A CSB safety video on the agency's investigation into the massive April 8, 2021, explosion and fire that fatally injured one worker at the Yenkin-Majestic Paint Corporation facility in Columbus, Ohio.
The marketing has 100% shifted to the creation of workloads using “Agents”.
Presumably the hyperscalers can begin conflating the number of “agents” created with “boring jobs eliminated” and thus herald the industrial revolution.
But first: Your subscription price is increasing and now includes 5 Agents.
What are some ways to avoid common methological pitfalls when generating test cases for "groundedness" benchmarks with automation?
Confirmation bias is one obvious pitfall that comes to mind, but also I wonder how it is possible to achieve reproducibility when the input is stochastic.
> The US junk bond rally came to a halt on Friday with the biggest one-day loss in six months, as the risk premium surged to near a four-month peak of 304 basis points. Yields climbed to 6.99%, the highest in more than two months.
> The losses accelerated after President Trump threatened to impose huge tariffs on imports from China and said he saw no reason to meet with Chinese President Xi Jinping, causing concerns about trade relations between the world’s two biggest economies.
> The weekly loss of 0.73% was also the biggest since April. The losses spanned across ratings amid the renewed tariff fears. Junk bond yields rose 15 basis on Friday and 31 basis for the week, the biggest increase in six months.
> CCC yields rose above 10% to a five-week high of 10.14% and spreads widened to a six-week high of 632 basis points. Spreads climbed 32 basis points on Friday, the most in one day since April. CCCs racked up a loss of 0.6% on Friday, the worst one-day loss in six months. CCCs closed the week with a loss of 1.05%, also the most in six months.
In a pure implementation, the same level of trust is implied (absolutely none at all) whether a device is connecting to a resource from the public internet or the same subnet.
Microsoft’s version of “Zero Trust” doesn’t care if things are reachable from the public internet. They have been preaching “identity is the new perimeter” [1] for years, and it doesn’t wash.
The NIST Zero Trust Architecture (ZTA) implementation guides (SP 1800-35) [2] cut through the nonsense and AI generated marketing smoke.
In ZTA, ALL network locations are untrusted. Network connections are created by a Policy Engine that creates and tears down tunnels to each resource dynamically using attribute-based-access-controls (ABAC). Per request.
Microsoft doesn’t have any products that can do full ZTA, so several pillars are missing from their “Zero Trust” marketing materials.
why bother when not a single vulnerability has resulted in any appreciable fines or loss of market share? it's absurd how untouchable their ubiquity has become.
That's pretty accurate, if you want modern practice and product quality you go to Google or Amazon, if you want compliance and reassuring the board, you go to Microsoft.
> Network connections are created by a Policy Engine that creates and tears down tunnels to each resource dynamically using attribute-based-access-controls (ABAC). Per request.
What does it mean in technical terms? What kind of tunnels are whose and what is their purpose?
There are four different micro-segmentation variations in the NIST reference guide: device-agent/gateway, enclaves, resource portals, and application sandboxing.
Basically a policy evaluation point (PEP) evaluates the security posture of both parties before and after a handshake, then creates a logical or physical path of some kind of between the actor and the resource. This can be done with software-defined virtual networks and stateful firewalls, at one or more of the OSI layers.
So the policy evaluation point has the keys to the kingdom and is the single point of failure, vs standard distributed authorisation declaration that would be up to each component of the system to implement.
