BC TECH
Saved by @ThomassRichards

We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

 A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.
But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation
Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.
Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
Every nuclear material has its own spectrum. By looking at the spectrum it tells inspectors what materials (and how much) are present at a site.
This is an example of the graph for uranium
Why hasn't someone done this yet?
* It's expensive! We haven't had computers fast enough before.
* The inspectors need to be *sure* that it will work. They want tried and true, not latest and greatest.
* It's a small field with a limited budget.
MPC explainer (it's cool but not magic)

Make a circuit which does some kind of computational task, like whether A < B
Garbled circuits build on these logic circuits.

Let's think about a case with two parties where we want to compare two inputs. That can be done with this circuit.

[accessibility apology: I'm livetweeting this really fast and can't render these diagrams in text]
Then we stick random numbers as labels on each of the inputs
Then encrypt all the inputs -- you can only decrypt the output which gives you the correct output.

[Also go watch this talk -- it's a good explanation but very hard to livetweet]
Up until this point, everything was done by one party. They create this whole garbled circuit thingie.

Then we use this crypto thingie called oblivious transfer. That lets the other party get the keys to do the decryption of the correct output for each gate.
Eventually they get to the end, and sucess! The answer to the garbled circuit, which gives them the correct answer to the circuit.
How to use this in the real world?

Want to use pre-existing software (to give confidence to the inspectors). But not every system can work for this: they can't scale enough, they're too bleeding-edge fancy (hard to use!), etc.
So built a prototype of their own, called CipherCircuit in Python. (Yes, it's slow, but more accessible and easier to use.)
Looked for a test application -- something easier than that whole nuclear signature example!

Instead did electrocardiogram analysis as a proof of concept to give the analysis without revealing the actual heartbeat.
Moved on to analyzing radiation signatures, looking for a particular movement of 233Pa along a road. Could they find this movement without ever looking at the detector's output?
[I definitely cannot render this animated data visualization please see talk.]

Spoiler: yes! They detected the spike!
It's still slow to build the circuit [... and I suspect to run it]

Can we be resilient to malicious adversaries? Maybe commitment scheme?

Believe this is more important than ever with increasing international tensions... and want to push for MPC to go mainstream

[End of talk]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.


But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework


We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law

But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
TECH , TEACH
Lea Kissner
Lea Kissner
@LeaKissner
Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.

Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.

How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering

We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
TECH
Lea Kissner
Lea Kissner
@LeaKissner
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML

For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.


Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!


This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
SCIENCE

More from Tech

SwiftOnSecurity
SwiftOnSecurity
@SwiftOnSecurity
I think about this a lot, both in IT and civil infrastructure. It looks so trivial to “fix” from the outside. In fact, it is incredibly draining to do the entirely crushing work of real policy changes internally. It’s harder than drafting a blank page of how the world should be.


I’m at a sort of career crisis point. In my job before, three people could contain the entire complexity of a nation-wide company’s IT infrastructure in their head.

Once you move above that mark, it becomes exponentially, far and away beyond anything I dreamed, more difficult.

And I look at candidates and know-everything’s who think it’s all so easy. Or, people who think we could burn it down with no losses and start over.

God I wish I lived in that world of triviality. In moments, I find myself regretting leaving that place of self-directed autonomy.

For ten years I knew I could build something and see results that same day. Now I’m adjusting to building something in my mind in one day, and it taking a year to do the due-diligence and edge cases and documentation and familiarization and roll-out.

That’s the hard work. It’s not technical. It’s not becoming a rockstar to peers.
These people look at me and just see another self-important idiot in Security who thinks they understand the system others live. Who thinks “bad” designs were made for no reason.
Who wasn’t there.
TECH
Luca Hammer
Luca Hammer
@luca
Two years ago on a weekend, I built a tool to make it easier to evaluate Twitter accounts. Since then 36590 people used it to analyze 55390 different Twitter accounts.

Over the last months @mmkaradeniz and I made a new version. We launched it last night:

@accountanalysis doesn't use machine learning or AI „magic“. Instead of telling users if an account is authentic or not, it helps them to evaluate the accounts themselves.

