Daily Tech Digest - July 19, 2019

How edge computing is driving a new era of CDN

network traffic earth
It’s not that long ago that there was a transition from the heavy physical monolithic architecture to the agile cloud. But all that really happened was the transition from the physical appliance to a virtual cloud-based appliance. Maybe now is the time that we should ask, is this the future that we really want? One of the main issues in introducing edge applications is the mindset. It is challenging to convince yourself or your peers that the infrastructure you have spent all your time working on and investing in is not the best way forward for your business.  Although the cloud has created a big buzz, just because you migrate to the cloud does not mean that your applications will run faster. In fact, all you are really doing is abstracting the physical pieces of the architecture and paying someone else to manage it. The cloud has, however, opened the door for the edge application conversation. We have already taken the first step to the cloud and now it's time to make the second move. Basically, when you think about edge applications: its simplicity is a programmable CDN. A CDN is an edge application and an edge application is a superset of what your CDN is doing.

Despite BlueKeep Warnings, Many Organizations Fail to Patch

Despite BlueKeep Warnings, Many Organizations Fail to Patch
BlueKeep is a serious vulnerability that could enable attackers to compromise Remote Desktop Services in Windows, which enables access to networked computers via remote desktop protocol. Attackers who successfully exploit the flaw could gain full, remote access to a system, including the ability to create user accounts and give them full administrator privileges, as well as to execute any code. "The vulnerability requires no authentication and is regarded as 'wormable,' meaning that if it were successfully exploited it could be used by self-replicating malware to spread across the internet rapidly," security firm Sophos warns in a new report. "WannaCry and NotPetya used a similarly wormable flaw in Microsoft's SMB v1 to spread around the globe in a matter of hours." One saving grace - so far at least - is that security experts have yet to see any in-the-wild attacks that use BlueKeep. But until companies patch, they remain at risk. "Patching, or rather good cyber hygiene, is an integral component of every company's defense against cyberattacks," Raj Samani, chief scientist at McAfee, tells Information Security Media Group.

Microsoft gets boost in SaaS revenue and pushes Teams platform

The company said its Commercial Cloud business achieved annual revenue of $38bn, and grew by 39% in the quarter with revenue of $11bn, while its Intelligent Cloud business grew by 19% with revenue of $11.4bn. The company also reported growth of 23% in the number of commercial Office 365 seats and strong demand for Windows 10 among commercial PC manufacturers driven by end of support for Windows 7 in January 2020. Satya Nadella, chief executive officer of Microsoft, said: “Every day we work alongside our customers to help them build their own digital capability – innovating with them, creating new businesses with them, and earning their trust. This commitment to our customers’ success is resulting in larger, multi-year commercial cloud agreements and growing momentum across every layer of our technology stack.” During the earnings call, Nadella described Teams as Microsoft’s fastest-growing platform. “There is no question this last fiscal year has been an absolute breakout year for Teams in terms of both product innovation and, most importantly, at-scale deployment and usage,” he said.

Digital technologies and the future of geospatial data

Mapping an area correctly can be a painstaking responsibility, but it's easier with help from drones. They work especially well for geospatial analysis needs due to their maximum altitude capabilities of 400 feet and imaging technology that enables capturing ground image data in higher resolutions than satellites or planes. The versatility of drones makes them fantastic for a wide range of mapping projects. For example, a retail brand might use a drone to get details about terrain in the potential location of a new retail store. Then, construction companies can do something similar by factoring drone mapping data into their plans as new buildings or renovations get underway. One of the main reasons why drones are such a hot topic now is because people associate them with the rapid delivery of things they order from e-commerce stores. Although drones do make things more convenient that way, they are also used when companies plan the most efficient distribution routes. Geospatial mapping data offers information to e-commerce enterprises, whether people receive their shipments with drones or through other means.

Does net neutrality still matter in our post-web world?

When the phrase was coined, it was in the context of a debate in the US Congress over the idea of a possible nationwide license for broadband service providers. States and municipalities were responsible for granting such licenses to limited geographies, and Republicans in the House were looking for new sources of revenue. Under the provisions of a never-passed law called the COPE Act, ISPs would be given incentives to purchase nationwide licenses instead of more localized ones. One such incentive was a waiver of enforcement of any laws or regulations restricting ISPs' right to divide their pipelines into "good/better/best" service tiers. There was substantive opposition, but Sen. Ron Wyden (D – Oregon) raised the stakes to a moral issue. At issue, he argued, was the small publisher's and garage-based enterprise's right to conduct their business on the same Internet like Google and eBay, as equal players in a digital market. Politically speaking, the concept of net neutrality has been as malleable as sediment from an Oregon mudslide.

