Saturday, September 05, 2020

A common downside to work-from-home. (Still a lot to learn here.)

https://hotforsecurity.bitdefender.com/blog/hacker-steals-7-5-million-from-maryland-non-profit-by-compromising-employees-personal-computer-24078.html?web_view=true

Hacker Steals $7.5 Million from Maryland Non-Profit by Compromising Employee’s Personal Computer

A hacker stole $7.5 million from the endowment funds of The Jewish Federation of Greater Washington, a non-profit from Maryland in the US.

Such security incidents perfectly illustrate the dangers of working from home, as the hacker compromised the personal computer of an employee working remotely. CEO Gil Preuss made the announcement in a virtual call with employees, according to a report from The Washington Post.

… The hack was only discovered on August 4 by a security contractor who noticed unusual activity in an employee’s email account. Preliminary information shows the hacker had access to the system long before stealing the money, as early as the first months of summer.





Be concerned. Be very concerned.

https://securelist.com/digital-education-the-cyberrisks-of-the-online-classroom/98380/?web_view=true

Digital Education: The cyberrisks of the online classroom

… As fall approaches, digital learning will continue to be a necessity. In fact, half of all U.S. elementary and high school students will be entirely online. Even those that are reopening are deploying some kind of hybrid model, such as delivering large lectures online. What’s more, the threat of a second coronavirus wave still remains, meaning that future large-scale school closures are still a possibility.

With this in mind, Kaspersky researchers took a closer look at the cyber risks faced by schools and universities, so that educators can be prepared moving forward – and take the necessary precautions to stay secure.





Don’t miss.

https://www.law.com/newyorklawjournal/2020/09/04/an-ethical-framework-for-artificial-intelligence-part-iii/

An Ethical Framework for Artificial Intelligence—Part III

This column will review the remaining two principles in "Responsible AI" and examine how this work relates to the recent report issued by the European Commission, writes Technology Law columnist Peter Brown.





Perspective. To know or not to know. (Two week free trial available.)

https://www.technologyreview.com/2020/09/04/1008156/knowledge-graph-ai-reads-web-machine-learning-natural-language-processing/

This know-it-all AI learns by reading the entire web nonstop

Like GPT-3, Diffbot’s system learns by vacuuming up vast amounts of human-written text found online. But instead of using that data to train a language model, Diffbot turns what it reads into a series of three-part factoids that relate one thing to another: subject, verb, object.

Pointed at my bio, for example, Diffbot learns that Will Douglas Heaven is a journalist; Will Douglas Heaven works at MIT Technology Review; MIT Technology Review is a media company; and so on. Each of these factoids gets joined up with billions of others in a sprawling, interconnected network of facts. This is known as a knowledge graph.

But Google only does this for its most popular search terms. Diffbot wants to do it for everything. By fully automating the construction process, Diffbot has been able to build what may be the largest knowledge graph ever.

Alongside Google and Microsoft, it is one of only three US companies that crawl the entire public web.

Researchers can access Diffbot’s knowledge graph for free. But Diffbot also has around 400 paying customers. The search engine DuckDuckGo uses it to generate its own Google-like boxes. Snapchat uses it to extract highlights from news pages. The popular wedding-planner app Zola uses it to help people make wedding lists, pulling in images and prices. NASDAQ, which provides information about the stock market, uses it for financial research.

https://www.diffbot.com/





New and improved?

https://news.bloomberglaw.com/antitrust/doj-tweaks-guidelines-on-divestitures-antitrust-merger-remedies

DOJ Tweaks Guidelines on Divestitures, Antitrust Merger Remedies

The updated merger remedy manual outlines how the DOJ will structure certain settlements to ensure that competition remains robust once a merger is completed.



Friday, September 04, 2020

All suggestions are welcome. Apparently, we are not ready for law or regulation.

https://www.zdnet.com/article/australian-government-releases-voluntary-iot-cybersecurity-code-of-practice/?&web_view=true

Australian government releases voluntary IoT cybersecurity code of practice

The Australian government has released a voluntary code of practice for securing the Internet of Things (IoT) in Australia.

The voluntary Code of Practice: Securing the Internet of Things for Consumers [PDF] is intended to provide industry with a best-practice guide on how to design IoT devices with cybersecurity features.





