Obey the Almighty Library Laws

January 23, 2017

Recently I was speaking with someone and the conversation turned to libraries.  I complimented the library’s collection in his hometown and he asked, “You mean they still have a library?” This response told me a couple things: one, that this person was not a reader and two, did not know the value of a library.  The Lucidea blog discussed how “Do The Original 5 Laws Of Library Science Hold Up In A Digital World?” and apparently they still do.

S.R. Ranganathan wrote five principles of library science before computers dominated information and research in 1931.  The post examines how the laws are still relevant.  The first law states that books are meant to be used, meaning that information is meant to be used and shared.  The biggest point of this rule is accessibility, which is extremely relevant.  The second laws states, “Every reader his/her book,” meaning that libraries serve diverse groups and deliver non-biased services.  That still fits considering the expansion of the knowledge dissemination and how many people access it.

The third law is also still important:

Dr. Ranganathan believed that a library system must devise and offer many methods to “ensure that each item finds its appropriate reader”. The third law, “every book his/her reader,” can be interpreted to mean that every knowledge resource is useful to an individual or individuals, no matter how specialized and no matter how small the audience may be. Library science was, and arguably still is, at the forefront of using computers to make information accessible.

The fourth law is “save time for the reader” and it refers to being able to find and access information quickly and easily.  Search engines anyone?  Finally, the fifth law states that “the library is a growing organism.”  It is easy to interpret this law.  As technology and information access changes, the library must constantly evolve to serve people and help them harness the information.

The wording is a little outdated, but the five laws are still important.  However, we need to also consider how people have changed in regards to using the library as well.

Whitney Grace, January 23, 2017

Another Untraceable Dark Web Actor Put Behind Bars

January 19, 2017

A prison librarian in England who purchased drugs and weapons over the Dark Web for supplying them to prisoners was sentenced to 7-years in prison.

The Register in a news report Prison Librarian Swaps Books for Bars After Dark-Web Gun Buy Caper says:

Dwain Osborne, of Avenue Road, Penge, in London, was nabbed in October of 2015 after he sought to procure a Glock 19 – a staple of police and security forces worldwide – and 100 rounds of ammunition on the dark web. A search of Osborne’s house revealed the existence of a storage device, two stolen passports, and a police uniform.

Osborne was under the impression that like other Dark Web actors, he too is untraceable. What made the sleuths suspicious is not known, however, the swift action and prosecution are commendable. Law enforcement agencies are challenged by this new facet of crime wherein most perpetrators manage to remain anonymous.

Most arrests related to the purchase of arms and drugs over Dark Web were result of undercover operations. However, going beyond this type of modus operandi is the need of the hour.

Systems like Apacke Teka seem to be promising, but it is premature to say how such kind of systems will evolve and most importantly, will be implemented.

Vishal Ingole, January 19, 2017

The Software Behind the Web Sites

January 17, 2017

Have you ever visited an awesome Web site or been curious how an organization manages their Web presence?  While we know the answer is some type of software, we usually are not given a specific name.  Venture Beat reports that it is possible to figure out the software in the article, “SimilarTech’s Profiler Tells You All Of The Technologies That Web Companies Are Using.”

SimilarTech is a tool designed to crawl the Internet to analyze what technologies, including software, Web site operators use.  SimiliarTech is also used to detect which online payment tools are the most popular.  It does not come as a surprise that PayPal is the most widely used, with PayPal Subscribe and Alipay in second and third places.

Tracking what technology and software companies utilize for the Web is a boon for salespeople, recruiters, and business development professionals who want a competitive edge as well as:

Overall, SimilarTech provides big data insights about technology adoption and usage analytics for the entire internet, providing access to data that simply wasn’t available before. The insights are used by marketing and sales professionals for website profiling, lead generation, competitive analysis, and business intelligence.

SimiliarTech can also locate contact information for personnel responsible for Web operations, in other words new potential clients.

This tool is kind of like the mailing houses of the past. Mailing houses have data about people, places, organizations, etc. and can generate contact information lists of specific clientele for companies.  SimiliarTech offers the contact information, but it does one better by finding the technologies people use for Web site operation.

Whitney Grace, January 17, 2016

BAE Lands US Air Force Info Fusion Job

January 6, 2017

I read “BAE Systems Awarded $49 Million Air Force Research Lab Contract to Enhance Intelligence Sharing.” The main point is that the US Air Force has a pressing need for integrating, analyzing, and sharing text, audio, images, and data. The write up states:

The U.S. Air Force Research Lab (AFRL) has awarded BAE Systems a five-year contract worth up to $49 million to develop, deploy, and maintain cross domain solutions for safeguarding the sharing of sensitive information between government networks.

The $49 million contract will enhance virtualization, boost data processing, and support the integration of machine learning solutions.

