Group items tagged

Establishing safeguards against North Korea transferring nuclear components and technology to other states or non-state actors like terrorist groups would be difficult to verify but still worth pursuing in negotiations, Perry said. (North Korea has a history of proliferating missiles and other materials related to weapons of mass destruction.)

hile recognizing North Korea diplomatically and finally concluding the Korean War might seem like grand gestures, Perry argued that they are actually “easy and cheap” for the United States to implement—and, maybe most importantly, “reversible” in the event that North Korea reneges on its end of the bargain. The outcome Perry envisions is, as he put it, possible, desirable, and verifiable. It's also a far cry from the denuclearization of North Korea.

"It was just an implication of, 'Look hard and see how many ballots you could throw out.' "

Graham had cast doubt on Georgia's signature-matching law in a conversation on Friday, and had also floated the possibility that biased poll workers could have counted ballots with inconsistent signatures.

There has been no evidence of widespread voter fraud in the 2020 election, and fraudulently altering a federal election vote tally is a federal crime.

Graham denied Raffensperger's claim on Monday, telling CNN that he had said he wanted to understand the process for verifying the signatures on mail-in ballots

Asked if he was trying to pressure the secretary of state to toss legal ballots, Graham said, "That's ridiculous."

"What I'm trying to find out was how do you verify signatures on mail-in ballots in these states that are the center of attention? So like when you mail in a ballot, you got to have some way to verify that the signature on the envelope actually matches the person who requested the ballot," Graham said

"So they expanded mail-in voting, and how you verify the signatures to me is the big issue

Raffensperger told Blitzer that Georgia's election systems already require signature matches when voters request mail ballots and when completed ballots are returned to election systems. He also said the online absentee portal has a photo ID.

"We feel confident the election officials did their job," he said.

On Friday, CNN projected that Biden will win Georgia and its 16 electoral votes. Unofficial results put Biden ahead of Trump by about 14,000 votes, or about 0.3 percentage point.

due to the tight margin, state officials decided to use the preplanned audit process to recount every ballot in the presidential race.

At least six small counties in Georgia have finished their presidential recounts without finding any discrepancies.

A seventh county, Floyd, reported that 2,600 uncounted ballots had been found during their recount -- the ballots hadn't been scanned when the county tallied its early vote. An investigation is underway but human error has been deemed responsible.

Experts say it would be nearly impossible for Trump to overcome his 14,000-vote deficit in a recount.

"We want to make sure this vote is very accurate. We understand the national importance of this, and we're in the process of doing it," he told Blitzer on Monday. "The counters will be done by the 18th and we will certify this by the 20th."

Raffensperger, among other things, defended the integrity of absentee ballots, signature verification, and the vote counting machines

Raffensperger responded that his team "secured and strengthened absentee ballots for the first time since 2005" by outlawing absentee ballot harvesting and also addressed the "disinformation about signature match," writing that "GBI trained elections officials match your signature twice before any vote is cast."

He also posted links to news articles debunking Trump's tweets, including one alleging the Dominion voting software used in Georgia for the presidential election "deleted" and "switched" millions of votes

On Monday, the platform went dark after a hacker took over the accounts of 178 users, including Torba and the Republican congresswoman Marjorie Taylor Greene.

Gab, a Twitter-like website promoted by Torba as a bastion of free speech, has long been a forum of last resort for extremists and conspiracy theorists who have been banned on other online platforms. It attained worldwide notoriety in 2018 when a user, Robert Bowers, wrote on the site that he was “going in”, shortly before allegedly entering the Tree of Life synagogue in Pittsburgh, Pennsylvania, and killing eleven people.

The leaked files contained what appears to be a database of over 4.1 million registered users on the site and tags identifying subscribers as “investors”, “verified” users and “pro” users.

The 2017 share offering, for example, required a minimum investment of $199.10, and rewarded investors who contributed a greater amount with “perks”. Users who invested $200 could display a “Gab investor badge” on the site. The badges corresponded with a tag in the database, which allowed investors to be looked at in detail.

Some of the people associated with investors’ accounts had high-profile jobs and public roles, while spewing hate and extremist beliefs online.

The data breach also appears to offer some insight into users tagged as “verified” by Gab, which according to the platform’s own explanation means that they have completed a verification process that includes matching their display name to a government ID.

And it appears to include a list of users registered as “pros”, which allows users to access additional features and a badge at a price starting at $99 year. The database indicates over 18,000 users had paid to be pro users at the time of the breach. Nearly 4,000 users were flagged as donors to Gab’s repeated attempts to attract voluntary gifts from users.

Direct messages included in the leak appear to show close communication between Torba and a major QAnon influencer who is labeled a Gab investor, seemingly reinforcing the CEO’s public efforts to make Gab a home for adherents to the QAnon conspiracy theory, which helped fuel the 6 January attack on the nation’s Capitol.

According to Wired, the data exposed in the apparent hack was sourced by a hacker who had found a security vulnerability in the site.

“Gab was negligent at best and malicious at worst” in its approach to security, she added. “It is hard to envision a scenario where a company cared less about user data than this one.”

Trump repeatedly attacked the validity of the election results, tweeting that this was a "RIGGED ELECTION," a "Rigged and Corrupt Election" and a "Rigged Election Hoax." He also tweeted that this was the "most fraudulent Election in history" and that the results are "fake."

None of this is true. The election was not rigged, and there is no evidence of any fraud large enough to have changed the outcome.

Again, not true. Election Day glitches are unfortunate but normal, and there is no evidence of anybody trying to use voting technology to steal votes.

Trump tweeted that there are "millions of ballots that have been altered by Democrats, only for Democrats."

This is false. There is no evidence that millions of ballots were altered by Democrats. In fact, there is not currently evidence that ballots were improperly altered by anyone.

Trump tweeted, "All of the mechanical 'glitches' that took place on Election Night were really THEM getting caught trying to steal votes."

"The November 3rd election was the most secure in American history."

There is no evidence of people voting after the election was over.

Trump quoted a 1994 article about absentee ballot fraud in a state Senate election in Philadelphia in 1993;

Trump repeatedly criticized Georgia's ongoing audit of the presidential election there, in which all ballots are being recounted by hand. Trump tweeted, "The Fake recount going on in Georgia means nothing because they are not allowing signatures to be looked at and verified. Break the unconstitutional Consent Decree!"

