The Speed Layer Design Pattern for Analytics
In a modern data architecture, speed layers combine batch and real-time
processing methods to handle large and fast-moving data sets. The speed layer
fills the gap between traditional data warehouses or lakes and streaming tools.
It is designed to handle high-velocity data streams that are generated
continuously and require immediate processing within the context of integrated
historical data to extract insights and drive real-time decision-making. A
“speed layer” is an architectural pattern that combines real-time processing
with the contextual and historical data of a data warehouse or lake. A speed
layer architecture acts as a bridge between data in motion and data at rest,
providing a unified view of both real-time and historical data. ... The speed
layer must provide a way to query and analyze real-time data in real time,
typically using new breakthroughs in query acceleration such as vectorization.
In a vectorized query engine, data is stored in fixed size blocks called
vectors, and query operations are performed on these vectors in parallel, rather
than on individual data elements.
7 steps for implementing security automation in your IT architecture
Security automation is often driven by the need to align with various industry
regulations, best practices, and guidelines, as well as internal company
policies and procedures. Those requirements, combined with constraints on the
human resources available to accomplish them, make automation in this space
critical to success. ... NIST defines a vulnerability as a "weakness in an
information system, system security procedures, internal controls, or
implementation that could be exploited or triggered by a threat source."
Vulnerability scanning is the process of leveraging automated tools to uncover
potential security issues within a given system, product, application, or
network. ... Compliance scanning is the process of leveraging automated tools
to uncover misalignment concerning internal and external compliance. The
purpose of compliance scanning is to determine and highlight gaps that may
exist between legal requirements, industry guidance, and internal policies
with the actual implementation of the given entity.
What an IT career will look like in 5 years
“We will see AI usage increase in software development and testing functions
shifting the role of these employees” toward higher-level, personal-touch
tasks, Huffman says. ... “An augmented workforce experience — across
recruiting, productivity, learning, and more — will certainly be something to
watch, as the level of trust that we will likely put in our AI colleagues may
be surprising,” Bechtel says. “High confidence that AI is delivering the right
analytics and insights will be paramount. To build trust, AI algorithms must
be visible, auditable, and explainable, and workers must be involved in AI
design and output. Organizations are realizing that competitive gains will
best be achieved when there is trust in this technology.” Moreover, increased
reliance on AI for IT support and development work such as entry-level coding,
as well as cloud and system administration will put pressure on IT pros to up
their skills in more challenging areas, says Michael Gibbs, CEO and founder of
Go Cloud Careers.
Use zero-trust data management to better protect backups
Trust nothing, verify everything. "The principle is to never assume any
access request is trustworthy. Never trust, always verify," said Johnny Yu, a
research manager at IDC. "Applying [that principle] to data management would
mean treating every request to migrate, delete or overwrite data as
untrustworthy by default. Applying zero-trust in data management means having
practices or technology in place that verify these requests are genuine and
authorized before carrying out the request." Data backup software can
potentially be accessed by bad actors looking to delete backup data or alter
data retention settings. Zero-trust practices use multifactor authentication
or role-based access control to help prevent stolen admin credentials or rogue
employees from exploiting data backup software. "Zero-trust strategies remove
the implicit trust assumptions of castle-and-moat architectures -- meaning
that anyone inside the moat is trusted," said Jack Poller, a senior analyst at
Enterprise Strategy Group.
Improving CI/CD Pipelines Through Observability
Overall, observability in a CI pipeline is essential for maintaining the
reliability and efficiency of the pipeline and allows developers to quickly
identify and resolve any issues that may arise. It can be achieved by using a
combination of monitoring, logging, and tracing tools, which can provide
real-time visibility into the pipeline and assist with troubleshooting and
root cause analysis. In addition to the above, you can also use observability
tools such as Application Performance Management (APM) solutions like New
Relic or Datadog. APMs provide end-to-end visibility of the entire application
and infrastructure, which in turn gives the ability to identify bottlenecks,
performance issues, and errors in the pipeline. It is important to note that,
observability should be integrated throughout the pipeline, from development
to production, to ensure that any issues can be identified and resolved
quickly and effectively.