I recall reading that the Distributed Common Ground System performs some, if not most, of these “fusion” type functions. The $49 million seems a pittance when compared to the multi-billion dollar investments in DCGS.

My hunch is that Palantir Technologies may point to this new project as an example of the US government’s penchant for inventing, not using commercial off the shelf software.

Tough problem it seems.

Stephen E Arnold, January 6, 2016

Google Looks to Curb Hate Speech with Jigsaw

January 6, 2017

No matter how advanced technology becomes, certain questions continue to vex us. For example, where is the line between silencing expression and prohibiting abuse? Wired examines Google’s efforts to walk that line in its article, “Google’s Digital Justice League: How Its Jigsaw Projects are Hunting Down Online Trolls.” Reporter Merjin Hos begins by sketching the growing problem of online harassment and the real-world turmoil it creates, arguing that rampant trolling serves as a sort of censorship — silencing many voices through fear. Jigsaw, a project from Google, aims to automatically filter out online hate speech and harassment. As Jared Cohen, Jigsaw founder and president, put it, “I want to use the best technology we have at our disposal to begin to take on trolling and other nefarious tactics that give hostile voices disproportionate weight, to do everything we can to level the playing field.”

The extensive article also delves into Cohen’s history, the genesis of Jigsaw, how the team is teaching its AI to identify harassment, and problems they have encountered thus far. It is an informative read for anyone interested in the topic.

Hos describes how the Jigsaw team has gone about instructing their algorithm:

The group partnered with The New York Times (NYT), which gave Jigsaw’s engineers 17 million comments from NYT stories, along with data about which of those comments were flagged as inappropriate by moderators.

Jigsaw also worked with the Wikimedia Foundation to parse 130,000 snippets of discussion around Wikipedia pages. It showed those text strings to panels of ten people recruited randomly from the CrowdFlower crowdsourcing service and asked whether they found each snippet to represent a ‘personal attack’ or ‘harassment’. Jigsaw then fed the massive corpus of online conversation and human evaluations into Google’s open source machine learning software, TensorFlow. …

By some measures Jigsaw has now trained Conversation AI to spot toxic language with impressive accuracy. Feed a string of text into its Wikipedia harassment-detection engine and it can, with what Google describes as more than 92 per cent certainty and a ten per cent false-positive rate, come up with a judgment that matches a human test panel as to whether that line represents an attack.

There is still much to be done, but soon Wikipedia and the New York Times will be implementing Jigsaw, at least on a limited basis. At first, the AI’s judgments will be checked by humans. This is important, partially because the software still returns some false positives—an inadvertent but highly problematic overstep. Though a perfect solution may be impossible, it is encouraging to know Jigsaw’s leader understands how tough it will be to balance protection with freedom of expression. “We don’t claim to have all the answers,” Cohen emphasizes.

Cynthia Murrell, January 6, 2017

CIA Adapts to Cyber Reality

January 5, 2017

It would be quite the understatement to say the Internet had drastically changed the spy business. The evolution comes with its ups and downs, we learn from the article, “CIA Cyber Official Sees Data Flood as Both Godsend and Danger” at the Stars and Stripes. Reporter Nafeesa Syeed cites an interview with Sean Roche, the CIA’s associate deputy director for digital innovation. The article informs us:

A career CIA official, Roche joined the agency’s new Directorate for Digital Innovation, which opened in October, after serving as deputy director for science and technology.[…]

Roche’s division was the first directorate the CIA added in half a century. His responsibilities include updating the agency’s older systems, which aren’t compatible with current technology and in some cases can’t even accommodate encryption. The directorate also combined those handling the agency’s information technology and internet systems with the team that monitors global cyber threats. ‘We get very good insights into what the cyber actors are doing and we stop them before they get to our door,’ Roche said.

Apparently, finding tech talent has not been a problem for the high-profile agency. In fact, Syeed tells us, many agents who had moved on to the IT industry are returning, in senior positions, armed with their cyber experience. Much new talent is also attracted by the idea of CIA caché. Roche also asserts he is working to boost ethnic diversity in the CIA by working with organizations that encourage minorities to pursue work in technical fields. What a good, proactive idea! Perhaps Roche would consider also working with groups that promote gender equity in STEM fields.

In case you are curious, Roche’s list of the top nations threatening our cybersecurity includes Russia, China, Iran, and North Korea. No surprises there.

Cynthia Murrell, January 5, 2017

Linux Users Can Safely Test Alpha Stage Tor Browser

January 5, 2017

The Tor Project has released the Alpha version of Tor Browser exclusive to Linux that users can test and use in sandboxed mode.

As reported by Bleeping Computer in article titled First Version of Sandboxed Tor Browser Available:

Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can’t be leveraged to extend access to the underlying operating system.

