Marcel Brown: November 8, 1895. German physics professor Wilhelm Röntgen stumbles upon what he would later describe as “X-rays” while experimenting with electrical discharge tubes. Curious as to what was causing a faint green glow on a nearby fluorescent screen, Röntgen began systematically studying the unknown rays and published the first paper on the phenomenon less than two months later.

Edwin Kwan: Google Play Store has rolled out a new badge to highlight apps that have been independently security reviewed. Google has emphasized that the security validation process only checks if a developer has prioritized security and privacy practices, it does not imply that the validated app is free of vulnerabilities.

Katy Craig:  In recent years, Chinese state-sponsored cyber operations have transformed into a more mature and coordinated threat. They now focus on exploiting vulnerabilities in public-facing security and network appliances, both known and zero-day. Chinese cyber-enabled economic espionage has evolved towards a more targeted approach, supporting specific strategic and geopolitical goals, such as the Belt and Road Initiative.

Olimpiu Pop: BigCode is an initiative from HuggingFace to provide open-source, state-of-the-art models for code generation. StarCoder is one of the stars, maybe the brightest. It was the outcome of refined training with Python tokens of StarCoderBase.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Security Assessed Apps Now Receives Badge on Google Play Store

Google Play Store has rolled out a new badge to highlight apps that have been independently security reviewed.

This is Edwin Kwan from Sydney, Australia.

Apps that have undergone a Mobile Application Security Assessment or MASA audit will now have a badge in the app’s data safety section on the Play Store. This helps provide more transparency and allows users to make informed choices when downloading the apps.

App developers can now get their app independently validated against a global security standard, such as the MASVA, the Mobile Application Security Verification. There are currently six authorized lab partners that developers can reach out to get their apps tested.

Testing will be done against the public version of the app available in the Play Store, and the testers will flag any potential security issues that requires remediation. Once all the requirements are met, the lab will send a validation report directly to Google as confirmation, allowing the developers to declare the security badge on their data safety form.

The process from initial assessment to badge availability takes around 2 to 3 weeks. Google has emphasized that the security validation process only checks if a developer has prioritized security and privacy practices, it does not imply that the validated app is free of vulnerabilities.

Resources
– Hacker News: https://thehackernews.com/2023/11/google-play-store-introduces.html

 

Olimpiu Pop
StarCoder – An Open Source State Of The Art Code LLM

My first touch-point with large language models and their code generation abilities was two years ago when I first wrote an article about GitHub’s Copilot. It was a long way from being a real help. Last November, the keynote provided by Life Architect Alan D. Thompson was a real wake-up call. The abilities of generative AI reached a truly impressive state. The biggest hurdles for me are ethical and environmental. It’s pointless to pay huge amounts in carbon quota, especially for selfish reasons.

As spoken previously, BigCode is an initiative from HuggingFace to provide open-source, state-of-the-art models for code generation. StarCoder is one of the stars, maybe the brightest. It was the outcome of refined training with Python tokens of StarCoderBase. This model is a code LLM trained on data from GitHub- commits, issues, and Jupyter notebooks.

The models demonstrated superior performance on coding benchmarks like HumanEval compared to existing models like PaLM, LaMDA, or OpenAI’s code-cushman-001. This was the initial model used by Copilot. StarCoder is useful for a range of code applications like autocompletion, editing, and explanation. More than code, the model is useful like the tech assistant too.

The model was released under OpenRAIL license to ensure its openness, and it’s accompanied by model weights, training code, evaluation tools, a PII dataset, and a pre-processed dataset. A StarCoder chat and a visual studio extension make it easier to use for users to interact with it. The model proves that even smaller models with proper training, correct weights can be really useful.

On 505updates.com you can find the transcript and resources. Olimpiu Pop, reported from Transylvania, Romania.

Resources
– Hugging Face: https://huggingface.co/blog/starcoder

 

Katy Craig
China’s Global Cyber Power

In recent years, Chinese state-sponsored cyber operations have transformed into a more mature and coordinated threat. They now focus on exploiting vulnerabilities in public-facing security and network appliances, both known and zero-day. This shift is driven by various internal and external factors, making it harder to detect their activities and posing significant challenges for defenses.

This is Katy Craig in San Diego, California.

. This shift has implications for governments and corporations, emphasizing the need for robust defensive measures.

China’s increasing focus on exploiting zero-day vulnerabilities in public-facing appliances remains a notable tactic for accessing global targets, especially as organizations adopt cloud services.

While China’s cyber capabilities continue to grow, their geopolitical ambitions may lead to increased intelligence gathering and strategic reconnaissance activities. Targeting critical infrastructure is part of their preparation for potential future actions. Given China’s substantial investment in offensive cyber operations, they are poised to become a dominant global force in cyber espionage and information warfare, highlighting the importance of robust cybersecurity measures on a global scale.

This is Katy Craig. Stay safe out there.

Resources
– Record Future: – https://go.recordedfuture.com/hubfs/reports/cta-2023-1107.pdf

 

Marcel Brown
This Day, November 8, in Tech History

This is Mark Miller sitting in for Marcel Brown this week, bringing you some technology history for November 8th.

November 8, 1895. German physics professor Wilhelm Röntgen stumbles upon what he would later describe as “X-rays” while experimenting with electrical discharge tubes. Curious as to what was causing a faint green glow on a nearby fluorescent screen, Röntgen began systematically studying the unknown rays and published the first paper on the phenomenon less than two months later.

He referred to the rays as “X,” indicating that they were an unknown form of radiation at the time. The name has stuck, although in different languages, X-rays are referred to as Röntgen rays, in tribute to his discovery.

Incidentally, Röntgen was awarded the very first Nobel Prize in Physics in 1901 for his work on X-rays.

November 8, 2006. Windows Vista was released to manufacturing and became available on January 30, 2007 on the Windows Marketplace. It was the first release of Windows to be made available through a digital distribution platform.

Microsoft characterized the retail packaging for the Windows Vista as ” designed to be user-friendly, a small, hard, plastic container designed to protect software inside for lifelong use.” Well, a short two years later, Vista was succeeded by Windows 7, which retained and refined many of the features that Vista introduced.

That’s your technology history for today. For more, tune in tomorrow, or visit Marcel’s website, ThisDayInTechHistory.com.

Resources
– https://thisdayintechhistory.com/11/08