Weekend Reads 101620

As software engineers, our industry may be competitive, but we need to remove the stigma associated with failing. One way of doing that is to talk about our failures. The more we hear and talk about failures, the more acceptable it becomes. We need to think about failures as learning opportunities, not a time to shame and ridicule others (or ourselves).

As the data keep growing in volume, the data analytics pipelines have to be scalable to adapt the rate of change. And for this reason, choosing to set up the pipeline in the cloud makes perfect sense (since the cloud offers on-demand scalability and flexibility).

We tactfully crafted emails and had reassuring phone calls with them. We updated them often and gave them the right amount of transparency and technical insight. But here are the truths that we couldn’t tell them.

A majority of security tools that organizations use to defend against malware attacks are themselves vulnerable to exploits that allow attackers to escalate privileges on a compromised system, a new CyberArk study has found.

If the best platforms are more than matchmakers, then the best open source projects are more than utilities. It wouldn’t be incorrect or inconceivable to suggest that the success of cloud native has more to do with the ability of vendors and other third parties to create interesting distributions out of the building blocks provided by CNCF projects such as Kubernetes, Prometheus, Jaeger, and more.

If you’ve been on the internet for a very long time or you’re just very resourceful, you might remember an early text-sharing protocol called Gopher. Gopher was eventually displaced by the HTTP protocol, which of course is the basis for the modern World Wide Web. For many people, the “internet” and the “World Wide Web” are the same thing, because many people don’t consciously do anything online that’s not on the www subdomain.

This book came out in the 1980s and chronicled the events and the big personalities involved in the divestiture of AT&T into the Baby Bells on January 1, 1984. I worked with Southwestern Bell until just before divestiture and watched how the topic consumed everybody inside the old Ma Bell business. The monopoly that has been steady for a century was suddenly a perilous place to work, and career employees found their futures to be uncertain.

But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside.

Can we afford the wasted capacity and idle investment of SpaceX satellites remaining dormant while flying above China and GW satellites remaining dormant while flying above the US?

Techies hailed USB-C as the future of cables when it hit the mainstream market with Apple’s single-port MacBook in 2015. It was a huge improvement over the previous generation of USB, allowing for many different types of functionality — charging, connecting to an external display, etc. — in one simple cord, all without having a “right side up” like its predecessor.

Metasploit can handle everything from scanning to exploitation. In this article, we will take a look at what makes Metasploit the most versatile penetration testing toolkit.

I was sitting at breakfast the other day with my wife. As we waited for our food to arrive, four people were sitting at a socially distanced table. They were discussing how they have to restart their computers every month because of “something Microsoft does that makes me restart.”

Created and ratified by the US Congress in 2014, the Cybersecurity Framework is used by over 30% of US organisations and was projected to reach 50% this year. Among those organisations are JP Morgan Chase, Microsoft, Boeing and Intel. Meanwhile, overseas organisations using the framework include the Bank of England, Nippon Telegraph and Telephone Corporation, and the Ontario Energy Board.

Imagine a world, where you have IPv6 everywhere. In every office, every home and every network. Everywhere you are, you have access to public IPv6 addresses. When you want to connect to the computer of a friend to help them, you can just do it.

In any given attack campaign, bad actors have a specific goal in mind. This goal may involve accessing a developer’s machine and stealing a project’s source code, sifting through a particular executive’s emails, or exfiltrating customer data from a server that’s responsible for hosting payment card information. All they need to do is compromise the system that has what they want. It’s just that easy.