“If you can’t understand, predict, and control, what is there to do?” muses system theorist Donella Meadows. Her answer: dance.
The idea of strong opinions, loosely held is that you can make bombastic statements, and everyone should implicitly assume that you’ll happily change your mind in a heartbeat if new data suggests you are wrong. It is supposed to lead to a collegial, competitive environment in which ideas get a vigorous defense, the best of them survive, and no-one gets their feelings hurt in the process.
On a certain kind of team […] this can work well.
[…]
Unfortunately, that ideal is seldom achieved.
A great suggestion to make this culture work well is to temper your statement with a degree of uncertainty in order to make it safer to change your own mind and invite discussion.
The attack wiped "almost everything", including thousands of virtual servers and PCs, [Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department] said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator."
Kyivstar and the SBU believe the Russian military intelligence cyberwarfare unit known as Sandworm lingered in Kyivstar’s network since May 2023.
There is no standard tooling for microservices-based development - there is no common framework. Working on distributed systems has gotten only marginally easier in 2020s. The Dockers and the Kuberneteses of the world did not magically take away the inherent complexity of a distributed setup.
Lots of good points in this “maybe you don’t need microservices” article, but this one in particular resonated with me. As we’ve migrated our stack to k8s, we’ve largely just containerized our snowflake microservices and their patterns.
Because [the] "right" thing is really hard to figure out. It requires understanding the business context, priorities, and time constraints. It requires understanding the needs, preferences, and behaviors of the users. And it requires understanding the existing implementation and the scope and impact of what is to be built. All of this must be hashed through to get it "right", and this "hashing through" process is what happens in the Ambiguous Zone.
When the University of Iceland got its first computer in 1964, Icelandic did not have a word for “computer.” So the guardians of the language invented one: tölva—a fusion of tala (number) and völva (prophetess) that adds up to the wonderfully poetic “prophetess of numbers.”
Delightful.
That ChatGPT can automatically generate something that reads even superficially like human-written text is remarkable, and unexpected. But how does it do it? And why does it work?
Best thing I read last year on how large language models actually work.
The Biden administration is embarking on the nation’s first comprehensive plan to regulate the security practices of cloud providers.
Identifying and containing [...] compromised user accounts, therefore, prevents attacks from progressing, even if attackers gain initial access. This is why, as announced today, we added user containment to the automatic attack disruption capability in Microsoft Defender for Endpoint, a unique and innovative defense mechanism that stops human-operated attacks in their tracks. User containment prevents a compromised user account from accessing endpoints and other resources in the network, limiting attackers’ ability to move laterally regardless of the account’s Active Directory state or privilege level. It is automatically triggered by high-fidelity signals indicating that a compromised user account is being used in an ongoing attack. With user containment, even compromised domain admin accounts cannot help attackers access other devices in the network.
Unlike my typical blog entries, this blog is a very serious deep-dive into the C2PA provenance solution for photos, video, and other kinds of media. This solution is in the process of being adopted by hundreds of commercial organizations, from newsrooms and human rights observers to camera manufacturers and financial institutions. I explicitly cover multiple security-related issues in the C2PA specification that enable a wide range of fraudulent activities, from the small-time catphishers and online merchant scammers to nation-state propaganda efforts and large-scale financial fraud. Consumers and corporations need to be aware: C2PA does not provide reliable and validated information about a photo's origins.