Daily Tech Digest - September 08, 2023

Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk

One widespread concern over AI is that the systems will replace developers: 36% of developers worry that they will be replaced by an AI system. Yet the GitLab survey also gave more weight to arguments that disruptive technologies result in more work for people: Nearly two-thirds of companies hired employees to help manage AI implementations. Part of the concern seem to be generational. More experienced developers tend not to accept the code suggestions made by AI systems, while more junior developers are more likely to accept them, Lemos says. Yet both are looking to AI to assist them with the most boring work, such as documentation and creating unit tests. "I'm seeing a lot more developers raising the idea of having their documentation written by AI, or having test coverage written by AI, because they care less about the quality of that code, but just that the test works," he says. "There's both a security and a development benefit in having better test coverage, and it's something that they don't have to spend time on."

Feds Urge Immediately Patching of Zoho and Fortinet Products

CISA found that beginning in January, multiple APT groups separately exploited two different critical vulnerabilities to gain unauthorized access and exfiltrate data from the organization. Both of the unrelated flaws - CVE-2022-47966 in Zoho ManageEngine and CVE-2022-42475 in Fortinet FortiOS SSL VPN - have been classified as being of critical severity, meaning they can be exploited to remotely execute code, allowing attackers to take control of the system and pivot to other parts of the network. Each of the vendors issued updates patching their flaws in late 2022. Researchers refer to these as N-day vulnerabilities, meaning known flaws, as opposed to zero-day vulnerability for which no patch is yet available. The alert, issued by CISA, the FBI and U.S. Cyber Command's Cyber National Mission Force, includes details of how attackers used each of the flaws to gain wider access to victims' networks. The advisory doesn't state which nation or nations' APT groups have been tied to known exploits of these flaws. 

Scrum Master Skills We Rarely Talk About: Change Management

The initial stride towards constructing a "compelling case for change" is the vision of the type of Organization we aspire to become. It's crucial to emphasize that the organization's mode of operation should never serve as the ultimate goal in itself. Rather, it serves as a supplementary element that "enables" the organization in the pursuit of its objectives. This, in turn, gives rise to the necessity for change, marking the starting point of the entire process. A clearly expressed need for change (or the response to the question "Why exactly?") opens the gateway to the subsequent consideration: how should our Organization function to realize its goals? This is what we refer to as the Ideal State. Once we've defined the Ideal State of the organization, we can precisely articulate the exact optimizations required, alongside the pivotal indicators we will employ to monitor our progress throughout the change process. The Optimization Goal acts as our compass, guiding the direction of change or indicating precisely what adjustments need to be made.

Cloud first is dead—cloud smart is what’s happening now

Cloud smart involves making the best use of cloud concepts whether they are on premises or off and fundamentally making the most rational choice of locality as part of the thinking. A cloud smart architectural approach is essential because it enables enterprises to optimize their on-premises IT infrastructure and leverage the benefits of the cloud as well. With cloud smart architecture, enterprises can design and deploy highly available, scalable, and resilient solutions that have cloud operating characteristics to adapt to their changing business needs. After the initial rush to public cloud, this belated dose of reality is a positive. It reflects the recognition that there needs to be a smarter balance right between what's on premises vs. what's in the public cloud. Knowing how to strike the right balance—with the understanding that not every application is meant for the cloud—can ensure that you optimize performance, reliability, and cost, driving better long-term outcomes for your organization.

Are We Ready for a World Without Passwords?

Passwordless authentication simply means eliminating passwords. FIDO Alliance introduced FIDO2, a universally accepted authentication protocol offering frictionless, phishing-resistant, passwordless authentication. FIDO2 allows users to authenticate a web, SaaS, or mobile application using native device biometrics or PIN from their laptop, desktop or mobile phone. The user can access any application with a simple swipe on the fingerprint reader, a face nod to the camera or by entering a static PIN on their device. FIDO2 passwordless authentication is MFA by default and phishing resistant since the attacker needs physical access to the device and also access to the user’s PIN or biometrics. FIDO2 uses cryptographic keys (public and private) where the private key and the user’s biometric data do not leave the user’s device, thereby protecting the user’s privacy. It also prevents user activity tracking across services since a unique set of credentials is generated for each service. 

Is Security a Dev, DevOps or Security Team Responsibility?

