Daily Tech Digest - January 18, 2020

Get Your Enterprise Ready for 5G

Image: Tham Yuan Yuan - Pixabay
5G is an opportunity to re-imagine your business and to think about what you could do in your company if you weren't constrained by limited bandwidth and slow data transfer speeds. In healthcare, the elimination of communications constraints could mean a broader ability to deploy telemedicine and telesurgery to remote areas. In manufacturing, unleashing the potential of communications could bring an endless opportunity to manage all types of Internet of Things (IoT) appliances and robotics in factories around the world. In cities, unbridled communications could deliver limitless ways to manage traffic grids and fleets of autonomous vehicles. However, in other business cases, what you're already doing today with 4G, or even with 2G or 0G, might be enough. The discussion about present, short-term future and long-term business directions, and the communications that are needed to support them, should occupy the CIO, other C-level executives, corporate technology experts and boards of directors.

Cyber-Physical Systems – The new and emerging systems of intelligence

With edge devices – pieces of hardware that control data flow at the boundary between two networks – becoming more powerful, miniaturised and inexpensive, there is an opportunity to bring AI, machine learning (ML) and real-time decision making closer to where data is produced. This involves building geo-distributed models that are privacy-aware and adapting decision-making algorithms based on context. Edge computing systems will form the basis for the smooth functioning of CPS, especially in time-sensitive tasks where even milliseconds matter, such as remote robotic surgeries or self-driving cars. They provide the much-needed, real-time insights to these systems so that they can operate and adapt in real-time. The Internet of Things (IoT) and smart devices have become an inseparable part of our everyday lives and many physical devices and everyday objects are now connected. In fact, according to IHS Markit there will be more than 125 billion connected devices globally by 2030.  However, as an increasing number of devices is integrated into enterprise networks, it is important to ensure that the existing systems are ready to yield the expected benefits and minimise risk.

The top 9 big data and data analytics certifications for 2020

Top Big Data Certifications Available Today
Data and big data analytics are the lifeblood of any successful business. Getting the technology right can be challenging but building the right team with the right skills to undertake data initiatives can be even harder — a challenge reflected in the rising demand for big data and analytics skills and certifications. If you're looking to get an edge on a data analytics career, certification is a great option. ... The number of data analytics certs is expanding rapidly. ... The Certification of Professional Achievement in Data Sciences is a non-degree program intended to develop facility with foundational data science skills. The program consists of four courses: Algorithms for Data Science, Probability & Statistics, Machine Learning for Data Science, and Exploratory Data Analysis and Visualization. ... The Certified Analytics Professional (CAP) credential is a general analytics certification that certifies end-to-end understanding of the analytics process, from framing business and analytic problems to acquiring data, methodology, model building, deployment and model lifecycle management. It requires completion of the CAP exam and adherence to the CAP Code of Ethics.

Financial Advisors Hate Bitcoin. Their Reasons Will Drive You Crazy

In the U.S., all financial advisors have fiduciary duty. This means they have to manage your money in a way that benefits you. If they don’t, you can sue them. You can do what you want with your own money. Buy all the bitcoin you want. Cow pies, lawn darts, options, credit default swaps, silver dollars, hammers, whatever you want to buy, no matter how risky or useless, you go for it. When you give money to financial advisors, they have to follow certain rules. They can’t mess around with crazy stock tips or risky off-shore investment schemes. ... In fact, crime is the number one reason 75 percent of all investors say they avoid bitcoin. Most people worry about getting hacked or think somebody will use bitcoin for terrorism or illegal activities. On top of that (and maybe because of it), most advisors don’t know how bitcoin works. Cryptocurrency isn’t covered in their professional certifications. ... Bitcoin has no central issuer, no government, and no business managing its use. Bitcoin transactions are pseudonymous, peer-to-peer, and settled instantly. 

Four priorities for the evolution of IT in 2020

IT efficiency is crucial to the success of digital transformation initiatives, and there is increased pressure on IT departments to deliver more, faster. However, IT can no longer keep up with the demands of the business; little over a third (36 per cent) of IT professionals were actually able to deliver all projects asked of them last year. In order to reduce this growing IT delivery gap, we’ll see IT move away from trying to deliver all IT projects themselves in 2020. The IT team’s role will evolve to changing, operating and securing core IT assets along with building and managing reusable APIs, exposing the functionality within the core IT assets that the rest of the business can consume to create the solutions they need. Essentially, IT begins to create new building blocks (APIs) that can empower both the technical and the broader lines of business users to innovate and build new technology solutions without compromising the core IT estate of the business. With API-led connectivity and organisations educating teams on the power of integration, IT will empower companies to digitally transform and innovate faster than ever before, shifting from being an “all doing” to an “enabling” organisation and avoiding being a constraint to business expansion.