Trump then tweeted, "Wow. This is exactly what happened to us. Great courage by judge!"

There is no evidence of a fraud scheme in Philadelphia in the 2020 election.

Trump tweeted, "700,000 ballots were not allowed to be viewed in Philadelphia and Pittsburgh which means, based on our great Constitution, we win the State of Pennsylvania!"

This is nonsense.

a Trump campaign lawyer has admitted in court that the campaign's observers were permitted to watch in Philadelphia. And even if, hypothetically, Trump observers had been improperly barred, nothing in the Constitution would make Trump the automatic winner of a state in which he trails by more than 65,000 votes as counting continues.

"NO VOTE WATCHERS OR OBSERVERS allowed."

Trump campaign observers were permitted wherever Biden campaign observers were permitted.

Trump claimed that the election was "stolen" in part by a voting equipment and software company, Dominion Voting Systems, he suggested is biased against him and also has "bum equipment."

There is no evidence of any wrongdoing by Dominion and no evidence that any issues with Dominion's technology affected vote counts

Again, the Trump administration said in the statement last week: "There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised."

Trump alleged that there was "voting after the Election was over."

The Georgia audit is not fake in any way. While it's true that the state's recount process does not involve signature verification, voters' signatures were verified twice before the ballots were included in the count in the first place

Georgia residents' signatures are verified twice, first when they request an absentee ballot and second when they submit the ballot.

o individual ballot could be connected to an individual signature in a recount, even if someone wanted to violate the bedrock American principle of the secret ballot.

The "Consent Decree" Trump was complaining about is a March legal settlement, between the state and the Democratic Party, that did not prevent signature verification. Rather, it set rules for how and when Georgia voters must be contacted about ballots rejected because of signature issues (and other issues), so that they have time to fix these problems before the count is finalized.

Code is too hard to think about. Before trying to understand the attempts themselves, then, it’s worth understanding why this might be: what it is about code that makes it so foreign to the mind, and so unlike anything that came before it.

Technological progress used to change the way the world looked—you could watch the roads getting paved; you could see the skylines rise. Today you can hardly tell when something is remade, because so often it is remade by code.

Software has enabled us to make the most intricate machines that have ever existed. And yet we have hardly noticed, because all of that complexity is packed into tiny silicon chips as millions and millions of lines of cod

The programmer, the renowned Dutch computer scientist Edsger Dijkstra wrote in 1988, “has to be able to think in terms of conceptual hierarchies that are much deeper than a single mind ever needed to face before.” Dijkstra meant this as a warning.

“The serious problems that have happened with software have to do with requirements, not coding errors.” When you’re writing code that controls a car’s throttle, for instance, what’s important is the rules about when and how and by how much to open it. But these systems have become so complicated that hardly anyone can keep them straight in their head. “There’s 100 million lines of code in cars now,” Leveson says. “You just cannot anticipate all these things.”

What made programming so difficult was that it required you to think like a computer.

The introduction of programming languages like Fortran and C, which resemble English, and tools, known as “integrated development environments,” or IDEs, that help correct simple mistakes (like Microsoft Word’s grammar checker but for code), obscured, though did little to actually change, this basic alienation—the fact that the programmer didn’t work on a problem directly, but rather spent their days writing out instructions for a machine.

“The problem is that software engineers don’t understand the problem they’re trying to solve, and don’t care to,” says Leveson, the MIT software-safety expert. The reason is that they’re too wrapped up in getting their code to work.

As programmers eagerly poured software into critical systems, they became, more and more, the linchpins of the built world—and Dijkstra thought they had perhaps overestimated themselves.

a nearly decade-long investigation into claims of so-called unintended acceleration in Toyota cars. Toyota blamed the incidents on poorly designed floor mats, “sticky” pedals, and driver error, but outsiders suspected that faulty software might be responsible

software experts spend 18 months with the Toyota code, picking up where NASA left off. Barr described what they found as “spaghetti code,” programmer lingo for software that has become a tangled mess. Code turns to spaghetti when it accretes over many years, with feature after feature piling on top of, and being woven around

Using the same model as the Camry involved in the accident, Barr’s team demonstrated that there were actually more than 10 million ways for the onboard computer to cause unintended acceleration. They showed that as little as a single bit flip—a one in the computer’s memory becoming a zero or vice versa—could make a car run out of control. The fail-safe code that Toyota had put in place wasn’t enough to stop it

. In all, Toyota recalled more than 9 million cars, and paid nearly $3 billion in settlements and fines related to unintended acceleration.

The problem is that programmers are having a hard time keeping up with their own creations. Since the 1980s, the way programmers work and the tools they use have changed remarkably little.

“Visual Studio is one of the single largest pieces of software in the world,” he said. “It’s over 55 million lines of code. And one of the things that I found out in this study is more than 98 percent of it is completely irrelevant. All this work had been put into this thing, but it missed the fundamental problems that people faced. And the biggest one that I took away from it was that basically people are playing computer inside their head.” Programmers were like chess players trying to play with a blindfold on—so much of their mental energy is spent just trying to picture where the pieces are that there’s hardly any left over to think about the game itself.

The fact that the two of them were thinking about the same problem in the same terms, at the same time, was not a coincidence. They had both just seen the same remarkable talk, given to a group of software-engineering students in a Montreal hotel by a computer researcher named Bret Victor. The talk, which went viral when it was posted online in February 2012, seemed to be making two bold claims. The first was that the way we make software is fundamentally broken. The second was that Victor knew how to fix it.

Though he runs a lab that studies the future of computing, he seems less interested in technology per se than in the minds of the people who use it. Like any good toolmaker, he has a way of looking at the world that is equal parts technical and humane. He graduated top of his class at the California Institute of Technology for electrical engineering,

WYSIWYG (pronounced “wizzywig”) came along. It stood for “What You See Is What You Get.”

