Daily Tech Digest - November 12, 2018


Financial institutions that over time fail to utilise technology to engage effectively with increasing regulation neglect the changing environment around them. Attempting to meet the obligations set forth by regulators with manual processes make an organisation prone to human errors and slippage in flows between key functions and departments. In effect, regtech becomes the magic ingredient that enables scalability for financial institutions in an environment of increasing regulatory requirements.  At Saxo Bank, we are deploying new technologies such as machine learning and artificial intelligence to our regulatory framework e.g. to enhance financial crime detection procedures and automatically scan through thousands of transactions. Through machine learning, the algorithm is constantly improving and finding new patterns that would be difficult (or time-consuming) to do manually.  An important factor for any financial institution with regards to regtech is to collaborate with external partners and vendors. Saxo Bank’s regtech framework is built on the foundations of several external data vendors and partners whose systems and knowledge we leverage in our own offering.


Building an artificial general intelligence begins by asking 'what is intelligence?'

People often make seemingly irrational choices. When offered an early registration discount for a conference, only 67 percent of the graduate students took advantage of the offer. When told that there would a penalty for late registration, 93 percent of the students took the offer even though the costs and the cost differences were identical in the two situations ($50 discount or $50 penalty). We can think about decisions like these as being somehow abnormal, but they are very common and, more importantly, demonstrate just how people use heuristics to achieve their intelligence. When intelligence has been studied by psychologists, the focus has generally been on identifying individual differences. Intelligence testing started with Alfred Binet and Theodore Simon’s efforts to identify French school children who might require special help. Their focus was on those factors that would allow a child to do well in school.


DevOps and Databases


When working with whole-schema source control, you usually don’t write your migration scripts directly. The deployment tools figure out what changes are needed for you by comparing the current state of the database with the idealized version in source control. This allows you to rapidly make changes to the database and see the results. When using this type of tool, I rarely alter the database directly and instead allow the tooling to do most of the work.  Occasionally the tooling isn’t enough, even with pre- and post- deployment scripts. In those cases, the generated migration script will have to be hand-modified by a database developer or DBA, which can break your continuous deployment scheme. This usually happens when there are major changes to a table’s structure, as the generated migration script can be inefficient in these cases. Another advantage of whole-schema source control; it supports code analysis. For example, if you alter the name of a column but forget to change it in a view, SSDT will return a compile error.


Diligent Engine: A Modern Cross-Platform Low-Level Graphics Library


The next-generation APIs, Direct3D12 by Microsoft and Vulkan by Khronos are relatively new and have only started getting widespread adoption and support from hardware vendors, while Direct3D11 and OpenGL are still considered industry standard. New APIs can provide substantial performance and functional improvements, but may not be supported by older platforms. An application targeting wide range of platforms has to support Direct3D11 and OpenGL. New APIs will not give any advantage when used with old paradigms. It is totally possible to add Direct3D12 support to an existing renderer by implementing Direct3D11 interface through Direct3D12, but this will give zero benefits. Instead, new approaches and rendering architectures that leverage flexibility provided by the next-generation APIs are expected to be developed. There exist at least four APIs (Direct3D11, Direct3D12, OpenGL/GLESplus, Vulkan, plus Apple's Metal for iOS and osX platforms) that a cross-platform 3D application may need to support.


The Amazing Ways Google And Grammarly Use AI To Improve Our Writing


Just like with other machine learning algorithms, Grammarly's artificial intelligence system was originally provided with a lot of high-quality training data to teach the algorithm by showing it examples of what proper grammar looks like. This text corpus—a huge compilation human researchers organized and labeled so the AI could understand it—showed, as an example, not only proper uses of punctuation, grammar and spelling, but incorrect applications so the machine could learn the difference. In addition, Grammarly’s system uses natural language processing to analyze every nuance of language down to the character level and all the way up to words and full paragraphs of text. The feedback the system gets through humans when they ignore a proposed suggestion helps the system get smarter and provides the human linguists working with the machines input on how to make the system better. The more text it is exposed to, the better it can make appropriate suggestions. That's one of the reasons the company switched in 2010 to a consumer service from targeting enterprise customers so it would have access to a larger data set and a more significant opportunity.


