Daily Tech Digest - January 18, 2020

Get Your Enterprise Ready for 5G

Image: Tham Yuan Yuan - Pixabay
5G is an opportunity to re-imagine your business and to think about what you could do in your company if you weren't constrained by limited bandwidth and slow data transfer speeds. In healthcare, the elimination of communications constraints could mean a broader ability to deploy telemedicine and telesurgery to remote areas. In manufacturing, unleashing the potential of communications could bring an endless opportunity to manage all types of Internet of Things (IoT) appliances and robotics in factories around the world. In cities, unbridled communications could deliver limitless ways to manage traffic grids and fleets of autonomous vehicles. However, in other business cases, what you're already doing today with 4G, or even with 2G or 0G, might be enough. The discussion about present, short-term future and long-term business directions, and the communications that are needed to support them, should occupy the CIO, other C-level executives, corporate technology experts and boards of directors.

Cyber-Physical Systems – The new and emerging systems of intelligence

With edge devices – pieces of hardware that control data flow at the boundary between two networks – becoming more powerful, miniaturised and inexpensive, there is an opportunity to bring AI, machine learning (ML) and real-time decision making closer to where data is produced. This involves building geo-distributed models that are privacy-aware and adapting decision-making algorithms based on context. Edge computing systems will form the basis for the smooth functioning of CPS, especially in time-sensitive tasks where even milliseconds matter, such as remote robotic surgeries or self-driving cars. They provide the much-needed, real-time insights to these systems so that they can operate and adapt in real-time. The Internet of Things (IoT) and smart devices have become an inseparable part of our everyday lives and many physical devices and everyday objects are now connected. In fact, according to IHS Markit there will be more than 125 billion connected devices globally by 2030.  However, as an increasing number of devices is integrated into enterprise networks, it is important to ensure that the existing systems are ready to yield the expected benefits and minimise risk.

The top 9 big data and data analytics certifications for 2020

Top Big Data Certifications Available Today
Data and big data analytics are the lifeblood of any successful business. Getting the technology right can be challenging but building the right team with the right skills to undertake data initiatives can be even harder — a challenge reflected in the rising demand for big data and analytics skills and certifications. If you're looking to get an edge on a data analytics career, certification is a great option. ... The number of data analytics certs is expanding rapidly. ... The Certification of Professional Achievement in Data Sciences is a non-degree program intended to develop facility with foundational data science skills. The program consists of four courses: Algorithms for Data Science, Probability & Statistics, Machine Learning for Data Science, and Exploratory Data Analysis and Visualization. ... The Certified Analytics Professional (CAP) credential is a general analytics certification that certifies end-to-end understanding of the analytics process, from framing business and analytic problems to acquiring data, methodology, model building, deployment and model lifecycle management. It requires completion of the CAP exam and adherence to the CAP Code of Ethics.

Financial Advisors Hate Bitcoin. Their Reasons Will Drive You Crazy

In the U.S., all financial advisors have fiduciary duty. This means they have to manage your money in a way that benefits you. If they don’t, you can sue them. You can do what you want with your own money. Buy all the bitcoin you want. Cow pies, lawn darts, options, credit default swaps, silver dollars, hammers, whatever you want to buy, no matter how risky or useless, you go for it. When you give money to financial advisors, they have to follow certain rules. They can’t mess around with crazy stock tips or risky off-shore investment schemes. ... In fact, crime is the number one reason 75 percent of all investors say they avoid bitcoin. Most people worry about getting hacked or think somebody will use bitcoin for terrorism or illegal activities. On top of that (and maybe because of it), most advisors don’t know how bitcoin works. Cryptocurrency isn’t covered in their professional certifications. ... Bitcoin has no central issuer, no government, and no business managing its use. Bitcoin transactions are pseudonymous, peer-to-peer, and settled instantly. 

Four priorities for the evolution of IT in 2020

IT efficiency is crucial to the success of digital transformation initiatives, and there is increased pressure on IT departments to deliver more, faster. However, IT can no longer keep up with the demands of the business; little over a third (36 per cent) of IT professionals were actually able to deliver all projects asked of them last year. In order to reduce this growing IT delivery gap, we’ll see IT move away from trying to deliver all IT projects themselves in 2020. The IT team’s role will evolve to changing, operating and securing core IT assets along with building and managing reusable APIs, exposing the functionality within the core IT assets that the rest of the business can consume to create the solutions they need. Essentially, IT begins to create new building blocks (APIs) that can empower both the technical and the broader lines of business users to innovate and build new technology solutions without compromising the core IT estate of the business. With API-led connectivity and organisations educating teams on the power of integration, IT will empower companies to digitally transform and innovate faster than ever before, shifting from being an “all doing” to an “enabling” organisation and avoiding being a constraint to business expansion.

Visa's plan against Magecart attacks: Devalue and disrupt

Visa's plan to devalue payment card data involves the rollout of new technologies like the Visa Token Service and Click To Pay systems. The Visa Token Service is a new payment mechanic through which payment card numbers and details are replaced by a token. This token validates the transaction against Visa's servers, but its useless to attackers as it doesn't contain any data cybercriminals can use to sell or clone cards. This novel tokenization system will be coupled with the new Click To Pay technology that Visa and fellow card providers have been working on for the past few few years, and which they recently began rolling out across the US. With Click To Pay, multiple card providers have banded together to create a common "Click to Pay" button that vendors can add to their online stores. Users only have to enter their card details once, and then click the button to buy products across the internet, without having to re-enter card details on each store. Since users don't have to enter card details on online stores, there's nothing Magecart hackers can steal. Both technologies were created to simplify online shopping, but they both happened to come along at the right time to help fight off Magecart attacks.

Microsoft: Application Inspector is now open source, so use it to test code security

The static source-code analyzer aims to help developers handle potential security issues that arise through code reuse when incorporating open-source components, such as software libraries, into a project. "Reuse has great benefits, including time to market, quality, and interoperability, but sometimes brings the cost of hidden complexity and risk," write Guy Acosta and Michael Scovetta, members of Microsoft's Customer Security and Trust team. "You trust your engineering team, but the code they write often accounts for only a tiny fraction of the entire application. How well do you understand what all those external software components actually do?" As they note, modern web applications often have hundreds of third-party components that contain tens of thousands of lines of code, which were written by thousands of contributors. And typically developers who use those components rely on the author's description, which Microsoft argues is not reliable or enough to meet Microsoft's responsibility for shipping secure code, which includes external components.