Visa's plan against Magecart attacks: Devalue and disrupt

Visa's plan to devalue payment card data involves the rollout of new technologies like the Visa Token Service and Click To Pay systems. The Visa Token Service is a new payment mechanic through which payment card numbers and details are replaced by a token. This token validates the transaction against Visa's servers, but its useless to attackers as it doesn't contain any data cybercriminals can use to sell or clone cards. This novel tokenization system will be coupled with the new Click To Pay technology that Visa and fellow card providers have been working on for the past few few years, and which they recently began rolling out across the US. With Click To Pay, multiple card providers have banded together to create a common "Click to Pay" button that vendors can add to their online stores. Users only have to enter their card details once, and then click the button to buy products across the internet, without having to re-enter card details on each store. Since users don't have to enter card details on online stores, there's nothing Magecart hackers can steal. Both technologies were created to simplify online shopping, but they both happened to come along at the right time to help fight off Magecart attacks.

Microsoft: Application Inspector is now open source, so use it to test code security

The static source-code analyzer aims to help developers handle potential security issues that arise through code reuse when incorporating open-source components, such as software libraries, into a project. "Reuse has great benefits, including time to market, quality, and interoperability, but sometimes brings the cost of hidden complexity and risk," write Guy Acosta and Michael Scovetta, members of Microsoft's Customer Security and Trust team. "You trust your engineering team, but the code they write often accounts for only a tiny fraction of the entire application. How well do you understand what all those external software components actually do?" As they note, modern web applications often have hundreds of third-party components that contain tens of thousands of lines of code, which were written by thousands of contributors. And typically developers who use those components rely on the author's description, which Microsoft argues is not reliable or enough to meet Microsoft's responsibility for shipping secure code, which includes external components.

Natural disasters are increasing in frequency and ferocity. Here's how AI can come to the rescue

Once an advancing cyclone or hurricane is identified, for example, geo-spatial, weather and previous disaster data could be used to predict how many people will be displaced from their homes and where they will likely move. Such insights could help emergency personnel identify how much aid (water, food, medical care) will be needed and where to send it. AI algorithms could instantaneously assess flooding, building and road damage based on satellite images and weather forecasts, allowing rescuers to distribute emergency aid more effectively and identify those still in danger and isolated from escape routes. McKinsey’s Noble Intelligence is just one example of an initiative trying to harness AI’s potential to support humanitarian causes. For instance, the team is developing an algorithm that will reduce the time it takes to assess damage to buildings such as schools from weeks to minutes, using a combination of satellite, geo-spatial, weather and other data.

Does the World Need a Cryptocurrency Robo Advisor?

Robo Advisors as a service has been used on a global scale. Though, there is definitely a different scene running in different parts of the world, for instance comparing the US market with Europe.  The US retail market has shown much more interest and trust in using these computer programs to manage their money. This has alone made the US the source of innovation for Robo Advisors considering the competition between some heavyweight financial institutions trying to take a bite from the market share such as Vanguard or Charles Schwab and very bright startups such as Betterment, Wealthfront and Acorns. ... One challenge that remains for the market and the ETP providers is to keep liquidity for the indices they launch. Market liquidity across Cryptocurrencies, especially alternative coins (all non-bitcoin coins). There are specialized parties, called market makers using sophisticated tools for providing offers for both sides of order book. The tool, called also market making bot makes sure make sure such coins or indices have sufficient liquidity to attract investors or financial advisors.

Bipartisan group of senators introduces legislation to boost state cybersecurity leadership

In introducing the legislation, Hassan highlighted the ongoing nationwide ransomware attacks on cities and government entities. These types of attacks, which recently crippled the government of New Orleans, involve an individual or group locking up a system and demanding a ransom to give the user access again. “Cyberattacks can be devastating for communities across our country, from ransomware attacks that can block access to school or medical records to cyberattacks that can shut down electrical grids or banking services,” Hassan said in a statement. “The federal government needs to do more to ensure that state and local entities have the resources and training that they need to prevent and respond to cyberattacks.” Hassan added that the new bill “would take a big step forward in improving communication between the federal government, states, and localities, as well as strengthening cybersecurity preparedness in communities across the country.”

