A few years ago, during a visit to Cézanne’s studio in Aix-en-Provence, I experienced a flash of insight about the artist that I saw as intrinsic to his becoming the father of modern painting. Once having seen it, it inspired me to move in a new direction in my own work.
Cézanne painted his studio walls a dark gray with a hint of green. Every object in the studio, illuminated by a vast north window, seemed to be absorbed into the gray of this background. There were no telltale reflections around the edges of the objects to separate them from the background itself, as there would have been had the wall been painted white. Therefore, I could see how Cézanne, making his small, patch-like brush marks, might have moved his gaze from object to background, and back again to the objects, without the familiar intervention of the illusion of space. Cézanne’s was the first voice of “flatness,” the first statement of the modern idea that a painting was simply paint on a flat canvas, nothing more, and the environment he made served this idea. The play of light on this particular tone of gray was a precisely keyed background hum that allowed a new exchange between, say, the red of an apple and the equal value of the gray background. It was a proposal of tonal nearness that welcomed the idea of flatness.
U.S. infrastructure is in “a pre-9/11 moment” when it comes to cybersecurity and time is running short to shore up its cyber defenses, an industry advisory committee warned Tuesday.
If government and industry don’t dramatically boost their efforts to protect critical infrastructure, such as the financial system or electric grids, they risk missing a “narrow and fleeting window of opportunity before a watershed, 9/11-level cyberattack,” according to a report approved by the Homeland Security Department’s National Infrastructure Advisory Council.
A long time ago, developers wrote assembly code that ran fast and light. On good days, they had enough money in their budget to hire someone to toggle all those switches on the front of the machine to input their code. On bad days, they flipped the switches themselves. Life was simple: The software loaded data from memory, did some arithmetic, and sent it back. That was all.
Today, developers must work with teams spread across multiple continents where people speak different languages with different character sets and – this is the bad part – use different versions of the compiler. Some of the code is new, and some may be from decade-old libraries that may or may not come with source code. Building team spirit and slogging through the mess is only the beginning of what it means to be a programmer today.
Once the darling of the developer community, Ruby’s popularity has plummeted in the past few years, leading some tech leaders to wonder if the language may eventually die out completely.
In IEEE Spectrum’s ranking of the top programming languages, Ruby comes in at No. 12—down from No. 8 in 2014.
The lack of job prospects led coding bootcamp Coding Dojo to drop Ruby courses from all of its six campuses across the US by the end of the year, while adding a full-stack course in Java.
“We looked at local markets to see the most relevant technologies, and we found that Java was at the top of the charts, and Ruby on Rails seemed to rank much lower in demand in terms of startup positions, and general demand and interest,” said Speros Misirlakis, head of curriculum at Coding Dojo.
David Hilbert, the great German mathematician (he died in 1943), had a stupendous, dazzling vision. He hoped and believed that some day mathematicians would construct one vast formal deductive system with axioms so powerful that every possible theorem in all of mathematics could be proved true or false. Such a system would have to be both consistent and complete. Consistent means it is impossible to prove both a statement and its negation. Complete means that every statement in the system can be proved true or false.
In 1931, to the astonishment of mathematicians, a shy, reclusive Austrian, Kurt Gödel, aged twenty-five, shattered Hilbert’s magnificent dream. Gödel showed that any formal system rich enough to include arithmetic and elementary logic could not be both consistent and complete. If complete, it would contain an infinity of true statements that could not be proved by the system’s axioms. What is worse, even the consistency of such a system cannot be established by reasoning within the system. “God exists,” a mathematician remarked, “because mathematics is consistent, and the devil exists because we can never prove it.”
I recall a cartoon by Robert Monkoff which shows a man in a restaurant examining his bill. He is saying to the puzzled waiter: “The arithmetic seems correct, yet I find myself haunted by the idea that the basic axioms on which arithmetic is based might give rise to contradictions that would then invalidate these computations.”
