You are here

Technology

Data visualization with Observable JavaScript

Info World - 9 hours 29 min ago

Built-in reactivity is one of Observable JavaScript's biggest value adds. In my two previous articles, I've introduced you to using Observable JavaScript with R or Python in Quarto and learning Observable JavaScript with Observable notebooks. In this article, we get to the fun part: creating interactive tables and graphics with Observable JavaScript and the Observable Plot JavaScript library.

Create a basic Observable table

I usually think of a table as an “output”—that is, a helpful way to view and explore data. In Observable, though, a basic table can also be considered an “input." That’s because Observable tables have rows that are clickable and selectable by default, and those selected values can be used to affect plots and other data on your page. This helps explain why the function  Inputs.table(your_dataset) generates a table.

To read this article in full, please click here

Categories: Technology

Learn Observable JavaScript with Observable notebooks

Info World - 9 hours 29 min ago

In the beginner's guide to using Observable JavaScript, R, and Python with Quarto, I outlined how to use Observable within a Quarto file. However, one of my top tips for Quarto users learning Observable JavaScript is to write code on the Observable community website. Even if you only plan to use Observable JavaScript in Quarto documents, it's a good idea to set up a free account and use the tools there. The code snippets alone make having an account worthwhile, and they'll help you learn the code required for basic tasks.

To read this article in full, please click here

Categories: Technology

A beginner's guide to using Observable JavaScript, R, and Python with Quarto

Info World - 9 hours 29 min ago

There’s an intriguing new option for people who want to do data-wrangling and analysis in R or Python but visualization in JavaScript: Quarto.

This article shows you how to set up a Quarto document to use Observable JavaScript, including how to pass data from R or Python to an Observable code chunk. In Part 2, you'll find out how to learn Observable JavaScript with Observable notebooks—and why that's worth doing even if you only plan to use JavaScript in Quarto. Part 3 gives you the basics of data visualization with Observable JavaScript, including how to make your plots interactive.

To read this article in full, please click here

Categories: Technology

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security - Wed, 10/05/2022 - 15:20

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.

Some of the fake profiles flagged by the co-administrator of a popular sustainability group on LinkedIn.

Last week, KrebsOnSecurity examined a flood of inauthentic LinkedIn profiles all claiming Chief Information Security Officer (CISO) roles at various Fortune 500 companies, including Biogen, Chevron, ExxonMobil, and Hewlett Packard.

Since then, the response from LinkedIn users and readers has made clear that these phony profiles are showing up en masse for virtually all executive roles — but particularly for jobs and industries that are adjacent to recent global events and news trends.

Hamish Taylor runs the Sustainability Professionals group on LinkedIn, which has more than 300,000 members. Together with the group’s co-owner, Taylor said they’ve blocked more than 12,700 suspected fake profiles so far this year, including dozens of recent accounts that Taylor describes as “cynical attempts to exploit Humanitarian Relief and Crisis Relief experts.”

“We receive over 500 fake profile requests to join on a weekly basis,” Taylor said. “It’s hit like hell since about January of this year. Prior to that we did not get the swarms of fakes that we now experience.”

The opening slide for a plea by Taylor’s group to LinkedIn.

Taylor recently posted an entry on LinkedIn titled, “The Fake ID Crisis on LinkedIn,” which lampooned the “60 Least Wanted ‘Crisis Relief Experts’ — fake profiles that claimed to be experts in disaster recovery efforts in the wake of recent hurricanes. The images above and below show just one such swarm of profiles the group flagged as inauthentic. Virtually all of these profiles were removed from LinkedIn after KrebsOnSecurity tweeted about them last week.

Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Mark Miller is the owner of the DevOps group on LinkedIn, and says he deals with fake profiles on a daily basis — often hundreds per day. What Taylor called “swarms” of fake accounts Miller described instead as “waves” of incoming requests from phony accounts.

“When a bot tries to infiltrate the group, it does so in waves,” Miller said. “We’ll see 20-30 requests come in with the same type of information in the profiles.”

After screenshotting the waves of suspected fake profile requests, Miller started sending the images to LinkedIn’s abuse teams, which told him they would review his request but that he may never be notified of any action taken.

