Jan 06, 2025Ravie LakshmananBlockchain / MalwareCybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems."By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, and configuration details," the Socket research team said in an analysis.Hardhat is a development environment for Ethereum software, incorporating various components for editing, compiling, debugging and deploying smart contracts and decentralized apps (dApps).The list of identified counterfeit packages is as follows -nomicsfoundations@nomisfoundation/hardhat-configureinstalledpackagepublish@nomisfoundation/hardhat-config@monicfoundation/hardhat-config@nomicsfoundation/sdk-test@nomicsfoundation/hardhat-config@nomicsfoundation/web3-sdk@nomicsfoundation/sdk-test1@nomicfoundations/hardhat-configcrypto-nodes-validatorsolana-validatornode-validatorshardhat-deploy-othershardhat-gas-optimizersolidity-comments-extractorsOf these packages, @nomicsfoundation/sdk-test has attracted 1,092 downloads. It was published over a year ago in October 2023. Once installed, they are designed to harvest mnemonic phrases and private keys from the Hardhat environment, following which they are exfiltrated to an attacker-controlled server."The attack begins when compromised packages are installed. These packages exploit the Hardhat runtime environment using functions such as hreInit() and hreConfig() to collect sensitive details like private keys, mnemonics, and configuration files," the company said."The collected data is transmitted to attacker-controlled endpoints, leveraging hardcoded keys and Ethereum addresses for streamlined exfiltration."The disclosure comes days after the discovery of another malicious npm package named ethereumvulncontracthandler that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but instead harbored functionality to drop the Quasar RAT malware.In recent months, malicious npm packages have also been observed using Ethereum smart contracts for command-and-control (C2) server address distribution, co-opting infected machines into a blockchain-powered botnet called MisakaNetwork. The campaign has been tracked back to a Russian-speaking threat actor named "_lain.""The threat actor points out an inherent npm ecosystem complexity, where packages often rely on numerous dependencies, creating a complex 'nesting doll' structure," Socket said."This dependency chain makes comprehensive security reviews challenging and opens opportunities for attackers to introduce malicious code. _lain admits to exploiting this complexity and dependency sprawl in npm ecosystems, knowing that it is impractical for developers to scrutinize every single package and dependency."That's not all. A set of phony libraries uncovered across the npm, PyPI, and RubyGems ecosystems have been found leveraging out-of-band application security testing (OAST) tools such as oastify.com and oast.fun to exfiltrate sensitive data to attacker-controlled servers.The names of the packages are as follows -adobe-dcapi-web (npm), which avoids compromising Windows, Linux, and macOS endpoints located in Russia and comes with capabilities to collect system informationmonoliht (PyPI), which collects system metadatachauuuyhhn, nosvemosssadfsd, holaaaaaafasdf (RubyGems), which contain embedded scripts designed to transfer sensitive information via DNS queries to an oastify.com endpoint"The same tools and techniques created for ethical security assessments are being misused by threat actors," Socket researcher Kirill Boychenko said. "Originally intended to uncover vulnerabilities in web applications, OAST methods are increasingly exploited to steal data, establish command and control (C2) channels, and execute multi-stage attacks."To mitigate the supply chain risks posed by such packages, it's recommended that software developers verify package authenticity, exercise caution when typing package names, and inspect the source code before installation.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

John Edwards, Technology Journalist & AuthorJanuary 6, 20256 Min ReadSergei Kovalkov via Alamy StockAlthough most of the software development lifecycle is now automated, infrastructure continues to be a largely manual process requiring specialized teams. Yet with infrastructure demands rapidly growing, more organizations now look toward automation for help.GitOps uses Git project repositories as the single source of truth for managing application configuration and deployment information, says Elliot Peele, senior manager of software development at analytics software provider SAS. "By using declarative specifications stored in a Git repository, it ensures that the desired state of the system is always maintained and continuously reconciled," he explains in an email interview.Mike Rose, data and analytics director at technology research and advisory firm ISG, notes that a GitOps framework ensures that the entire system -- including infrastructure, applications, and configurations -- is described in a consistent manner within Git, allowing for consistent, repeatable, and auditable changes across environments. "It enhances transparency and traceability and significantly reduces the risk of configuration drift between the desired state and the actual state of the infrastructure." he states via email.Peele adds that the approach not only enables continuous integration and deployment, but also provides version management and rollback capabilities, which are crucial for maintaining consistency and reliability in infrastructure management.Related:GitOps in ActionGitOps implementations have a significant impact on infrastructure automation by providing a standardized, repeatable process for managing infrastructure as code, Rose says. The approach allows faster, more reliable deployments and simplifies the maintenance of infrastructure consistency across diverse environments, from development to production. "By treating infrastructure configurations as versioned artifacts in Git, GitOps brings the same level of control and automation to infrastructure that developers have enjoyed with application code."Rose states that GitOps reduces manual errors, allows increased deployment frequency, and generally improves overall system reliability. "Probably one of the most valuable but intangible benefits of GitOps is its ability to foster closer collaboration between