Daily Tech Digest - April 03, 2022

With Identity Management, Start Early for Less Tech Debt

Starting with a robust identity and access management (IAM) solution will give new projects a head start on the competition. Users will have access to more features earlier. Additionally, no growing pains also mean no tech debt. Any new project has challenges right from the start. Finishing the MVP is a high priority. Planning meetings to outline necessary features and requirements can suffer from scope creep. Every shortcut taken to deliver on time borrows against the future. Tech debt is a known cost, and many startups take on a significant amount. As any app needs users, it eventually will come down to planning the features and structures needed. Everyone is a user themselves, so it’s easy to come up with a variety of useful features. Single sign-on, social logins and multifactor authentication are all conventional IAM features included in the project scope and planned out for customers. Features and domain knowledge are designed around what the team thinks a user will need. A user’s footprint within your app gets built out in forms and user profile pages. Business data and user data are stored together.

Enterprise Architects Can Be Indispensable in the Boardroom

Data is enterprise currency, and executive management discussions in the boardroom are data-driven. A knowledgeable enterprise architect can show the board how data for business requirements are translated into technological specifications. EA can provide timely reports on the status of the current application landscape and IT inventory to provide data that addresses crucial boardroom evaluations and decision-making. Use reports to tie EA into business processes during regular meetings. Data can be used to illustrate real issues with simple diagrams and use cases, demonstrating options and concrete results. EA overlays on top of the business model can help boardroom members visualize cost, revenue, risk, and performance metrics to support decisions and track alignment with initiatives. The enterprise architect is the data guru of the boardroom. ... If you want to have a game in the boardroom, you must get to know the players. You need the sponsorship of executives who wield real influence and can promote engagement of EA initiatives. 

Europe’s AI Act contains powers to order AI models destroyed or retrained, says legal expert

The European Commission put out its proposal for an AI Act just over a year ago — presenting a framework that prohibits a tiny list of AI use cases, considered too dangerous to people’s safety or EU citizens’ fundamental rights to be allowed, while regulating other uses based on perceived risk — with a subset of “high risk” use cases subject to a regime of both ex ante (before) and ex post (after) market surveillance. In the draft Act, high-risk systems are explicitly defined as: Biometric identification and categorisation of natural persons; Management and operation of critical infrastructure; Education and vocational training; Employment, workers management and access to self-employment; Access to and enjoyment of essential private services and public services and benefits; Law enforcement; Migration, asylum and border control management; Administration of justice and democratic processes. Under the original proposal, almost nothing is banned outright — and most use cases for AI won’t face serious regulation under the Act as they would be judged to pose “low risk” so largely left to self regulate — with a voluntary code of standards and a certification scheme to recognize compliance AI systems.

Why a ruling on digital ID by Kenya's Supreme Court has global implications for online privacy

Kenya’s digital ID programme, called the National Integrated Identity Management System (NIIMS), was ruled illegal by the highest court because there was no clear documentation of the data privacy risks, nor was there a clear strategy for measuring, mitigating and dealing with those risks. Related concerns about data privacy and security have arisen in other digital ID platforms as well. For example, India’s Aadhaar is the world’s largest biometric digital ID system. Registration is linked to biometrics and demographics, and can connect to services including SIM cards, bank accounts, and government aid programmes, making financial systems more inclusive. Despite these advantages, Aadhaar has seen pushback regarding feasibility and privacy. ... A major risk surrounding biometrics in particular is that if, and when, an attacker obtains these credentials for a victim, they may be able to impersonate the victim indefinitely, since a user’s biometrics do not change. These risks can be mitigated using emerging technologies like computation over encrypted data with rotating keys. 

Why did AI pioneer Marvin Minsky oppose neural networks?

The Dartmouth Summer Research Project on Artificial Intelligence in 1956 is widely considered as the founding moment of artificial intelligence as a field: John Mccarthy, Marvin Minsky, Claude Shannon, Ray Solomonoff etc attended the eight-week long workshop held in New Hampshire. On the fiftieth anniversary of the conference, the founding fathers of AI returned to Dartmouth. When Minsky took the stage, Salk Institute professor Terry Sejnowski told him some AI researchers view him as the devil for stalling the progress of neural networks. “Are you the devil?” Sejnowski asked. Minsky brushed him off and went on to explain the limitations of neural networks, pointing out neural networks haven’t delivered the goods yet. But Sejnowski was persistent. He asked again: “Are you the devil?”. A miffed Minsky retorted: “Yes, I am.” Turing award winner Marvin Minsky has made major contributions in cognitive psychology, symbolic mathematics, artificial intelligence, robot manipulation, and computer vision. As an undergraduate student at Harvard, Minsky built SNARC, considered the ‘first neural network’ by many, using over 3000 vacuum tubes and a few components from the B-52 bomber.

