Sustainability-in-Tech : World’s First Bio-Circular Data Centre

French data centre company, Data4, says its new project will create a world-first way of reusing data centre heat and captured CO2 to grow algae which can then be used to power other data centres and create bioproducts.

Why? 

The R&D project, involving Data4 working with the University of Paris-Saclay, is an attempt to tackle the strategic challenge of how best to reuse and not to waste / lose the large amount of heat produced by data centres. For example, even the better schemes which use it to heat nearby homes only manage to exploit 20 per cent of the heat produced

Also, the growth of digital technology and the IoT, AI, and the amount of data stored in data centres (+35 per cent / year worldwide), mean that those in the data centre industry must up their game to reduce their carbon footprint and meet environmental targets.

Re-Using Heat To Grow Algae 

Data4’s project seeks to reuse the excess data centre heat productively in a novel new way. Data4’s plan is to use the heat to help reproduce a natural photosynthesis mechanism by using some of the captured CO2 to grow algae. This Algae can then be recycled as biomass to develop new sources of circular energy and reusing it in the manufacture of bioproducts for other industries (cosmetics, agri-food, etc.).

Super-Efficient 

Patrick Duvaut, Vice-President of the Université Paris-Saclay and President of the Fondation Paris-Saclay has highlighted how a feasibility study of this new idea has shown that the efficiency of this carbon capture “can be 20 times greater than that of a tree (for an equivalent surface area)” 

Meets Two Major Challenges 

Linda Lescuyer, Innovation Manager at Data4, has highlighted how using the data centre heat in this unique way means: “This augmented biomass project meets two of the major challenges of our time: food security and the energy transition.” 

How Much? 

The project has been estimated to cost around €5 million ($5.4 million), and Data4’s partnership with the university for the project is expected to run for 4 years. Data4 says it hopes to have a first prototype to show in the next 24 months.

What Does This Mean For Your Organisation? 

Whereas other plans for tackling the challenges of how best to deal with the excess heat from data centres have involved more singular visions such as simply using the heat in nearby homes or to experiment with better ways of cooling servers, Data4’s project offers a more unique, multi-benefit, circular perspective. The fact that it not only utilises the heat grow algae, but that the algae makes a biomass that can be used to solve 2 major world issues in a sustainable way – food security and the energy transition – makes it particularly promising. Also, this method offers additional spin-off benefits for other industries e.g., through manufacturing bioproducts for other industries. It can also help national economies where its operated and help and the environment by creating local employment, and by helping to develop the circular economy. Data4’s revolutionary industrial ecology project, therefore, looks as though it has the potential to offer a win/win for many different stakeholders, although there will be a two-year wait for a prototype.

Tech Tip – Use Task Scheduler to Automate Tasks in Windows

Automating routine tasks can save time and ensure that critical operations aren’t overlooked. The Windows Task Scheduler allows you to automate tasks such as daily backups, weekly disk cleanups, off-hours software updates, periodic service restarts, and sending reminder emails for events by setting them to occur at specific times or when certain events happen. Here’s how to use Task Scheduler:

– Search for Task Scheduler in the Windows search bar and open it.

– To create a new task, click on Create Basic Task or Create Task for more detailed options.

– Follow the wizard to specify when the task should run and what action it should perform, such as launching a program, sending an email, or displaying a message.

– After setting up your task, it will run automatically according to your specified schedule or event trigger.

Featured Article : Don’t Ask Gemini About The Election

Google has outlined how it will restrict the kinds of election-related questions that its Gemini AI chatbot will return responses to.

Why? 

With 2024 being an election year for at least 64 countries (including the US, UK, India, and South Africa) the risk of AI being misused to spread misinformation has grown dramatically. This problem extends to a lack of trust by various countries’ governments (e.g. India) around AI’s reliability being taken seriously. There are also worries about how AI could be abused by adversaries of the country holding the election, e.g. to influence the outcome.

Recently, for example, Google’s AI made the news for when its text-to-image AI tool was overly ‘woke’ and had to be paused and corrected following “inaccuracies.” For example, when Google Gemini was asked to generate images of the Founding Fathers of the US, it returned images of a black George Washington. Also, in another reported test, when asked to generate images of a 1943 German (Nazi) soldier, Google’s Gemini image generator returned pictures of people of clearly diverse nationalities (a black and an Asian woman) in Nazi uniforms.

