da Agency

Facebook Is Tweaking Its Trending Product To Keep Fake News Out

Nurphoto / Getty Images

Facebook is changing its Trending product to try and make it better reflect the most discussed real world events on the platform, and to prevent false viral stories from trending.

Will Cathcart, the VP of product management for Trending, told BuzzFeed News the product will also now show the same list of trending topics to everyone in a country, as opposed to personalizing a list for users based on their behavior on Facebook. (Trending is currently only available to English-language users in the US, Canada, and UK.)

Facebook has been working to improve Trending — a box in the corner of the News Feed page that shows a list of top topics people are talking about on the platform — since it became a lightning rod for criticism last spring. In May, a former curator for the product claimed that conservative news and sources were being suppressed. A few months later, Facebook fired the curators that helped review topics and the associated news stories. It put more emphasis on having an algorithm identify topics and stories, and applied less human oversight. Following those changes, the Trending product repeatedly highlighted false news stories.

One change rolling out today is closely linked to the problem of misinformation on Facebook’s trending list. Cathcart said the Trending algorithm will promote topics that have a broad range of conversation and associated news articles, and avoid topics that are generating massive engagement from one or a few articles.

“The key thing about the change is looking not just at the volume of conversation but the breadth of voices across the Facebook community, and across the different articles discussing the topic,” he said.

This could in theory prevent a mega-viral false story, such as the one about Megyn Kelly being fired from Fox News, from making the Trending list.

“If there is a story on Facebook that has gone very viral and gotten lots engagement and there is another another story with hundreds of articles, we take the one with the hundreds of different articles,” Cathcart said. “The one that has gone super viral is less valuable.”

Facebook is also tweaking the way it determines which news article will be promoted as the top item in a topic. Cathcart said the top spot will go to articles that have a combination of strong engagement for the specific story as well as strong engagement for the publication overall on Facebook. Another change is that the Trending list will now show the top article's headline and source, as opposed to only showing it when users mouseover or click on the tropic.

The goal, Cathcart said, is to make sure the topics and associated news articles reflect real world events generating significant discussion and engagement.

Facebook

Facebook’s new focus on topics with broad engagement is in line with one of the suggestions made by computer scientists in a previous BuzzFeed News story about the problem of fake news on Trending.

Kate Starbird, an assistant professor at the University of Washington quoted in the story, said Facebook’s new changes are “a step in the right direction.”

“As we talked about a few months ago, my hunch is that this will have the effect of reducing hyper-partisan content and content propagated by crowd-turfing efforts,” Starbird told BuzzFeed News. “I’m really curious about how they will define ‘broad’ and I imagine it will require a lot of calibration initially and some adjustment over time.”

Starbird also said the move away from personalizing the Trending list could also help get people out of filter bubbles.“It doesn’t affect a user’s entire feed, but does represent one place where all users might see the same content,” she said. “A small change, but perhaps a valuable one.

Starbird emphasized that Facebook will need to keep tweaking its algorithm and approach to ensure it’s having the desired effect.

“It’s often difficult to predict what the unintended consequences of changes like these might be,” Starbird said.

Facebook said the new changes begin rolling out today and will be available to all Trending users within the coming weeks.

Quelle: <a href="Facebook Is Tweaking Its Trending Product To Keep Fake News Out“>BuzzFeed

da Agency

Azure Analysis Services now available in North Central US and Brazil South

Last October we released the preview of Azure Analysis Services, which is built on the proven analytics engine in Microsoft SQL Server Analysis Services. With Azure Analysis Services you can host semantic data models in the cloud. Users in your organization can then connect to your data models using tools like Excel, Power BI, and many others to create reports and perform ad-hoc data analysis.

We are excited to share with you that the preview of Azure Analysis Services is now available in 2 additional regions: North Central US and Brazil South.  This means that Azure Analysis Services is available in the following regions: Brazil South, Southeast Asia, North Europe, West Europe, West US, South Central US, North Central UA, East US 2 and West Central US.

