Tag Archives: August

Microsoft shuts down zero-day exploit on September Patch Tuesday

Microsoft shut down a zero-day vulnerability launched by a Twitter user in August and a denial-of-service flaw on September Patch Tuesday.

A security researcher identified by the Twitter handle SandboxEscaper shared a zero-day exploit in the Windows task scheduler on Aug. 27. Microsoft issued an advisory after SandboxEscaper uploaded proof-of-concept code on GitHub. The company fixed the ALPC elevation of privilege vulnerability (CVE-2018-8440) with its September Patch Tuesday security updates. A malicious actor could use the exploit to gain elevated privileges in unpatched Windows systems.

“[The attacker] can run arbitrary code in the context of local system, which pretty much means they own the box … that one’s a particularly nasty one,” said Chris Goettl, director of product management at Ivanti, based in South Jordan, Utah.

The vulnerability requires local access to a system, but the public availability of the code increased the risk. An attacker used the code to send targeted spam that, if successful, implemented a two-stage backdoor on a system.

“Once enough public information gets out, it may only be a very short period of time before an attack could be created,” Goettl said. “Get the Windows OS updates deployed as quickly as possible on this one.”

Microsoft addresses three more public disclosures

Administrators should prioritize patching three more public disclosures highlighted in September Patch Tuesday.

Microsoft resolved a denial-of-service vulnerability (CVE-2018-8409) with ASP.NET Core applications. An attacker could cause a denial of service with a specially crafted request to the application. Microsoft fixed the framework’s web request handling abilities, but developers also must build the update into the vulnerable application in .NET Core and ASP.NET Core.

Chris Goettl of IvantiChris Goettl

A remote code execution vulnerability (CVE-2018-8457) in the Microsoft Scripting Engine opens the door to a phishing attack, where an attacker uses a specially crafted image file to compromise a system and execute arbitrary code. A user could also trigger the attack if they open a specially constructed Office document.

“Phishing is not a true barrier; it’s more of a statistical challenge,” Goettl said. “If I get enough people targeted, somebody’s going to open it.”

This exploit is rated critical for Windows desktop systems using Internet Explorer 11 or Microsoft Edge. Organizations that practice least privilege principles can mitigate the impact of this exploit.

Another critical remote code execution vulnerability in Windows (CVE-2018-8475) allows an attacker to send a specially crafted image file to a user, who would trigger the exploit if they open the file.

September Patch Tuesday issues 17 critical updates

September Patch Tuesday addressed more than 60 vulnerabilities, 17 rated critical, with a larger number focused on browser and scripting engine vulnerabilities.

“Compared to last month, it’s a pretty mild month. The OS and browser updates are definitely in need of attention,” Goettl said.

Microsoft closed two critical remote code execution flaws (CVE-2018-0965 and CVE-2018-8439) in Hyper-V and corrected how the Microsoft hypervisor validates guest operating system user input. On an unpatched system, an attacker could run a specially crafted application on a guest operating system to force the Hyper-V host to execute arbitrary code.

Microsoft also released an advisory (ADV180022) for administrators to protect Windows systems from a denial-of-service vulnerability named “FragmentSmack” (CVE-2018-5391). An attacker can use this exploit to target the IP stack with eight-byte IP fragments and withholding the last fragment to trigger full CPU utilization and force systems to become unresponsive.

Microsoft also released an update to a Microsoft Exchange 2010 remote code execution vulnerability (CVE-2018-8154) first addressed on May Patch Tuesday. The fix corrects the faulty update that could break functionality with Outlook on the web or the Exchange Control Panel. 

“This might catch people by surprise if they are not looking closely at all the CVEs this month,” Goettl said.

Xbox is at PAX West 2018 – Xbox Wire

Xbox is bringing games, gear, and more to downtown Seattle for PAX West August 31 – September 3. Whether you’re joining us in person or following along on social media and Mixer, here’s what you can expect:

Xbox Booth
North Hall, 4th Floor, Booths 403, 411, 417

Experience a few of the games that make up Xbox One’s diverse line-up at the Xbox booth. We’ll have playable demos of Forza Horizon 4, The Division 2, Shadow of the Tomb Raider, Devil May Cry 5, NBA 2k19, Metro Exodus, Kingdom Hearts III, Tunic, Ooblets, Kingdom Two Crowns, Generation Zero, Bendy and the Ink Machine, Supermarket Shriek, My Time Portia, and some new DLC from State of Decay 2. You will also have the opportunity to earn a Cuphead Pinny Arcade pin, participate in a Tomb Raider-themed scavenger hunt, guess the amount of Nuka Cola caps in a Fallout 76 experience, visit the Game Pass vending machine, and pick up exclusive Xbox Official Gear for the first time at PAX.  (PAX Badge required)

Mixer
North Hall, 4th Floor, Booth #425

Drop by booth #425 in the North Hall to meet up with some of your favorite broadcasters and Mixer Partners, and for a chance to win swag in the HypeZone LIVE! In addition to that, there’s also going to be a main stage at PAX featuring our Mixer Partners, developers, and so much more. Can’t make it to PAX West in person? No problem! Watch all the action happening at PAX West via Mixer.com/Mixer and Mixer.com/HypeZoneLIVE!

