Daily Tech Digest - October 03, 2019

Is hybrid cloud certification right for you?

cio certification college degree education graduation by cole keister via unsplash
One of the biggest mistakes a company could make, in Russell’s opinion, is having only one hybrid cloud expert. “You can have someone who acts as a catalyst – someone who is curious about the technology and gets you started. But the organization won’t survive well if only one person has the skill set. You need to have best practices for mindshare and knowledge transfer,” he says. Fuchs feels similarly: “We want to encourage purposeful cloud adoption.” NetApp holds workshops at customer sites to get stakeholders up to speed on the foundational aspects of hybrid cloud, as well as to provide specialized training for specific roles relative to the cloud such as how to best use analytics. “These decisions are getting more sophisticated and more data-driven because the tools are getting stronger, the processes are getting stronger, and education is getting stronger. Organizations are able to review their bills and try to reduce costs. The more trained your team is, the likelier they are to make good decisions,” he says. Williams recommends that anyone interested in gaining certification “should examine their own role in managing hybrid cloud operations and go after the certification that best supports the organization’s needs as well as their own,” she advises

Everything you need to know about Microsoft's dual-screen OS

For all intents and purposes, yes, Windows 10X is the official name for Windows Lite/Santorini. It is not a new operating system. It's Windows 10, in a more modular form, optimized for dual-screen/foldable devices. ... WCOS is one piece of the underpinnings of Windows 10X. In the past, I (and others) have described WCOS as the successor to Windows OneCore -- Microsoft's attempt to standardize a set of core components in Windows so that they would work across different types of devices. But WCOS is a combination of the OneCore OS pieces, UWP/Web and Win32 app packages, and the composable C-Shell. (See architectural diagram above.) Together, these are the foundational pieces of Windows 10X. ... As officials said today, Surface Neo, the dual-screen Surface device due around holiday 2020, will run Windows 10X. Any new dual-screen and foldable Windows devices from Microsoft partners like Dell, Lenovo, HP, Asus, and others also will likely ship with Windows 10X (and likely not before holiday 2020). Just to keep things confusing, the just-announced Arm-based Surface Pro X cannot run Windows 10X, despite the "X" in both product names.

Organizational vs. operational resilience: What's the difference?

Operational resilience examines what the business actually does and what it needs to continue performing those activities. This differs from organizational resilience in that OR looks at the entire organization, while OpR is more process-oriented, examining how the business functions and what the organization needs to protect those processes. What do businesses need to operate today? As with any business initiative, the push for OpR must start at the top. Senior management must be aware of the importance of maintaining OpR and must support initiatives such as the creation of policies, frameworks and structures that support OpR. These then filter down to operational teams to implement programs, controls and procedures to produce products and services. ... BC/DR, cybersecurity and supply chain initiatives are all essential building blocks for achieving organizational resilience as noted in the above figure.

It's time to change your cloud operating model

It's time to change your cloud operating model
As the organization moves to cloud computing, application workloads should be able to move directly to a new operating model. This is a big job and requires support for IT leadership. If your organization is so inclined, consider becoming a cloud center of excellence that many enterprises are building these days. Enterprises typically have a large backlog of applications—numbering in the thousands—that can move through an assessment and be mapped onto a new operational model. This means that a roadmap is created for how applications will be processed and operated in the public cloud. I’ve found that short enablement sprints are better than one long one; moreover, the teams learn a lot as they move applications through the new operational model. However, this is a disruptive change in workflow for most enterprises, with associated pain and costs. Many changes are necessary, including training, mentoring, coaching, knowledge sharing, and open-door policies to make this work. Finally, you need support from the boardroom. This is the only way you’ll be an organization that’s able to leverage the public cloud to a productive end.

How to Dynamically Build the UI in Blazor Components

You can, using familiar Razor tools when creating a View (or page), dynamically build your component's UI. Alternatively, you can also use the rendering tools built into Blazor to dynamically construct the UI that makes up your component at startup. I'm going to show how both of those options work in this column. That's not the same as manipulating your component's HTML as your component executes. For that you can use binding, buy a third-party component, or call out to jQuery through Blazor's JavaScript interop. But if you want to create an initial UI dynamically, here's how you'll do it. As my case study I'll use an (admittedly, contrived) View that contains multiple forms. In this case study, the Model object that's passed to this View contains an ArrayList of objects for a single customer. The ArrayList can contain any combination of different "customer related" objects: the customer's profile object, the customer's address object , the customer's billing plan and so on. In this View, we'll set up each object with a different form and each form will have a button that invokes a different C# method to handle processing that form.

