#customer service representative software | Explore Tumblr Posts and Blogs

softwarereviewforall · 11 months

Text

CAPTERRA AWARDS ENGAGEBAY AS TOP CUSTOMER SERVICE SOFTWARE

EngageBay is a customer service software that has received high ratings from users in terms of value for money and functionality. It has been recognized as an outstanding product with a value for money rating of 4.7 out of 5 and a functionality rating of 4.6 out of 5. In this article, we will discuss EngageBay reviews, EngageBay vs HubSpot, EngageBay pricing, and whether EngageBay is good according to Capterra.

EngageBay Reviews

EngageBay has received positive reviews from users on Capterra. It has an overall rating of 4.6 out of 5, and users have praised its simplicity, ease of use, and range of features. Here are some examples of EngageBay reviews from Capterra users:

“The tool is very simple to use. It integrated with our own platform easily. We have really utilized all the features such as the email marketing, CRM, automation, and social media engagement. For me, the best in nurturing and closing leads!” ~ Kentall S.

“Needed a cost prohibitive plan form that has everything to market my fitness business along with the automation. I was using multiple pieces of software well over 300+ a month and Engagebay has replaced all of them at a fraction of the price.” ~ Stephen G.

“What I like the most about EngageBay is that it’s an inclusive platform where Sales, Marketing, and Support can be able to work together on the same platform and helps these different but intertwined departments to be always in sync.” ~ Brendan C.

EngageBay vs HubSpot

EngageBay and HubSpot are both customer service software options that offer a range of features to help businesses manage their customer relationships. However, there are some differences between the two. EngageBay is a more affordable option, with a starting price of $13.80 per month, billed annually, while HubSpot offers a free version and paid plans that start at $50 per month. EngageBay is also a more user-friendly option, with a simpler interface that is easier to navigate. HubSpot, on the other hand, offers more advanced features and tools, making it a better option for larger businesses with more complex needs.

EngageBay Pricing

EngageBay offers a range of pricing plans to suit different business needs. The basic plan starts at $13.80 per month, billed annually, and includes up to 500 contacts. The advanced plan starts at $29.99 per month, billed annually, and includes unlimited contacts. EngageBay also offers a free trial of its software, allowing users to test out its features before committing to a paid plan.

Is EngageBay Good According to Capterra?

EngageBay has received positive reviews from users on Capterra, with an overall rating of 4.6 out of 5. It has been recognized as an outstanding product with a value for money rating of 4.7 out of 5 and a functionality rating of 4.6 out of 5. Capterra is a safe platform that helps businesses find and evaluate top software and business services. It does not pay for reviews, and it has review guidelines in place to ensure that reviews are honest and unbiased.

In conclusion, EngageBay is a customer service software that offers a range of features to help businesses manage their customer relationships. It has received positive reviews from users on Capterra, and it is a more affordable and user-friendly option compared to HubSpot. EngageBay offers a range of pricing plans to suit different business needs, and it is a safe and reliable option according to Capterra.

Citations: [1] https://www.capterra.com [2] https://www.capterra.com/categories/ [3] https://www.capterra.com/p/185973/HelpDesk/reviews/ [4] https://www.linkedin.com/company/capterra [5] https://www.capterra.com/customer-service-software/ [6] https://www.capterra.com/customer-service-software/s/free/

0 notes

chloedecker0 · 8 months

Text

Maximizing Retail Profits: Harnessing B2B Price Optimization Software

In the ever-evolving world of retail and e-commerce, businesses are constantly seeking ways to gain a competitive edge. Among the many strategies employed, B2B Price Optimization and Management Software stands out as a game-changer. Price optimisation and management (PO&M) software solutions enable businesses to oversee and optimize the prices of their goods and services. These services also provide a growing range of sales intelligence advice, such as best-next-action suggestions and customer churn warnings. In the industry, vendors either focus on back-office price management and product management roles, or they focus on providing real-time sales intelligence to sales representatives and B2B digital commerce websites, or both. Quadrant Knowledge Solutions, a leading global advisory and consulting firm, has recognized the significance of this technology in their report, “B2B Price Optimization and Management Applications, 2023”. Quadrant Knowledge Solutions focuses on helping clients in achieving business transformation goals with Strategic Business, and Growth Advisory Services.

Download the sample report of Market Share: B2B Price Optimization and Management Software

Understanding the Retail and E-commerce Landscape

The retail and e-commerce industry is a highly dynamic and competitive space. Companies within this domain face the continuous challenge of pricing their products right to maximize profitability while staying attractive to their customers. In this context, pricing becomes a critical element of their strategy. Let's delve into some of these challenges:

Rapidly Changing Market Dynamics: Retail and e-commerce markets are highly volatile, with ever-shifting consumer preferences and market trends. Adapting to these changes in real-time is essential to stay competitive. Without the right tools, businesses risk making pricing decisions that are out of sync with market realities.

Intense Competition: In retail and e-commerce, competition is fierce. With numerous players offering similar products or services, pricing becomes a key differentiator. Setting prices too high can drive customers away, while pricing too low can erode profit margins.

Complex Supply Chain and Cost Structures: The retail and e-commerce sector often deals with complex supply chain operations and cost structures. Understanding the true costs associated with a product or service is essential for setting optimal prices. Traditional methods of cost calculation can be time-consuming and error-prone.

Customer Behaviour and Expectations: Today's consumers are more informed and price-sensitive than ever before. Their buying behaviour can change rapidly in response to various factors, including promotions, discounts, and market trends. Retailers must be agile in responding to these changes.

Competitor Pricing Strategies: Keeping a constant eye on competitor pricing is crucial. Businesses need to respond promptly to pricing moves made by competitors to remain competitive. Manual tracking and analysis of competitor pricing are arduous and inefficient processes.

Download the sample report of Market Forecast: B2B Price Optimization and Management Software

B2B Price Optimization and Management Software: A Necessity

B2B Price Optimization and Management Software is the solution to these challenges. This technology leverages advanced algorithms, data analytics, and real-time market insights to help businesses make data-driven pricing decisions. It empowers retail and e-commerce companies to optimize their prices efficiently while taking into account factors like demand fluctuations, competitor pricing, and customer behaviour.

Talk To Analyst: https://quadrant-solutions.com/talk-to-analyst

#In the ever-evolving world of retail and e-commerce #businesses are constantly seeking ways to gain a competitive edge. Among the many strategies employed #B2B Price Optimization and Management Software stands out as a game-changer. Price optimisation and management (PO&M) software solutions en #such as best-next-action suggestions and customer churn warnings. In the industry #vendors either focus on back-office price management and product management roles #or they focus on providing real-time sales intelligence to sales representatives and B2B digital commerce websites #or both. Quadrant Knowledge Solutions #a leading global advisory and consulting firm #has recognized the significance of this technology in their report #“B2B Price Optimization and Management Applications #2023”. Quadrant Knowledge Solutions focuses on helping clients in achieving business transformation goals with Strategic Business #and Growth Advisory Services.#Download the sample report of Market Share: B2B Price Optimization and Management Software #Understanding the Retail and E-commerce Landscape #The retail and e-commerce industry is a highly dynamic and competitive space. Companies within this domain face the continuous challenge of #pricing becomes a critical element of their strategy. Let's delve into some of these challenges:#Rapidly Changing Market Dynamics: Retail and e-commerce markets are highly volatile #with ever-shifting consumer preferences and market trends. Adapting to these changes in real-time is essential to stay competitive. Without #businesses risk making pricing decisions that are out of sync with market realities.#Intense Competition: In retail and e-commerce #competition is fierce. With numerous players offering similar products or services #pricing becomes a key differentiator. Setting prices too high can drive customers away #while pricing too low can erode profit margins.#Complex Supply Chain and Cost Structures: The retail and e-commerce sector often deals with complex supply chain operations and cost struct #Customer Behaviour and Expectations: Today's consumers are more informed and price-sensitive than ever before. Their buying behaviour can c #including promotions #discounts #and market trends. Retailers must be agile in responding to these changes.#Competitor Pricing Strategies: Keeping a constant eye on competitor pricing is crucial. Businesses need to respond promptly to pricing move #Download the sample report of Market Forecast: B2B Price Optimization and Management Software

0 notes

mariacallous · 15 days

Text

In March 2007, Google’s then senior executive in charge of acquisitions, David Drummond, emailed the company’s board of directors a case for buying DoubleClick. It was an obscure software developer that helped websites sell ads. But it had about 60 percent market share and could accelerate Google’s growth while keeping rivals at bay. A “Microsoft-owned DoubleClick represents a major competitive threat,” court papers show Drummond writing.

