Reinforcement learning competition pushes the boundaries of embodied AI
Creating reinforcement learning models presents several challenges. One of them
is designing the right set of states, rewards, and actions, which can be very
difficult in applications like robotics, where agents face a continuous
environment that is affected by complicated factors such as gravity, wind, and
physical interactions with other objects. This is in contrast to environments
like chess and Go that have very discrete states and actions. Another challenge
is gathering training data. Reinforcement learning agents need to train using
data from millions of episodes of interactions with their environments. This
constraint can slow robotics applications because they must gather their data
from the physical world, as opposed to video and board games, which can be
played in rapid succession on several computers. To overcome this barrier, AI
researchers have tried to create simulated environments for reinforcement
learning applications. Today, self-driving cars and robotics often use simulated
environments as a major part of their training regime. “Training models using
real robots can be expensive and sometimes involve safety considerations,”
Chuang Gan, principal research staff member at the MIT-IBM Watson AI Lab, told
TechTalks.
ONNX Standard And Its Significance For Data Scientists
ONNX standard aims to bridge the gap and enable AI developers to switch between
frameworks based on the project’s current stage. Currently, the models supported
by ONNX are Caffe, Caffe2, Microsoft Cognitive toolkit, MXNET, PyTorch. ONNX
also offers connectors for other standard libraries and frameworks. “ONNX is the
first step toward an open ecosystem where AI developers can easily move between
state-of-the-art tools and choose the combination that is best for them,”
Facebook had said in an earlier blog. It was specifically designed for the
development of machine learning and deep learning models. It includes a
definition for an extensible computation graph model along with built-in
operators and standard data types. ONNX is a standard format for both DNN and
traditional ML models. The interoperability format of the ONNX provides data
scientists with the flexibility to chose their framework and tools to accelerate
the process, from the research stage to the production stage. It also allows
hardware developers to optimise deep learning-focused hardware based on a
standard specification compatible with different frameworks.
Microsoft warns of damaging vulnerabilities in dozens of IoT operating systems
According to an overview compiled by the Cybersecurity and Infrastructure
Security Agency, 17 of the affected product already have patches available,
while the rest either have updates planned or are no longer supported by the
vendor and won’t be patched. See here for a list of impacted products and patch
availability. Where patching isn’t available, Microsoft advises organizations to
implement network segmentation, eliminate unnecessary to operational technology
control systems, use (properly configured and patched) VPNs with multifactor
authentication and leverage existing automated network detection tools to
monitor for signs of malicious activity. While the scope of the vulnerabilities
across such a broad range of different products is noteworthy, such security
holes are common with connected devices, particularly in the commercial realm.
Despite billions of IoT devices flooding offices and homes over the past decade,
there remains virtually no universally agreed-upon set of security standards –
voluntary or otherwise – to bind manufacturers. As a result, the design and
production of many IoT products end up being dictated by other pressures, such
as cost and schedule.
Automate the hell out of your code
Continuous integration is a software development principle that suggests that
developers should write small chunks of code and when they push this code to
their repository the code should be automatically tested by a script that runs
on a remote machine, automating the process of adding new code to the code
base. This automates software testing thus increasing the developers
productivity and keeping their focus on writing code that passes the tests.
... If continuous integration is adding new chunks of code to the code base,
then CD is about automating the building and deploying our code to the
production environment, this ensures that the production environment is kept
in sync with the latest features in the code base. You can read this article
for more on CI/CD. I use firebase hosting, so we can define a workflow that
builds and deploys our code to firebase hosting rather than having to do that
ourselves. But we have one or two issues we have to deal with, normally we can
deploy code to firebase from our computer because we are logged in from the
terminal, but how do we authorize a remote CI server to do this? open up a
terminal and run the following command firebase login:ci it will throw back a
FIREBASE_TOKEN that we can use to authenticate CI servers.
15 open source GitHub projects for security pros
For dynamic analysis of a Linux binary, malicious or benign, PageBuster makes
it super easy to retrieve dumps of executable pages within packed Linux
processes. This is especially useful when pulling apart malware packed
specialized run-time packers that introduce obfuscation and hamper static
analysis. “Packers can be of growing complexity, and, in many cases, a precise
moment in time when the entire original code is completely unpacked in memory
doesn't even exist,” explains security engineer Matteo Giordano in a blog
post. PageBuster also takes caution to conduct its page dumping activities
carefully to not trigger any anti-virtual machine or anti-sandboxing defences
present in the analyzed binary. ... The free AuditJS tool can help JavaScript
and NodeJS developers ensure that their project is free from vulnerable
dependencies, and that the dependencies of dependencies included in their
project are free from known vulnerabilities. It works by peeking into what’s
inside your project’s manifest file, package.json. “The great thing about
AuditJS is that not only will it scan the packages in your package.json, but
it will scan all the dependencies of your dependencies, all the way down. ...”
said developer Dan Miller in a blog post.
