- Getting Deplatformed from Apple (BoingBoing) — It turned out that getting locked out of his Apple account made all of Luke’s Apple hardware almost useless. I think it should be illegal to do this. I believe in deplatforming (with appropriate boundaries and appeal) but breaking my hardware is bollocks.
- How to Avoid Groupthink When Hiring (HBR) — abridged process: First, make it clear to interviewers that they should not share their interview experiences with each other before the final group huddle. Next, ask each interviewer to perform a few steps before the group huddle: distill their interview rating to a single numerical score; write down their main arguments for and against hiring this person and their final conclusion; If interviewers are emailing in their numerical scores and thoughts on a candidate, don’t include the entire group in the email. Finally, the hiring managers should take note of the average score for a candidate.
- Loot Boxes a Matter of “Life or Death,” says Researcher — “There’s one clear message that I want to get across today, and it stands in stark contrast to mostly everything you’ve heard so far,” Zendle said. “The message is this: spending money on loot boxes is linked to problem gambling. The more money people spend on loot boxes, the more severe their problem gambling is. This isn’t just my research. This is an effect that has been replicated numerous times across the world by multiple independent labs. This is something the games industry does not engage with.”
- Interoperability and Privacy (BoingBoing) — latest in the tear that Cory’s been on about how to deal with the centralized power of BigSocial.
Powered by WPeMatico
- Younger Americans are Better than Older Americans at Telling Factual News Statements from Opinions (Pew Research) — About a third of 18- to 49-year-olds (32%) correctly identified all five of the factual statements as factual, compared with two-in-ten among those ages 50 and older. A similar pattern emerges for the opinion statements. Among 18- to 49-year-olds, 44% correctly identified all five opinion statements as opinions, compared with 26% among those ages 50 and older. Or, 68% of 18-49 year olds couldn’t tell whether five factual statements were factual? (via @pewjournalism)
- How YouTube Radicalized Brazil (NYT) — He was killing time on the site one day, he recalled, when the platform showed him a video by a right-wing blogger. He watched out of curiosity. It showed him another, and then another. “Before that, I didn’t have an ideological political background,” Mr. Martins said. YouTube’s auto-playing recommendations, he declared, were “my political education.” “It was like that with everyone,” he said.
- Paged Out — a new experimental (one article == one page) free magazine about programming (especially programming tricks!), hacking, security hacking, retro computers, modern computers, electronics, demoscene, and other similar topics.
- Credit Blacklists, Not the Solution to Every Problem — translated Chinese article on blacklists. As the aforementioned source explained, Wulian County is one of the first in Shandong Province to trial the construction of a social credit system, that began last year. The blacklist is a disciplinary measure restricted to persons within the county. It is different from the People’s Bank of China’s credit information evaluation system blacklist, or the blacklist for those deemed to be untrustworthy by the People’s Court. It does not affect the educational opportunities of anyone’s children, whether or not they themselves can ride a train or plane, and so on. Activities such as volunteering, donating blood, charitable contributions, and so on, can add to one’s personal credit (score), and can also be used to restore and upgrade credit ratings, removing themselves from the blacklist. (via ChinAI)
Powered by WPeMatico
For all the focus on locking down laptops and smartphones, the biggest screen in millions of living rooms remains largely unsecured, even after years of warnings. Smart TVs today can fall prey to any number of hacker tricks—including one still-viable radio attack, stylishly demonstrated by a hovering drone.
At the Defcon hacker conference today, independent security researcher Pedro Cabrera showed off in a series of hacking proofs-of-concept attacks how modern TVs—and particularly Smart TVs that use the internet-connected HbbTV standard implemented in his native Spain, across Europe, and much of the rest of the world—remain vulnerable to hackers. Those techniques can force TVs to show whatever video a hacker chooses, display phishing messages that ask for the viewer’s passwords, inject keyloggers that capture the user’s remote button presses, and run cryptomining software. All of those attacks stem from the general lack of authentication in TV networks’ communications, even as they’re increasingly integrated with internet services that can allow a hacker to interact with them in far more dangerous ways than in a simpler era of one-way broadcasting.
