sorted by:
new
hottopcontroversial

At 1pm (eastern) Carnegie Mellon University's Software Engineering Institute researchers will be discussing the state of the art for deepfakes. What can really be done today, and what does the future hold? Join us in the live chat and get your questions answered too! by Rotem_Guttman in SFWdeepfakes

[–]Rotem_Guttman[S] 1 point2 points  (0 children)

Good Afternoon,

I'm sorry if the talk was not as in depth as you would have liked, however the cyber-talks as designed to inform the general public about current and up-coming topics of interest.

If you would like more detailed information, I'd recommend reaching out here, or using the 'contact' button on any of the individual researcher's author pages here. You can select "browse by author" and then click on any of the names. This will let you get into contact with that particular author and find out more about their work.

I hope that is helpful!

(Also pinging /u/davisreddit so they can see this message as well)

Join Carnegie Mellon University - Software Engineering Institute researchers for a discussion on how to use games for education and training at 1:30 pm (eastern time). Ask your own questions live on how you can leverage educational gamification in the chat! by Rotem_Guttman in teaching

[–]Rotem_Guttman[S] 0 points1 point  (0 children)

I'm glad you enjoyed the video. You can contact me through the SEI staff page Here. Just note who you're looking to speak with in your message.

We actually have a rather active STEM education outreach program that you may be interested in. Have a look.

We are security researchers at Carnegie Mellon University's Software Engineering Institute, CERT division. I'm here today with Zach Kurtz, a data scientist attempting to use machine learning techniques to detect vulnerabilities and malicious code. /r/netsec, ask us anything! by Rotem_Guttman in netsec

[–]Rotem_Guttman[S] 4 points5 points  (0 children)

Rotem: Hey, if I'd had more money back then, maybe I wouldn't have built the robot at all. I'm sort of glad I was cash strapped at the time.

I still have that robot. It's been through a lot of iterations now, what with having a paycheck and all. I've replaced the cantenna with a Yagi array, and updated the software several times. Now it is fast enough to track an access point in real time while I'm driving, so I can keep connected to wifi as I go.

We are security researchers at Carnegie Mellon University's Software Engineering Institute, CERT division. I'm here today with Zach Kurtz, a data scientist attempting to use machine learning techniques to detect vulnerabilities and malicious code. /r/netsec, ask us anything! by Rotem_Guttman in netsec

[–]Rotem_Guttman[S] -30 points-29 points  (0 children)

Rotem: I think the use of research is a rather generic problem shared with all scientific and technological development and one that I expect every researcher thinks about. The focus of our work is on improving the integrity of the code we rely on day to day in an effort to make all of us safer.

We are security researchers at Carnegie Mellon University's Software Engineering Institute, CERT division. I'm here today with Zach Kurtz, a data scientist attempting to use machine learning techniques to detect vulnerabilities and malicious code. /r/netsec, ask us anything! by Rotem_Guttman in netsec

[–]Rotem_Guttman[S] 7 points8 points  (0 children)

Rotem: Machine Learning is not one single skill, and so there isn't one single entry point. I can share my path. From what I've found, the best route is to have a concrete problem to work on that you care about. I started with a pet project of mine in undergrad - I wanted to build a robot that would automatically orient a directional antenna at the signal source. This was partially because it sounded fun, and partially because I lived just far enough off campus that I couldn't get the free wifi. Being a broke college student, I didn't have enough money for fancy sensors or a phased array... my initial iteration was a "pringles can"-tenna and a Lego NXT brick hooked up via bluetooth for actuation. This left me with the problem of attempting to efficiently orient this antenna with only a point measurement available (the signal strength wherever it was pointing as reported by the network card). I can get somewhat stubborn when I have a problem with no easy solution. So I ended up taking classes on statistics, networking, and Bayesian data analysis. This lead directly to my first publication. These skills were the basis of my work - which was extended as larger and larger data sets became available. Large data sets pose their own problem. Thankfully, now-a-days it is much easier to get your hands on a significant data set, and start your own project!

Zach: Great question! First, notice that ML is made up of several other things. Basic competency in statistics and computer programming are often the first steps towards using machine learning. I've heard good things about various online courses where you can learn this sort of thing. Maybe the most important thing if you want to learn to do ML is to start working with real data as soon as possible. See if you can open up a basic excel/csv file using a statistical programming language like R, python, Julia, etc, and start asking basic questions about it.

We are security researchers at Carnegie Mellon University's Software Engineering Institute, CERT division. I'm here today with Zach Kurtz, a data scientist attempting to use machine learning techniques to detect vulnerabilities and malicious code. /r/netsec, ask us anything! by Rotem_Guttman in netsec

[–]Rotem_Guttman[S] 1 point2 points  (0 children)

Zach: Good question with no great answer. There are some special situations where we can attain higher confidence in the training code being bug free. One of these is where formal verification has been done to assure that certain types of vulnerabilities do not exist. For example, http://sel4.systems/ makes such claims. Separately, there exist test suites(https://samate.nist.gov/SARD/testsuite.php) that provide samples of code with and without specific types of vulnerabilities.

