BC TECH
Saved by @ThomassRichards

Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

 Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.
But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework
We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law
But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
Previously used a method called "swapping" with secret parameters
* differential privacy is open and we can talk about privacy loss/accuracy tradeoff
* swapping assumed limitations of the attackers (e.g. limited computational power)
Needed to design the algorithms to get the accuracy we need it and tune the privacy loss based on that.

Change in the meaning of "privacy" as relative -- it requires a lot of explanation and overcoming organizational barriers.
By 2017 thought they had a good understanding of how differential privacy would fit -- just use the new algorithm where the old one was used, to create the "micodata detail file".
Surprises:
* different groups at the Census thought that meant different things
* before, states were processed as they came in. Differential privacy requires everything be computed on at once
* required a lot more computing power
* differential privacy system has to be developed with real data; can't use simulated data to do this because the algorithms in the literature weren't designed for dats anything like as complex as the real data (multiracial people, different kinds of households, etc)
* to understand the privacy/accuracy trade-off requires a lot of runs, representing a *lot* of computer time
Census bureau was 100% behind the move
* initial implementation was by Dan Kiefer, who took a sabbatical
* expanded team to with Simson and others
* 2018 end to end test
* original development was on an on-prem Linux cluster
* then got to move to AWS Elastic compute... but the monitoring wasn't good enough and had to create their own dashboard to track execution
* it wasn't a small amount of compute
* republished the 2010 census data using the differentially private algorithm and then had a conference to talk about it
* ... it wasn't well-received by the data users who thought there was too much error
For example: if we add a random value to a child's age, we might get a negative value, which probably won't happen to a child's age.

If you avoid that, you might add bias to the data. How to avoid that? Let some data users get access to the measurement files [I don't follow]
In summary, this is retrofitting the longest-running statistical program in the country with differential privacy. Data users have had some concerns, but believe it will all come out.
Code is up on github and papers are up online. (@xchatty have some links?)

[end of talk]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML

For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.


Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!


This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
SCIENCE
Lea Kissner
Lea Kissner
@LeaKissner
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.

But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation

Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.

Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
TECH
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.

Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.

How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering

We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
TECH
Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD

More from Tech

DHH
DHH
@dhh
Facebook may well be exceptionally nasty and it’s leadership particularly deceitful, but the whole enterprise is the natural conclusion to an ad-powered social network. Ever greater surveillance, hyper targeting, and engagement baiting is what the basic incentives demand.

Facebook cannot change course. The best they can do is keep dishing out empty apologies, commit to inconsequential adjustments to its algorithms, and spend more money on positive PR and negative projection. The rot is at the core of its very being.

This is why we, consumers and citizens, must make the change for Facebook. Antitrust forcing a breakup of the business, and consumer revolt driving #DeleteFacebook. Zuckerberg will never conclude that what he built has become such a net negative for the world on his own.

That’s why its so tragic that WhatsApp sold out to Facebook in particular. Finally a challenger that had a different model and different ethics. But few would say no to $19B, which is why we need antitrust enforcers to do it for them.
TECH
Matthew Panzarino
Matthew Panzarino
@panzer
New iPad Pro has Face ID, thinner bezels, squared off edges. A new touch sensitive Pencil that magnetically attaches to the edges. Thin enough to have a camera bump. Uses the XR's LCD cornering techniques.


The new 12.9" iPad Pro is physically smaller than the old one with the same screen size. It's roughly the same size as an 8.5 x 11 piece of paper. 5.9mm thick.

10 billion transistors in the A12X. 8-core CPU. 7-Core GPU. 35% faster single-core performance. 1000x faster GPU. iPad Pro is Xbox One S class GPU performance in "94% smaller" package, Ternus jokes.

Apple's silicon team is just dropping bombs every event.

live shot of Apple's silicon team


iPad Pro gets USB-C for up to 5K external displays and enables charging out to iPhones. Wild.
TECH
Advertisement
foone
foone
@Foone
It is 2018 and this error message is a mistake from 1974.
This limitation, which is still found in the very latest Windows 10, dates back to BEFORE STAR WARS. This bug is as old as Watergate.