“The lack of security means we can broadcast with our own equipment anything we want, and any smart TV will accept it,” Cabrera says. “The transmission hasn’t been at all authenticated. So this fake transmission, this channel injection, will be a successful attack.”
In the video below, Cabrera shows the simplest form of that injection, albeit with a somewhat flashy implementation involving a DJI quadcopter drone. By simply hovering a drone equipped with a software-defined radio near a TV antenna, he can transmit a signal that’s more powerful than the one broadcast by legitimate TV networks, overriding the legitimate signal and displaying his own video on the TV. But he says the same attack could be carried out with nothing more than a stronger amplifier on his radio. “If I want to target my neighbor, the easiest way is with an amplifier and a directional antenna, and then for sure my signal will be received much more than strongly than the original one, so my neighbor will get my channel,” says Cabrera. “In this case the attack is just a mater of range and amplifiers.”
A series of other attacks that Cabrera demonstrated take advantage of HbbTV, or hybrid broadcast broadband TV standard, which allows TVs to connect to the internet and receive interactive content. Cabrera can, with the same radio-based signal override, trick HbbTV smart TVs into connecting to the URL of a web server he controls, so that his own code runs on the targeted television. Cabrera says he didn’t test the ATSC standard used in the US, and that unlike HbbTV the US standard don’t send or pull data from URLs, so his attacks wouldn’t work there.
The video below demonstrates a phishing prompt that tricks the user into entering a password.
That sort of TV-based phishing may be even more effective than email phishing, Cabrera argues, given that users have become more wary after years of suspicious emails. “No one expects to have this kind of social engineering attack on their smart TV,” Cabrera says.
Cabrera is hardly the first to show that smart TVs are vulnerable to the sort of attacks he’s demonstrated. Security researchers have been warning of the vulnerability of the HbbTV standard for more than five years. Two years ago, Rafael Scheel, a security researcher with the firm Oneconsult, showed that attacks against HbbTV sets could be combined with vulnerabilities in Samsung smart TV browsers to gain full remote access to the TV sets that even persisted after they were turned on and off again.
In his Defcon talk, Cabrera went so far as to argue that hackers could compromise a TV station or its radio-signal repeater equipment, enabling a malicious signal could be broadcast out to thousands of millions of TVs. “This could have a very huge dimension,” Cabrera says. “You can attack just one TV, your neighbor, for example, but we could also design this attack to cover a whole town, or even a whole country.” But Cabrera hasn’t tested those attacks; unsurprisingly, the Spanish government denied his request to try them.
The HbbTV Association, which governs that international smart TV standard, didn’t respond to WIRED’s request for comment ahead of his talk.
A fix does exist for the attacks that Cabrera and Scheel have described. Around the time of Scheel’s 2017 talk, the Digital Video Broadcasting industry body created a protocol cryptographically signing transmissions so that attacks like Scheel’s and Cabrera’s would be blocked. But Scheel says he’s not aware of TV network or TV manufacturer who’s implemented it. “I’ve had a lot of discussions with TV stations, and It’s very difficult to get them change anything,” he says. “They’re very set in their technologies.”
Until they do, millions of HbbTV compatible sets around the world will remain vulnerable to all-too-simple attacks. Channel surf with care.
More Great WIRED Stories
- How scientists built a “living drug” to beat cancer
- Hey, Apple! “Opt out” is useless. Let people opt in
- Big banks could soon jump on the quantum bandwagon
- The terrible anxiety of location sharing apps
- Now even funerals are livestreamed
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones.
- 📩 Get even more of our inside scoops with our weekly Backchannel newsletter
Powered by WPeMatico
Blockchain is a solution for business networks. It makes sense to deploy a blockchain-based solution only where there is a network of collaborating participants who are issuing transactions around a set of common assets in the network. In this article, we’ll identify the initial crucial steps to identifying scenarios for a successful blockchain-based solution, and the first steps toward transforming your business model.
