The metaverse: Where we are and where we’re headed
The underpinnings of the metaverse have already taken the gaming industry by
storm, because gaming is where virtual experiences have been the most immersive.
In fact, there’s almost a separate conversation happening in gaming, where
virtual interaction and things like NFTs and cryptocurrencies are spawning a
creator and gamer economy that hasn’t yet impacted the enterprise. Bitter
rivalries exist in gaming, as evidenced by the legal battle between Apple, which
wants to charge 30% for access to its app store, and game maker Epic, which
needs to access the iPhone because it’s such a compelling format for gaming but
refuses to pay that tax. Many gamers dream of a connected network of always-on
3D virtual worlds where you can port your gaming profile anywhere. But that’s
not going to happen anytime soon, given that virtual spaces are owned by
different companies. And besides, a cross-gaming metaverse doesn’t fully
encapsulate the metaverse’s full potential – the one that will transform just
about every industry. While forecasting the exact form of the coming metaverse
is impossible, the seeds are being sown today.
Best Practices: 5 Risks To Assess for Secure CI Pipeline
If you’re an experienced software engineer or security professional, you’ve
probably heard of API keys leaking from public code repositories. Maybe you’ve
even experienced your own secrets getting leaked after accidentally committing
them to an open-source project. Depending on the type of secret that was leaked,
it could end up being a costly mistake. The best way to protect your secrets is
to practice good secret management. A good start is to use secret management
tools like Azure Key Vault or Amazon KWS that provide secure storage and
identity-based access (learn more here). Using GitHub’s built-in repository
secrets manager also works well depending on your use case, but it isn’t as
feature-rich as a true key management service. Another must-have for secret
management is a tool that can tell you right away if you accidentally commit a
secret to your codebase. There are some different options out there, but secret
detection is GitGuardian ‘s specialty. It has hundreds of built-in secret
detectors and is free for open-source projects. Knowing right when you
accidentally expose your secrets is crucial in protecting yourself and your
code.
How hybrid working is impacting operational efficiency
The advent of the Omicron variant has been a watershed moment in the story of
the pandemic, cementing the idea that restrictions, changed habits, and new
workplace practices such as hybrid working aren’t going away any time soon.
This realisation has clearly been felt by Google, which is – according to
recent reports – in the process of investing £730 million into a reinvigorated
work environment that places a heavy emphasis on hybrid working culture.
Google’s multi-million-pound purchase and refurbishment of Central Saint Giles
will include inclusive meeting rooms for the purposes of hybrid working, in
addition to more spacious and partially outdoor areas that have clearly been
inspired by pandemic life. By proactively investing in this kind of
undertaking, Google is leading the way in looking beyond discussions of
whether hybrid working is [or is not] a practice worth pursuing, choosing
instead to focus on the workplace practicalities of hybridity. These
practicalities demand urgent and comprehensive thought in order for
organisations to improve, discover, or regain satisfactory levels of
operational efficiency which, as we have found in our clients, may have been
eroded due to hybrid working.
Decentralized Web3 Computing Is Key To Scaling The Metaverse
Because metaverses are digital worlds where users interact with each other
and software programs in a three-dimensional space, they are also complex
systems that require copious computing resources to run their 3D worlds and
advanced AI algorithms. Their collection of interconnected applications and
services will allow users to freely move between cross-chain visual worlds,
requiring highly-distributed and powerful compute power for reliability. The
metaverse will also be a critical piece of Web3, providing users with access
to blockchain-based applications and services as well as new decentralized
applications (dApps) to be built that were never possible before.
Fortunately, this infrastructure for a powerful, secure, and scalable
computing cloud based on blockchain is already in place and embedded into
modern microprocessors. The foundation of this infrastructure is called a
trusted execution environment or TEE-based privacy technology. TEE is a
secure area of a microprocessor that can provide confidential and isolated
application execution while creating a blockchain compute
Data Quality, Data Stewardship, Data Governance: Three Keys
Quality cannot be measured or improved if definitions and rules aren’t
clear, if valid values aren’t clear, if the context is missing, or if
there’s no shared understanding of what quality data is.Hopper showed a
record with multiple unlabeled fields, illustrating the value of context in
understanding data, as well as the importance of consistent terminology
shared by business users. “Field 1” just isn’t enough, she said. ... A
steward works to protect a valuable resource and ensures the health and
sustainability of that resource, she said. ... A steward provides ongoing
monitoring and maintenance of data assets, and in most organizations, they
focus on quality, because in the end that quality translates into usability,
she said. ... Many organizations are unclear about whether data stewards
live in the business or in IT, but it’s important to understand that there
are different types of data stewards. Some are more business-focused,
working with business terms, definitions, and rules, and so they become the
go-to person to help business users with a quality issue.
