Daily Tech Digest - February 09, 2021

Digital transformation strategy: 7 factors to re-examine about yours now

In the rush to adjust to work-from-home orders, seismic supply and demand shifts, changing customer and partner needs, and a global health crisis, some shortcuts may have been taken, or longer views set aside. Heading into 2021, IT leaders can take a step back to reassess some important aspects of their digital transformation efforts to make sure they’re on the right track not only for 2021 but beyond. ... While the urgency to transform was necessary, some initiatives conceived or implemented in haste may deserve a second or even third look. “Some may have implemented changes at a pace that didn’t allow for the standard level of care and detail that would normally go into digital transformation projects. Others pivoted away from their technical roadmap,” says Greg Stam, managing director in the CIO advisory at digital business consultancy AHEAD. “It’s critical to re-baseline your digital transformation strategy, starting with any new business goals.” ... “As so many IT leaders scrambled to implement new technologies to help employees remain productive and connected from home, some may be starting to find that the tools they implemented aren’t really serving their true purpose,” says Rob Wiley


Understanding Linus's Law for open source security

Some people assume that because major software is composed of hundreds of thousands of lines of code, it's basically impossible to audit. Don't be fooled by how much code it takes to make an application run. You don't actually have to read millions of lines. Code is highly structured, and exploitable flaws are rarely just a single line hidden among the millions of lines; there are usually whole functions involved. There are exceptions, of course. Sometimes a serious vulnerability is enabled with just one system call or by linking to one flawed library. Luckily, those kinds of errors are relatively easy to notice, thanks to the active role of security researchers and vulnerability databases. Some people point to bug trackers, such as the Common Vulnerabilities and Exposures (CVE) website, and deduce that it's actually as plain as day that open source isn't secure. After all, hundreds of security risks are filed against lots of open source projects, out in the open for everyone to see. Don't let that fool you, though. Just because you don't get to see the flaws in closed software doesn't mean those flaws don't exist. In fact, we know that they do because exploits are filed against them, too. The difference is that all exploits against open source applications are available for developers (and users) to see so those flaws can be mitigated.


World Economic Forum calls cybersecurity one of the "key threats of the next decade"

The analysts behind the report called cybersecurity failure among the "highest likelihood risks" of the next 10 years and IT infrastructure breakdown "among the highest impact risks of the next decade." In a survey of experts included in the report, 39% of respondents said cybersecurity failure was a critical threat to the world right now and ranked as the most pertinent risk on the list after infectious disease, extreme weather events, and livelihood crises. Nearly 50% said it would be a concern for the next three to five years. The report suggests that in order to make the transition to a fully digital world more smooth, multiple things need to be changed, including "insisting on security and privacy by design in the development of new technologies and digital services." Hitesh Sheth, president and CEO at cybersecurity firm Vectra, said the only surprise in the World Economic Forum Global Risks Report is that cybersecurity failure wasn't ranked higher. "Without secure, high-functioning IT, addressing all the other crises the report names, from climate to digital inequality, becomes much harder. For years our well-understood cyber vulnerabilities have been met with too much rhetoric, too little real action," Sheth said.


UK's leading AI startup and scaleup founders highlight the main pain points of running a fast growth business in the AI sector

“Finding enough time to really invest in strategy” is a significant challenge, according to Miriam Cha, COO and co-founder at Rahko. “We work in two very rapidly evolving areas — AI for drug/material discovery and quantum computing — so developing and continually adapting and refining a strategy that will win requires a lot of careful thought and deep discussion. “We have four founders at Rahko, and we come together very regularly for strategy sessions that can last several days, with the understanding that no one does anything else until we have answered the questions we need answered. This has taken a huge amount of discipline to maintain, but has meant that we are able to make really well thought-out decisions and head in what we believe between us to be the right direction.” Ky Nichol, CEO at Cutover, adds that “it’s hard to maintain focus on strategic goals, with new opportunities and use cases for our capabilities emerging constantly, it’s important to maintain a resilient perspective and prioritise our strategic objectives.” Tim Weil, CEO at Navenio, also agrees that developing a solid business strategy with a team that is all moving in the right direction is essential for the success of any fast growth business, in the AI sector or otherwise.


The future of work: Coming sooner than you think

Zero trust is a general framework in which every user and every system must authenticate itself continually, so if a breach occurs, attackers can’t move laterally to compromise other systems across the organization. SASE is a more recent scheme that combines SD-WAN and security into a single, simplified cloud service that can be scaled easily. Together, they can go a long way to reduce the risks incurred by remote work at scale. But there’s more to a bright future of work than technology solutions. Effective remote management, an area where software development managers tend to have extensive experience, may be most important of all. InfoWorld contributor and former CIO Isaac Sacolick has been there, and in “7 best practices for remote development teams,” he outlines some tried-and-true techniques – including continuous, transparent planning. Sacolick also observes that automation can help simplify remote development, such as automated testing and change management. It’s important to acknowledge, though, that not all jobs can be remote. Network World contributor Zeus Kerravala pinpoints the skills necessary to run the data center of the future in “How the data center workforce is evolving,” which cites an Uptime Institute study predicting a 15% rise in on-prem data center jobs over six years.


Quantum Leap: Scientists Build Chip That Can Handle Thousands Of Qubits

Quantum computers are at a similar stage that classical computers were in their 40s when machines needed control rooms to function. However, this chip, according to the scientists, is the most advanced integrated circuit ever built to operate at deep cryogenic temperatures. “The quantum computers that we have now are still lab prototypes and are not commercially relevant yet. Hence, this is definitely a big step towards building practical and commercially relevant quantum computers,” said Mr Viraj Kulkarni, “But I think that we are still far away from it. “This is because of the ‘Error Correction’. Any computing device always has errors in it and no electronic device can be completely perfect. There are various techniques that computers use to correct those errors. “Now the problem with quantum computing is that qubits are very fragile. Even a slight increase in temperature, vibrations, or even cosmic rays can make qubits lose their quantumness, and this introduces errors. So the key question of whether we can really control these errors is still relevant.” Nivedita Dey, research coordinator at Quantum Research and Development Labs, said the qubit noise is still a roadblock in developing quantum computers.


A Beginners Guide to Using Django’s Impressive Data Management Abilities

Django is a Python Web framework which helps developers to bring applications from concept to completion as fast as possible.¹ A High-level framework like Django offers a comprehensive set of features for web development like an HTTP application server, a storage mechanism such as a database, a template engine, a request dispatcher and an authentication module. As I mentioned before, I try to focus on the part of Django that allows you to interact with your relational databases, the Object-Relation Mapper (ORM).³ The ORM brings you all functions to create and manipulate data and tables of your database without using any SQL commands. What I tried to explain with the following image, each Django App includes a module named mocels.py, which defines the structure of the database tables you want to create. To translate the Python Objects into database tables, the ORM comes into place. The ORM is responsible for the communication with your database, which includes the translation of your defined models into the right database structure and the execution of any database operations.