Quote for the day:

"The led must not be compelled; they must be able to choose their own leader." -- Albert Einstein

Daily Tech Digest - January 18, 2020

EU mulls 5-year ban on facial recognition tech in public spaces

People walk past a poster simulating facial recognition software at the Security China 2018 exhibition on public safety and security in Beijing, China October 24, 2018.
The EU Commission said new tough rules may have to be introduced to bolster existing regulations protecting Europeans’ privacy and data rights. “Building on these existing provisions, the future regulatory framework could go further and include a time-limited ban on the use of facial recognition technology in public spaces,” the EU document said. During that ban of between three to five years, “a sound methodology for assessing the impacts of this technology and possible risk management measures could be identified and developed.” Exceptions to the ban could be made for security projects, as well as research and development, the paper said. The document also suggested imposing obligations on both developers and users of artificial intelligence and that EU countries should appoint authorities to monitor the new rules. The Commission will seek feedback on its white paper before making a final decision, officials said.

Huawei and 5G: Why the UK's decision is getting tougher every day

There are serious issues for the UK to consider here. These 5G networks will at some point underpin everything from smart cities to augmented-reality surgery. They have to be secure and unbreakable. An outage of a 5G network controlling an automated factory or motorway full of self-driving cars could be disastrous, especially if it could be triggered at-will by a foreign state. Espionage is another, more obvious and realistic fear. No nation would want its most sensitive data to be read by another. And few would dispute that the Chinese state has regularly used cyber espionage against other governments and businesses. So, first, there is the fundamental issue: can Huawei's equipment be trusted as part of the UK's critical infrastructure? It's a question that the UK's intelligence agencies and technical experts have been pondering long and hard. Up to now their answer has been that, so long as Huawei's kit is limited to the outer reaches of these new 5G networks, the risk is manageable. Huawei's equipment has long been used in UK networks without incident, and the country of origin is not the only, and not even a primary, factor when it comes to assessing security.

Forecast: the top 6 cybersecurity trends for 2020

cybersecurity privacy safety internet binary
Application Programming Interfaces (APIs) have become a vital component in modern IT infrastructures. They allow data to be readily shared between applications as well as opening access to external parties. While they offer significant benefits, they also create vulnerabilities that can be exploited by cybercriminals and incidents are set to rise during 2020. APIs are inherently insecure and offer an enticing entry point into an organisation’s IT infrastructure. The problem is particularly relevant in supply chains where data is shared between multiple parties. When access is provided to core systems via APIs, it becomes difficult – if not impossible – to ensure all links are secure at all times. ... Operational Technology (OT) is the hardware and software that manages devices within an organisation’s infrastructure. Most OT was designed years ago and was never intended to be networked or linked to the public internet. Fast forward to 2020 and OT is increasingly being connected to IT networks to allow remote monitoring and management.

How AI Is Manipulating Economics to Create Appreciating Assets

Think about that statement for a second…you’re buying an appreciating asset, not a depreciating asset. And what is driving the appreciation of that asset? It’s likely courtesy of Tesla’s FSD (Full Self-Driving) Deep Reinforcement Learning Autopilot brain. Tesla cars become “smarter” and consequently more valuable with every mile each of the 400,000 Autopilot-equipped cars are driven. Imagine a mindset of leveraging Deep Reinforcement Learning with new operational data to create products (vehicles, trains, cranes, compressors, chillers, turbines, drills) that appreciate with usage because the products are getting more reliable, more predictive, more efficient, more effective, safer and consequently more valuable. That’s H-U-G-E! An asset that appreciates in value through usage and learning is yet another example of how a leading organization can exploit the unique characteristics of digital assets that not only never deplete or wear out but can be used across an unlimited number of use cases at a near zero marginal cost.

Keeping up with disruptors through hybrid integration

We’re living in a period where information is key, and where companies in every industry are inundated with data from all sides. And this is only set to rise, with IDC predicting that the global datasphere will grow from 33 zettabytes in 2018 to 175 zettabytes by 2025. In terms of how this is stored, many organisations have initiated cloud-first policies, meaning no new data should be stored in their data centres. The reasons for this drive to the cloud are numerous given the number of business benefits. For example, the cloud provides unlimited storage and accessibility from anywhere in the world. While some companies already do everything in the cloud, the vast quantities of data collated by heritage organisations is stored across multiple data sources. It is therefore likely that these organisations will always have some systems stacked in heritage servers as a result of the costs involved, the data’s complexity and the inability to replicate it in the cloud. This means there is a need to integrate data and applications stored on-premise, in the cloud and between the two.

