| 15:29 : kushal |
#startclass
|
| 15:29 : |
Roll Call
|
| 15:29 : shiva |
Shiva Saxena
|
| 15:29 : cypher01 |
Naman Sharma
|
| 15:29 : storymode7 |
Mayank Singhal
|
| 15:29 : prodyte |
Pawan
|
| 15:29 : mzeeqazi |
Muhammad Zeeshan Qazi
|
| 15:29 : sehenaz |
Sehenaz Parvin
|
| 15:29 : prakhar_s |
prakhar_s
|
| 15:29 : bhavin192 |
Bhavin Gandhi
|
| 15:29 : sd30 |
Shruti Dash
|
| 15:29 : VirtualRcoder |
Shubham Sharma
|
| 15:29 : j605 |
Jagannathan Tiruvallur Eachambadi
|
| 15:29 : priyankasaggu119 |
Priyanka Saggu
|
| 15:29 : nimisha_1997 |
Nimisha C P
|
| 15:29 : ash_mishra |
Ashish Kumar Mishra
|
| 15:29 : kvy |
Kumar Vipin Yadav
|
| 15:29 : __rex__ |
Rakshit Airani
|
| 15:29 : prakhar_s |
prakhar dev singh
|
| 15:29 : ann |
Anu Kumari Gupta
|
| 15:29 : jasonbraganza |
Jason Braganza
|
| 15:29 : avik |
Avik Mukherjee
|
| 15:29 : championshuttler |
Shivam Singhal
|
| 15:29 : nightwarriorxxx[ |
Aman verma
|
| 15:29 : BhaveshSGupta[m] |
Bhavesh Gupta
|
| 15:29 : thegeekbong |
Prajit Mukherjee
|
| 15:30 : Shaikh_farhan |
Shaikh_Farhan
|
| 15:30 : philomath |
Mohit Bansal
|
| 15:30 : sarthak_ag13 |
sarthak agrawal
|
| 15:30 : vshuklajr |
Vivek Shukla
|
| 15:30 : ananyo |
Ananyo Maiti
|
| 15:30 : callowidealist |
Jitendra KUmar Tripathi
|
| 15:30 : sahil_ |
sahil
|
| 15:30 : devesh_verma |
Devesh Verma
|
| 15:30 : kushal |
Anyone else?
|
| 15:31 : |
redshiftzero, welcome to dgplug :)
|
| 15:31 : |
redshiftzero, stage is yours :)
|
| 15:31 : redshiftzero |
thanks @kushal :)
|
| 15:31 : Sarques |
Gajendra Saraswat
|
| 15:31 : redshiftzero |
cool cool, well hi everyone! my name is jennifer helsby, and i'm currently the lead dev of the securedrop whistleblowing platform at freedom of the press foundation
|
| 15:32 : |
i'm also the CTO for lucy parsons labs (https://lucyparsonslabs.com) which is a 501c3 non profit that does investigative journalism and police accountability work
|
| 15:32 : |
previously i worked for data science for social good (which is a great fellowship to apply to if you're interested in data science!) which i came into after a PhD in astrophysics
|
| 15:33 : |
anyway, just saying all that so y'all can ask questions about any of that which is interesting to you
|
| 15:33 : |
please ask questions! happy to discuss / elaborate on any of the above
|
| 15:33 : kushal |
!
|
| 15:34 : redshiftzero |
next
|
| 15:34 : prakhar_s |
hello everyone. i am new here. i wanted to discuss about data science
|
| 15:34 : rishibit |
prakhar_s, session is going on, type ! to ask question
|
| 15:34 : jasonbraganza |
prakhar_s, we’re in a session right now. ask away once we’re done, ok?
|
| 15:34 : kushal |
redshiftzero, Can you please tell us about how did you moved into programming and security and activism from academics?
|
| 15:35 : prakhar_s |
!
|
| 15:35 : redshiftzero |
yep sure! so during my PhD i became increasingly interested in doing work that had more direct impacts in people's lives
|
| 15:35 : __rex__ |
!
