Daily Tech Digest - March 10, 2022

Sharp rise in SMB cyberattacks by Russia and China

Over the last several weeks, there has been a sharp rise in activity from countries with consistently high levels of both attempted and successful attacks originating within their borders — Russia and China. The vast volumes of data analyzed suggests these countries may even be coordinating attack efforts. Per analysis available, attack trend lines that compare Russia and China show almost the exact same pattern. Juxtaposed to a chart from Germany indicates that it is not even close to the same pattern, leading to educated speculation that these countries could be coordinating efforts. According to the Brookings Institute, “The U.S. National Security Strategy declares Russia and China the two top threats to U.S. national security. At the best of times, U.S.-Russia ties are a mixture of cooperation and competition, but today they are largely adversarial… Russia’s increasingly close relationship with China represents an ongoing challenge for the United States. While there is little that Washington can do to draw Moscow away from Beijing, it should not pursue policies that drive the two countries closer together, such as the trade war with China and rafts of sanctions against Russia.”

Threat intelligence: why it matters, and what best practice looks like

While no two organisations are the same, one useful way to think about deploying threat intelligence is to focus on three stages: monitoring, integration and analysis. In the early days of a project threat intelligence strategy, it’s unlikely that you’ll have the relevant expertise, time, or resources that are necessary to support proactive intelligence analysis yet. However, by collecting information from various sources and monitoring them for threat indicators relevant to your business, it’s possible to drive significant value. This could include things like leaked corporate credentials, mentions of your product on the dark web or looking for typosquats of your corporate brands in domain name registrations that are important as you begin your journey. The intelligence gained from doing so could help to inform the IT department for password resets, phishing email campaigns targeting employees and accelerate efforts to verify potential security incident efforts. Next comes integration. 

A Proposal For Type Syntax in JavaScript

When we’ve been asked "when are types coming to JavaScript?", we’ve had to hesitate to answer. Historically, the problem was that if you asked developers what they had in mind for types in JavaScript, you’d get many different answers. Some felt that types should be totally ignored, while others felt like they should have some meaning – possibly that they should enforce some sort of runtime validation, or that they should be introspectable, or that they should act as hints to the engine for optimization, and more! But in the last few years we’ve seen people converge more towards a design that works well with the direction TypeScript has moved towards – that types are totally ignored and erasable syntax at runtime. This convergence, alongside the broad use of TypeScript, made us feel more confident when several JavaScript and TypeScript developers outside of our core team approached us once more about a proposal called "types as comments". The idea of this proposal is that JavaScript could carve out a set of syntax for types that engines would entirely ignore, but which tools like TypeScript, Flow, and others could use.

Have smart wearables increased productivity of employees in the hybrid working environment?

Smartwatches offer myriads of features that help individuals take charge of their daily tasks and complete them quicker and with ease. From using the voice commands to dictate emails to sending short messages or to track their physical movements, water intake, SpO2, heart rate, stress, breathing exercises, stretching, etc., these devices have enabled us to tirelessly complete tasks without compromising on fitness and health. SpO2 has emerged as an important measure for fitness over the last two years. It is satisfying to keep a check on it from time to time just in case any medical assistance is required. On the other hand, earbuds let you answer calls hands free, which makes it easier to make notes or go on with other tasks, thereby boosting productivity. Features like ANC and ENC take care of the background noise to further enhance the quality of audio experience. And in case, you’re out running an errand during office hours, and forget a crucial meeting that was scheduled, your smartwatch will notify you. You can also pick up the call via your earbuds while you drive back home, and it is really happening out there.

Best Practices for Running Stateful Applications on Kubernetes

A common approach is to run your stateful application in a VM or bare metal machine, and have resources in your Kubernetes cluster communicate with it. The stateful application becomes an external integration from the perspective of pods in your cluster. The upside of this approach is that it allows you to run existing stateful applications as is, with no refactoring or re-architecture. If the application is able to scale up to meet the workloads required by the Kubernetes cluster, you do not need Kubernetes’ fancy auto scaling and provisioning mechanisms. The downside is that by maintaining a non-Kubernetes resource outside your cluster, you need to have a way of monitoring processes, performing configuration management, performing load balancing and service discovery for that application. ... A second, equally common approach is to run stateful applications as a managed cloud service. For example, if you need to run a SQL database with a containerized application, and you are running in AWS, you can use Amazon’s Relational Database Service (RDS). 