development and operations teams as both groups work from the same set of Git repositories to manage application code and infrastructure configurations," he says. "This alignment will accelerate the feedback loop between development and operations."Related:GitOps will have a significant impact on infrastructure automation, Peele predicts. "By providing consistency, version control, continuous deployment, reduced configuration drift, and enhanced security and compliance, GitOps is a game changer in software development and deployment practices," he says. "It enables peer review for configuration changes and allows developers without prior operations experience to control their application's deployment."Multiple BenefitsGitOps' primary benefit is its ability to enable peer review for configuration changes, Peele says. "It fosters collaboration and improves the quality of application deployment." He adds that it also empowers developers -- even those without prior operations experience -- to control application deployment, making the process more efficient and streamlined.Another benefit is GitOps' ability to allow teams to push minimum viable changes more easily, thanks to faster and more frequent deployments, says Siri Varma Vegiraju, a Microsoft software engineer. "Using this strategy allows teams to deploy multiple times a day and quickly revert changes if issues arise," he explains via email. "This high deployment velocity accelerates releases, allowing teams to deliver business impact quicker."Related:Since infrastructure state is defined in code and stored in Git, static analysis can be performed to detect security misconfigurations, Vegiraju says. "This approach helps enhance the overall security posture by identifying and addressing potential vulnerabilities early."Rose reports that ISG research shows that an environment using GitOps -- along with complementary AI Ops improvements -- can see a productivity efficiency of at least 30% over a two-year time horizon.Top AdoptersGitOps is most likely to be adopted by enterprises that focus on automation and consistency, Peele says. "The peer review nature of GitOps lends itself to companies that are focused on compliance, requiring multiple reviews of any application configuration or deployment changes."Enterprises with cloud-native environments, and those heavily invested in DevOps practices, are also likely to adopt GitOps, Rose says. "This includes any organization prioritizing rapid, reliable software delivery and infrastructure management," he notes. Such enterprises often have a high rate of change in their infrastructure and applications, making the version control and automation aspects of GitOps particularly valuable.Enterprises undergoing digital transformation or moving toward microservices architectures are also prime candidates for GitOps adoption, Rose says. He notes that Gits "single source of truth" aligns well with container orchestration platforms, such as Kubernetes, making it especially attractive for organizations using such technologies.Possible PitfallsWhile GitOps offers numerous benefits, many new adopters face obstacles. "The significant challenge is the steep learning curve for teams unfamiliar with Git or DevOps concepts," Rose says. "This can lead to initial productivity slowdowns and may require a substantial investment in training and upskilling."GitOps requires a deep understanding of the organization's current IT infrastructure and applications, as well as advanced knowledge of Git, Peele warns. "This can be daunting for teams that are new to these concepts."Small organizations with simpler infrastructures may find GitOps adds unnecessary overhead, since the complexity of managing a GitOps pipeline may outweigh the benefits, Vegiraju says.Looking ForwardAn important emerging trend is the increasing intersection of GitOps and AIOps. "This convergence is leveraging AI and machine learning to enhance automation, predict issues, and optimize infrastructure management within the GitOps framework," Rose says. He notes that AI algorithms can analyze Git commit patterns to predict potential conflicts or issues before they occur or to optimize deployment strategies based on historical performance data.About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Carrie Pallardy, Contributing ReporterJanuary 6, 20257 Min ReadNicoElNino via Alamy Stock PhotoCybersecurity leaders always have a lot on their minds. What are the latest threats to their enterprises? What emerging technologies can bolster their defenses? How can they secure the necessary talent and the budget? Whats on the regulatory horizon?As 2025 begins, InformationWeek spoke to four leaders in the cybersecurity space about some of the biggest issues on their minds.AI-Fueled Threats and DefenseAI was on everyones lips in 2024, and there is every reason to expect that this technology boom will continue to be top of mind in 2025.AI makes threat actors more prolific and sophisticated. They can use it to automate large-scale attacks. They can make phishing lures more convincing. Deepfake audio and video continue to improve, making them harder to spot. In 2024, scammers effectively manipulated a finance worker into paying them $25 million, thanks to a deepfake video conference.The same powerful capabilities of AI are, of course, being applied on the defensive side. AI-driven automation, for example, speeds threat detection and frees up analysts time for more complex work.But AI has myriad use cases. In addition to cybersecurity threats and defensive tools, this technology is being applied up and down the technology stack. Cybersecurity leaders must think about the security implications of AI throughout their enterprises.Related:We are seeing a lot of projects moving [forward] and it sort of feels like security is being asked to follow behind the business and reduce the risk after the fact, says Patrick Sullivan, CTO, security strategy at Akamai Technologies, a cloud computing and security company.Insider ThreatsIn 2024, KnowBe4 hired a North Korean hacker to fill an open IT position. The cybersecurity company recognized the insider threat early on, before the person was even onboarded. But this is not an isolated kind of threat.Aggressor nation states will continue to use this kind of approach to infiltrate US companies and