It visualizes the different features (date, time, type, app, etc.) of Tweets to make them interpretable. /1

@accountanalysis The core concept is still the same, but it looks much better and is easier to operate. Not only for the users, but us developers as well. Enabling us to continuously roll out new features in the future.

Side-by-side screenshots of the old and new version. /2


@accountanalysis Some people had questions what different charts displayed and how they could be interpreted. There are now explanations for all charts, that can be toggled on and off at any time. /3


@accountanalysis The selected/retrieved Tweet count moved to the top to make it clear that not all Tweets of an account are analyzed. 3200 is the API limit by Twitter. It's possible to get more through the Premium API, but I don't think people would pay $100+ for the analysis of one account. /4
TECH
Advertisement
Devdutta
Devdutta
@Devdutta96
Please please please take your cyber security seriously even if you don’t consider yourself a high risk person. Here are a few easy things to start with. 1/n

Switch from WhatsApp to Signal and enable disappearing messages. Most of us cannot stop using WhatsApp entirely but at least turn off back ups to Google Drive or iCloud. 2/n

Do not have private conversations using the messaging service on any social media platform like Facebook, Instagram or Twitter. 3/n

Switch from Gmail to ProtonMail or any other secure email service provider. 4/n


Switch from Google Docs to CryptPad or RiseUp Pad.
CYBER SECURITY , IT PRIVACY , CYBER SECURITY STEPS
Knarf
Knarf
@Knarf93
@zkat__ I'm in the position that I actually find npm / yarn the best ecosystem. Whenever I use something else I always end up stubbing my toe into something thats missing / feels wrong.

Ex. Cargo seems to neither have a concept of devDependencies nor peerDependencies.

I also can't understand why it wouldn't have an "add" command to add a new dependency. And I'm no fan of Toml, json is greate (easy to parse and build tooling around), and the better option in my opinion would be json5.

C / C++ seems to just not have language package managers. The linux / bsd crowd seem to have decided that the system package manager also should be the language package manager. Which might have been fine if every Linux distro used the same system package manager.

Instead we end up with a N x M problem. Where we have a bunch of different operating systems and they all support multiple system package managers. So there's no easy way of distributing, referencing and updating C / C++ packages.

It is also my opinion that the compiler / runtime should be a package dependency. I don't like Rust's split between rustup and cargo (they should have been one tool). Similarly it would be better if you added Node as a dependency to package.json, that way we wouldn't need NVM.
TECH
El Sandifer, Rationality Expert to the Stars
El Sandifer, Rationali...
@ElSandifer
I’m quoted in this, which does about as good a job overviewing the topic as a New York Times profile can be expected to.

Major oversights in it as I see.

First, It does not acknowledge the fact that Yudkowsky is, at heart, a complete crank. This remains, to my mind, crucial to understanding the rationalist community’s influence on the world: they’re sci-fi writers being mistaken for scientists.

You can’t really understand the harmful effects of SSC until you realize that it’s part of a larger movement of bullshit artists serving as cult leaders to the techbros.

Second, and more importantly, it never really explains the harm that’s being done by Scott Siskind and his followers. It comes close, noting that “SJWs” were the only group not welcome in SSC, but it doesn’t capture the harm of that because it doesn’t unpack the term.

What is meant in practice when “SJWs” aren’t welcome in a space is that marginalized people speaking of the harm they experience are silenced.

That’s it. That’s the meaning.
TECH

You May Also Like

Khatvaanga
Khatvaanga
@khatvaanga
Sri Gurubhyo Namaha.


After the phenomenon called Sri Chandrasekhara Bharati came another one - Sri Abhinava Vidya Teertha [1954-1989] the 35th Jagadguru. Srinivasa was born on Nov 13, 1917. He was initiated into Sanyasa by Sri Chandrasekhara Bharati in 1931. He was Jagadguru for 35 years.

He was chosen and specifically trained to take over Peetadhipatyam from Sri Mahaswami. He is majorly responsible for the way Sringeri currently is. He built various buildings for devotees, Gajashala, Gooshala etc.

Acharya on conversions:
Once a person approached Sri Acharya that some other religions are trying to convert Hindus and requested Sri AVT to do prevent these conversions.

