Computing machinery and intelligence

October 20, 2017October 15, 2017 ~ adriancolyer ~ 9 Comments

Computing machinery and intelligence A.M. Turing, MIND 1950 This is most certainly a classic paper. We’ve all heard of the ‘Turing Test,’ but have you actually read the paper where Alan Turing defines it? I confess I hadn’t until recently, and there’s a whole lot more to it than I was expecting. Yes, it describes … Continue reading Computing machinery and intelligence

Serverless computing: economic and architectural impact

October 19, 2017October 27, 2017 ~ adriancolyer ~ 18 Comments

Serverless computing: economic and architectural impact Adzic et al., ESEC/FSE’17 Today we have another paper inspired by talks from the GOTO Copenhagen conference, in this case Gojko Adzic’s talk on ”Designing for the serverless age.” It’s a case study on how serverless computing changes the shape of the systems that we build, and the (dramatic) … Continue reading Serverless computing: economic and architectural impact

On understanding software agility – a social complexity point of view

October 18, 2017October 15, 2017 ~ adriancolyer ~ 3 Comments

On Understanding Software Agility - A Social Complexity Point Of View Joseph Pelrine, E:CO 2011 With the background understanding of the Cynefin framework under our belts, today we turn our attention to the paper recommended by Linda Rising in her GOTO Copenhagen conference keynote earlier this month: “On understanding software agility - a social complexity … Continue reading On understanding software agility – a social complexity point of view

The new dynamics of strategy: sense-making in a complex and complicated world

October 17, 2017October 7, 2017 ~ adriancolyer ~ 8 Comments

The new dynamics of strategy: Sense-making in a complex and complicated world Kurtz & Snowden et al., IBM Systems Journal, 2003 Tomorrow we’ll be taking a look at a paper recommended by Linda Rising during her keynote at GOTO Copenhagen earlier this month. Today’s choice provides the necessary background to the Cynefin (Kin-eh-vun) framework on … Continue reading The new dynamics of strategy: sense-making in a complex and complicated world

“A Rail of One’s Own” – Creating spaces for women in IT

October 16, 2017October 6, 2017 ~ adriancolyer ~ 3 Comments

“A Rail of One’s Own” - Creating Spaces for Women in IT Laugwitz, GenderIT 2014 I had the good fortune of chatting with Laura Laugwitz over breakfast on my last day before leaving the GOTO Copenhagen conference. She studied both anthropology and computer science, which must be a pretty rare but very interesting combination! “A … Continue reading “A Rail of One’s Own” – Creating spaces for women in IT

BadNets: Identifying vulnerabilities in the machine learning model supply chain

October 13, 2017October 5, 2017 ~ adriancolyer ~ 5 Comments

BadNets: Identifying vulnerabilities in the machine learning model supply chain Gu et al., ArXiv 2017 Yesterday we looked at the traditional software packages supply chain. In BadNets, Gu et al., explore the machine learning model supply chain. They demonstrate two attack vectors: (i) if model training is outsourced, then it’s possible for a hard to … Continue reading BadNets: Identifying vulnerabilities in the machine learning model supply chain

CHAINIAC: Proactive software update transparency via collectively signed skipchains and verified builds

October 12, 2017October 5, 2017 ~ adriancolyer ~ 1 Comment

CHAINIAC: Proactive software-update transparency via collectively signed skipchains and verified builds Nikitin et al., USENIX Security ‘17 So hopefully you’ve put in place some kind of software supply chain management process that will pick up the availability of new package versions, particularly of course those with fixes for discovered vulnerabilities, and ensure those updates are … Continue reading CHAINIAC: Proactive software update transparency via collectively signed skipchains and verified builds

TrustBase: an architecture to repair and strengthen certificate-based authentication

October 11, 2017October 5, 2017 ~ adriancolyer ~ 1 Comment

TrustBase: an architecture to repair and strengthen certificate-based authentication O’Neill et al., USENIX Security 2017 We recently saw that the sorry state of DNSSEC makes it comparatively easy to be sent to the wrong address when looking up a hostname. If certificate-based authentication is messed up as well, then it’s double trouble as you can … Continue reading TrustBase: an architecture to repair and strengthen certificate-based authentication

Pretzel: email encryption and provider-supplied functions are compatible

October 10, 2017September 29, 2017 ~ adriancolyer

Pretzel: email encryption and provider-supplied functions are compatible Gupta et al., SIGCOMM’17 While emails today are often encrypted in transit, the vast majority of emails are exposed in plaintext to the mail servers that handle them. Given the sensitive information often contained in email correspondence, why is this? Publicly, email providers have stated that default … Continue reading Pretzel: email encryption and provider-supplied functions are compatible

Detecting credential spearphishing attacks in enterprise settings

October 9, 2017September 27, 2017 ~ adriancolyer ~ 2 Comments

Detecting credential spearphishing attacks in enterprise settings Ho et al., USENIX Security 2017 The Lawrence Berkeley National Laboratory (LBNL) have developed and deployed a new system for detecting credential spearphishing attacks (highly targeted attacks against individuals within the organisation). Like many anomaly detection systems there are challenges of keeping the false positive rate acceptable (not … Continue reading Detecting credential spearphishing attacks in enterprise settings