Want the full rundown? Make sure to get all the latest details from the official Mixer blog, right here: https://blog.mixer.com/2018/08/22/mixer-pax-west-2018/

Xbox PAX West Panels

Find out more about streaming and the Xbox Adaptive Controller at these panels featuring Xbox and Mixer members. (PAX West badge required.)

Building Your Streaming Community
Wyvern Theater, Saturday, September 1 from 3:00 p.m. – 4:00 p.m.

Building a community comes with many challenges and hurdles, good news is we’re here to help! We’ve gathered a council of content creators to discuss the ins-and-outs of building a great online community in your own livestreams. We’ll be smashing myths and sharing the facts about streaming to help you set a foundation for a positive and effective community.

The Xbox Adaptive Controller: Designed with the Community
Sasquatch Theater, Sunday, September 2 from 12:30pm-1:30pm

The Xbox Adaptive Controller is the newest controller by Xbox, created to help people with limited mobility play. Larry Hryb will lead a conversation with pivotal community experts and representatives of game accessibility organizations like AbleGamers and Stack Up, along with one of the controller’s creators.  We’ll describe the journey of designing the controller leveraging the input of gamers with disabilities from the start… and where we need to go next.

Xbox One Summer of PUBG Tour

The Xbox One Summer of PUBG tour will be making their final stop in Westlake Center during PAX West. No badge required to visit! Check out the PUBG bus and enter to win it or one of many other prizes. More information can be found here.

Xbox PAX West Sweepstakes

PAX West 2018 Sweepstakes Image

Enter for a chance to win one of 11 Xbox Design Lab controllers, influenced by some of our favorite games. Xbox Design Lab allows you to create your own personal controller from over a billion different color combinations, metallic finishes, and rubberized grips. Check it out and design your own controller at xboxdesignlab.xbox.com.

There are two ways to enter:

  • Take a photo of your favorite Xbox Design Lab controller in the Xbox booth and share via Twitter using #XboxPAX #XboxDesignLab #Sweepstakes. Don’t forget to follow @Xbox while you’re at it!
  • Follow @Xbox or @XboxCanada on Twitter and retweet one of their tweets mentioning the sweepstakes and including #XboxPAX #XboxDesignLab #Sweepstakes.

You have until September 3rd to enter. The contest is open to anyone from the US or Canada. Click through for the Official Rules.

See you at PAX West! For more Xbox news, follow @Xbox on Twitter, visit the Xbox PAX West website, and stay tuned to Xbox Wire.

August Patch Tuesday closes CPU bug, two zero-day exploits

Microsoft closed two zero-day vulnerabilities and released a fix for a new exploit for Intel processors on August Patch Tuesday.

Microsoft released an advisory (ADV-180018) on the latest speculative execution side channel vulnerability in Intel Core and Xeon processors called L1 Terminal Fault. Dubbed Foreshadow by security researchers, the vulnerability lets an attacker read data as it passes between a host and a virtual machine and a hypervisor.

The earlier Spectre and Meltdown variants allowed process-to-process interactions, but this latest hardware exploit allows a guest system to retrieve data from another guest system, said Brian Secrist, content manager at Ivanti, based in South Jordan, Utah.  

Once again, we have a bunch of hoops to jump through to get to full remediation… 2018 is keeping us real busy.
Brian Secristcontent manager, Ivanti

Full protection from Foreshadow (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646) on Windows requires a registry change, Microsoft patch and Intel firmware update to close the vulnerability.

“Once again, we have a bunch of hoops to jump through to get to full remediation,” Secrist said. “2018 is keeping us real busy.”

Microsoft addresses two zero-day exploits

Microsoft also closed a pair of zero-day remote code execution vulnerabilities. The first (CVE-2018-8373), in the Microsoft Scripting Engine with known exploits that affect all versions of Internet Explorer, allows an attacker to run arbitrary code on unpatched machines in the context of users who visit a specially crafted website. Depending on the user’s rights, the attacker could install programs or view and delete data. The patch changes how the scripting engine handles objects in memory. This CVE is critical for Windows desktop systems and important for server versions.

Rated important, the second zero-day (CVE-2018-8414) uses a Windows Shell bug in Windows 10 and Windows Server SAC Server Core for remote-code execution attacks. This vulnerability requires the user to run a malicious file either from email or a web site, after which an attacker can run code at the privilege level of the current user. The patch makes Windows Shell validate file paths properly.

August Patch Tuesday closes more than 60 vulnerabilities

More than half of the 60 vulnerabilities disclosed in August Patch Tuesday affect browsers or the scripting engine. Administrators should prioritize patching workstations and servers for a critical remote code execution vulnerability (CVE-2018-8345) that triggers when viewed by a user. Microsoft resolved this exploit by correcting the processing of shortcut .LNK references.

