Daily Tech Digest - October 15, 2019

Microsoft's TypeScript language: Startup reveals long journey to JavaScript spin-off

With the focus now on developer productivity, engineers looked for areas of the codebase that would produce obvious gains, such as concentrating on converting files that delivered quick wins, as well as prioritizing tooling and configuration. There were also technical barriers to be overcome. The migration team, for example, noticed engineers often needed to import special utilities to use TypeScript. So it focused on helping developers, so that they could write TypeScript in any service or component. "Whether it's the back-end, front-end, scripts, or devops tasks, we wanted our engineers to be able to write code in TypeScript and have it just work," explained Autry. He details a number of other steps the company took to ensure that the conversion process was simple, safe and automated, as well as improving the code review process.  Of course, ensuring everyone was able to feel and be productive meant offering a way for teammates to share problems that others may have the experience to solve. So the migration created a #typescript channel in Slack where developers leading the migration could answer questions and monitor for common issues.

The software-defined data center drives agility

sdn software defined network architecture
With Open Networking, you are not reinventing the way packets are forwarded, or the way routers communicate with each other. Why? Because, with Open Networking, you are never alone and never the only vendor. You need to adapt and fit, and for this, you need to use open protocols. The value of SDN is doing as much as possible in the software so you don’t depend on the delivery of new features to come from a new generation of the hardware. You want to put as much intelligence as possible into the software, thus removing the intelligence from the physical layer. You don’t want to build the hardware features; instead, you want to use the software to provide the new features. This is an important philosophy and is the essence of Open Networking. From the customer's point of view, they get more agility as they can move from generation to generation of services without having hardware dependency. They don’t have to incur the operational costs of swapping out the hardware constantly.

"At a basic level, a web API and a web app are very similar in that they are both typically code hosted on some form of web or application server, such as Apache, Tomcat or Node," said Peter Blum, a vice president of technology at Instart, a cloud service for web application performance and security. There are plenty of differences between APIs and web applications. On the one hand, the goal of a web application is to provide a complete user experience to a client, typically delivered through a web browser. On the other hand, a web API is typically just an assortment of methods that can be invoked to perform a specific task. But, web applications and web APIs are similar in the fact that they are both accessed over HTTP, both process input from a client and both have access to backend services, such as databases, NoSQL stores and mail servers. Since both share the same attack surface, when breached, they can provide hackers access to a similar set of resources.

What are microservices? Your next software architecture

What are microservices? Your next software architecture
A catchphrase you’ll often hear used about microservices architectures is that they should feature “smart endpoints and dumb pipes.” In other words, microservices should aim to use basic and well-established communication methods rather than complex and tight integration. As noted, this is another thing that distinguishes microservices from SOA. In general, communication between microservices should be asynchronous, in the sense that code threads aren’t blocked waiting for responses. (It’s still fine to use synchronous communications protocols such as HTTP, though asynchronous protocols such as AMQP (Advanced Message Queuing Protocol) are also common in microservices architectures.) This kind of loose coupling makes a microservices architecture more flexible in the face of the failure of individual components or parts of the network, which is a key benefit. One of the most popular is Spring Boot, which is specifically designed for microservices; Boot is extended by Spring Cloud, which as the name suggests, allows you to deploy those services to the cloud as well.

Apple says Tencent isn’t snooping on your browsing habits

As Matthew Green, cryptographer and professor at Johns Hopkins University explains, safe browsing providers send a list of hashed prefixes for malicious sites to users’ phones. If Safari matches the prefix of a site that the user tries to visit against that list, it goes back and asks the provider for a full list of the sites with that prefix, enabling it to check for the malicious site without divulging its address to the provider. Apple’s statement suggests that only devices registered to China get the Tencent list (the rest of us get Google’s), and that the web addresses you visit are never sent to either company. However, as Apple’s message in iOS settings clearly states, the company may still be able to log your own IP address. Green explains that this could represent a privacy issue if the provider chose to aggregate all the requests that your phone sent it to “extract a signal from the noisy Safe Browsing results”. The worry here is that if a single company sees your IP address enough times, along with a list of site prefixes that you’re worried about, it might be able to start making deductions about your surfing habits.