UK’s phone and internet bulk data surveillance unlawful, says EU court opinion

The Advocate General opinion argues that member states cannot use national security exemptions to escape from the safeguards of European law, when they impose legal obligations on telephone and internet companies to retain their customers’ data. Access to communications data must be subject to prior review or an independent administrative authority committed both to safeguarding national security and defending citizens’ fundamental rights and requests for data must be made in specific terms, the AG wrote. Data retention by telephone companies and internet service providers should be limited to specific categories of data that are essential for the prevention and control of crime and the safeguarding of national security, and each category of data should be held for a defined time.

New phishing attack hijacks email conversations: How companies can protect employees

Although the level of conversation hijacking in domain-impersonation attacks is low compared with other types of phishing attacks, they're personalized. That makes them effective, hard to detect, and costly, according to Barracuda. After impersonating a domain, cybercriminals begin the process of conversation hijacking. By infiltrating an organization, attackers will compromise email accounts and other sources. They then spend time monitoring the compromised accounts and reading emails to understand the business and learn about any deals, payment processes, and other activities. This step is also where they can snoop on email conversations between employees, external partners, and customers. Attackers will leverage the information they've picked up from the compromised accounts to devise convincing messages sent from the impersonated domain to trick employees into wiring money or updating and sharing payment information. The entire process of impersonating a domain, monitoring compromised accounts, and hijacking conversations can be expensive and time-consuming.

Mojo Vision is putting an augmented reality screen on a contact lens

The Mojo Lens is a contact lens with an augmented reality display.
Mojo Lens promises to deliver the useful and timely information people want without forcing them to look down at a screen or lose focus on the people and world around them. In terms of mass production, Mojo’s Invisible Computing platform won’t be ready for a while, but the prototypes are coming together. ... “It’s a rigid, gas-permeable lens,” he said. “It is super comfortable because it sits on the white part of your eye.” That’s like the hard contact lenses some people wear because they find the soft ones uncomfortable. The harder lens rests on your eye, rather than on your cornea (that is, it rests on the white part of your eye, rather than the part you see with). Mojo Vision plans to tailor each contact lens to fit the wearer’s eyes. “We want it to sit perfectly like a puzzle piece, and it doesn’t rotate and it doesn’t slip,” Sinclair said. “And that’s … one of the secrets that makes this whole thing work, and why anyone who’s trying to do this … with the soft contact lens is probably going to be miserable, because normal contact lenses are always moving around and sliding around and slipping and rotating.”

It’s the end for Windows Server 2008 support

Windows logo / life preserver / rescue / recovery / fix / resolve / solution
Server 2008 is based on the Windows Vista codebase, which should be reason alone to jettison it. But Windows Server 2016 and Windows Server 2019 are built on Windows 10, which means apps heavily dependent on the OS ecosystem might be hard to move since the internals are so different. “I do work with folks that are still running Windows Server 2008. They understand the ramifications of EOL for support. But most are in a predicament where they aren’t able to move the applications for a number of reasons, including application compatibility, location, etc.," Crawford says. For those apps that are challenging to move, he recommends isolating the system as much as possible to protect it, and putting in a plan to do what is needed to the applications to prepare them for movement as quickly as possible. Microsoft offers and recommends Azure migration, so Server 2008 apps can run in an Azure instance while they are modernized for Server 2019 and then deployed on premises. Migration should be the paramount effort, because if you are running Server 2008 then you're using hardware that's at least eight years old and potentially 12 years old.

What is Perfect Forward Secrecy? A Guide for 2020

Perfect Forward Secrecy
In short, the PFS acronym stands for “perfect forward secrecy,” which is a relatively recent security feature for websites. It aims to prevent future exploits and security breaches from compromising current or past communication, information or data by isolating each transaction’s encryption. Traditionally, encrypted data would be protected by a single private encryption key held by the server, which it could use to decrypt all the historic communication with the server using a public key. This presents a potential security risk down the line, as an attacker can spend weeks, months or years listening in to encrypted traffic, storing the data and biding their time. ... Perfect forward secrecy solves this problem by removing the reliance on a single server private key. Rather than using the same encryption key for every single transaction, a new, unique session key is generated every time a new data transaction occurs.  In effect, this means that even if an attacker manages to get their hands on a session key, it will only be useful for decrypting the most recent transaction, rather than all the data they may have collected in the past.

