Daily Tech Digest - December 28, 2021

What app developers need to do now to fight Log4j exploits

Your first line of defense is to upgrade to the most current Log4j versions. Initially, Apache released a patch that turned out to still have vulnerabilities. The most current versions are Log4j v.2.17.0, if you are running Java 8 or later, and Log4j v.2.12.2, if you are running Java 7 across your web app infrastructure. These turn off JNDI by default and remove message lookup access, both of which lie at the heart of the various vulnerabilities. Disabling JNDI could break something in your apps, so test this carefully before you implement in any production systems. You might also want to stop any Java-based logging if you don’t need it for any of your applications. Again, test before deploying. And those of you who run your own Minecraft server should check and see if it is running Minecraft v.1.8.8 or later; these versions are vulnerable. Microsoft has released Minecraft v.1.18.1, which fixes the issue. You should upgrade immediately or find another and more trustworthy server that has been fixed. Security vendors have worked overtime to augment their tools, and you should take advantage of various free offers.


Performance and scalability of blockchain networks to be key focus areas in 2022

There are many factors influencing the performance of blockchain technology. First, the choice of consensus mechanism is highly important as this protocol or algorithm is responsible for striking a fine balance between the degree of decentralization, scalability, and security. Another key factor is the network latency as the strength of the dedicated bandwidth will play a vital role in broadcasting the transaction to all the nodes and help collate their responses. Similarly, node infrastructure is also a deciding factor. It is important to allocate adequate input-output operations per second (IOPS). Also, the number of nodes, smart contracts, transaction payload size, transaction pooling, and local storage are vital factors influencing the performance. The key to improving the performance and scalability is in selecting the right platform for meeting our performance goals. There are many options available in the market. The industry is constantly exploring divergent solutions to improve scalability and performance. 

5 Internet Technology Predictions for 2022

At this point in time, December 2021, it’s unclear whether the crypto market — now known as “Web3” — is at a market peak equivalent to 1999, or whether it’s at the very beginning of its run like the web in 1993. Either way, I’m predicting a market correction in 2022. Here’s my reasoning: My main critique of Web3 currently is that nothing useful has been built using crypto and blockchains, other than tools for speculation like crypto exchanges and NFT marketplaces. The technical infrastructure of Web3 is both flawed and also not as decentralized as many crypto proponents claim. On the other hand, this same argument could be used to prop up the 1993 comparison — when the web was also immature and not ready for the mainstream. But given the lack of viable products in Web3, my contention is that the value of this market is wildly inflated right now. Remember that the first wave of Dot Com IPOs, starting with Netscape, didn’t kick off until the second half of 1995. That was a point when web platforms were fast maturing, and had attracted attention (and intense competition) from big tech companies like Microsoft and Oracle.


GOP Senator to Introduce 'Comprehensive' Crypto Regs Bill

A Republican senator will soon introduce a bill that, for the first time, attempts to regulate the cryptocurrency space. The bill would reportedly add investor protections, rein in stablecoins, which are pegged to fiat currency, and create a self-regulatory body under the jurisdiction of the U.S. Securities and Exchange Commission and its sister agency, the Commodity Futures Trading Commission. The proposal, first reported by Bloomberg, stems from Sen. Cynthia Lummis, R-Wyo., a longtime crypto-evangelist and one of two U.S. senators to have reportedly invested in virtual currency. Her cryptoassets reportedly total a quarter of a million dollars. In legislation she plans to introduce in early 2022, Lummis intends to provide regulatory clarity on stablecoins - long the subject of congressional debate over concerns around risks and liquidity - and define the different asset classes, while introducing additional protections to insulate investors against substantial losses, scams and potentially lax cybersecurity.


Developments that will define data governance and operational security in 2022

Rapid cloud-based adoption and disruptive business models have led Unicorns to experience unprecedented growth in revenue and customer acquisition – especially within the fields of Fintech, Healthtech and internet services. Data operations have scaled up to meet demand, however, data security hasn’t kept pace. A prime example of this is the data breach at Robinhood, in which an unknown third party used social engineering to glean information from a customer service representative over the phone. The bad-faith actor was able to gain access to sensitive customer support data, ultimately affecting over five million customers. Clearly, the customer support employee was over-privileged, meaning they had access to more data than was necessary for them to do their job effectively. Startups, especially those experiencing rapid growth, such as Robinhood, often start off with trust-based data access policies, where employees are given broad access to data, which initially fuels faster decision making.