The Flavors of APIs

Image title
“RESTful” (or “REST-like”) APIs are those which conform to all or most of the principles and constraints of REST, as defined by Roy Fielding in his 2000 dissertation titled “Architectural Styles and the Design of Network-based Software Architectures”. ... The HTTP methods are based off of verbs, which are accessing resources. The same way I would go to the store to get some groceries — a client goes to a location (URL) to get (method) a resource (URI). Everything on the web is a resource, and each resource has a uniform resource identifier. We use unified resource locators to find those resources. Finally, we use the methods to indicate what we want to do with those resources. In the example below, we’re using the HTTP GET method — to get the resource. ... gRPC builds on the traditional remote function or procedure calls utilized in systems of the past. Essentially, an RPC or RFC is a type of API that allows a function or procedure to be called as if it were local — despite that function or procedure living on a remote server. It leverages a form of a client-server model and incorporates the concept of a stub. gRPC takes this concept and optimizes it for modern cloud infrastructure.

Westcon-Comstor Builds a more Visible WAN

istock 1028077888
“We had too many site routers and we had a mix of aging and new infrastructure,” said Soler. “There were two pieces we were looking for: To improve resiliency in terms of failover and deliver resiliency to the business. SD-WAN was there. Players were already doing it and some of our partners were getting into the game.” Soler says that overall, the move to SD-WAN has made his life easier. He can see detailed reporting data about what’s happening everywhere on the network, all from a single screen. And with the new capabilities for failover, users don’t notice network outages, giving him more time to work behind the scenes. “There is failover redundancy so when something happens, we can focus on resolving the issues and our users don’t even notice,” he said. The most attractive features of the Silver Peak Unity EdgeConnect™ SD-WAN edge platform, according to Soler, are the ease of use in the deployment using centralized software-based orchestration, as well as the failover and performance features such as forward error correction FEC and path conditioning.

Minerva attack can recover private keys from smart cards, cryptographic libraries

Minerva attack
The Minerva attack at the heart of all these issues is a classic side-channel attack. A side-channel attack is when a third-party observes leaks in cryptographic operations that, when put together, can help the attacker break the encryption scheme and reconstruct the original data. This is what happens in Minerva, as well. The Czech team found a problem in the ECDSA and EdDSA algorithms used by the Atmel Toolbox crypto library to sign cryptographic operations on Athena IDProtect cards. These operations leaked "the bit-length of the scalar during scalar multiplication on an elliptic curve," researchers said. If an attacker is able to observe or record enough cryptographic operations signed by a vulnerable smart card or by one of the vulnerable open-source cryptographic libraries, then they'll be able to compute the private encryption keys that sign these operations. During tests, researchers said they only needed to record 11,000 operations (card swipes) from an Athena IDProtect card to obtain in private key. All this process took 30 minutes, researchers said.

Banking, Tech Communities Are ‘Breathless’ About Fintech, But Is It All Hype?

Banking, Tech Communities Are ‘Breathless’ About Fintech, But Is It All Hype?
“The deep-seated belief that cloud is insecure remains for a large swathe of bankers. It hasn’t helped that Capital One recently had a breach of their data in the [Amazon Web Services] cloud,” wrote fintech expert Alex Jimenez in a blog post. Lawrence White, professor of economics at New York University’s Leonard N. Stern School of Business, told InsideSources he thinks Deutsche Bank’s report exaggerates the impact of fintech on the banking community. New technology will improve existing banking processes, he said, but not fundamentally transform it the way tech experts say. “Yes there are some new entities in this lending world, what are called marketplace lenders, peer-to-peer type lending platforms, which have a little bit of a niche, but haven’t really eaten the lunch of the existing institutions,” White said. “As data gathering and analysis gets better, and the inexpensive transport of the data from one place to another [gets better], all of that makes this analysis more comprehensive and ought to make the banks better at what they’re doing. The world of Big Data brings more information and the need for greater analytical tools and techniques. At the end of the day, [banking is] basically the same process, trying to figure out who’s a good risk, who should I lend my money to?”

Q&A on the Book Managing Technical Debt

For many development projects, technical debt is discovered when symptoms of slowing development or defects point to workarounds or "fix me" comments in the code. It is important not to stop at the symptom, but to trace to the underlying software artifact so the technical debt item can be described and managed just like other software development issues. ... not all technical debt can be detected automatically. The number one step in recognizing technical debt successfully is to empower the development teams to concretely and openly share technical debt when they see it. ... We also advocate teams to make technical debt conversations as part of their routine review, retrospective and planning procedures. And of course, as we give many examples in the book, the most costly technical debt is the one that accumulates over time with an impact on the systems architecture, therefore having an architecture mindset; conducting design reviews and making architecture design trade-offs as explicit as possible will also help in uncovering existing technical debt as well as recognizing technical debt as teams are taking it on.

Quote for the day:

"Leaders need to strike a balance between action and patience." -- Doug Smith

No comments:

Post a Comment