2-year contract

About Us

Singapore Management University is a place where high-level professionalism blends together with a healthy informality. The 'family-like' atmosphere among the SMU community fosters a culture where employees work, plan, organise and play together building a strong collegiality and morale within the university.

Our commitment to attract and retain talent is ongoing. We offer attractive benefits and welfare, competitive compensation packages, and generous professional development opportunities all to meet the work-life needs of our staff. No wonder, then, that SMU continues to be given numerous awards and recognition for its human resource excellence.

Job Description

You may be asked to participate in the development of use cases and delivery of proof-of-concept prototypes for government and industry partners in the areas of computable contracts and "rules as code". Experience in requirements analysis and agile, iterative methodologies will be useful at this stage.The work of the team will be largely determined by these use cases and customers. We will work with multipleuse cases so that we can abstract across them and develop generalized, reusable infrastructure. We will work with specific customers so we can build useful applications on top of that infrastructure.You will contribute to the design and development of open-source software written to serve those use cases.You will work as part of a team of research engineers, developers, and domain expertise and you will beexpected to actively participate in team meetings and text-based communications. You will be expected to beactive members of the applied research community, by validating and contributing to advances incomputational law.

You may be asked to conduct use-inspired research at the direction of the Principal Investigator. This includes:

You will be expected to participate in software development; this includes:

Qualifications

Researchers under the Programme should possess both mastery of their academic speciality, and demonstrated practical experience producing and supporting high-quality open-source code through community engagement across multiple media. Candidates must have Bachelor's, Master's, Ph.D., or alternative qualifications in computer science, software engineering, (symbolic) artificial intelligence, computational linguistics, or formal methods.

Fluency in multiple natural languages, and any experience with law, are a plus.

This specialist role requires skills in the following areas (one or two in each category is sufficient):

Open-Source Software & Open-Standard Infrastructure Engineering Internet Unix TCP/IP HTTP(S) XML JSON Schemas YAML Git Github Technical Writing Developer Relations and Evangelism

Programming Languages and Frameworks: Preferred: Haskell or OCaml. Python. Possible alternatives: Common Lisp Racket Scheme Javascript / Typescript / Node.

Formalization of Contracts, Rules, and Business Logic: Akoma Ntoso LegalRuleML Petri Nets Drools iLog OPA Neota Logic Constraint Handling Rules ICAIL JURIX RuleML+RR

Semantic Web and Ontologies: RDFa RDFt RDF RIF SWRL OWL Cyc KBpedia SUMO UFO Protg or a commercial rules engine with ontology support

Model Driven Architecture: UML BPMN DMN OCL SBVR Statecharts Activity Diagrams Parnas Tables Logics: Hoare

Logic Kripke structures Modal mu-calculus Dynamic Logic Deontic, Temporal, and Epistemic modals Situation Calculus Process Calculi Multivalent logics Defeasible Logic BDI Abductive Logic F-Logic Intuitionistic Non-monotonic Logics Skolemization Well-Founded Semantics Good Old-Fashioned Artificial Intelligence and Semantic Web

Knowledge Representation and Reasoning: Lisp Prolog F-Logic Drools Oracle Policy Manager Flora-2 Datalog Answer-Set Programming Defeasible Logic Expert Systems DocAssemble lps.doc.ic.ac.uk

Skills listed below this line are preferred but not required:

Theorem Proving and Strongly Typed Languages: CoQ Agda Idris Lean Prover F* Advanced Haskell (Template etc) OCaml Elm Isabelle/HOL StrangeLoop Pony

Model Checkers and SAT/SMT solvers: Z3 PAT SMTlib NuSMV SPIN Sentient

IDEs, Language Workbenches, and PLT frameworks: K Framework JetBrains MPS IDEs (Vim, Emacs, Visual Studio Code, Atom, Sublime Text) Language Server Protocol Rule Systems and Logics

Computational Linguistics Natural Language Generation Computational Semantics (in Haskell, Prolog, or Lisp) Montague Semantics Grammatical Framework Text planning Surface realization Familiarity with: WordNet FrameNet SenseNet Controlled Natural Languages Attempto Controlled English ACErules

Parsers, Compilers, and Programming Language Theory Lex/YACC alex/happy Bison CFGs EBNF BNFC

Formal Verification and Specification Languages Some familiarity with any of: TLA+ Alloy IVy B Method Z notation VDM++ LTL CTL

App Development Test-Driven Development Continuous Integration Software Project Management Agile / XP / Scrum Pair Programming Literate Programming Unit Testing Amazon Web Services Docker Full-Stack Development

Read the original:

Senior Research Engineer, Symbolic AI, School of Law job with SINGAPORE MANAGEMENT UNIVERSITY | 242014 - Times Higher Education (THE)

Before people can return to work, school, or travel, they may soon have to prove that theyve been vaccinated for COVID-19. In order to both coordinate and track vaccination, a coalition of tech companies have come together to design an open-source standard for vaccination records that makes them portable between healthcare providers and certifies a persons COVID-19 vaccination history.

The Vaccine Credential Initiative is made up of tech companies Microsoft, Salesforce, and Oracle; healthcare providers Evernorth and the Mayo Clinic; and nonprofits Mitre, CARIN Alliance, Change Healthcare, Safe Health, and the Commons Project. It also includes Epic and Cerner, which make electronic records software used by more than 50% of the U.S. healthcare market, ensuring the standard will have broad reach. The Commons Project also works with the World Economic Forum, which has agreed to introduce the standard to participants in its global Common Trust Network as well as airline partners.

Traditionally, there wasnt a real need to ensure traceability and immutability in health information, says Paul Meyer, CEO of the Commons Project, which launched a health passport last year to help travelers prove theyd tested negative for COVID-19 before traveling. This week, Los Angeles County announced that students will have to get COVID-19 vaccinations once theyre available to them before returning to campus.

The new rules are likely to spur a black market for falsified immunization certification as it has already for fake test results. All of a sudden theres now a potential incentive to falsify the records, Meyer says. A common vaccination record could make it harder to fake certification.

Its very important that the digital health technologies that we create dont accentuate the digital divide in our society.

The Commons Project will use the new vaccination standard in its app, CommonPass, which stores a persons COVID-19 testing history and vaccinations. The company initially launched the app to help travelers prove to airlines theyve been tested for COVID-19. But the vaccination standard is open source and can be implemented in any app. The certification code can even be printed onto paper for those without a smartphone.

Its very important that the digital health technologies that we create dont accentuate the digital divide in our society and create more problems for underserved communities that might not have access to certain technologies, says Dr. Brian Anderson, chief digital health physician at Mitre, a nonprofit that works with government agencies on public projects. We believe that an open-source coalition based on an open-source readily available standard is part of the solution to ensuring equitability of access to this kind of verifiable credential.

Getting companies to embrace a single standard for vaccination records could pave the way for more open health records in general. A persons health history is typically difficult to share. Different electronic health records have their own proprietary methods of documenting health data and theyre not easy to transfer from one health system to another. Patients often struggle to get a copy of their full medical record.

This is all about empowering individuals and enabling individuals to exercise our legal rights under HIPAA [Health Insurance Portability and Accountability Act] and under the new HHS [U.S. Department of Health and Human Services] data-blocking rules, Meyer says. People actually have a legal right to their data.

The rest is here:

Here's how you'll prove you have a COVID-19 vaccination - Fast Company

Signal

Signal is a secure encrypted messaging app. Think of it as a more private alternative to WhatsApp, Facebook Messenger, Skype, iMessage, and SMS. Heres why you should seriously consider switching to Signal.

Signal is available for Android, iPhone, and iPad. Theres also a Signal desktop client for Windows, Mac, and Linux. To join, all you need is a phone number. Its free.