Natural disasters are increasing in frequency and ferocity. Here's how AI can come to the rescue

Once an advancing cyclone or hurricane is identified, for example, geo-spatial, weather and previous disaster data could be used to predict how many people will be displaced from their homes and where they will likely move. Such insights could help emergency personnel identify how much aid (water, food, medical care) will be needed and where to send it. AI algorithms could instantaneously assess flooding, building and road damage based on satellite images and weather forecasts, allowing rescuers to distribute emergency aid more effectively and identify those still in danger and isolated from escape routes. McKinsey’s Noble Intelligence is just one example of an initiative trying to harness AI’s potential to support humanitarian causes. For instance, the team is developing an algorithm that will reduce the time it takes to assess damage to buildings such as schools from weeks to minutes, using a combination of satellite, geo-spatial, weather and other data.

Does the World Need a Cryptocurrency Robo Advisor?

Robo Advisors as a service has been used on a global scale. Though, there is definitely a different scene running in different parts of the world, for instance comparing the US market with Europe.  The US retail market has shown much more interest and trust in using these computer programs to manage their money. This has alone made the US the source of innovation for Robo Advisors considering the competition between some heavyweight financial institutions trying to take a bite from the market share such as Vanguard or Charles Schwab and very bright startups such as Betterment, Wealthfront and Acorns. ... One challenge that remains for the market and the ETP providers is to keep liquidity for the indices they launch. Market liquidity across Cryptocurrencies, especially alternative coins (all non-bitcoin coins). There are specialized parties, called market makers using sophisticated tools for providing offers for both sides of order book. The tool, called also market making bot makes sure make sure such coins or indices have sufficient liquidity to attract investors or financial advisors.

Bipartisan group of senators introduces legislation to boost state cybersecurity leadership

In introducing the legislation, Hassan highlighted the ongoing nationwide ransomware attacks on cities and government entities. These types of attacks, which recently crippled the government of New Orleans, involve an individual or group locking up a system and demanding a ransom to give the user access again. “Cyberattacks can be devastating for communities across our country, from ransomware attacks that can block access to school or medical records to cyberattacks that can shut down electrical grids or banking services,” Hassan said in a statement. “The federal government needs to do more to ensure that state and local entities have the resources and training that they need to prevent and respond to cyberattacks.” Hassan added that the new bill “would take a big step forward in improving communication between the federal government, states, and localities, as well as strengthening cybersecurity preparedness in communities across the country.”

Quote for the day:

"The led must not be compelled; they must be able to choose their own leader." -- Albert Einstein

Daily Tech Digest - January 18, 2020

EU mulls 5-year ban on facial recognition tech in public spaces

People walk past a poster simulating facial recognition software at the Security China 2018 exhibition on public safety and security in Beijing, China October 24, 2018.
The EU Commission said new tough rules may have to be introduced to bolster existing regulations protecting Europeans’ privacy and data rights. “Building on these existing provisions, the future regulatory framework could go further and include a time-limited ban on the use of facial recognition technology in public spaces,” the EU document said. During that ban of between three to five years, “a sound methodology for assessing the impacts of this technology and possible risk management measures could be identified and developed.” Exceptions to the ban could be made for security projects, as well as research and development, the paper said. The document also suggested imposing obligations on both developers and users of artificial intelligence and that EU countries should appoint authorities to monitor the new rules. The Commission will seek feedback on its white paper before making a final decision, officials said.

Huawei and 5G: Why the UK's decision is getting tougher every day

There are serious issues for the UK to consider here. These 5G networks will at some point underpin everything from smart cities to augmented-reality surgery. They have to be secure and unbreakable. An outage of a 5G network controlling an automated factory or motorway full of self-driving cars could be disastrous, especially if it could be triggered at-will by a foreign state. Espionage is another, more obvious and realistic fear. No nation would want its most sensitive data to be read by another. And few would dispute that the Chinese state has regularly used cyber espionage against other governments and businesses. So, first, there is the fundamental issue: can Huawei's equipment be trusted as part of the UK's critical infrastructure? It's a question that the UK's intelligence agencies and technical experts have been pondering long and hard. Up to now their answer has been that, so long as Huawei's kit is limited to the outer reaches of these new 5G networks, the risk is manageable. Huawei's equipment has long been used in UK networks without incident, and the country of origin is not the only, and not even a primary, factor when it comes to assessing security.

Forecast: the top 6 cybersecurity trends for 2020

cybersecurity privacy safety internet binary
Application Programming Interfaces (APIs) have become a vital component in modern IT infrastructures. They allow data to be readily shared between applications as well as opening access to external parties. While they offer significant benefits, they also create vulnerabilities that can be exploited by cybercriminals and incidents are set to rise during 2020. APIs are inherently insecure and offer an enticing entry point into an organisation’s IT infrastructure. The problem is particularly relevant in supply chains where data is shared between multiple parties. When access is provided to core systems via APIs, it becomes difficult – if not impossible – to ensure all links are secure at all times. ... Operational Technology (OT) is the hardware and software that manages devices within an organisation’s infrastructure. Most OT was designed years ago and was never intended to be networked or linked to the public internet. Fast forward to 2020 and OT is increasingly being connected to IT networks to allow remote monitoring and management.

How AI Is Manipulating Economics to Create Appreciating Assets

Think about that statement for a second…you’re buying an appreciating asset, not a depreciating asset. And what is driving the appreciation of that asset? It’s likely courtesy of Tesla’s FSD (Full Self-Driving) Deep Reinforcement Learning Autopilot brain. Tesla cars become “smarter” and consequently more valuable with every mile each of the 400,000 Autopilot-equipped cars are driven. Imagine a mindset of leveraging Deep Reinforcement Learning with new operational data to create products (vehicles, trains, cranes, compressors, chillers, turbines, drills) that appreciate with usage because the products are getting more reliable, more predictive, more efficient, more effective, safer and consequently more valuable. That’s H-U-G-E! An asset that appreciates in value through usage and learning is yet another example of how a leading organization can exploit the unique characteristics of digital assets that not only never deplete or wear out but can be used across an unlimited number of use cases at a near zero marginal cost.

