BC TECH
Saved by @ThomassRichards

Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

 Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.
Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.
How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering
We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
Three rights:
* access
* rectification
* deletion

Legal's trying to uphold them, but it's a technical question!

Legal wants to decrease risk but don't know software
The business wants to stay in business and make money. They want to be able to use data for things like placing ads and analysis.
It takes a lot of time to handle these requests, too!

They need a streamlined technical solution.
Program management wants to streamline and make things efficient and predictable... but they don't understand the technical limitation
As a software engineer, you've seen technical debt. So much technical debt. All the weight of the decisions that were made in the past, especially if you scaled without a data plan.

Average SMB has data in 10 different systems.
How do we delete?
Some poor software engineer is trying to track down what data is where?
What even *is* PII? There's no real standard.
What should be returned? What should be deleted.

Make a definition and stick to it.
Some of your databases might use email addresses as a primary key, some user IDs, etc.
1. Define PII
2. Find all the PII
3. Use pseudonymization to replace PII with some kind of random value which can't be tied back to the user

[reminder I am livetweeting this is not me speaking]
How do you do this at scale?
Maybe a centralized team who can handle this?
If you're a small company, plan ahead!
Be careful when you're doing sanitization -- some databases really don't like batch processes and you can make things fall over.
Speed
* you have a timeline -- often 30 or 45 days
* but that's not enough time if you haven't planned for streamlined speed

Ideally you won't need it, but have a backup plan, in case something goes wrong with a slow data system
Plan for a solution that grows with your business, not just a hacked-together series of SQL queries, but instead a centralized portal with extensibility as the business changes and technical systems grow.

... and as new privacy laws come into place
Privacy is way, way more than compliance. But compliance needs to happen.

Let's all do our part

[ end of talk ]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.

But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation

Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.

Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
TECH
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.


But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework


We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law

But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
TECH , TEACH
Lea Kissner
Lea Kissner
@LeaKissner
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML

For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.


Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!


This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
SCIENCE
Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS

More from Tech

Nicolas
Nicolas
@necolas
A brief analysis and comparison of the CSS for Twitter's PWA vs Twitter's legacy desktop website. The difference is dramatic and I'll touch on some reasons why.

Legacy site *downloads* ~630 KB CSS per theme and writing direction.

6,769 rules
9,252 selectors
16.7k declarations
3,370 unique declarations
44 media queries
36 unique colors
50 unique background colors
46 unique font sizes
39 unique z-indices

https://t.co/qyl4Bt1i5x


PWA *incrementally generates* ~30 KB CSS that handles all themes and writing directions.

735 rules
740 selectors
757 declarations
730 unique declarations
0 media queries
11 unique colors
32 unique background colors
15 unique font sizes
7 unique z-indices

https://t.co/w7oNG5KUkJ


The legacy site's CSS is what happens when hundreds of people directly write CSS over many years. Specificity wars, redundancy, a house of cards that can't be fixed. The result is extremely inefficient and error-prone styling that punishes users and developers.

The PWA's CSS is generated on-demand by a JS framework that manages styles and outputs "atomic CSS". The framework can enforce strict constraints and perform optimisations, which is why the CSS is so much smaller and safer. Style conflicts and unbounded CSS growth are avoided.
TECH
foone
foone
@Foone
you know how Atari called the Jaguar as a "64bit system", because it had two 32bit CPUs? (or because it had a 64bit bus, but let's not worry about that)
we should apply that logic to the current generation of consoles.
So the Switch is a 256bit console. It's the Nintendo 256.

The Xbox Series X? terrible name.
Better call it the "Xbox 512 Blu-ray".
like the Jaguar CD, the Sega CD... the good old days when consoles had their media type in the name.

Boringly the PS5 is also a Playstation 512 Blu-ray, because both of them are using the same AMD Zen 2 CPU.

The Switch one is weeeird. It's built on an Nvidia Tegra X1, which is an 8 core 64-bit CPU, so that should be 512, right?

Well... no. Four of them can't be used. And later documentation doesn't even mention them.

it's some weird system where the system-on-a-chip has four Cortex-A57 cores and four Cortex-A53 cores but only the A57s are usable?
TECH
Advertisement
Patrick McKenzie
Patrick McKenzie
@patio11
Torn between "I think losing $100 million when someone beats you at security research is pretty much exactly what you signed up for doing yield farming" and "Maaaaaaaybe not the future of finance you were expecting, huh."

How to put this in regular finance terms...

Suppose hypothetically you have an account at a brokerage with some valuable asset in it. You take a margin loan against that asset to fund your normal spending, or pay a tax bill, or maybe buy something at another brokerage.

For reasons known only to the brokerage, they don't denominate your loan in dollars. They denominate it in shares of a money market fund, which are worth $1 +/- epsilon and basically never deviate from that.

And you think "Hmm, I have a large equity cushion against this loan."

One day, a computer system at the brokerage reports, sorta-kinda erroneously, that the value of the money market fund is actually $1.30 per share. The equity cushion is gone. Your valuable asset is sold, at timing you didn't choose, at wrong price, to pay an inflated phantom debt

And your recourse is... probably tweeting at patio11 saying he finds too much joy in this.

Which I don't; I just feel like this is why you don't trust a CPU built out of redstone to build reliable financial infrastructure on top of.
TECH
John Carmack
John Carmack
@ID_AA_Carmack
The vast majority of images are jpegs, which are internally 420 YUV, but they get converted to 32 bit RGB for use in apps. Using native YUV formats would save half the memory and rendering bandwidth, speed loading, and provide a tiny quality improvement. It would also be \

a good path to supporting better video codec still image formats and 10 bit components. You can do it today, but you need to do the color conversion manually in a shader, which can be a big ask for some devs. Defining a FMT_JPEG_YUV that does driver injection akin to the \

external image support on Android could make it much more of a drop-in. Even doing it the hard way seems like it would be worthwhile for web browsers today.
TECH
Joe Natoli
Joe Natoli
@joenatoli
#UX and #design friends, we need to talk about estimating. I'd like to share some advice that's come up 3 times this week, in hopes it's useful. And it's echoed, by the way, in the BUSINESS OF UX course @EliNatoli and I are teaching at my UX 365 Academy (link at the end).