The user experience of Signal is just like WhatsApp, Facebook Messenger, and other popular chat apps. Its a messaging app with features like one-to-one messages, groups, stickers, photos, file transfers, voice calls, and even video calls. You can have group chats with up to 1000 people and group calls with up to eight people.

Signal isnt owned by a big tech company. Instead, Signal is developed by a non-profit foundation and is funded by donations. Unlike Facebook, Signals owners arent even trying to make money. Signal doesnt try to gather a bunch of data on you or show you advertisements.

While Signal has a very familiar interface, its very different under the hood. Your conversations in Signal are end-to-end encrypted, which means that not even the owners of Signal can monitor them. Only the people in the conversation can see them.

Signal is also completely open-source. The source code for the projects client apps and server software is available on GitHub.

All communications on Signalincluding one-to-one messages, group messages, file transfers, photos, voice calls, and video callsare end-to-end encrypted. Only the people involved in the communication can see them. The encryption happens between the individual devices using Signal. The company that operates Signal could not see these messages even if it wanted to. Signal actually created its own encryption protocol for this.

This is very different from traditional messaging apps. For example, Facebook has access to everything you say in Facebook Messenger. Facebook says it wont use the content of your messages for advertising, but are you confident that will never change in the future?

Sure, some other messengers offer encrypted messaging as an optional feature. But everything on Signal is encrypted, always and by default. Signal also offers other privacy features, including self-destructing (disappearing) messages that will automatically be removed after a period of time.

Facebook Messenger collects a lot of data about you, too. Most companies collect a lot of data. Signal tries not to.

Even if Signal is subject to a subpoena on you and forced to disclose what it knows about you, the company knows almost nothing about you and your Signal activity. Signal could reveal only your accounts phone number, last connection date, and account creation time.

In contrast, Facebook could reveal your full name, everything youve said on Facebook Messenger, a list of geographical locations youve accessed your account fromand so on.

Everything in your Signal appmessages, pictures, files, and so onis stored locally on your phone. You can manually transfer data between devices, but thats it.

Signals end-to-end encryption is its big feature. Thats why so many people are using Signalbecause theyre concerned about privacy. At the start of 2021, its been endorsed by everyone from Elon Musk to Twitter CEO Jack Dorsey and has shot to the top of Apple and Googles app store charts.

But Signal didnt come from nowhereit was founded in 2013. Its a widely respected piece of software thats long been used by privacy advocates and other activists. Edward Snowden endorsed Signal back in 2015.

At the start of 2021, Signal has reached even greater mainstream acceptance. WhatsApp is revamping its privacy policy to share even more data with Facebook, and many people clearly want to bring their conversations out of Mark Zuckerbergs view and embrace privacy.

While your communications on Signal are private, you arent anonymous. To sign up for Signal, you need a phone number. To talk to someone on Signal, your phone number is your identifier on Signal.

Thats by designSignal is designed to be a drop-in replacement for SMS. When you sign up for Signal and install the app, it will ask for access to the contacts on your phone. Signal securely scans your contacts to see which of them are also Signal usersit just examines the phone numbers and sees if those phone numbers are also registered on Signal.

So, if you and someone else communicate via SMS, you can both install Signal and easily switch. If you install Signal, you can see which of your contacts you can message via Signal instead of SMS. You dont have to ask them what their Signal handle isits just their phone number. (However, you can verify the safety numbers associated with a conversation to ensure youre talking directly with the person you think you are. Thats another useful security feature in Signal.)

If youre concerned about other people you talk to on Signal having your phone number, you can try signing up with a secondary phone number. But, realistically, if youre looking for a chat solution that isnt dependent on phone numbersfor example, an anonymous chat solution that just uses usernames instead of phone numbersthen Signal isnt what youre looking for.

Signal is simple to get started with. Just download the official Signal app from either Apples App Store for iPhone and iPador Google Play for Android. Go through the setup process to give Signal a phone number and access to your contacts. (Contact access is optional, but Signal is designed to work best with it.)

You can then start conversations from within the app. If you have someone in your contacts and that persons phone number is associated with a Signal account, youll see that you can contact them on Signal. Its seamless.

Want to start talking with someone on Signal instead of a different chat app? Just ask them to download it and sign up. Youll even get a notification when someone you know signs up for Signal.

You can also download the Signal desktop app for Windows, Mac, or Linux from the SIgnal Foundations website. This will sync messages from the Signal app on your phone to your computer. However, its optional.

RELATED: Can You Use Signal Without Giving It Your Contacts?

Continued here:

What Is Signal, and Why Is Everyone Using It? - How-To Geek

On the afternoon of January 6, as a giant crowd began to swarm the U.S. Capitol, Jason Moore, a 36-year-old digital strategist, was at home in Portland, Oregon, switching between CNN and MSNBC. I try not to get caught up in the sensationalism of cable news, he says, but admits he had to watch. Soon, concern became shock. I could not believe what I was witnessing, and also knew history was being made.

So he got to work. Moore is a veteran editor on Wikipedia, spending hours a day creating, shepherding, and policing articles. He started in 2007, ranging across topics of personal interest like music or architecture, but since early last year hes been focused on the pandemic and political protests. Just after 1:30 p.m. EST, as rioters and police clashed at the bottom of the Capitol steps, he wrote, On January 6, 2021, thousands of Donald Trump supporters gathered in Washington, D.C., to reject results of the November 2020 presidential election. He appended links to a couple of sources deemed reliable by the communityNPR and The Washington Postclicked save, and notified some other editors about his article. It was tentatively titled January 2021 Donald Trump Rally.

Was this really worthy of its own article, they asked? At that moment, protestersrioterswere battling with police, both sides spraying chemicals. It was hard to tell notability in the moment, Moore wrote under his username, Another Believer. But what were witnessing is unprecedented (like so many things lately).

While riotous, misinformation-fueled mobs were breaking into the buildingforcing lawmakers to evacuate, halting the counting of the Electoral College votes for several hours, and leaving several people deadanother kind of crowd began gathering to build upon Moores first sentence. After a brief trickle, Wikipedia veterans and newcomers quickly piled in, scrambling to add details, citations, and photos. On a popular Facebook group for editors, someone posted a warning to Wikipedians in D.C. who had gone to the scene to take photos: Please please please be safe! Your life is more important than getting the perfect media for Commons.

One admin soon changed the title from Rally to Protest. Another placed edit protections on the page to foil vandals. Debates erupted on the articles Talk page, its public discussion room, as editors wrestled with many of the same hard questions breaking out in newsroom Slack channels across the country. This is no longer just a protest, but what is it?

As facts came in, as editors double-checked and pruned according to Wikipedia standards, the text grew and shrank and grew again, so that only the most relevant verifiable and neutral language remained. Once other editors showed up to contribute, I aided, facilitated, and watched eagerly as the article developed, says Moore.

At the peak of editing, there was a change being saved every 10 seconds, estimates Molly White, an editor and administrator who began working on the article in its earliest minutes. Shes returned for hours every day since. It was one of those things where I was shocked and horrified at the news as it was unfolding, and felt like helping with the article was a more productive way to process everything than just doomscrolling, she says.

About 24 hours after the attack at the Capitol began, she and Moore and 406 other volunteers had crafted a detailed, even-keeled account of an event as it was unfolding5,000 words long, with 305 references. Those numbers have since mushroomed, along with page views: 1.8 million and counting.

And that was only the English version: By Thursday morning, there were already articles in more than 40 different languages, including Esperanto.

Theres an old joke about Wikipedias crowdsourced competence: Good thing it works in practice, because it sure doesnt work in theory. Its particularly true, White says, when it comes to hundreds of people all trying to write about a current event in real time, as sources publish conflicting and sometimes inaccurate information.

Still, the articlenow stretching to more than 15,000 words, or 90 printed pagesis far from perfect. Its the product of an editing community that tends to skew largely Western, white and male, with all of its biases and blind spots. Reckoning with those issues and testing each sentence for verifiability and neutrality can spark heated, incessant debate. And from the articles first hours, nothing has been more divisive than the title itself.