Keeping up with disruptors through hybrid integration

We’re living in a period where information is key, and where companies in every industry are inundated with data from all sides. And this is only set to rise, with IDC predicting that the global datasphere will grow from 33 zettabytes in 2018 to 175 zettabytes by 2025. In terms of how this is stored, many organisations have initiated cloud-first policies, meaning no new data should be stored in their data centres. The reasons for this drive to the cloud are numerous given the number of business benefits. For example, the cloud provides unlimited storage and accessibility from anywhere in the world. While some companies already do everything in the cloud, the vast quantities of data collated by heritage organisations is stored across multiple data sources. It is therefore likely that these organisations will always have some systems stacked in heritage servers as a result of the costs involved, the data’s complexity and the inability to replicate it in the cloud. This means there is a need to integrate data and applications stored on-premise, in the cloud and between the two.

UK’s phone and internet bulk data surveillance unlawful, says EU court opinion

The Advocate General opinion argues that member states cannot use national security exemptions to escape from the safeguards of European law, when they impose legal obligations on telephone and internet companies to retain their customers’ data. Access to communications data must be subject to prior review or an independent administrative authority committed both to safeguarding national security and defending citizens’ fundamental rights and requests for data must be made in specific terms, the AG wrote. Data retention by telephone companies and internet service providers should be limited to specific categories of data that are essential for the prevention and control of crime and the safeguarding of national security, and each category of data should be held for a defined time.

New phishing attack hijacks email conversations: How companies can protect employees

Although the level of conversation hijacking in domain-impersonation attacks is low compared with other types of phishing attacks, they're personalized. That makes them effective, hard to detect, and costly, according to Barracuda. After impersonating a domain, cybercriminals begin the process of conversation hijacking. By infiltrating an organization, attackers will compromise email accounts and other sources. They then spend time monitoring the compromised accounts and reading emails to understand the business and learn about any deals, payment processes, and other activities. This step is also where they can snoop on email conversations between employees, external partners, and customers. Attackers will leverage the information they've picked up from the compromised accounts to devise convincing messages sent from the impersonated domain to trick employees into wiring money or updating and sharing payment information. The entire process of impersonating a domain, monitoring compromised accounts, and hijacking conversations can be expensive and time-consuming.

Mojo Vision is putting an augmented reality screen on a contact lens

The Mojo Lens is a contact lens with an augmented reality display.
Mojo Lens promises to deliver the useful and timely information people want without forcing them to look down at a screen or lose focus on the people and world around them. In terms of mass production, Mojo’s Invisible Computing platform won’t be ready for a while, but the prototypes are coming together. ... “It’s a rigid, gas-permeable lens,” he said. “It is super comfortable because it sits on the white part of your eye.” That’s like the hard contact lenses some people wear because they find the soft ones uncomfortable. The harder lens rests on your eye, rather than on your cornea (that is, it rests on the white part of your eye, rather than the part you see with). Mojo Vision plans to tailor each contact lens to fit the wearer’s eyes. “We want it to sit perfectly like a puzzle piece, and it doesn’t rotate and it doesn’t slip,” Sinclair said. “And that’s … one of the secrets that makes this whole thing work, and why anyone who’s trying to do this … with the soft contact lens is probably going to be miserable, because normal contact lenses are always moving around and sliding around and slipping and rotating.”

It’s the end for Windows Server 2008 support

Windows logo / life preserver / rescue / recovery / fix / resolve / solution
Server 2008 is based on the Windows Vista codebase, which should be reason alone to jettison it. But Windows Server 2016 and Windows Server 2019 are built on Windows 10, which means apps heavily dependent on the OS ecosystem might be hard to move since the internals are so different. “I do work with folks that are still running Windows Server 2008. They understand the ramifications of EOL for support. But most are in a predicament where they aren’t able to move the applications for a number of reasons, including application compatibility, location, etc.," Crawford says. For those apps that are challenging to move, he recommends isolating the system as much as possible to protect it, and putting in a plan to do what is needed to the applications to prepare them for movement as quickly as possible. Microsoft offers and recommends Azure migration, so Server 2008 apps can run in an Azure instance while they are modernized for Server 2019 and then deployed on premises. Migration should be the paramount effort, because if you are running Server 2008 then you're using hardware that's at least eight years old and potentially 12 years old.

What is Perfect Forward Secrecy? A Guide for 2020

Perfect Forward Secrecy
In short, the PFS acronym stands for “perfect forward secrecy,” which is a relatively recent security feature for websites. It aims to prevent future exploits and security breaches from compromising current or past communication, information or data by isolating each transaction’s encryption. Traditionally, encrypted data would be protected by a single private encryption key held by the server, which it could use to decrypt all the historic communication with the server using a public key. This presents a potential security risk down the line, as an attacker can spend weeks, months or years listening in to encrypted traffic, storing the data and biding their time. ... Perfect forward secrecy solves this problem by removing the reliance on a single server private key. Rather than using the same encryption key for every single transaction, a new, unique session key is generated every time a new data transaction occurs.  In effect, this means that even if an attacker manages to get their hands on a session key, it will only be useful for decrypting the most recent transaction, rather than all the data they may have collected in the past.

Quote for the day:

"The cost of leadership is self-interest." -- Simon Sinek

Daily Tech Digest - January 17, 2020

Dell Optiplex 7070 Ultra: Modularity at a price

The main trick with the Optiplex 7070 Ultra, and the reason it is designed as a thin brick, is that it fits in a specially designed monitor stand that attaches to Dell monitors. This feature is touted as being a desktop space saver, which it certainly is, but do not think that it is a cableless affair. We tested this Optiplex with a Dell UltraSharp 24 USB-C monitor -- which is a serviceable, thin-bezel 1920x1080 monitor that retails for AU$340, and if it had a high resolution, it would be outstanding -- and found the Optiplex to be a half-way house between a regular desktop and an all-in-one. For instance, a USB-C cable was still needed to make the connection between the unit and the monitor, both devices needed their own power cables and bricks, and connecting headphones meant reaching behind the monitor to find the audio jack and hoping they lack enough lead to allow you to relax in your seat. Consolidating things like power connections would put it much closer to the realm of an all-in-one, while probably making it increasingly complex, but simple changes like adding reachable ports and audio jacks into the stand to face the user would help with everyday usability.