(1/12)

Avoiding wars with clients is a matter of how you structure your engagements, along with how you spell out what you're doing in your proposals/contracts. That starts with estimating.

The biggest 2 rules I follow are these:

(2/12)

1. I do not EVER estimate a project in full from start-to-finish.

2. Once we're past initial Discovery (see below), I estimate in small chunks, e.g. "here's what will take us to the next iteration/review."

(3/12)

NEVER estimate past the point where you may get new information based on a build/test cycle.

Believe me when I say that you'll be wrong every time. Ask me how I know ;-)

(4/12)

So instead, first, I estimate a Consult/Discovery part that details what I think we need to do to get a handle on what's actually wrong here, and how long that will take.

For example...

(5/12)
TECH

You May Also Like

Abigail See
Abigail See
@abigail_e_see
Can we control the output of neural generation systems?
Can we build a better chatbot using this control?
And what makes a good conversation anyway?

Check out the blog post for our NAACL paper:

https://t.co/UAAUxSeA0L

#AI #NLProc #DeepLearning #ConversationalAI @facebookai

This post got a little delayed since the paper's publication, but the intervening time has given me an opportunity to reflect.

So this post has some extra thoughts regarding more recent NLG developments - e.g., pretrained models like GPT(2), and the suitability of beam search.
ALL
STEALTH JEFF
STEALTH JEFF
@drawandstrike
Andy McCabe has some explaining to do.


Andrew McCabe was reported to the FBI’s Office of Public Affairs for making an unauthorized leak of classified info to the media about @GenFlynn in early February 2017.

If you’ve wondered exactly who it was who leaked the classified info from that intelligence report on @GenFlynn’s phone calls with then-Russian ambassador Kislyak to the media, you are right now seeing a huge honking clue who it was.

To those responding to this info by sneering "Nothing's gonna happen":

Up.

Your.

Game.

You just might be too stupid to be following me.

The then-Deputy Director of the FBI get's caught targeting @GenFlynn with an illegal leak so he can 'investigated' by Peter Strzok?

Now that we know it was McCabe who set up Flynn for a fake 'perjury' investigation by his pet attack dog, Peter Strzok, the next name that's going to surface is...Joseph Pientka.
ALL
Advertisement
Brian Cates
Brian Cates
@drawandstrike
A lot of people don't understand that Trump & his incoming team didn't face a normal transition period, like it was over a in a matter of a few weeks or months.

The DOJ transition period JUST ENDED when Sessions left. Almost 2 exact years to get it there.

Pompeo at the CIA took over a year before he was done and ready to shift over to the State Department.

All kinds of stuff has been going on behind the scenes nobody leaks or talks about.

We only had the barest mention of the fact the Clinton Email investigation restarted

Nobody leaked in a year that Huber was deep diving into the Clinton Foundation.
Keep that in mind as all the usual suspects continue to INSIST nothing is happening/going to happen.
POLITICS
\U0001d54d\U0001d560\U0001d56a\U0001d552\U0001d558\U0001d556\U0001d563
𝕍𝕠𝕪𝕒𝕘𝕖𝕣...
@V0YAGERTWEETS
Gau Mata In Vedic
Culture

It is said that the one who bears the dust thrown from the hoof of Gaumata on his head, as if taking a bath in the water of the teerth sthalam and getting rid of all sins.


Ved and all other Hindu scriptures venerate the cow. The Vedic dictionary, Nighantu, gives amongst other synonyms of 'Gau' [ or cow] the words 'Aghnya', 'Ahi', and 'Aditi'.

Yaska the vedic decoder and commentator on Nighantu, defines these as-

Aghnya —— the one that ought not to be killed
Ahi —— the one that must not be slaughtered.
Aditi —— the one that ought not to be cut into pieces.

These three names of cow signify that this is an animal which should not to be put to tortures. These words appear frequently throughout the Veda in context of the cow.

But in due course the falsehood of killing cows spread far and wide and they became even more deep rooted when western scholars with their half baked knowledge of Sanskrit transliterated these interpretations of commentaries of Sayanacharya ,
ALL
Suchi Sharma
Suchi Sharma
@Suchi_sharma_
Yantrodharaka Anjaneya Temple, Hampi, Karnataka.

This temple dedicated to pawanputra Hanuman, near the banks of Tungabhadra river was built by dwaita philosopher and rajguru of the Vijayanagar empire, Sri Vyasaraja around +500 years ago.


:It is only in this temple that Hanuman appears in a prayer position. In this image, Bhagwan Hanuman’s crown has been formed by his tail.12 monkeys have been carved around this amulet.


:They represent the 12 days Sri Vyasaraja prayed to Hanuman ji. Each monkey holds the tail of the monkey in front of him but is facing backward. Seed syllables have also been carved around the amulet.


:It is believed that Sri Vyasaraja used to draw a picture of lord Hanuman here on the rocks before offering prayers using charcoal and the sketch disappeared after prayers.This incidence happened for 12 days in a row until he pleaded to bhagwan to appear in front of him.


On the 12th day, Hanuman ji appeared in front of Sri Vyasaraja and blessed him. Hanuman asked Sri Vyasaraja to constrain him in a hexagonal amulet & install him in that place.
ALL