Daily Tech Digest - June 08, 2020

Once again, Australian government agencies fail cyber security audit

Australian government agencies have turned in yet another poor showing in the latest audit of their information-security controls, but newly implemented cloud technology could help protect them against their ineptitude by locking data against compromise. ... Ten of the examined agencies complied with requirements around restricting administrative privileges, four were using application whitelisting for security protections, and three were on top of patching operating systems and applications. Just two agencies complied with guidance around multi-factor authentication, while just one agency had successfully implemented application hardening and one had successfully implemented controls over the use of macros in productivity suites. Although all entities regularly back up “financially significant data”, their lack of compliance with PSPF guidance around backups—only six entities were conducting daily backups in line with requirements—suggests many remain exposed to cyber attacks such as ransomware, defence against which has been tied to having a strong backup framework and effective data recovery mechanisms. Many of the examined entities cited complexities in existing systems as the reason they had failed to implement so many controls, with many progressing application consolidation plans for “lowering their attack surface and minimising risk.”

Tom Peters does not have all the answers

Peters visited our Salesforce office in Boston and spent 4 hours talking with our employees. He listened with interest and was completely present in the moment. He simply volunteers his time, hoping to teach and be taught. He is fiercely curious, practices radical transparency, and believes every word and every sentence that he tweets about. I have been following Peters for nearly a decade and I have admired his generosity, patience, integrity, benevolence, and unwavering commitment to sharing his knowledge, including mistakes and lessons learned. If I could describe Peters in three words, it would be: Honest, passionate, and caring. ... You will see a masterclass by Peters on humanity, leadership, business core values, and important guiding principles for entrepreneurs and community leaders. Personally speaking, my conversations with Tom Peters are equivalent to reading several meaningful books or attending a couple of semesters of graduate school in humanities. The best teachers are lifelong students. As you watch the video with Peters, you will notice the tall bookshelves behind him and the ladder to the right of the room. I only imagine Peters climbing the ladder to find and re-read his favorite books on the top shelves.

Office Everywhere: Remote Work Going Forward

If creating a positive company culture is at the top of the list, leaders need to find innovative ways to engage employees when after work happy hours are no longer possible. The absence of face-to-face interactions can cause people to feel unmotivated and disengaged, so reinforce your organization’s values through virtual celebrations, team-building exercises, and increased merit recognition to substitute in-person social interactions. Helping teams understand their role in the success of the company will help retain talent even when the market rebounds. Organizations may also look at recruiting efforts as a remote workforce can level the playing field for those who can’t physically be in the office, like parents who are primary caretakers for their children. At home, parents have the flexibility to meet the school bus or drop kids off at practice while also doing their job. Employers who embrace a more flexible and family friendly working environment can attract a diverse set of talent in the long run. Advancements in technology -- pervasive high-speed internet, cloud infrastructure, security, collaboration platforms, devices, and services -- empowers people in the office.

FCC Delays Law Banning Your ISP From Charging You 'Rental Fees' For Hardware You Already Own

Several things here. One, keep in mind this FCC did absolutely nothing for nearly two years as a major telecom monopoly charged users $10 for absolutely nothing. And the very first time they take substantive action on the issue, it involves delaying implementation of a law that actually helps. This is, for those playing along at home, the kind of "hands off approach" to regulation that the FCC loves to (falsely) claim spurs investment and innovation. In reality, finding creative new ways to rip off captive customers is as innovative as US telecom tends to get. Two, there's really nothing about a pandemic that would make it difficult to stop charging people bullshit fees. Three, the FCC's effort to "keep people connected" during this crisis consists of an entirely voluntary, temporary pledge to not kick users offline during the pandemic. It's a pledge many ISPs are simply ignoring, knowing full well the FCC just gutted much of its authority over telecom as part of the net neutrality repeal. Keep in mind the only reason anybody is doing anything about this is thanks to a law that required a miracle to pass.

Chief AI Officer: Executives discuss the role, pitfalls, and business philosophy

From telehealth chatbots to smart elevators, an increasing number of organizations across industries are looking to leverage AI to enhance their business model. As companies begin to adopt these technologies, there's a steep learning curve and numerous legal and ethical concerns to consider. "With the explosion of data we've seen over the last decade, many companies are struggling with how to use AI and automation to better access and utilize all of this information, in a safe, efficient, and ethical way," said Vijay Narayanan, chief AI officer at ServiceNow. "For example, businesses need to ensure customer data is never used without getting their permission first, and bias always needs to be eliminated. The role of the CAIO is to help lead a business through these steps to ensure the technology is used correctly." It's clear that many organizations will look to adopt a CAIO or similar roles to cater to these needs. However, there are pitfalls organizations can make when incorporating a new executive alongside the existing suite. As is the case with any position, cultural fit and philosophy are key. Business philosophy and long-term objectives will certainly play a central role as companies recruit CAIOs or promote individuals internally for this new position. It's imperative that organizations also ensure that the CAIO complements the existing executive suite.

