Daily Tech Digest - April 24, 2021

An Insight Into Global Payment Technologies With James Booth

With the e-commerce market set to reach a predicted market volume of £92 million by 2025, and the opportunity for cross-border expansion at an all-time high, the demand for more localised and innovative payment methods will only continue to grow. More and more customers are now online, looking for products or services that suit their very specific needs. A shopper might look across borders for what they want: better-quality products, payment methods accepted, stronger brand loyalty, and more. But they will quickly abandon the transaction page if their preferred payment method is not available. Ultimately, payment choice will play a major role in driving sales in the future, meaning merchants will need a diverse payment portfolio to ensure transactions are completed and customer loyalty retained. This will continue to spark increased innovation for payments, but also the proliferation of niche local payment options across the globe. However, as digital payments head towards a global tipping point, the need for greater regulation and security will also continue to grow.

Dealing With Stubbornness Of AI Autonomous Vehicles

Shifting gears, the future of cars entails self-driving cars. This stubbornness element in the flatbed truck tale brings up an interesting facet about self-driving cars and one that few are giving much attention to. First, be aware that true self-driving cars are driven by an AI-based driving system and not by a human driver. Thus, in the case of this flatbed truck scenario, if the car had been a self-driving car, the AI driving system would have been trying to get the car up that ramp and onto the flatbed. Secondly, there are going to be instances wherein a human wants a self-driving car to go someplace, but the AI driving system will “refuse” to do so. I want to clarify that the AI is not somehow sentient since the type of AI being devised today is not in any manner whatsoever approaching sentience. Perhaps far away in the future, we will achieve that kind of AI, but that’s not in the cards right now. This latter point is important because the AI driving system opting to “refuse” to drive someplace is not due to the AI being a sentient being, and instead is merely a programmatic indication that the AI has detected a situation in which it is not programmed to drive.

Rise of APIs brings new security threat vector -- and need for novel defenses

The speed is important. The pandemic has been even more of a challenge for a lot of companies. They had to move to more of a digital experience much faster than they imagined. So speed has become way more prominent. But that speed creates a challenge around safety, right? Speed creates two main things. One is that you have more opportunity to make mistakes. If you ask people to do something very fast because there’s so much business and consumer pressure, sometimes you cut corners and make mistakes. Not deliberately. It’s just as software engineers can never write completely bug-free code. But if you have more bugs in your code because you are moving very, very fast, it creates a greater challenge. So how do you create safety around it? By catching these security bugs and issues much earlier in your software development life cycle (SDLC). If a developer creates a new API and that API could be exploited by a hacker -- because there is a bug in that API around security authentication check -- you have to try to find it in your test cycle and your SDLC. The second way to gain security is by creating a safety net. Even if you find things earlier in your SDLC, it’s impossible to catch everything. 

Will you be heading back to the office? Should you?

The vast majority said it had worked out much better than they expected. They found people were more, rather than less, productive. It turns out folks welcomed not having to deal with long commutes, crowded open-plan offices, or Dilbert-like cubicle farms. Of course, not everyone is happy. Juggling kids and office work can mean misery. But in a recent Blind professional worker social network survey of 3,000 staffers 35% said they would quit their jobs if work from home ends. That's a lot. I'd hate to replace more than a third of my staff if I insisted everyone return to 1 Corporate Drive. If your people want to work from home, and they've shown they can deliver, why take a chance on losing them? Not everyone is on board with the change. As one Microsoft staffer on Blind put it, "I don’t think the 5-day work in the office will ever be relevant again. You will have Team A and Team B, working 2 days in the office and 3 days at home. Social interaction in person is needed." Notice, though, that even here, there's no assumption of a five-day work week.

4 reasons to learn machine learning with JavaScript

Fortunately, not all machine learning applications require expensive servers. Many models can be compressed to run on user devices. And mobile device manufacturers are equipping their devices with chips to support local deep learning inference. But the problem is that Python machine learning is not supported by default on many user devices. MacOS and most versions of Linux come with Python preinstalled, but you still have to install machine learning libraries separately. Windows users must install Python manually. And mobile operating systems have very poor support for Python interpreters. JavaScript, on the other hand, is natively supported by all modern mobile and desktop browsers. This means JavaScript machine learning applications are guaranteed to run on most desktop and mobile devices. Therefore, if your machine learning model runs on JavaScript code in the browser, you can rest assured that it will be accessible to nearly all users. There are already several JavaScript machine learning libraries. An example is TensorFlow.js, the JavaScript version of Google’s famous TensorFlow machine learning and deep learning library.

