Daily Tech Digest - October 21, 2021

7 secrets of successful vendor negotiation

Intentionally withholding critical information is also a terrible tactic. “Vendors and prospects do this all the time, and it never works,” Plato notes. For example: not having the funds necessary to acquire and deploy a technology and expecting the vendor to somehow provide a solution. “It’s unfair to waste a salesperson’s time if you’re not ready to purchase,” Plato states. The reverse is also true for vendors, he notes. “Don’t tell a customer you can meet their expectations when you cannot,” IT negotiations aren’t all that much different from any other type of business bargaining, observes Dmitry Bagrov, managing director of software development firm DataArt UK. “All negotiations rely on basic principles that are universal, and one of the most basic and most often forgotten is that the contract should be profitable for both sides.” Squeezing a vendor for an unprofitable rate or any other unrealistic consideration will only result in an unhappy partner that may then look to increase its margin by supplying inflated estimates, inferior resources, and other types of corner-cutting. Bagrov cautions IT leaders not to fall for the old Hollywood bromide: “It’s not personal; it’s business.” 

New Microsoft Sysmon report in VirusTotal improves security

Whether you’re an IT professional or a developer, you’re probably already using Microsoft Sysinternals utilities to help you manage, troubleshoot, and diagnose your Windows systems and applications. The powerful logging capabilities of Sysinternals utilities became indispensable for defenders as well, enabling security analytics and advanced detections. The System Monitor (Sysmon) utility, which records detailed information on the system’s activities in the Windows event log, is often used by security products to identify malicious activity. The new behavior report in VirusTotal includes extraction of Microsoft Sysmon logs for Windows executables (EXE) on Windows 10, with very low latency, and with Windows 11 on the roadmap. This is the latest milestone in the long history of collaboration between Microsoft and VirusTotal. Microsoft 365 Defender uses VirusTotal reports as an accurate threat intelligence source, and VirusTotal uses detections from Microsoft Defender Antivirus as a primary source of detection in its arsenal. Microsoft Sysinternals Autoruns, Process Explorer, and Sigcheck tools integrate VirusTotal reports, and VirusTotal itself uses Sigcheck to report details on Windows portable executable files.

Top tips for growth and success as a developer

The niche role of developers and the specialisation of their skillsets can often lead to isolation. Individuals may not necessarily collaborate with others on the same project, leaving them unaware of how the whole project was completed from start to finish. In contrast, a more collaborative approach, where individuals are encouraged to share ideas and actively work together on tasks can have a multitude of benefits. Not only does it provide a greater understanding of the project management aspect of developer projects, but it allows developers to gain insight, through the expertise of others, into code they may never have written before. ... While skilling up on new technologies is always good, developing your “soft” skills is equally important for your future career prospects. Open source gives you the chance to progress a range of these skills, such as communication, teamwork, and problem-solving. Even the most skilled developers can benefit from open source, where they can learn new skills and form important peer networks.

Database Testing Made Simple, Efficient and Fast

If you involve a database in your Java test suite, make sure it’s a containerized one. The Testcontainers framework takes care of the simplicity requirement. It adds the much-needed abstraction layer around Docker to provision, start and tear down a container of your database during the test suite lifecycle. And it does it with minimum boiler plate, keeping your tests readable. ... An efficient suite of tests does not target the same functionality twice. However, to some degree it’s unavoidable that generic code is called multiple times. Imagine a simple query to fetch a user record. This will be invoked in multiple test scenarios. Throughout the entire test run it may be called fifty times whereas its functionality needs to be validated only once. This is wasteful. Imagine a test that validates the unhappy paths in the snippet below. We want to catch the proper exceptions for an unknown member, unknown movie, user too young and maximum number of rentals exceeded. Every subsequent scenario repeats more queries until it throws its expected exception. 

How to right-size edge storage

Edge data centers are generally small-scale facilities that have the same components as traditional data centers but are squeezed into a much smaller footprint. In terms of capacity, determining edge storage requirements is similar to estimating the storage needs of a traditional data center, however workloads can be difficult to predict, says Jason Shepherd, a vice president at distributed edge-computing startup Zededa. Edge-computing adopters also need to be aware of the cost of upgrading or expanding storage resources, which can be substantial given size and speed constraints. "This will change a bit over time as grid-based edge storage solutions evolve, because there will be more leeway to elastically scale storage in the field by pooling resources across discrete devices," Shepherd predicts. A more recent option for expanding edge-storage capacity independently from edge-compute capacity are computational storage-drive devices that feature transparent compression. They provide compute services within the storage system while not requiring any modifications to the existing storage I/O software stack or I/O interface protocols, such as NVMe or SATA.