Silicone’s Final Days? An Exclusive Chat With Nobel Prize Winner Sir Konstantin Novoselov

Novoselov, who grew up in a very heavy engineering environment, adds that the Nobel has opened opportunities in terms of collaboration within the industry itself and has “promoted huge interest”. “As we see now that interest paid back in terms of creation of new applications.” Today, graphene powers many disruptive technologies and holds the potential to open up many more new markets, particularly next-generation electronics: faster transistors, semiconductors, bendable phones, to name a few. But what is graphene, you ask? Graphene was originally observed in electron microscopes in 1958 and as Novoselov explains, it’s both an interesting and very simple material. “It’s only carbon atoms,” he explains. “Carbon is one of the lightest, and one of the simplest atoms you can think about.” Graphene is to date, the strongest and thinnest material known to science. In fact, it is 100 times stronger than steel despite its almost 100% transparency and flexibility. The material has also proved to be a good thermal and electrical conductor, also known to have unique quantum properties.

Scottish police roll out controversial data extraction technology

“We’re committed to providing the best possible service to victims and witnesses of crime. This means we must keep pace with society. People of all ages now lead a significant part of their lives online and this is reflected in how we investigate crime and the evidence we present to courts,” said deputy chief constable Malcolm Graham. He added that digital devices are increasingly involved in investigations, placing ever higher demand on digital forensic examination teams. “Current limitations, however, mean the devices of victims, witnesses and suspects can be taken for months at a time, even if it later transpires that there is no worthwhile evidence on them,” said Graham. “By quickly identifying devices which do and do not contain evidence, we can minimise the intrusion on people’s lives and provide a better service to the public.”

How to protect your organization and employees from conversation hijacking

Internet security and data protection concept, blockchain.
Cybercriminals use a variety of tricks to try to convince unsuspecting users to reveal sensitive and valuable information. Phishing is a well-known and general method. A more specific and direct technique gaining traction is conversation hijacking. By impersonating employees or other trusted individuals and inserting themselves in a message thread, criminals try to obtain money or financial information. But there are ways to protect your company and employees from this type of attack, according to a new report from Barracuda Networks. Here's how the process typically works, according to Barracuda. Cybercriminals start by impersonating an organization's domain. Through domain impersonation or spoofing, attackers send emails to employees with phony domain names that appear legitimate or create websites with altered names. Phony domain names can be concocted and registered by slightly adjusting certain characters in the actual name or changing the Top-Level-Domain (TLD), for example, replacing .com with .net.

Network automation with Python, Paramiko, Netmiko and NAPALM

Network automation with Python and automation libraries can enable simplified communication with network devices. In this article, we take a look at three network automation libraries: Paramiko, Netmiko and NAPALM, or Network Automation Programmability Abstraction Layer with Multivendor support. Each library builds on its predecessor to provide greater layers of abstraction that enable users to build more efficient automation systems. Paramiko is a low-level Secure Shell (SSH) client library. We can use it to programmatically control connecting to a network device's command-line interface (CLI) over a secure SSH connection. With the library, users send commands a person would normally type and parse the results of each command's execution, also known as screen scraping. The Python script below uses the Paramiko library to query a Cisco Catalyst 3560 router for its Address Resolution Protocol (ARP) table. It is the first step of a script to identify the switch port where a device is connected.

Artificial Intelligence System Learns the Fundamental Laws of Quantum Mechanics

Artificial Intelligence Quantum Mechanics
In Chemistry, AI has become instrumental in predicting the outcomes of experiments or simulations of quantum systems. To achieve this, AI needs to be able to systematically incorporate the fundamental laws of physics. An interdisciplinary team of chemists, physicists, and computer scientists led by the University of Warwick, and including the Technical University of Berlin, and the University of Luxembourg have developed a deep machine learning algorithm that can predict the quantum states of molecules, so-called wave functions, which determine all properties of molecules. The AI achieves this by learning to solve fundamental equations of quantum mechanics as shown in their paper ‘Unifying machine learning and quantum chemistry with a deep neural network for molecular wavefunctions’ published in Nature Communications. Solving these equations in the conventional way requires massive high-performance computing resources (months of computing time) which is typically the bottleneck to the computational design of new purpose-built molecules for medical and industrial applications.

California’s IoT cybersecurity bill: What it gets right and wrong

California's IoT cybersecurity bill
The most significant issue to be addressed is the law’s ambiguity: it requires all connected devices to have “a reasonable security feature” (appropriate to the nature of the device and the information it collects) that is designed to protect the user’s data from unauthorized access, modification, or disclosure. Beyond that vague prescription, the law only specifically states that each connected device must also come with a unique hard-wired password, or it must otherwise require a user to set their own unique password before using the device. Some experts maintain that meeting the password requirements is all that’s needed to satisfy the regulation; in effect, the password is the “reasonable security feature.” If this interpretation is validated, it’s wholly insufficient for securing the IoT – especially for those connected systems that reside in our appliances, vehicles, and municipal infrastructures.

Facial recognition is real-life ‘Black Mirror’ stuff, Ocasio-Cortez says

Because facial recognition is being used without our consent or knowledge, she suggested, we may be mistakenly accused of a crime and have no idea that the technology has been used as the basis for the accusation. That’s right, the AI Now Institute’s Whittaker said, and there’s evidence that the use of facial recognition is often not disclosed. That lack of disclosure is compounded by our “broken criminal justice system,” Ocasio-Cortez said, where people often aren’t allowed to access the evidence used against them. Case in point: the Willie Lynch case in Florida. A year ago, Lynch, from Jacksonville, Florida, asked to see photos of other potential suspects after being arrested for allegedly selling $50 worth of crack to undercover cops. The police search had relied on facial recognition: the cops had taken poor-quality photos of the drug dealer with a smartphone camera and then sent them to a facial recognition technology expert who matched them to Lynch.

Enterprises spend more on cloud IaaS than on-premises data-center gear

Google Stadia - Data Center
The major segments with the highest growth rates over the decade were virtualization software, Ethernet switches and network security. Server share of the total data center market remained steady, while storage share declined. "The decade has seen a dramatic increase in computer capabilities, increasingly sophisticated enterprise applications and an explosion in the amount of data being generated and processed, pointing to an ever-growing need for data center capacity," said John Dinsdale, chief analyst at Synergy Research Group, in a statement. However, more than half of the servers now being sold are going into cloud providers’ data centers and not those of enterprises, Dinsdale added. "Over the last ten years we have seen a remarkable transformation in the IT market. Enterprises are now spending almost $200 billion per year on buying or accessing data center facilities, but cloud providers have become the main beneficiaries of that spending."

