360° IT Check #2 — LinkedIn’s Security Breach, The Kaseya Hack, Kubernetes Spending, GitHub’s AI Code Partner, And More!
360° IT Check is a weekly publication where we bring you the latest and greatest in the world of tech. We cover topics like emerging technologies & frameworks, news about innovative startups, and other topics which affect the world of tech directly or indirectly.
Make sure to subscribe to our weekly newsletter!
LinkedIn’s Security Breach
Last week, the story of LinkedIn’s security breach broke — data of more than 700 million users was released online. The number accounts for 92% of the total profiles on the site. While the systems were not hacked, a hostile agent managed to scrape hundreds of millions of pages. This story should have never happened, and generally there are few good practices on how to avoid such unpleasantries. As Marcin Dąbrowski, ITMAGINATION’s CIO, points out:
- It is a good idea to filter out IP addresses that could be coming from AWS or Azure, because bots generally run in a cloud, and not on personal computers. One has to additionally be mindful that a way around this could be VPNs or rotating IPs, therefore a general analysis of traffic and incoming HTTP headers is advisable.
- You can generally easily distinguish real users from bots on the basis of typing speed, clicking speed, and scrolling speed. Looking for patterns and anomalies is going to be helpful as well, here. This is where ML and Data Science in general comes in.
- Captcha & 2FA on top of walling your website for users that are not logged in is a strong recommendation
- A constant changing of site’s structure, so it’s harder to recognise for bots is another good practice. Pages can look the same to us, but much different for bots. This is the same approach that is used when you want to spoof adblocking services.
- Honeypot — artificial dead links that are blocked from real users to see. Bots might still go to our Honeypot, since they will be in our HTML.
- The topic of cybersecurity in general is a true arms race — bots become smarter, and so have to be our systems.
Kubernetes Spend Report
A report on Kubernetes (K8s) expenditure shows that the really popular container orchestration system might become cost inefficient. Over the last 12 months (the report came out in June 2021) 67%of respondents reported an increase in costs of 20% or more. 10% of surveyees also reported spending of more than $1 million dollars over the same time.
To better control your Kubernetes spending, Maciej Gos, Cloud Architect, Team Leader, and DevOps Competence Leader at ITMAGINATION, suggests to:
- Startsmall — start with the smallest possible instances for your workload
- Savings — use reservations or spot instances if possible
- Cost management — use the power of cost management tools available in cloud environments, tag your resources and drill down all layers of the application you’re running
- Estimate & plan — use cost estimation calculators together with your architect in order to have alerts setup in case your costs are largely greater than your estimates and rules to shut down any non-critical applications if these costs spiral out of control.
To end with, there are two things to consider when it comes to this particular report by the Cloud Native Computing Foundation (CNCF). The report might not be statistically significant, since the overall number of surveyed is 195. On top of that, calling K8s “a black hole” does not make sense if “[t]he vast majority of respondents…either do not monitor Kubernetes spending at all (24 per cent), or they rely on monthly estimates(44 per cent).” If you don’t carefully monitor your spending, you are bound to be in for a surprise.
Kaseya’s Hack Leads to Numerous Other Hacks
Last weekend, American technology firm Kaseya was hacked. Their products? Network management and remote control software. This in turn allowed malicious actors to disrupt the daily work of businesses by spreading ransomware to businesses’ computers via Kaseya’s compromised software. The total number of affected parties varies in estimates — it is believed that there are between 800, and 1,500 businesses that got hit in the process.
The series of disruptions is attributed to a Russian group called “REvil”, that previously crippled the US Operations of meat processor JBS. On Sunday, the president of the USA, Joe Biden, stated that he has “directed the full resources of the government to investigate this incident.” Some say, the attack could be an effect of recent talks between the presidents of the US and Russia; however, there is no hard evidence to confirm that.
As we move into the remote-first world (or perhaps digital-first is a more fitting name), how we secure ourselves, and how companies secure their systems is key. If there was ever a time when we could get away with lax security systems, this time has passed, as attacks in the cyberspace have consequences”in real life.” Just to mention, that one of the enterprises hit was a chain of supermarkets in Sweden. Their cash registers were inoperative, leading to store closures all across the country.
In last week’s 360° IT Check, we mentioned Microsoft’s (MSFT) cooperation with OpenAI, the creators of GPT-3. We only mentioned a couple of announced use cases of the advanced language model.
It remains to be seen how effective Copilot will be, however its potential is truly groundbreaking for most if not all. It is not available to the public, yet, as you can only sign up for the technical preview right now.
The tool raises some important questions from the community, though. First of all, people are concerned about the licensing issues. To be more specific — whether the autofilled code will not violate any licensing terms & conditions. For example, the GNU Public License (GPL) allows you to reuse code shared with you only if you make it open source as well. In case you have not, you might get in trouble for doing so.
It is not yet clear if the model was trained only on public repositories on the MIT license. In practice, if the code that gets inserted into your closed-source project is GPL-licensed, and it gets discovered, you might have legal problems. As a matter of fact, one user of Twitter, has performed an experiment — will Copilot suggest code that wouldn’t be usable in a copyrighted project? The answer is…yes.
Furthermore, we don’t know whether the code does not contain any security vulnerabilities. In the project’s FAQs, the creators highlight that “code suggested by GitHub Copilot should be carefully tested, reviewed, and vetted, like any other code.” It is common-sense to do so, though some might forget about it.
Overall, GitHub Copilot is a really promising tool, despite its potential shortcomings. Want to test out Copilot? It’s easy! Simply:
- Go to Visual Studio Code
- Click on Extensions in the left tabor press Ctrl + Shift + X
Facebook Bulletin Launched
Facebook’s service for creators, “Bulletin” launched last week with the new feature announced by no other than Mark Zuckerberg. Interestingly, the new platform will not take a fee (at launch at least), and writers retain full ownership of their work and subscriber list.
This move should be seen as an attempt at grabbing a piece of the creators’ economy cake, which is already huge, and it’s only getting bigger, with some reports estimating the market size to be $104.2 billion. More importantly, it’s Facebook’s answer to Twitter’s acquisition of Revue, a paid newsletter platform. Both social media giants are overly dependent on ad revenue, which is why they look for opportunities to diversify their revenue structure.
ARM64EC making it easier for developers to create apps for Windows 11 on ARM
The tech giant from Redmond, USA, just made it easier to develop apps to run in the whole Windows 11 ecosystem. Their newest creation, ARM64EC (EC stands for Emulation Compatible), makes devs’ lives easier — one does not have to fully rewrite an app to target devices with the new (new for Windows) ARM architecture.
Up until this point, a developer had to recompile their whole app, and even then, it could have dependencies or plugins that would not run on this particular architecture. Now, developers can rebuild their app with ARM64EC and make their code work — in an emulator or natively.
Make sure to subscribe to our newsletter! 360° IT Check is a weekly publication where we bring you the latest and greatest in the world of tech. We cover topics like emerging technologies & frameworks, news about innovative startups, and other topics which affect the world of tech directly or indirectly.
Originally published at https://www.itmagination.com.