When this was developed, nothing had UPC codes yet because they'd just been invented.
Back when this mistake was made, There was only one Phone Company, because they hadn't been broken up yet. Ted Bundy was still on the loose. Babe Ruth's home run record was about to fall.

When this bug was developed, Wheel of Fortune hadn't yet aired. No one had seen Rocky Horror. Steven Spielberg was still a little-known directory of TV films and one box-office disappointment. SNL hadn't aired yet. The Edmund Fitzgerald was still hauling iron ore.

WHEN THIS STUPID MISFEATURE WAS INVENTED, THE GODFATHER PART II HAD JUST OPENED IN THEATERS.

So, why does this happen? So Unix (which was only 5 years old at this point) had the good idea of "everything is a file" which mean you could do things like write to sockets, pipes, the console, etc with the same commands and instructions.
TECH
Ameya
Ameya
@Finstor85
After getting good feedback on yesterday's thread on #routemobile I think it is logical to do a bit in-depth technical study. Place #twilio at center, keep #routemobile & #tanla at the periphery & see who is each placed.


This thread is inspired by one of the articles I read on the-ken about #postman API & how they are transforming & expediting software product delivery & consumption, leading to enhanced developer productivity.

We all know that #Twilio offers host of APIs that can be readily used for faster integration by anyone who wants to have communication capabilities. Before we move ahead, let's get a few things cleared out.

Can anyone build the programming capability to process payments or communication capabilities? Yes, but will they, the answer is NO. Companies prefer to consume APIs offered by likes of #Stripe #twilio #Shopify #razorpay etc.

This offers two benefits - faster time to market, of course that means no need to re-invent the wheel + not worrying of compliance around payment process or communication regulations. This makes entire ecosystem extremely agile
TECH
Danny Weinbaum
Danny Weinbaum
@eastshade
A thread about Eastshade's bike mechanic!

When I originally thought of putting a bicycling in Eastshade, I was pretty sure it wasn't going to work, for the simple fact that if it was easy, we'd see a lot more rideable bikes in games. Well, I was wrong. It took a mere week.


Its essentially a first person controller with extra momentum, resulting in the the movement direction lagging behind your look direction. Then I used the angle between the look and the movement to dictate camera "bank" and handle bar rotation, and voila! Game changing feature!


The look of the bike was harder than the movement. Bicycles are fairly modern, so it was tricky to fit it to the setting. I took some artistic liberties and settled on a penny farthing (but wooden), ignoring how impossible that would be to ride on the rugged terrain in Eastshade.

Surprisingly, the hardest part was sound. It didn't feel like riding a bike until I found the right sounds and how to trigger them. For a while I was stuck thinking too realistically. A penny farthing is fixed gear, pedaling sounds nothing like a regular modern bike.

Finally I abandoned realism and went with sounds normal people would associate with biking. We're all so used to modern bikes that we strongly associate the distinct ticking of a freewheel mechanism (think of the sound when you stop pedaling and coast on a modern bike).
TECH

You May Also Like

SK
SK
@sk_diary1
Margatha Natarajar murthi - Uthirakosamangai temple near Ramanathapuram,TN
#ArudraDarisanam
Unique Natarajar made of emerlad is abt 6 feet tall.
It is always covered with sandal paste.Only on Thriuvadhirai Star in month Margazhi-Nataraja can be worshipped without sandal paste.


After removing the sandal paste,day long rituals & various abhishekam will be https://t.co/e1Ye8DrNWb day Maragatha Nataraja sannandhi will be closed after anointing the murthi with fresh sandal paste.Maragatha Natarajar is covered with sandal paste throughout the year


as Emerald has scientific property of its molecules getting disturbed when exposed to light/water/sound.This is an ancient Shiva temple considered to be 3000 years old -believed to be where Bhagwan Shiva gave Veda gyaana to Parvati Devi.This temple has some stunning sculptures.
ALL
Elon Musk\u2019s Meme \U0001f171\ufe0fot
Elon Musk’s Meme 🅱️ot...
@theMemesBot
why do I hear boss music
FUN
Advertisement
Tinker \u274e
Tinker ❎
@TinkerSec
Singing the Blues:
Taking Down an Insider Threat

"I had all of the advantages. I was already inside the network. No one suspected me. But they found my hack, kicked me off the network...