“Because the user doesn’t have to click on the malicious .LNK file to actually exploit the vulnerability, compared to browser vulnerability, it’s more likely for a server admin to be browsing through files. If they see this shortcut and the system renders it, then that’s when the exploit runs,” said Jimmy Graham, director of product management at Qualys, based in Foster City, Calif.

Jimmy Graham, QualysJimmy Graham, Qualys

Almost every major third-party vendor released patches and updates between the July and August Patch Tuesday, said Secrist. Adobe released four updates, including fixes for Adobe Flash and Acrobat. Google Chrome released version 68, and Firefox released updates for Thunderbird.

“We haven’t seen any increase in attacks or anything, just an example of better research and better coverage of vulnerabilities,” Secrist said.

July Patch Tuesday issues anger IT workers

After the July Patch Tuesday releases, Microsoft warned customers of potential SQL Server startup problems on Windows desktop (7 and 8.1) and server (2008 R2 and 2012 R2) versions on July 26. The company released several hotfixes and recommended uninstalling the July patches. Such rollbacks of faulty Microsoft updates have become a recurring headache for administrators.

Microsoft security updates for July also caused problems for the .NET Framework. On July 16, Microsoft posted a blog that “encouraged” Exchange customers to delay applying the July 10 updates to avoid disruptions with mail delivery. Hotfixes for affected systems — all supported versions of Windows Server — did not arrive until July 17. Up until that point, the only remedy was to uninstall the .NET Framework 4.7.2 update.

“Clearly there is a quality assurance issue of some kind,” Secrist said. “There’s another .NET release this month. Hopefully they spend more time on this one. We always strongly recommend you run [patches] through a test group and make sure they are stable before you push them out.”

Jeff Guillet, CEO of EXPTA Consulting in Pacifica, Calif., reached out to the Exchange product group for more information when the disruptions first occurred and said it was a two-fold problem of “really bad patches and bad communication.”

“Nobody even acknowledged that there was a problem and then all of a sudden they said, ‘Oh, by the way, we fixed this.’ [Administrators] had to troubleshoot it themselves because there was no communication from Microsoft saying this was a problem,” said Guillet.

While the intent of Patch Tuesday is to protect systems from vulnerabilities, the recent spate of patching issues concerns some IT administrators.

“Everybody’s kind of come to terms with [monthly patching], but the expectation was that a patch isn’t going to break stuff,” said Guillet. “So if it’s going to start breaking things, now I need to worry about testing it and I don’t have time because the next patches are coming up next Tuesday.”

A conversation with Microsoft CTO Kevin Scott – Microsoft Research

Kevin Scott

Chief Technology Officer Kevin Scott

Episode 36, August 8, 2018

Kevin Scott has embraced many roles over the course of his illustrious career in technology: software developer, engineering executive, researcher, angel investor, philanthropist, and now, Chief Technology Officer of Microsoft. But perhaps no role suits him so well – or has so fundamentally shaped all the others – as his self-described role of “all-around geek.”

Today, in a wide-ranging interview, Kevin shares his insights on both the history and the future of computing, talks about how his impulse to celebrate the extraordinary people “behind the tech” led to an eponymous non-profit organization and a podcast, and… reveals the superpower he got when he was in grad school.

Related:


Episode Transcript

Kevin Scott: It’s a super exciting time. And it’s certainly something that we are investing very heavily in right now at Microsoft, in the particular sense of like, how do we take the best of our development tools, the best of our platform technology, the best of our AI, and the best of our cloud, to let people build these solutions where it’s not as hard as it is right now?

Host: You’re listening to the Microsoft Research Podcast, a show that brings you closer to the cutting-edge of technology research and the scientists behind it. I’m your host, Gretchen Huizinga.

Kevin Scott has embraced many roles over the course of his illustrious career in technology: software developer, engineering executive, researcher, angel investor, philanthropist, and now, Chief Technology Officer of Microsoft. But perhaps no role suits him so well – or has so fundamentally shaped all the others – as his self-described role of “all-around geek.”

Today, in a wide-ranging interview, Kevin shares his insights on both the history and the future of computing, talks about how his impulse to celebrate the extraordinary people “behind the tech” led to an eponymous non-profit organization and a podcast, and… reveals the superpower he got when he was in grad school. That and much more on this episode of the Microsoft Research Podcast.

Host: Kevin Scott, welcome to the podcast today.

Kevin Scott: Well thank you so much for having me.

Host: So, you sit in a bit chair. I think our listeners would like to know what it’s like to be the Chief Technical Officer of Microsoft. How do you envision your role here, and what do you hope to accomplish in your time? I.E., what are the big questions you’re asking, the big problems you’re working on? What gets you up in the morning?

