Daily Tech Digest - July 10, 2023

Digital Humans: Fad or Future?

A digital human is a computer-generated entity that looks, behaves, and interacts like a real human. “To create a digital human, advanced technologies such as artificial intelligence, machine learning, and natural language processing are used to replicate the complexities of human thought and behavior,” says Matthew Ramirez, a technology entrepreneur and investor. Going beyond concierge services, digital humans could eventually play important roles in areas as diverse as education, healthcare, and entertainment. ... Although digital humans promise multiple benefits, they also present a potential threat. They could be misused in various ways to mislead, defraud, or even physically harm people, Ramirez warns. “It’s crucial to be cautious and consider the negative consequences when creating digital humans, just like with any new technology,” he says. Improvements to generative AI programs are making digital humans more realistic, which increases the possibility that consumers may have difficulty distinguishing when they’re talking to a real human versus a digital human, Bechtel says.

Feds Urge Healthcare Providers, Vendors to Use Strong MFA

CISA recommends that entities implement phishing-resistant multifactor authentication, which can help detect and prevent disclosures of authentication data to a website or application masquerading as a legitimate system, the HHS bulletin says. For instance, phishing-resistant multifactor authentication could require a password or user biometric data, combined with an authenticator such as a personal identity verification card or other cryptographic hardware or software-based token authenticator, such as FIDO with WebAuthn authenticator, according to the bulletin. "The layered defense of a properly implemented multifactor authentication solution is stronger than single-factor authentication such as relying on a password alone," HHS OCR wrote. Walsh suggested that healthcare sector entities consider integrating password vaults with MFA. Also, "passwordless authentication is probably in the future but we haven’t seen it implemented in healthcare," he said. But the bottom line, he added, is that "any MFA is probably better than no MFA."

Generative AI is coming for your job. Here are 4 reasons to get excited

Yes, the fast-emerging technology could replace some workplace activities, but it's up to us to make sure its exploitation is focused on removing repetitive tasks, such as scanning spreadsheets for data-entry errors. "I think we should be excited because it has potential to allow us to do more of the high-value things in our work, and less of the stuff that doesn't need valuable thought processes," she says. Furby says it's important to recognize that the introduction of generative AI should not be seen as an endpoint, but as a pathway to increased productivity. ... AI's ability to pick up large chunks of the work associated with everyday activities could free up internal staff to focus on more innovative and interesting projects. "I think that's always a challenge in terms of how you become more efficient in the things that you can do, and how you can approach more topics and scale at speed. And I think that's where the excitement is – generative AI could help us." For all his enthusiasm for emerging technology, Langthorne doesn't want to dismiss the concerns of people who are worried about the rise of generative systems, such as ChatGPT.

UK regulator refers cloud infrastructure market for investigation

The news comes three months after Ofcom raised “significant concerns” about Amazon Web Services (AWS) and Microsoft, alleging that they were harming competition in cloud infrastructure services and abusing their market positions with practices that make interoperability difficult. Ofcom defines cloud infrastructure services as those which are built on physical servers and virtual machines hosted in data centers and consisting of infrastructure as a service (IaaS) products, such as storage, computing and networking, and platform as a service (PaaS), which includes the software tools needed to build and run applications. When the initial investigation was launched, Ofcom said that AWS and Microsoft Azure had a combined UK market share of between 60% and 70%, while the next nearest competitor, Alphabet-owned Google, has a 5% to 10% share. Consequently, between 2018 and 2021, the percentage of cloud providers that were not AWS, Microsoft, or Google fell from 30% to 19%, causing Ofcom to note that such levels of market dominance could potentially make it harder for smaller cloud providers to compete with the market leaders, further consolidating the big providers' revenue and market share.

6 business execs you’ll meet in hell — and how to deal with them

Some executives have exactly zero aptitude when it comes to the technology that enables them to run their businesses. And you probably shouldn’t expect them to, says Bob Stevens (not his real name), former CISO for a large retail operation. After all, they’re not being paid to think about technology; they’re being paid to sell products. “The CEO at that retail company was not a technologist,” says Stevens. “He found it totally uninteresting. So when the IT and security teams would present, his attention would quickly wane and he would start answering texts and reading email. He’d say, ‘Unfortunately, technology means nothing to me. I get that it is important to the company and that we have to have it. So I will manage the business value against the cost. Just don’t try to make me understand it.’” It can be demoralizing, Stevens adds. Worse, because senior leadership doesn’t fully understand the issues in play or the threats to the business, they may not prioritize investments appropriately. 

