BC TECH
Saved by @ThomassRichards

Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

 Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.
But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework
We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law
But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
Previously used a method called "swapping" with secret parameters
* differential privacy is open and we can talk about privacy loss/accuracy tradeoff
* swapping assumed limitations of the attackers (e.g. limited computational power)
Needed to design the algorithms to get the accuracy we need it and tune the privacy loss based on that.

Change in the meaning of "privacy" as relative -- it requires a lot of explanation and overcoming organizational barriers.
By 2017 thought they had a good understanding of how differential privacy would fit -- just use the new algorithm where the old one was used, to create the "micodata detail file".
Surprises:
* different groups at the Census thought that meant different things
* before, states were processed as they came in. Differential privacy requires everything be computed on at once
* required a lot more computing power
* differential privacy system has to be developed with real data; can't use simulated data to do this because the algorithms in the literature weren't designed for dats anything like as complex as the real data (multiracial people, different kinds of households, etc)
* to understand the privacy/accuracy trade-off requires a lot of runs, representing a *lot* of computer time
Census bureau was 100% behind the move
* initial implementation was by Dan Kiefer, who took a sabbatical
* expanded team to with Simson and others
* 2018 end to end test
* original development was on an on-prem Linux cluster
* then got to move to AWS Elastic compute... but the monitoring wasn't good enough and had to create their own dashboard to track execution
* it wasn't a small amount of compute
* republished the 2010 census data using the differentially private algorithm and then had a conference to talk about it
* ... it wasn't well-received by the data users who thought there was too much error
For example: if we add a random value to a child's age, we might get a negative value, which probably won't happen to a child's age.

If you avoid that, you might add bias to the data. How to avoid that? Let some data users get access to the measurement files [I don't follow]
In summary, this is retrofitting the longest-running statistical program in the country with differential privacy. Data users have had some concerns, but believe it will all come out.
Code is up on github and papers are up online. (@xchatty have some links?)

[end of talk]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.

Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.

How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering

We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
TECH
Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.

But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation

Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.

Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
TECH
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD
Lea Kissner
Lea Kissner
@LeaKissner
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML

For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.


Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!


This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
SCIENCE

More from Tech

ashkan soltani
ashkan soltani
@ashk4n
BREAKING: @CommonsCMS @DamianCollins just released previously sealed #Six4Three @Facebook documents:

Some random interesting tidbits:

1) Zuck approves shutting down platform API access for Twitter's when Vine is released #competition


2) Facebook engineered ways to access user's call history w/o alerting users:

Team considered access to call history considered 'high PR risk' but 'growth team will charge ahead'. @Facebook created upgrade path to access data w/o subjecting users to Android permissions dialogue.


3) The above also confirms @kashhill and other's suspicion that call history was used to improve PYMK (People You May Know) suggestions and newsfeed rankings.

4) Docs also shed more light into @dseetharaman's story on @Facebook monitoring users' @Onavo VPN activity to determine what competitors to mimic or acquire in 2013.

https://t.co/PwiRIL3v9x
TECH
SwiftOnSecurity
SwiftOnSecurity
@SwiftOnSecurity
I think about this a lot, both in IT and civil infrastructure. It looks so trivial to “fix” from the outside. In fact, it is incredibly draining to do the entirely crushing work of real policy changes internally. It’s harder than drafting a blank page of how the world should be.


I’m at a sort of career crisis point. In my job before, three people could contain the entire complexity of a nation-wide company’s IT infrastructure in their head.

Once you move above that mark, it becomes exponentially, far and away beyond anything I dreamed, more difficult.

And I look at candidates and know-everything’s who think it’s all so easy. Or, people who think we could burn it down with no losses and start over.

God I wish I lived in that world of triviality. In moments, I find myself regretting leaving that place of self-directed autonomy.

For ten years I knew I could build something and see results that same day. Now I’m adjusting to building something in my mind in one day, and it taking a year to do the due-diligence and edge cases and documentation and familiarization and roll-out.

