Daily Tech Digest - October 31, 2021

Hackers Breach iOS 15, Windows 10, Google Chrome During Massive Cyber Security Onslaught

"The first thing to note is the in-group, out-group divide here," says Sam Curry, the chief security officer at Cybereason. Curry told me that there's a sense that China has the "critical mass and doesn't need to collaborate to innovate in hacking," in what he called a kind of U.S. versus them situation. Curry sees the Tianfu Cup, with the months of preparation that lead up to the almost theatrical on-stage reveal, as a show of force. "This is the cyber equivalent of flying planes over Taiwan," he says, adding the positive being that the exploits will be disclosed to the vendors. There are, of course, lots of positives about a hacking competition, such as the Tianfu Cup or Pwn2Own. "The security researchers involved in these schemes can be an addition to existing security teams and provide additional eyes on an organisation's products," George Papamargaritis, the managed security service director at Obrela Security Industries, says, "meaning bugs will be unearthed and disclosed before cybercriminals get a chance to discover them and exploit them maliciously."


SRE vs. SWE: Similarities and Differences

In general, SREs and SWEs are more different than they are similar. The main difference between the roles boils down to the fact that SREs are responsible first and foremost with maintaining reliability, while SWEs focus on designing software. Of course, those are overlapping roles to a certain extent. SWEs want the applications they design to be reliable, and SREs want the same thing. However, an SWE will typically weigh a variety of additional priorities when designing and writing software, such as the cost of deployment, how long it will take to write the application and how easy the application will be to update and maintain. These aren’t usually key considerations for SREs. The toolsets of SREs and SWEs also diverge in many ways. In addition to testing and observability tools, SREs frequently rely on tools that can perform tasks like chaos engineering. They also need incident response automation platforms, which helps manage the complex processes required to ensure efficient resolution of incidents.


The Biggest Gap in Kubernetes Storage Architecture?

Actually, commercial solutions aren’t better than open source solutions — not inherently anyway. A commercial enterprise storage solution could still be a poor fit for your specific project, require internal expertise, require significant customization, break easily and come with all the drawbacks of an open source solution. The difference is that where an open source solution is all but guaranteed to come with these headaches, a well-designed commercial enterprise storage solution won’t. It isn’t a matter of commercial versus open source, rather it’s good architecture versus bad architecture. Open source solutions aren’t designed from the ground up, making it much more difficult to guarantee an architecture that performs well and ultimately saves money. Commercial storage solutions, however, are. This raises the odds that it will feature an architecture that meets enterprise requirements. Ultimately, all this is to say that commercial storage solutions are a better fit for most Kubernetes users than open source ones, but that doesn’t mean you can skip the evaluation process.


MLOps vs. DevOps: Why data makes it different

All ML projects are software projects. If you peek under the hood of an ML-powered application, these days you will often find a repository of Python code. If you ask an engineer to show how they operate the application in production, they will likely show containers and operational dashboards — not unlike any other software service. Since software engineers manage to build ordinary software without experiencing as much pain as their counterparts in the ML department, it begs the question: Should we just start treating ML projects as software engineering projects as usual, maybe educating ML practitioners about the existing best practices? Let’s start by considering the job of a non-ML software engineer: writing traditional software deals with well-defined, narrowly-scoped inputs, which the engineer can exhaustively and cleanly model in the code. In effect, the engineer designs and builds the world wherein the software operates. In contrast, a defining feature of ML-powered applications is that they are directly exposed to a large amount of messy, real-world data that is too complex to be understood and modeled by hand.


How to Measure the Success of a Recommendation System?

Any predictive model or recommendation systems with no exception rely heavily on data. They make reliable recommendations based on the facts that they have. It’s only natural that the finest recommender systems come from organizations with large volumes of data, such as Google, Amazon, Netflix, or Spotify. To detect commonalities and suggest items, good recommender systems evaluate item data and client behavioral data. Machine learning thrives on data; the more data the system has, the better the results will be. Data is constantly changing, as are user preferences, and your business is constantly changing. That’s a lot of new information. Will your algorithm be able to keep up with the changes? Of course, real-time recommendations based on the most recent data are possible, but they are also more difficult to maintain. Batch processing, on the other hand, is easier to manage but does not reflect recent data changes. The recommender system should continue to improve as time goes on. Machine learning techniques assist the system in “learning” the patterns, but the system still requires instruction to give appropriate results.


