How this open source test framework evolves with .NET
Fixie v3 is a work in progress that we intend to release shortly after .NET 5
arrives. .NET 5 is the resolution to the .NET Framework vs. .NET Core
development lines, arriving at One .NET. Instead of fighting it, we're
following Microsoft's evolution: Fixie v3 will no longer run on the .NET
Framework. Removing .NET Framework support allowed us to remove a lot of old,
slow implementation details and dramatically simplified the regression testing
scenarios we had to consider for reach release. It also allowed us to
reconsider our design. The Big Three requirements changed only slightly: .NET
Core does away with the notion of an App.config file closely tied to your
executable, instead relying on a more convention-based configuration. All of
Fixie's assembly-loading requirements remained. More importantly, the
circumstances around the design changed in a fundamental way: we were no
longer limited to using types available in both .NET Framework and .NET Core.
By promising less with the removal of .NET Framework support, we gained new
degrees of freedom to modernize the system.
A 5-step Guide to Building Empathy that can Boost your Development Career
When you reflect on yourself, also analyze your interactions. When you speak,
do you ramble on? Do you raise your voice easily, or get easily upset? Do you
talk more than listen? How do you come across physically? Do you roll your
eyes, or dart them around the room? Do you slouch or bury your hands in your
pockets? Think about the language you use during conversations. Do you use
habitual phrases that help or hinder your message? Is your language helping
others to pay attention or tune you out? Does it encourage conversations and
build bridges? Are you making others feel heard and respected, or ignored and
underappreciated? To start your self-awareness journey, you can take advantage
of a number of tools: DISC, Real Colors, and Myers-Briggs are all great
starting points to understanding your own personality. These tools are not
there to dictate who you are, but to guide you in understanding who you are.
When you take the quiz, you are essentially having a conversation with that
quiz. The results are simply telling you how you showed up to that
conversation - the outcome is affected by your mood, attitude, energy, recent
events, etc.
New CDRThief malware targets VoIP softswitches to steal call detail records
"At the time of writing we do not know how the malware is deployed onto
compromised devices," Anton Cherepanov, one of ESET's top malware hunters,
wrote in an analysis today. "We speculate that attackers might obtain access
to the device using a brute-force attack or by exploiting a vulnerability.
Such vulnerabilities in VOS2009/VOS3000 have been reported publicly in the
past," Cherepanov added. However, once the malware has a foothold on a Linux
server running Linknat VOS2009 or VOS3000, the malware searches for the
Linknat configuration files and extracts credentials for the built-in MySQL
database, where the softswitch stores call detail records (CDR, aka VoIP
calls metadata). "Interestingly, the password from the configuration file is
stored encrypted," Cherepanov pointed out. "However, Linux/CDRThief malware
is still able to read and decrypt it. Thus, the attackers demonstrate deep
knowledge of the targeted platform, since the algorithm and encryption keys
used are not documented as far as we can tell. It means that the attackers
had to reverse engineer platform binaries or otherwise obtain information
about the AES encryption algorithm and key used in the Linknat code."
Open-sourcing TensorFlow with DirectML
TensorFlow is a widely used machine learning framework for developing,
training, and distributing machine learning models. Machine learning
workloads often involve tremendous amounts of computation, especially when
training models. Dedicated hardware such as the GPU is often used to
accelerate these workloads. TensorFlow can leverage both Central Processing
Units (CPUs) and GPUs, but its GPU acceleration is limited to
vendor-specific platforms that vary in support for Windows and across its
users’ diverse range of hardware. Bringing the full machine learning
training capability to Windows, on any GPU, has been a popular request from
the Windows developer community. The DirectX platform in Windows has been
accelerating games and compute applications on Windows for decades. DirectML
extends this platform by providing high-performance implementations of
mathematical operations—the building blocks of machine learning—that run on
any DirectX 12-capable GPU. We’re bringing high-performance training and
inferencing on the breadth of Windows hardware by leveraging DirectML in the
TensorFlow framework.
Developing a plan for remote work security? Here are 6 key considerations
Training needs to address all aspects of your structure, specifically:
information security, data security, cybersecurity, computer security,
physical security, IoT security, cloud security, and individual security.
Each area of an architecture needs to be tested and hardened regularly for
your organization to truly be shielded from security breaches. Be specific
about your program: train your staff on how to defend your information
around your HR records (SSNs, PII, etc.) and data that could be exposed
(shopping cart, customer card numbers), as well as in cyber defense to
provide tools against nefarious actors, breaches and threats. Staff must be
trained to know how to lock down computers, so individual machines and
network servers are safe. This training should also encompass how to ensure
physical security, to protect your storage or physical assets. This comes
into play more as the IoT plays a larger role in connecting our devices and
BYOD policies allow for more connections to be made between personal and
corporate assets. Individual security: each employee is entitled to be
secure in their work for a company, and that includes privacy concerns and
compliance issues.