“Our current conception of what a computer program is,” he said, is “derived straight from Fortran and ALGOL in the late ’50s. Those languages were designed for punch cards.”

in early 2012, Victor had finally landed upon the principle that seemed to thread through all of his work. (He actually called the talk “Inventing on Principle.”) The principle was this: “Creators need an immediate connection to what they’re creating.” The problem with programming was that it violated the principle. That’s why software systems were so hard to think about, and so rife with bugs: The programmer, staring at a page of text, was abstracted from whatever it was they were actually making.

Victor’s point was that programming itself should be like that. For him, the idea that people were doing important work, like designing adaptive cruise-control systems or trying to understand cancer, by staring at a text editor, was appalling.

With the right interface, it was almost as if you weren’t working with code at all; you were manipulating the game’s behavior directly.

When the audience first saw this in action, they literally gasped. They knew they weren’t looking at a kid’s game, but rather the future of their industry. Most software involved behavior that unfolded, in complex ways, over time, and Victor had shown that if you were imaginative enough, you could develop ways to see that behavior and change it, as if playing with it in your hands. One programmer who saw the talk wrote later: “Suddenly all of my tools feel obsolete.”

hen John Resig saw the “Inventing on Principle” talk, he scrapped his plans for the Khan Academy programming curriculum. He wanted the site’s programming exercises to work just like Victor’s demos. On the left-hand side you’d have the code, and on the right, the running program: a picture or game or simulation. If you changed the code, it’d instantly change the picture. “In an environment that is truly responsive,” Resig wrote about the approach, “you can completely change the model of how a student learns ... [They] can now immediately see the result and intuit how underlying systems inherently work without ever following an explicit explanation.” Khan Academy has become perhaps the largest computer-programming class in the world, with a million students, on average, actively using the program each month.

. In traditional programming, your task is to take complex rules and translate them into code; most of your energy is spent doing the translating, rather than thinking about the rules themselves. In the model-based approach, all you have is the rules. So that’s what you spend your time thinking about. It’s a way of focusing less on the machine and more on the problem you’re trying to get it to solve.

“Everyone thought I was interested in programming environments,” he said. Really he was interested in how people see and understand systems—as he puts it, in the “visual representation of dynamic behavior.” Although code had increasingly become the tool of choice for creating dynamic behavior, it remained one of the worst tools for understanding it. The point of “Inventing on Principle” was to show that you could mitigate that problem by making the connection between a system’s behavior and its code immediate.

In a pair of later talks, “Stop Drawing Dead Fish” and “Drawing Dynamic Visualizations,” Victor went one further. He demoed two programs he’d built—the first for animators, the second for scientists trying to visualize their data—each of which took a process that used to involve writing lots of custom code and reduced it to playing around in a WYSIWYG interface.

Victor suggested that the same trick could be pulled for nearly every problem where code was being written today. “I’m not sure that programming has to exist at all,” he told me. “Or at least software developers.” In his mind, a software developer’s proper role was to create tools that removed the need for software developers. Only then would people with the most urgent computational problems be able to grasp those problems directly, without the intermediate muck of code.

Victor implored professional software developers to stop pouring their talent into tools for building apps like Snapchat and Uber. “The inconveniences of daily life are not the significant problems,” he wrote. Instead, they should focus on scientists and engineers—as he put it to me, “these people that are doing work that actually matters, and critically matters, and using really, really bad tools.”

“people are not so easily transitioning to model-based software development: They perceive it as another opportunity to lose control, even more than they have already.”

In a model-based design tool, you’d represent this rule with a small diagram, as though drawing the logic out on a whiteboard, made of boxes that represent different states—like “door open,” “moving,” and “door closed”—and lines that define how you can get from one state to the other. The diagrams make the system’s rules obvious: Just by looking, you can see that the only way to get the elevator moving is to close the door, or that the only way to get the door open is to stop.

Bantegnie’s company is one of the pioneers in the industrial use of model-based design, in which you no longer write code directly. Instead, you create a kind of flowchart that describes the rules your program should follow (the “model”), and the computer generates code for you based on those rules

“Typically the main problem with software coding—and I’m a coder myself,” Bantegnie says, “is not the skills of the coders. The people know how to code. The problem is what to code. Because most of the requirements are kind of natural language, ambiguous, and a requirement is never extremely precise, it’s often understood differently by the guy who’s supposed to code.”

On this view, software becomes unruly because the media for describing what software should do—conversations, prose descriptions, drawings on a sheet of paper—are too different from the media describing what software does do, namely, code itself.

for this approach to succeed, much of the work has to be done well before the project even begins. Someone first has to build a tool for developing models that are natural for people—that feel just like the notes and drawings they’d make on their own—while still being unambiguous enough for a computer to understand. They have to make a program that turns these models into real code. And finally they have to prove that the generated code will always do what it’s supposed to.

tice brings order and accountability to large codebases. But, Shivappa says, “it’s a very labor-intensive process.” He estimates that before they used model-based design, on a two-year-long project only two to three months was spent writing code—the rest was spent working on the documentation.

uch of the benefit of the model-based approach comes from being able to add requirements on the fly while still ensuring that existing ones are met; with every change, the computer can verify that your program still works. You’re free to tweak your blueprint without fear of introducing new bugs. Your code is, in FAA parlance, “correct by construction.”

The ideas spread. The notion of liveness, of being able to see data flowing through your program instantly, made its way into flagship programming tools offered by Google and Apple. The default language for making new iPhone and Mac apps, called Swift, was developed by Apple from the ground up to support an environment, called Playgrounds, that was directly inspired by Light Table.

The bias against model-based design, sometimes known as model-driven engineering, or MDE, is in fact so ingrained that according to a recent paper, “Some even argue that there is a stronger need to investigate people’s perception of MDE than to research new MDE technologies.”

“Human intuition is poor at estimating the true probability of supposedly ‘extremely rare’ combinations of events in systems operating at a scale of millions of requests per second,” he wrote in a paper. “That human fallibility means that some of the more subtle, dangerous bugs turn out to be errors in design; the code faithfully implements the intended design, but the design fails to correctly handle a particular ‘rare’ scenario.”

Newcombe was convinced that the algorithms behind truly critical systems—systems storing a significant portion of the web’s data, for instance—ought to be not just good, but perfect. A single subtle bug could be catastrophic. But he knew how hard bugs were to find, especially as an algorithm grew more complex. You could do all the testing you wanted and you’d never find them all.

