Why Literate Programming Might Help You Write Better Code
Literate programming is an approach to programming in which the code is
explained using natural language alongside the source code. This is distinct
from related practices such as documentation or code comments; there, the code
is primary, with commentary and explanation being secondary. In literate
programming, however, explanation has equal billing with the code itself.
“Documentation is fundamentally disconnected from the code,” Franusic noted.
Often, “documentation is written by someone who doesn’t work on the code. This
distance between code and documentation makes it harder to really understand
what the code is doing.” This underlines what makes literate programming
particularly valuable: it’s a means of gaining greater transparency or clarity
over code. Having been developed in the early ‘80s by Donald Knuth, a computer
scientist now professor emeritus at Stanford University, it would be easy to
dismiss literate programming as a relic of a much earlier era of computing.
FBI Cybersecurity Strike Against Russian Botnet Is ‘Awesome Moment’ For MSPs
The FBI operation marks the beginning of a new era in the continuing battle MSPs
are waging to protect SMBs and themselves from all kinds of attacks, including
nation-state attacks, said Stinner. “Big businesses have invested heavily in
cybersecurity, and their defenses are high,” he said. “They are harder to
attack. This was an attempt by Russia to inflict maximum chaos in the United
States economy by taking down small businesses. This could potentially have
impacted millions of small businesses. The Russian government was looking to
take down Main Street, and they targeted WatchGuard devices. If Russia was
successful, this could have caused mass pandemonium.” Michael Goldstein,
president and CEO of Fort Lauderdale, Fla.-based MSP LAN Infotech, applauded the
FBI for working closely with WatchGuard to take “action” to prevent what could
have been a devastating attack. “It looks like the firewalls were there, [and
they were] planting malware that were botnets that were going out and reporting
back [to the hackers],” he said.
Is Crypto Re-Creating the 2008 Financial Crisis?
I’ve definitely heard that a selling point of DeFi is that it gets rid of the
need for bailouts. And yes: I’ve had people accuse me on this point of shilling
for big banks, and it’s just not true. If you’re asking me to choose, I’d
absolutely rather see a bailout that prevents broader, sustained economic chaos
than not. And the reason for that isn’t because I care about protecting
executives at banks. In all my work, I’m speaking for the people downwind of all
of this. The already vulnerable people who end up being hurt the most by
financial collapse. ... Complexity is weaponized in some of these instances to
deflect scrutiny. This is an old trick from the financial industry: Make things
more complex. In DeFi, you have financial complexity overlaid with technical
complexity, too—so there is, really, just the thinnest subset of people who can
do both. And those people will be paid a LOT of money to participate and build
these tools. And when the slice of people is so small and they’re so handsomely
rewarded, there’s not going to be many savvy watchdogs—there’s less incentive to
be a policeman on the beat. It’s much easier to just go work on a project.
How To Get Started With IoT Device Security
An organization’s first step is to know the locations of all its intelligent
devices. That’s harder to do than it might seem. These devices are commonly
installed by one user or department without coordination of the rest of the
organization. The move to remote work has exacerbated the problem at the edge,
with organizations lacking visibility into the devices used by remote employees.
To locate intelligent devices, an organization must map the IoT security
architecture. In doing so, the organization should have a clear view of how each
device interacts with the application and technology stack. Additionally, the
organization must understand who in the organization is responsible for updating
and managing devices. Having a full list of the devices is also important.
Traditionally, companies use network device monitoring or asset management and
monitoring software. That’s a good start, but using IoT-specific tools can be
more accurate. These include IoT asset management software and network sensors.
IoT security platform vendors include Ordr, Tele2, BeWhere, and Particle.
Comparing Go vs. C in embedded applications
Compiled Go code is generally slower than C executables. Go is fully garbage
collected and this itself slows things down. With C, you can decide precisely
where you want to allocate memory for the variables and whether that is on the
stack or on the heap. With Go, the compiler tries to make an educated decision
on where to allocate the variables. You can see where the variables will be
allocated (go build -gcflags -m), but you cannot force the compiler to use only
the stack, for example. However, when it comes to speed we can not forget about
compilation speed and developer speed. Go provides extremely fast compilation;
for example, 15,000 lines of Go client code takes 1.4 seconds to compile. Go is
very well designed for concurrent execution (goroutines and channels) and the
aforementioned rich standard library covers most of the basic needs, so
development is faster. ... There are two Go compilers you can use: the original
one is called gc. It is part of the default installation and is written and
maintained by Google. The second is called gccgo and is a frontend for GCC. With
gccgo, compilation is extremely fast and large modules can be compiled within
seconds.