Microsoft opens up Rust-inspired Project Verona programming language on GitHub

As Parkinson explained, Project Verona aims to help secure code in unsafe languages like C and C# that still exists in a lot of Microsoft's legacy code, which Microsoft can't afford to waste but would like to protect better. "We're going to run some C and C++, stuff we don't trust," Parkinson said at the talk. "We're going to put it in a box and we know there is this region of objects, we have to be very careful with it, but there's a group of things going on there and we can built some pervasive sandboxing there. So there can be sandboxed libraries that we can embed in our sandboxed Verona program." The GitHub page for Project Verona outlines some of the high-level questions the group is working on that will be fleshed out in forthcoming peer-reviewed articles. ... "Project Verona is a research project that is not affecting engineering choices in the company," it states. "The Project Verona team is connected to the people using all the major languages at the company, and want to learn from their experience, so we can research the problems that matter."

Quote for the day:

"Real leadership is being the person others will gladly and confidently follow." -- John C. Maxwell

Daily Tech Digest - January 16, 2020

How to get started with CI/CD

How to get started with CI/CD
Continuous integration and continuous delivery require continuous testing, because the goal is to deliver high quality and secure applications and code to end users. Continuous testing is often deployed as a set of automated regression, performance, and other tests that are executed within the pipeline. CI and CD together (CI/CD) encompass a culture, a set of operating principles, and a collection of practices that accelerate the software development process. The implementation is also known as the CI/CD pipeline and is considered one of the best practices for devops teams. Industry experts say more organizations are implementing CI/CD as they look to enhance the design, development, and delivery of software applications to be used internally or by customers. “We’re definitely seeing a rise in the use of CI/CD,” says Sean Kenefick, vice president and analyst at research firm Gartner. “I personally get questions about continuous development, testing, and release all of the time.”

Beware of this sneaky phishing technique now being used in more attacks

Cyber criminals are leaning hard on this attack technique as a means of compromising businesses, according to new research from Barracuda Networks. Analysis of 500,000 emails showed that conversation hijacking rose by over 400% between July and November last year. While conversation-hijacking attacks are still relatively rare, the personal nature means they're difficult to detect, are effective and potentially very costly to organisations that fall victim to campaigns. For cyber criminals conducting conversation-hijacking attacks, the effort involved is much greater than simply spamming out phishing emails in the hope that a target clicks, but a successful attack can potentially be highly rewarding. In most cases, the attackers won't directly use the compromised account to send the malicious phishing message – because the user could notice that their outbox contains an email that they didn't send. However, what conversation hijackers do instead is attempt to impersonate domains, using techniques like typo-squatting – when a URL is the same as the target company, save for one or two slightly altered changes.

11 Golden Rules For Android App Development

One of the golden rules of the Android Application Development includes Responsive User Interface. It engages the users into highly-intuitive apps that enhance their experience as well as cater to their requirements. Also, it is built by setting the viewpoint right by fixing the width so that everything in the screen can be adjustable according to the screen size. Moreover, the additional elements such as images, videos, or frames should be organized in such a way that it best fit in all types of screen sizes. ... Prototypes can be the right choice for showcasing the power of different technologies. In the world of digitalization, nobody would like to read the article but will surely love the digital presentation. After you identify the approach, you should build the prototype with basic functionalities and present it to the potential buyers so that they can understand the benefits of it. The prototype would help in attracting potential customers as they will be able to use the live project and would better understand the scope of the project.

Introduction to Gaps and Islands Analysis

One of the most significant challenges we face when analyzing data is pattern recognition. We seek to find ways in which our data deviates from the norm or conforms to a given norm. The goal is to identify tools that can be used to predict future behavior and make sense out of large volumes of data. Understanding boundaries and where a pattern begins or ends allows us to draw meaningful conclusions regarding our data. In terms of data, boundaries are more often seen as gaps or islands within any data set. Being able to efficiently locate gaps and islands enables us to use this data to gain meaningful insight into a system. We can identify winning and losing streaks, measure the strength of a system over time, find missing or duplicate data, and a variety of other interesting metrics. Within a data set, an island of data is any ordered sequence where each row is in close proximity to the rows around it. For some data types and analysis, “close proximity” will mean consecutive.

The Flutter Architecture

The Flutter SDK allows you to build Android, iOS, web, and desktop apps from a single codebase. This is done using platform-specific features as well as media queries, and it enables developers to ship applications faster. Flutter also offers close- to-instant feedback with the hot reload feature, enabling you to iterate quickly on your application. In this piece, we’ll cover the fundamental concepts you need in order to start working with Flutter. Flutter’s core technologies are Dart— a programming language developed by Google—and Skia — a 2D graphics rendering library. The language has been optimized for building user interfaces. This makes it a good fit for the Flutter framework. The language is fairly easy to pick up, especially if you have a background in JavaScript and object-oriented programming generally. In Flutter, you define your user interface using widgets. In fact, everything in Flutter is a widget. Your application itself is a widget made up of several sub-widgets. All the widgets form what is known as a widget tree.

Diligent Engine: A Modern Cross-Platform Low-Level Graphics Library

Graphics APIs have come a long way from a small set of basic commands allowing limited control of configurable stages of early 3D accelerators to very low-level programming interfaces exposing almost every aspect of the underlying graphics hardware. The next-generation APIs, Direct3D12 by Microsoft and Vulkan by Khronos are relatively new and have only started getting widespread adoption and support from hardware vendors, while Direct3D11 and OpenGL are still considered industry standard. New APIs can provide substantial performance and functional improvements, but may not be supported by older platforms. An application targeting wide range of platforms has to support Direct3D11 and OpenGL. New APIs will not give any advantage when used with old paradigms. It is totally possible to add Direct3D12 support to an existing renderer by implementing Direct3D11 interface through Direct3D12, but this will give zero benefits.