Kevin Scott: Well, there are tons of big problems. I guess the biggest, and the one that excites me the most and that prompted me to take the job in the first place, is I think technology is playing an increasingly important role in how the future of the world unfolds. And, you know, has an enormous impact in our day-to-day lives from the mundane to the profound. And I think having a responsible philosophy about how you build technology is like a very, very important thing for the technology industry to do. So, in addition to solving all of these, sort of, complicated problems of the “how” – what technology do we build and how do we build it? – there’s also sort of an “if” and a “why” that we need to be addressing as well.

Host: Drill in a little there. The “if” and the “why.” Those are two questions I love. Talk to me about how you envision that.

Kevin Scott: You know, I think one of the more furious debates that we all are increasingly having, and I think the debate itself and the intensity of the debate are good things, is sort of around AI and what impact is AI going to have on our future, and what’s the right way to build it, and what are a set of wrong ways to build it? And I think this is sort of a very important dialogue for us to be having, because, in general, I think AI will have a huge impact on our collective futures. I actually am a super optimistic person by nature, and I think the impact that it’s going to have is going to be absolutely, astoundingly positive and beneficial for humanity. But there’s also this other side of the debate, where…

Host: Well, I’m going to go there later. I’m going to ask you about that. So, we’ll talk a little bit about the dark side. But also, you know, I love the framework. I hear that over and over from researchers here at Microsoft Research that are optimistic and saying, and if there are issues, we want to get on the front end of them and start to drive and influence how those things can play out. So…

Kevin Scott: Yeah, absolutely. There’s a way to think about AI where it’s mostly about building a set of automation technologies that are a direct substitute for human labor, and you can use those tools and technologies to cause disruption. But AI probably is going to be more like the steam engine in the sense that the steam engine was also a direct substitute for human labor. And the people that benefited from it, initially were those who had the capital to build them, because they were incredibly expensive, and who had the expertise to design them and to operate and maintain them. And, eventually, the access to this technology fully democratized. And AI will eventually become that. Our role, as a technology company that is building things that empower individual and businesses, is to democratize access to the technology as quickly as possible and to do that in a safe, thoughtful, ethical way.

Host: Let’s talk about you for a second. You’ve described yourself as an engineering executive, an angel investor, and an all-around geek. Tell us how you came by each of those meta tags.

Kevin Scott: Yeah… The geek was the one that was sort of unavoidable. It felt to me, all my life, like I was a geek. I was this precociously curious child. Not in the sense of you know like playing Liszt piano concertos when I’m 5 years old or anything. No, I was the irritating flavor of precocious where I’m sticking metal objects into electric sockets and taking apart everything that could be taken apart in my mom’s house to try to figure out how things worked. And I’ve had just sort of weird, geeky, obsessive tastes in things my entire life. And I think a lot of everything else just sort of flows from me, at some point, fully embracing that geekiness, and wanting – I mean, so like angel investing for instance is me wanting to give back. It’s like I have benefited so much over the course of my career from folks investing in me when it wasn’t a sure bet at all that that was going to be a good return on their time. But like I’ve had mentors and people who just sort of looked at me, and, for reasons I don’t fully understand, have just been super generous with their time and their wisdom. And angel investing is less about an investment strategy and more about me wanting to encourage that next generation of entrepreneurs to go out and make something, and then trying to help them in whatever way that I can be successful and find the joy that there is in bringing completely new things into the world that are you know sort of non-obvious and -complicated.

Host: Mmmm. Speaking of complicated. One common theme I hear from tech researchers here on this podcast, at least the ones who have been around a while, is that things aren’t as easy as they used to be. They’re much more complex. And in fact, a person you just talked to, Anders Hejlsberg, recently said, “Code is getting bigger and bigger, but our brains are not getting bigger, and this is largely a brain exercise.”

Kevin Scott: Yes.

Host: So, you’ve been around a while. Talk about the increased complexity you’ve seen and how that’s impacted the lives and work of computer scientists and researchers all around.

Kevin Scott: I think interestingly enough, on the one hand, it is far more complicated now than it was, say, 25 years ago. But there’s a flipside to that where we also have a situation where individual engineers or small teams have unprecedented amounts of power in the sense that, through open-source software and cloud computing and the sophistication of the tools that they now use and the very high level of the abstractions that they have access to that they use to build systems and products, they can just do incredible things with far fewer resources and in far shorter spans of time than has ever been possible. It’s almost this balancing act. Like, on the other hand, it’s like, oh my god, the technology ecosystem, the amount of stuff that you have to understand if you are pushing on the state-of-the-art on one particular dimension, which is what we’re calling upon researchers to do all the time, it’s really just sort of a staggering amount of stuff. I think about how much reading I had to do when I was a PhD student, which seemed like a lot at the time. And I just sort of look at the volume of research that’s being produced in each individual field right now. The reading burden for PhD students right now must be unbelievable. And it’s sort of similar, you know, like, if you’re a beginning software engineer, like it’s a lot of stuff. So, it’s this weird dichotomy. I think it’s, perhaps if anything, the right trade off. Because if you want to go make something and you’re comfortable navigating this complexity, the tools that you have are just incredibly good. I could have done the engineering work at my first startup with far, far, far fewer resources, with less money, in a shorter amount of time, if I were building it now versus 2007. But I think that that tension that you have as a researcher or an engineer, like this dissatisfaction that you have with complexity and this impulse to simplicity, it’s exactly the right thing, because if you look at any scientific field, this is just how you make progress.

