It is a good idea to filter out IP addresses that could be coming from AWS or Azure, because bots generally run in a cloud, and not on personal computers. One has to additionally be mindful that a way around this could be VPNs or rotating IPs, therefore a general analysis of traffic and incoming HTTP headers is advisable.
You can generally easily distinguish real users from bots on the basis of typing speed, clicking speed, and scrolling speed. Looking for patterns and anomalies is going to be helpful as well, here. This is where ML and Data Science in general comes in.
Captcha & 2FA on top of walling your website for users that are not logged in is a strong recommendation
A constant changing of site’s structure, so it’s harder to recognise for bots is another good practice. Pages can look the same to us, but much different for bots. This is the same approach that is used when you want to spoof adblocking services.
Honeypot – artificial dead links that are blocked from real users to see. Bots might still go to our Honeypot, since they will be in our HTML.
The topic of cybersecurity in general is a true arms race – bots become smarter, and so have to be our systems.
Startsmall - start with the smallest possible instances for your workload
Savings - use reservations or spot instances if possible
Cost management - use the power of cost management tools available in cloud environments, tag your resources and drill down all layers of the application you’re running
Estimate & plan - use cost estimation calculators together with your architect in order to have alerts setup in case your costs are largely greater than your estimates and rules to shut down any non-critical applications if these costs spiral out of control.
To end with, there are two things to consider when it comes to this particular report by the Cloud Native Computing Foundation (CNCF). The report might not be statistically significant, since the overall number of surveyed is 195. On top of that, calling K8s “a black hole” does not make sense if “[t]he vast majority of respondents…either do not monitor Kubernetes spending at all (24 per cent), or they rely on monthly estimates(44 per cent).” If you don’t carefully monitor your spending, you are bound to be in for a surprise.
As we move into the remote-first world (or perhaps digital-first is a more fitting name), how we secure ourselves, and how companies secure their systems is key. If there was ever a time when we could get away with lax security systems, this time has passed, as attacks in the cyberspace have consequences“in real life.” Just to mention, that one of the enterprises hit was a chain of supermarkets in Sweden. Their cash registers were inoperative, leading to store closures all across the country.
In last week’s 360° IT Check, we mentioned Microsoft’s (MSFT) cooperation with OpenAI, the creators of GPT-3. We only mentioned a couple of announced use cases of the advanced language model.
It remains to be seen how effective Copilot will be, however its potential is truly groundbreaking for most if not all. It is not available to the public, yet, as you can only sign up for the technical preview right now.
The tool raises some important questions from the community, though. First of all, people are concerned about the licensing issues. To be more specific – whether the autofilled code will not violate any licensing terms & conditions. For example, the GNU Public License (GPL) allows you to reuse code shared with you only if you make it open source as well. In case you have not, you might get in trouble for doing so.
It is not yet clear if the model was trained only on public repositories on the MIT license. In practice, if the code that gets inserted into your closed-source project is GPL-licensed, and it gets discovered, you might have legal problems. As a matter of fact, one user of Twitter, has performed an experiment – will Copilot suggest code that wouldn’t be usable in a copyrighted project? The answer is…yes.
Furthermore, we don’t know whether the code does not contain any security vulnerabilities. In the project’s FAQs, the creators highlight that “code suggested by GitHub Copilot should be carefully tested, reviewed, and vetted, like any other code.” It is common-sense to do so, though some might forget about it.
Overall, GitHub Copilot is a really promising tool, despite its potential shortcomings. Want to test out Copilot? It’s easy! Simply:
Go to Visual Studio Code
Click on Extensions in the left tabor press Ctrl + Shift + X
Search for Copilot then click "Install"
To use the extension, you will finally need to sign in to your GitHub account
This move should be seen as an attempt at grabbing a piece of the creators’ economy cake, which is already huge, and it’s only getting bigger, with some reports estimating the market size to be $104.2 billion. More importantly, it’s Facebook’s answer to Twitter’s acquisition of Revue, a paid newsletter platform. Both social media giants are overly dependent on ad revenue, which is why they look for opportunities to diversify their revenue structure.
ARM64EC making it easier for developers to create apps for Windows 11 on ARM
The tech giant from Redmond, USA, just made it easier to develop apps to run in the whole Windows 11 ecosystem. Their newest creation, ARM64EC (EC stands for Emulation Compatible), makes devs’ lives easier - one does not have to fully rewrite an app to target devices with the new (new for Windows) ARM architecture.
Up until this point, a developer had to recompile their whole app, and even then, it could have dependencies or plugins that would not run on this particular architecture. Now, developers can rebuild their app with ARM64EC and make their code work – in an emulator or natively.
Make sure to subscribe to our newsletter! 360° IT Check is a weekly publication where we bring you the latest and greatest in the world of tech. We cover topics like emerging technologies & frameworks, news about innovative startups, and other topics which affect the world of tech directly or indirectly.
360° IT Check is a weekly publication where we bring you the latest and greatest in the world of tech. We cover topics like emerging technologies & frameworks, news about innovative startups, and other topics which affect the world of tech directly or indirectly.