# Phil 5.2.19

7:00 – 9:00 ASRC NASA

• Wrote up my notes from yesterday
• Need to make an Akido Drone image, maybe even a sim in Zach’s environment?
• Changed the title of the Dissertation
• Need to commit the changes to LMN from the laptop – done
• Need to create an instance of the JASSS paper in overleaf and make sure it runs
• Put the jasss.bst file in the svn repo – done
• Thinking about putting my dict find on stackoverflow, but did see this page on xpath for dict that is making me wonder if I just shouldn’t point there.
• Did meaningless 2019 goal stuff
• Adding ragged edge argument and generate a set of curves for eval
• ML seminar 4:30
• Meeting with Aaron M at 7:00
• Spent a good deal of time discussing the structure of the paper and the arguments. Aaron wants the point made that the “arc to full autonomy” is really only the beginning, predictable part of the process. In this part, the humans own the “reflective part” of the process, either as a human in the loop, where they decide to pull the trigger, or in the full autonomy mode where they select the training data and evaluation criteria for the reflexive system that’s built. The next part of that sequence is when machines begin to develop reflective capabilities. When that happens, many of the common assumptions that sets of human adversaries make about conflict (OODA, for example), may well be disrupted by systems that do not share the common background and culture, but have been directed to perform the same mission.

# Phil 5.1.19

7:00 – 7:00 ASRC NASA AIMS

• Added lit review section to the dissertation, and put the seven steps of sectarianism in.
• Spent most of yesterday helping Aaron with TimeSeriesML. Currently working on a JSON util that will get a value on a provided path
• Had to set up python at the module and not project level, which was odd. Here’s how: www.jetbrains.com/help/idea/2016.1/configuring-global-project-and-module-sdks.html#module_sdk
• Done!
    def lfind(self, query_list:List, target_list:List, targ_str:str = "???"):
for tval in target_list:
if isinstance(tval, dict):
return self.dfind(query_list[0], tval, targ_str)
elif tval == query_list[0]:
return tval

def dfind(self, query_dict:Dict, target_dict:Dict, targ_str:str = "???"):
for key, qval in query_dict.items():
# print("key = {}, qval = {}".format(key, qval))
tval = target_dict[key]
if isinstance(qval, dict):
return self.dfind(qval, tval, targ_str)
elif isinstance(qval, list):
return self.lfind(qval, tval, targ_str)
else:
if qval == targ_str:
return tval
if qval != tval:
return None

def find(self, query_dict:Dict):
# pprint.pprint(query_dict)
result = self.dfind(query_dict, self.json_dict)
return result


• It’s called like this:
ju = JsonUtils("../../data/output_data/lstm_structure.json")
# ju.pprint()
print("result 1 = {}".format(result))
print("result 2 = {}".format(result))
• Here’s the results:
result 1 = [None, 12, 1]
result 2 = 666.0
• Got Aaron’s code running!
• Meeting with Joel
• A quicker demo that I was expecting, though I was able to walk through how to create and use Corpus Manager and LMN. Also, we got a bug where the column index for the eigenvector didn’t exist. Fixed that in JavaUtils.math.Labeled2DMatrix.java
• Meeting with Wayne
• Walked through the JASSS paper. Need to make sure that the lit review is connected and in the proper order
• Changed the title of the dissertation to
• Stampede Theory: Mapping Dangerous Misinformation at Scale
• Solidifying defense over the winter break, with diploma in the Spring
• Mentioned the “aikido with drones” concept. Need to make an image. Actually, I wonder if there is a way for that model to be used for actually getting a grant to explore weaponized AI in a way that isn’t directly mappable to weapons systems, but is close enough to reality that people will get the point.
• Also discussed the concept of managing runaway AI with the Sanhedrin-17a concept, where unanimous agreement to convict means acquittal.  Cities had Sanhedrin of 23 Judges and the Great Sanhedrin had 71 Judges en.wikipedia.org/wiki/Sanhedrin
• Rav Kahana says: In a Sanhedrin where all the judges saw fit to convict the defendant in a case of capital law, they acquit him. The Gemara asks: What is the reasoning for this halakha? It is since it is learned as a tradition that suspension of the trial overnight is necessary in order to create a possibility of acquittal. The halakha is that they may not issue the guilty verdict on the same day the evidence was heard, as perhaps over the course of the night one of the judges will think of a reason to acquit the defendant. And as those judges all saw fit to convict him they will not see any further possibility to acquit him, because there will not be anyone arguing for such a verdict. Consequently, he cannot be convicted.

