AWS is now making Amazon Personalize available to all customers

Amazon Personalize, first announced during AWS re:Invent last November, is now available to all Amazon Web Services customers. The API enables developers to add custom machine learning models to their apps, including ones for personalized product recommendations, search results and direct marketing, even if they don’t have machine learning experience.

The API processes data using algorithms originally created for Amazon’s own retail business,  but the company says all data will be “kept completely private, owned entirely by the customer.” The service is now available to AWS users in three U.S. regions, East (Ohio), East (North Virginia) and West (Oregon), two Asia Pacific regions (Tokyo and Singapore) and Ireland in the European Union, with more regions to launch soon.

AWS customers who have already added Amazon Personalize to their apps include Yamaha Corporation of America, Subway, Zola and Segment. In Amazon’s press release, Yamaha Corporation of America Director of Information Technology Ishwar Bharbhari said Amazon Personalize “saves us up to 60% of the time needed to set up and tune the infrastructure and algorithms for our machine learning models when compared to building and configuring the environment on our own.”

Amazon Personalize’s pricing model charges five cents per GB of data uploaded to Amazon Personalize and 24 cents per training hour used to train a custom model with their data. Real-time recommendation requests are priced based on how many are uploaded, with discounts for larger orders.

Workhorse gets $25 million needed to finish electric delivery van

Workhorse Group, the electric vehicle company that grabbed headlines last month over a proposed deal to buy General Motors’ Lordstown, Ohio factory, has raised $25 million from a group of unnamed investors.

The money will not go toward the factory. Instead, it will be used for the more pressing matter of keeping the company running. Under terms of the deal, investors will receive preferred stock and warrants to buy shares. An annual dividend will be paid out in shares of Workhorse stock.

The Cincinnati-based company is small, with fewer than 100 employees. Its biggest problem isn’t ideas or even product pipeline; it’s capital.

Workhorse has struggled financially at various points since its founding in 1998. The company reported just $364,000 in revenue in the first quarter, down from $560,000 in the same period last year. As of March 30, 2019, the company had cash, cash equivalents and short-term investments of $2.8 million, compared to $1.5 million as of December 31, 2018.

Workhorse borrowed $35 million from hedge fund Marathon Asset Management earlier this year. 

Workhorse, which was once owned by Navistar and sold in 2013 to AMP Holding, has a customer pipeline for its electric trucks that includes UPS. It’s also hoping to win a contract with the United States Postal Service.

But it needs capital to scale up. The funding gives Workhorse the capital to deliver on its existing backlog and produce its N-GEN delivery van, according to CEO Duane Hughes.

“We now have all necessary pieces in place to bridge Workhorse into full-scale N-GEN production and are looking forward to commencing the manufacturing process, in earnest, during the fourth quarter of this year,” Hughes said in a statement.

Meanwhile, GM has been in talks since early 2019 to sell its Lordstown vehicle factory in Ohio to Workhorse Group. GM’s Lordstown factory stopped producing the automaker’s Chevrolet Cruze in March; without any new vehicles slated for the factory, workers were laid off.

Under the potential Lordstown deal, a new entity led by Workhorse founder Steve Burns would acquire the facility. Workhorse would hold a minority interest in the new entity. This new entity would allow Workhorse to seek new equity without diluting existing shareholder value.

Workhorse would build a commercial electric pickup at the plant if the deal goes through, Hughes has said.

Lilium, the ambitious German air taxi company, picks London for its new software engineering base

Lilium, the ambitious Munich-based startup developing an all-electric vertical take-off and landing (VTOL) device, has announced that London is to be its new software engineering base, flying in the face of Brexit, you may well say. This, says the company, will create “hundreds of high-end software engineering roles” in the U.K. capital city over the next five years.

Alongside designing and manufacturing a new type of jet, Lilium plans to launch a fully vertical “air taxi” service by 2025, which will require consumer-facing “hailing” apps and sophisticated software for fleet management, including maintenance, and scheduling flights on-demand. That system also will need to integrate with existing air traffic control regulations and systems, all of which isn’t trivial, to say the least.

The announcement comes in the slipstream of Lilium unveiling a new five-seater prototype and a maiden flight last month. This saw the full-scale, full-weight prototype successfully take off and land, following extensive ground testing.

Meanwhile, the German startup is disclosing a trio of new senior hires, including the appointment of Carlos Morgado, former chief technology officer (CTO) at Just Eat, to lead the development of the new London software engineering team as VP, Digital Technology.

In addition, Lilium has appointed Anja Maassen van den Brink as chief people officer (CPO), and Luca Benassi as chief development engineer. Maassen van den Brink joins Lilium from VodafoneZiggo. Benassi is said to bring more than 20 years of experience in the aerospace sector, having worked at NASA, Boeing and, most recently, Airbus, where he was a senior expert and head of Acoustics and Vibration.

Commenting on the choice of London as a base for the engineering team, Remo Gerber, chief commercial officer (CCO), comments: “Achieving our aims will require us to build one of the world’s most innovative and high-performing software engineering teams. While we recognize that talent is global, London offers us access to a rich talent pool and an environment that’s well-suited to delivering the extraordinary.”