An algorithm written in TLA+ could in principle be proven correct. In practice, it allowed you to create a realistic model of your problem and test it not just thoroughly, but exhaustively. This was exactly what he’d been looking for: a language for writing perfect algorithms.

TLA+, which stands for “Temporal Logic of Actions,” is similar in spirit to model-based design: It’s a language for writing down the requirements—TLA+ calls them “specifications”—of computer programs. These specifications can then be completely verified by a computer. That is, before you write any code, you write a concise outline of your program’s logic, along with the constraints you need it to satisfy

Programmers are drawn to the nitty-gritty of coding because code is what makes programs go; spending time on anything else can seem like a distraction. And there is a patient joy, a meditative kind of satisfaction, to be had from puzzling out the micro-mechanics of code. But code, Lamport argues, was never meant to be a medium for thought. “It really does constrain your ability to think when you’re thinking in terms of a programming language,”

Code makes you miss the forest for the trees: It draws your attention to the working of individual pieces, rather than to the bigger picture of how your program fits together, or what it’s supposed to do—and whether it actually does what you think. This is why Lamport created TLA+. As with model-based design, TLA+ draws your focus to the high-level structure of a system, its essential logic, rather than to the code that implements it.

But TLA+ occupies just a small, far corner of the mainstream, if it can be said to take up any space there at all. Even to a seasoned engineer like Newcombe, the language read at first as bizarre and esoteric—a zoo of symbols.

this is a failure of education. Though programming was born in mathematics, it has since largely been divorced from it. Most programmers aren’t very fluent in the kind of math—logic and set theory, mostly—that you need to work with TLA+. “Very few programmers—and including very few teachers of programming—understand the very basic concepts and how they’re applied in practice. And they seem to think that all they need is code,” Lamport says. “The idea that there’s some higher level than the code in which you need to be able to think precisely, and that mathematics actually allows you to think precisely about it, is just completely foreign. Because they never learned it.”

“In the 15th century,” he said, “people used to build cathedrals without knowing calculus, and nowadays I don’t think you’d allow anyone to build a cathedral without knowing calculus. And I would hope that after some suitably long period of time, people won’t be allowed to write programs if they don’t understand these simple things.”

Programmers, as a species, are relentlessly pragmatic. Tools like TLA+ reek of the ivory tower. When programmers encounter “formal methods” (so called because they involve mathematical, “formally” precise descriptions of programs), their deep-seated instinct is to recoil.

Formal methods had an image problem. And the way to fix it wasn’t to implore programmers to change—it was to change yourself. Newcombe realized that to bring tools like TLA+ to the programming mainstream, you had to start speaking their language.

he presented TLA+ as a new kind of “pseudocode,” a stepping-stone to real code that allowed you to exhaustively test your algorithms—and that got you thinking precisely early on in the design process. “Engineers think in terms of debugging rather than ‘verification,’” he wrote, so he titled his internal talk on the subject to fellow Amazon engineers “Debugging Designs.” Rather than bemoan the fact that programmers see the world in code, Newcombe embraced it. He knew he’d lose them otherwise. “I’ve had a bunch of people say, ‘Now I get it,’” Newcombe says.

In the world of the self-driving car, software can’t be an afterthought. It can’t be built like today’s airline-reservation systems or 911 systems or stock-trading systems. Code will be put in charge of hundreds of millions of lives on the road and it has to work. That is no small task.

The vast majority of those untallied ballots are in Clark County, which includes Las Vegas and its populous surrounding suburbs

Election staff manually examines signatures not verified by the machine. Later, a review is done to make sure the total number of ballots processed matches the number of ballots received. Once verified, those ballots are counted.

Gloria said he expected the majority of the remaining ballots to be counted by Sunday.

Processing mail-in ballots takes longer but "we haven't had any hiccups, we haven't had any delays," said spokeswoman Bethany Drysdale.

Election experts have calculated that, in a 20-year period, fraud involving mailed ballots has affected 0.00006 percent of individual votes, or one case per state every six or seven years.

Among the billions of votes cast from 2000 to 2012, there were 491 cases of absentee-ballot fraud, according to an investigation conducted at Arizona State University’s journalism schoo

intentional voter fraud is extremely uncommon and rarely organized, according to decades of research.

In June, The Washington Post and the nonprofit Electronic Registration information Center analyzed data from three vote-by-mail states and found 372 possible cases of double voting or voting on behalf of dead people in 2016 and 2018, or 0.0025 percent of the 14.6 million mailed ballots.

Mr. Trump’s effort to discredit mail-in voting follows decades of disinformation about voter impersonation, voting by noncitizens and double voting, often promoted by Republican leaders.

Voting by mail under normal circumstances does not appear to give either major party an advantage, according to a study this spring by Stanford University’s Institute for Economic Policy Research.

But many conservative outlets have promoted the idea that fraud involving mailed ballots could tip the scales in favor of Democrats.

Mr. Stedman said right-leaning outlets sometimes conflated fraud with the statistically insignificant administrative mishaps that occur in every American election

In a similar cycle, the Fox News host Sean Hannity and conservative publications magnified the reach of a deceptive video released last month by Project Veritas, a group run by the conservative activist James O’Keefe. The video claimed without named sources or verifiable evidence that the campaign for Representative Ilhan Omar, a Minnesota Democrat, was collecting ballots illegally.

Stephen J. Stedman, a senior fellow at the Freeman Spogli Institute for International Studies at Stanford, said he thought “about disinformation in this country as almost an information ecology — it’s not an organic thing from the bottom up.”

Breitbart, The Washington Examiner and others amplify false claims of rampant cheating in what a new Harvard study calls a “propaganda feedback loop.”

The Washington Examiner, Breitbart News, The Gateway Pundit and The Washington Times are among the sites that have posted articles with headlines giving weight to the conspiracy theory that voter fraud is rampant and could swing the election to the left, a theory that has been repeatedly debunked by data.