Three weeks later, on Friday the 13th, Google announced the acquisition of DoubleClick for $3.1 billion. The US Department of Justice and 17 states including California and Colorado now allege that the day marked the beginning of Google’s unchecked dominance in online ads—and all the trouble that comes with it.

The government contends that controlling DoubleClick enabled Google to corner websites into doing business with its other services. That has resulted in Google allegedly monopolizing three big links of a vital digital advertising supply chain, which funnels over $12 billion in annual revenue to websites and apps in the US alone.

It’s a big amount. But a government expert estimates in court filings that if Google were not allegedly destroying its competition illegally, those publishers would be receiving up to an additional hundreds of millions of dollars each year. Starved of that potential funding, “publishers are pushed to put more ads on their websites, to put more content behind costly paywalls, or to cease business altogether,” the government alleges. It all adds up to a subpar experience on the web for consumers, Colorado attorney general Phil Weiser says.

“Google is able to extract hiked-up costs, and those are passed on to consumers,” he alleges. “The overall outcome we want is for consumers to have more access to content supported by advertising revenue and for people who are seeking advertising not to have to pay inflated costs.”

Google disputes the accusations.

Starting today, both sides’ arguments will be put to the test in what’s expected to be a weekslong trial before US district judge Leonie Brinkema in Alexandria, Virginia. The government wants her to find that Google has violated federal antitrust law and then issue orders that restore competition. In a best-case scenario, according to several Google critics and experts in online ads who spoke with WIRED, internet users could find themselves more pleasantly informed and entertained.

It could take years for the ad market to shake out, says Adam Heimlich, a longtime digital ad executive who’s extensively researched Google. But over time, fresh competition could lower supply chain fees and increase innovation. That would drive “better monetization of websites and better quality of websites,” says Heimlich, who now runs AI software developer Chalice Custom Algorithms.

Tim Vanderhook, CEO of ad-buying software developer Viant Technology, which both competes and partners with Google, believes that consumers would encounter a greater variety of ads, fewer creepy ads, and pages less cluttered with ads. “A substantially improved browsing experience,” he says.

Of course, all depends on the outcome of the case. Over the past year, Google lost its two other antitrust trials—concerning illegal search and mobile app store monopolies. Though the verdicts are under appeal, they’ve made the company’s critics optimistic about the ad tech trial.

Google argues that it faces fierce competition from Meta, Amazon, Microsoft, and others. It further contends that customers benefited from each of the acquisitions, contracts, and features that the government is challenging. “Google has designed a set of products that work efficiently with each other and attract a valuable customer base,” the company’s attorneys wrote in a 359-page rebuttal.

For years, Google publicly has maintained that its ad tech projects wouldn’t harm clients or competition. “We will be able to help publishers and advertisers generate more revenue, which will fuel the creation of even more rich and diverse content on the internet,” Drummond testified in 2007 to US senators concerned about the DoubleClick deal’s impact on competition and privacy. US antitrust regulators at the time cleared the purchase. But at least one of them, in hindsight, has said he should have blocked it.

Deep Control

The Justice Department alleges that acquiring DoubleClick gave Google “a pool of captive publishers that now had fewer alternatives and faced substantial switching costs associated with changing to another publisher ad server.” The global market share of Google’s tool for publishers is now 91 percent, according to court papers. The company holds similar control over ad exchanges that broker deals (around 70 percent) and tools used by advertisers (85 percent), the court filings say.

Google’s dominance, the government argues, has “impaired the ability of publishers and advertisers to choose the ad tech tools they would prefer to use and diminished the number and quality of viable options available to them.”

The government alleges that Google staff spoke internally about how they have been earning an unfair portion of what advertisers spend on advertising, to the tune of over a third of every $1 spent in some cases.

Some of Google’s competitors want the tech giant to be broken up into multiple independent companies, so each of its advertising services competes on its own merits without the benefit of one pumping up another. The rivals also support rules that would bar Google from preferencing its own services. “What all in the industry are looking for is fair competition,” Viant’s Vanderhook says.

If Google ad tech alternatives win more business, not everyone is so sure that the users will notice a difference. “We’re talking about moving from the NYSE to Nasdaq,” Ari Paparo, a former DoubleClick and Google executive who now runs the media company Marketecture, tells WIRED. The technology behind the scenes may shift, but the experience for investors—or in this case, internet surfers—doesn’t.

Some advertising experts predict that if Google is broken up, users’ experiences would get even worse. Andrey Meshkov, chief technology officer of ad-block developer AdGuard, expects increasingly invasive tracking as competition intensifies. Products also may cost more because companies need to not only hire additional help to run ads but also buy more ads to achieve the same goals. “So the ad clutter is going to get worse,” Beth Egan, an ad executive turned Syracuse University associate professor, told reporters in a recent call arranged by a Google-funded advocacy group.

But Dina Srinivasan, a former ad executive who as an antitrust scholar wrote a Stanford Technology Law Review paper on Google’s dominance, says advertisers would end up paying lower fees, and the savings would be passed on to their customers. That future would mark an end to the spell Google allegedly cast with its DoubleClick deal. And it could happen even if Google wins in Virginia. A trial in a similar lawsuit filed by Texas, 15 other states, and Puerto Rico is scheduled for March.

31 notes · View notes

allow-me-to-speak · 4 months

Text

You know what’s dumb? Two-factor authentication. I’ve been complaining for ages that two-factor authentication only works until someone loses their cell phone, and guess what I did less than an hour after landing in a foreign country? (It fell on the floor of a cab as I was getting out, and I noticed a minute too late)

I couldn’t do anything. I couldn’t log on to my email on my friend’s phone, I couldn’t check my bank accounts because all of the devices were unrecognized, I literally couldn’t even log onto my account for my cell phone provider to let them know my phone had been lost or stolen. Even when I called the customer service line to get my phone deactivated, they wouldn’t let me talk to a representative without typing in a confirmation code that had been sent to my phone. It took me days of calling international customer service lines on other people’s phones to ensure that my own phone was turned off. And after all that, I had to find a way to contact my job’s IT department and beg them to turn off two-factor authentication for me temporarily, because I wasn’t going to have a phone in time for my return to work and I can’t log into my 1) work computer, 2) work software, 3) work file archives, and 4) work chat features without separate instances of two-factor authentication.

And to make it clear, none of these had “I don’t have a phone right now, let’s try another way” options.

#I had a great vacation but Jesus fucking Christ

33 notes · View notes

pareidoliaonthemove · 4 months

Text

A New Policy

Part 1: Memo

Memo

From: Scott Tracy, CEO

To: All Employees, Tracy Industries and Subsidiaries

Re: Service Blacklist

Due to recurrent events, Tracy Industries and all Subsidiaries Companies are now exercising their right to refuse service and custom to certain potential customers and suppliers.

As such the Service Blacklist is now online for all employees to access and view, the Blacklist outlines the reasons why persons and organisations have been Blacklisted, along with a comprehensive list of known aliases and affiliated organisations.

All Public-Facing Roles, Sales, Accounts and Warehousing, will receive training in the new Service Blacklist, and how to integrate it within their daily routines. Your Section Manager will provide details of when and how this training will be presented.