critical infrastructure providers, whether to steal intellectual property and data or to cause disruption to essential services.We're really seeing a need now for advanced controls in that talent acquisition process and in our ongoing insider threat monitoring programs to be able to mitigate against these new kinds of attacks that are out there, Sharon Chand, principal of cyber risk services at consulting firm Deloitte, asserts.Escalating Geopolitical TensionsThe escalating geopolitical tensions across the world play out, in part, in the cybersecurity space. Nation state-backed threat actors and hacktivists targetorganizations in the US and across the world in the service of political goals.Related:The UK rangalarm bells regarding Russias ability to conduct cyber-warfare on British businesses, BBC reports. US Cyber Command warns of Chinas ability to disrupt US critical infrastructure in the event that conflict erupts between the two countries, according to Reuters.Disruptive CyberattacksThis year is set to be a record for ransomware payments, and blockchain data platform Chainalysis points out that big game hunting is a big driver.Sam Rubin, senior vice president of Unit 42 consulting and threat intelligence at cybersecurity company Palo Alto Networks, tells InformationWeek that attacks that cause crippling business disruption are on the rise.These disruptive attacks especially for large organizations that have a big role in the economy or in their market are becoming the target and a way for the threat actors to get very large multimillion-dollar pay days, he explains.Zero Day VulnerabilitiesIn November, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and a number of their partners released a list of the top routinely exploited vulnerabilities in 2023. Of the 15 top common vulnerabilities and exposures (CVEs), 11 were zero days.Related:Some of that is nation state actors. Some of that is ransomware operators. So, all adversary classes seem to be pivoting more toward zero days, says Sullivan.Third-Party RisksIn the summer of this past year, business at thousands of car dealerships was upended following two cyberattacks on a single software provider: CDK Global. The health care industry experienced a major disruption when Change Healthcare, a payment and claims provider, was hit with ransomware. The potential of another cyberattack with a massive ripple effect looms large in 2025.There's just so much so much dependency on third parties among lots and lots of companies and different industries. And, I think there will be a large-scale attack on a company that impacts not only that company but those [that] depend on it, says Ann Irvine, chief data and analytics officer at Resilience, a cybersecurity risk management company.As enterprises incorporate more third parties into their supply chains, more web apps and APIs are exposed, Sullivan points out. [Businesses need] to understand where those vulnerabilities emerge, prioritize them, and then have an efficient patching process to remediate, he urges.The Need for Integrated Security PlatformsThe market for security platforms and tools is massive. If you can think of a security challenge, there are probably a host of vendors clamoring to serve up a solution. But there is a movement to consolidate those solutions.We're seeing continued creativity of the bad actors coming into multiple different types of attack vectors, and historically, some of our defenses have been quite siloed in their ability to prevent [and] mitigate those kinds of attacks, says Chand. We're seeing the need for enterprise clients to really think about integrated security platforms.Networking company Extreme Networks surveyed 200 CIOs and IT decision markers, and 88% reported a desire for a single integrated platform that includes AI, networking, and security.Upskilling the Cyber WorkforceThe cybersecurity challenge shortage is an ongoing concern. Consulting firm Gartner predicts that more than half of cyber incidents will stem from a lack of talent and human failure by 2025.In addition to filling roles, enterprises are also tasked with the prospect of upskilling their current cybersecurity talent. As threats evolve, in no small part due to AI, cybersecurity workers need to be able to keep up.And AI isnt the only area where cybersecurity teams will need to sharpen their skills. I do expect to see more and more attacks in that OT environment. So, we're going to need more and more humans that are focused on understanding and mitigating those attacks in the enterprise, says Chand.A Maturing Cyber Insurance IndustryInsurance is a big consideration for enterprise leaders wrangling with the management of cybersecurity risk. S&P Global anticipates that cyber insurance rates will continue to increase and the terms and conditions for policies will tighten. The market research company predicts premiums will increase 15% to 20%, hitting $23 billion by the end of 2026.Irvine points out that the cyber insurance space is still growing. As it matures, it has the opportunity to influence cybersecurity practices. The insurance industry is just going to continue to mature and demand good practices, which are good for their bottom line but also ultimately good for their customers, she says.The Spotlight on Security LeadersCISOs are increasingly being looked to as strategic enterprise leaders. The transition of the role is out of the IT tower into the boardroom to speak the language of risk, to speak the language of business and to help be a driver for that enterprise, says Rubin.In Deloittes The Global Future of Cyber Survey, about one-third of respondents reported that CISO involvement in strategic conversations increased over the past year.Boards and C-suites may be becoming more aware of the importance of cybersecurity, but there are personal liability concerns among CISOs. The 2024 Voice of the CISO report from cybersecurity company Proofpoint found that 66% of global CISOs are worried about their personal, financial, and legal liability.In recent years, there have been examples that fuel those concerns. Joseph Sullivan, the former chief security officer of Uber, received probation and a fine for his role in a 2016 data breach. The Security and Exchange Commission (SEC)filed a lawsuit against SolarWinds and its CISO Timothy Brown over 2019 cyberattacks