BC TECH
Saved by @ThomassRichards

Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

 Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.
But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework
We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law
But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
Previously used a method called "swapping" with secret parameters
* differential privacy is open and we can talk about privacy loss/accuracy tradeoff
* swapping assumed limitations of the attackers (e.g. limited computational power)
Needed to design the algorithms to get the accuracy we need it and tune the privacy loss based on that.

Change in the meaning of "privacy" as relative -- it requires a lot of explanation and overcoming organizational barriers.
By 2017 thought they had a good understanding of how differential privacy would fit -- just use the new algorithm where the old one was used, to create the "micodata detail file".
Surprises:
* different groups at the Census thought that meant different things
* before, states were processed as they came in. Differential privacy requires everything be computed on at once
* required a lot more computing power
* differential privacy system has to be developed with real data; can't use simulated data to do this because the algorithms in the literature weren't designed for dats anything like as complex as the real data (multiracial people, different kinds of households, etc)
* to understand the privacy/accuracy trade-off requires a lot of runs, representing a *lot* of computer time
Census bureau was 100% behind the move
* initial implementation was by Dan Kiefer, who took a sabbatical
* expanded team to with Simson and others
* 2018 end to end test
* original development was on an on-prem Linux cluster
* then got to move to AWS Elastic compute... but the monitoring wasn't good enough and had to create their own dashboard to track execution
* it wasn't a small amount of compute
* republished the 2010 census data using the differentially private algorithm and then had a conference to talk about it
* ... it wasn't well-received by the data users who thought there was too much error
For example: if we add a random value to a child's age, we might get a negative value, which probably won't happen to a child's age.

If you avoid that, you might add bias to the data. How to avoid that? Let some data users get access to the measurement files [I don't follow]
In summary, this is retrofitting the longest-running statistical program in the country with differential privacy. Data users have had some concerns, but believe it will all come out.
Code is up on github and papers are up online. (@xchatty have some links?)

[end of talk]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.

But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation

Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.

Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
TECH
Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML

For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.


Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!


This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
SCIENCE
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD
Lea Kissner
Lea Kissner
@LeaKissner
Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.

Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.

How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering

We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
TECH

More from Tech

Simon DeDeo
Simon DeDeo
@SimonDeDeo
So, today, for the first time in 25 (!) years of Apple, I downgraded. From the 2016 MacBook Pro to my 2013, which I had kept in a drawer...


It was pretty simple to do—Apple Time Machine backups let me do it with one click.

That first tweet captures, in two pictures, how badly Apple has “lost the plot” (to quote @wylieprof). On the right is the Apple MagSafe adapter, from 2013. On the left, what I had “upgraded” to.

Thanks, Apple! I really was nostalgic for worrying about yanking my computer off the table.

Oh and I really appreciated not knowing if my computer was charging. What was great was the little whoop sound you used, so that the speaker before me could be informed I was charging my laptop.
TECH
foone
foone
@Foone
I went looking for a remote-controlled power switch (the wireless christmas kind, not the modern IoT kind) and didn't find it, but I did find this thing I bought just to figure out why it exists.
It's a timer outlet, but you program it from your phone... but it's not wireless.


Yeah instead it plugs into your phone's HEADPHONE PORT


I got it on sale.
probably because iphone dropped the headphone port and they had to get with the 21st century and make it bluetooth


So inside the box is the device. it's got a little 2-prong polarized outlet with no ground.


on top is the only controls: on/off/timer.
TECH
Advertisement
Patrick McKenzie
Patrick McKenzie
@patio11
Some people really benefit from hearing advice that everyone knows, for the same reason we keep schools open despite every subject in them having been taught before.

In that spirit, here's some quick Things Many People Find Too Obvious To Have Told You Already.

Your idea is not valuable, at all. All value is in the execution. You think you are an exception; you are not. You should not insist on an NDA to talk about it; nobody serious will engage in contract review over an idea, and this will mark you as clueless.

Technologists tend to severely underestimate the difficulty and expense of creating software, especially at companies which do not have fully staffed industry leading engineering teams ("because software is so easy there, amirite guys?")

Charge more. Charge more still. Go on.

The press is a lossy and biased compression of events in the actual world, and is singularly consumed with its own rituals, status games, and incentives. The news necessarily fails to capture almost everything which happened yesterday. What it says is important usually isn't.

Companies find it incredibly hard to reliably staff positions with hard-working generalists who operate autonomously and have high risk tolerances. This is not the modal employee, including at places which are justifiably proud of the skill/diligence/etc of their employees.
TECH
Trung Phan \U0001f1e8\U0001f1e6
Trung Phan 🇨🇦...
@TrungTPhan
For decades, Jeff Bezos shunned ads.

But now, Amazon’s ad business is huge: it’s on a $30B+ annual run rate (more than 2x the combined sales of Twitter, Snap and Pinterest).

Here’s how it happened 🧵


1/ Amazon doesn’t break out its ad business separately in financial filings. However, most analyst believe ads make up the majority of its “Other” revenue segment.

This figure has exploded from $1B in 2015 to a current annual run rate of ~$32B.


2/ In 2009, Bezos said “ads are the price you pay for a crappy product”.

But the business is so lucrative that Amazon’s interface has been swamped with ads:

◻️ First 3-7 search results (left in red)
◻️ Most of the product page (right in blue)


3/ Prior to the rise of ads, Amazon set out to build the ultimate organic customer recommendations engine.

The approach was codified in a famed 2003 research paper: “Amazon Recommendations: Item-to-Item Collaborative Filtering.”