|
| 15:36 : redshiftzero |
i got started by going to demonstrations, meeting people, and then doing digital security trainings
|
| 15:36 : |
the people i met during those years i actually ended up co-founding lucy parsons labs with
|
| 15:37 : |
in terms of migrating to security from astrophysics, i had been focused on computational work throughout my career in physics (e.g. i was a linux cluster admin during undergrad)
|
| 15:38 : |
i used data science as a sneaky way to do a postdoc in computer science and go to e.g. security research group meetings over in the CS department to get familiar with the area
|
| 15:38 : |
from there i did a fellowship program sponsored by ford foundation and mozilla that helped me transition into doing "activism" work full time
|
| 15:39 : |
that program is here btw for anyone that is interested to apply, i highly recommend it: https://advocacy.mozilla.org/en-US/open-web-fellows/overview
|
| 15:39 : |
next
|
| 15:40 : kushal |
redshiftzero, you can skip to the next it the user takes time to type.
|
| 15:41 : redshiftzero |
but what if it's a really long question? ;-)
|
| 15:41 : |
ok sorry prakhar_s!
|
| 15:41 : prabhuss |
!
|
| 15:41 : kushal |
redshiftzero, you will answer after the user types it in :)
|
| 15:41 : prakhar_s |
! i wanted to ask that how should an undergrad like me without having any "degree" in data science go about finding some substantial internships?
|
| 15:41 : redshiftzero |
next
|
| 15:41 : __rex__ |
Could you tell us more about your work of applying machine learning methods to problems in public policy while you were at the University of Chicago ?
|
| 15:41 : rishibit |
!
|
| 15:43 : redshiftzero |
so prakhar_s: well, i would start by practicing a bit and making that code publically available. when i would review applicants for data science for social good, if i saw that someone had for example tried their hand at kaggle competitions (kaggle.com) that was definitely a positive
|
| 15:45 : |
you might have a group at your university that you can offer to do e.g. data cleaning, ETL work for to get experience. for example at university of chicago when i was a postdoc we had undergrads that would do this kind of work part time during their studies
|
| 15:46 : |
__rex__: the approach that data science for social good takes is working in partnership with non profits and government agencies that have a lot of data and want to use it to improve what they do
|
| 15:47 : prakhar_s |
!
|
| 15:47 : redshiftzero |
the project i spent the most time working on was a predictive system that used supervised learning to predict which officers in a police department are at the highest risk for an adverse interaction with a member of the public
|
| 15:48 : |
this was done in partnership with police departments using their internal data, and is now deployed in one department so far, where it's used as an internal early intervention system to flag officers who are at high risk and then target interventions to them (e.g. additional training, counseling, etc.) to ideally prevent these incidents before they occur
|
| 15:49 : |
next
|
| 15:49 : prabhuss |
Since you are working on surveillance, how do you think people can bypass the NSA surveillance?
|
| 15:49 : brute4s99 |
!
|
| 15:50 : j605 |
!
|
| 15:51 : redshiftzero |
well i think for most people the NSA might not be the adversary that is most concerning (e.g. one is far more likely to have an interaction with local law enforcement)
|
| 15:52 : |
that said, if you have not been targeted by NSA (this is most people), then taking actions using encryption as much as possible certainly can protect the content of your communications: e.g. using HTTPS as much as possible (https://www.eff.org/https-everywhere)
|
| 15:52 : prakhar_s |
!
|
| 15:53 : redshiftzero |
for more on how to protect yourself against surveillance generally, i recommend these guides which the EFF is keeping up to date on how to think rationally about the threats you face online and how to defend yourself: https://ssd.eff.org/
|
| 15:53 : |
next
|
| 15:54 : rishibit |
redshiftzero, what's your work being SecureDrop developer/FPF Staff?
|
| 15:55 : prakhar_s |
redshiftzero:How can I make an impact in the field of physics/astrophysics using machine learning/AI
|
| 15:55 : kushal |
prakhar_s, next time you ask out of turn and you will be kicked out.
|
| 15:55 : redshiftzero |
sure, so day to day my work is mostly writing code and reviewing the code of others on my team or open source contributors.
|
| 15:56 : |
it also involves some threat modeling: thinking rationally about the threats to the system, and determining where engineering effort should be allocated in order to reduce total risk to users
|
| 15:56 : brute4s99 |
.