Fortunately, arithmetic can be shown consistent, but only by going outside it to a larger system. Alas, the larger system can’t be proved consistent without going to a still larger system. Many formal systems less complex than arithmetic, such as simple logic and even arithmetic without multiplication and division, can be proved consistent and complete without going beyond the system. But on levels that include all of arithmetic, the need for meta-systems to prove completeness and consistency never ends. There is no final system, such as Hilbert longed for, that captures all of mathematics. “Truth,” as the authors of this new book encapsule it, “is larger than proof.”
A major global cyber-attack disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that infected more than 300,000 computers last month.
The rapidly spreading cyber extortion campaign, which began on Tuesday, underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.
Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack.British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.
Ukrainian firms, including the state power distributor and Kiev’s main airport were among the first to report issues.
Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month.
Sensitive personal details relating to almost 200 million US citizens have been accidentally exposed by a marketing firm contracted by the Republican National Committee.
The 1.1 terabytes of data includes birthdates, home addresses, telephone numbers and political views of nearly 62% of the entire US population.
The data was available on a publicly accessible Amazon cloud server.
Anyone could access the data as long as they had a link to it.
Political biases exposed
The huge cache of data was discovered last week by Chris Vickery, a cyber-risk analyst with security firm UpGuard. The information seems to have been collected from a wide range of sources – from posts on controversial banned threads on the social network Reddit, to committees that raised funds for the Republican Party.
The information was stored in spreadsheets uploaded to a server owned by Deep Root Analytics. It had last been updated in January when President Donald Trump was inaugurated and had been online for an unknown period of time.
“We take full responsibility for this situation. Based on the information we have gathered thus far, we do not believe that our systems have been hacked,” Deep Root Analytics’ founder Alex Lundry told technology website Gizmodo.
“Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.”
Apart from personal details, the data also contained citizens’ suspected religious affiliations, ethnicities and political biases, such as where they stood on controversial topics like gun control, the right to abortion and stem cell research.
The file names and directories indicated that the data was meant to be used by influential Republican political organisations. The idea was to try to create a profile on as many voters as possible using all available data, so some of the fields in the spreadsheets were left left empty if an answer could not be found.
“That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling,” Dan O’Sullivan wrote in a blog post on Upguard’s website.
“The ability to collect such information and store it insecurely further calls into question the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations.”
Although it is known that political parties routinely gather data on voters, this is the largest breach of electoral data in the US to date and privacy experts are concerned about the sheer scale of the data gathered.
“This is deeply troubling. This is not just sensitive, it’s intimate information, predictions about people’s behaviour, opinions and beliefs that people have never decided to disclose to anyone,” Privacy International’s policy officer Frederike Kaltheuner told the BBC News website.
“It is a threat to the way democracy works. The GOP [Republican Party] relied on publicly-collected, commercially-provided information. Nobody would have realised that the data they entrusted to one organisation would end up in a database used to target them politically.
“You should be in charge of what is happening to your data, who can use it and for what purposes,” Ms Kaltheuner added.
There are fears that leaked data can easily be used for nefarious purposes, from identity fraud to harassment of people under protection orders, or to intimidate people who hold an opposing political view.
“The potential for this type of data being made available publicly and on the dark web is extremely high,” Paul Fletcher, a cyber-security evangelist at security firm Alert Logic told the BBC.
Ten years ago, Jeffrey Adams, a mathematician at the University of Maryland, made an appearance in The New York Times that prompted a series of angry emails. His correspondents all wanted to know one thing: “Who the hell do you think you are?”
Who Adams is is the leader of a cutting-edge mathematical research project called the Atlas of Lie Groups and Representations. Lie groups are named after Norwegian mathematician Sophus Lie (rhymes with “free,” not “fry”), who studied these crucial mathematical objects. Lie groups are used to map the inner machinery of multidimensional symmetrical objects, and they’re important because symmetry underpins far-flung mathematical concepts, from a third-grade number line to many-dimensional string theory. The Atlas project is a bona fide atlas of these objects, an exhaustive compendium of Lie group information, including tables of data about what they “look” like and what makes them tick. You’d think that cracking the code on these fundamental mathematical ideas would be a big deal. It is, but Adams would rather not dwell on it.
