In a world first, researchers from the University of Ottawa in collaboration with Israeli scientists have been able to create optical framed knots in the laboratory that could potentially be applied in modern technologies. Their work opens the door to new methods of distributing secret cryptographic keys—used to encrypt and decrypt data, ensure secure communication and protect private information. The group recently published their findings in Nature Communications.
“This is fundamentally important, in particular from a topology-focused perspective, since framed knots provide a platform for topological quantum computations,” explained senior author, Professor Ebrahim Karimi, Canada Research Chair in Structured Light at the University of Ottawa.
“In addition, we used these non-trivial optical structures as information carriers and developed a security protocol for classical communication where information is encoded within these framed knots.”
The concept
The researchers suggest a simple do-it-yourself lesson to help us better understand framed knots, those three-dimensional objects that can also be described as a surface.
“Take a narrow strip of a paper and try to make a knot,” said first author Hugo Larocque, uOttawa alumnus and current Ph.D. student at MIT.
“The resulting object is referred to as a framed knot and has very interesting and important mathematical features.”
The group tried to achieve the same result but within an optical beam, which presents a higher level of difficulty. After a few tries (and knots that looked more like knotted strings), the group came up with what they were looking for: a knotted ribbon structure that is quintessential to framed knots.
Encryption scheme of a framed braid within a framed knot. The knot along with a pair of numbers can be used to recover the encrypted braid by means of a procedure relying on prime factorization. Credit: University of Ottawa
“In order to add this ribbon, our group relied on beam-shaping techniques manipulating the vectorial nature of light,” explained Hugo Larocque. “By modifying the oscillation direction of the light field along an “unframed” optical knot, we were able to assign a frame to the latter by “gluing” together the lines traced out by these oscillating fields.”
According to the researchers, structured light beams are being widely exploited for encoding and distributing information.
“So far, these applications have been limited to physical quantities which can be recognized by observing the beam at a given position,” said uOttawa Postdoctoral Fellow and co-author of this study, Dr. Alessio D’Errico.
“Our work shows that the number of twists in the ribbon orientation in conjunction with prime number factorization can be used to extract a so-called “braid representation” of the knot.”
“The structural features of these objects can be used to specify quantum information processing programs,” added Hugo Larocque. “In a situation where this program would want to be kept secret while disseminating it between various parties, one would need a means of encrypting this “braid” and later deciphering it. Our work addresses this issue by proposing to use our optical framed knot as an encryption object for these programs which can later be recovered by the braid extraction method that we also introduced.”
“For the first time, these complicated 3-D structures have been exploited to develop new methods for the distribution of secret cryptographic keys. Moreover, there is a wide and strong interest in exploiting topological concepts in quantum computation, communication and dissipation-free electronics. Knots are described by specific topological properties too, which were not considered so far for cryptographic protocols.”
Rendition of the reconstructed structure of a framed trefoil knot generated within an optical beam. Credit: University
[…]
The paper “Optical framed knots as information carriers” was recently published in Nature Communications.
More information: Hugo Larocque et al, Optical framed knots as information carriers, Nature Communications (2020). DOI: 10.1038/s41467-020-18792-z
Back in January, Google Health, the branch of Google focused on health-related research, clinical tools, and partnerships for health care services, released an AI model trained on over 90,000 mammogram X-rays that the company said achieved better results than human radiologists. Google claimed that the algorithm could recognize more false negatives — the kind of images that look normal but contain breast cancer — than previous work, but some clinicians, data scientists, and engineers take issue with that statement. In a rebuttal published today in the journal Nature, over 19 coauthors affiliated with McGill University, the City University of New York (CUNY), Harvard University, and Stanford University said that the lack of detailed methods and code in Google’s research “undermines its scientific value.”
Science in general has a reproducibility problem — a 2016 poll of 1,500 scientists reported that 70% of them had tried but failed to reproduce at least one other scientist’s experiment — but it’s particularly acute in the AI field. At ICML 2019, 30% of authors failed to submit their code with their papers by the start of the conference. Studies often provide benchmark results in lieu of source code, which becomes problematic when the thoroughness of the benchmarks comes into question. One recent report found that 60% to 70% of answers given by natural language processing models were embedded somewhere in the benchmark training sets, indicating that the models were often simply memorizing answers. Another study — a meta-analysis of over 3,000 AI papers — found that metrics used to benchmark AI and machine learning models tended to be inconsistent, irregularly tracked, and not particularly informative.
In their rebuttal, the coauthors of the Nature commentary point out that Google’s breast cancer model research lacks details, including a description of model development as well as the data processing and training pipelines used. Google omitted the definition of several hyperparameters for the model’s architecture (the variables used by the model to make diagnostic predictions), and it also didn’t disclose the variables used to augment the dataset on which the model was trained. This could “significantly” affect performance, the Nature coauthors claim; for instance, it’s possible that one of the data augmentations Google used resulted in multiple instances of the same patient, biasing the final results.
Updated Twitter is right now suffering a baffling outage in that the website is still up, you can still log in, the apps will run.
