Daily Tech Digest - April 17, 2024

Are You Delivering on Developer Experience?

A critical concept in modern developer experience is the “inner loop” of feedback on code changes. When a developer has a quick and familiar system to get feedback on their code, it encourages multiple cycles of testing and experimentation before code is deployed to a final test environment or production. The “outer loop” of feedback involves a more formal process of proposing tests, merging changes, running integration and then end-to-end tests. When problems are found on the outer loop, the result is larger, slower deployments with developers receiving feedback hours or days after they write code. Outer loop testing can still be testing that is automated and kicked off by the original developer, but another common issue with feedback that comes later in the release cycle is that it comes from human testers or others in the release process. This often results in feedback that is symptomatic rather than identifying root causes. When feedback isn’t clear, it’s as bad or worse than unclear requirements: Developers can’t work quickly on problems they haven’t diagnosed, and they’ve often moved on to other projects in the time between deployment and finding an issue. 

The digital tapestry: Safeguarding our future in a hyper-connected world

Data centers, acting as the computational hearts, power grids as the electrical circulatory system, and communication networks as the interconnected neural pathways – these elements form the infrastructure that facilitates the flow of information, the very essence of modern life. But like any complex biological system, they have vulnerabilities. A sophisticated cyberattack can infiltrate a data center, disrupting critical services. A natural disaster can sever communication links, isolating entire regions. These vulnerabilities highlight the paramount importance of resilience. We must design and maintain infrastructure that can withstand these disruptions, adapt to changing demands, and recover swiftly from setbacks. This intricate dance becomes even more critical as we attempt to seamlessly integrate revolutionary technologies like artificial intelligence (AI) into the fabric of our critical infrastructure. As we know, AI offers incredible potential, functioning like a highly sophisticated adaptive learning algorithm within the data center and critical infrastructure network. 

5 Strategies To Get People To Listen To You At Work

Credibility is currency at work. It is built over time, not by title or position but through displays of integrity, expertise, and knowledge. To be considered credible we need to have something valuable to say, and we can hone that by investing in continuous learning, staying abreast of industry trends, and demonstrating an ability to contribute to the success of the team through our actions and contributions. ... Tailor your message to resonate with the concerns, interests, and communication preferences of those you’re addressing. Speaking to executives, for instance, demands clarity, brevity, and alignment with strategic goals. Anticipate their probing questions about risks and opportunities and emphasize the impact on the bottom line. ... When people come to speak with you, silence your phone and computer and give them your full attention. Ask them follow-up questions, take notes, and adopt a mindset of learning. By demonstrating genuine interest and appreciation for your team members’ viewpoints, you will foster a culture of collaboration and mutual respect that encourages others to listen to you in turn.

Thinking outside the code: How the hacker mindset drives innovation

The hacker mindset has a healthy disrespect for limitations. It enjoys challenging the status quo and looking at problems with a “what if” mentality: “what if a malicious actor did this?” or “what if we look at data security from a different angle? This pushes tech teams to think outside the code, and explore more unconventional solutions. In its essence, hacking is about creating new technologies or using existing technologies in unexpected ways. It’s about curiosity, the pursuit for knowledge, wondering “what else can this do?” I can relate this to movies like The Matrix; it’s about not accepting reality as a “read-only” situation. It’s about changing your technical reality, learning which software elements can be manipulated, changed or re-written completely. ... Curiosity is one of the most important elements to fuel growth. Organizations with a “question everything” attitude will be the first to adapt to new threats; first to seize opportunities; and last to become obsolete. For me, ideal organizations are tech-driven playgrounds that encourage experimentation and celebrate failure as progress.

SAS Viya and the pursuit of trustworthy AI

Ensuring ethical use of AI starts before a model is deployed—in fact, even before a line of code is written. A focus on ethics must be present from the time an idea is conceived and persist through the research and development process, testing, and deployment, and must include comprehensive monitoring once models are deployed. Ethics should be as essential to AI as high-quality data. It can start with educating organizations and their technology leaders about responsible AI practices. So many of the negative outcomes outlined here arise simply from a lack of awareness of the risks involved. If IT professionals regularly employed the techniques of ethical inquiry, the unintended harm that some models cause could be dramatically reduced. ... Because building a trustworthy AI model requires a robust set of training data, SAS Viya is equipped with strong data processing, preparation, integration, governance, visualization, and reporting capabilities. Product development is guided by the SAS Data Ethics Practice (DEP), a cross-functional team that coordinates efforts to promote the ideals of ethical development—including human centricity and equity—in data-driven systems. 

