Daily Tech Digest - March 21, 2022

Improve agile and app dev meetings

Sometimes, it’s the choice of tools for hybrid work that can simplify remote collaboration. Sometimes it’s how organizations, teams, and people use them. ... These basic tools help agile teams manage their priorities, requirements, and status to complete sprints and releases. There are also opportunities to improve collaboration with product owners and stakeholders using advanced road maps and sharing views of Jira issues on Confluence pages. Another option is to reduce the complexity in developing applications, dashboards, and data integrations with low-code and no-code tools. These tools can cut the time and collaboration required to prototype, develop, test, and deploy capabilities, and their visual programming modalities often lessen the need to create detailed implementation documents. Rosaria Silipo, PhD, principal data scientist and head of evangelism at KNIME, agrees and says, “Low-code tools are becoming increasingly popular and deliver the freedom to prototype swiftly. They enable the collaboration of simple to complex app dev within an integrated platform, where steps are consumable by technical and non-technical stakeholders.”

Is UX design regressing today ?

Internet users are confronted all day long with various sites, each with its logic, rules, and UX design. There is a need for flexibility on the part of users as they adapt throughout their day to applications that feel they have achieved the perfect logic for a good user experience. Every company has a website, a page on all the major social networks, an application. SAAS are multiplying and smartphones are more and more used to doing everything. This need for the digital presence of all companies has made the need for Ux designers explode. As Ux has become something commonplace, non-experts have expectations of Ux designers, the expectation of designing an application that pleases. The core of the problem lies in this level of design, an application is not used in isolation. It is linked to dozens of others and is part of a life where digital is always present. If some people feel that Ux design is regressing, it’s because of the lack of consideration for the ecosystem in which the applications will evolve. All the rules of Ux design can be perfectly applied, but will still create friction if the logic of use has been thought only for the application and not for the ecosystem.

Documenting the NFT voyage: A journey into the future

The most crucial task for any NFT project is to focus on innovative design and diversified utilities for its users. Moreover, the first-to-market NFT project will always have the edge over other competing projects to generate value. Unfortunately, while making copies of the original (forks) is easy, it does not always translate into a successful project. For example, the legendary Ethereum-based CryptoPunks from Larva Labs is the inspiration behind PolygonPunks residing on the Polygon blockchain. Although PolygonPunks is very successful, many consider it a ‘derivative collection’ that can compromise buyers’ safety. This is why the NFT marketplace OpenSea delisted PolygonPunks after a request from developers at Larva Labs. The second characteristic of a good NFT project is how strong the community is. A genuinely decentralized project with a well-knit community goes a long way in making it a success. As demonstrated above, the Pudgy Penguins and CryptoPunks communities are robust enough to protect the legacy of the projects. Moreover, interoperable NFTs help forge communities across blockchain networks, making them stronger.

“DevOps is a culture, it's not a job description”

In contrast to traditional software development lines, whereby those in product would define the product, pass it to the developers, who would send it to the testers, who would then assess its quality before sending it out for wider use, the ‘Dev-Centric’ culture at Wix advocates that the developer should remain in the middle of that process; it turns the assembly line into a circle with the engineer sitting comfortably within the compounds of all the other departments - the movie star in his own film in charge of filming and the final edit. “DevOps is a culture, it's not a job description… the DevOps culture, it’s kind of intertwined with continuous delivery. It is the culture of giving the developers the responsibility and ability to deploy their product end to end… DevOps is not a job description and I didn't want the people here in the company to confuse the two. It is a very similar concept of empowering the developers to run things on production.” Mordo, who joined Wix in 2010, has seen its growth from a simple website builder into one of the internet’s biggest players and Israel’s largest companies. 

Developer sabotages own npm module prompting open-source supply chain security questions

"Even if the deliberate and dangerous act of maintainer RIAEvangelist will be perceived by some as a legitimate act of protest, how does that reflect on the maintainer’s future reputation and stake in the developer community?," Liran Tal, Snyk's director of developer advocacy, said. "Would this maintainer ever be trusted again to not follow up on future acts in such or even more aggressive actions for any projects they participate in?" "When it comes to this particular issue of trust, I believe the best way for it to be handled is with proper software supply chain hygiene," Brian Fox, CTO of supply chain security firm Sonatype, tells CSO. "When you’re choosing what open-source projects to use, you need to look at the maintainers." Fox recommends exclusively choosing code from projects backed by foundations such as the Apache Foundation, which don't have projects with just one developer or maintainer. With foundations there is some oversight, group reviews and governance that's more likely to catch this type of abuse before it's released to the world.

