (luminous intensity)
Mole, mol (quantity)
SCIENCE
Eric Feigl-Ding
Eric Feigl-Ding
@DrEricDing
JUST ONE PERSON—UK 🇬🇧 scientists think one immunocompromised person who cleared virus slowly & only partially wiped out an infection, leaving behind genetically-hardier viruses that rebound & learn how to survive better. That’s likely how #B117 started. 🧵 https://t.co/bMMjM8Hiuz


2) The leading hypothesis is that the new variant evolved within just one person, chronically infected with the virus for so long it was able to evolve into a new, more infectious form.

same thing happened in Boston in another immunocompromised person that was sick for 155 days.

3) What happened in Boston with one 45 year old man who was highly infectious for 155 days straight before he died... is exactly what scientists think happened in Kent, England that gave rise to #B117.


4) Doctors were shocked to find virus has evolved many different forms inside of this one immunocompromised man. 20 new mutations in one virus, akin to the #B117. This is possibly how #B1351 in South Africa 🇿🇦 and #P1 in Brazil 🇧🇷 also evolved.


5) “On its own, the appearance of a new variant in genomic databases doesn’t tell us much. “That’s just one genome amongst thousands every week. It wouldn’t necessarily stick out,” says Oliver Pybus, a professor of evolution and infectious disease at Oxford.
SCIENCE
Rebecca \U0001f983 "Stay the Fuck Home" \U0001f983 Watson
Rebecca 🦃 "Stay the Fu...
@rebeccawatson
So it turns out that an organization I thought was doing good work, the False Memory Syndrome Foundation (associated with Center for Inquiry, James Randi, and Martin Gardner) was actually caping for pedophiles. Uhhhh oops?


Since this, bizarrely, turned out to be one of my longest videos ever (??) here's a quick thread to sum it up for those of you like myself with short attention spans. 1/10

In the '90s the False Memory Syndrome Foundation was founded to call attention to the problem of adults suddenly "remembering" child abuse that never actually happened, often under hypnosis. Skeptics like James Randi & Martin Gardner joined their board. 2/10

A new article reveals that the FMSF was founded by parents who had been credibly and PRIVATELY accused of molestation by their now-adult daughter. They publicized the accusation, destroyed the daughter's reputation, and started the foundation. 3/10

The FMSF assumed any accused pedo who joined was innocent, saying "We are a good-looking bunch of people, graying hair, well dressed, healthy, smiling; just about every person who has attended is someone you would surely find interesting and want to count as a friend" 😬 4/10
SCIENCE

You May Also Like

Ramsay Rippers \U0001f354
Ramsay Rippers 🍔...
@RamsayRippers
🧵EMA + VWAP STRATEGY

Every trader has a go-to strategy that works best for them. My trading is all about keeping it simple stupid and revolves around two indicators - Exponential moving averages and vwap.

Here's the strategy that I utilize on nearly 80% of my trades.

👇

What are Exponential Moving Averages?

EMA's are a type of moving average that places a greater weight on more recent data points.

8EMA = Exponential Moving Averages of the last 8 candle closing prices.

EMA's adjust with respect to chart time frame.

What is VWAP?

Volume Weighted Average Price - A key intraday indicator in my trading that offers the true average price based on price & volume.

Calculation: (Price x # of shares traded) / total shares traded

EMA's I use

- 8
- 21
- 50

While I do utilize the 50EMA, the 8 & 21 EMA are most important for this strategy. Some people use the 9 and 20 which are essentially the same thing. REMEMBER: EMA'S adjust with respect to time frames.

A+ Set Up Criteria - (What I look for)
STRATEGY
Vibhu Vashisth
Vibhu Vashisth
@VIBHU_Tweet
महाभारत की कहानी कौन नहीं जानता।लेकिन क्या आपको पता है कि महाभारत के ज्यादातर पात्र किसी न किसी श्राप में फंसे थे।अगर ये श्राप न होते तो कदाचित महाभारत की कहानी कुछ और होती।हिन्दु पौराणिक ग्रंथों में विभिन्न श्रापों का वर्णन मिलता है व हर श्राप के पीछे कोई कहानी अवश्य होती है।


आइए आज जानते हैं महाभारत कथा में वर्णित कुछ श्रापों के बारे में।

1) राजा पाण्डु को ऋषि किन्दम का श्राप

एकबार महाराज पाण्डु शिकार खेलने वन गए।झाडियों के पीछे कुछ हिल रहा था। मृग है सोचकर राजा ने बाण चलाया जो जाकर ऋषि किन्दम और उनकी पत्नी को लगा।वे दोनो रति-क्रीड़ा में लिप्त थे।

जब राजा ने उन्हें देखा तो बहुत दुखी हुए कि ये मुझसे क्या पाप हो गया।बहुत क्षमा याचना के बाद भी किन्दम ऋषि ने पाण्डु को श्राप दे दिया कि जब भी वो किसी स्त्री को काम भावना से स्पर्श करेंगे उसी क्षण उनकी मृत्यु हो जाएगी।पश्चाताप करने, वे सिंहासन पे अन्धे राजा धृतराष्ट्र को बैठाकर...