Tolerable security risk is a spectrum

Tolerable security risk is a spectrum
All enterprises are different. Each company stores and manages different types of data sets. They have different applications and processes in place. The ones in specific industries, such as healthcare and finance, have compliance restrictions that can be a nightmare. The notion is simple. Everyone has different security needs, and differences in data they are protecting. Thus, they should be on different parts of the security spectrum. For instance, in my earlier example, if the breached company were a tire manufacturer, spending four times the previous year’s security budget may be overspending, or not aligning with where it sits on the spectrum—just being reactionary. Yes, I’m making sweeping generalizations. Most tire manufacturers don’t deal with personally identifiable information the way that healthcare organizations do. Nor do they have to keep up with stringent auditable logging, as is required by most banks. Moreover, the data is probably fairly innocuous considering that the database information is about customers that are just a bunch of tire retailers—data that could be easily found on the website. Also, they don’t pay with credit cards, so none of that information is stored

Web developers: Microsoft Blazor lets you build native iOS, Android apps in C#, .NET

Microsoft announced Blazor in early 2018 but still considers Blazor an experimental web UI framework from ASP.NET that aims to bring .NET applications to all browsers via WebAssembly.  "It allows you to build true full-stack .NET applications, sharing code across server and client, with no need for transpilation or plugins," Microsoft explains. Microsoft is experimenting with Blazor and Mobile Blazor Bindings to cater to developers who are familiar with web programming and "web-specific patterns" to create native mobile apps. The idea behind releasing the mobile bindings now is to see whether these developers would like to use the "Blazor-style programming model with Razor syntax and features" as opposed to using XAML and Xamain.Forms. However, the underlying UI components of Mobile Blazor Bindings are based on Xamarin.Forms. If the feedback is positive, Microsoft may end up including it in a future version of Visual Studio, according to Lipton.

'Cable Haunt' Modem Flaw Leaves 200 Million Devices at Risk  

'Cable Haunt' Modem Flaw Leaves 200 Million Devices at Risk
The research team has dubbed such attacks Cable Haunt and says "an estimated 200 million cable modems in Europe alone" are at risk. They say every cable modem they have tested has been at risk, although some internet service providers have now developed and deployed firmware that mitigates the problem. Broadcom says it issued updated firmware code to fix the flaw eight months ago. "We have made the relevant fix to the reference code and this fix was made available to customers in May 2019," a spokeswoman tells Information Security Media Group. Service providers who have issued a patch will have based it on Broadcom's code updates. The vulnerability, originally codenamed "Graffiti," was discovered and has been disclosed by Alexander Dalsgaard Krog, Jens Hegner Stærmose and Kasper Kohsel Terndrup of Danish cybersecurity consultancy Lyrebirds, together with independent security researcher Simon Vandel Sillesen. Has the flaw been abused by attackers in the wild? "Maybe," the researchers write on the Cable Haunt site.

DRaaS decisions: Key choices in disaster recovery as a service

Self-service DRaaS involves the customer planning, buying, configuring, maintaining and testing disaster recovery services. And, although options for automation are improving, the IT team will typically need to be available to invoke the DR plan and run the recovery process. The benefits are flexibility and often cost. The business can choose exactly which mix of recovery services, backup and recovery software, and even the raw storage, it needs. A self-service model can lend itself to mixed environments, with multiple cloud data stores and application-based availability and DR tools. ... Managed DRaaS is the most comprehensive, but also the most expensive, option. The main benefit is that in-house IT teams can hand off DR operations entirely to the third party. This reduces the burden on skilled staff. And, although a managed service is typically more expensive than other DR options, it can be money well spent for a comprehensive service and peace of mind.

Quote for the day:

"The speed of the leader is the speed of the gang." -- Mary Kay Ash

Daily Tech Digest - January 15, 2020

Microsoft said that it had not seen the vulnerability exploited in any active attacks, likely the reason the company classified the security patch as "Important" rather than as "Critical." The vulnerability came to light when it was discovered by the National Security Agency. In its advisory, the NSA referred to the bug as severe, saying that sophisticated cyber actors would understand the flaw very quickly, thus making the affected versions of Windows fundamentally vulnerable. The agency said it recommends that all January 2020 Patch Tuesday patches be installed as soon as possible to fix the vulnerability on all Windows 10 and Windows Server 2016/2019 systems. "The consequences of not patching the vulnerability are severe and widespread," the NSA said. "Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners." After finding and researching the flaw, the NSA reported it directly to Microsoft, which then took the quick step of investigating it and issuing the patch.

Researchers found that 48% of consumers are more sensitive to anti-fraud measures that disrupt their online experience than they were a year ago. This means that retailers and restaurants have an increased imperative to balance fraud mitigation and customer experience. Yet, only 64% of organizations’ customers have confidence in the security of their digital channels. In this era of high customer expectations, increasing digital fraud risk, and competition to continuously innovate, businesses must address this critical interconnection. “Opportunities for fraud increase as businesses adopt new features, such as voice ordering or mobile wallets. Businesses do this to engage their customers and provide an enhanced customer experience,” said Rich Stuppy, Chief Customer Officer at Kount. “Unfortunately, these businesses are not adopting the proper controls related to fraud. This report underscores the fact that digital innovation and the corresponding increases in revenue in these industries will never reach their full potential without integrating suitable fraud prevention initiatives.”

network variables + dynamics / digital transformation
Today’s networks need to be highly agile so changes can be propagated across the network in near real-time, enabling it to keep up with the demands of the business. Network agility comes from having centralized control where configuration changes can be made once and propagated across the network instantly. Ideally, network changes could be coordinated with application changes so the lagging performance doesn’t slow the business down. Achieving a higher level of agility will likely require a refresh of the infrastructure if the network is more than five years old, and that means adopting SDN. Traditional infrastructure had an integrated control and data plane, so changes had to be made on a box-by-box basis. This is why networks took so long to configure and lacked agility. With an SDN model, the control plane is separated from the data plane, centralizing control so network engineers define a change and push it out across the entire network at once. Older equipment isn’t designed to be software-first, so look for infrastructure that is built on a modernized operating system like Linux and that can be programmed using current languages such as Python and Ruby.

Bendable glass is the holy grail of foldable phone design. So far, plastic screens have been more prone to damage from casual scrapes than hard glass. Without a protective material, the phone's internal workings are susceptible to breaking from pressure, water, dust and sharp objects. Samsung bore the brunt of this reality when its Galaxy Fold sustained several types of screen damage before the phone officially went on sale.  With their high prices and untested designs, foldable phones are a tough sell as is. A strong cover material to protect against drops and scratches could help shift foldable phones from expensive curiosities to serious products that could one day replace your traditional shingle-shaped phone. Gorilla Glass-maker Corning showed CNET glass that's thin enough to fold without breaking, but it's still in development and isn't commercially available. If it were, we'd see a lot more foldable phones today. Without a ready supply of glass thin enough to fold in half and strong enough not to crack, splinter or break, device-makers have had to choose whether to wait for a new material or work with what they have.