that impacted the US government. A judge dismissed most of the charges, but it does not completely erase the possibility of personal liability for CISOs.A New AdministrationAs enterprise leaders consider the outlook for 2025, the incoming Trump administration is definitely a factor. A change in federal leadership means potential changes to regulation. Trump is also likely to make changes to CISA, and he has been vocal about his intentions to repeal the Biden administrations AI executive order.I am paying attention to is this change in US federal government says Irvine. It really does matter, and things could change quite dramatically.About the AuthorCarrie PallardyContributing ReporterCarrie Pallardy is a freelance writer and editor living in Chicago. She writes and edits in a variety of industries including cybersecurity, healthcare, and personal finance.See more from Carrie PallardyNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Andy Tay, Global Lead, Accenture Cloud First January 6, 20255 Min Readadempercem via Alamy StockWe seem to have entered a brave new world. A world being redefined by technological innovations at the speed of light, changing our reality and exerting a centrifugal force on companies. Generative AI is the new engine powering these innovations -- much like electricity once sparked the industrial age. Its reinventing processes, businesses, and entire industries at an unprecedented pace. Recent research from Accenture found that nearly all organizations (98%) now see technology as their top tool for reinvention, with 82% identifying generative AI as the driving force behind this shift.But to succeed, generative AI needs a robust digital core, built on a continuum of cloud capabilities across the enterprise, that integrates a secure digital foundation and digital platforms and creates seamless data and AI connections. All of this comes together through innovative engineering principles, and powers reinvention like an engine propels a car.The benefits are immediate and significant. Our research found that organizations with an advanced digital core, investments in strategic innovation, and a balanced approach to their technical debt achieved 60% higher revenue growth rate and 40% higher profits.Technical debt -- the accumulated cost of outdated technology -- is an important element to track and manage. As companies rush to adopt AI-driven innovations, technical debt grows alongside. But when used appropriately, generative AI can be a vehicle for remediating tech debt as well as minimizing tech debt creation. Related:The Cost of Technical DebtImagine a software engineer racing against an impossible deadline. To get the code into production by months end, the engineer skips error handling and documentation, cutting every corner to deliver something functional. This might seem like a quick win, but with each shortcut taken, the future cost mounts: Code becomes harder to maintain as errors pile up, and flexibility erodes. As new updates or fixes are needed, that initial debt goes into overdrive, slowing down progress and dragging innovation to a crawl.The cost of maintaining rushed decisions and outmoded systems is enormous. In the US alone, the price of technical debt has climbed to a staggering $2.41 trillion annually. This goes beyond a financial drain; it clogs IT systems, limits agility, and hinders innovation. Generative AI, while transformative, adds complexity to tech debt as companies integrate it with legacy systems that may lack the compatibility and security necessary to manage both human and AI interactions.Related:But technical debt doesnt have to be inherently negative. Even when it is an inadvertent means to an end, it can be balanced. We found that investing about 15% of the IT budget in debt remediation is the most effective way to sustain a modern digital core, while continuing to focus on innovation.3 Ways To Drive Down Tech DebtLooking beyond, the pace and proliferation of tech innovations, and therefore technical debt, calls for new and strategic approaches to strike a balance and enable reinvention.Heres how leaders can act today:1. Focus on the principalEffective management of technical debt begins with focusing on the principal -- the outdated technology that directly impacts current operations. Tracking and tackling principal debt first helps prevent interest costs, which accrue as organizations use workarounds and quick fixes to maintain outdated systems.For instance, Correios de Portugal (CTT), Portugals national postal service, addressed its technical debt by migrating to a hybrid, cloud-first infrastructure. CTT worked with Avanade, a joint venture between Accenture and Microsoft, to enhance and modernize its digital core. Just migrating to the cloud reduced costs by 15% and provided the flexibility to scale capacity up or down as needed. By focusing on the principal debt through a targeted cloud strategy, CTT was able to reduce technical debt while simultaneously enhancing operational agility.Related:As an essential part of a digital core, a cloud-first strategy will consolidate and optimize workloads, add flexibility and innovation capabilities, and cut costs in the process. Cloud-native practices such as pervasive automation, microservices, and continuous delivery can build systems that remove silos and remain consistent across a hybrid, multi-cloud estate.2. Create an inventory and trace debt to sourceBuilding a clear inventory of tech debt allows organizations to trace its origins and impact across code, architecture, data, and processes. This comprehensive inventory makes it easier to prioritize updates based on potential business value and technical risk. For instance, a major benefit of migrating to cloud as it relates to technical debt is that you can transfer some responsibility for handling technical debt -- such as patching -- to the cloud provider who can do it more consistently and more efficiently.Mondelz International demonstrates the value of this approach. Mondelz faced a complex IT environment with over 1,000 applications, creating inefficiencies and driving up operational expenses. Accenture worked with Mondelz to conduct a full assessment of each application, identifying those that were outdated or redundant, and charting a roadmap for remediation. This initiative has significantly