September 03, 2020
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
What is an office for now?
Working from home does work for a lot of people; I’ve been working from home since way before it was cool. But it can be terrible — isolating and uncomfortable, with blurred boundaries that make it too easy to keep working well past “office hours” but equally too easy to drift away from your desk to load the dishwasher. One survey on working from home, conducted by the Institute for Employment Studies in the U.K. early in its lockdown, found that more than half of respondents reported new musculoskeletal complaints, including neck and back pain, while their diet and exercise suffered. Many of them said they slept less and worried more. ... Additionally, asking employees to turn their home into an office makes employers more responsible for what happens there, while simultaneously making it more difficult to assess worker well-being. “I’ve spent a lot of my time making sure that people are OK in a way that you can do very, very swiftly in the office,” Sam Bompas, director at Bompas & Parr, a London-based experience design studio with approximately 20 employees, told me. “In the same way that for children, school provides an important social security function, if there’s anything wrong in [employees’] personal life, the office can do that as well.”
Most IoT Hardware Dangerously Easy to Crack
One of the easiest methods is to gain access to UART, or Universal Asynchronous Receiver/Transmitter, a serial interface used for diagnostic reporting and debugging in all IoT products, among other things. An attacker can use the UART to gain root shell access to an IoT device and then download the firmware to learn its secrets and inspect for weaknesses. "UART is only supposed to be used by the manufacturer. When you get access to it, in most cases you get complete root access," Rogers said. Protecting access to UART, or at least configuring it against interactive access, should be a fairly straightforward task for manufacturers; however, most don't make the effort. "They simply allow you to have complete interactive shell. It is the easiest way to hack every piece of IoT hardware," Rogers noted. Several devices even have UART pin names labeled on the board so it is easy to find the interface. Multiple tools are available to help find them if they are not labeled. Another, only slightly more challenging, route to completely pwning an IoT device is via JTAG, a microcontroller-level interface that is used for multiple purposes including testing integrated circuits and programming flash memory.
Principles for Microservice Design: Think IDEALS, Rather than SOLID
The goal of interface segregation for microservices is that each type of frontend sees the service contract that best suits its needs. For example: a mobile native app wants to call endpoints that respond with a short JSON representation of the data; the same system has a web application that uses the full JSON representation; there’s also an old desktop application that calls the same service and requires a full representation but in XML. Different clients may also use different protocols. For example, external clients want to use HTTP to call a gRPC service. Instead of trying to impose the same service contract (using canonical models) on all types of service clients, we "segregate the interface" so that each type of client sees the service interface that it needs. How do we do that? A prominent alternative is to use an API gateway. It can do message format transformation, message structure transformation, protocol bridging, message routing, and much more. A popular alternative is the Backend for Frontends (BFF) pattern. In this case, we have an API gateway for each type of client -- we commonly say we have a different BFF for each client, as illustrated in this figure.
Ethical and professional data science needed to avoid further algorithm controversies
Identifying weaknesses in the attempts to ensure objectivity, the BCS report also said there is a need for clarity around what information systems are intended to achieve at the individual level, and that this should be established “right at the start” of the process. For example, distributing grades based on the characteristics of different cohorts of students so they are statistically in line with previous years – which is what the Ofqual algorithm did – is different to ensuring each individual student is treated as fairly as possible, something which should have been discussed and understood by all stakeholders from the beginning, it said. In terms of accountability, BCS said: “It is essential to develop effective mechanisms for the joint governance of the design and development of information systems right at the start.” Although it refrained from apportioning blame, it added: “The current exam-grading situation should not be attributed to any single government department or office.” CEO of the RSS, Stian Westlake, however, told Sky News the results fiasco was “a predictable surprise” because of DfE’s demand that Ofqual reduce grade inflation.
Why you shouldn’t mistake AI for automation
AI and automation cannot be mistaken for the same thing—where there’s automation, there is no requirement that artificial intelligence is involved. Indeed, automation has been around for centuries, far longer than we’ve had computers: traditional milling used water wheels to automate manual processes that human labor would otherwise have been required for. Water spins the wheel, which turns the millstone—an automated process that’s decidedly unintelligent. Simple automation has been the cornerstone of many businesses for years. For example, a process of sending out invoices may be automated once inputs into spreadsheets have been confirmed by people in the accounts department. Automation means that machines are replicating human tasks. But AI demands that the machines are also replicating human thinking. This means programming that can reflect on its own procedures and make decisions outside the scope of its own programming. Ultimately, machine learning requires a machine to react dynamically to changing variables. This is a fundamentally different objective to automation, which is essentially about teaching machines to perform repetitive tasks with predictable inputs. For this reason, applying machine learning to any automated process may be a case of overengineering.
Convert PDFs to Audiobooks with Machine Learning
When you look at a research paper, it’s probably easy for you to gloss over the irrelevant bits just by noting the layout: titles are large and bolded; captions are small; body text is medium-sized and centered on the page. Using spatial information about the layout of the text on the page, we can train a machine learning model to do that, too. We show the model a bunch of examples of body text, header text, and so on, and hopefully it learns to recognize them. This is the approach that Kaz, the original author of this project, took when trying to turn textbooks into audiobooks. Earlier in this post, I mentioned that the Google Cloud Vision API returns not just text on the page, but also its layout. ... The book Kaz was converting was, obviously, in Japanese. For each chunk of text, he created a set of features to describe it: how many characters were in the chunk of text? How large was it, and where was it located on the page? What was the aspect ratio of the box enclosing the text (a narrow box, for example, might just be a side bar)? Notice there’s also a column named “label” in that spreadsheet above. That’s because, in order to train a machine learning model, we need a labeled training dataset from which the model can “learn.”
Read more here ...