Some of the bot profiles identified by Mark Miller that were seeking access to his DevOps LinkedIn group. Miller said these profiles are all listed in the order they appeared.

Miller said that after months of complaining and sharing fake profile information with LinkedIn, the social media network appeared to do something which caused the volume of group membership requests from phony accounts to drop precipitously.

“I wrote our LinkedIn rep and said we were considering closing the group down the bots were so bad,” Miller said. “I said, ‘You guys should be doing something on the backend to block this.”

Jason Lathrop is vice president of technology and operations at ISOutsource, a Seattle-based consulting firm with roughly 100 employees. Like Miller, Lathrop’s experience in fighting bot profiles on LinkedIn suggests the social networking giant will eventually respond to complaints about inauthentic accounts. That is, if affected users complain loudly enough (posting about it publicly on LinkedIn seems to help).

Lathrop said that about two months ago his employer noticed waves of new followers, and identified more than 3,000 followers that all shared various elements, such as profile photos or text descriptions.

“Then I noticed that they all claim to work for us at some random title within the organization,” Lathrop said in an interview with KrebsOnSecurity. “When we complained to LinkedIn, they’d tell us these profiles didn’t violate their community guidelines. But like heck they don’t! These people don’t exist, and they’re claiming they work for us!”

Lathrop said that after his company’s third complaint, a LinkedIn representative responded by asking ISOutsource to send a spreadsheet listing every legitimate employee in the company, and their corresponding profile links.

Not long after that, the phony profiles that were not on the company’s list were deleted from LinkedIn. Lathrop said he’s still not sure how they’re going to handle getting new employees allowed into their company on LinkedIn going forward.

It remains unclear why LinkedIn has been flooded with so many fake profiles lately, or how the phony profile photos are sourced. Random testing of the profile photos shows they resemble but do not match other photos posted online. Several readers pointed out one likely source — the website thispersondoesnotexist.com, which makes using artificial intelligence to create unique headshots a point-and-click exercise.

Cybersecurity firm Mandiant (recently acquired by Googletold Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms.

Fake profiles also may be tied to so-called “pig butchering” scams, wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.

In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.

But the Sustainability Group administrator Taylor said the bots he’s tracked strangely don’t respond to messages, nor do they appear to try to post content.

“Clearly they are not monitored,” Taylor assessed. “Or they’re just created and then left to fester.”

This experience was shared by the DevOp group admin Miller, who said he’s also tried baiting the phony profiles with messages referencing their fakeness. Miller says he’s worried someone is creating a massive social network of bots for some future attack in which the automated accounts may be used to amplify false information online, or at least muddle the truth.

“It’s almost like someone is setting up a huge bot network so that when there’s a big message that needs to go out they can just mass post with all these fake profiles,” Miller said.

In last week’s story on this topic, I suggested LinkedIn could take one simple step that would make it far easier for people to make informed decisions about whether to trust a given profile: Add a “created on” date for every profile. Twitter does this, and it’s enormously helpful for filtering out a great deal of noise and unwanted communications.

Many of our readers on Twitter said LinkedIn needs to give employers more tools — perhaps some kind of application programming interface (API) — that would allow them to quickly remove profiles that falsely claim to be employed at their organizations.

Another reader suggested LinkedIn also could experiment with offering something akin to Twitter’s verified mark to users who chose to validate that they can respond to email at the domain associated with their stated current employer.

In response to questions from KrebsOnSecurity, LinkedIn said it was considering the domain verification idea.

“This is an ongoing challenge and we’re constantly improving our systems to stop fakes before they come online,” LinkedIn said in a written statement. “We do stop the vast majority of fraudulent activity we detect in our community – around 96% of fake accounts and around 99.1% of spam and scams. We’re also exploring new ways to protect our members such as expanding email domain verification. Our community is all about authentic people having meaningful conversations and to always increase the legitimacy and quality of our community.”

In a story published Wednesday, Bloomberg noted that LinkedIn has largely so far avoided the scandals about bots that have plagued networks like Facebook and Twitter. But that shine is starting to come off, as more users are forced to waste more of their time fighting off inauthentic accounts.