lowered Mondelzs total cost of ownership, allowing the company to refocus resources on innovation.3. Use the right metricsYou cant manage what you cant measure, especially key if there are compliance requirements from sovereign clouds or intelligence from edge networks. Effective technical debt management relies on measurable insights, with metrics like technical debt density -- such as cost per line of code --providing a clear view of code health. Tech debt is not always a bad thing. If your tech debt remediation budget is increasing and your innovation and the business value you are delivering is outpacing that debt, thats a positive sign of the success of your strategic efforts.Being Reinvention ReadyAs generative AIs adoption continues to scale, companies need to actively manage their technical debt to prevent it from ballooning, especially relevant in modernization across public, private, hybrid, and multi-cloud options. Organizations that build their digital core, boost innovation, and focus on these three actions to balance tech debt can achieve remarkable results in streamlined operations, new opportunities, and revenue growth.The writing is on the wall: In todays fast-paced environment, a future-ready mindset is crucial. Its essential to scale GenAI securely, responsibly, cost-effectively, and in a manner that delivers real business value. Its time for C-suite leaders to think bigger, modernize across the enterprise, and employ a controlled, intentional reinvention strategy that leverages new technology capabilities to achieve not just faster outcomes, but better ones.About the AuthorAndy TayGlobal Lead, Accenture Cloud First Andy Tay leads Accenture Cloud First, comprising of a global team of 130,000+ skilled cloud experts focused on helping enterprises harness the full power of cloud to accelerate business value.See more from Andy TayNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

About the Role:This is a full-time technical customer support position. We primarily communicate with our customers through email and to a lesser extent by video call.A normal support ticket here is equivalent to an escalations ticket at another company, so if you love a challenge and you're inherently curious to know more, this is the job for you.About You:You love to research and your analytical and written skills are top-notch.Obstacles are not roadblocks to you; they are challenges to be figured out. Youre a problem solver who likes to find solutions rather than waiting to be told what to do.Youre not afraid to ask questions, are comfortable admitting your limitations, and see your gaps in knowledge as opportunities to grow and not flaws.Youre comfortable finding your way around a new software program.Youre someone who can be self-directed and thrive in a remote environment.You appreciate the balance between fun and professionalism.Youre collaborative and thrive on sharing your thoughts, ideas, and problem-solving strategies with a diverse team.Youre receptive to feedback and can appreciate a gentle no, with multiple redirections until you arrive at a solution with a firm and confident yes.Youre looking for stability in your career and gaining several years of experience before looking to grow in any other direction.RequirementsMinimum 2 years of working directly within email-based technical support in SaaS or combined technical and writing experience. Bonus points if youve already worked in a remote e-commerce role!Extensive experience troubleshooting complex software issues.The ability to concisely explain technical concepts in a non-technical way and a passion for meeting customers where they are in their tech knowledge.Fluency in both written and spoken English.The ability to work between Pacific Standard Time (US) hours of 9am to 6pm permanently, regardless of your physical location.Preferred skillsExperience troubleshooting APIs, JSON, and utilizing application log analysis.Sound knowledge of key data flow/transfer protocols such as SFTP and FTP.Experience with rule-based automation and complex settings.Experience helping new users implement SaaS applications in a B2B environment.Order Desk is committed to breaking structural barriers within our hiring process and driving fair hiring practices in our workplace. Women and underrepresented minorities (URMs) continue to be underrepresented within our industry. Research has shown women and people of color disproportionately do not apply for jobs where they do not meet 100% of the requirements.Regardless of whether or not you identify as one of these groups, if you meet most of the technical requirements and this role aligns with your career goals, then we encourage you to bet on yourself and apply!BenefitsThis is a full-time position. The salary range for this role is $55,000 - $58,000 USD/year. We base our offer on your skills, experience, and role alignment.Our international team members are hired as contractors but considered full-time, permanent members of our team.We offer our team members benefits like flexible time off, paid parental leave, access to wellness and health services, and a technology upgrade program to ensure everyone has all the tools they need to successfully perform their role!We meet up once a year for a company retreat. So far weve been to the U.S., Mexico, and Vietnam!To ApplyWe value authenticity and encourage you to let your true voice come through. Instead of a cover letter, we've provided specific questions for you to answer honestly. This allows you to showcase your skills and experience in your own words, without relying on tools like AI to speak for you. We believe in the strength of human creativity and individuality. Let us know what sets you apart and why you're the ideal candidate for our team!Please note: Candidates who are detected using AI tools will be disqualified.There are a few steps to our application process:Application QuestionsFollow-Up QuestionsSkills TestVideo ResponseInterview(s)If you are moved to the next round, we will contact you to let you know next steps.This process usually takes a few weeks from start to finish, so our tiny hiring team appreciates your patience while we review each application. We will follow up with everyone who applied by the end of this process.*If you havent heard from us within two weeks, please get in touch with us!

