Daily Tech Digest - October 22, 2020

Cisco reports highlight widespread desire for data privacy and fears over remote work security

Cisco has released two studies examining how workers feel about the current state of play when it comes to remote work security and data privacy, finding that thousands around the world are increasingly concerned about how their employers are handling the massive societal changes that have occurred over the last six months. The "Consumer Privacy" report includes findings from a study of responses from more than 2,600 adults in 12 countries across Europe, Asia, and the Americas. The "Global Future of Secure Remote Work" report has insights gleaned from over 3,000 IT decision makers in the Americas, Japan, China, and Europe.  Both reports indicate that remote work is now a permanent part of the new normal, with 62% of respondents telling researchers that more than half of their workplace is working remotely since the onset of the coronavirus pandemic. Despite the massive shift to telecommuting, the vast majority of people who responded to the survey said they did not trust the digital tools they used for work.  Workers and consumers are particularly concerned about the privacy protections built into the tools they use for work and nearly half of all respondents said they do not feel that most businesses can effectively protect their data today.

How To Protect Yourself From Unexpectedly High AWS Bills

Set up billing alerts. If you are using AWS, even for a small task, please please please set up billing alerts. They are not required during setup, but if you are a non-enterprise user, I would consider this step mandatory as AWS will not alert you to dramatic increases in charges unless they bypass 15K which is already an incredible amount of money. Read the pricing table…carefully. If you are installing a new service, make sure to carefully read the pricing table. Amazon will sometimes set ridiculous defaults for container size which you might not see until the bill comes in. Do understand however that this might not be good enough, as bugs, loose API keys, and improper installations can do crazy things. Consider using another service. If you are a non-business individual user or small-business user, you might want to consider using another service. AWS is built for enterprise customers, and as such an enterprise wallet. Yes, it can be very cheap, but consider this: after my little mix up, I could have payed $150 a month over all of the years I used AWS and still come out ahead. Yes, AWS might be cheap at first, but one mistake can make it very expensive.

Learn from the hype surrounding kale – don’t rush Kubernetes

It requires more than just Kubernetes to achieve business outcomes, and hype surrounds the technology and term Kubernetes. A lot of false expectations exist too. Some companies may have heard on the IT grapevine that Google, AWS, Netflix, and Microsoft bet on Docker as a container format and Kubernetes as the orchestration engine – that the technology can scale and provide infrastructure at the same level as the big players. Simultaneously they may not be aware that the whole business model of such companies focuses on making infrastructure fluid and immediately available. Regular customers have a very different business model, with solutions based on trusted platforms by trusted partners that have solved virtualisation in the past, and those partners now have solutions to achieve the same outcomes with containerisation. Of course, Kubernetes technology also has its benefits. Businesses can become more efficient in their use of IT and achieve better results, faster, from development life cycles. They’ll produce better software via more automation and standardisation. Organisations can then use software to explore new business opportunities, experiment with the best ways to profit from ideas, and evolve accordingly.

Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers

Encryption has always been a fundamental part of computing — many of the early uses of computers were for cracking codes — and the technology has always been difficult to implement correctly. Despite the fact that there are many open source encryption efforts, adoption has remained low until the data-security capabilities could be integrated into technology. Even companies immersed in security and technology have had poor adoption rates. Google, for example, only had encryption implemented in half of its products in 2014, although the company claims that share is 95% today. On the development side, encryption errors continue to be prevalent among applications, irrespective of the programming language. Cryptographic errors are the second most common software vulnerability, occurring in 62% of applications, just behind information leakage, which occurs in 64%, according to application security firm Veracode. Encryption failures are also a significant factor in the severity of many data breaches. From the theft of unencrypted e-mails from Stratfor in 2012 to the failure to encrypt data in publicly accessible databases and Amazon S3 buckets, the failure of developers and operations workers to lock down every step in the data life cycle has led to reoccurring breaches.

Researchers open the door to new distribution methods for secret cryptographic keys

The researchers suggest a simple do-it-yourself lesson to help us better understand framed knots, those three-dimensional objects that can also be described as a surface. “Take a narrow strip of a paper and try to make a knot,” said first author Hugo Larocque, uOttawa alumnus and current PhD student at MIT. “The resulting object is referred to as a framed knot and has very interesting and important mathematical features.” The group tried to achieve the same result but within an optical beam, which presents a higher level of difficulty. After a few tries (and knots that looked more like knotted strings), the group came up with what they were looking for: a knotted ribbon structure that is quintessential to framed knots. “In order to add this ribbon, our group relied on beam-shaping techniques manipulating the vectorial nature of light,” explained Hugo Larocque. “By modifying the oscillation direction of the light field along an “unframed” optical knot, we were able to assign a frame to the latter by “gluing” together the lines traced out by these oscillating fields.” According to the researchers, structured light beams are being widely exploited for encoding and distributing information.