PKI’s Role In Forging Digital Trust

PKI’s role in forging digital trust - CIO&Leader
PKI based security solutions have been popular among organizations due to the unbeatable track record for mission-critical enterprise applications. It is built upon complex mathematical cryptographic functions designed to create, store, manage and send out authenticated digital certificates and their associated encryption keys. ... Disruption of services - leading to financial loss, damage to business reputation are some major business risk factors that enterprises must deal with during a confirmed cyber breach. Today, enterprises who deal with sensitive user and business data have realized that they can fortify digital trust at user, device, or server level. This is where PKI-based solutions can offer assurance and the much-needed immunity against breaches while mitigating business risks.  PKI can be easily integrated into a digital ecosystem made up of IoT devices; IoT-enabled networks, surveillance systems, and other mission-critical applications. PKI works this out by facilitating the secure exchange of data between end-users, connected devices, embedded systems, web servers or programs/applications addressing business risks and vulnerabilities which form the basis of digital trust.

5 Google Cloud tools you should know

Google added Access Transparency to enable users to view Google's services logs. Transparency has been a huge concern for cloud customers in recent years. They want to know how their cloud provider manages the underlying infrastructure that supports their applications. IT teams can use Access Transparency to monitor Google's internal logs pertaining to their accounts. The logs outline what exactly a Google admin did to resolve any issues that may have occurred with a specific customer's service. This Google Cloud tool works with six other Google services: Compute Engine, App Engine, Cloud Storage, Persistent Disk, Cloud Key Management Service and Cloud Identity and Access Management -- with more additions on the way. On top of helping monitor any maintenance being done to their workloads, Access Transparency also helps admins with system audits. 

Three Major Cybersecurity Pain Points to Address for Improved Threat Defense

An organization with a relatively small security budget and pool of experts can opt for all-in-one packages such as security incident and event management (SIEM) software. This product is especially useful for organizations whose network is comprised of several disparate systems that run different applications. Of course, this may not be a bulletproof solution, as like any program, SIEM software has its limitations. SIEM solutions and similar tools such as unified threat management (UTM) systems can benefit from additional threat intelligence sources to cross-check and vet initial findings with. Readily available data feeds and application programming interfaces (APIs) can prove handy in threat correlation — finding connections among potential threat sources, attacks, and malicious actors, for instance. A company that doesn’t have its threat experts or IT security team, meanwhile, can opt to hire third-parties to take care of its needs. 

Multimodal learning: The future of artificial intelligence

Use cases for multimodal applications span across industries, according to the post. In the automotive industry, Advanced Driver Assistance Systems (ADA), In-Vehicle Human Machine Interface (HMI) assistants, and Driver Monitoring Systems (DMS) are all being introduced to multimodal systems.  Robotics vendors are integrating multimodal systems into robotics HMIs and movement automation, the post said. Consumer device companies are seeing multimodal system applications in security and payment authentication, recommendation and personalization engines, and personal assistants.  Medical companies and hospitals are in the early stages of adopting multimodal learning techniques, but promising applications exist with medical imaging. The media and entertainment industries are also beginning to adopt multimodal learning with content structuring, content recommendation systems, personal advertising, and automated compliance marketing, the post said. Until more companies publicly adopt this way of operating, multimodal learning systems will remain unfamiliar to most people. However, the future of AI is heading in the multimodal direction.

The Top Three Benefits of Enterprise Architectur

For many organizations, these standards have been impossible to meet as their enterprise architectures are burdened by the use of systems that were not built for purpose. Basic visualization tools, spreadsheets and even word processors have typically played stand-in for dedicated EA solutions. The non-purpose-built systems lacked the industry standards needed to accurately capture and align business and IT elements and how they link together. Additionally, collaboration was often marred by issues with outdated, and even disparate file versions and types. This being due to business’ lacking the systems necessary to continuously and methodically maintain models, frameworks and concepts as they evolve. Therefore, a key milestone in maturing a modern enterprise architecture initiative, is developing a single source of truth, consistent across the enterprise. This requires the implementation of a dedicated, centralized and collaborative enterprise architecture tool, be that on-premise, or via the cloud.

Quote for the day:

"Pull the string and it will follow wherever you wish. Push it and it will go nowhere at all." -- Dwight D. Eisenhower

No comments:

Post a Comment