Wosar said that publicly releasing tools, as Bitdefender did, has become riskier as ransoms have soared and the gangs have grown wealthier and more technically adept.
Careless disclosure caused ransomware creators to improve their code before it was necessary, which raises societal cost of dealing with attacks.
The incident also shows how antivirus companies eager to make a name for themselves sometimes violate one of the cardinal rules of the cat-and-mouse game of cyber-warfare: Don’t let your opponents know what you’ve figured out.
Individual good—promotion of the company's skills—over the public good—reducing the impact of the ransomware attacks. #ITethics
keyword.softkwlist
Python 3.9 adds "soft" keywords.
The format of this property depends on the current value of sort. When search_after is used in conjunction with a chronological sort value—e.g. updated, created—this parameter should be formatted as an ISO 8601 string. It may also be formatted in ms (milliseconds) since the Epoch.
A sort order of asc also seems to be a requirement, otherwise the API returns earlier hits.
The final challenge was about assessing the level of use of different parts of the Schema.org model. If we wanted to propose a change in how a term was documented or suggest a revision to its expected values, it is difficult to assess the potential impact of that change. There’s no easy way to see which applications might be relying on specific parts of the model. Or how many people are publishing data that uses different terms.
Anticipate difficulty—or at least potential confusion—when taking a broader, open community's vocabulary and making more narrow definitions that fit your domain.
Too much flexibility made it harder for implementers to understand what data would be most useful to publish. And how to do it well. Many publishers were building new services to expose the data so they needed a clearer specification for their development teams. We addressed this in Version 2 of the specifications by considerably tightening up the requirements. We defined which terms were required or just recommended (and why). And added cardinalities and legal values for terms. Our specification became a more formal, extended profile of Schema.org. This also allowed us build a data validator that is now being released and maintained alongside the specifications.
Suggestions for communities considering using [[SchemaOrg]] as a basis. These suggestions are of particular importance for implementers who are not used to open standards development work. Be more prescriptive, which offers the option of setting up a conformance validator.
Our initial community sessions around the OpenActive standards involved demonstrating how well the existing Schema.org model fitted the core requirements. And exploring where additional work was needed. This meant we skipped any wrangling around how to describe events and instead focused on what we wanted to say about them. Important early questions focused on what information would potential participants find helpful in understanding whether this is specific activity or event is something that they might want to try? For example, details like: what activities they involved and for what level of competency?
Applying [[SchemaOrg]] to a particular use case meant skipping the already-defined parts (like describing events) and focusing on information and terms that are specific to the target domain.
For many people Schema.org may be more synonymous with publishing data for use by search engines. But as a project its goal is much broader, it is “a collaborative, community activity with a mission to create, maintain, and promote schemas for structured data“.
Broader use of [[SchemaOrg]]
Workers were extremely limited in functionality to start; just a bit of stateless Javascript code running in a V8 isolate, but as close to users as possible. In 2018 Cloudflare added a key-value store, giving Workers access to highly distributed eventually-consistent data storage; in 2020 the company introduced Workers Unbound, dramatically expanding Workers capabilities, and Durable Objects, which not only store data but also state, which means a single source of truth.
With a CDN foundation, Cloudflare added Workers to move processing to the edge. Then it added eventually-consistent key-value storage. Now it is adding "Durable Objects" of data-and-state that move across the Cloudflare network to where they are closest to the users.
What Cloudflare had in its favor, though, was the most potent advantage on the Internet: the service, much like Google a decade-earlier with its link-based ranking system, got better with use. This was because Cloudflare paired its content delivery network with DDoS protection; the latter was extremely attractive to websites, gave Cloudflare an in with ISPs who valued the protection to build point-of-presence servers around the world, and, critically, gave Cloudflare better-and-better data about how data flowed around the world (improving its service) even as it improved its CDN capabilities.
[[DDoS]] protection made the service valuable to ISPs as well as content providers.
That was basically Prince’s value proposition: Cloudflare’s CDN would be cheaper (free), simpler (just change DNS servers), smaller (only 5 servers to start), and more convenient (ridiculously easy!).
How Cloudflare would use [[Innovator's Dilemma]] principles to start at the fringe and move up-market.
BRENDAN CHAMBERLAIN-SIMON It really does, and it's so funny. I went to visit my parents back in June. I got to drive the Mars rover from my childhood bed. You know, my mom used to say, you'll never make anything happen if you don't get out of bed. [BROOKE CHUCKLES] Touché.
Good quote about what you can do from your childhood bedroom.
Colati argues in the panel (55:52) that our perceived notions of quality should go down, such as digitization at lower resolution
Colati's argument was for a refocusing of effort towards lower quality reference scans for a wider range of material, then see what floats to the top for better treatment. This comment was also made in the context of machine-generated metadata as a way to try to get past the human-generated metadata bottleneck.
