Burst your bubble: using machine learning to change the world

Social media has been blamed for locking people in a bubble, only showing them news that is in line with their beliefs. This divides society into different groups that have almost nothing in common. People read what they think they want to read, never seeing a different opinion. At the same time governments and influencers have started to call for filtering. Facebook would have to filter out lies and fake news, so we all see the truth only. The problem with the filter approach is that it will cause opinions to drift toward some bottom line truisms we can all agree on. If we start fining social media for violations, the companies will get more and more conservative, and we’ll end up in a boring world. Like having a perpetually overcast sky and an eternal drizzle. Grey goo everywhere.

This is not what we need. What we need is to be confronted with opinions that differ from what we think is right. So we (i.e. Albert Brand, Arjan Molenaar and myself) started a one-day research project at Xebia, inspired by a feature of my favorite Dutch newspaper, NRC. The feature is called Twistgesprek. The format is that two people discuss a statement during the week. Their conversation is summarized and published in the Saturday paper as a back-and-forth of messages. Quite often I start with a strong opinion about the subject being discussed, but end up with a more thorough understanding of its nuances because of the discussion. Having your convictions challenged and modified is a wonderful gift.
So, the idea was to show people ideas that directly contradict each other.
more

Designing your DynamoDB tables efficiently and modelling mixed data types with Kotlin

AWS (Amazon Web Services) offers a pretty neat NoSQL database called DynamoDB. It is fast and it can scale, what more can you wish for? The thing is, as a developer you are still responsible for designing your tables in such a way, that you actually make appropriate use of the benefits DynamoDB has to offer. If you simply apply your knowledge gained using other databases, you might end up wasting money and performance.

Read more →

DevOps in a data science world

Many organisations have a new ambition to become a data-driven organisation. In essence, this means the organisation wants to make better business decisions based on insights provided by data [4]. Data itself is not able to advise a business for better decision-making. Therefore these organisations introduce a new capability: Data & Analytics. 
This blog elaborates on how adopting DevOps principles can enhance business value creation for the world of Data & Analytics.

Read more →

Structured Logging That Makes Everybody Happy

When we run our software, we obviously want to see and understand what is happening and how well our software performs. To achieve this, we need observability as a key characteristic for our software. Observability is a measure of how well internal states of a system can be inferred from knowledge of its external outputs. This definition, borrowed from control theory, infers that metrics, tracing, and logging are key topics to be implemented in your software system.

Two of these pillars, metrics and tracing, are also of great importance to allow yourself to paint the complete picture. In this blog post, I will focus on getting the most benefits from your logging.

Read more →

Improving Security by influencing Human Behavior

We all know that the hardening of a system or implementing 2FA does not magically improves the security of an organisation. For a successful implementation of IAM, PKI a holistic approach is needed. Also for the successful improvement of security in your organisation, a holistic approach is needed. Implementing and improving security demands your approach to cover both people, process and technology.

This blog provides you with a mental model on how to change behavior of people and how to change the culture of an organisation. To change the culture of your organisation you need to change the structures and lead by example. And there is more to it, why this works in changing the behavior of individual persons. 

I also highlight material to facilitate a workshop that helps you in making the mental models behind the behavior of people explicit.

Read more →

Threat modeling without a diagram

Most threat model approaches (like e.g. STRIDE) assume you have a technical overview like a Data Flow Diagram. An interesting question therefore is; can you threat model when there is no such thing available? A common situation would be when your are forming an epic, but as an exercise let’s take a legal contract or service level agreement; can you threat model that? Let us find out….

At first sight this might be a stretch or weird thing to do as there are no assets to protect or technical risks to identify, but I will show you can still get interesting results by tweaking the process and making a translation first.

Read more →

From Build to Run: Pointers on Secure Deployment

Our experience with resources on secure deployment

Have you ever searched for resources on “Secure Software Deployment”? Most of the results revolve around the pentesting or putting security tools in your CI/CD pipeline. It would be the same as researching how to improve your cake baking skills, but end up with manuals of kitchen appliances. We want to address this gap: in this blog, we want to give you key pointers for a secure deployment.

person holding black fruit near cake for secure deployment analogy
You definitely want to protect this cake from malicious actors by ‘deploying it securely’ 🙂

So, what should you think of? We’ll start with a few aspects that we believe are important to think of when you work on a secure deployment. After that, we will touch upon the areas that you need to work on to actually achieve it. Finally, we’ll advise where to go from here.

Read more →

Improving the quality of software delivery utilizing technology, process and people

Each organization involved in creating software eventually has a need to deliver that software. It is what we call the software delivery process. Typically, software delivery starts at the moment that a developer has written code locally and wants to publish it. Or, as Martin Fowler puts it: From the developer finishing the feature to getting that feature into production. At Qxperts, we have a more holistic view on software delivery.

Read more →

Mental models: a reflection on AWS outage

In November 2020 AWS had a major outage, which started with their Kinesis service, having a cascading failure over some services. Several articles and analyses of the outage, including the official note from AWS. This blog post reflects the outage, but rather focus on the technical aspects, I will deep dive into the social ones, namely mental models.

Read more →