Daily Tech Digest - August 30, 2022

The Great Resignation continues, and companies are finding new ways to tackle the talent shortage

The Great Resignation is far from over. According to a study of 1,000 hiring managers in the US, 60% are struggling to find quality talent needed to fill open roles, with many now turning to freelance workers to bridge the growing skills gap. According to Upwork's most recent Future Workforce Report, 56% of companies that hire freelance workers hired freelancers at an increased rate within the last year. Companies are seeking out skilled independent workers to fill empty positions to compensate for the ongoing loss of talent, particularly in data science, accounting, and IT departments. Many companies are still feeling the burn of the COVID-19 pandemic and its effect on job trends. The ongoing tendency for workers to quit their jobs in search of better opportunities is persistent, and tech workers have proved particularly difficult to hire. Hiring managers surveyed by Upwork said data science and analytics roles would be the hardest to hire for over the next six months (60%), followed by architecture and engineering (58%) and IT & networking (58%).

Serverless Is the New Timeshare

There’s one great use case I can think of: webhooks. Getting the duct tape code for webhooks is always a pain. They don’t trigger often and dealing with that is a chore. Using a serverless function to just add stuff to the database and do the work can be pretty simple. Since a callback is hard to debug anyway, the terrible debugging experience in serverless isn’t a huge hindrance. But for every other use case, I’m absolutely baffled. People spend so much time checking and measuring throughput yet just using one slightly larger server and only local calls will yield more throughput than you can possibly need. Without all the vendor tie-ins that we fall into. Hosting using Linode, Digital Ocean, etc. would save so much money. On the time-to-market aspect, just using caching and quick local tools would be far easier than anything you can build in the cloud. Containers are good progress and they made this so much simpler, yet we dropped the ball on this and went all in on complexity with stuff like Kubernetes. Don’t get me wrong. K8s are great. 

The 6 most overhyped technologies in IT

These CIOs say that metaverse enthusiasts, including vendors who have a stake in its promotion, have created a sense that this technology will have us all living in a new digital realm. Most aren’t buying it. “Could it turn out to be great? Well, possibly. But so many other things have to change in order for that to work,” says Bob Johnson, CIO of The American University of Paris, who extended his comments to include the related technologies of extended reality (XR), virtual reality (VR), and augmented reality (AR). “They have some wonderful applications, but they don’t change the way we live.” ... CIOs also labeled blockchain as overhyped, noting that the technology has failed to be as transformative or even as useful as hoped nearly a decade into its use. “Initially, the name ‘blockchain’ sounded pretty cool and quickly became a buzzword that drew interest and peeked curiosities,” says Josh Hamit, senior vice president and CIO of Altra Federal Credit Union and a member of ISACA’s Emerging Trends Working Group. “However, in actual practice, it has proved more difficult for many organizations to identify tangible use cases for blockchain, or distributed ledger as it is also known.”

How fusing power and process automation delivers operational resilience

The integration of power and process is a catalyst for operational resilience and improved sustainability across the lifecycle of the plant. This integrated, digitalised approach drives Electrical, Instrumentation and Control (EI&C) CAPEX reductions up to 20% and OPEX efficiencies, including decreased unplanned downtime up to 15%, in addition to improving bottom line profitability by three points. End users see energy procurement cost reductions of 2-5% and carbon footprint reductions of 7 – 12% when implementing these strategies. It offers a comprehensive view of asset performance management, energy management, and the value chain from design through construction, commissioning, operations, and maintenance. When undergoing such an integration effort, implementing the right strategies can improve operational resilience for better anticipation, prevention, recovery from, and adaptability to market dynamics and events. This plant-wide data collection, reliable control and command exchange between systems, operators and control room will empower the workforce with clear and verified decision-making.

Multi-stage crypto-mining malware hides in legitimate apps with month-long delay trigger

Once the user downloads and installs an app, the deployment of malicious payloads doesn't happen immediately, which is a strategy to avoid detection. First, the app installer, which is built with a free tool called Inno Setup, reaches out to the developer's website and downloads a password-protected RAR archive that contains the application files. These are deployed under the Program Files (x86)\Nitrokod\[application name] path. The app then checks for the presence of a component called update.exe. If it's not found, it deploys it under the Nitrokod folder and sets up a system scheduled task to execute it after every restart. The installer then collects some information about the victim's system and sends it to the developer's server. Up to this point, the installation is not very unusual for how a legitimate application would behave: collecting some system data for statistics purposes and deploying what looks like an automatic update component. However, after around four system restarts on four different days, update.exe downloads and deploys another component called chainlink1.07.exe.

