What app developers need to do now to fight Log4j exploits
Your first line of defense is to upgrade to the most current Log4j versions.
Initially, Apache released a patch that turned out to still have
vulnerabilities. The most current versions are Log4j v.2.17.0, if you are
running Java 8 or later, and Log4j v.2.12.2, if you are running Java 7 across
your web app infrastructure. These turn off JNDI by default and remove message
lookup access, both of which lie at the heart of the various vulnerabilities.
Disabling JNDI could break something in your apps, so test this carefully before
you implement in any production systems. You might also want to stop any
Java-based logging if you don’t need it for any of your applications. Again,
test before deploying. And those of you who run your own Minecraft server should
check and see if it is running Minecraft v.1.8.8 or later; these versions are
vulnerable. Microsoft has released Minecraft v.1.18.1, which fixes the issue.
You should upgrade immediately or find another and more trustworthy server that
has been fixed. Security vendors have worked overtime to augment their tools,
and you should take advantage of various free offers.
Performance and scalability of blockchain networks to be key focus areas in 2022
There are many factors influencing the performance of blockchain technology.
First, the choice of consensus mechanism is highly important as this protocol or
algorithm is responsible for striking a fine balance between the degree of
decentralization, scalability, and security. Another key factor is the network
latency as the strength of the dedicated bandwidth will play a vital role in
broadcasting the transaction to all the nodes and help collate their responses.
Similarly, node infrastructure is also a deciding factor. It is important to
allocate adequate input-output operations per second (IOPS). Also, the number of
nodes, smart contracts, transaction payload size, transaction pooling, and local
storage are vital factors influencing the performance. The key to improving the
performance and scalability is in selecting the right platform for meeting our
performance goals. There are many options available in the market. The industry
is constantly exploring divergent solutions to improve scalability and
performance.
5 Internet Technology Predictions for 2022
At this point in time, December 2021, it’s unclear whether the crypto market —
now known as “Web3” — is at a market peak equivalent to 1999, or whether it’s
at the very beginning of its run like the web in 1993. Either way, I’m
predicting a market correction in 2022. Here’s my reasoning: My main critique
of Web3 currently is that nothing useful has been built using crypto and
blockchains, other than tools for speculation like crypto exchanges and NFT
marketplaces. The technical infrastructure of Web3 is both flawed and also not
as decentralized as many crypto proponents claim. On the other hand, this same
argument could be used to prop up the 1993 comparison — when the web was also
immature and not ready for the mainstream. But given the lack of viable
products in Web3, my contention is that the value of this market is wildly
inflated right now. Remember that the first wave of Dot Com IPOs, starting
with Netscape, didn’t kick off until the second half of 1995. That was a point
when web platforms were fast maturing, and had attracted attention (and
intense competition) from big tech companies like Microsoft and Oracle.
GOP Senator to Introduce 'Comprehensive' Crypto Regs Bill
A Republican senator will soon introduce a bill that, for the first time,
attempts to regulate the cryptocurrency space. The bill would reportedly add
investor protections, rein in stablecoins, which are pegged to fiat currency,
and create a self-regulatory body under the jurisdiction of the U.S.
Securities and Exchange Commission and its sister agency, the Commodity
Futures Trading Commission. The proposal, first reported by Bloomberg, stems
from Sen. Cynthia Lummis, R-Wyo., a longtime crypto-evangelist and one of two
U.S. senators to have reportedly invested in virtual currency. Her
cryptoassets reportedly total a quarter of a million dollars. In legislation
she plans to introduce in early 2022, Lummis intends to provide regulatory
clarity on stablecoins - long the subject of congressional debate over
concerns around risks and liquidity - and define the different asset classes,
while introducing additional protections to insulate investors against
substantial losses, scams and potentially lax cybersecurity.
Developments that will define data governance and operational security in 2022
Rapid cloud-based adoption and disruptive business models have led Unicorns to
experience unprecedented growth in revenue and customer acquisition –
especially within the fields of Fintech, Healthtech and internet services.
Data operations have scaled up to meet demand, however, data security hasn’t
kept pace. A prime example of this is the data breach at Robinhood, in which
an unknown third party used social engineering to glean information from a
customer service representative over the phone. The bad-faith actor was able
to gain access to sensitive customer support data, ultimately affecting over
five million customers. Clearly, the customer support employee was
over-privileged, meaning they had access to more data than was necessary for
them to do their job effectively. Startups, especially those experiencing
rapid growth, such as Robinhood, often start off with trust-based data access
policies, where employees are given broad access to data, which initially
fuels faster decision making.