A Day with Intel on Hacking and Scaling Machine Learning with Open Source

Machine learning models are designed to be resilient, flexible and meet business goals but often, engineers who build the product and algorithms face obstacles to ensure that it works reliably, quickly and at scale. Frameworks are not easy to use. As many of the world’s leading organizations embrace approaches to scaling machine learning, Intel is offering the tools, applications and hardware to make it easier for developers to build, deploy and manage artificial intelligence and machine learning models that can be used by tens of thousands of people instead of just a few. ... Join us on Feb. 10 at 9 a.m. PT for a live Day of Machine Learning with Intel discussion, where we’ll dive deeper into oneAPI. We’ll explore the software at scale issues with machine learning and the hardware needed for it. We’ll look at the tools and the infrastructure that is used for developing, deploying and managing the algorithms. We’ll also dive into questions around how Intel’s oneAPI toolkit is a way to resolve problems that teams face, and how oneAPI fits with existing frameworks such as PyTorch and TensorFlow.


What's New in IT Security?

If the plan is to install a new software or security package, or to update software from a vendor across a plurality of devices, the coordination of the software or software upgrade release should be uniformly executed across all end users and locations, and across all devices and platforms. Commercially available software distribution platforms are available to assist with this task. The preferred method of performing software and security upgrades is a “push” distribution of any new software release in which IT pushes out the new software or software upgrade to the end device, network or platform automatically. This is in contrast to the “pull” method that notifies the user that a new version of software is available, but that depends upon the user to pull or download the new release onto his or her device or network. “Pull” is the better methodology because you don’t have to worry about users failing to perform a download, leaving themselves (and the company) open to security vulnerabilities that a new software release can resolve. The SolarWinds compromise occurred because malware had gotten embedded in a software release that clients were installing. The lesson for IT is to vet your vendors’ security practices as they pertain to data centers, operational software, business partners and the end products that they are selling to you.


Hacker Breached Florida City's Water Treatment System

A hacker breached a Florida city's water treatment network on Friday, increasing the amount of lye that would have been added to the water to a dangerous level. But city officials in Oldsmar, Florida, say they were able to spot the intrusion and quickly reverse the setting before it took effect. Reuters reports that the intruder was able to access the water treatment network software after first gaining access to TeamViewer remote access and control software. "Importantly, the public was never in danger," Pinellas County Sheriff Bob Gualtieri said during a Monday press conference. Oldsmar, Florida, which is about 17 miles northwest of Tampa, has a population of about 15,000. In recent years, officials have focused increasing attention on the security of industrial control systems used to manage municipalities' electricity and water. Such systems often are connected to the internet and could pose vast public safety risks if infiltrated by hackers. Questions will likely now be raised about how the city used and configured TeamViewer for remote access, including which access controls were in place. TeamViewer has long been an attractive target because it's designed to give administrators full, remote access to and control of systems.



Quote for the day:

"At the heart of great leadership is a curious mind, heart, and spirit." -- Chip Conley

Daily Tech Digest - February 08, 2021

The Future of Healthcare Is in the Cloud

While the idea of making information accessible anywhere and at any time offers obvious advantages, there are obstacles to overcome. Potential security risks and concern over compliance has long held back cloud adoption in healthcare. IT staff need to ensure timely software updates, maintain network availability, and institute a regular and robust backup routine. Healthcare organizations also need to consider how data will be processed by a third party, examine with whom their cloud partners are in business, and ensure security standards extend to any cloud networks they use. Cloud providers with healthcare experience and an understanding of the unique compliance landscape will be favored as the industry rises to meet these challenges. Everyone should take comfort from the fact that the most advanced healthcare organizations in the world have announced major cloud initiatives after much deliberation and due diligence. Mayo Clinic’s announcement of its partnership with Google is one such example. The dream of global collaboration relies on cloud computing. Healthcare professionals in different countries can now trade massive data sets easily. While collaboration like this has typically been reserved for esoteric research projects, it’s now being employed to tackle global health problems.


Q&A: Telehouse engineering lead discusses AI benefits for data centres

Developments in network management AI and cyber security are allowing us to detect unusual activity outside of usual traffic patterns. In a typical office environment, if a company device logs in at 3am and starts taking gigabytes of data from the business, that will be flagged as atypical behaviour. AI can analyse this breach quickly and respond by disabling that device’s network access to stop the possible data loss. That data transfer could also take place in the middle of the working day, but it might come from a device that would not normally transfer that volume of data, such as a laptop solely used for presentations. The AI already understands the typical behaviour patterns of that device and will flag when there might be inflow or outflow of data that does not fit its typical usage pattern. In a data centre it is no different. Every server has its own typical operational pattern, and these can be monitored by the cyber security systems, and any unusual activity can be flagged. It is possible to take this further than simple network monitoring by interfacing with other systems. For example, detecting whether server behaviour changed after someone entered a secure server hall, which could indicate that a server has been tampered with.


The year ahead in DevOps and agile: bring on the automation, bring on the business involvement

The slower-than-desired pace of automaton stems from "organizations prohibiting developers from accessing production environments, probably because developers made changes in production previously that caused production problems," says Newcomer. "It's hard to change that kind of policy, especially when incidents have occurred. Another reason is simple institutional inertia - processes and procedures are difficult to change once fully baked into daily practice, especially when it's someone's specific job to perform these manual deployment steps." DevOps and agile progress needs to be well-measured and documented. "People have different definitions of DevOps and agile," says Lei Zhang, head of Bloomberg's Developer Experience group. Zhang's team turned to the measurements established within Google's DevOps Research and Assessment guidelines -- lead time, deploy frequency, time to restore, and change fail percentage, and focus on the combination. "We think the effort is cohesive, while the results have huge varieties. Common contributors to such varieties include complex dependencies due to the nature of the business, legacy but crucial software artifacts, compliance requirements, and low-level infrastructure limitations." 


Performance Tuning Techniques of Hive Big Data Table

Developers working on big data applications have a prevalent problem when reading Hadoop file systems data or Hive table data. The data is written in Hadoop clusters using spark streaming, Nifi streaming jobs, or any streaming or ingestion application. A large number of small data files are written in the Hadoop Cluster by the ingestion job. These files are also called part files. These part files are written across different data nodes, and when the number of files increases in the directory, it becomes tedious and a performance bottleneck if some other app or user tries to read this data. One of the reasons is that the data is distributed across nodes. Think about your data residing in multiple distributed nodes. The more scattered it is, the job takes around “N * (Number of files)” time to read the data, where N is the number of nodes across each Name Nodes. For example, if there are 1 million files, when we run the MapReduce job, the mapper has to run for 1 million files across data nodes and this will lead to full cluster utilization leading to performance issues. For beginners, the Hadoop cluster comes with several Name Nodes, and each Name Node will have multiple Data Nodes. Ingestion/Streaming jobs write data across multiple data nodes, and it has performance challenges while reading those data.


AI Support Bots Still Need That Human Touch

At the core of providing effective support for critical issues is personalized, expedited service. In contrast to the wholesale outsourcing of frontline support to bots with little documentation, by combining best practices, best-of-breed technology and a trained staff of experts, this hybrid approach offers the best option for delivering and maintaining mission-critical networks. When a network administrator has an issue that is beyond the automated self-healing functions, the first call should be readily available and start with a dedicated support expert, who will know exactly how the network is configured, its history, and they should have all of the pertinent incident data at the proverbial fingertips. Issues can then be quickly resolved and in the event that something unexpected pops up, it can be handled without having to start all over again. Today, networks are being stressed like never before with remote work, IoT, cloud migration, and so forth, spawning novel, unforeseen issues that cannot be handled by limited AI-based tools. During these periods, accessing an engineer with intimate knowledge of the system and configuration on-site will be the lifeline network teams need to help diagnose and resolve these types of challenges. Is this simply a luddite view of Artificial Intelligence?