AVT replied - what do u mean by religion? Religion i.e. mata is related to 'mati' or intellect.
Caste is called 'jAti' which is related to janana or birth.
Ex- breed of a cow. we cannot change its qualities to resemble another breed by changing its name.
ALL
Invest Like the Best
Invest Like the Best
@InvestLikeBest
In 1937, a trucker got frustrated waiting for his cargo to be unloaded. He later sold his company for $1.1 billion.

Here’s the story of how Malcom McLean made a billion dollars and which startup could be following in his footsteps. (Inspired by our episode with @laurabehrenswu)


In the early 1950s, the shipping industry was a dying business.

New York’s docks were handling half as much domestic cargo in the early 1950s as they had been in the depressed 1930s.

In thirty years, no one had invested significant money in coastal shipping.

Why?

As McLean found out, loading ships was difficult and slow.

A truck or train would deliver items to the port. Each item was unloaded separately, recorded, and carried to storage.

When a ship was ready, each item was taken from storage, counted again, and hauled on-board.


The cost of this labor was significant. As one expert at the time explained:

“A four-thousand-mile voyage for a shipment might consume 50 percent of its costs in covering just the two ten-mile movements through two ports.”


Yet, despite the industry’s issues, it felt little pressure to change.

Foreigners were barred from operating domestically. Cartels ran international routes. And gov. subsidies eased the pain of labor costs.

Reshaping the industry needed an outsider.

Enter Malcolm McLean.
HISTORY
Advertisement
Numberonepal
Numberonepal
@numberonepal
1/ Stolen from the greatawakening(DOT)win...

I will only be making one post here. Do not ask who I am. Do with this information as you please.

The Trump Card is being played. It's much simpler than you all realize. Some of you have gotten it right.
TRUMP , THE LAST DAYS IF THE REVOLUTION
Anu Satheesh \U0001f1ee\U0001f1f3
Anu Satheesh 🇮🇳...
@AnuSatheesh5
Srikanteshwara Temple,
#Nanjangud  #Karnatakatemples 🚩

Srikanteshwara Temple or
Nanjundeshwara Temple is a famous Shiva Temple located in Karnataka at the bank of river  Kapila. Temple is also called Varanasi of South. Nanjunda means one who has consumed poison.


Story is  related to the Samudra Mathanam when Paramashiva had to consume halahala.

Parashurama worshipped Mahadeva here to relieve himself from the curse of Mathru Hatya. While clearing the place to do poojas Parashurama's  axe hit the Shivalingam and it began bleeding, that


mark is still visible even today. Thus
it is also believed that Parashurama did Shiva Prathishta here

Sthala Puranam says that, once there was a demon named Keshi who disturbed the people in the area, after  getting blessing from Brahma Deva  and Mahavishnu. Mahadeva appeared


here and killed demon Keshi and blessed this place as Papa Vinashini. Whoever praying to Srikanteshwara or Nanjundeshwara, after bathing in the  Kabini River will be relieved from all sins.

Nanjundeshwaraya Namah
🙏🕉🙏
ALL
WORLD OF SANATAN DHARMA
WORLD OF SANATAN DHARM...
@world_sanatan
PETER PADUKAM - THE LEGEND OF MADURAI MEENAKSHI TEMPLE AND A BRITISH COLLECTOR.

A British Collector named Rous Peter was appointed as Collector of Madurai from 1812 to 1828.

Though a Christian by faith, he respected all faiths including Hinduism and also honored local practice


Collector Peter was the temple administrator of the Meenakshi Amman Temple and conducted all his duties with sincerity and honesty and respected the religious sentiments of all people.

Collector Rous Peter respected and treated people of all faiths equally and this noble trait

earned him the popular nickname ‘Peter Pandian'

Goddess Meenakshi Amman Temple was situated between Collector Peter's residence and office.

Everyday he used to go to the office by his horse and while crossing the temple, he got down from his horse, removed the hat and his shoes

and crossed the whole path on his foot.

Through this small gesture he expressed his reverence to the Goddess!

One day there was a heavy downpour in Madurai city and River Vaigai was in spate.

Collector was sleeping in his residence and was suddenly disturbed and woken up by

the sound of anklets and he left his bed to find out from where the sound had came.

He saw a small girl wearing pattuvastrams (silk garments) and precious ornaments and addressing him as 'Peter come this way'.
ALL