..स्वयं अपनी रानियों कुंती व माद्री के साथ वन चले गए।पांडवों का जन्म भी कुंती को ऋषि दुर्वासा द्वारा दिए गए मंत्र से हुआ था जिसमे किसी भी देव का स्मरण कर उस देव से कुंती,पुत्र प्राप्त कर सकती थी।एक बार माद्री पे मोहित हो जब पांडु ने उसे स्पर्श किया,उसी क्षण पांडु की मृत्यु होगयी।


2) उर्वशी का अर्जुन को श्राप

महाभारत युद्ध से पहले जब अर्जुन दिव्यास्त्र प्राप्त करने स्वर्ग गए तो वहां उर्वशी नाम की अप्सरा उन पर मोहित हो गयी। अर्जुन ने जब उन्हें अपनी माता के समान बताया तो यह सुनकर उर्वशी क्रोधित हो गयी और अर्जुन को श्राप दे डाला कि तुम नपुंसक की भांति...
ALL
Advertisement
Andrew Chen
Andrew Chen
@andrewchen
👇 Thread. New deck getting published this week: "Consumer startups are awesome, and here's what I'm looking to invest in at Andreessen Horowitz." If you want to read it, subscribe to my newsletter here: https://t.co/262t8eh0wf


1/ A lot of new consumer technologies have been introduced to US households in the last 100 years. But it's taken many of them - like the telephone - more than 50 years to get to the majority of the US. Why is that?


2/ We had to literally teach people how to use phone. Which end goes to your mouth, which goes to your ear. Say "hello" when people call. The motivation of consumers to talk to their friends has always been there, but we had to teach the behavior


3/ If you compare phones to the latest technologies, there's been a huge shift. Things are being picked up much faster.


4/ Even while there's been all this innovation recently, physically speaking, we are still the same human beings from 100,000 years ago.
STARTUPS
Kelly Ellis
Kelly Ellis
@justkelly_ok
So, I want to talk about how sexual harassment and fair pay are linked at Google (and beyond), because I think that's an angle that isn't being highlighted enough in the coverage of these walk-outs. I'm going to frame it largely around my personal experience there. Thread.

When I was sexually harassed by the director of the area I was working in, I was afraid to report it because I was worried that "getting him in trouble" would result in the subtle retaliation of missed leadership opportunities.

I wanted to continue working on the team I was on, because I'd gained a lot of very deep knowledge and expertise in that area, as well as reputation and camaraderie with the other folks working in that area. I didn't want to make the situation more "difficult."

To get promoted at Google, several need to happen: 1. you need opportunities for ownership and leadership above your current level (basically, opportunities to show you're working at the next level you're trying to get promoted to). The work you're "assigned" has a big impact.

2. You need glowing reviews from peers, *at or particularly above the level you're hoping to get promoted to.* Basically, you need people a lot more senior than you to say you're doing awesome work.
TECH , SOCIETY
Sheetal Rijhwani
Sheetal Rijhwani
@RijhwaniSheetal
How you can filter stocks for Intraday trades - 🧵

As a kid, we would do homework before school the next day - you have to do homework here too. A specific sector performs on a particular day and studying things a day before will help you spot that particular sector. (1/11)

To prepare for the next trading day, you got to check the Index charts of all sectors. You got to keep an eye on a specific Index if you see a few factors:

- If any Index closed exactly at the resistance, you can get a trade on either side on the next day. (2/11)

- If it gave a rejection candle at resistance.

- If any Index closed exactly at support, you can get a trade on either side the following day.

- If there was a bullish signal at the support.

- If any Index gave a breakout or breakdown and then gave a good closing. (3/11)

- If any Index has taken support at 50 or 200 EMA.

Once you spot the Index, look at all the stocks in that particular Index. Pick at least 3-4 stocks from that Index and add them to your watchlist for the next day. It's ideal to check both higher and lower timeframes. (4/11)

What you should do next day? (When I am unable to check Indices and stocks a day before, I sometimes directly start with this process.)

- Start with checking the top gainers/losers list. I observe market from 9:15 to 9:45am to check the sectors performing well on that day.(5/11)
SCREENERS , ALL , INTRADAY STRATEGIES