Host: Listen, I was just thinking, when I was in my master’s degree, I had to take a statistics class. And the guy who taught it was ancient. And he was mad that we didn’t have to do the math because computer programs could already do it. And he’s not wrong. It’s like, what if your computer breaks? Can you do this?

Kevin Scott: That is fascinating, because we have this… old fart computer scientist engineers like me, have this… like we bemoan a similar sort of thing all the time, which is, ahhh, these kids these days, they don’t know what it was like to load their computer program into a machine from a punch paper tape.

Host: Right?

Kevin Scott: And they don’t know what ferrite core memories are, and what misery that we had to endure to… It was fascinating and fun to, you know, learn all of that stuff, and I think you did get something out of it. Like it gave you this certain resilience and sort of fearlessness against these abstraction boundaries. Like you know, if something breaks, like you feel like you can go all the way down to the very lowest level and solve the problem. But it’s not like you want to do that stuff. Like all of that’s a pain in the ass. You can do so much more now than you could then because, to use your statistic professor’s phrase, because you don’t have to do all of the math.

(music plays)

Host: Your career in technology spans the spectrum including both academic research and engineering and leadership in industry. So, talk about the value of having experience in both spheres as it relates to your role now.

Kevin Scott: You know, the interesting thing about the research that I did is, I don’t know that it ever had a huge impact. The biggest thing that I ever did was this work on dynamic binary translation and the thing I’m proudest of is like I wrote a bunch of software that people still use, you know, to this day, to do research in this very arcane, dark alley of computer science. But what I do use all the time that is almost like a superpower that I think you get from being a researcher is being able to very quickly read and synthesize a bunch of super-complicated technical information. I believe it’s less about IQ and it’s more of the skill that you learn when you’re a graduate student trying to get yourself ramped up to mastery in a particular area. It’s just like, read, read, read, read, read. You know, I grew up in this relatively economically depressed part of rural, central Virginia, town of 250 people, neither of my parents went to college. We were poor when I grew up and no one around me was into computers. And like somehow or another, I got into this science and technology high school when I was a senior. And like I decided that I really, really, really wanted to be a computer science professor after that first year. And so, I went into my undergraduate program with this goal in mind. And so, I would sit down with things like the Journal of the ACM at the library, and convince, oh, like obviously computer science professors need to be able to read and understand this. And I would stare at papers in JACM, and I’m like, oh my god, I’m never, ever going to be good enough. This is impossible. But I just kept at it. And you know it got easier by the time that I was finishing my undergraduate degree. And by the time I was in my PhD program, I was very comfortably blasting through stacks of papers on a weekly basis. And then, you know, towards the end of my PhD program, you’re on the program committees for these things, and like not only are you blasting through stacks of papers, but you’re able to blast through things and understand them well enough that you can provide useful feedback for people who have submitted these things for publication. That is an awesome, awesome, like, super-valuable skill to have when you’re an engineering manager, or if you’re a CTO, or you’re anybody who’s like trying to think about where the future of technology is going. So, like every person who is working on their PhD or their master’s degree right now and like this is part of their training, don’t bemoan that you’re having to do it. You’re doing the computer science equivalent of learning how to play that Liszt piano concerto. You’re getting your 10,000 hours in, and like it’s going to be a great thing to have in your arsenal.

Host: Anymore, especially in a digitally-distracted age, being able to pay attention to dense academic papers and/or, you know, anything for a long period of time is a superpower!

Kevin Scott: It is. It really is. You aren’t going to accomplish anything great by you know integrating information in these little 2-minute chunks. I think pushing against the state-of-the-art, like you know creating something new, making something really valuable, requires an intense amount of concentration over long periods of time.

Host: So, you came to Microsoft after working at a few other companies, AdMob, Google, LinkedIn. Given your line of sight into the work that both Microsoft and other tech giants are doing, what kind of perspective do you have on Microsoft’s direction, both on the product and research side, and specifically in terms of strategy and the big bets that this company is making?