Greatest cyber threats to aircraft come from the ground

From a CISO's perspective, what matters is not that a specific security vulnerability was found in a particular model of aircraft, but rather the general idea that modern aircraft with interconnected IT networks could potentially allow intrusions into high security avionics equipment from low security passenger internet access systems. This being the case, the time has come for all onboard aircraft systems -- including avionics -- to be regarded as being vulnerable to cyberattacks. As such, the security procedures for protecting them should be as thorough and in-depth "as any other internet-connected device," Kiley says. "The disclosure I did in 2019 was the first major one that involved the industry, the airlines, and the US government cooperating to ensure that the disclosure was done responsibly and following security industry best practices. This should be a model for how to alert the industry of an issue responsibly." Unfortunately, "Many manufacturers in the aviation industry do not understand how to work with security researchers and instead attempt to stifle research by threatening action instead of working together to solve identified issues," observes Kiley.

Monolith or Microservices, or Both: Building Modern Distributed Applications in Go with Service Weaver

Google’s new open source project Service Weaver provides the idea of decoupling the code from how code is deployed. Service Weaver is a programming framework for writing and deploying cloud applications in the Go programming language, where deployment decision can be delegated to an automated runtime. Service Weaver lets you deploy your application as monolith and microservices. Thus, it’s a best of both world of monolith and microservices. With Service Weaver, you write your application as modular monolith, where you modularise your application using components. Components in Service Weaver, modelled as Go interfaces, for which you provide a concrete implementation for your business logic without coupling with networking or serialisation code. A component is a kind of an Actor that represents a computational entity. These modular components, which built around core business logic, can call methods of other components like a local method call regardless of whether these components are running as a modular binary or microservices without using HTTP or RPC. 

Private 5G/LTE growing more slowly than expected

The use cases for private cellular networks are numerous and varied, according to IDC, encompassing everything from wide-area applications like grid networks for utility systems and transport networks to local networks for manufacturing facilities or warehouses. Yet three factors have continued to slow the growth of private cellular, which IDC defines as 5G/LTE networks that don’t share traffic between users, as a public network would. The first is slower-than-expected availability of the latest 5G chipsets, specifically those for releases 17 and 18 from 3GPP — the cellular technology standards body — which are designed to improve ultra-reliable, low-latency communications. That creates a drag on particularly advanced new implementations, particularly in the industrial sector, that can be created with private networks, the report said. In the short-term, that means that LTE will account for the bulk of spending on private cellular networks, according to the report, not to be superseded by 5G spending until 2027. Difficulties with integrating private cellular into existing network infrastructure is also slowing growth, IDC noted. 

Red Hat kicked off a tempest in a teapot

We never seem to learn from history. I was part of the United Linux effort in the early 2000s while working at Novell. Scared by Red Hat’s early popularity, a group of would-be contenders to the Red Hat throne, including SUSE, Turbolinux, Conectiva, and Caldera (which became SCO Group), banded together to try to define a common, competitive distribution. It failed. Completely. As I’ve written, “It turns out the market didn’t want a common Linux distribution created by committee. They wanted the industry standard, which happened to be Red Hat.” Fast forward to 2023, and no one is clamoring for a resurrected United Linux, but CentOS had become a way for people to use RHEL without paying for it. It was, in some ways, a United Linux that actually worked, as it gave the companies behind Rocky and Alma Linux a way to compete without contributing. Now that’s gone, and there’s much hand-wringing over how hard it will be to continue delivering Red Hat’s product for free. Rocky Linux assures us it will be possible, in a poorly named post about this “Brave New World.”

Who Should Pay for Payment Scams - Banks, Telcos, Big Tech?

"The banking sector is the only sector reimbursing at the moment, and our belief is that the burden should be spread. I think tech companies should be putting their hands in their pockets, particularly as they profit from it," said David Postings, chief executive of UK Finance. In a letter last week to Prime Minister Rishi Sunak, a group of major U.K. banks said technology companies must contribute to the cost of the online fraud "pandemic" that is undermining international investor confidence in the U.K. economy, according to a report on Sky News. It makes sense for social media companies and others to be held accountable for scams. Users of Facebook, Instagram, Twitter and other platforms have fallen prey to romance scams, cryptocurrency investment scams and more. But before the government starts looking for ways to ask big tech to contribute, let's not forget about the victims. It might be difficult to prove which platform is liable and for how much. Social media conversations are often fluid and move from one platform to another. Tracing back the conversation and then establishing the responsibility across banks and tech companies could take time. 

Quote for the day:

"Leadership is a two-way street, loyalty up and loyalty down." -- Grace Murray Hopper

No comments:

Post a Comment