Transformers for software engineers
This post is an attempt to present the Transformer architecture in a way
that highlights some of the perspectives and intuitions that view affords.
We’ll walk through a (mostly) complete implementation of a GPT-style
Transformer, but the goal will not be running code; instead, I’m going to
use the language of software engineering and programming to explain how
these models work and articulate some of the perspectives we bring to them
when doing interpretability work. ... At the highest level, an
autoregressive language model (including the decoder-only Transformer) will
take in a sequence of text (which we’ll refer to as a “context”), and output
a sequence of “logits” the same length as the context. These logits
represent, at each position, the model’s prediction for the next token. At
each position, there is one logit value per entry in our vocabulary; by
taking a softmax over the logit vector, we can get a probability
distribution over tokens.
FDA Document Details Cyber Expectations for Device Makers
"The structure of the guidance document has changed to align with a secure
product development framework and associated ties to the quality system
regulations," she says. The FDA also removed "risk tiers" that were
contained in previous 2018 draft guidance. "The cybersecurity of the
healthcare sector depends on the cybersecurity of all medical devices,"
according to Schwartz. "To ensure that all manufacturers are appropriately
addressing cybersecurity risks, the FDA recommends that all manufacturers
provide the requested cybersecurity information; however, the amount of
cybersecurity documentation is expected to scale with the cybersecurity risk
of the device." Also, the new draft guidance - unlike the draft issued in
2018 - does not refer to "cybersecurity bill of materials," but instead
refers to "software bills of materials," she says. "The primary difference
between a CBOM and an SBOM, as outlined, is that CBOM also includes
hardware. SBOM includes firmware, which is a type of software."
4 tips for transitioning into an IT management role
Micromanagement is about mistrust. The micromanager believes that they can
do things better or faster than anyone else. What micromanagers usually fail
to understand is that their behavior causes long-term problems. Team members
of micromanagers often feel demoralized. They begin to question their
purpose at work and whether their boss values their input. Some employees
kick back and ride the wave, figuring their manager will make corrections
regardless of what they do. Others look to escape. Meanwhile, the
micromanager is stressed out because there aren’t enough hours in the day to
do their job and everyone else’s. It usually takes an intervention to get
these leaders back on track. Reformed micromanagers usually have experienced
an epiphany. Perhaps they’ve received a 360-degree assessment that reveals
their behavior, or perhaps someone they respect calls them out on their
conduct. These leaders eventually realize that employee engagement depends
entirely on the very trust they’re eroding.
Accommodating the influx of data in the metaverse
One of the foundational pillars to enable the metaverse is more efficient
and less energy-hungry data compression. As XR technologies advance and
become more mainstream, the metaverse needs to accommodate higher resolution
displays and higher streaming quality, for both video feeds and volumetric
objects, to allow its users to completely immerse themselves. By reducing
the mammoth file sizes needed, businesses can conserve storage capacity and
power, and minimise the need to expand their infrastructure to cope. They
can also effectively manage the growing volumes of data from XR devices
without compromising on viewer quality. The low-complexity coding
enhancement standard, MPEG-5 LCEVC (LCEVC), is an example of technology
ideally suited to metaverse applications. It allows highly efficient
compression of low-latency video feeds, making higher quality streaming in
the new XR reality possible and mass adoption more feasible. LCEVC also
offers various multi-layering features which are ideal to video streaming
and rendering within a complex 3D space, swiftly displaying and updating the
image pixels without any apparent lag for the user.
Organizations underestimating the seriousness of insider threats
“Despite increased investment in cybersecurity, organizations are focused
more on protecting themselves from external threats than paying attention to
the risks that might be lurking within their own network,“ says Chris
Waynforth, AVP Northern Europe at Imperva. “Insider threats are hard to
detect because internal users have legitimate access to critical systems,
making them invisible to traditional security solutions like firewalls and
intrusion detection systems. The lack of visibility into insider threats is
creating a significant risk to the security of organization’s data.” The
main strategies currently being used by organizations in EMEA to protect
against insider threats and unauthorized usage of credentials are periodical
manual monitoring/auditing of employee activity (50%) and encryption (47%).
Many are also training employees to ensure they comply with data
protection/data loss prevention policies (65%). Despite these efforts,
breaches and other data security incidents are still occurring and 56% of
respondents said that end users have devised ways to circumvent their data
protection policies.
Quote for the day:
"Leaders are more powerful role
models when they learn than when they teach." --
Rosabeth Moss Kantor
No comments:
Post a Comment