As police were finally pushing rioters out of the Capitol, a majority of editors agreed that the second title, 2021 Capitol Hill Protests, had to be changed. But was this a riot, an attack, a siege, a self-coup, an insurrection? The lack of organization seems to have similarities with the Beer Hall Putsch, one editor wrote in the hours after the attack. Someone else insisted on 2021 United States coup dtat attempt, and a few others agreed.

A few editors quoted from Wikipedia policy, WP:TITLE, which says articles should be named based on Recognizability, Naturalness, Precision, Conciseness and Consistency. Others pointed to a Wikipedia essay, WP:COUP, which explicitly says that the word should be avoided in a title unless the term is widely used by reliable sources. That evening, an editor named Spengouli noted, the Associated Press was advising journalists to not refer to the events as a coup, as they do not see the objectives of the invasion as being overthrowing the government.

Another editor chimed in with some alternatives: the New York Times [is] using the words riot and breach as well as storm; CNN is using riot and domestic terror attack; Fox is calling it Capitol riots. (Fox News, Wikipedias current policy advises, is generally reliable for news coverage on topics other than politics and science.)

In the early hours of Thursday, as Senators reconvened to certify the election, a growing crowd on Wikipedia was pushing for insurrection. Even Senate Majority Leader Mitch McConnell had called it a failed insurrection on the floor of the Senate, someone said; soon, others pointed out, NPR and PBS were readily using the term too.

Still, others insisted that per Wikipedia guidance, insurrection is a legal term and should be used only after a ruling by a court or by a successful impeachment vote by the U.S. Senate. As EDG 543, a Chicago-based editor, wrote on Wednesday evening, Biden, Romney, and a CNN opinion piece calling it an insurrection does not make it factual. Someone argued the event didnt meet the definition of insurrection in the Wiktionary, Wikipedias sister dictionary: A violent uprising of part or all of a national population against the government or other authority.

Except, as more details emerged, others said, it pretty much did meet that definition.

Trying to define exactly what something like this is as its happening is probably beyond us.

Trying to define exactly what something like this is as its happening is probably beyond us, Johan Jnsson, who goes by the handle Julle, wrote on Wednesday evening.

Frustration stretched the Talk page longer and longer. Open your eyes! one anonymous editor said. This is an armed white supremacist insurrection by a mob intent on overthrowing the incoming democratically elected government and installing God-Emperor Trump as dictator for life, motherfuckers! Why some of you want this to be titled rally, protest, or peaceful gathering of friends is beyond me.

Lets take a deep breath, wrote DenverCoder9 on Wednesday evening. The best articles are written with a cool head and we should aspire to that standard.

Wikipedia isnt supposed to be a source for breaking newsWikipedians explicitly say that the site is not a newspaper. Another oft-cited community guideline, WP:WINARS, insists, Wikipedia is not a reliable source.

Wikipedia is a work in progress, says Katherine Maher, CEO of the Wikimedia Foundation, the San Francisco-based nonprofit that operates Wikipedia. And we always say its a perfect place to begin learning, but you definitely shouldnt stop there.

But many of us do: Wikipedia is now considered reliable enough to serve as something like a central clearinghouse for facts online. Google depends on it to build its knowledge graph, while Facebook and YouTube use it to provide users with contextual information around false content.

Wikipedia is now considered reliable enough to serve as something like a central clearinghouse for facts online.

In fact, Wikipedia began honing its ability to quickly make sense of things during its earliest days, in the aftermath of another shocking event. The website was born 20 years ago this month, a spin-off of a project by two entrepreneurs, Jimmy Wales and Larry Sanger. Nine months later, a group of terrorists crashed passenger jets into the World Trade Center. Someone started a Wikipedia article, and a fledgling, pseudonymous self-built community of editors flooded in. The September 11 attacks were momentous for the site, helping establish and solidify some of its core standards, says Brian Keegan, a professor of social science at the University of Colorado Boulder.

Those standards include neutrality and verifiability but also those important rules about what Wikipedia is not. (A Wikipedians primary role is as editor, not a compiler or archivist, Animalparty reminded his colleagues on Monday night.) Twenty years later, says Keegan, coverage of breaking news topics like the coronavirus pandemic are still testing the Wikipedia community, and proving its surprising power.

It seems even more contradictory when a bunch of volunteers, in the absence of any sort of centralized editing authority or sort of delegation or coordination, is still able to produce these especially high-quality articles, he says.

As they watched tear gas wafting over the Capitol on TV, White and Moore jumped into ad hoc roles as quasi community organizers, shepherding conversations and handling a growing pile of edit conflicts and requests from users who didnt have permission to edit the page directly. For sensitive pages like this one, admins can switch on additional safeguards that restrict editing to accounts that are more than 30 days old with more than 500 edits, requiring all other edits to be approved.

That didnt stop the typical attempts at vandalism, falsehoods, and disinformation. Mostly there are the anonymous editors who vandalize or otherwise troll pages with high traffic, says Moore, the sorts of bad edits hed seen around COVID-19 and Black Lives Matter. But also there are well-meaning people who are genuinely misinformed, and others who introduce bias, purposefully or unknowingly.

Bad behavior doesnt go far here. While social platforms like Facebook and Twitter have lately taken a harder approach to policy violations, for instance by banning Trump and others linked with the Capitol attack, Wikipedia has consistently been swift to close the accounts of bad actors. Theres little appetite for feeding the trolls on the site, says Moore. Theres so much more important work to be done.

On the articles Talk page, editors shared news articles, aired concerns, and hashed out contentious edits, in theory according to the principles of assume good faith and be polite. On Wednesday, one visitor wrote a note of thanks. On Friday, someone who had attended the Trump rally beforehand sought to clarify the size of the crowd: 100s to less than 10,000 inside the Capitol, they wrote, and easily tens to a hundred thousand outside. By Sunday night, the discussion had flowered to more than 70 topics that ranged from formatting problems to questions about law, semantics, and philosophy. The crowd was processing this unthinkable event in open-source code.

The crowd was processing this unthinkable event in open-source code.

With each discussion came more editorial guidance from the sticklers: The names of criminal suspects do not belong in the encyclopedia; only the names of rioters convicted of crimes may be included. George R.R. Martin, a Reddit post, and an on-the-scene Instagram video are not reliable sources; in any case, Wikipedia relies only on secondary sources. Use more neutral, clearer language in general: Words like mob and baseless carry a value judgment; better to stick with rioters and false.

Were the people inside the Capitol best characterized as a mob or rioters? Were some merely protesters? Some editors urged caution with rioters, on the grounds that not all participants were violent. We used the same logic to not call the George Floyd protests the George Floyd riots, because violent rioters do not take away from what peaceful protesters do, Alfred the Lesser wrote on Thursday morning.

What a load of horseshit, wrote SkepticalRaptor, a nine-year Wikipedia veteran, on Sunday. Protestors is a weasel word that makes these treasonous insurrectionists appear to be roughly equivalent to BLM protestors (who actually protested). This story is about the attempted coup and the terrorist infiltration of the Capitol. They werent protestors, they were terrorists. I even think rioters is weasel wording. This seems like whitewashing that wed find in Conservapedia. Disgusting.

The battle over what words to use brought into stark relief a central distinction on Wikipedia: between whats accurate and what fits into an encyclopedia, between whats true and whats verifiable.

Wikipedia is about neutrality, so its very hard when theres no neutral word, DenverCoder9 told me in an email, after they had been furiously editing for spans of hours. You can see the ungodly amount of edits. Ive been editing [on Wikipedia] for a whileat least 20 months and Ive seen nothing like it before.