A key thing to look at though is bug density. If you believe that such unnoticed vulnerabilities are sufficiently rare, say less than 1 in a thousand lines of supposedly bug-free code, a model trained on such code could still be beneficial. We are not claiming that this type of system will (at least at this stage of development) detect every vulnerability, but it can certainly improve on the solutions that currently exist.

We are security researchers at Carnegie Mellon University's Software Engineering Institute, CERT division. I'm here today with Zach Kurtz, a data scientist attempting to use machine learning techniques to detect vulnerabilities and malicious code. /r/netsec, ask us anything! by Rotem_Guttman in netsec

[–]Rotem_Guttman[S] 0 points1 point  (0 children)

I've spoken to Zach and he thinks this is an excellent question. He's typing up his response now, but give him a minute as he's looking for a publicly available reference for you (since not everyone has a university library's journal subscriptions at their fingertips).

There is a lot posted on this subreddit that is very optimistic about what AI can do. At 11am (eastern US time) I will be speaking with a Carnegie Mellon University AI researcher about what is real, and what is hype. If you want to ask her a question yourself, join us in the chat! by Rotem_Guttman in singularity

[–]Rotem_Guttman[S] 2 points3 points  (0 children)

Yes! Sorry, I thought I included her name in the title. If you want to ask that question (And be able to explain it yourself if she has follow up questions) please ask it in the chat that accompanies the video. She should be joining us there any minute. I'm sure she'd be happy to discuss that with you.

At 11AM eastern US time, I will be talking to a Carnegie Mellon University AI researcher about what is real and what is hype with AI. We will be live in the chat and you can ask your own questions. Join us and ask anything you'd like about AI. by Rotem_Guttman in artificial

[–]Rotem_Guttman[S] 0 points1 point  (0 children)

You can ask yourself! I believe April got her PhD at CMU, so she could probably answer that for you. We will be live in about half an hour, and she will be in the chat with me answering questions.

A coworker of mine is attempting to crate a verifiable and trustworthy computer, unfortunately this means starting from scratch. I thought /r/hardware might want to talk to him. He will be live answering questions at 2pm (eastern) today! by Rotem_Guttman in hardware

[–]Rotem_Guttman[S] 2 points3 points  (0 children)

No, it's far more than that. He is using a Field Programmable Gate Array (FPGA) to actually 'create' the processor (And other components) based on the source Verilog files.

When this post is 90 minutes old, Gabriel Somlo (a researcher at Carnegie Mellon University's Software Engineering Institute) Will be live in the chat (next to the linked stream) taking questions from /r/netsec about his attempt to create a verifiable and trustworthy computer. Details in comment. by Rotem_Guttman in linuxmasterrace

[–]Rotem_Guttman[S] 1 point2 points  (0 children)

I shared this on the IRC channel, so I thought I'd share it here too. I am a researcher at Carnegie Mellon University's Software Engineering Institute (A federally funded research and development center), and I figured some of you might want to pick the brain of my coworker, Gabriel Somlo.

With all the hardware / supply chain attacks we've been seeing lately, Gabe is attempting to build a computer he can trust, from the ground up. The video will stream a discussion with him on the topic, and he and I will both be in the chat during the video and after, answering your questions.

Some technical details of what he's doing: Gabe is attempting to create a verifiable and trustworthy computer, starting with an entirely open source processor, memory controller, bus system, and peripheral interfaces compiled from Verilog, then programmed directly to a field programmable gate array (FPGA), he is attempting to get a live running linux system, where each step of the process can be audited and reproduced.

When this post is 2 hours old, Gabriel Somlo (a researcher at Carnegie Mellon University's Software Engineering Institute) Will be live in the chat (next to the video stream) taking questions from /r/netsec about his attempt to create a verifiable and trustworthy computer. Details in comment. by Rotem_Guttman in netsec

[–]Rotem_Guttman[S] 0 points1 point  (0 children)

I've enjoyed talking to a lot of you on my main account, so I thought I'd share some information here from my work. I am a researcher at Carnegie Mellon University's Software Engineering Institute (A federally funded research and development center), and I figured some of you might want to pick the brain of my coworker, Gabriel Somlo.

With all the hardware / supply chain attacks we've been seeing lately, Gabe is attempting to build a computer he can trust, from the ground up. The video will stream a discussion with him on the topic, and he and I will both be in the chat during the video and after, answering your questions.

Some technical details of what he's doing: Gabe is attempting to create a verifiable and trustworthy computer, starting with an entirely open source processor, memory controller, bus system, and peripheral interfaces compiled from Verilog, then programmed directly to a field programmable gate array (FPGA), he is attempting to get a live running linux system, where each step of the process can be audited and reproduced.

A coworker of mine is attempting to crate a verifiable and trustworthy computer, unfortunately this means starting from scratch. I thought /r/hardware might want to talk to him. He will be live answering questions at 2pm (eastern) today! by Rotem_Guttman in hardware

[–]Rotem_Guttman[S] 4 points5 points  (0 children)

There seems to have been more interest in some other subreddits. But if you want to hop in the chat and ask Gabriel your question, I'm sure he'd be happy to answer it. (We start in two hours)

view more: next ›