October 23, 2020

Enterprise Architecture and Tech Debt

Architects must assess the changed needs of the business, – customers, staff, supply chain and identify efficient technology to support those new requirements. There is opportunity to walk away from legacy technology containing Unplanned Tech Debt that has never been corrected, the result of poor practices or poorly communicated requirements. The move to remote workspace may present the option to discontinue the use of equipment or applications that have become instances of Creeping Tech Debt where features become obsolete, replaced by the better, faster more capable upgrades. Or, the applications and operating systems are no longer supported, causing security vulnerabilities. Changes in market dynamics as the customer base struggles to understand their new needs, constraints and opportunities invite architects and product developers to consider incurring Intentional Tech Debt. By releasing prototypes and minimal viable products (MVPs) customers become partners in product development, helping to build the plane even as it reaches cruising altitude. Architects know this will entail false starts as perceived requirements morph or fade away and require rework as the product matures.

Understanding GraphQL engine implementations

Generic and flexible are the key words here and it’s important to realize that it’s hard to keep generic APIs performant. Performance is the number one reason that someone would write a highly customized endpoint in REST (e.g. to join specific data together) and that is exactly what GraphQL tries to eliminate. In other words, it’s a tradeoff, which typically means we can’t have the cake and eat it too. However, is that true? Can’t we get both the generality of GraphQL and the performance of custom endpoints? It depends! Let me first explain what GraphQL is, and what it does really well. Then I’ll discuss how this awesomeness moves problems toward the back-end implementation. Finally, we’ll zoom into different solutions that boost the performance while keeping the generality, and how that compares to what we at Fauna call “native” GraphQL, a solution that offers an out-of-the-box GraphQL layer on top of a database while keeping the performance and advantages of the underlying database. Before we can explain what makes a GraphQL API “native,” we need to explain GraphQL. After all, GraphQL is a multi-headed beast in the sense that it can be used for many different things. First things first: GraphQL is, in essence, a specification that defines three things: schema syntax, query syntax, and a query execution reference.

Digital transformation starts with software development

Software development is another key requirement for businesses that are pursuing digital transformation quests. Leveraging technology and ensuring it is able to offer reliable and high quality results is a key focus for the majority of companies. At this stage, it is important for businesses to acknowledge what its strategic goals are and implement software that is going to help it reach those ambitions and achieve tangible results. Businesses should also ensure the technology it selects is equipped with sustainable software that is going to withstand time, inevitable digital advances and deliver the requirements of the new normal. In addition, today’s current climate has emphasised the importance of providing teams with reliable software that enables them to work remotely and complete projects without any constraints. In the midst of the pandemic, 60% of the UK’s adult population were working remotely. Unfortunately, many businesses did not have the technology in place to cope with this immediate change. Therefore, IT decision makers and leaders had to undergo a rapid shift to remain agile and maintain continuity during this unprecedented time. By keeping software up to date and regularly enhancing tools, employees can remain productive and maintain a high level of communication with colleagues.

We need to be more imaginative about cybersecurity than we are right now

“Trying to achieve security is something of a design attitude—where at every level in your system design, you are thinking about the possible things that can go wrong, the ways the system can be influenced, and what circuit-breakers you might have in place in case something unforeseen happens,” said Mickens. “That seems like a vague answer because it is: There isn’t a magic way to do it.” Designers, Mickens continued, might even need to consider the political or ethical mindset of the people using their system. “There’s no simple way to figure out if our system is going to be used ethically or not, because ethics itself is very poorly defined. And when we think about security, we need to have a similarly broad attitude, saying that there are fundamental questions which are ambiguous, and which have no clean answer—‘What is security and how do I make my product secure?’ As a result, we need to be more imaginative than we are right now.” Thus, suggested Zittrain, the question has moved to the supply side: Consumers want safe products, and the onus is on designers to provide them. This, he said, opens an even thornier question: Does there need to be a regulatory board for people producing code, and if not, “What would incent the suppliers to worry about systematic risks that might not even be traced back to them?”

How to Make DevOps Work with SAFe and On-Premise Software

The main issues we dealt with in speeding up our delivery from a DevOps perspective were: testing (unit and integration), pipeline security check, licensing (open source and other), builds, static code analysis, and deployment of the current release version. For some of these problems we had the tools, for some, we didn’t and we had to integrate new tools. Another issue was the lack of general visibility into the pipeline. We were unable to get a glimpse of what our DevOps status was, at any given moment. This was because we were using many tools for different purposes and there was no consolidated place where someone could take a look and see the complete status for a particular component or the broader project. Having distributed teams is always challenging getting them to come to the same understanding and visibility for the development status. We implemented a tool to enable a standard visibility into how each team was doing and how the SAFe train(s) were doing in general. This tool provided us with a good overview of the pipeline health. The QA department has been working as the key-holder of the releases. Its responsibility is to check the releases against all bugs and not allow the version to be released if there are critical bugs.

The Two Sides of AI in the Modern Digital Age

We will now discuss some of its more sinister aspects. As we’ve already mentioned, as the digital landscape welcomes an increasing number of technological advancements, so does the threat landscape. With rapid progress in the cybersecurity arena, cybercriminals have turned to AI to amp up on their sophistication. One such way through which hackers leverage the potential of artificial intelligence is by using AI to hide malicious codes in otherwise trustworthy applications. The hackers program the code in such a way that it executes after a certain period has elapsed, which makes detection even more difficult. In some cases, cybercriminals programmed the code to activate after a particular number of individuals have downloaded the application, which maximizes the attack’s attack’s impact. Furthermore, hackers can manipulate the power offered by artificial intelligence, and use the AI’s ability to adapt to changes in the environment for their gain. Typically, hackers employ AI-powered systems adaptability to execute stealth attacks and formulate intelligent malware programs. These malware programs can collect information on why previous attacks weren’t successful during attacks and act accordingly.

Read more here ...