The Blacklist is now integrated into all accounting and ordering software. Any attempt by employees to deliberately circumvent this restriction without appropriate authorisation will be subject to immediate and stringent disciplinary action. HR will begin rolling out the information packages on how this infraction will be dealt with within the week.

If employees encounter a situation where they believe the blacklist has been erroneously applied, or if blacklisted persons or organisations attempt to force employees to act against the strictures of this memo, employees are to use the in-house DM system.

Address request for assistance to ‘Blacklist: Situation’, and detail your name, section, and link to the order/correspondence relevant to the situation, and a representative with the authority to resolve the issue will contact you within ten minutes.

Thank you for your assistance in maintaining the ethics and integrity of Tracy Industries, and your part in making the world a safer place.

Scott Tracy

Service Blacklist Quicklinks:

Blacklist: Situation DM Channel

Francois Lemaire

Langstrom Fischler

Howard Yost

‘The Hood’

#thunderbirds are go #fanfic #my fanfic #memo #scott tracy #tracy industries #a new policy

31 notes · View notes

soon-palestine · 7 months

Text

Workers said Project Nimbus is the kind of lucrative contract that neglects ethical guardrails that outspoken members of Google’s workforce have demanded in recent years. “I am very worried that Google has no scruples if they’re going to work with the Israeli government,” said Joshua Marxen, a Google Cloud software engineer who helped to organize the protest. “Google has given us no reason to trust them.” The Tuesday protest represents continuing tension between Google’s workforce and its senior management over how the company’s technology is used. In recent years Google workers have objected to military contracts, challenging Google’s work with U.S. Customs and Border Protection and its role in a defense program building artificial intelligence tools used to refine drone strikes. Workers have alleged that the company has cracked down on information-sharing, siloed controversial projects and enforced a workplace culture that increasingly punishes them for speaking out.

Google did not immediately respond to a request for comment about the Tuesday protest and workers’ concerns over Project Nimbus. The Israeli Finance Ministry announced its contract with Google and Amazon in April 2021 as a project “intended to provide the government, the defense establishment and others with an all-encompassing cloud solution.” Google has largely refused to release details of the contract, the specific capabilities Israel will receive, or how they will be used. In July 2022, the Intercept reported that training documents for Israeli government personnel indicate Google is providing software that the company claims can recognize people, gauge emotional states from facial expressions and track objects in video footage. Google Cloud spokesperson Atle Erlingsson told Wired in September 2022 that the company proudly supports Israel’s government and said critics had misrepresented Project Nimbus. “Our work is not directed at highly sensitive or classified military workloads,” he told Wired. Erlingsson, however, acknowledged that the contract will provide Israel’s military access to Google technology. Former Google worker Ariel Koren, who has long been publicly critical of Project Nimbus, said “it adds insult to injury for Palestinian activists and Palestinians generally” that Google Cloud’s profitability milestone coincides with the 75th anniversary of the Nakba — which refers to the mass displacement and dispossession of Palestinians following creation of the state of Israel in 1948.

In March 2022, The Times reported allegations by Koren — at the time a product marketing manager at Google for Education — that Google had retaliated against her for criticizing the contract, issuing a directive that she move to São Paulo, Brazil, within 17 business days or lose her job. Google told The Times that it investigated the incident and found no evidence of retaliation. When Koren resigned from Google in August 2022 she published a memo explaining reasons for her departure, writing that “Google systematically silences Palestinian, Jewish, Arab and Muslim voices concerned about Google’s complicity in violations of Palestinian human rights.” Koren said Google’s apathy makes her and others believe more vigorous protest actions are justified. “This is a concrete disruption that is sending a clear message to Google: We won’t allow for business as usual, so long as you continue to profit off of a nefarious contract that expands Israeli apartheid.” Mohammad Khatami, a YouTube software engineer based in New York, participated in a small protest of Project Nimbus at a July Amazon Web Services conference in Manhattan. Khatami said major layoffs at Google announced in January pushed him to get more involved in the Alphabet Workers Union, which provides resources to Khatami and other union members in an anti-military working group — though the union has not taken a formal stance on Project Nimbus. “Greed and corporate interests were being put ahead of workers and I think the layoffs just illustrated that for me very clearly,” Khatami said.

#palestine #gaza #free palestine #nimbus #google

16 notes · View notes

faizan2f · 20 days

Text

Video Conferencing Software applications.

All businesses have different priorities when it comes to their video conferencing software choice depending on their industry, size, budgets and key use cases. For some small businesses, cost is the primary consideration, while others put a premium on security, reliability and support — perks typically associated with enterprise-grade video conferencing solutions. Of course, many fall somewhere in the middle, making it all that more important to understand the differences among video conferencing software providers.

With seemingly endless options for video conferencing tools in today’s workplace, we at PeopleLink, want to make it easy to navigate potential vendors and choose the best free video conferencing for your unique needs.

Video Customer Support

Video Customer Support is a workflow application specially designed for websites where by just putting a simple JavaScript file, you can enable “Click to Video Call” button which will directly connect to sales representatives and agents at the backend. Read More

Prisoner Relative Interaction

V-Mulakat facilitates relatives of prisoners to have live audio-video chat with jail inmates while sitting in a chat room at a distantly located Common Service Center (CSC). Read More

Video Shopping Portal

Video shopping is a workflow application designed for highest video shopping experience. With this application, a user can go to the website of the store and browse for the product of choice. Read More

Video LMS Portal

Acumen not only complements the classroom, making way for more effective methods of learning, but also supports students’ learning outside the classroom. Read More

Patient-Doctor Portal

Pulse is a software that connects patients with doctors – facilitating round-the-clock appointment booking, onsite and remote consultations, and post-consultation support.

WebCasting

Impactful & Real time Web audience engagement with PeopleLink Central Recording & Streaming Read More

API Engine

InstaCore is a software that integrates video technologies along with a set of useful modules that change how your organization interacts with itself and with others. Read More

#video conferencing #communication #conference #audio #teleconferencing

4 notes · View notes

entitycradle · 16 days

Text

Future Anime Girl Gestalt

As a breakthrough in silicon nanostructure materials makes photonics and near-eye displays cheap, smart glasses become the new ubiquitous computers, replacing smartphones. The always-on display provides unique opportunities for advertisers, as does new machine learning-assisted ad targeting. In the new omnipresent augmented reality, ads become personalized, three-dimensional, interactive displays, emerging from blank rectangles in subway stations. You see your facebook friends conversing animatedly, drinking budweiser.

As smart glasses become increasingly necessary for modern life, brands are able to invade further into perceived reality. Cars shine luxuriously. The name and price of your coworker's smartwatch floats above it. Of course many modern advertisements no longer directly sell a product or service, but rather create and maintain brand identities. Large corporations advertise on everyday objects--the plate at your favorite restaurant reveals the name of a software company as you finish your food. Your brother's anger turns him super saiyan, reminding you of the new episodes. A poor neighborhood turns into an alien-inspired techno-organic nightmare.

Many companies use characters to perpetuate their brand. These characters can be personalized--the insurance company mascot that shows up on your car dashboard during a harrowing rush hour is your favorite color, features large, expressive eyes, and is covered in shaggy fur.

Of course, machine learning algorithms can be unpredictable. And ad agencies could not anticipate the omnivalent memetic power of...

...anime girls.

The algorithm customizes your pepsi soda into a fizzy anime slime girl. They customize the call to your healthcare provider to raise the pitch of the representative's voice and translate the audio to Japanese (your glasses display English subtitles). The missiles you see striking a city in Iran are ridden by pale, northrop grumman-labeled anime maids.

As more human agency is ceded to enormous, power-chugging processing centers, the connections between everyday occurrences and brand presence become more abstract. Every character on a show you're not paying attention to, every old shoe you own, every person you interact with, every grain of sand on the beach, every floater in your eye, is an anime girl.