But there are, seemingly, no tweets nor notifications. At all. All gone. All that anger and snark, and information and misinformation, wiped off the face of the planet, just like that.
Visiting your timeline or profile shows simply the message, “Something went wrong.” It’s otherwise empty. And earlier, people’s notifications pages went blank, suggesting really, truly no one on Earth cares about your twitterings. “Nothing to see here,” it states.
Reassuringly, you’re not alone in your blank internet universe: Downdetector reports a surge of complaints that Twitter isn’t working properly, with the outage kicking off around 1430 PT (2130 UTC).
As your vulture types this, it appears some people can see their tweets, but cannot tweet. And some of us can’t see anything. The Twitter status page reports the team is “investigating irregularity” with the platform’s APIs.
What one of our vultures saw as they tried to tweet or see other people’s tweets
This IT breakdown comes within hours of American financial regulators demanding Twitter be subject to harsher rules following the July hacks of prominent users’ accounts – and soon after CEO Jack Dorsey furiously backpedaled after his website censored a problematic article from a US newspaper.
A Supreme Court Justice this week also mused that the likes of Twitter have gained sweeping immunity from the legal consequences of their users’ content and actions, and that imbalance ought to be righted. ®
Updated to add at 2220 UTC
People’s tweets are showing up again in timelines and profiles, though no one can send any new tweets nor view those that were able to be sent, if any, during the past hour or so. Notifications are also still AWOL.
Updated to add at 2300 UTC
And Twitter now appears to be back to normal, or rather, Twitter’s idea of normal.
Hackers are currently selling a trove of 3 million credit card numbers and customer records apparently stolen from Dickey’s Barbecue Pit, one of the biggest barbecue chains in the United States.
The company made a statement today about the hack, suggesting that charges made to the stolen cards will be reversed.
[…]
Security firm Gemini Advisory found the data on a hacker site called The Joker’s Stash under the name “BLAZINGSUN.” The data appears to have come from magstripe data on customer cards.
“This represents a broader challenge for the industry, and Dickey’s may become the latest cautionary tale of facing lawsuits in addition to financial damage from cybersecurity attacks,” wrote Gemini researchers.
Dickey’s experienced a ransomware attack in 2015 and recently claimed to have locked down their servers. This recent attack, however, suggests that hackers have breached a central payments service and could have even more data available for sale.
The hackers are selling the card numbers on Joker’s Stash for $17 each. Because each Dickey’s location is able to run its own point-of-sale system, it seems that this breach affected a central payments processor, allowing hackers to gain access to data from 156 of the company’s 469 locations. The hackers claim the data is “high valid,” meaning 90 to 100 percent of the cards are active and usable.
British Airways has been fined £20m ($26m) by the Information Commissioner’s Office (ICO) for a data breach which affected more than 400,000 customers.
The breach took place in 2018 and affected both personal and credit card data.
The fine is considerably smaller than the £183m that the ICO originally said it intended to issue back in 2019.
It said “the economic impact of Covid-19” had been taken into account.
However, it is still the largest penalty issued by the ICO to date.
The incident took place when BA’s systems were compromised by its attackers, and then modified to harvest customers’ details as they were input.
It was two months before BA was made aware of it by a security researcher, and then notified the ICO.
The data stolen included log in, payment card and travel booking details as well name and address information.
A subsequent investigation concluded that sufficient security measures, such as multi-factor authentication, were not in place at the time.
The ICO noted that some of these measures were available on the Microsoft operating system that BA was using at the time.
“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security,” said Information Commissioner Elizabeth Denman.
British Airways said it had alerted customers as soon as it had found out about the attack on its systems.
“We are pleased the ICO recognises that we have made considerable improvements to the security of our systems since the attack and that we fully co-operated with its investigation,” said a spokesman.
Data protection officer Carl Gottlieb said that in the current climate, £20m was a “massive” fine.
“It shows the ICO means business and is not letting struggling companies off the hook for their data protection failures,” he said.
The company breached data protection law and failed to protect themselves from preventable cyber attack. It then failed to detect the hack until the damage was done to hundreds of thousands of customers.
The lag between incident and fine has raised eyebrows in privacy circles but I understand the Information Commissioner’s Office has been working methodically to get it right. This is the commissioner’s first major fine under the EU data regulation GDPR and was being watched closely by the rest of Europe as a potential landmark decision.
The final figure of £20m has come as a shock to many who were expecting it to be closer to the eye-watering £183m initially proposed but it is still a significant moment for data privacy and GDPR. Other companies will look at the fine as a shape of things to come if they also fail to protect customers.
On Friday, a federal judge decided that he’s had enough of reading the tea leaves when it comes to exactly what the fuck Trump is talking about.
The president’s tweets have become more central to his tenure in office than ever before as he’s been recovering from covid-19 infection and lashing out in every direction to save his floundering campaign. On Oct. 6, between retweeting supporters and spreading conspiracies about the FDA, Trump tweeted: “I have fully authorized the total Declassification of any & all documents pertaining to the single greatest political CRIME in American History, the Russia Hoax. Likewise, the Hillary Clinton Email Scandal. No redactions!” And in case you didn’t get the message, he tweeted it again later that day.