Their audience is, largely, academic library and IT administrators, although sometimes they let some of folks in the “unwashed masses” (26:44) attend if we’re presenting.
"unwashed masses" is an unfair pull from the talk. Scheinfeldt's reference was not to CNI attendance, but towards "democratization of access to [archives]"
Sourcery endeavors to make document requests “easy” by “[giving] archival staff and patrons one easy platform for requesting and receiving scans”.
Definition of "Sourcery"
Scheinfeldt
33:08 — there has been a bias towards when an archival document is digitized, it is done at the highest quality level and put in the best system with the most complete metadata. That there is only one scan of a document on the archive's website; that there can't more than one scan of document.
But there are already parallel digitization paths, mostly driven by individual researchers for reference needs. Do they need to be integrated or should they exist in parallel?
56:54 — Discovery though footnotes in books is underestimated by archivists versus use of finding aids. Sourcery founding idea was linking footnotes to finding aids for serendipitous discovery.
Greg
31:40 — Analog collections are managed at the collection or box or folder level. Digitizing an item in a folder almost mandates item-level metadata.
55:49 — Turn the formal digitization model on its head...put as much out there as possible in whatever low quality you can do, and then see what rises to the top.
Sourcery Project
Does the Sourcery Project provide new signals to archives on where to prioritize effort for systematic digitization?
Cliff, prompted by audience text questions, asks if there is a place for outreach for remote access to archives...to have a digitization specialist on a call with a remote scholar flipping through the contents of a folder or box?
Dan
29:00 — Opens up collections to access beyond credentialed users.
Barbara
28:00 — Scholars need different types of sources...for reference, for publication, etc. Sourcery becomes a new source.
Tom
27:30 — Software as a provocation, and in this case a provocation for openness...collections that are not open on Sourcery would be cited fewer times; encouraging closed archives to open up their collections.
The investigators behind the report found that nearly 80% of the comments funded by the broadband industry were collected by lead generation companies that offered consumers various rewards in exchange for their information. "Marketing offers varied widely, and included everything from discounted children's movies to free trials of male enhancement products," the report reads. The broadband industry would then run additional solicitations alongside those promotions, asking consumers to join the anti-net neutrality campaign, according to the report. But the lead generation companies did not always run those solicitations, the report says. "Instead, they copied names and addresses they had purchased or collected months or years earlier through unrelated lead generation efforts, and passed it off as information submitted by consumers who had agreed to join the broadband industry's campaign," it reads.One lead generator went so far as to use information obtained through a data breach to submit fake comments.
Did broadband companies have deniability because they used these "lead generation" companies.?
EDWARD DOLNICK: He came out with how gravity works, how light works, how rainbows work, how the tides work.
Isaac Newton, around 1665, is sent home from Cambridge University (UK) because of a plague. In the course of one summer, he works out all sorts of scientific findings, including the basics of orbital mechanics.
Facebook, on the other hand, is worried that if you have a choice, you'll choose not to let it track you, which would be bad for Facebook. The social media giant literally doesn't want you to have a choice because it's more concerned about what's good for Facebook than what's good for users.
Facebook's position is to benefit Facebook, not the user.
Craig Federighi, Apple's senior vice president of software engineering, told The Wall Street Journal's Joanna Stern that the company's goal is to "give users a choice." Those four words are at the core of the problem with the position Facebook has taken since Apple announced the changes last year at its developer conference.
Apple is saying that giving users the choice over how their data is used on their devices is "the right thing".
If you've seen Denis Shirayev's upscaled historical videos, you've seen the past enhanced by a touch of the future. He takes videos scanned from very old films, like our poignant A Trip Down Market Street Before the Fire, shot just days before the 1906 quake and fire that devastated San Francisco, upscales them to 4K, smoothes out jitter and adds color. (Today any video editor can make something almost as good using off-the-shelf tools like Topaz Video Enhance AI.) Shirayev's videos are beautiful and compelling, but they show you something that never was. They're not archival; they're fiction
Applying AI enhancements to historical artifacts introduces the bias of the AI algorithm to the representation.
Registries are emerging to authenticate sources and provenance, and perhaps even indemnify purchasers against false representations by sellers. These have long existed in the collectibles business. Rare coins are frequently processed by trusted grading and authentication services, which charge to inspect coins and then encapsulate them in sealed plastic slabs.
These registration services—providing authenticity and quality grading—don’t come for free and the cost of them must be somehow factored into the blockchain transaction.