As humans do, they adapt. Generation Glass becomes accustomed to experiencing two entirely foreign sets of sense-data: one, their local, mundane world, of humming processors and concrete and scraggly trees. The other, the networked world, where your entire visual field is painted in overlapping anime girls of various sizes and your auditory vestibular nerve is drowned in high-pitched giggling. Each girl represents some object--pomegranate, sunset, friends, love, death.

As global civilization gently deflates under the pressure of climate change post-2100, so does the capacity to manufacture complex electronics. Within the space of a generation, billions of people are reduced to creating facile, vapid illustrations of the moving, living anime girls they once knew as bigotry and tarmac. Pictures of anime girls are used to label street signs, mathematical concepts, genders, religious texts. Ironically, anime girls become more incorporated into the real world than they ever were in the Glass period, because they adorn real surfaces. A post-traumatic behavior develops, in which a person destroys objects bearing anime girl images in an attempt to, according to one individual, "let them out," or otherwise restore networked consensus reality.

Thousands of years pass. Peregrine sophists of the Fifth Yyrzoc clan uncover an underground concrete structure. In it are glyphs of a single, big-eyed, pale, skinny, large-breasted woman with bright blue hair, surrounded by female figures in blood-red uniforms who are collapsed on the ground. The sophists are able to decode this message and avoid what we would recognize as a nuclear waste storage facility. They theorize that the figures are ancient feminine gods of radiation and death. Several etchings and illustrations are published by a notable scriptorium. Years later they are largely forgotten.

#writing #original fiction #sff #scifi #anime #weird fiction #worldbuilding

3 notes · View notes

greggermeister · 2 months

Text

Why OOP is a bad fit for custom software

Ever notice that custom OOP projects tend towards a flaming pile of spaghetti crap? Have you ever seen anti-patterns like the following:

Changing a line of code to fix screen A blows up screen B, which have no relation to each other

Many wrappers - a Service is wrapped by a Provider is wrapped by a Performer is wrapped by a ...

It is hard to track down where is the code that performs a certain operation

Playing whack a mole, where each bug fix just yields a new bug

Ever ask yourself why OOP has design patterns? I would argue that OOP assumes up front design before writing any code.

In particular, OOP shines when every important thing is known at the outset. Take a Java List or Map as an example. They have remained virtually the same since the roll out of Java 1.2 when the collections API was added, replacing older classes like Vector and Dictionary.

A List or Map is a simple beast - they are just ordered sets of data. A list orders items by index, a map by their keys. Once you have basic operations like add, change, iterate, and and delete, what more do you really need? This is why Java has really only added conveniences like Map.computeIfAbsent, ConcurrentHashMap, and so on. Nothing huge, just some nice things that people were already doing anyway with their own convenience functions and/or classes.

But custom software paid for by a customer who only knows what they want today is something altogether different. You literally don't know from one month to the next what feature the customer will ask for, or what bug they will report. Remember that OOP design pattern for random structural changes on a dime? Neither do I.

Why imperative is better

OOP intrinsically means some kind of entanglement - once you pick a design pattern for a set of classes, and write a bunch of code for it, you can't easily change to some other design pattern. You can use different patterns for different sets of code, composing them as needed into a larger system. But each part is kind of locked in to a chosen pattern, and it is a significant hassle to change the pattern later. It's like the coding equivalent of vendor lock-in.

Unfortunately, a set of code doesn't necessarily shout out "Hey this is the strategy pattern". You have to examine a set of code to reverse engineer the pattern of it, or ask someone. Have you worked on a team that stated up front what patterns were being used for different parts of the system? I don't recall getting very much of this in my career. Really, in a lot of cases, there simply isn't any real conscious choice of design patterns, just replication of whatever the devs saw before elsewhere, often without any real contextual information of why.

This entanglement easily leads to hard to deal with code if someone doesn't fully grok whatever pattern(s) are present. More often than not, using OOP for custom who-knows-what-the-customer-wants-next-week software is setting the system up for failure. Not failure as in it doesn't work, but failure as in it will virtually guaranteed become very hard to maintain.

Using a simple imperative pattern is much better, which you can do even if the language is a primarily OOP language like Java. In the case of Java, just use static methods, where each class corresponds to either a data structure, or a series of static methods that operate on data structures. By passing data structures as arguments and returning new data structures, effectively the code is working from the outside, which makes the code simpler to understand, and tends towards less entanglement.

You could organize packages like this:

Top level packages represent functional areas (eg, configuration, database access, REST API, validations, etc)

Sub packages for data structures and functions that operate on them

Some sub packages can represent a design pattern like model, view, and controller

For example, it might be organized like this, where app is the top level dir checked out of the repo:

app/db/util: some utility functions to make db access easier

app/db/dto: database transfer objects that represent data as stored/retrieved in the db

app/db/dao: database access objects that store/retrieve dtos

app/rest/util: some utility methods to make REST a bit easier

app/rest/view: objects that represent the data as sent/received over http

app/rest/translate: translate app/db/dto to/from app/rest/view

app/rest/model: make app/db/dao calls to store/retrieve data, uses /app/rest/{view, translate}

app/rest/controller: define endpoints and methods, use app/rest/model to do the work

app/html: SSR html generation

You'll notice I mention MVC above, which is an OOP pattern. However, this pattern can be simplified as a set of directories with one responsibility per directory, which can still be an imperative way of writing code. It can still be operating on the data objects from the outside. Just because we don't want to use OOP doesn't mean we can't apply some of what we've learned from it over the years in an imperative way.

The above looks like a monolithic design. It can be a hybrid if you want:

Make app/{service} dirs, which in turn contain db, rest, and html as shown above

Each service can be its own application

Services can be grouped into a smaller number of deployments, you don't have to deploy each service in its own container

The other most common mistake

One of the most important things to consider is (DO)RY versus (DONT)RY. The over usage of (DONT)RY is often a very big pain point in OOP. Like Lists and Maps, (DONT)RY works best in a limited area of code, such as reusing some common code across all Map implementations. Essentially, it is just another variation of what I said earlier about knowing the design in advance - (DONT)RY can be quite useful when you know the considerations up front, but just another factor in making spaghetti code when you don't.

(DO)RY is far more useful when you have a changes by the week application - the duplication isolates changes. For example, say you have a customer address and a business address. They seem kind of the same thing, with only minor differences:

Businesses have 3 lines, for doors and stops and other cupboard-under-the-stairs things individuals don't need

Businesses can have multiple addresses, so they need a type (physical, mailing, billing)

It sounds like you could use the same code for both. But over time, random requests are made for random changes, and some changes need to only apply to one or the other address type. (DONT)RY causes these increasing differences to get harder and harder to manage, which is exactly the bad form of entanglement I keep seeing. (DO)RY means copying code when a change needs to be done for both.

The improvement stems from the fact that when a particular change must be implemented quite differently due to their differing code bases, there is no tangled mess problem - instead, it is just more effort to do the change twice in different ways, without causing either code base to become any harder to read or modify.

In some cases, a data type that has its own logic for persistence and retrieval/display might also be contained inside another data type for another use case. When contained, there is no reason to believe in the face of random changes that it will necessarily always require the same validations, persistence, and display logic as when it is used as a top level object. As such, all the logic for the contained object should be a copy of the top level code, so the two use cases can be as different as they need to be.

Conclusion

Imperative programming combined with (DO)RY encourages making separate silos for each data type - separate queries, separate db reads/writes, separate REST endpoints, separate HTML generation. This separation expresses an important truth I alluded to earlier about your data - every top level data type is completely unrelated to any other data type, it is a thing unto itself. Any correlation or similarity in two separate data types should be viewed as both accidental and temporal: in other words, they just so happen to be similar at the moment - there is no reason to believe their similarity will continue in the face of random unknowable future changes.

