Daily Tech Digest - August 29, 2021

What is Terraform and Where Does It Fit in the DevOps Process?

Terraform is rapidly revolutionizing the entire landscape of DevOps and boosting the efficiency of DevOps projects. Terraform shares the same “Infrastructure as Code (IAC)” approach as most DevOps technologies and tools such as Ansible. However, Terraform operates in a distinct manner that is unique in itself as it focuses primarily on the automation of the entire infrastructure itself. This necessarily means that your complete Cloud infrastructure including networking, instances, and IPs can be easily defined in Terraform. There are some crucial differences between how Terraform operates and how other comparable technologies get the job done. Terraform provides support for all major cloud providers and doesn’t restrict the users to a specific platform like other tools. Terraform also handles provisioning failures in a much better way than other comparable tools. It achieves this by marking the suspect resources and ultimately removing and re-provisioning those resources in the next execution cycle. This approach improves the failure handling mechanism to a great extent since the system doesn’t have to re-build all the resources including the ones that were successfully provisioned.

Why Blockchain-Based Cloud Computing Could Be the Future of IoT

With the adoption of IoT in more devices, it is also possible that data security threats such as hacking and data breaching increase significantly. So, to protect the IoT trending technology against such issues, blockchain technology comes into the picture. Blockchain networks are known to be more secure, cryptic, and reliable in terms of securing and keeping data safe. Thus, blockchain technology is also expanding along with the IoT to keep it safe. Generally, IoT is crucial to provide users a centralized network of devices. For instance, this centralized network is important to control home appliances, security sensors, or network adapters. Now, the IoT controller sends and receives the data from these devices to enable the wireless connection system. Currently, brands such as Samsung are manufacturing smart home appliances like air conditioners that can be connected to a simple mobile application. Moreover, Google’s Home device is also capable of controlling multiple devices with the voice command only. 

EXCLUSIVE Microsoft warns thousands of cloud customers of exposed databases

The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft's Cloud Security Group. Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz. "We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure," Microsoft told Reuters. Microsoft's email to customers said there was no evidence the flaw had been exploited. "We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key," the email said. “This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Luttwak told Reuters. 

Linux 5.14 set to boost future enterprise application security

One of the ways that Linux users have had to mitigate those vulnerabilities is by disabling hyper-threading on CPUs and therefore taking a performance hit. “More specifically, the feature helps to split trusted and untrusted tasks so that they don’t share a core, limiting the overall threat surface while keeping cloud-scale performance relatively unchanged,” McGrath explained. Another area of security innovation in Linux 5.14 is a feature that has been in development for over a year and a half that will help to protect system memory in a better way than before. Attacks against Linux and other operating systems often target memory as a primary attack surface to exploit. With the new kernel, there is a capability known as memfd_secret () that will enable an application running on a Linux system to create a memory range that is inaccessible to anyone else, including the kernel. “This means cryptographic keys, sensitive data and other secrets can be stored there to limit exposure to other users or system activities,” McGrath said. 

4 Reasons Why Every Data Scientist Should Study Organizational Psychology

As data scientists we need to understand the psychology of our data sets in order to work with data effectively. We also need to motivate ourselves and others so that everyone is doing what it takes to deliver results on time and under budget. You might be a team leader or an executive that lead a data science team. There are many data science roles that require someone to lead others. If you are a data scientist in this role, understanding the psychology of your data scientists is essential for success as a team leader and executive. Organizational psychologists study topics such as leadership styles, group dynamics, motivation, and conflict resolution — all of which are important for any data scientist looking to lead a team. Setting well defined goals that your direct reports understand and allowing them to take ownership of their work are examples of strong leadership. Thus having a deeper understanding these psychology based concepts and putting them to use for your daily work would result in much more productive and having a more fulfilling work experience for you and the team.

5 keys that define leaders in a storm

There is no one who is invulnerable, and we all have a point that, when touched, takes us to that state where the most sensitive fibers appear. As much as you see leaders who show themselves to be powerful and almost indestructible, I work permanently with those people who, in intimacy with themselves, are exactly the same as any other. To work on accepting vulnerability: self-awareness, knowing who you are and being encouraged to go deep into diving into your inner aspects are the best tools. By doing so, you will strengthen your confidence and you will also know how to allow yourself the moments where it is not necessary to force yourself to be someone you are not and simply swim in your emotions, without repressing or hiding them. Limiting tendencies are accepted behaviors that you have about your emotional world. They feed on restrictive beliefs that, by making them true in yourself, you assume them as natural and real. Limiting tendencies are made up of a range of triggers against which you act automatically, which manifest themselves in the form of reactions that always lead you down the same path.

