Once again, Australian government agencies fail cyber security audit
Australian government agencies have turned in yet another poor showing in the
latest audit of their information-security controls, but newly implemented
cloud technology could help protect them against their ineptitude by locking
data against compromise. ... Ten of the examined agencies complied with
requirements around restricting administrative privileges, four were using
application whitelisting for security protections, and three were on top of
patching operating systems and applications. Just two agencies complied with
guidance around multi-factor authentication, while just one agency had
successfully implemented application hardening and one had successfully
implemented controls over the use of macros in productivity suites. Although
all entities regularly back up “financially significant data”, their
lack of compliance with PSPF guidance around backups—only six entities
were conducting daily backups in line with requirements—suggests many remain
exposed to cyber attacks such as ransomware, defence against which has been
tied to having a strong backup framework and effective data recovery
mechanisms. Many of the examined entities cited complexities in existing
systems as the reason they had failed to implement so many controls, with many
progressing application consolidation plans for “lowering their attack surface
and minimising risk.”
Tom Peters does not have all the answers
Peters visited our Salesforce office in Boston and spent 4 hours talking with
our employees. He listened with interest and was completely present in the
moment. He simply volunteers his time, hoping to teach and be taught. He is
fiercely curious, practices radical transparency, and believes every word and
every sentence that he tweets about. I have been following Peters for nearly a
decade and I have admired his generosity, patience, integrity, benevolence, and
unwavering commitment to sharing his knowledge, including mistakes and lessons
learned. If I could describe Peters in three words, it would be: Honest,
passionate, and caring. ... You will see a masterclass by Peters on humanity,
leadership, business core values, and important guiding principles for
entrepreneurs and community leaders. Personally speaking, my conversations with
Tom Peters are equivalent to reading several meaningful books or attending a
couple of semesters of graduate school in humanities. The best teachers are
lifelong students. As you watch the video with Peters, you will notice the tall
bookshelves behind him and the ladder to the right of the room. I only imagine
Peters climbing the ladder to find and re-read his favorite books on the top
shelves.
Office Everywhere: Remote Work Going Forward
If creating a positive company culture is at the top of the list, leaders need
to find innovative ways to engage employees when after work happy hours are no
longer possible. The absence of face-to-face interactions can cause people to
feel unmotivated and disengaged, so reinforce your organization’s values
through virtual celebrations, team-building exercises, and increased merit
recognition to substitute in-person social interactions. Helping teams
understand their role in the success of the company will help retain talent
even when the market rebounds. Organizations may also look at recruiting
efforts as a remote workforce can level the playing field for those who can’t
physically be in the office, like parents who are primary caretakers for their
children. At home, parents have the flexibility to meet the school bus or drop
kids off at practice while also doing their job. Employers who embrace a more
flexible and family friendly working environment can attract a diverse set of
talent in the long run. Advancements in technology -- pervasive high-speed
internet, cloud infrastructure, security, collaboration platforms, devices,
and services -- empowers people in the office.
FCC Delays Law Banning Your ISP From Charging You 'Rental Fees' For Hardware You Already Own
Several things here. One, keep in mind this FCC did absolutely nothing for
nearly two years as a major telecom monopoly charged users $10 for absolutely
nothing. And the very first time they take substantive action on the issue, it
involves delaying implementation of a law that actually helps. This is, for
those playing along at home, the kind of "hands off approach" to regulation that
the FCC loves to (falsely) claim spurs investment and innovation. In reality,
finding creative new ways to rip off captive customers is as innovative as US
telecom tends to get. Two, there's really nothing about a pandemic that would
make it difficult to stop charging people bullshit fees. Three, the FCC's effort
to "keep people connected" during this crisis consists of an entirely voluntary,
temporary pledge to not kick users offline during the pandemic. It's a pledge
many ISPs are simply ignoring, knowing full well the FCC just gutted much of its
authority over telecom as part of the net neutrality repeal. Keep in mind the
only reason anybody is doing anything about this is thanks to a law that
required a miracle to pass.
Chief AI Officer: Executives discuss the role, pitfalls, and business philosophy
From telehealth chatbots to smart elevators, an increasing number of
organizations across industries are looking to leverage AI to enhance their
business model. As companies begin to adopt these technologies, there's a
steep learning curve and numerous legal and ethical concerns to consider.
"With the explosion of data we've seen over the last decade, many companies
are struggling with how to use AI and automation to better access and utilize
all of this information, in a safe, efficient, and ethical way," said Vijay
Narayanan, chief AI officer at ServiceNow. "For example, businesses need to
ensure customer data is never used without getting their permission first, and
bias always needs to be eliminated. The role of the CAIO is to help lead a
business through these steps to ensure the technology is used correctly." It's
clear that many organizations will look to adopt a CAIO or similar roles to
cater to these needs. However, there are pitfalls organizations can make when
incorporating a new executive alongside the existing suite. As is the case
with any position, cultural fit and philosophy are key. Business
philosophy and long-term objectives will certainly play a central role as
companies recruit CAIOs or promote individuals internally for this new
position. It's imperative that organizations also ensure that the CAIO
complements the existing executive suite.
