Daily Tech Digest - September 11, 2020

How this open source test framework evolves with .NET

Fixie v3 is a work in progress that we intend to release shortly after .NET 5 arrives. .NET 5 is the resolution to the .NET Framework vs. .NET Core development lines, arriving at One .NET. Instead of fighting it, we're following Microsoft's evolution: Fixie v3 will no longer run on the .NET Framework. Removing .NET Framework support allowed us to remove a lot of old, slow implementation details and dramatically simplified the regression testing scenarios we had to consider for reach release. It also allowed us to reconsider our design. The Big Three requirements changed only slightly: .NET Core does away with the notion of an App.config file closely tied to your executable, instead relying on a more convention-based configuration. All of Fixie's assembly-loading requirements remained. More importantly, the circumstances around the design changed in a fundamental way: we were no longer limited to using types available in both .NET Framework and .NET Core. By promising less with the removal of .NET Framework support, we gained new degrees of freedom to modernize the system.

A 5-step Guide to Building Empathy that can Boost your Development Career

When you reflect on yourself, also analyze your interactions. When you speak, do you ramble on? Do you raise your voice easily, or get easily upset? Do you talk more than listen? How do you come across physically? Do you roll your eyes, or dart them around the room? Do you slouch or bury your hands in your pockets? Think about the language you use during conversations. Do you use habitual phrases that help or hinder your message? Is your language helping others to pay attention or tune you out? Does it encourage conversations and build bridges? Are you making others feel heard and respected, or ignored and underappreciated? To start your self-awareness journey, you can take advantage of a number of tools: DISC, Real Colors, and Myers-Briggs are all great starting points to understanding your own personality. These tools are not there to dictate who you are, but to guide you in understanding who you are. When you take the quiz, you are essentially having a conversation with that quiz. The results are simply telling you how you showed up to that conversation - the outcome is affected by your mood, attitude, energy, recent events, etc.

New CDRThief malware targets VoIP softswitches to steal call detail records

"At the time of writing we do not know how the malware is deployed onto compromised devices," Anton Cherepanov, one of ESET's top malware hunters, wrote in an analysis today. "We speculate that attackers might obtain access to the device using a brute-force attack or by exploiting a vulnerability. Such vulnerabilities in VOS2009/VOS3000 have been reported publicly in the past," Cherepanov added. However, once the malware has a foothold on a Linux server running Linknat VOS2009 or VOS3000, the malware searches for the Linknat configuration files and extracts credentials for the built-in MySQL database, where the softswitch stores call detail records (CDR, aka VoIP calls metadata). "Interestingly, the password from the configuration file is stored encrypted," Cherepanov pointed out. "However, Linux/CDRThief malware is still able to read and decrypt it. Thus, the attackers demonstrate deep knowledge of the targeted platform, since the algorithm and encryption keys used are not documented as far as we can tell. It means that the attackers had to reverse engineer platform binaries or otherwise obtain information about the AES encryption algorithm and key used in the Linknat code."

Open-sourcing TensorFlow with DirectML

TensorFlow is a widely used machine learning framework for developing, training, and distributing machine learning models. Machine learning workloads often involve tremendous amounts of computation, especially when training models. Dedicated hardware such as the GPU is often used to accelerate these workloads. TensorFlow can leverage both Central Processing Units (CPUs) and GPUs, but its GPU acceleration is limited to vendor-specific platforms that vary in support for Windows and across its users’ diverse range of hardware. Bringing the full machine learning training capability to Windows, on any GPU, has been a popular request from the Windows developer community. The DirectX platform in Windows has been accelerating games and compute applications on Windows for decades. DirectML extends this platform by providing high-performance implementations of mathematical operations—the building blocks of machine learning—that run on any DirectX 12-capable GPU. We’re bringing high-performance training and inferencing on the breadth of Windows hardware by leveraging DirectML in the TensorFlow framework. 

Developing a plan for remote work security? Here are 6 key considerations

Training needs to address all aspects of your structure, specifically: information security, data security, cybersecurity, computer security, physical security, IoT security, cloud security, and individual security. Each area of an architecture needs to be tested and hardened regularly for your organization to truly be shielded from security breaches. Be specific about your program: train your staff on how to defend your information around your HR records (SSNs, PII, etc.) and data that could be exposed (shopping cart, customer card numbers), as well as in cyber defense to provide tools against nefarious actors, breaches and threats. Staff must be trained to know how to lock down computers, so individual machines and network servers are safe. This training should also encompass how to ensure physical security, to protect your storage or physical assets. This comes into play more as the IoT plays a larger role in connecting our devices and BYOD policies allow for more connections to be made between personal and corporate assets. Individual security: each employee is entitled to be secure in their work for a company, and that includes privacy concerns and compliance issues.

