Read Before Monday #6

This week was a short one for the UK and most are still off from Easter, but we got some interesting stuff, like a brand-new long supply chain attack, some background into Pirate Radios, the problem of putting all your eggs in the same cloud basket - if you're a government it's even worse. Also, did you know that corporate blogs are marketing tools? I mean, let me explain to you HARC :)

At the end we have a quick roundup of what happened in GenAI that I think it's worth mentioning.

___

This article details a sophisticated, multi-year supply chain attack on the xz compression library by an attacker named "Jia Tan," who gained maintainership and inserted a backdoor in liblzma, impacting OpenSSH on several Linux systems. This operation, disclosed now, is notable as a significant open-source supply chain attack, marking a critical moment in software security awareness.

• My take: supply chain attacks isn't a new thing. We've seen that with the SuperMicro chips from China, then the Cisco routers CIA modified, but also in software like the NotPetya, Solarwinds, CodeCov and some recent ones involving Okta and Jetbrains. Even with opensource software, accessible to everyone, this can happen. My concern will be now with GenAI and how a glitch in the training matrix will affect everyone.

___

"Original Pirate Material" details the inception and evolution of Radio Caroline, the pioneering pirate radio station that commenced broadcasting on March 28, 1964. This was aimed to bypass the BBC's restrictive pop music policies by operating from international waters. Unlike its predecessor pirates in Europe, Caroline, alongside Radio London, became emblematic of the pirate radio era in the UK, eventually influencing mainstream broadcasting, including the BBC's creation of Radio One.

• My take: radio disruptions and "revolutions" have always been something that amazes me. Not only the first one with Radio Rebelde, from Che Guevara back in 58, which served as crucial communication platform for the Cuban Revolution, but now even with the LBC (London British Conversations) that engaged the nation and drives actually some policies and themes. Funny enough, that lead me to create the On This Media - now somehow stalled.

___

The UK government acknowledges its negotiating leverage over cloud infrastructure spending is weakened due to vendor lock-in, particularly with dominant providers AWS and Azure. This issue arises from major cloud deals under Memoranda of Understanding, which if unaddressed, forecasts continued vendor dominance, limiting the government's bargaining power on pricing and services. Proposals include creating a "UK Public Sector Cloud Marketplace" to standardize secure cloud environments for rapid deployment, aiming to negotiate better terms with vendors.

• My take: 3 years ago, I talked about Cloud Exit Strategies. It's been one of the things I've been advising customers since 2014, that they need to have a multi-cloud strategy. So, if you can operate on the serverless environment and sort out automation, you can literally create an architecture framework that can give you the best exit strategy on the market.

___

a16z's blogs are essentially marketing tools for their portfolio companies! <shock!> This is a nice breakdown of what often happens with corporate blogs, they omit competitors of these companies in sector analyses. For example, in discussions where they're relevant, suggesting a bias towards promoting a16z's investments. This pattern repeats across various technology segments, from data pipelines to crypto, where a16z portfolio companies are disproportionately highlighted.

• My take: this is a no brainer and no shock to everyone, right? Blogs, especially those run by companies will be biased, towards their own products and investments. Even those from tech experts can be biased and focused on driving eyeballs or clicks. It's the "industry". Just like this weekly newsletter, which is biased towards the topics I care and I'm interested or invested in, where I can talk about my knowledge and bring my own thoughts to the table....? Refer to the next article as an actual example!

___

Matt Klein discusses the high costs of observability in modern computing, attributing it largely to the complexity of distributed systems and the sheer volume of telemetry data generated. He critiques the traditional approach of pre-defining all observability data, which often leads to unnecessary storage and cost without significantly enhancing problem-solving capabilities. Klein proposes a shift towards a more dynamic, control plane-driven architecture for observability, suggesting that innovations in AI/ML and more efficient data pipelines could pave the way for more cost-effective observability solutions.

• My take: that's exactly what we at Hitachi are doing with HARC. We do all of that with observability robotics, by using AI-driven tools for root cause analysis and automated remediation, which involves a centralized dashboard for visibility (referred to as a single pane of glass) and automated tools for issue resolution. More to come this week, where I'll explain HARC for you.

___

This week in GenAI

• Opera becomes the first major browser with built-in access to local AI models.
• LLaMA Now Goes Faster on CPUs.?
• Apple researchers develop AI that can 'see' and understand screen context.
• Large language models use a surprisingly simple mechanism to retrieve some stored knowledge.
• OpenAI releases new AI fine-tuning tools to develop custom models.
• Is AI driving tech layoffs?
• Israel’s reported use of AI in its Gaza war may explain thousands of civilian deaths
• Why Nvidia, Google And Microsoft Are Betting Billions On Biotech’s AI Future