New to Azure Analysis Services? Find out how you can try Azure Analysis Services or learn how to create your first data model.
Quelle: Azure

da Agency

Self-Service Capabilities using Red Hat CloudForms (Video)

This week, we look at Red Hat CloudForms capabilities for self-service and how it can be used to manage services across private, public and hybrid clouds. We explore:

self-service portal for end-user consumers
service catalog with examples of deployments (new infrastructure, multi-tier application, etc)
service dialog allowing customization and automation
day 2 operations, services life-cycle and monitoring
remote access using Cockpit administration tools

 

 
Additional information on Red Hat CloudForms can be found on the Red Hat website.
 
Quelle: CloudForms

da Agency

Manage App Service, SQL Database, and more – Azure Management Libraries for .NET

One C# statement to create a Web App. One statement to create a SQL Server and another statement to create a SQL Database. One statement to create an Application Gateway, etc.

Beta 4 of the Azure Management Libraries for .NET is now available. Beta 4 adds support for the following Azure services and features:

✓ App Service (Web Apps)

✓ SQL Database

✓  Application Gateway

✓ Traffic Manager

✓ DNS

✓ CDN

✓ Redis Cache

 
 

https://github.com/Azure/azure-sdk-for-net/tree/Fluent

You can download Beta 4 from:

 

Last year, we announced a preview of the new, simplified Azure management libraries for .NET. Our goal is to improve the developer experience by providing a higher-level, object-oriented API, optimized for readability and writability. These libraries are built on the lower-level, request-response style auto generated clients and can run side-by-side with auto generated clients. Thank you for trying the libraries and providing us with plenty of useful feedback.

Create a Web App

You can create a Web app instance by using a define() … create() method chain.

var webApp = azure.WebApps()
.Define(appName)
.WithNewResourceGroup(rgName)
.WithNewAppServicePlan(planName)
.WithRegion(Region.US_WEST)
.WithPricingTier(AppServicePricingTier.STANDARD_S1)
.Create();

Create a SQL Database

You can create a SQL server instance by using another define() … create() method chain.

var sqlServer = azure.SqlServers.Define(sqlServerName)
.WithRegion(Region.US_EAST)
.WithNewResourceGroup(rgName)
.WithAdministratorLogin(administratorLogin)
.WithAdministratorPassword(administratorPassword)
.WithNewFirewallRule(firewallRuleIpAddress)
.WithNewFirewallRule(firewallRuleStartIpAddress, firewallRuleEndIpAddress)
.Create();

Then, you can create a SQL database instance by using another define() … create() method chain.

var database = sqlServer.Databases.Define(databaseName)
.Create();

Create an Application Gateway

You can create an application gateway instance by using another define() … create() method chain.

var applicationGateway = azure.ApplicationGateways().Define("myFirstAppGateway")
.WithRegion(Region.US_EAST)
.WithExistingResourceGroup(resourceGroup)
// Request routing rule for HTTP from public 80 to public 8080
.DefineRequestRoutingRule("HTTP-80-to-8080")
.FromPublicFrontend()
.FromFrontendHttpPort(80)
.ToBackendHttpPort(8080)
.ToBackendIpAddress("11.1.1.1")
.ToBackendIpAddress("11.1.1.2")
.ToBackendIpAddress("11.1.1.3")
.ToBackendIpAddress("11.1.1.4")
.Attach()
.WithExistingPublicIpAddress(publicIpAddress)
.Create();

Sample code

You can find plenty of sample code that illustrates management scenarios in Azure Virtual Machines, Virtual Machine Scale Sets, Storage, Networking, Resource Manager, SQL Database, App Service (Web Apps), Key Vault, Redis, CDN and Batch.

