In June 2014, a researcher named Aleksandr Kogan developed a personality-quiz app for Facebook. It was heavily influenced by a similar personality-quiz app made by the Psychometrics Centre, a Cambridge University laboratory where Kogan worked. About 270,000 people installed Kogan’s app on their Facebook account. But as with any Facebook developer at the time, Kogan could access data about those users or their friends. And when Kogan’s app asked for that data, it saved that information into a private database instead of immediately deleting it. Kogan provided that private database, containing information about 50 million Facebook users, to the voter-profiling company Cambridge Analytica. Cambridge Analytica used it to make 30 million “psychographic” profiles about voters.That’s the whole thing. The Guardian referred to the data misuse as a “breach,” a description which Facebook contests. “No systems were infiltrated, no passwords or information were stolen or hacked,” tweeted one Facebook executive. But it’s not hard to see why U.S. and U.K. lawmakers remain interested in the episode: It’s almost like Facebook was a local public library lending out massive hard drives of music, but warning people not to copy any of it to their home computer. When someone eventually did copy all that music—and got in trouble for it—isn’t the hard-drive-dispensing public library responsible as well? There is a second part of the scandal, but it concerns Cambridge Analytica and its connection to President Trump’s political world. So, here’s a summary in two paragraphs:
Cambridge Analytica has significant ties to some of President Trump’s most prominent supporters and advisers. Rebekah Mercer, a Republican donor and a co-owner of Breitbart News, sits on the board of Cambridge Analytica. Her father, Robert Mercer, invested $15 million in Cambridge Analytica on the recommendation of his political adviser, Steve Bannon, according to the Times. On Monday, hidden-camera footage appeared to show Alexander Nix, Cambridge Analytica’s CEO, offering to bribe and blackmail public officials around the world. If Nix did so, it would violate U.K. law. Cambridge Analytica suspended Nix on Tuesday. Cambridge Analytica also used its “psychographic” tools to make targeted online ad buys for the Brexit “Leave” campaign, the 2016 presidential campaign of Ted Cruz, and the 2016 Trump campaign. If any British Cambridge Analytica employees without a green card worked on those two U.S. campaigns, they did so in violation of federal law. If information or data was passed on to Russians (the aforementioned Aleksandr Kogan had previously unreported ties to St. Petersberg University and Cambridge Analytica had done a presentation for Energy firm Lukoil, which is now on the US sanctions list), then you have possible "collusion".But there’s still much we don’t know about Cambridge Analytica. Did its “psychographic” tools, built with the misused Facebook data, actually work? Did various hard-right campaigns consider Cambridge Analytica so important because its technology reshaped U.S. and U.K. politics—or because using it ingratiated campaigns to Robert and Rebekah Mercer, two of the richest people in the world? And if Cambridge Analytica really was a voter-profiling company, what was its chief executive doing apparently promising to bribe and blackmail public officials? Questions remain about Facebook’s role, too. Since the 2016 elections, public ire has focused on the company’s powerful News Feed and the role it played in amplifying Russian propaganda and other hoaxes. Lawmakers have also criticized the company’s lax sale of political advertisements to purchasers literally paying with Russian rubles. Political ads are not regulated as closely online as they are on the TV or radio. But the Cambridge Analytica scandal opens a new front for the company. Before Facebook became a distributor of news, it was a platform for online applications, like personality quizzes and social games like Farmville. Facebook has allowed third-party app developers to access some private user data since May 2007, when it first opened the Facebook platform. Users must consent to giving apps their data, but sometimes—as in the case of Kogan’s app—developers can access data about a consenting user’s friends, without getting those friends’ consent. During the ensuing decade, Facebook has occasionally tweaked how much data apps can access. But over that time, how many developers abided by Facebook’s rules? How many followed Kogan’s route, caching the data and making their own private databases? Where is that information now? And if all that private user data is as powerful as Cambridge Analytica once said it was, what has it been used to do?
Uber has halted testing of its autonomous vehicles across North America, the company announced, after a woman was struck and killed by one of its self-driving cars in Tempe, Ariz. early Monday.
The moratorium on testing includes San Francisco, Phoenix, Pittsburgh and Toronto, Uber said.
The National Transportation Safety Board has opened an investigation into the crash, said Eric Weiss, a spokesman for the NTSB.
Uber issued a short statement.
“Our hearts go out to the victim’s family. We are fully cooperating with local authorities in their investigation of this incident,” a company spokeswoman said.
It is believed to be the first fatality in any testing program involving autonomous vehicles.
Uber CEO Dara Khosrowshahi said in a tweet that the company was working to learn what went wrong.