Hidden Dangers of Microsoft 365's Power Automate and eDiscovery Tools

Power Automate and eDiscovery Compliance Search, application tools embedded in Microsoft 365, have emerged as valuable targets for attackers. The Vectra study revealed that 71% of the accounts monitored had noticed suspicious activity using Power Automate, and 56% of accounts revealed similarly suspicious behavior using the eDiscovery tool. A follow-up study revealed that suspicious Azure Active Directory (AD) Operation and Power Automate Flow Creation occurred in 73% and 69%, respectively, of monitored environments. ... Microsoft Power Automate is the new PowerShell, designed to automate mundane, day-to-day user tasks in both Microsoft 365 and Azure, and it is enabled by default in all Microsoft 365 applications. This tool can reduce the time and effort it takes to accomplish certain tasks — which is beneficial for users and potential attackers. With more than 350 connectors to third-party applications and services available, there are vast attack options for cybercriminals who use Power Automate. The malicious use of Power Automate recently came to the forefront when Microsoft announced it found advanced threat actors in a large multinational organization that were using the tool to automate the exfiltration of data. This incident went undetected for over 200 days.


The ‘It’ Factors in IT Transformation

Shadow IT has been the bane of many-a-CIO for as far as I can remember. But how many organizations focus on complete business IT alignment where the operating model supports proactively eliminating business operation disruptions as opposed to meeting internal IT SLAs? The best way to generate this elusive value from an IT revamp is to use existing concepts and add vital new ones to get transformational results. And the outcome? A business that can comfortably jump barriers and leapfrog competitors for whom IT is an afterthought. So, let’s break this down a bit. What are the “it” factors that separate a successful IT transformation from the ones with relegated outcomes? For starters, in the former, IT leaders address every critical part of the whole and the framework encourages C-level executives to take the plunge. Enterprise executives sometimes get cornered by organizational dynamics into playing it safe, into taking baby steps. Unfortunately, though, as former British Prime Minister David Lloyd George so appropriately puts it, “You can’t cross a chasm in two small jumps.” Committing to a well-planned yet courageous leap is critical for success from the very onset.


Organizations can no longer afford a reactive approach to risk management

“Business leaders must be vigilant in scanning for emerging issues and make actionable plans to adjust their strategies and business models while being authentic in fostering a trust-based, innovative culture and the organizational resilience necessary to successfully navigate disruptive change. Digitally mature companies with an agile workforce were ready when COVID-19 hit and are the ones best positioned to continue to ride the wave of rapid acceleration of digitally driven change through the pandemic and beyond.” Consistent with the survey’s findings in previous years, data security and cyber threats again rank in the top 10 risks for both 2021 and 2030. The continuously evolving nature of cyber and privacy risks underscores the need for a secure operating environment in which nimble workforces can regularly refresh the technology and skills in their arsenal to remain competitive. “If there’s any risk that all organizations across industries and geographies must maintain focus on, it’s cybersecurity and privacy,” said Patrick Scott, executive VP, Industry Programs, Protiviti. “While the areas that businesses will need to address may change as they transform their business models and increase their resiliency to face the future confidently, cybersecurity and privacy threats will remain a constant and should be at or near the top of the list.”


Digital Transformation Demands a Culture of Innovation

Research done over the past five years by the Digital Banking Report finds that corporate culture is much more important than the size of the company, level of investment, geographic location or even regulatory environment. The question becomes: How can leaders build and reinforce an innovation culture within their organization? According to research by Jay Rao and Joseph Weintraub, professors at Babson College and published in the MIT Sloan Management Review, an innovative culture rests on a foundation of six building blocks. These include resources, processes, values, behavior, climate and success. Each of these building blocks are dynamically linked. The research by the professors is aligned with insights found recently by the Digital Banking Report which shows that increasing investment, changing processes and measuring success is imperative … but not enough. Organizations must also focus on the overarching company values, the actions of people within the organization (behaviors), and the internal environment (climate). These are much less tangible and harder to measure and manage, but just as important to the success of innovation and the ability to create a sustained competitive advantage.


How Enterprise AI Use Will Grow in 2021: Predictions from Our AI Experts

Hillary Ashton, the chief product officer at data analytics vendor Teradata, said that AI will be helpful in 2021 for many companies as businesses look toward reopening and recouping sufficient revenue streams as the COVID-19 pandemic slowly releases its grip on the world. “They’ll need to leverage smart technologies to gather key insights in real-time that allow them to do so,” said Ashton. “Adopting AI technologies can help guide companies to understand if their strategies to keep customers and employees safe are working, while continuing to foster growth. As companies recognize the unique abilities of AI to help ease corporate policy management and compliance, ensure safety and evolve customer experience, we'll see boosted rates of AI adoption across industries." That will also involve using AI to boost safety and compliance measures inside offices, she said. “As companies look to eventually return in some form to the office, we'll see investments in AI rise across the board. AI-driven algorithms can scour meeting invites, email traffic, business travel and GPS data from employer-issued computers and cell phones to give businesses advance warnings of certain danger zones or to quickly halt a potential outbreak at a location. ..."



Quote for the day:

"A casual stroll through the lunatic asylum shows that faith does not prove anything." -- Friedrich Nietzsche

Daily Tech Digest - February 07, 2021

5 Reasons Why You Should Code Daily As A Data Scientist

By coding on a daily basis, you will gain the ability to integrate Data Science or other elementary concepts into your programming of developmental projects. The best part about practicing to code each day is it allows you, the coders, to subconsciously develop an innovative skill where you can solve computational tasks in the form of code. By gaining more information and learning more details, you can use code blocks more effectively and efficiently to solve complex programming architectures. You can even find solutions to Data Science tasks that you might have otherwise struggled with because you are in touch with the subject. And it also helps you gather discrete and more innovative ideas for implementation faster. This point is quite self-explanatory. Coding daily will sharpen your deduction abilities and tune you into a better programmer. By following the accurate principles of coding, you can improve your skills to the next level and develop yourself into an ultimate genius of programming. For example, let us take into consideration the Python programming language, which is most commonly used for Data Science. By developing your coding skills in Python, you are also advancing your skill level of Data Science to code complex Data Science projects.


Privacy and Security Are No Longer One-Size-Fits-All

Historically, relationships can be challenging cross-divisionally between InfoSec, IT, Legal, and business or product teams in the sense that the internal conversations and ongoing education required for these teams to sync on protocols and security measures can be extensive. Moreover, policy enforcement between these teams without proper technical safeguards can result in the accidental ー or in rare instances, malicious ー leakage of data that would put an individual or business’ reputation at risk. By taking a more contextual, technically enforced approach to data governance, the all-too-common risks associated with human-led processes can be eliminated and in turn, improve collaboration and enforcement between these internal teams. When the right technical controls are in place based on the data context, using privacy-enhancing techniques or in partnership with a reliable technology partner, enterprises no longer have to rely on the manual human processes that may lead to sensitive data leakage or re-identification risk. Only this alignment between internal teams will allow an enterprise’s overall data strategy to flourish. Many of the world’s most successful companies, such as Amazon or Unilever, have gained sizable market share through data collaboration, starting within their own enterprise.


