Daily Tech Digest - September 04, 2020

Blockchain for Master Data Management

What is the relevance of Blockchain for MDM? Blockchain is a type of a database – through quite different from traditional relational or emerging NoSQL databases. As highlighted in the podcast, Blockchain is a linked list of blocks that contain cryptographically secured blocks of transactions that are immutable. Participants who do not know or trust each other can rely on and trust the Blockchain. Unlike traditional databases that support CRUD (Create, Read, Update, and Delete), with Blockchain, you can only Create and Read: transactions are validated and added to the blocks in the chain. They can be read but never deleted or updated. All transactions and activities on the Blockchain are timestamped. So, what is the relevance of Blockchain for MDM when we cross organizational boundaries. Conducting business transactions across organizational boundaries has all the challenges of intra-enterprise silos and adds several others. Inter-Enterprise exchanges and data sharing are marred with multiple inefficiencies: manual forms and paperwork, error-prone replications, delays due to organizational or bureaucratic inefficiencies, errors in language translations, especially cross-country exchanges, difficulties, and challenges in reconciling governance policies – to name a few.

Everything you need to know about the weird future of quantum networks

QKD technology is in its very early stages. The "usual" way to create QKD at the moment consists of sending qubits in a one-directional way to the receiver, through optic-fibre cables; but those significantly limit the effectiveness of the protocol. Qubits can easily get lost or scattered in a fibre-optic cable, which means that quantum signals are very much error-prone, and struggle to travel long distances. Current experiments, in fact, are limited to a range of hundreds of kilometers. There is another solution, and it is the one that underpins the quantum internet: to leverage another property of quantum, called entanglement, to communicate between two devices. When two qubits interact and become entangled, they share particular properties that depend on each other. While the qubits are in an entangled state, any change to one particle in the pair will result in changes to the other, even if they are physically separated. The state of the first qubit, therefore, can be "read" by looking at the behavior of its entangled counterpart. That's right: even Albert Einstein called the whole thing "spooky action at a distance". And in the context of quantum communication, entanglement could in effect, teleport some information from one qubit to its entangled other half, without the need for a physical channel bridging the two during the transmission.

Cyber security Career Guidance — Part 1 — the Beginner’s Journey

Logs can seem overwhelming the first time you come across them. But all you must do is confront the bully head-on! In my training workshops, I always throw different log file formats on the screen and ask the students to analyze what’s going on. At first, there’s a typical sigh across the whole class, but soon people begin to interpret the different fields and what they could mean. There are numerous tools out there — some that support multiple log formats, others which do a great job at a specific log format. With experience, you will figure out which tool works best for which type of log format, but nothing beats being able to look at raw logs and not be intimidated. ... while it is not mandatory that you know a programming language, but it helps a lot. During the interview process, unless it is mentioned on your resume, I would not ask about your programming know-how. But from personal experience, I can vouch for the power of programming when solving real-world technical issues. Again, which language you know is not important. Even C is fine. Shell scripting is possibly even better. Python is awesome. In college, we were taught Basic and C. We taught ourselves C++ and Java on the side.

How Google Maps uses DeepMind’s AI tools to predict your arrival time

Google Maps is one of the company’s most widely-used products, and its ability to predict upcoming traffic jams makes it indispensable for many drivers. Each day, says Google, more than 1 billion kilometers of road are driven with the app’s help. But, as the search giant explains in a blog post today, its features have got more accurate thanks to machine learning tools from DeepMind, the London-based AI lab owned by Google’s parent company Alphabet. In the blog post, Google and DeepMind researchers explain how they take data from various sources and feed it into machine learning models to predict traffic flows. This data includes live traffic information collected anonymously from Android devices, historical traffic data, information like speed limits and construction sites from local governments, and also factors like the quality, size, and direction of any given road. So, in Google’s estimates, paved roads beat unpaved ones, while the algorithm will decide it’s sometimes faster to take a longer stretch of motorway than navigate multiple winding streets.

How to Build a Strong Beta Testers Community

Before you start, you should define your goal and target audience. Defining goals is the first task to complete. Here are a few relevant ones: test an idea and gather feedback to make sure you are solving the right problem; test the sketches to make sure you solve the problem right; and test an early version to get feedback and adjust the solution before the official launch. Don’t forget to describe how you understand that you have achieved your goal. For example, if you want to get feedback regarding your product, that’s great. But what if only one user provides their feedback? Does it mean that you have achieved your goal? Make sure you can measure the results so that you are able to achieve your goal. And as with any other goal, don’t forget to revise your goal during your beta program. You may want to adjust it as you go. How much time do you have to dedicate to the beta program? If you do everything manually, then you need to set a maximum number of participants. Think how many contacts (customers) can you serve during the beta. Your beta customers will ask questions, provide feedback, and log the bugs.

