Man vs machine: a secure email firm aim to bring post-quantum cryptography to the cloud
"While quantum computers will soon be able to decrypt 'normally' encrypted data
quite easily, they will cut their teeth on post-quantum secure encryption," said
Pfau. Tutanota's plan is using a hybrid encryption approach—at first, at least.
All data will be encrypted using both classical and the new post-quantum proof
algorithms. This double protection will make sure that the new algorithms have
time to prove themselves as actually safe. PQDrive is the last step into
Tutanota's post-quantum challenge. The company started its mission three years
ago with PQMail to make both their email and calendar apps both post-quantum
resistant. The team has already begun to add the new algorithms into the
software, which should be fully updated for all its 10 million users by 2024.
Pfau is very happy that the algorithms the team chose to work with years ago
were awarded among the best choice of secure post-quantum encryption by the
National Institute of Standards and Technology (NIST).
To close the skills gap, stop focusing on skills candidates don’t have
Modern hiring strategies should be designed to bring employment opportunities to
under-represented talent communities, including people with disabilities, women
of colour and members of the military and their spouses. Bridging the gap
between under-represented communities and equitable job opportunities can help
fuel growth and close the talent gap. Likewise, it’s important to work with
likeminded organizations that operate with under-represented communities to
empower the next generation of skilled workers by giving back and creating new
career pathways for them. For example, since 2015, Equinix has partnered with
World Pulse, a global, online community that connects and amplifies women’s
voices, as well as provides digital empowerment training. The partnership can
create a new career pathway for women around the world with digital skills and
resources and help close the digital divide’s gender disparity in an organic,
grassroots way to maximize the impact within these communities.
New Chinese Counterespionage Law Aimed at US Tech Sector
The revised law grants "state security organs," the armed forces, the CCP and
public institutions the power to proactively respond to all forms of network
attacks, attacks on critical information infrastructure, and those that aim to
obstruct, control or disrupt government functions. It also gives the government
power to take legal action against foreign institutions suspected of carrying
out espionage activities. "Acts of espionage endangering the PRC's national
security that are carried out, instigated or funded by foreign institutions,
organizations or individuals, or that are carried out by domestic institutions,
organizations or individuals colluding with foreign institutions, organizations
or individuals must be legally pursued," it reads. The revised law also gives
agencies the power to "inspect the electronic equipment, facilities and related
programs and tools of relevant individuals and organizations," and seal or seize
property if the entity under investigation fails to employ immediate corrective
measures.
5 ways to boost server efficiency
According to the Uptime Institute report, power management can increase latency
by 20 to 80 microseconds, which is unacceptable for some types of workloads,
such as financial trading. "And there are some applications where you might
decide not to use it because it will cause performance or response time
problems," he says. But there are other applications where delays won’t have a
business impact. "The biggest mistake is that some operators are risk averse,"
he says. "They think that if they're going to save a couple of hundred bucks a
server on their energy bill but are risking breaking their SLA which will cost
them a million dollars, they're not going to turn [power management] on."
Dietrich recommends that when companies buy new servers and run their
performance tests, make sure they test whether power management affects the
applications adversely or not. "If it doesn't bother them, then you can use
power management," he says. "You can implement a set of power-management
functions that will let you save energy and still provide response time and
performance that your customers want."
CIOs, Heed On-Premises App and Infrastructure Performance
As more applications run across on-premises and cloud environments, IT teams
responsible for managing availability and performance face significant
challenges. Today, most IT departments use separate tools to monitor on-premises
and cloud applications, which brings a lack of visibility across the entire
application path in hybrid environments. IT leaders can’t visualize the path up
and down the application stack and they can’t derive business context, making it
virtually impossible to troubleshoot issues quickly. This leaves them in a
firefighting mode to solve issues before they affect end users. An IT
department’s worst nightmare, like an outage or even damaging downtime, surges
when metrics such as MTTR and MTTX inevitably rise. To avoid these issues, IT
teams require an observability platform for unified visibility across their
entire IT estate. Through this platform, IT leaders can access real-time
insights of IT availability and performance across both on-premises and public
cloud environments and are able to correlate IT data with real-time business
metrics, allowing them to prioritize issues that matter most to customers and
the business.