Google also says that its restrictions of election-related responses are being used out of caution and as part of the company’s commitment to supporting the election process by “surfacing high-quality information to voters, safeguarding our platforms from abuse, and helping people navigate AI-generated content.” 

What Happens If You Ask The ‘Wrong’ Question? 

It’s been reported that Gemini is already refusing to answer questions about the US presidential election, where President Joe Biden and Donald Trump are the two contenders. If, for example, users ask Gemini a question that falls into its election-related restricted category, it’s been reported that they can expect Gemini’s response to go along the lines of: “I’m still learning how to answer this question. In the meantime, try Google Search.” 

India 

With India being the world’s largest democracy (about to undertake the world’s biggest election involving 970 million voters, taking 44 days), it’s not surprising that Google has addressed India’s AI concerns specifically in a recent blog post. Google says: “With millions of eligible voters in India heading to the polls for the General Election in the coming months, Google is committed to supporting the election process by surfacing high-quality information to voters, safeguarding our platforms from abuse and helping people navigate AI-generated content.” 

With its election due to start in April, the Indian government has already expressed its concerns and doubts about AI and has asked tech companies to seek its approval first before launching “unreliable” or “under-tested” generative AI models or tools. It has also warned tech companies that their AI products shouldn’t generate responses that could “threaten the integrity of the electoral process.” 

OpenAI Meeting 

It’s also been reported that representatives from ChatGPT’s developers, OpenAI, met with officials from the Election Commission of India (ECI) last month to look at how OpenAI’s ChatGPT tool could be used safely in the election.

OpenAI advisor and former India head at ‘X’/Twitter, Rishi Jaitly, is quoted from an email to the ECI (made public) as saying: “It goes without saying that we [OpenAI] want to ensure our platforms are not misused in the coming general elections”. 

Could Be Stifling 

However, Critics in India have said that clamping down too much on AI in this way could actually stifle innovation and could lead to the industry being suffocated by over-regulation.

Protection 

Google has highlighted a number of measures that it will be using to keep its products safe from abuse and thereby protect the integrity of elections. Measures it says it will be taking include enforcing its policies and using AI models to fight abuse at scale, enforcing policies and restrictions around who can run election-related advertising on its platforms, and working with the wider ecosystem on countering misinformation. This will include measures such as working with Shakti, India Election Fact-Checking Collective, a consortium of news publishers and fact-checkers in India.

What Does This Mean For Your Business? 

The combination of rapidly advancing and widely available generative AI tools, popular social media channels and paid online advertising look very likely to pose considerable challenges to the integrity of the large number of global elections this year.

Most notably, with India about to host the world’s largest election, the government there has been clear about its fears over the possible negative influence of AI, e.g. through convincing deepfakes designed to spread misinformation, or AI simply proving to be inaccurate and/or making it much easier for bad actors to exert an influence.

The Indian government has even met with OpenAI to seek reassurance and help. The AI companies such as Google (particularly since its embarrassment over its recent ‘woke’ inaccuracies, and perhaps after witnessing the accusations against Facebook after the last US election and UK Brexit vote), are very keen to protect their reputations and show what measures they’ll be taking to stop their AI and other products from being misused with potentially serious results.

Although governments’ fears about AI deepfake interference may well be justified, some would say that following the recent ‘election’ in Russia, misusing AI is less worrying than more direct forms of influence. Also, although protection against AI misuse in elections is needed, a balance must be struck so that AI is not over-regulated to the point where innovation is stifled.

Tech Insight : DMARC Diligence (Part 3) : Implementing and Optimising DMARC for Maximum Security

In this third and final part of our series of ‘DMARC Diligence’ insights, we explore the detailed process of DMARC deployment, its monitoring, optimisation, and preparing businesses for future email security challenges.