But tame neutrality or the appearance of neutrality can also be the product of bias or ideology: There may have been a protest, but describing the people raging in and around the Capitol as protesters downplays the violence and vileness, their confused and ugly intent. Call a spade a spade, someone said.

At 3 a.m. on Thursday, after more than 200 editors had weighed in, an admin changed the name of the article to 2021 storming of the United States Capitol. It was a stopgap measure, wrote CaptainEek, not a permanent solution. We say what sources say, and for the moment they seem to say storming,' they wrote.

Whitewashing, said an editor named Albertaont. This isnt some romantic Storming of the Bastille. Many agreed. On Thursday, Joanne Freeman, a professor of American history at Yale, shared her disapproval on Twitter: It romanticizes it. There are plenty of other words: Attacked, Mobbed, Vandalized. Use those instead. Words matter.

So one good idea would be never, ever to call the Sixth of January the Storming of the Capitol.

By Friday, a few editors pointed out, insurrection was one of the most used terms among reliable sources. Soon, Democrats were distributing articles of impeachment based on a charge of incitement of insurrection. A conviction by the Senate could add more credibility to the label.

Anyway, wrote Chronodm, a California-based editor, storming had other problems: Given Stormfront and The Daily Stormer, not to mention QAnons repeated use of storm, I really dont think its a neutral choice. Someone dropped in a link to a New Yorker essay by Jill Lepore, who was also shaken by the Nazi and QAnon links. So one good idea, she wrote, would be never, ever to call the Sixth of January the Storming of the Capitol.'

But Lepore doesnt edit Wikipedia. Other editors insisted that storming was an accurate enough description, and that Wikipedia doesnt bend to Nazis. We really shouldnt consider these fringe groups, DenverCoder9 replied on Friday. They produce so much nonsense you can find an association for every word, even OK. Consider words as meant by the average reader.

Of course, its not always clear how Wikipedias average readers interpret words, or even who those readers are. And just as new details emerge, the use and meaning of words change. The point is that words matter, and so the debates and the edits continue.

Moore, the articles first official author, expects the name to change again too, as media outlets hone in on specific descriptions and words over time, he says. He doesnt have a strong opinion about it. I am confident editors will determine the most appropriate name for the entry based on journalistic secondary coverage, as Wikipedia editors do.

Theres a lot of other work to do, says White: chronicling the injuries and deaths, the litigation, the reactions, the attempts to remove Trump. By Sunday, the article had reached 14,000 words, plus spin-offs, like a timeline of events and a compilation of international reactions. And as time goes on we will also document if and how the incident has established a lasting place in history, White says.

Like us, future historians will study the article to learn about what happened on January 6. And, as Slates Stephen Harrison and others have previously pointed out, if they look at the behind-the-scenes debates over language, at these first (and second and third) drafts of history, they could also see how we processed the event in real time. The articles Talk pages and edit histories could reveal things, says Keegan, that are easily lost in historical accounts that pick up threads with the benefit of hindsight.

What might those historians find? At a moment of information collapse and violent tribalism, many different people could still come together and agree on the tragic reality of what happenedwhatever we end up calling it.

*

Correction: Due to a typo, an earlier version of this article misidentified the first name of the Wikipedia articles first editor as David. Apologieshe is Jason Moore.

Read more here:

How Wikipedia is chronicling the Capitol attack in real time - Fast Company

Signal, an encrypted messaging app, has exploded in popularity recently, becoming the most downloaded free app on both the Google Play Store and Apple's App Store. We can't say for certain why, but Elon Musk recently recommended it to his 42.2 million followers on Twitter. It might be that some users are fleeing the Facebook-owned WhatsApp after some recent privacy policy changes, or Trump supporters who can no longer use Twitter and Parler.

These are all plausible explanations, but at least 10,000 Signal users can be attributed to a 12-year-old kid in India who created a somewhat popular clone of the encrypted chat app.

Dev Sharma, a Signal user from Melbourne, Australia, found the Signal clone when he encountered an unusual thing: Signal displayed a pop-up showing that their friend had just joined the app. Sharma messaged their friend, but the friend had never even heard of Signal, despite apparently using the app. The friend had downloaded a different app called "Calls Chat," according to a tweet from Dev.

It turned out, Calls Chat is actually a clone of Signal and lets users communicate with people on the legitimate Signal app.

The app may have been harmless in this instance, but its existence and thousands of downloads shows how it can be relatively easy for someone to take the open source code of Signal and repurpose it for their own means, potentially misleading users about what they're actually downloading in the process.

"I didn't know I was creating a clone of Signal, in fact I didn't even know such an app existed," Dheeraj, the boy who made the clone, told Motherboard in a phone call.

Do you know any other apps violating the Apple App Store or Google Play Store policies? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat onjfcox@jabber.ccc.de, or emailjoseph.cox@vice.com.

Signal did not respond to a request for comment. But Moxie Marlinspike, Signal's CEO and co-founder, said in a tweet that these sorts of clones "happen a lot unfortunately."

"Signal is OSS [open source software], so people will take the app, change the name and make the fonts Papyrus or something, put ads in it, then submit it to the Play Store," he added. "It's just a low-cost (for them) way for [people to] deliver ads/trackers/etc in the form of an 'app.'"

Dheeraj, in this case, just wanted to make an app during a COVID-related lockdown.

"I had learnt the basics of coding in school, but when I found myself with so much free time in the lockdown, I decided to explore my interest in coding apps. I got myself a computer and watched several YouTube videos to learn more about the software. Ive been using a phone since I was in the fourth grade, so Ive always wanted to make something for phones," he told Motherboard.

"Initially, my plan was to make an Indian made version of TikTok so people wouldn't have to use the Chinese version. But my experimentation and trials led me [to] creating a messaging app, Call Chat Messenger," he added. Last year, India banned nearly 60 Chinese-made apps, including TikTok and WeChat.

The Google Play Store bars developers from impersonating other apps or making others that are deceptive, however. Google told Motherboard on Wednesday that the chat app is no longer available on the Play Store.

Sneha Nair and Shamani Joshi contributed reporting.

Subscribe to our cybersecurity podcast CYBER,here.

Read the original post:

Thousands of Users Unknowingly Joined Signal Because of 12-Year-Old's App - VICE

Software delivery platform Harness announced that it will use its recent $115 million in funding to grow its engineering team, support global expansion plans, and extend its intelligent software delivery platform vision.

Harness provides an end-to-end platform for intelligent software delivery that implements machine learning to detect the quality of deployments.

Our goal is to create an intelligent software delivery platform that allows every company in the world to become as good in software delivery as the likes of Google and Facebook, said Jyoti Bansal, the CEO and co-founder of Harness.

Dynatrace integrates real-time vulnerability detection with Snyk Intel dataDynatraces Application Security Module now links the vulnerabilities that it finds to the Snyk Intel database of open-source vulnerabilities.

We built the Dynatrace platform to provide continuous automation and intelligence for dynamic, cloud-native environments. Extending it to application security, and enabling production detection in dynamic environments, was a natural step, said Bernd Greifeneder, the founder and CTO of Dynatrace.

Dynatrace Application Security is also optimized for Kubernetes architectures and DevSecOps approaches.

WhiteSource expands native support for IDEsThe new integrations for JetBrains Pycharm and Webstorm provide real-time visibility and control on open-source components for developers in their preferred IDEs.

With the new Pycharm and Webstorm additions, WhiteSource now supports six popular environments that also include JetBrains IntelliJ, Visual Studio, Visual Studio Code, and Eclipse.

These integrations empower developers to address open source security issues very early in the development process and resolve them easily, shortening release cycles, and saving valuable time and resources, WhiteSource wrote in an announcement.

Xamarin.Forms 5.0 releasedThe latest major release includes quality improvements and stable release of new features such as App Themes, Brushes, CarouselView, RadioButton, Shapes and Paths, and SwipeView.