What is a Quantum Convolutional Neural Network?
One of the most popular applications of CNN is in the field of image
classification. In terms of superposition and parallel computation, quantum
computers offer significant advantages. Quantum Convolutional Neural Network
improves CNN performance by incorporating quantum environments. In this
section, we’ll look at how the QCNN can help with image classification. The
quantum convolution layer is a layer in a quantum system that behaves like a
convolution layer. To obtain feature maps composed of new data, the quantum
convolution layer applies a filter to the input feature map. Unlike the
convolution layer, the quantum convolution layer uses a quantum computing
environment for filtering. Quantum computers offer superposition and parallel
computation, which are not available in classical computing and can reduce
learning and evaluation time. Existing quantum computers, on the other hand,
are still limited to small quantum systems.
Guide to Polkadot blockchain app development and deployment
The custom blockchains built on top of Polkadot, also known as parachains, can
carry out interchain transactions using the shared security provided by Polkadot
in a trust-minimized way. This protocol gives birth to an interconnected
internet of blockchains. ... Building a blockchain application can demand a lot
of resources. A blockchain project can have good features and real-world value,
but without the right resources to fund its development, it won’t get off the
ground. Substrate is a generic blockchain framework. As such, it provides
plug-and-play components for building blockchain applications and networks. Its
modular and pluggable libraries enable you to implement signatures, consensus
mechanisms, and other parts of the chain as desired. At the core of Substrate is
its composable nature to drive customization while building an application on
the Polkadot network. Polkadot as a network provides the Substrate chains with
the protocols to send messages across each other.
In 2022, security will be Linux and open-source developers job number one
Behind the log4j mess is another problem, That's "How do you know what
open-source components your software is using?" For example, log4j2 has been in
use since 2014. You can't expect anyone to remember if they used that first
version in some program you're still using today. The answer is one that the
open-source community started taking seriously in recent years: The creation of
Software Bills of Material (SBOM). An SBOM spells out exactly what software
libraries, routines, and other code has been used in any program. Armed with
this, you can examine what component versions are used in your program. As David
A. Wheeler, the Linux Foundation's Director of Open Source Supply Chain
Security, has explained, by using SBOMs and verified reproducible builds, you
can make sure you know what's what in your programs. That way, if a security
hole is found in a component, you can simply patch it rather than search like a
maniac for any possible problem code before being able to fix it.
Will Autonomous Vehicle Makers Get Back into Gear in 2022?
The biggest challenge for vehicle manufacturers and their technology partners is
developing models that can deliver a true autonomous driving experience. Within
the AV industry, full autonomy is referred to as Level 5 Advanced Driver
Assistance Systems (ADAS). “At Level 5, there is no human intervention required
and the vehicle is fully capable of driving itself,” says Matt Desmond,
automotive principal industry analyst at business advisory firm Capgemini
Americas. None of the AVs marketed to be sold in the next few years will
incorporate Level 5 ADAS. “Delivering a truly autonomous vehicle—without
steering wheel, accelerator, or brakes—is a steep technological and safety
challenge, and there are many significant hurdles to achieving fully autonomous
solutions,” Desmond says. In the meantime, leading vehicle manufacturers and
technology firms are investing massive sums in developing, testing, and refining
AV systems in an effort to mitigate technical issues and deliver a robust
technology foundation, he notes. As things currently stand, Level 5 ADAS
vehicles may not reach market for at least several years.
The physical office is dead (long live the office)
Rather than considering what offices should look like in the future, it's worth
asking the deeper question of whether we need offices at all for most knowledge
workers. The office originated based on the simple advantages that bringing
humans physically together engendered. If your choice was to send a telegram
across the country and wait days for a response, consolidating critical
employees in the same office created a significant competitive advantage. During
the dawn of the corporation, there was simply no reasonable alternative to
having people in the same space in order to communicate effectively and
efficiently. While we've had decent and effective remote working technologies
for years before COVID, the balance of power in a working situation seems to
reside with the majority. When the majority were in the same location, remote
workers missed key interactions and were generally less effective than in-office
counterparts. With the majority of knowledge workers now remote, those in a
physical location are forced to act like remote workers.
Quote for the day:
"Listening to the inner voice &
trusting the inner voice is one of the most important lessons of leadership."
-- Warren Bennis
No comments:
Post a Comment