AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
USB Over Ethernet enables sharing of multiple USB devices over Ethernet, so that
users can connect to devices such as webcams on remote machines anywhere in the
world as if the devices were physically plugged into their own computers. The
flaws are in the USB Over Ethernet function of the Eltima SDK, not in the cloud
services themselves, but because of code-sharing between the server side and the
end user apps, they affect both clients – such as laptops and desktops running
Amazon WorkSpaces software – and cloud-based machine instances that rely on
services such as Amazon Nimble Studio AMI, that run in the Amazon cloud. The
flaws allow attackers to escalate privileges so that they can launch a slew of
malicious actions, including to kick the knees off the very security products
that users depend on for protection. Specifically, the vulnerabilities can be
used to “disable security products, overwrite system components, corrupt the
operating system or perform malicious operations unimpeded,” SentinelOne senior
security researcher Kasif Dekel said in a report published on Tuesday.
Rust in the Linux Kernel: ‘Good Enough’
When we first looked at the idea of Rust in the Linux kernel, it was noted that
the objective was not to rewrite the kernel’s 25 million lines of code in Rust,
but rather to augment new developments with the more memory-safe language than
the standard C normally used in Linux development. Part of the issue with using
Rust is that Rust is compiled based on LLVM, as opposed to GCC, and subsequently
supports fewer architectures. This is a problem we saw play out when the Python
cryptography library replaced some old C code with Rust, leading to a situation
where certain architectures would not be supported. Hence, using Rust for
drivers would limit the impact of this particular limitation. Ojeda further
noted that the Rust for Linux project has been invited to a number of
conferences and events this past year, and even garnered some support from Red
Hat, which joins Arm, Google, and Microsoft in supporting the effort. According
to Ojeda, Red Hat says that “there is interest in using Rust for kernel work
that Red Hat is considering.”
DeepMind tests the limits of large AI language systems with 280-billion-parameter model
:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/70244595/acastro_200730_1777_ai_0001.0.jpg)
DeepMind, which regularly feeds its work into Google products, has probed the
capabilities of this LLMs by building a language model with 280 billion
parameters named Gopher. Parameters are a quick measure of a language’s models
size and complexity, meaning that Gopher is larger than OpenAI’s GPT-3 (175
billion parameters) but not as big as some more experimental systems, like
Microsoft and Nvidia’s Megatron model (530 billion parameters). It’s generally
true in the AI world that bigger is better, with larger models usually offering
higher performance. DeepMind’s research confirms this trend and suggests that
scaling up LLMs does offer improved performance on the most common benchmarks
testing things like sentiment analysis and summarization. However, researchers
also cautioned that some issues inherent to language models will need more than
just data and compute to fix. “I think right now it really looks like the model
can fail in variety of ways,” said Rae.
2022 transformations promise better builders, automation, robotics
The Great Resignation is real, and it has affected the logistics industry more
than anyone realizes. People don’t want low-paying and difficult jobs when
there’s a global marketplace where they can find better work. Automation will be
seen as a way to address this, and in 2022, we will see a lot of tech VC
investment in automation and robotics. Some say SpaceX and Virgin can deliver
cargo via orbit, but I think that’s ridiculous. What we need, (and what I think
will be funded in 2022, are more electric and autonomous vehicles like eVTOL, a
company that is innovating the “air mobility” market. According to eVTOL’s
website, the U.S. Department of Defense has awarded $6 million to the City of
Springfield, Ohio, for a National Advanced Air Mobility Center of Excellence.
... In 2022 transformations, grocery will cease to be an in-store retail
experience only, and the sector will be as virtual and digitally-driven as the
best of them. Things get interesting when we combine locker pickup, virtual
grocery, and automated last-mile delivery using autonomous vehicles that can
deliver within a mile of the warehouse or store.
Penetration testing explained: How ethical hackers simulate attacks
In a broad sense, a penetration test works in exactly the same way that a real
attempt to breach an organization's systems would. The pen testers begin by
examining and fingerprinting the hosts, ports, and network services associated
with the target organization. They will then research potential vulnerabilities
in this attack surface, and that research might suggest further, more detailed
probes into the target system. Eventually, they'll attempt to breach their
target's perimeter and get access to protected data or gain control of their
systems. The details, of course, can vary a lot; there are different types of
penetration tests, and we'll discuss the variations in the next section. But
it's important to note first that the exact type of test conducted and the scope
of the simulated attack needs to be agreed upon in advance between the testers
and the target organization. A penetration test that successfully breaches an
organization's important systems or data can cause a great deal of resentment or
embarrassment among that organization's IT or security leadership
EV charging in underground carparks is hard. Blockchain to the rescue
According to Bharadwaj, the concrete and steel environment effectively acted as
a “Faraday cage,” which meant that the EV chargers wouldn’t talk to people’s
mobile phones when they tried to initiate charging. You could find yourself
stranded, unable to charge your car. “So we had to innovate.” ... As with
any EV charging, a payment app connects your car to the EV charger. With Xeal,
the use of NFC means the only time you need the Internet is to download the app
in the first instance to create a profile that includes their personal and
vehicle information and payment details. You then receive a cryptographic token
on your mobile phone that authenticates your identity and enables you to access
all of Xeal’s public charging stations. The token is time-bound, which means it
dissolves after use. To charge your car, you hold your phone up to the charger.