Visual Studio 2019 is the minimum version required for the new Xamarin.Forms, and Microsoft encourages those who will update to remove DataPages and Theme packages from their solutions. Additional details on the best way to migrate are included here.

Xamarin.Forms 5.0 will continue to receive service releases through November 2022, Microsoft stated.

Original post:

news digest: Harness reaches $1.7 billion valuation, Dynatrace integrates with Snyk Intel data, and WhiteSource expands native support for IDEs - SD...

In the wake of a confusing and sometimes misreported change to Facebook-owned encrypted messaging service WhatsApps privacy policy, Signal Private Messenger has seen a rush of new users.

Millions of people have flocked to the non-profit app, which collects almost no personal data from its users. If youve recently made the switch or are thinking about doing so theres plenty of reasons why you should pick Signal instead of WhatsApp although there are other WhatsApp alternatives heres our guide to making the most of its privacy-enhancing features.

Signal provides end-to-encrypted one-to-one conversations, group text and multimedia chats including up to 1,000 people, and encrypted video and voice calls between groups of up to eight people on desktop or mobile devices. What you send to your contacts stays private, between just you and them.

Its available in the Android and iOS app stores, and there an official Android APK for users of Android variants without the Google Services Framework, such as Lineage OS and /e/. Your primary Signal device has to be a phone right now, but dedicated clients are available for computers and tablets without a mobile SIM, covering Windows, macOS, Linux, and iPad OS.

Once installed, youll have to connect Signal Desktop or iPad to your phone. When the desktop client shows you a QR code open Signal on your phone, go to > Settings > Linked devices and tap the plus sign icon at bottom right to open a QR scanner and connect your computer. Signal doesnt currently support using multiple mobile phones or more than one Android device on a single account.

If you lose access to the phone number your Signal account is linked to, you can still recover your account using your Signal PIN youre automatically prompted to create and regularly re-enter this to help you remember it. You can change it in Signals Privacy settings, disable reminders, and require that your PIN has to be provided to register Signal, even if the phone number remains the same, helping to protect against phone number hijacking.

The PIN can be disabled entirely in Settings > Advanced > Advanced PIN settings, and this means that no data will be restored when you re-register Signal with your phone number unless you create and restore a manual, password-protected backup via Settings > Chats and media > Chat backups.

When you first load it, Signal will ask for access to your phone contacts. If any of their phone numbers is associated with a Signal account, itll be automatically added to your Signal contacts list. To invite others, tap the icon at the top right and select Invite friends. This will generate a link to Signals mobile install page, which you can share to anyone in your address book via SMS by tapping the Share with contacts, or via other apps by hitting Choose how to share.

You can also set Signal as your default SMS app in > Settings > SMS and MMS, but remember that these messaging exchanges will not be encrypted. We recommend keeping your messaging apps separate so as to minimise potential confusion here.

If youre moving from WhatsApp to Signal, its likely that youll want to bring (or try to persuade) the people you chat with on the Facebook-owned messaging service across as well. Theres a simple way to create groups and share a link with other people that lets them join.

To start a Signal group, go to > New group and select the people you want to invite from your phone contacts or by entering their phone number. Once a groups been created this doesnt apply to legacy groups created before Signals October 2020 update you can add new people who arent in your phone contacts to it by tapping into the group then hitting > Group settings and scrolling down to the plus sign next to Add members.

Just above that, youll see an option called Group link tap it, then turn it on, and youll be able to generate a link thatll invite people to join your new group. This is hugely useful if you want to share a link with your entire WhatsApp group chat before you leave Facebooks services altogether.

For security, you can reset the link whenever you link and you can enable member request approval, which means that you or another admin will have to confirm everyone who wants to be added. The Group settings page shows everyone in the group, allows Admins to remove members and confer admin status on others, and, if youre a member of a group you can leave it or block it here.

Both Groups and direct conversations with one other person support disappearing messages, which youll find via the menu. You can set the duration for which theyll be visible here, as well. Once theyve expired, its not possible to retrieve them.

Finally, if you dont want to hear from someone ever again, an option at the bottom of your Conversation settings allow you to block all messages from that person.

When talking to others, either individually or in groups, youll see periodic messages about their safety number having changed. This usually happens if theyve reinstalled the app or switched to a different device.

If the conversation needs to be secure from man-in-the-middle attacks for instance if youre a journalist speaking to a confidential source then you should contact your interlocutor by other means and confirm your safety numbers. Tap on the notice telling you that your safety number has changed to display it. And if youd like to make sure your business isnt shared with anyone who might pick up your locked phone, go to Settings > Notifications > Show and select Name only or No name or message if you don't want full message previews to be displayed on your lock screen.

In the Privacy menu, you can enable additional security features, including a screen lock with the timeout of your choice, requiring your Android biometric or code unlock to open it, a screenshot blocker of the kind used to protect against certain types of malware and incognito keyboard mode.

For proper privacy, you should enable that last one, as it prevents learning keyboards such as Googles Gboard from phoning home with data about what youve typed.

Scroll down to the Communication heading, and youll be able to relay all voice calls through the Signal server, concealing your IP address at the cost of call quality, disable read receipts and typing indicators so your chat partners cant tell that youve received or are writing a message, and turn off link previews. Signals handling of link previews is built with security in mind Signal says its technical infrastructure never sees the link that is sent.

While most of Signals features are reasonably apparent as you browse through its settings, its Sealed Sender technology benefits from a little more explanation: this adds an extra layer of encrypting to the message delivery process, not only encrypting the message and user profile but additionally encrypting the metadata package used to identify the sender so its only decrypted on arrival. The intention is to keep correspondents identities secure against any potential interception attempts. This is a feature aimed at the very privacy conscious.

Even when your messages are end-to-end encrypted, the text of your communications is only as secure as the device theyre stored on. If your device is compromised, either physically or remotely, you can kiss your privacy and that of the messages others have sent you goodbye. Working out if your accounts have been hacked is costly in terms of your time as well as data and privacy.

One potential threat vector thats gained recent attention, highlighted by technologist Naomi Wu, is that your smartphones keyboard app could be compromised. This would negate the security of pretty much every communications app on your phone.

Signal has some internal mitigation for this in the form of its keyboard incognito mode, which prevents keyboard apps from retaining what you type. But if you dont trust your current keyboard app, or are concerned that it could be compromised, you can install an open-source alternative, which opens the code up to community auditing, at least.

Simple Keyboard, OpenBoard, AnySoftKeyboard and Hackers Keyboard, all available via the open source F-Droid app store, are lightweight, low-permissions alternative keyboards with published source code. F-Droid apps dont auto-update by default, which further helps to prevent supply chain attacks.

As users, we should demand and expect end-to-end encryption for all our messaging, across all platforms and providers. The fact that I might exclusively use my messenger to send shopping lists and cat photos doesnt mean that my privacy isnt important.

Fortunately, Signal is simple, approachable and works beautifully as a day-to-day messaging app. But encrypted messaging should never be allowed to become the exclusive domain of a special app thats treated as both the go-to choice for secure communications and a sign that someone may have something to hide.

Your privacy and security has intrinsic value, and end-to-end encryption needs to become the minimum standard for online communication, not its apex.

The UK cant even keep track of its spiralling Covid-19 case numbers

Inside the race to stop the next pandemic

Gyms are closed so which workout app is better? Apple Fitness+ vs Peloton vs Fiit

Listen to The WIRED Podcast, the week in science, technology and culture, delivered every Friday

Follow WIRED on Twitter, Instagram, Facebook and LinkedIn

Read the original here:

How to move all your WhatsApp groups and get started on Signal - Wired.co.uk

News

Microsoft touted the inclusion of Azure SQL Database among the top three databases of 2020 in a popularity ranking by DB-Engines, which collects and manages information about database management systems, updating its lists monthly.