“EXCLUSIVE: California Man Finds THOUSANDS of What Appear to be Unopened Ballots in Garbage Dumpster — Workers Quickly Try to Cover Them Up — We are Working to Verify.” The envelopes turned out to be empty and discarded legally in 2018. Gateway Pundit later updated the headline, but not before its original speculation had gone viral.

Pennsylvania’s elections chief that the discarded ballots were a “bad error” by a seasonal contractor, not “intentional fraud.” Mr. Trump cited the discarded Pennsylvania ballots several times as an example of fraud, including in last month’s presidential debate.

“FEDS: Military Ballots Discarded in ‘Troubling’ Discovery. All Opened Ballots were Cast for Trump.” Headlines on the same issue in The Washington Times were similar: “Feds investigating discarded mail-in ballots cast for Trump in Pennsylvania” and “FBI downplays election fraud as suspected ballot issues found in Pennsylvania, Texas.” A Washington Times opinion piece on the matter had the headline “Trump ballots in trash, oh my.”

“DESTROYED: Tons of Trump mail-in ballot applications SHREDDED in back of tractor-trailer headed for Pennsylvania.” The material was actually printing waste from a direct mail company.

RIGGED ELECTION!” He linked to a Breitbart article that included a transcript of Attorney General William P. Barr’s telling the Fox News host Maria Bartiromo that voting by mail “absolutely opens the floodgates to fraud.”

Beady-eyed readers will note that most of this stuff, apart from Terra-Luna, is in the “on top of” category and not actually on-chain tech. DeFi exchanges and lending protocols have continued to whir even as the enterprises more akin to normal businesses have imploded one by one. But the collapse of these enterprises could imperil the underlying tech by taking out chunks of its value, making the chains more exposed to would-be attackers and pushing miners or stakers to switch off their machines

The value of on-chain activity and tokens is self-reinforcing. The more people that use DeFi, the more valuable Ethereum becomes. The higher the price of ether, the higher the hurdle to attack the blockchain and the more confidence people will have that blockchains will endure

This also works in reverse. The more people shy away from crypto out of fear, the less secure it becomes.

The total market cap of cryptocurrencies is currently $820bn. That is 70% below the peak a year ago, but still high compared with most of crypto’s history.

Many more layers—such as a major stablecoin, big businesses or perhaps other on-chain protocols—would have to unravel to take crypto’s value back to the levels at which it traded just three or four years ago

Although fewer people will use crypto as a result of the ftx collapse, it is very hard to imagine the number will be small enough to take its value to zero. ■

To take out crypto entirely would require killing the underlying blockchain layers. They could either give way first, kicking the stool out from underneath everything else. Or the industry could unravel from the top down, layer by layer like a knitted scarf.

how the industry works. At crypto’s base are blockchains, like Bitcoin and Ethereum, which record transactions verified by computers, a process incentivised by the issuance of new tokens. The Ethereum blockchain validates lines of code, which has made it possible for people to issue their own tokens or build applications

Major chains and a handful of Ethereum-based tokens, like stablecoins, account for about 90% of cryptocurrency value. Big businesses have been built on top of this world, including exchanges, investment funds and lending platforms.

The death of ftx, an exchange declared bankrupt on November 11th after a spectacular blow-up, will encourage some people to turn their attention elsewhere. What would have to happen for everyone to give up?

“Security and privacy have long been top companywide priorities at Twitter,” said Twitter spokeswoman Rebecca Hahn. She said that Zatko’s allegations appeared to be “riddled with inaccuracies” and that Zatko “now appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders.” Hahn said that Twitter fired Zatko after 15 months “for poor performance and leadership.” Attorneys for Zatko confirmed he was fired but denied it was for performance or leadership.

the whistleblower document alleges the company prioritized user growth over reducing spam, though unwanted content made the user experience worse. Executives stood to win individual bonuses of as much as $10 million tied to increases in daily users, the complaint asserts, and nothing explicitly for cutting spam.

Chief executive Parag Agrawal was “lying” when he tweeted in May that the company was “strongly incentivized to detect and remove as much spam as we possibly can,” the complaint alleges.

Zatko described his decision to go public as an extension of his previous work exposing flaws in specific pieces of software and broader systemic failings in cybersecurity. He was hired at Twitter by former CEO Jack Dorsey in late 2020 after a major hack of the company’s systems.

“I felt ethically bound. This is not a light step to take,” said Zatko, who was fired by Agrawal in January. He declined to discuss what happened at Twitter, except to stand by the formal complaint. Under SEC whistleblower rules, he is entitled to legal protection against retaliation, as well as potential monetary rewards.

A person familiar with Zatko’s tenure said the company investigated Zatko’s security claims during his time there and concluded they were sensationalistic and without merit. Four people familiar with Twitter’s efforts to fight spam said the company deploys extensive manual and automated tools to both measure the extent of spam across the service and reduce it.

In 1998, Zatko had testified to Congress that the internet was so fragile that he and others could take it down with a half-hour of concentrated effort. He later served as the head of cyber grants at the Defense Advanced Research Projects Agency, the Pentagon innovation unit that had backed the internet’s invention.

Overall, Zatko wrote in a February analysis for the company attached as an exhibit to the SEC complaint, “Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics.”

Zatko’s complaint says strong security should have been much more important to Twitter, which holds vast amounts of sensitive personal data about users. Twitter has the email addresses and phone numbers of many public figures, as well as dissidents who communicate over the service at great personal risk.

This month, an ex-Twitter employee was convicted of using his position at the company to spy on Saudi dissidents and government critics, passing their information to a close aide of Crown Prince Mohammed bin Salman in exchange for cash and gifts.

Zatko’s complaint says he believed the Indian government had forced Twitter to put one of its agents on the payroll, with access to user data at a time of intense protests in the country. The complaint said supporting information for that claim has gone to the National Security Division of the Justice Department and the Senate Select Committee on Intelligence. Another person familiar with the matter agreed that the employee was probably an agent.

“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” Charles E. Grassley (R-Iowa), the top Republican on the Senate Judiciary Committee,

Many government leaders and other trusted voices use Twitter to spread important messages quickly, so a hijacked account could drive panic or violence. In 2013, a captured Associated Press handle falsely tweeted about explosions at the White House, sending the Dow Jones industrial average briefly plunging more than 140 points.

