Daily Tech Digest - May 29, 2020

Cases dealt with by AI courts rely heavily on blockchain evidence. For the uninitiated, blockchain is literally a chain of digital blocks. It is the system of storing digital information (the block) in a public database (the chain). Blockchain preserves information about transactions like the date, time and purchase amount etc. A classic illustration would be a purchase on Amazon. It contains a series of transactions which are recorded and kept on a digital platform. Each ‘block’ added to the ‘chain’ comes into the public domain, where it remains preserved. The critical question is, is blockchain tamper-proof? Is alteration of its data impossible by human intervention? Is blockchain data immutable and time-stamped, and can it safely be used as an auditable trail? The judges in China think so. China’s Supreme People’s Court has put matters to rest. It has ruled that evidence authenticated with blockchain technology is binding in legal disputes. It ruled, "...internet courts shall recognize digital data that are submitted as evidence if relevant parties collected and stored these data via blockchain with digital signatures, reliable timestamps and hash value verification or via a digital deposition platform, and can prove the authenticity of such technology used."


GitHub Supply Chain Attack Uses Octopus Scanner Malware

When Octopus Scanner lands on a machine, it looks for signs indicating the NetBeans IDE is in use on a developer's system, GitHub security researcher Alvaro Muñoz explains in a blog post on their findings. If it doesn't find anything, the malware takes no action. If it does, it ensures that every time a project is built, any resulting JAR files are infected with a dropper. When executed, the payload ensures persistence and spreads a remote access Trojan (RAT), which connects to C2 servers. The malware continues to spread by infecting NetBeans projects, or JAR files. This way, it backdoors healthy projects so when developers release code to the public, it contains malware. The goal of Octopus Scanner is to insert backdoors into artifacts built by NetBeans so the attacker can use these resources as part of the C2 server, Waisman says. "When the end user deploys the workload, they have given the attacker access via the backdoor to their resources for use as part of a command-and-control server," he adds. 


How the coronavirus pandemic is affecting developers' mental health

Working from home has always included controversy. While two-thirds of employees prefer to do so--more than a third would choose this perk over a pay raise and another 37% would take a 10% pay cut to stay home--management has traditionally been less than thrilled with the idea. It's often been viewed by executives as a way for workers to underperform in their roles or fly under the radar. As a result, given that many organizations now have no choice but to promote work-from-home capabilities, these are being doled out with increased expectations and heftier accountability requirements. The economic downturn and threat of looming layoffs don't help the situation. I can say I've put in more hours than ever before proving my value in my role to ensure that the systems and services for which I am responsible stay up and running. ... Without commutes it can seem like there are more hours in the day, but at the same time there aren't clear breaks between home and work time, nor the regular breaks for mentally recharging like going out for coffee or even just visiting the snack area and talking to coworkers.


Create Deepfakes in 5 Minutes with First Order Model Method

The basis of deepfakes, or image animation in general, is to combine the appearance extracted from a source image with motion patterns derived from a driving video. For these purposes deepfakes use deep learning, where their name comes from (deep learning + fake). To be more precise, they are created using the combination of autoencoders and GANs. Autoencoder is a simple neural network, that utilizes unsupervised learning (or self-supervised if we want to be more accurate). They are called like that because they automatically encode information and usually are used for dimensionality reduction. It consists of three parts: encoder, code, and decoder. The encoder will process the input, in our case input video frame, and encode it. This means that it transforms information gathered from it into some lower-dimensional latent space – the code. In this latent representation information about key features like facial features and body posture of the video-frame is contained. In lame terms, here we have information about what face is doing, does it smile or blinks, etc. 


Mobile security forces difficult questions

When it comes to security, compliance and what IT or Security have the right to do, neither is demonstrably better, unless you're willing to put rights and restrictions in writing and — this is the hard part — enforce them. The biggest worry for either modes involves remote wipe. When a device is suspected to have been stolen, remote wipe needs to happen, to reduce the chance of enterprise data being stolen or an attack being waged. That question becomes difficult when the device is owned by the employee. Does the enterprise have the right to wipe it and permanently delete any personal data, images, messages, videos, etc.? We'll get back to BYOD deletions in a moment. But for corporate devices, the deletion would seem to be much easier. And yet, it's not. Many companies encourage employees to not use the corporate mobile device for anything other than work, but few put it in writing and stress that the company may have to obliterate everything on the phone in the case of a perceived security emergency — and insist that it be signed before the phone is distributed.