Suggestions for the Computer Security Budget request.

https://www.bespacific.com/2020-cost-of-a-data-breach-report/

2020 Cost of a Data Breach Report

Via Bluefin: “IBM and the Ponemon Institute’s long-awaited 2020 Cost of a Data Breach Report has finally arrived — and with it comes critical insight into the current landscape of cyber security. For the fifteenth consecutive year, IBM and the Ponemon Institute have partnered to analyze the latest breaches at over 500 organizations to uncover trends in cyberattacks and provide insight on data security practices…”





A short security backgrounder…

https://www.troyhunt.com/we-didnt-encrypt-your-password-we-hashed-it-heres-what-that-means/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TroyHunt+%28Troy+Hunt%29

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

the difference between encryption and hashing is fundamental to how at-risk your password is from being recovered and abused after a data breach. I often hear people excusing the mischaracterisation of password storage on the basis of users not understanding what hashing means, but what I'm actually hearing is that breached organisations just aren't able to explain it in a way people understand. So here it is in a single sentence:

A password hash is a representation of your password that can't be reversed, but the original password may still be determined if someone hashes it again and gets the same result.

P@ssw0rd

here's what the hash of that password looks like:

161ebd7d45089b3446ee4e0d86dbcf92

This hash was created with the MD5 hashing algorithm and is 32 characters long. A shorter password hashed with MD5 is still 32 characters long. This entire blog post hashed with Md5 is still 32 characters long. This helps demonstrate the fundamental difference between hashing and encryption: a hash is a representation of data whilst encryption is protected data.





Management either failed to have a procedure or failed to ensure it was being followed.

https://hotforsecurity.bitdefender.com/blog/american-payroll-association-forgets-to-patch-web-portal-hackers-skim-credit-cards-and-passwords-off-site-24063.html

American Payroll Association Forgets to Patch Web Portal, Hackers Skim Credit Cards and Passwords Off Site

Embarrassingly, the APA seems to admit its technicians failed to deploy the necessary patches at the right time, leading to hackers exploiting known vulnerabilities in its systems.





Another world I can never enter because I don’t own a smartphone?

https://www.theatlantic.com/technology/archive/2020/09/pandemic-no-excuse-colleges-surveil-students/616015/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+AtlanticScienceAndTechnology+%28The+Atlantic+-+Technology%29

The Pandemic Is No Excuse to Surveil Students

Trying to do so is all but useless.

In Michigan, a small liberal-arts college is requiring students to install an app called Aura, which tracks their location in real time, before they come to campus. Oakland University, also in Michigan, announced a mandatory wearable that would track symptoms, but, facing a student-led petition, then said it would be optional. The University of Missouri, too, has an app that tracks when students enter and exit classrooms. This practice is spreading: In an attempt to open during the pandemic, many universities and colleges around the country are forcing students to download location-tracking apps, sometimes as a condition of enrollment. Many of these apps function via Bluetooth sensors or Wi-Fi networks. When students enter a classroom, their phone informs a sensor that’s been installed in the room, or the app checks the Wi-Fi networks nearby to determine the phone’s location.





Years ago I worked with two start-ups that conducted hardware and software inventories. This is not as simple as it sounds!

https://www.databreaches.net/hipaa-covered-entities-and-business-associates-need-an-it-asset-inventory-list-ocr-recommends/

HIPAA Covered Entities and Business Associates Need an IT Asset Inventory List, OCR Recommends

Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write:

Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often find that organizations “lack sufficient understanding” of where all of their ePHI is located, and while the creation of an IT asset inventory list is not required under the HIPAA Security Rule, it could be helpful in the development of a risk analysis, and in turn and implementing appropriate safeguards – which are HIPAA Security Rule requirements.

Read more on Workplace Privacy, Data Management & Security Report





Pouring gasoline on an already fiery debate?

https://www.infosecurity-magazine.com/news/dhs-biometric-collection-rules/?&web_view=true

Homeland Security to Propose Biometric Collection Rules

The Department of Homeland Security (DHS) is to propose a standard definition of biometrics for authorized collection, which would establish a defined regulatory purpose for biometrics and create clear rules for using the information collected.

A proposed expansion would modernize biometrics collection and authorize expanded use of biometrics beyond background checks to include identity verification, secure document production and records management.