Quantum computers could read all your encrypted data. This 'quantum-safe' VPN aims to stop that

In other words, encryption protocols as we know them are essentially a huge math problem for hackers to solve. With existing computers, cracking the equation is extremely difficult, which is why VPNs, for now, are still a secure solution. But quantum computers are expected to bring about huge amounts of extra computing power – and with that, the ability to hack any cryptography key in minutes. "A lot of secure communications rely on algorithms which have been very successful in offering secure cryptography keys for decades," Venkata Josyula, the director of technology at Verizon, tells ZDNet. "But there is enough research out there saying that these can be broken when there is a quantum computer available at a certain capacity. When that is available, you want to be protecting your entire VPN infrastructure." One approach that researchers are working on consists of developing algorithms that can generate keys that are too difficult to hack, even with a quantum computer. This area of research is known as post-quantum cryptography, and is particularly sought after by governments around the world.

Essential Skills Every Aspiring Cyber Security Professional Should Have

As a cybersecurity professional, your job will revolve around technology and its many applications, regardless of the position you’re going to fill. Therefore, a strong understanding of the systems, networks, and software you’re going to work with is crucial for landing a good job in the field. Cybersecurity is an extremely complex domain, with many sub-disciplines, which means it’s virtually impossible to be an expert in all areas. That’s why you should choose a specialization and strive to assimilate as much knowledge and experience as possible in your specific area of activity. Earning a certificate of specialization is a good starting point. It’s good to have a general knowledge of other areas of cybersecurity, but instead of becoming a jack of all trades, you should focus on your specific domain if you want to increase your chances of success. Cybersecurity is all about protecting the company or organization you work for against potential cyber threats. This implies identifying vulnerabilities, improving security policies and protocols, eliminating cybersecurity risks, minimizing damages after an attack and constantly coming up with new solutions to avoid similar issues from happening again.

The Surprising History of Distributed Ledger Technology

The concept of a distributed ledger can be traced back as far as the times of the Roman Empire. As is now, the problem was how to achieve consensus on the data in a decentralized, distributed, and trustless manner. This problem is described as the Byzantine Generals’ Problem. The Byzantine Generals’ problem describes a scenario where a general plans to launch an attack. However, since the army is very dispersed, he or she does not have centralized control. The only way to succeed is if the Byzantine army launches a planned and synchronized attack, where any miscommunication can cause the offence to fail. The only way that the generals can synchronize a strike is by sending messages via messengers, which leads to several failure scenarios where different actors in the system behave dishonestly. Bitcoin solved the Byzantine Generals’ Problem by providing a unified protocol, called proof of work. The Generals problem described the main obstacle to massive, distributed processing and is the foundation for distributed ledger technology, where everyone must work individually to maintain a synchronized and distributed ledger.

The trouble with tools - Overcoming the frustration of failed data governance technologies

To explain, inside many organizations that claim to focus on data governance, the process is reliant on tools that produce a CSV of objects with no insight about where violations might exist. For example, they struggle to tell the difference between Personal Information (PI) and Personal Identifiable Information (PII). While most PI data doesn’t identify a specific person and isn’t as relevant to identifying governance violations, discovery tools still present that information to users, adding huge complexity to their processes and forcing them to revert to a manual process to filter what’s needed from what isn’t. Instead, it’s critical that organizations are able to view, classify and correlate data wherever it is stored, and do so from a single platform - otherwise, they simply can’t add value to the governance process. In the ideal scenario, effective governance tools will enable organizations to correlate their governance processes across all data sources to show where PII is being held, for example. The outputs then become much more accurate, so in a scenario where there are 10 million findings, users know with precision which of them are PII.

Quote for the day:

"It is the responsibility of leadership to provide opportunity, and the responsibility of individuals to contribute." -- William Pollard

No comments:

Post a Comment