The 49 year-old woman, Elaine Herzberg, was crossing the road outside of a crosswalk when the Uber vehicle operating in autonomous mode under the supervision of a human safety driver, struck her, according to the Tempe Police Department. She was transferred to a local hospital where she died from her injuries. "Uber is assisting and this is still an active investigation," Liliana Duran, a Tempe police spokeswoman, said in an emailed statement.Did you catch that? She crossing the road "outside of a crosswalk". Now, I'm saying that tongue-in-cheek that her jaywalking was "what went wrong", but I have a feeling a lot of tech geeks actually will blame HER for that. I have a degree in human factors (engineering design), and rule number one is that you design the thing to comply with NORMAL human behavior. You can't expect the public to walk between the lines of a crosswalk just because you have designed your machine to work that way. If you know -- or SHOULD KNOW -- how humans behave, you are liable. Whoever designed this thing, is liable. Period.
As attention turns to threats facing 2018's midterm elections, we're learning hard lessons from what went down in 2016. (Plus, what we can except coming up) There were many aspects to my research and human intelligence operation exploring what exactly was going on behind the scenes, but this article focuses on only one, Guccifer 2.0. So, there were lots of 2016 election related incidents. Just to name a few:This post was the basis of a lecture he just gave at the SAS2018 (the 2018 Security Analyst Summit being held right now in Cancun) -- I'm sure his presentation was more colorful and detailed. But it does make Guccifer 2.0 out to be a bit of a neophyte -- a person (or persons) who can hack into places but not know what he grabbed.
We know there were four primary election outlets, including Wikileaks, Guccifer 2.0, DC Leaks and Internet Research Agency. Quick org chart breakdown here: With these leaks, I turned my attention to Guccifer 2.0, who showed up (timely) after Guccifer 1.0 was arrested for cyber crime. Early on, G2 started dropping docs from the Democratic Congressional Campaign Committee (DCCC). As this is happening, I’m trying to wrap my head around exactly the kind of severity of threat we’re facing here. So, how do I get more info? Is it possible to now secure thousands of independent election jurisdictions? (Gave up on this, but more on that later) So, how do you collect data on a super-secret information operation? The old-fashioned way, of course. Chat them up. The Dilemma: How do you develop a fully backstopped persona on short notice to start eliciting a foreign intelligence operative? Spoiler Alert: You play on their own biases. Just like that, two months of exchanges between myself and G2 began. Normally, you wouldn’t expose your identity to the “bad guy,” but this exchange was very different. They already knew exactly who I was. Four Main Takeaways:
- DNC got hacked
- DCCC got hacked
- John Podesta’s email got hacked
Now you’re thinking, there’s no way this is going to work, right? Well, I was just as surprised as you are. Let's delve in. With a simple Google search, it would have come up that I’ve been investigating numerous breaches. (No evidence they had any idea until two months later) They did, however, look at the domain of my email (johnbambenek.com), which is my “political” domain. Come to find out, the docs he had were worthless. G2 and WikiLeaks made no attempt to package a story. He didn’t release the same docs he sent me and started scrubbing metadata after being “caught” red handed. After All This, What Are the Key Takeaways?
- They should have already known who I was and that I was researching election related issues.
- Whatever information they had, they were looking for media and, specifically, Republican officials to leak it to.
- My own identity was the best backdrop.
- No incremental risk from adversary if I was known.
So, What Can You Expect Next?
- Guccifer 2.0 didn’t have a deep political understanding, making their efforts way less effective.
- They didn’t attempt to package or create a narrative.
- There were no apparent relationships with friendly journalists.
- There was no “investment” in these operations and they made simple OPSEC mistakes (in part, using an unsupervised cutout)
- They got better over time – 2016’s influence op was luckier than it was sophisticated.
- The US is vulnerable because of own doing. We even undermine our own institutions.
- In politics, if you get under their skin, you get another helping. They’ll be invested next time.
