Daily Tech Digest - August 17, 2021

It May Be Too Early to Prepare Your Data Center for Quantum Computing

The fact that there are multiple radically different approaches to quantum computing under development, with no assurance that any will meet market success (let alone market dominance), speaks to quantum computing's infancy. Merzbacher compares the situation to the early days of microprocessors, when there was a debate on whether computer chips should be made of silicon or germanium. "There were arguments for germanium. It's a better system for semiconductor computing in some sense, but it's expensive, not as easy to manufacture, and it's not as common, so in the end, it was silicon," she said. Quantum computing hasn't reached a point where "everybody settled on a technology here, and so there still is uncertainty. It may be that the IBM approach is better for certain types of computing, and then the trapped-ion approaches [are] better for others." This past March, IonQ became the first publicly traded pure-play quantum computing company via a SPAC merger. According to Merzbacher, the startup appears to have its eye on marketing rack-mounted quantum hardware to the data center market, although it hasn't voiced such intentions publicly.

Lucas Cavalcanti on Using Clojure, Microservices, Hexagonal Architecture ...

One thing to mention about the Cockburn Hexagonal Architecture, is that it was born into a Java object or entered word. And just to get a context. So what we use, it's not exactly that implementation. But it uses that idea as an inspiration. So I think on the Coburn's idea is you have a web server. And at every operation that web server is a port and you'll have the adapter, which a port that's an interface. And then the above adapter is the actual implementation of that interface. And the rest is how to implement the classes implement in that. The implementation, we use that idea of separating a port, that it's the communication with the external world from the adapter, which is the code that translate that communication to actual code that you can execute. And then the controller is the piece that gets that communication from the external world, and runs the actual business logic. I think the Cockburn definition stops at the controller. And after the controller, it's already business logic. Since we are working on Clojure and functional programming.

Excel 4, Yes Excel 4, Can Haunt Your Cloud Security

Scary? Sure, but still, how hard can it be to spot a macro attack? It’s harder than you might think. Vigna explained XLM makes it easy to create dangerous but obfuscated code. It started with trivial obfuscation methods. For example, the code was written hither and yon on and written using a white font on a white background. Kid’s stuff. But, later versions started using more sophisticated methods such as hiding by using the VeryHidden flag instead of Hidden. Users can’t unhide a VeryHidden flag from Excel. You must uncover VeryHidden data with a VBA script or even resort to a hex editor. How many Excel users will even know what a hex editor is, never mind use it? Adding insult to injury, Excel 4 doesn’t differentiate between code and data. So, yes what looks like data may be executed as code. It gets worse. Vigna added “Attackers may build the true payload one character at a time. They may add a time dependence, making the current day a decryption key for the code. On a wrong day, you’ll just see gibberish.” As VMware security researcher Stefano Ortolani added, Excel 4.0 macros are “easy to use but also easy to complicate.”

Agile Data Labeling: What it is and why you need it

The concept of Autolabeling, which consists of using an ML model to generate “synthetic” labels, has become increasingly popular in the most recent years, offering hope to those tired of the status quo, but is only one attempt at streamlining data labeling. The truth, though is, no single approach will solve all issues: at the center of autolabeling, for instance, is a chicken-and-egg problem. That is why the concept of Human-in-the-Loop labeling is gaining traction. That said, those attempts feel uncoordinated and bring little to no relief to companies who often struggle to see how those new paradigms apply to their own challenges. That’s why the industry is in need of more visibility and transparency regarding existing tools (a wonderful initial attempt at this is the TWIML Solutions Guide, though it’s not specifically targeted towards labeling solutions), easy integration between those tools, as well as an end-to-end labeling workflow that naturally integrates with the rest of the ML lifecycle. Outsourcing the process might not be an option for specialty use cases for which no third party is capable of delivering satisfactory results. 

Brain-computer interfaces are making big progress this year

The ability to translate brain activity into actions was achieved decades ago. The main challenge for private companies today is building commercial products for the masses that can find common signals across different brains that translate to similar actions, such as a brain wave pattern that means “move my right arm.” This doesn’t mean the engine should be able to do so without any fine tuning. In Neuralink’s MindPong demo above, the rhesus monkey went through a few minutes of calibration before the model was fine-tuned to his brain’s neural activity patterns. We can expect this routine to happen with other tasks as well, though at some point the engine might be powerful enough to predict the right command without any fine-tuning, which is then called zero-shot learning. Fortunately, AI research in pattern detection has made huge strides, specifically in the domains of vision, audio, and text, generating more robust techniques and architectures to enable AI applications to generalize. The groundbreaking paper Attention is all you need inspired many other exciting papers with its suggested ‘Transformer’ architecture. 

