Daily Tech Digest - November 18, 2021

Software Engineering XOR Data Science

Metrics of the software such as number of the requests and response time and error types can be extracted by writing good logs. It is also great to do data checks in the controller class where the requests are received and forwarded to desired services before starting the operations for both SW and DS projects unless the UI side doesn’t do any check. Regex validations and data type checks can literally save the applications at both performance and security sides. An easy SQL injection may be prevented by a simple validation and it can even save the company’s future. On the DS side, there should be further monitoring besides the software metrics. Distribution of the model features and the model predictions are vital. If the distribution of any data column changes, there might be a data-shift and a new model training can be required. If the prediction results can be validated in a short time, these results must be monitored and warn the developers if the accuracy is below or above from a given threshold.

What Developers Should Look for in a Low-Code Platform

To minimize technical debt, it makes sense to reduce the number of platforms on which you build your apps. It follows that the fewer systems you have, the more value you get from each. When choosing a low-code platform, evaluate the other workflows you have deployed on that platform already, or plan to deploy in the future. Let’s say you’re considering an employee suggestion box app. If you already have, or will have, a platform where you run employee workflows, then you not only accelerate the time it takes to create the suggestion box app, but reduce additional technical debt with costly integrations. Bringing in a new platform means you have to replicate the employee information, which creates additional cost to implement and maintain. You can remove the need for that integration by having a single system of record where your employee suggestion box and existing employee workflows exist. Process governance is how you manage things like the request or intake process, change management and release management. When it’s time to release an app on your low-code platform, theoretically it should be as easy as clicking a button. But this is where technical governance comes in.

The race to secure Kubernetes at run time

Although developers now tend to test earlier and more often—or shift left, as it is commonly known—containers require holistic protection throughout the entire life cycle and across disparate, often ephemeral environments. “That makes things really challenging to secure,” Gartner analyst Arun Chandrasekaran told InfoWorld. “You cannot have manual processes here; you have to automate that environment to monitor and secure something that may only live for a few seconds. Reacting to things like that by sending an email is not a recipe that will work.” In its 2019 white paper “BeyondProd: A new approach to cloud-native security,” Google laid out how “just as a perimeter security model no longer works for end users, it also no longer works for microservices,” where protection must extend to “how code is changed and how user data in microservices is accessed.” Where traditional security tools focused on either securing the network or the individual workloads, modern cloud-native environments require a more holistic approach than just securing the build.

How organizations are beefing up their cybersecurity to combat ransomware

Educating employees about cybersecurity is another key method to help thwart ransomware attacks. Among those surveyed, 69% said their organization has boosted cyber education for employees over the last 12 months. Some 20% said they haven't yet done so but are planning to increase training in the next 12 months. Knowing how to design your employee security training is paramount. Some 89% of the respondents said they've educated employees on how to prevent phishing attacks, 95% have focused on how to keep passwords safe and 86% on how to create secure passwords. Finally, more than three-quarters (76%) of the respondents said they're concerned about attacks from other governments or nation states impacting their organization. In response, 47% said they don't feel their own government is taking sufficient action to protect businesses from cyberattacks, and 81% believe the government should play a bigger role in defining national cybersecurity protocol and infrastructure. "IT environments have become more fluid, open, and, ultimately, vulnerable," said Bryan Christ, sales engineer at Hitachi ID Systems.

DevOps transformation: Taking edge computing and continuous updates to space

One of the biggest technological pain points in space travel is power consumption. On Earth, we’re beginning to see more efficient CPU and memory, but in space, throwing away the heat of your CPU is quite hard, making power consumption the critical component. From hardware to software to the way you do processing, everything needs to account for power consumption. On the flip side, in space, there is one thing that you have plenty of (obviously): space. This means that the size of physical hardware is less of a concern. Weight and power consumption are larger issues, because those factors also impact the way microchips and microprocessors are designed. A great example of this can be found in the Ramon Space design. The company uses AI- and machine learning-powered processors to build space-resilient supercomputing systems with Earth-like computing capabilities, with the hardware components ultimately controlled by the software they have riding on top of them. The idea is to optimize the way software and hardware are utilized so applications can be developed and adapted in real time, just as they would be here on Earth.

What is LoRaWAN and why is it taking over the Internet of Things?

