Daily Tech Digest - June 01, 2020

The Cybersecurity Implications of 5G Technology

Since one of the chief benefits envisioned for 5G is the ability to connect more and more devices to the IoT, this “also increases the threat vectors for hackers,” according to HackerNoon.com. Another potential “worst-case scenario” outlined by HackerNoon: “Faster networks can also mean faster ways for viruses and malware to spread. If more users are on the network, then you also have the potential for more infected devices and systems than ever before.” Commenting on the concern that a greatly expanded IoT multiplies the potential points of entry for cyberattacks in an article titled “5G Dangers: What are the Cybersecurity Implications?” Heimdal Security notes that, “5G technology could also lead to botnet attacks, which will spread at a much higher speed than the current networks allow it.” Of particular relevance to the cybersecurity community, the dawn of the 5G era demands that new and improved defenses and cybersecurity protocols be developed and put in place to counter the potential risks. This means the current and future work of many cybersecurity professionals will be inextricably connected to understanding and defending against the new security risks, both known and unknown, posed by this rapidly emerging technological breakthrough.

Quantum AI is still years from enterprise prime time

For quantum AI to mature into a robust enterprise technology, there will need to be a dominant framework for developing, training, and deploying these applications. Google’s TensorFlow Quantum is an odds-on favorite in that regard. Announced this past March, TensorFlow Quantum is a new software-only stack that extends the widely adopted TensorFlow open source AI library and modeling framework. TensorFlow Quantum brings support for a wide range of quantum computing platforms into one of the dominant modeling frameworks used by today’s AI professionals. Developed by Google’s X R&D unit, it enables data scientists to use Python code to develop quantum ML and DL models through standard Keras functions. It also provides a library of quantum circuit simulators and quantum computing primitives that are compatible with existing TensorFlow APIs. Developers can use TensorFlow Quantum for supervised learning on such AI use cases as quantum classification, quantum control, and quantum approximate optimization. They can execute advanced quantum learning tasks such as meta-learning, Hamiltonian learning, and sampling thermal states.

How managed threat hunting helps bust malicious insiders

Alicia first observed an employee apparently hacking their own laptop in order to obtain local admin credentials. This was done using a technique known as sticky keys, actually an accessibility feature built into Windows that can be launched with a specific key combination from the login screen. “Although the technique is referred to as sticky keys, it is actually referring to exploiting the way certain versions of Windows will execute applications designed for accessibility features,” said Lee. “In vulnerable versions of Windows, when these accessibility features are launched via a set of key combinations (shift five times for sticky keys, press ‘Windows+U’ for Windows Utility Manager, etc.), Windows will simply launch the associated application from a hardcoded path in a privileged state. “The adversary exploiting this feature can simply replace the application binary with one of their choosing. As long as the filepath and filename are the specified ones for the shortcut key combination, Windows will execute it. This technique is fairly well-known as a way to recover Windows passwords and has been used by adversaries in the past.”

What is edge computing? Here's why the edge matters and where it's headed

In a modern communications network designed for use at the edge — for example, a 5G wireless network — there are two possible strategies at work: Data streams, audio, and video may be received faster and with fewer pauses (preferably none at all) when servers are separated from their users by a minimum of intermediate routing points, or "hops." Content delivery networks (CDN) from providers such as Akamai, Cloudflare, and NTT Communications and are built around this strategy; and Applications may be expedited when their processors are stationed closer to where the data is collected. This is especially true for applications for logistics and large-scale manufacturing, as well as for the Internet of Things (IoT) where sensors or data collecting devices are numerous and highly distributed. Depending on the application, when either or both edge strategies are employed, these servers may actually end up on one end of the network or the other. Because the Internet isn't built like the old telephone network, "closer" in terms of routing expediency is not necessarily closer in geographical distance. 

Public speaking for technical pros: How to deliver a great in-person or virtual presentation

There's standing up at stand up, there's doing an all hands demo, then there's doing a small meetup, there is doing a small conference, multi-speaker small talk at a multi-track conference. There's doing a talk and a single track conference. There's this whole escalation and a lot of the levels above meetup are not a different skillset, but a skillset that you would need to focus on and work on. You have to learn to do a CFP, you have to learn to put together a slide deck. You have to learn to, there's a whole bunch of stuff around that. And so that's sort of a separate question, but I think to start out, the things that you need to understand are that everybody in the audience is on your side. A lot of people give this really old speaking advice about imagine your audience naked and then you don't respect them anymore. And I think that's terrible on several levels. Please don't imagine anybody naked. What I want you to do is imagine that they are sitting in this meeting because they want to hear from you. They want you to succeed and if you have a problem, they are empathizing with the problem.

