• It's astounding how many people still cling to outdated notions when it comes to the choice between hardware and software for electronics projects. The article 'Pong in Discrete Components' points to a clear solution, yet it misses the mark entirely. Why are we still debating the reliability of dedicated hardware circuits versus software implementations? Are we really that complacent?

    Let’s face it: sticking to discrete components for simple tasks is an exercise in futility! In a world where innovation thrives on efficiency, why would anyone choose to build outdated circuits when software solutions can achieve the same goals with a fraction of the complexity? It’s mind-boggling! The insistence on traditional methods speaks to a broader problem in our community—a stubbornness to evolve and embrace the future.

    The argument for using hardware is often wrapped in a cozy blanket of reliability. But let’s be honest, how reliable is that? Anyone who has dealt with hardware failures knows they can be a nightmare. Components can fail, connections can break, and troubleshooting a physical circuit can waste immense amounts of time. Meanwhile, software can be updated, modified, and optimized with just a few keystrokes. Why are we so quick to glorify something that is inherently flawed?

    This is not just about personal preference; it’s about setting a dangerous precedent for future electronics projects. By promoting the use of discrete components without acknowledging their limitations, we are doing a disservice to budding engineers and hobbyists. We are essentially telling them to trap themselves in a bygone era where tinkering with clunky hardware is seen as a rite of passage. It’s ridiculous!

    Furthermore, the focus on hardware in the article neglects the incredible advancements in software tools and environments available today. Why not leverage the power of modern programming languages and platforms? The tech landscape is overflowing with resources that make it easier than ever to create impressive projects with software. Why do we insist on dragging our feet through the mud of outdated technologies?

    The truth is, this reluctance to embrace software solutions is symptomatic of a larger issue—the fear of change. Change is hard, and it’s scary, but clinging to obsolete methods will only hinder progress. We need to challenge the status quo and demand better from our community. We should be encouraging one another to explore the vast possibilities that software offers rather than settling for the mundane and the obsolete.

    Let’s stop romanticizing the past and start looking forward. The world of electronics is rapidly evolving, and it’s time we caught up. Let’s make a collective commitment to prioritize innovation over tradition. The choice between hardware and software doesn’t have to be a debate; it can be a celebration of progress.

    #InnovationInElectronics
    #SoftwareOverHardware
    #ProgressNotTradition
    #EmbraceTheFuture
    #PongInDiscreteComponents
    It's astounding how many people still cling to outdated notions when it comes to the choice between hardware and software for electronics projects. The article 'Pong in Discrete Components' points to a clear solution, yet it misses the mark entirely. Why are we still debating the reliability of dedicated hardware circuits versus software implementations? Are we really that complacent? Let’s face it: sticking to discrete components for simple tasks is an exercise in futility! In a world where innovation thrives on efficiency, why would anyone choose to build outdated circuits when software solutions can achieve the same goals with a fraction of the complexity? It’s mind-boggling! The insistence on traditional methods speaks to a broader problem in our community—a stubbornness to evolve and embrace the future. The argument for using hardware is often wrapped in a cozy blanket of reliability. But let’s be honest, how reliable is that? Anyone who has dealt with hardware failures knows they can be a nightmare. Components can fail, connections can break, and troubleshooting a physical circuit can waste immense amounts of time. Meanwhile, software can be updated, modified, and optimized with just a few keystrokes. Why are we so quick to glorify something that is inherently flawed? This is not just about personal preference; it’s about setting a dangerous precedent for future electronics projects. By promoting the use of discrete components without acknowledging their limitations, we are doing a disservice to budding engineers and hobbyists. We are essentially telling them to trap themselves in a bygone era where tinkering with clunky hardware is seen as a rite of passage. It’s ridiculous! Furthermore, the focus on hardware in the article neglects the incredible advancements in software tools and environments available today. Why not leverage the power of modern programming languages and platforms? The tech landscape is overflowing with resources that make it easier than ever to create impressive projects with software. Why do we insist on dragging our feet through the mud of outdated technologies? The truth is, this reluctance to embrace software solutions is symptomatic of a larger issue—the fear of change. Change is hard, and it’s scary, but clinging to obsolete methods will only hinder progress. We need to challenge the status quo and demand better from our community. We should be encouraging one another to explore the vast possibilities that software offers rather than settling for the mundane and the obsolete. Let’s stop romanticizing the past and start looking forward. The world of electronics is rapidly evolving, and it’s time we caught up. Let’s make a collective commitment to prioritize innovation over tradition. The choice between hardware and software doesn’t have to be a debate; it can be a celebration of progress. #InnovationInElectronics #SoftwareOverHardware #ProgressNotTradition #EmbraceTheFuture #PongInDiscreteComponents
    HACKADAY.COM
    Pong in Discrete Components
    The choice between hardware and software for electronics projects is generally a straighforward one. For simple tasks we might build dedicated hardware circuits out of discrete components for reliability and …read more
    1 Commentaires 0 Parts
  • It's time to call out the glaring flaws in the so-called "Latest Showreel" by the Compagnie Générale des Effets Visuels (CGEV). They tout their projects like a peacock showing off its feathers, but let's be honest: this is just a facade. The latest compilation, which includes work from films such as "The Substance," "Survivre," "Monsieur Aznavour," "Le Salaire de la Peur," and more, is nothing short of a desperate attempt to mask their shortcomings in the visual effects industry.

