Monday, April 29, 2019

How Software Was Egregiously (and Poorly) Used to Hide Major Engineering Deficiencies

In this article on IEEE Spectrum, we read:

It is astounding that no one who wrote the MCAS software for the 737 Max seems even to have raised the possibility of using multiple inputs, including the opposite angle-of-attack sensor, in the computer's determination of an impending stall. As a lifetime member of the software development fraternity, I don't know what toxic combination of inexperience, hubris, or lack of cultural understanding led to this mistake. But I do know that it's indicative of a much deeper problem. The people who wrote the code for the original MCAS system were obviously terribly far out of their league and did not know it.
So Boeing produced a dynamically unstable airframe, the 737 Max. That is big strike No. 1. Boeing then tried to mask the 737's dynamic instability with a software system. Big strike No. 2. Finally, the software relied on systems known for their propensity to fail (angle-of-attack indicators) and did not appear to include even rudimentary provisions to cross-check the outputs of the angle-of-attack sensor against other sensors, or even the other angle-of-attack sensor. Big strike No. 3... None of the above should have passed muster. None of the above should have passed the "OK" pencil of the most junior engineering staff... That's not a big strike. That's a political, social, economic, and technical sin... 
The 737 Max saga teaches us not only about the limits of technology and the risks of complexity, it teaches us about our real priorities. Today, safety doesn't come first -- money comes first, and safety's only utility in that regard is in helping to keep the money coming. The problem is getting worse because our devices are increasingly dominated by something that's all too easy to manipulate: software.... I believe the relative ease -- not to mention the lack of tangible cost -- of software updates has created a cultural laziness within the software engineering community. Moreover, because more and more of the hardware that we create is monitored and controlled by software, that cultural laziness is now creeping into hardware engineering -- like building airliners. Less thought is now given to getting a design correct and simple up front because it's so easy to fix what you didn't get right later.
The article also reveals that: "not letting the pilot regain control by pulling back on the column was an explicit design decision. Because if the pilots could pull up the nose when MCAS said it should go down, why have MCAS at all?  ...MCAS is implemented in the flight management computer, even at times when the autopilot is turned off, when the pilots think they are flying the plane." 

Tuesday, April 23, 2019

Knowledge Worker Productivity Improvements with Machine Learning

Leveraging machine learning to enhance capabilities that can recognize context, concepts, and meaning means there are interesting new opportunities for collaboration between knowledge workers and computational power. For example, Bluedog’s experts can now provide more of their own input for training, quality control, and fine-tuning of algorithm-based outcomes. We use the computational power of our servers to augment the expertise of human collaborators — this helps to create new areas for our experts to leverage.

For example, at Bluedog, we utilize several algorithm-based tools to help us quickly assess opportunities for our clients. We extract information from Word Documents locally for multiple uses. With one tool, we take advantage of each Word document’s XML metadata. From there, we use a regex library to find each targeted word or phrase in the document, then adding them to a list. Our toll then performs for-loops to scan for relevant patterns in the XML to extract data.

Knowledge workers — the staff or consultants who reason, create, decide, and apply insight into non-routine cognitive processes — can contribute to redesigning work process roles and team member roles. Consider financial auditing, where AI is likely to become pervasive. Often, when AI offers a finding, the algorithm’s reasoning isn’t obvious to the accountant, who ultimately must offer an explanation to a client — characteristic of the “black box” problem. To improve this outcome, Bluedog recommends providing an interface so experts to enter concepts they deem important into the system and be provided with a means to test their own hypotheses. In this way, we recommend making models accessible to common sense. 

As cybersecurity concerns mount, organizations have increased the use of instruments to collect data at various points in their network to analyze threats — and to address “Internet-of-Things” (IoT) devices. However, many of these data-driven systems do not integrate data from multiple sources. Nor do they incorporate the common-sense knowledge of cybersecurity experts, who know the range and diverse motives of attackers, understand typical internal and external threats, and appreciate the degree of risk to an organization. 

Bluedog’s experts specify the use of Bayesian models — which employ probabilistic analysis to capture complex interdependence among risk factors —  combined with expert systems judgment. In cybersecurity for enterprise networks, complex factors may include large numbers and types of devices on the network. It is crucial to access the knowledge of the organization’s security experts about attackers and risk profile to better intercept cybercriminals.

Monday, April 22, 2019

SIFT Score - the West's Answer to China's Social Credit Rating. Thanks, Big Brother

Data on what you buy, how, and where is secretly fed into AI-powered verification services, according to the Wall Street Journal. These are supposed to help companies guard against credit-card and other forms of fraud.

More than 16,000 signals are analyzed by a service called Sift, which generates a "Sift score," used to flag devices, credit cards and accounts that a vendor may want to block based on a person or entity's overall "trustworthiness" score. From the Sift website: "Each time we get an event -- be it a page view or an API event -- we extract features related to those events and compute the Sift Score. These features are then weighed based on fraud we've seen both on your site and within our global network, and determine a user's Score. There are features that can negatively impact a Score as well as ones which have a positive impact."