Service
Management Scenario

Virtual Machines

Manage virtual machine
Manage availability set
List virtual machine images
Manage virtual machines using VM extensions
Create virtual machines from generalized image or specialized VHD
List virtual machine extension images

Virtual Machines – parallel execution

Create multiple virtual machines in parallel
Create multiple virtual machines with network in parallel
Create multiple virtual machines across regions in parallel

Virtual Machine Scale Sets

Manage virtual machine scale sets (behind an Internet facing load balancer)

Storage

Manage storage accounts

Networking

Manage virtual network
Manage network interface
Manage network security group
Manage IP address
Manage Internet facing load balancers
Manage internal load balancers

Networking – DNS

Host and manage domains

Traffic Manager

Manage traffic manager profiles

Application Gateway

Manage application gateways
Manage application gateways with backend pools

SQL Database

Manage SQL databases
Manage SQL databases in elastic pools
Manage firewalls for SQL databases
Manage SQL databases across regions

Redis Cache

Manage Redis Cache

App Service – Web Apps

Manage Web apps
Manage Web apps with custom domains
Configure deployment sources for Web apps
Manage staging and production slots for Web apps
Scale Web apps
Manage storage connections for Web apps
Manage data connections (such as SQL database and Redis cache) for Web apps

Resource Groups

Manage resource groups
Manage resources
Deploy resources with ARM templates
Deploy resources with ARM templates (with progress)

Key Vault

Manage key vaults

CDN

Manage CDNs

Batch

Manage batch accounts

Give it a try

You can run the samples above or go straight to our GitHub repo. Give it a try and let us know what do you think (via e-mail or comments below), particularly –

Usability and effectiveness of the new management libraries for .NET.
What Azure services you would like to see supported soon?
What additional scenarios should be illustrated as sample code?

Over the next few weeks, we will be adding support for more Azure services and applying finishing touches to the API.
Quelle: Azure

da Agency

7 ways we harden our KVM hypervisor at Google Cloud: Security in plaintext

By Andy Honig, Technical Lead Manager and Nelly Porter, Senior Product Manager

Google Cloud uses the open-source KVM hypervisor that has been validated by scores of researchers as the foundation of Google Compute Engine and Google Container Engine, and invests in additional security hardening and protection based on our research and testing experience. Then we contribute back our changes to the KVM project, benefiting the overall open-source community.

What follows is a list of the main ways we security harden KVM, to help improve the safety and security of your applications.

Proactive vulnerability search: There are multiple layers of security and isolation built into Google’s KVM (Kernel-based Virtual Machine), and we’re always working to strengthen them. Google’s cloud security staff includes some of the world’s foremost experts in the world of KVM security, and has uncovered multiple vulnerabilities in KVM, Xen and VMware hypervisors over the years. The Google team has historically found and fixed nine vulnerabilities in KVM. During the same time period, the open source community discovered zero vulnerabilities in KVM that impacted Google Cloud Platform (GCP).

Reduced attack surface area: Google has helped to improve KVM security by removing unused components (e.g., a legacy mouse driver and interrupt controllers) and limiting the set of emulated instructions. This presents a reduced attack and patch surface area for potential adversaries to exploit. We also modify the remaining components for enhanced security.

Non-QEMU implementation: Google does not use QEMU, the user-space virtual machine monitor and hardware emulation. Instead, we wrote our own user-space virtual machine monitor that has the following security advantages over QEMU:

Simple host and guest architecture support matrix. QEMU supports a large matrix of host and guest architectures, along with different modes and devices that significantly increase complexity. Because we support a single architecture and a relatively small number of devices, our emulator is much simpler. We don’t currently support cross-architecture host/guest combinations, which helps avoid additional complexity and potential exploits. Google’s virtual machine monitor is composed of individual components with a strong emphasis on simplicity and testability. Unit testing leads to fewer bugs in complex system. QEMU code lacks unit tests and has many interdependencies that would make unit testing extremely difficult. No history of security problems. QEMU has a long track record of security bugs, such as VENOM, and it’s unclear what vulnerabilities may still be lurking in the code.

Boot and Jobs communication: The code provenance processes that we implement helps ensure that machines boot to a known good state. Each KVM host generates a peer-to-peer cryptographic key sharing system that it shares with jobs running on that host, helping to make sure that all communication between jobs running on the host is explicitly authenticated and authorized.

