Below is an extract of a 10-page cheat sheet about data science, compiled by Maverick Lin. This cheatsheet is currently a reference in data science that covers basic concepts in probability, statistics, statistical learning, machine learning, deep learning, big data frameworks and SQL. The cheatsheet is loosely based off of The Data Science Design Manual by Steven S. Skiena and An Introduction to Statistical Learning by Gareth James, Daniela Witten, Trevor Hastie and Robert Tibshirani. Inspired by William Chen’s The Only Probability Cheatsheet You’ll Ever Need, located here.
Full cheat sheet available here as a PDF document. Originally posted here. The screenshot below is an extract.
For related cheat cheats (machine learning, deep learning and so on) follow this link.
London cops have admitted they gave photos of people to a property developer to use in a facial-recognition system in the heart of the UK capital.
Back in July, Siân Berry, co-leader of the Green Party of England and Wales, asked London Mayor Sadiq Khan whether the Met Police had collaborated with any retailers or other private companies in the operation of facial-recognition systems. A month later, Khan replied that the police force had not worked with any organisations on face-scanning tech in the capital beyond its own experiments.
However, that turned out to be incorrect. On Wednesday this week, the mayor revealed the cops had in actual fact handed over snaps of people to the private landlord for most of the busy King’s Cross area – which, it emerged last month, had set up facial-recognition cameras to snoop on thousands of Brits going about their day.
“The MPS [Metropolitan Police Service] has just now brought it to my attention that the original information they provided … was incorrect and they have in fact shared images related to facial recognition with King’s Cross Central Limited Partnership,” Khan said in an update, adding that this handover of photos ended sometime in 2018.
The study suggests that marketers can use this understanding of local identity versus global identity to shape consumers’ price perceptions and behavior. UTA and three other universities contributed to the study.
“Consumers tend to use price to judge a product’s quality when their local identity is most important to them,” Janakiraman said. “When promoting high-priced or branded products, marketers can situationally activate consumers’ local identity. To accomplish this objective, businesses can encourage consumers to think locally or employ local cultural symbols in advertising and other promotional material.”
Findings also suggest that discount stores, such as dollar stores, should discourage consumers from using the price of a product to infer its quality.
“Discount stores, therefore, would be better served by temporarily making consumers’ global identity more prominent,” Janakiraman said. “Cues in advertisements that focus on a product’s global appeal would help achieve that goal.”
The UK Armed Forces’ privatised pilot training system is taking nearly seven years to turn new recruits into frontline-ready aviators, according to the National Audit Office (NAO).
The NAO investigation into the UK Military Flying Training System (UKMFTS) contract, which is let to a consortium backed in part by US arms multinational Lockheed Martin, thundered that the RAF was short of 330 pilots, while almost half of students entering the UKMFTS system last year failed to complete their intermediate training.
“In its worst year (2018-19), 49 students completed Phase 2, an 86 per cent shortfall against the [Ministry of Defence’s] current aircrew requirements. In its best year (2015-16), 182 students completed Phase 2, a 21 per cent shortfall,” said the NAO in its latest report.
Damningly, RAF fast jet pilots, the two-winged master race* who fly the service’s Typhoon and F-35 fighters, were taking more than seven years to get from joining the Air Force to being declared ready for frontline duties.
Part of the underlying cause of the problems identified by the NAO is the contractor’s failure to provide enough aeroplanes and instructors. Originally the post-Cold War era RAF had more than 100 Hawk advanced training jets, 130 Short Tucano intermediate trainers and 89 Grob Tutor basic training aeroplanes. Ascent, the Lockheed Martin-backed consortium, is replacing these with 23 Grob Prefect training aeroplanes, 10 Texan II fast jet trainers and five Embraer Phenom 100s. The MoD itself continues providing modernised Hawks.
GPS trackers are designed to bring you greater peace of mind by helping you to locate your kids, your pets, and even your car. They can help keep the elderly or disabled safe by providing them with a simple SOS button to call for immediate help. Many devices are marketed for these purposes on common sites like Amazon and eBay and can be purchased for $25-$50 USD, making them more financially attractive than using a smartphone for some of the same capabilities.
[…]
As the instructions state, there is a web portal and a mobile application that you can use to manage the tracker. We took the path of least resistance and first opened a web application which is reachable at http://en.i365gps.com.
[…]
As you can see the first red flag is that the login form is served over HTTP protocol, not over the more secure HTTPS. Moreover, you have two options to connect to the cloud: by using an account with username and password or using ID and password. Which one to pick? We turned to the leaflet for answers. It says:
Figure 5: Default password
This applies both for Android application as well as for web application. What is also an alarming fact is that last sentence: “…user needs to contact reseller to register a username if need to login by username.” Since you have to call the reseller to request a username, it’s fairly clear you are intended to use the ID, the password for which is “123456.” Not a good start.
[…]
Ok so let’s get back to the IMEI/ID that in combination with default password serves as the credentials for your account. Remember how easy it was to scan through that 1M of possible IMEI numbers as they have the same prefix? So we scanned an arbitrary 4M sequential serial numbers ourselves just to get an idea of the scale of the devices out there and we learned that at least six hundred thousand devices are live in the wild with default passwords. We executed a deeper scan of a subset of one million of these devices to determine make, model, and location; of the one million, we scanned, over 167,000 were locatable.
Figure 29: a result of a detailed scan of 1M serial numbers for tracker devices
Figure 30: last GPS position of trackers
Now it’s obvious that the same infrastructure is used for all or at least most of the trackers from this vendor as we identified 29 different models of trackers during this scan of 1M IMEIs. All the models are sold by wholesaler Shenzen i365, and we were able to determine that some models in this scan are being sold under different product names, which leads us to the conclusion that infrastructure and devices are being white labelled and sold under different brand names. In many instances, however, we were only able to determine a generic model number.
Number of trackers
Tracker model
60601
T58
36658
A9
26654
T8S
20778
T28
20640
TQ
11480
A16
10263
A6
9121
3G
7452
A18
5092
A21
4083
T28A
3626
A12
2921
A19
2839
A20
2638
A20S
2610
S1
1664
P1
749
FA23
607
A107
280
RomboGPS
79
PM01
55
A21P
26
PM02
16
A16X
15
PM03
4
WA3
4
P1-S
3
S6
1
S9
Figure 31: trackers models and their counts in 1M detailed sample scan
Figure 32: affected models
You are probably already feeling like there is a lot more to this story than meets the eye as we found devices that are not produced by this particular company during this scan. It turns out that this problem is much bigger than it looks. How big? We’ll show you in the follow-up to this which goes deeper into the relationships between different products and companies and into many surprising facts about cloud infrastructure. We found more alarming vulnerabilities and much more instances of this cloud and trackers.
But so far we think we are speaking of approximately 50 different applications sharing the same platform (and probably also the same vulnerabilities) as seen in this picture:
Figure 33: the research continues, see you in part 2 where we uncover more about platform/cloud
