Daily Tech Digest - September 23, 2021

The ‘Great Resignation’ is coming for software development

Companies of all sizes should be strategic about the use of developer time. Why waste human resources and attention on tasks that can be done quickly and less expensive through automation instead? The cost of a developer minute is roughly $1.65, and the cost of a compute minute for automating a formerly manual process is approximately $0.006. Bear in mind the human cost of developers working on routine, low-impact, uninteresting activities, and it’s neither a good use of engineering skills, time, or attention for someone highly trained to stay motivated. Instead, automate core building blocks as much as possible. Implement solutions that integrate easily with other tooling or processes. Remove friction for onboarding new developers allows for a simple life. A simple life means developers are innovating, not toiling. A good place to start if you haven’t already is with CI/CD. A reliable build tool allows teams to automate their processes and practice good hygiene. That way, when systems become more complex, your business will have a foundation in place to handle them (you can thank me later).

The Value Creation System

The Value Equation provides the foundational point of reference for an enterprise, both as a driver and as a constraint for its modus operandi. Bound within the confines of the Value Equation, the enterprise emerges as a conduit for value creation – essentially, as a Value Creation System made up of myriad fixed and moving parts which collude and collide to generate the products or services offered to the market. In fact, the enterprise closely resembles a living, breathing organism, in that it can self-organize, learn, adapt, diversify, specialize, and evolve “emergent properties” such as innovative thinking and conscious risk-taking behaviors. As a result, an enterprise is considered to be a complex adaptive system. What distinguishes an enterprise from other complex adaptive systems such as the stock market or the cells in an organism is the fact that it is deliberately organized around the creation of value. The enterprise is essentially a Value Creation System designed to ingest ‘raw resources’ such as data, materials, capital and labor power, and produce outputs – services, products, information – useful to and desired by their customers.

14 things you need to know about data storage management

“Setting the right data retention policies is a necessity for both internal data governance and legal compliance,” says Chris Grossman, senior vice president, Enterprise Applications, Rand Worldwide and Rand Secure Archive, a data archiving and management solution provider. “Some of your data must be retained for many years, while other data may only be needed for days.” “When setting up processes, identify the organization’s most important data and prioritize storage management resources appropriately,” says Scott-Cowley. “For example, email may be a company’s top priority, but storing and archiving email data for one particular group, say the executives, may be more critical than other groups,” he says. “Make sure these priorities are set so data management resources can be focused on the most important tasks.” ... Similarly, “look for a solution that provides the flexibility to choose where data is stored: on premise and/or in the cloud,” says Jesse Lipson, founder of ShareFile and VP & GM of Data Sharing at Citrix. “The solution should allow you to leverage existing investments in data platforms such as network shares and SharePoint.”

Big Tech & Their Favourite Deep Learning Techniques

A subsidiary of Alphabet, DeepMind remains synonymous with reinforcement learning. From AlphaGo to MuZero and the recent AlphaFold, the company has been championing breakthroughs in reinforcement learning. AlphaGo is a computer program to defeat a professional human Go player. It combines an advanced search tree with deep neural networks. These neural networks take a description of the Go board as input and process it through a number of different network layers containing millions of neuron-like connections. The way it works is — one neural network ‘policy network’ selects the next move to play, while the other neural network, called the ‘value network,’ predicts the winner of the game. ... Facebook is ubiquitous to self-supervised learning techniques across domains via fundamental, open scientific research. It looks to improve image, text, audio and video understanding systems in its products. Like its pretrained language model XLM, self-supervised learning is accelerating important applications at Facebook today — like proactive detection of hate speech. 

New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures

As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks. Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios make them an attractive target owing to their "oversight of core servers, devices, and other critical components in the enterprise network." The issues have since been fixed in updates released in August with Nagios XI 5.8.5 or above, Nagios XI Switch Wizard 2.5.7 or above, Nagios XI Docker Wizard 1.13 or above, and Nagios XI WatchGuard 1.4.8 or above. "SolarWinds and Kaseya were likely targeted not only because of their large and influential customer bases, but also because of their respective technologies' access to enterprise networks, whether it was managing IT, operational technology (OT), or internet of things (IoT) devices," Claroty's Noam Moshe said in a write-up published Tuesday, noting how the intrusions targeting the IT and network management supply chains emerged as a conduit to compromise thousands of downstream victims.

