Daily Tech Digest - June 29, 2020

EU Commission: The GDPR has been an overall success

The GDPR proved to be flexible to support digital solutions in unforeseen circumstances such as the Covid-19 crisis. The report also concludes that harmonisation across the Member States is increasing, although there is a certain level of fragmentation that must be continually monitored. It also finds that businesses are developing a compliance culture and increasingly use strong data protection as a competitive advantage. The GDPR has acted as a catalyst for many countries and states around the world – e.g., Chile, South Korea, Brazil, Japan, Kenya, India, Tunisia, Indonesia, Taiwan and the state of California – to consider how to modernise their privacy rules, the EC noted. They also pointed out that it provided data protection authorities many corrective powers to enforce it (administrative fines, orders to comply with data subject’s requests, bans on processing or the suspension of data flows, etc.) There is room for improvement, though. “For example, we need more uniformity in the application of the rules across the Union: this is important for citizens and for businesses, especially SMEs. We need also to ensure that citizens can make full use of their rights,” noted Didier Reynders, Commissioner for Justice.

AI experts say research into algorithms that claim to predict criminality must end

A coalition of AI researchers, data scientists, and sociologists has called on the academic world to stop publishing studies that claim to predict an individual’s criminality using algorithms trained on data like facial scans and criminal statistics. Such work is not only scientifically illiterate, says the Coalition for Critical Technology, but perpetuates a cycle of prejudice against Black people and people of color. Numerous studies show the justice system treats these groups more harshly than white people, so any software trained on this data simply amplifies and entrenches societal bias and racism. “Let’s be clear: there is no way to develop a system that can predict or identify ‘criminality’ that is not racially biased — because the category of ‘criminality’ itself is racially biased,” write the group. “Research of this nature — and its accompanying claims to accuracy — rest on the assumption that data regarding criminal arrest and conviction can serve as reliable, neutral indicators of underlying criminal activity. Yet these records are far from neutral.” An open letter written by the Coalition was drafted in response to news that Springer, the world’s largest publisher of academic books, planned to publish just such a study.

Embedding ESG into banks’ strategies

Bank CEOs know they need to act. In fact, in a global survey by KPMG International in autum last year (before COVID-19), almost three‑quarters of banking CEOs said they believed their future growth will be largely determined by their ability to anticipate and navigate the shift to a low-carbon, clean-technology economy. However, most are struggling to come to grips with what that really means for their bank going forward. Take the transition risk, for example. Bank executives understand the "new reality" will require them to pivot their finance towards greener and more sustainable companies and investments. But they also know they can’t just flick a switch; they still have significant books of business wrapped up in loans and instruments to ‘brown’ assets. As long as those brown assets continue to generate profits for the bank, bank executives will need to balance their duty to finance the ESG transition against their fiduciary duties to shareholders. Banks, regulators and politicians are also struggling to understand all of the potential unintended consequences of their shift towards more ESG-related business strategies. Declining to renew loans on existing coal mines, for example, may improve a banks’ carbon disclosures. 

Facebook, IoTeX, R3 Among New Members of Confidential Computing Consortium

“Confidential computing brings privacy-preserving smart devices to the next level by not only allowing users to own their private data, but also to use it in a privacy-preserving way,” Raullen Chai, CEO of IoTex, told CoinDesk in an email. “This has major implications for consumer-facing industries such as health care and smart homes, as well as enterprise for private multi-party data sharing and interactions.” Chai, based in San Francisco, said there are two immediate use cases where confidential computing could make an impact on everyday people’s privacy.  One is facial recognition in public spaces, an area that is under intense debate and scrutiny, particularly as protests against police brutality continue in the U.S. There are traditionally two sides to this debate, said Chai. On one side are privacy-conscious people who don’t want images of their faces scanned and analyzed by governments and other actors. On the other are governments (their supporters) who, broadly, are prepared to sacrifice people’s privacy in the name of public good. Confidential computing has something for each hand.

Technology for a no-touch world

Now that machines can understand us almost as well as another human, we’ll see the technology take us back to a virtual version of the old days. We’ll be able to walk into an elevator and simply say, in any language, “Tenth floor, please.” Vending machines were invented to automate things such as candy and ticket stands, which were operated by clerks who people could speak to. In the coming years, we’ll again ask for what we want instead of pushing a button, but we won’t be talking to a person. Paris-based Thales, for example, is marketing its Transcity voice-recognition ticket machine to train stations: Travelers speak to tell it where they want to go, and it prints their ticket. Next-generation ATMs will veer toward becoming virtual tellers, according to Doug Brown, an executive at ATM maker NCR, who spoke about the technology in a recent news article. ... The effort to get machines to recognize faces also goes back to the 1960s, when an inventor named Woody Bledsoe, possibly funded by the CIA, laid down some of the field’s foundational research and dreamed of wearing glasses that would tell him the names of everyone he met. But as with speech technology, computers then didn’t have enough power or data or clever enough programming to make facial recognition work.