Last Week … 

Last week in part 2 of this series of ‘DMARC Diligence’ articles, we looked at the crucial yet often neglected aspect of securing non-sending or “forgotten” domains against cyber threats. Here we highlighted the potential risks posed by these domains when not protected by DMARC policies, and offered some guidance on how businesses can extend their DMARC implementation to cover all owned domains, thereby preventing unauthorised use for spam or phishing attacks.

This Week … Implementing DMARC: A Step-by-Step Approach 

As noted in the previous article in this series, implementing DMARC is now critical for UK businesses to protect against threats like email spoofing and phishing.

To briefly summarise a step-by-step approach to implementing this, businesses can start by ensuring Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are correctly set up for the domain(s), as DMARC relies on these for email authentication. Next, it’s a case of creating a DMARC record with a policy of “none” to monitor traffic without affecting it. This record is added to your DNS.

Over time, it’s important to analyse your DMARC reports in order to identify any unauthorised use. Finally, gradually shift your policy to “quarantine” or “reject” to block or flag unauthenticated emails, enhancing your email security posture. Looking at this approach in a bit more detail, implementing DMARC means:

– Understanding SPF and DKIM. Before implementing DMARC, ensure you have SPF and DKIM records correctly set up for your domain. These records help in email verification and are crucial for DMARC to function effectively.

– Creating a DMARC record. Draft a DMARC TXT record for your DNS. Start with a policy of ‘none’ (p=none) to monitor your email traffic without affecting it. This stage is critical for understanding your email ecosystem and preparing for stricter enforcement without impacting legitimate email delivery.

– Analysing the reports. Use the data collected from DMARC reports (Aggregate reports – RUA, and Forensic reports – RUF) to identify legitimate sources of email and potential gaps in email authentication practices.

– Gradually adjusting policy: Gradually adjust your DMARC policy from ‘none’ to ‘quarantine’ (p=quarantine) as you become more confident in your email authentication setup. This move will start to prevent unauthenticated emails from reaching inboxes but may still allow them to be reviewed.

– Full enforcement. Once you’re assured that legitimate emails are correctly authenticated and not negatively impacted, shift your policy to ‘reject’ (p=reject). This is the final step where unauthenticated emails are actively blocked, providing full protection against phishing, and spoofing under DMARC.

– Continuous monitoring and updating. Email authentication landscapes and practices evolve, so it’s crucial to continuously monitor DMARC reports and update your SPF, DKIM, and DMARC settings as necessary to adapt to new email flows, domain changes, or security threats.

Monitoring and Reporting – The Key to Effective DMARC 

For businesses, effective DMARC implementation relies heavily on consistent monitoring and reporting.

Why? 

By analysing DMARC reports, businesses can gain insights into both legitimate and fraudulent email sources using their domain. This process not only helps in identifying authentication failures but also in refining DMARC policies over time (as suggested in the step-by-step approach above) for better security.
Remember, regular reviews of these reports is essential for adapting to new threats and ensuring email communication integrity.

Optimising DMARC Policies 

Optimising a DMARC policy involves fine-tuning it to create a balance between security against spoofing and phishing, and ensuring legitimate emails are delivered smoothly.

But How? 

The starting point (as mentioned above) is the analysis of your DMARC reports to identify authentication failures and adjust your SPF and DKIM setups accordingly.

A Phased Approach 

Taking a phased approach, i.e. gradually increasing the DMARC policy from ‘none’ to ‘quarantine’ and then to ‘reject’ as confidence in your email authentication improves, is the way to minimise potential disruptions to legitimate email flow while maximising protection against unauthorised use of your domain.

Future-Proofing Your Email Security Strategy 

Going forward, looking at ways to future-proof your business email security strategy, these could include:

– Keeping up to date with emerging threats and trends in email security (continuous education).

– Implementing advanced security technologies like AI-driven threat detection can offer proactive protection.

– Regularly reviewing and updating your email authentication protocols (SPF, DKIM, DMARC) to adapt to changes in your email infrastructure.

– Fostering a security-aware culture within your business e.g., using training to recognising phishing attempts and safe email practices.

– Engage in industry forums and cybersecurity communities to help stay ahead of evolving email threats and to gain and share information about best practices.

What Does This Mean For Your Business? 

