Daily Tech Digest - June 13, 2020

Blockchain expert discusses a world without usernames and passwords

The core principles of blockchain, he explained, can be applied to anything and can be useful for a variety of things, including authentication. "Right now, we have this problem with authentication. If you go to a bar and ask for a beer, you give them your license to prove age. But the issue is that they don't just get proof that you're 21, they get your name, actual age, address, organ donor and more," he said. "We have these imprecise identity and authentication systems where to establish a fact, whether it be age or paying taxes, you have to collect a lot more information than you need just because of the medium of how it's done. So many companies become data warehouses as a consequence of that mandate and they end up storing huge amounts of information about people. If they get hacked, that information gets leaked." Blockchain proponents have spent years figuring out a unified place to store credentials while also finding ways to prove facts about people by only revealing the minimum amount of information necessary.  "We can use zero knowledge cryptography and these things to say: 'Hey, you're over the age of 21. I won't know how old you are but I can get proof you're over 21. I can know you live in New York but not get your address," he added.

Building Security into Software

When a new technology wave sweeps over the security discipline - such as mobile code security, IoT security, or ML security - one important exercise is to think about how the seven touchpoints can be applied in order to make security progress. When it comes to many technologies, source-code analysis is the easiest security touchpoint to apply first. Why that is the case should be obvious: Regardless of the process you may have used to come up with your code, your code can be subjected to static analysis. That is, just about every software project has code. Well, to a point: Static analysis of a dynamic node.js assembly may not be possible depending on when, where, and how the assembly is put together. In fact, the move to dynamic languages is having a deep impact on the base effectiveness of code review using a static analysis tool.  Likewise, a DevOps approach elevates the importance of security operations (touchpoint 7), which is now defined in code itself. Containers are code, and container configuration is code. Container orchestration is code, too! So securing a system by design obviously must include operational aspects that may have been left to the IT guys in the past.

Phishing Attacks Traced to Indian Commercial Espionage Firm

Multiple details appear to reinforce that Dark Basin's operators were Indian and working in India, including the repeat use of custom-built link-shortening services named Holi, Rongali and Pochanchi, of which the first two are names of Hindu festivals, while the latter appears to be "a transliteration of the Bengali word for '55,'" according to Citizen Lab. Researchers said they found online a copy of BellTroX's phishing kit source code, as well as log files detailing testing activity, which uses the same time zone as India. Citizen Lab says employees also boasted online about conducting some attacks that traced back to link-shortening services seen in multiple BellTroX hack attacks. "We were able to identify several BellTroX employees whose activities overlapped with Dark Basin because they used personal documents, including a CV, as bait content when testing their URL shorteners," Citizen Lab says. "They also made social media posts describing and taking credit for attack techniques containing screenshots of links to Dark Basin infrastructure. BellTroX and its employees appear to use euphemisms for promoting their services online, including 'Ethical Hacking' and 'Certified Ethical Hacker.'"

A new digital ecosystem to transform the lives of Nigerians across the globe

“Sparkle will be transformational for Nigerians across the globe and I am hugely excited to be launching it today. Sparkle is redefining Nigerian commerce by merging financial services with a seamless lifestyle solution. We are removing barriers using technology and data, driving inclusion at scale. In doing so, we are empowering Nigerians to fulfil their potential, democratizing access to valuable solutions for both business and personal needs.” Sparkle is partnering with VISA, Microsoft and PwC Nigeria to achieve its vision of redefining Nigerian commerce. The partnerships will provide industry leading expertise in APIs, cloud computing, data science, machine learning, tax and financial advisory services for the benefit of Sparkle’s customers. The services offered by Sparkle are all licensed by the CBN. The launch of Sparkle comes at a time when most of Nigeria’s population (79%) have mobile connectivity, with 39% having access to mobile broadband connections1. This young and growing population – currently over 195 million people2 – are also digital natives, with social networks forming part of everyday life. 

Android 11's most important additions

The Android 11 Beta is significant for a couple of reasons. First, even though Android 11 itself has been in a public developer preview since February, this is the first time it's being made easily accessible to average users — and the first time it's anywhere near stable enough to be advisable for regular phone-totin' folk to use. (That being said, it still isn't something a typical phone-owner should install, especially on a primary phone you rely on for work.) But beyond that, this week's release gives us our first real look at what's likely the complete picture — or something very close to it — of what Android 11 represents. The early developer previews were kind of like rough skeletons, in a sense, and this beta release adds in the meat around those bones. That means some of the flashiest, most high-profile features of the software are now in front of us, and while there aren't any huge surprises, there's certainly some noteworthy stuff — including a newly refined notification panel that separates out conversation-centric alerts and places them in their own dedicated section, the long-awaited debut of Android's Bubbles multitasking system, a fancy new control panel for connected devices, and a new universal media player with better tools for controlling audio across multiple devices.