Is working from home the death knell for offices?

What will happen once the coronavirus is brought under control, either by a vaccine, or by an effective treatment? Will companies encourage staff to continue working from home and cut the amount of office space they occupy? Recent headlines suggest some companies have already decided to downsize their offices. Companies have a big incentive to cut their office use. Bills for rent, service charges, and utilities are all meaningful costs. Staff also benefit by spending less on commuting and having more time at home. The average one way commute in both the UK and US takes half an hour. Furthermore, even a small fall in the number of cars can lead to a significant improvement in traffic flow, and fewer cars means cleaner air. Yet, if remote working is such an obvious win-win for both businesses and their staff, why were companies so slow to adopt it before the coronavirus? The pressure on companies to economise is nothing new. Email and video conferencing have existed for 25 years, albeit the technology could be unreliable in its early years. Part of the answer may have been to do with control, and concerns that less conscientious staff would take advantage of remote working. Being seen in the office can also help employees.

A Changing World Requires a Changing View of Security

Moving security hygiene further up the to do list has to be paramount or all the effort to innovate and progress will be wasted. It really won’t take much to be breached. A DDoS attack can create large volumes of ‘garbage’ traffic to saturate the pipe and attack the intricacies of the VPN protocol. A flow as little as 1Mbps can knock a VPN service offline. No business will want to risk a breach that interferes with trading, nor can they afford any data exposure. It’s therefore really important to look back at what has been achieved and fine tune the processes and solutions in play and adapt the associated risk models. Some companies won’t be able to think about this right now such is the urgency to keep the business operating. But they must return to it, or employ the skills to do an audit, before moving on to the more strategic implementations they’ve proven they are capable of delivering. It would be foolish to roll out anymore transformation with emphasis on access and usability yet neglect security. The companies that ride this storm will be the ones that have the right technology, implementations, and skills in place. They will be the ones that deliver new operational models and innovate in ways their competition can’t.

The Secret of Simple Code

You can write code that is more reusable and less likely to break when new requirements are introduced and things change in the surrounding code. The secret to being 10x more productive is to gain a mastery of abstraction. A lot of developers treat “abstraction” like it’s a dirty word. You’ll hear (otherwise good) advice like, “don’t abstract too early” or Zen of Python’s famous “explicit is better than implicit,” implying that concrete is better than abstract. And all of that is good advice — depending on context. But modern apps use a huge amount of code. If you printed out the source code of modern top 10 applications, those stacks of paper would compete with the height of skyscrapers, and software costs a lot of money to maintain. ... Imagine being the coder who popularized the use of the map operation in programming languages like JavaScript. Map abstracts away details such as the type of data you’re mapping over, the type of data structure containing the data, and the iteration logic required to enumerate each data node in the data structure. It’s improved the efficiency of every app I’ve built in the past decade.

Attackers Target Vulnerable Exchange Servers

"As these attacks show, Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques," Hardik Suri, a researcher with the Microsoft Defender ATP Research Team, writes in the blog. "The security update that fixes this vulnerability has been available for several months, but, notably, to this day, attackers find vulnerable servers to target." After gaining access to a vulnerable Exchange server, attackers deploy web shells - malicious code written in common programming languages - into one of the many web accessible paths on the server, Microsoft reports. This enables hackers to steal data or perform malicious actions for further compromise. Microsoft found that common access paths for web shell deployment were ClientAccess and FrontEnd directories, which provide services such as Outlook on the web, the Exchange Admin Center and AutoDiscover. A common web shell being used in the attacks is the credential-stealer China Chopper, which is hidden in the system using common file names, the blog notes.

Spring Boot 2.3.0 Focuses on the Cloud

Spring Boot has released version 2.3.0 which adds support for Docker with buildpacks, layered images, graceful shutdown support, liveness, and readiness probes. Another noteworthy change is the support for Java 14 while maintaining support for LTS versions 8 and 11. Buildpacks are an alternative to Dockerfiles. Buildpacks automatically detect the software needed to run the application in a Docker container. For example, it detects the version of Java used in the application. Based on that version, the buildpack will select the JRE specified in the buildpack and build a Docker image. ... Developers usually store the application artifact as a JAR file. The disadvantage is that the JAR file contains elements that often change, such as the code. But the JAR file also contains elements that change less frequently such as the dependencies. Changes between versions in Docker images are stored as diffs. When JAR files are stored for each version of the application, then the diff is quite big and consume a lot of disk space. Buildpacks reduce the space required by splitting the application into multiple layers based on what changes more frequently.

Quote for the day:

"Remember no one can make you feel inferior without your consent." -- Eleanor Roosevelt

No comments:

Post a Comment