Are You Delivering on Developer Experience?
A critical concept in modern developer experience is the “inner loop” of
feedback on code changes. When a developer has a quick and familiar system to
get feedback on their code, it encourages multiple cycles of testing and
experimentation before code is deployed to a final test environment or
production. The “outer loop” of feedback involves a more formal process of
proposing tests, merging changes, running integration and then end-to-end tests.
When problems are found on the outer loop, the result is larger, slower
deployments with developers receiving feedback hours or days after they write
code. Outer loop testing can still be testing that is automated and kicked off
by the original developer, but another common issue with feedback that comes
later in the release cycle is that it comes from human testers or others in the
release process. This often results in feedback that is symptomatic rather than
identifying root causes. When feedback isn’t clear, it’s as bad or worse than
unclear requirements: Developers can’t work quickly on problems they haven’t
diagnosed, and they’ve often moved on to other projects in the time between
deployment and finding an issue.
The digital tapestry: Safeguarding our future in a hyper-connected world
Data centers, acting as the computational hearts, power grids as the electrical
circulatory system, and communication networks as the interconnected neural
pathways – these elements form the infrastructure that facilitates the flow of
information, the very essence of modern life. But like any complex biological
system, they have vulnerabilities. A sophisticated cyberattack can infiltrate a
data center, disrupting critical services. A natural disaster can sever
communication links, isolating entire regions. These vulnerabilities highlight
the paramount importance of resilience. We must design and maintain
infrastructure that can withstand these disruptions, adapt to changing demands,
and recover swiftly from setbacks. This intricate dance becomes even more
critical as we attempt to seamlessly integrate revolutionary technologies like
artificial intelligence (AI) into the fabric of our critical infrastructure. As
we know, AI offers incredible potential, functioning like a highly sophisticated
adaptive learning algorithm within the data center and critical infrastructure
network.
5 Strategies To Get People To Listen To You At Work
Credibility is currency at work. It is built over time, not by title or
position but through displays of integrity, expertise, and knowledge. To be
considered credible we need to have something valuable to say, and we can hone
that by investing in continuous learning, staying abreast of industry trends,
and demonstrating an ability to contribute to the success of the team through
our actions and contributions. ... Tailor your message to resonate with the
concerns, interests, and communication preferences of those you’re addressing.
Speaking to executives, for instance, demands clarity, brevity, and alignment
with strategic goals. Anticipate their probing questions about risks and
opportunities and emphasize the impact on the bottom line. ... When people
come to speak with you, silence your phone and computer and give them your
full attention. Ask them follow-up questions, take notes, and adopt a mindset
of learning. By demonstrating genuine interest and appreciation for your team
members’ viewpoints, you will foster a culture of collaboration and mutual
respect that encourages others to listen to you in turn.
Thinking outside the code: How the hacker mindset drives innovation
The hacker mindset has a healthy disrespect for limitations. It enjoys
challenging the status quo and looking at problems with a “what if” mentality:
“what if a malicious actor did this?” or “what if we look at data security
from a different angle? This pushes tech teams to think outside the code, and
explore more unconventional solutions. In its essence, hacking is about
creating new technologies or using existing technologies in unexpected ways.
It’s about curiosity, the pursuit for knowledge, wondering “what else can this
do?” I can relate this to movies like The Matrix; it’s about not accepting
reality as a “read-only” situation. It’s about changing your technical
reality, learning which software elements can be manipulated, changed or
re-written completely. ... Curiosity is one of the most important elements to
fuel growth. Organizations with a “question everything” attitude will be the
first to adapt to new threats; first to seize opportunities; and last to
become obsolete. For me, ideal organizations are tech-driven playgrounds that
encourage experimentation and celebrate failure as progress.
SAS Viya and the pursuit of trustworthy AI
Ensuring ethical use of AI starts before a model is deployed—in fact, even
before a line of code is written. A focus on ethics must be present from the
time an idea is conceived and persist through the research and development
process, testing, and deployment, and must include comprehensive monitoring
once models are deployed. Ethics should be as essential to AI as high-quality
data. It can start with educating organizations and their technology leaders
about responsible AI practices. So many of the negative outcomes outlined here
arise simply from a lack of awareness of the risks involved. If IT
professionals regularly employed the techniques of ethical inquiry, the
unintended harm that some models cause could be dramatically reduced. ...
Because building a trustworthy AI model requires a robust set of training
data, SAS Viya is equipped with strong data processing, preparation,
integration, governance, visualization, and reporting capabilities. Product
development is guided by the SAS Data Ethics Practice (DEP), a
cross-functional team that coordinates efforts to promote the ideals of
ethical development—including human centricity and equity—in data-driven
systems.
From skepticism to strength: The evolution of Zero Trust
The core concepts are the same. The principle of least privilege and assume
breach mentality are still key. For example, backup management systems must be
isolated on the network so that no unauthenticated users can access it.