This is insane.... Mars, even though SpaceX is planning to build an entirely different system for Mars travel, called the BFR. It'll also be the most powerful rocket currently in operation -- and one of the most powerful ever built. The most powerful rocket in history was NASA's Saturn V rocket, which was used for the Apollo moon landings and was retired in the 1970s. The more thrust a rocket has, the farther it can travel and the bigger the satellite, spacecraft or other payload it can send into orbit. That opens up a whole range of business opportunities for SpaceX, which has been leading a new era of spaceflight in which companies -- not just governments -- drive the industry forward. For this test mission, the Falcon Heavy will launch a dummy payload. Specifically, it'll send a cherry red Tesla ( ) roadster from Musk's personal collection into deep space. There's no scientific reason to send the car to space. But it does serve as self-promotion for Musk, who is also the CEO of Tesla. The Falcon Heavy has a $90 million sticker price. That's 45% more expensive than the Falcon 9 rocket SpaceX has used for every mission going back to 2012. But the Falcon Heavy is essentially three Falcon 9s strapped together, and it'll boast about three times the thrust of the Falcon 9. And, compared to rockets that better rival the Falcon Heavy's power, it's a bargain. The Delta IV Heavy, which is built by legacy aerospace firm United Launch Alliance and is currently the world's most powerful rocket, can reportedly cost as much as $400 million per launch. It should also be noted that the Falcon Heavy will out-power the Delta IV Heavy by a factor of two. SpaceX says it's been able to undercut the competition on price because of its reusable rocket parts. The company is the only rocket builder in the world that safely returns first-stage rocket boosters back to Earth. The first Falcon Heavy flight will even use two refurbished boosters from previous Falcon 9 missions. SpaceX says it will attempt to guided all three of the Falcon Heavy's first-stage boosters back to Earth after launch. Two of them, shown above, made a synchronized landing back at Kennedy Space Center. The third booster landed on a droneship, which is a remote controlled platform that catches rockets out at sea.
BREAKING: SpaceX’s massive Falcon Heavy rocket blasts off from Kennedy Space Center in Cape Canaveral, Florida. pic.twitter.com/onXcW9Kloo— NBC News (@NBCNews) February 6, 2018
In the $600 billion annual Defense Department budgets, the $22 million spent on the Advanced Aerospace Threat Identification Program was almost impossible to find.
Which was how the Pentagon wanted it.
For years, the program investigated reports of unidentified flying objects, according to Defense Department officials, interviews with program participants and records obtained by The New York Times. It was run by a military intelligence official, Luis Elizondo, on the fifth floor of the Pentagon’s C Ring, deep within the building’s maze.
The Defense Department has never before acknowledged the existence of the program, which it says it shut down in 2012. But its backers say that, while the Pentagon ended funding for the effort at that time, the program remains in existence. For the past five years, they say, officials with the program have continued to investigate episodes brought to them by service members, while also carrying out their other Defense Department duties.
The shadowy program — parts of it remain classified — began in 2007, and initially it was largely funded at the request of Harry Reid, the Nevada Democrat who was the Senate majority leader at the time and who has long had an interest in space phenomena. Most of the money went to an aerospace research company run by a billionaire entrepreneur and longtime friend of Mr. Reid’s, Robert Bigelow, who is currently working with NASA to produce expandable craft for humans to use in space.
Mr. Reid, who retired from Congress this year, said he was proud of the program. “I’m not embarrassed or ashamed or sorry I got this thing going,” Mr. Reid said in a recent interview in Nevada. “I think it’s one of the good things I did in my congressional service. I’ve done something that no one has done before.”
Two other former senators and top members of a defense spending subcommittee — Ted Stevens, an Alaska Republican, and Daniel K. Inouye, a Hawaii Democrat — also supported the program. Mr. Stevens died in 2010, and Mr. Inouye in 2012.
This is the sort of story that would make the 12 year old me talk non-stop. I have largely become agnostic about whether or not we are being visited. Still, I find the videos compelling.The section of the Pentagon still exists, although officially, it was defunded in 2012. The truth is out there.
Around 1:15 p.m. Eastern time, the total solar eclipse will first reach Oregon’s coast. Then it will race for the next 90 or so minutes over 13 more states: Idaho, Montana (barely), Wyoming, Nebraska, Kansas, Iowa (hardly), Missouri, Illinois, Kentucky, Tennessee, Georgia, North Carolina and finally South Carolina.
At about 2:49 p.m. Eastern time in South Carolina, some lucky souls in the Palmetto State’s marshes could be the last on American soil to experience the total eclipse. Just after 4 p.m. Eastern, the partial eclipse will end and all of America will again be under the full August sun.