Is the Future of Digital Identity Safe?

Although multifactor authentication is crucial for preventing a great percentage of attacks, however, is not enough – not in today’s rapidly changing threat landscape. Enterprises need to evolve their identity and access management policy towards a modernized authentication solution. As Uri and I agreed, we need to leverage multiple data layers that would allow us to map a legitimate behavior versus a malicious one. Not only do we need to examine contextual data like location and device, but we also need to consider behavioral insights, look at micro behaviors such as hesitation, distraction, and rest. Having all these data layers, we can then leverage machine learning to aggregate them into a coherent analysis that indicates abnormal behaviors. Besides enabling artificial intelligence and machine learning to enhance our security posture, it is equally important to consider customer experience. For example, the best authentication tools today rely on mobile applications. What happens if a ratio of your employees cannot use their mobile phone, or they are reluctant about their employee installing an app in their personal mobile? 

Metaverses and DAO: Are Crypto Enthusiasts Ready to Usher Them In? 

There are already many who see the metaverse as a tremendous and thrilling possibility. According to many observers, the venture will be a new chance for economies, working settings, and further interaction. However, the metaverse, like any technology, requires rigorous research and use to be sustainable. Cryptos were on fire last year over environmental degradation issues, and metaverse has to counteract this to emerge on top. There are some principles underlying the metaverse: data sovereignty, privacy and governance, and honesty. It also focuses on both diversity and utmost respect for users. To stay loyal to the metaverse's values, those who work on its future need to follow specific rules. In addition, the move allows long-term benefits. They can be environmental sensitivity, social responsibility, or fiscal prudence. The future of the metaverse looks like many different things for different people. The ability to create virtual worlds and draw people is a lucrative new career for some. Furthermore, there can be the incorporation of NFTs to give value to the virtual space on the metaverse and allow users to earn income.

Application-Layer Encryption Basics for Developers

You may be working across multiple infrastructures, and for instance, HTTPS only covers a small part of the data flow inside your infrastructure, if you need an extra layer of protection, because the data is sensitive, or it may go outside of a specific infrastructure. Most importantly, if you need to enforce access control with encryption. For example, if you think of something like end-to-end encryption in a chat app, for instance, the access control is the sender and receiver, are really the only people who can access that data. That's not enforced just with a bit on a server saying who's allowed to do what, it's enforced through control of cryptographic key material. It's very clear how to use that in chat. It's actually a generalizable capability that you can use across lots of different types of use cases. Like in that use case, application layer encryption improves privacy. In some cases, it improves privacy substantially. It's actually significantly harder for developers than just implementing something like HTTPS. 

What the media is missing about decentralized autonomous organizations

While we’ve only scratched the surface of the potential DAOs have to create a radically more transparent and equitable financial system, we’ve already seen projects emerge that are delivering real value to real people in the real world today. One example is the war in Ukraine, where UkraineDAO, set up by Russian art collective Pussy Riot and Trippy Labs, raised over $6.75 million worth of Ether (ETH) donated directly to Ukrainian defense efforts against Russia. While this amount may not shift the balance of the war, the rapid creation and scaling-up of UkraineDAO demonstrate the power of decentralized financial technologies to coordinate a disparate global group of individuals around a single cause to deliver tangible results. But, the value of DAOs goes beyond just raising funds for noble causes under duress. In fact, many DAOs are already providing sustainable value to participants across the world and even harnessing blockchain technology to take on some of the most pressing challenges of our time such as climate change. 

The Evolution to Service-Based Networking

As application delivery evolved, orchestrators such as Kubernetes, Mesos and Docker Swarm integrated discovery functionality to reduce the need for those manual scripts. And while that’s great, what does it mean for the evolution of networking? A lot, actually. Networking still needs to be based on service identity because that’s how orchestrators track things, but the shift away from static, IP-based networking toward a service-based networking solution that these service discovery features provided was perhaps the most impactful change to networking, making application identity the basis for networking policies. Networking’s transition to a service-identity-based networking requirement also has cascading effects on other workflows. The first, and arguably the most important, is on security. While service discovery may solve for tracking changes more dynamically, it doesn’t help you apply consistent security policies to those applications. As I mentioned earlier, enforcing security and access to sensitive data is a core networking requirement.

Quote for the day:

"To make a decision, all you need is authority. To make a good decision, you also need knowledge, experience, and insight." -- Denise Moreland

No comments:

Post a Comment