"security" entries

Four short links: 22 April 2016

Four short links: 22 April 2016

Unicorn Hazards Ahead, Brainprinting for Identity, Generating News Headlines, and Anthropic Capitalism

  1. Why The Unicorn Financing Market Just Became Dangerous to Everyone — read with Fortune’s take on the Tech IPO Market. “They profess to take a long-term view, but the data shows post-IPO stocks are very volatile in the case of tech IPOs, and that is not a problem the underwriters try to address.” Damning breakdown of the current state. As Bryce said, Single-horned, majestic, Weapons of Mass Extraction.
  2. Brainprints (Kurzweil) — 50 subjects, 500 images, EEG headset, 100% accuracy identifying person from their brain’s response to the images. We’ll need much larger studies, but this is promising.
  3. Generating News Headlines with Recurrent Neural NetworksWe find that the model is quite effective at concisely paraphrasing news articles.
  4. Anthropic Capitalism And The New Gimmick Economy — market capitalism struggles with “public goods” (those which are inexhaustible and non-excludable, like infinitely copyable bits that any number of people can have copies of at once), yet much of the world is being recast as an activity where software manipulates information, thus becoming a public good. Capitalism and Communism, which briefly resembled victor and vanquished, increasingly look more like Thelma and Louise; a tragic couple sent over the edge by forces beyond their control. What comes next is anyone’s guess and the world hangs in the balance.

(more…)

Comment
Four short links: 21 April 2016

Four short links: 21 April 2016

BitCoin with Identity, Hardware is Hard, Data Test Suites, and Internet Voting

  1. Bribing Miners to Regulate Bitcoin — interesting! A somewhat conspiracy-theoretical take on an MIT proposal to layer identity onto Bitcoin. Features repurposed DRM tech, no less.
  2. Tesla Model X Quality Issues (Consumer Reports) — hardware is hard.
  3. Data Proofer — open source software that’s test cases for your data, to help ensure you’re not pushing corrupt data into production.
  4. Internet Voting? Really? (YouTube) — TEDx talk by Andrew Appel comparing physical with online voting. Very easy to follow for the non-technical.

(more…)

Comment: 1
Four short links: 19 April 2016

Four short links: 19 April 2016

Security Controls, Dataflow Checkups, Fair Use Wins, and Internet Moderators

  1. Security Controls for Computer Systems — Declassified 1970s DoD security document is still relevant today. (via Ars Technica)
  2. Checking Up on Dataflow Analyses — notable for a very easy-to-follow introduction to what dataflow analysis is. Long after the chatbot startups have flamed out, formal methods research in CS will be a key part of the next wave of software where code writes code.
  3. Fair Use Triumphs in Supreme Court (Ars Technica) — a headline I never thought I’d see in my lifetime. The Supreme Court let stand the lower court opinion that rejected the writers’ claims. That decision today means Google Books won’t have to close up shop or ask book publishers for permission to scan. In the long run, the ruling could inspire other large-scale digitization projects.
  4. The Secret History of Internet Moderators (The Verge) — the horrors and trauma of the early folks who developed content moderation systems (filtering violence, porn, child abuse, etc.) for Facebook, YouTube, and other user-contributed-content sites. It’s still a quiet and under-supported area of most startups. Some of them now meet roughly monthly for dinner, and I’m kinda glad I’m not around the table for that conversation!

(more…)

Comment
Four short links: 8 April 2016

Four short links: 8 April 2016

Data Security, Bezos Letter, Working Remote, and Deep Learning Book

  1. LangSecThe complexity of our computing systems (both software and hardware) have reached such a degree that data must treated as formally as code.
  2. Bezos’s Letter to Shareholders — as eloquent about success in high-risk tech as Warren Buffett is about success in value investing.
  3. Good Bad and Ugly of Working Remote After 5 Years — good advice, and some realities for homeworkers to deal with.
  4. Deep Learning Book — text finished, prepping print production via MIT Press. Why are you using HTML format for the drafts? This format is a sort of weak DRM required by our contract with MIT Press. It’s intended to discourage unauthorized copying/editing of the book.
Comment
Four short links: 29 March 2016

Four short links: 29 March 2016

SNES Code Injection, World Without Work, Spectrum Collaboration, and Mass Surveillance