An Introduction To Decision Trees and Predictive Analytics

Decision trees represent a connecting series of tests that branch off further and further down until a specific path matches a class or label. They’re kind of like a flowing chart of coin flips, if/else statements, or conditions that when met lead to an end result. Decision trees are incredibly useful for classification problems in machine learning because it allows data scientists to choose specific parameters to define their classifiers. So whether you’re presented with a price cutoff or target KPI value for your data, you have the ability to sort data at multiple levels and create accurate prediction models. ... Each model has its own sets of pros and cons and there are others to explore besides these four examples. Which one would you pick? In my opinion, the Gini model with a maximum depth of 3 gives us the best balance of good performance and highly accurate results. There are definitely situations where the highest accuracy or the fewest total decisions is preferred. As a data scientist, it’s up to you to choose which is more important for your project! ...


Five Ways Blockchain Technology Is Enhancing Cloud Storage

In Blockchain-based cloud storage, information is separated into numerous scrambled fragments, which are interlinked through a hashing capacity. These safe sections are conveyed across the network, and each fragment lives in a decentralized area. There are solid security arrangements like transaction records, encryption through private and public keys, and hashed blocks. It guarantees powerful protection from hackers. Thanks to the sophisticated 256-bit encryption, not even an advanced hacker can decrypt that data. In an impossible instance, suppose a hacker decodes the information. Even in such a situation, every decoding attempt will lead to a small section of information getting unscrambled and not the whole record. The outrageous security arrangements effectively fail all attempts of hackers, and hacking becomes a useless pursuit according to a business perspective. Another significant thing to consider is that the proprietors’ information is not stored on the hub. It assists proprietors to regain their privacy, and there are solid arrangements for load adjusting too.


Data Mesh Vs. Data Fabric: Understanding the Differences

According to Forrester’s Yuhanna, the key difference between the data mesh and the data fabric approach are in how APIs are accessed. “A data mesh is basically an API-driven [solution] for developers, unlike [data] fabric,” Yuhanna said. “[Data fabric] is the opposite of data mesh, where you’re writing code for the APIs to interface. On the other hand, data fabric is low-code, no-code, which means that the API integration is happening inside of the fabric without actually leveraging it directly, as opposed to data mesh.” For James Serra, who is a data platform architecture lead at EY (Earnst and Young) and previously was a big data and data warehousing solution architect at Microsoft, the difference between the two approaches lies in which users are accessing them. “A data fabric and a data mesh both provide an architecture to access data across multiple technologies and platforms, but a data fabric is technology-centric, while a data mesh focuses on organizational change,” Serra writes in a June blog post. “[A] data mesh is more about people and process than architecture, while a data fabric is an architectural approach that tackles the complexity of data and metadata in a smart way that works well together.”


Data Warehouse Automation and the Hybrid, Multi-Cloud

One trend among enterprises that move large, on-premises data warehouses to cloud infrastructure is to break up these systems into smaller units--for example, by subdividing them according to discrete business subject areas and/or practices. IT experts can use a DWA tool to accelerate this task--for example, by sub-dividing a complex enterprise data model into several subject-specific data marts, then using the DWA tool to instantiate these data marts as separate virtual data warehouse instances, or by using a DWA tool to create new tables that encapsulate different kinds of dimensional models and instantiating these in virtual data warehouse instances. In most cases, the DWA tool is able to use the APIs exposed by the PaaS data warehouse service to create a new virtual data warehouse instance or to make changes to an existing one. The tool populates each instance with data, replicates the necessary data engineering jobs and performs the rest of the operations in the migration checklist described above.


Rethinking IoT/OT Security to Mitigate Cyberthreats

We have seen destructive and rapidly spreading ransomware attacks, like NotPetya, cripple manufacturing and port operations around the globe. However, existing IT security solutions cannot solve those problems due to the lack of standardized network protocols for such devices and the inability to certify device-specific products and deploy them without impacting critical operations. So, what exactly is the solution? What do people need to do to resolve the IoT security problem? Working to solve this problem is why Microsoft has joined industry partners to create the Open Source Security Foundation as well as acquired IoT/OT security leader CyberX. This integration between CyberX’s IoT/OT-aware behavioral analytics platform and Azure unlocks the potential of unified security across converged IT and industrial networks. And, as a complement to the embedded, proactive IoT device security of Microsoft Azure Sphere, CyberX IoT/OT provides monitoring and threat detection for devices that have not yet upgraded to Azure Sphere security.



Quote for the day:

"It's hard for me to answer a question from someone who really doesn't care about the answer." -- Charles Grodin

No comments:

Post a Comment