Crank - a New Front-End Framework with Baked-In Asynchronous Rendering

because Crank decouples the idea of local state from rerendering, I think it unlocks a lot of advanced rendering patterns which simply aren’t possible in other frameworks. For instance, you can imagine an architecture where child components have local state but aren’t rerendered, but then rendered all at once by a single parent component which renders in a requestAnimationFrame loop. Components that are stateful but don’t have to rerender every time they’re updated are easy to do in Crank because we’ve decoupled state from rerendering. As an example, you can check out this quick demo I put together wherein I implement the 3D cubes/sphere demo which React and Svelte people were discussing on Twitter last year. I’m excited about Crank’s performance ceiling, because updating a component is just stepping through generators, and there are lots of interesting optimizations that you can do in user-space when state is just local variables and statefulness itself isn’t tightly coupled to a reactive system which forces every stateful component to rerender even if an ancestor component would have rerendered it anyways.

Infrastructure Design Principles For Architecture On AWS Cloud

End-user interacts with our infrastructure, starting from Route53 to get IP addresses for our services. Next, the user contacts CloudFront to get an optimized, cached frontend website. We use a single-page approach for our frontend apps, so they don’t need any server rendering and can be delivered in an efficient way to the user. Our frontend applications contact backend API using API Gateway, which not only caches some responses but also provides throttling and authentication and authorization of the requests. We usually use For secure ingress traffic, we use VPC Link from API Gateway to NLB; then, the traffic gets into the Kubernetes cluster. The cluster itself is configured to be highly available and can auto-scale depending on the load. Depending on the case, applications in the cluster contact multiple backend services such as Redis, Kafka, or RDS. Every time the project doesn’t require stateful services, we suggest going with serverless architecture to provide better OPEX than stateful services. Serverless architecture is very similar to our Kubernetes-based architecture from the user-facing side; the changes are in the backend where we use API Lambdas and sometimes ECS Fargate.

Data Management Hasn’t Failed, but Data Management Storytelling Has

The “need for high-quality data” has been the dominant rallying cry from data practitioners for decades. Redman references his Sloan Management Review piece stating, “Our ultimate goal has been to improve data and information quality by orders of magnitude.” Although it was published in 1995, it reads like it was written yesterday. That’s kind of the problem. These messages and lessons have been the same forever. Business leadership is just not inspired by the concept of “high-quality data.” If Data Quality was a successful way to pitch for senior-level engagement, it would have worked by now. It hasn’t. It never will. Quality is an emotional, subjective, intangible word that evokes soft-focus imagery of hand-crafted products and a Ricardo Montalbán-like voiceover cooing about “fine Corinthian leather.” Similar concepts, such as data hygiene, cleansing, and freshness, are rarely strategic and hardly holistic. Most data hygiene exercises are ad-hoc campaign-based projects isolated to a siloed use case. Although Data Quality metrics are important, and extremely valid within data departments, senior business leaders do not care about Data Quality. They care about results.

Singapore's move to introduce wearable devices for contact tracing sparks public outcry

"The only thing that stops this device from potentially being allowed to track citizens' movements 24 by 7 are: if the wearable device runs out of power; if a counter-measure device that broadcasts a jamming signal masking the device's whereabouts; or if the person chooses to live 'off the grid' in total isolation, away from others and outside of any smartphone or device effective range," he noted.  Others also have voiced their concerns about the potential implementation of wearable devices, taking to Balakrishnan's Facebook page to urge the government against taking this route.  One user, Francis Lum, said: "Can the government explore technologies that doesn't interfere with people's daily living? We are not one big giant high surveillance prison, are we? Too intrusive. This is like an electronic tag for prisoners or offenders." Chong Wen Hao also wrote: "With the rapid advancement of technology, we know that such level of surveillance is unavoidable. Even without this wearable device. it will come sooner or later in other forms. However, the idea of a wearable worn for tracking purposes is just too intrusive from a usability standpoint."

Building AMQP-Based Messaging Framework on MongoDB

With the growing trends of microservices, engineers are looking for more lightweight, independently deployable, and less costly options in the market. Every messaging framework comes with the baggage of additional infrastructure and maintenance headache. In one of my projects there has been a proposal to use the capped collection feature of MongoDB along with its tailable cursor as an alternative option to deploy any real messaging infrastructure. ... Not to mention that this feature of MongoDB is quite old and well-known in the market and you will find a lot of articles around it. However, I believe those articles have just shown the basic way of enabling it without going deep into it. A real messaging framework has lots of challenges than just making an asynchronous way of delivering the messages. In this series of articles, we will try to address them and see if we can really build some messaging infrastructure using MongoDB by considering all the needs of a messaging framework.

Quote for the day:

"Challenges in life always seek leaders and leaders seek challenges." -- Wayde Goodall

No comments:

Post a Comment