Separating all your top-level data types with their own imperative code and using (DO)RY - copying code as necessary to maintain the separation - is the key to managing code that has to be dynamic in response to frequent unknowable future changes. The resulting code will be larger as a result of copying logic, but more maintainable.

In other words, everything in programming is a trade-off, and the combination of imperative and (DO)RY is the best trade-off that results in more total code, but more maintainable code.

#programming #dry

2 notes · View notes

head-post · 2 months

Text

Largest global IT outage in history did not affect Russia

A global technology outage caused by a software update from US cybersecurity company Crowdstrike caused chaos around the world on Friday, with flights suspended and healthcare, banking and ground transport systems facing major disruptions.

George Kurtz, president and CEO of Crowdstrike, said Friday morning that the company is “actively working with customers affected by a flaw discovered in one content update for Windows hosts” – a glitch that affected Microsoft users around the world. He also added:

“This is not a security incident or cyberattack. The issue has been identified, isolated, and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organisations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilised to ensure the security and stability of CrowdStrike customers.”

The Financial Times explained that Crowdstrike is “one of the world’s largest providers of “endpoint” security software, used by companies to monitor for security problems across a huge range of devices, from desktop PCs to checkout payment terminals.”

Troy Hunt, a security consultant, wrote on social media that “this will be the largest IT outage in history.” He also added:

“This is basically what we were all worried about with Y2K, except it’s actually happened this time.”

The impacts of the outage cascaded rapidly. Wired noted that “in the early hours of Friday, companies in Australia running Microsoft’s Windows operating system started reporting devices showing Blue Screens of Death (BSODs).” It continued:

“Shortly after, reports of disruptions started flooding in from around the world, including from the UK, India, Germany, the Netherlands, and the US: TV station Sky News went offline, and US airlines United, Delta, and American Airlines issued a “global ground stop” on all flights.”

The UK has been hit by a glitch

As The New York Times observed, the National Health Service in the United Kingdom “was crippled throughout the morning on Friday, as a number of hospitals and doctors offices lost access to their computer systems.”

Whitehall crisis officials were coordinating the response through the Cobra committee that deals with matters of national emergency or major disruption. Ministers were in touch with their sectors to tackle the fallout from the IT failure, and the transport secretary, Louise Haigh, said she was working “at pace with industry” after trains and flights were affected, The Guardian reported.

In the US, flights were grounded owing to communications problems that appear to be linked to the outage. American Airlines, Delta and United Airlines were among the carriers affected. Berlin airport temporarily halted all flights on Friday, while in Australia, Melbourne airport advised customers it was “experiencing a global technology issue which is impacting check-in procedures for some airlines.”

Global flight cancellations

There had been more than 1,000 flight cancellations worldwide so far due to the IT failure, according to the aviation analysis firm Cirium.

Long lines formed at airports in Asia as airlines lost access to check-in and booking services at a time when many travelers are heading away on summer vacations. News outlets in Australia — where telecommunications were severely affected — were pushed off air for hours. Hospitals and doctor’s offices had problems with their appointment systems, while banks in South Africa and New Zealand reported outages to their payment system or websites and apps.

At Hong Kong’s airport, Yvonne Lee, 24, said she only found out her flight to Phuket in Thailand was postponed to Saturday when she arrived at the airport, saying the way it was handled would “affect the image of Hong Kong’s airport very much.” Her already short five-day trip would now have to be further shortened, she said.

In India, Hong Kong and Thailand, many airlines were forced to manually check in passengers. An airline in Kenya was also reporting disruption.

Some athletes and spectators descending on Paris ahead of the Olympics were delayed as was the arrival of their uniforms and accreditations, but Games organisers said disruptions were limited and didn’t affect ticketing or the torch relay.

In Germany, Berlin-Brandenburg Airport halted flights for several hours due to difficulties in checking in passengers, while landings at Zurich airport were suspended and flights in Hungary, Italy and Turkey disrupted.

The Dutch carrier KLM said it had been “forced to suspend most” of its operations.

Amsterdam’s Schiphol Airport warned that the outage was having a “major impact on flights” to and from the busy European hub. The chaotic morning coincided with one of the busiest days of the year for Schiphol.

Israel said its hospitals and post office operations were disrupted.

In South Africa, at least one major bank said it was experiencing nationwide service disruptions as customers reported they were unable to make payments using their bank cards in stores. The New Zealand banks ASB and Kiwibank said their services were down as well.

Shipping was disrupted too: A major container hub in the Baltic port of Gdansk, Poland, the Baltic Hub, said it was battling problems resulting from the global system outage.

Russia was unaffected by the outage

Meanwhile, Russia was less affected by this outage, mainly due to sanctions, import substitution strategy and technological sovereignty.

The global IT failure of devices running the Windows 10 operating system did not affect the operation of Russian airports and airlines, with flights running as scheduled. There are no problems with the information systems of Russian Railways.

“Rosatom” reported that the systems of the concern “Rosenergoatom” work on “import-independent software,” so there are no problems in operation. The disruption in Microsoft’s work will not affect the operation of Russia’s energy system in any way, the agency said.

Read more HERE

2 notes · View notes

annajade456 · 11 months

Text

Navigating the DevOps Landscape: Opportunities and Roles

DevOps has become a game-changer in the quick-moving world of technology. This dynamic process, whose name is a combination of "Development" and "Operations," is revolutionising the way software is created, tested, and deployed. DevOps is a cultural shift that encourages cooperation, automation, and integration between development and IT operations teams, not merely a set of practises. The outcome? greater software delivery speed, dependability, and effectiveness.

In this comprehensive guide, we'll delve into the essence of DevOps, explore the key technologies that underpin its success, and uncover the vast array of job opportunities it offers. Whether you're an aspiring IT professional looking to enter the world of DevOps or an experienced practitioner seeking to enhance your skills, this blog will serve as your roadmap to mastering DevOps. So, let's embark on this enlightening journey into the realm of DevOps.

Key Technologies for DevOps:

Version Control Systems: DevOps teams rely heavily on robust version control systems such as Git and SVN. These systems are instrumental in managing and tracking changes in code and configurations, promoting collaboration and ensuring the integrity of the software development process.

Continuous Integration/Continuous Deployment (CI/CD): The heart of DevOps, CI/CD tools like Jenkins, Travis CI, and CircleCI drive the automation of critical processes. They orchestrate the building, testing, and deployment of code changes, enabling rapid, reliable, and consistent software releases.

Configuration Management: Tools like Ansible, Puppet, and Chef are the architects of automation in the DevOps landscape. They facilitate the automated provisioning and management of infrastructure and application configurations, ensuring consistency and efficiency.

Containerization: Docker and Kubernetes, the cornerstones of containerization, are pivotal in the DevOps toolkit. They empower the creation, deployment, and management of containers that encapsulate applications and their dependencies, simplifying deployment and scaling.

Orchestration: Docker Swarm and Amazon ECS take center stage in orchestrating and managing containerized applications at scale. They provide the control and coordination required to maintain the efficiency and reliability of containerized systems.

Monitoring and Logging: The observability of applications and systems is essential in the DevOps workflow. Monitoring and logging tools like the ELK Stack (Elasticsearch, Logstash, Kibana) and Prometheus are the eyes and ears of DevOps professionals, tracking performance, identifying issues, and optimizing system behavior.

Cloud Computing Platforms: AWS, Azure, and Google Cloud are the foundational pillars of cloud infrastructure in DevOps. They offer the infrastructure and services essential for creating and scaling cloud-based applications, facilitating the agility and flexibility required in modern software development.

Scripting and Coding: Proficiency in scripting languages such as Shell, Python, Ruby, and coding skills are invaluable assets for DevOps professionals. They empower the creation of automation scripts and tools, enabling customization and extensibility in the DevOps pipeline.

Collaboration and Communication Tools: Collaboration tools like Slack and Microsoft Teams enhance the communication and coordination among DevOps team members. They foster efficient collaboration and facilitate the exchange of ideas and information.