“What’s clear is that LinkedIn’s cachet as being the social network for serious professionals makes it the perfect platform for lulling members into a false sense of security,” Bloomberg’s Tim Cuplan wrote. “Exacerbating the security risk is the vast amount of data that LinkedIn collates and publishes, and which underpins its whole business model but which lacks any robust verification mechanisms.”

Categories: Technology, Virus Info

Apollo GraphQL debuts GraphOS platform for building ‘supergraphs’

Info World - Wed, 10/05/2022 - 13:28

Apollo on October 5 introduced Apollo GraphOS, a cloud-based platform to build, connect, and scale any supergraph, which is the company’s concept for creating a network of data, microservices, and digital capabilities.

GraphOS offers a modular architecture to connect data and services, via the supergraph. Key features of GraphOS include:

  • Cloud-hosted or self-hosted routing for supergraphs with built-in federation.
  • Capabilities such as live queries and edge caching.
  • Provision of a central source of information for schemas and a delivery pipeline for changes. Developers can be kept up-to-date on schema changes.
  • Security and governance practices. Users can control access to a supergraph.
  • CI/CD observability.
  • Collaboration tools

The supergraph, introduced by Apollo GraphQL in May, is intended to empower product and engineering teams and eliminate the complexity of sourcing and orchestrating data, APIs, microservices, and client applications during the application development process. It promises the automation of organization-wide composability.

To read this article in full, please click here

Categories: Technology

Hands-on with MongoDB queryable encryption and Node.js

Info World - Wed, 10/05/2022 - 04:00

MongoDB 6 introduced the capability to query encrypted data in the database. Data is encrypted for the entire round trip: at insert, storage, and query. This amounts to a new level of security for data, which remains secure even as it is used within the database. Only the client application is capable of decrypting the data. The database does not hold the keys to the encrypted data at all, yet it still supports querying that data.

Thus MongoDB queryable encryption removes the data store and its infrastructure as targets of attack. This quasi-magical capability does require some extra configuration for applications. This article will show you how to set up a development environment for working with MongoDB queryable encryption in a Node.js application.

To read this article in full, please click here

Categories: Technology

How to use cancellation tokens in ASP.NET Core 7

Info World - Wed, 10/05/2022 - 04:00

Although ASP.NET Core 7 is the latest version of Microsoft’s open source web application development framework, it takes advantage of countless significant features from previous versions of .NET. One of these significant features is cancellation tokens, which provide a way of gracefully handling multi-threaded applications.

When working with ASP.NET Core applications, it is good practice to make long running operations (such as a database query or background process) cancelable, either after a certain length of time or upon user request, so that the application can release resources and remain responsive. Here’s where cancellation tokens come into play.

To read this article in full, please click here

Categories: Technology

SN 891: Poisoning Akamai - Turnstile vs CAPTCHA, Microsoft Teams Under Attack

Security Now - Tue, 10/04/2022 - 19:57
  • Picture of the Week. (What Could Possibly Go Wrong)
  • Microsoft Teams - Unecessarily Insecure
  • Roskomnadzor blocks Soundcloud
  • Microsoft Exchange Server Under Attack Again
  • I'm (Still) Not a Robot!
  • Google TAG History
  • Closing the Loop
  • Poisoning Akamai
 We invite you to read our show notes at https://www.grc.com/sn/SN-891-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Categories: Podcasts, Technology

Linux 6.0 kernel arrives, quietly

Info World - Tue, 10/04/2022 - 16:00

The Linux 6.0 kernel has been released with changes impacting areas such as chip hardware support, timer registers, and XFS file systems. Bigger changes such as Rust programming language support are lined up for Linux 6.1.

Unveiling of the kernel was announced by Linux founder Linus Torvalds in a bulletin on October 2. The bulletin cites various changes including proper enablement of registers before accessing timers as well as ensuring that all MACs are powered down before reset and only doing PLL once after a reset. Other changes, cited by the lwn.net news site for Linux, include buffered writes to XFS file systems and zero-copy network transmission with io_uring.