The success of the atlas project poses a tough math problem of a different kind: What should math’s relationship be with the broader, non-expert public? On the one hand, mathematicians in particular and scientists in general relish publicity. It allows them to trumpet good work, lobby for funding and inspire the next generation. On the other, in an ultra-specialized field such as math, publicity can twist finely constructed theorems, proofs and calculations beyond recognition.
In 2007, just before the angry emails started to roll in, the atlas group cleared an early hurdle in its quest, mapping an exotic and supersymmetric Lie group known as E8. They still had years of work before they could declare the atlas complete, yet the milestone was celebrated with a splashy press release from the American Institute of Mathematics explaining that the calculation, “if written out in tiny print, would cover an area the size of Manhattan.” It also provided a pretty picture of the “root system” of E8.
The combination of a superlative calculation and an eye-popping visualization was viral mathematical fuel. The New York Times wrote excitedly that the E8 calculation “may underlie the Theory of Everything that physicists seek to describe the universe.” (Everything! The universe!) E8newsbouncedaround the internet for months. “All hell broke loose,” Adams said. “We got this incredible tsunami of publicity, and it was only a sort of preliminary, intermediate result. Some people thought it was distasteful.”
Who the hell did he think he was?
“Mathematicians are extremely reluctant to publicize what they do,” Adams said. “The immediate reaction from 90 percent of mathematicians is, ‘It’s too hard, there’s no point in trying to write about this in the popular press.’” (Yet here we are.)
The atlas work, far from complete even amid the tsunami, continued apace. About two months ago — 15 years after it began — the project was finally completed. Adams and his colleagues released Version 1.0 of their atlas software.
This time around, however, there’s been no press release, no pretty picture, no city-size braggadocio, no New York Times story. Adams and his team haven’t trumpeted this latest accomplishment at all. When I reached him at his home, he summarized the milestone plainly, but proudly, in the jargon of his field: “We can now compute the Hermitian form on any irreducible representation.”
Raphaël Rouquier, a mathematician and Lie theorist at UCLA, echoed the ticklish relationship between mathematicians and the press. “There is a general feeling in the pure math community that popularizing mathematics is betraying mathematics,” Rouquier said. But he also argued for the importance of getting the word out. “I think there’s a need for mathematics to be represented in the press,” he said. “And I think we live in a society where people need to be more exposed to science. It’s good for politicians and readers.” The last few decades, up to and including the atlas, have been “an amazing chapter of mathematics,” he said.
Still, for those who do want to bullhorn their research, the difficulty of translation remains, especially compared to the other hard sciences. “We’re not trying to describe the real world,” Rouquier said.
Ah, but then should those of us in the real world care? The hope may be that other scientists, and the rest of us who don’t care about 248-dimensional objects, may profit from this math, but there’s no guarantee. Pure mathematicians do their work with no expectation of concrete application, although applications do have a way of presenting themselves when one least expects it — and often after the mathematician is long dead. In the case of the atlas, symmetry plays an important role in math, but also in physics and biology and astronomy. “There’s always symmetry underlying various systems,” Adams said. “Generally, mathematicians can’t say that what we’re working on is going to be good for society or something,” he said. “Our strong belief is that over time, as we learn these things, we wind up finding applications.”
David Vogan, who’s a mathematician at MIT and was involved with the atlas project, described academic mathematics as a garden. There are showy, flowery fields like number theory. Its beautiful problems and elegant results, such as the prime gap or Fermat’s last theorem, are math’s orchids. There are also the tomatoes — the things you can eat out of the garden, the practical yield. These disciplines, like Fourier analysis with its concrete applications to signal processing of audio, radio and light waves, are businesslike. And then there are the disciplines, often unheralded, that keep the rest of the garden growing — the hoes, the sprinklers. Lie groups, their representations and the atlas project are an example.