Our first observation of when blockchain is the right solution is that there must be a business network of multiple participants. Our second would be that they require a shared view of assets and their associated transactions.
We then use the following four key blockchain features to further define the benefits of a blockchain-based solution:
The process of agreeing on new transactions and distributing them to participants in the network.
A complete history of all transactions related to the assets recorded on the blockchain.
Once a transaction has been stored on the blockchain, it cannot be edited, deleted, or have transactions inserted before it.
Once a transaction is committed to the blockchain, it is considered “final” and can no longer be “rolled back” or undone.
There are several other blockchain benefits that underpin these four key benefits, and are worth keeping in mind as you review any potential scenarios:
All participants in a permissioned blockchain network have an identity in the form of a digital certificate—the same technology that underpins the security and trust when we use a web browser to access our online bank.
Every transaction in the permissioned network is cryptographically signed, which provides authenticity of which participant sent it, nonrepudiation (meaning they can’t deny sending it), and integrity (meaning it hasn’t been changed since it was sent).
Smart contracts hold the business logic for transactions and are executed across the network by the participants endorsing a transaction.
These benefits help engender trust between the participants in busi‐ ness networks, and we can use them as a litmus test when checking to see if blockchain is a good technology fit. We should note that while it’s not necessary for a scenario to require every benefit just listed, the more that are required, the more the case is strengthened for using blockchain.
We should always be wary of thinking that blockchain is a panacea for all solutions. There are many reasons why blockchain wouldn’t be a good fit. For example:
- Blockchain is not suitable if there’s only a single participant in the business network.
- Although we talk about transactions and world state databases in blockchain, it shouldn’t be thought of as a replacement for traditional database or transaction servers.
- Blockchain by design is a distributed peer-to-peer network, and is heavily based on cryptography. With this comes a number of nonfunctional requirement considerations. For example, performance and latency won’t match a traditional database or transaction server, but scalability, redundancy, and high availability are built in.
Assets, participants, and transactions
When thinking about a potential blockchain solution and the benefits it brings to the network of participants, it is useful to view it in relation to the following concepts:
We have already introduced some examples of these. They are core concepts in a blockchain network that benefit from the four primary trust benefits introduced in the previous section.
Either purely digital, or backed by a physical object, an asset represents something that is recorded on the blockchain. The asset may be shared across the whole network, or can be kept private depending on the requirements. A smart contract defines the asset.
Participants occupy different levels in a blockchain network. There are those participants who run parts of the network and endorse transactions. Other members may consume services of the network but may rely on and trust other participants to run the network and endorse transactions. Then there are the end users who are interacting with the blockchain network through a user interface. The end user may not even be aware that a blockchain underpins the system.
The transactions are coded inside the smart contracts alongside the assets to which the transactions belong. Think of the transactions as the interaction points between the assets and the participants; a participant can create, delete, and update a given asset, assuming they are authorized to do so. It is these transactions that are stored immutably on the blockchain, which also provides the provenance of any changes to the asset over time.
The blockchain fit
First and foremost is to check there is a business network in place. Identify how many suppliers and partners are involved in both the internal and external network. If there is a good business network in place, consider the rest of the blockchain features.
As some of the disputes are related to differences between what was ordered and subsequently received, this can often be the result of different participants in a business network (partners, suppliers, and delivery companies) tracking goods in separate siloed systems.
Therefore, a shared ledger with consensus and finality provided by blockchain across the business network will help to reduce the overall number of disputes as it will give all participants the same information on the assets being tracked.
Furthermore, if changes to the data being tracked either intentionally or unintentionally are part of the root cause of these disputes, then the provenance and immutability features of blockchain could also help.
Last, consider the amount of time taken to resolve these issues. If there are multiple systems (including third-party systems) that someone needs to check in order to resolve any transactions in dispute, having a single shared ledger that is maintained through consensus will help reduce the time taken to resolve them.