(Related)

https://fpf.org/2020/09/03/californias-sb-980-would-codify-strong-protections-for-genetic-data/

California’s SB 980 Would Codify Strong Protections for Genetic Data

This week, SB 980 (the “Genetic Information Privacy Act”) passed the California State Assembly and State Senate, with near unanimous support (54-10 and 39-0). If signed by the Governor before the Sept. 30 deadline, the law would become the first comprehensive genetic privacy law in the United States, establishing significant new protections for consumers of genetic services.





If China produces a provably unbiased AI judge, would we be willing to outsource?

https://www.jdsupra.com/legalnews/law-and-justice-powered-by-artificial-86782/

Law and Justice Powered by Artificial Intelligence? It's Already a Reality

Change happens faster than we predict. It is also happening more frequently. Consider, China is launching an online AI arbitrator this year. The United Nations wants to improve access to justice through AI judges and has been actively working on this for four years. A handful of firms have built digital assistants to help legal team comply with case rules to reduce time and expenses that are actually not billable.

Now factor in COVID-19. While it has been a pox on our lives, it has also been a great accelerator for innovation. With physical courtrooms closed, it accelerated the adoption virtual courtrooms. Law firms that never though(sic) a remote workforce would be effective are now wondering why they need huge offices when people seem to be working more effectively from home. Both the courts and firms are also turning more to AI-powered solutions to improve operational collaboration and efficiencies as well as to establish deeper engagement with petitioners and clients.





More a summation…

https://hbr.org/2020/09/what-does-building-a-fair-ai-really-entail

What Does Building a Fair AI Really Entail?

Artificial intelligence (AI) is rapidly becoming integral to how organizations are run. This should not be a surprise; when analyzing sales calls and market trends, for example, the judgments of computational algorithms can be considered superior to those of humans. As a result, AI techniques are increasingly used to make decisions. Organizations are employing algorithms to allocate valuable resources, design work schedules, analyze employee performance, and even decide whether employees can stay on the job.

This creates a new set of problems even as it solves old ones. As algorithmic decision-making’s role in calculating the distribution of limited resources increases, and as humans become more dependent on and vulnerable to the decisions of AI, anxieties about fairness are rising. How unbiased can an automated decision-making process with humans as the recipients really be?





Twilight or dawn?

https://venturebeat.com/2020/09/03/were-entering-the-ai-twilight-zone-between-narrow-and-general-ai/

We’re entering the AI twilight zone between narrow and general AI

there are experts who believe the industry is at a turning point, shifting from narrow AI to AGI. Certainly, too, there are those who claim we are already seeing an early example of an AGI system in the recently announced GPT-3 natural language processing (NLP) neural network. While NLP systems are normally trained on a large corpus of text (this is the supervised learning approach that requires each piece of data to be labeled), advances toward AGI will require improved unsupervised learning, where AI gets exposed to lots of unlabeled data and must figure out everything else itself. This is what GPT-3 does; it can learn from any text.



(Related)

https://thenextweb.com/neural/2020/09/03/the-fourth-generation-of-ai-is-here-and-its-called-artificial-intuition/

The fourth generation of AI is here, and it’s called ‘Artificial Intuition’

Artificial Intelligence (AI) is one of the most powerful technologies ever developed, but it’s not nearly as new as you might think. In fact, it’s undergone several evolutions since its inception in the 1950s. The first generation of AI was ‘descriptive analytics,’ which answers the question, “What happened?” The second, ‘diagnostic analytics,’ addresses, “Why did it happen?” The third and current generation is ‘predictive analytics,’ which answers the question, “Based on what has already happened, what could happen in the future?”

While predictive analytics can be very helpful and save time for data scientists, it is still fully dependent on historic data. Data scientists are therefore left helpless when faced with new, unknown scenarios. In order to have true “artificial intelligence,” we need machines that can “think” on their own, especially when faced with an unfamiliar situation. We need AI that can not just analyze the data it is shown, but express a “gut feeling” when something doesn’t add up. In short, we need AI that can mimic human intuition. Thankfully, we have it.



Thursday, September 03, 2020

What does this hacker group have against New Zealand? (They are small and therefore they must be vulnerable?)

https://www.nbcnews.com/tech/security/new-zealand-enduring-wave-cyberattacks-rcna105?&web_view=true

New Zealand enduring wave of cyberattacks

The attacks stopped share trading for up to several hours at a time over four days last week.

the bank TSB, which was hit Tuesday.