...and physically hunted me down."


Many pentests start from the outside, wanting to see how the perimeter might be breached.

This pentest started from the inside. My client wanted to assume they had already been breached, and, if breached, how far could an attacker go.

Could they stop me once I was inside?

So they snuck me in. Disguised me as a new employee. Gave me a work computer, an ID badge, an account in their system... hell, I even had a cubicle w/my assumed name on it.

The only person who knew who I really was was their CISO. Everyone else thought I was Jeremy in Marketing.

During most of the first morning, I completed onboarding, made introductions, and completed menial tasks.

But I had to act quick. I only had a week onsite. I had to hack their network while not raising suspicion.

So I set about it.

You have to understand... most "Internal Pentests" are straight forward. The hard part is breaching the network, but once you're inside, it's a target rich environment. End of Life computers, default passwords, everyone a Local Administrator...
TECH
Gareth Harney
Gareth Harney
@OptimoPrincipi
1) The Temple of the Divine Claudius was a vast temple complex on Rome's Caelian Hill, overlooking the valley that would later be occupied by the Colosseum. Though almost nothing now remains of the structure, its scale and grandeur once rivalled anything in the city.. #LostRome


2) The 'Claudium' was intended as a sacred complex to revere Claudius and the imperial cult. Construction began soon after the death and deification of the emperor in 54 AD, initiated by his widow Agrippina who was likely responsible for his supposed death by poisoning. #LostRome


3) The sprawling temple complex sat on a gigantic podium that spread across the Caelian Hill, measuring 180 x 200 metres; with towering retaining walls of travertine that raised the structure 20 metres above the valley below. #LostRome


4) The elevated sacred area was likely entered by steps facing the temple on the west side. The temple itself had a projecting hexastyle porch and was surrounded by gardens and a grand portico, probably the 'porticus Claudia' mentioned in Martial's 'On the Spectacles'. #LostRome


5) Statues of both Agrippina and Claudius’ ill-fated young son Britannicus, sculpted in sumptuous dark Egyptian greywacke, were discovered among the ruins on the Caelian Hill in 1651 – and had almost certainly been displayed in the temple precinct. #LostRome
HISTORY
Jijo Sunny
Jijo Sunny
@JijoSunny
1/ 👋 Excited to share what we’ve been building at https://t.co/GOQJ7LjQ2t + we are going to tweetstorm our progress every week!

Week 1 highlights: getting shortlisted for YC W2019🤞, acquiring a premium domain💰, meeting Substack's @hamishmckenzie and Stripe CEO @patrickc 🤩

2/ So what is Brew?

brew / bru : / to make (beer, coffee etc.) / verb: begin to develop 🌱

A place for you to enjoy premium content while supporting your favorite creators. Sort of like a ‘Consumer-facing Patreon’ cc @jackconte

(we’re still working on the pitch)

3/ So, why be so transparent? Two words: launch strategy.

jk 😅 a) I loooove doing something consistently for a long period of time b) limited downside and infinite upside (feedback, accountability, reach).
cc @altimor, @pmarca


4/ https://t.co/GOQJ7LjQ2t domain 🍻

It started with a cold email. Guess what? He was using BuyMeACoffee on his blog, and was excited to hear about what we're building next. Within 2w, we signed the deal at @Escrowcom's SF office. You’re a pleasure to work with @MichaelCyger!

5/ @ycombinator's invite for the in-person interview arrived that evening. Quite a day!

Thanks @patio11 for the thoughtful feedback on our YC application, and @gabhubert for your directions on positioning the product — set the tone for our pitch!
TECH