Daily Tech Digest - July 06, 2023

Man vs machine: a secure email firm aim to bring post-quantum cryptography to the cloud

"While quantum computers will soon be able to decrypt 'normally' encrypted data quite easily, they will cut their teeth on post-quantum secure encryption," said Pfau. Tutanota's plan is using a hybrid encryption approach—at first, at least. All data will be encrypted using both classical and the new post-quantum proof algorithms. This double protection will make sure that the new algorithms have time to prove themselves as actually safe. PQDrive is the last step into Tutanota's post-quantum challenge. The company started its mission three years ago with PQMail to make both their email and calendar apps both post-quantum resistant. The team has already begun to add the new algorithms into the software, which should be fully updated for all its 10 million users by 2024. Pfau is very happy that the algorithms the team chose to work with years ago were awarded among the best choice of secure post-quantum encryption by the National Institute of Standards and Technology (NIST).

To close the skills gap, stop focusing on skills candidates don’t have

Modern hiring strategies should be designed to bring employment opportunities to under-represented talent communities, including people with disabilities, women of colour and members of the military and their spouses. Bridging the gap between under-represented communities and equitable job opportunities can help fuel growth and close the talent gap. Likewise, it’s important to work with likeminded organizations that operate with under-represented communities to empower the next generation of skilled workers by giving back and creating new career pathways for them. For example, since 2015, Equinix has partnered with World Pulse, a global, online community that connects and amplifies women’s voices, as well as provides digital empowerment training. The partnership can create a new career pathway for women around the world with digital skills and resources and help close the digital divide’s gender disparity in an organic, grassroots way to maximize the impact within these communities.

New Chinese Counterespionage Law Aimed at US Tech Sector

The revised law grants "state security organs," the armed forces, the CCP and public institutions the power to proactively respond to all forms of network attacks, attacks on critical information infrastructure, and those that aim to obstruct, control or disrupt government functions. It also gives the government power to take legal action against foreign institutions suspected of carrying out espionage activities. "Acts of espionage endangering the PRC's national security that are carried out, instigated or funded by foreign institutions, organizations or individuals, or that are carried out by domestic institutions, organizations or individuals colluding with foreign institutions, organizations or individuals must be legally pursued," it reads. The revised law also gives agencies the power to "inspect the electronic equipment, facilities and related programs and tools of relevant individuals and organizations," and seal or seize property if the entity under investigation fails to employ immediate corrective measures.

5 ways to boost server efficiency

According to the Uptime Institute report, power management can increase latency by 20 to 80 microseconds, which is unacceptable for some types of workloads, such as financial trading. "And there are some applications where you might decide not to use it because it will cause performance or response time problems," he says. But there are other applications where delays won’t have a business impact. "The biggest mistake is that some operators are risk averse," he says. "They think that if they're going to save a couple of hundred bucks a server on their energy bill but are risking breaking their SLA which will cost them a million dollars, they're not going to turn [power management] on." Dietrich recommends that when companies buy new servers and run their performance tests, make sure they test whether power management affects the applications adversely or not. "If it doesn't bother them, then you can use power management," he says. "You can implement a set of power-management functions that will let you save energy and still provide response time and performance that your customers want."

CIOs, Heed On-Premises App and Infrastructure Performance

As more applications run across on-premises and cloud environments, IT teams responsible for managing availability and performance face significant challenges. Today, most IT departments use separate tools to monitor on-premises and cloud applications, which brings a lack of visibility across the entire application path in hybrid environments. IT leaders can’t visualize the path up and down the application stack and they can’t derive business context, making it virtually impossible to troubleshoot issues quickly. This leaves them in a firefighting mode to solve issues before they affect end users. An IT department’s worst nightmare, like an outage or even damaging downtime, surges when metrics such as MTTR and MTTX inevitably rise. To avoid these issues, IT teams require an observability platform for unified visibility across their entire IT estate. Through this platform, IT leaders can access real-time insights of IT availability and performance across both on-premises and public cloud environments and are able to correlate IT data with real-time business metrics, allowing them to prioritize issues that matter most to customers and the business.