“Representation theory,” the field of the atlas group’s research, “is the fertilizer or the rose trellis, depending on the day of the week,” Vogan said.
Even when researchers do want their work shared widely, why don’t we read more about the fuel that makes math grow? “The physicists tell exciting stories,” Vogan said. “In some ways, this is a failure of mathematicians to tell exciting stories.” The physicists also have better names. Black hole and God particle quicken the pulse somewhat more than “irreducible unitary representation.”
The asymmetry in storytelling between math and the other sciences may also be because the research has different start-up costs. You need billions of dollars to build an enormous tunnel to house a particle accelerator to discover evidence of the God particle, also known as the Higgs boson. A good story may secure you coverage, enthusiasm and, if you’re lucky, lots of cash. To map Lie groups, Vogan said, you just need a teaching load light enough to put in extra work on the weekends: “We can do these things with small amounts of money.”
Even after the release of Version 1.0, and even in relative silence, the group has no intention of stopping, and it’ll continue to unravel the symmetric secrets of the mathematical universe. “It’s never complete,” Adams said. “There’s much more to do. I’ll die before I’m happy with everything.”
WikiLeaks on Thursday made public a CIA implant that is used to turn a Windows file server into a malware distribution point on the local network.
The documents describing the tool, Pandemic, explain how remote machines on the local network trying to download and-or execute documents from the file server over SMB are infected with “replacement” documents on the fly. The implant swaps out the document with a Trojanized version while it’s in transit, never touching the original document on the file server.
The documentation that was leaked yesterday spans from January 2014 to April 2014 and is for versions 1.0 and 1.1.
The leaks are just the latest CIA tools to be dumped on the internet by the polarizing whistleblower outfit, which has for every Friday since March—save last week—put CIA documents and attacks online for public consumption.
In between are the ShadowBrokers pouring more gasoline on this information-based firestorm promising monthly leaks of not only NSA-built exploits targeting browsers, handsets and Windows 10 computers, but also stolen data allegedly from China, Iran, Russia and North Korea’s nuclear and missile programs.
The ShadowBrokers have already leaked their share of Windows-based exploits and vulnerabilities, the most worrisome being an April disclosure of SMB flaws and attacks that had been patched by Microsoft in March after it was allegedly tipped off by the NSA. One of those SMB exploits, EternalBlue, was of course used to launch and spread the WannaCry ransomware attacks three weeks ago today.
The Pandemic leak does not explain what the CIA’s initial infection vector is, but does describe it as a persistent implant.
“As the name suggests, a single computer on a local network with shared drives that is infected with the ‘Pandemic’ implant will act like a ‘Patient Zero’ in the spread of a disease,” WikiLeaks said in its summary description. “‘Pandemic’ targets remote users by replacing application code on-the-fly with a Trojaned version if the program is retrieved from the infected machine.”
The key to evading detection is its ability to modify or replace requested files in transit, hiding its activity by never touching the original file. The new attack then executes only on the machine requesting the file.
Version 1.1 of Pandemic, according to the CIA’s documentation, can target and replace up to 20 different files with a maximum size of 800MB for a single replacement file.
“It will infect remote computers if the user executes programs stored on the pandemic file server,” WikiLeaks said. “Although not explicitly stated in the documents, it seems technically feasible that remote computers that provide file shares themselves become new pandemic file servers on the local network to reach new targets.”
The CIA describes Pandemic as a tool that runs as kernel shellcode that installs a file system filter driver. The driver is used to replace a file with a payload when a user on the local network accesses the file over SMB.
“The goal of Pandemic is to be installed on a machine where the remote users use SMB to download/execute PE (portable executable) files,” the documentation says. “Users that are targeted by Pandemic, and use SMB to download the targeted file, will receive the ‘replacement’ file.”