Digital Distancing with Microsegmentation

Microsegmentation improves data center security by controlling the network traffic into and out of a network connection. Ultimately, the goal of microsegmentation is to implement Zero Trust. Done properly, microsegmentation is effectively a whitelist for network traffic. This means that systems on any given network can strictly communicate with the specific systems they need to communicate with, in the manner they are supposed to communicate, and nothing else. With connections and communications so regimented, microsegmentation is among the best protections we have today against lateral compromise. This allows microsegmentation administrators to protect whatever is on the other end of that network connection from whatever else is on the network. It also allows everything else on the network to receive a basic level of protection from whatever might be on the other end of that network connection. This is a huge change from the "eggshell computing" model in which all defenses are concentrated at the perimeter (the eggshell) but everything behind that edge is wide open (the soft insides of the egg). 


Cisco Throws Its Weight Behind SASE

SASE represents an opportunity to put more of Cisco’s networking and security services in the cloud, said Jeff Reed, SVP of product for Cisco’s security business group. Cisco’s SASE offering will tie together elements of its networking, security, and zero-trust product lines. This includes elements of its Viptela and Meraki SD-WAN platforms to address SASE’s WAN and routing requirements. Meanwhile, for security, the vendor will lean on Cisco Umbrella for secure web gateway, domain name system (DNS), firewall, and cloud access security broker (CASB) functionality. Finally, Cisco will integrate core elements of its zero-trust networking portfolio — which includes Duo, SD-Access, and AnyConnect — to verify identity and enhance the overall security of the offering. “We had this opportunity … to basically tie all the strength we have on the network side into the abilities and capabilities we have on the security side,” Reed said. But Reed emphasizes that Cisco won’t be “lifting and shifting” existing constructs and running them in the cloud. Cisco is fully embracing the cloud-native underpinnings of SASE, he said. “We’re doing cloud native, so we’re not just lifting and shifting our virtual firewall in the cloud.”


Compare a product vs. project mindset for software development

Enterprises have started to recognize the danger of a project mindset, namely, that everyone focuses less on the product. "A perfect project management system can complete every task ... in a vacuum, with amazing results -- and still fail when it comes time to go to market," said Alexander M. Kehoe, operations director at Caveni Digital Solutions, a web design consultancy. Apple has applied both project and product mindsets. Apple's iPhone innovation enabled it to grow into one of the largest companies in the world. However, critics accuse Apple of releasing a nearly carbon-copy iPhone each year. According to these critics, product quality for these phones has stagnated, as Apple finishes projects with little or no consideration on the product side. Because of this reliance on project-oriented thinking, Kehoe said, the next major mobile phone innovation might not come from Apple. If another company takes the lead in mobile phone innovation, Apple might see its market dominance evaporate overnight, he said.



Report: Debugging Efforts Cost Companies $61B Annually


The report also notes software engineers spend on average of 13 hours to fix a single software failure. According to the report, 41% said identified reproducing a bug as the biggest barrier to finding and fixing bugs faster, followed by wiring tests (23%) and actually fixing the bug (23%). Well over half (56%) said they could release software one to two days faster if reproducing failures were not an issue. Just over a quarter of developer time (26%) is spent reproducing and fixing failing tests. On the plus side, 88% of respondents said their organizations have adopted continuous integration (CI) practices, with more than 50% of businesses reporting they can deploy new code changes and updates at least daily. Over a third (35%) said they can make hourly deployments. Undo CEO Barry Morris said the report makes it clear organizations need to be able to record software to reduce the amount of time it takes to find bugs. Unfortunately, even then finding a bug is still a labor-intensive process that can involve analyzing millions of lines of code.


Using Cloud AI for Sentiment Analysis

Natural Language Toolkit (NLTK) is a powerful Python library for natural language processing (NLP) and machine learning. Popular cloud services offer some alternative NLP tools that use the same underlying concepts as NLTK. ... If you've followed through the NLP sentiment analysis articles we started in Introducing NLTK for Natural Language Processing, you've seen one established approach. The following overviews will show you what the interface and response look like for sentiment analysis on these cloud services. In many cases it's very similar to NLTK, just using the horsepower of someone else's computers. Amazon Web Services (AWS) provides an Amazon Comprehend NLP service that includes a range of features analogous to some of what you’ll find in NLTK. Similar to NLTK’s pos_tag, the AWS service can identify parts of speech (POS) and tag them as proper names, places, and locations, and so forth. It has support for 100 languages that can be detected in unstructured text, and includes text summarization capabilities to identify and extract key phrases that contribute to the overall meaning of a given piece of text.



