Daily Tech Digest - November 02, 2021

Complexity is killing software developers

“There is more to this profession than writing code; that is the means to an end,” Hightower said. “Maybe we are saying we have built enough and can pause on building new things, to mature what we have and go back to our respective roles of consuming technology. Maybe this is the happy ending of the devops and collaboration movement we have seen over the past decade.” The market is responding to this complexity with an ever-growing list of opinionated services, managed options, frameworks, libraries, and platforms to help developers contend with the complexity of their environment. “No vendor is or will be in a position to provide every necessary piece, of course. Even AWS, with the most diverse application portfolio and historically unprecedented release cadence, can’t meet every developer need and can’t own every relevant developer community,” O’Grady wrote in a 2020 blog post. That being said, “there is ample evidence to suggest that we’re drifting away from sending buyers and developers alike out into a maze of aisles, burdening them with the task of picking primitives and assembling from scratch.

Securing SaaS Apps — CASB vs. SSPM

There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data. For identifying and classifying sensitive information, like Personally Identifiable Information (PII), Intellectual Property (IP), and business records, CASBs definitely help. However, as the number of SaaS apps increase, the amount of misconfigurations and possible exposure widens and cannot be mitigated by CASBs. These solutions act as a link between users and cloud service providers and can identify issues across various cloud environments. Where CASBs fall short is that they identify breaches after they happen. When it comes to getting full visibility and control over the organization's SaaS apps, an SSPM solution would be the better choice, as the security team can easily onboard apps and get value in minutes — from the immediate configuration assessment to its ongoing and continuous monitoring.

11 cybersecurity buzzwords you should stop using right now

The terms whitelist and blacklist date back to the some of the earliest days of cybersecurity. Associating “white” with good, safe, or permitted, and “black” with bad, dangerous, or forbidden, the phrases are still commonly applied to allow or deny use or access relating to various elements including passwords, applications, and controls. Cybersecurity consultant Harman Singh thinks the terms need urgently replacing because of harmful racial overtones associated with them, suggesting allow lists and deny lists serve the same purpose without potentially damaging connotations linked to ethnicity and race. “This is such a small yet significant, change” he tells CSO. “The NCSC made this conscious change last year to avoid racial tone. Still only a handful of companies in the industry have thought about doing this. Why don’t we all follow this example to stamp out such terms?” In a blog post, Emma W, head of advice and guidance at the NCSC, wrote: “You may not see why this matters. If you’re not adversely affected by racial stereotyping yourself, then please count yourself lucky. For some of your colleagues, this really is a change worth making.”

How to Get Started with Competitive Programming?

First and foremost what you need to do is pick out your preferred programming language and become proficient with its syntax, fundamentals, and implementation. You need to make yourself familiar with built-in functions, conditional statements, loops, etc. along with the required advanced concepts such as STL library in C++ or Big Integers in Java. There are various languages out there that are suitable for Competitive Programming such as C, C++, Java, Python, and many more  ... What you need to know – you’ll be suggested by some individuals that it is not necessary to learn DSA priorly for getting started with CP and it can be done along the way however, we recommended you to at least cover the DSA fundamentals like Array, Linked List, Stack, Queue, Tree, Searching, Sorting, Time and Space Complexity, etc. before starting to solve problems and doing competitive problems as it’ll help you to feel confident and solve a majority of the problems. Without knowing Data Structures & Algorithms well, you won’t be able to come up with an optimized, efficient, and ideal solution for the given programming problem.

‘Trojan Source’ Bug Threatens the Security of All Code

“It is already hard for humans to tell ‘this is OK’ from ‘this is evil’ in source code,” Weaver said. “With this attack, you can use the shift in directionality to change how things render with comments and strings so that, for example ‘This is okay” is how it renders, but ‘This is’ okay is how it exists in the code. This fortunately has a very easy signature to scan for, so compilers can [detect] it if they encounter it in the future.” The latter half of the Cambridge paper is a fascinating case study on the complexities of orchestrating vulnerability disclosure with so many affected programming languages and software firms. ... “We met a variety of responses ranging from patching commitments and bug bounties to quick dismissal and references to legal policies,” the researchers wrote. “Of the nineteen software suppliers with whom we engaged, seven used an outsourced platform for receiving vulnerability disclosures, six had dedicated web portals for vulnerability disclosures, four accepted disclosures via PGP-encrypted email, and two accepted disclosures only via non-PGP email. They all confirmed receipt of our disclosure, and ultimately nine of them committed to releasing a patch.”

