Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmThe false positive rate for Ashton Kucher's "Thorn" anti-CSAM system is 1 in 10002024-01-25T14:42:31+00:00
https://twitter.com/matthew_d_green/status/1750509702629241341
jmthorn scanning csam ashton-kucher eu data-privacy false-positives surveillance accuracyhttps://pinboard.in/https://pinboard.in/u:jm/b:76550c6217fc/Bert Hubert on Chat Control2023-10-12T17:21:00+00:00
https://berthub.eu/articles/posts/client-side-scanning-dutch-parliament/
jmnow we are talking about 500 million Europeans, and saying, “Let’s just apply those scanners!” That is incredible. ... If we approve this as a country, if we as the Netherlands vote in favour of this in Europe and say, “Do it,” we will cross a threshold that we have never crossed before.
Namely, every European must be monitored with a computer program, with a technology [...] of which the vast, overwhelming majority of scientists have said, “It is not finished.” I mentioned earlier the example that the Dutch National Forensic Institute says, “We cannot do this by hand.” The EU has now said, “Our computer can do that.”
420 scientists have signed a petition saying, “We know this technology, some of us invented it, we just can’t do it.” We can’t even make a reliable spam filter. Making a spam filter is exactly the same technology, by the way, but then much easier. It just doesn’t work that well, but the consequences aren’t that scary for a spam filter.
Nevertheless, there are now MPs who say, “Well, I feel this is going to work. I have confidence in this.” While the scientists, including the real scientists who came here tonight, say, “Well, we don’t see how this could work well enough”.
And then government then says, “Let’s start this experiment with those 500 million Europeans.”
]]>eu scanning css chatcontrol internet monitoring surveillance bert-huberthttps://pinboard.in/https://pinboard.in/u:jm/b:b8823261c362/CSA Academia Open Letter2023-07-23T11:51:31+00:00
https://docs.google.com/document/d/13Aeex72MtFBjKhExRTooVMWN9TC-pbH-5LEaAbMF91Y/edit
jmsecurity infosec via:meredith-whittaker experts client-side-scanning scanning end-to-end-encryption cryptohttps://pinboard.in/https://pinboard.in/u:jm/b:597edd7933d7/In a small study, an AI 'brain decoder' inches toward reading minds2023-05-02T10:45:09+00:00
https://www.statnews.com/2023/05/01/brain-scans-mri-gpt-decoder/
jmIn a new Nature Neuroscience paper published Monday, Huth and a team of researchers from the University of Texas at Austin introduced a new “brain decoder” enabled by GPT-1, an earlier version of the artificial neural network technology that underpins ChatGPT. After digesting several hours of training data, the new tool was able to describe the gist of stories the three participants in the proof-of-concept experiment listened to — just by looking at their functional MRI scans.
Very cool stuff. And I am happy to see the ethical considerations have been considered:
“It is important to constantly evaluate what the implications are of new brain decoders for mental privacy,” said Jerry Tang, a Ph.D. candidate in Huth’s lab and lead author on the paper, in a press briefing.
In devising ways to protect privacy, the authors asked participants to try to prevent the decoder from reconstructing the words they were hearing several different ways. Particularly effective methods included mentally listing off animals, and telling a different story at the same time the podcast was playing were particularly effective at stopping the decoder, said Tang. The authors also found that the decoder had to be trained on each subject’s data and wasn’t effective when used on another person.
Between these findings and the fact that any movement would make the fMRI scans worse, the authors concluded that it’s not currently possible for a brain decoder to be used on someone against their will.
]]>fmri scanning brain mri mindreading gpt podcastshttps://pinboard.in/https://pinboard.in/u:jm/b:f641e3e4002f/Aerial Laser and Photogrammetry Survey of Dublin City2022-03-24T10:05:51+00:00
https://www.researchgate.net/publication/324277069_2015_Aerial_Laser_and_Photogrammetry_Survey_of_Dublin_City_Collection_Record
jmThis record serves as an index to a suite of high density, aerial remote sensing data for a 2km² area of Dublin, Ireland obtained at an average flying altitude of 300m. Collected in March 2015, the data include aerial laser scanning (ALS) from 41 flight paths in the form of a 3D point-cloud (LAZ) and 3D full waveform ALS (LAS and Pulsewave), and imagery data including ortho-rectified 2D rasters (RGBi) and oblique images. The ALS data consist of over 1.4 billion points (inclusive of partially covered areas) and were acquired by a TopEye system S/N 443.