Providing Customer-Driven Value With A ToGAF® Based Enterprise Architecture

The concept of value needs to be mastered and used by enterprise architects in a customer-driven enterprise, as shown in Figure 1 above. An organization usually provides several value propositions to its different customer segments (or persona) and partners that are delivered by value streams made of several value stages. Value stages have internal stakeholders, external stakeholders, and often the customer as participants. Value stages enable customer journey steps, are enabled by capabilities and operationalized by processes (level 2 or 3 usually). The TOGAF® Business Architecture: Value Stream Guide video provides a very clear and simple explanation, should you want to know more. Customer journeys are not strictly speaking part of business architecture, but still, be very useful to interface with business stakeholders. These value streams/stages cannot be realized out of thin air. An organization must have the ability to achieve a specific purpose, which is to provide value to the triggering stakeholder, in occurrence the customers. This ability is an enabling business capability. Without this capability, the organization cannot provide value to triggering stakeholders (customers). a capability enables a value stage and is operationalized by a business process.


A Brief History of Metadata

A primary goal of metadata is to assist researchers in finding relevant information and discovering resources. Keywords used in the descriptions are called “meta tags.” Metadata is also used in organizing electronic resources, providing digital identification, and supporting the preservation and archiving of data. Metadata assists researchers in discovering resources by locating relevant criteria and providing location information. In terms of digital marketing, metadata can be used to organize and display content, maximizing marketing efforts. Metadata increases brand visibility and improves “findability.” Different metadata standards are used for different disciplines (such as digital audio files, websites, or museum collections). A web page, for example, a may contain metadata describing the software language, the tools used to create it, and the location of more information on the subject. ... Metadata found online and in digital marketing is a crucial tool for modern marketing. Metadata can help people find a website. It makes web content more searchable, and when used efficiently, metadata can increase the number of visits. 


Center for Applied Data Ethics suggests treating AI like a bureaucracy

People privileged enough to be considered the default by data scientists and who are not directly impacted by algorithmic bias and other harms may see the underrepresentation of race or gender as inconsequential. Data Feminism authors Catherine D’Ignazio and Lauren Klein describe this as “privilege hazard.” As Alkhatib put it, “other people have to recognize that race, gender, their experience of disability, or other dimensions of their lives inextricably affect how they experience the world.” He also cautions against uncritically accepting AI’s promise of a better world. “AIs cause so much harm because they exhort us to live in their utopia,” the paper reads. “Framing AI as creating and imposing its own utopia against which people are judged is deliberately suggestive. The intention is to square us as designers and participants in systems against the reality that the world that computer scientists have captured in data is one that surveils, scrutinizes, and excludes the very groups that it most badly misreads. It squares us against the fact that the people we subject these systems to repeatedly endure abuse, harassment, and real violence precisely because they fall outside the paradigmatic model that the state — and now the algorithm — has constructed to describe the world.”


Can IoT accelerate a return to offices?

Thanks to recent developments, both the Internet of Things (IoT) and the Industrial Internet of Things (IIoT) are making Internet-enabled devices an increasingly common feature in business. This trend was already on the upswing prior to the global lockdown, with 46% of IT, telecommunications, and business managers saying their organizations had already invested in IoT applications and/or services, while another 30% were readying to invest in the next 12-24 months. But with millions of workers now working and communicating virtually from remote locations, the role of IoT in helping to realize the vision of the smart enterprise has drawn even greater interest. For one thing, IoT has gained traction as an enabler of productive remote work and unhindered team collaboration across industries, said Igor Efremov the head of HR at Itransition, a Denver, US-based software development company. Sectors that formerly could not continuously function without human labor such as manufacturing, can now rely on IIoT infrastructure including sensors, cameras, and endpoints to allow technicians to monitor and maintain asset performance in real time, without actually being physically present.


Is there a human consequence to WFH?

There is no such thing as a perfect work/life balance, of course. And while some employers understand the stress faced by their workers, not all do: Switched-on employers who care about their staff provide employee choice schemes, target-related bonuses, personal support, subsidized Wi-Fi, and a judgement-free attitude toward sick days. Those who don’t, insist workers stay on camera all day and refuse to accept excuses for absence on the basis of child care or any other need, while indulging in fire and re-hire policies. To a great extent, corporate responsibility around employee care in this environment has effectively been outsourced to employees themselves, even as productivity (and working hours) increase. And while Apple’s devices and third-party apps can help remote workers manage time more effectively, the need for all parties to develop new ways of working that don’t impact personal space remains challenging. This isn’t a platform-specific matter, of course: Windows or Mac, Android or iPhone, iPad or some other tablet, enterprise workers of every stripe face complex challenges as they juggle work and personal responsibilities.


You Should Master Data Analytics First Before Becoming a Data Scientist

As a Data Scientist, you will have to perform feature engineering, where you will isolate key features that contribute to the prediction of your model. In school or wherever you learned Data Science, you may have a perfect dataset that is already made for you, but in the real world, you will have to use SQL to query your database to start finding the necessary data. In addition to the columns that you already have in your tables, you will have to make new ones — usually, these are new features that can be aggregated metrics like clicks per user, for example. As a Data Analyst, you will practice SQL the most, and as a Data Scientist, it can be frustrating if all you know is Python or R — and you can not rely on Pandas all the time, and as a result, you cannot even start the model building process without knowing how to efficiently query your database. Similarly, the focus on analytics can allow you to practice creating subqueries and metrics like the one stated above so that you can add a few to at least, say 100, new features that are completely created from you that could be more important than the base data that you have now. ... A Data Analyst usually will master visualizations because they have to present findings in a way that is easily digestible for others in the company. 


Introduction - The 4 Stages of Data Sophistication

Companies today are quite good at collecting data - but still very poor at organizing and learning from it. Setting up a proper Data Governance organization, workflow, tools, and an effective data stack are essential tasks if a business wants to gain from it’s information. This book is for organizations of all sizes that want to build the right data stack for them - one that is both practical and enables them to be as informed as possible. It is a continually improving community driven book teaching modern data governance techniques for companies at different levels of data sophistication. In it we will progresses from the starting setup of a new startup to a mature data driven enterprise covering architectures, tools, team organizations, common pitfalls and best practices as data needs expand. The structure and original chapters of this book were written by the leadership and Data Advisor teams at Chartio, sharing our experiences working with hundreds of companies over the past decade. Here we’ve compiled our learnings and open sourced them in a free, open book.


Data Residency Compliance with Distributed Cloud Approach

Rather than providing a centralized solution for everything, a distributed cloud can meet each specific customer and country requirement. It also gives enterprises the ability to properly use their original investments in existing central clouds while executing a unified cloud strategy for location-based data needs. This is especially important when customers are looking to utilize SaaS solutions that depend on central clouds since they often can’t easily localize data independently. Hybrid clouds were originally intended to enable a unified strategy. Yet, enterprises continue to struggle to get the level of value they initially expected out of their private cloud deployments, especially in compliance-centric use cases where ongoing research and expertise is needed. However, enterprises can now consider a distributed cloud-based offering such as ‘Data Residency-as-a-Service’ to meet global compliance standards. As businesses look to expand into new countries that require data sets to be localized in different regions, it’s essential to stay ahead of these challenges or they risk losing business in the region altogether.