Digital IDs under attack: How to tackle the threat?
A key objective of the eIDAS regulation is to secure electronic
identification and authentication in cross-borders online services offered
within Member States. Today’s publications support the achievement of this
objective of the regulation. In addition, the regulation also addresses
identity proofing in the different contexts where trust in digital
identities is necessary and elaborates on qualified certificates to allow
for other identification methods. The area of identification has seen a new
trend emerge over the past few years in the self-sovereign identity
technologies also referred to as SSI. The report explains what these
technologies are and explores their potential to achieve greater control of
users over their identities and data, cross-border interoperability, mutual
recognition and technology neutrality as required by the eIDAS regulation.
The report on remote identity proofing builds on the previous report Remote
ID Proofing of ENISA, which makes an analysis of the different methods used
to carry out identity proofing remotely. The new report analyses the
different types of face recognition attacks and suggests countermeasures.
Report: Access Broker Exploiting VMware Log4j Vulnerability
The BlackBerry researchers say attackers most commonly use encoded
PowerShell commands to download a second-stage payload to victimized
systems, after using the Log4j flaw to first gain access. They warn that in
some cases, the threat actors also attempted to use the curl.exe binary file
to download additional files to the system - and attempted to execute the
downloaded content using the Windows Subsystem for Linux bash utility. They
say multiple cryptominers were identified after successful exploitation -
and in one case, PowerShell was used to download and execute the "xms.ps1"
file containing a cryptominer. The researchers say the script then created a
Scheduled Task to establish persistence and to store command-and-control and
wallet configurations. The cybersecurity firm also "discovered instances
where a webshell file was injected into absg-worker.js, and the VMBlastSG
service restarted to allow for connections to the webshell." BlackBerry also
calls the threat actors in these cases "tidy" - citing cleanup actions taken
following miner installation.
IT leadership: 3 practices to let go of in 2022
Historically, IT problems have been addressed in a reactive manner. A help
desk ticket arrives, and an MSP then initiates an investigation into the
issue. That methodology is akin to finding a needle in a haystack,
especially if it is a global or regional issue. It requires going into your
in-house server to backtrack the issue, resulting in lost productivity and
excess effort on the part of MSPs to find and resolve the problem. A
cloud-based solution eliminates manual exploration and remediation of help
desk issues. Many offer alert prioritization features, enabling IT to
clearly see the most urgent issues and address them in a more proactive and
efficient way. If there are multiple outages in multiple locations, these
solutions allow MSPs to triage issues. That’s more, cloud-based services can
be designated for hybrid, public, or private hosting. This eliminates the
need for antiquated in-house servers, which are vulnerable to system crashes
and lost data as well as costly repairs and maintenance.
Getting proactive about reactance
As the return-to-work conundrum suggests, reactance isn’t triggered by
change per se. It is triggered when change bumps up against established
norms, beliefs, or expectations, as is often the case with corporate change
initiatives—which may help explain why failure rates for such programs are
usually pegged at around 70%. “If people have a structured belief and you
try to change that belief, that is a moment when people are very inclined to
feel reactance. The stronger that belief, the stronger the pushback,”
Nordgren said. The natural inclination in such cases is to respond to
reactance by making a more strident case for change and bolstering it with
plenty of evidence. The problem with this approach, as seen time and again
in the last couple of years, is that it raises the pressure to change, which
in turn, creates a reactance flywheel. “To me, this is one of the most
important ideas around reactance,” Nordgren explained. “If you believe in
climate change and you’re dealing with someone who does not, or if you
believe in vaccines and you’re dealing with someone who does not, the more
evidence you throw at them, the more they fight against it. ...”
How the Financial Times Approaches Engineering Enablement
Teams at the FT have a lot of autonomy, within certain boundaries. The
boundaries generally are where you want to make a change that has an impact
outside your team, for example, when you want to introduce a new tool but
something is already available, or where we get a lot of benefit as a
department from having a single approach. ... Similarly, if you want to
start shipping logs somewhere different, that has an impact on people’s
ability to look at all the logs for one event in a single location, which
can be important during an incident. Sometimes, teams need something for
which there isn’t a current solution, and then they can generally try
something out. For a completely new vendor, teams need to go through a
multi-step procurement process - but teams can go through a shorter process
while they are doing evaluation, provided they aren’t planning to do
something risky like send PII data to the vendor. Teams do use their
autonomy. They make decisions about their own architecture, their own
libraries and frameworks.
Quote for the day:
"A true dreamer is one who knows how
to navigate in the dark." -- John Paul Warren
No comments:
Post a Comment