Infrastructure as Code (IaC): The concept of Infrastructure as Code, represented by tools like Terraform and AWS CloudFormation, is a pivotal practice in DevOps. It allows the definition and management of infrastructure using code, ensuring consistency and reproducibility, and enabling the rapid provisioning of resources.

Job Opportunities in DevOps:

DevOps Engineer: DevOps engineers are the architects of continuous integration and continuous deployment (CI/CD) pipelines. They meticulously design and maintain these pipelines to automate the deployment process, ensuring the rapid, reliable, and consistent release of software. Their responsibilities extend to optimizing the system's reliability, making them the backbone of seamless software delivery.

Release Manager: Release managers play a pivotal role in orchestrating the software release process. They carefully plan and schedule software releases, coordinating activities between development and IT teams. Their keen oversight ensures the smooth transition of software from development to production, enabling timely and successful releases.

Automation Architect: Automation architects are the visionaries behind the design and development of automation frameworks. These frameworks streamline deployment and monitoring processes, leveraging automation to enhance efficiency and reliability. They are the engineers of innovation, transforming manual tasks into automated wonders.

Cloud Engineer: Cloud engineers are the custodians of cloud infrastructure. They adeptly manage cloud resources, optimizing their performance and ensuring scalability. Their expertise lies in harnessing the power of cloud platforms like AWS, Azure, or Google Cloud to provide robust, flexible, and cost-effective solutions.

Site Reliability Engineer (SRE): SREs are the sentinels of system reliability. They focus on maintaining the system's resilience through efficient practices, continuous monitoring, and rapid incident response. Their vigilance ensures that applications and systems remain stable and performant, even in the face of challenges.

Security Engineer: Security engineers are the guardians of the DevOps pipeline. They integrate security measures seamlessly into the software development process, safeguarding it from potential threats and vulnerabilities. Their role is crucial in an era where security is paramount, ensuring that DevOps practices are fortified against breaches.

As DevOps continues to redefine the landscape of software development and deployment, gaining expertise in its core principles and technologies is a strategic career move. ACTE Technologies offers comprehensive DevOps training programs, led by industry experts who provide invaluable insights, real-world examples, and hands-on guidance. ACTE Technologies's DevOps training covers a wide range of essential concepts, practical exercises, and real-world applications. With a strong focus on certification preparation, ACTE Technologies ensures that you're well-prepared to excel in the world of DevOps. With their guidance, you can gain mastery over DevOps practices, enhance your skill set, and propel your career to new heights.

#devops #tech #devops training #devops course

10 notes · View notes

canonsinthehead · 1 year

Text

RGG/Yakuza/Judgement at the Grocery Store

UPPER MANAGEMENT = UP WORKING CLASS = WC CHAIRMAN AND HIS ENTOURAGE = CE CLIENTS= C

Yakuza:

Kiryu (WC): Initially a Stock clerk was eventually Promoted to IT (responsible for price accuracy for the printed price shelf tags, maintaining the computers, point of sale software the cash registers use, and any electronic scales that weigh and print prices).

Akiyama (CE): Investor. Due to his generous “donations” to the company, he is part of the chairman’s entourage (due to his wallet’s size, his opinion matters). Thanks to him (and Tachibana), they were able to raise the salaries of the employees not part of upper management, so all of them love him and get along well when he is there. Akiyama can admit that he grew quite fond of many employees, especially Hana who will become his personal secretary. As expected, many members of upper management can’t stand him, wondering why he is even allowed to be around (they are jealous)

Haruka (WC): Cashier

Nishiki (WC): Online order clerk. Spends a lot of time chatting with Kiryu but likes his position since he is away from the upper management most of the day (he thinks they are scary and wants none of it)

Yumi (WC): Cashier

Daigo (CE): Chairman. A big picture of him is in the store saying he is the boss but you can rarely see him in the building. But for the few times, he visits the place, the upper management wake up out of their coma and pull up an act as if issues where not part of their daily lifes (they basically threaded MAjima to not blow the whistle about who is not doing their jobs. Saejima (WC):. He prefers something more simple and since he listens to Majima’s endless rants about his position everytime. he would better be left alone away from customer service but ended up as a Loss prevention associate (helps a grocery store combat and apprehend shoplifters and unlawful employees. They often monitor security cameras for suspicious activity, and some dress as shoppers to monitor activity covertly. Loss prevention associates often contact local law enforcement to alert them of problems.). Lee, who is a security guard works along him.

Ryuji (C): Rude customer

Yuya (WC): shopping cart attendant. While he was proposed higher level position many times, he declined them

Nishida (UP): Previously a stock clerk who graduated from his position to become Majima’s right man. They separate Majima’s workload between them.

Majima (UP): Customer Service Representative. Held to higher regard because of more experience, knowledge, and skills. Since nobody in this company wants to do their job, he has to do a lot people’s tasks. Is the main person dealing with issues with customers (that’s the person we send when they say “I wanna talk to the manager”). Stressed.

Date: (highest working class) Pharmacist.

Rikiya (WC): Floor Clerk

Hana: (upper working class) HR Secretary. She will likely interview new employees. Nishitani (UP): Supervisor. Regardless his personality, he actually does his job. He knows how to make the daily life spicy (Kashiwagi hates but since he knows how to manage rude clients to fuck off so gracefully and he can shut down arguments easily). Since he does his job so well, you can find do all type of random stuff in the store like taking hold of the AUX cord to blast Japanese 80s hits in the radion (play Namidawo Misenaide -Boys Don't Cry- by WINK) or buying items just to annoy Majima. His favorite activity is to announce employees birthdays on the store’s microphone before slapping a cake in their faces (Kiryu couldn’t escape it, Nishiki ran for his life). Nishitani succeeded to slap a cake in daigo’s face to everyone’s excitement (covertly or invertly expressed). He is just appointed himself to Mine’s burning anger, not now but one day. Always to take home what they are supposed get rid of (past date item and damaged food products) Mine (CE): Chairman Assistant/Secretary.

Kashiwagi (UP): Inventory Control Specialist. Give this man a break. He is at the clock at 6AM everyday. Mr. Black Coffee. He spends most of his time making calls to suppliers (and often arguing with them) and check the inventory (IF PEOPLE WERE ENTERING THE DATA CORRECTLY SMH.)

Shinida (WC): Grocery clerk, who graduated from his position to become (kinda off) Majima assistant to help with everyday tasks. To take charge when Majima is too tired or angry. If not, they kinda work as duo for Majima’s work load.

Tachibana (CE): Financial Advisor. He is basically the one over the upper management of the store. If it was not for him being so good at problem-solving and calm regardless of the situation, Daigo will penalize him for how poorly the upper management are doing their job (that’s not on him lol). Always wanted to give Kiryu a promotion so he could join the upper management team and put things back in order.

Baba (WC): shopping cart attendant. Just wants to put his earphones on be left alone.

Hamura, Kuze & Sagawa (UP): Head supervisior, but nobody is sure what is role is since they can’t answer nobody’s questions about anything. More the corporate type, since they send another head supervisor (lower than them) to do all the work (a.k.a answering clients complaints). they spend all their day laughing, chatting and smoking and discussing everything but work-related things. But if there’s financial losses or their quota are not met, you will sure hear one of them raging anger ready to crack the whip on any subordinates. Shimano (CE): Store Manager. He represents the Chairman when he is not there. So he kinda acts like he owns the place (in a way he does owns the building). He is the one watching over a lot of things in the store and especially keeping an eye over the employees. He picks Majima apart and sends Sagawa to scold him about what he is supposedly doing wrong. He is behind most (if not all) employees discharges. Keeps the business afloat. Mirei (UP): HR Yakuza 7/Like A Dragon

Ichiban (WC): Started as a custodian but (after Jo’s training) was upgraded to stock clerk for general merchandise and non-perishable food items. They are always calling him to go check prices and exchange articles since he is so fast and his store clerk colleagues are nowhere to be found.