Kevin Scott: I think the big tech companies, in particular, are in this really interesting position, because you have both the opportunity and the responsibility to really push the frontier forward. The opportunity, in the sense that you already have a huge amount of scale to build on top of, and the responsibility that knowing that some of the new technologies are just going to require large amounts of resources and sort of patience. You know like one example that we’re working on here at Microsoft is we, the industry, have been worried about the end of Moore’s Law for a very long time now. And it looks like for sort of general purpose flavors of compute, we are pretty close to the wall right now. And so, there are two things that we’re doing at Microsoft right now that are trying to mitigate part of that. So, like one is quantum computing, which is a completely new away to try to build a computer and to write software. And we’ve made a ton of progress over the past several years. And our particular approach to building a quantum computer is really exciting, and it’s like this beautiful collaboration between mathematicians and physicists and quantum information theory folks and systems and programming language folks trained in computer science. But when, exactly, this is going to be like a commercially viable technology? I don’t know. But another thing that we’re you know pushing on, related to this Moore’s wall barrier, is doing machine learning where you’ve got large data sets that you’re fitting models to where you know sort of the underlying optimization algorithms that you’re using for DNNs or like all the way back to more prosaic things like logistic regression, boil down to like a bunch of sort of linear algebra. We are increasingly finding ways to solve these optimization problems in these embarrassingly parallel ways where you can use like special flavors of compute. And so like there’s just a bunch of super interesting work that everybody’s doing with this stuff right now, like, from Doug Burger’s Project Brainwave stuff here at Microsoft to… uh, so it’s a super exciting time I think to be a computer architect again where the magnitude and the potential payoffs of some of these problems are just like astronomically high, and like it takes me back to like the 80s and 90s, you know which were sort of the, maybe the halcyon days of high-performance computing and these like big monolithic supercomputers that we were building at the time. It feels a lot like that right now, where there’s just this palpable excitement about the progress that we’re making. Funny enough, I was having breakfast this morning with a friend of mine, and you know like both of us were saying, man, this is just a fantastic time in computing. You know, like on almost weekly basis, I encounter something where I’m like, man, this would be so fun to go do a PhD on.

Host: Yeah. And that’s a funny sentence right there.

Kevin Scott: Yeah, it’s a funny sentence. Yeah.

(music plays)

Host: Aside from your day job, you’re doing some interesting work in the non-profit space, particularly with an organization called Behind the Tech. Tell our listeners about that. What do you want to accomplish? What inspired you to go that direction?

Kevin Scott: Yeah, a couple of years ago, I was just looking around at all of the people that I work with who were doing truly amazing things, and I started thinking about how important role models are for both kids, who were trying to imagine a future for themselves, as well as professionals, like people who are already in the discipline who are trying to imagine what their next step ought to be. And it’s always nice to be able to put yourself in the shoes of someone you admire, and say, like, “Oh, I can imagine doing this. I can see myself in this you know in this career.” And I was like we just do a poorer job I think than we should on showing the faces and telling the stories of the people who have made these major contributions to the technology that powers our lives. And so that was sort of the impetus with behindthetech.org. So, I’m an amateur photographer. I started doing these portrait sessions with the people I know in computing who I knew had done impressive things. And then I hired someone to help you know sort of interview them and write a slice of their story so that you know if you wanted to go somewhere and get inspired about you know people who were making tech, you know, behindthetech.org is the place for you.

Host: So, you also have a brand-new podcast, yourself, called Behind the Tech. And you say that you look at the tech heroes who’ve made our modern world possible. I’ve only heard one, and I was super impressed. It’s really good. I encourage our listeners to go find Behind the Tech podcast. Tell us why a podcast on these tech heroes that are unsung, perhaps.

Kevin Scott: I have this impulse in general to try to celebrate the engineer. I’m just so fascinated with the work that people are doing or have done. Like, the first episode is with Anders Hejlsberg, who is a tech fellow at Microsoft, and who’s been building programing languages and development tools for his entire 35-year career. Earlier in his career, like, he wrote this programming language and compiler called Turbo Pascal. You know like I wrote my first real programs using the tools that Anders built. And like he’s gone on from Turbo Pascal to building Delphi, which was one of the first really nice integrated development environments for graphical user interfaces, and then at Microsoft, he was like the chief architect of the C# programming language. And like now, he’s building this programming language based on JavaScript called TypeScript that tries to solve some of the development-at-scale problems that JavaScript has. And that, to me, is like just fascinating. How did he start on this journey? Like, how has he been able to build these tools that so many people love? What drives him? Like I’m just intensely curious about that. And I just want to help share their story with the rest of the world.

Host: Do you have other guests that you’ve already recorded with or other guests lined up?

Kevin Scott: Yeah, we’ve got Alice Steinglass, who is the president of Code.org, who is doing really brilliantly things trying to help K-12 students learn computer science. And we’re going to talk with Andrew Ng in a few weeks, who is one of the titans of deep neural networks, machine learning and AI. We’re going to talk with Judy Estrin, who is former CTO of Cisco, a serial entrepreneur, board director at Disney and FedEx for a long time. And just you know one of the OGs of Silicon Valley. Yeah, so it’s you know like, it’s going to be a really good mix of folks.

Host: Yeah, well, it’s impressive.

Kevin Scott: All with fascinating stories.

