BC WORLD
Saved by @ThomassRichards

In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

 Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]
Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]
But the in-person ballots are complicated, too!
Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
There are reasons to want online voting:
* Citizens living abroad
* Visually impaired and quadriplegic voters need to have assistants that they trust
* Many invalid ballots (even <10%!)
* Physical voting has security problems, too
Like the states of the US, there are cantons in Switzerland, federalized system. The cantons have almost complete control over the elections *except* that the federal system has exclusive control over the security of online voting.
Several cantons have been experimenting, with Geneva being the first, followed by a group of eight cantons.
In 2017 the federal chancellor calls for 2/3 of the cantons to offer internet voting for national elections in 2019. There were not many CS people represented and they declared internet voting "solved".

That was a wakeup for people on internet voting.
Geneva pulled funding after political quarrels... which paved the way for SwissPost.

In 2019 they posted the source code before the election. It didn't take long for several fundamental security flaws to be found.

[ I can't type this fast and find everyone's names sorry]
In the wake of that failure everyone figured out that internet voting was not, in fact, solved. At all.

So they brought in a bunch of experts.
What happens if you get together a bunch of experts? A scientific report!
[If someone has a link, please reply with it]

@ChrFolini was brought in to moderate the workshops... then the pandemic hit. Lots of debate on cryptography, software development, etc.
After all that debate and new work, there is a new report [anyone have a link? @ChrFolini?] in line with the recommendations of the scientists. But we'll need to keep tweaking as tech changes.
Key recommendations:
* Strict hierarchy of recommendations, starting with a verifier model which can be reasoned about, then moving to pseudocode then code. Use formal models.
* Diversity of hard- and soft-ware to resist attacks. It's more expensive, but there are security benefits.

[Boy howdy this is going to be controversial one, depending on how this is set up -- checks of different versions against each other?]
* Maximum level of transparency, especially in development

* Voting security beyond internet voting
Summary:
* Switzerland is a useful testbed for online voting
* Iterative process with strict supervision on federal level
* Expert dialogue with recommendations in 2020
@ChrFolini sees online voting as something which may or may not be securable but it's a political question whether it's introduced... so we'd better work on it.

[paraphrased]
Giving my hands a break, so end of talk as the questions are coming thick and fast (not at all shocking!)

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.

Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.

How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering

We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
TECH
Lea Kissner
Lea Kissner
@LeaKissner
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.

But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation

Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.

Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
TECH
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML

For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.


Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!


This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
SCIENCE
Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS
Lea Kissner
Lea Kissner
@LeaKissner
Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.


But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework


We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law

But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
TECH , TEACH

More from World

Pegasus of Dharma
Pegasus of Dharma
@HarduttSuhas
THE EVOLUTION OF OUR NATIONAL FLAG (1857-1947)

The INDIAN NATIONAL FLAG is not just a flag! It's a testimony of patriotism and seamless sacrifice. A symbol representing one of the oldest civilizations on this planet.

Let's hope what happened yesterday never repeats!

(Thread)


After the revolt of 1857, the first Indian flag was designed. The design was based on western heraldic standards with "Union Jack" in the upper-left quadrant and a "Star of India" enclosed in the royal crown in the middle of the right half.(1)


The flag was a symbol of the direct imperial rule in India.(2)

In 1904 the first Indian flag which stood for India's independence from the British was devised. The design was provided by sister Nivedita, an Irish disciple of Swami Vivekananda.(3)


The flag was red and yellow with an image 'Vajra' (weapon of god Indra). The phrase 'Vande Mataram' was written in Bengali on it. The red colour and the yellow colour signified freedom and victory while the symbol of vajra stood for strength.(4)
WORLD
Heshmat Alavi
Heshmat Alavi
@HeshmatAlavi
THREAD

1)
#Iran's echo chamber at work

@JZarif describes Qassem Soleimani as a "national hero" who defeated ISIS

Iran apologists/lobbyists begin
WORLD
Advertisement
Josh
Josh
@Josh731_
-Thread-

The Bolshevik Revolution was Jewish, 6/8 Soviet leaders from Lenin to Gorbachev were Jewish AND all three Presidents since the (fake) fall of the Soviet Union are Jewish

Lenin✡️
Stalin✡️
Khrushchev✡️
Brezhnev✡️
Andropov✡️
Gorbachev✡️
~
Yeltsin✡️
Medvedev✡️
Putin✡️