Another bank, Westpac, said it successfully repelled an attack two weeks ago and hadn’t been hit again since. News organizations Stuff and RNZ reported they had repelled attacks over the weekend.

The weather organization MetService was also hit this week





Retaliation, not origination?

https://www.justsecurity.org/72181/iran-joins-discussions-of-sovereignty-and-non-intervention-in-cyberspace/

Iran Joins Discussions of Sovereignty and Non-Intervention in Cyberspace

On August 18, the General Staff of the Iranian Armed Forces released a statement outlining its views on how international law applies in cyberspace. The detailed statement is the first of its kind issued from a major non-Western cyber power (with the possible exception of China’s International Strategy of Cooperation on Cyberspace ) and therefore merits particularly close attention and scrutiny.

[From the statement:

Armed forces of the Islamic Republic of Iran do not initiate any conflict in cyberspace as in the physical space. They regard the policy included in this instrument as a framework for their actions in confronting any threat in cyberspace,” the statement said.

It is clear that the Armed forces of the Islamic Republic of Iran reserve the right to react to any threat at any level in a firmed and decisive manner if any of the policies included in the present instrument may be violated by any state, group, or any other person or entity supported, controlled or directed by any state,” it added.





Another checklist for my Computer Security students.

https://www.infosecurity-magazine.com/news/ncsc-releases-cyberguidance/?&web_view=true

NCSC Releases Cyber-Guidance

The joint cybersecurity advisory "Technical Approaches to Uncovering and Remediating Malicious Activity" was published today in conjunction with the US’s Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre, the New Zealand National Cyber Security Centre and CERT NZ, and the Canadian Communications Security Establishment.





Yes it was unconstitutional, but no big deal?

https://www.politico.com/news/2020/09/02/court-rules-nsa-phone-snooping-illegal-407727

Court rules NSA phone snooping illegal — after 7-year delay

The National Security Agency program that swept up details on billions of Americans' phone calls was illegal and possibly unconstitutional, a federal appeals court ruled Wednesday.

However, the unanimous three-judge panel of the 9th Circuit Court of Appeals said the role the so-called telephone metadata program played in a criminal terror-fundraising case against four Somali immigrants was so minor that it did not undermine their convictions.





Not surprising. If you choose to opt-out you should probably travel with a lawyer. I doubt your ‘lawyer app’ would be sufficient.

https://www.bespacific.com/cbp-does-not-make-it-clear-americans-can-opt-out-of-airport-face-scanning/

CBP does not make it clear Americans can opt out of airport face scanning

Tech Crunch: “A government watchdog has criticized U.S. border authorities for failing to properly disclose the agency’s use of facial recognition at airports, which included instructions on how Americans can opt out. U.S. Customs and Border Protection (CBP), tasked with protecting the border and screening immigrants, has deployed its face-scanning technology in 27 U.S. airports as part of its biometric entry-exit program. The program was set up to catch visitors who overstay their visas. Foreign nationals must complete a facial recognition check before they are allowed to enter and leave the United States, but U.S. citizens are allowed to opt out. But the Government Accountability Office (GAO) said in a new report out Wednesday that CBP did “not consistently” provide notices that informed Americans that they would be scanned as they depart the United States…”





Why Rolls Royce? Trying to sound trustworthy?

https://indianexpress.com/article/technology/tech-news-technology/rolls-royce-announces-ai-ethics-framework-will-make-it-available-to-all-6580194/

Rolls-Royce announces AI ethics framework, will make it available to all

In what could increase the trust individuals and the society have on artificial intelligence which has started permeating many parts of daily life, Rolls-Royce has announced an AI ethics framework to ensure that decisions taken by the technology are ethical. The company has also announced a five-layer checking system focuses on ensuring the outcomes of the constantly-changing AI algorithms can be trusted.

The ethics framework and its trust process have been peer reviewed by subject matter experts in several big tech firms, as well as experts in the automotive, pharmaceutical, academic and government sectors, a Rolls-Royce release said, adding that the same will also be published in full under Creative Commons licence later this year on the Rolls-Royce.com website.