Securing the Future of Remote Working With Augmented Intelligence
Emerging technology can potentially reshape the dimensions of organizations.
Augmented reality, as well as virtual reality, will play a crucial role in
office design trends that have already come into being. Architecture
organizations are already dedicating a space for virtual reality. This is
basically an area that is equipped with all the essential requirements of
virtual reality. An immense amount of businesses are prone to taking this step
as more meetings are held virtually to accommodate the spread-out workforce.
Organizations are currently spending a hefty amount on virtual solutions and
will continue to invest in the future. Director of business development at
HuddleCamHD, Paul Richards, affirmed that “Numerous meeting rooms will become
more similar to TV production studios instead of collaborative spaces. Erik
Narhi, an architect as well as computational design lead at the Los Angeles
office of global design company Buro Happold also agreed that in this current
era, it is impossible to neglect augmented reality and virtual reality.”
Hybrid work for home is not going anytime soon.
Risk-based vulnerability management has produced demonstrable results
Risk-based vulnerability management doesn’t ask “How do we fix everything?” It
merely asks, “What do we actually need to fix?” A series of research reports
from the Cyentia Institute have answered that question in a number of ways,
finding for example, that attackers are more likely to develop exploits for
some vulnerabilities than others. Research has shown that, on average, about 5
percent of vulnerabilities actually pose a serious security risk. Common
triage strategies, like patching every vulnerability with a CVSS score above 7
were, in fact, no better than chance at reducing risk. But now we can say that
companies using RBVM programs are patching a higher percentage of their
high-risk vulnerabilities. That means they are doing more, and there’s less
wasted effort. The time it took companies to patch half of their high-risk
vulnerabilities was 158 days in 2019. This year, it was 27 days. And then
there is another measure of success. Companies start vulnerability management
programs with massive backlogs of vulnerabilities, and the number of
vulnerabilities only grows each year. Last year, about two-thirds of companies
using a risk-based system reduced their vulnerability debt or were at least
treading water. This year, that number rose to 71 percent.
A definitive primer on robotic process automation
This isn’t to suggest that RPA is without challenges. The credentials
enterprises grant to RPA technology are a potential access point for hackers.
When dealing with hundreds to thousands of RPA robots with IDs connected to a
network, each could become an attack vessel if companies fail to apply
identity-centric security practices. Part of the problem is that many RPA
platforms don’t focus on solving security flaws. That’s because they’re
optimized to increase productivity and because some security solutions are too
costly to deploy and integrate with RPA. Of course, the first step to solving
the RPA security dilemma is recognizing that there is one. Realizing RPA
workers have identities gives IT and security teams a head start when it comes
to securing RPA technology prior to its implementation. Organizations can
extend their identity and governance administration (IGA) to focus on the
“why” behind a task, rather than the “how.” Through a strong IGA process,
companies adopting RPA can implement a zero trust model to manage all
identities — from human to machine and application.
Demystifying Quantum Computing: Road Ahead for Commercialization
For CIOs determining what the next steps for quantum computing are, they must
first consider the immediate use cases for their organization and how
investments in quantum technology can pay dividends. For example, for an
organization prioritizing accelerated or complex simulations, whether it’s for
chemical or critical life sciences research like drug discovery, the increase
in computing performance that quantum offers can make all the difference. For
some organizations, immediate needs may not be as defined, but there could be
an appetite to simply experiment with the technology. As many companies
already put a lot behind R&D for other emerging technologies, this can be
a great way to play around with the idea of quantum computing and what it
could mean for your organization. However, like all technology, investing in
something simply for the sake of investing in it will not yield results.
Quantum computing efforts must map back to a critical business or technology
need, not just for the short term, but also the long term as quantum computing
matures. CIOs must also consider how the deployment of the technology changes
existing priorities, particularly around efforts such as
cybersecurity.
Leaders Talk About the Keys to Making Change Successful and Sustainable
Many organizations that have been around for a while have established
processes that are hard to change. Mitch Ashley, CEO and managing analyst at
Accelerated Strategies Group, who’s helped create several DevOps
organizations, shared his perspective about why changing a culture can be so
difficult. “Culture is a set of behaviors and norms, and also what’s rewarded
in an organization. It’s both spoken and unspoken. When you’re in an
organization for a period of time, you get the vibe pretty quickly. It’s a
measurement culture, or a blame culture, or a performance culture, or whatever
it is. Culture has mass and momentum, and it can be very hard to move. But,
you can make cultural changes with work and effort.” What Mitch is referring
to, this entrenched culture that can be hard to change, is sometimes called
legacy cultural debt. I loved Mitch’s story about his first foray into DevOps
because it’s a great place to start if you’re dealing with a really entrenched
legacy culture. He and his team started a book club, and they read The Phoenix
Project. He said, “The book sparked great conversations and helped us create a
shared vision and understanding about our path to DevOps. ...”
Quote for the day:
"The secret of leadership is simple:
Do what you believe in. Paint a picture of the future. Go there. People will
follow." -- Seth Godin