We're looking for a senior rails developer to come work with us at WodBoard WodBoard is gym management software that helps gym owners run their businesses and helps their customers, the gym members, live healthier lives. The brand name won't make any sense unless you've walked into a functional fitness gym before so I'll move swiftly on...We're a bootstrapped company so there's no VCs to answer to. That doesn't mean we're not ambitious though - there's a massive market we're going after and we want to create lasting change. As a combination of these two things we've a heavy focus on getting stuff done.Our development ethos could be best described as "full DHH". Whilst there's some bits we don't 100% agree with we stick to the core Rails ethos and stack, focussing on what we can achieve with the technology, rather than the technology itself. If you've enjoyed some of the blog posts on how Basecamp structure code, or enjoy the work of boringrails.com, you'd like working with us.We're a small (but mighty) tech team of 3 so you'll be jumping straight in and writing code for customers from day 1. There's also infrastructure/UI work/mobile app development work that happens and you can become involved in if you so wish. The role has the opportunity to build into a CTO role for the right person.A little more about the role and us:It's really refreshing using technology to do something that helps people in a real world tangible way. Changing lives and increasing health through technology is very motivating!We love simplicity. We're fanatical about it. This goes from our codebase, to our infrastructure, to how we operate as a company. It can be harder work upfront but it sure makes life easier down the road.You'll need strong ownership skills. As a small team we don't have project managers. You're responsible for your tasks so you'll need to be good at taking ownership and reporting back to the team.An ability to renegotiate requirements as you get into the technical details is most welcome! In Computer Science there's hard problems and hard problems that don't need solving. We are constantly asking ourselves if there's an easier way to do something.We spend a lot of time talking to our customers and understanding their problems. This won't ever change. Be prepared to go back and evaluate previously held assumptions on new features after testing with beta customersThe position is fulltime and by no means do you need to be into health/fitness to work here (only about 50% of our staff are). It's fully remote position but you'd need to be on an EU timezone so there's sufficient overlap with the rest of the team. We also do a full team meetup in person twice per year.

SUMMARYAs a Learning Experience Designer, you will play a key role in designing and delivering impactful learning experiences that support the skills and effectiveness of our sales team. In this role, you will work closely with sales leadership, product teams, and subject matter experts to create engaging, visually appealing training content that meets the needs of our fast-paced sales environment. You will be responsible for developing a variety of training materials, including presentations, eLearning content, and in-person resources. Strong skills in PowerPoint and visual design are essential to create compelling, executive-level presentations and learning experiences.WHAT YOULL DOInstructional Design & Content CreationDesign and develop sales enablement training materials, including PowerPoint decks, eLearning modules, and resources for live and virtual training sessions.Use visual storytelling and graphic design to create high-quality, branded presentations and training resources that captivate and educate sales professionals.Develop learning content for various formats, including infographics, role-play scenarios, and interactive simulations.Collaboration & Stakeholder EngagementWork with sales leaders, product marketing, and SMEs to understand training needs and translate them into effective learning materials.Partner with program managers to ensure alignment with sales goals, creating content that addresses the real-world challenges faced by sales teams.Needs Analysis & Learning StrategyConduct needs assessments to identify gaps and tailor training solutions to meet specific objectives for different sales roles.Assist in developing learning strategies that incorporate various formats, such as microlearning, scenarios, and in-person role plays, for targeted impact.Measurement & Continuous ImprovementGather feedback from learners and stakeholders to continually refine and enhance training materials.Support the use of metrics to evaluate engagement and retention, adjusting content as needed to achieve learning goals.Technology & Learning ManagementSupport training delivery through the LMS and CMS, managing content organization and accessibility to ensure it meets enablement objectives.Stay updated on best practices in visual design and instructional technology, applying new tools and methods to enhance the training experience.WHAT YOULL BRINGBachelors degree in Instructional Design, Graphic Design, Education, or a related field.5+ years of experience in training content creation, ideally within sales enablement or a similar environment.Proficiency in PowerPoint and graphic design, with the ability to create executive-level presentations and visually compelling training materials.Familiarity with instructional design tools (e.g., Articulate RISE, Camtasia) and a basic understanding of LMS and CMS platforms.Strong grasp of adult learning principles and interest in sales-focused training.Excellent organizational skills, with the ability to manage multiple projects and meet deadlines.Strong verbal and written communication skills to engage effectively with cross-functional teams.If your experience is close but doesnt fulfill all requirements, please apply. Wiz is on a mission to build a special company. To achieve our goal, we are focused on hiring Wizards with different backgrounds, perspectives, and experiences.Wiz is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.By submitting your application, you acknowledge that Wiz will process your personal data in accordance with Wiz's Privacy Policy.