Likewise, the backup storage system itself must be isolated. Immutability is
also key. Having backup data that cannot be changed or tampered with means if
repositories are reached by attacks like ransomware, they cannot be affected
by its malware. Assuming a breach also means businesses should not implicitly
‘trust’ their backups after an attack. Having processes to properly validate
the backup or ‘clean’ it before attempting system recovery is vital to ensure
you are not simply restoring a still-compromised environment. The final layer
of distrust is to have multiple copies of your backups – fail-safes in case
one (or more) are compromised. The best practice is to have three copies of
your backup, two stored on different media types, one stored onsite, and one
kept offline. With these layers of resilience, you can start to consider your
backup as Zero Trust. With Zero Trust Data Resilience, just like zero trust,
it is a journey. You cannot implement it all at once.
Where in the world is your AI? Identify and secure AI across a hybrid environment“
Your AI strategy is as good as your data strategy,” says Brad Arkin, chief
trust officer at Salesforce. “Organizations adopting AI must balance trust
with innovation. Tactically, that means companies need to do their diligence —
for example, taking the time to classify data and implement specific policies
for AI use cases.” ... Threat vectors like the DNS or APIs connecting to
backend or cloud-based data lakes or repositories, particularly over IoT
(internet of things), constitute two major vulnerabilities to sensitive data,
adds Julie Saslow Schroeder, a chief legal officer and pioneer in AI and data
privacy laws and SaaS platforms. “By putting up insecure chatbots connecting
to vulnerable systems, and allowing them access to your sensitive data, you
could break every global privacy regulation that exists without understanding
and addressing all the threat vectors.” ... Arkin says security is a shared
responsibility between cloud/SaaS provider and enterprise customers,
emphasizing optional detection controls like event monitoring and audit trails
that help customers gain insights into who’s accessing their data, for what
purpose, and the type of processing being done.
Where Are You on the Cybersecurity Readiness Index? Cisco Thinks You’re Probably Overconfident
As we noted, cybersecurity readiness is alarmingly low across the board.
However, that’s not reflected in the confidence of the companies that
responded to the Cisco study. Some 80% of respondents, down slightly from last
year, say they’re moderate to very confident in their ability to stay
resilient. Cisco believes their confidence is misplaced and that they have not
assessed the scale of their challenges. I agree that confidence will only get
companies in trouble. With cyber security, it’s best to maintain a healthy
paranoia and plan for the worst. No one thinks they’ll get in a car accident
from texting on their phones until it happens. That’s when people change their
behavior. There are many other revealing takeaways in this nearly 30-page
report. But there’s nothing more alarming that—even after decades of having it
driven home and having boardrooms and c-suites supposedly buy in—cyber threats
are still taken too lightly. There are gaps in maturity, coverage, talent, and
self-awareness. The underlying cause of these gaps is hard to pin down. But it
likely comes from how we can all hold contradictory beliefs in our heads
simultaneously. We can all freely acknowledge that cybersecurity is a
significant threat.
The Global Menace of the Russian Sandworm Hacking Team
The group's ambitions have long been global: "The group’s readiness to conduct
cyber operations in furtherance of the Kremlin’s wider strategic objectives
globally is ingrained in its mandate." Past attacks include a 2016 hack
against the Democratic National Committee, the 2017 NotPetya wave of
encrypting software and the 2018 unleashing of malware known as Olympic
Destroyer that disrupted the winter Olympics being held in South Korea. The
group has recently turned to mobile devices and networks including a 2023
attempt to deploy malware programmed to spy on Ukrainian battlefield
management apps. According to Mandiant, the group is directing and influencing
the development of "hacktivist" identities in a bid to augment the
psychological effects of its operations. Especially following the February
2022 invasion, Sandworm has used a series of pro-Russian Telegram channels
including XakNet Team and Solntsepek to claim responsibility for hacks and
leak stolen information. Sandworm also appears to have a close relationship
with CyberArmyofRussia_Reborn.
How AI is Transforming Traditional Code Review Practices
The most effective use of AI in software development marries its strengths
with the irreplaceable intuition, creativity, and experience of human
developers. This synergistic approach leverages AI for what it does best —
speed, consistency, and automation — while relying on humans for strategic
decision-making and nuanced understanding that AI (currently) cannot
replicate. AI can now be used to address the challenges of traditionally
human-centric process of code reviews. For example, AI can scan entire code
repositories and workflow systems to understand the context in which the
codebase runs. ... Future advancements will see AI evolve into the role of a
collaborator, capable of more complex reasoning, offering design suggestions,
best practices, and even predicting or simulating the impact of code changes
on software functionality and performance. AI can provide deeper insights into
code quality, offer personalized feedback, and play a key role in installing a
culture of learning and improvement within development teams.
Quote for the day:
"It is in your moments of decision
that your destiny is shaped." -- Tony Robbins
No comments:
Post a Comment