# Phil 4.30.19

7:00 – 8:30 ASRC NASA

• Working through Panos’ comments on the CHIPLAY paper and incorporating them into the JASS paper
• ML day today

Datasets for testing

• Cur
• Creating a package for probability
• Juryroom meeting – progress is good. Sent the current draft of the JASS paper

# Phil 4.29.19

7:00 – 3:30 ASRC TL

• Register for Tech Summit – done
• Ask for a week of time to prep for talk – done
• Panos read the paper and has some suggestions. Need to implement
• This might be important: Neural Logic Machines
• We propose the Neural Logic Machine (NLM), a neural-symbolic architecture for both inductive learning and logic reasoning. NLMs exploit the power of both neural networks—as function approximators, and logic programming—as a symbolic processor for objects with properties, relations, logic connectives, and quantifiers. After being trained on small-scale tasks (such as sorting short arrays), NLMs can recover lifted rules, and generalize to large-scale tasks (such as sorting longer arrays). In our experiments, NLMs achieve perfect generalization in a number of tasks, from relational reasoning tasks on the family tree and general graphs, to decision making tasks including sorting arrays, finding shortest paths, and playing the blocks world. Most of these tasks are hard to accomplish for neural networks or inductive logic programming alone.
• Need to read the Nature “Behavior” paper. Notes probably go straight into the dissertation lit review – done
• Continuing to read Army of None, which is ridiculously good. This figure has been making me think:  This implies that the idea that a set of diverse ML systems all agreeing is a warning condition is worth exploring.
• Finished read through of Tao’s paper
• Need to find a cardiologist for Arpita

# Phil 4.26.19

7:00 – 4:00 ASRC TL

# Phil 4.25.19

7:00 – 9:00 ASRC TL

• Looks like I’ll be giving a talk at the PM Summit in June on misinformation. Need to put together a 30 minute talk
• Need to come up with a short description. Something along the lines of misinformation happens at all scales, from international news to groupthink leading to the shuttle Columbia launch decision. This talk will show the common patterns that can identify misinformation behaviors and ways to disrupt these “belief stampedes”.
• Ping Joel and see if I can coordinate him and Wayne…
• Sent email and made a doodle
• Continuing with AI whitepaper
• Walk through webGL classes with Zach – done
• ML meeting – walked through the differences between heart attack (ischemic insults) and heart failure
• Meeting with Aaron M. More discussions of how the paper should go. He’s like a section on how things like latent space hacking can wind up in other areas

