Daily Tech Digest - October 06, 2020

What is Blockchain as a Service (BaaS) in the Tech Industry?

Blockchain is becoming more and more popular not just in Cryptocurrency but in the financial transactions where security and transparency is a must. However, it is very expensive and technologically complicated to create, maintain, and operate a blockchain. That is why many smaller and mid-level companies are hesitant to invest fully in blockchain even though its advantages are obvious. However, Blockchain as a Service can easily resolve this problem. This is based on the Software as a Service (SaaS) model where a company specifically invests in creating, maintaining, and operating a blockchain. This company can then offer the advantages of blockchain to other companies as a service while charging a fee. They can offer blockchain on any of the available distributed ledgers like Ethereum, Bitcoin, R3 Corda, Hyperledger Fabric, Quorum, etc. along with the peripheral services such as system security, bandwidth management, resource optimization, etc. In this way, many smaller and mid-level companies who don’t want to build and maintain their own blockchain systems from scratch can still obtain the advantages of blockchain for a nominal fee. These companies can focus on their core business and obtain value addition from the blockchain without needing to become experts in the technology.

How companies can overcome the content processing drawbacks of RPA

While the need to enlist assistance from additional software is valid, organisations must be careful about overspending, and ensure that the tools they invest in are for a clear, specific purpose. ... “There’s a couple of different ways for customers to overcome these shortcomings. One is to buy a tailored point solution like an OCR tool, which can extract data from documents, or they could invest in a workflow tool to help them orchestrate robots and humans, or perhaps buy some machine learning from Google to try and extract insights from their complex documents. These tools are designed to solve a very narrow set of problems, within tight parameters. “However, each of these has its own technical challenges; when embarking on one of these projects, you face significant cost, plus you need the right skills and tech to support each initiative. Each use case needs to be treated as an individual project, because you’re effectively buying for that particular need, and if you have lots of different types of data in your organisation, lots of different processes that have this level of unstructured data, you need to start again each time and buy the right solution to fix each individual problem.

Red Hat Envisions Linux Operating System As More Than ‘Just A Commodity’

Enterprise Linux company Red Hat has wanted users to think more of their operating ‘engines’ for some time now, long before the company’s acquisition and integration into the IBM family back in 2018. The company released its Red Hat Enterprise Linux 7 software back in June 2014 and followed up with Red Hat Enterprise Linux 8 in May last year. Known affectionately among the developer cognoscenti as RHEL (pronounced ‘rel’, as in relate, relish or relax), Red Hat has been building its software to specifically align to cloud-native computing, containers (a way of breaking application functions into smaller discrete blocks) and all forms of automation and AI-fuelled autonomous computing. Underpinning all the individual functions that it puts into its enterprise operating system is a desire for departments, teams and individual users to consider the OS as a performance vehicle in and of itself i.e. something more than just a commodity engine. If that sounds like marketing spin, then it probably is… so can the company substantiate any of that gloss and explain how the engine in your computer system might actually change the way we work?

T2 security chip on Macs can be hacked to plant malware; cannot be patched

The attack requires combining two other exploits that were initially used for jailbreaking iOS devices — namely Checkm8 and Blackbird. This works because of some shared hardware and software features between T2 chips and iPhones and their underlying hardware. According to a post from Belgian security firm ironPeak, jailbreaking a T2 security chip involves connecting to a Mac/MacBook via USB-C and running version 0.11.0 of the Checkra1n jailbreaking software during the Mac’s boot-up process. Per ironPeak, this works because “Apple left a debugging interface open in the T2 security chip shipping to customers, allowing anyone to enter Device Firmware Update (DFU) mode without authentication.” “Using this method, it is possible to create an USB-C cable that can automatically exploit your macOS device on boot,” ironPeak said. This allows an attacker to get root access on the T2 chip and modify and take control of anything running on the targeted device, even recovering encrypted data […] The danger regarding this new jailbreaking technique is pretty obvious. Any Mac or MacBook left unattended can be hacked by someone who can connect a USB-C cable, reboot the device, and then run Checkra1n 0.11.0.

Classifying Your Third Parties: An Essential Third Party Due Diligence First Step

Of course, this brings us to ask when a company “knows” that a third party will make an improper payment. Under the FCPA, a person has the requisite knowledge to be liable when he or she is aware of the potential wrongdoing, cognizant of a high probability of the existence of such wrongdoing, or intentionally ignorant of the potential wrongdoing. In other words, Congress did not want to allow people to “sneak around” the FCPA by using a third party. As Congress made clear, it meant to impose liability not only on those with actual knowledge of wrongdoing, but also on those who purposefully avoid actual knowledge: [T]he so-called “head-in-the-sand” problem – variously described in the pertinent authorities as “conscious disregard,” “willful blindness” or “deliberate ignorance” – should be covered so that management officials could not take refuge from the Act’s prohibitions by their unwarranted obliviousness to any action (or inaction), language or other “signaling device” that should reasonably alert them of the “high probability” of an FCPA violation.”

