Daily Tech Digest - March 21, 2021

CompTIA creates blockchain industry group to promote new use cases

"With growing interest in the deployment of blockchain technology in business applications, the time is right for us to expand our offerings related to this emerging technology," said Nancy Hammervik, executive vice president of industry relations and CEO of the CompTIA Tech Careers Academy. Members of the group will gain access to resources and forums where the community will be able to promote different use cases, share ideas, hold in-depth discussions and make connections to network with peers. CompTIA already has the Blockchain Advisory Council and the technology industry group will build on the organization's expertise in the space. The council is currently made up of industry leaders and innovators while also finding ways for "technology companies and their customers can leverage blockchain technology in their businesses," according to a statement from the organization. "The Blockchain Technology Interest Group is designed for the curious and the experienced to share ideas and discussions related to blockchain technology," said Kathleen Martin, senior manager for CompTIA's member communities and technology interest groups.

The State of Serverless Computing 2021

Organizations going serverless with their backend services are billed by their serverless vendor based on their compute consumption and do not have to reserve and pay for a fixed amount of bandwidth or number of servers, as the service is auto-scaling with the incoming demand. In the initial days of web development, developers had to own or rent physical hardware to run and test their application code. Running production applications was another nightmare because now they had to keep those servers running during the lifecycle of the application. Cloud computing and virtualization brought much-needed relief to web developers. Now they could rent virtual servers from a cloud vendor according to their needs. The problem was they still had to over-purchase to keep up with traffic spikes or their application would break down. Except, much of the server space they were paying for was going to waste. Cloud vendors introduced auto-scaling compute models to mitigate the problem. However, auto-scaling in response to an unsolicited spike in traffic (such as a DDoS Attack) could turn quite expensive.

GDPR: Transferring Data Outside The EU

If you want to transfer or store data in other countries, you must ensure that there is adequate protection of the data. You’ll need to complete a risk assessment about the nature of the personal data being transferred and the adequacies of the other organisation’s controls and protections offered by their local legal system. For most circumstances contractual protections will be sufficient. The UK Information Commissioner’s Office has some guidance as to how to approach this. The EU has helpfully provided standard contractual clauses in the form of model contracts (for both Controllers and Processors) but these have not been fully updated for GDPR at the time of writing. For large multinationals there is the opportunity to use ‘binding corporate rules’ for transfers within multinational organisations and a certification mechanism. Lawyers Allen and Overy have produced a useful guide to binding corporate rules. There are also some exemptions and exceptions such as specific consent, a contract, substantial public interest, law enforcement, the exchange of airline passenger data etc. The UK Information Commissioner’s Office has some useful guidelines.

Blockchain Tech: Path Towards Scalable Businesses

If the past of the Indian IT sector is a great story of resilience and growth, the future cannot be less bright though the sectors of growth would have to be identified, capacity-building will have to be sustained and regulatory framework would have to be supportive. That is where blockchain tech becomes a great unfolding story for India. A country that became the back-office of global IT giants has a new tale to unwind. Millions of quality but affordable software developers would need a nudge to churn out new solutions using shared ledger architecture. Before we jump into this new wealth era, a quick introduction to the blockchain is important. In a simple sense, blockchains are ledgers but with key properties of decentralization, programmability and antifragility. That transforms ledger databases into protocols of new scalable business models. That is why blockchain is called institutional technology that can redesign a set of fragmented stakeholders to unified business partners. This new model can be merged with AI (artificial intelligence) and IoT (internet of things) to create mind-blowing businesses. India stands at the edge of this era ideally prepared to embrace it.

Distributed Ledger Technology

When it comes specifically to MSME financing, DLT brings a holy trinity of value: trust, transparency and traceability. These benefits can make it easier for MSMEs to build a digital credit history and for banks to assess MSME creditworthiness. Some DLT projects, such as the European-based we.trade, are focused specifically on serving MSME firms, amplifying the benefits of DLT for smaller firms that will be able to access solutions tailored more specifically to their needs. The increased transparency provided by DLT can also make it easier for Tier 2 suppliers and lower which are often small businesses, to access finance. Common supply chain finance solutions are usually only available to established Tier 1 suppliers, which are able to convince their big corporate buyers of their trustworthiness. By enhancing visibility into deeper-tier suppliers, DLT can make their access to finance easier. Various companies like Linklogis and Skuchain are leveraging DLT to this effect. Another potential benefit of DLT for MSMEs is its ability to allow traditional processes or sources of finance to be bypassed.