The site also compiled stats for the full year of 2020, awarding second place to Microsoft's flagship cloud DBMS offering. Taking first place, and thus being named "DBMS of the Year 2020," is PostgreSQL, a repeat winner.

Microsoft took to the blogosphere to publicize its ranking, which set a record of its own, according to DB-Engines. "In the 9 years of DB-Engines, it is the first time that a cloud database service comes in within the top three of the Database of the Year award," the organization said in a Jan. 4 post.

About a week later, Microsoft penned its own post about the award, stating: "DB-Engines collects information on database management systems and it provides a widely accepted popularity ranking of database management systems. Azure SQL Database's popularity score increased 253 percent through 2020."

DB-Engines said that 253 percent improvement in the Azure SQL Database popularity score -- from 28.2 points to 71.4 points -- boosted the cloud database service from 25th place to 15th in the overall ranking (which doesn't strictly correspond the database of the year awards, which are based on the percentage increase in popularity year over year).

As the graphic below shows, the popularity of Azure SQL Database has skyrocketed over the past year, while plain old Microsoft SQL Server has stayed relatively flat over the years while decreasing slightly, especially over the past couple years.

"Microsoft Azure SQL Database is a fully managed database as a service," DB-Engines said in announcing the second-place ranking. "It is built on the latest stable version of the Microsoft SQL Server product and optimized with features for running in the cloud (auto-scale, geo-replication, automatic tuning, ...). Consequently, features like manual backup/restore, management of server configuration parameters are not supported."

Azure SQL Database fared better in a ranking of "Best cloud databases of 2021" by TechRadar, published in November 2020, where it's No. 1.

DB-Engines uses a variety of means for its ranking, including the number of mentions on web sites, Google Trends, job offers and more, with the full methodology explained here.

About the Author

David Ramel is an editor and writer for Converge360.

Follow this link:

Azure SQL Database Ranked Among Top 3 Databases of 2020 - Visual Studio Magazine

Lexology GTDT Market Intelligence provides a unique perspective on evolving legal and regulatory landscapes. This interview is taken from the Digital Transformation volume discussing various topics, including a look at the main laws and regulations, the impact of cybersecurity legislation, cloud contract considerations, the impact of data protection laws and more, within key jurisdictions worldwide.

1 What are the key features of the main laws and regulations governing digital transformation in your jurisdiction?

As a set of resources to optimise an organisations digital capabilities, digital transformation (DT) is more a set of IT- and people-based techniques and processes than any one thing. It is also helpful to segment FT into DT the journey and DT - the destination.

DT presents a complex picture. Recent surveys have identified cloud, cybersecurity, automation, analytics and governance and compliance as top priorities on the DT journey, with a range of fourth industrial revolution developments (AI/ML, IoT, DevOps, blockchain, mixed reality) also starting to rise up the agenda. Improving customer experience is the top thing at the destination, with Web 3.0 (decentralised, peer-to-peer, blockchain and semantic web-enabled internet services) gaining traction.

DT therefore covers a multitude of rapidly developing technologies and legal areas. The main laws and regulations governing the DT journey at the moment emanate from data regulation, particularly around the cloud: the General Data Protection Regulation (GDPR), for processing personal data; and GDPR, telecoms security regulation, sector-specific regulation and tort (negligence) law for cybersecurity. As yet, however, there is no specific legislation regulating AI in the UK, although, as elsewhere, we have a confusing abundance of ethics and data science frameworks and policies.

The business world is migrating to the internet at an accelerating pace: in the great shove online, internet as a proportion of total UK retail sales doubled from 15 per cent in the fourth quarter of 2016 to 30 per cent in the second quarter of 2020. You can look at retail as a proxy for other sectors, whether challenged (transport, hospitality, leisure) or fuelled (healthcare, financial services) by covid-19.

As digital commerce and the power of BigTech grow, we are likely to see a sharper focus on regulating DT - the destination. The proliferation of tech-enabled payment services has been opened up by the payment services regulatory regime ushered in by PSD2 in January 2018. The EU P2B (platform-to-business) Regulation which came into force in July 2019 adds for business users of online platforms protections that have long been in place for consumers.

As ever in the tech world, it is a case in the UK of rapid evolution not revolution as law and regulation struggle to keep up with ever-accelerating technological change.

2 What are the most noteworthy recent developments affecting organisations digital transformation plans and projects in your jurisdiction, including any government policy or regulatory initiatives?

Even before the covid-19 pandemic hit in the first quarter of 2020, digital transformation had emerged as the top priority in the organisation for technology initiatives this year, followed by cloud as key DT journey enabler; a much clearer focus on cybersecurity; data protection; compliance and governance; increasing investment in data analytics and machine learning; and always on software development through DevOps and IT service management as a service.

In cloud DT projects, perhaps the most noteworthy recent developments are cloud service providers hardening attitude to risk and liability in their contracts, reflecting a shift in balance at the negotiating table as the cloud and key players business models mature. Behind that in the UK, it is still data protection, cybersecurity and sector specific rules on outsourcing that are the most critical.

As organisations cloud strategies mature, we can expect to see the emphasis shift to automation, big data analytics and artificial intelligence. Although there are no specific laws yet regulating these areas, there are myriad frameworks and policies, many produced by and for government, which aim to collate the wide range of legal questions arising in relation to compliant use of these technologies.

For the UK, how the government responds to Brexit and whether the underlying IT-related laws and regulations here will continue to follow or diverge from Brussels will be key. An early indication of the path ahead is likely to be seen in the UKs response when the E-Privacy Regulation (which will replace the E-Privacy Directive) is passed.

In the UK, organisations are increasingly starting to follow ISO and other technical standards in fields relating to DT. In addition to the widely used ISO 27001 information security family of standards and ISO 38505 on data governance, of particular interest in the DT arena are new and under development standards in the areas of AI (ISO Joint Technical Committee (JTC) 1, Subcommittee (SC) 42); cloud (JTC1 SC 38), data centres (JTC1 SC 39); IT service management and governance (JTC1 SC 40); and IoT (JTC1 SC 41). Certification to one or more of these standards is becoming more popular in the UK as a way of demonstrating technical compliance in an increasingly competitive environment.

3 What are the key legal and practical factors that organisations should consider for a successful Cloud and data centre strategy?

The DT journey presents a number of unique issues and hurdles for organisations, chief among them the fact that most DT projects involve the transfer of some level of control from the organisations to the various suppliers in the DT stack. Whereas in the old world, organisations bought their own servers, set up their own server rooms or farms and managed the hardware, networking, software and data elements themselves, a digitally transformed deployment model operates on the basis of degrees of delegated responsibility the organisation typically transfers management of some or all of these layers to the XaaS provider to some degree (eg, by engaging a third party to host its servers and kit, by using formally on-premise software as a service from the cloud, or by outsourcing its network security monitoring). It is therefore key to ensure that the organisation has a crystal clear understanding of: the technology, its use, and how it impacts the organisation; the individual responsibilities of suppliers, staff, sub-contractors; the various relationships among all elements of the services; and responsibility (and liability) should failures arise.

Another key consideration when departing from legacy systems is the extent to which the new cloud services align to existing deployment models. Cloud providers typically sell based on out-of-the-box configurable functionality; solutions typically do not offer significant amounts of customisation or bespoke development. This plug in and play feature of cloud-based service offerings may mean quicker and easier set-up of the new service but the downside is that bespoke developments which may have been created by the organisations IT teams over the years will not migrate across, leaving the customer with a potential functionality deficit and resulting in additional time and expense to bridge that gap.

The third key factor concerns data: what type and value; where it is stored; how it is processed or used, etc. Initially driven by GDPR concerns, establishing rights and obligations in relation to any type of data has now become a key component of any successful DT project. Organisations should understand all data flows, where data is stored at rest and what its suppliers do in relation to data. It is likely that what contract says is permissible will be factually different to what is technically possible so care must be taken to ensure that day-to-day use of the system and technology is in compliance with the contractual terms but also the organisations data collection, processing and retention policies.