What is a Quantum Convolutional Neural Network?

One of the most popular applications of CNN is in the field of image classification. In terms of superposition and parallel computation, quantum computers offer significant advantages. Quantum Convolutional Neural Network improves CNN performance by incorporating quantum environments. In this section, we’ll look at how the QCNN can help with image classification. The quantum convolution layer is a layer in a quantum system that behaves like a convolution layer. To obtain feature maps composed of new data, the quantum convolution layer applies a filter to the input feature map. Unlike the convolution layer, the quantum convolution layer uses a quantum computing environment for filtering. Quantum computers offer superposition and parallel computation, which are not available in classical computing and can reduce learning and evaluation time. Existing quantum computers, on the other hand, are still limited to small quantum systems. 


Guide to Polkadot blockchain app development and deployment

The custom blockchains built on top of Polkadot, also known as parachains, can carry out interchain transactions using the shared security provided by Polkadot in a trust-minimized way. This protocol gives birth to an interconnected internet of blockchains. ... Building a blockchain application can demand a lot of resources. A blockchain project can have good features and real-world value, but without the right resources to fund its development, it won’t get off the ground. Substrate is a generic blockchain framework. As such, it provides plug-and-play components for building blockchain applications and networks. Its modular and pluggable libraries enable you to implement signatures, consensus mechanisms, and other parts of the chain as desired. At the core of Substrate is its composable nature to drive customization while building an application on the Polkadot network. Polkadot as a network provides the Substrate chains with the protocols to send messages across each other. 


In 2022, security will be Linux and open-source developers job number one

Behind the log4j mess is another problem, That's "How do you know what open-source components your software is using?" For example, log4j2 has been in use since 2014. You can't expect anyone to remember if they used that first version in some program you're still using today. The answer is one that the open-source community started taking seriously in recent years: The creation of Software Bills of Material (SBOM). An SBOM spells out exactly what software libraries, routines, and other code has been used in any program. Armed with this, you can examine what component versions are used in your program. As David A. Wheeler, the Linux Foundation's Director of Open Source Supply Chain Security, has explained, by using SBOMs and verified reproducible builds, you can make sure you know what's what in your programs. That way, if a security hole is found in a component, you can simply patch it rather than search like a maniac for any possible problem code before being able to fix it.


Will Autonomous Vehicle Makers Get Back into Gear in 2022?

The biggest challenge for vehicle manufacturers and their technology partners is developing models that can deliver a true autonomous driving experience. Within the AV industry, full autonomy is referred to as Level 5 Advanced Driver Assistance Systems (ADAS). “At Level 5, there is no human intervention required and the vehicle is fully capable of driving itself,” says Matt Desmond, automotive principal industry analyst at business advisory firm Capgemini Americas. None of the AVs marketed to be sold in the next few years will incorporate Level 5 ADAS. “Delivering a truly autonomous vehicle—without steering wheel, accelerator, or brakes—is a steep technological and safety challenge, and there are many significant hurdles to achieving fully autonomous solutions,” Desmond says. In the meantime, leading vehicle manufacturers and technology firms are investing massive sums in developing, testing, and refining AV systems in an effort to mitigate technical issues and deliver a robust technology foundation, he notes. As things currently stand, Level 5 ADAS vehicles may not reach market for at least several years. 


The physical office is dead (long live the office)

Rather than considering what offices should look like in the future, it's worth asking the deeper question of whether we need offices at all for most knowledge workers. The office originated based on the simple advantages that bringing humans physically together engendered. If your choice was to send a telegram across the country and wait days for a response, consolidating critical employees in the same office created a significant competitive advantage. During the dawn of the corporation, there was simply no reasonable alternative to having people in the same space in order to communicate effectively and efficiently. While we've had decent and effective remote working technologies for years before COVID, the balance of power in a working situation seems to reside with the majority. When the majority were in the same location, remote workers missed key interactions and were generally less effective than in-office counterparts. With the majority of knowledge workers now remote, those in a physical location are forced to act like remote workers.



Quote for the day:

"Listening to the inner voice & trusting the inner voice is one of the most important lessons of leadership." -- Warren Bennis

No comments:

Post a Comment