|
| 15:57 : redshiftzero |
there are so many possible ways to attack a system that deciding which threats to mitigate is an important strategic choice that we attempt to make in a rigorous manner by mitigating the simplest threats to exploit first
|
| 15:58 : ananyo |
!
|
| 15:59 : redshiftzero |
finally, i do a lot of writing in tickets how i think the system should function from my perspective and discussing with others like @kushal on my team to figure out the best way forward in terms of security and maintainability
|
| 16:00 : |
prakhar_s: unfortunately for the most part, doing research work in physics/astrophysics generally does require a PhD, but you can always offer to volunteer as a student with research groups at a university to get experience
|
| 16:01 : |
(i do highly recommend doing a PhD if one is very interested in physics, i really loved my time in graduate school)
|
| 16:01 : |
next
|
| 16:01 : |
next
|
| 16:01 : brute4s99 |
Good day to you, redshiftzero! Thank you for this session! I apologize I'm late to the session. I wished to ask how difficult is it to become a Data Scientist in an esteemed company?
|
| 16:03 : vishalIRC |
!
|
| 16:04 : redshiftzero |
hey no worries, thanks for joining. getting most jobs is not really that hard if you are willing to be dedicated to study and practice (which is actually fun if you find the topic interesting). there are so many opportunities to volunteer on open source projects or for civic technology projects that it's easier than ever to get experience on real world data
|
| 16:05 : |
even on the research side, getting proficient at it is really largely a matter of at first reading a bunch of papers and reimplementing results
|
| 16:06 : |
once you read like 15 papers on a given area, you start thinking "now a cool extension of this work would be to do X", bam you are a researcher ;-)
|
| 16:06 : jasonbraganza |
!
|
| 16:06 : brute4s99 |
oh okay. So perseverance is the trick. Thank you, redshiftzero. :)
|
| 16:06 : redshiftzero |
next
|
| 16:06 : prakhar_s |
!
|
| 16:06 : j605 |
are you also petitioning to get more data out of government organizations? Given that US federally publishes a lot of data, are they being analyzed by organizations like yours?
|
| 16:08 : redshiftzero |
great question, so you are totally right that is a lot of open data published by the federal government, along with many states and cities. but for the most part, no government body is going to publish data that exposes fraud, misconduct, abuse in their organization
|
| 16:09 : |
organizations like lucy parsons labs do use some of this data when analyzing government agencies: for example, many cities publish a list of all employees and their salaries which is a very useful linking dataset
|
| 16:10 : |
that said the primary way we get data of interest is through public records laws like the Freedom of Information Act (FOIA), which requires the government to provide records in response to specific requests
|
| 16:10 : |
so we write a request: the agency either complies and provides the records or we sue them
|
| 16:11 : j605 |
are there cases where the government can legally reject such requests?
|
| 16:12 : redshiftzero |
some things are withheld from FOIA, for example some states including california do not allow a police officer's personnel record to be released
|
| 16:12 : |
the only way we can get this information is if someone leaks it
|
| 16:12 : philomath |
!
|
| 16:12 : redshiftzero |
which we encourage. lucy parsons labs also runs SecureDrop so we can safely get information out if people on the inside want to leak it
|
| 16:12 : |
next
|
| 16:13 : ananyo |
redshiftzero, How do you get started to be a Security Engineer? What type of problems should one solve to be better able to do threat modeling? Also what Subjects/topics should one have good grip on ?
|
| 16:13 : redshiftzero |
great question: so there's a great blog i came across recently on this which has some good advice: https://medium.com/@niruragu/so-you-want-to-be-a-security-engineer-d8775976afb7
|
| 16:14 : |
for threat modeling, i recommend reading Shostak's Threat Modeling
|
| 16:15 : |
generally for managing a project that is security centric, i recommend "agile application security" and microsoft's SDLC books
|
| 16:15 : prabhuss |
!
|
| 16:16 : redshiftzero |
in terms of practicing breaking systems, i'd get some friends together and do some CTFs: https://ctftime.org/
|
| 16:16 : |
next
|
| 16:16 : vishalIRC |
Hi redshiftzero, having learnt Data Science from scratch, would you recommend someone else to do the same without going through grad school? If so how sholud one proceed?