IBM shutters Cloud for Education service just two years after launch

IBM didn’t really give any official reason for the closure, saying simply that it regularly evaluates its cloud service offerings while keeping things like customer requirements and consumption in perspective. The service will continue to operate as normal until Nov. 30, and customers are being invited to talk with IBM’s representatives about the steps they can take to migrate their data and workloads to an alternative platform. Holger Mueller of Constellation Research Inc. told SiliconANGLE that Cloud for Education clearly wasn’t as successful as the company had hoped it would be, because it wouldn’t retire the offering otherwise. “But it’s good to see IBM is retiring the service in a respectful way, giving its customers several months to work out how they’re going to migrate their workloads to an alternative platform,” Mueller said. “Generally, most cloud vendors will only give their customers 30 days notice when they decide to sunset a service.” The shutdown may have a somewhat negative impact on IBM’s cloud reputation though, given how it has struggled to achieve the same kind of success as its rivals, Amazon Web Services Inc., Microsoft Corp., Google LLC and even Oracle Corp.

Making intelligent automation work at scale

“We continue to make significant progress in operating with a digital-first mindset and reimaging our end-to-end processes with IA,” says Ajay Anand, vice president of strategy and business services for Global Services at J&J. “We are using insights from our IA maturity assessment efforts to identify large untapped value pools to drive visibility with our executive committee and functional leaders,” Anand says. “In addition, we are also focused on developing a framework for generative AI use case development and prioritization.” The enterprise IA program is delivering on “experience, effectiveness, and efficiency — giving our employees more time to focus on creative innovations and upskilling,” says Steve Sorensen, vice president of technology services, supply chain, data integration, and reliability engineering at J&J. “It is enabling the reimagining, simplifying, and digitizing processes for employees, patients, healthcare professionals, and other stakeholders, while delivering significant value for the organization.”

How Much Architecture Modeling Should You Do? Just Enough – Part 1

The fundamental challenge with JBGE is that it is situational. For example, I often draw a diagram on a whiteboard to explore complex logic and then discard it once I’m done with it. In this case a whiteboard diagram is fine because it helps me to solve the issue which I’m thinking through with whomever I’m working. But, what if we’re in a situation where we’ll need to update this logic later AND will want to do it via the diagram instead of via source code? Clearly a hand-drawn sketch isn’t good enough in this case and we’ll want to create a detailed diagram using a sophisticated software-based tool. We’d still create an agile model even though it is much more sophisticated than a sketch because JBGE reflects the needs of the situation. To determine if an architecture model is JBGE you must actively work with the direct audience of that artifact. In the case of a business architecture model this would be both your business stakeholders and the implementation team(s) that are going to work with the model. Without knowing what the audience wants, you cannot realistically create something which is JBGE, putting you in a situation where you’re motivated to put far more effort into the artifact than you need to.

Unmasking Deepfakes: Defending Against a Growing Threat

“The same truth about authentication of audio or visual content is true about authentication in the technical systems of identity.” Amper says while the technology is maturing rapidly toward lifelike, intelligent impersonations, the human eye can still spot blurring around the ears or hairline, unnatural blinking patterns, or differences in image resolution. “Color amplification tools that visualize blood flow or ML algorithms trained on spectral analysis are equally effective at detecting and vetting extreme behavior,” he says. He says although contemporary deepfakes are extremely well-done and increasingly hard to recognize, digital identity verification and liveness detection can authenticate a person’s unique identity markers. Once a user has been confirmed as the genuine owner of the real-world identity they are claiming, deep convolutional neural networks can be trained and leveraged for biometric liveness checks including textural analysis, geometry calculation, or traditional challenge-response mechanisms to verify if the person presented on screen is real.

Promoting responsible AI: Balancing innovation and regulation

From a cybersecurity perspective, we must address privacy and security concerns. Bad actors are successfully using confidentiality attacks to draw out sensitive information from AI systems. Without proper security measures, institutions and individuals are at risk. To protect students, for example, institutions may put in place policies curbing the use of AI tools in specific instances or provide educational content cautioning them against sharing confidential information with AI platforms. Algorithmic biases, inaccuracies, overgeneralizations represent intrinsic limitations of the technology since the models are a reflection of the data they are trained on. Even if care is taken to ensure input data is fact-checked and accurate, hallucinations may still occur. Therefore, a human element is still important in the use of AI. Fact checks and discerning eyes can help weed out inaccuracies. Councils guided by community-oriented ethical guidelines can help reduce biases.

Quote for the day:

"Speak softly and carry a big stick; you will go far." -- Theodore Roosevelt

No comments:

Post a Comment