Adachi (upper working class): Butcher Nanba: (upper working class) Works in the pharmacy.

Han Joongi (WC): Food Preparation: Bread.

Zhao (WC): Food Preparation: Pastry/bakery. Decorates the cakes and makes pastries sold in the grocery store. Saeko (WC): Beauty & Health Department Staff. Masato Arakawa/Ryo Aoki & Kume (C): KAREN Jo Sawashiro (UP): Hourly Supervisor & Training. Technically has the same job as Nishitani but he doesn’t even want to associate with this brown hair clown. But recently he has been upgraded to pay management and was more than willing to cut Ichiban’s pay off when he accidently spilled his coffee on him. (Chill, Jo! Is it even legal?!? Apparently, it is…) Taka The Striker (WC): Auto Care Center Main Manager Yumeno (C): Karen Reina (WC): Cashier Hamako (WC): Senior Cashier

Judgement/Lost Judgement/Judge Eyes

Yagami and Sugiura (C): they came only to buy a bag of chips and move on with their life but they are stuck waiting to checkout and it takes forever. For some reason, everyone that day filled their cart to feed the entire population of china.

Minami, Akutsu, Kaito (WC): Stock Clerk who is always late (or don’t even come) when someone call his department. Spends most his time chatting and smoking. Get to work when the boss or supervisor is near.

Tsukumo (WC): Data Entry Clerk

Higashi (WC): Electronic Department Staff

Mafuyu (WC): Beauty & Health Department Staff

Saori-San (WC): Cashier that covertly hate her job

Awabe (WC): Overnight Stock Clerk

Kengo (WC): shopping cart attendant

Sawa-Sensei (WC): Cashier

Kazuki Soma (CE): Investor. While nobody really knows where he stands or where his interested for the company comes. Rumors says he is an old supervisor but nobody ready really knows. Gets along well with Shimano and was able to conclude all types of deals with him like in exchange of generous “donations’” they could redirect some of the employees to work in his company. Some believe, him and Shimano use the grocery store for money laundering.

16 notes · View notes

mariacallous · 5 months

Text

The Biden administration is asking the world’s largest technology companies to publicly commit to tightening the digital security of their software and cloud services.

The voluntary pledge, first reported by WIRED, represents the latest effort by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to build support for its Secure by Design initiative, which encourages tech vendors to prioritize cybersecurity while developing and configuring their products.

By signing the pledge, companies promise to make a “good-faith effort” to implement seven critical cybersecurity improvements, ranging from soliciting reports of vulnerabilities in their products to expanding the use of multi-factor authentication, a technology that adds an extra login step to the traditional password.

The pledge—which CISA plans to announce at the RSA cybersecurity conference in San Francisco next week—poses a major test for CISA, which last week marked the one-year anniversary of its Secure by Design campaign. The initiative is a top priority of CISA’s leadership, but it has produced mixed results, with some companies continuing to flout its urgent advice. The tech industry’s reaction to the pledge—and especially the number of software giants that sign it—will serve as a litmus test for how the private sector views CISA’s continuing push for increased corporate investment in cybersecurity.

“We're really excited about the companies that are on board,” Eric Goldstein, CISA’s executive assistant director for cybersecurity, tells WIRED. He declined to say how many vendors have already signed the pledge, but he says they include some “really significant” players in the tech industry.

WIRED asked more than three dozen of the biggest software companies whether they had signed or planned to sign the pledge. Only a handful responded. Login technology provider Okta said it had signed, while security vendor BlackBerry said it was considering doing so. Notably, software giants Amazon, Google, and Microsoft did not say whether they were signing.

“CISA says they have 50 companies that are signing and giving quotations to put on the website,” says a tech industry official familiar with the matter, who requested anonymity to speak candidly. “I don’t know any company that has signed.”

The seven goals laid out in the pledge represent security practices that experts say would dramatically improve companies’ cyberdefenses and make it easier for customers to safely use their products.

The goals include significantly increasing users’ use of multi-factor authentication, including by automatically enabling it or prodding users to activate it; eliminating default passwords, including by requiring users to choose strong passwords at product setup; and making it easier for customers to understand hacks of products they use, including by letting them review logs of suspicious network activity for free.

Companies signing the pledge would also commit to hardening their products against entire classes of vulnerabilities, such as by using memory-safe programming languages that completely block memory-based attacks; fostering better software patching, including by making patching easier and automating it when possible; creating vulnerability disclosure programs that encourage users to find and report product flaws; and publishing timely alerts about major new vulnerabilities, as well as including detailed information in all new vulnerability alerts.

The pledge offers examples of how companies can meet the goals, although it notes that companies “have the discretion to decide how best” to do so. The document also emphasizes the importance of companies publicly demonstrating “measurable progress” on their goals, as well as documenting their techniques “so that others can learn.”

CISA developed the pledge in consultation with tech companies, seeking to understand what would be feasible for them while also meeting the agency’s goals, according to Goldstein. That meant making sure the commitments were feasible for companies of all sizes, not just Silicon Valley giants.

The agency originally tried using its Joint Cyber Defense Collaborative to prod companies into signing the pledge, according to the tech industry official, but that backfired when companies questioned the use of an operational cyberdefense collaboration group for “a policy and legal issue,” the industry official says.

“Industry expressed frustration about trying to use the JCDC to obtain pledges,” the official says, and CISA “wisely pulled back on that effort.”

CISA then held discussions with companies through the Information Technology Sector Coordinating Council and tweaked the pledge based on their feedback. Originally, the pledge contained more than seven goals, and CISA wanted signatories to commit to “firm metrics” for showing progress, according to the industry official. In the end, this person says, CISA removed several goals and “broadened the language” about measuring progress.

John Miller, senior vice president of policy, trust, data, and technology at the Information Technology Industry Council, a major industry trade group, says that change was smart, because concrete progress metrics—like the number of users using multi-factor authentication—could be “easily misconstrued.”

Goldstein says the number of pledge signatories is “exceeding my expectations about where we’d be” at this point. The industry official says they’re not aware of any company that has definitively refused to sign the pledge, in part because vendors want to “keep open the option of signing on” after CISA’s launch event at RSA. “Everyone’s in a kind of wait-and-see mode.”

Legal liability is a top concern for potential signatory companies. “If there ends up being, inevitably, some type of security incident,” Miller says, “anything [a] company has said publicly could be used in lawsuits.”

That said, Miller predicts that some global companies facing strict new European security requirements will sign the US pledge to “get that credit” for something they already have to do.

CISA’s Secure by Design campaign is the centerpiece of the Biden administration’s ambitious plan to shift the burden of cybersecurity from users to vendors, a core theme of the administration’s National Cybersecurity Strategy. The push for corporate cyber responsibility follows years of disruptive supply-chain attacks on critical software makers like Microsoft, SolarWinds, Kaseya, and Change Healthcare, as well as a mounting list of widespread software vulnerabilities that have powered ransomware attacks on schools, hospitals, and other essential services. White House officials say the pattern of costly and often preventable breaches demonstrates the need for increased corporate accountability.

The Biden administration is using the federal government’s contracting power to set new minimum security standards for the software that agencies buy, with the goal of modeling responsible behavior for the entire industry. White House officials are also studying proposals to make all vendors, not just federal contractors, liable for security failures, but that effort faces an uphill battle in Congress.

With no authority to require better cybersecurity for the entire software industry, the White House has tasked CISA with prodding companies to commit to voluntary improvements. That effort began last April with the publication of specific recommendations for incorporating cybersecurity into the product design, development, and configuration process. CISA consulted with the tech industry and the security research community on refinements to that document and released an updated version last October. At around the same time, CISA announced that it had obtained Secure by Design commitments from six major K-12 educational technology vendors. That move, while limited to one industry, signaled CISA’s clear desire to convert its guidance into public corporate pledges.

