Daily Tech Digest - April 08, 2022

Why Literate Programming Might Help You Write Better Code

Literate programming is an approach to programming in which the code is explained using natural language alongside the source code. This is distinct from related practices such as documentation or code comments; there, the code is primary, with commentary and explanation being secondary. In literate programming, however, explanation has equal billing with the code itself. “Documentation is fundamentally disconnected from the code,” Franusic noted. Often, “documentation is written by someone who doesn’t work on the code. This distance between code and documentation makes it harder to really understand what the code is doing.” This underlines what makes literate programming particularly valuable: it’s a means of gaining greater transparency or clarity over code. Having been developed in the early ‘80s by Donald Knuth, a computer scientist now professor emeritus at Stanford University, it would be easy to dismiss literate programming as a relic of a much earlier era of computing.

FBI Cybersecurity Strike Against Russian Botnet Is ‘Awesome Moment’ For MSPs

The FBI operation marks the beginning of a new era in the continuing battle MSPs are waging to protect SMBs and themselves from all kinds of attacks, including nation-state attacks, said Stinner. “Big businesses have invested heavily in cybersecurity, and their defenses are high,” he said. “They are harder to attack. This was an attempt by Russia to inflict maximum chaos in the United States economy by taking down small businesses. This could potentially have impacted millions of small businesses. The Russian government was looking to take down Main Street, and they targeted WatchGuard devices. If Russia was successful, this could have caused mass pandemonium.” Michael Goldstein, president and CEO of Fort Lauderdale, Fla.-based MSP LAN Infotech, applauded the FBI for working closely with WatchGuard to take “action” to prevent what could have been a devastating attack. “It looks like the firewalls were there, [and they were] planting malware that were botnets that were going out and reporting back [to the hackers],” he said.

Is Crypto Re-Creating the 2008 Financial Crisis?

I’ve definitely heard that a selling point of DeFi is that it gets rid of the need for bailouts. And yes: I’ve had people accuse me on this point of shilling for big banks, and it’s just not true. If you’re asking me to choose, I’d absolutely rather see a bailout that prevents broader, sustained economic chaos than not. And the reason for that isn’t because I care about protecting executives at banks. In all my work, I’m speaking for the people downwind of all of this. The already vulnerable people who end up being hurt the most by financial collapse. ... Complexity is weaponized in some of these instances to deflect scrutiny. This is an old trick from the financial industry: Make things more complex. In DeFi, you have financial complexity overlaid with technical complexity, too—so there is, really, just the thinnest subset of people who can do both. And those people will be paid a LOT of money to participate and build these tools. And when the slice of people is so small and they’re so handsomely rewarded, there’s not going to be many savvy watchdogs—there’s less incentive to be a policeman on the beat. It’s much easier to just go work on a project.

How To Get Started With IoT Device Security

An organization’s first step is to know the locations of all its intelligent devices. That’s harder to do than it might seem. These devices are commonly installed by one user or department without coordination of the rest of the organization. The move to remote work has exacerbated the problem at the edge, with organizations lacking visibility into the devices used by remote employees. To locate intelligent devices, an organization must map the IoT security architecture. In doing so, the organization should have a clear view of how each device interacts with the application and technology stack. Additionally, the organization must understand who in the organization is responsible for updating and managing devices. Having a full list of the devices is also important. Traditionally, companies use network device monitoring or asset management and monitoring software. That’s a good start, but using IoT-specific tools can be more accurate. These include IoT asset management software and network sensors. IoT security platform vendors include Ordr, Tele2, BeWhere, and Particle.

Comparing Go vs. C in embedded applications

Compiled Go code is generally slower than C executables. Go is fully garbage collected and this itself slows things down. With C, you can decide precisely where you want to allocate memory for the variables and whether that is on the stack or on the heap. With Go, the compiler tries to make an educated decision on where to allocate the variables. You can see where the variables will be allocated (go build -gcflags -m), but you cannot force the compiler to use only the stack, for example. However, when it comes to speed we can not forget about compilation speed and developer speed. Go provides extremely fast compilation; for example, 15,000 lines of Go client code takes 1.4 seconds to compile. Go is very well designed for concurrent execution (goroutines and channels) and the aforementioned rich standard library covers most of the basic needs, so development is faster. ... There are two Go compilers you can use: the original one is called gc. It is part of the default installation and is written and maintained by Google. The second is called gccgo and is a frontend for GCC. With gccgo, compilation is extremely fast and large modules can be compiled within seconds. 