Learn what to test in a mobile application

Mobile devices present different issues than desktop computers and laptops. For example, tilting a mobile device could cause the app to render in landscape form and look odd -- this won't happen on a laptop. A user can lose network connection briefly, which causes state problems. And, in some cases, notifications from other applications can interrupt the system. Anyone on a mobile device could experience these issues during everyday use. These problems might be impossible to simulate with a test automation tool. Automated mobile test scripts don't offer enough value to justify the time necessary to write them for every possible condition. Testers can be more successful if they follow the 80/20 rule: Assume 80% of failed tests stem from 20% of test cases. When these test scripts break, something is likely broken with the application. Check for these kinds of issues when the team rewrites the UI, or brings in a new GUI library or component. Test the software as a system when it first comes together, and before major releases under challenging conditions. The first few times QA professionals field test an app -- i.e., take a mobile device on a long car ride, or swap between cellular data and Wi-Fi -- it might take a few days.

Translating lost languages using machine learning

Spearheaded by MIT Professor Regina Barzilay, the system relies on several principles grounded in insights from historical linguistics, such as the fact that languages generally only evolve in certain predictable ways. For instance, while a given language rarely adds or deletes an entire sound, certain sound substitutions are likely to occur. A word with a “p” in the parent language may change into a “b” in the descendant language, but changing to a “k” is less likely due to the significant pronunciation gap. By incorporating these and other linguistic constraints, Barzilay and MIT PhD student Jiaming Luo developed a decipherment algorithm that can handle the vast space of possible transformations and the scarcity of a guiding signal in the input. The algorithm learns to embed language sounds into a multidimensional space where differences in pronunciation are reflected in the distance between corresponding vectors. This design enables them to capture pertinent patterns of language change and express them as computational constraints. The resulting model can segment words in an ancient language and map them to counterparts in a related language. 

On the trail of the XMRig miner

Alongside well-known groups that make money from data theft and ransomware (for example, Maze, which is suspected of the recent attacks on SK Hynix and LG Electronics), many would-be attackers are attracted by the high-profile successes of cybercrime. In terms of technical capabilities, such amateurs lag far behind organized groups and therefore use publicly available ransomware, targeting ordinary users instead of the corporate sector. The outlays on such attacks are often quite small, so the miscreants have to resort to various stratagems to maximize the payout from each infected machine. For example, in August of this year, we noticed a rather curious infection method: on the victim’s machine, a Trojan (a common one detected by our solutions as Trojan.Win32.Generic) was run, which installed administration programs, added a new user, and opened RDP access to the computer. Next, the ransomware Trojan-Ransom.Win32.Crusis started on the same machine, followed by the loader of the XMRig miner, which then set about mining Monero cryptocurrency. As a result, the computer would already start earning money for the cybercriminals just as the user saw the ransom note.

5 steps to learn any programming language

Some people love learning new programming languages. Other people can't imagine having to learn even one. In this article, I'm going to show you how to think like a coder so that you can confidently learn any programming language you want. The truth is, once you've learned how to program, the language you use becomes less of a hurdle and more of a formality. In fact, that's just one of the many reasons educators say to teach kids to code early. Regardless of how simple their introductory language may be, the logic remains the same across everything else children (or adult learners) are likely to encounter later. With just a little programming experience, which you can gain from any one of several introductory articles here on Opensource.com, you can go on to learn any programming language in just a few days (sometimes less). Now, this isn't magic, and you do have to put some effort into it. And admittedly, it takes a lot longer than just a few days to learn every library available to a language or to learn the nuances of packaging your code for delivery. But getting started is easier than you might think, and the rest comes naturally with practice.

Articulating Leadership through Nemawashi and Collaborative Boards

Many meetings are just conversations with no conclusion and it seems that we cannot get over that. The point is that we need both: meetings and conversations, but we shouldn’t mix them. Nemawashi puts order here, separating conversations and meetings, similar to what Scrum does with the different events, where each one has a clear purpose. Meetings are formal, concrete, to the point; and there should be no surprises. It is the official acknowledgement of everything previously discussed and we just get together to have everyone on the same page. It is the formal moment when decisions are communicated and officially agreed on. Conversations instead take place ad-hoc, as often and as long as needed, involving only the necessary (and engaged) participants. This is where focused discussions take place. ... People are deciding on things anyway all the time, but on the wrong things. One clear symptom is too much effort on details and important points being missed or late, while everyone is "busy". Collaborative Boards is where teams and leaders meet. They articulate top-down challenges through bottom-up proposals, keeping them aligned towards the vision and focusing on what really matters.

Quote for the day:

"Failures only triumph if we don't have the courage to try again. -- Gordon Tredgold

No comments:

Post a Comment