BC TECH
Saved by @ThomassRichards

Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

 Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.
But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework
We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law
But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
Previously used a method called "swapping" with secret parameters
* differential privacy is open and we can talk about privacy loss/accuracy tradeoff
* swapping assumed limitations of the attackers (e.g. limited computational power)
Needed to design the algorithms to get the accuracy we need it and tune the privacy loss based on that.

Change in the meaning of "privacy" as relative -- it requires a lot of explanation and overcoming organizational barriers.
By 2017 thought they had a good understanding of how differential privacy would fit -- just use the new algorithm where the old one was used, to create the "micodata detail file".
Surprises:
* different groups at the Census thought that meant different things
* before, states were processed as they came in. Differential privacy requires everything be computed on at once
* required a lot more computing power
* differential privacy system has to be developed with real data; can't use simulated data to do this because the algorithms in the literature weren't designed for dats anything like as complex as the real data (multiracial people, different kinds of households, etc)
* to understand the privacy/accuracy trade-off requires a lot of runs, representing a *lot* of computer time
Census bureau was 100% behind the move
* initial implementation was by Dan Kiefer, who took a sabbatical
* expanded team to with Simson and others
* 2018 end to end test
* original development was on an on-prem Linux cluster
* then got to move to AWS Elastic compute... but the monitoring wasn't good enough and had to create their own dashboard to track execution
* it wasn't a small amount of compute
* republished the 2010 census data using the differentially private algorithm and then had a conference to talk about it
* ... it wasn't well-received by the data users who thought there was too much error
For example: if we add a random value to a child's age, we might get a negative value, which probably won't happen to a child's age.

If you avoid that, you might add bias to the data. How to avoid that? Let some data users get access to the measurement files [I don't follow]
In summary, this is retrofitting the longest-running statistical program in the country with differential privacy. Data users have had some concerns, but believe it will all come out.
Code is up on github and papers are up online. (@xchatty have some links?)

[end of talk]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.

But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation

Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.

Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
TECH
Lea Kissner
Lea Kissner
@LeaKissner
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML

For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.


Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!


This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
SCIENCE
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD
Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS
Lea Kissner
Lea Kissner
@LeaKissner
Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.

Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.

How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering

We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
TECH

More from Tech

foone
foone
@Foone
It is 2018 and this error message is a mistake from 1974.
This limitation, which is still found in the very latest Windows 10, dates back to BEFORE STAR WARS. This bug is as old as Watergate.


When this was developed, nothing had UPC codes yet because they'd just been invented.
Back when this mistake was made, There was only one Phone Company, because they hadn't been broken up yet. Ted Bundy was still on the loose. Babe Ruth's home run record was about to fall.

When this bug was developed, Wheel of Fortune hadn't yet aired. No one had seen Rocky Horror. Steven Spielberg was still a little-known directory of TV films and one box-office disappointment. SNL hadn't aired yet. The Edmund Fitzgerald was still hauling iron ore.

WHEN THIS STUPID MISFEATURE WAS INVENTED, THE GODFATHER PART II HAD JUST OPENED IN THEATERS.

So, why does this happen? So Unix (which was only 5 years old at this point) had the good idea of "everything is a file" which mean you could do things like write to sockets, pipes, the console, etc with the same commands and instructions.
TECH
Jason Kint
Jason Kint
@jason_kint
I could create an entire twitter feed of things Facebook has tried to cover up since 2015. Where do you want to start, Mark and Sheryl? https://t.co/1trgupQEH9


Ok, here. Just one of the 236 mentions of Facebook in the under read but incredibly important interim report from Parliament. ht @CommonsCMS https://t.co/gfhHCrOLeU


Let’s do another, this one to Senate Intel. Question: “Were you or CEO Mark Zuckerberg aware of the hiring of Joseph Chancellor?"
Answer "Facebook has over 30,000 employees. Senior management does not participate in day-today hiring decisions."


Or to @CommonsCMS: Question: "When did Mark Zuckerberg know about Cambridge Analytica?"
Answer: "He did not become aware of allegations CA may not have deleted data about FB users obtained through Dr. Kogan's app until March of 2018, when
these issues were raised in the media."


If you prefer visuals, watch this short clip after @IanCLucas rightly expresses concern about a Facebook exec failing to disclose info.
TECH
Advertisement
Paul Stamatiou \U0001f4f7
Paul Stamatiou 📷...
@Stammy
Just published 15,000+ words on security keys. 🔐📱💻

With SIM attacks at their highest, now is a great time to take a closer look at your online security.