Artificial intelligence gathers pace in Latin America

Latin firms are using AI to tackle critical regional issues, including food security, smart cities, natural resources, and unemployment, according to the study, with the level of sophistication of AI projects at almost the same level as other regions. About 80% of large businesses in the region reported having projects underway, with early benefits including increased operational efficiency and management decision-making. This compares with 87% in North America and 95% in Asia-Pacific. The researchers predict that by 2022, AI projects are expected to accelerate, with almost two-thirds of respondents in Latin countries saying they expect 21%-40% of their processes to use AI three years from now, with the areas of fastest growth being logistics and supply chain management, as well as sales and marketing. The report noted that all industry sectors in Latin America have been ramping up adoption of AI, mostly for customer service, cited by 55% of respondents. Banks and airlines in the region have been at the forefront, taking advantage of chatbots and virtual assistants to improve response times and lighten administrative loads. The report also noted the emergence of a number of AI customer service-focused startups in the region.

Survey on Agile Hints at Further Acceleration Under COVID-19

How the success of Agile projects is measured is changing, according to the survey results. Burndown charts and the number of deliveries per day or hour, O’Rourke says, were the prevalent metrics. This has given way to business-related metrics taking the top spots. Customer/user satisfaction, business value, speed of delivery, customer retention, and increased revenue are now prime ways to gauge the success of agile projects, he says. More companies are committing to value streams in Agile, O’Rourke says, that tie business and IT organizations together. “Their expectation is those IT organizations are becoming much more of a strategic piece of their capabilities as opposed to just a cost center,” he says. Scaling of Agile is becoming more pronounced in the era of COVID-19, O’Rourke says. The methodology is applied increasingly across entire organizations from teams to directors, he says. There have also been changes in how Agile is applied with external resources, O’Rourke says. “This year, 40% of the people are using Agile capabilities in their outsourced projects, but five years ago that was 78%.”

DevOps for beginners: Where to start learning and focusing

First, we need to identify all the gaps and bottlenecks in your organization. A great practice to start is to map out value streams. What are all the steps taken between a customer triggering a request for a product or service and the associated value being delivered to them? How long does each step take? Where is there waste and unnecessary wait times? What about getting new releases of your software? How long does it take to get a new idea from a customer (internal or external) implemented and usable? A pair of practices to help with all of these questions are Value Stream Mapping and Metrics Based Process Mapping: These exercises can help you think about the gaps and delays that exist between end users and business lines, between business lines and software development teams, and between software development teams and application operations teams. Plugging these gaps and shortening these delays is what DevOps helps improve. Next, it’s hugely valuable to take some time to ensure you and your teams understand what DevOps is and, more importantly, what DevOps isn’t. 

Remote working: How the biggest change to office life will happen in our homes

"Whenever I would work from home before COVID," Hashmi tells ZDNet, "I would start my day as if I was going to work, and then instead of getting onto the tube, I'd go down to the co-working space with my laptop and my coffee, and work there until lunchtime." When his stomach would start rumbling, he would take the lift back up to his studio, make some food, and do some more work there. "But I'd go back down if I wasn't working productively enough in my own flat," adds Hashmi. "To have this workspace was really beneficial, because otherwise you're always working in your bedroom-kitchen area." ... "This is mostly just because the ergonomics of working in my studio aren't very good," he adds. "Whereas all the times I've worked in the co-working space, I've never felt physically discomforted. There's a variety in how you can sit, or change spaces." ... now it has become widely accepted that remote working is here to stay, even in a post-coronavirus world. And as employees start spending a few more days at home every week, it is not only office layouts that are going to change – but also the way we organize our homes.

Manifesto for Sustainable Agile

Technology has helped us prove that remote work at such a massive scale is possible. Studies have long proven collocated teams are better at delivery outcomes and gain alignment quickly. The effect of current situation will fundamentally shift how office spaces & collocation is perceived by individuals and leaders. In post COVID-19 era and beyond, remote working may take a front seat giving people commute-free lifestyle combined with technology innovations. We are all learning and experience through a global movement that it is more important to have the power of minds, ideas and thoughts together and collocated through digital mediums and conferencing innovations etc. Physical collocation may prove not be an essential aspect for new normal where everyone will master the art of remote working. ... The urge to measure individual productivity has always been of keen interest for people who are more focused on ROI over Impact. It has been a topic of debate over years in agile community that rather than measuring outputs or utilisation, one should measure outcomes. In my experience, outputs/utilisation measured in absolute number of hours or any time unit may have a NO direct relation to intellectual outcomes. 

Quote for the day:

"In simplest terms, a leader is one who knows where he wants to go, and gets up, and goes." -- John Erksine

No comments:

Post a Comment