4 Software QA Metrics To Enhance Dev Quality and Speed

The caliber of code is fundamental to the quality of your product. Through frequent reviews you can assess the health of your software, thus detecting unreliable code and defects in the building blocks of your project. Identifying flaws is going to help you throughout the dev process and well into the future. Good quality code will allow you to reduce the risks of defects and avoid application and website crashes. Today, much of this process can be automated, avoiding human error and diverting resources toward other tasks. But, there are a number of code quality analytics you can focus on. ... Flagging issues in the working process can draw attention to inefficiencies, allowing the opportunity to implement project management solutions. Once flaws are established, there’s a whole host of management software for small businesses and large businesses alike to improve efficiency. Automation can also help you through the testing process. According to PractiTest, 78% of organizations currently use test automation for functional or regression tests. This automation will ultimately save time and money, eliminating human error and allowing resources to be redirected elsewhere in the dev process.

5 Fundamental But Effective IoT Device Security Controls

IoT devices introduce a host of vulnerabilities into organizations’ networks and are often difficult to patch. With more than 30 billion active IoT device connections estimated by 2025, it is imperative information-security professionals find an efficient framework to better monitor and protect IoT devices from being leveraged for distributed denial or service (DDoS), ransomware or even data exfiltration. When the convenience of a doorbell camera, robot vacuum cleaner or cellphone-activated thermostat could potentially wreak financial havoc or threaten physical harm, the security of these devices cannot be taken lightly. We must refocus our cyber-hygiene mindset to view these devices as potential threats to our sensitive data. There are too many examples of threat actors gaining access to a supposedly insignificant IoT device, like the HVAC control system for a global retail chain, only to pivot to other unsecured devices on the same network before reaching valuable sensitive information. While phishing remains the most popular attack vector, reinforcing the need for humans to be an integral part of strong security program, IoT devices now offer another avenue for cybercriminals to access accounts and networks to steal data, conduct reconnaissance and further deploy malware.

Improving model performance through human participation

In order to achieve high-quality human reviews, it is important to set up a well-defined training process for the human agents who will be responsible for reviewing items manually. A well-thought-out training plan and a regular feedback loop for the human agents will help maintain the high-quality bar of the manually reviewed items over time. This rigorous training and feedback loop help minimize human error in addition to helping maintain SLA requirements for per item decisions. Another strategy that is slightly more expensive is to use a best-of-3 approach for each item that is manually reviewed, i.e., use 3 agents to review the same item and take the majority vote from the 3 agents to decide the final outcome. In addition, log the disagreements between the agents so that the teams can retrospect on these disagreements to refine their judging policies. Best practices applicable to microservices apply here as well. This includes appropriate monitoring of the following: End-to-end latency of an item from the time it was received in the system to the time a decision was made on it; Overall health of the agent pool; Volume of items sent for human review; and Hourly statistics on the classification of items.

The challenges of applied machine learning

One of the key challenges of applied machine learning is gathering and organizing the data needed to train models. This is in contrast to scientific research where training data is usually available and the goal is to create the right machine learning model. “When creating AI in the real world, the data used to train the model is far more important than the model itself,” Rochwerger and Pang write in Real World AI. “This is a reversal of the typical paradigm represented by academia, where data science PhDs spend most of their focus and effort on creating new models. But the data used to train models in academia are only meant to prove the functionality of the model, not solve real problems. Out in the real world, high-quality and accurate data that can be used to train a working model is incredibly tricky to collect.” In many applied machine learning applications, public datasets are not useful for training models. You need to either gather your own data or buy them from a third party. Both options have their own set of challenges. For instance, in the herbicide surveillance scenario mentioned earlier, the organization will need to capture a lot of images of crops and weeds.

Window Snyder Launches Startup to Fill IoT Security Gaps

In the connected device market, she sees a large attack surface and small security investment. "There are so many devices out there that don't have any of these mechanisms in place," she explains. "Even for those that do have security mechanisms, not all of them are built to the kind of resilience that's appropriate for the threats they're up against." It's a big problem with multiple reasons. Some organizations have small engineering teams and few resources to build resilience into their products. Some have large teams but don't prioritize security because they're in a closed-system manufacturing operation, for example, and the machines don't have network access. Many connected devices are in the field for long periods of time and it's hard to deliver updates, so manufacturers don't ship them unless they have to. "There's this combination of both security need and then additionally this requirement for an update mechanism that is reliable," Snyder continues. Oftentimes manufacturers lack confidence in how updates are deployed and don't trust the mechanism will deliver medium- or high-severity security updates on a regular basis.

Quote for the day:

"Authority without wisdom is like a heavy ax without an edge -- fitter to bruise than polish." -- Anne Bradstreet

No comments:

Post a Comment