Diffusion models can be contaminated with backdoors, study finds
Chen and his co-authors found that they could easily implant a backdoor in a
pre-trained diffusion model with a bit of fine-tuning. With many pre-trained
diffusion models available in online ML hubs, putting BadDiffusion to work is
both practical and cost-effective. “In some cases, the fine-tuning attack can
be successful by training 10 epochs on downstream tasks, which can be
accomplished by a single GPU,” said Chen. “The attacker only needs to access a
pre-trained model (publicly released checkpoint) and does not need access to
the pre-training data.” Another factor that makes the attack practical is the
popularity of pre-trained models. To cut costs, many developers prefer to use
pre-trained diffusion models instead of training their own from scratch. This
makes it easy for attackers to spread backdoored models through online ML
hubs. “If the attacker uploads this model to the public, the users won’t be
able to tell if a model has backdoors or not by simplifying inspecting their
image generation quality,” said Chen.
What is generative AI and its use cases?
Anticipating the AI endgame is an exercise with no end. Imagine a world in
which generative technologies link with other nascent innovations, quantum
computing, for example. The result is a platform capable of collating and
presenting the best collective ideas from human history, plus input from
synthetic sources with infinite IQs, in any discipline and for any purpose, in
a split second. The results will be presented with recommended action points;
but perhaps further down the line the technology will just take care of these
while you make a cup of tea. There are several hurdles to leap before this
vision becomes reality; for example, dealing with bias and the role of
contested opinions, answering the question of whether we really want this,
plus, of course, ensuring the safety of humankind, but why not? In the
meantime, Rachel Roumeliotis, VP of data and AI at O’Reilly, predicts a host
of near-term advantages for logic learning machines (LLMs). “Right now, we are
seeing advancement in LLMs outpace how we can use it, as is sometimes the case
with medicine, where we find something that works but don’t necessarily know
exactly why.
Iowa to Enact New Data Privacy Law: The Outlook on State and Federal Legislation
The emergence of more data privacy legislation is likely to continue. “It
brings the US closer in line with trends we are seeing throughout the world as
we have over 160 countries with data protection laws today,” says Dominique
Shelton Leipzig, partner, cybersecurity and data privacy at global law firm
Mayer Brown. These laws have notable impacts on the companies subject to them
and consumers. “For companies, comprehensive privacy laws like these enshrine
the existing practices of the privacy profession into law. These laws clarify
that our minimum standards for privacy are not just best practices, but
legally enforceable by state attorneys general,” says Zweifel-Keegan. While
these laws shine a light on data privacy, many critics argue against the
“patchwork” approach of state-by-state legislation. “The continuation of the
current state-by-state trend means companies are increasingly complying with a
complex and evolving patchwork of regulatory requirements.
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest
One of the exploits involved executing what is known as a
time-of-check-to-time-of-use (TOCTTOU) attack on Tesla's Gateway energy
management system. They showed how they could then — among other things — open
the front trunk or door of a Tesla Model 3 while the car was in motion. The
less than two-minute attack fetched the researchers a new Tesla Model 3 and a
cash reward of $100,000. The Tesla vulnerabilities were among a total of 22
zero-day vulnerabilities that researchers from 10 countries uncovered during
the first two days of the three-day Pwn2Own contest this week. In the second
hack, Synacktiv researchers exploited a heap overflow vulnerability and an
out-of-bounds write error in a Bluetooth chipset to break into Tesla's
infotainment system and, from there, gain root access to other subsystems. The
exploit garnered the researchers an even bigger $250,000 bounty and Pwn2Own's
first ever Tier 2 award — a designation the contest organizer reserves for
particularly impactful vulnerabilities and exploits.
Leveraging the Power of Digital Twins in Medicine and Business
The digital twins that my team and I develop are high-fidelity,
patient-specific virtual models of an individual’s vasculature. This digital
representation allows us to use predictive physics-based simulations to assess
potential responses to different physiological states or interventions.
Clearly, it’s not feasible to try out five different stents in a specific
patient surgically. Using a digital twin, however, doctors can test how
various interventions would influence that patient and see the outcome before
they ever step into the operating room. Patient-specific digital twins allow
the doctors to interact with a digital replica of that patient’s coronary
anatomy and fine-tune their approach before the intervention itself. The
digital twin abstraction allows doctors to assess a wider range of potential
scenarios and be more informed in their surgical planning process. Confirming
accuracy is a critical component. In validating these models for different use
cases, observational data must be measured and used to check the model
predictions.
Quote for the day:
"You don't lead by pointing and
telling people some place to go. You lead by going to that place and making
a case." -- Ken Kesey