This was news to anyone who has been trying to get their hands on a copy of the full unredacted Mueller Report—including reporters at CNN and BuzzFeed who are involved in ongoing litigation around the report. And like clockwork, BuzzFeed filed two emergency motions requesting all documents related to the Russia investigation
Earlier this week, Justice Department lawyers told a federal court that no such declassification order exists and the department would continue to make redactions and declassify documents at its discretion. “The White House Counsel’s Office informed the Department that there is no order requiring wholesale declassification or disclosure of documents at issue in this matter,” the DOJ said in a court filing.
U.S. District Court Judge Reggie Walton is done taking the word of people in this administration. On a brief hearing by telephone this morning, Walton told the DOJ that he wants Trump to say whether or not the tweets were serious or just more bullshit he hopes people believe and forget about.
[…]
Writing about BuzzFeed’s promising morning in court, Jason Leopold pointed out that this could be a “watershed moment” for individuals who’ve had to fight battles in court over Trump tweets. The administration has argued in the past that his tweets shouldn’t be taken seriously and are official statements by the president, depending on what argument suits them in a given case. We’ve even seen a court fight over whether Trump has the right to selectively block Americans from viewing his tweets.
Judge Walton is done with this nonsense and now puts Trump in a difficult position. Does Trump admit that he was lying, or does he just say screw it and unleash more chaos with a flood of unredacted documents that might not paint him in the greatest of lights? This is a man who has said he has “no regrets” about his administration’s response to the covid-19 pandemic that has left the U.S. with the highest recorded case-load and death toll in the world. He doesn’t admit when he’s wrong. On the other hand, declassifying the documents could, at minimum, amount to a political situation that finds Trump essentially doing to himself what FBI Director James Comey did to Hillary Clinton a week before the 2016 election.
Owners of the brand-new Oculus Quest 2—the first VR headset which requires a Facebook account to use—are finding themselves screwed out of their new purchases by Facebook’s account verification system.
As first reported by UploadVR this week, some Oculus 2 owners are finding that Facebook’s reportedly AI-powered account verification system is demanding some users upload a photo before they can proceed with logging in. Others who have previously suspended their Facebook accounts are getting insta-banned upon reactivation and reported they were subsequently unable to create a new account, or said they were locked out upon trying to merge their old Oculus usernames with their Facebook accounts. Facebook’s failure prompt gave no way for users to appeal directly, essentially turning the $300 units into expensive bricks.
On the Oculus subreddit, one user reported that they had uploaded a photo ID to Facebook and received a response stating that “we have already reviewed this decision and it can’t be reversed.”
On Thursday, Amazon Web Services launched CloudWatch Synthetics Recorder, a Chrome browser extension for recording browser interactions that it copied from the Headless Recorder project created by developer Tim Nolet.
It broke no law in doing so – the software is published under the permissive Apache License v2 – and developers expect such open-source projects will be copied forked. But Amazon’s move didn’t win any fans for failing to publicly acknowledge the code’s creator.
There is a mention buried in the NOTICE.txt file bundled with the CloudWatch extension that credits Headless Recorder, under its previous name “puppeteer-recorder,” as required by the license. But there’s an expectation among open source developers that biz as big as AWS should show more courtesy.
“The core of the problem here (for me at least) is not the letter of the license, it’s the spirit,” said Nolet in a message to The Register.
“It’s the fact that no one inside of AWS cared enough to stop and think ‘is this a dick move? Is this something I would want to have happen to me?’ Hence the current PR damage control campaign. They know it’s wrong. Not illegal, but wrong. Someone just had to tell them that.”
Nolet runs a software monitoring service called Checkly and developed the Headless Recorder browser extension as a tool for his company and customers. He said he hadn’t given the license for Headless Recorder a lot of thought because it’s just a browser extension full of client-side code – meaning it’s visible to anyone familiar with browser development tools.
“Amazon should have opened a PR [pull request] and proposed ‘let’s add this feature to your code. Or they could have simply kept their fork open source,” he said.
“In the least, they could have mentioned that their work was based on my work. I do this in the README.md of the project itself where I acknowledge the creators of an old project by segment.io that I used as inspiration.”
This is not the first time AWS has taken the work of open source developers and turned it into an AWS product. Last year, it launched Open Distro for Elasticsearch, to the dismay of Elasticsearch, a company formed to make a business out of the Elasticsearch open source project. And earlier that year it released DocumentDB, based on an outdated version of the open source MongoDB code.
Many popular open source licenses allow this, but because AWS brings billions in infrastructure assets into the competition, smaller companies trying to commercialize open source projects find the challenge difficult to deal with.
Part of the problem is that open source zealots make a point of refusing any kind of money for FOSS licensed projects, which is fine for the zealots as they are paid by a university or foundation. Developers themselves, meanwhile have to contend with other people monetising their work and having to accept it. Projects are hijacked and closed and the original impetus and community around that are killed by large companies.
This is something I have been talking about since 2017 in my talk Open Source XOR Money