First Soviet government mostly Jewish:

Funded by International Jewish bankers;

https://t.co/qdmhsmSRFz

Ariadna Tyrkova-Williams on Bolshevik revolution:

“In the Soviet Republic, all the committees and commissaries were filled with Jews”

https://t.co/iysRhViRe3


Lenin:

"Russian-Jewish newspaper Yevreyskaya Tribuna , 22nd August, 1922 - Lenin asked the rabbis if they were satisfied with the particularly cruel executions."

https://t.co/vWoUqvmXc4


Stalin:

B’nai Brith report - Stalin is Jewish (pg 35)
https://t.co/Km9UClfrRt

Stalin's Jewish mother (Jewish Cup Kiddush covered with a shroud - on the grave of Stalin's mother) https://t.co/XXAkeC6wID

Soviet Analyst, Volume 31, Issues 1-7
https://t.co/ycZG4XshNC


Khrushchev:

Nikita Salomon PEARLMUTTER. (img 1) https://t.co/aVLCetMf3w

Another source for Pearlmutter (img2)
https://t.co/m6JzRrD1BJ

"Khrushchev, also, promptly added that the Soviet Government is based today on Jewish leadership"
https://t.co/4lg7XZJON8
WORLD
Defense News Nigeria
Defense News Nigeria
@DefenseNigeria
Can anyone fathom out how weapons like this make their way into the hands of terrorists in Nigeria?


These weapons are in boxes marked with serial numbers. Where there are serial numbers there are invoices or receipts. Which means it was imported. This is worrisome and raise questions about where the terror groups are sourcing their heavy weapons.

Weapons proliferation was once linked to the fall of Gadaffi. Libya was at one point the main source of arms to terror groups on the continent. For those unaware of the dynamics ill give a brief explanation:

When NATO bombed the crap out of the Gadaffi regime in 2011, Libya lost control of a large part of the stockpile it had amassed in over 40 years. The CIA made several calls for ground troops to be deployed to secure Gadaffi's amoury from falling into the hand of rebel groups.

The French kicked against sending ground troops, saying it will give the impression Libya was under a NATO occupation, Its just not worth the political capital to do so. The CIA made this call TWICE and TWICE it was shut down. The logic was securing those sites
WORLD
Khaled Homoud Alshareef \U0001f1f8\U0001f1e6
Khaled Homoud Alsharee...
@0khalodi0
1️⃣ How the Yemeni Civil War (2014–present) is portrayed in the main stream media


2️⃣ This one is a little different, it hits close to home in many different ways, the Yemeni Civil War is a unique phenomenon in moder warfare, the majority of people don't even know what's really going on and who's fighting who.

3️⃣ The combatants :
Iranian backed Supreme Political Council (Houthis)
  International recognized Government (Hadi-led government)
  South Yemen Nationalists Southern Transitional Council

4️⃣ The (allegedly Turkish and Qatari backed) Islamic State of Iraq and the Levant – Yemen Province (ISIL-YP)
 The (allegedly Iranian and Qatari backed) Ansar al-Sharia and Al-Qaeda in the Arabian Peninsula (AQAP)


5️⃣The so called Supreme political council of Yemen is a Mish mash of bad guys and misfits, Iran supplies the Houthis with arms, drones and ballistic missiles, Hezbollah delivers these arms through shell corporations and Hezbollah operators man the missiles
WORLD

You May Also Like

Maurice Casey
Maurice Casey
@MauriceJCasey
I am reading through reams of late-1920s communist poetry and easily my favourite title so far is: "To a Lady who Rejected a Poem about Spring as a Petit-Bourgeois Deviation"

The last lines:
"So here's my hat into the air,
Three cheers for your amazing hair,
For coal mines, and for turbines, too,
For steel, the Comintern and you!"

A not exactly graceful (though possibly satirical) title: "Lines Disassociating Myself from Yessenin and Supporting the Otherwise Unfounded Legend that I am a Foremost Proletarian Writer"

An excerpt:
"Goodbye verses of Yessenin
Goodbye literary slop-
You are not the line of Lenin
You are not the line of WAPP

Never shall I moan a
simple lyric from the heart
I'll devote my new corona
to the proletarian art"

The poet was Joseph Freeman, who published much of his revolutionary verse in the New Masses, a stylish journal of the interwar American literary Left.
CULTURE
Ryan Caldbeck
Ryan Caldbeck
@ryan_caldbeck
1/ I am seeing more and more founder secondary in venture rounds (Secondary = founders selling some of their shares before some other shareholders are able). Series B-D. I see both as an investor and through entrepreneur circles.