Of course, how rich that talent pool will remain after Brexit is yet to be seen. But for now it’s clear that Lilium believes that long-term London has more upsides than downsides, regardless of the current Brexit impasse.

Apple is making corporate ‘BYOD’ programs less invasive to user privacy

When people bring their own devices to work or school, they don’t want IT administrators to manage the entire device. But until now, Apple only offered two ways for IT to manage its iOS devices: either device enrollments, which offered device-wide management capabilities to admins or those same device management capabilities combined with an automated setup process. At Apple’s Worldwide Developer Conference last week, the company announced plans to introduce a third method: user enrollments.

This new MDM (mobile device management) enrollment option is meant to better balance the needs of IT to protect sensitive corporate data and manage the software and settings available to users, while at the same time allowing users’ private personal data to remain separate from IT oversight.

According to Apple, when both users’ and IT’s needs are in balance, users are more likely to accept a corporate “bring your own device” (BYOD) program — something that can ultimately save the business money that doesn’t have to be invested in hardware purchases.

The new user enrollments option for MDM has three components: a managed Apple ID that sits alongside the personal ID; cryptographic separation of personal and work data; and a limited set of device-wide management capabilities for IT.

The managed Apple ID will be the user’s work identity on the device, and is created by the admin in either Apple School Manager or Apple Business Manager — depending on whether this is for a school or a business. The user signs into the managed Apple ID during the enrollment process.

From that point forward until the enrollment ends, the company’s managed apps and accounts will use the managed Apple ID’s iCloud account.

Meanwhile, the user’s personal apps and accounts will use the personal Apple ID’s iCloud account, if one is signed into the device.

Third-party apps are then either used in managed or unmanaged modes.

That means users won’t be able to change modes or run the apps in both modes at the same time. However, some of the built-in apps like Notes will be account-based, meaning the app will use the appropriate Apple ID — either the managed one or personal — depending on which account they’re operating on at the time.

To separate work data from personal, iOS will create a managed APFS volume at the time of the enrollment. The volume uses separate cryptographic keys which are destroyed along with the volume itself when the enrollment period ends. (iOS had always removed the managed data when the enrollment ends, but this is a cryptographic backstop just in case anything were to go wrong during unenrollment, the company explained.)

The managed volume will host the local data stored by any managed third-party apps along with the managed data from the Notes app. It also will house a managed keychain that stores secure items like passwords and certificates; the authentication credentials for managed accounts; and mail attachments and full email bodies.

The system volume does host a central database for mail, including some metadata and five line previews, but this is removed as well when the enrollment ends.

Users’ personal apps and their data can’t be managed by the IT admin, so they’re never at risk of having their data read or erased.

And unlike device enrollments, user enrollments don’t provide a UDID or any other persistent identifier to the admin. Instead, it creates a new identifier called the “enrollment ID.” This identifier is used in communication with the MDM server for all communications and is destroyed when enrollment ends.

Apple also noted that one of the big reasons users fear corporate BYOD programs is because they think the IT admin will erase their entire device when the enrollment ends — including their personal apps and data.

To address this concern, the MDM queries can only return the managed results.

In practice, that means IT can’t even find out what personal apps are installed on the device — something that can feel like an invasion of privacy to end users. (This feature will be offered for device enrollments, too.) And because IT doesn’t know which personal apps are installed, it also can’t restrict certain apps’ use.

User enrollments will also not support the “erase device” command — and they don’t have to, because IT will know the sensitive data and emails are gone. There’s no need for a full device wipe.

Similarly, the Exchange Server can’t send its remote wipe command — just the account-only remote wipe to remove the managed data.

Another new feature related to user enrollments is how traffic for managed accounts is guided through the corporate VPN. Using the per-app VPN feature, traffic from the Mail, Contacts and Calendars built-in apps will only go through the VPN if the domains match that of the business. For example, mail.acme.com can pass through the VPN, but not mail.aol.com. In other words, the user’s personal mail remains private.

This addresses what has been an ongoing concern about how some MDM solutions operate — routing traffic through a corporate proxy meant the business could see the employees’ personal emails, social networking accounts and other private information.

User enrollments also only enforces a six-digit non-simple passcode, as the MDM server can’t help users by clearing the past code if the user forgets it.

Some today advise users to not accept BYOD MDM policies because of the impact to personal privacy. While a business has every right to manage and wipe its own apps and data, IT has overstepped with some of its remote management capabilities — including its ability to erase entire devices, access personal data, track a phone’s location, restrict personal use of apps and more.

Apple’s MDM policies haven’t included GPS tracking, however, nor does this new option.

Apple’s new policy is a step toward a better balance of concerns, but will require that users understand the nuances of these more technical details — which they may not.

That user education will come down to the businesses that insist on these MDM policies to begin with — they will need to establish their own documentation, explainers, and establish new privacy policies with their employees that detail what sort of data they can and cannot access, as well as what sort of control they have over corporate devices.