IBM shutters Cloud for Education service just two years after launch
IBM didn’t really give any official reason for the closure, saying simply that
it regularly evaluates its cloud service offerings while keeping things like
customer requirements and consumption in perspective. The service will continue
to operate as normal until Nov. 30, and customers are being invited to talk with
IBM’s representatives about the steps they can take to migrate their data and
workloads to an alternative platform. Holger Mueller of Constellation Research
Inc. told SiliconANGLE that Cloud for Education clearly wasn’t as successful as
the company had hoped it would be, because it wouldn’t retire the offering
otherwise. “But it’s good to see IBM is retiring the service in a respectful
way, giving its customers several months to work out how they’re going to
migrate their workloads to an alternative platform,” Mueller said. “Generally,
most cloud vendors will only give their customers 30 days notice when they
decide to sunset a service.” The shutdown may have a somewhat negative impact on
IBM’s cloud reputation though, given how it has struggled to achieve the same
kind of success as its rivals, Amazon Web Services Inc., Microsoft Corp., Google
LLC and even Oracle Corp.
Making intelligent automation work at scale
“We continue to make significant progress in operating with a digital-first
mindset and reimaging our end-to-end processes with IA,” says Ajay Anand, vice
president of strategy and business services for Global Services at J&J. “We
are using insights from our IA maturity assessment efforts to identify large
untapped value pools to drive visibility with our executive committee and
functional leaders,” Anand says. “In addition, we are also focused on developing
a framework for generative AI use case development and prioritization.” The
enterprise IA program is delivering on “experience, effectiveness, and
efficiency — giving our employees more time to focus on creative innovations and
upskilling,” says Steve Sorensen, vice president of technology services, supply
chain, data integration, and reliability engineering at J&J. “It is enabling
the reimagining, simplifying, and digitizing processes for employees, patients,
healthcare professionals, and other stakeholders, while delivering significant
value for the organization.”
How Much Architecture Modeling Should You Do? Just Enough – Part 1
The fundamental challenge with JBGE is that it is situational. For example, I
often draw a diagram on a whiteboard to explore complex logic and then discard
it once I’m done with it. In this case a whiteboard diagram is fine because it
helps me to solve the issue which I’m thinking through with whomever I’m
working. But, what if we’re in a situation where we’ll need to update this logic
later AND will want to do it via the diagram instead of via source code? Clearly
a hand-drawn sketch isn’t good enough in this case and we’ll want to create a
detailed diagram using a sophisticated software-based tool. We’d still create an
agile model even though it is much more sophisticated than a sketch because JBGE
reflects the needs of the situation. To determine if an architecture model is
JBGE you must actively work with the direct audience of that artifact. In the
case of a business architecture model this would be both your business
stakeholders and the implementation team(s) that are going to work with the
model. Without knowing what the audience wants, you cannot realistically create
something which is JBGE, putting you in a situation where you’re motivated to
put far more effort into the artifact than you need to.
Unmasking Deepfakes: Defending Against a Growing Threat
“The same truth about authentication of audio or visual content is true about
authentication in the technical systems of identity.” Amper says while the
technology is maturing rapidly toward lifelike, intelligent impersonations, the
human eye can still spot blurring around the ears or hairline, unnatural
blinking patterns, or differences in image resolution. “Color amplification
tools that visualize blood flow or ML algorithms trained on spectral analysis
are equally effective at detecting and vetting extreme behavior,” he says. He
says although contemporary deepfakes are extremely well-done and increasingly
hard to recognize, digital identity verification and liveness detection can
authenticate a person’s unique identity markers. Once a user has been confirmed
as the genuine owner of the real-world identity they are claiming, deep
convolutional neural networks can be trained and leveraged for biometric
liveness checks including textural analysis, geometry calculation, or
traditional challenge-response mechanisms to verify if the person presented on
screen is real.
Promoting responsible AI: Balancing innovation and regulation
From a cybersecurity perspective, we must address privacy and security concerns.
Bad actors are successfully using confidentiality attacks to draw out sensitive
information from AI systems. Without proper security measures, institutions and
individuals are at risk. To protect students, for example, institutions may put
in place policies curbing the use of AI tools in specific instances or provide
educational content cautioning them against sharing confidential information
with AI platforms. Algorithmic biases, inaccuracies, overgeneralizations
represent intrinsic limitations of the technology since the models are a
reflection of the data they are trained on. Even if care is taken to ensure
input data is fact-checked and accurate, hallucinations may still occur.
Therefore, a human element is still important in the use of AI. Fact checks and
discerning eyes can help weed out inaccuracies. Councils guided by
community-oriented ethical guidelines can help reduce biases.
Quote for the day:
"Speak softly and carry a big stick; you
will go far." -- Theodore Roosevelt
No comments:
Post a Comment