To read this article in full, please click here

Categories: Technology

TypeScript turns 10 years old

Info World - Tue, 10/04/2022 - 04:00

After initially being greeted with skepticism, Microsoft’s TypeScript programming language, which brought static types to JavaScript development, has withstood the test of time, a Microsoft official wrote this past weekend.

TypeScript’s 10th birthday occurred on Saturday, October 1, said Daniel Rosenwasser, Microsoft senior program manager for TypeScript, in the blog post. “To some JavaScript users, a team trying to bring static types to JavaScript might have sounded like an evil plot or a joke,” he said. But TypeScript enabled powerful tools like type checking and rich editor features such as code completion for JavaScript.

To read this article in full, please click here

Categories: Technology

Cloud computing is reinventing cars and trucks

Info World - Tue, 10/04/2022 - 04:00

As this article from The Wall Street Journal points out (behind a paywall), automobiles are becoming the focus of technology providers, including cloud providers. If you’ve been paying attention, you’ve realized that cars are becoming software-defined. Any Tesla owner can tell you about some new capability or feature that was part of a software update.

Most auto manufacturers are moving in the same direction, providing a completely connected, software-defined product, albeit some more slowly than others. The core component is a cloud-delivered, back-end infrastructure that can support hundreds of thousands of cars with safety, entertainment, and performance services that set that car apart from the others. This is where the battles are going to be fought, with automobiles morphing into extensions of cloud services with each model-year release.

To read this article in full, please click here

Categories: Technology

Why CIOs should make the leap to Flutter now

Info World - Tue, 10/04/2022 - 04:00

Ready for an understatement? CIOs today are facing unprecedented pressures.

Competition for customers and developers is white hot. The pace of change in user preferences and technology has never been faster. The costs of maintaining native software stacks are ballooning as a result. CIOs today must understand these trends — and how they connect back to the critical technology decisions that CIOs must make in trying to build productive teams and scalable, efficient, high-performing applications.

[ Also on InfoWorld: Where software development is headed in 2022 ]

At the same time, CIOs must also de-risk shifting user preferences and ship features at the speeds that users are demanding. Today, three market conditions often stand in their way:

To read this article in full, please click here

Categories: Technology

IT career roadmap: Vice president of engineering

Info World - Tue, 10/04/2022 - 04:00

A vice president of engineering is an executive who manages an organization’s development teams, among other engineering-related functions.

These executives are responsible for ensuring that design requirements are met, overseeing the consistency of user experiences, and managing a team of engineers and developers, according to the CTO Academy, a provider of career services for technology executives.

The average vice president of engineering salary in the United States was $271,673 as of August 2022, but the range typically falls between $239,343 and $311,153, according to Salary.com. Salary ranges can vary widely depending on factors including education, certifications, additional skills, and the number of years spent in the profession, the firm says.

To read this article in full, please click here

Categories: Technology

Kotlin 1.7.20 advances K2 compiler

Info World - Mon, 10/03/2022 - 13:30

JetBrains has published the production release of Kotlin 1.7.20, a planned upgrade to the programming language that introduces an operator for creating open-ended ranges and includes more work on the high-performing K2 compiler, which is still in development.

The production version was unveiled on September 29. With Kotlin 1.7.20, a new ..< operator enables the creation of open-ended ranges. While Kotlin already has the .. operator to express a range of values, the ..< operator acts like the until function and helps with defining the open-ended range. Research has shown that the new operator does a better job at expressing open-ended ranges and making it clear that the upper bound is not included.

To read this article in full, please click here

Categories: Technology

Materialize offers early release of its streaming database as a service

Info World - Mon, 10/03/2022 - 10:58

New York-based startup Materialize on Monday unveiled a streaming, distributed database as a managed service, offering the software to existing customers prior to general availability.

The company launched the initial version of its namesake software two years ago as a single binary designed to input data from Kafka, allowing users to use standard SQL to query and join streaming data.

To read this article in full, please click here

Categories: Technology

Mozilla is looking for a scapegoat

Info World - Mon, 10/03/2022 - 04:00

Mozilla recently released a 60-page report calling on regulators to take action to give consumers a “meaningful opportunity to try alternative browsers.” Alas, the problem for Mozilla isn’t anti-competitive practices from rival browser makers. The problem is competition itself, and Mozilla lost. Mozilla says its mission is to “rally citizens,” “connect leaders,” and “shape the agenda” to foster a “healthy internet.”