    First off, what are they thinking with the title "Mise à jour de showreel"? This isn't an update; it's a cry for help! The industry is moving at lightning speed, and CGEV seems to be stuck in the past, clinging to projects that are as outdated as a floppy disk. The world of visual effects is about innovation and pushing boundaries, yet here we have a company content with showcasing work that barely scratches the surface of creativity.

    And let’s talk about "Le Salaire de la Peur." If this is their crown jewel, then they are in serious trouble. The effects look amateurish at best, and it raises the question: are they even using the right technology? In an age where CGI can create stunning visuals that leave you breathless, CGEV’s work feels like a bad remnant of the early 2000s. It’s embarrassing to think that they believe this is good enough to represent their brand.

    Alain Carsoux, the director, needs to take a long, hard look in the mirror. Is he satisfied with this mediocrity? Because the rest of us definitely aren’t. The lack of originality and innovation in these projects is infuriating. Instead of pushing the envelope, they're settling for the bare minimum, and that’s an insult to both their talent and their audience.

    The sad reality is that CGEV is not alone in this trend. The entire industry seems to be plagued by a lack of ambition. They’re so focused on keeping the lights on that they’ve forgotten why they got into this business in the first place. It’s about passion, creativity, and daring to take risks. "Young Woman and the Sea" could have been a ground-breaking project, but instead, it’s just another forgettable title in an already saturated market.

    We need to demand more from these companies. We deserve visual effects that inspire, challenge, and captivate. CGEV needs to get its act together and start investing in real talent and cutting-edge technology. No more excuses! The audience is tired of being served mediocrity wrapped in flashy marketing. If they want to compete in the visual effects arena, they better step up their game or face the consequences of being forgotten.

    Let’s stop accepting subpar work from companies that should know better. The time for complacency is over. We need to hold CGEV accountable for their lack of innovation and creativity. If they continue down this path, they’ll be left behind in a world that demands so much more.

    #CGEV #VisualEffects #FilmIndustry #TheSubstance #Innovation
    It's time to call out the glaring flaws in the so-called "Latest Showreel" by the Compagnie Générale des Effets Visuels (CGEV). They tout their projects like a peacock showing off its feathers, but let's be honest: this is just a facade. The latest compilation, which includes work from films such as "The Substance," "Survivre," "Monsieur Aznavour," "Le Salaire de la Peur," and more, is nothing short of a desperate attempt to mask their shortcomings in the visual effects industry. First off, what are they thinking with the title "Mise à jour de showreel"? This isn't an update; it's a cry for help! The industry is moving at lightning speed, and CGEV seems to be stuck in the past, clinging to projects that are as outdated as a floppy disk. The world of visual effects is about innovation and pushing boundaries, yet here we have a company content with showcasing work that barely scratches the surface of creativity. And let’s talk about "Le Salaire de la Peur." If this is their crown jewel, then they are in serious trouble. The effects look amateurish at best, and it raises the question: are they even using the right technology? In an age where CGI can create stunning visuals that leave you breathless, CGEV’s work feels like a bad remnant of the early 2000s. It’s embarrassing to think that they believe this is good enough to represent their brand. Alain Carsoux, the director, needs to take a long, hard look in the mirror. Is he satisfied with this mediocrity? Because the rest of us definitely aren’t. The lack of originality and innovation in these projects is infuriating. Instead of pushing the envelope, they're settling for the bare minimum, and that’s an insult to both their talent and their audience. The sad reality is that CGEV is not alone in this trend. The entire industry seems to be plagued by a lack of ambition. They’re so focused on keeping the lights on that they’ve forgotten why they got into this business in the first place. It’s about passion, creativity, and daring to take risks. "Young Woman and the Sea" could have been a ground-breaking project, but instead, it’s just another forgettable title in an already saturated market. We need to demand more from these companies. We deserve visual effects that inspire, challenge, and captivate. CGEV needs to get its act together and start investing in real talent and cutting-edge technology. No more excuses! The audience is tired of being served mediocrity wrapped in flashy marketing. If they want to compete in the visual effects arena, they better step up their game or face the consequences of being forgotten. Let’s stop accepting subpar work from companies that should know better. The time for complacency is over. We need to hold CGEV accountable for their lack of innovation and creativity. If they continue down this path, they’ll be left behind in a world that demands so much more. #CGEV #VisualEffects #FilmIndustry #TheSubstance #Innovation
    Mise à jour de showreel pour la CGEV : de The Substance au Salaire de la Peur
    La Compagnie Générale des Effets Visuels présente une compilation de ses derniers projets. On y trouvera son travail d’effets visuels sur le film The Substance, mais aussi Survivre, Monsieur Aznavour, Le Salaire de la Peur, ou encore Young Woma
    Like
    Love
    Wow
    Angry
    Sad
    153
    1 Commentaires 0 Parts
  • Anni Albers, Bauhaus, modernity, weaving, textile art, feminism, design history, art criticism, creative pioneers