While the blockchain is supposed to draw an unbroken link between creator/tokenizer and purchaser, it's just a record of transactions that might be tainted or even bogus. We know the original Mona Lisa resides in the Louvre, but it's very hard to identify who really created and who owns many of the millions of creative works made in the analog era.
NFTs do not answer the question of provenance. A statement is just attributed to a blockchain address. The provenance is only as secure as that blockchain address is recognized and not compromised. Black-and-white...it is or it isn’t.
This would worsen an already bad situation, where institutions like our Library of Congress hold physical copies of millions of films, TV programs, and recordings that can't be touched because someone else holds the copyright. Ideally, archives and museums should own and control both the physical and digital states of its collections. That won't happen if they have to sell or license NFTs in order to survive.
I don’t see the connection here—if the archive holds the copyright, why would selling an NFT on an object prevent them from controlling the physical and digital archives?
Law professor Tonya M. Evans optimistically suggests that crypto art offers Black artists and communities opportunities to bypass white art gatekeepers and "capture and own the value of the culture that they produce."
NFTs may help underrepresented artists find support by bypassing gatekeepers.
By design, archives are deliberate and thoughtful, with a timeline designed to preserve culture "forever." They're not built to nimbly weather disruption.
Archives are haphazardly scattered through culture and are typically underfunded. Deliberate and thoughtful, but rigid and underfunded.
I give old films away for free. It started in 1999 when I was seduced by the promise, excitement, and just-felt-rightness of the gift economy. Not 30 seconds after we first met, Internet Archive founder Brewster Kahle asked me, "Want to put your film archives online for free?"
Opinion piece author is Rick Prelinger
NISO Standard for the ResourceSync Framework (ResourceSync Framework, 2014). This would facilitate the automatic updating of the links upon changes to any of the versions.
[[ResourceSync]] to "facilitate the automatic updating of links"...as described by [[Herbert Van de Sompel]] through John.
So, what would it take to build what I would call an ‘Open Web Smart Link’, which would facilitate a user getting to a shared version of an article via a clearly labelled link so that the user knows what to expect? Librarians have been working on things like this for many years (Sugita et al., 2007), but I am not aware of any publishers adopting similar linking technologies.
John's definition of what something like [[GetFTR]] would do.
Some readers will know that they need the article of record. A very high percentage, however, who are reading this article for the first time and want to follow a citation simply need to reassure themselves that they understand the argument being presented. They will simply need read‐access to the cited work.
Some users will need the article-of-record. Others ("a very high percentage", John says) can make use of something that isn't the article-of-record.
the users’ need in this case is a link or a set of links that give them their best access choices. In my opinion, these links should be revealing as to whether or not clicking on them will get you to the full text or not.
John sees the need for what [[GetFTR]] is trying to solve.
But inside of a library that does not subscribe to this particular journal, this single open access article is very unlikely to participate in any of the discovery services, and when other articles cite her article, the link‐resolvers that would normally provide the reader with a direct link to her article will not do so.
Because library tools for accessing journal articles are tied to the journal level, this one open access article in a journal for which the library does not have a subscription cannot be discovered.
it does cover the landscape of where there might be unnecessary friction between someone's intent to share and a user's desire to discover
Purpose of the Open Content Discovery Grid
If an institution passes an open access policy, it is in large part motivated by having the results of scholarship at that institution have maximum reach and influence. If a funding agency establishes an open access mandate, as most of them have, it often stems from a desire to accelerate research in areas in which they provide funding. If a scholarly publisher comes out with an open access journal or offers for a fee to make certain articles ‘open’, they should certainly seek to have that article or that journal achieve maximum reach. And scholars/researchers who share their papers on personal websites or on scholar sites, like academia.edu or ResearchGate, tell me that this is their way of making sure that colleagues in their field have access to their works.
Reasons why institutions, funding agencies, scholarly publishers, and authors post content in open access.
‘helping people find things that they need, but are not looking for’
John Dove's definition of serendipity in discovery.
This is an example of a dark pattern: design that manipulates or heavily influences users to make certain choices. Instagram uses terms like “activity” and “personalized” instead of “tracking” and “targeting,” so the user may not realize what they’re actually giving the app permission to do. Most people don’t want Instagram and its parent company, Facebook, to know everything they do and everywhere they go. But a “better experience” sounds like a good thing, so Instagram makes the option it wants users to select more prominent and attractive than the one it hopes they’ll avoid.
Definition of [[Dark Pattern]].
Article covers legislative efforts in states and nationally to ban dark patterns.
No provider or user of any interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
The 26 words of Section 230 of the Communications Decency Act of 1996.