]]>dublin city lidar scanning modelling 3d open-data surveys mappinghttps://pinboard.in/https://pinboard.in/u:jm/b:948a28cdb184/Google’s medical AI was super accurate in a lab. Real life was a different story. | MIT Technology Review2020-04-28T15:55:43+00:00
https://www.technologyreview.com/2020/04/27/1000658/google-medical-ai-accurate-lab-real-life-clinic-covid-diabetes-retina-disease/?truid=8c8f2699f50eb3b9985a111121cfee47
jmWhen it worked well, the AI did speed things up. But it sometimes failed to give a result at all. Like most image recognition systems, the deep-learning model had been trained on high-quality scans; to ensure accuracy, it was designed to reject images that fell below a certain threshold of quality. With nurses scanning dozens of patients an hour and often taking the photos in poor lighting conditions, more than a fifth of the images were rejected.
Patients whose images were kicked out of the system were told they would have to visit a specialist at another clinic on another day. If they found it hard to take time off work or did not have a car, this was obviously inconvenient. Nurses felt frustrated, especially when they believed the rejected scans showed no signs of disease and the follow-up appointments were unnecessary. They sometimes wasted time trying to retake or edit an image that the AI had rejected.
Because the system had to upload images to the cloud for processing, poor internet connections in several clinics also caused delays. “Patients like the instant results, but the internet is slow and patients then complain,” said one nurse. “They’ve been waiting here since 6 a.m., and for the first two hours we could only screen 10 patients.”
The Google Health team is now working with local medical staff to design new workflows. For example, nurses could be trained to use their own judgment in borderline cases. The model itself could also be tweaked to handle imperfect images better.
]]>google health medicine ai automation software internet developing-world real-world images scanninghttps://pinboard.in/https://pinboard.in/u:jm/b:5622d91f3d62/Internet-Scale analysis of AWS Cognito Security2019-06-10T11:43:38+00:00
https://andresriancho.com/internet-scale-analysis-of-aws-cognito-security/
jmJust published the white-paper for my latest research: Internet-Scale analysis of AWS Cognito Security. The white-paper contains the methodology and results of an internet-scale security analysis of AWS Cognito configurations. The research identified 2500 identity pools, which were used to gain access to more than 13000 S3 buckets (which are not publicly exposed), 1200 DynamoDB tables and 1500 Lambda functions.
(via Ben Bridts)]]>aws cognito security s3 dynamodb scanning whitepapershttps://pinboard.in/https://pinboard.in/u:jm/b:33986e19ca3d/wifiscan.py2018-11-07T21:46:52+00:00
http://canonical.org/~kragen/sw/dev3/wifiscan.py
jmReport wireless signal strength using audio synthesis.
This quick kludge is useful for figuring out where the dead spots in
your wireless network coverage are. They’re where the pitch goes high
and maybe you start getting clicks from audio buffer underruns.
Example audio output can be found at
.
This is based on a brilliant hack by Seth Schoen, in which he
generated a tone controlled by the signal strength indication from his
wireless card in order to get a sort of 21st-century software
Theremin. This adds some envelope modulation so that it’s useful as a
network diagnostic tool rather than a musical instrument.
It depends on PulseAudio and the interface to the usual set of Linux
commands: pacat, ping, and iwconfig. (I should really just read
/proc/net/wireless instead of depending on iwconfig.)
]]>kragen wifi scanning audio sound signal linuxhttps://pinboard.in/https://pinboard.in/u:jm/b:449997ee022e/Hyperscan2017-08-12T08:50:41+00:00
https://01.org/hyperscan
jma high-performance multiple regex matching library. It follows the regular expression syntax of the commonly-used libpcre library, yet functions as a standalone library with its own API written in C. Hyperscan uses hybrid automata techniques to allow simultaneous matching of large numbers (up to tens of thousands) of regular expressions, as well as matching of regular expressions across streams of data. Hyperscan is typically used in a DPI library stack.
Hyperscan began in 2008, and evolved from a commercial closed-source product 2009-2015. First developed at Sensory Networks Incorporated, and later acquired and released as open source software by Intel in October 2015.
Hyperscan is under a 3-clause BSD license. We welcome outside contributors.
This is really impressive -- state of the art in parallel regexp matching has improved quite a lot since I was last looking at it.
(via Tony Finch)]]>via:fanf regexps regular-expressions text matching pattern-matching intel open-source bsd c dpi scanning sensory-networkshttps://pinboard.in/https://pinboard.in/u:jm/b:eb7f772d7923/How Google Book Search Got Lost – Backchannel2017-04-11T20:52:13+00:00
https://backchannel.com/how-google-book-search-got-lost-c2d2cf77121d
jmThere are plenty of other explanations for the dampening of Google’s ardor: The bad taste left from the lawsuits. The rise of shiny and exciting new ventures with more immediate payoffs. And also: the dawning realization that Scanning All The Books, however useful, might not change the world in any fundamental way.