That’s the hard work. It’s not technical. It’s not becoming a rockstar to peers.
These people look at me and just see another self-important idiot in Security who thinks they understand the system others live. Who thinks “bad” designs were made for no reason.
Who wasn’t there.
TECH
Advertisement
Nicolas
Nicolas
@necolas
A brief analysis and comparison of the CSS for Twitter's PWA vs Twitter's legacy desktop website. The difference is dramatic and I'll touch on some reasons why.

Legacy site *downloads* ~630 KB CSS per theme and writing direction.

6,769 rules
9,252 selectors
16.7k declarations
3,370 unique declarations
44 media queries
36 unique colors
50 unique background colors
46 unique font sizes
39 unique z-indices

https://t.co/qyl4Bt1i5x


PWA *incrementally generates* ~30 KB CSS that handles all themes and writing directions.

735 rules
740 selectors
757 declarations
730 unique declarations
0 media queries
11 unique colors
32 unique background colors
15 unique font sizes
7 unique z-indices

https://t.co/w7oNG5KUkJ


The legacy site's CSS is what happens when hundreds of people directly write CSS over many years. Specificity wars, redundancy, a house of cards that can't be fixed. The result is extremely inefficient and error-prone styling that punishes users and developers.

The PWA's CSS is generated on-demand by a JS framework that manages styles and outputs "atomic CSS". The framework can enforce strict constraints and perform optimisations, which is why the CSS is so much smaller and safer. Style conflicts and unbounded CSS growth are avoided.
TECH
James Felton
James Felton
@JimMFelton
Butt plugs were originally sold as a miracle cure for headaches, acne, and insanity

Thread, article here and h/t: @qikipedia :
https://t.co/Ts84xnmWKJ


For a long time, medicine was pre-occupied with the question "can this be solved by putting something in the butt?"

Take, for example, tobacco smoke enemas, in which 18th Century physicians saw drowning victims and attempted to de-deadify them by blowing tobacco smoke up their rectums with a pipe.


Despite having no medical benefit whatsoever, the practice was popular, and enema kits lined the Thames like lifebelts, ready to be used as one final humiliation for somebody who was crap at swimming.

This practice ended sometime after 1800 when it became apparent that it didn't really work, given how the anus famously isn't really connected to the lungs, but doctors weren't quite finished with having a poke around in the old anus to see what happens just yet.
TECH
Tagir Valeev
Tagir Valeev
@tagir_valeev
Ever wondered how the JVM debugger 'Evaluate' feature works in IDEs? Long ago I thought that the Java debug interface (JDI) actually allows you to specify the expression and get back its value.


However, this is not quite possible: there's no Java language compiler inside the JVM. When the process is paused JDI allows you to read or write any variables and fields or even execute an existing method with given arguments. But nothing like addition or multiplication.

On the other hand, #IntelliJIDEA debugger allows you to evaluate even statements! You can write there `for`, `if`, `while`, `switch` - whatever. You can even declare local variables. So how this works?


The answer is simple: IDEA debugger has a built-in interpreter for Java! If you access an existing variable or a field, call a method or instantiate an object, it queries JDI. Otherwise, IDE itself does all the calculations.

The amusing thing is that debugger authors didn't bother to make it as strict as Java itself, so the language inside the interpreter is a much more permissive version of Java. For example, you don't need to initialize variables there! Default values like 0 are used automatically.
TECH

You May Also Like

ArmaniTalks \U0001f399\U0001f525
ArmaniTalks 🎙🔥...
@ArmaniTalks
Manipulation Sign:

If you are compromising too much, there is a chance that you are getting manipulated.

Why are you the one that's always compromising?

How come the other person always gets their way?

Be more curious.

If something seems off, stick up for yourself.

'Wait, you sure I am being manipulated?'

I have no clue, that is only something that you can decide for yourself.

'Dang is there anything I need to look out for?'

Plenty..

But let me give you a few things to look out for.

👇

I see manipulation as skillfully controlling someone's behavior for egotistical or unethical purposes.

'How come people don't leave when it's happening to them?'

Because most people have 0 clue that they are being manipulated.

1. Guilt Trip

You ever made a mistake around someone, only for them to hold it over your head?

The will always bring up the mistake when you 2 are not seeing eye to eye.

These people will use that mistake as leverage to get what they want from you in the future.

Look out.

2. The Rationalizer

This person will commit the worst acts & find a way to rationalize it.

