“Economic Predictions with Big Data: The Illusion of Sparsity”
Domenico Giannone, Michele Lenza, and Giorgio E. Primiceri, Federal Reserve Bank of New York, April 2018
The tl;dr version:
“Economic Predictions with Big Data: The Illusion of Sparsity”
Domenico Giannone, Michele Lenza, and Giorgio E. Primiceri, Liberty Street Economics, May 21, 2018
Seeking to explain why predictive economic models perform so poorly when applied to cases outside of their training set, the authors generate and study a large number of variant models for six economic phenomena (two in macroeconomics, two in microeconomics, and two in finance). Some of these models are sparse, in the sense that they posit that their predictions should depend on a small number of variables in the input data (the ones with the greatest predictive power) others are dense, allowing for dependence on many input variables.
Dense models are prone to overfitting. To prevent this, the training process identifies variables for which the training set provides only weak information and constrains their weights to be small so that their contributions to the models' predictions are limited (but usually nonzero).
The predictions of sparse models are easier to interpret because they generate simpler causal explanations. In dense models, it often turns out that very many factors contribute to the prediction so that the causal explanations are muddled and vary more from one instance to another.
The authors found that most of the economic phenomena that they tried to model actually have complex causal explanations, which is why the sparse models that economists have traditionally favored don't yield accurate predictions.
“Speculative Execution, Variant 4: Speculative Store Bypass”
Jann Horn, Monorail, Project Zero, February 6, 2018
“Side-Channel Vulnerability Variants 3a and 4”
United States Computer Emergency Readiness Team, May 22, 2018
“Spectre Chip Security Vulnerability Strikes Again; Patches Incoming”
Steven J. Vaughn-Nichols, Zero Day, May 22, 2018
A professional software developer describes how he came to write software that helped the United States Army kill people. His first-person account is followed by a few similar anecdotes from other developers and observers and concludes with some lessons about how to avoid killing people with your software.
“Don't Get Distracted”
Caleb Thompson, November 16, 2017
The project owner conveniently left out its purpose when explaining the goals. I conveniently didn't focus too much on that part. It was great pay for me at the time. It was a great project. Maybe I just didn't want to know what it would be used for. I got distracted.
“An O(N) Sorting Algorithm: Machine Learning Sorting”
Hanqing Zhao and Yueban Luo, arXiv, May 11, 2018
The authors propose a new method for sorting a gigantic array of arbitrary values in linear time: Select a fixed number (say 1000) values from the array and sort them. Using these values as a training set, train a three-layer neural network to estimate the position in the sorted array that any given value will occupy. Set up an array of buckets equal in size to the original array. Feed each value in the array into the neural network and put it in the bucket corresponding to the network's prediction of the value's position in the sorted array. A linear-time amount of post-processing can now ensure that every value is in a bucket that is within a fixed distance of its position in the sorted array. Apply insertion sort on the almost-sorted values in the array of buckets to build the actual sorted array. Since insertion sort runs in linear time on almost-sorted arrays, the whole process, including the training of the neural network, takes linear time.
I wouldn't have thought of that one.
Next month in arXiv: Adversarial sorting examples.
Stock photos of models portraying professionals reflect the stereotypes, misconceptions, or, um, imaginative design concepts of art directors.
“People Are Sharing Hilariously Bad Stock Photos of Their Jobs”
“Ilona”, BoredPanda, May 15, 2018
Some security researchers have discovered a new attack on PGP. They have written a paper explaining how it works and plan to publish it tomorrow, but the Electronic Frontier Foundation has learned enough about it that they are sounding an alarm even before the details are public:
“Attention PGP Users: New Vulnerabilities Require You to Take Action Now”
Danny O'Brien and Gennie Gebhart, Deeplinks, Electronic Frontier Foundation, May 13, 2018
A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with this research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. …
Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.
The story includes links to instructions provided by the EFF on how to temporarily disable the PGP plug-ins for Thunderbird, Apple Mail, and Outlook.Update (2018-05-14⊺11:34:32-05:00)
The discoverers of the attack now have a Web site up and have published a draft of their paper there:
“Efail: Breaking S/MIME and OpenPGP Email Encryption Using Exfiltration Channels”
Damian Poddebniak, Christian Dresen, Jens Miller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk, May 14, 2018
There are actually two vulnerabilities. One exploits peculiarities, arguably errors, in mail user agents that parse and interpret HTML in messages after they have been decrypted. The other exploits a weakness in the OpenPGP standard: Under certain circumstances, the standard doesn't require integrity checks and doesn't specify what a decryption algorithm should do when an integrity check fails. Consequently, many mail user agents do the wrong thing when they receive a message that has been tampered with.
The Electronic Frontier Foundation has a follow-up, and other security authorities are providing quick analysis as well:
“Not So Pretty: What You Need to Know about E-Fail and the PGP Flaw”
Erica Portnoy, Danny O'Brien, and Nate Cardozo, Deeplinks, Electronic Frontier Foundation, May 14, 2018
“Some Notes on eFail”
Robert Graham, Errata Security, May 14, 2018
“New Vulnerabilities in Many PGP and S/MIME Enabled Email Clients”
Matthew Green, Twitter, May 14, 2018
“As If Nuremberg Never Happened”
Peter van Buren, The American Conservative, March 19, 2018
Nothing will say more about who we are, across three American administrations — one that demanded torture, one that covered it up, and one that seeks to promote its bloody participants — than whether Gina Haspel becomes director of the CIA. …
Gina Haspel is now eligible for the CIA directorship because Barack Obama did not prosecute anyone for torture; he merely signed an executive order banning it in the future. He did not hold any truth commissions, and ensured that almost all government documents on the torture program remain classified. He did not prosecute the CIA officials who destroyed videotapes of the torture scenes. …
Unless Congress awakens to confront this nightmare and deny Gina Haspel's nomination as director of the CIA, torture will have transformed us and so it will consume us. Gina Haspel is a torturer. We are torturers. It is as if Nuremberg never happened.
“objecthub,” GitHub, May 5, 2018
LispKit is a framework for building Lisp-based extension and scripting languages for macOS applications. LispKit is fully written in the programming language Swift. LispKit implements a core language based on the R7RS (small) Scheme standard. It is extensible, allowing the inclusion of new native libraries written in Swift, of new libraries written in Scheme, as well as custom modifications of the core environment consisting of a compiler, a virtual machine as well as the core libraries.
It's free software, under the Apache 2.0 license.
This seems to be a kind of Mac OS analogue of GNU Guile.
An attempt to identify and explain the ethical preconditions for replacing social policies with algorithmic models. It's incomplete, but the questions that are included are relevant and salient, and the cautionary tales and links are thought-provoking.
“Math Can't Solve Everything: Questions We Need to Be Asking Before Deciding an Algorithm Is the Answer”
Jamie Williams and Lena Gunn, Deeplinks, Electronic Frontier Foundation, May 7, 2018
A surprising amount of research in artificial intelligence, and particularly in the field of machine learning, is being carried out by people who don't understand what they are doing, and yielding software that behaves in ways that are impossible to explain or understand. As a result, much of the work is difficult or impossible to reproduce or confirm.
“AI Researchers Allege that Machine Learning Is Alchemy”
Matthew Hutson, Science, May 3, 2018