Quote for the day:

"Brilliant strategy is the best route to desirable ends with available means." -- Max McKeown

Daily Tech Digest - February 06, 2021

Artificial intelligence must not be allowed to replace the imperfection of human empathy

In the perfectly productive world, humans would be accounted as worthless, certainly in terms of productivity but also in terms of our feeble humanity. Unless we jettison this perfectionist attitude towards life that positions productivity and “material growth” above sustainability and individual happiness, AI research could be another chain in the history of self-defeating human inventions. Already we are witnessing discrimination in algorithmic calculations. Recently, a popular South Korean chatbot named Lee Luda was taken offline. “She” was modelled after the persona of a 20-year-old female university student and was removed from Facebook messenger after using hate speech towards LGBT people. Meanwhile, automated weapons programmed to kill are carrying maxims such as “productivity” and “efficiency” into battle. As a result, war has become more sustainable. The proliferation of drone warfare is a very vivid example of these new forms of conflict. They create a virtual reality that is almost absent from our grasp. But it would be comical to depict AI as an inevitable Orwellian nightmare of an army of super-intelligent “Terminators” whose mission is to erase the human race.


The robots are ready – how can business leaders take the leap?

Robots and intelligent technology can now optimise something we’ve never been able to before: the bandwidth of employees. This has become increasingly more critical as staff adjust to remote working. By onboarding these new tools and incorporating them into the workforce, businesses can empower their staff to do more. They can automate mundane and repetitive tasks extremely quickly, giving their human colleagues more time to take on problem-solving and time-consuming tasks. In fact, 4 in 5 employees that use robots and digital workers say they have been beneficial with efficiency and collaboration, and are useful in easing the burden of administrative tasks. Employees have found that a ‘robotic helping hand’ has been most appreciated for sorting data and documents, providing prompts for pending tasks, and digitising paperwork. What’s also clear is that some businesses do have the right tools in place to help. In fact, half of UK employees said processes helped them do their job faster and collaborate better, both critical during the pandemic. However, for business leaders, the pressure to get automation right is huge. It’s a major investment of time, money, and energy for everyone involved. 


Why process mining is seeing triple-digit growth

Many enterprises are finding it difficult to scale beyond a few software robots or bots because they are automating a bad process that cannot scale. “Most businesses are automating processes through RPA and hyperautomation without first fully understanding their data and processes,” explained Gero Decker, CEO of Signavio, a SAP spinoff focused on business transformation. As enterprises pursue increased efficiencies, there is debate about whether it makes more sense to automate what exists or to fix it first. Automating a bad process may make it faster, but it may also suffer from chokepoints caused by integration with legacy systems or approval processes. Process mining can help a company fix a bad process first. Chris Nicholson, CEO of Pathmind, a company applying AI to industrial operations, argues, “The main challenge to overcome before applying process automation is to standardize the current processes performed by people. If they are not standardized, there can be no automation.” With process mining, companies can see whether their current processes are standardized so they know which problem they have to solve first: standardization or automation.


Sophisticated cybersecurity threats demand collaborative, global response

The cybersecurity industry has long been aware that sophisticated and well-funded actors were theoretically capable of advanced techniques, patience, and operating below the radar, but this incident has proven that it isn’t just theoretical. We believe the Solorigate incident has proven the benefit of the industry working together to share information, strengthen defenses, and respond to attacks. Additionally, the attacks have reinforced two key points that the industry has been advocating for a while now—defense-in-depth protections and embracing a zero trust mindset. Defense-in-depth protections and best practices are really important because each layer of defense provides an extra opportunity to detect an attack and take action before they get closer to valuable assets. We saw this ourselves in our internal investigation, where we found evidence of attempted activities that were thwarted by defense-in-depth protections. So, we again want to reiterate the value of industry best practices such as outlined here, and implementing Privileged Access Workstations (PAW) as part of a strategy to protect privileged accounts.


AI Transformation in 2021: In-Depth guide for executives

AI transformation touches all aspects of the modern enterprise including both commercial and operational activities. Tech giants are integrating AI into their processes and products. For example, Google is calling itself an “AI-first” organization. Besides tech giants, IDC estimates that at least 90% of new organizations will insert AI technology into their processes and products by 2025. ... First few projects should create measurable business value while being attainable. This is important for the transformation to gain trust across the organization with achieved projects and it creates momentum that will lead to AI projects with greater success. These projects can rely on AI/ML powered tools in the marketplace or for more custom solutions, your company can run a data science competition and rely on the wisdom of hundreds of data scientists. These competitions use encrypted data and provide a low cost way to find high performing data science solutions. bitgrit is a company that helps companies identify AI use cases and run data science competitions. Implementing process mining tools is one of those easy-to-achieve and impactful projects. For example, QPR’s Process Analyzer tool has an extensive set of ready-to-use process mining analyses, including ready-to-use clustering analysis and process predictions, as well as a platform for machine learning based analyses.


Microsoft Says It's Time to Attack Your Machine-Learning Models

Machine-learning researchers are focused on attacks that pollute machine learning data, epitomized by presenting two seemingly-identical image of, say, a tabby cat, and having the AI algorithm identify it as two completely different things, he said. More than 2,000 papers have been written in the last few years, citing these sorts of examples and proposing defenses, he said. "Meanwhile, security professionals are dealing with things like SolarWinds, software updates and SSL patches, phishing and education, ransomware, and cloud credentials that you just checked into Github," Anderson said. "And they are left to wonder what the recognition of a tabby cat has to do with the problems they are dealing with today." ... Anderson shared a red team exercise conducted by Microsoft where the team aimed to abuse a Web portal used for software resource requests and the internal machine-learning algorithm that determines automatically to which physical hardware it assigns a requested container or virtual machine. The red team started with credentials for the service, under the assumption that attackers will be able to gather valid credentials - either by phishing or because an employee reuses their user name and password.


Microsoft: Office 365 Was Not SolarWinds Initial Attack Vector

In its Thursday blog, the Microsoft team says the compromise techniques leveraged by the SolarWinds hackers included "password spraying, spear-phishing and use of webshell through a web server and delegated credentials." Earlier this week, acting CISA Director Brandon Wales told The Wall Street Journal that the SolarWinds cyberespionage operation gained access to targets using a multitude of methods, including password spraying and through exploits of vulnerabilities in cloud software (see: SolarWinds Hackers Cast a Wide Net). "As part of the investigative team working with FireEye, we were able to analyze the attacker’s behavior with a forensic investigation and identify unusual technical indicators that would not be associated with normal user interactions. We then used our telemetry to search for those indicators and identify organizations where credentials had likely been compromised by the [SolarWinds hackers]," Microsoft's security team says. But Microsoft says it's found no evidence that the SolarWinds hackers used Office 365 as an attack vector. "We have investigated thoroughly and have found no evidence they [SolarWinds] were attacked via Office 365," the Microsoft researchers say. "The wording of the SolarWinds 8K filing was unfortunately ambiguous, leading to erroneous interpretation and speculation, which is not supported by the results of our investigation."