Host: Yeah, and just having listened to the first one, I was – I mean, it was pretty geeky. I will be honest. There’s a lot of – it was like listening to the mechanics talking about car engines, and I know nothing, but it was…

Kevin Scott: Yeah, right?

Host: But it was fun.

Kevin Scott: That’s great. And like you know I hadn’t even thought about it before. But like if could be like the sort of computer science and engineering version of Car Talk, that would be awesome.

Host: You won first place at the William Campbell High School Talent Show in 1982 by appearing as a hologram downloaded from the future. Okay, maybe not for real. But an animated version of you did explain the idea of the Intelligent Edge to a group of animated high school hecklers. Assuming you won’t get heckled by our podcast audience, tell us how you feel like AI and machine learning research are informing and enabling the development of edge computing.

Kevin Scott: You know I think this is one of the more interesting emergent trends right now in computing. So, there are basically three things that are coming together at the same time. You know one thing is the growth of IoT, and just embedded computing in general. You can look at any number of estimates of where we’re likely to be, but we’re going to go from about 11 or 12 billion devices connected to the internet to about 20 billion over the next year and a half. But you think about these connected devices – and this is sort of the second trend – like they all are becoming much, much more capable. So, like, they’re coming online and like the silicon and compute power available in all of these devices is just growing at a very fast clip. And going back to this whole Moore’s Law thing that we were talking about, if you look at $2 and $3 microprocessor and microcontrollers, most of those things right now are built on two or three generations older process technologies. So, they are going to increase in power significantly over the coming years, like particularly this flavor of power that you need to run AI models, which is sort of the third trend. So, like you’ve got a huge number of devices being connected with more and more computer power and like the compute power is going to enable more and more intelligent software to be written using the sensor data that these devices are processing. And so like those three things together we’re calling the intelligent edge. And we’re entering this world where you’ll step into a room and like there are going to be dozens and dozens of computing devices in the room, and you’ll interface with them by voice and gesture and like a bunch of other sort of intangible factors where you won’t even be aware of them anymore. And so that implies a huge set of changes in the way that we write software. Like how do you build a user experience for these things? How do you deal with information security and data privacy in these environments? Just even programming these things is going to be fundamentally different. It’s a super exciting time. And it’s certainly something that we are investing very heavily in right now at Microsoft, in the particular sense of like, how do we take the best of our development tools, the best of our platform technology, the best of our AI, and the best of our cloud, to let people build these solutions where it’s not as hard as it is right now?

Host: Well, you know, everything you’ve said leads me into the question that I wanted to circle back on from the beginning of the interview, which is that the current focus on AI, machine learning, cloud computing, all of the things that are just like the hot core of Microsoft Research’s center – they have amazing potential to both benefit our society and also change the way we interact with things. Is there anything about what you’re seeing and what you’ve been describing that keeps you up at night? I mean, without putting too dark a cloud on it, what are your thoughts on that?

Kevin Scott: The number one thing is, I’m worried that we are actually underappreciating the positive benefit that some of these technologies can have, and are not investing as much as we could be, holistically, to make sure that they get into the hands of consumers in a way that benefits society more quickly. And so like just to give you an example of what I mean, we have healthcare costs right now that are growing faster than our gross domestic product. And I think the only way, in the limit, that you bend the shape of that healthcare cost growth curve, is through the intervention of some sort of technology. And like, week after week over the past 18 months, I’ve seen one technology after another that is AI-based where you sort of combine medical data or personal sensor data with this new regime of deep neural networks, and you’re able to solve these medical diagnostic problems at unbelievably low costs that are able to very early detect fairly serious conditions that people have when the conditions are cheaper and easier to treat and where you know the benefit to the patient, like they’re healthier in the limit. And so, I sort of see technology after technology in this vein that is really going to bring higher-quality medical care to everyone for cheaper and help us get ahead of these, you know sort of, significant diseases that folks have. And you know, there’s a similar trend in precision agriculture where, in terms of crop yields and minimizing environmental impacts, particularly in the developing world where you still have large portions of the world’s population sort of trapped in this you know sort of agricultural subsistence dynamic, AI could fundamentally change you know the way that we’re all living our lives, all the way from you know like all of us getting like you know sort of cheaper, better, locally-grown organic produce with smaller environmental impact, to you know like how does a subsistence farmer in India dramatically increase their crop yield so that they can elevate the economic status of their entire family and community?

Host: So, as we wrap up, Kevin, what advice would you give to emerging researchers or budding technologists in our audience, as many of them are contemplating what they’re going to do next?