4/ In recent years, Amazon organic recommendations:

◻️"Customers who bought this also bought this"
◻️"Customers who viewed also viewed"

Have been replaced w/ ads:

◻️ "Sponsored products related to"
◻️ "Brands related to this category"
TECH
Tessa Davis
Tessa Davis
@TessaRDavis
How do you optimise your slides, audio or video when delivering online teaching?

There are many learning theories out there, but Mayer’s Multimedia Learning Theory is epic.

Read this thread + use his theories to improve learning transfer

Non-ideal slide to get started👇

1/17
TECH

You May Also Like

Paul M Domenick\U0001f43a
Paul M Domenick🐺...
@PaulMDomenick
10 Signs of Social Intelligence 🧠

1-Smile
2-Good posture
3-Strong eye contact
4-Fluid hand gestures
5-Let’s others talk more
6-Listens & relates
7-Comfortable Touching people
8-Walk with a swagger
9-Speaks at slower pace
10-Keeps calm under criticism

[ QUICK THREAD ]


1-Smile

How do you feel when you see someone that looks angry?

It’s a downer

No one will want to interact with you if you look pissed all of the time, it’s just negative energy

Plus, smiling is a sign of confidence and boosts others moods


2-Good posture

Don’t walk Into any social setting looking like the hunchback

It’s weak and makes you look low energy

Plus, you’re displaying low status with weak posture

Stand up straight with your chin up & chest out like a god

Walk like you’re proud of yourself


3- Strong eye contact

Ever shake someone’s hand & their eyes are either looking down or darting?

It’s weak & you probably won’t trust them

Or in conversation?

Eye contact while talking means you’re listening and paying *Attention*

Strong eye contact displays confidence


4-Fluid hand gestures

Use your hands to talk & express your points

Don’t stand there like a robot

Using the hands can make what you’re talking about exciting

It can also be used to emphasize

Exciting = positive emotion

Remember, making people FEEL is what’s important
LIFE
Devdutta
Devdutta
@Devdutta96
Please please please take your cyber security seriously even if you don’t consider yourself a high risk person. Here are a few easy things to start with. 1/n

Switch from WhatsApp to Signal and enable disappearing messages. Most of us cannot stop using WhatsApp entirely but at least turn off back ups to Google Drive or iCloud. 2/n

Do not have private conversations using the messaging service on any social media platform like Facebook, Instagram or Twitter. 3/n

Switch from Gmail to ProtonMail or any other secure email service provider. 4/n


Switch from Google Docs to CryptPad or RiseUp Pad.
CYBER SECURITY , IT PRIVACY , CYBER SECURITY STEPS
Advertisement
Sam Rocha
Sam Rocha
@SamRochadotcom
THREAD

I get asked for writing tips a lot. Of all the ones I’ve given, here are a few of the ones that seem to hold true and remain somewhat universal or at least mostly unobjectionable:

#amwriting #writingtips

1. If you are a fast writer (i.e., if you compose first drafts very quickly) then you absolutely must become a slow editor. Much of what I call “writing” is really, for me, editing.

2. If you don’t read you cannot write a lot or well. Sure, maybe you can read like a maniac for a decade and then read less after that, but without some large volume of intake, there will never be a meaningful output.

2.1 I sometimes say that I feel like writing without reading is like trying to run a marathan on a cracker. And sadly I see many students struggling to write when they have simply never read enough to fuel that demand of the task at hand.

3. All writing is writing if one decides to treat it that way. If one takes some degree of intentional will when sending emails, posting on social media and writing notes and marginalia, then all of that can count as meaningful daily writing.
ALL
Ranvijay Singh\U0001f1ee\U0001f1f3
Ranvijay Singh🇮🇳...
@ranvijayT90
#Thread Two divine forms of Khatu Shyam ji...


On the day of Amavasya, devotees get the darshan of Shyam Baba in Shyam varan (black color). In ordinary days, the form of Baba is saffron. The reason for this is a custom. The real head of Shyam Baba which had appeared from Shyam Kund is of Shyam varan.


Every day Shyam Baba's grand Shringar is done by Pujaris. The main part of Shyam Baba's shringar is Tilak. This Shringar is done by the members of Nij Mandir sevaks. The sevaks of the Nij Mandir do sandalwood tilak to Baba everyday in the auspicious time.


This Divine Tilak is applied from the forehead to the nose. When Baba is given a bath by sevaks, this tilak comes off. Then in the auspicious time, the sevaks again apply tilak to Baba.


There is no auspicious time on the Amavasya. Because of this, tilak is not done on that day. That's why devotees have darshan of Shyam Baba on the Amavasya only in the actual real form (Shyam Swaroop). Baba's tilak is done on Amavasya only on the day of Deepawali.
ALL
John Papa
John Papa
@John_Papa
Choosing the Right JavaScript Framework

Thanks for joining me @pluralsight to talk about javascript frameworks. We had 150+ awesome questions, so I'll try to answer the ones I couldn't get to online right here in a tweet stream

Watch the video -->
https://t.co/G7zeiKhXme


Q. Do arrow functions really make dealing with JavaScript's "this" keywords easier?

A. Yes! When using arrow functions, the scope of "this" is effectively passed in from the outer scope. See here in this REPL

1/n


Q. Where does Polymer fit in? Is it considered a framework like the others?

A. @Polymer is an excellent way to create web components, which are ideal for creating sets of interactivity that can be shared in web apps.

2/n

Q. Have we gone framework crazy?

A. At one time, quite possibly. A few years back we literally had framework overload. I feel it really has solidified into a few very strong choices.

3/n

Q. [Is] there no more need for @polymer?

A. See my previous question on this ... but in general, I think there is a lot of room for Web Components with frameworks.

4/n
ALL