Quote for the day:

"The cost of leadership is self-interest." -- Simon Sinek

Daily Tech Digest - January 17, 2020

Dell Optiplex 7070 Ultra: Modularity at a price

The main trick with the Optiplex 7070 Ultra, and the reason it is designed as a thin brick, is that it fits in a specially designed monitor stand that attaches to Dell monitors. This feature is touted as being a desktop space saver, which it certainly is, but do not think that it is a cableless affair. We tested this Optiplex with a Dell UltraSharp 24 USB-C monitor -- which is a serviceable, thin-bezel 1920x1080 monitor that retails for AU$340, and if it had a high resolution, it would be outstanding -- and found the Optiplex to be a half-way house between a regular desktop and an all-in-one. For instance, a USB-C cable was still needed to make the connection between the unit and the monitor, both devices needed their own power cables and bricks, and connecting headphones meant reaching behind the monitor to find the audio jack and hoping they lack enough lead to allow you to relax in your seat. Consolidating things like power connections would put it much closer to the realm of an all-in-one, while probably making it increasingly complex, but simple changes like adding reachable ports and audio jacks into the stand to face the user would help with everyday usability.

Silicone’s Final Days? An Exclusive Chat With Nobel Prize Winner Sir Konstantin Novoselov

Novoselov, who grew up in a very heavy engineering environment, adds that the Nobel has opened opportunities in terms of collaboration within the industry itself and has “promoted huge interest”. “As we see now that interest paid back in terms of creation of new applications.” Today, graphene powers many disruptive technologies and holds the potential to open up many more new markets, particularly next-generation electronics: faster transistors, semiconductors, bendable phones, to name a few. But what is graphene, you ask? Graphene was originally observed in electron microscopes in 1958 and as Novoselov explains, it’s both an interesting and very simple material. “It’s only carbon atoms,” he explains. “Carbon is one of the lightest, and one of the simplest atoms you can think about.” Graphene is to date, the strongest and thinnest material known to science. In fact, it is 100 times stronger than steel despite its almost 100% transparency and flexibility. The material has also proved to be a good thermal and electrical conductor, also known to have unique quantum properties.

Scottish police roll out controversial data extraction technology

“We’re committed to providing the best possible service to victims and witnesses of crime. This means we must keep pace with society. People of all ages now lead a significant part of their lives online and this is reflected in how we investigate crime and the evidence we present to courts,” said deputy chief constable Malcolm Graham. He added that digital devices are increasingly involved in investigations, placing ever higher demand on digital forensic examination teams. “Current limitations, however, mean the devices of victims, witnesses and suspects can be taken for months at a time, even if it later transpires that there is no worthwhile evidence on them,” said Graham. “By quickly identifying devices which do and do not contain evidence, we can minimise the intrusion on people’s lives and provide a better service to the public.”

How to protect your organization and employees from conversation hijacking

Internet security and data protection concept, blockchain.
Cybercriminals use a variety of tricks to try to convince unsuspecting users to reveal sensitive and valuable information. Phishing is a well-known and general method. A more specific and direct technique gaining traction is conversation hijacking. By impersonating employees or other trusted individuals and inserting themselves in a message thread, criminals try to obtain money or financial information. But there are ways to protect your company and employees from this type of attack, according to a new report from Barracuda Networks. Here's how the process typically works, according to Barracuda. Cybercriminals start by impersonating an organization's domain. Through domain impersonation or spoofing, attackers send emails to employees with phony domain names that appear legitimate or create websites with altered names. Phony domain names can be concocted and registered by slightly adjusting certain characters in the actual name or changing the Top-Level-Domain (TLD), for example, replacing .com with .net.

Network automation with Python, Paramiko, Netmiko and NAPALM

Network automation with Python and automation libraries can enable simplified communication with network devices. In this article, we take a look at three network automation libraries: Paramiko, Netmiko and NAPALM, or Network Automation Programmability Abstraction Layer with Multivendor support. Each library builds on its predecessor to provide greater layers of abstraction that enable users to build more efficient automation systems. Paramiko is a low-level Secure Shell (SSH) client library. We can use it to programmatically control connecting to a network device's command-line interface (CLI) over a secure SSH connection. With the library, users send commands a person would normally type and parse the results of each command's execution, also known as screen scraping. The Python script below uses the Paramiko library to query a Cisco Catalyst 3560 router for its Address Resolution Protocol (ARP) table. It is the first step of a script to identify the switch port where a device is connected.