So what he's saying here is if someone had run these same ads about these T-shirts in the classifieds section of a newspaper, Ken could have sued the newspaper. He might not have won that lawsuit, but he could have had his day in court. But what this ruling in Ken's case means is he doesn't even get to argue the merits of his case. He simply cannot sue AOL over these posts, period.
Why Section 230 made internet platforms different from newspapers—newspapers could be sued for publishing inaccurate information. (Might not have won, but at least the avenue was open.)
the other thing is this whole thing of the military having this culture that you keep things secret, which means that it's very hard to have, like, an open - and it's very top-down. So it's very hard to have an open discussion about - like, a scientific discussion going on around these topics. I mean, now I make it sound like they are very different from the rest of us, but in a way, they are just human beings. And you can easily wind yourself up in some kind of explanation. If you have a few authorities telling you how things are, you can easily start to collect evidence that that must be how it was.
It is sort of like "group-think", but enforced in a rigid, top-down structure such that you can't question it—you don't know to question it.
pseudonymous identifiers
eduPersonEntitlement
Each of these use cases has a different demand of the metadata about the user.
Implementers of OAUTH have a good example of attribute release policy pages.
Let’s consider first the issue that a user is logged into an online system, individually and therefore can be tracked.
Logged into an online system is reminiscent of the days of CompuServe and AOL. Today it is about being a node on a network. Logged in isn't as accurate as Connected.
Well the leaks are real. You're the one that wrote about them and reported them, I mean the leaks are real. You know what they said, you saw it and the leaks are absolutely real. The news is fake because so much of the news is fake.
The leaks are real, but the news based on the leaked information is false?
new buy American measures in place to require American steel for American pipelines
U.S. steelmakers will receive negligible benefit from the multi-billion dollar Keystone XL project, one of the two projects Trump ordered to proceed, because they have limited ability to meet the stringent materials requirements for the TransCanada line.
American steel unlikely to get Keystone boost despite Trump order Reuters, Mon Jan 30, 2017 at 12:08pm EST, http://www.reuters.com/article/us-usa-trump-pipeline-transcanada-idUSKBN15E22M
And I want regulations because I want safety, I want environmental - all environmental situations to be taken properly care of. It's very important to me. But you don't need four or five or six regulations to take care of the same thing.
This is the first time I've seen him say "I want regulations because of safety...environmental." Would love to see data backing up "five or six regulations to take care of the same thing."
cyber-physical systems
Cyber-physical systems are the next evolution of embedded systems. From Wikipedia:
Today, a precursor generation of cyber-physical systems can be found in areas as diverse as aerospace, automotive, chemical processes, civil infrastructure, energy, healthcare, manufacturing, transportation, entertainment, and consumer appliances. This generation is often referred to as embedded systems. In embedded systems the emphasis tends to be more on the computational elements, and less on an intense link between the computational and physical elements.
Fair In formation Practice Prin ciples
FTC Fair Information Practice - Wikipedia, the free encyclopedia
privacy impact assessments
Privacy engineering is an emergi ng field, but currently there is no widely-accepted definition of the discipline. For the purposes of this publication, privacy engineering is a collection of methods to support the mitigation of risks to individuals arising from th e processing of their personal information within information systems.
The NIST RMF categorizes four broad 523 processes in looped phases, as illustrated in 524 Figure 01 : (i) frame risk (i.e., establish the 525 context for risk-based decisions); (ii) assess 526 risk; (iii) respond to risk once determined; 527 and (iv) monitor risk on an ongoing b
Predictability is the enabling of reliable assumptions by individuals, owners, and operators about personal information and its processing by an information system. Manageability is providing the capability for granular administration of personal information including alteration, deletion, and selective disclosure. Disassociability is enabling the processing of personal information or events without association to individuals or devices beyond the operational requirements of the system.
Data actions are information system operations that process personal information. “Processing” can include, but is not limited to, the collection, retention, logging, generation, transformation, disclosure, transfer, and disposal of personal information.
Personal Information: For the purpose of risk assessment, personal information is 963 considered broadly as any information that ca n uniquely identify an individual as well as 964 any other information, events or behavior th at can be associated with an individual. 965 Where agencies are conducting activities subj ect to specific laws, regulation or policy, 966 more precise definitions may apply.
A definition for personal information.
A new taxonomy to understand privacy violations is thus sorely needed. This Article develops a taxonomy to identify privacy problems in a compre- hensive and concrete manner. It endeavors to guide the law toward a more coherent understanding of privacy and to serve as a framework for the fu- ture development of the field of privacy law.
In the taxonomy that follows, there are four basic groups of harmful ac- tivities: (1) information collection, (2) information processing, (3) informa- tion dissemination, and (4) invasion. Each of these groups consists of dif- ferent related subgroups of harmful activities.