Google 2020 Worry
For a long time, with all due respect to the Jeeves and other assorted yahoos of the world, Google's position as the gatekeeper to the world's information has seemed untouchable. But guess what? Amazon is little by little breaking through that barrier and — on some level, at least — threatening to make Google far less relevant than it is today. Consider: A forecast assembled by eMarketer suggests that Amazon will be the sole company to increase its revenue related to U.S. search advertising over the coming two years. Amazon, the organization believes, will jump up to represent nearly 16% of money earned from search-related advertising in America — up from about 13% in 2019 — while Google will fall from 73% in 2019 to 70.5% in 2021. Already, Amazon's ad business is believed to have grown by somewhere in the ballpark of 50% from the end of 2018 to the end of 2019, according to AdWeek, and prices for advertising on Amazon have reportedly gone up by 200% over the past couple years — all while prices for advertising on Google have remained relatively constant.

BullSequana XH2000 is expected to run weather predictions faster and better than its predecessor. Florence Rabier, director general at ECMWF said: "We will now be able to run higher resolution forecasts in under an hour, meaning better information will be shared with our member states even faster." Atos's technology will also help to improve the ECMWF's "ensemble prediction" system (EPS). The program, introduced in 1992, is a way to gauge how accurate a specific weather forecast is. Instead of delivering only one forecast, the EPS produces 51 predictions, which all include slight variations in the initial weather conditions. In other words, the system gives users a range of possible scenarios, as well as the likelihood of their occurrence. For example, the program could provide a government with an estimate of the likelihood of severe flooding in certain parts of the country. Currently, the EPS's 15-day forecasts have a resolution of 18km; but with BullSequana, the ECMWF is hoping that it can run the system at a resolution of 10km.

Although the number of impacted organisations remains low, such attacks – exemplified by the ongoing Travelex crisis, the October 2019 ransoming of shipping services firm Pitney Bowes, and various attacks on public sector bodies – are more severe and usually carefully chosen, as the organised gangs behind them are looking to extort the maximum possible sum of money. Other growth areas in 2019 included Magecart infections against e-commerce websites, which hit hundreds of victims, and attacks conducted through the cloud. Check Point revealed that while 90% of enterprises now use cloud services, 67% of security teams feel they do not have proper visibility into their infrastructure. As a result, the magnitude of cloud-related attacks and breaches was up substantially, with misconfiguration of cloud resources the biggest cause. 

Ethical AI, in simple words, is about ensuring your AI models are fair, ethical, and unbiased. So how does bias get into the model? Let’s assume you are building an AI model that provides salary suggestions for new hires. As part of building the model, you have taken gender as one of the features to suggest salary. The model is trying to discriminate salary based on gender. In the past, this bias went through human judgments and various social and economic factors, but if you include this bias as part of the new model, it's a recipe for disaster. The whole idea is to build a model that is not biased and suggests salary based on people's experiences and merits. Take another example of an application providing restaurant recommendations to a user and allowing a user to book a table. The AI application is designed to look at the amount spent in previous transactions and ratings of restaurants (along with other features), and the AI system starts recommending restaurants that are more expensive.

laptop / networked binary data flows / world map
Teleportation involves the moving of information instantaneously and securely. In the “Star Trek” series, fictional people move immediately from one place to another via teleportation. In the University of Bristol experiment, data is passed instantly via a single quantum state across two chips using light particles, or photons. Importantly, each of the two chips knows the characteristics of the other, because they’re entangled through quantum physics, meaning they therefore share a single physics-based state. The researchers involved in these successful silicon tests said they built the photon-based silicon chips in a lab and then used them to encode the quantum information in single particles. It was “a high-quality entanglement link across two chips, where photons on either chip share a single quantum state,” said Dan Llewellyn of University of Bristol in a press release. Entanglement links to be used in data transmission are where information is conjoined, or entangled, so that the start of a link has the same state as the end of a link. The particles, and thus data, are at the beginning of the link and at the end of the link at the same time.

Many frameworks for implementing user interfaces (Angular2, Vue, React, etc.) make use of callback procedures, or event handlers, which, as a result of an event, directly perform the corresponding action. Deciding which action to perform (be it input validation, local state update, error handling, or data fetching) often means accessing and updating some pieces of state which are not always in scope. Frameworks thus include some state management or communication capabilities to handle delivering state where it is relevant and needed, and updating it when allowed and required. Component-based user interface implementations generally feature pieces of state, and actions scattered along the component tree in non-obvious ways. For instance, a todo list application may be written as <TodoList items><TodoItem></TodoList>. Assuming a TodoItem manages its deletion, it has to communicate the deletion up the hierarchy for the parent TodoList to be called with the updated item list.

Quote for the day:

"Leadership is particularly necessary to ensure ready acceptance of the unfamiliar and that which is contrary to tradition." -- Cyril Falls

Daily Tech Digest - January 10, 2020

The smart cities challenge: How tech will update antiquated infrastructures

In terms of transportation initiatives , "Yes, we have to think of transportation," Lightman said, but for smart cities to operate optimally, she continued, we need to "look holistically as a system of a system," one that includes issues of "climate change and the critical thread of citizen engagement which runs through it."  She cited an example in her home state: 16 years ago, Pittsburgh went bankrupt and lost half of its population. Now stable and growing its a city poised to become an ideal smart city (Lightman acknowledges that losing half the population put considerably less stress the city's infrastructure). Carnegie Mellon , she said, is looking to address issues with "the infrastructure that's been neglected for almost 20 years; there are a lot of bridges and roads crumbling, and we have 40 active landslides."  This is where emerging technology like artificial intelligence (AI) and machine learning shines. Lightman stressed how important artificial intelligence (AI) is in predicting natural disasters such as landslides. "AI," she said, "will solve many problems."

5 Tips on How to Build a Strong Security Metrics Framework

Know your audience. This advice applies to many areas, including metrics. The first step toward building a strong metrics framework is to understand who you're building it for, even if there are multiple audiences. The metrics reported to the board and executives will be different than those you use to make operational improvements and tactical adjustments. The metrics provided to customers showing that their data is protected will be different than the metrics for security management to make well-informed decisions. A good metrics framework provides the right metrics to the appropriate audiences, even when there are multiple audiences. ... If you've ever had your home or car inspected, you know that there are acceptable levels for radon in a home or emissions from a car. It isn't black or white or on or off. There is a range of levels within which the home or car passes the test, and outside of which, it fails. The same should be true for metrics.