3 DevSecOps Practices to Minimize Impact of the Next Log4Shell

Security is tough to get right, and it’s made more difficult by market pressures, cloud complexity and the growing prevalence of open source libraries. This has expanded the typical enterprise’s cyberattack surface to many times its size of several years ago. It has also provided more opportunities for potentially critical vulnerabilities to enter the development cycle and then persist into production. Log4Shell is the poster child for that problem. As a result, it’s more important than ever that we pay more than lip service to the concept of security as a shared responsibility within the organization. “Shared responsibility” is often used to mean greater boardroom buy-in, or in the context of behavioral change among staff, but it’s just as important in IT departments. We need developers to become more skilled in building secure products, but we also need to ensure apps in production continue running securely. Breaking down the silos between developers, operations and security teams will drive true DevSecOps practices. To get there, organizations should unify teams around a centralized platform that gives them visibility and control.

Forrester predicts RPA software market growth will begin to flatten next year

Forrester is predicting that some of the money going to RPA software today will begin to shift to broader AI automation solutions. It’s worth noting that while RPA has robotic in its name, it’s not really AI in a true sense. The bots in this case are more like scripts completing a set of highly manual tasks. By comparison, no-code automation solutions make it easy to create a workflow, presumably without consulting help. AI provides a way to intelligently implement tasks and take steps based on the data instead of moving through a set of highly defined hard-coded work. This decline is coming in spite of investor enthusiasm for the market from investors who valued UiPath at $35 billion when it raised $750 million last year, its last private fundraise prior to its IPO. Today the company’s market cap sits at close to $15 billion, certainly a precipitous drop in value, even taking into consideration the big hit software companies have been taking in the stock market over the last year. Meanwhile, we also saw some pretty significant consolidation as companies like SAP bought Signavio, ServiceNow acquired Intellibot and Salesforce snagged Servicetrace, as several examples.

The rise of confidential blockchains

Cryptoeconomics has long been founded upon the proof-of-work consensus algorithm. This algorithm has proven to be truly resilient to Byzantine attacks. But there are downsides. First, the performance of proof-of-work blockchains remains poor. Bitcoin, for example, still operates at seven transactions per second. Second, proof-of-work blockchains are also extremely energy-intensive. Today, the process of creating Bitcoin consumes around 91 terawatt-hours of electricity annually. This is more energy than is used by Finland, a nation of about 5.5 million people. While, there is a section of commentators that consider this to be a necessary cost of protecting the global cryptocurrency system, rather than just the cost of running a digital payment system. There is another section that thinks that this cost could be done away with by developing proof-of-stake consensus protocols, as they deliver much higher throughput of transactions. Indeed, the proof-of-stake blockchains built on the Tendermint framework deliver upwards of 10,000 transactions per second. However, proof-of-stake blockchains also have some downsides.

Teaming is hard because you’re probably not really on a team

Real teams are all about solving the hardest, most complex problems. A diverse set of perspectives and skills is required to untangle these sorts of problems, for which there is no obvious solution. Members of a real team trust each other and work toward a common goal. Real teams are thoughtful, they argue, and they push each other to do better. They require nimble leaders who prioritize building connections within the team. They create clear boundaries that reinforce a strong sense of trust. They have a shared purpose and clear norms. And, importantly, they produce a collective output. If you see a group of people focusing intently on solving a single, very complex problem, you’re probably looking at a real team. Working groups are all about efficiency. Most people spend most of their productive time in working groups. We’ll say it again: there is nothing wrong with being in a working group. In fact, working groups are often best suited to the tasks at hand. Managers of working groups focus heavily on techniques to make their collaboration more efficient. 

How machine learning can course-correct inherent biases in recruiting

Often, if the job opening is attractive, there may be hundreds of people applying for a single position. Toward the end of the hiring process, all of the candidates are more than good enough to do the job but they don’t make the final cut. How hiring managers decide between them is often on minute mistakes. These are an underutilised resource for HR teams when recruiting. These candidates have already proven themselves, but historically there hasn’t been an easy way to match them with other companies who would likely hire them based on their performance. Joonko has developed a platform that is made up entirely of silver medalists, pre-qualified candidates who have passed at least two stages of the recruiting process, and match these candidates with future jobs, thus saving significant time in the recruiting process. ... “Silver medalists were already vetted by their peers, and the conversation with the candidates could be more around the specific needs of the organisation, without the excruciating part of the interview process.”

Quote for the day:

"Leaders need to strike a balance between action and patience." -- Doug Smith

No comments:

Post a Comment