# Phil 4.23.19

7:00 – 5:30 ASRC TL

• Reading Army of None and realizing that incorporating AI is a stampede theory and diversity issue:
• This makes Aegis less like a finished product with a few different modes and more like a customizable system that can be tailored for each mission. Galluch explained that the ship’s doctrine review board, consisting of the officers and senior enlisted personnel who work on Aegis, begin the process of writing doctrine months before deployment. They consider their anticipated missions, intelligence assessments, and information on the region for the upcoming deployment, then make recommendations on doctrine to the ship’s captain for approval. The result is a series of doctrine statements, individually and in packages, that the captain can activate as needed during deployment. (Page 164)
• Doctrine statements are typically grouped into two general categories: non-saturation and saturation. Non-saturation doctrine is used when there is time to carefully evaluate each potential threat. Saturation doctrine is needed if the ship gets into a combat situation where the number of inbound threats could overwhelm the ability of operators to respond. “If World War III starts and people start throwing a lot of stuff at me,” Galluch said, “I will have grouped my doctrine together so that it’s a one-push button that activates all of them. And what we’ve done is we’ve tested and we’ve looked at how they overlap each other and what the effects are going to be and make sure that we’re getting the defense of the ship that we expect.” This is where something like Auto-Special comes into play, in a “kill or be killed” scenario, as Galluch described it. (Page 164)
• Extensive testing goes into ensuring that it works properly. Once the ship arrives in theater, the first thing the crew does is test the weapons doctrine to see if there is anything in the environment that might cause it to fire in peacetime, which would not be good. This is done safely by enabling a hardware-level cutout called the Fire Inhibit Switch, or FIS. The FIS includes a key that must be inserted for any of the ship’s weapons to fire. When the FIS key is inserted, a red light comes on; when it is turned to the right, the light turns green, meaning the weapons are live and ready to fire. When the FIS is red—or removed entirely—the ship’s weapons are disabled at the hardware level. (Page 165)
• But the differences run deeper than merely having more options. The whole philosophy of automation is different. With Aegis, the automation is used to capture the ship captain’s intent. In Patriot, the automation embodies the intent of the designers and testers. The actual operators of the system may not even fully understand the designers’ intent that went into crafting the rules. The automation in Patriot is largely intended to replace warfighters’ decision-making. In Aegis, the automation is used to capture warfighters’ decision-making. (Page 165)
• Hawley argued that Army Patriot operators train in a “sham environment” that doesn’t accurately simulate the rigors of real-world combat. As a result, he said “the Army deceives itself about how good their people really are. . . . It would be easy to believe you’re good at this, but that’s only because you’ve been able to handle the relatively non-demanding scenarios that they throw at you.” Unfortunately, militaries might not realize their training is ineffective until a war occurs, at which point it may be too late. (Page 171)
• Hawley explained that the Aegis community was partially protected from this problem because they use their system day in and day out on ships operating around the globe. Aegis operators get “consistent objective feedback from your environment on how well you’re doing,” preventing this kind of self-deception. The Army’s peacetime operating environment for the Patriot, on the other hand, is not as intense, Hawley said. “Even when the Army guys are deployed, I don’t think that the quality of their experience with the system is quite the same. They’re theoretically hot, but they’re really not doing much of anything, other than just monitoring their scopes.” Leadership is also a vital factor. “Navy brass in the Aegis community are absolutely paranoid” about another Vincennes incident, Hawley said. (Page 171)
• Working on JASS paper
• Working on AI paper
• Long chat with Eric H

# Phil 4.22.19

7:00 – 4:00 ASRC TL

• The mission of the Conference on Truth and Trust Online (TTO) is to bring together all parties working on automated approaches to augment manual efforts on improving the truthfulness and trustworthiness of online communications.
• The inaugural Truth and Trust Online conference will be taking place on October 4th and 5th 2019 at BMA House in London.
•

### Key Dates

• First call for papers: 2nd of April, 2019 *

• Deadline for all submissions: 3rd of June, 2019
• Notification of acceptance: Early July
• Registration opens: End of June
• Conference: 4th and 5th of October, 2019, BMA House, London, UK
• From On Being with Pádraig Ó Tuama, about belonging gone bad and the scale of sectarianism:
• Fooling automated surveillance cameras: adversarial patches to attack person detection
• Adversarial attacks on machine learning models have seen increasing interest in the past years. By making only subtle changes to the input of a convolutional neural network, the output of the network can be swayed to output a completely different result. The first attacks did this by changing pixel values of an input image slightly to fool a classifier to output the wrong class. Other approaches have tried to learn “patches” that can be applied to an object to fool detectors and classifiers. Some of these approaches have also shown that these attacks are feasible in the real-world, i.e. by modifying an object and filming it with a video camera. However, all of these approaches target classes that contain almost no intra-class variety (e.g. stop signs). The known structure of the object is then used to generate an adversarial patch on top of it.
• In this paper, we present an approach to generate adversarial patches to targets with lots of intra-class variety, namely persons. The goal is to generate a patch that is able successfully hide a person from a person detector. An attack that could for instance be used maliciously to circumvent surveillance systems, intruders can sneak around undetected by holding a small cardboard plate in front of their body aimed towards the surveillance camera. From our results we can see that our system is able significantly lower the accuracy of a person detector. Our approach also functions well in real-life scenarios where the patch is filmed by a camera. To the best of our knowledge we are the first to attempt this kind of attack on targets with a high level of intra-class variety like persons.
• More adding Wayne’s notes into JASS paper. Figured out how to make something that looks like blockquotes without screwing up the JASS formatting:
\hspace{1cm}\begin{minipage}{\dimexpr\textwidth-2cm}
\textit{"Get him home.  And deliver my cut of earnings to the people of Phandalin near Neverwinter, my home". With this, before anyone can stop him, Edmund turns to the dragon. "I make a counter offer.  In exchange for them motions to the two caged people. I offer myself to take their place.  I will remain.  I will starve.  You will lose two peasants, and in return you will gain all that I have to offer.  Edmund of house DeVir of Neverwinter.  The last of a noble bloodline of the ruling class."} - Edmond: Group 2
\end{minipage}
• More Machine Teaching paper