Submitted by WA ContentsAngelo Renna proposes a submerged floating bridge over the Strait of SicilyItaly Architecture News - Jan 06, 2025 - 13:12 html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"Architect and landsape designer Angelo Renna has proposed a submerged floating bridge over the Strait of Sicily in Italy.Called Strait of Sicily - Archipelago Floating Bridge, the bridge was developed as an alternative proposal to span over the Strait of Sicily. A submerged floating bridge serves for cars, highspeed trains, and bikes.The sequence of artificial islands supporting the bridge, with Sicily Island in the backgroundDesigned by Angelo Renna and Kittan Kodijat, the bridge supports marine life and minimizes the impact on the environment by including an archipelago of man-made islands at the water's surface.Boats can easily navigate between the islands, and trees and vegetation will grow on the artificial pontoons"The dream of a bridge connecting Sicily to mainland Italy stretches back 2000 years to Roman times, when Consul Metellus strung together barrels and wood to create a floating bridge to move 100 elephants from Carthage to Rome, according to writing by Pliny the Elder," said Angelo Renna."Since then, various plans have been proposed, including tunnels crossing underground and the most recent plan for a single-span suspension bridge, which, if built, would be the longest suspension bridge in the world.""This solution, evaluated alongside different possibilities by the Italian government, is considered the most suitable. However, it does not take into account the environmental impact and the fragile ecosystem in which it will be constructed," Renna explained.Boats can easily navigate between the islands, and trees and vegetation will grow on the artificial pontoonsAs Renna stated, the Strait of Messina is actually located in an extremely seismically active area with strong geological movements and choppy waves. As an important crossing point on their migratory paths, this region is also vital for migratory birds.With a variety of ecosystems and many species that rely on its particular environmental circumstances, the area is also one of the most valuable habitats in the Mediterranean. Additionally, the sea floor is home to a variety of unique flora, such as Posidonia and Laminaria ochroleuca aquatic forests.Boats can easily navigate between the islands, and trees and vegetation will grow on the artificial pontoonsThe architect proposes a submerged floating bridge, sometimes referred to as an Archimedes bridge or a submerged floating tube bridge, in order to build a bridge that enhances rather than degrades the ecology. Based on Archimedes' concept of buoyancy, this design consists of a tube that floats in water.Bird's-eye view of the bridge from Messina Central Station, showing the Calabria coast on the other sideThe tube is positioned 50 meters below the surface, far enough below the surface to not impede water traffic, including cruise ships and boats of all sizes.The 6.0-kilometer bridge is designed to accommodate high-speed trains in the center and automobiles and trucks on the sides. Using mostly unused public domain spaces, the underwater bridge will immediately connect the Calabrian coast at the Campo Calabro highway junction of the E45 with Messina Central Station.Interior view of the tunnel, featuring a bike lane accommodated in the lower part of the tunnelThere is also a bike lane on the bridge's bottom portion. Trees and plants are included into the tunnel's terrariums, improving the crossing's quality. To keep the tunnel from floating up or sinking, metallic frames secure it to pontoons on the water's surface.The idea is for each pontoon, which is 500 meters apart, to be an artificial island that is covered with plants and soil to provide habitat for microbes and birds.The structure's underwater topography is characterized by geometric changes that create inverted hills with peaks and troughs. These regions support ecological diversity in the underwater environment by acting as habitats for a variety of plants, mosses, and invertebrates.Bird's-eye view of the bridge from the Calabria coast on the other side, showing Sicily Island in the background"A submerged floating tunnel has never been built, but several proposals have been made by different entities, starting in 1886, when the naval architect Sir Edward James Reed developed the first concept," Renna explained."Recently, the Norwegian government has been planning to build one in the Fjord to connect different areas of the region.""This bridge typology has significantly less environmental impact because it does not require any anchors at the sea floor and the entire structure can be removed at the end of its life. Additionally, all elements are prefabricated, which reduces construction activities in the water and minimizes harmful effects on aquatic life," the architect continued.Closed view on the artificial islandsAccording to recent research, submerged floating bridges work best in areas with strong seismic activity.As long as the connections with the coastlines include seismic joints, their significant transverse flexibility, along with the extra damping and inertia from water-structure interaction, lessen the amount of earthquake energy transported to the tunnel.Longitudinal section of the entire bridge, with each pontoon spaced 500 meters apart from each otherStudies have also looked into how a submarine collision may affect the tunnel, estimating the possible harm to the submarine and the structure.The outcomes demonstrated that the bridge can manage significant deformation issues. Research on tunnel safety following a collision is still scarce, nevertheless.Aerial photo of the Archipelago bridgeTransversal section. The tunnel is 50 meters underwater.Schemes summarizing main features of the bridgeAxonometric sequenceTimeline the Strait of Sicily:- 251 BC: according to Pliny the Elder, the Romans built a floating structure to transfer elephants from the island.