Daily Tech Digest - January 26, 2021

How to unleash creative thinking

When you are stuck on a problem, take the time to step away and relax. When your mind is clear, it will look to combine what is on its memory shelves and then...aha! You will have a flash of insight — a combination of examples from history that form an idea. It may not be one big Eureka moment. Instead, it may be a series of smaller insights that you hardly feel as discrete cognitive events. Regardless, the mental mechanism is the same for large and small epiphanies — it is a feeling of excitement as the idea forms. Here is what presence of mind looks like. Let’s say two family members who are both very picky eaters are spending the night with you. You can’t decide what to make for dinner that both will like. As you go up and down the aisles of the supermarket, the contents of your cart keep changing, but each time you look at the combination, you know that your guests will not be happy with the dinner it would make. ... When you need a new idea, throughout the workday try to take in as many examples from history as possible that might relate to your problem. Don’t work late: Spend the evening on something that gives your mind a rest. Go to the gym, have dinner with friends, take a long shower, and above all get a good night’s sleep. This greatly increases your chances of a flash of insight to solve your problem.



Enhancing Email Security with MTA-STS and SMTP TLS Reporting

The primary goal is to improve transport-level security during SMTP communication, ensuring the privacy of email traffic. Moreover, encryption of inbound messages addressed to your domain enhances information security, using cryptography to safeguard electronic information. Furthermore, man-in-the-middle attacks (MITM) like SMTP Downgrade and DNS spoofing attacks, have been gaining popularity in recent times and have become a common practice among cybercriminals, which can be evaded by enforcing TLS encryption and extending support to secure protocols. ... Since encryption had to be retrofitted into SMTP protocol, the upgrade for encrypted delivery has to rely on a STARTTLS command. A MITM attacker can easily exploit this feature by performing an SMTP downgrade attack on the SMTP connection by tampering with the upgrade command by replacing or deleting it, forcing the client to fall back to sending the email in plaintext. After intercepting the communication a MITM attacker can easily steal the decrypted information and access the content of the email. This is because SMTP being the industry standard for mail transfer uses opportunistic encryption, which implies that encryption is optional and emails can still be delivered in cleartext.


LAMBDA: The ultimate Excel worksheet function

Researchers have known since the 1960s that Church’s lambda notation is a foundation for a wide range of programming languages and hence is a highly expressive programming construct in its own right. Its incorporation into Excel represents a qualitative shift, not just an incremental change. To illustrate the power of LAMBDA, here’s a function written using the notation to compute the length of the hypotenuse of a right-angled triangle:=LAMBDA( X, Y, SQRT( X*X+Y*Y ) ) LAMBDA complements the March 2020 release of LET, which allows us to structure the same example like this:=LAMBDA( X, Y, LET( XS, X*X, YS, Y*Y, SQRT( XS+YS ) ) ) The function takes two arguments named X and Y, binds the value of X*X to the name XS, binds the value of Y*Y to YS, and returns SQRT( XS+YS) as its result. The existing Name Manager in Excel allows any formula to be given a name. If we name our function PYTHAGORAS, then a formula such as PYTHAGORAS(3,4) evaluates to 5. Once named, you call the function by name, eliminating the need to repeat entire formulas when you want to use them. Moreover, LAMBDA is the true lambda that we know and love: a lambda can be an argument to another lambda or its result; you can define the Church numerals; lambdas can return lambdas, so you can do currying; you can define a fixed-point combinator using LAMBDA and hence write recursive functions; and so on.


North Korean hackers have targeted security researchers via social media

Google said the blog hosted malicious code that infected the security researcher's computer after accessing the site. "A malicious service was installed on the researcher's system and an in-memory backdoor would begin beaconing to an actor-owned command and control server," Weidemann said. But Google TAG also added that many victims who accessed the site were also running "fully patched and up-to-date Windows 10 and Chrome browser versions" and still got infected. Details about the browser-based attacks are still scant, but some security researchers believe the North Korean group most likely used a combination of Chrome and Windows 10 zero-day vulnerabilities to deploy their malicious code. As a result, the Google TAG team is currently asking the cyber-security community to share more details about the attacks, if any security researchers believe they were infected. The Google TAG report includes a list of links for the fake social media profiles that the North Korean actor used to lure and trick members of the infosec community. Security researchers are advised to review their browsing histories and see if they interacted with any of these profiles or if they accessed the malicious blog.br0vvnn.io domain.


Open source magic solves a months-long problem in 20 minutes

Every industry is trying to get to the future as fast as possible, and telecommunications is no different. As Iain Morris called out in a Light Reading article, in 2018 France's Orange estimated that a third of its global workforce--more than 50,000 employees--needed reskilling if the company hoped to keep up with cloud vendors. In that same article, Morris pointed out that Spain's Telefonica figured it would need nearly $2 billion in staff training and early retirement buyouts to bring in new talent with new skills to be competitive. Such telcos often turn to SIs, like UK-based Capventis, who in turn bring domain expertise and work primarily with clients in the Business Intelligence (BI), Customer Relationship Management (CRM), and Customer Experience (CX) fields. These areas haven't traditionally been ripe for open source, but even SIs with these focus areas rely on open source software to help their clients. It's hard for even the best proprietary software vendors to keep pace with the innovation cycles of successful open source projects; so, these SIs will partner with companies like Alteryx, Qlik, Qualtrics, and Zendesk, augmenting their proprietary software with open source expertise.