The new work–life balance

The pandemic seemed to render work–life balance a laughable concept. As white-collar workers set up workstations at home, there was no longer a separation of job and personal time or space. So we need something new, something more useful, to help us think about balance in our lives. Here’s an alternative model. ... There is no right mix, per se, and each individual’s outlook will change over time. When we are in our 20s, we can indulge in more of what we want to do. The same is true later in life, when personal interests can be prioritized. It’s those decades of our 30s, 40s, and 50s that can be particularly challenging—raising a family and building a career, which will include jobs that are stepping stones to more fulfilling roles. These chapters of life gave rise to the widely cited U-shaped happiness curve. To me, that three-part pie chart is useful in determining whether we feel a sense of balance in our lives. And it also helps explain some of the meta-narratives of the moment, including the “great resignation” and the persistent desire of employees to work from home. All that time alone during pandemic lockdowns gave people time to consider the meaning of life and prompted many to quit unrewarding jobs.

Edge computing: 4 considerations for success

Automation is usually accomplished through automation workflows close to the edge endpoints and a centralized control layer. Localized execution guards against high latency and connection disruptions, while centralized control provides integrated control of the entire edge environment. ... The edge can become a bit like the Wild West if you let it. Even with automation and management systems in place, it still takes an architectural commitment to maintain a high degree of consistency across the edge (and datacenter) environment. One rationale for a lack of consistency is that devices at the periphery are often smaller and less powerful than servers in a data center. The reasoning then follows that they need to run different software. But this isn’t necessarily the case – or at least, it isn’t the whole story. You can build system images from the small core Linux operating system you run elsewhere and customize it to add exactly what you need in terms of drivers, extensions, and workloads. Images can then be versioned, tested, signed, and deployed as a unit, so your ops team can know exactly what is running on the devices.

How Observability Can Help Manage Complex IT Networks

“Everything in computing is difficult for humans to see, simply because humans are so much slower than any computer,” Morgan says. “Almost anything we can do to provide visibility into what’s really happening inside the application can be a big help in understanding.” This means not just fixing things that break, but improving things that are working, or explaining them to users and new developers. He points to the oldest observability tool, ad-hoc logging -- still in use today -- but adds tools like distributed tracing can provide a standard layer of visibility into the entire application without requiring application changes. This in turn reduces the burden on developers (less code to write) and on support staff (fewer distinct things to learn). “As an industry, we’ve created many tools for observability over the years, from print statements to distributed tracing,” Morgan says. “Network analytics bring a welcome uniformity to observability.” He adds that at a certain level, network traffic is the same no matter what the application is doing, so you can easily get equivalent transparency for every service in your application.

As States Ban Ransom Payments, What Could Possibly Go Wrong?

Victims may not know exactly what all ransomware attackers have encrypted or stolen, and finding out may take substantial time and energy. Likewise, negotiators can sometimes reduce the ransom being demanded by a large factor. In some cases, attackers may also provide a decryptor without a victim having to pay. Perhaps state legislators are attempting to look tough by essentially telling ransomware gangs to look elsewhere. No doubt they also don't want the political baggage associated with spending taxpayer money to enrich criminals. "A ransomware payment to the evil 'insert one of four known protagonists'-affiliated cybercriminals for multimillion-dollar amounts is bad optics at the political level when infrastructure is crumbling, inflation is climbing and social services such as policing and justice, healthcare, and other government services are under immense strain and financial pressure," says Ian Thornton-Trump , CISO of Cyjax. Previously, he says, many victims could pay for cleanup - and sometimes the ransom payment - using their cyber insurance or by making a business-disruption claim. 

Outdated infrastructure not up to today’s ransomware challenges

Challenges pertaining to outdated infrastructure could easily be compounded by the fact that many IT and security teams don’t seem to have a plan in place to mobilize if and when a cyber attack occurs. Nearly 60% of respondents expressed some level of concern that their IT and security teams would be able to mobilize efficiently to respond to the attack. These are just some of the findings from an April 2022 survey, conducted by Censuswide, of more than 2,000 IT and SecOps professionals (split nearly 50/50 between the two groups) in the United States, the United Kingdom, Australia and New Zealand. All respondents play a role in the decision-making process for IT or security within their organizations. “IT and security teams should raise the alarm bell if their organization continues to use antiquated technology to manage and secure their most critical digital asset – their data,” said Brian Spanswick, CISO, Cohesity. “Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyberattacks.”

Quote for the day:

"Speaking about it and doing it are not the same thing." -- Gordon Tredgold

No comments:

Post a Comment