Daily Tech Digest - November 28, 2021

Government must prove its plans to police encryption work, says ex-cyber security chief

Technology companies and cryptographers claim that the government’s demands are simply not possible - the government is in effect, trying to argue against the laws of mathematics. If the UK and US governments can read encrypted messages, so potentially can criminals, or hostile nation states such as North Korea or Russia. Extensively researched proposals to find a compromise, including proposals by Ian Levy, technical director of the National Cyber Security Centre to use “virtual crocodile clips” to listen in to encrypted communications, have failed to convince sceptics, said Martin. Plans by Apple to introduce “client-side scanning” technology to detect child abuse images before they are encrypted provoked a backlash from the world’s top cryptographic experts and internet pioneers and have now been suspended. An expert report identified over 15 ways in which states or malicious actors, and targeted abusers, could turn the technology around to cause harm to others or society. 

India: One Law To Rule Them All: On NFTs And India's Prospective Cryptocurrency Law

It is not the case that NFTs do not pose any risks. Like traditional art, which has always had a money laundering problem. NFTs pose the same (or even greater) money laundering risks. Greater risks, because the prices of NFTs are determined in private, in one-to-one trade. Like with art or real estate, the value attributed to a trade cannot be questioned and hence these assets can be sold at any price and the balance be settled for cash. One of the things that works in favour of NFTs though is that if they are on a public blockchain such as Ethereum and the user uses a centralised platform to purchase them, transactions are traceable. Other than the money laundering risks, NFTs neither pose the same category of risks, nor the same degree of risks as cryptocurrencies. NFTs are non-fungible and cannot be used as a medium of exchange as opposed to several cryptocurrencies that can be. This alleviates central bankers' concerns around monetary policy and control of cross-border payments. 

Design Pattern vs Anti Pattern in Microservices

An anti-pattern is a common response to a recurring problem that is usually ineffective and risks being highly counterproductive.” Note the reference to “a common response.” Anti-patterns are not occasional mistakes, they are common ones, and are nearly always followed with good intentions ... Ambiguous Service: An operation’s name can be too long, or a generic message’s name can be vague. It’s possible to limit element length and restrict phrases in certain instances. API Versioning: It’s possible to change an external service request’s API version in code. Delays in data processing can lead to resource problems later. Why do APIs need semantically consistent version descriptions? It’s difficult to discover bad API names. The solution is simple and can be improved in the future. Hard code points: Some services may have hard-coded IP addresses and ports, causing similar concerns. Replace an IP address, for example, by manually inserting files one by one. The current method only recognizes hard-coded IP addresses without context. Bottleneck services: A service with many users but only one flaw. 

Designing Resilient Microservices — Part 1

The more interesting question is — What do you do when you detect a dependency failure (partial or full). The obvious answer is to return an appropriate HTTP or gRPC error code to your caller, but depending on your business logic/content, you should explore a graceful degradation. For example, if your application is enabling users to track the status of the order, and the exact location of the delivery agent (which is served by a dependency) is unavailable, you could choose to use extrapolation to compute an approximate location. This is further subject to a timing threshold so that if the dependency recovers, we could pivot back to providing the most recent/accurate response. Another solution often suggested for handling of faults is retries. While the principle is simple, the more critical question is how many times should I retry and how long should I wait between retries. A misconfigured retry logic can actually take a service under stress (in brownout) to a blackout. Consider, for example, a service that has N callers and each of whom have M callers. 

DeFi Lending: When Will It Threaten Traditional Lenders?

In our view, DeFi will be disruptive for financial-services companies even if almost all applications currently relate to digital assets. Banks, insurance companies and other traditional financial firms are considering the advantages of DLT solutions and monitoring developments in the DeFi market. Ignoring this trend might lead to a wake-up call in the future, although we think this is a few years off, given that DeFi is still in its infancy. DeFi lending could improve the liquidity of certain digital assets. Holders of better-established digital assets can diversify their portfolios by pledging existing digital assets for the purchase of other types. DeFi lending can, therefore, improve liquidity within the overall digital-assets ecosystem. That said, it does not come without risk. Given the typically collateralized nature of the activities, we believe that volatility in the valuations of the digital assets posted as collateral could translate into volatility in the valuations of the digital assets acquired. The volume of activities remains relatively low, but greater DeFi-lending volumes could ultimately lead to increased contagion risks between digital assets.