  1. SNES Code Injection (YouTube) — this human exploited various glitches in Super Mario World to inject the code for Flappy Bird. Wow.
  2. Will Life be Worth Living in a World without Work? — new paper published in the Science and Engineering Ethics journal. Two distinct ethical/social issues would seem to arise. The first is one of distributive justice: how will the (presumed) efficiency gains from automated labour be distributed through society? The second is one of personal fulfilment and meaning: if people no longer have to work, what will they do with their lives? In this article, I set aside the first issue and focus on the second. In doing so, I make three arguments. First, I argue that there are good reasons to embrace non-work and that these reasons become more compelling in an era of technological unemployment. Second, I argue that the technological advances that make widespread technological unemployment possible could still threaten or undermine human flourishing and meaning, especially if (as is to be expected) they do not remain confined to the economic sphere. And third, I argue that this threat could be contained if we adopt an integrative approach to our relationship with technology.
  3. Spectrum Collaboration Challenge — DARPA’s next big challenge is based on the idea that wireless devices would work better if they cooperated with one another rather than fought for bandwidth. Since not all devices are active at all times, the agency says, it should be possible through the use of artificial intelligence machine-learning algorithms to allow them to figure out how to share the spectrum with a minimum of conflict.
  4. Mass Surveillance Silences Minority Opinions (PDF) — This study explores how perceptions and justification of surveillance practices may create a chilling effect on democratic discourse by stifling the expression of minority political views. Using a spiral of silence theoretical framework, knowing one is subject to surveillance and accepting such surveillance as necessary act as moderating agents in the relationship between one’s perceived climate of opinion and willingness to voice opinions online. Theoretical and normative implications are discussed. (via Washington Post)
Comment
Four short links: 22 March 2016

Four short links: 22 March 2016

HCI Pioneers, Security Architecture, Trial by Cyborg, and Distributed Ledgers

  1. HCI Pioneers — Ben Schneiderman’s photo collection, acknowledging pioneers in the field. (via CCC Blog)
  2. A Burglar’s Guide to the City (BLDGBLOG) — For the past several years, I’ve been writing a book about the relationship between burglary and architecture. Burglary, as it happens, requires architecture: it is a spatial crime. Without buildings, burglary, in its current legal form, could not exist. Committing it requires an inside and an outside; it’s impossible without boundaries, thresholds, windows, and walls. In fact, one needn’t steal anything at all to be a burglar. In a sense, as a crime, it is part of the built environment; the design of any structure always implies a way to break into it. Connection to computer security left as exercise to the reader.
  3. Trial by Machine (Roth) — The current landscape of mechanized proof, liability, and punishment suffers from predictable but underscrutinized automation pathologies: hidden subjectivities and errors in “black box” processes; distorted decision-making through oversimplified — and often dramatically inaccurate — proxies for blameworthiness; the compromise of values protected by human safety valves, such as dignity, equity, and mercy; and even too little mechanization where machines might be a powerful debiasing tool but where little political incentive exists for its development or deployment. […] The article ultimately proposes a systems approach – “trial by cyborg” – that safeguards against automation pathologies while interrogating conspicuous absences in mechanization through “equitable surveillance” and other means. (via Marginal Revolution)
  4. Distributed Ledger Technology: Blackett Review (gov.uk) — Distributed ledgers can provide new ways of assuring ownership and provenance for goods and intellectual property. For example, Everledger provides a distributed ledger that assures the identity of diamonds, from being mined and cut to being sold and insured. In a market with a relatively high level of paper forgery, it makes attribution more efficient, and has the potential to reduce fraud and prevent “blood diamonds” from entering the market. Report includes recommendations for policy makers. (via Dan Hill)
Comment
Four short links: 15 March 2016

Four short links: 15 March 2016

Car Hackers Handbook, Exoskeleton Regulation, Pythonic Spreadsheet, and AI Myths

  1. The 2016 Car Hacker’s Handbook (Amazon) — will give you a deeper understanding of the computer systems and embedded software in modern vehicles. It begins by examining vulnerabilities and providing detailed explanations of communications over the CAN bus and between devices and systems. (via BoingBoing)
  2. More Exoskeletons Seeking FDA ApprovalThe international group of exoskeleton providers with various FDA or CE certifications is growing and currently includes: Ekso in the US; Cyberdyne in the EU and Japan; ExoAtlet from Russia; and Israel’s ReWalk. Other providers are in the process of getting approvals or developing commercial versions of their products. My eye was caught by how global the list of exoskeleton companies is.
  3. Dirigible Spreadsheet — open source spreadsheet that’s not just written in Python, it exposes and IS python. See also Harry Percival talking about it.
  4. Everything You Know About AI Is Wrong (Gizmodo) — an interesting run-through of myths and claims about AI. I’m not ready to consider all of these “busted,” but they are some nice starters-for-ten in your next pub argument about whether the Matrix is coming.
Comment
Four short links: 14 March 2016