Artificial Intelligence And The Power Sector: A Promising Future

AI powers electrical grids that allow two-way communication between utilities and consumers. Smart grids are embedded with an information layer that allows communication between its various components so they can better respond to quick changes in energy demand or urgent situations. This information layer, created through widespread installation of smart meters and sensors, allows for data collection, storage, and analysis. Given the large volume and diverse structure of such data sets, techniques such as machine learning, Internet of Things, etc are best suited for their analysis and use. This analysis can be used for a variety of purposes, including seamless fault detection in meters, predictive maintenance needs, quality monitoring of sustainable energy, as well as renewable energy forecasting, along with latest innovation in Information and Communications technology (ICT). The power sector in developed countries has already started using AI, Data Analytics, Internet of Things (IoT), and related technologies that allow for communication between smart grids, smart meters, and computer devices. These technologies help prevent power mismanagement, inefficiency, and lack of transparency, while increasing the use of renewable energy sources. 


Operations Model: DevOps, NoOps, AIOps or None of the Above Ops?

Traditional IT operations (ITOps) is the process of designing, developing, deploying and maintaining the infrastructure and software components of a specific product or application. It also ensures the customer experience is delivered through traditional means of support such as tickets and escalated paths for resolutions. DevOps is a process for accelerating the delivery of features to the application or product infrastructure in a consistent model with less human intervention, while also providing a better quality product through automation in the software development life cycle. An AIOps process introduces data science into the operating model by learning the behavior of the systems, scaling according to the needs of a platform (both infrastructure and customer usage of the platform). It expands the horizon of DevOps through the introduction of machine learning, focusing on data generated from the hardware and software systems, and allows organizations to grow organically based on demand. NoOps, although the name suggests otherwise, is an advanced approach to managing IT operations through the mindset that everything is derived as development. This model is best applied with startups and companies with high technological maturity.


How To Become A Cybersecurity Analyst

Cybersecurity analysts are the forefront warriors of an enterprise’s cyber defense. The role demands keeping a constant tab on any threat and monitoring the company’s network for potential vulnerabilities. A cybersecurity analyst lives by the adage– ‘a company’s security is as good as its weakest link’, and is always on the lookout for any untoward event across the network. The major responsibilities of a cybersecurity analyst include: Maintaining a firewall to protect confidential information and encrypting data transmission; Monitoring the entire network for any attacks, intrusions or unauthorised activity; Determining emerging threat patterns and vulnerabilities using advanced analytics tools; Generating reports for all the stakeholders involved– both technical and non-technical; Carrying out risk assessments to ensure best security practices are in place; Help in developing cybersecurity awareness training for colleagues; Educating users about threats and vulnerabilities ... Cybersecurity analysts are the forefront warriors of an enterprise’s cyber defense. The role demands keeping a constant tab on any threat and monitoring the company’s network for potential vulnerabilities.


7 digital transformation leadership sins – and what to do instead

While it’s true that organizations across industries are under enormous pressure to transform, it is still incumbent upon digital leaders to convince the organization to buy into the effort. “The typical operating budget is under constant pressure, driving the need to maximize efficiency,” says Greg Bentham, vice president of cloud Infrastructure Services at Capgemini North America. “As with any sales transaction, a level of trust needs to be established before the buyer is inclined to buy.” ... Businesses tend to lowball the effort required to plan and execute a successful digital transformation. “Many organizations believe that they can layer transformation on top of their normal activities without dedicated resources,” says Greg Stam, managing principal in the CIO advisory at digital business consultancy AHEAD. “They pull together matrix committees to discuss the problems of the day and how they might attack them.” They ultimately decide they need to modernize applications, upgrade technology, or retrain staff, but perhaps without a cohesive strategy. “All these things are good but will not produce digital transformation,” Stam says. ... It’s lonely at the top – particularly when it comes to digital transformation. What’s more, old-school hierarchical leadership is ineffective and often counterproductive to these efforts.


Why the first five minutes of a meeting shape its outcome

Many people arrive at meetings prepared to be disengaged. Whether it is a recurring team call, a project team update, or a longer strategy retreat, participants often lack a clear sense of why the meeting is necessary. And people are distracted. Their minds may still be focused on their last call or an upcoming deadline. These days, they may have kids at home learning remotely or a relative to care for; they may be anxious about economic upheaval and societal uncertainty. Facilitators clearly can’t resolve all these issues, but they can help people to be more present and productive while in a meeting. In most cases, lack of engagement stems from the mistaken assumption that meetings are time sinks. But leaders who routinely host dynamic, high-engagement meetings set up conversations as opportunities for real work — regardless of the specific purpose. They approach and design them with this premise (and cancel them if there is no real work to be done). And, with this simple shift, they tap into one of the biggest day-to-day sources of team motivation: a sense of progress toward a worthwhile goal. With this lens, leaders can engage any group more actively and productively. The most important moment, other than crafting your original invitation, is when you begin.



Quote for the day:

"Any one can hold the helm when the sea is calm." -- Publilius Syrus

No comments:

Post a Comment