Tag Archives: greatest

Meet Lucas Joppa, the man on a mission to save the planet by democratizing AI – Microsoft News Center India

Can mankind’s greatest technological advancements help solve the biggest ecological challenges facing planet earth? Can technology help accelerate biodiversity conservation? Can it predict global warming to reduce the potential impact? Can it help conserve fresh water? Can it help achieve global food security? These are some of the existential questions that have kept Lucas Joppa awake at night for more than a decade.

Today, as the first Chief Environmental Officer at Microsoft, Joppa leads AI for Earth, a five-year, $50 million global program that blends ecological science and cutting-edge AI to solve some of the planet’s most pressing environmental challenges. We caught up with him to learn more about the program, his experience with technology interventions for environmental advancement, and his vision of deploying AI to advance sustainability across the globe. Here are some edited excerpts from our conversation.

You’ve a PhD in Ecology and have worked as a Peace Corps Volunteer in Malawi. This is not exactly a profile of someone who’d be working at a technology company. How did you decide to join Microsoft?

My educational background is in environmental studies. After completing my undergraduate degree in Wildlife Ecology, I spent time in the Peace Corps working for Malawi’s Department of National Parks and Wildlife. Then I did my PhD in Ecology. What all the work on the environment side taught me was just how serious environmental issues really are.

The science shows the seriousness of the issues, but the work also highlighted just how monumental the task is actually going to be, to find our way to sustainable solutions where the human species can exist in a more sustainable manner, with the rest of the life on earth. As soon as I began to truly realize the enormity of the challenge, I started panicking a little like everyone does. But it also got me thinking that there’s got to be some way to get out ahead.

I began to see that there was one thing that was accelerating exponentially and potentially even faster than the degradation of our planet’s natural resources. And that was technology. Thus, I decided to drive my career towards leveraging advances in technology to address the negative effects of human activities on rest of the life on Earth and started focusing on the computational aspects of ecology. I joined Microsoft Research to focus on and lead research programs at the intersection of environmental and computer science. What enthused me was that Microsoft, about a decade ago, had realized that this was where the real challenges were, both for society and the technology sector.

How did you transition to the role of the Chief Environmental Officer at Microsoft? How did the AI for Earth program come about?

I pursued research programs for about eight years at Microsoft Research. That experience prepared us to step back a couple of years ago and see the progress we had made in research from an environmental and technology perspective and how we could place it all the way into shipped products.

I put together all those learnings into one document, which I called “AI for Earth”. It laid out the opportunities I saw for Microsoft to really make a more concerted, company-wide effort, than simply a research program, to leverage our 35 years of ongoing investment in AI research and technology and focus all those efforts on the four key areas of agriculture, water, biodiversity, and climate change.

From my experience at Microsoft Research, we knew what the problems were, and we’d done enough on the technology front. So, it was time to put it into action. Last year, I left Microsoft Research and started serving as the company’s first Chief Environmental Scientist leading the AI for Earth program. That position recently expanded to Microsoft’s first Chief Environmental Officer, which allows me to oversee the whole environmental sustainability mission and mandate across the company.

PyRoMineIoT cryptojacker uses NSA exploit to spread

A new malware variant reads like the greatest hits of cyberthreats: a cryptojacker using an NSA exploit to scan for IoT devices with hardcoded passwords to spread and distribute the miner. And according to experts, there’s blame to be had on all sides.

Researchers at Fortinet’s FortiGuard Labs have been tracking Python-based malware that uses the EternalRomance National Security Agency (NSA) exploit to spread and install a cryptominer — hence, PyRoMine. And, now, the researchers found a variant that directly targets IoT devices, which they call PyRoMineIoT.

Jasper Manuel, a malware researcher at Fortinet, based in Sunnyvale, Calif., wrote in a blog post that PyRoMine and PyRoMineIoT malware don’t need Python to be installed on the target systems, and PyRoMineIoT uses the EternalRomance NSA exploit to scan for IoT devices that are vulnerable due to using hardcoded passwords. Once PyRoMineIoT infects a device, the malware downloads components, including a Monero cryptominer.