Cloud, microservices, and data mess? Graph, ontology, and application fabric to the rescue.

Data integration may not sound as deliciously intriguing as AI or machine learning tidbits sprinkled on vanilla apps. Still, it is the bread and butter of many, the enabler of all cool things using data, and a premium use case for concepts underpinning AI, we argued back then. The key concepts we advocated for then have been widely recognized and adopted today in their knowledge graph and data fabric guise: federation and semantics. Back then, the concepts were not as widely adopted, and parts of the technology were less mature and recognized. Today, knowledge graphs and data fabrics are top of mind; just check the latest Gartner reports. The reason we're revisiting that old story is not to bask in some "told you so" self-righteousness, but to add to it. Knowledge graphs and data fabrics can, and hopefully will, eventually, address data integration issues. ... The final part of the process is orchestrating services, i.e. executing, coordinating, and deploying them, in the right order and with the right parameters, wherever they may be - on-premises, in the cloud, or in containers. That creates what Duggal called an "application fabric", as an extension of the notion of a data fabric.

Chaos Engineering Made Simple

The shift toward cloud native technologies has enabled the development of more manageable, scalable and dependable applications, but at the same time it has brought about unprecedented dynamism to critical services. This is due to the multitude of coexisting cloud native components that have to be managed individually. Failure of even a single microservice can lead to a cascading failure of other services, which can cause the entire application deployment to collapse. ... LitmusChaos was created with the primary goal of performing chaos engineering in a cloud native manner, scaling it as per the cloud native norms, managing the life cycle of chaos workflows and defining observability from a cloud native perspective. Chaos experiments help achieve this goal by injecting chaos into the target resources, using simple, declarative manifests. These Kubernetes custom resource (CR) manifests allow for an experiment to be flexibly fine-tuned to produce the desired chaos effect, as well as contain the experiment blast radius so as to not harm other resources in the environment. 

Future of Blockchain: How Will It Revolutionize The World In 2022 & Beyond!

In an ever-evolving world, one of the most relevant use cases for blockchain right now is cryptocurrencies, and it is here to remain that way for some time. However, an even more exciting future is emerging in blockchain technology: non-fungible tokens (NFTs). NFTs are a revolutionary new way of buying and selling digital assets that represent real-world items. All NFTs are unique and can’t be replaced or swapped — they can only be purchased, sold, traded, or given away by the original owner/creator of that asset. NFTs could power a whole new wave of digital collectibles, from rare artwork to one-of-a-kind sneakers and accessories. They could also be used in place of items in video games or other virtual worlds. ... Blockchain could replace this system with a digital identity that is safe, secure, and easy to manage. Instead of proving who you are by recalling some personal, arbitrary piece of information that could potentially be guessed or stolen, your digital identity is based on the uniquely random set of numbers assigned to each user on a blockchain network.

Quantum computers: Eight ways quantum computing is going to change the world

For decades, researchers have tried to teach classical computers how to associate meaning with words to try and make sense of entire sentences. This is a huge challenge given the nature of language, which functions as an interactive network: rather than being the 'sum' of the meaning of each individual word, a sentence often has to be interpreted as a whole. And that's before even trying to account for sarcasm, humour or connotation. As a result, even state-of-the-art natural language processing (NLP) classical algorithms can still struggle to understand the meaning of basic sentences. But researchers are investigating whether quantum computers might be better suited to representing language as a network -- and, therefore, to processing it in a more intuitive way. The field is known as quantum natural language processing (QNLP), and is a key focus of Cambridge Quantum Computing (CQC). The company has already experimentally shown that sentences can be parameterised on quantum circuits, where word meanings can be embedded according to the grammatical structure of the sentence. 

Anomaly Detection Using ML.NET

As the name suggests, it is about finding what is abnormal from what you expect in your day-to-day life. It helps identify data points, observations, or events that deviate from the normal behavior of the dataset. There are now many distributed systems where monitoring their performance is required. A considerable amount of data and events pass through such systems. Anomaly detection gives possibilities to determine where the source of the problem is, which significantly reduces the time to rectify the fault. It also allows us to detect outliers and report them accordingly. These all applications have one common focus that I have mentioned earlier - outliers. These are cases where the data points are distant from the others, do not follow a particular pattern, or match known anomalies. Each of these data points can be useful for identifying these anomalies and responding correctly to them.

Quote for the day:

"Different times need different types of leadership." -- Park Geun-hye

No comments:

Post a Comment