Transformers for software engineers

This post is an attempt to present the Transformer architecture in a way that highlights some of the perspectives and intuitions that view affords. We’ll walk through a (mostly) complete implementation of a GPT-style Transformer, but the goal will not be running code; instead, I’m going to use the language of software engineering and programming to explain how these models work and articulate some of the perspectives we bring to them when doing interpretability work. ... At the highest level, an autoregressive language model (including the decoder-only Transformer) will take in a sequence of text (which we’ll refer to as a “context”), and output a sequence of “logits” the same length as the context. These logits represent, at each position, the model’s prediction for the next token. At each position, there is one logit value per entry in our vocabulary; by taking a softmax over the logit vector, we can get a probability distribution over tokens.

FDA Document Details Cyber Expectations for Device Makers

"The structure of the guidance document has changed to align with a secure product development framework and associated ties to the quality system regulations," she says. The FDA also removed "risk tiers" that were contained in previous 2018 draft guidance. "The cybersecurity of the healthcare sector depends on the cybersecurity of all medical devices," according to Schwartz. "To ensure that all manufacturers are appropriately addressing cybersecurity risks, the FDA recommends that all manufacturers provide the requested cybersecurity information; however, the amount of cybersecurity documentation is expected to scale with the cybersecurity risk of the device." Also, the new draft guidance - unlike the draft issued in 2018 - does not refer to "cybersecurity bill of materials," but instead refers to "software bills of materials," she says. "The primary difference between a CBOM and an SBOM, as outlined, is that CBOM also includes hardware. SBOM includes firmware, which is a type of software." 

4 tips for transitioning into an IT management role

Micromanagement is about mistrust. The micromanager believes that they can do things better or faster than anyone else. What micromanagers usually fail to understand is that their behavior causes long-term problems. Team members of micromanagers often feel demoralized. They begin to question their purpose at work and whether their boss values their input. Some employees kick back and ride the wave, figuring their manager will make corrections regardless of what they do. Others look to escape. Meanwhile, the micromanager is stressed out because there aren’t enough hours in the day to do their job and everyone else’s. It usually takes an intervention to get these leaders back on track. Reformed micromanagers usually have experienced an epiphany. Perhaps they’ve received a 360-degree assessment that reveals their behavior, or perhaps someone they respect calls them out on their conduct. These leaders eventually realize that employee engagement depends entirely on the very trust they’re eroding.

Accommodating the influx of data in the metaverse

One of the foundational pillars to enable the metaverse is more efficient and less energy-hungry data compression. As XR technologies advance and become more mainstream, the metaverse needs to accommodate higher resolution displays and higher streaming quality, for both video feeds and volumetric objects, to allow its users to completely immerse themselves. By reducing the mammoth file sizes needed, businesses can conserve storage capacity and power, and minimise the need to expand their infrastructure to cope. They can also effectively manage the growing volumes of data from XR devices without compromising on viewer quality. The low-complexity coding enhancement standard, MPEG-5 LCEVC (LCEVC), is an example of technology ideally suited to metaverse applications. It allows highly efficient compression of low-latency video feeds, making higher quality streaming in the new XR reality possible and mass adoption more feasible. LCEVC also offers various multi-layering features which are ideal to video streaming and rendering within a complex 3D space, swiftly displaying and updating the image pixels without any apparent lag for the user.

Organizations underestimating the seriousness of insider threats

“Despite increased investment in cybersecurity, organizations are focused more on protecting themselves from external threats than paying attention to the risks that might be lurking within their own network,“ says Chris Waynforth, AVP Northern Europe at Imperva. “Insider threats are hard to detect because internal users have legitimate access to critical systems, making them invisible to traditional security solutions like firewalls and intrusion detection systems. The lack of visibility into insider threats is creating a significant risk to the security of organization’s data.” The main strategies currently being used by organizations in EMEA to protect against insider threats and unauthorized usage of credentials are periodical manual monitoring/auditing of employee activity (50%) and encryption (47%). Many are also training employees to ensure they comply with data protection/data loss prevention policies (65%). Despite these efforts, breaches and other data security incidents are still occurring and 56% of respondents said that end users have devised ways to circumvent their data protection policies.

Quote for the day:

"Leaders are more powerful role models when they learn than when they teach." -- Rosabeth Moss Kantor

No comments:

Post a Comment