The wireless communication takes advantage of the long-range characteristics of the LoRa physical layer allowing a single-hop link between the end-device and one or many gateways. All modes are capable of bi-directional communication, and there is support for multicast addressing groups to make efficient use of spectrum during tasks such as Firmware Over-The-Air (FOTA) upgrades. This has led to LoRaWAN as the implementation of LoRa becoming the most widely used LPWAN technology in the unlicensed bands below 1GHz, providing battery powered sensor nodes with kilometres of range for the expanding applications across the Internet of Things. A key area for this low power, long range connectivity is smart cities. The ability to place wireless smart sensors for air quality, traffic density and transportation wherever they are needed across the urban infrastructure can give key insights into the activity of the city. The robust, low power nature of the protocol allows local authorities to run a cost-effective network with sensors in the right place, whether powered by local power lines, batteries or solar panels.

Serious security vulnerabilities in DRAM memory devices

Razavi and his colleagues have now found that this hardware-based "immune system" only detects rather simple attacks, such as double-sided attacks where two memory rows adjacent to a victim row are targeted but can still be fooled by more sophisticated hammering. They devised a software aptly named "Blacksmith" that systematically tries out complex hammering patterns in which different numbers of rows are activated with different frequencies, phases and amplitudes at different points in the hammering cycle. After that, it checks if a particular pattern led to bit errors. The result was clear and worrying: "We saw that for all of the 40 different DRAM memories we tested, Blacksmith could always find a pattern that induced Rowhammer bit errors," says Razavi. As a consequence, current DRAM memories are potentially exposed to attacks for which there is no line of defense—for years to come. Until chip manufacturers find ways to update mitigation measures on future generations of DRAM chips, computers continue to be vulnerable to Rowhammer attacks.

Money Laundering Cryptomixer Services Market to Criminals

Here's how it functions in greater detail: "Mixers work by allowing threat actors to send a sum of cryptocurrency - usually bitcoin - to a wallet address the mixing service operator owns. This sum joins a pool of the service provider's own bitcoins, as well as other cybercriminals using the service," Intel 471 says in a new report. "The initial threat actor's cryptocurrency joins the back of the 'chain' and the threat actor receives a unique reference number known as a 'mixing code' for deposited funds," the company says. "This code ensures the actor does not get back their own 'dirty' funds that theoretically could be linked to their operations. The threat actor then receives the same sum of bitcoins from the mixer's pool, muddled using the service's proprietary algorithm, minus a service fee." As a further anonymity boost, clean bitcoins can be routed to additional cryptocurrency wallets to make the connections with dirty bitcoins even more difficult for law enforcement authorities to track, Intel 471 says.

Innovation resilience during the pandemic—and beyond

Despite some decline in government spending, the overall impact on global innovation could be minimal. We have reason to be hopeful here: in 2008–09, increases in corporate R&D spending compensated for shortfalls in government R&D investment. And this appears to be true again today based on what we know so far. About 70% of the 2,500 largest global R&D spenders have released their 2020 R&D spending data. We found a healthy increase of roughly 10% in 2020, with roughly 60% of these largest R&D spenders reporting an increase. This reflects a decade-long trend of strong corporate innovation investment, which is perhaps not surprising, as the pace of progress in domains such as artificial intelligence and biotech has increased, and many new commercial growth opportunities have opened up around them. Of course, the view at the sector level is more nuanced. The pandemic-era focus on well-being and the rapid production of vaccines saw increased investments in health-related sectors, with estimates of US government investments in the development of the COVID-19 vaccines ranging from US$18 billion to $23 billion.

How active listening can make you a better leader

When you let the world intrude on a conversation, you unconsciously tell the other person that they are less important than the things around them. Instead, with every interaction strive to make a connection and show people the respect they deserve. To do this, start by limiting distractions. That means closing your laptop, muting your phone, and parking work problems at the door so you can focus and engage with this person in this moment. Of the hundreds of things littering your calendar, is any one of them more important than leading your team? ... t’s not enough simply to silence the world. Show the person that you are listening intently through your responses and body language: Make eye contact and provide brief verbal affirmations or nod, modulating the tone of your voice as well as mirroring their body mannerisms. Paraphrasing what the other person is saying can also be a helpful tool to show you understand or are seeking clarity. When you take time to validate what someone is saying, they will feel comfortable sharing more.

Quote for the day:

"The art of communication is the language of leadership." -- James Humes

No comments:

Post a Comment