Example: cheaters when they get caught.

They have every excuse in the book for why they did it.

Heck, they are so good at rationalizing, they will make it seem like your fault.
LIFE
Brian Cates
Brian Cates
@drawandstrike
A lot of people don't understand that Trump & his incoming team didn't face a normal transition period, like it was over a in a matter of a few weeks or months.

The DOJ transition period JUST ENDED when Sessions left. Almost 2 exact years to get it there.

Pompeo at the CIA took over a year before he was done and ready to shift over to the State Department.

All kinds of stuff has been going on behind the scenes nobody leaks or talks about.

We only had the barest mention of the fact the Clinton Email investigation restarted

Nobody leaked in a year that Huber was deep diving into the Clinton Foundation.
Keep that in mind as all the usual suspects continue to INSIST nothing is happening/going to happen.
POLITICS
Advertisement
Edwin Hayward
Edwin Hayward
@uk_domain_names
Ok, it's high time to look at the REAL effects of Brexit. As the Tories implode & Labour sits on its hands, companies are executing contingency plans, shifting jobs & assets, slashing investments, or redomiciling (accounting exercise). Happening NOW, not in a fantasy future. 1/95

Barden Corporation is closing down its Plymouth factory after 51 years, putting 400 jobs at risk, as its parent company Schaeffler shifts production to various sites outside the UK due to Brexit.

8 health providers have warned of medicine shortages in the event of a no-deal Brexit: "we do not believe that the current medicine supply plans will suffice, and we will have widespread shortages if we do not respond urgently."

Pfizer - $100 million on Brexit prep: "Pfizer’s preparations are well advanced to make the changes necessary to meet EU legal requirements after the U.K. is no longer a member state, especially in the regulatory, manufacturing and supply chain areas."

The Government has spent £4.2 billion pounds on Brexit preparations (£2.2 billion in previous Budgets, plus an additional £2 billion in the most recent Budget.)
POLITICS
f1talks.pl
f1talks.pl
@f1talks
Oleg Karpov pisze, że gdyby Siergiej Sirotkin zdobył w pierwszej części sezonu więcej punktów od Strolla, to jego kontrakt z automatu zostałby przedłużony na kolejny sezon. Tak się nie stało i Williams ma możliwość szukania innych opcji i to właśnie robi. #F1pl

Czego w artykule brakuje, to informacji, że SMP prawdopodobnie przekazało Williamsowi część środków na sfinansowanie sezonu 2019. W przypadku zakończenia współpracy ekipa z Grove będzie musiała zwrócić te środki. #F1pl

To tłumaczy wysokie kwoty jakich Williams ma oczekiwać za fotel od nowego kierowcy. Jest pewnie próg opłacalności i dopóki nie zostanie osiągnięty, to zmiana z finansowego punktu widzenia nie będzie się zwyczajnie opłacała. #F1pl

Tyle można znaleźć w oświadczeniach prasowych... 😂😂😂
SPORT
Eileen May
Eileen May
@suleskerry
Joanna Cherry:"Alex Salmond secured a concession that nothing in Scotland Act would preclude the people of Scotland from subsequently choosing an independent future. This is recorded in Hansard during second reading of Referendums (Scotland & Wales) Bill, May 21, 1997."

Donald Dewar said: “I should be the last to challenge the sovereignty of the people, or deny them the right to opt for any solution to the constitutional question they wished. For example, if they want to go for independence, I see no reason why they should not do so." JC

"In same debate Alex Salmond went on to emphasise that “… the Claim of Right referred to sovereign right of the Scottish people to determine a form of Govt best suited to their needs. It did not suggest sovereignty resides with English Members of Parliament." Joanna Cherry

Joanna Cherry: "Donald Dewar articulated the democratic norm later enshrined in the Edinburgh Agreement. His concession laid the foundation for the 2014 referendum in recognising the rights of Scots to choose whether to remain part of our voluntary union with England."

"I am wholly in agreement with view that we must find a legal & constitutional way to demonstrate that public opinion in Scotland has changed since 2014 referendum, in order for our independence to be internationally recognised & therefore meaningful." Joanna Cherry
SOCIETY