Maybe it should spend more time building a great browser.

To read this article in full, please click here

Categories: Technology

The importance of monitoring machine learning models

Info World - Mon, 10/03/2022 - 04:00

Agile development teams must ensure that microservices, applications, and databases are observable, have monitoring in place to identify operational issues, and use AIops to correlate alerts into manageable incidents. When users and business stakeholders want enhancements, many devops teams follow agile methodologies to process feedback and deploy new versions.

Even if there are few requests, devops teams know they must upgrade apps and patch underlying components; otherwise, the software developed today will become tomorrow’s technical debt.

To read this article in full, please click here

Categories: Technology

Bun JavaScript runtime is in the oven

Info World - Mon, 10/03/2022 - 04:00

Move over, Node.js and Deno. A potential competitor is emerging in the JavaScript/TypeScript runtime space, called Bun.

Now in a beta stage of development, Bun is billed as a modern JavaScript runtime akin to Deno or Node, built to start fast, offer new levels of performance, and be a complete tool, equipped with a bundler, transpiler, and package manager. Bun also features an NPM client that implements the Node module resolution algorithm.

Bun has ambitions. The goal of the project is to “run most of the world’s JavaScript outside of browsers,” providing performance and complexity enhancements to future infrastructure. Developer productivity and simpler tools also are goals. The project claims to support 90% of Node-API functions. Built-in web APIs include fetch, WebSocket, and ReadableStream.

To read this article in full, please click here

Categories: Technology

How to choose a cloud machine learning platform

Info World - Mon, 10/03/2022 - 04:00

In order to create effective machine learning and deep learning models, you need copious amounts of data, a way to clean the data and perform feature engineering on it, and a way to train models on your data in a reasonable amount of time. Then you need a way to deploy your models, monitor them for drift over time, and retrain them as needed.

You can do all of that on-premises if you have invested in compute resources and accelerators such as GPUs, but you may find that if your resources are adequate, they are also idle much of the time. On the other hand, it can sometimes be more cost-effective to run the entire pipeline in the cloud, using large amounts of compute resources and accelerators as needed, and then releasing them.

To read this article in full, please click here

Categories: Technology

TWiT 895: Eastern Blocks - Stadia is done, Zuck's UFC appearance, General AI, OG App, Amazon event

This week in tech - Sun, 10/02/2022 - 18:14

Stadia is done, Zuck's UFC appearance, General AI, OG App, Amazon event

  • Stadia is issuing refunds - How to get yours.
  • Red Dead Redemption 2 fan with nearly 6,000 hours on Stadia begs Rockstar for character transfer.
  • Adobe can't Photoshop out the fact its $20bn Figma deal is a naked land grab.
  • Penpot inks $8M as signups for its open source spin on Figma jump 5600% after Adobe's $20B acquisition move.
  • Is Mark Zuckerberg Fighting at This Weekend's UFC Show?
  • Texts show roll call of tech figures tried to help Elon Musk in Twitter deal.
  • The True Genius of Tech Leaders.
  • "Buying Our Way In" was Palantir's (PLTR stock) Secret Plan to Get into the NHS.
  • Elon Musk unveils Optimus
  • Is general AI right around the corner?
  • Google Fires Blake Lemoine, Engineer Who Called Its AI Sentient.
  • James Bridle's "Ways of Being"
  • In Delaware's Kathaleen McCormick, Elon Musk Finds A Judge Who Means Business.
  • Klobuchar, Cruz strike deal to advance journalism antitrust bill.
  • Inside Podcasters' Explosive Audience Growth.
  • The OG App promises you an ad-free Instagram feed.
  • Amazon hardware event 2022.

Host: Leo Laporte

Guests: Alex Kantrowitz and Cory Doctorow

Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech

Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

Sponsors:

Categories: Podcasts, Technology

Pages

Subscribe to Some Place in Ohio aggregator - Technology