Daily Tech Digest - September 30, 2021

How IBM lost the cloud

At first, Genesis still lacked support for the key virtual private cloud technology that both engineers and salespeople had identified as important to most prospective cloud buyers. This caused a split inside IBM Cloud: A group headed by the former Verizon executives continued to work on the Genesis project, while another group, persuaded by a team from IBM Research that concluded Genesis would never work, began designing a separate infrastructure architecture called GC that would achieve the scaling goals and include the virtual private cloud technology using the original SoftLayer infrastructure design. Genesis would never ship. It was scrapped in 2017, and that team began work on its own new architecture project, internally called NG, that ran in parallel to the GC effort. For almost two years, two teams inside IBM Cloud worked on two completely different cloud infrastructure designs, which led to turf fights, resource constraints and internal confusion over the direction of the division.


How Can Artificial Intelligence Transform Software Testing?

The increase of automated testing has coincided with the acceptance of agile methodologies in software development. This allows the QA specialists group to deliver error-free and robust software in small batches. Manual test is restricted to business acceptance test merely. DevOps test along with Automation helps agile groups to ship a guaranteed product for SaaS/ cloud deployment through a Continuous Integration/ Continuous Delivery pipeline. In software testing, Artificial Intelligence is a blend of machine learning, cognitive automation, reasoning, analytics, and natural language processing. Cognitive automation leverages several technological approaches such as data mining, semantic technology, text analytics, machine learning, and natural language processing. For instance, Robotic Process Automation (RPA) is one such connecting link between Artificial Intelligence and Cognitive Computing.


GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride

The creators of the apps have employed several novel techniques to help the apps stay off the radar of security vendors, the analysis found. In addition to the no-reuse policy for URLs mentioned above, the cybercriminals are also developing the apps using Apache Cordova. Cordova allows developers to use standard web technologies – HTML5, CSS3 and JavaScript – for cross-platform mobile development – which in turn allows them to push out updates to apps without requiring user interaction. “[This] technology can be abused to host the malicious code on the server and develop an application that executes this code in real-time,” according to Zimperium. “The application displays as a web page that references HTML, CSS, JavaScript and images.” The campaign is also supported with a sophisticated architecture and plenty of encryption, which makes detection more difficult, according to the researchers. For instance, when an app is launched, the encrypted files stored in the “assets/www” folder are decrypted using AES.


How to Decide in Self-Managed Projects - a Lean Approach to Governance

If the people in the project can make decisions themselves, we can call it self-managed. By “self-managed” (or self-organized), I mean that the project members can make decisions about the content of the work, and also who does what and by when. Self-managed groups have the advantage that those who do the work are closer to the decisions: decisions are better grounded in operations, and there is more buy-in and deeper insight from those who are going to carry out the tasks into how the tasks fit into the bigger picture. One step further would be to have a self-governed project. ... The trick is to use lean governance, intentionally and in our favor. The goal of governance in a new project is to provide just enough structure to operate well. Just enough team structure to have a clear division of labor. Just enough meeting structure to use our time well. Not more but also not less. That level of “just enough,” of course, depends on the phase of the project.


Citi’s big idea: central, commercial banks use shared DLT for “digital money format war”

The concept involves creating a blockchain with tiers and partitions, on which central banks perform the same current role dealing with commercial banks. On the same ledger, commercial banks and emoney providers perform similar activities as they do now with their clients. Given this is how things work today and most legislation is technology agnostic, it likely wouldn’t require legislative changes and may dispense with the need for CBDCs. In Mclaughlin’s view, the debates around central bank digital currency (CBDC) frame the conversation as public versus private money. An alternative perspective is to look at regulated versus unregulated money. The concept also addresses bank coins or settlement tokens. “If we as commercial banks think that the right thing to do is for each of us to create our own coins, again, the regulated sector will be fragmented. And that will not help in the contest between regulated money and non-regulated money,” said Mclaughlin. Central bank money, commercial bank money and emoney are all regulated and represent specific legal liabilities, no matter their technical form.