Here’s how hackers are cracking two-factor authentication security

Our experiments revealed a malicious actor can remotely access a user’s SMS-based 2FA with little effort, through the use of a popular app (name and type withheld for security reasons) designed to synchronize user’s notifications across different devices. Specifically, attackers can leverage a compromised email/password combination connected to a Google account (such as username@gmail.com) to nefariously install a readily available message mirroring app on a victim’s smartphone via Google Play. This is a realistic scenario since it’s common for users to use the same credentials across a variety of services. Using a password manager is an effective way to make your first line of authentication — your username/password login — more secure. Once the app is installed, the attacker can apply simple social engineering techniques to convince the user to enable the permissions required for the app to function properly. For example, they may pretend to be calling from a legitimate service provider to persuade the user to enable the permissions. After this, they can remotely receive all communications sent to the victim’s phone, including one-time codes used for 2FA.

Agile drives business growth, but culture is stifling progress

Senior leaders who invest in upskilling will ensure a culture of innovation in the enterprise. Skills needed today and in the future are identified and learning curves accelerated by providing immersive experiences to supplement learning. At Infosys, we categorize employees into different skill horizons based on workers’ core, digital, and emerging skills. For staying close to the customer through better insights, data is not just a lazy asset locked in systems of record — it is accessible through an end-to-end system that translates customer insights into action. Going further, artificial intelligence taps into unspoken team behaviors and interactions, which research from CB Insights found increases revenue by as much as 63%. Teams will also need to collaborate effectively and make decisions on their own. This will only happen if leaders understand when to guide and when to trust. In our research, we found that the most effective Agile firms (we call these “Sprinters”) are much more likely to foster servant leadership, along with the seven levers described.

Attackers Change Their Code Obfuscation Methods More Frequently

In an analysis posted last week, researchers at the Microsoft 365 Defender Threat Intelligence Team tracked one cybercriminal group's phishing campaign as the techniques changed at least 10 times over the span of a year. The campaign, dubbed XLS.HTML by the researchers, used plaintext, escape encoding, base64 encoding, and even Morse code, the researchers said. Changing up the encoding of attachments and data is not new, but highlights that attackers understand the need to add variation to avoid detection, the Microsoft researchers said. Microsoft's research is not the first to identify the extensive use of obfuscation. Such techniques are as old as malware itself, but more recently, attackers are switching up their obfuscation techniques more frequently. In addition, increasingly user-friendly tools used by cybercriminals intent on phishing make using sophisticated obfuscation much easier. Messaging security provider Proofpoint documented seven obfuscation techniques in a paper published five years ago, and even then, many of the obfuscation techniques were not new, the company said.

Navigating an asymmetrical recovery

The key for many businesses will be to build scenarios that account for a wider diffusion of results than was needed in the past. Take the cinema business as an example. Instead of sales projections being drawn up in a band between down-10% and up-10%, we’ve seen that some businesses can find themselves in a band between down-70% and up-80%. An unexpected upside sounds like a nice problem to have, but it also can create real operating challenges. Few of the companies whose growth was supercharged during the pandemic had a plan for that level of growth, which led to shortages, stock-outs, and delays that undermined performance. Planning for extremes is almost certain to be critical for some time to come. Although there is considerable liquidity overall in the debt markets, whether from traditional loans, bonds, or newer debt funds, companies’ ability to access these markets will vary widely. Regional and country differences in government support, along with variations in capital availability between companies of different sectors and size, are all creating additional asymmetries and unpredictable balance sheet pressures. 

Driving DevOps With Value Stream Management

A value stream, such as a DevOps pipeline, is simply the end-to-end set of activities that delivers value to our customers, whether internal or external to the organization. In an ideal state, work and information flow efficiently with minimal delays or queuing or work items. So far, this all sounds great. But good things seldom come easily. Let's start with the fact that there are hundreds of tools available to support a Dev(Sec)Ops toolchain. Moreover, it takes specific skills, effort, costs, and time to integrate and configure the tools selected by your organization. While software developers perform the integration effort, the required skills may differ from those available in your software development teams. Also, such work takes your developers away from their primary job of delivering value via software products for your internal and external customers. In short, asking your development teas to build their Dev(Sec)Ops toolchain configurations is a bit like asking manufacturing operators to build their manufacturing facilities. 

Quote for the day:

"Great leaders are almost always great simplifiers who can cut through argument, debate and doubt to offer a solution everybody can understand." -- General Colin Powell

No comments:

Post a Comment