ISSUE 101: Beyond the Firewall  

“Full snippets of code that show you various ways to connect your database with various choices of configuration parameters … are common in the wild. If you do initial work with JDBC, Codota will suggest your next step. It knows how to give you representative suggestions.”

In this episode of The New Stack Makers podcast, we spoke with Dianne Marsh, director of engineering for engineering tools at Netflix. Her team is responsible for building the tools, including Spinnaker, that the other teams use for deploying their changes to the cloud. It also means that her team is at the pinnacle of helping their developers increase their productivity.

Beyond the Firewall

This week, we got a lot of response from a story we did about a Google initiative to re-engineer its entire approach to security, a “zero-trust” model which the company dubbed “BeyondCorp.” In short, the company abandoned the wall-and-moat model of establishing a firewall around the company’s internal network and apps, instead opting to authenticate users at their devices and at the individual app level.

In effect, the company entirely got rid of the virtual private network, which must sound like good news to any network admin who has struggled with that technology in the past 20 years. Even more amazing was that the team who worked on the project, discussed at the O’Reilly Security Conference in New York last fall, was able to shift all of Google’s employees, including remotes ones, over to this new model, with minimal disruption.

Zero trust is not a new idea, but with organizations moving at least some of their workloads to the cloud —not to mention how they may be hosting a whole range of public-facing apps that are tied into backend systems — the whole perimeter model gets awful muddy and difficult to coherently support by any sort of coherent strategy. Last August, we covered how ScaleFT has adopted this zero-trust approach for its access management platform. Google’s own approach uses an uber-reverse proxy, a “trust engine” that makes the decision of whether or not to provide access to the desired application. We expect to see more security companies aligning their products and services along this approach in the years to come.

As someone pointed out on Hacker News, “Most companies need to be able to answer the question, 'Is this client one of ours,’ when protecting sensitive resources. Most companies will instead answer the question, ‘is the client on our network,’ and pretend that it was the same question. The fact that it clearly is not has some very obvious security implications and attack vectors that we've been living with for decades. BeyondCorp tries to more directly answer the original question about device identity rather than subbing in the network question in its place.”

IBM, Intel Rethink Processor Designs to Accommodate AI Workloads

To meet the new needs of artificial intelligence, chip makers such as Intel and IBM are looking at alternative designs of their processors. This article looks into the work that IBM is doing to outfit its POWER9 architecture, as well as the new frameworks and support tools that Intel is developing for AI and machine learning. 

Can Yelp Data Predict Restaurant Closures?

The old joke about predictive analytics is that it is great at predicting the past. But one Princeton graduate student recently explored whether data science can really predict the future. Using nothing but data from Yelp, he claims to have developed an algorithm that correctly guesses whether a restaurant will close during the next four years with 91 percent accuracy.

Off-The-Shelf Hacker: Run MQTT on a Wearable Device

Although first developed nearly two decades decade ago largely to connect embedded industrial computers, MQTT is a sub-pub protocol that can offer a great way to connect homebrew maker gear. Here, our hardware hacker Dr. Torq explains how it can be used to power his steampunk namebadge, and how you can use it for your own projects.