Data loss prevention strategies for long-term remote teams

For many, a distributed hybrid workforce is the new normal, vastly expanding their threat landscape and making it more challenging to secure data and IT infrastructure. In this environment, companies need to pivot their defensive capacity, ensuring that they are prepared to meet the moment (i.e., the threats). When considering cybersecurity threats, we often think of shady cybercriminals or nation-states hacking company networks. After all, when these incidents occur, they make worldwide news headlines. For most companies, however, external bad actors aren’t the most critical risk. A company’s employees often pose a more prominent and – luckily – a more manageable cybersecurity threat. IBM estimates that human error causes nearly a quarter of all data breaches. Additionally, employees commonly and inadvertently compromise company data through poor password hygiene, accidental data sharing, improper technology use, phishing scams, and more. Some employees will also act maliciously, intentionally stealing company data for profit, retribution, or fun. The market for sensitive data is so prolific that some cybersecurity experts predict the emergence of insiders-as-a-service as bad actors capitalize on remote work trends to infiltrate companies.


The Rise of Responsible AI

In Public Safety arena using biased data to train the AI to identify criminals using cyber forensics can lead to the wrongful conviction of innocent people as the output of the software was influenced by racial and ethnicity data points introduced as either the code used was not tested properly or used wrong data sets for testing resulting in destroying lives. Apart from the bias in the data set we have also seen that during any application or transactional data processing there is no transparency as to find out why this decision was taken, which parameter influenced it and why did the algorithm took additional steps to mitigate it? All these can be easily answered by embedding explainability and transparency in the AI design processes to provide understandability of the context and interpretability of the decision by AI. Thus we need Responsible AI which is the practice of using AI with good intention to empower employees and businesses, and fairly impact customers and society – allowing companies to engender trust and scale AI with confidence along with the purpose of providing a framework to ensure the ethical, transparent and accountable use of AI technologies consistent with user expectations, organizational values and societal laws and norms.


Adaptive Frontline Incident Response: Human-Centered Incident Management

Many companies struggle with defining an incident. To us, an incident is when a service or feature functionality is degraded. But defining "degraded" contains a multitude of possibilities. One could say "degraded" is when something isn’t working as expected. But what if it’s better than expected? What’s the expected behavior? Do you define it based on customer impact? Do you wait until there’s customer impact to declare an issue an incident? This is where having a common and shared understanding of the normal operating behavior of the system and formalizing these in feature/service level objectives and indicators are key. We have to know what we expect, to know when a degradation becomes an incident. But, defining service level objectives for legacy services already in operation takes a significant investment of time and energy that might not be available right now. That’s the reality in which we frequently operate, trading off efficiency with thoroughness, as Hollnagel (2009) points out. We handle this tradeoff with a governing set of generic thresholds to fill in for services without clear indicators. At Twilio we have a lot of products, running the gamut from voice calls, video conferencing, and text messages, to email and two factor authentication.



Quote for the day:

"Don't look back. Something might be gaining on you." -- Satchel Paige

Daily Tech Digest - February 05, 2021

Riding out the wave of disruption

Disruption is not necessarily the crisis it’s frequently considered to be for incumbents, the researchers stress. Two technologies can often coexist in the marketplace for a significant period. Thus, it’s important for incumbent companies not to overreact. They should target dual users and reexamine the factors that have led to the old technology sticking around for so long. Of course, the profit implications of cannibalization of the old technology and leapfrogging depend on which type of firm is trumpeting the new technology. New entrants will always stand to gain when they introduce a technology that takes off. But incumbents rolling out a successive technology will also gain if their competitors would have introduced it anyway or if the 2.0 version has a higher profit margin than the original. The authors write, “Leapfroggers are an opportunity loss for incumbents, but switchers are a real loss.” Regardless of the predictive model they use, marketers should strive to understand how the various consumer segments identified in this study will grow or shrink over time and use that information in their forecasts of early sales or market penetration of successive technologies.


AI and APIs: The A+ Answers to Keeping Data Secure and Private

Adding to the complexity is ensuring that AI and data are used ethically, Marques points out. Two key categories comprise secure AI, he says: responsible AI and confidential AI. Responsible AI focuses on regulations, privacy, trust, and ethics related to decision-making using AI and ML models. Confidential AI involves how companies share data with others to address a common business problem. For example, airlines might want to pool data to better understand maintenance, repair, and parts failure issues but avoid exposing proprietary data to the other companies. Without protections in place, others might see confidential data. The same types of issues are common among healthcare companies and financial services firms. Despite the desire to add more data to a pool, there are also deep concerns about how, where, and when the data is used. In fact, complying with regulations is merely a starting point for a more robust and digital-centric data management framework, Jahil explains. Security and privacy must extend into a data ecosystem and out to customers and their PII. For example, CCPA has expanded the concept of PII to include any information that may help identify the individual, like hair color or personal preferences.

What is a data center REIT?

The rationale for converting to REIT status will vary from company to company, but broadly it offers beneficial tax status and greater access to capital for growth. “The biggest benefit is that REITs don’t pay any corporate tax,” says Millionacre’s Frankel. “Think of a data center company that isn't a REIT. Its income can effectively be taxed twice; once at the corporate level when the company earns a profit, and again on the individual level when the company pays a dividend to investors.” The rules on whether an organization can apply for REIT classification vary from country to country, but broadly having a portfolio of properties from which real-estate activities such as rent is the majority of your revenue is derived, and having a number of investors to which you provide the majority of that revenue, is the minimum requirement. “REITs are able to raise capital more easily via share issuances and/or joint venture partnerships as investors have a better idea of the company’s financial situation once public, says Cushman & Wakefield’s Imboden. “The degree of difficulty [on becoming a REIT] depends largely on if the company was structured and managed with the intention of becoming a REIT, or if the decision was made after years of operating.”


12 security career-killers (and how to avoid them)

“The biggest problem I’ve seen is security people who think security is the be-all and end-all. They go in with that attitude, and they don’t see how they have to enable the business,” says James Carder, CSO of the security tech company LogRhythm. He says they instead need to collaborate with their business-unit colleagues to understand their objectives and then be an enabler, not a hinderance. Others agree. “Security is a profession that has plenty of standards and regulations and frameworks, but too many times we try to implement them in a blind way, from the perspective of the standards instead of trying to implement them in the context of the business,” adds Russ Kirby, CISO of software company ForgeRock. Similarly, Kirby has seen security pros become so focused on their own objectives that they alienate other departments that may otherwise want to work together to find a solution. He points to one scenario, where security staffers wanted to change an application’s minimum password length from 8 characters to upwards of 20. The IT application team pushed back, explaining that they could go to 12 characters but anything more would take significant time and money to change.


Six industries impacted by the combination of 5G and edge computing

"Weather and humidity can impact the performance of 5G,'' Roberts added; he also noted that, as 5G continues to proliferate, there will be many more cell towers. That's consistent with recently released research by PwC, which reported that "the performance of 5G networks remains uneven." Widespread usage is not here yet "because it's a big challenge to upgrade infrastructure," agreed Mark Sami, a director at West Monroe. Right now, for example, to get Verizon's Ultra Wideband network, "you need a line of sight to a tower so you have to be in close proximity," Sami said. ... "It's all about driving applications and how do you make these 5G and edge solutions [work] in a manner where you create more opportunities for the developer community to write applications to that infrastructure architecture,'' said Sid Nag, a vice-president at Gartner. Some 90% of industrial enterprises will use edge computing by 2020, according to Frost & Sullivan. "The applications are endless,'' observed Chris Steffen, a research director at Enterprise Management Associates. "Every vertical is going to be impacted in some way,'' he added, depending on specific use cases and relevance.