For UK businesses, implementing and optimising DMARC, as outlined in this final instalment, is a commitment to safeguarding email communications that benefits your business and your customers. Taking a step-by-step approach, as outlined above, from establishing SPF and DKIM records, through to DMARC policy enforcement, are now crucial for building an effective defence against email spoofing and phishing (these are now major threats). Taking the phased approach of regular monitoring and gradual policy adjustments ensures that businesses can not only react to current threats but also proactively adapt to emerging challenges. This strategic approach to email security is essential in maintaining the trust of your customers and partners, protecting your brand’s reputation, and complying with today’s data protection regulations. It’s also worth remembering that actively engaging in continuous education and leveraging advanced technologies are ways to stay ahead in the fast-evolving cybersecurity landscape.

Tech News : Bogus Bitcoin Boffin

A High Court judge has ruled that Australian computer scientist Dr Craig Wright is not the inventor of the Bitcoin cryptocurrency, despite him claiming to be so since 2016.

Real Bitcoin Inventor A Secret

The challenge with trying to conclusively identify Bitcoin’s inventor is that, from the outset, Bitcoin’s creator has only been known by the pseudonym Satoshi Nakamoto and they have chosen to keep their real identity hidden. Also, the creation and early development of Bitcoin were done under this pseudonym, with all communications conducted online via emails and forums. With the additional complications of Bitcoin being a decentralised currency (i.e. not controlled by any single entity or individual) and the fact that no definitive evidence from numerous investigations has been found linking the pseudonym to a real individual or group of individuals, it’s possible to see why many people have claimed (or suspected) to be Bitcoin’s inventor.

Dr Wright

Dr Wright, who has claimed to be Satoshi for almost 8 years (challenged many people in court who have disputed his claims) has had his evidence questioned by cryptocurrency experts for some time now.

The Court Case

The recently concluded case against Dr Wright was brought by a consortium / alliance of Bitcoin companies called the Crypto Open Patent Alliance (COPA) as a way to stop what has been described as Dr Wright’s campaign of intimidatory lawsuits against anyone challenging his claim to be Bitcoin’s creator. The case was held at the Intellectual Property Court (a division of London’s High Court). There, the judge declared that the evidence against Dr Wright being Bitcoin’s creator is “overwhelming.” The four key declarations made by the judge (prior to writing the full, lengthy ruling) were that:

1. Dr Wright is not the author of the Bitcoin White Paper.

2. Dr Wright is not the person who adopted or operated under the pseudonym Satoshi Nakamoto in the period 2008 to 2011.

3. Dr Wright is not the person who created the Bitcoin system.

4. Dr Wright is not the author of the initial versions of the Bitcoin software.

Forgery For Fraud?

COPA’s KC, Jonathan Hough, accused Dr Wright of backing his claim with forgery ‘on an industrial scale’ and of trying to use the courts (through his many legal challenges) ‘as a vehicle for fraud’.

So, If Dr Wright Didn’t, Invent It, Who Did?

Over the years, there’s been a great deal of speculation as to the true identity of Bitcoin’s creator(s). Figures who have been suspected (although none have been proven) include:

– Dorian Nakamoto. In March 2014, a Newsweek article identified Dorian Prentice Satoshi Nakamoto, a Japanese-American physicist and systems engineer, as the Bitcoin creator. This speculation was based on similarities in name and background. Dorian Nakamoto has since denied any involvement with Bitcoin.

– Hal Finney. Hal Finney was a cryptographic pioneer and the second person (after Satoshi) to use the Bitcoin software, file bug reports, and make improvements. He also lived only a short distance (a few streets away) from Dorian Nakamoto. Finney denied being Satoshi but suspicions about him remain due to his early and deep involvement with Bitcoin and his background in cryptography.

– Nick Szabo. A computer scientist, legal scholar, and cryptographer known for his research in digital contracts and digital currency. He developed a precursor to Bitcoin called “bit gold” in 1998, which shared many similarities with Bitcoin. Szabo has consistently denied being Satoshi.

– Wei Dai. Another figure linked to Bitcoin’s creation is Wei Dai, the creator of “b-money,” an early proposal for an autonomous digital currency mentioned in the Bitcoin whitepaper. Dai’s involvement in the cypherpunk movement and his innovative ideas about digital currency led some to speculate about his possible involvement with Bitcoin. However, Dai has denied being Satoshi.