Practical API Design Using gRPC at Netflix

Alex Borysov and Ricky Gardiner, senior software engineers at Netflix, note that API clients often do not use all the fields present in the responses to their requests. This transmission and computation of irrelevant information for one specific request can waste bandwidth and computational resources, increase the error rate, and increase the overall latency. The authors argue that such waste can be avoided when API clients specify which fields are relevant to them with every request. They point out that this feature is present out of the box with API standards such as GraphQL and JSON:API and question whether Netflix's wide usage of gRPC in the backend could benefit from an identical mechanism. They found that a particular message called FieldMask is defined in Protobuf, the underlying message encoding of gRPC. When included in API requests, it allows clients to list which fields are relevant and can be applied to both read and modify operations.

Ransomware is Harming Cybersecurity Strategy: What Can Organizations Do?

The answer is to layer up best-in-class protection across endpoints, servers, cloud platforms, web and email gateways, and networks. But the secret sauce in all this must be intelligence. It should help organizations understand where their highest risk vulnerabilities are internally. It can also drive visibility into broader threat activity outside the corporate perimeter—whether it’s chatter on dark web forums or new registrations of phishing sites. With open APIs and automation, organizations can integrate this intelligence seamlessly into their best-of-breed security environment, freeing up analysts to focus on high-value tasks and accelerating detection and response times. For example, a new phishing site IP address could be blocked in minutes before the group behind it has even been able to send your employees scam emails. Likewise, intelligence on new ransomware IOCs could be fed into intrusion prevention tools to enhance resilience before you’re even attacked. The right threat intel can also help red teams probe for weaknesses and proactively build stronger defenses.

To build trust with employees, be consistent

A lot of leaders seem to think they also walk the talk on culture. PwC’s survey shows that 73% of senior management think they do. But only 46% of the rest of the workforce agree. We’ve seen firsthand that this mismatch damages trust. And without trust, it can be difficult to motivate people, bring about change, and encourage the desired behaviors. One of our team members at the Katzenbach Center, a former US soldier, tells a story that accentuates the importance of leadership authenticity. In the armed forces, which rely on the ranks obeying their leaders’ instructions without question, Army leaders routinely make sure they eat only after their troops have been fed, to give a clear signal that the troops’ welfare is their top priority. But on one occasion when our colleague was a first lieutenant in the 25th Infantry Division, his entire unit was locked down because a piece of equipment was missing. “The lockdown went on all day and into the evening, and instead of hot food, we were given MRE [meal ready-to-eat] rations. But then some of the soldiers saw the commander’s wife sneaking him Burger King. After that, he was completely ineffective as a leader because no one in the unit respected him.”

What is a Blockchain and how does it work on Bitcoin?

The origins of Blockchain go back to 1991 when Stuart Haber and W. Scott Stornetta described the first work on a chain of cryptographically secured blocks. In this study, Haber and Stornetta sought to create mechanisms to create digital seals and order registered files in a unique and secure way. This represented a practical computational solution for the order and handling of digital documents so that they could not be modified or manipulated. However, its boom increased in 2008 with the arrival of the cryptocurrency Bitcoin , although it is already being used for other commercial applications, so much so that an annual growth of 51% is estimated for 2022. ... Even with these security locks, it would be possible that someone using a computer that has the ability to calculate hundreds of fingerprints per second can modify the fingerprints of the front and rear block, and thinking about this possible problem the Blockchain has a mechanism called " proof of work ", which consists of purposely delaying the process of creating the new block of information, in other words, before creating a new block the system would audit the entire chain originally created. ...

Russian-Linked Group Using Secondary Backdoor Against Targets

The newly discovered backdoor, which the researchers call "TinyTurla," has been deployed against targets in the U.S. and Germany over the last two years. More recently, however, Turla has used the malware against government organizations and agencies in Afghanistan before the country was overtaken by the Taliban in August, according to the report. "This malware specifically caught our eye when it targeted Afghanistan prior to the Taliban's recent takeover of the government there and the pullout of Western-backed military forces," according to the analysis. "Based on forensic evidence, Cisco Talos assesses with moderate confidence that this was used to target the previous Afghan government." Turla has been active since the mid-1990s and is one of the oldest operating advanced persistent threat groups that have links to Russia's FSB - formerly KGB - according to a study published in February by security researchers at VMware. The group, which typically targets government or military agencies, is also called Belugasturgeon, Ouroboros, Snake, Venomous Bear and Waterbug and is known for constantly changing techniques and methods to avoid detection.

Quote for the day:

"Risks are the seeds from which successes grow." -- Gordon Tredgold

No comments:

Post a Comment