Never-Mind the Gap: It Isn't Skills We're Short Of, It's Common Sense

Every person working in cybersecurity today started somewhere, and the amount of learning material currently available surpasses what was around when many of us started out. Enticing the right person to one of these outlets can spark a flame that can burn through an organization faster than anything else. When you ignite a passion, you ignite something deeper, and aiding these individuals in manifesting their talent can only benefit your organization. There needs to be a new narrative that cybersecurity is not only about having technical prowess because many roles don’t require a high level of technical expertise. These positions are a great stepping stone into the industry for those who lack the core technological know-how you might expect when you think of a “cybersecurity expert” and provide valuable insights and input to the security teams. Organizations love silos, but what happens when larger strategies overlap silos, technologies and outcomes?

Explore 9 essential elements of network security

Advanced network threat prevention products perform signatureless malware discovery at the network layer to detect cyber threats and attacks that employ advanced malware and persistent remote access. These products employ heuristics, code analysis, statistical analysis, emulation and machine learning to flag and sandbox suspicious files. Sandboxing -- the isolation of a file from the network so it can execute without affecting other resources -- helps identify malware based on its behavior rather than through fingerprinting. ... DDoS mitigation is a set of hardening techniques, processes and tools that enable a network, information system or IT environment to resist or mitigate the effect of DDoS attacks on networks. DDoS mitigation activities typically require analysis of the underlying system, network or environment for known and unknown security vulnerabilities targeted in a DDoS attack. This also requires identification of what normal conditions are -- through traffic analysis -- and the ability to identify incoming traffic to separate human traffic from humanlike bots and hijacked web browsers.

Preparing for the quantum-safe encryption future

Quantum-safe encryption is key to addressing the quantum-based cybersecurity threats of the future, and Woodward predicts that a NIST candidate will eventually emerge as the new standard used to protect virtually all communications flowing over the internet, including browsers using TLS. “Google has already tried experiments with this using a scheme called New Hope in Chrome,” he says. Post-Quantum’s own encryption algorithm, NTS-KEM (now known as Classic McEliece), is the only remaining finalist in the code-based NIST competition. “Many have waited for NIST’s standard to emerge before taking action on quantum encryption, but the reality now is that this could be closer than people think, and the latest indication is that it could be in the next month,” says Cheng. Very soon, companies will need to start upgrading their cryptographic infrastructure to integrate these new algorithms, which could take over a decade, he says. “Microsoft’s Brian LaMacchia, one of the most respected cryptographers in the world, has summarized succinctly that quantum migration will be a much bigger challenge than past Windows updates.”

The value of DevEx: how starting with developers can boost customer experience

The benefits of building a great customer experience are clear, but when identifying how to actually go about curating a world-class customer experience, things become more complicated. Many start by looking at end-user features and technologies such as chatbots, conversational AI, omnichannel messaging, and more as a way to kickstart CX efforts. Yet while all of these can, and should improve customer experience, they are not addressing customer experience at its core. The reality is, in order to truly build a transformational customer experience, you must first start with providing a better experience for those who are responsible for building your products, services, and the experiences customers have when interacting with them. You must start with your developers. Developer experience is customer experience. ... Creating a great developer experience means creating a frictionless developer experience. If developers can spend less time figuring out tools, processes, and procedures, they can spend more time innovating and building modern features and experiences for their end-users.

Why machine identities matter (and how to use them)

It is well accepted that reliance on perimeter network security, shared accounts, or static credentials such as passwords, are anti-patterns. Instead of relying on shared accounts, modern human-to-machine access is now performed using human identities via SSO. Instead of relying on network perimeter, a zero-trust approach is preferred. These innovations have not yet made their way into the world of machine-to-machine communication. Machines continue to rely on the static credentials – an equivalent of a password called the API key. Machines often rely on perimeter security as well, with microservices connecting to databases without encryption, authentication, authorization, or audit. There is an emerging consensus that password-based authentication and authorization for humans is woefully inadequate to secure our critical digital infrastructure. As a result, organizations are increasingly implementing “passwordless” solutions for their employees that rely on integration with SSO providers and leverage popular, secure, and widely available hardware-based solutions like Apple Touch ID and Face ID for access.

Quote for the day:

"Confident and courageous leaders have no problems pointing out their own weaknesses and ignorance." -- Thom S. Rainer

No comments:

Post a Comment