Why Disconnected Data Grinds Customer Journeys to a Halt

Business architecture matters because it defines and explains the relationships between customer business processes. And information and application architecture matter because they define the major types of information and the applications that process customer data. Clearly, this kind of systems thinking is essential to defining holistic customer journeys — or in the language of marketing, the friction points between customer facing systems and data that flows between them. Thinking this way raises questions like why customers need to interface with applications separately and why they have to enter data multiple times when interacting with these separate applications — two big sources of customer journey friction. Data limits the quality of the customer journey at three major points: a company’s sales, marketing and service processes. According to economist Theodore Levitt, any sales and marketing processes should focus on the following: “the role of marketing is creating and keeping the customer.” To create or obtain new customers, organizations must simplify the processes to become a customer, regardless of the customer channel chosen. In practice this means integrating customer facing systems, so customers enter information only once.


Rust Could Be the Secret to Next-Gen Computing

The team think there are good prospects for using ‘rust’ to create super-efficient computers. This is because although very simple in architecture, the Fe2O3-based device where merons and bimerons were found already contains all the ingredients to manipulate these tiny bits quickly and efficiently – by flowing a tiny electrical current in an extremely thin metallic ‘overcoat’. In fact, the team state that controlling and observing the movement of merons and bimerons in real time is the goal of a future X-ray microscopy experiment, currently in the planning phase. Moving from basic to applied research means cost and compatibility considerations are of paramount importance. While iron oxide is extremely abundant and cheap, the fabrication techniques employed by researchers at Singapore and Madison are complex and require atomic-scale control. However, the team are optimistic as they recently demonstrated that is possible to ‘peel off’ a thin layer of oxide from its growth medium and stick it almost anywhere, with its properties being largely unaffected. They say their next steps will be the design and fabrication of proof-of-principle devices based on ‘cosmic strings’ .


New Opportunities from Tech-Driven Industry Convergence

When we study the evolution of information technology, we find that companies traditionally leveraged technology solutions to serve specific business functions within an industry. For example, in life sciences or pharmaceutical companies, technology solutions were usually grouped by function such as commercial, R&D, and supply chain. Most answers were explicitly designed for the specific process and had little scope for portability across sectors. However, as technologies evolved, solutions have become increasingly broad-based and sector-agnostic. While cloud and high-tech companies still provide industry-specific solutions, there is a convergence in the types of problems they solve for customers across industries. ... As the lines are getting blurred, we need to rethink our traditional approach to grouping various sectors when building technology solutions. For instance, all consumer-facing industries such as CPG, pharma, insurance, and manufacturing are likely to have significant overlap in the challenges they face. Similarly, healthcare, finance, medical devices, retail, and telecommunications are likely to find common ground.


Networking software can ease the complexity of multicloud management

Cloud providers offer essential tools in three key areas: security, networking, and management and orchestration (MANO). Their security capabilities and controls often must be manually implemented, and their networking requires that their on-ramps and off ramps—which providers optimize--be specifically routed. Each cloud has its own MANO tools to provide management, visibility, and automation tools that must be set in order to gain visibility see and tune application performance. That means a learning curve and fragmented MANO for enterprise IT teams that support multicloud environments. These factors combine to make many IT operations involving IaaS multiclouds difficult to scale and the task of troubleshooting performance slowdowns tedious and time consuming. The leading IaaS providers are building new access capabilities at the edge of their networks. Key to user experience is network performance, which relies on network routing to and from the nearest cloud on-ramp. Leveraging WAN network intelligence is essential to delivering a reliable, high quality experience between applications in the public cloud and end-users. Enterprise IT will require the network intelligence to connect to the best IaaS point of presence to accelerate application delivery.


The transportation sector needs a standards-driven, industry-wide approach to cybersecurity

We have already witnessed attacks on electronic charging stations via the Near-Field Communication (NFC) card, which handles billing for EV charging. The ID cards have inherent vulnerabilities due to third-party providers not securing customer data. Research has shown malicious individuals can copy these cards and use them to charge other vehicles. Another concern is related to traditional lithium-ion batteries, which are used in EVs and have the potential to explode. While this issue is being addressed by battery suppliers with investment in R&D, this safety effort must also consider the risk of cyber attacks. If it’s known that a battery in an EV can explode, this may increase the likelihood that a bad actor may target this type of car with the intent to cause harm. As EV battery technology advances, it’s imperative that comprehensive cybersecurity measures evolve and improve in parallel so automakers and technology providers can prevent this type of hacking from occurring. As the AV industry advances, so will the incentives for hackers. There is an increased potential for financial crimes committed via ransomware attacks. Further, these attacks could cause vehicles to behave abnormally, potentially endangering human lives.



Quote for the day:

"To accomplish great things, we must not only act, but also dream, not only plan but also believe." -- Anatole France

Daily Tech Digest - February 04, 2021

5 Trends for Industry 4.0: The Factory of the Future

The growing complexity of machine software as well as the ongoing modularization of modern production equipment has led to more simulation upfront. The fact that international travel for commissioning or service has significantly reduced or in some cases halted these days reinforces this trend. Functional tests of production equipment of the future will be performed using comprehensive models for simulation and virtual commissioning. The factory of the future will be built twice—first virtually, then physically. Digital representations of production machines continuously fed with live data from the field will be used for health monitoring throughout the entire lifetime of the equipment and will eventually make onsite missions be an exception ... Flexible production in the factory of the future will require robots and autonomous handling systems to adapt faster to changing requirements. While classic programming and teaching of robots isn’t suitable for preparing the system to handle the huge and fast-growing number of different goods, future handling equipment will automatically learn through reinforcement learning and other AI techniques. The prerequisites—massive calculation power and huge amounts of data—have been established over the past years.


Runtime data no longer has to be vulnerable data

With all of these security advantages, you might think that CISOs would have quickly moved to protect their applications and data by implementing secure enclaves. But market adoption has been limited by a number of factors. First, using the secure enclave protection hardware requires a different instruction set, and applications must be re-written and recompiled to work. Each of the different proprietary implementations of enclave-enabling technologies requires its own re-write. In most cases, enterprise IT organizations can’t afford to stop and port their applications, and they certainly can’t afford to port them to four different platforms. In the case of legacy or commercial off-the-shelf software, rewriting applications is not even an option. While secure enclave technologies do a great job protecting memory, they don’t cover storage and network communications – resources upon which most applications depend. Another limiting factor has been the lack of market awareness. Server vendors and cloud providers have quickly embraced the new technology, but most IT organizations still may not know about them. 


Liquid Neural Network: What’s A Worm Got To Do With It?

Liquid networks make the model more robust by improving its resilience to unexpected and noisy data. For instance, it can make algorithms adjust to heavy rains that obscure a self-driving car’s vision. Liquid network makes the algorithm more interpretable. The network can help overcome the machine learning algorithms’ black-box nature because of the neurons’ expressive nature. The liquid network has performed better than other state-of-the-art time series by a few percentage points to predict future values in datasets used in atmospheric chemistry and traffic patterns. Apart from the high reliability, it also helped reduce computational costs. The researchers were aiming for fewer but richer nodes in the algorithm. In other words, the study focused on scaling down the network rather than scaling up. “This is a way forward for the future of robot control, natural language processing, video processing — any form of time series data processing,” said Ramin Hasani, the paper’s lead author. ... Tremendous progress has been made in developing smart bots that can perform multiple intelligent tasks like work alongside humans or give mental health advice. However, its adoption presents a significant concern in terms of safety and ethics.


