Daily Tech Digest - June 15, 2024

Does AI make us dependent on Big Tech?

The assumption is that banks would find it impractical to independently develop the extensive computing power required for AI technologies. Heavy reliance on a small number of tech providers, would pose a significant risk, particularly for European banks. It is further assumed that these banks need to retain the flexibility to switch between different technology vendors to prevent excessive dependence on any one provider, a situation also known as vendor lock-in. And now they want to get the governments involved. The U.K. has proposed new regulations to moderate financial firms’ reliance on external technology companies such as Microsoft, Google, IBM, Amazon, and others. Regulators are specifically concerned that issues at any single cloud computing company could disrupt services across numerous financial institutions. The proposed rules are part of larger efforts to protect the financial sector from systemic risks posed by such concentrated dependence on a few tech giants. In its first statement on AI, the European Union’s securities watchdog emphasized that banks and investment firms must not shirk boardroom responsibility when deploying AI technologies. 

How To Choose An Executive Coach? Remember The 5 C’s

A lot of people might put Congruence first, but if you don’t have Clarity the interpersonal dynamics are a moot point—it’s not just about liking your coach. Once you are clear on your goals and outcomes then you should seek a coach with whom you are willing to be psychologically vulnerable. You should test the potential coach to see if their style resonates with yours. For example, are they direct enough for you? Are they structured and organized, if you need that?  ... You should be looking for Credibility—that is, relevant knowledge and expertise. You’ll learn the most by asking questions to explore the coach’s experience and track record. Has the coach worked with other executives at your level? Do they have a frame of reference for your situation and what you are grappling with? Have they worked in a similar environment and successfully coached others with similar challenges? Do they understand the corporate world and the politics of your type of organization? One thing to keep in mind is that many executives today are not just looking for a coach to help them with finding their own solutions, but also for “coach-sulting”—which may include advice and counsel on leadership, strategy, organizational development, team building and tactical problem-solving.

New Research Suggests Architectural Technical Debt Is Most Damaging to Applications

“Architectural challenges and a lack of visibility into architecture throughout the software development lifecycle prevent businesses from reaching their full potential,” said Moti Rafalin, CEO and co-founder of vFunction, a company promoting AI-driven architectural observability and sponsor of the study. “Adding to this, the rapid accumulation of technical debt hampers engineering velocity, limits application scalability, impacts resiliency, and amplifies the risk of outages, delayed projects, and missed opportunities.” Monolithic architectures bear the brunt of the impact, with 57% of organizations allocating over a quarter of their IT budget to technical debt remediation, compared to 49% for microservices architectures. Companies with monolithic architectures are also 2.1 times more likely to face issues with engineering velocity, scalability, and resiliency. However, microservices architectures are not immune to technical debt challenges, with 53% of organizations experiencing delayed major technology migrations or platform upgrades due to productivity concerns.

Surge in Attacks Against Edge and Infrastructure Devices

Not just criminals but also state-sponsored attackers have been exploiting such devices, Google Cloud's Mandiant threat intelligence unit recently warned. One challenge for defenders: Many network edge devices function as "black boxes which are not easily examined or monitored by network administrators," and also lack antimalware or other endpoint detection and response capabilities, WithSecure's report says. "It is difficult for network administrators to verify they are secure, and they often must take it on trust. Certain types of these devices also provide edge services and so are internet-accessible." Many of these devices don't by default produce detailed logs that defenders can monitor using security incident and event management tools to watch for signs of attack. "These devices are supposed to secure our networks, but by itself, there's no way I can install an AV client on it, or an EDR client, or say, 'Hey, give me some fancy logs about what is happening on the device itself,'" said Christian Beek, senior director of threat analytics at Rapid7, in an interview at Infosecurity Europe 2024. 

Edge Devices: The New Frontier for Mass Exploitation Attacks

The attraction to edge devices comes from easier entry; and they provide easier and greater stealth once compromised. Since they often provide a continuous service, they are rarely switched off. Vendors design them for continuity, so purposely make them difficult or impossible for administrator control beyond predefined options. Indeed, any such individual activity can void warranties. They frequently do not produce logs of their activity that can be analyzed by SIEMs, and they cannot be monitored by standard security controls. In this sense they are similar to the OT demand for continuity — why fix something that ain’t broke? Until it is broke, by which time it is probably too late. The result is that edge devices and services often comprise software components that can be decades old involving operating systems that are well beyond end of life; and they are effectively cybersecurity’s forgotten man. Once inside, an attacker is hidden and can plan and execute the attack over time and out of sight. “Edge services are often internet accessible, unmonitored, and provide a rapid route to privileged local or network credentials on a server with broad access to the internal network,” says the report.