“It has long been our goal … to move from just the white papers and the guidance to get companies to say, ‘Yes, we agree, and here’s what we're doing,’” Goldstein says. “The pledge really is that concrete manifestation of the guidance that we’ve been developing for a year.”

But the efficacy of the voluntary pledge remains to be seen. “Pledging companies will self-assess and self-report,” says Katie Moussouris, CEO and founder of Luta Security, “so only time will tell if they’ve effectively applied the measures and if the pledge proved to be an effective accountability mechanism.”

Miller says he expects the pledge to keep companies accountable because of the potential legal consequences of neglecting promised improvements. In the meantime, government officials are counting on customers to pressure vendors to both sign and abide by the pledge.

“Right now, we see the demand for safe and secure products to really be significant,” Goldstein says. “We think that … customer demand will drive that progress for us.”

6 notes · View notes

sarahharmonbranding · 5 months

Text

Product diffusion from the past -- Is it a bad sign that I've barely heard of these?

I really enjoyed this week's case, which covered the early product diffusion process of four offerings: a pre-packaged slice of peanut butter, a silver-lined bandage, Sirius/XM radios, and an "odor printer". I was struck by the absurdity of most of these offerings, despite the very real coverage they earned at the time, and the fact that with the exception of one, I'd never even heard of them. The case asked for our ranked analysis of which products will diffuse most quickly/broadly. Here are my thoughts:

Sirus/XM radio. While known to me as a single entity, Sirius and XM were once competitors in the emerging pay-for-radio space. The business case is clear: commuters and drivers who spend significant time in their car each day were unsatisfied with the unreliable, ad-riddled, and un-customizable radio experience. Sirius/XM had insight into their customer base, size, and could estimate who was willing to pay for more targeted, high quality content. Pair this with a deal to offer the service with car purchases from GM, Ford, and Chrysler, and you've removed significant barriers for customers to adopt the product. No wonder this is the only offering I've heard of.

Westaim Biomedical silver bandages. As someone who grew up in the small town of Exeter, NH I was excited to see a company from Exeter represented in the case. The bad news: I, nor my friends or family, have ever heard of it. However, that does not mean it was all bad for Westaim. While anecdotally it seems the silver bandages did not reach OTC consumer appeal, the company had insight into its addressable market and proven efficacy in medical applications like chronic wounds. My guess is that the patent was acquired or is maybe used in more specialized hospital settings today, which is still a relative win for diffusion.

Pre-packaged slice of peanut butter. This offering feels like nothing more than a spoof food item, and I doubt it had mass diffusion in the consumer market. On the plus side, the company did appear to try and solve a problem faced by its consumers (peanut butter pulled on soft bread when making a PB&J) and thus had a better chance of diffusion than one less researched. While I believe society is always looking for a shortcut, this might be one step too far and too unnecessary. Maybe the better product is the R&D put into non-stick packaging--now THAT could be useful in several applications.

"Odor spray/printer". This idea was both ridiculous and broad. Who were they appealing to? The article mentioned "foodies", or people with a heightened appreciation for the value of good smell, but overall the product strategy felt directionless and unattainable. Seeing as I've never heard of such a thing, I imagine this idea died before there was even a product to test.

Doing these types of thought exercises has been valuable as my Branding group thinks about our project addressing Peloton. Peloton has most likely reached its peak diffusion when it comes to its hardware bike. Peloton now has to re-brand to diffuse a new product offering, its fitness software, and gauge a whole new group of customers for potential adoption. This won't be easy, as YouTube, Instagram, TikTok, and even gyms have begun offering similar content.

#mitsloanbranding2024a

2 notes · View notes

erastaffingsolutions · 5 months

Text

Vendor Versus Contractor: Understanding the Nuance for Your Small Business

While seemingly interchangeable, these roles carry distinct legal and functional implications that can significantly impact your business strategy and compliance. In this comprehensive guide tailored to small business owners, we dissect the difference between the two, providing clarity for key decisions and leading to more successful collaborations.

Who Are Vendors?

Sales cornerstones, providers of goods and services, vendors represent a fundamental aspect of the small business ecosystem. An integral part of the supply chain, vendors often ply their trade to supply the very products you sell or use to operate your business. Here are the primary characteristics that delineate a vendor:

Goods and Services: A vendor typically specializes in providing goods (inventory, raw materials) or services (e.g., marketing, software) that cater to the needs of a business or its customers.

Regular Supply Relationship: Businesses often have ongoing relationships with their vendors. The frequency and volume of orders can vary but remain steady enough to build a degree of regularity.

Product Agnostic: Vendors are usually not directly or personally involved in the end use of the goods or services they provide, contrasting with the hands-on nature of a contractor's involvement.

Who Are Contractors?

Independent, specialized, and temporarily engaged, contractors bring crucial expertise to projects without permanently joining the company's structure like an employee would. This distinction can generate unique flexibility and cost efficiencies. Characteristics that define a contractor:

Skill-Specific Services: Contractors are often hired to provide a particular set of skills or to complete a specific project, reflecting the temporary nature of their engagement.

Independence: Unlike vendors, contractors usually have more control over the way they deliver their services. They might be self-employed or work for an external agency but operate under their terms during the engagement.

Project-Centric: A contractor's involvement is often bounded by the scope of a project or a set period, after which the business and the contractor part ways, or the contract is renewed.

3 Key Differences Between Vendor and Contractor

1. Nature of Engagement

Vendors, through their ongoing provision of goods or services, establish a relationship deeply embedded within a business’s regular operations. They are part and parcel of the business's supply chain and, in essence, the extended team. On the other hand, contractors’ relationships are more sporadic, being engaged for a specific project or task over a defined period. Their autonomy in execution echoes the temporary and independent nature of their role.

2. Control and Direction

This is where legal implications, particularly concerning labor laws, are distinctly highlighted. In the case of vendors, businesses typically have less direct control or input into the vendor’s operations, especially in service provision. Contractors, on the other hand, operate under the terms set forth in a contracted agreement but maintain control over their working methods and schedules, a hallmark of their independent status.

3. Taxation and Legal Considerations

The differentiation between vendor and contractor can significantly affect how taxes are handled and what legal obligations your business carries. Vendors are typically subject to sales tax laws, while contractors often fall under income tax and self-employment tax regulations. Additionally, engaging contractors usually entails less legal liability for a business compared to that which might accompany the vendor relationship, which involves greater control by the business over the product or service.

Conclusion

The significance of discerning between vendors vs independent contractors cannot be overstated for small business owners. Misclassification can result in financial, legal, and operational setbacks that are best avoided through a clear understanding of these roles. Consider consulting with legal counsel or a small business advisor to ensure that your business interactions are compliant and conducive to your growth. With this understanding, you can harness the unique advantages each role offers and cultivate a thriving ecosystem of partnerships that propels your business forward.

@erastaffingsolutions

#erastaffingsolutions #era #hrsolution #workfocesolution #eorservice #vendorsvscontractors #differencebetweenvendorandcontractor #independentcontractorvsvendor #vendorvsindependentcontractor #whatisthedifferencebetweenavendorandacontractor

2 notes · View notes

techaiml · 6 months

Text

Embracing the Revolution: Generative AI and Custom Software Development

Generative AI represents a paradigm shift in custom software development, offering unprecedented opportunities for innovation, efficiency, and creativity. By harnessing the power of AI algorithms, developers can accelerate the coding process, explore new design possibilities, and deliver highly customized solutions tailored to individual needs. As we embark on this journey of technological advancement, it's essential to embrace the transformative potential of generative AI while upholding ethical principles and ensuring inclusive and responsible development practices.

#Software Development #Custom Software Development #artificial intelligence #software engineering #AI #generative AI #ai algorithms #Revolution #technology #machine learning #programming

2 notes · View notes