After a teenager managed to hijack the verified accounts of Obama, then-candidate Joe Biden, Musk and others in 2020, Twitter’s chief executive at the time, Jack Dorsey, asked Zatko to join him, saying that he could help the world by fixing Twitter’s security and improving the public conversation, Zatko asserts in the complaint.

The complaint — filed last month with the Securities and Exchange Commission and the Department of Justice, as well as the FTC — says thousands of employees still had wide-ranging and poorly tracked internal access to core company software, a situation that for years had led to embarrassing hacks, including the commandeering of accounts held by such high-profile users as Elon Musk and former presidents Barack Obama and Donald Trump.

But at Twitter Zatko encountered problems more widespread than he realized and leadership that didn’t act on his concerns, according to the complaint.

Twitter’s difficulties with weak security stretches back more than a decade before Zatko’s arrival at the company in November 2020. In a pair of 2009 incidents, hackers gained administrative control of the social network, allowing them to reset passwords and access user data. In the first, beginning around January of that year, hackers sent tweets from the accounts of high-profile users, including Fox News and Obama.

Several months later, a hacker was able to guess an employee’s administrative password after gaining access to similar passwords in their personal email account. That hacker was able to reset at least one user’s password and obtain private information about any Twitter user.

Twitter continued to suffer high-profile hacks and security violations, including in 2017, when a contract worker briefly took over Trump’s account, and in the 2020 hack, in which a Florida teen tricked Twitter employees and won access to verified accounts. Twitter then said it put additional safeguards in place.

This year, the Justice Department accused Twitter of asking users for their phone numbers in the name of increased security, then using the numbers for marketing. Twitter agreed to pay a $150 million fine for allegedly breaking the 2011 order, which barred the company from making misrepresentations about the security of personal data.

After Zatko joined the company, he found it had made little progress since the 2011 settlement, the complaint says. The complaint alleges that he was able to reduce the backlog of safety cases, including harassment and threats, from 1 million to 200,000, add staff and push to measure results.

But Zatko saw major gaps in what the company was doing to satisfy its obligations to the FTC, according to the complaint. In Zatko’s interpretation, according to the complaint, the 2011 order required Twitter to implement a Software Development Life Cycle program, a standard process for making sure new code is free of dangerous bugs. The complaint alleges that other employees had been telling the board and the FTC that they were making progress in rolling out that program to Twitter’s systems. But Zatko alleges that he discovered that it had been sent to only a tenth of the company’s projects, and even then treated as optional.

“If all of that is true, I don’t think there’s any doubt that there are order violations,” Vladeck, who is now a Georgetown Law professor, said in an interview. “It is possible that the kinds of problems that Twitter faced eleven years ago are still running through the company.”

“Agrawal’s Tweets and Twitter’s previous blog posts misleadingly imply that Twitter employs proactive, sophisticated systems to measure and block spam bots,” the complaint says. “The reality: mostly outdated, unmonitored, simple scripts plus overworked, inefficient, understaffed, and reactive human teams.”

One current and one former employee recalled that incident, when failures at two Twitter data centers drove concerns that the service could have collapsed for an extended period. “I wondered if the company would exist in a few days,” one of them said.

The current and former employees also agreed with the complaint’s assertion that past reports to various privacy regulators were “misleading at best.”

For example, they said the company implied that it had destroyed all data on users who asked, but the material had spread so widely inside Twitter’s networks, it was impossible to know for sure

As the head of security, Zatko says he also was in charge of a division that investigated users’ complaints about accounts, which meant that he oversaw the removal of some bots, according to the complaint. Spam bots — computer programs that tweet automatically — have long vexed Twitter. Unlike its social media counterparts, Twitter allows users to program bots to be used on its service: For example, the Twitter account @big_ben_clock is programmed to tweet “Bong Bong Bong” every hour in time with Big Ben in London. Twitter also allows people to create accounts without using their real identities, making it harder for the company to distinguish between authentic, duplicate and automated accounts.

In the complaint, Zatko alleges he could not get a straight answer when he sought what he viewed as an important data point: the prevalence of spam and bots across all of Twitter, not just among monetizable users.

Zatko cites a “sensitive source” who said Twitter was afraid to determine that number because it “would harm the image and valuation of the company.” He says the company’s tools for detecting spam are far less robust than implied in various statements.

The complaint also alleges that Zatko warned the board early in his tenure that overlapping outages in the company’s data centers could leave it unable to correctly restart its servers. That could have left the service down for months, or even have caused all of its data to be lost. That came close to happening in 2021, when an “impending catastrophic” crisis threatened the platform’s survival before engineers were able to save the day, the complaint says, without providing further details.

The four people familiar with Twitter’s spam and bot efforts said the engineering and integrity teams run software that samples thousands of tweets per day, and 100 accounts are sampled manually.

Some employees charged with executing the fight agreed that they had been short of staff. One said top executives showed “apathy” toward the issue.

Zatko’s complaint likewise depicts leadership dysfunction, starting with the CEO. Dorsey was largely absent during the pandemic, which made it hard for Zatko to get rulings on who should be in charge of what in areas of overlap and easier for rival executives to avoid collaborating, three current and former employees said.

For example, Zatko would encounter disinformation as part of his mandate to handle complaints, according to the complaint. To that end, he commissioned an outside report that found one of the disinformation teams had unfilled positions, yawning language deficiencies, and a lack of technical tools or the engineers to craft them. The authors said Twitter had no effective means of dealing with consistent spreaders of falsehoods.

Dorsey made little effort to integrate Zatko at the company, according to the three employees as well as two others familiar with the process who spoke on the condition of anonymity to describe sensitive dynamics. In 12 months, Zatko could manage only six one-on-one calls, all less than 30 minutes, with his direct boss Dorsey, who also served as CEO of payments company Square, now known as Block, according to the complaint. Zatko allegedly did almost all of the talking, and Dorsey said perhaps 50 words in the entire year to him. “A couple dozen text messages” rounded out their electronic communication, the complaint alleges.

Faced with such inertia, Zatko asserts that he was unable to solve some of the most serious issues, according to the complaint.