Quantum Computing and AI: A Perfect Match?

Quantum AI is already here, but it's a silent revolution, OrĂºs says. "The first applications of quantum AI are finding commercial value, such as those related to LLMs, as well as in image recognition and prediction systems," he states. More quantum AI applications will become available as quantum computers grow more powerful. "It's expected that in two-to-three years there will be a broad range of industrial applications of quantum AI." Yet the road ahead may be rocky, Li warns. "It's well known that quantum hardware suffers from noise that can destroy computation," he says. "Quantum error correction promises a potential solution, but that technology isn't yet available." ... GenAI and quantum computing are mind-blowing advances in computing technology, says Guy Harrison, enterprise architect at cybersecurity technology company OneSpan, in a recent email interview. "AI is a sophisticated software layer that emulates the very capabilities of human intelligence, while quantum computing is assembling the very building blocks of the universe to create a computing substrate," he explains.

How to Offboard Departing IT Staff Members

Some terminations are not amicable, however, and those cases require immediate action. The IT department must implement an emergency revocation procedure that involves the instantaneous deactivation of all of the employee’s access credentials across all systems. Immediate action minimizes the risk of retaliatory actions or data breaches, which are heightened concerns in such scenarios. ... Departing employees often leave behind a trail of licenses and subscriptions for various software and online services used during their tenure. IT departments must undertake a thorough assessment of these digital assets to determine which licenses remain necessary, which can be reallocated and which should be terminated, based on current and anticipated needs. ... Hardware retrieval is an aspect of offboarding that requires at least as much diligence as digital access revocation — and often more, given the number of remote employees that many businesses have. All devices issued to employees — laptops, tablets, smartphones, ID cards and more — must be returned, thoroughly inspected and wiped of sensitive information before they are reassigned or decommissioned.

Integrating Transfer Learning and Data Augmentation for Enhanced Machine Learning Performance

Concretely, the first step consists of applying data augmentation techniques, including flipping, noise injection, rotation, cropping, and color space augmentation, to augment the volume of target domain data. Secondly, a transfer learning model, utilizing ResNet50 as the backbone, extracts transferable features from raw image data. The model’s loss function integrates cross-entropy loss for classification and a distance metric function between source and target domains. By minimizing this combined loss function, the model aims to simultaneously improve classification accuracy on the target domain while aligning the distributions of the source and target domains The experiments compared an enhanced transfer learning method with conventional ones across datasets like Office-31 and pneumonia X-rays. Different models, including DAN and DANN, were tested using various techniques like discrepancy-based and adversarial approaches. The enhanced method, incorporating data augmentation, consistently outperformed others, especially when source and target domains were more similar. 

OIN expands Linux patent protection yet again (but not to AI)

Keith Bergelt, OIN's CEO, emphasized the importance of this update, stating, "Linux and other open-source software projects continue to accelerate the pace of innovation across a growing number of industries. By design, periodic expansion of OIN's Linux System definition enables OIN to keep pace with OSS's growth." Bergelt explained that this update reflects OIN's well-established process of carefully maintaining a balance between stability and incorporating innovative core open-source technologies into the Linux System definition. The latest additions result from OIN's consensus-driven update process. "OIN is also trying to make patent protection more accessible," he added. "We're trying to make it easier for people to understand what's in there and why it's in there, what it relates to, what projects it relates to, and what it means to developers and laymen as well as lawyers." Looking ahead, Bergelt said, "We made this conscious decision not to include AI. It's so dynamic. We wait until we see what AI programs have significant usage and adoption levels." This is how the OIN has always worked. The consortium takes its time to ensure it extends its protection to projects that will be around for the long haul.

Beyond Sessions: Centering Users in Mobile App Observability

The main use case for tracking users explicitly in backend data is the potential to link them to your mobile data. This linkage provides additional attributes that can then be associated with the request that led to slow backend traces. For example, you can add context that may be too expensive to be tracked directly in the backend, like the specific payload blobs for the request, but that is easily collectible on the client. For mobile observability, tracking users explicitly is of paramount importance. In this space, platforms, and vendors recognize that modeling a user’s experience is essential because knowing the totality and sequencing of the activities around the time a user experiences performance problems is key for debugging. By grouping temporally related events for a user and presenting them in a chronologically sorted order, they have created what has become de rigueur in mobile observability: the user session. Presenting telemetry this way allows mobile developers to spot patterns and provide explanations as to why performance problems occur. 

Quote for the day:

“Every adversity, every failure, every heartache carries with it the seed of an equal or greater benefit.” -- Napoleon Hill

No comments:

Post a Comment