# Phil 4.21.19

Working on the JASS paper. I added enough in the prior work so that the agent research is explained to go along with the picture, and added a section in the lit review for agent-based simulation, because JASS.

Played around with the title for the dissertation a bit. I like this one for now:

# Phil 4.20.19

I think that we might be getting close-ish to a workable AI dungeon master(thisstorydoesnotexist.com). The trick might be to let people know that it was AI, and that it would behave… oddly:

My prompt: you enter a room with an orc and a goblin

The generated text:
The door swung open to a dark room, with no sign of a decoration or decoration for a simple wooden table and a table with no apparent decoration. As my eyes adjusted to the darkness, a pair of eyes I recognized well. He was shorter than the average goblin, even in his long robes, but his build was reminiscent of the ancient orc warrior. He looked at the two on a simple wooden stool, and then looked at me.

There was an air of calm in his tone.

The voice, it sounded like it was coming from inside the dungeon, but that was all I heard. It was a sound so foreign, the only sound I heard was the crackling of fire.
The light was blinding, blinding so much pain that I had to force my eyes open to avoid it. The light was bright enough to completely illuminate the floor of the room, but dim and the brightness did not cause me to see. The eyes of the orc were staring at me, but my mind was racing with questions.

What would make this place like it was?

Who are we, what will make this land like it is?

It’s been a couple millennia, we’re the third tribe in a short time, and were not going to leave until they had seen us. The people of our tribe were not aggressive, and their weapons were not strong, they were not strong enough to be dangerous on their own.

What makes the people of this land so dangerous?

I am the Second of the Glimmering Council. It is my duty to inform the other tribes of our future, and warn those tribes that their tribe will not stand

I wound up using Python because of machine learning, in particular TensorFlow and Keras. And Python is ok. I miss strong typing, but all in all it seems pretty solid with some outstanding science libraries. Mostly, I write tools:

I’ve been using IntelliJ Ultimate for my Python work. I came at it from Java and the steaming wreckage that is Eclipse. I like Ultimate a lot. It updates frequently but no too much. Most of the time it’s seamless. And I can switch between C++, Java, Python, and TypeScript/JavaScript.

For a new tool project, I need to have Python analytics served to a thin client running D3. Which meant that it was time to set up a client-server architecture.

These things are always a pain to set up. A “Hello world” app that sends JSON from the server to the client where it is rendered at interactive rates, with user actions being fed back to the server is still a surprisingly clunky thing to set up. So I was expecting some grumbling. I was not expecting everything to be broken. Well, nearly everything.

It is possible to create a Flask project in IntelliJ Ultimate. But you can’t actually launch the server. The goal is to have code like this:

Set up and run a webserver with console output like this:

It turns out that there is an unresolved bug in IntelliJ that prevents the webserver from launching. In IntelliJ, the way you know that everything is working is that the python file – app.py in this case — has parentheses around it (app.py). You can also see this in the launch menu:

If you see those parens, then IntelliJ knows that the file contains a Flask webserver, and will run things accordingly.