Removing SMS from your two-factor auth is a start, but authenticator apps have downsides too...

https://t.co/Dk0MPJHL2V


Just look at these headlines from recent SIM swap and port attacks.

It's all too established for attackers to find ways to socially engineer control of your phone number and start gaining control of your accounts.

I first talk about some general security tips.


Unfortunately not all websites let you remove your phone number from accounts.

You may consider migrating your phone carrier to @googlefi , which requires email account access to do anything (and can be locked down with security keys and even Advanced Protection)


Beyond SMS, I talk about issues that TOTP authenticator apps (the code generators) have as a form of two-factor auth. They're so, so much better than relying on SMS for your second factor but they still have issues like utilizing shared secrets and lacking phishing prevention.

Enter security keys!

Utilizing public key cryptography they don't have any shared secret between the client and the server. They prevent phishing by taking the website domain into account.

Even if you get tricked by a clone phishing website, your key won't.
TECH
Knarf
Knarf
@Knarf93
@zkat__ I'm in the position that I actually find npm / yarn the best ecosystem. Whenever I use something else I always end up stubbing my toe into something thats missing / feels wrong.

Ex. Cargo seems to neither have a concept of devDependencies nor peerDependencies.

I also can't understand why it wouldn't have an "add" command to add a new dependency. And I'm no fan of Toml, json is greate (easy to parse and build tooling around), and the better option in my opinion would be json5.

C / C++ seems to just not have language package managers. The linux / bsd crowd seem to have decided that the system package manager also should be the language package manager. Which might have been fine if every Linux distro used the same system package manager.

Instead we end up with a N x M problem. Where we have a bunch of different operating systems and they all support multiple system package managers. So there's no easy way of distributing, referencing and updating C / C++ packages.

It is also my opinion that the compiler / runtime should be a package dependency. I don't like Rust's split between rustup and cargo (they should have been one tool). Similarly it would be better if you added Node as a dependency to package.json, that way we wouldn't need NVM.
TECH
Resist the Hologram - Stu Cvrk
Resist the Hologram - ...
@STUinSD
Thread – Dump the Legacy Media; Turn to These News Sources

A. We all need sources less tainted by the Big Tech/globalist narratives that are echoed repeatedly throughout the legacy media. My brother sent me a list of alternatives from the Noq report.
TECH

You May Also Like

SK
SK
@sk_diary1
A #story from #Thiruvilayadal puranam-one of divine leelas of Bhagwan Shiva

#threadseries #Madurai

Story 16- it is about how Bhagwan Shiva explained the meaning of Vedas to the Rishis.

வேதத்துக்குப் பொருள் அருளிச் செய்த படலம்


Once there was a great deluge,everything in the world was destroyed.All lifeforms that existed got perished.Afterwards ,due to Bhagwan Shiva creation started.Then from Bhagwan Shiv ji's mouth-birth of 🕉 OM- Pranavam happened.From Pranavam,4 vedas appeared. Rishis learned them.

Many Rishis in Naimisharanya learned Vedas&recited them but they didn't understand the meaning&essence of Vedas. They were worried as they couldn't find any guru who can teach them the meaning of Vedas.That time,Rishi Arabhatar visited them.Rishis told him about need their worry.

Rishi Arabhatar told them that Bhagwan Shiva has given Vedas &he would be grateful enough to teach the meaning as well.But for that rishis have to rigorous penance at a sacred place.Also told them to go to Sundareswarar temple in Madurai to do tapas in front of Dakshinamurthy.

Assured them that Dakshinamurthy himself will come & teach them.Rishis proceeded to Madurai & started their tapas in front of Dakshinamurthy sannidhi for almost a year starting from Karthigai month pournami to next year Karthigai month pournami following all rituals..annadan
ALL
Greg Olear
Greg Olear
@gregolear
Trump is a Russian asset, a mob money launderer installed by his mob whoremasters to sow chaos and weaken the US & our allies.

EVERY SINGLE THING HE’S DONE since taking office is to achieve those purposes—that and to enrich himself personally.

[THREAD]


1/ His entire family is part of this. Melania is a fucking crook. Ivanka is a fucking crook. Junior and Gums are fucking crooks. They will all die in prison, except for Kushner, who, if he really *did* trade US intel for money, should be executed for espionage.