]]>books reading google library lawsuits legal scanning book-search searchhttps://pinboard.in/https://pinboard.in/u:jm/b:7ab6ee448e22/Apollo 11 astronauts wrote on moon ship's walls, Smithsonian 3D scan reveals2016-02-11T15:28:30+00:00
http://www.collectspace.com/news/news-021116a-apollo11-smithsonian-3d-scan-writings.html
jmscanning apollo history moon spaceflight 3d-scanning columbia apollo-command-modulehttps://pinboard.in/https://pinboard.in/u:jm/b:e1a1d36df41e/How-to: Index Scanned PDFs at Scale Using Fewer Than 50 Lines of Code2015-10-21T09:36:31+00:00
http://blog.cloudera.com/blog/2015/10/how-to-index-scanned-pdfs-at-scale-using-fewer-than-50-lines-of-code/
jmspark tesseract hbase solr leptonica pdfs scanning cloudera hadoop architecturehttps://pinboard.in/https://pinboard.in/u:jm/b:2b695d958d5f/Netty's async DNS resolver2015-06-04T13:37:02+00:00
https://github.com/netty/netty/issues/3797#issuecomment-108356744
jmnetty dns async crawlers resolver benchmarks scanninghttps://pinboard.in/https://pinboard.in/u:jm/b:1a7b95094a3e/ISIS vs. 3D Printing | Motherboard2015-05-25T20:35:19+00:00
http://motherboard.vice.com/read/isis-vs-3d-printing
jmMorehshin Allahyari, an Iranian born artist, educator, and activist [....] is working on digitally fabricating [the] sculptures [ISIS destroyed] for a series called “Material Speculation” as part of a residency in Autodesk's Pier 9 program. The first in the series is “Material Speculation: ISIS,” which, through intense research, is modeling and reproducing statues destroyed by ISIS in 2015. Allahyari isn't just interested in replicating lost objects but making it possible for anyone to do the same: Embedded within each semi-translucent copy is a flash drive with Allahyari’s research about the artifacts, and an online version is coming.
In this way, “Material Speculation: ISIS,” is not purely a metaphorical affront to ISIS, but a practical one as well. Allahyari’s work is similar to conservation efforts, including web-based Project Mosul, a small team and group of volunteers that are three-dimensionally modeling ISIS-destroyed artifacts based on crowd-sourced photographs.
"Thinking about 3D printers as poetic and practical tools for digital and physical archiving and documenting has been a concept that I've been interested in for the last three years,” Allahyari says. Once she began exploring the works, she discovered a thorough lack of documentation. Her research snowballed. “It became extremely important for me to think about ways to gather this information and save them for both current and future civilizations.”
]]>3d-printing fabrication scanning isis niniveh iraq morehshin-allahyari history preservation archives archivalhttps://pinboard.in/https://pinboard.in/u:jm/b:7bfca6735cd6/Getting good cancer care through 3D printing2015-01-14T23:48:49+00:00
http://makezine.com/magazine/hands-on-health-care/
jmBalzer downloaded a free software program called InVesalius, developed by a research center in Brazil to convert MRI and CT scan data to 3D images. He used it to create a 3D volume rendering from Scott’s DICOM images, which allowed him to look at the tumor from any angle. Then he uploaded the files to Sketchfab and shared them with neurosurgeons around the country in the hope of finding one who was willing to try a new type of procedure. Perhaps unsurprisingly, he found the doctor he was looking for at UPMC, where Scott had her thyroid removed. A neurosurgeon there agreed to consider a minimally invasive operation in which he would access the tumor through Scott’s left eyelid and remove it using a micro drill. Balzer had adapted the volume renderings for 3D printing and produced a few full-size models of the front section of Scott’s skull on his MakerBot. To help the surgeon vet his micro drilling idea and plan the procedure, Balzer packed up one of the models and shipped it off to Pittsburgh.
