ARCHITECHT Daily: The 'cloud is more secure' argument is looking a lot better in the IoT era

The WannaCry attack over the weekend ginned up a lot of discussion about software business models and
ARCHITECHT Daily: The 'cloud is more secure' argument is looking a lot better in the IoT era
By ARCHITECHT • Issue #76
The WannaCry attack over the weekend ginned up a lot of discussion about software business models and who’s ultimately responsible for securing outdated software. However, we would all be wise to consider that everything we’re deploying today runs the risk of being outdated down the road, as well. Today’s unpatched Windows XP desktops are tomorrow’s unpatched smart devices and sensors.
Here are three good takes on this problem—only one related to WannaCry, but all making the same general point about securing connected hardware:
  • WannaCry about business models (Stratechery): Ben Thompson makes a convincing argument for SaaS (as if it still needed one), but read the last paragraph, which begins ominously like this: “The big remaining challenge will be hardware: the business model for software-enabled devices will likely continue to be upfront payment, which means no incentives for security.”
  • Father of the internet: ‘AI stands for artificial idiot’ (Nextgov): Vint Cerf, speaking to a D.C. audience at an IoT conference: “Some devices last for decades, who is going to maintain that software 30 or 40 years? If the company that built it goes out of business, who has access to the source code?”
  • Why hardware engineers have to think like cybercriminals, and why engineers are easy to fool (IEE Spectrum): Security expert Scott Borg, speaking at a conference on sensors: ““Yesterday, I saw tanks full of dangerous chemicals, controlled by computers moving things in and out. I immediately thought about which would be the prevailing direction of wind and how you could rupture the tanks with cyberattack. Whenever I look at an appliance, I think what could be done to it that causes maximum damage and embarrassment.”
The cloud will clearly play a big role in helping secure IoT devices while the companies selling them still care to do so. Already, you see Microsoft and Amazon Web Services bridging the gaps between local compute and cloud backends, with Microsoft in particular talking a lot about managing IoT devices at scale—including work to secure communications between hardware and cloud servers. For certain device types, it wouldn’t be too crazy an idea to drive down the upfront costs of devices via a SaaS-like model, thus ensuring patches and other updates happen automatically and without disruption.
This doesn’t answer the question about who’s actually going to manage all these devices decades (or, in the case of startups, 5 years) down the road, but it actually could provide a good starting point. With the right cloud-based business models—probably combined with some amount of smart regulations, smart contracts and open source code—we can hopefully can get a handle on IoT security before the space really explodes and it’s far too late.

Sponsor: Cloudera
Artificial intelligence
ParlAI, Facebook’s new platform for training/building advanced conversational AI seems like a good step toward the creation of games, bots, assistants, etc., that actually seem intelligent. The Mechanical Turk integration is pragmatic because machines can’t do everything.
The investment was announced back in March around the same time as other big Canadian investments in AI, but now Quebec is building the committee to get its plans in place.
This is interesting work to meld different instruments into a “new” instrument, but I’m not holding my breath on an AI music revolution yet.
AI (or, more accurately, machine learning) in law firms is a big topic of conversation lately. Here’s a good—but probably nowhere near exhaustive—list of companies working in that space. 
This is a good and level-headed assessment of Nvidia’s recent announcements, and how its inclusion of tensor cores, as well as an open source Deep Learning Accelerator, could help the company own IoT.
This is interesting, because Inspur sells custom servers, not AI libraries. On the other hand, tweaking Caffe to use MPI and then jamming a box full of GPUs to run it could be a good way to move units.
The two companies have partnered on hyperconverged systems sporting IBM power chips, claiming an advantage for AI and machine learning workloads. This does not seem like something the world is demanding right now.  •  Share
This is a good explanation from an Nvidia GM on how AI and supercomputing models differ, and how they can work together. 
This is a really interesting explanation of the human-computer interaction issues that companies doing digital assistants must consider. If it sounds real, we expect more and start speaking casually, which is a bad combination.
OpenAI continues to do interesting work, all out in the open as the name suggests. Presumably, Roboschool could be valuable for both robotics as well as video games and other digital situations where realism matters.
Similar in theory to Roboschool (above), Microsoft Research’s AirSim provides a more-realistic simulation environment for drones, which can then provide lots of training data for machine learning models that will help power them in the real world.  •  Share
Some research into one of the bigger challenges for general-purpose AI: learning to interact with new environments. The idea here is that if you can encourage “curious” behavior be rewarding exploration, the system will be better at exploring in new scenarios.  •  Share
Cloud and infrastructure
This short interview provides a nice jumping-off point for learning about why people seem to love Kubernetes, and what projects are related. However, there is also a whole slew of “cloud-native” or container tech not directly under its umbrella.
It’s an analytics platform for connected devices, targeting industrial internet use cases like oil & gas. 
As the author explains, there are pricing and buying models for Microsoft’s Azure-in-a-box product that might be more cloud-like. On the other hand, companies are used to buying software in a certain way. 
It’s for monitoring and managing the performance of mobile apps. I didn’t realize VMware had such an interest in mobile, especially considering most new mobile apps probably won’t be built on its hypervisors. 
Media partner: GeekWire
All things data
I wrote about this back in March, and I’ll reiterate: Patient/consumer/etc. data should be treated with the utmost care. Also, companies sometimes need lots of data to train a model. Finding the right balance is really hard.
Graph databases are an important part of the landscape, as highlighted by the popularity of Neo4j, as well as projects from Microsoft and IBM/Google. We’re a long way from ubiquity, though.
Listen the the ARCHITECHT Show podcast. New episodes every Thursday!
Did you enjoy this issue?
The most interesting news, analysis, blog posts and research in cloud computing, artificial intelligence and software engineering. Delivered daily to your inbox. Curated by Derrick Harris. Check out the Architecht site at
Carefully curated by ARCHITECHT with Revue. If you were forwarded this newsletter and you like it, you can subscribe here. If you don't want these updates anymore, please unsubscribe here.