The new dynamics of strategy: sense-making in a complex and complicated world

October 17, 2017 ~ Adrian Colyer ~ 7 Comments

The new dynamics of strategy: Sense-making in a complex and complicated world Kurtz & Snowden et al., IBM Systems Journal, 2003 Tomorrow we’ll be taking a look at a paper recommended by Linda Rising during her keynote at GOTO Copenhagen earlier this month. Today’s choice provides the necessary background to the Cynefin (Kin-eh-vun) framework on ... Continue Reading

“A Rail of One’s Own” – Creating spaces for women in IT

October 16, 2017 ~ Adrian Colyer ~ 3 Comments

“A Rail of One’s Own” - Creating Spaces for Women in IT Laugwitz, GenderIT 2014 I had the good fortune of chatting with Laura Laugwitz over breakfast on my last day before leaving the GOTO Copenhagen conference. She studied both anthropology and computer science, which must be a pretty rare but very interesting combination! “A ... Continue Reading

BadNets: Identifying vulnerabilities in the machine learning model supply chain

October 13, 2017 ~ Adrian Colyer ~ 5 Comments

BadNets: Identifying vulnerabilities in the machine learning model supply chain Gu et al., ArXiv 2017 Yesterday we looked at the traditional software packages supply chain. In BadNets, Gu et al., explore the machine learning model supply chain. They demonstrate two attack vectors: (i) if model training is outsourced, then it’s possible for a hard to ... Continue Reading

CHAINIAC: Proactive software update transparency via collectively signed skipchains and verified builds

October 12, 2017 ~ Adrian Colyer ~ 1 Comment

CHAINIAC: Proactive software-update transparency via collectively signed skipchains and verified builds Nikitin et al., USENIX Security ‘17 So hopefully you’ve put in place some kind of software supply chain management process that will pick up the availability of new package versions, particularly of course those with fixes for discovered vulnerabilities, and ensure those updates are ... Continue Reading

TrustBase: an architecture to repair and strengthen certificate-based authentication

October 11, 2017 ~ Adrian Colyer ~ 1 Comment

TrustBase: an architecture to repair and strengthen certificate-based authentication O’Neill et al., USENIX Security 2017 We recently saw that the sorry state of DNSSEC makes it comparatively easy to be sent to the wrong address when looking up a hostname. If certificate-based authentication is messed up as well, then it’s double trouble as you can ... Continue Reading

Pretzel: email encryption and provider-supplied functions are compatible

October 10, 2017 ~ Adrian Colyer ~ Leave a comment

Pretzel: email encryption and provider-supplied functions are compatible Gupta et al., SIGCOMM’17 While emails today are often encrypted in transit, the vast majority of emails are exposed in plaintext to the mail servers that handle them. Given the sensitive information often contained in email correspondence, why is this? Publicly, email providers have stated that default ... Continue Reading

Detecting credential spearphishing attacks in enterprise settings

October 9, 2017 ~ Adrian Colyer ~ 2 Comments

Detecting credential spearphishing attacks in enterprise settings Ho et al., USENIX Security 2017 The Lawrence Berkeley National Laboratory (LBNL) have developed and deployed a new system for detecting credential spearphishing attacks (highly targeted attacks against individuals within the organisation). Like many anomaly detection systems there are challenges of keeping the false positive rate acceptable (not ... Continue Reading

A century of science: globalization of scientific collaborations, citations, and innovations

October 6, 2017 ~ Adrian Colyer ~ Leave a comment

A century of science: globalization of scientific collaborations, citations, and innovations Dong et al., KDD’17 This is more of a general interest paper as a light-hearted way to end the week. A team at Microsoft conducted analyses on the Microsoft Academic Graph to understand the changing nature of science over the course of the last ... Continue Reading

HoTTSQL: Proving query rewrites with univalent SQL semantics

October 5, 2017 ~ Adrian Colyer ~ Leave a comment

HoTTSQL: Proving query rewrites with univalent SQL semantics Chu et al., PLDI’17 Query rewriting is a vital part of SQL query optimisation, in which rewrite rules are applied to a query to transform it into forms with (hopefully!) a lower execution cost. Clearly when a query is rewritten we still want it to mean the ... Continue Reading

ActiveClean: Interactive data cleaning for statistical modeling

October 4, 2017 ~ Adrian Colyer ~ 4 Comments

ActiveClean: Interactive data cleaning for statistical modeling Krishnan et al., VLDB 2016 Yesterday we saw that one of the key features of a machine learning platform is support for data analysis, transformation and validation of datasets used as inputs to the model. In the TFX paper, the authors reference ActiveClean as an example of data ... Continue Reading

the morning paper

a random walk through Computer Science research, by Adrian Colyer
Made delightfully fast by strattic

Month: October 2017