RPA and its expansion into AI: Driving a new era of business and IT alignment

All businesses have some form of data pipeline feeding their supply chains and warehouses. They are designed to try to provide 100% of the data needed on a regular basis. While it’s usually adequate for reporting, it’s not a complete enough data set for analysis and insight generation. There is always a ‘last mile’ of supplementary analysis required to capture a specific piece of insight. This augments the data set with data to support root causes analysis of challenges such as month-end close for example. RPA can be used to support that last mile of extraction, providing the aggregation and data preparation to support the dynamic needs of reporting, without having to wait for corporate IT to extend the data pipelines. This in turn, enables us to predict and do things that have historically been difficult for humans. We struggle to predict because we can’t deal with the huge volumes of data. We struggle to narrate large volumes of data that cover a multitude of lines of divisions or departments.


The state of ICS and IIoT security in 2019


Industrial control systems (ICS) are designed to operate and support critical infrastructure. They are used heavily in industrial areas such as energy and utilities, oil and gas, pharmaceutical and chemical production, food and beverage, and manufacturing. Attacks on such systems can cause major damage. The 2015 hack of Ukraine’s power grid caused a blackout that affected over 200,000 people. Whether ransomware, botnets, cryptominers, or something more destructive, malware targeting such systems continues to proliferate. According to Kaspersky Labs, over 40 percent of ICS computers it monitors were attacked by malicious software at least once during the first half of 2018. .. “The data clearly shows that industrial control systems continue to be soft targets for adversaries,” said the report. “Many sites are exposed to the public internet and trivial to traverse using simple vulnerabilities like plain-text passwords. Lack of even basic protections like automatically updated anti-virus enables attackers to quietly perform reconnaissance before sabotaging physical processes such as assembly lines, mixing tanks, and blast furnaces.”


James Bach on a Career in Testing and Advice for New Players

We need to assess the value of testing, and that assessment is the process of observing people, talking to people, and essentially testing the test process. We need to help our clients understand our own testing and why it is valuable. That’s where the word “legibility” comes in. Legibility means the ability for something to be read. Handwriting is an obvious example of something that we speak of as being legible or illegible. But you can apply the concept of legibility is more than just handwriting. You can apply it to any process or system. A system is legible if you can look at it and tell what it going on with it. After 27 years of marriage, my wife’s moods are highly legible to me. I can tell in a few seconds how she is feeling. Unfortunately, testing is often not so easy to read as handwriting or people. That’s why testers must work to make their testing legible. They do this by using whiteboards or spreadsheets to make helpful displays. 


Lazarus 'FASTCash' Bank Hackers Wield AIX Trojan

Lazarus 'FASTCash' Bank Hackers Wield AIX Trojan
Symantec says that it's recovered multiple versions of the Fastcash Trojan, each of which appears to have been customized for different transaction processing networks. The samples also tie to legitimate primary account numbers, or PANs - the 14 or 16-digit numerical strings found on bank and credit cards that identify a card issuer and account number. US-CERT said in its alert that after reviewing log files recovered from an institution that had been attacked by Hidden Cobra, "analysts believe that the [hackers'] scripts ... inspected inbound financial request messages for specific [PANs]. The scripts generated fraudulent financial response messages only for the request messages that matched the expected PANs. Most accounts used to initiate the transactions had minimal account activity or zero balances." In other words, malicious code inserted by Hidden Cobra attackers watched for references tied to attacker-controlled accounts, then returned fraudulent information about those accounts in response to queries.


5 questions to ask about open data centers

Extreme’s definition of open essentially means no vendor lock-in. WorkFlow Composer can automate workflows across any vendor, including Arista, Cisco and Juniper. Extreme can integrate with more than 100 vendors that have integration packs on exchange.stackstorm.org. Customers may have to tweak the code some, but they do not have to start with a blank sheet of paper. StackStorm extends beyond networking, too. As a result, engineers who use Workflow Composer can extend the automation capabilities to things like Palo Alto and Check Point firewalls, VMware vSphere, ServiceNow’s service desk and others. You could argue the network is the foundation of a modernized data center as it provides the connectivity fabric between everything. But open data centers incorporate more than just networking. By building Workflow Composer on StackStorm, Extreme can orchestrate and automate workflows from the network to the application — and everything in between.



Quote for the day:


"The person who can drive themself further once the effort gets painful, is the one who will win." -- Roger Bannister