Security is not the job of any one group or type of role. On the contrary, security is everyone’s job. Forward-thinking organizations must dispense with the mindset that a certain team “owns” security, and instead embrace security as a truly collective team responsibility that extends across the IT organization and beyond. After all, there is a long list of stakeholders in cloud security, including: Security teams, who are responsible for understanding threats and providing guidance on how to avoid them; Developers, who must ensure that applications are designed with security in mind and that they do not contain insecure code or depend on vulnerable third-party software to run; ITOps engineers, whose main job is to manage software once it is in production and who therefore play a leading role both in configuring application-hosting environments to be secure and in monitoring applications to detect potential risks; DevOps engineers, whose responsibilities span both development and ITOps work, placing them in a position to secure code during both the development and production stages.

Windows desktop apps are the future (with or without Windows)

Microsoft is betting big on this with Windows 365. Currently available only for businesses, Windows 365 is a Windows desktop-as-a-service hosted by Microsoft. Businesses can set up their employees with remotely accessed Windows desktops. Those employees can access them through nearly any device: a Chromebook, Mac, iPad, Android tablet, smart TV, smartphone, or whatever — even from a PC. Microsoft is building better support for accessing Windows 365 desktops into Windows 11, letting you flip between your cloud PC and local PC from the “Task View” button on your taskbar or even boot straight to a Windows 365 cloud PC desktop on a physical Windows 11 PC. While this is only for businesses at the moment, internal documents show Microsoft is working on Windows 365 cloud PC plans for home users. It’s not just about Microsoft, either. Even Google now has a new solution for running Windows apps natively in ChromeOS called “ChromeOS Virtual App Delivery.” 

How Failures Lead to Innovation

When failure occurs, not giving up or abandoning your idea is essential. Instead, look at the problem differently and find a new solution. This process involves a series of steps that, when combined, can lead to groundbreaking innovation. First, there’s a need to reassess your vision and redefine your objectives. What was the original goal? Is it still relevant, or does the failure open up a new direction that could be more beneficial? Second, identify the root cause of the failure and understand its implications. This is where a deep dive into the details is crucial. In doing so, you might uncover overlooked opportunities or hidden insights. Third, brainstorm new solutions. Use the knowledge from the failure to think of innovative approaches or strategies that could work better. Fourth, prototype and test these new ideas. Not every new idea will be successful, but through prototyping and testing, you’ll get closer to finding a solution that works. Fifth, iterate on the process. Innovation is rarely a one-off event. It’s a continuous learning process, designing, testing, and refining.

Velocity Over Speed, A Winner Every Time

Precision Bias is the utterly false belief we can predict any time length ever. No one saw covid coming. So, every damn prediction at the time did not come true. And while most delays are not caused by such global meltdowns, they still happen. But the addiction to speed itself is one of the largest factors in slowing down our delivery times. To understand velocity, we have to understand value. Both intangible value and direct value. I call this ‘soaking in numbers’. When I am with a new client (read my article on clients vs. customers) I like to read here and learn every value metric they find important. I want mean time to recover. I want the number of new customers per day. I want net promoter scores, profitability, lead times, partner surveys, employee turnover, all of it. These are the language of value that a set of stakeholders uses to describe value. Notice how few of those measures involve speed numbers? I guesstimate that only 10-15 % of any set of measures will be speed related. In fact, speed will cause many of those metrics to fail. Too many new hires, too many orders, too many acquisitions.

How to Succeed with Unifying DataOps and MLOps Pipelines

How to actually integrate data and ML pipelines depends on an organization’s existing overall structure. “Organizations are essentially either centralized or decentralized,” Kobielus said. For those that are already centralized to one degree or another, unifying data and ML pipelines is really just a question of converging the existing back ends -- often in the form of a data lakehouse. In the case of a more decentralized organization, Kobielus explained, unification of the different back ends requires an abstraction layer that enables users to query data in a uniform, simplified way across all the disparate environments where it may reside. For many organizations, this layer is taking the form of a data mesh or a data fabric that consolidates access to data and analytics across a range of environments. “The bottom line for success,” Kobielus said, “is to what extent you can build more monetizable data and analytics and the degree to which you can automate all of it. That automation needs to happen on the back end.” 

Quote for the day:

"If you set your goals ridiculously high and it's a failure, you will fail above everyone else's success." --James Cameron

No comments:

Post a Comment