4 What contracting points, techniques and best practices should organisations be aware of when procuring digital transformation services at each level of the Cloud stack? How have these evolved over the past five years and what is the direction of travel?

Despite the variety of DT services and projects, there are a number of contractual points that arise on most, if not all, DT contract negotiations.

As a first step, it is vital to understand the contractual landscape. This is becoming increasingly complex legacy contracts are unlikely to be fit for purpose and new contracts are a maze of hyperlinks and embedded documents. The first step is therefore to chase down all contractual documents, hyperlinked and cross-referenced terms, and check technical descriptions and or specifications for exclusions or restrictions (eg, exclusions from availability calculations, error definitions, etc).

Next up, customers need to ensure that the contractual services description is sufficiently detailed to result in meaningful and enforceable warranties the high-level sales pitch functional descriptions that are offered by suppliers to all customer are typically not detailed enough to capture the customers requirements contractually. The functional specification part of any procurement process is key to closing the gap and we find that most suppliers will warrant that the services will deliver the functionality requirements set out in the procurement questionnaires, RFPs, etc.

Be aware of the mantra that the SLA is the product and the product is the SLA most suppliers will offer limited service levels (usually linked solely to uptime and availability) and limited service credits (typically capped at 15 per cent to 20 per cent of the fees and the customers only remedy for SLA failures). Credits set at this level are unlikely to compensate an organisation if it cannot run its business due to an IT failure so it is important to consider other remedies (including non-contractual remedies like back-up failover systems, etc) to reduce the likely impact of a significant SLA failure.

5 In your experience, what are the typical points of contention in contract discussions and how are they best resolved?

Despite the fast-moving nature of new technologies, the same handful of points arise on every contractual negotiation. As many legacy systems reach end-of-life, market practice appears to be swinging to favour suppliers. As a result, many negotiations start from suppliers templates and customers on low value details are unlikely to achieve a significant rebalance in terms. That fact, however, should not prevent customers from raising points with suppliers, including the following commonly negotiated issues.

The first point of contention is more commercial than legal but can nonetheless impact the contractual discussions significantly: at what point does the customer pay for its licenses to use its new systems services? Generally speaking, most DT projects involve a non-insignificant transition and transformation period. During this time the supplier may need access to systems, etc, to perform any configuration, to allow data transfer, testing, etc. The customer, however, does not use the system until live operation and does not want to pay subscription fees before this date. Some suppliers recognise this concern and only bill professional services fees incurred by it over the implementation period, whereas others seek to charge all fees upfront from the date of signature. Suppliers positions on this point are usually entrenched and non-negotiable if the issue is not raised as a requirement of the customer during the procurement process.

The second point of contention revolves around remedies for breach. Post go-live, suppliers typically limit liability to minimal service credits for SLA failures or fix replace obligations for breach of functionality warranties. Liability for loss of profit, loss of revenue and loss of business are typically also excluded. The cumulative impact of these three points means that customers are unlikely to have meaningful remedies for a supplier breach. This can have a catastrophic effect a failure may prevent the customer from trading or running its business and no amount of service credits or fix commitments will compensate the customer from that loss. A termination right, for example, for material breach, is likely to offer little practical resolution as the customer will need to find a replacement supplier, etc, and this can take months. A compromise may be reached by granting the customer the right to sue for damages if the service credits max out of a period of months or if the supplier fails to meet the SLA on a consistent basis. Loss of profits, etc, if direct, should also be recoverable by the customer and the customers right to terminate for material breach should apply without prejudice to its other rights or remedies.

Liability and indemnity are perennially on lawyers lists as issues that arise on every contract; DT and cloud contracts are no different. Market practice becoming more supplier-friendly as newer technologies become ubiquitous and is leaning towards capped liability for the suppliers, expressed usually as separate caps or supercaps for breaches of confidentiality; data protection and information security; and a general, aggregate cap for all other breaches. The caps are normally calculated as a multiple of the contract value, however, in certain sectors and among certain suppliers we are beginning to see caps for breach of confidentiality, data protection and information security capped at a specific GBP or US$ amount.

6 How do your jurisdictions cybersecurity laws affect organisations on their digital transformation journey?

In recent DT market surveys, cybersecurity has emerged as the key risk to be managed, ahead even of the cloud. Organisations undergoing DT should be aware from the outset of the key sources of regulation.

First, under GDPR and the UK Data Protection Act 2018 (DPA), the key standard is to take appropriate technical and organisational measures (ATOMs) to ensure that processing is carried out compliantly.

Second, an intricate group of regulations on cybersecurity risk emanate from the UKs telecoms regulatory framework. These are the UK regulations (SI 2018/506) that implemented the Network and Information Systems Directive; the UK Communications Act 2003 where the cloud provider is a public electronic communications (PEC) network; and the Privacy and E-Communications Regulations in the case of PEC service providers.

Third, sector specific regulation may apply to cloud or other services used by the regulated entity, as in the case of financial services and the European Banking Authoritys September 2019 outsourcing guidelines.

Fourth, the normal duty in negligence to take reasonable care looks likely to equate to the ATOMs duty under the GDPR and DPA.

We are starting to see a more business risk-based approach to managing cyber risk. The UK Information Commissioner was reported in July 2019 as saying that the ICO would focus on whether the security to protect peoples data was consistent, adequate, reasonable and effective and commentators have picked up on this as a CARE standard for cybersecurity. In the words of one research company, this approach supports the creation of a balance between protection and running the business, embodying the incentive to build better security capabilities that deliver better outcomes, rather than just spending more money on security. This more practical approach will help inform organisations in their security assessments of DT providers and their own cybersecurity duties.

7 How do your jurisdictions data protection laws affect organisations as they undergo digital transformation?

Data protection, and in particular GDPRs introduction in 2018, has been the catalyst for a more streamlined and process-driven approach to all issues surrounding an organisations data, and not just personal data. We have seen more focus on how and where all types of information are stored and used (from personal data to analytics, etc): information security vetting is now commonplace; customers are routinely asking for evidence of standards certifications for information security and data management and copies of data and information audits; data storage and processing locations are contractually recorded; and penetration testing and BC/DR testing are core elements of a standard approach to information security.

From a contractual perspective, data processing terms are entirely standard, as are mechanisms for implementing standard contractual clauses when required to do so if personal data exits the EU and the EEA. Most companies are also considering how best to address a no-deal Brexit.

8 What do organisations in your jurisdiction need to do from a legal standpoint to move software development from (traditional) Waterfall through Agile (continuous improvement) to DevOps (continuous delivery)?

It is five years since Microsoft CEO Satya Nadella famously said that every business will become a software business, build applications, use advanced analytics and provide SaaS services but it has taken the rise of DevOps for this prediction to start to become a reality.

DevOps can be thought of as Agile+, in other words, moving on from Waterfall, (highly structured, iterative) and Agile (collaborative, evolutionary) to DevOps shortened development life cycle (Dev) and continuous delivery (Ops).

Building an effective DevOps function has two main features. The first is an internal HR-related policy approach of empowering individuals in the team (developers, IT operations, management) in a flexible, results oriented environment. The second is ensuring that appropriate governance and best practices are followed by the team for all software it uses and develops.

Third-party software will either be proprietary or open source. For proprietary software, it is critical that the software is used within the scope of the licence granted to avoid over-deployment issues. This is especially important as legacy (on-prem) contracts may not address in-cloud use, and as organisations migrate their development environments to the cloud, aligning use and licence scope becomes key. This is becoming more material as software providers change their licensing policies and increasingly carry out software audits on their customers. Automated Software Asset Management systems are increasingly used to manage this risk.