Four short links: 14 March 2016

Measure What Matters, Broken Laws, Password Recovery Questions, and 3D Object Tracking

  1. What Thomas Hardy Taught MeIn educational research, perhaps the greatest danger lies in thinking “that which I cannot measure is not real.” The disruption fetishists have amplified this danger, now evincing the attitude “teaching that cannot be said to lead to the immediate acquisition of rote, mechanical skills has no value.” But absolutely every aspect of my educational journey — as a student, as a teacher, and as a researcher — demonstrates the folly of this approach to learning. (via Dan Meyer)
  2. Why Anti-Money Laundering Laws and Poorly Designed Copyright Laws Are Similar and Should be Revised (Joi Ito) — Just like with the Internet, weaknesses in networks like the blockchain propagate to countries and regions where privacy risks to users could cause significant risks to human rights workers, journalists, or anyone who questions authority. The conversation on creating new AML and KYC laws for new financial systems like bitcoin and blockchain needs to be a global one.
  3. Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google — Adrian Colyer summarizes a paper from Google. Using a crowdsourcing service, the authors asked 1,000 users to answer the ‘Favourite Food’ and ‘Father’s middle name’ questions. This took less than a day and cost $100. […] Using a single guess, it turns out, you have a 19.7% chance of guessing an English-speaking users’ answer to the favourite food.
  4. Clever MEMS 3D Object Tracking — early Oculus engineer has invented a nifty way to track a tagged object in 3D space. Worth reading for the description of how it works.
Comment
Four short links: 9 March 2016

Four short links: 9 March 2016

Surveillance Capitalism, Spark in Jupyter, Spoofing Fingerprints, and Distributing SSH Keys

  1. The Secrets of Surveillance CapitalismThe assault on behavioral data is so sweeping that it can no longer be circumscribed by the concept of privacy and its contests. […] First, the push for more users and more channels, services, devices, places, and spaces is imperative for access to an ever-expanding range of behavioral surplus. Users are the human nature-al resource that provides this free raw material. Second, the application of machine learning, artificial intelligence, and data science for continuous algorithmic improvement constitutes an immensely expensive, sophisticated, and exclusive 21st century “means of production.” Third, the new manufacturing process converts behavioral surplus into prediction products designed to predict behavior now and soon. Fourth, these prediction products are sold into a new kind of meta-market that trades exclusively in future behavior. The better (more predictive) the product, the lower the risks for buyers, and the greater the volume of sales. Surveillance capitalism’s profits derive primarily, if not entirely, from such markets for future behavior. (via Simon St Laurent)
  2. Thunder — Spark-driven analysis from Jupyter notebooks (open source).
  3. Hacking Mobile Phones Using 2D-Printed Fingerprints (PDF) — equipment costs less than $450, and all you need is a photo of the fingerprint. (like those of government employees stolen en masse last year)
  4. SSHKeyDistribut0r (Github) — A tool to automate key distribution with user authorization […] for sysop teams.
Comment

Using Apache Spark to predict attack vectors among billions of users and trillions of events

The O’Reilly Data Show podcast: Fang Yu on data science in security, unsupervised learning, and Apache Spark.

Subscribe to the O’Reilly Data Show Podcast to explore the opportunities and techniques driving big data and data science: Stitcher, TuneIn, iTunes, SoundCloud, RSS.

350px-Zaunreparatur_beim_Museum_Arlerhof_in_Abtenau_26

In this episode of the O’Reilly Data Show, I spoke with Fang Yu, co-founder and CTO of DataVisor. We discussed her days as a researcher at Microsoft, the application of data science and distributed computing to security, and hiring and training data scientists and engineers for the security domain.

DataVisor is a startup that uses data science and big data to detect fraud and malicious users across many different application domains in the U.S. and China. Founded by security researchers from Microsoft, the startup has developed large-scale unsupervised algorithms on top of Apache Spark, to (as Yu notes in our chat) “predict attack vectors early among billions of users and trillions of events.”

Several years ago, I found myself immersed in the security space and at that time tools that employed machine learning and big data were still rare. More recently, with the rise of tools like Apache Spark and Apache Kafka, I’m starting to come across many more security professionals who incorporate large-scale machine learning and distributed systems into their software platforms and consulting practices.

Read more…

Comment