Is SQL Beating NoSQL?

What we need is an interface that allows pieces of this stack to communicate with one another. Ideally, something already standardized in the industry. Something that would allow us to swap in/out various layers with minimal friction. That is the power of SQL. Like IP, SQL is a universal interface. But SQL is in fact much more than IP. Because data also gets analyzed by humans. And true to the purpose that SQL’s creators initially assigned to it, SQL is readable. Is SQL perfect? No, but it is the language that most of us in the community know. And while there are already engineers out there working on a more natural language-oriented interface, what will those systems then connect to? SQL. ... SQL is back. Not just because writing glue code to kludge together NoSQL tools is annoying. Not just because retraining workforces to learn a myriad of new languages is hard. Not just because standards can be a good thing. But also because the world is filled with data. It surrounds us, binds us. At first, we relied on our human senses and sensory nervous systems to process it.

Container security improves overall enterprise IT posture  

Once apps reach the production Kubernetes environment, security policies enforced through Aqua allow all developers and IT ops pros read-only access to their activities. This improves and speeds up application development, and lets IT pros troubleshoot faster than they could with VMs -- in the past, Recurly's security staff more carefully restricted such access without automated whitelisting tools available for containers. Also, since containers separate application processes from the underlying host, admins can more strictly lock down the host itself with tools such as Google's Container-Optimized OS. "We are heavily running immutable hosts today, so even if you break out of a container and get on a host, good luck," Hosman said. "You can't run anything, install anything, or pivot to anything, and if we restart the host, everything just resets." Recurly's goal is to move away from human responses to alerts, whether they refer to IT monitoring or container security issues, and toward a remediation response to issues through code.

Microservices: Myth, Madness, or Magic?

The reality is, you almost always don't need microservices to achieve the above "holy grail", you just need a decent architecture. So let's redefine microservices: Microservices: Yet another concept to fix the bad architecture created by bad software developers and to make money for big businesses that feed on the bad software practices of others. An article on Medium writes "Conceptually, Microservices extend the same principles that engineers have employed for decades."2 Wrong. These principles have existed for decades, but "employed?" Hardly ever. Similarly, a post on New Relic states: "When using microservices, you isolate software functionality into multiple independent modules that are individually responsible for performing precisely defined, standalone tasks. These modules communicate with each other through simple, universally accessible application programming interfaces (APIs)."3 Wait, we need microservices to achieve this? Wasn't this the promise of OOP? Isn't this the promise of every newfangled framework like MVVM, Angular, and so forth?

Microsoft to explore using Rust

"A developer's core job is not to worry about security but to do feature work," Thomas said. "Rather than investing in more and more tools and training and vulnerability fixes, what about a development language where they can't introduce memory safety issues into their feature work in the first place? That would help both the feature developers and the security engineers-and the customers." Microsoft looking into Rust, as a safer alternative to C++ isn't actually such a big deal. The OS maker has been looking for safer C and C++ alternatives for years. In June 2016, Microsoft open-sourced "Checked C," an extension to the C programming language that brought new features to address a series of security-related issues. Microsoft looking into Rust before any other memory-safe language is also not a bad decision. Besides being superior to C# in regards to better memory protections, Rust is also more popular with developers these days and might be easier to recruit for. ... Developers love it because of its simpler syntax and the fact that apps coded in Rust don't yield the same amount of bugs, allowing developers to focus on expanding their apps, instead of doing constant maintenance work.

Data governance in the age of AI: Beyond the basics

Ensure governance team members have defined roles, including tactical and high-level strategy responsibilities, Smithson says. Split data champions into two groups: data stewards, who make recommendations about formulas or algorithms, for example, and director- or VP-level data owners who make the decisions, Walton adds. And put roles and responsibilities into job descriptions. “The job responsibilities come from the workflows and the tasks that need to be accomplished.” Those job descriptions should fall into two buckets, he says: data quality assurance and information consistency. For the former, tasks include identifying a data quality issue, remediating that issue with a workflow change, for example, and monitoring to ensure the effectiveness of the data governance initiative. For the latter, tasks include creating a business measure to support key performance indicators, to modify it when business rules change, and to sunset any items that are no longer relative. A bonus tip: Tie data owners’ bonuses to data quality. “That will get people’s attention,” Walton says.

Quote for the day:

"Leadership is the art of giving people a platform for spreading ideas that work." -- Seth Godin

No comments:

Post a Comment