DevOps relies on the ubiquitous use of Open Source Software (OSS). Although copyleft licences have declined in popularity in recent years (the GPL licence familys share has halved from 60 per cent in 2012) and use of the MIT and other permissive licences has increased, the need for an effectively OSS policy for the DevOps team has not gone away.

Finally, organisations should put in place Source Code Management arrangements to record and manage the software developed internally. GitHub is a popular source code repository here.

9 What constitutes effective governance and best practice for digital transformation in your jurisdiction?

DT does not happen in a vacuum and takes place when the business is in flight, putting a premium on strategy, planning, governance and best practices around implementation.

Planning the organisations cloud journey is critical, and the dependencies in DT projects are a major source of execution risk. Delays in one project will have a knock-on effect on later projects, increasing time and costs. DT governance arrangements should ensure individual projects are managed within an overall framework, where sequencing, dependencies and relief events are robustly addressed, and a common approach to reporting, information sharing and testing is put in place.

While data protection is still the foundation of data management, organisations are increasingly looking at data end to end through the lens of policy considerations, based on data value (quantity and quality, measured by context and timeliness); cost (storage, maintenance and disposal); risk (based on data sensitivity classification); and constraints (including contractual, regulatory, privacy, IP and commercial).

Looking through this lens, data use cases are parsed in different ways, between data that is human impacting and human non-impacting; data used for input, processing and output; and data used internally and externally.

Different sets of standards and automated checklists will then apply to different use cases segmented according to these criteria.

This business risk-based approach to managing data and risk is also reflected in a more pragmatic regulatory approach to cybersecurity. In an interview in July 2019, the UK Information Commissioner was reported as saying that the ICOs focus was on whether or not there was adequate, reasonable, consistent and effective data security to protect peoples data. This more practical approach will help inform organisations in their security due diligence assessments of DT providers.

As software development moves centre stage, effective internal policies around software asset management (ensuring proprietary third-party software is used within licence scope), open-source software (managing residual risk around copyleft/inheritance) and source code management (for internally developed software) are becoming critical.

The Inside Track

What aspects of and trends in digital transformation do you find most interesting and why?

For lawyers, DT represents the intersection of law, regulation, technology and business and the scale and pace of the changes we are all living through means the area is incredibly diverse and rapidly changing. You can be looking at intricate, detailed contracting points on IP or liability one minute, advising on contract management and governance the next, and looking at knotty regulatory points around data and cybersecurity the next. The variation between sectors, different areas of black letter law and the practicalities of getting the deal through and bringing our wide-ranging experience to bear for clients is hugely stimulating.

What challenges have you faced as a practitioner in this area and how have you navigated them?

Advising effectively on digital transformation means four main things. First, understanding a wide range of technologies cloud, AI, big data, analytics, outsourcing, GDPR, cybersecurity (the list is pretty much endless). Second, understanding the ins and outs of intricate contracts at all levels of the technology stack. Third, deep knowledge of an incredibly broad and rapidly changing range of law and regulation. And fourth, bringing all this together for the client on their digital transformation journey. So the challenge and the stimulus and satisfaction is all about constantly learning to learn and get better in each of these four areas.

What do you see as the essential qualities and skill sets of an adviser in this area?

As well as understanding the tech, the contracts and the law, you need to be able to bring all this together for the client. You need to be able to see the big picture of where the client wants to go, as well as the detail of each step along the way so you can help the client navigate the digital transformation journey and get the deal done. Experience really helps, and lawyers analytical but practical mindsets, as well as the soft skills and negotiating skills are qualities that clients really value in the complex projects.

Read more from the original source:

An interview with Kemp IT Law discussing digital transformation in the United Kingdom - Lexology

As the 2020 StackOverflow survey pointed out, technology companies and many open source communities have a diversity problem. While the majority of developers currently come from a white, male background, the momentum is shifting to create more inclusive, diverse communities.

Research shows that diverse open source projects are more productive and make better decisions. This starts with creating teams that have a greater representation of gender, race, socioeconomic standings, ethnic backgrounds, and the like.

Many open source communities are recognizing the need for new initiatives and a cohesive focus to tackle the lack of diversity in their projects. I predict that in 2021, building off the momentum of this past years focus on social inequality and steps made by open source-minded companies and foundations, open source communities will continue to increase the diversity of their communities so that it becomes the rule and not the exception.

When people from different disciplines and backgrounds collaborate, innovation occurs. One of my favorite books, The Medici Effect, presents compelling research about how innovation occurs at the intersection of disciplines and industries. Ive noticed this cross-discipline diversity happening in various industries and projects, and Im excited about the innovation that will follow.

Examples include:

As open source becomes more mainstream and projects actively work to grow the diversity of their communities, my hope is that that increased diversity of culture, thought, and even discipline will bring unique perspectives and experiences that will further increase the rate and pace of innovation.

As noted, communities need to actively work to remove barriers to increasing diversity. Here are a few examples of such efforts. Some of these are by IBM which I of course have the most insight into but this goes far beyond us. I believe we need to see more of these everywhere!

In October 2020, IBM announced Call for Code for Racial Justice, which empowers individual developers, innovators, and social justice advocates to leverage open source technology to address racial injustice and inequality.

In October 2020, the Linux Foundation announced a new Software Developer Diversity and Inclusion project to draw on science and research to deliver resources and best practices that increase diversity and inclusion in software engineering.

Following the age-old tenet that you cannot manage what you dont measure, the Hyperledger Diversity, Civility, and Inclusion (DCI) Working Group is focused on measuring and improving the health of our open source community.

In the OpenJS community, the Node+JS diversity scholarship program provides support to those from traditionally underrepresented or marginalized groups in the technology or open source communities who may not otherwise have the opportunity to attend the event for financial reasons.

At KubeCon + CloudNativeCon this year, The Cloud Native Computing Foundation announced The Inclusive Naming Initiative to help remove harmful, racist, and unclear language in software development. At IBM, we had a similar program underway, and we have joined the CNCF initiative to further the cause.

In the past fiscal year, GitHub invested $1.3 million to both emerging and persistent social issues with a strong racial equity lens.

The AI Inclusive initiative seeks to increase the representation and participation of gender minority groups in AI. They offer offers events, tutorials, workshops, and discussions to guide community members in their AI careers.

All of these different initiatives and more work to encourage diversity in open source communities, but we need your help within the communities themselves to do what you can to create an inclusive, friendly environment where people from different backgrounds are able to collaborate.

Its incredibly important that everyone that has any power at all in the open source space pushes for diversity the same goes for us at IBM.

This year, we announced the Equal Access Toolkit , a public set of guidelines that deliver phase-based guidance about accessibility to all members of a team creating an enterprise offering. We also contributed the Accessibility Checker, which is part of an open suite of automation tools that allows developers or auditors to evaluate a web-based component or solution for accessibility issues.

We donated our Trusted AI toolkits to the Linux Foundation AI Foundation, and encourage contributions from a wide audience of technologists to advance the mission of the foundation and its Trustworthy AI open source projects.

We award a quarterly Open Source Community Grant to promote nonprofits that are dedicated to education, inclusiveness, and skill-building for women, underrepresented minorities, and underserved communities. We engage the organizations and give them access to cloud credits, where they can get their development projects off the ground.

Now is listing all our initiatives just bragging? No, its meant to encourage anyone who can to lend a hand to making open source better and more diverse.

While we have a long way to go to see true equality in open source communities, I am hopeful about the changes Ive seen in open source communities in recent years towards creating more diverse communities.

If diversity and inclusion matter to you, I hope youll work to be an ally and push for them in the projects where youre working. Invite people who dont look or think like you to get involved, make sure that the environment is friendly and welcoming for everyone, and continue to push forward innovation that makes tech better for everyone.

Heres to a better and more diverse 2021!

Published December 28, 2020 09:00 UTC

Read more:

2021 will be the year open source projects overcome their diversity problems - The Next Web