Major Quantum Computing Strategy Suffers Serious Setbacks

The key to quantum computing is that, during the computation, you must avoid revealing what information your qubits encode: If you look at a bit and say that it holds a 1 or a 0, it becomes merely a classical bit. So you must shield your qubits from anything that could inadvertently reveal their value. (More strictly, decide their value — for in quantum mechanics this only happens when the value is measured.) You need to stop such information from leaking out into the environment. That leakage corresponds to a process called quantum decoherence. The aim is to carry out quantum computing before decoherence can take place, since it will corrupt the qubits with random errors that will destroy the computation. Current quantum computers typically suppress decoherence by isolating the qubits from their environment as well as possible. The trouble is, as the number of qubits multiplies, this isolation becomes extremely hard to maintain: Decoherence is bound to happen, and errors creep in.


Apple Pay-Visa Vulnerability May Enable Payment Fraud

The vulnerabilities were detected in iPhone wallets where Visa cards were set up in "express transit mode," the researchers say. The transit mode feature, launched in May 2019, enables commuters to make contactless mobile payments without fingerprint authentication. Threat actors can use the vulnerability to bypass the Apple Pay lock screen and illicitly make payments using a Visa card from a locked iPhone to any contactless Europay, Mastercard and Visa - or EMV - reader, for any amount, without user authorization, the researchers say. Information Security Media Group could not immediately ascertain the number of users affected by this vulnerability. "The weakness lies in the Apple Pay and Visa systems working together and does not affect other combinations, such as Mastercard in iPhones, or Visa on Samsung Pay," the researchers note. The researchers, who come from the University of Birmingham’s School of Computer Science and the University of Surrey’s Department of Computer Science, found the flaw as part of a project dubbed TimeTrust.


How much trust should we place in the security of biometric data?

Whilst the collection of fingerprint data is very convenient for the border control forces, how convenient is it for the asylum seekers themselves? Could they be opening themselves up to greater risks by providing their data? A potential issue here is the amount of trust that people place in fingerprints. People assume that fingerprints are an infallible method of identification. Whilst the chance of two people having matching fingerprints is infinitesimally small, automated matching systems often do not make use of the entire fingerprint. Different levels of detail can be used in matching, with differing levels of reliability. When asked to provide your fingerprints for identification purposes, how often do we consider how the matching is performed? Whilst standards exist for the robustness of fingerprint matching when used within the Criminal Justice System, can we assume that the same standards apply to border control systems? Generally, the fewer comparison points to be analyzed, the faster the matching system; in a border control situation where a large quantity of people are being processed, it is important to understand how much of a trade-off between speed and accuracy has occurred. 


The New Security Basics: 10 Most Common Defensive Actions

The current assessments found that the growing number of public incidents of ransomware attacks and attacks on the software supply chain, such as the compromise of remote management software maker Kaseya, have companies more focused on activities designed to prevent or mitigate incidents. Over the past two years, 61% more companies have actively sought to identify open source — 74 this year versus 46 two years ago — while 55 companies have begun to mandate boilerplate software license agreements, an increase of 57% compared with two years ago. "Over the last 18 months, organizations experienced a massive acceleration of digital transformation initiatives," said Mike Ware, information security principal at Navy Federal Credit Union, a member organization of the BSIMM community, in a statement. "Given the complexity and pace of these changes, it's never been more important for security teams to have the tools which allow them to understand where they stand and have a reference for where they should pivot next."


Cycle Time Breakdown: Reducing Pull Request Pickup Time

There’s nothing worse than working hard for a day or two on a difficult piece of code, creating a pull request for it, and having no one pay attention or even notice. It’s especially frustrating if you specifically assign the Pull Request to a teammate. It’s a bother to have to remember to send emails or slack messages to fellow team members to get them to do a review. No one wants to be a distraction, but the work has to be done, right? So naturally, the conscientious Dev Manager will want to pay close attention to Pull Request Pickup Time (PR Pickup Time), the second segment of a project’s journey along the Cycle Time path. (Go here for the blog post about the first segment, Coding Time) She’ll want to make sure those frustrations described above don’t occur. Keeping Cycle Time “all green” is the goal, but this is often difficult because there are a lot of moving parts that go into managing Cycle Time, including PR Pickup Time.



Quote for the day:

"Leaders must see the dream in their mind before they will accomplish the dream with their team." -- Orrin Woodward

No comments:

Post a Comment