Virtual Panel: The MicroProfile Influence on Microservices Frameworks

The term cloud-native is still a large gray area and it's concept is still under discussion. If you, for example, read ten articles and books on the subject, all these materials will describe a different concept. However, what these concepts have in common is the same objective - get the most out of technologies within the cloud computing model. MicroProfile popularized this discussion and created a place for companies and communities to bring successful and unsuccessful cases. In addition, it promotes good practices with APIs, such as MicroProfile Config and the third factor of The Twelve-Factor App. ... The use of reflection by the frameworks has its trade-offs. For example, at the application start and in-memory consumption, the framework usually invokes the inner class ReflectionData within Class.java. It is instantiated as type SoftReference, which demands a certain time to leave the memory. So, I feel that in the future, some frameworks will generate metadata with reflection and other frameworks will generate this type of information at compile time like the Annotation Processing API or similar. We can see this kind of evolution already happening in CDI Lite, for example. 


General Availability of the new PnP Framework library for automating SharePoint Online operations

Overtime the classic PnP Sites Core has grown into a hard to maintain code base which made us decide to start a major upgrade effort for all PnP .NET components. As a result of that, PnP Framework is a slimmed down version of PnP Sites Core dropping legacy pieces and dropping support for on-premises SharePoint in favor of improved quality and maintainability. If you’re still using PnP Sites Core with your on-premises SharePoint than that’s perfectly fine, we’re not going to pull these components but you’ll not see any updated versions going forward. PnP Framework is a first milestone in the upgrade of the PnP .NET components, in parallel we’re building a brand new PnP Core SDK using modern .NET development techniques focused on performance and quality (check our test coverage and documentation). Overtime we’ll implement more and more of the PnP Framework functionality in PnP Core SDK and then replace the internal implementation in PnP Framework. The modern pages API is good example: when you use that API in PnP Framework you’re actually using the implementation done in PnP Core SDK. Below picture gives an overview of our journey and the road ahead:


Endpoint Detection and Response: How Hackers Have Evolved

While kernel mode is the most elevated type of access, it does come with several drawbacks that complicate EDR effectiveness. In kernel mode, visibility can be quite limited as there are several data points only available in user mode. Also, third-party kernel-based drivers are often difficult to develop and if not properly vetted can lead to higher chances of system instability. The kernel is often regarded as the most fragile part of a system and any panics or errors in kernel mode code can cause huge problems, even crashing the system entirely. User mode is often more appealing to attackers as it has no way of directly accessing the underlying hardware. Code that runs in user mode must use API functions that interact with the hardware on behalf of the application, allowing for more stability and fewer system-wide crashes (as application crashes will not affect the system). As a result, applications that run in user mode need minimal privileges and are more stable. Suffice to say, a lot of EDR products rely heavily on user mode hooks over kernel mode, making things interesting for attackers. Since the hooks exist in user mode and hook into our processes, we have control over them. Since applications run within the user’s context, this means everything that's loaded into our process can be manipulated by the user in some form or another.


Continuous Delivery: Why You Need It and How to Get Started

For decades, enterprise software providers have focused on delivering large quarterly releases. "This system is slow because if there are any bugs in such a large release, developers have to sift through the deployed update in its entirety to find the problem to patch," said Eric Johnson, executive vice president of engineering for open-source code collaboration platform provider GitLab. Enterprises committed to CD rapidly deliver a string of highly granular releases. "This way, if there are any bugs in a new individual release they’re easily and swiftly addressed by developers' teams. Most developers appreciate CD because it helps them deliver higher quality work while limiting the risk of introducing unwanted change into production environments. CD ensures that the entire software delivery lifecycle from source control, to building and testing, to artifact release, and ultimately deployment into real environments, is automated and consistent, explained Brent Austin, director of engineering at Liberty Mutual Insurance. High levels of test automation are critical in CD, allowing developers to confidently introduce changes quickly with high confidence and higher quality. "CD also helps developers think in small batch sizes, which allows for easier and more effective rollback scenarios when issues are found and makes introducing change safer," Austin said.


Interview With a Russian Cybercriminal

Interacting with a ransomware operator is "unusual, but not that unusual," says Craig Williams, director of outreach for Cisco Talos. Of course, a key challenge in chatting with a criminal is knowing when to trust them. Researchers asked many questions they were able to verify, but there were scenarios in which they felt Aleks wasn't telling the whole story. Williams says the strongest example of this related to targeting the healthcare industry. "He pointed out how he didn't target healthcare customers … but then knew an awful lot about when healthcare paid, and in what situations they paid, and what type of data they have, and exactly how valuable it would be, and if they had insurance, they were more likely to pay," he explains. For example, Aleks reportedly told researchers hospitals pay 80% to 90% of the time. Aleks seems to choose victims based on their ability to pay quickly, Williams says, though the report notes the attacker's views may not represent those of LockBit group. For example, Aleks says the EU's General Data Protection Regulation (GDPR) may work in adversaries' favor. Victim companies are more likely to pay "quickly and quietly" so as to avoid penalties under GDPR.


The most important skills for successful AI deployments

As AI has bolstered the operations of more and more sectors, it’s become apparent that knowledge of the technology alone isn’t enough for deployments to succeed. Whether the AI solution is serving companies or individuals, the engineers behind the roll-out need to understand the business at hand. “The company needs people who know the principles of how these algorithms work, and how to train the machine, but can also understand the business domain and sector,” said Sanz-Saiz. Without this understanding, training an algorithm can be more complex. Any successful data scientist not only needs to bring technical expertise, but also needs to have domain and sector expertise as well.” Without sufficient industry knowledge, decision-making can become inaccurate, and in some cases, such as healthcare, it can also be dangerous. Companies such as Kheiron Medical have been using an AI solution to transform cancer screening, accelerating the process and minimising human error. For this to be effective, careful assessments and evaluations at every stage of the screening procedure need to be in place. “I think a commitment to clinical rigour needs to underpin everything that we do,” explained Sarah Kerruish, chief strategy officer at Kheiron.


Google’s New Approach To AutoML And Why It’s Gaining Traction

AutoML is an automated process of searching for a child program from a search space to maximise a reward. The researchers broke down the process into a sequence of symbolic operations. Meaning, a child program is turned into a symbolic child program. The symbolic program is further hyperified into a search space by replacing some of the fixed parts with to-be-determined specifications. During the search, the search space materialises into different child programs based on search algorithm decisions. It can also be rewritten into a super-program to apply complex search algorithms such as efficient NAS (ENAS). PyGlove is a general symbolic programming library on Python. Using this library, Python classes, as well as functions, can be made mutable through brief Python annotations, making it easier to write AutoML programs. The library also allows AutoML techniques to be quickly dropped into preexisting machine learning pipelines while benefiting open-ended research which requires extreme flexibility. PyGlove implements various popular search algorithms, such as PPO, Regularised Evolution and Random Search.



Quote for the day:

"If you can't handle others' disapproval, then leadership isn't for you." -- Miles Anthony Smith