Daily Tech Digest - July 24, 2023

A CDO Call To Action: Stop Hoarding Data—Save The Planet

Many of the implications of rampant data hoarding are reasonably well known—including the potential compliance and privacy risks associated with storing petabytes of data you know absolutely nothing about. For many companies, "don’t ask, don’t tell" seems to be the approach when it comes to ensuring compliant management of their dark data—or at the very least, ignoring dark data represents a business risk many compliance officers seem willing to take. Other implications on the cost of storing dark data, or the potential value that could be unlocked by operationalizing it, are also often discussed. For many CDOs, the motivation to store troves of data that may never get used is a form of FOMO, where the fear of being unable to support a future request for new analytical insights outweighs the cost of data storage. In these situations, the unwillingness of many CDOs to apply methods to measure the business value of data is a primary enabler of data hoarding, where the idea that "we might need it someday" is sufficient to drive millions in annual revenues for cloud service providers.

Google, Microsoft, Amazon, Meta Pledge to Make AI Safer and More Secure

Meta said it welcomed the White House agreement. Earlier this week, the company launched the second generation of its AI large language model, Llama 2, making it free and open source. "As we develop new AI models, tech companies should be transparent about how their systems work and collaborate closely across industry, government, academia and civil society," said Nick Clegg, Meta's president of global affairs. The White House agreement will "create a foundation to help ensure the promise of AI stays ahead of its risks," Brad Smith, Microsoft vice chair and president, said in a blog post. Microsoft is a partner on Meta's Llama 2. It also launched AI-powered Bing search earlier this year that makes use of ChatGPT and is bringing more and more AI tools to Microsoft 365 and its Edge browser. The agreement with the White House is part of OpenAI's "ongoing collaboration with governments, civil society organizations and others around the world to advance AI governance," said Anna Makanju, OpenAI vice president of global affairs.

UN Security Council discusses AI risks, need for ethical regulation

During the meeting, members stressed the need to establish an ethical, responsible framework for international AI governance. The UK and the US have already started to outline their position on AI regulation, while at least one arrest has occurred in China this year after the Chinese government enforced new laws relating to the technology. Malta is the only current non-permanent council member that is also an EU member state and would therefore be governed by the bloc’s AI Act, the draft of which was confirmed in a vote last month. Although AI can bring huge benefits, it also poses threats to peace, security and global stability due to its potential for misuse and its unpredictability — two essential qualities of AI systems, Clark said in comments published by the council after the meeting. “We cannot leave the development of artificial intelligence solely to private-sector actors,” he said, adding that without investment and regulation from governments, the international community runs the risk of handing over the future to a narrow set of private-sector players.

How to Choose Carbon Credits That Actually Cut Emissions

Risk is the biggest driver in business and — with trillions of dollars in annual climate-related costs and damage – the climate crisis is fast becoming a business crisis. Corporations must act now to minimize losses, illustrate meaningful climate action to shareholders and comply with fast-approaching climate regulations. Carbon credits are an important approach to scaling climate action globally and are a fast-growing strategy for delivering on corporate ESG goals. While these offsets are part of nearly every scenario that keeps global warming to 1.5 degrees Celsius, legacy carbon markets lack broad public trust: Impactful carbon solutions require clear guidelines and proven, verifiable data. ... This is an all-hands-on-deck moment. We must engage proven, reliable, and equitable methods to meet what may be the greatest threat to the future of humanity and the planet we inhabit. Carbon credits, when implemented responsibly and at scale, can be a very effective tool for humanity to use in the fight to limit the damages from climate change. 

BGP Software Vulnerabilities Overlooked in Networking Infrastructure

At the heart of the vulnerabilities was message parsing. Typically, one would expect a protocol to check that a user is authorized to send a message before processing the message. FRRouting did the reverse, parsing before verifying. So if an attacker could have spoofed or otherwise compromised a trusted BGP peer's IP address, they could have executed a denial-of-service (DoS) attack, sending malformed packets in order to render the victim unresponsive for an indefinite amount of time. ... "Originally, BGP was only used for large-scale routing — Internet service providers, Internet exchange points, things like that," dos Santos says. "But especially in the last decade, with the massive growth of data centers, BGP is also being used by organizations to do their own internal routing, simply because of the scale that has been reached," to coordinate VPNs across multiple sites or data centers, for example. More than 317,000 Internet hosts have BGP enabled, most of them concentrated in China (around 92,000) and the US (around 57,000). Just under 2,000 run FRRouting — though not all, necessarily, with BGP enabled — and only around 630 respond to malformed BGP OPEN messages.