For stay-at-home campers?

https://www.bespacific.com/sounds-of-the-forest/

Sounds of the Forest

We are collecting the sounds of woodlands and forests from all around the world, creating a growing soundmap bringing together aural tones and textures from the world’s woodlands. The sounds form an open source library, to be used by anyone to listen to and create from. Selected artists will be responding to the sounds that are gathered, creating music, audio, artwork or something else incredible, to be presented at Timber Festival 2021. This second part of the project is gratefully supported by PRS for Music Foundation.





For my students.

https://www.bespacific.com/the-new-rules-for-landing-a-job-in-the-covid-era/

The New Rules for Landing a Job in the Covid Era

WSJ.com [paywall and alternate source no paywall ] – “It takes luck, creativity and a fresh look at your network of contacts to find a job in the worst labor market in more than a decade. Since the pandemic hit the U.S. hard in March, the economy has lost 13 million jobs, job seekers have seen offers yanked away, and many recent college graduates remain sidelined. But there is reason to be optimistic, albeit cautiously: Many employers are still hiring. More than half of small and midsize companies plan to hire full-time employees this year, according to an August survey of 600 human-resources and finance chiefs by Paycor, an HR software company. And while the percentage of LinkedIn members hired into new jobs fell 7.4% in July compared with the year before, it jumped 57.5% from June, according to LinkedIn’s August Workforce Report. But today’s jobs landscape is wildly different from the red-hot labor market of early 2020. An open position can yield hundreds of applications. Many job interviews are still happening over laptop screens, and companies’ hiring needs are changing as fast as the economic outlook…”



Wednesday, September 02, 2020

Another risk Computer Security must address?

https://www.zdnet.com/article/gartner-expects-more-ceos-to-be-personally-liable-for-cyber-physical-security-incidents/

Gartner expects more CEOs to be personally liable for cyber-physical security incidents

The liability for failing to protect systems from cyber incidents will fall directly onto many CEOs by 2024, Gartner is predicting.

The analyst firm expects liability for cyber-physical systems (CPSs) incidents will pierce the corporate veil to personal liability for 75% of CEOs.

"Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing rules and regulations governing them," research vice president at Gartner Katell Thielemann said.





Something we can look forward to?

https://www.nytimes.com/reuters/2020/09/01/world/europe/01reuters-norway-parliament.html?&web_view=true

Norway's Parliament Says It Was Hit by 'Significant' Cyber Attack

The Norwegian parliament suffered a cyber attack during the past week and the e-mail accounts of several elected members as well as employees were hacked, the national assembly and a counter-intelligence agency said on Tuesday.

Several members and staff of Norway's main opposition Labour Party were affected, a party spokesman told public broadcaster NRK.





Similar to ‘security by design,’ but requiring ethicists – not many IT departments have them on staff.

https://techxplore.com/news/2020-09-qa-embedded-ethics-approach-ai.html

Q&A: The embedded ethics approach in AI development

The increasing use of AI (artificial intelligence) in the development of new medical technologies demands greater attention to ethical aspects. An interdisciplinary team at the Technical University of Munich (TUM) advocates the integration of ethics from the very beginning of the development process of new technologies. Alena Buyx, professor of ethics in medicine and health technologies, explains the embedded ethics approach.

The idea is to make ethics an integral part of the research process by integrating ethicists into the AI development team from day one. For example, they attend team meetings on a regular basis and create a sort of "ethical awareness" for certain issues. They also raise and analyze specific ethical and social issues.





Interesting that neither organization noticed until the FBI pointed it out.

https://www.zdnet.com/article/facebook-and-twitter-suspend-russian-propaganda-accounts-following-fbi-tip/?&web_view=true

Facebook and Twitter suspend Russian propaganda accounts following FBI tip

Facebook and Twitter said on Tuesday that they removed social media accounts for a news organization going by the name of PeaceData, which they linked to Russia's state propaganda efforts.

The two social networks said they started an investigation into accounts associated with this news site after they received a tip from the FBI earlier this summer.

In a report [PDF] published today analyzing PeaceData's operations, social media research group Graphika said the news site focused on publishing news articles in both English and Arabic, critical of the US, the UK, and France.