So how did I get this to work? I bought the Professional Edition of PyCharm (which has Flask), and used the defaults to create the project. Note that it appears that you have to use the Jinja2 template language. The other option, Mako, fails. I have not tried the None option. It’s been that sort of day.

By the way, if you already have a subscription to Ultimate, you can extend it to include the whole suite for the low low price of about \$40/year.

# Phil 4.19.19

8:00 – 4:00 ASRC TL

• Updating working copies of the paper based on the discussion with Aaron M last night.
• Based on the diagrams of the weights that I could make with the MNIST model, I think I want to try to make a layer neuron/weight visualizer. This one is very pretty
• Need to start on framework for data generation and analysis with Zach this morning
• Got Flask working (see above for rant on how).
• Flask-RESTful provides an extension to Flask for building REST APIs. Flask-RESTful was initially developed as an internal project at Twilio, built to power their public and internal APIs.

# Phil 4.18.19

7:00 – ASRC TL

• Added the Talmud to the implications section: “Rav Kahana says: In a Sanhedrin where all the judges saw fit to convict the defendant in a case of capital law, they acquit him.
• Changed the title of the dissertation again. Now it’s Stampede Theory: Diversity in Networked Systems.
• Need to transition Machine Teaching paper to IEEE format before meeting with Aaron
• Shimei’s ML group – want to talk about narrative embedding
• Semi-Supervised Classification with Graph Convolutional Networks
• We present a scalable approach for semi-supervised learning on graph-structured data that is based on an efficient variant of convolutional neural networks which operate directly on graphs. We motivate the choice of our convolutional architecture via a localized first-order approximation of spectral graph convolutions. Our model scales linearly in the number of graph edges and learns hidden layer representations that encode both local graph structure and features of nodes. In a number of experiments on citation networks and on a knowledge graph dataset we demonstrate that our approach outperforms related methods by a significant margin.
• More JASS writing
• Fixed the prior work image to have all three states
• Note: In Illustrator, the easiest way to outline an image is to select the image, click on mask, then select the outline stroke, select a color, and you’re done.
• changed \cite{} to \citep{}, which puts the parens in the right place
• Meeting with Aaron. Nice LaTex lesson

# Phil 4.17.19

7:00 – 5:00 ASRC TL

• Continuing to read Army of None. Really solid analysis
• Working on JASS paper
• The buzz on Twitter about the possible change to topic-based (e.g. Reddit?) rather than person-based, makes me wonder if there should be the ability to follow people in JuryRoom. I’d follow Cricket, for example
• “Cricket sits down in front of the Troll doing her best to appear completely relaxed and smiles, “come and lay down again while I sing.” Gesturing in front of her she gives a smile, “and if I can just look at the pretty box for a little bit maybe right here in front of me? It will stay really close so you can grab it up once you fall asleep.” At this point Cricket hadn’t actually lied, she currently had no intention of taking the box but if it opened as she suspected she fully intended to open it and hopefully take the contents.”
• More Grokking MNIST. Here’s a pix of the neurons. The difference about halfway through is the switch from training to testing data:
• MorphNet: Towards Faster and Smaller Neural Networks
• Here we describe MorphNet, a sophisticated technique for neural network model refinement, which takes the latter approach. Originally presented in our paper, “MorphNet: Fast & Simple Resource-Constrained Structure Learning of Deep Networks”, MorphNet takes an existing neural network as input and produces a new neural network that is smaller, faster, and yields better performance tailored to a new problem. We’ve applied the technique to Google-scale problems to design production-serving networks that are both smaller and more accurate, and now we have open sourced the TensorFlow implementation of MorphNet to the community so that you can use it to make your models more efficient.
• Had one of the stupidest, brain-damaged meetings I have ever had. Just destructive for destruction’s sake, as near as I can tell.
• Updated IntelliJ, which was painful this time, requiring finding Java and Python SDKs that were clearly visible in the settings. I guess it’s that kind of day.