Quote for the day:

"If you're not prepared to be wrong, you'll never come up with anything original." -- Sir Ken Robinson


Daily Tech Digest - May 28, 2020


Analysis by researchers at cybersecurity company Tessian reveals that 52 percent of employees believe they can get away with riskier behaviour when working from home, such as sharing confidential files via email instead of more trusted mechanisms. ... In some cases, employees aren't purposefully ignoring security practices, but distractions while working from home such as childcare, room-mates and not having a desk set-up like they would at the office are having an impact on how people operate. Meanwhile, some employees say they're being forced to cut security corners because they're under pressure to get work done quickly. Half of those surveyed said they've had to find workarounds for security policies in order to efficiently do the work they're required to do – suggesting that in some cases, security policies are too much of a barrier for employees working from home to adapt to. However, by adopting workarounds employees could be putting their organisation at risk from cyber attacks, especially as hackers increasingly turn their attention to remote workers. "But, all it takes is one misdirected email, incorrectly stored data file, or weak password, before a business faces a severe data breach that results in the wrath of regulations and financial turmoil".



Google, Microsoft most spoofed brands in latest phishing attacks


In form-based phishing attacks, scammers leverage sites such as Google Docs and Microsoft Sway to trap victims into revealing their login credentials. The initial phishing email typically contains a link to one of these legitimate sites, which is why these attacks can be difficult to detect and prevent. Among the nearly 100,000 form-based attacks that Barracuda detected over the first four months of 2020, Google file sharing and storage sites were used in 65% of them. These attacks included such sites as storage.googleapis.com, docs.google.com, storage.cloud.google.com, and drive.google.com. Microsoft brands were spoofed in 13% of the attacks, exploiting such sites as onedrive.live.com, sway.office.com, and forms.office.com. Beyond Google and Microsoft, other sites spoofed in these attacks were sendgrid.net, mailchimp.com, and formcrafts.com. ... criminals try to spoof emails that seem to have been creating automatically through file sharing sites such as Microsoft OneDrive. The emails contain links that take users to a legitimate site such as sway.office.com. But that site then leads the victim to a phishing page prompting for login credentials.



Four ways to reflect that help boost performance


On top of a mountain, a leader retreats to ask him or herself a set of questions about life, stress, and sacrifice, capturing the answers in a beautifully bound notebook. The questions don’t vary much. Where are you going? How are you living your values? What gives you meaning, purpose, or fulfillment? Are all the components of your life managed as you need them to be managed: career, family, friends, finances, health, and spiritual growth? The power of this reflection comes from digging deep and being in touch with your core. It is very much an affair of the heart. With the insights from this exercise, you come back to your role renewed, focused on what matters to you and clearer about how you will lead this year. Although this kind of deep reflection is a useful process, it may not be enough to tackle the range of problems a business encounters in the course of a year because it focuses solely on the leader. In our experience working together and independently coaching leaders, we find that they and their teams benefit from four ways of more targeted reflection that help refocus and reframe challenges


IT Staffing Guide

After taking the time to write out your job description and put it out there on as many job boards as possible, you can only hope and pray that the right candidate finds you. Meanwhile, your organization loses time and money while operating with less than full staff and taking time away from work to conduct interviews that may or may not lead to a successful hire. In the best-case scenario, you find someone great, and you are just out the original time and money. In the worst-case scenario, time drags on, and no one who is right for the position ever applies, or you hire someone, and it doesn’t work out, hopefully only once. A thriving, growing company just does not have time for this every time they need to add to the team. In short, IT staffing agencies will save your company both time and money. IT staffing agencies take the time to get to know the needs of both the company and the potential employees and takes the time to match the two in both technical and cultural aspects.


Flutter: Reusable Widgets


Most of the time, we are duplicating so many widgets just for a little change. What could be the best possible way to get rid of these things? It’s creating Reusable Widgets. It’s always good practice to use Reusable Widgets to maintain consistency throughout the app. When we are dealing with multiple projects, we don’t like to write to each code multiple times. It will create duplication and in the end, if any issue comes we end up with a mess. So, the best way is to create a base widget and use it everywhere. You can modify it based on your requirement and another advantage is if any change comes then you need to do it in one place and it’ll be reflected everywhere. ... Try to code less business logic inside a UI widget. All the communication between the user and UI should be done via events. So, if there is a need to use the same widget in another project, you can do it quickly. ... Access data via callbacks is the best possible way to separate your View part from business logic(Just like View and ViewModel).