U.S. Funds Program With Free Android Phones For The Poor — But With Permanent Chinese Malware

Cyber Security Concerns In The Global Wake of Hacking Threat
The affected device is a UMX phone shipped by Assurance Wireless and one of the preinstalled malware, according to MalwareBytes senior analyst Nathan Collier, is the creation of a Chinese entity known as Adups. Though the tool looks and operates as a Wireless Update program, it’s capable of auto-installing apps without any user consent, which it starts doing immediately, according to a MalwareBytes analysis of a device, shared with Forbes ahead of publication. Adups hadn’t responded to a request for comment at the time of publication. “This opens the potential for malware to unknowingly be installed in a future update to any of the apps added by Wireless Update at any time,” Collier wrote in a blog post published Thursday.  Historically Adups tools have been caught siphoning off private data from phones, including the full-body of text messages, contact lists and call histories with full telephone numbers.  A second malware comes preloaded on the Assurance Wireless-supplied device—the phone’s own Settings app, Collier claimed. 

4 habits of effective DevOps engineers

Having an understanding of technology foundations will go a long way in DevOps, says Dempers. Enterprise deployments are accelerating, and there isn't enough time to dig into the weeds of every new technology, he says. "Learn about the underlying fundamentals of a technology, rather than how to use the technology, and how to apply the technology." For example, "instead of just learning how to run a Docker container, dive into the Linux features that make containerization work, and learn about those features. It makes it really easy to understand how Docker works. Then you can then move on to technologies like Kubernetes that use the same Linux kernel features." With an understanding of the underlying technology, it will be easier to communicate across the organization and understand how the technologies interact, Dempers adds. "You basically learn how to put all the pieces of the puzzle together and paint a picture in your head about the technologies. Then you can focus on the gaps of the things you're missing, rather than just focusing on how to use a technology."

The US just released 10 principles that it hopes will make AI safer

An American Flag
The newly proposed plan signifies a remarkable U-turn from the White House’s stance less than two years ago, when people working in the Trump administration said there was no intention of creating a national AI strategy. Instead, the administration argued that minimizing government interference was the best way to help the technology flourish. But as more and more governments around the world, and especially China, invest heavily in AI, the US has felt significant pressure to follow suit. During the press briefing, administration officials offered a new line of logic for an increased government role in AI development.  “The US AI regulatory principles provide official guidance and reduce uncertainty for innovators about how their own government is approaching the regulation of artificial intelligence technologies,” said US CTO Michael Kratsios. This will further spur innovation, he added, allowing the US to shape the future of the technology globally and counter influences from authoritarian regimes. There are a number of ways this could play out.

Learning from the Travelex cyber attack: Failing to prepare is preparing to fail

The key lesson we can take from the Travelex breach is that an effective response to a breach is a critical business function and is no longer the sole province of the IT department. Rather, it should be a core business competency supported by senior management with input from other business areas, such as HR, legal and compliance, public relations, customer support and the data protection team. As demonstrated by the Travelex breach, an incident can disrupt your business, with critical systems taken offline. To minimise the levels of disruption a cyber attack can inflict on your business, your incident response plan should be integrated closely with your business continuity plans. Finally, practice makes perfect, so regularly test how effective your processes are. Better to discover weaknesses in how you can respond to an incident during an exercise rather than in the midst of a real crisis.

The Bank of the Future Will Have Data Vaults and Money Vaults

Think about Google Assistant and Google Live on Google. These are next-generation digital services that can learn from their users, and can get better as their users use them. In the banking world, almost all banks are trying to build such services on their digital channels – next-generation concierge services that can understand the needs of their users and can adapt and give the right information to the right user at the right time. That’s what we refer to as “context-aware computing” or “contextualization.” Building these types of capabilities in the past required a lot of I.T. processes, algorithmic expertise, understanding things such as statistical modeling and predictive modeling. Flybits has really simplified that process for banking institutions. Instead of expecting the institution to hire data scientists and algorithmic experts, we have built platforms that even a marketing intern can be trained on, allowing them to focus more on use cases and creativity rather than worrying about I.T. complexities. This allows the bank or credit union to bring these next-generation predictive use cases to the market faster and in more efficient ways.

Restart Data and AI Momentum This Year

Image: geralt - pixabay
Starting small is the right way to tackle such a project, Bean agrees. "Companies need to demonstrate quick wins and measurable results to establish credibility and build momentum," he said. "We believe that those firms that start small, focus on a key business question or two, and show quick results, are most successful at creating a foundation for future success." IT's contribution to these steps come in a few key ways. Davenport said that IT plays an important role in helping the business leaders understand what's possible with a particular technology. "They need to educate and build relationships as much as they need to build technology infrastructure," he said. The partnership between IT and line-of-business owners is key to the success of projects, according to Bean. ... One key role that remains in flux in 2020, according to the survey, is Chief Data Officer or Chief Analytics Officer. A growing number of organizations are hiring for this role from outside the firm.

Google details its three-year fight against the Bread (Joker) malware operation

android mobile malware
In a blog post detailing its fight against the Bread gang published last night, Google said that the operators "have at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected." Google's security team said the malware was not what someone would call sophisticated, but just more persistent than others. "Sheer volume appears to be the preferred approach for Bread developers," Google said. "At different times, we have seen three or more active variants using different approaches or targeting different carriers," Google added. "At peak times of activity, we have seen up to 23 different apps from this family submitted to Play in one day." Google also said that Bread malware strains have also been spotted on the Play Store, suggesting this malware operation knew what and who to target from the get-go and never deviated from its path even if they weren't initially successful.

The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About

The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
While AI is undoubtedly being researched and developed as a means of crippling an enemy state’s civil and defense infrastructure during war, it’s also easily deployable by criminal gangs and terrorist organizations. So rather than between nations, today’s race is between hackers, crackers, phishers and data thieves, and the experts in cybersecurity whose job it is to tackle those threats before they cause us harm. Just as AI can “learn” to spot patterns of coincidence or behavior that can signal an attempted attack, it can learn to adapt in order to disguise the same behavior and trick its way past our defenses. This parallel development of offensive and defensive capabilities will become an increasingly present theme as AI systems become more complex and, importantly, more available and simpler to deploy. Everything from spam email attempts to trick us into revealing our credit card details to denial-of-service attacks designed to disable critical infrastructure will grow in frequency and sophistication.

Quote for the day:

"Nobody in your organization will be able to sustain a level of motivation higher than you have as their leader." -- Danny Cox