Daily Tech Digest - December 12, 2024

The future of AI regulation is up in the air: What’s your next move?

The problem is, Jones says, is that lack of regulations boils down to a lack of accountability, when it comes to what your large language models are doing — and that includes hoovering up intellectual property. Without regulations and legal ramifications, resolving issues of IP theft will either boil down to court cases, or more likely, especially in cases where the LLM belongs to a company with deep pockets, the responsibility will slide downhill to the end users. And when profitability outweighs the risk of a financial hit, some companies are going to push the boundaries. “I think it’s fair to say that the courts aren’t enough, and the fact is that people are going to have to poison their public content to avoid losing their IP,” Jones says. “And it’s sad that it’s going to have to get there, but it’s absolutely going to have to get there if the risk is, you put it on the internet, suddenly somebody’s just ripped off your entire catalog and they’re off selling it directly as well.” ... “These massive weapons of mass destruction, from an AI perspective, they’re phenomenally powerful things. There should be accountability for the control of them,” Jones says. “What it will take to put that accountability onto the companies that create the products, I believe firmly that that’s only going to happen if there’s an impetus for it.”


Leading VPN CCO says digital privacy is "a game of chess we need to play"

Sthanu calls VPNs a first step, and puts forward secure browsers as a second. IPVanish recently launched a secure browser, which is an industry first, and something not offered by other top VPN providers. "It keeps your browser private, blocking tracking, encrypting the sessions, but also protecting your device from any malware," Sthanu said. IPVanish's secure browser utilises the cloud. Session tracking, cookies, and targeting are all eliminated, as web browsing operates in a cloud sandbox. ... Encrypting your data is a vital part of what VPNs do. AES 256-bit and ChaCha20 encryption are currently the standards for the most secure VPNs, which do an excellent job at encrypting and protecting your data. These encryption ciphers can protect you against the vast majority of cyber threats out there right now – but as computers and threats develop, security will need to develop too. Quantum computers are the next stage in computing evolution, and there will come a time, predicted to be in the next five years, where these computers can break 256-bit encryption – this is being referred to as "Q-day." Quantum computers are not readily available at this moment in time, with most found in universities or research labs, but they will become more widespread. 


Kintsugi Leaders: Conservers of talent who convert the weak into winners

Profligate Leaders are not only gluttonous in their appetite for consuming resources, they are usually also choosy about the kind they will order. Not for them the tedious effort of using their own best-selling, training cookbook for seasoning and stirring the youth coming out from the country’s stretched and creaking educational system. On the contrary, they push their HR to queue up for ready-cooked candidates outside the portals of elite institutes on day zero. ... Kintsugi Leaders can create nobility of a different kind if they follow three precepts. The central one is the willingness to bet big and take risks on untried talent. In one of my Group HR roles, eyebrows were raised when I placed the HR leadership of large businesses in the hands of young, internally groomed talent instead of picking stars from the market. ... There is a third (albeit rare) kind of HR leader: the Trusted Transformer who can convert a Profligate Leader into the Kintsugi kind. Revealable corporate examples are thin on the ground. In keeping with the Kintsugi theme, then, I have to fall back on Japan. Itō Hirobumi had a profound influence on Emperor Meiji and played a pivotal role in shaping the political landscape of Meiji-era Japan.


4 North Star Metrics for Platform Engineering Teams

“Acknowledging that DORA, SPACE and DevEx provide different slivers or different perspectives into the problem, our goal was to create a framework that encapsulates all the frameworks,” Noda said, “like one framework to rule them all, that is prescriptive and encapsulates all the existing knowledge and research we have.” DORA metrics don’t mean much at the team level, but, he continued, developer satisfaction — a key measurement of platform engineering success — doesn’t matter to a CFO. “There’s a very intentional goal of making especially the key metrics, but really all the metrics, meaningful to all stakeholders, including managers,” Noda said. “That enables the organization to create a single, shared and aligned definition of productivity so everyone can row in the same direction.” The Core 4 key metrics are:An average of diffs per engineer is used to measure speed. The Developer Experience Index, or homegrown developer experience surveys, is used to measure effectiveness. A change failure rate is used to measure quality. The percentage of time spent on new capabilities to measure impact. DX’s own DXI, which uses a standardized set of 14 Likert-scale questions — from strongly agree to strongly disagree — is currently only available to DX users.


The future of data: A 5-pillar approach to modern data management

To succeed in today’s landscape, every company — small, mid-sized or large — must embrace a data-centric mindset. This article proposes a methodology for organizations to implement a modern data management function that can be tailored to meet their unique needs. By “modern”, I refer to an engineering-driven methodology that fully capitalizes on automation and software engineering best practices. This approach is repeatable, minimizes dependence on manual controls, harnesses technology and AI for data management and integrates seamlessly into the digital product development process. ... Unlike the technology-focused Data Platform pillar, Data Engineering concentrates on building distributed parallel data pipelines with embedded business rules. It is crucial to remember that business needs should drive the pipeline configuration, not the other way around. For example, if preserving the order of events is essential for business needs, the appropriate batch, micro-batch or streaming configuration must be implemented to meet these requirements. Another key area involves managing the operational health of data pipelines, with an even greater emphasis on monitoring the quality of the data flowing through the pipeline. 