- 1840: Ferdinand II of the Two Sicilies conceived the idea of constructing a bridge, commissioning a group of architects and engineers to provide him with ideas for its construction- 1952: On the initiative of the Association of Italian Steel Constructors (Acai), the American engineer David Steinman was commissioned to draft a preliminary project.- 1969: The "International Ideas Competition for the Stable Road and Rail Link between Sicily and the mainland" was announced, envisioning the construction of a stable double-track railway and six-lane highway in compliance with the regulations of the time. In response to this competition, 143 projects were submitted, including proposals from Grant Alan and Partners; a half-submerged tunnel anchored to the seabed with steel cables, or the Lambertini Group's cable-stayed bridge with three large spans of 3300 meters.- 1985: Prime Minister Bettino Craxi spoke in favor of the rapid construction of the bridge. Stretto di Messina Spa entered into an agreement with Anas and Ferrovie dello Stato (Fs). Subsequently, a new study was published comparing three types of bridges, all proposing a single span, 3.3 kilometers long (which remains the current project idea).-1994:The first government led by Silvio Berlusconi obtained the favorable opinion of Anas and Fs on the newly approved project. However, the project did not commence.- 2011/present: Presented by Eurolink, the two pillars of the Strait bridge will be erected in two different areas with a distance of 3.3 kilometers between them. The opening to traffic is planned for 2032.Top image in the article: Underwater view of the submerged bridge. The underside of the artificial islands serves as habitats for various invertebrates, mosses, and plants, promoting ecological diversity in the underwater landscape.All images Angelo Renna.> via Angelo Renna

Submitted by WA ContentsMert Kansu named WAC's most active Country Reporter of December United States Architecture News - Jan 06, 2025 - 11:15 html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"WAC's USA Country Reporter Mert Kansu has been named as the most active Country Reporter of December for successfully completing at least three articles in the WAC's Country Editors/Reporters Program.WAC's USA Country Reporter Mert Kansu has been named as the most successful name of December by writing three stories: Miller Hull Partnership's Lake Union Piers, Offsets All Carbon Emissions From Construction, Studio Gang Designs Mass Timber Addition To California College Of Arts, and Snhetta's Far Rockaway Library Transforms Architecture Into A Sculptural Painting.WAC's voluntary Country Editors/Reporters Program was launched in December 2017 with the aim of promoting local architecture, knowledge, stories, and recent developments from various parts of the world to WAC's global audience. The program also seeks to introduce new volunteer journalists and writers as representatives of their countries.The primary goal of the program is to elevate local knowledge and developments, introduce new practices, share local news, and create connections between local architects and the global architecture community. Additionally, it expands WAC's ability to share exclusive local news with its worldwide audience.The program has experienced significant success in a short time, attracting numerous applications from around the globe. Composed of architects, architecture students, academics, writers, experienced journalists, and emerging journalist candidates, WAC currently has 11 Country Reporters and 3 Country Editors representing 9 different countries.If you're interested in joining WAC's Country Editors/Reporters Program, you can find the application details on this page and submit your application.Mert Kansu,USAMert Kansu was appointed as WAC's USA Country Reporter on April 23, 2019 to the program. Born in Istanbul, Turkey, Mert currently lives and works in the United States as an architectural designer. He holds a Bachelor of Science in Architecture from Bahcesehir University and a Master of Architecture from the University of Virginia.Mert is passionate about sustainability and ecology, particularly in how tectonics and material expression can create healthy and functional spaces that serve the general public. He believes that architecture can transcend boundaries and raise awareness of our climatic, socioeconomic, and demographic challenges. Mert enjoys sharing his insights and local architectural news.Mert's most popular article to date is "The New Interface Headquarters Building By Perkins+Will Opens In Atlanta." The article reached a record with over 14,000 views, surpassing his previous articles. Learn more about Mert's articles on WAC.Top image courtesy of Mert Kansu.

Source: Hollaway StudioSource: Hollaway StudioSource: Hollaway StudioSource: Hollaway StudioSource: Hollaway StudioSource: Hollaway StudioSource: Hollaway StudioSource: Hollaway Studio1/8show captionHollaway Studios plans to create a new headquarters and factory for Brompton Bikes on a 100-acre wetlands site near Ashford in Kent have been put on hold after the bicycle manufacturer saw profit last year virtually wiped out.The firm said pre-tax profit fell to 4,602 in the year to March 2024 from 10.7m on turnover down 5% to 123m.> Also read:Hollaway Studio designs floating bike factory for BromptonThe company, which is best known for its folding bikes, blamed the faltering global bicycle market and an oversupply of cheaper bikes for the falls.Hollaway Studios scheme, drawn up three years ago, for a new 100m HQ was planned to include a circular building positioned on stilts 2.2m above the flood plain which would have been turned into a nature reserve open to the public.At the time, Brompton said its ambition was to be able to produce more than 200,000 bikes a year and employ more than 1,500 staff. In its last set of accounts, bike sales fell 8% to 84,899 although staff numbers were up 5% to 844.The new headquarters would have also included a museum and was due to have completed by 2027. Bromptons current factory is in Greenford, west London.