Some 30 percent of company laptops blocked automatic software updates carrying security fixes, and thousands of laptops had complete copies of Twitter’s source code, making them a rich target for hackers, it alleges.

A successful hacker takeover of one of those machines would have been able to sabotage the product with relative ease, because the engineers pushed out changes without being forced to test them first in a simulated environment, current and former employees said.

“It’s near-incredible that for something of that scale there would not be a development test environment separate from production and there would not be a more controlled source-code management process,” said Tony Sager, former chief operating officer at the cyberdefense wing of the National Security Agency, the Information Assurance divisio

Sager is currently senior vice president at the nonprofit Center for Internet Security, where he leads a consensus effort to establish best security practices.

The complaint says that about half of Twitter’s roughly 7,000 full-time employees had wide access to the company’s internal software and that access was not closely monitored, giving them the ability to tap into sensitive data and alter how the service worked. Three current and former employees agreed that these were issues.

“A best practice is that you should only be authorized to see and access what you need to do your job, and nothing else,” said former U.S. chief information security officer Gregory Touhill. “If half the company has access to and can make configuration changes to the production environment, that exposes the company and its customers to significant risk.”

The complaint says Dorsey never encouraged anyone to mislead the board about the shortcomings, but that others deliberately left out bad news.

When Dorsey left in November 2021, a difficult situation worsened under Agrawal, who had been responsible for security decisions as chief technology officer before Zatko’s hiring, the complaint says.

An unnamed executive had prepared a presentation for the new CEO’s first full board meeting, according to the complaint. Zatko’s complaint calls the presentation deeply misleading.

The presentation showed that 92 percent of employee computers had security software installed — without mentioning that those installations determined that a third of the machines were insecure, according to the complaint.

Another graphic implied a downward trend in the number of people with overly broad access, based on the small subset of people who had access to the highest administrative powers, known internally as “God mode.” That number was in the hundreds. But the number of people with broad access to core systems, which Zatko had called out as a big problem after joining, had actually grown slightly and remained in the thousands.

The presentation included only a subset of serious intrusions or other security incidents, from a total Zatko estimated as one per week, and it said that the uncontrolled internal access to core systems was responsible for just 7 percent of incidents, when Zatko calculated the real proportion as 60 percent.

Zatko stopped the material from being presented at the Dec. 9, 2021 meeting, the complaint said. But over his continued objections, Agrawal let it go to the board’s smaller Risk Committee a week later.

Agrawal didn’t respond to requests for comment. In an email to employees after publication of this article, obtained by The Post, he said that privacy and security continues to be a top priority for the company, and he added that the narrative is “riddled with inconsistences” and “presented without important context.”

On Jan. 4, Zatko reported internally that the Risk Committee meeting might have been fraudulent, which triggered an Audit Committee investigation.

Agarwal fired him two weeks later. But Zatko complied with the company’s request to spell out his concerns in writing, even without access to his work email and documents, according to the complaint.

Since Zatko’s departure, Twitter has plunged further into chaos with Musk’s takeover, which the two parties agreed to in May. The stock price has fallen, many employees have quit, and Agrawal has dismissed executives and frozen big projects.

Zatko said he hoped that by bringing new scrutiny and accountability, he could improve the company from the outside.

“I still believe that this is a tremendous platform, and there is huge value and huge risk, and I hope that looking back at this, the world will be a better place, in part because of this.”

there is a world of content out there that has not been watermarked, which is done by adding imperceptible information to a digital file so that its provenance can be traced. Once watermarking at creation becomes widespread, and people adapt to distrust content that is not watermarked, then everything produced before that point in time can be much more easily called into question.

countering them is much harder when the cost of creating near-perfect fakes has been radically reduced.

There are many examples of how economic and political powers manipulated the historical record to their own ends. Stalin purged disloyal comrades from history by executing them — and then altering photographic records to make it appear as if they never existed

Slovenia, upon becoming an independent country in 1992, “erased” over 18,000 people from the registry of residents — mainly members of the Roma minority and other ethnic non-Slovenes. In many cases, the government destroyed their physical records, leading to their loss of homes, pensions, and access to other services, according to a 2003 report by the Council of Europe Commissioner for Human Rights.

The infamous Protocols of the Elders of Zion, first published in a Russian newspaper in 1903, purported to be meeting minutes from a Jewish conspiracy to control the world. First discredited in August 1921, as a forgery plagiarized from multiple unrelated sources, the Protocols featured prominently in Nazi propaganda, and have long been used to justify antisemitic violence, including a citation in Article 32 of Hamas’s 1988 founding Covenant.

In 1924, the Zinoviev Letter, said to be a secret communiqué from the head of the Communist International in Moscow to the Communist Party of Great Britain to mobilize support for normalizing relations with the Soviet Union, was published by The Daily Mail four days before a general election. The resulting scandal may have cost Labour the election.

As it becomes easier to generate historical disinformation, and as the sheer volume of digital fakes explodes, the opportunity will become available to reshape history, or at least to call our current understanding of it into question.

Decades later Operation Infektion — a Soviet disinformation campaign — used forged documents to spread the idea that the United States had invented H.I.V., the virus that causes AIDS, as a biological weapon.

Fortunately, a path forward has been laid by the same companies that created the risk.

In indexing a large share of the world’s digital media to train their models, the A.I. companies have effectively created systems and databases that will soon contain all of humankind’s digitally recorded content, or at least a meaningful approximation of it.

They could start work today to record watermarked versions of these primary documents, which include newspaper archives and a wide range of other sources, so that subsequent forgeries are instantly detectable.

many of the intellectual property concerns around providing a searchable online archive do not apply to creating watermarked and time-stamped versions of documents, because those versions need not be made publicly available to serve their purpose. One can compare a claimed document to the recorded archive by using a mathematical transformation of the document known as a “hash,” the same technique the Global Internet Forum to Counter Terrorism, uses to help companies screen for known terrorist content.

creating verified records of historical documents can be valuable for the large A.I. companies. New research suggests that when A.I. models are trained on A.I.-generated data, their performance quickly degrades. Thus separating what is actually part of the historical record from newly created “facts” may be critical.

Preserving the past will also mean preserving the training data, the associated tools that operate on it and even the environment that the tools were run in.