|
| 16:16 : ananyo |
redshiftzero, Thanks for the resources will go through them
|
| 16:18 : redshiftzero |
well obviously i'm biased ;), but i think it is useful to do formal(ish) education to learn e.g. linear algebra, probability theory, which to get a real understanding of what is going on is very important
|
| 16:18 : |
(doesn't need to be grad school)
|
| 16:19 : |
that said, doing enough self study to get into an organization that has solid data science chops and then learning everything that you can is the best path
|
| 16:19 : |
next
|
| 16:19 : jasonbraganza |
Between you and Freddy, whose idea was it to call it the Lucy Parsons Labs. I read about her and she’s awesome! Also why Labs and not foundation? Because you create discrete projects? Also how do you sustain yourself? Donations primarily?
|
| 16:19 : vishalIRC |
ok, thanks redshiftzero!
|
| 16:20 : jasonbraganza |
Also, do you find kushal as awesome as we do? :P
|
| 16:20 : redshiftzero |
haha the name was freddy's idea ;-) lucy parsons is indeed awesome. we called it labs because we wanted it to be pretty tech focused (kind of like citizen lab, another great org), also because we're not providing funds to anyone else which might be confusing for people
|
| 16:21 : |
in terms of funding, we have a little money from shuttleworth foundation but otherwise fund the organization through donations
|
| 16:21 : |
we have no full time staff, it's all volunteer right now
|
| 16:21 : |
and heck yea we <3 kushal :-)
|
| 16:21 : |
next
|
| 16:21 : prakhar_s |
redshiftzero:In order to do Phd in physics,how difficult would it be to make a transition from Computer Science(my current area of study) to core Physics?
|
| 16:21 : jasonbraganza |
thank you :)
|
| 16:22 : |
!
|
| 16:22 : redshiftzero |
not hard at all, there are lots of problems where a CS background is actually really helpful in physics. for example, i worked on a large sky survey that was basically making a high resolution map of the universe, and data management was a significant focus of that work
|
| 16:23 : |
it does mean you have to take classes that are the equivalent of a physics undergrad
|
| 16:23 : |
next
|
| 16:23 : philomath |
I looked through 'stingray investigation' project but was unable to see the source code of project. Can you please elaborate a little about the project? Also, I found the objective is similar to seaglass project (https://github.com/seaglass-project/seaglass).
|
| 16:25 : redshiftzero |
yep so as background stingrays are fake cell towers for intercepting cellphone traffic. LPL never actually successfully scanned for the presence of stingrays (which that seaglass project does), our work was demonstrating that the chicago police department had bought them, used money they basically stole from citizens to do so, and they were not getting warrants for their use
|
| 16:26 : |
in the aftermath of all that it became illegal in the state for the police to use these devices without a warrant
|
| 16:26 : |
which was a pretty rad outcome
|
| 16:26 : |
next
|
| 16:26 : prabhuss |
How do you connect with people on the inside of an organization who want to leak data? Isn't there job is at risk in doing that?
|
| 16:26 : philomath |
redshiftzero, Oh, got it. Thanks :)
|
| 16:27 : kushal |
This is the last question for tonight.
|
| 16:27 : |
We will get redshiftzero once again later sometime :)
|
| 16:28 : redshiftzero |
there is definitely risk in doing so, we have spent a lot of time discussing how to reach out to them, which we don't do a ton except if we're in 1:1 conversation we can mention that we accept leaks and will protect their identity. i have business cards that have the securedrop instructions on the back for this purpose
|
| 16:28 : jasonbraganza |
darn it! so close!
|
| 16:28 : kushal |
I am ending the session now
|
| 16:28 : redshiftzero |
other organizations that get leaks will do more active outreach: e.g. there is an org that uses securedrop that for a while had a billboard outside the department of defense
|
| 16:28 : |
thanks everyone!
|
| 16:28 : jasonbraganza |
thank you for having us redshiftzero :)
|
| 16:28 : kushal |
redshiftzero, Thank you once again :)
|
| 16:29 : rishibit |
redshiftzero, great session, thank you :)
|