“This development confirms yet again that malware authors are very interested in cryptocurrency mining, as well as in capturing a chunk of the IoT threat ecosystem,” Manuel wrote. “We predict that this trend will not fade away soon, but will continue as long as there are opportunities for the bad guys to easily earn money by targeting vulnerable machines and devices.”

Sean Newman, director of product management for Corero Network Security, based in Marlborough, Mass., said enterprises may not need to worry about cryptojackers specifically, because “they have their own specific mission, which has nothing to do with any data or information within an organization which ends up hosting them.”

“But there is the obvious performance impact for any device which does get compromised for this purpose, which could negatively impact the function of IoT devices, for example,” Newman wrote via email. “However, enterprises should really be asking themselves the [following] question: If a hacker can plant malware within my organization to mine cryptocurrency, what other malware can they, or another cybercriminal, plant just as easily?”

Justin Jett, director of audit and compliance for Plixer, based in Kennebunk, Maine, said regardless of the size of the enterprise, “organizations should be concerned with cryptominers.”

“These malicious applications steal valuable resources that are critical to business applications. When allowed to go unabated, vital business applications are unable to perform as required. This means that organizations are losing not only resources, but time and money,” Jett wrote via email. “Every company should use network traffic analytics to see where these cryptominers are spreading. Specifically, in the case of PyRoMineIoT, the malware is actively scanning for IoT devices on the network. Network traffic analytics makes quick work of such security vulnerabilities and can help IT professionals quickly see where the malware has compromised them.”

The NSA connection

While the PyRoMineIoT malware uses an NSA exploit — leaked by the Shadow Brokers — to help it spread and infect more vulnerable devices, experts said the blame for any damage shouldn’t necessarily go to the NSA, because even if the EternalRomance NSA exploit hadn’t been developed by the U.S. government, someone else would have created the attack.

Pat Ciavolella, malware team lead at The Media Trust, based in McLean, Va., said, “Developers are innovative” and would have eventually created something similar to the EternalRomance NSA exploit.

If a hacker can plant malware within my organization to mine cryptocurrency, what other malware can they, or another cybercriminal, plant just as easily?
Sean Newmandirector of product management for Corero Network Security

“Part of that innovation comes from being on the lookout for vulnerabilities, which is also how security measures are improved,” Ciavolella wrote via email. “The NSA and any organization that does this type of work needs to exercise tighter control over who has access to their innovations so that they do not fall into the wrong hands. Today’s digital economy isn’t just the Wild West, it’s the Wild ‘Westworld’ — virtually any innovation in the wrong hands can hurt others.”

Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies, based in Hawthorne, N.J., said, “Blaming the NSA is easy and far too convenient.”

“IoT vendors must be held to higher standards,” Gumbs wrote via email. “It is not OK to sell interconnected devices to consumers that fail to implement even basic security measures.”

Larry Trowell, principal consultant with Synopsys Software Integrity Group, said the government shares some of the blame for the NSA exploit.

“It’s in every country’s interest to develop systems enabling offensive and defensive strategies to protect individuals and national services,” Trowell wrote via email. “There is no fault in that. If the NSA does have some blame to share in this situation, it is for allowing secrets to be exfiltrated — not in developing them.”

Jett said although the NSA exploit was stolen, “they didn’t create the vulnerabilities that allow for the malware to exploit devices.”

“As such, you can’t hold them responsible for the malware that has emerged from the EternalRomance exploit. Vendors whose products are vulnerable to EternalRomance are responsible for resolving the exploit problem,” Jett wrote. “Additionally, it has been more than a year since the NSA exploits were released, and vendors have created patches. It becomes incumbent on the users to make sure they are properly patching their software and reducing the threat surface for these exploits.”