The mobile testing gotchas you need to know about

The mobile testing gotchas you need to know about
If you’re dealing with a native mobile application, you can find yourself in the wild west. It’s not so bad on iOS, where current OS support is available for devices several years old, but in the Android world, the majority of currently active devices are running versions four or five years old. This presents a huge challenge for testing. In my group, we’re lucky enough to only deliver on iPads, and we set a policy of only supporting the currently shipping version of iOS and one major release back. But if you are trying to be more inclusive or are stuck supporting the much more heterogeneous Android ecology, you have to do a lot of testing across multiple devices and OS versions. You can’t even get away with testing on a lowest common denominator release. Your dev team is probably conditionally taking advantage of new OS features, such as detecting which OS version the device is running and using more modern features when available. As a result, you have to test against pretty much every version of the OS you need to support.


Fujitsu delivers exascale supercomputer that you can soon buy

supercomputer / servers / data center / network
Fujitsu announced last November a partnership with Cray, an HPE company, to sell Cray-branded supercomputers with the custom processor used in Fugaku. Cray already has deployed four systems for early evaluation located at Stony Brook University, Oak Ridge National Laboratory, Los Alamos National Laboratory, and the University of Bristol in Britain. According to Cray, systems have been shipped to customers interested in early evaluation, and it is planning to officially launch the A64fx system featuring the Cray Programming Environment later this summer. Fugaku is remarkable in that it contains no GPUs but instead uses a custom-built Arm processor designed entirely for high-performance computing. The motherboard has no memory slots; the memory is on the CPU die. If you look at the Top500 list now and proposed exaFLOP computers planned by the Department of Energy, they all use power-hungry GPUs. As a result, Fugaku prototype topped the Green500 ranking last fall as the most energy efficient supercomputer in the world. Nvidia’s new Ampere A100 GPU may best the A64fx in performance but with its 400-watt power draw it will use a lot more power.


Use of cloud collaboration tools surges and so do attacks

Cloud security threats  >  Lightning strikes a digital landscape via binary clouds.
The use rate of certain collaboration and videoconferencing tools has been particularly high. Cisco Webex usage has increased by 600%, Zoom by 350%, Microsoft Teams by 300% and Slack by 200%. Again, manufacturing and education ranked at the top. While this rise in the adoption of cloud services is understandable and, some would argue, a good thing for productivity in light of the forced work-from-home situation, it has also introduced security risks. McAfee's data shows that traffic from unmanaged devices to enterprise cloud accounts doubled. "There's no way to recover sensitive data from an unmanaged device, so this increased access could result in data loss events if security teams aren't controlling cloud access by device type." Attackers have taken notice of this rapid adoption of cloud services and are trying to exploit the situation. According to McAfee, the number of external threats targeting cloud services increased by 630% over the same period, with the greatest concentration on collaboration platforms.


Analytics critical to decisions about how to return to work

As offices begin to reopenamid the COVID-19 crisis, decisions will have to be made in order to limit the potential spread of the virus.
"There's a couple of things, and one is understanding your performance," Menninger said. "That's a key aspect of analytics -- understanding your current performance, extrapolating from that performance, planning and looking forward with that information -- and finding some patterns in the past that perhaps might be useful." Doing an internal analysis can also help an organization find ways to cut costs it may not have taken advantage of in the past. Trimming costs, meanwhile, is something many enterprises don't do when the economy is more stable and their profits more predictable, but economic uncertainty forces organizations to more closely examine their spending, said Mike Palmer, CEO of analytics startup Sigma Computing. "One thing to look at is how to optimize the business -- where do I have efficiencies that I can gain, how many do I have?" Palmer said. "There are so many questions that the average company doesn't effectively answer in good times because they don't focus on optimization."


Machine Learning in Java With Amazon Deep Java Library

Machine Learning in Java With Amazon Deep Java Library
Interest in machine learning has grown steadily over recent years. Specifically, enterprises now use machine learning for image recognition in a wide variety of use cases. There are applications in the automotive industry, healthcare, security, retail, automated product tracking in warehouses, farming and agriculture, food recognition and even real-time translation by pointing your phone’s camera. Thanks to machine learning and visual recognition, machines can detect cancer and COVID-19 in MRIs and CT scans. Today, many of these solutions are primarily developed in Python using open source and proprietary ML toolkits, each with their own APIs. Despite Java's popularity in enterprises, there aren’t any standards to develop machine learning applications in Java. ... One of these implementations is based on Deep Java Library (DJL), an open source library developed by Amazon to build machine learning in Java. DJL offers hooks to popular machine learning frameworks such as TensorFlow, MXNet, and PyTorch by bundling requisite image processing routines, making it a flexible and simple choice for JSR-381 users.