Smartphone counterespionage for travelers

If you’re deemed a target worthy of espionage, the IMSI catcher may even be used to install malware on your device. Such malware can take complete control of your phone, granting spies access to the contents on it, the communications from it and even its cameras and microphones. IMSI catchers have been detected at airports throughout the world, including in the United States. But really, they can be located anywhere, including at chokepoints like train stations and shopping centers as well as in the vicinity of hotels typically frequented by foreign travelers. If you’re lucky enough to avoid an IMSI catcher, you can still be monitored by local intelligence through the cell network alone. This is especially true in countries where the cellular infrastructure is state-owned. At the very least, spies will have access to your real-time location and the metadata of your calls. As with IMSI catchers, the cell network can also be used to deliver malware to your device, typically through a malicious carrier update that happens behind the scenes. The end result is that if you’re traveling to a foreign country, especially one that’s hostile to your home country or known to engage in economic espionage, you have to assume that your smartphone will be compromised at some point.

DevOps: 3 skills needed to support its future in the enterprise

While the future looks promising for DevOps experts, much will depend on how DevOps engineers are leveraged to transform how work gets done. For instance, DevOps engineers must continually strive to break down silos while also moving away from traditional development, deployment, and waterfall builds that inhibit the velocity of scalable, qualitative, and reliable software. In a pandemic and post-pandemic world, organizations are modifying their operating plans and must deal with a distributed workforce. IT teams must also consider automation and unbundling previously existing complexities such as siloed development and operations teams. Everything-as-code, hybrid cloud operating models, and automated workflows will be top priorities for every DevOps team. Digital services must excel across all organizational functions in order to delight customers. Meanwhile, organizations will continue to focus on how to increase revenue while reducing costs. Experience, processes, effectiveness, utilization, quality, and speed are the levers for improvement.

CISA Leader Backs 24-Hour Timeline for Incident Reporting

Wales' support for a 24-hour timeline aligns with the Senate Select Intelligence Committee's Cyber Incident Notification Act of 2021 - sponsored by Sens. Mark Warner, D-Va., Marco Rubio, R-Fla., and Susan Collins, R-Maine. The bill would require federal agencies, federal contractors and organizations that are considered critical to U.S. national security to report security incidents to CISA within 24 hours of discovery. Per the bill, companies that do not report an incident within 24 hours could face a maximum financial penalty equal to 0.5% of the previous year's gross revenue. The measure, however, allows for exceptions to the penalty. Another provision would allow organizations to anonymize personal data when they report a breach - to encourage victims to report incidents without revealing sensitive data. Some cybersecurity experts have said that it's unrealistic to expect organizations to report incidents within 24 hours of discovery because they need more time to properly assess an attack and determine if it meets the criteria for notification.

The best approach to AI assistants and process automation for your business

For firms to harness the full potential of AI assistants and process automation, an effective approach is to consider how closely the two are intertwined. We’ve seen from experience that one of the most effective and logical methods of implementing AI and automation is to introduce digital assistants into their existing customer services, where they can be used to capture and create a log of conversations. Presently, many companies’ customer services are constrained by the availability of their employees to man phonelines or speak to customers in person, which can be a challenge outside of normal working hours. Digital assistants help to remove the customer services gap by offering a 24/7 solution with which consumers can share their questions and issues whenever they need to, safe in the knowledge that the enquiry will be logged and prioritised accordingly. This is not to suggest that digital assistants should be viewed as a replacement to human engagement with customers – a survey conducted by Dutch tech firm Usabilla found that 55% of people still like to speak with a human customer service agent on the phone.

Takeoff: What Software Development Can Learn from Aviation

As with pilots practicing how to react to an engine outage, we regularly practice how to react to a database outage. Once a month two of our engineers are randomly selected to run a database outage drill. We present them with the scenario that one of the databases on our staging system has crashed and needs to be restored from a backup. In this scenario they are the only people available and need to get the database up and running as soon as possible. We learned pretty quickly that these drills are enormously helpful. They give our people the confidence that if something like this actually happens, they won’t have to guess (or find some documentation on) what the next move could be, but can rely on their experience. It also greatly improved our documentation and tooling which apart from being helpful in an emergency, has given us a better overview of our system landscape. We can already see that when performing the drill for the second or third time, our engineers are a lot more relaxed. They know what to do and what to expect.

Quote for the day:

"When leaders are worthy of respect, the people are willing to work for them. When their virtue is worthy of admiration, their authority can be established." -- Huananzi

No comments:

Post a Comment