Daily Tech Digest - April 17, 2021

Decoupling Frontends and Backends with GraphQL

GraphQL combines the best of APIs and Query Language. It is an API because a simple POST returns the data requested. And it is a query language because the user can ask for what she wants (as long as it is permissible in the definition of the GraphQL API endpoint). GraphQL has three distinct concepts: Types (such as Customer, Order, etc.) that the user (frontend developer) interacts with. These types are linked together in a graph — for example, a customer might have orders — hence the name GraphQL. It has an additional abstraction, an interface, that can be used to further hide types. This is particularly useful when there are multiple different implementations; Queries, such as customerById (queries are just entry points into the graph) return data of a type; and Resolvers, which describe the implementation of the queries and generation of the bits of data associated with types. For example, there might be a resolver that says the query customerById can be executed by issuing a SQL statement against a MySQL database, whereas the query orderByCustomer requires a GET against a REST endpoint.

IoT in Mining

Mining companies have overcome the challenge of connectivity by implementing more reliable connectivity methods and data-processing strategies to collect, transfer and present mission critical data for analysis. Satellite communications can play a critical role in transferring data back to control centers to provide a complete picture of mission critical metrics. Mining companies worked with trusted IoT satellite connectivity specialists such as ‘Inmarsat’ and their partner eco-systems to ensure they extracted and analyzed their data effectively. Cybersecurity will be another major challenge for IoT-powered mines over the coming years As mining operations become more connected, they will also become more vulnerable to hacking, which will require additional investment into security systems. Following a data breach at Goldcorp in 2016, that disproved the previous industry mentality that miners are not typically targets, 10 mining companies established the Mining and Metals Information Sharing and Analysis Centre (MM-ISAC) to share cyber threats among peers in April 2017.

BazarLoader Malware Abuses Slack, BaseCamp Clouds

According to researchers at Sophos, in the first campaign spotted, adversaries are targeting employees of large organizations with emails that purport to offer important information related to contracts, customer service, invoices or payroll. “One spam sample even attempted to disguise itself as a notification that the employee had been laid off from their job,” according to Sophos. The links inside the emails are hosted on Slack or BaseCamp cloud storage, meaning that they could appear to be legitimate if a target works at an organization that uses one of those platforms. In an era of remote working, those odds are good that this is the case. “The attackers prominently displayed the URL pointing to one of these well-known legitimate websites in the body of the document, lending it a veneer of credibility,” researchers said. “The URL might then be further obfuscated through the use of a URL shortening service, to make it less obvious the link points to a file with an .EXE extension.” If a target clicks on the link, BazarLoader downloads and executes on the victim’s machine. The links typically point directly to a digitally signed executable with an Adobe PDF graphic as its icon.

How the Biden Administration Can Make Digital Identity a Reality

Digital identity has already gained bipartisan support on Capitol Hill. In 2020, Representatives Bill Foster (D-IL) and John Katho (R-NY) introduced the Improving Digital Identity Act, designed to establish a nationwide approach to improving digital identity. Now, the Biden administration plans to leverage digital identity for modernization of public services, ranging from government assistance to healthcare to licensing. The act would be a step forward but wouldn't completely address needs in the public and private sectors. Rep. Foster notes that the bill would primarily address the government's need for digital identity, paying less attention to issues (e.g., transaction friction, fraud) facing enterprises and consumers. That said, the Biden administration must take a broader, holistic approach to digital identity, eliminating data siloing that would make future digital IDs unnecessarily purpose-specific. Any error would allow bad actors to access sensitive data and impersonate customers, resulting in fraudulent requests for government services, credit cards, loans, or licenses.

Manufacturing Performance Intelligence: How digital unlocks resilient, agile operations

Digital solutions have a huge role to play in enabling Industry 4.0 and driving sustainable practices. As manufacturers rapidly accelerated their adoption of digital operating models, they have been able to safeguard employee health, ensure commercial resilience and elevate performance using digital intelligence. This is the new opportunity for industries and AVEVA’s portfolio combines the operational data management of PI System with industrial analytics, enabling us to lead the way. By harnessing the power of information with artificial intelligence and human insight, AVEVA is leading the industry with Performance Intelligence. Schneider Electric’s network of Smart Factories was among the world’s first to transform operations, pioneering AVEVA’s Discrete Lean Management software and pivoting to cloud-based operating models to safeguard production. These changes transformed how we operate, cutting downtime by 44% and driving 21% increases in energy efficiency in key factories. The World Economic Forum recognized three Smart Factories as Advanced Manufacturing Lighthouses as a result