From skepticism to strength: The evolution of Zero Trust

The core concepts are the same. The principle of least privilege and assume breach mentality are still key. For example, backup management systems must be isolated on the network so that no unauthenticated users can access it. Likewise, the backup storage system itself must be isolated. Immutability is also key. Having backup data that cannot be changed or tampered with means if repositories are reached by attacks like ransomware, they cannot be affected by its malware. Assuming a breach also means businesses should not implicitly ‘trust’ their backups after an attack. Having processes to properly validate the backup or ‘clean’ it before attempting system recovery is vital to ensure you are not simply restoring a still-compromised environment. The final layer of distrust is to have multiple copies of your backups – fail-safes in case one (or more) are compromised. The best practice is to have three copies of your backup, two stored on different media types, one stored onsite, and one kept offline. With these layers of resilience, you can start to consider your backup as Zero Trust. With Zero Trust Data Resilience, just like zero trust, it is a journey. You cannot implement it all at once. 

Where in the world is your AI? Identify and secure AI across a hybrid environment“

Your AI strategy is as good as your data strategy,” says Brad Arkin, chief trust officer at Salesforce. “Organizations adopting AI must balance trust with innovation. Tactically, that means companies need to do their diligence — for example, taking the time to classify data and implement specific policies for AI use cases.” ... Threat vectors like the DNS or APIs connecting to backend or cloud-based data lakes or repositories, particularly over IoT (internet of things), constitute two major vulnerabilities to sensitive data, adds Julie Saslow Schroeder, a chief legal officer and pioneer in AI and data privacy laws and SaaS platforms. “By putting up insecure chatbots connecting to vulnerable systems, and allowing them access to your sensitive data, you could break every global privacy regulation that exists without understanding and addressing all the threat vectors.” ... Arkin says security is a shared responsibility between cloud/SaaS provider and enterprise customers, emphasizing optional detection controls like event monitoring and audit trails that help customers gain insights into who’s accessing their data, for what purpose, and the type of processing being done.

Where Are You on the Cybersecurity Readiness Index? Cisco Thinks You’re Probably Overconfident

As we noted, cybersecurity readiness is alarmingly low across the board. However, that’s not reflected in the confidence of the companies that responded to the Cisco study. Some 80% of respondents, down slightly from last year, say they’re moderate to very confident in their ability to stay resilient. Cisco believes their confidence is misplaced and that they have not assessed the scale of their challenges. I agree that confidence will only get companies in trouble. With cyber security, it’s best to maintain a healthy paranoia and plan for the worst. No one thinks they’ll get in a car accident from texting on their phones until it happens. That’s when people change their behavior. There are many other revealing takeaways in this nearly 30-page report. But there’s nothing more alarming that—even after decades of having it driven home and having boardrooms and c-suites supposedly buy in—cyber threats are still taken too lightly. There are gaps in maturity, coverage, talent, and self-awareness. The underlying cause of these gaps is hard to pin down. But it likely comes from how we can all hold contradictory beliefs in our heads simultaneously. We can all freely acknowledge that cybersecurity is a significant threat.

The Global Menace of the Russian Sandworm Hacking Team

The group's ambitions have long been global: "The group’s readiness to conduct cyber operations in furtherance of the Kremlin’s wider strategic objectives globally is ingrained in its mandate." Past attacks include a 2016 hack against the Democratic National Committee, the 2017 NotPetya wave of encrypting software and the 2018 unleashing of malware known as Olympic Destroyer that disrupted the winter Olympics being held in South Korea. The group has recently turned to mobile devices and networks including a 2023 attempt to deploy malware programmed to spy on Ukrainian battlefield management apps. According to Mandiant, the group is directing and influencing the development of "hacktivist" identities in a bid to augment the psychological effects of its operations. Especially following the February 2022 invasion, Sandworm has used a series of pro-Russian Telegram channels including XakNet Team and Solntsepek to claim responsibility for hacks and leak stolen information. Sandworm also appears to have a close relationship with CyberArmyofRussia_Reborn.

How AI is Transforming Traditional Code Review Practices

The most effective use of AI in software development marries its strengths with the irreplaceable intuition, creativity, and experience of human developers. This synergistic approach leverages AI for what it does best — speed, consistency, and automation — while relying on humans for strategic decision-making and nuanced understanding that AI (currently) cannot replicate. AI can now be used to address the challenges of traditionally human-centric process of code reviews. For example, AI can scan entire code repositories and workflow systems to understand the context in which the codebase runs. ... Future advancements will see AI evolve into the role of a collaborator, capable of more complex reasoning, offering design suggestions, best practices, and even predicting or simulating the impact of code changes on software functionality and performance. AI can provide deeper insights into code quality, offer personalized feedback, and play a key role in installing a culture of learning and improvement within development teams.

Quote for the day:

"It is in your moments of decision that your destiny is shaped." -- Tony Robbins

No comments:

Post a Comment