The system is similar to a credit score except there's no way to find out your own Sift score. This sounds a lot like the data that China's social credit system, in part, uses. In the PRC, a person's social score can vary depending on their behavior. The exact methodology is a secret — but examples of infractions include bad driving, smoking in non-smoking zones, buying too many video games and posting fake news online. While Edward Snowden certainly demonstrated the global extent of the US surveillance state, corporate entities have not implemented anything on the level of the Chinese social scoring system. Yet.

Thursday, April 18, 2019

Using Containers for Secure Web Services

Containers are a means to install and run applications in an isolated environment on a server (physical or virtual). The application running inside a container is limited to resources (CPU, memory, disk, process space, users, networking, volumes) allocated for that container. Access is limited to that container’s resources to avoid conflict with other containers. Think of a container as an isolated sandbox for an application to run in.

The concept is similar to virtual machines, but containers use a light-weight technique to achieve resource isolation, whereby they use the Linux kernel (as opposed to a hypervisor-based approach taken by virtual machines). Containers issue Linux commands to make use of a subset of system resources.

Docker is a popular tool to create and start a container. Docker Community Edition (CE) is ideal for developers and small teams looking to get started with Docker and experimenting with container-based apps. It enables packaging of an app with all its dependencies and libraries.
Here’s more information on using AWS to build secure services with containers.

Tuesday, April 16, 2019

End of The Jasons? Who Will Lead if this brain trust is disbanded?

The Department of Defense says is ending a decades-long, open-ended agreement with a legacy science advisory board, a move that has set off alarm bells for some analysts. But the department has not ruled out relying on that office for more information in the future.

The Jasons — an important advisory committee that assessed many difficult issues. Named for Jason of the Argonauts, luminaries on this panel answered (in secret) pressing questions the government had, such as:  Are there UFO? No. Should we nuke Vietnam? Also, no. What is Quantum Computing? Using the spin of quarks like bits. All answered in the 1960s!

As a Federally Funded Research Bureau (FFRB), MITRE doesn’t implement ideas, only the non-profit only consults. After WWII, the government decided it would not be caught with its pants down again (having been severely understaffed after the Depression, at the start of the war). MITRE and other FFRBs are funded as a percent of the total budget — MITRE isn’t taking work from contractors, it is providing neutral oversight and guidance. 

Read more about the Jason at 

Monday, April 15, 2019

This day - April 16, 1178 BCE - was the Return of Odysseus to Ithaca after his Travels

On this day, in 1178 BCE, Odysseus arrived in Ithaca, having begun his way home when the Trojan War ended. He had served ten years as one of the most distinguished leaders of the Greeks. His voyage was fraught with perils: the Cyclopes, Sirens, Scylla and Charybdis, and other obstacles.

Read about it at

Automation from Robots -- What Jobs are at Risk?

Twelve jobs have a 99 percent chance of being automated, according to a study by Oxford:

  • Data Entry Keyers
  • Library Technicians
  • New Accounts Clerks
  • Photographic Process Workers and Processing Machine Operators
  • Tax Preparers
  • Cargo and Freight Agents
  • Watch Repairers
  • Insurance Underwriters
  • Mathematical Technicians
  • Hand Sewers
  • Title Examiners, Abstractors, and Searchers
  • Telemarketers

Whenever a job has a pattern of repetitive activities, they are most likely to be replicated with machine learning algorithms. Most studies on automation stop short of saying that jobs will be completely eliminated by automation. Rather, workers will be redeployed.

Automation is coming to the most common jobs...

Graphic courtesy of

Friday, April 12, 2019

Project Management Tools - Analog and Digital - Have a Place in Agile

The value of cloud-based task and project management software is obvious -- link teams, keep all information in one place, automate workflow and progress monitoring.

With a good interface, an online tool enables teams to manage Agile projects to plan, assign, prioritize and track tasks efficiently. Use drag 'n drop kanban and backlog/sprint planners for easy and smooth overviews and assignments of tasks.

In the case of scrum, we find there will be multiple sprints. Teams needs to plan quickly for each daily standup. Does this preclude upfront identification of milestones with a WBS? Marrying the two styles is not as incompatible as one might think.  One can use an issue tracker as a to-do list that is focused on accountability. Such issues are the building blocks for progress and can be classified as tasks, bugs, or change requests. Being able to plan out milestones on Gantt charts might seem a strange crossover when applying Agile project management techniques such as Scrum or Kanban. But a timeline-based view of tasks and sub-tasks can aid in communication.

When a project management tool is highly integrated with Git, Subversion, or other code repositories, an integrated workflow is possible. We have found using a wiki to document projects is handy for its simplicity of use.

Read more here...

Wednesday, April 10, 2019

Google is Delivering Packages via Drone in Australia

Touted as the world's first commercial drone deliveries, a Google-funded startup won approval from the Australian aviation authority. Civil Aviation Safety Authority (CASA) gave approval to Wing -- a subsidiary of Google's parent company Alphabet -- to deliver packages via unmanned aerial vehicle. An earlier trial of the service proved successful. At the moment, about 100 homes in a suburb of Canberra will initially be eligible for the drone deliveries. A wider roll-out is expected. The Wing team started as an ambitious "moonshot" project inside Google X, testing drones in Australia since 2014.