Code Provenance: We run a custom binary and configuration verification system that was developed and integrated with our development processes to track what source code is running in KVM, how it was built, how it was configured and how it was deployed. We verify code integrity on every level — from the boot-loader, to KVM, to the customers’ guest VMs.

Rapid and graceful vulnerability response: We’ve defined strict internal SLAs and processes to patch KVM in the event of a critical security vulnerability. However, in the three years since we released Compute Engine in beta, our KVM implementation has required zero critical security patches. Non-KVM vulnerabilities are rapidly patched through Google’s internal infrastructure to help maximize security protection and meet all applicable compliance requirements, and are typically resolved without impact to customers. We notify customers of updates as required by contractual and legal obligations.

Carefully controlled releases: We have stringent rollout policies and processes for KVM updates driven by compliance requirements and Google Cloud security controls. Only a small team of Google employees has access to the KVM build system and release management control.

There’s a lot more to learn about KVM security at Google. Click the links below for more information.

KVM Security 
KVM Security Improvements by Andrew Honig 
Performant Security Hardening of KVM by Steve Rutherford 

And of course, KVM is just one infrastructure component used to build Google Cloud. We take security very seriously, and hope you’ll entrust your workloads to us.    

FAQ
Should I worry about side channel attacks?

We rarely see side channel attacks attempted. A large shared infrastructure the size of Compute Engine makes it very impractical for hackers to attempt side channel attacks, attacks based on information gained from the physical implementation (timing and memory access patterns) of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms. To mount this attack, the target VM and the attacker VM have to be collocated on the same physical host, and for any practical attack an attacker has to have some ability to induce execution of the crypto system being targeted. One common use for side channel attacks is against cryptographic keys. Side channel attacks that leak information are usually addressed quickly by cryptographic library developers. To help prevent that, we recommend that Google Cloud customers ensure that their cryptographic libraries are supported and always up-to-date.

What about Venom? 

Venom affects QEMU. Compute Engine and Container Engine are unaffected because both do not use QEMU.

What about Rowhammer? 

The Google Project Zero team led the way in discovering practical Rowhammer attacks against client platforms. Google production machines use double refresh rate to reduce errors, and ECC RAM that detects and corrects Rowhammer-induced errors. 1-bit errors are automatically corrected, and 2-bit errors are detected and cause any potentially offending guest VMs to be terminated. Alerts are generated if any projects that cause an unusual number of Rowhammer errors. Undetectable 3-bit errors are theoretically possible, but extremely improbable. A Rowhammer attack would cause a very large number of alerts for 2-bit and 3-bit errors and would be detected.

A recent paper describes a way to mount a Rowhammer attack using a KSM KVM module. KSM, the Linux implementation of memory de-duplication, uses a kernel thread that periodically scans memory to find memory pages with the same contents mapped from multiple VMs that are candidates for merging. Memory “de-duping” with KSM can help to locate the area to “hammer” the physical transistors underlying those bits of data, and can target the identical bits on someone else’s VM running on the same physical host. Compute Engine and Container Engine are not vulnerable to this kind of attack, since they do not use KSM. However, if a similar attack is attempted via a different mechanism, we have mitigations in place to detect it.

What is Google doing to reduce the impact of KVM vulnerabilities? 

We have evaluated the sources of vulnerabilities discovered to date within KVM. Most of the vulnerabilities have been in the code areas that are in the kernel for historic reasons, but can now be removed without a significant performance impact when run with modern operating systems on modern hardware. We’re working on relocating in-kernel emulation functionality outside of the kernel without a significant performance impact.

How does the Google security team identify KVM vulnerabilities in their early stage? 

We have built an extensive set of proprietary fuzzing tools for KVM. We also do a thorough code review looking specifically for security issues each time we adopt a new feature or version of KVM. As a result, we’ve found many vulnerabilities in KVM over the past three years. About half of our discoveries come from code review and about half come from our fuzzers.
Quelle: Google Cloud Platform