Uncertainty around India's crypto policy is making blockchain firms anxious

Optimism started to rebuild, and surging Bitcoin prices began to lure millennials. When it comes to transferring Bitcoin and other digital assets, India is of late providing more volume than China on popular peer-to-peer platforms. The risk that India would hit back with a new law to make criminals out of crypto professionals and investors was always present. So practitioners tried to educate policymakers, appealing for sensible regulation starting with definitions for what is a utility token, which digital asset is to be viewed as a security, and which is to be treated as a currency. The trouble is with bureaucrats. They say they want blockchain, but not cryptocurrencies. It’s as silly as wanting airports with duty-free shops but no flights. From the Reuters story, it doesn’t appear that the final regulation will be much different from what a draft bill had recommended in 2019. A government panel report, which had provided the backdrop for the draft legislation, said that authorities would be fine with distributed ledger technologies for delivery of any services, or “for creating value,” without involving cryptocurrencies “for making or receiving payment.”

Technical debt is costing banks innovation and agility. Can cloud help?

The reason banks often do nothing to address it is they convince themselves that they have to rewrite a 40-year-old platform, and then they’re looking at a hundred-million-dollar price tag. So they kick the can down the road. But the longer the debt persists, the greater the consequences. Banks get less agile, less able to innovate code. They become more vulnerable to cybersecurity breaches. Addressing those breaches can drain the development budget, so that all the firm can afford to do is fix emergencies rather than deliver new capabilities, entrenching it in a vicious cycle. Right! That’s actually one of the biggest drains of technical debt: not money but people. Technical debt is a talent issue, too. The more antiquated code that a company struggles to maintain, the more it inhibits the modern tooling and services that developers want to use to build applications. A good developer can work anywhere. They won’t choose to work in a place where the environment is dated. They can go work in companies that are ultra modern with an engaging culture. Banks tend to have the mindset of, “It’s going to cost a boatload of money that I’ll never get approved if I have to replace or rewrite thousands of applications.” That’s where we come in and say: You don’t have to rewrite all of this.

What is Azure Blockchain Service?

Azure Blockchain Service is designed to support multiple ledger protocols. Currently, it provides support for the Ethereum Quorum ledger using the Istanbul Byzantine Fault Tolerance (IBFT) consensus mechanism. These capabilities require almost no administration and all are provided at no additional cost. You can focus on app development and business logic rather than allocating time and resources to managing virtual machines and infrastructure. In addition, you can continue to develop your application with the open-source tools and platform of your choice to deliver your solutions without having to learn new skills. Deploying Azure Blockchain Service is done through the Azure portal, Azure CLI, or through Visual Studio code using the Azure Blockchain extension. Deployment is simplified, including provisioning both transaction and validator nodes, Azure Virtual Networks for security isolation as well as service-managed storage. In addition, when deploying a new blockchain member, users also create, or join, a consortium. Consortiums enable multiple parties in different Azure subscriptions to be able to securely communicate with one another on a shared blockchain.

Make Agile a stepping stone toward future fit adaptability

For many tech leaders, being adaptive is the same as business agility. However, the execution engine for adaptability is your software development and delivery capabilities. Your business can't be adaptive if you don't have great software delivery capabilities. That's why "Agile" has become foundational to being adaptive and for achieving business agility. Forrester research shows that over 72% of enterprise development leaders executed Agile capabilities or were planning to be more Agile in 2019–2020. The Agile Manifesto, published almost 20 years ago, is still the cornerstone for any truly Agile organization. The first point is this: Being truly Agile goes beyond the Webster dictionary description of the adjective. Webster defines agile as "having a quick resourceful and adaptable character" or "marked by ready ability to move with quick easy grace." Agile as defined by the Agile Manifesto carries a broader meaning: the core values and the 12 principles. The Manifesto's definition of Agile carries the meaning of the Webster dictionary definition as a mandatory condition, but not as a sufficient one. So, what does it mean for enterprises in 2021 to be truly Agile and therefore adaptive? Start by going beyond just adopting agile (lowercase), and develop your cultural DNA and organizational strategy around the values and principles established in the manifesto.

New Malware Hidden in Apple IDE Targets macOS Developers

The malware is executed when a developer using the Trojanized version of the TabBarInteraction Xcode project launches what is known as the build target in Xcode. The XcodeSpy malware contacts the attacker's command-and-control (C2) server and drops the EggShell backdoor on the development machine, SentinelOne said in a report this week. "An Xcode project is a repository for all the files, resources, and information required to build one or more software products," Stokes says. "A project contains all the elements used to build a product and maintain the relationships between those elements." Injecting malware into an Xcode project gives attackers a way to target developers and potentially backdoor the developer's apps and the customers of those apps, he says. With XcodeSpy itself, though, the attackers appear to be only directly targeting the developers themselves, according to SentinelOne. The security vendor said a sample of XcodeSpy was found on a US-based victim's Mac in late 2020. The company's report did not disclose the identity of the victim but described the organization as a frequent target of North Korean advanced persistent threat actors.

Quote for the day:

"Leadership has a harder job to do than just choose sides. It must bring sides together." -- Jesse Jackson

No comments:

Post a Comment