What is Blockchain as a Service (BaaS) in the Tech Industry?
Blockchain is becoming more and more popular not just in Cryptocurrency but in
the financial transactions where security and transparency is a must. However,
it is very expensive and technologically complicated to create, maintain, and
operate a blockchain. That is why many smaller and mid-level companies are
hesitant to invest fully in blockchain even though its advantages are obvious.
However, Blockchain as a Service can easily resolve this problem. This is
based on the Software as a Service (SaaS) model where a company specifically
invests in creating, maintaining, and operating a blockchain. This company can
then offer the advantages of blockchain to other companies as a service while
charging a fee. They can offer blockchain on any of the available distributed
ledgers like Ethereum, Bitcoin, R3 Corda, Hyperledger Fabric, Quorum, etc.
along with the peripheral services such as system security, bandwidth
management, resource optimization, etc. In this way, many smaller and
mid-level companies who don’t want to build and maintain their own blockchain
systems from scratch can still obtain the advantages of blockchain for a
nominal fee. These companies can focus on their core business and obtain value
addition from the blockchain without needing to become experts in the
technology.
How companies can overcome the content processing drawbacks of RPA
While the need to enlist assistance from additional software is valid,
organisations must be careful about overspending, and ensure that the tools
they invest in are for a clear, specific purpose. ... “There’s a couple of
different ways for customers to overcome these shortcomings. One is to buy a
tailored point solution like an OCR tool, which can extract data from
documents, or they could invest in a workflow tool to help them orchestrate
robots and humans, or perhaps buy some machine learning from Google to try and
extract insights from their complex documents. These tools are designed to
solve a very narrow set of problems, within tight parameters. “However, each
of these has its own technical challenges; when embarking on one of these
projects, you face significant cost, plus you need the right skills and tech
to support each initiative. Each use case needs to be treated as an individual
project, because you’re effectively buying for that particular need, and if
you have lots of different types of data in your organisation, lots of
different processes that have this level of unstructured data, you need to
start again each time and buy the right solution to fix each individual
problem.
Red Hat Envisions Linux Operating System As More Than ‘Just A Commodity’
Enterprise Linux company Red Hat has wanted users to think more of their
operating ‘engines’ for some time now, long before the company’s acquisition
and integration into the IBM family back in 2018. The company released its Red
Hat Enterprise Linux 7 software back in June 2014 and followed up with Red Hat
Enterprise Linux 8 in May last year. Known affectionately among the developer
cognoscenti as RHEL (pronounced ‘rel’, as in relate, relish or relax), Red Hat
has been building its software to specifically align to cloud-native
computing, containers (a way of breaking application functions into smaller
discrete blocks) and all forms of automation and AI-fuelled autonomous
computing. Underpinning all the individual functions that it puts into its
enterprise operating system is a desire for departments, teams and individual
users to consider the OS as a performance vehicle in and of itself i.e.
something more than just a commodity engine. If that sounds like marketing
spin, then it probably is… so can the company substantiate any of that gloss
and explain how the engine in your computer system might actually change the
way we work?
T2 security chip on Macs can be hacked to plant malware; cannot be patched
The attack requires combining two other exploits that were initially used for
jailbreaking iOS devices — namely Checkm8 and Blackbird. This works because of
some shared hardware and software features between T2 chips and iPhones and
their underlying hardware. According to a post from Belgian security firm
ironPeak, jailbreaking a T2 security chip involves connecting to a Mac/MacBook
via USB-C and running version 0.11.0 of the Checkra1n jailbreaking software
during the Mac’s boot-up process. Per ironPeak, this works because “Apple left
a debugging interface open in the T2 security chip shipping to customers,
allowing anyone to enter Device Firmware Update (DFU) mode without
authentication.” “Using this method, it is possible to create an USB-C cable
that can automatically exploit your macOS device on boot,” ironPeak said. This
allows an attacker to get root access on the T2 chip and modify and take
control of anything running on the targeted device, even recovering encrypted
data […] The danger regarding this new jailbreaking technique is pretty
obvious. Any Mac or MacBook left unattended can be hacked by someone who can
connect a USB-C cable, reboot the device, and then run Checkra1n 0.11.0.
Classifying Your Third Parties: An Essential Third Party Due Diligence First Step
Of course, this brings us to ask when a company “knows” that a third party
will make an improper payment. Under the FCPA, a person has the requisite
knowledge to be liable when he or she is aware of the potential wrongdoing,
cognizant of a high probability of the existence of such wrongdoing, or
intentionally ignorant of the potential wrongdoing. In other words, Congress
did not want to allow people to “sneak around” the FCPA by using a third
party. As Congress made clear, it meant to impose liability not only on
those with actual knowledge of wrongdoing, but also on those who purposefully
avoid actual knowledge: [T]he so-called “head-in-the-sand” problem – variously
described in the pertinent authorities as “conscious disregard,” “willful
blindness” or “deliberate ignorance” – should be covered so that management
officials could not take refuge from the Act’s prohibitions by their
unwarranted obliviousness to any action (or inaction), language or other
“signaling device” that should reasonably alert them of the “high probability”
of an FCPA violation.”