Artificial Intelligence System Learns the Fundamental Laws of Quantum Mechanics

Artificial Intelligence Quantum Mechanics
In Chemistry, AI has become instrumental in predicting the outcomes of experiments or simulations of quantum systems. To achieve this, AI needs to be able to systematically incorporate the fundamental laws of physics. An interdisciplinary team of chemists, physicists, and computer scientists led by the University of Warwick, and including the Technical University of Berlin, and the University of Luxembourg have developed a deep machine learning algorithm that can predict the quantum states of molecules, so-called wave functions, which determine all properties of molecules. The AI achieves this by learning to solve fundamental equations of quantum mechanics as shown in their paper ‘Unifying machine learning and quantum chemistry with a deep neural network for molecular wavefunctions’ published in Nature Communications. Solving these equations in the conventional way requires massive high-performance computing resources (months of computing time) which is typically the bottleneck to the computational design of new purpose-built molecules for medical and industrial applications.

California’s IoT cybersecurity bill: What it gets right and wrong

California's IoT cybersecurity bill
The most significant issue to be addressed is the law’s ambiguity: it requires all connected devices to have “a reasonable security feature” (appropriate to the nature of the device and the information it collects) that is designed to protect the user’s data from unauthorized access, modification, or disclosure. Beyond that vague prescription, the law only specifically states that each connected device must also come with a unique hard-wired password, or it must otherwise require a user to set their own unique password before using the device. Some experts maintain that meeting the password requirements is all that’s needed to satisfy the regulation; in effect, the password is the “reasonable security feature.” If this interpretation is validated, it’s wholly insufficient for securing the IoT – especially for those connected systems that reside in our appliances, vehicles, and municipal infrastructures.

Facial recognition is real-life ‘Black Mirror’ stuff, Ocasio-Cortez says

Because facial recognition is being used without our consent or knowledge, she suggested, we may be mistakenly accused of a crime and have no idea that the technology has been used as the basis for the accusation. That’s right, the AI Now Institute’s Whittaker said, and there’s evidence that the use of facial recognition is often not disclosed. That lack of disclosure is compounded by our “broken criminal justice system,” Ocasio-Cortez said, where people often aren’t allowed to access the evidence used against them. Case in point: the Willie Lynch case in Florida. A year ago, Lynch, from Jacksonville, Florida, asked to see photos of other potential suspects after being arrested for allegedly selling $50 worth of crack to undercover cops. The police search had relied on facial recognition: the cops had taken poor-quality photos of the drug dealer with a smartphone camera and then sent them to a facial recognition technology expert who matched them to Lynch.

Enterprises spend more on cloud IaaS than on-premises data-center gear

Google Stadia - Data Center
The major segments with the highest growth rates over the decade were virtualization software, Ethernet switches and network security. Server share of the total data center market remained steady, while storage share declined. "The decade has seen a dramatic increase in computer capabilities, increasingly sophisticated enterprise applications and an explosion in the amount of data being generated and processed, pointing to an ever-growing need for data center capacity," said John Dinsdale, chief analyst at Synergy Research Group, in a statement. However, more than half of the servers now being sold are going into cloud providers’ data centers and not those of enterprises, Dinsdale added. "Over the last ten years we have seen a remarkable transformation in the IT market. Enterprises are now spending almost $200 billion per year on buying or accessing data center facilities, but cloud providers have become the main beneficiaries of that spending."

Microsoft opens up Rust-inspired Project Verona programming language on GitHub

As Parkinson explained, Project Verona aims to help secure code in unsafe languages like C and C# that still exists in a lot of Microsoft's legacy code, which Microsoft can't afford to waste but would like to protect better. "We're going to run some C and C++, stuff we don't trust," Parkinson said at the talk. "We're going to put it in a box and we know there is this region of objects, we have to be very careful with it, but there's a group of things going on there and we can built some pervasive sandboxing there. So there can be sandboxed libraries that we can embed in our sandboxed Verona program." The GitHub page for Project Verona outlines some of the high-level questions the group is working on that will be fleshed out in forthcoming peer-reviewed articles. ... "Project Verona is a research project that is not affecting engineering choices in the company," it states. "The Project Verona team is connected to the people using all the major languages at the company, and want to learn from their experience, so we can research the problems that matter."

Quote for the day:

"Real leadership is being the person others will gladly and confidently follow." -- John C. Maxwell