As the browser that’s still under development is open to vulnerabilities, these loopholes can be used by competent parties to track down individuals. Sandboxing eliminates this possibility completely. The article further states that:

In recent years, Tor exploits have been deployed in order to identify and catch crooks hiding their identity using Tor. The Tor Project knows that these types of exploits can be used for other actions besides catching pedophiles and drug dealers. An exploit that unmasks Tor users can be very easily used to identify political dissidents or journalists investigating cases of corrupt politicians.

The Tor Project has been trying earnestly to close these loopholes and this seems to be one of their efforts to help netizens stay safe from prying eyes. But again, no system is full-proof. As soon as the new version is released, another exploit might follow suit.

Vishal Ingole, January 5, 2017

Malicious Tor Relays on over a Hundred Computers

January 4, 2017

For all the effort enterprises go to in securing data through technological solutions, there are also other variables to consider: employees. Ars Technica released an article, Malicious computers caught snooping on Tor-anonymized Dark Web sites, which explained malicious relays were found on over 110 machines around the world. Computer scientists at Northeastern University tracked these computers using honeypot.onion addresses, calling them “honions.” The article continues,

The research is only the latest indication that Tor can’t automatically guarantee the anonymity of hidden services or the people visiting them. Last year, FBI agents cracked open a Tor-hidden child pornography website using a technique that remains undisclosed to this day. In 2014, researchers canceled a security conference talk demonstrating a low-cost way to de-anonymize Tor users following requests by attorneys from Carnegie Mellon, where the researchers were employed. Tor developers have since fixed the weakness that made the exploit possible. More than 70 percent of the snooping hidden services directories were hosted on cloud services, making it hard for most outsiders to identify the operators.

While some may wonder if the snooping is a result of a technical glitch or other error, the article suggests this is not the case. Researchers found that in order for a directory to misbehave in this way, an operator has to change the code from Tor and add logging capabilities. It appears the impact this will have is yet to be fully revealed. 

Megan Feil, January 4, 2017

Norwegian Investigators Bust Child Pornography Racket over Dark Web

January 3, 2017

A yearlong investigation has busted a huge child pornography racket and resulted in a seizure of 150 Terabytes of pornographic material. Out of 51 accused, 20 so far have been arrested.

New Nationalist in a news piece titled – 150 Terabytes! Norway Busts Largest Dark Web, Child Porn Networks in History — US, UK Media Ignore Story says:

It’s one of the largest child sex abuse cases in history. A year-long special investigation called “Operation Darkroom” resulted in the seizure of 150 terabytes of data material in the form of photos, movies and chat logs containing atrocities against children as young as infancy, Norwegian police announced at a news conference in late November.

The investigation has opened a Pandora’s box of pedophiles. The accused list mostly comprises of educated individuals like politicians, lawyers, teachers, and a police officer too. Most accused are yet to be apprehended by the investigators.

Despite the bust happening in November followed by a press conference, US and UK based media has turned a blind eye towards this happening. The news report further states:

The Library of Congress holds about 600 terabytes of Web data. Its online archive grows at a rate of about 5 terabytes per month. Also note the horrifically sadistic nature of the material seized. And note that police are investigating the reach as worldwide, which means it involves a massive scale of evil filth. But nobody in the criminally compliant mainstream media thinks its newsworthy.

It might be possible that the world media was busy with US Presidential elections, thus its reporting was very low key. An interesting take away from this entire sad episode – the Dark Web is not a hideout of hackers, terrorists, drug dealers, and hitmen – seemingly upright citizens lurk on Dark Web too.

Vishal Ingole, January 3, 2017

Legal Clarity Recommended for Understanding Cyberthreat Offense and Defense

January 2, 2017

Recently a conference took place about cybersecurity in the enterprise world. In the Computer World article, Offensive hackers should be part of enterprise DNA, the keynote speaker’s address is quoted heavily. CEO of Endgame Nate Fick addressed the audience, which apparently included many offensive hackers, by speaking about his experience in the private sector and in the military. His perspective is shared,

“We need discontinuity in the adoption cure,” Fick said, “but you can’t hack back. Hacking back is stupid, for many reasons not just that it is illegal.” He argued that while it is illegal, laws change. “Remember it used to be illegal to drink a beer in this country, and it was legal for a kid to work in a coal mine,” he said. Beyond the issue of legality, hacking back is, what Fick described as, climbing up the escalatory ladder, which you can’t do successfully unless you have the right tools. The tools and the power or ability to use them legally has historically been granted to the government.

Perhaps looking toward a day where hacking back will not be illegal, Fick explains an alternative course of action. He advocates for stronger defense and clear government policies around cybersecurity that declare what constitutes as a cyberthreat offense. The strategy being that further action on behalf of the attacked would count as defense. We will be keeping our eyes on how long hacking back remains illegal in some jurisdictions.

Megan Feil, January 2, 2017

Next Page »