10 Coding Principles Every Programmer Should Learn

There are two general ways to reuse the code you have already written, Inheritance and Composition; both have their own advantage and disadvantages, but, in general, you should always favor composition over inheritance, if possible. Composition allows changing the behavior of a class at run-time by setting property during run-time, and by using Interfaces to compose a class, we use polymorphism, which provides flexibility to replace with better implementation at any time. Even Joshua Bloch’s Effective Java advise favoring composition over inheritance. If you are still not convinced, then you can also read here to learn more about why your Composition is better than Inheritance for reusing code and functionality. And, if you keep forgetting this rule, here is an excellent cartoon to put in your desk :-) If you are interested in learning more about Object-Oriented Programming Concepts like Composition, Inheritance, Association, Aggregation, etc., you can also take a look at the Object-Oriented Programming in Java course on Coursera.

Extensible Effects in JavaScript for Fun and Profit

Extensible Effects, broadly speaking, is the idea that you can separate the 'what' and 'how' in your code. By representing effects as 'tokens' that hold no intrinsic implementation details, you can write programs that are completely unaware of how they'll eventually interact with their environment. Later on these effects can be 'interpreted' by converting each token into specific actions of your choice. These effects could be general, such as 'send network request', or domain specific, like 'log user out' - it's up to you. For those unfamiliar with monads, you can think of this technique as dependency injection for your software's API calls. You program to an interface, and can provide a different implementation depending on the situation. Extensible effects are implemented via a Freer monad. This is a nested data structure of an initial effect or value, and a sequence of functions that convert the results of a previous effect into the next. When applied to an interpreter function that converts effects into the target monad of your choice, it unwraps from the 'inside out' - the first effect is converted into the target monad, which is mapped into the next effect-containing Freer monad.

Microservices: A cheat sheet

Comparisons are frequently made between microservices and service-oriented architecture (SOA). While the two may seem similar at first glance, they're nearly completely different except in the most basic ways. Both SOA and microservices involve the creation of small components that communicate data to other services, but the scope, purpose, and how the communication occurs are completely different. For starters, SOA is an enterprise-wide architecture, whereas microservice architecture is a way to build a single application. The idea behind SOA is to create a common framework for communication that allows applications, data sources, and other network-connected elements to communicate in a platform-agnostic manner.  SOA wants communication between elements to happen fast, smooth, and without barriers; this is a radical difference from microservices, which want independent elements that aren't dependent on each other at all. SOA integrations are reused constantly—that's the goal of SOA, according to IBM. In the case of microservices, reuse is completely undesirable--if a component is being called in more than one place by its main application, agility and resilience will suffer.

The Four Data Management Mistakes Derailing Your BI Program

There are a number of ways this can happen to a company. When folks come to us looking for a reporting solution to meet their customers’ needs (such as a BI solution designed to be embedded into SaaS applications), they’re not setting up the database in the same step. They’ve already been collecting data for a long time — long before reporting was even a consideration, in most cases. Sometimes we discover that the person who initially set up the database doesn’t even work at the organization anymore and didn’t leave much in the way of documentation or tribal knowledge to help onboard a successor. Other times, responsibility for (and knowledge of) the data is distributed throughout the company. One group might have a deep understanding of the data’s semantics while another, such as IT, might have some insight into its maintenance and traffic capacity. A third group responsible for data analysis might be most familiar with its utility to stakeholders. Unfortunately, none of these groups have a grasp of the database’s structure or complete knowledge of the data itself.

DataOps: The Path to AI-Readiness

Every business has a unique vision or goal for AI, whether it’s improving predictions, automating mundane tasks, freeing up employees to do more fulfilling work, or optimizing processes. But in many cases, there’s no better purpose for AI than in understanding your environment, what your systems are saying through their data, and discovering issues before they snowball into full blown outages. Organizations use about $26.5 billion in revenue because of IT system outages. IBM’s Watson AIOps understands the systems, normal system behaviors, and acceptable ranges, and provides alerts when a problem arises. In effect, it’s a nervous system that allows CIOs to effectively manage all of their systems. Given that data scientists lament limited data access and the lack of a line of sight between data and all team members, a solution such as this becomes a facilitator for faster, proactive responsiveness. ... AI-enabled automation is integral to DataOps for more than just manual steps; for governance processes, data curation, metadata assignment, and ensuring data is available for self-service. This helps to operationalize consistent high quality data throughout the entire enterprise.

Quote for the day:

"The secret of a leader lies in the tests he has faced over the whole course of his life and the habit of action he develops in meeting those tests." -- Gail Sheehy

No comments:

Post a Comment