Phishing attack baits victims by promising access to quarantined emails

As analyzed by the Cofense Phishing Defense Center, this phishing attack is directed toward employees within an organization. Impersonating the technical support team of the user's employer, the campaign pretends to have quarantined three email messages, blocking them from reaching the recipient's inbox. Clicking on a link promises access to these messages but instead directs the person to a phishing page. The user is then prompted to sign in with their email account credentials, which are then captured by the attacker. The campaign seems convincing in a variety of ways, according to Cofense. By spoofing the account of the internal support staff, the phishing email appears to come from a trusted source. The quarantine notice sounds real, even claiming that the quarantined messages failed to process and must be reviewed to confirm their validity. Further, the notice has an air of immediacy by saying that two of the messages are considered valid and will be deleted in three days unless action is taken. Such a notice could convince the recipient that these are messages of importance to their organization, requiring a quick response to review them before they're gone.

Laying The Groundwork For ‘Fintech 2.0’ With Digital Assets

Increasingly, government entities are interested in stablecoin technology as well. While it's a promising development in the world of digital assets, Woodford said he doesn't expect state-back initiatives to go live and take off anytime soon. Rather, the biggest value in these efforts is in validating digital assets as a whole. "If you look at what has caused the shift in mentality in the last 12-18 months, it went from, 'No, we don't want this,' to, 'No, but this is interesting' to the point now where it's interesting and people are actively engaging in this space," he explained. "One of the reasons for that is because of the sentiment, caused by those government announcements. It's one driver, but it's more important and meaningful now in terms of how it's adjusted the attitude." The fact is, any dramatic change in the world's payments landscape isn't going to happen overnight — certainly not a shift from fiat currency toward digital assets like bitcoin. It's part of the reason why stablecoin technology is so popular; it's a blend between fiat and digital currency, and that mix is critical to driving traction. As such, Zero Hash, which recently announced the closure of its Series C funding round, is planning to not only augment its lending offering, but to integrate ACH processing capabilities within its infrastructure.

Smart contact lens prototype raises eyebrows

The human iris controls pupil size in response to light, a critical function that allows the retina to take in appropriate sensory information. Too much light and the world is washed out, too little and it's veiled in darkness. A host of eye diseases and deficiencies inhibit the iris from responding appropriately, including aniridia and keratoconus. Light sensitivity, similarly, is a painful debilitation and is often associated with chronic migraine. Researchers at Imec, an innovation hub based in Belgium, along with partners like CMST, a Ghent University-affiliated research group, the Instituto de Investigación Sanitaria Fundación Jiménez Díaz in Madrid, Spain, and Holst Centre have been developing an low-powered wearable solution. The contact lens's iris aperture is tunable thanks to an integrated liquid crystal display (LCD) that manipulates concentric rings.  "By combining our expertise on miniaturized flexible electronics, low-power ASIC design and hybrid integration, we have demonstrated the capacity to develop a solution for people who suffer from iris deficiencies, higher order aberrations and photophobia, a common yet debilitating symptom seen in many neuro-ophthalmic disorders," says researcher prof. Andrés Vásquez

3 tips for supercharging your remote workforce with AI and automation

Organisations today are facing numerous pressures to enable a remote workforce, particularly in the IT function, since we have entered the post-Covid era. At a time when the traditional modus operandi is constantly being tested, there are some ‘new’ approaches that have actually been in use in other parts of the market for a while now. We can take several lessons from the consumer tech world and how it leverages automation and AI to reduce maintenance and ease automation. Let’s take at the Nest thermostat as an example. A single thermostat changes temperature about 1500 times per year, so a large house with 3 thermostats changes temperature about 5000 times per year. ... Make sure you have a single API-endpoint in the cloud to enumerate & automate all of your storage assets on-prem. Having a cloud-managed platform provides the visibility and orchestration of your assets across sites, servers and applications and you can take advantage of a single API in the cloud to then automate all or a portion of those as needed. You get an aggregated view, or you can filter by data centre or application, server group, etc. Then ask interesting questions like, where is there available capacity for a new project?

Plan for change but don’t leave security behind

The best advice is to plan for change – technical, process and culture – but do not, whatever you do, leave security till last. It has to be front and centre of any plans you make. One concrete change that you can make immediately is taking your security people off just “fire-fighting duty”, where they have to react to crises as they come in: businesses can consider how to use them in a more proactive way. People don’t scale, and there’s a global shortage of security experts. So, you need to use the ones that you have as effectively as you can, and, crucially, give them interesting work to do, if you plan to retain them. It’s almost guaranteed that there are ways to extend their security expertise into processes and automation which will benefit your broader teams. At the same time, you can allow those experts to start preparing for new issues that will arise, and investigating new technologies and methodologies which they can then reapply to business processes as they mature. ... One of the main mistakes we see businesses make is attempting to deploy Kubernetes without the appropriate level of in house expertise. Kubernetes is an ecosystem, rather than a one-off executable, that relies on other services provided by open source projects. 

Quote for the day:

"Leadership flows from the minds of followers more than from the titles of leaders, more from the perception of willing followers than from anointment." -- Lane Secretan

No comments:

Post a Comment