2/ Why do you think Trump installs uniquely corrupt & awful people to Cabinet positions? Pruitt, Zinke, Betsy, Rex/Pompeo, Wilbur "Melting Nazi Face" Ross. They are not there to serve us. They are not there to drain the swamp. They are there to BURN THE REPUBLIC DOWN.

3/ Trump steals. He takes taxpayer money—your money and mine—and lines his pockets with it. He exploits his office to make himself richer. This is all he cares about. Why are Republican citizens, you “fiscal conservatives,” not more angry about this? Riddle me THAT, #MAGA.

4/ Matt Whitaker, the human dildo and “acting AG,” was illegally installed to throw a monkey wrench in the Mueller investigation. That’s why they won’t release his financials. He’s fucking bought and sold. He’s going to prison for obstruction.
POLITICS
Advertisement
Khatvaanga
Khatvaanga
@khatvaanga
Sri Gurubhyo Namaha.


After the phenomenon called Sri Chandrasekhara Bharati came another one - Sri Abhinava Vidya Teertha [1954-1989] the 35th Jagadguru. Srinivasa was born on Nov 13, 1917. He was initiated into Sanyasa by Sri Chandrasekhara Bharati in 1931. He was Jagadguru for 35 years.

He was chosen and specifically trained to take over Peetadhipatyam from Sri Mahaswami. He is majorly responsible for the way Sringeri currently is. He built various buildings for devotees, Gajashala, Gooshala etc.

Acharya on conversions:
Once a person approached Sri Acharya that some other religions are trying to convert Hindus and requested Sri AVT to do prevent these conversions.

AVT replied - what do u mean by religion? Religion i.e. mata is related to 'mati' or intellect.
Caste is called 'jAti' which is related to janana or birth.
Ex- breed of a cow. we cannot change its qualities to resemble another breed by changing its name.
ALL
WORLD OF SANATAN DHARMA
WORLD OF SANATAN DHARM...
@world_sanatan
MINUTE DETAILS ABOUT THE ATTACK ON SHAISTA KHAN AT LAL MAHAL

Remarkable Commando op

A long 🧵 but worth your time

Aurangzeb sent his maternal uncle Shaista Khan with powerful army over 1,50,000 on the request of Badibegum Sahiba, Adilshahi sultanate

1/


Shaista Khan entered Deccan to kill Chhatrapati Shivaji Maharaj & to destroy his empire. Shahista Khan captured a lot of province and fort of Chakan near Pune.

2/


Till 3 years he gave lot of troubles to the subjects of Chhatrapati Shivaji Maharaj and he personally made Lal Mahal his destination to live at , which was the property of Chhatrapati Shivaji Maharaj . Lal Mahal, where Chhatrapati Shivaji Maharaj spent his childhood.

3/

1. In the April 1663 Chhatrapati Shivaji Maharaj personally made a surprise attack on Shahista Khan in the Lal Mahal Pune.

2. Chhatrapati Shivaji Maharaj attacked with 300 soldiers at the midnight while Lal Mahal had strong security of 1.5 lac soldiers for Shahista Khan.

4/

3. He entered in Pune, he made a drama of wedding ceremony to enter in Pune near Lal Mahal.

4. During the night they made big hole at the wall of Lal Mahal and entered into the palace.

5/
ALL
Simon Wardley #EEA
Simon Wardley #EEA
@swardley
X : Our executive team is concerned that we need to up our game in order to out innovate Amazon.
Me : Do you map?
X : Yes
Me : Like this?
X : No. What's that?
Me : A map of a tea shop.


X : Why is that a map?
Me : Long story, all to do with how space has meaning. To keep it short, maps help people to focus on user needs, the components involved, to communicate missing components and scenario play ideas like staff becoming robots.


Me : They’re also good for measuring and managing capital flow, making investment decisions, removing bias and getting rid of duplication.
X : I don’t see how that helps with innovation?


Me : Well, innovation is a tricky word because we use it to describe many things. If you’re talking about differentiation with the adjacent unexplored then you’re experimenting in the “uncharted” space e.g. immortality with magic provided by the special custom built kettle.


X : That sounds like nonsense.
Me : A lot of what people think will be the next great innovation is nonsense. Actually, most of it is. That’s the nature of the uncharted space, it’s experimental, high risk and generally results in failure.
X : We need more reliable innovation.
TECH