The Evolution of Enterprise Architecture in an Increasingly Digital World

EA talent is hard to find. They must be comfortable with both business strategy and with the digital technologies necessary to implement the strategies. To better understand the key role played by EA teams in their companies, McKinsey conducted a survey that received over 150 responses from a variety of countries and industries. Respondents who described their companies as “digital leaders” said that EA teams add value by following several best practices, including: Engage top executives in key decisions. The most effective EA teams invest their time in understanding their company’s business needs. 60% of enterprise architects at companies considered digital leaders said they interacted most with C-suite executives and strategy departments, compared with just 24% of those in other companies. Digital transformations are more likely to succeed when a company’s senior leaders understand the impact of technology on the business “and commit their time to making decisions that seem technical but ultimately influence the success or failure of the company’s business aims.”

Turning up the scale knob on threat intelligence operations

The only way to harness the true potential of threat intelligence is to gain maximum benefit by fully leveraging that intelligence to facilitate rapid detection of and response to emerging threats. The need of the hour is modern-day threat intelligence platform (TIP) capabilities that come integrated within a comprehensive cyber fusion center that can drive the entire threat intelligence lifecycle management from ingestion to actioning and response in a fully automated way. Modern-day TIPs integrate frameworks like MITRE ATT&CK Navigator that enable you to gain insights into adversaries’ TTPs to identify trends across the kill chain and produce contextualized intelligence. Such TIPs have made operationalization of different types of threat intelligence—strategic, tactical, technical, and operational—possible for security teams. As threat intelligence continues to be the central theme in today’s cybersecurity programs, the need to scale threat intelligence capabilities has become vital for business and operational success.

Executive Q&A: The Value of Improved Data Management

There are three main challenges that enterprises face in achieving the maximum benefit from their data. First, the compounding effect of continually adding new data sources, and thus more data, dilutes the value of data under analysis. Adding demographic data enriches the data set, which is like adding electrolyte to tap water -- it is good and can be done easily. The challenge we face today is that we also have many new sources for the transaction data (e.g., from online purchases, business partners, and mobile apps). We suddenly have data for every page visit, every click, and every location. This is like upgrading a faucet to a fire hose in your kitchen. In theory you have access to a lot of water, but how much of it will go wasted if you don't have the right tool or technology to process it? Second, the increasing reliance on data captured or purchased in the cloud raises questions about how to rationalize on-premises data as part of an analytics strategy. For many organizations, data generated on premises cannot leave the confines of its firewall. This complicates the creation of a complete picture of the truth.

4 Ways Data Governance Can Improve Business Intelligence

Data is the lifeblood of all operational processes. Data is an asset that needs to be managed so that it is highly accessible, easily usable and reusable, and highly secure. Developing effective data governance can help business owners streamline all operational processes and improve decision-making, so any potential efficiency gaps are easily mitigated. When properly implemented, it can reduce data inconsistencies to a minimum and remove the risk of human error from the equation. According to Statista, the US alone saw over 1000 data breach cases with over 150 million records exposed to cybercriminals. Granted, this is lower than back in 2018 when 471 million records got exposed, and these attacks seem to be decreasing lately, but the overarching trend since 2005 is alarming. We also need to address the insight provided by an Osterman Research study stating that companies typically move, store, and archive 75% of their critical data and intellectual property within their complex ecosystems of communication channels.

13 Areas Where NFTs Have Huge Potential!

Tokenization offers more transparency, and the transactions involved are easy to execute and, most importantly, cost-effective. The representation of intellectual property is also infringing on the patent system. IP-based NFTs are one way to deal with intellectual property. The IPwe platform allows the representation of patents by storing and sharing the NFTs on this platform. The forum is hosted by the IBM Cloud and is supported by the IBM Blockchain. Clients can also trade, buy, license, finance, sell, research, and market patents there. The patent marketplace is the first of its kind, and companies benefit from treating and showcasing their patents as digital assets for security or to secure the value of their business. The freely accessible registry is supported by IBM AI and will be further expanded in the coming months. The registry features current, active, and historical patent records that can be tokenized through NFTs.

Quote for the day:

"Supreme leaders determine where generations are going and develop outstanding leaders they pass the baton to." -- Anyaele Sam Chiyson

No comments:

Post a Comment