Designing & Managing for Resilience

The concept of shared capacity and reciprocity within an organization is more complex than simply directing teams to work together. Many organizations do have cross-functional work teams or attempt to break down organizational silos by rotating executives throughout the business. However, organizations are defined by reporting structures, functional units or product teams - where each have their own goals and objectives. In addition, an engineering leader is tasked with setting direction, vision and priorities for their teams for a given quarter or phase of the business lifecycle which may put them at different tempos than their counterparts. Systemic and difficult problems that span organizational boundaries can be emergent or continuously changing as different teams make attempts to mitigate the problems within their own scope of authority. This can make it difficult to coordinate clear goals and objectives with peers for inter-organizational initiatives. Therefore, a function of the resilient leader is to advocate for capacity sharing and reciprocity as part of their team’s goals and priorities. 

Cyber security for telehealth services

The goal of cybersecurity is to reduce the risk of cyber-attacks and to protect organizations and individuals from intentional and deliberate exploitation of security vulnerabilities in systems, networks, and technologies. You are done with teleconsultation on Practo and now you are about to checkout and you are offered cash withdrawal options with your debit or credit card or UPI, and like you, there are millions of users who are sharing such sensitive information on the platform, have you ever wondered how secured the information on practo is? From updated privacy policies to security-focused patents to use AI for Data Security each company increases its focus on data protection to promote user trust. With the increasing growth in the digital world, cybersecurity threats will continue to intensify as hackers learn to adapt to security strategies. This will increase the overall need for cybersecurity by companies that will be paying more and more highly qualified security professionals to protect their vulnerable assets from cyber-attacks. Telehealth means you no more have to travel, your appointment with the physicians takes place through a TV screen in between you.

Beyond the Quickstart: Running Apache Kafka as a Service on Kubernetes

Kubernetes provides many networking options such as node ports, ingress, load balancers and, with Red Hat OpenShift, routes as well. Kafka requires the producers and consumers to talk to individual brokers based on the placement of partitions and partition leaders. Based on the different networking options, you have to configure your network correctly so that the producers and consumers are able to individually address the brokers. Kafka exposes the “advertised.listeners” option in the broker configuration, which allows the clients to directly connect to the brokers. When configuring the Kubernetes services to allow access to the brokers, you will also configure the “advertised.listeners” in the broker to ensure that producers and consumers are able to connect to the individual brokers. Kubernetes abstracts infrastructure, following an interface pattern wherein third-party providers can create their own plugins that follow a standard interface definition. So you could also build your own routing layer to make sure you are able to address the brokers. Kubernetes allows you to do this via ingress resources.

Using The Internet Of Things For Smart Office Automation

Scheduling is critical in a post-COVID office. IoT technology makes it much easier to keep staff at an optimum number of people throughout the day to ensure compliance with safety practices. Companies can create a check-in process and monitor any potential warning signs. This system enables companies to keep track of who was in the same room and parked their cars using smart parking solutions. Smart scheduling can cut down overtime and stagger start and leave times so that people can have a more flexible schedule while keeping the number of people in the same areas at a minimum. Smart scheduling can automatically create a master plan that considers all staff members’ preferences and meets the company’s overall requirements. Smart scheduling for IoT-enabled devices and networks is useful in a post-COVID office environment. Companies can automatically create schedules for IoT items needed to match employee schedules. This is convenient if employees call in sick because their workspaces can adjust automatically if they are not at work. Making real-time changes to IoT schedules is one of the best uses of smart office technology.

Bank Groups Object to Proposed Breach Notification Regulation

The four banking groups contend that compliance with the new regulation would prove too burdensome for financial institutions. "We share the goal to develop a flexible incident notification framework offering early awareness of disruptions, while also being appropriately scoped to avoid over-reporting and unnecessary burden for the banking industry, third-party service providers and the supervisory community," the groups wrote. The proposed regulation bases its definition of a reportable computer security incident on the National Institute of Standards and Technology's definition. The NIST definition is: "An occurrence that results in actual or potential jeopardy to the confidentiality, integrity or availability of an information system or the information the system processes, stores or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies." The four financial groups wrote that the NIST definition is too broad, and if it's included in a breach notification requirement, it would result in insignificant occurrences becoming reportable incidents.

Quote for the day:

"Effective team leaders realize they neither know all the answers, nor can they succeed without the other members of the team." --  Katzenbach & Smith

No comments:

Post a Comment