Such a vellum will be a powerful tool. It can help companies to build better models, by enabling them to analyze what data to include to get the best content, and help regulators to audit bias and harmful content in the models

The one thing I never lost, in a way that somebody like L.B.J. might have — who was hungry for the office in a way that I wasn’t — is my confidence that, with my last breath, what I will remember will be some moment with my girls, not signing the health care law or giving a speech at the U.N.

What’s felt like a burden is seeing how politics has changed in ways that make it harder for Washington to work. There are a set of traditions, a constitutional design that allows someone like L.B.J. or F.D.R. to govern. And when those norms break down, the machinery grinds to a halt. That’s when you feel burdened

if you had to choose a moment in human history to live — even if you didn’t know what gender or race, what nationality or sexual orientation you’d be — you’d choose now. There’s power in nostalgia, but the fact is the world is wealthier, healthier, better educated, less violent, more tolerant, more socially conscious and more attentive to the vulnerable than it has ever bee

I’m old enough to remember the ’70s, when we were still getting out of Vietnam, and we had lost tens of thousands of young soldiers. And when they came back home, they were completely abandoned. We left an entire swath of Southeast Asia in chaos. In Cambodia, two million people were slaughtered — about four times the number of people who have been killed in Syria during this conflict. But we don’t remember that.

it’s true that the political landscape has changed in ways that are really unhealthy. But there are fewer lubricants to get things done. L.B.J. did great things, but he also relied on bagmen and giving them favors for which I would be in jail or impeached. People are surprised when I say that Congress is less corrupt now than it’s ever been.

my optimism springs from the fact that ordinary people are less narrow-minded, more open to difference, more thoughtful than they were during L.B.J.’s time. The question for me is how do I grab hold of that goodness that’s out there and drag it into the political process? I think it requires some new institutional structure for more citizen participation than we’ve had in the past.

The one area that I do feel confident about is the notion of an inclusive nation, that everybody is part of this story. That’s a running theme I’ve been faithful to throughout my presidency.

never underrate the power of stories. Lyndon Johnson got the Civil Rights Act done because of the stories he told and the ones [Martin Luther] King told. When L.B.J. says, “We shall overcome” in the chamber of the House of Representatives, he is telling the nation who we are. Culture is vital in shaping our politics. Part of what I’ve always been interested in as president, and what I will continue to be interested in as an ex-president, is telling better stories about how we can work together.

In November, four policemen at a checkpoint in Cairo were killed in a gun attack that was also claimed by the Islamic State

Mr. Sisi’s popularity has also been damaged by public anger over repeated episodes of police brutality, often over trivial matters, that have resulted in the death of ordinary citizens.

The furor over the arrests, which built steadily during the week, was due to be debated in the Egyptian Parliament on Sunday, the state Al Ahram newspaper reported on its website. M

Now, says Stengel, social media give everyone the opportunity to construct their own narrative of reality

, the problems of today’s information-saturated society would have been unimaginable for Marshall, who lived at a time when information was scarce and precious and when openness brought change.

Stengel argues that the U.S. government should sometimes protect citizens by exposing “weaponized information, false information” that is polluting the ecosystem. But ultimately, the defense of truth must be independent of a government that many people mistrust. “There are inherent dangers in having the government be the verifier of last resort,”

“They’re not trying to say that their version of events is the true one. They’re saying: ‘Everybody’s lying! Nobody’s telling you the truth!’ ”

For a Russian leadership schooled on KGB tactics, Pomerantsev argues, “It’s not an information war. It’s a war on information.”

“The central insight was that we’re not the best messenger for our message,” Stengel explains, “because in the post-truth world, the people we’re trying to reach automatically question anything from the U.S. government.

“They don’t have a candidate, per se. But they want to undermine faith in democracy, faith in the West.” In the cyber-propagandists’ atomized, construct-your-own-narrative world, agreement on a common framework of factual evidence can become almost impossible.

How should citizens who want a fact-based world combat this assault on truth? Stengel has approved State Department programs that teach investigative reporting and empower truth-tellers, but he’s right that this isn’t really a job for Uncle Sam

The best hope may be the global companies that have created the social-media platforms. “They see this information war as an existential threat,” says Stengel. The tech companies have made a start: He says Twitter has removed more than 400,000 accounts, and YouTube daily deletes extremist videos.

The real challenge for global tech giants is to restore the currency of truth.

Perhaps “machine learning” can identify falsehoods and expose every argument that uses them. Perhaps someday, a human-machine process will create what Stengel describes as a “global ombudsman for information.”

right now, the truth is losing.

Which side will America’s next president take in the war on information?

Pleas for help from eastern Aleppo escalated on Thursday, with doctors warning that they could no longer provide more than first aid

Mr. Assad told Al Watan, a pro-government newspaper, that victory in Aleppo “doesn’t mean the end of the war in Syria. It is a significant landmark toward the end of the battle, but the war in Syria will not end until terrorism is eliminated,” he said, referring to insurgents

Bombs containing chlorine, banned as a weapon by international law, fell on the front line near the Kalasseh neighborhood, sickening about 30 people, the White Helmets said.

and that now the United States and Russia, as well as the Syrian combatants, could not agree on a plan to deliver aid and evacuate civilians who want to leave

Russia’s Foreign Ministry issued an angry and sarcastic response to a statement from six Western countries a day earlier that had warned of a humanitarian catastrophe in Aleppo. The ministry said that Russia was providing aid to residents it said had

Led by Canada, the United Nations General Assembly is scheduled to vote on a draft resolution that calls for a “cessation of hostilities” for an undefined period of time and that allows humanitarian aid to be delivered. It would have no force of law.

“My real goal, though,” he added, “is to change just one government department and how it does business.” That is what happened in Bangalore, where Bhaskar Rao, the transport commissioner for the state of Karnataka, used the data collected on I Paid a Bribe to push through reforms in the motor vehicle department.

Mr. King said the sites also were likely to have a deterrent effect that was difficult to measure. “As the information because more public over time and awareness of such reporting grows,” he said, “I suspect those who might have been tempted to engage in this type of corruption are less likely to because the risk of being caught is much greater.”