Some further observations about how a blockchain-based solution can benefit this business network:
- Each participant in the business network has an identity and is permissioned in the network. This could help with your processes related to know your customer (KYC) and anti-money laundering (AML).
- Smart contracts could be designed to resolve some of the disputes automatically by maintaining consistency across the business network and therefore further reducing the number of disputes.
Choosing a first scenario
You may be considering multiple scenarios where blockchain provides a good solution fit. In this case, you will need to compare each to determine which is the best scenario to work on first.
We recommend a simple approach for comparing each scenario using a quadrant chart, where each is placed on the chart based on its relative benefit and simplicity.
In Figure 1, the x-axis is the simplicity of the scenario (simpler to the right) and the y-axis represents the benefit (more beneficial to the top). Place each scenario on the quadrant chart, considering its expected benefit and simplicity as a blockchain solution. This is best done as a group exercise with appropriate stakeholders who can provide the necessary insight to where each scenario falls in the chart based on level of simplicity and potential benefits.
Once all scenarios have been plotted on the chart, it becomes obvious which are the first scenarios to concentrate on—those that will provide the most benefits and are the simplest.
Transforming the business network
Once your first blockchain scenario has been identified, you will want to move to the next phase: building the minimal viable product (MVP). An MVP represents the minimum product that can be built to accomplish a goal of the blockchain scenario. Starting an MVP with blockchain shouldn’t be dissimilar to any other technology, and good software engineering practices, such as using Agile principles, will always be applicable. Following are some observations that will help as you start to transform your business with a new blockchain-based solution:
- Blockchain is a team sport. There will be multiple stakeholders from different organizations in the business network. Some of these organizations may not have traditionally worked directly with one another. Therefore, a clear understanding of the requirements and issues across all participants, and clear lines of communication and agreement, are critical to the success of the project.
- Use design thinking techniques that focus on the goals for the user to agree on the scope of the MVP.
- Use agile software engineering best practices, such as continuous integration and stakeholder feedback, to iterate throughout the development of the MVP. Keep stakeholders informed and act on feedback.
- Start with a small network and grow. There will be some challenges ahead, as this may be a paradigm shift for the business network.
- If replacing an existing system, consider running the blockchain-based solution as a shadow chain to mitigate risk. By this we mean, during the pilot phase, run the new platform alongside the legacy system. Ideally, you would pass real production data to the new blockchain-based system to test and validate it, while continuing to rely on the legacy system for this phase of the project. Only after thorough testing has been completed and the new system has been proven should you switch from the legacy system to the new.
- Although blockchain is likely to be a core foundational part of the solution, it probably won’t be the majority. The blockchain network will still integrate with other external systems, providing additional functions such as off-chain data storage, identity access management, Application Programming Interface (API) management and presentation layers, and so on.
This post is a collaboration between O’Reilly and IBM. See our statement of editorial independence.
Powered by WPeMatico
- First Person Adventure via Mario Maker (Vice) — the remarkable “3D Maze House (P59-698-55G)” by creator ねぎちん somehow manages to credibly re-create the experience of playing a first-person (!!) adventure game like Wizardy, something Nintendo cleary never intended.
- Measurable Counterfactual Local Explanations for Any Classifier — generates w-counterfactual explanations that state minimum changes necessary to flip a prediction’s classification [and …] builds local regression models, using the w-counterfactuals to measure and improve the fidelity of its regressions. Making AI “explain itself” is useful and hard; this seems like an interesting step forward.
- Student Evaluation of Teaching Ratings and Student Learning are Not Related (Science Direct) — Students do not learn more from professors with higher student evaluation of teaching (SET) ratings. […] New meta-analyses of multisection studies show that SET ratings are unrelated to student learning. (via Sciblogs)
- Apparent Gender-Based Discrimination in the Display of STEM Career Ads — women disproportionately click on job ads, so bidding algorithms charge more to advertisers to show to women, so men see more job ads. (via Ethan Molick)
Powered by WPeMatico