]]>diy surgery health cancer tumours medicine 3d-printing 3d scanning mri dicomhttps://pinboard.in/https://pinboard.in/u:jm/b:e322ac6143ac/Schneier on Security: Why Data Mining Won't Stop Terror2015-01-12T15:07:56+00:00
https://www.schneier.com/essays/archives/2005/03/why_data_mining_wont.html
jmThis unrealistically accurate system will generate 1 billion false alarms for every real terrorist plot it uncovers. Every day of every year, the police will have to investigate 27 million potential plots in order to find the one real terrorist plot per month. Raise that false-positive accuracy to an absurd 99.9999 percent and you're still chasing 2,750 false alarms per day -- but that will inevitably raise your false negatives, and you're going to miss some of those 10 real plots.
Also, Ben Goldacre saying the same thing: http://www.badscience.net/2009/02/datamining-would-be-lovely-if-it-worked/]]>internet scanning filtering specificity statistics data-mining terrorism law nsa gchq false-positives false-negativeshttps://pinboard.in/https://pinboard.in/u:jm/b:40691f3d07b8/Xerox scanners/photocopiers randomly alter numbers in scanned documents · D. Kriesel2013-08-05T22:09:36+00:00
http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning
jmSeveral mails I got suggest that the xerox machines use JBIG2 for compression. This algorithm creates a dictionary of image patches it finds “similar”. Those patches then get reused instead of the original image data, as long as the error generated by them is not “too high”. Makes sense. This also would explain, why the error occurs when scanning letters or numbers in low resolution (still readable, though). In this case, the letter size is close to the patch size of JBIG2, and whole “similar” letters or even letter blocks get replaced by each other.
]]>jbig2 compression xerox photocopying scanning documents fonts arial image-compression imageshttps://pinboard.in/https://pinboard.in/u:jm/b:a1363e505fec/Breakthrough silicon scanning discovers backdoor in military chip [PDF]2013-07-15T09:59:42+00:00
http://www.cl.cam.ac.uk/~sps32/ches2012-backdoor.pdf
jm
This paper is a short summary of the first real world detection of a backdoor in a military grade FPGA. Using an innovative patented technique we were able to detect and analyse in the first documented case of its kind, a backdoor inserted into the Actel/Microsemi ProASIC3 chips for accessing FPGA configuration. The backdoor was
found amongst additional JTAG functionality and exists on the silicon itself, it was not present in any firmware loaded onto the chip. Using Pipeline Emission Analysis (PEA), our pioneered technique, we were able to extract the secret key to activate the backdoor, as well as other security keys such as the AES and the Passkey. This way an attacker can extract all the configuration data from the chip, reprogram crypto and access keys, modify low-level silicon features, access unencrypted configuration bitstream or permanently damage the device. Clearly this
means the device is wide open to intellectual property (IP) theft, fraud, re-programming as well as reverse engineering of the design which allows the introduction of a new backdoor or Trojan. Most concerning, it is
not possible to patch the backdoor in chips already deployed, meaning those using this family of chips have to accept the fact they can be easily compromised or will have to be physically replaced after a redesign of the silicon itself.]]>chips hardware backdoors security scanning pea jtag actel microsemi silicon fpga trojanshttps://pinboard.in/https://pinboard.in/u:jm/b:6f2d48239e0d/Patent trolls want $1,000 for using scanners2013-01-02T15:15:08+00:00
http://arstechnica.com/tech-policy/2013/01/patent-trolls-want-1000-for-using-scanners/
jm
'You should know also that we have had a positive response from the business community to our licensing program. As you can imagine, most businesses, upon being informed that they are infringing someone’s patent rights, are interested in operating lawfully and taking a license promptly. Many companies have responded to this licensing program in such a manner. Their doing so has allowed us to determine that a fair price for a license negotiated in good faith and without the need for court action is a payment of $900 per employee. We trust that your organization will agree to conform your behavior to respect our patent rights by negotiating a license rather than continuing to accept the benefits of our patented technology without a license. Assuming this is the case, we are prepared to make this pricing available to you.'
And here's an interesting bottom line:
The best strategy for target companies? It may be to ignore the letters, at least for now. “Ignorance, surprisingly, works,” noted Prof. Chien in an e-mail exchange with Ars.
Her study of startups targeted by patent trolls found that when confronted with a patent demand, 22 percent ignored it entirely. Compare that with the 35 percent that decided to fight back and 18 percent that folded. Ignoring the demand was the cheapest option ($3,000 on average) versus fighting in court, which was the most expensive ($870,000 on average).
Another tactic that clearly has an effect: speaking out, even when done anonymously. It hardly seems a coincidence that the Project Paperless patents were handed off to a web of generic-sounding LLCs, with demand letters signed only by “The Licensing Team,” shortly after the “Stop Project Paperless” website went up. It suggests those behind such low-level licensing campaigns aren’t proud of their behavior. And rightly so.