How IT leaders are driving new revenue

CIOs who are driving new revenue are: Delivering technologies designed to meet specific business outcomes. For example, Narayaran has seen CIOs focus their teams on creating applications designed not merely on high availability and reliability but on hitting very specific business goals — such as enabling on-time deliveries to its customers. Unlocking data’s potential. Narayaran says he has also seen CIOs make big plays with their data programs, investing in the technology infrastructure needed to bring together and analyze data sets to create new services or products and drive business objectives such as improved customer retention and customer stickiness. Co-creating with their business unit colleagues. Notably, Narayaran says CIOs are approaching their business unit colleagues with such proposals. “CIOs [are saying], ‘Here’s an opportunity. We have this data, and we can make this data do this for you,’ and they then bring that to life. And if they say, ‘This is what we have and this is what we can do,’ then the business, too, can come up with new ideas.”

Data centers grapple with staffing shortages, pressure to reduce energy use

A consistent issue for the past decade, attracting and retaining new talent will continue to challenge data center leaders, according to Uptime. About two-thirds of survey respondents said they have “problems recruiting or retaining staff,” but the trend appears to be stabilizing as it hasn’t increased over last year’s data. According to the report: More than one third (35%) of respondents say their staff is being hired away, which is more than double the 2018 figure of 17%. And many believe operators are poaching from within the sector, with 22% of respondents reporting that they lost staff to their competitors. Staffing challenges are highest among operations management staff and those specializing in mechanical and electrical trades, as well as with junior level staff. “It's been challenging the data center industry for about a decade. It has been escalating in recent years. Our survey data this year suggests that it may, at least this year, not be getting worse, maybe stabilizing. And poaching is a problem of people who do get qualified applicants into jobs – they do find them hired away,” said Jacqueline Davis, research analyst at Uptime Institute.

Why API attacks are increasing and how to avoid them

First, exposing APIs to network requests significantly increases the attack surface, says Johannes Ullrich, dean of research at the SANS Technology Institute. “An attack no longer needs access to the local system but can attack the API remotely,” he says. Even worse, APIs are designed to be easy to find and use, Ullrich says. They’re “self-documenting” and are typically based on common standards. That makes them convenient for developers, but also prime targets for hackers. Since APIs are designed to help applications talk to one another, they often have access to core company data, such as financial information or transaction records. It’s not only the data itself that’s at risk. The API documentation can also give outsider insights into business logic, says Ullrich. “This insight may make finding weaknesses in the business process easier.” Then there’s the quantity issue. Companies deploying cloud-based applications no longer deploy a single monolithic application with a single access point in and out. 

Journey to Quantum Supremacy: First Steps Toward Realizing Mechanical Qubits

Research and development in this field are growing at astonishing paces to see which system or platform outruns the other. To mention a few, platforms as diverse as superconducting Josephson junctions, trapped ions, topological qubits, ultra-cold neutral atoms, or even diamond vacancies constitute the zoo of possibilities to make qubits. So far, only a handful of qubit platforms have demonstrated to have the potential for quantum computing, marking the checklist of high-fidelity controlled gates, easy qubit-qubit coupling, and good isolation from the environment, which means sufficiently long-lived coherence. ... The realization of a mechanical qubit is possible if the quantized energy levels of a resonator are not evenly spaced. The challenge is to keep the nonlinear effects big enough in the quantum regime, where the oscillator’s zero point displacement is minuscule. If this is achieved, then the system may be used as a qubit by manipulating it between the two lowest quantum levels without driving it in higher energy states.

ChatGPT Amplifies IoT, Edge Security Threats

ChatGPT and its ilk are rapidly appearing integrated or embedded in commercial and consumer IoT of all types. Many imagine AI models to be the most sophisticated security threat to date. But most of what is imagined is indeed imaginary. “Now, if an actual AI emerges, be very worried if the kill switch is very far away from humans,” says Jayendra Pathak, chief scientist at SecureIQLab. He, like others in security and AI, agree that the chances of an actual general artificial intelligence developing any time soon are still very low. But as to the latest AI sensation, ChatGPT, well that’s another kind of scare. “ChatGPT poses [insider] threats -- similar to the way rogue or ‘all-knowing employees’ pose -- to IoT. Some of the consumer IoT vulnerabilities pose the same risk as a microcontroller or microprocessor does,” Pathak says. In essence, ChatGPT’s potential threats spring from its training to be helpful and useful. Such a rosy prime directive can be very harmful, however. 

Quote for the day:

"No man can stand on top because he is put there." -- H. H. Vreeland

No comments:

Post a Comment