Crank - a New Front-End Framework with Baked-In Asynchronous Rendering
because Crank decouples the idea of local state from rerendering, I think it
unlocks a lot of advanced rendering patterns which simply aren’t possible in
other frameworks. For instance, you can imagine an architecture where child
components have local state but aren’t rerendered, but then rendered all at once
by a single parent component which renders in a requestAnimationFrame loop.
Components that are stateful but don’t have to rerender every time they’re
updated are easy to do in Crank because we’ve decoupled state from rerendering.
As an example, you can check out this quick demo I put together wherein I
implement the 3D cubes/sphere demo which React and Svelte people were discussing
on Twitter last year. I’m excited about Crank’s performance ceiling, because
updating a component is just stepping through generators, and there are lots of
interesting optimizations that you can do in user-space when state is just local
variables and statefulness itself isn’t tightly coupled to a reactive system
which forces every stateful component to rerender even if an ancestor component
would have rerendered it anyways.
Infrastructure Design Principles For Architecture On AWS Cloud
End-user interacts with our infrastructure, starting from Route53 to get IP
addresses for our services. Next, the user contacts CloudFront to get an
optimized, cached frontend website. We use a single-page approach for our
frontend apps, so they don’t need any server rendering and can be delivered in
an efficient way to the user. Our frontend applications contact backend API
using API Gateway, which not only caches some responses but also provides
throttling and authentication and authorization of the requests. We usually
use For secure ingress traffic, we use VPC Link from API Gateway to NLB; then,
the traffic gets into the Kubernetes cluster. The cluster itself is configured
to be highly available and can auto-scale depending on the load. Depending on
the case, applications in the cluster contact multiple backend services such
as Redis, Kafka, or RDS. Every time the project doesn’t require stateful
services, we suggest going with serverless architecture to provide better OPEX
than stateful services. Serverless architecture is very similar to our
Kubernetes-based architecture from the user-facing side; the changes are in
the backend where we use API Lambdas and sometimes ECS Fargate.
Data Management Hasn’t Failed, but Data Management Storytelling Has
The “need for high-quality data” has been the dominant rallying cry from data
practitioners for decades. Redman references his Sloan Management
Review piece stating, “Our ultimate goal has been to improve data and
information quality by orders of magnitude.” Although it was published in 1995,
it reads like it was written yesterday. That’s kind of the problem. These
messages and lessons have been the same forever. Business leadership is
just not inspired by the concept of “high-quality data.” If Data Quality was a
successful way to pitch for senior-level engagement, it would have worked by
now. It hasn’t. It never will. Quality is an emotional, subjective, intangible
word that evokes soft-focus imagery of hand-crafted products and a Ricardo
Montalbán-like voiceover cooing about “fine Corinthian leather.” Similar
concepts, such as data hygiene, cleansing, and freshness, are rarely strategic
and hardly holistic. Most data hygiene exercises are ad-hoc campaign-based
projects isolated to a siloed use case. Although Data Quality metrics are
important, and extremely valid within data departments, senior business leaders
do not care about Data Quality. They care about results.
Singapore's move to introduce wearable devices for contact tracing sparks public outcry
"The only thing that stops this device from potentially being allowed to track
citizens' movements 24 by 7 are: if the wearable device runs out of power; if
a counter-measure device that broadcasts a jamming signal masking the device's
whereabouts; or if the person chooses to live 'off the grid' in total
isolation, away from others and outside of any smartphone or device effective
range," he noted. Others also have voiced their concerns about the
potential implementation of wearable devices, taking to Balakrishnan's
Facebook page to urge the government against taking this route. One
user, Francis Lum, said: "Can the government explore technologies that doesn't
interfere with people's daily living? We are not one big giant high
surveillance prison, are we? Too intrusive. This is like an electronic tag for
prisoners or offenders." Chong Wen Hao also wrote: "With the rapid advancement
of technology, we know that such level of surveillance is unavoidable. Even
without this wearable device. it will come sooner or later in other forms.
However, the idea of a wearable worn for tracking purposes is just too
intrusive from a usability standpoint."
Building AMQP-Based Messaging Framework on MongoDB
With the growing trends of microservices, engineers are looking for more
lightweight, independently deployable, and less costly options in the market.
Every messaging framework comes with the baggage of additional infrastructure
and maintenance headache. In one of my projects there has been a proposal to use
the capped collection feature of MongoDB along with its tailable cursor as an
alternative option to deploy any real messaging infrastructure. ... Not to
mention that this feature of MongoDB is quite old and well-known in the market
and you will find a lot of articles around it. However, I believe those articles
have just shown the basic way of enabling it without going deep into it. A real
messaging framework has lots of challenges than just making an asynchronous way
of delivering the messages. In this series of articles, we will try to address
them and see if we can really build some messaging infrastructure using MongoDB
by considering all the needs of a messaging framework.
Quote for the day:
No comments:
Post a Comment