2/ I like secondary for entrepreneurs. Moderation is key but in a lot of situations I think it helps accelerate the co. Lots of very smart investors disagree. Here are my thoughts.

3/ Magnitude: My basic rule of thumb from what I see is market is 4+ yrs and up to 10% of founder’s equity stake with some $ cap that makes sense given stage etc. (typically <$10m)

4/ The entrepreneurial journey is brutally hard. Giving some financial relief helps remove one piece of pressure. I don’t think that secondary in the magnitude mentioned impacts the drive/persistence of great entrepreneurs.

5/ That secondary means they will be able to just sleep knowing they can pay their kids’ tuition. Secondary will make most founders better at their jobs, thus accelerating the co.
ALL
Advertisement
STEALTH JEFF
STEALTH JEFF
@drawandstrike
Andy McCabe has some explaining to do.


Andrew McCabe was reported to the FBI’s Office of Public Affairs for making an unauthorized leak of classified info to the media about @GenFlynn in early February 2017.

If you’ve wondered exactly who it was who leaked the classified info from that intelligence report on @GenFlynn’s phone calls with then-Russian ambassador Kislyak to the media, you are right now seeing a huge honking clue who it was.

To those responding to this info by sneering "Nothing's gonna happen":

Up.

Your.

Game.

You just might be too stupid to be following me.

The then-Deputy Director of the FBI get's caught targeting @GenFlynn with an illegal leak so he can 'investigated' by Peter Strzok?

Now that we know it was McCabe who set up Flynn for a fake 'perjury' investigation by his pet attack dog, Peter Strzok, the next name that's going to surface is...Joseph Pientka.
ALL
Jonathan Ware
Jonathan Ware
@ReassessHistory
So when it first appeared in Normandy, the Sherman Firefly and it's meaty 17 pounder represented an ideal combo of reliable chassis, great gun and devastating firepower right?

Ummm...

Truth is a bit more complex. /1
#WW2 #SWW #History


Deliveries of Firefly to units only commenced in April 1944,
just a few weeks before Overlord & left minimal time for familiarisation.

Armoured Regiments mostly utilised Fireflies on a basis of 1 per troop of 4 tanks. /2


Finally each armoured regiment troop had access to integral, meaty, anti-tank firepower capable of dealing serious damage to any German AFV likely to be encountered. /3


The dual purpose 75mm gun was quite capable of laying down a reasonable HE shell or AP round for dealing with Panzer III or IV.

Firefly's 17 Pounder had.... problems with HE, but excelled at tank killing. So Tigers and Panthers would need to be wary. /4


Firefly's design history dated back to March 1943 when the General Staff published "Policy on Tanks" which effectively stated the majority of tanks should have a good HE weapon and...

[See image below] /5
HISTORY
Mo Rajabifard
Mo Rajabifard
@morajabi
👨‍💻 Last resume I sent to a startup one year ago, sharing with you to get ideas:

- Forget what you don't have, make your strength bold
- Pick one work experience and explain what you did in detail w/ bullet points
- Write it towards the role you apply
- Give social proof

/thread


"But I got no work experience..."

Make a open source lib, make a small side project for yourself, do freelance work, ask friends to work with them, no friends? Find friends on Github, and Twitter.

Bonus points:

- Show you care about the company: I used the company's brand font and gradient for in the resume for my name and "Thank You" note.
- Don't list 15 things and libraries you worked with, pick the most related ones to the role you're applying.
-🙅‍♂️"copy cover letter"

"I got no firends, no work"

One practical way is to reach out to conferences and offer to make their website for free. But make sure to do it good. You'll get:

- a project for portfolio
- new friends
- work experience
- learnt new stuff
- new thing for Twitter bio

If you don't even have the skills yet, why not try your chance for @LambdaSchool? No? @freeCodeCamp. Still not? Pick something from here and learn https://t.co/7NPS1zbLTi
You'll feel very overwhelmed, no escape, just acknowledge it and keep pushing.
LIFE