How and Why the Developer-First Approach Is Changing the Observability Landscape

First and foremost, developers aim to avoid issues altogether. They seek modern observability solutions that can prevent problems before they occur. This goes beyond merely monitoring metrics: it encompasses the entire software development lifecycle (SDLC) and every stage of development within the organization. Production issues don't begin with a sudden surge in traffic; they originate much earlier when developers first implement their solutions. Issues begin to surface as these solutions are deployed to production and customers start using them. Observability solutions must shift to monitoring all the aspects of SDLC and all the activities that happen throughout the development pipeline. This includes the production code and how it’s running, but also the CI/CD pipeline, development activities, and every single test executed against the database. Second, developers deal with hundreds of applications each day. They can’t waste their time manually tuning alerting for each application separately. The monitoring solutions must automatically detect anomalies, fix issues before they happen, and tune the alarms based on the real traffic. They shouldn’t raise alarms based on hard limits like 80% of the CPU load.


We must adjust expectations for the CISO role

The sense of vulnerability CISOs feel today is compounded by a shifting accountability model in the boardroom. As cybersecurity incidents make front-page news more frequently, boards and executive teams are paying closer attention. This increased scrutiny is a double-edged sword: on the one hand, it can mean greater support and resources; on the other, it often translates to CISOs being in the proverbial hot seat. What’s more, cybersecurity is still a rapidly evolving field with few long-standing best practices. It’s a space marked by constant adaptation, bringing a certain degree of trial and error. When an error occurs—especially one that leads to a breach—the CISO’s role is scrutinized. While the entire organization might have a role in cybersecurity, CISOs are often expected to bear the brunt of accountability. This dynamic is unsettling for many in the position, and the 99% of CISOs who fear for their job security in the event of a breach clearly illustrates this point. So, what can be done? Both organizations and CISOs are responsible for recalibrating expectations and addressing the root causes of these pervasive job security fears. For organizations, a starting point is to shift cybersecurity from a reactive to a proactive stance. Investing in continuous improvement—whether through advanced security technologies, employee training, or cyber insurance—is crucial.


Bug bounty programs can deliver significant benefits, but only if you’re ready

The most significant benefit of a bug bounty program is finding vulnerabilities an organization might not have otherwise discovered. “A bug bounty program gives you another avenue of identifying vulnerabilities that you’re not finding through other processes,” such as internal vulnerability scans, Stefanie Bartak, associate director of the vulnerability management team at NCC Group, tells CSO. Establishing a bug bounty program signals to the broader security research community that an organization is serious about fixing bugs. “For an enterprise, it’s a really good way for researchers, or anyone, to be able to contact them and report something that may not be right in their security,” Louis Nyffenegger, CEO of PentesterLab, tells CSO. Moreover, a bug bounty program will offer an organization a wider array of talent to bring perspectives that in-house personnel don’t have. “You get access to a large community of diverse thinkers, which help you find vulnerabilities you may otherwise not get good access to,” Synack’s Lance says. “That diversity of thought can’t be underestimated. Diversity of thought and diversity of researchers is a big benefit. You get a more hardened environment because you get better or additional testing in some cases.”


Harnessing SaaS to elevate your digital transformation journey

The impact of AI-driven SaaS solutions can be seen across multiple industries. In retail, AI-powered SaaS platforms enable businesses to analyze consumer behavior in real-time, providing personalized recommendations that drive sales. In manufacturing, AI optimizes supply chain management, reducing waste and increasing productivity. In the finance sector, AI-driven SaaS automates risk assessment, improving decision-making and reducing operational costs. ... As businesses continue to adopt SaaS and AI-driven solutions, the future of digital transformation looks promising. Companies are no longer just thinking about automating processes or improving efficiency, they are investing in technologies that will help them shape the future of their industries. From developing the next generation of products to understanding their customers better, SaaS and AI are at the heart of this evolution. CTOs, like myself, are now not only responsible for technological innovation but are also seen as key contributors to shaping the company’s overall business strategy. This shift in leadership focus will be critical in helping organizations navigate the challenges and opportunities of digital transformation. By leveraging AI and SaaS, we can build scalable, efficient, and innovative systems that will drive growth for years to come. 


What makes product teams effective?

More enterprises are adopting a cross-functional team model, yet many still tend to underinvest in product management. While they make sure to fill the product owner role—a person accountable for translating business needs into technology requirements—they do not always choose the right individual for the product manager role. Effective product managers are business leaders with the mindset and technical skills to guide multiple product teams simultaneously. They shape product strategy, define requirements, and uphold the bar on delivery quality, usually partnering with an engineering or technology lead in a two-in-a-box model. ... Unsurprisingly, when organizations recognize individual expertise, provide options for career progression, and base promotions on capabilities, employees are more engaged and satisfied with their teams. Similarly, by standardizing and reducing the overall number of roles, organizations naturally shift to a balanced ratio of orchestrators (minority) to doers (majority), which increases team capacity without hiring more employees. This shift helps ensure teams can meet their delivery commitments and creates a transparent environment where individuals feel empowered and informed.


Quote for the day:

“Things come to those who wait, but only the things left by those who hustle” -- Abraham Lincoln
Posted by at
Labels: , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)