Phishing attack baits victims by promising access to quarantined emails
As analyzed by the Cofense Phishing Defense Center, this phishing attack is
directed toward employees within an organization. Impersonating the
technical support team of the user's employer, the campaign pretends to have
quarantined three email messages, blocking them from reaching the
recipient's inbox. Clicking on a link promises access to these messages but
instead directs the person to a phishing page. The user is then prompted to
sign in with their email account credentials, which are then captured by the
attacker. The campaign seems convincing in a variety of ways, according to
Cofense. By spoofing the account of the internal support staff, the phishing
email appears to come from a trusted source. The quarantine notice sounds
real, even claiming that the quarantined messages failed to process and must
be reviewed to confirm their validity. Further, the notice has an air of
immediacy by saying that two of the messages are considered valid and will
be deleted in three days unless action is taken. Such a notice could
convince the recipient that these are messages of importance to their
organization, requiring a quick response to review them before they're gone.
Laying The Groundwork For ‘Fintech 2.0’ With Digital Assets
Increasingly, government entities are interested in stablecoin technology as
well. While it's a promising development in the world of digital assets,
Woodford said he doesn't expect state-back initiatives to go live and take
off anytime soon. Rather, the biggest value in these efforts is in
validating digital assets as a whole. "If you look at what has caused the
shift in mentality in the last 12-18 months, it went from, 'No, we don't
want this,' to, 'No, but this is interesting' to the point now where it's
interesting and people are actively engaging in this space," he explained.
"One of the reasons for that is because of the sentiment, caused by those
government announcements. It's one driver, but it's more important and
meaningful now in terms of how it's adjusted the attitude." The fact is, any
dramatic change in the world's payments landscape isn't going to happen
overnight — certainly not a shift from fiat currency toward digital assets
like bitcoin. It's part of the reason why stablecoin technology is so
popular; it's a blend between fiat and digital currency, and that mix is
critical to driving traction. As such, Zero Hash, which recently announced
the closure of its Series C funding round, is planning to not only augment
its lending offering, but to integrate ACH processing capabilities within
its infrastructure.
Smart contact lens prototype raises eyebrows
The human iris controls pupil size in response to light, a critical function
that allows the retina to take in appropriate sensory information. Too much
light and the world is washed out, too little and it's veiled in darkness. A
host of eye diseases and deficiencies inhibit the iris from responding
appropriately, including aniridia and keratoconus. Light sensitivity,
similarly, is a painful debilitation and is often associated with chronic
migraine. Researchers at Imec, an innovation hub based in Belgium, along
with partners like CMST, a Ghent University-affiliated research group, the
Instituto de Investigación Sanitaria Fundación Jiménez Díaz in Madrid,
Spain, and Holst Centre have been developing an low-powered wearable
solution. The contact lens's iris aperture is tunable thanks to an
integrated liquid crystal display (LCD) that manipulates concentric
rings. "By combining our expertise on miniaturized flexible
electronics, low-power ASIC design and hybrid integration, we have
demonstrated the capacity to develop a solution for people who suffer from
iris deficiencies, higher order aberrations and photophobia, a common yet
debilitating symptom seen in many neuro-ophthalmic disorders," says
researcher prof. Andrés Vásquez
3 tips for supercharging your remote workforce with AI and automation
Organisations today are facing numerous pressures to enable a remote
workforce, particularly in the IT function, since we have entered the
post-Covid era. At a time when the traditional modus operandi is constantly
being tested, there are some ‘new’ approaches that have actually been in use
in other parts of the market for a while now. We can take several lessons
from the consumer tech world and how it leverages automation and AI to
reduce maintenance and ease automation. Let’s take at the Nest thermostat as
an example. A single thermostat changes temperature about 1500 times per
year, so a large house with 3 thermostats changes temperature about 5000
times per year. ... Make sure you have a single API-endpoint in the cloud to
enumerate & automate all of your storage assets on-prem. Having a
cloud-managed platform provides the visibility and orchestration of your
assets across sites, servers and applications and you can take advantage of
a single API in the cloud to then automate all or a portion of those as
needed. You get an aggregated view, or you can filter by data centre or
application, server group, etc. Then ask interesting questions like, where
is there available capacity for a new project?
Plan for change but don’t leave security behind
The best advice is to plan for change – technical, process and culture – but
do not, whatever you do, leave security till last. It has to be front and
centre of any plans you make. One concrete change that you can make
immediately is taking your security people off just “fire-fighting duty”,
where they have to react to crises as they come in: businesses can consider
how to use them in a more proactive way. People don’t scale, and there’s a
global shortage of security experts. So, you need to use the ones that you
have as effectively as you can, and, crucially, give them interesting work to
do, if you plan to retain them. It’s almost guaranteed that there are ways to
extend their security expertise into processes and automation which will
benefit your broader teams. At the same time, you can allow those experts to
start preparing for new issues that will arise, and investigating new
technologies and methodologies which they can then reapply to business
processes as they mature. ... One of the main mistakes we see businesses make
is attempting to deploy Kubernetes without the appropriate level of in house
expertise. Kubernetes is an ecosystem, rather than a one-off executable, that
relies on other services provided by open source projects.
Quote for the day:
"Leadership flows from the minds of followers more than from the titles of leaders, more from the perception of willing followers than from anointment." -- Lane Secretan