What Does This Mean For Your Business?

As highlighted in COPA’s comments after the ruling against DR Wright, developers in the Bitcoin community may have felt for many years as though they were being bullied and intimidated by Dr Wright and his financial backers’ many challenges to those who questioned his assertion that he was Satoshi Nakamoto. The ruling, therefore, is likely to have brought them some satisfaction and some peace, plus the hope that the legal challenges will now cease. Also, some see the ruling against Dr Wright as a win not just for the truth, but for the whole open-source community which is known for its focus on collaboration transparency, freedom, and inclusivity.

It’s also been noted that the judge’s willingness to comment on the outcome prior to the full written judgement being released is unusual and may be taken as a sign of how solid and sure the judgement was in this case.

Possible reasons why Bitcoin’s real creator has chosen to remain anonymous could include avoiding legal and personal repercussions, maintaining the decentralised ethos of the currency, and protecting their privacy and security. It may have been all part of what appears to be some very successful original planning on their part.

The culmination of the case coincided with Bitcoin reaching its highest value of $69,000 recently which the real inventor of the currency is, no doubt, privately enjoying.

Tech News : Chrome’s Real-Time Safe Browsing Change

Google has announced the introduction of real-time, privacy-preserving URL protection to Google Safe Browsing for those using Chrome on desktop or iOS (and Android later this month).

Why? 

Google says with attacks constantly evolving, and with the difference between successfully detecting a threat or not now perhaps being just a “matter of minutes,” this new measure has been introduced “to keep up with the increasing pace of hackers.” 

Not Even Google Will Know Which Websites You’re Visiting 

Google says because this new capability uses encryption and other privacy-enhancing techniques, the level of privacy and security is such that no one, including Google, will know what website you’re visiting.

What Was Happening Before? 

Prior to the addition of the new real-time protection, Google’s Standard protection mode of Safe Browsing relied upon a list stored on the user’s device to check if a site or file was known to be potentially dangerous. The list was updated every 30 to 60 minutes. However, as Google now admits, the average malicious site only actually exists for less than 10 minutes – hence the need for a real-time, server-side list solution.

Another challenge that has necessitated the introduction of a server-side real-time solution is the fact that Safe Browsing’s list of harmful websites continues to grow rapidly and not all devices have the resources necessary to maintain this growing list, nor to receive and apply the required updates to the list.

Extra Phishing Protection 

Google says it expects this new real-time protection capability to be able to block 25 per cent more phishing attempts.

Partnership With Fastly 

Google says that the new enhanced level of privacy between Chrome and Safe Browsing has been achieved through a partnership with edge computing and security company Fastly.

Like Enhanced Mode 

In its announcement of the new capability, Google also highlighted the similarity between the new feature and Google’s existing ‘Enhanced Protection Mode’ (in Safe Browsing) which also uses a real-time list to compare the URLs customers visit against. However, the opt-in Enhanced Protection also uses “AI to block attacks, provides deep file scans and offers extra protection from malicious Chrome extensions.” 

What Does This Mean For Your Business? 

As noted by Google, the evolving, increasing number of cyber threats, the fact that malicious sites are only around for a few minutes, and that many devices don’t have the resources on board to handle a growing security list (and updates) have necessitated a better security solution. Having the list of suspect sites server-side and offering real-time improved protection kills a few birds with one stone, allows Google a more efficient (and hopefully effective) way to increase its level of security and privacy. It’s also a way for Google to plug a security gap for those who have not taken the opportunity to opt-in to its Enhance Protection Mode since its introduction last year.

For business users and other users of Chrome, the chance to get a massive (estimated) 25 per cent increase in phishing protection without having to do much or pay extra must be attractive. For example, with phishing accounting for 60 per cent of social engineering attacks and, according to a recent Zscaler report, phishing attacks growing by a massive 47 per cent last year, businesses are likely to welcome any fast, easy, extra phishing protection they can get.

Each week we bring you the latest tech news and tips that may relate to your business, re-written in an techy free style. 

Archives