People-focused digital transformation: What benefit does it have for your employees?
“Digitally mature” companies, where leadership teams are proactively jumping
on and implementing digital trends, are increasingly becoming a must-have for
job-seekers. From attracting to retaining talent, organizations that are
pioneering a digital strategy for their processes, efficiently using
technology and adapting in line with digital, will undoubtedly see more
success than organizations that don’t. The focus is no longer just on what an
employee can bring to a company but also on what the company can deliver to
the employee to develop their skill sets in preparation for the next step of
their career. And, with research revealing that the benefits of a
digital-first company include improved operational efficiencies as well as
having a faster time to market, it’s clear why a prospective employee would
opt for a digitally transformed company over one that still runs with mostly
manual processes. Factors such as remote working, the use of technology to
improve productivity and developing skills away from an office-based
environment can lead to people enjoying their jobs more.
New ransomware vaccine kills programs wiping Windows shadow volumes
This weekend, security researcher Florian Roth released the 'Raccine'
ransomware vaccine that will monitor for the deletion of shadow volume copies
using the vssadmin.exe command. "We see ransomware delete all shadow copies
using vssadmin pretty often. What if we could just intercept that request and
kill the invoking process? Let's try to create a simple vaccine," Raccine's
GitHub page explains. Raccine works by registering the raccine.exe executable
as a debugger for vssadmin.exe using the Image File Execution Options Windows
registry key. Once raccine.exe is registered as a debugger, every time
vssadmin.exe is executed, it will also launch Raccine, which will check to see
if vssadmin is trying to delete shadow copies. If it detects a process is
using 'vssadmin delete' or 'vssadmin resize shadowstorage' it will
automatically terminate the process, which is usually done before ransomware
begins encrypting files on a computer. It should also be noted that Raccine
may terminate legitimate software that uses vssadmin.exe as part of their
backup routines. Roth plans on adding the ability to allow certain programs to
bypass Raccine in the future so that they are not mistakenly terminated.
The Abyss of Ignorable: A Route into Chaos Testing from Starling Bank
Imagine if every abstraction came with a divinely guaranteed SLA. (They don’t.)
Every class and method call, every library and dependency. Pretend that the SLA
is a simple percentage. (They never are.) There are some SLAs (100%, fifty
nines) for which it would be wrong to even contemplate failure let alone handle
it or test for it. The seconds you spent thinking about it would already be
worth more than the expected loss from failure. In such a world you would still
code on the assumption that there are no compiler bugs, JVM bugs, CPU
instruction bugs - at least until such things were found. On the other hand
there are SLAs (95%, 99.9%) for which, at reasonable workloads, failure is
effectively guaranteed. So you handle them, test for them and your diligence is
rewarded. We get our behaviour in these cases right. We rightly dismiss the
absurd and handle the mundane. However, human judgement fails quite badly when
it comes to unlikely events. And when the cost of handling unlikely events (in
terms of complication) looks unpleasant, our intuition tends to reinforce our
laziness. A system does not have to be turbulent or complex to expose
this.
Announcing third-party code scanning tools: static analysis & developer security training
Code scanning is a developer-first, GitHub-native approach to easily find
security vulnerabilities before they reach production. Code scanning is
powered by GitHub’s CodeQL static scanning engine and is extensible to include
third-party security tools. Extensibility provides a lot of flexibility and
customizability for teams while maintaining the same user experience for
developers. This capability is especially helpful if you: Work at a large
organization that’s grown through acquisitions and has teams running different
code scanning tools; Need additional coverage for specific areas such as
mobile, Salesforce development, or mainframe development; Need customized
reporting or dashboarding services; Or simply want to use your preferred
tools while benefiting from a single-user experience and single API. What
makes this possible is GitHub code scanning’s API endpoint that can ingest
scan results from third-party tools using the open standard Static Analysis
Results Interchange Format (SARIF). Third-party code scanning tools are
initiated with a GitHub Action or a GitHub App based on an event in GitHub,
like a pull request.
It's Not Magic, It's Elastic: Getting Digital Transformation Right
Covid-19 battered many sectors, and the restaurant industry was certainly near
the top of the list. Yet while lockdowns and contagion fears cratered restaurant
sales in the second quarter of 2020, fast-casual chain and PwC customer
Chipotle’s revenue only fell a modest 4.8%. How did they pull that off? By
growing digital sales by 216%. By July, the company’s sales were rising again.
Digital sales still continued to rise, too. They provided nearly half of
Chipotle’s July sales. This is elasticity — a quick pivot to digital sales,
then keeping that online revenue growing even as in-person purchases pick up
again. Another fast-casual chain, Panera, also pivoted fast during the
epidemic’s peak. While on-site dining was shut down, Panera stores sold
groceries and offered them for curbside pickup. Or consider lodging, another
sector that the epidemic hit especially hard. Red Roof Inns seemed to realize
that their “essential” offering was private space with WiFi — so they started
offering day rates to people who wanted to work from anywhere but home. These
companies were elastic because they built out their digital infrastructure.
Quote for the day:
"If you want people to to think, give them intent, not instruction." -- David Marquet