Kevin Scott: Well, I think congratulations is in order to most folks, because this is like just about as good a time I think as has ever been for someone to pursue a career in computer science research, or to become an engineer. I mean, the advice that I would give to folks is like, just look for ways to maximize the impact of what you’re doing and so like I think with research, it’s sort of the same advice that I would give to folks starting a company, or engineers thinking about the next thing that they should go off and build in the context of a company: find a trend that is really a fast growth driver, like the amount of available AI training compute, or the amount of data being produced by the world in general, or by some particular you know subcomponent of our digital world. Just pick a growth driver like that and try to you know attempt something that is either buoyed by that growth driver or that is directly in the growth loop. Because I think those are the opportunities that tend to have both the most head room in terms of you know like if there are lots of people working on a particular problem, it’s great if the space that you’re working in, the problem itself, has a gigantic potential upside. Those things will usually like accommodate lots and lots and lots of sort of simultaneously activity on them and not be a winner-takes-all or a winner-takes-most dynamic. You know and there are also sort of the interesting problems as well. You know it’s sort of thrilling to be on a rocket ship in general.

Host: Kevin Scott. Thanks for taking time out of your super busy life to chat with us.

Kevin Scott: You are very welcome. Thank you so much for having me on. It was a pleasure.

Host: To learn more about Kevin Scott, and Microsoft’s vision for the future of computing, visit microsoft.com/research.

Windstream SD-WAN gets help connecting to the cloud

Network service provider Windstream Communications plans to release in August a service for connecting the Windstream SD-WAN to applications running on Microsoft Azure. The product, called SD-WAN Cloud Connect, is designed to provide a reliable connection to public clouds.

Windstream introduced the service in July, with initial support limited to Amazon Web Services. Windstream plans to add support for other cloud providers over time.

Connecting corporate employees to application services running in a public cloud is not a trivial matter. Corporate IT has to know the performance requirements of cloud-based applications and the expected usage patterns to estimate network bandwidth capacity. Engineers also have to identify potential bottlenecks and plan for monitoring network traffic and network connection endpoints after deploying applications in the cloud.

Windstream’s virtual edge device

Windstream’s latest Cloud Connect service is designed to eliminate some of the hassles of connecting to the public cloud. The service connects through a virtual edge device that communicates with the Windstream SD-WAN Concierge offering, which is a premise-based version of VMware’s VeloCloud.

Windstream can deploy the edge device in its data center or on a customer’s virtualized server. After installing the software, Windstream activates it and handles all management chores as part of the customer’s Windstream SD-WAN service.

Windstream provides an online portal for creating, deploying and managing SD-WAN routing and security policies. The site includes a console for accessing real-time intelligence on link performance.

Windstream’s partnership with an SD-WAN vendor is not unique. Many service providers have announced such deals to compete for a share of the fast-growing market. Other alliances include Comcast Business and CenturyLink with Versa Networks; Verizon with Viptela, which is owned by Cisco; and AT&T and Sprint with VeloCloud.

Windstream, which serves mostly small and midsize enterprises, has grown its network service business through acquisition. In January, Windstream announced it would acquire Mass Communications, a New York-based competitive local exchange carrier. In 2017, Windstream completed the acquisitions of Broadview and EarthLink.

For Sale – Lenovo flex 2pro, 15″ fhd i7 16gb 256gb ssd

My flex 2 pro is up for sale. This is still under warranty until August. Model number 80FL0020UK

Review here
Lenovo Flex 2 Pro 15 Notebook Review

I’m after £350, ill get some pics up later

Price and currency: 350
Delivery: Delivery cost is included within my country
Payment method: Bacs
Location: HARROW
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Lenovo flex 2pro, 15″ fhd i7 16gb 256gb ssd

My flex 2 pro is up for sale. This is still under warranty until August. Model number 80FL0020UK

Review here
Lenovo Flex 2 Pro 15 Notebook Review

I’m after £350, ill get some pics up later

Price and currency: 350
Delivery: Delivery cost is included within my country
Payment method: Bacs
Location: HARROW
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Lenovo flex 2pro, 15″ fhd i7 16gb 256gb ssd

My flex 2 pro is up for sale. This is still under warranty until August. Model number 80FL0020UK

Review here
Lenovo Flex 2 Pro 15 Notebook Review

I’m after £350, ill get some pics up later

Price and currency: 350
Delivery: Delivery cost is included within my country
Payment method: Bacs
Location: HARROW
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Lenovo flex 2pro, 15″ fhd i7 16gb 256gb ssd

My flex 2 pro is up for sale. This is still under warranty until August. Model number 80FL0020UK

Review here
Lenovo Flex 2 Pro 15 Notebook Review

I’m after £350, ill get some pics up later

Price and currency: 350
Delivery: Delivery cost is included within my country
Payment method: Bacs
Location: HARROW
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

EVGA GTX 970 SSC

Got my EVGA GTX 970 SSC for sale, ive owned the card since August 2016 when i purchased it from eBay. The card is in great working order and it hasn’t caused me any problems during my ownership and has only been run at stock settings.

Comes with original box and bits. Reason for sale is due to an upgrade.

Part Number: 04G-P4-4975-KR
Specs: EVGA GeForce GTX 970 SSC GAMING ACX 2.0+

Ill get…

EVGA GTX 970 SSC