How to judge open-source projects

An easier way to determine an open-source program's quality is simply to look at the number and quality of its developers. Mike Volpi, a well-known venture capitalist and Index Ventures partner, said that since "software is never sold," it is adopted by the developers who appreciate the software more because they can see it and use it themselves rather than being subject to it based on executive decisions." Therefore, "open-source software permeates itself through the true experts," and . . . "the developers . . . vote with their feet." If the programmers are leaving, the maintainers aren't getting back on patch requests, and the code is growly moldy, it's time to bid that program good-bye. Or, if it's essential to you, take it over yourself.  You can also determine a project's health by how easy -- or not -- it makes it for others to participate in it. Ed Warnicke, a Cisco Distinguished Consulting Engineer, believes successful open-source communities lower the barriers to useful participation. He lists many barriers to participation, which are red flags. ... Another way of judging open-source projects is how many people actually use them.

Which cybersecurity failures cost companies the most and which defenses have the highest ROI?

SCRAM (Secure Cyber Risk Aggregation and Measurement) has, according to its creators, solved that longstanding cyber-security problem. “SCRAM mimics the traditional aggregation technique, but works exclusively on encrypted data that it cannot see. The system takes in encrypted data from the participants, runs a blind computation on it, and returns an encrypted result that must be unlocked by each participant separately before anyone can see the answer,” they explained. “The security of the system comes from the requirement that the keys from all the participants are needed in order to unlock any of the data. Participants guarantee their own security by agreeing to unlock only the result using their privately held key.” More technical details about the process and the platform, which consists of a central server, software clients, and a communication network to pass encrypted data between the clients and the server, can be found in this paper. ... The researchers recruited seven large companies that had a high level of security sophistication and a CISO to test out the platform, i.e., to contribute encrypted information about their network defenses and a list of all monetary losses from cyber attacks and their associated defensive failures over a two-year period.

Open Service Mesh: a Service Mesh Implementation from Microsoft

Microsoft has released (in alpha) the open service mesh (OSM), a service mesh implementation compliant with the SMI specification. OSM covers standard features of a service mesh like canary releases, secure communication, and application insights, similar to other service mesh implementations like Istio, Linkerd, Consul, or Kuma. Additionally, the OSM team is in the process of donating the project to the CNCF. OSM implements the service mesh interface (SMI), a set of standard and portable APIs to deploy a service mesh in Kubernetes. When users configure a service mesh through SMI specification, they don't need to be specific about which service implementation they're running in the cluster. Additionally, OSM comes with standard and basic service mesh features like canary releases, secure service communication, and application insights. In this alpha release, OSM comes with the ability to configure traffic shifting policies, secure communication within services through mTLS, grained access control policies, application metrics, external certificate managers, and inject the sidecar Envoy proxy automatically.

The Hidden Costs of Losing Security Talent

Ryan Corey, co-founder and CEO of online training site Cybrary, says companies also lose money on staffing when they don't chart a clear career path for their employees. "Every cyber professional has recruiters calling them all the time. That's just the way it is because there are not enough people to fill the available jobs," he says. "When people feel boxed in, they will leave. They have to know what the path is to the next level." Another issue: Companies don't handle diversity well, adds Ron Gula, a board member at Cybrary. "By diversity I mean diversity in employment backgrounds," he says. "Companies may want to hire a pen tester because they have security experience, but they should also be looking for people who have experience in accounting, a legal department, or other types of jobs." Finally, companies don't fund cyber departments well enough, either, Gula says. "Too often there's a lack of leadership, funding, and a vision for what the department could be," he says."Sometimes they outsource and have a bad experience and then move forward with a skeleton crew." CyberVista's Petrella says she works with companies on developing their recruiting and retention strategies, as well as how to upskill the people they recruit.

Businesses, policymakers ‘misaligned’ on what ethical AI really means

Policymakers rated “fairness and avoiding bias”, such as the misidentification of individuals, as the top priority for this application of the technology, followed by “privacy and data rights” and “transparency.” Among private firms, however, the number one concern was different. These companies identified “privacy and data rights” as their number one worry. While this is just one example, experts from EY have remarked that the substantial misalignment in points of view between the public and private sectors poses a huge risk to the business landscape, as a focused approach between the two in relation to ethical AI is absent. Policymakers and firms need to unite and collaborate in truly defining ethical AI and must work together to narrow the existing gap. EY global markets digital and business disruption leader, Gil Forer said, “As AI scales up in new applications, policymakers and companies must work together to mitigate new market and legal risks.” Forer continued: “Cross-collaboration will help these groups understand how emerging ethical principles will influence AI regulations and will aid policymakers in enacting decisions that are nuanced and realistic.”

Quote for the day:

"A true dreamer is one who knows how to navigate in the dark" -- John Paul Warren

No comments:

Post a Comment