People-focused digital transformation: What benefit does it have for your employees?

“Digitally mature” companies, where leadership teams are proactively jumping on and implementing digital trends, are increasingly becoming a must-have for job-seekers. From attracting to retaining talent, organizations that are pioneering a digital strategy for their processes, efficiently using technology and adapting in line with digital, will undoubtedly see more success than organizations that don’t. The focus is no longer just on what an employee can bring to a company but also on what the company can deliver to the employee to develop their skill sets in preparation for the next step of their career. And, with research revealing that the benefits of a digital-first company include improved operational efficiencies as well as having a faster time to market, it’s clear why a prospective employee would opt for a digitally transformed company over one that still runs with mostly manual processes. Factors such as remote working, the use of technology to improve productivity and developing skills away from an office-based environment can lead to people enjoying their jobs more.

New ransomware vaccine kills programs wiping Windows shadow volumes

This weekend, security researcher Florian Roth released the 'Raccine' ransomware vaccine that will monitor for the deletion of shadow volume copies using the vssadmin.exe command. "We see ransomware delete all shadow copies using vssadmin pretty often. What if we could just intercept that request and kill the invoking process? Let's try to create a simple vaccine," Raccine's GitHub page explains. Raccine works by registering the raccine.exe executable as a debugger for vssadmin.exe using the Image File Execution Options Windows registry key. Once raccine.exe is registered as a debugger, every time vssadmin.exe is executed, it will also launch Raccine, which will check to see if vssadmin is trying to delete shadow copies. If it detects a process is using 'vssadmin delete' or 'vssadmin resize shadowstorage' it will automatically terminate the process, which is usually done before ransomware begins encrypting files on a computer. It should also be noted that Raccine may terminate legitimate software that uses vssadmin.exe as part of their backup routines. Roth plans on adding the ability to allow certain programs to bypass Raccine in the future so that they are not mistakenly terminated.

The Abyss of Ignorable: A Route into Chaos Testing from Starling Bank

Imagine if every abstraction came with a divinely guaranteed SLA. (They don’t.) Every class and method call, every library and dependency. Pretend that the SLA is a simple percentage. (They never are.) There are some SLAs (100%, fifty nines) for which it would be wrong to even contemplate failure let alone handle it or test for it. The seconds you spent thinking about it would already be worth more than the expected loss from failure. In such a world you would still code on the assumption that there are no compiler bugs, JVM bugs, CPU instruction bugs - at least until such things were found. On the other hand there are SLAs (95%, 99.9%) for which, at reasonable workloads, failure is effectively guaranteed. So you handle them, test for them and your diligence is rewarded. We get our behaviour in these cases right. We rightly dismiss the absurd and handle the mundane. However, human judgement fails quite badly when it comes to unlikely events. And when the cost of handling unlikely events (in terms of complication) looks unpleasant, our intuition tends to reinforce our laziness. A system does not have to be turbulent or complex to expose this. 

Announcing third-party code scanning tools: static analysis & developer security training

Code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. Code scanning is powered by GitHub’s CodeQL static scanning engine and is extensible to include third-party security tools. Extensibility provides a lot of flexibility and customizability for teams while maintaining the same user experience for developers. This capability is especially helpful if you: Work at a large organization that’s grown through acquisitions and has teams running different code scanning tools; Need additional coverage for specific areas such as mobile, Salesforce development, or mainframe development; Need customized reporting or dashboarding services; Or simply want to use your preferred tools while benefiting from a single-user experience and single API. What makes this possible is GitHub code scanning’s API endpoint that can ingest scan results from third-party tools using the open standard Static Analysis Results Interchange Format (SARIF). Third-party code scanning tools are initiated with a GitHub Action or a GitHub App based on an event in GitHub, like a pull request. 

It's Not Magic, It's Elastic: Getting Digital Transformation Right

Covid-19 battered many sectors, and the restaurant industry was certainly near the top of the list. Yet while lockdowns and contagion fears cratered restaurant sales in the second quarter of 2020, fast-casual chain and PwC customer Chipotle’s revenue only fell a modest 4.8%. How did they pull that off? By growing digital sales by 216%. By July, the company’s sales were rising again. Digital sales still continued to rise, too. They provided nearly half of Chipotle’s July sales. This is elasticity — a quick pivot to digital sales, then keeping that online revenue growing even as in-person purchases pick up again. Another fast-casual chain, Panera, also pivoted fast during the epidemic’s peak. While on-site dining was shut down, Panera stores sold groceries and offered them for curbside pickup. Or consider lodging, another sector that the epidemic hit especially hard. Red Roof Inns seemed to realize that their “essential” offering was private space with WiFi — so they started offering day rates to people who wanted to work from anywhere but home. These companies were elastic because they built out their digital infrastructure.

Quote for the day:

"If you want people to to think, give them intent, not instruction." -- David Marquet

No comments:

Post a Comment