Quote for the day:


"It is one thing to rouse the passion of a people, and quite another to lead them." -- Ron Suskind


Daily Tech Digest - May 27, 2020

Enterprises look to SASE to bolster security for remote workers

access control / authentication / privileges / security / key"Companies that were on the fence about whether to upgrade to SASE, they're falling over to the 'adopt now' side," says Zeus Kerravala, founder and principal analyst at ZK Research. "If I'm trying to move to a modernized application infrastructure, why am I still using a network architecture designed for client-server from 30 years ago? A lot of my apps are now in the cloud, I've got people working from everywhere. This transition would have happened with or without the pandemic, but the pandemic has accelerated it." While it's too early to tell if adoption spikes will continue after the pandemic abates, individual SASE vendors are reporting dramatic changes so far. Versa Networks, for example, saw remote user traffic increase by 800% to 900% since the pandemic hit. "Around March 22 is when we began to see these stats appear at this level," says Mike Wood, Versa Networks' CMO. Sanjay Uppal, senior vice president and general manager of the VeloCloud business unit at VMware, says that use of the company's SASE network has gone up five-fold since the pandemic hit.


In the communication space, UCaaS is probably the best-known term in cloud communications. When the as-a-service offering arrived, providing access to flexible communications in the cloud, UCaaS was one of the first ways that businesses saw the benefits of this new scalability. In the UCaaS Magic Quadrant, Gartner devices UCaaS as something that can combine the critical factors for communication into a single space. Unlike UC that concentrates heavily on on-premise hardware, UCaaS is more focused on cloud-based services delivered over the internet. ... CPaaS, on the other hand, is very similar to UCaaS, but it delivers a different kind of experience. Just like UCaaS, your technology is delivered over the cloud, and often on a pay-monthly subscription service. However, while UCaaS delivers the entire communication platform to your team in one go, CPaaS allows business owners to develop the solution that suits them. For instance, you might add video collaboration, instant messaging, and voice calls to the technologies that you already use in your landscape. This is possible through the use of sample codes, Rest APIs, developer forums and in-depth documentation. Some companies even offer their own software development kits that are specifically for CPaaS use

 “The move to widespread remote working has required many industries to adopt new cloud services in order to maintain staff communication and collaboration during such a challenging time,” said Nigel Hawthorn, data privacy expert for cloud security at McAfee. “However, it is important to recognise the increased threat from cyber criminals who see opportunity in cloud services that are not managed securely. “Cloud and data security should be absolutely front and centre in informing any enterprise’s cyber security approach – even more so when they are increasingly reliant on the cloud. Without ascertaining where sensitive data resides or how it is used and shared, it is simply impossible for organisations to have an accurate picture of their security posture and where any vulnerabilities may be.” Hawthorn said it was crucial for organisations to recognise their role within the shared responsibility model, making everyone accountable for cyber security, from enterprise IT teams, to managed service providers accessing their networks, down to individual employees.


Rebuilding our broken economies starts with market-level collaboration image
Over the course of its history, the IT industry has pursued a relentless march to optimise the affairs of individual firms, often creating massive inefficiencies and standing in the way of progress for industries as a whole. But in their defence, software vendors have only responded to how firms within markets operate, providing solutions that fit their customers’ fear of sharing valuable data. There is an unspoken invisible line at the boundary of the firm and the market in which it operates that, until now, enterprise software has rarely been able to cross. Gaining market-level optimisation has been unthinkable without also ceding unpalatable levels of control and power to a vendor. So, even when an opportunity to pursue amazing new efficiencies through pooling the operations of an entire market into a centralised shared service arises, it’s extremely hard to justify taking the plunge.