This is the NASA live feed:And WaPo: UPDATE 1:16 EST -- Picture of totality in Oregon My pictures to follow..... UPDATE at 1:52pm EST : .... or maybe not. Clouds moved in fast. I saw the beginning of it. 3:00pm EST -- Clouds moved about 20 minutes before "totality" here. A nice yellow tint bathed Winston-Salem: [caption id="attachment_2526137" align="alignnone" width="752"] People on top of Winston-Salem highrise watching eclipse[/caption] [playlist type="video" ids="2526275,2526276"]
Good things can happen when a crowd goes to work on trying to figure out a problem in journalism. At the same time, completely crowdsourced news investigations can go bad without oversight — as when, for example, a group of Redditors falsely accused someone of being the Boston Marathon bomber. An entirely crowdsourced investigation with nobody to oversee it or pay for it will probably go nowhere. At the same time, trust in the media is low and fact-checking efforts have become entwined with partisan politics. So what would happen if you combined professional journalism with fact checking by the people? On Monday evening, Wikipedia founder Jimmy Wales launched Wikitribune, an independent site (not affiliated with Wikipedia or the Wikimedia Foundation) “that brings journalists and a community of volunteers together” in a combination that Wales hopes will combat fake news online — initially in English, then in other languages. The site is launching with a crowdfunding campaign to fund the first Wikitribune journalists (the default amount is $10 a month, but users can donate any amount they wish) “with the first issue of Wikitribune following shortly.” The Wikitribune page said that the goal is to hire 10 journalists. The idea is that the professional journalists will be paid to write “global news stories,” while volunteer contributors will “vet the facts, helps make sure the language is factual and neutral, and will to the maximum extent possible be transparent about the source of news posting full transcripts, video, and audio of interviews. In this way Wikitribune aims to combat the increasing proliferation of online fake news.”The Wiki concept is always interesting, but the old adage of computers remains true: "garbage in, garbage out". Crowdsourcing, as the article suggests, is not necessarily the best way to get at truths, and we just had an election where huge percentages of people swallowed false news line and hook. So just how will WikiTribune deal with this? Described above, it just sounds like professional journalists being edited by, well, everybody. A lot of sniping about semantics. And even if the changes are substantive, at what point in the never-ending editing and rewriting process does an article cease to be by the person who originally wrote it? The answer to this question will have to be reflected in WikiTribune’s design. If the model is anything like Wikipedia’s page history, the level of transparency that is necessary can make it incredibly time-consuming for readers to synthesize the true source of what they’re reading. And suppose journalist Jones quotes Congressman Smith, and Congressman Smith wants to retract? Or alter slightly the words he said? He can just go into Wikitribune and edit. And who is to say who is right? Still, Wikipedia, despite having accuracy problems here and there, does actually self-correct over time, and that's a good starting model. The question is whether or not "news" has the time for that kind of self-correction before it stops being news.
The planet, called Proxima Centauri b or just Proxima b (exoplanets are given their star’s name plus a lower case letter in order of discovery, starting with “b”), orbits Proxima every 11.2 days. It has a mass of no less than 1.3 times the Earth’s, so if it’s rock and metal like Earth it’s only a bit bigger. It’s a mere 7.3 million kilometers from the star — a lot closer than Earth's distance from the Sun of 150 million km! — but Proxima is so faint and cool it receives about two-thirds the amount of light and heat the Earth does. That means that it’s in Proxima’s habitable zone: It’s possible (more or less) that liquid water could exist on its surface.The European Southern Observatory put this together:
The last paragraph of the article she links to:
Why did they wait until NOW to release these? pics taken in 2015 and we pay their salaries in tax dollars https://t.co/hhXxrfsWEr— Greta Van Susteren (@greta) June 1, 2016
Though the encounter took place more than 10 months ago, New Horizons is still beaming flyby data home, and likely won't be done doing so until this coming fall, mission team members have said.Space, it turns out, is very big. Pluto is far away -- very far away, more than 30 times Earth's distance from the Sun -- so New Horizons' radio signal is weak. Weak signal means low data rates: at the moment, New Horizons can transmit at most 1 kilobit per second. (Note that spacecraft communications are typically measured in bits, not bytes; 1 kilobit is only 125 bytes.) Even at these low data rates, only the Deep Space Network's very largest, 70-meter dishes can detect New Horizons' faint signal. Not hard to find this out if you know how to use Google, or even read your source material, Greta.
“Bill Nye is as much a scientist as I am,” Palin said at a Capitol Hill event held to roll out a film that aims to discredit climate scientists. “He’s a kids’ show actor; he’s not a scientist.Bill Nye is a kids' show host AND a scientist. I mean,he's not a PhD, but he has a BA in mechanical engineering and he teaches astronomy and ecology at Cornell. And as for Palin's scientific creds? Umm....
After graduating from high school in 1982, Palin enrolled at the University of Hawaii at Hilo. Shortly after arriving in Hawaii, Palin transferred to Hawaii Pacific University in Honolulu for a semester in the fall of 1982 and then to North Idaho College, a community college in Coeur d'Alene, for the spring and fall semesters of 1983 She enrolled at the University of Idaho in Moscow for an academic year starting in August 1984 and then attended Matanuska-Susitna College in Alaska in the fall of 1985. Palin returned to the University of Idaho in January 1986 and received her bachelor's degree in communications with an emphasis in journalism in May 1987So, like five colleges in five years for a B.A. in communications (with an emphasis in journalism -- odd for a woman who couldn't name a newspaper in front of Katie Couric). Pretty sure Bill Nye is the go-to guy on science.