Let’s see who jumps aboard.

https://www.technologyreview.com/2020/09/02/1007921/apple-and-google-have-launched-coronavirus-exposure-notifications-without-an-app/

Apple and Google have launched coronavirus exposure notifications without an app

The news: Apple and Google have announced they’re expanding their coronavirus exposure warning system so health agencies can take part without needing to create a customized app.

All the agency has to do is provide Apple and Google with some basic information and set up servers to host Bluetooth keys and exposure verification.





The pendulum swings again? Is this fundamentally different from looking at surveillance video?

New Federal Court Rulings Find Geofence Warrants Unconstitutional

Jennifer Lynch and Nathaniel Sobel write:

Two federal magistrate judges in three separate opinions have ruled that a geofence warrant violates the Fourth Amendment’s probable cause and particularity requirements. Two of these rulings, from the federal district court in Chicago, were recently unsealed and provide a detailed constitutional analysis that closely aligns with arguments EFF and others have been making against geofence warrants for the last couple years.

Geofence warrants, also known as reverse location searches, are a relatively new investigative technique used by law enforcement to try to identify a suspect. Unlike ordinary warrants for electronic records that identify the suspect in advance of the search, geofence warrants essentially work backwards by scooping up the location data from every device that happened to be in a geographic area during a specific period of time in the past. The warrants therefore allow the government to examine the data from individuals wholly unconnected to any criminal activity and use their own discretion to try to pinpoint devices that might be connected to the crime. Earlier this summer, EFF filed an amicus brief in People v. Dawes, a case in San Francisco Superior Court, arguing that a geofence warrant used there violates deep-rooted Fourth Amendment law.

In Chicago, the government applied to a magistrate judge for a geofence warrant as part of an investigation into stolen pharmaceuticals. Warrant applications like these occur before there is a defendant in a case, so they are almost never adversarial (there’s no lawyer representing a defendant’s interest), and we rarely find out about them until well after the fact, which makes these unsealed opinions all the more interesting.

Here, the government submitted an application to compel Google to disclose unique device identifiers and location information for all devices within designated areas during forty-five minute periods on three different dates. The geofenced areas were in a densely populated city near busy streets with restaurants, commercial establishments, a medical office, and “at least one large residential complex, complete with a swimming pool, workout facilities, and other amenities associated with upscale urban living.”

Read more on EFF.





We been doing this all along...”

https://www.insideprivacy.com/artificial-intelligence/ftc-provides-guidance-on-use-of-ai-and-algorithms/

FTC Provides Guidance on Use of AI and Algorithms

What guidance has the FTC recently provided on the use of AI and algorithms? Our colleagues, former FTC Commissioner, Terrell McSweeny, and AI Initiative Co-Chair, Lee Tiedrich, explain in The Journal of Robotics, Artificial Intelligence and Law.

[From the PDF:

Based on prior FTC enforcement actions, studies, reports, and other sources of guidance, the post outlined five general principles for using AI and algorithms while adequately managing consumer protection risks, discussed below.





Interesting in a communication kind of way…

https://daily.jstor.org/the-linguistic-evolution-of-taylor-swift/

The Linguistic Evolution of Taylor Swift

With the surprise midsummer release of Folklore, it seems that Taylor Swift has finally put out an indie record much cooler than her others, one that even a Pitchfork editor could love. The critically acclaimed, aptly named Folklore feels like a cozy, autumnal, cardigan-wearing kind of album, homing in on the telling and retelling of stories of heartbreak and longing through the lyricism of language at the heart of Swift’s songwriting.





Something for Python learners...

https://www.zdnet.com/article/python-programming-microsofts-latest-beginners-course-looks-at-developing-for-nasa-projects/

Python programming: Microsoft's latest beginners' course looks at developing for NASA projects

Microsoft has teamed up with NASA to create three project-based learning modules that teach entry-level coders how to use the Python programming language and machine-learning algorithms to explore space, classify space rocks and predict weather and rocket-launch delays.

Students need a Windows, Mac or Linux computer to complete the modules, which teach the basics of what a programming language is, how to use Microsoft's Visual Studio Code (VS Code) code editor, install extensions for Python, and how to run a basic Jupyter Notebook within VS Code – some of the key ingredients to get started on a machine-learning project.

Microsoft's learning modules don't actually teach anything about how to code in Python but rather offer some ideas, focussing on NASA's space exploration activities, to illustrate how Python could be used in space exploration.