Daily Tech Digest - August 17, 2017

Machine Learning: More Than Just Algorithms

If machine learning is relegated to playing a supporting role, this means that it won’t be algorithms that companies must master. Rather, algorithms will be procured for sure, as part of broader solutions. And, if done well, the actual algorithms will be analogous to source code—important but ideally obfuscated if the solution is functioning as desired. Of course, algorithms are not what drives the eventual solution behaviour. The models that the algorithms produce will be the means by which generalised rules become contextualised and so enable more effective behaviour patterns. In fact, in a networking environment, if the goal of machine learning is to automate workflows as part of adaptive or predictive operations, generalised algorithms are simply building blocks.

Driving Architectural Simplicity - The Value, Challenge, and Practice of Simple Solutions

There are several key benefits to designing and maintaining a simple architecture. First, simple architectures are easier to communicate. Communication includes both documentation and comprehension. A simple architecture can be documented with a smaller model and fewer drawings/annotations which would lead to improved comprehension by stakeholders. Comprehension is critical for shared understanding, which some define as the architecture (from Martin’s Fowler’s seminal Who Needs an Architect?). A shared understanding is critical to maintaining alignment across teams and team members, and ensuring an efficient implementation. Second, simple architectures are often easier to implement. 

How Ray makes continuous learning accessible and easy to scale

Ray is something we've been building that's motivated by our own research in machine learning and reinforcement learning. If you look at what researchers who are interested in reinforcement learning are doing, they're largely ignoring the existing systems out there and building their own custom frameworks or custom systems for every new application that they work on. ... For reinforcement learning, you need to be able to share data very efficiently, without copying it between multiple processes on the same machine, you need to be able to avoid expensive serialization and deserialization, and you need to be able to create a task and get the result back in milliseconds instead of hundreds of milliseconds. So, there are a lot of little details that come up.

How Upgrading Your Digital Mindset Offers Big Benefits

There can be many obstacles to digital transformation, from a lack of leadership to an absence of change management expertise, as the SAP/Oxford study noted. But buy-in amongst conservative medical professionals was critical at the largest heart hospital in Latin America, according to Guilherme Rabello.  “We had to convince them that ... the technology was not dragging them out of their main service, but assisting them to provide even better care to their patients,” Rabello said at SAP Leonardo Live. “So we engaged with all of them upfront, and we showed them why we were doing [what we were doing].” InCor’s uptake of SAP Leonardo was quick, especially for younger medical professionals who are comfortable in digital environment, according to Rabello.

Powerful backdoor found in software used by >100 banks and energy cos.

The module performs a quick exchange with the controlling DNS server and provides basic target information (domain and user name, system date, network configuration) to the server. The C&C DNS server in return sends back the decryption key for the next stage of the code, effectively activating the backdoor. The data exchanged between the module and the C&C is encrypted with a proprietary algorithm and then encoded as readable Latin characters. Each packet also contains an encrypted "magic" DWORD value "52 4F 4F 44" ('DOOR' if read as a little-endian value). Our analysis indicates the embedded code acts as a modular backdoor platform. It can download and execute arbitrary code provided from the C&C server, as well as maintain a virtual file system (VFS) inside the registry.

Building the Future of Finance

When you look at the process of building and deploying an AI model, it’s actually a very interesting world, because if you start off trying to build and trying to create and craft machine learning models – AI models – you need an enormous amount of data to create, craft, test, validate, calibrate, etc. But then in reality, you need a much smaller world or universe of data to run it on a daily basis. So from a bank’s perspective, you need to have an enormously elastic, cost controlled, efficient environment to mine for calibration, for creation purposes, for you to be able to create these models. Then when the rubber hits the road, you can have a much smaller, more dynamic, more discreet universe of data. So you can have these running, but for creation purposes you need the terabytes and petabytes; you don’t have to have that on a daily basis

Mitigating security risks posed by emerging tech: Expert advice

"If something brand new came to market tomorrow that could substantially improve the business, we have policies and protocols in place to evaluate it so we can set it up right away. We can move quickly to assess and determine whether it would work well with a minimal security risk or maximum security risk, and we can make recommendations based on that to move forward," Patria said. For Patria, it's about having layers of protection that can be used to counter the known security risks of an emerging tech as well as any potential threats that haven't yet been identified. Take, for example, the college's approach to the security risks associated with the internet of things (IoT), as it adds more and more devices to the school's IT infrastructure.

This Is Why Digital Currencies Need A Self-Regulating Organization

Did you know that participants within an industry may create a self-regulating body that self-governs and polices themselves? The SEC is not a government agency, rather they are a self-regulating body that was created by the member exchanges to protect and educate the public about securities. Similar agencies exist around the world providing the same service to their own citizens as the SEC does in the United States. We, the Crypto Community (the Community), have a right to do this for ourselves and do it globally. We have a right to define this new industry we created and govern that industry to protect and serve individuals and/or organizations that participate in all things crypto. ... We can be regulated OR we can regulate ourselves, and the only thing to decide this fate is whether we choose to organize and take action.

Automated Journey Testing with Cascade

You could divide the codebase into several codebases and have different teams work on each. In concurrent programming terms, we have removed the single exclusion lock in favour of multiple locks. We suffer less contention, developers are waiting less. We have solved one problem but we have introduced another. We now have different deliverables, whether they are microservices, or libraries, which are tested independently. The deliverables share a contract. Our tests have lost sight of the global picture. We are no longer certain that these components interact with each other since they are independent systems now with an independent set of tests. Our tests are now less inclusive, less exhaustive, and ultimately of less use to the product owner and user as an Acceptance Test.

How to Avoid the 6 Most Common Audit Failures

Since everything you do in security should be based on risk, a complete risk assessment is a must. But, what is a good risk assessment? Some people confuse a list of failure scenarios with a risk assessment. Stating that a DDoS attack could cripple your organization is not a risk statement, it is a statement of impact. Risk statements must include probabilities of occurrence of the threat such as: “It is highly likely in the next year that we will experience a DDoS attack that cripples our Internet services.” Conversely, the chance of a threat occurring alone is not a risk statement. Receiving lots of password guessing attacks against your SSH services is not a risk. However, if you say “there is a high likelihood of an SSH attack succeeding with an attacker gaining access to confidential data,” that is an actionable risk statement.

Quote for the day:

"Integrity is the soul of leadership! Trust is the engine of leadership!" -- Amine A. Ayad