Life in lockdown: Chiara Zuddas, 31, works on her laptop at home in San Fiorano, one of the original 'red zone' towns in northern Italy that have been on lockdown since February, in this picture taken by her husband, schoolteacher Marzio Toniolo, March 27, 2020. Toniolo has been documenting what life has been like for his family since quarantine began for them weeks before the rest of the country. Picture taken March 27, 2020. Marzio Toniolo/via REUTERS THIS IMAGE HAS BEEN SUPPLIED BY A THIRD PARTY. MANDATORY CREDIT - RC2EUF900M5P
Firstly, be aware that working from home represents much more than a change of location. It involves a profound shift in mindset and behaviour. With teams dispersed, we can no longer just turn to the side to check our thinking with a colleague. Instead, we make more decisions in isolation, and this can make us more vulnerable. We are also becoming more used to interacting with certain contacts only via email, which may raise the risk of impersonation and identity theft. In addition, the crisis itself is affecting the way we think. During times of stress and upheaval, humans tend to respond more instinctively and less rationally. Over the past few weeks, many of us have been forced to make instant decisions amid constant change. Such fast thinking has its place, but it can stop us from considering certain situations carefully and rationally and choosing the best way ahead. Finally, the threat of potential hackers is adding yet another source of stress.


"Microsoft was founded on the principle that software was intellectual property," Sinofsky says, making distinctions between the various approaches to software and hardware adopted by Microsoft, IBM, Google, and Apple. He points to the the Altair BASIC interpreter, the first product from Bill Gates and fellow Microsoft co-founder Paul Allen, which they created in the 1970s for hobbyists to program in BASIC on bare metal. Incidentally, Microsoft open-sourced the 1983 GW-BASIC interpreter last week as a historical software artifact. "Times were different when Microsoft started," Sinofsky writes. "There was no network distribution. In fact it cost money (COGS) to distribute software," he said, referring to the additional cost of distributing software compared with the way Google distributes its ad-backed software in the cloud, how Apple ties its software to hardware, and how IBM coupled its software with consultancy fees.



F-Secure’s research teams examined multiple devices, including, but not limited to, the Huawei Mate 9 Pro, the Samsung Galaxy S9 and the Xiaomi Mi 9. They found that the exploitation processes for Android vulnerabilities and configuration varied from device to device, which is important because it implies that devices sold globally offer different levels of security to users located in different countries. More concerningly, the level of security a user receives ultimately depends on the way the supplier configures the device – so two people in different countries can buy the same basic device, but one will be substantially more insecure than the other. “Devices that share the same brand are assumed to run the same, irrespective of where you are in the world,” said James Loureiro, UK research director at F-Secure Consulting. “However, the customisation done by third-party vendors such as Samsung, Huawei and Xiaomi can leave these devices with significantly poor security, dependent on what region a device is set up in or the SIM card inside of it.



Technically applying security with Spring Security in Spring applications is simple. You already implement Spring applications so you know that the framework's philosophy starts with the management of the Spring context. You define beans in the Spring context to allow the framework to manage them based on configurations you specify. And let me refer only to using annotations to make these configurations and leave behind the old-fashioned XML configuration style! You can use annotations to instruct Spring what to do: expose endpoints, wrap methods in transactions, intercept methods in aspects, and so on. Also, you'd like to apply security configurations. This is where Spring Security comes into action. What you want is to use annotations, beans, and in general Spring-fashioned configuration style to define your application-level security. If you think of a Spring application, the behavior that you need to protect is defined by methods.



While smart cities can offer unprecedented levels of convenience to improve our everyday lives they also rely on vast networks of data, including personal customer information to predict our preferences. This has led to concerns around the high levels of data used and stored by smart systems, and the security provided to our digital identity. We know that existing personal and unique identifiers, such as passwords and PINs are no longer secure enough to protect our systems, and this is even more important in hyper-connected cities as, once a city becomes ‘smart’ the inter-connected networks widen, and the potential for cyberattacks or data breaches grows. So as this trend continues, how can we develop smart cities that are both convenient and secure? To resolve this, providers of smart city networks need to establish a chain of trust in their technology. This is a process common in cybersecurity, where each component in a network is validated by a secure root. In wide connected networks, this is vital to protect sensitive personal or business data and ensure consumer trust in the whole system. Therefore, a biometric digital identity should sit at the root of that chain of trust in smart city networks.



There is nothing wrong with monolithic apps in general if the different business functions they support are closely related to each other and they all need to be called in the same transactional context. These different functions also should have the same lifecycle in terms of enhancements and production deployments. But if an application or system needs to support business functions that are not closely related to each other, have different lifecycles of changes, or have different performance and scalability needs, then monolithic applications become a challenge. Application development and support start becoming overhead and a burden when the business needs change at different paces or in different parts of the system. Having a single app responsible for multiple business functions means that anytime we need to deploy enhancements or a new version of a specific function, we must shut down the whole application, apply the new feature, and restart the application.



Quote for the day:

"Each day you are leading by example. Whether you realize it or not or whether it's positive or negative, you are influencing those around you." -- Rob Liano