Your mobile reads the cryptographic token, automatically bringing up an NFC
scanner. It opens the app, authenticates your charging session, starts scanning,
and within milliseconds, the charging session starts.
Top 8 AI and ML Trends to Watch in 2022
The scarcity of skilled AI developers or engineers stands as a major barrier to
adopting AI technology in many companies. No-code and low-code technologies come
to the rescue. These solutions aim to offer simple interfaces, in theory, to
develop highly complex AI systems. Today, web design and no-code user interface
(UI) tools let users create web pages simply by dragging and dropping graphical
elements together. Similarly, no-code AI technology allows developers to create
intelligent AI systems by simply merging different ready-made modules and
feeding them industrial domain-specific data. Furthermore, NLP, low-code, and
no-code technologies will soon enable us to instruct complex machines with our
voice or written instructions. These advancements will result in the
“democratization” of AI, ML, and data technologies. ... In 2022, with the aid of
AI and ML technologies, more businesses will automate multiple yet repetitive
processes that involve large volumes of information and data. In the coming
years, an increased rate of automation can be seen in various industries using
robotic process automation (RPA) and intelligent business process management
software (iBPMS).
The limitations of scaling up AI language models
Large language models like OpenAI’s GPT-3 show an aptitude for generating
humanlike text and code, automatically writing emails and articles, composing
poetry, and fixing bugs in software. But the dominant approach to developing
these models involves leveraging massive computational resources, which has
consequences. Beyond the fact that training and deploying large language models
can incur high technical costs, the requirements put the models beyond the reach
of many organizations and institutions. Scaling also doesn’t resolve the major
problem of model bias and toxicity, which often creeps in from the data used to
train the models. In a panel during the Conference on Neural Information
Processing Systems (NeurIPS) 2021, experts from the field discussed how the
research community should adapt as progress in language models continues to be
driven by scaled-up algorithms. The panelists explored how to ensure that
smaller institutions and can meaningfully research and audit large-scale
systems, as well as ways that they can help to ensure that the systems behave as
intended.
Here are three ways distributed ledger technology can transform markets
While firms have narrowed their scope to address more targeted pain points, the
increased digitalisation of assets is helping to drive interest in the adoption
of DLT in new ways. Previous talk of mass disruption of the financial system has
given way to more realistic, but still transformative, discussions around how
DLT could open doors to a new era of business workflows, enabling transactional
exchanges of assets and payments to be recorded, linked, and traced throughout
their entire lifecycle. DLT’s true potential rests with its ability to eliminate
traditional “data silos”, so that parties no longer need to build separate
recording systems, each holding a copy of their version of “the truth”. This
inefficiency leads to time delays, increased costs and data quality issues. In
addition, the technology can enhance security and resilience, and would give
regulators real-time access to ledger transactions to monitor and mitigate risk
more effectively. In recent years, we have been pursuing a number of DLT-based
opportunities, helping us understand where we believe the technology can deliver
maximum value while retaining the highest levels of risk management.
To identity and beyond—One architect's viewpoint
Simple is often better: You can do (almost) anything with technology, but it
doesn't mean you should. Especially in the security space, many customers
overengineer solutions. I like this video from Google’s Stripe conference to
underscore this point. People, process, technology: Design for people to enhance
process, not tech first. There are no "perfect" solutions. We need to balance
various risk factors and decisions will be different for each business. Too many
customers design an approach that their users later avoid. Focus on 'why' first
and 'how' later: Be the annoying 7-yr old kid with a million questions. We can't
arrive at the right answer if we don't know the right questions to ask. Lots of
customers make assumptions on how things need to work instead of defining the
business problem. There are always multiple paths that can be taken. Long tail
of past best practices: Recognize that best practices are changing at light
speed.
Quote for the day:
"Eventually relationships determine the
size and the length of leadership." -- John C. Maxwell