The Napkin Disrupted: Meet Ink to Code, a Microsoft Garage Project – Microsoft Garage

Urban legend has it that some of the greatest ideas in history started with a napkin. The Gettysburg Address, the poem that gave way to the U.S. National Anthem, and the premise of the Harry Potter series—each were reportedly born into the world through the medium of sketches on scrap paper—and when app creators put pen to paper for their ideas, this is often a canvas of choice. While rapid prototyping with the napkin and the whiteboard holds its charms, less charming is the prospect of translating quick sketches into working code.

Last summer, a group of Garage interns tackled this problem by creating a prototype of their own: meet Ink to Code, a Microsoft Garage project, now available in the United States and Canada. Ink to Code is a Windows app that enables developers to draw wire frame sketches and export them into Visual Studio, expediting the process of prototyping Universal Windows Platform (UWP) and Android user interfaces.

The Garage Internship takes a unique, entrepreneurial spin on the traditional big tech model; rather than embedding with a full-time organization, students work in groups of 5-6 as a distinct team, building their own, standalone project. Microsoft product groups vie for intern teams to work on proposed projects by pitching opportunities to interns at the start of the internship. This summer at the Microsoft New England Research and Development facility (fondly known as NERD) located in Cambridge, MA, 6 interns found their passion in the pitch for Ink to Code and signed up to work with the Xamarin team sponsoring the idea. 5 more interns studying at MIT joined the Garage team to continue working on the project.

Building a Better Napkin

Ink to Code Guide Feature Screenshot
Ink to Code captures sketches of basic visual elements and translates them into the beginnings of an app in Visual Studio

The sponsoring team and interns were both motivated by a desire to modernize the brainstorming and prototyping process from using napkin and white board sketches, to an experience that is more automated and cohesive with the Visual Studio suite. “We’ve all been in that situation as developers,” notes Alex Corrado, a Senior Software Engineer on the Xamarin Designer team, and one of the originators of the project. “Getting your ideas for a new app or feature onto paper is one of the fastest, most natural parts of the brainstorming. But then, you ultimately need to turn that sketch into code and sooner than you know it, 10, 20, 30 iterations of a sketch really add up.” The team turned to the Smart Ink built into UWP to preserve the natural desire to sketch, while bridging the gap between analog and digital with a companion app for Visual Studio. In the Windows 10 Fall Creators Update, Smart Ink improves ink recognition with AI. The Ink to Code team leveraged this machine learning technology to save months on development time.

Ink to Code translates common design symbols into the beginnings of an app in Visual Studio. The first version supports basic app visual elements including labels, text fields, text paragraphs, images, and buttons. While Ink to Code can’t bring a full app vision to life, it significantly cuts down on creating the basic foundation of the app with the power of automation. Perhaps even more valuable is the way it enables developers and designers to collaborate differently. Ink to Code can be used as a more productive canvas in brainstorm meetings, or even more significantly, as a tool that can bridge the gap between collaborators with different levels of design or technical knowledge.

A Prototype for Prototypes

A core part of the Garage intern experience is conducting customer development and research, and the Ink to Code team worked with internal developers and designers to get feedback on their prototype. Today, the sponsoring Xamarin team releases the app to drastically expand the pool of feedback. Alex also shares, “Our goal is to hear from a wide variety of app creators, so we know what people like most and what we should add.”

“Developers are crazy diverse, and no experience could serve them 100% on day 1, but their feedback can help us get closer, faster,” adds George Matthews a Senior Program Manager in the Garage as well as a key originator of Ink to Code. The gut reaction of any app creator is to make sure your project is polished and perfect before shipping it, especially when releasing to an audience of your developer peers. The Ink to Code team is embracing the mindset of getting feedback early, and developing with the customer and for the customers.  George continues, “The feedback from our first customers will really help us stack rank our backlog.”

To check out Ink to Code and feed into the future direction of the project, download it at the Microsoft Store and share your thoughts via in-app feedback or UserVoice. Ink to Code is best with Visual Studio 2017.