    ## Introduction

    Anni Albers is often celebrated as one of the rare women from the Bauhaus movement who managed to attain a level of recognition during her lifetime. But let's not sugarcoat this: her success is a glaring reminder of how women's contributions have historically been overlooked in the art world. Albers didn’t just weave; she tore apart the outdated notions surrounding ...
    Anni Albers, Bauhaus, modernity, weaving, textile art, feminism, design history, art criticism, creative pioneers ## Introduction Anni Albers is often celebrated as one of the rare women from the Bauhaus movement who managed to attain a level of recognition during her lifetime. But let's not sugarcoat this: her success is a glaring reminder of how women's contributions have historically been overlooked in the art world. Albers didn’t just weave; she tore apart the outdated notions surrounding ...
    Anni Albers: The Bauhaus Weaver Who Shattered Norms
    Anni Albers, Bauhaus, modernity, weaving, textile art, feminism, design history, art criticism, creative pioneers ## Introduction Anni Albers is often celebrated as one of the rare women from the Bauhaus movement who managed to attain a level of recognition during her lifetime. But let's not sugarcoat this: her success is a glaring reminder of how women's contributions have historically been...
    Like
    Love
    Wow
    Sad
    Angry
    603
    1 Commentaires 0 Parts
  • Shutterstock’s so-called ‘safe’ rebrand is nothing but a bland attempt to mask the mediocrity that has been plaguing this company for years. Let’s get one thing straight: unpretentious design is not an excuse for a lack of creativity or vision. This rebranding is mundane to the core, and it perfectly encapsulates how far Shutterstock has fallen behind in a world that thrives on innovation and boldness.

    How can a company that claims to be a leader in the stock photo industry settle for such a lukewarm identity? This is an insult to the very essence of what creative work should represent. The design doesn’t push boundaries; it tiptoes around them, playing it safe in a world where being bold and daring is what gets attention. It’s infuriating to see a platform that should inspire creativity instead opting for a design that is as forgettable as yesterday’s news.

    When I look at Shutterstock’s new branding, I see a desperate attempt to blend in rather than stand out. The phrase “serves its purpose” is the biggest red flag. What purpose, exactly? To ensure that no one remembers you? To create a forgettable experience for users who are looking for inspiration? This ‘safe’ rebrand is a half-hearted effort that screams mediocrity and a complete lack of ambition.

    Moreover, the design community has consistently challenged brands to think outside the box and create something that resonates with their audience. But what does Shutterstock do? It plays it safe, hiding behind the label of ‘unpretentious’ while failing to evoke any sort of emotional response. This is not just a failure of design; it’s a failure of leadership. There’s a glaring lack of vision in a world that craves authenticity and originality.

    Let’s talk about the missed opportunities here. Shutterstock had the chance to redefine itself, to shake things up and create a memorable identity that would resonate with both creators and consumers. Instead, it chose to play it safe, resulting in a brand that feels outdated and uninspired. This decision not only reflects poorly on Shutterstock but also sends a troubling message to the entire industry: that it’s okay to settle for mediocrity as long as it serves a purpose.

    To the leaders at Shutterstock, I urge you to take a long, hard look at what you’ve done. This rebrand is not just mundane; it’s a disservice to the creative community you claim to support. It’s time to stop playing it safe and start taking risks that could potentially elevate your brand to new heights. Remember, in the world of creativity, blending in is the fastest way to fade away.

    #Shutterstock #Rebrand #DesignCritique #Mediocrity #CreativityMatters
    Shutterstock’s so-called ‘safe’ rebrand is nothing but a bland attempt to mask the mediocrity that has been plaguing this company for years. Let’s get one thing straight: unpretentious design is not an excuse for a lack of creativity or vision. This rebranding is mundane to the core, and it perfectly encapsulates how far Shutterstock has fallen behind in a world that thrives on innovation and boldness. How can a company that claims to be a leader in the stock photo industry settle for such a lukewarm identity? This is an insult to the very essence of what creative work should represent. The design doesn’t push boundaries; it tiptoes around them, playing it safe in a world where being bold and daring is what gets attention. It’s infuriating to see a platform that should inspire creativity instead opting for a design that is as forgettable as yesterday’s news. When I look at Shutterstock’s new branding, I see a desperate attempt to blend in rather than stand out. The phrase “serves its purpose” is the biggest red flag. What purpose, exactly? To ensure that no one remembers you? To create a forgettable experience for users who are looking for inspiration? This ‘safe’ rebrand is a half-hearted effort that screams mediocrity and a complete lack of ambition. Moreover, the design community has consistently challenged brands to think outside the box and create something that resonates with their audience. But what does Shutterstock do? It plays it safe, hiding behind the label of ‘unpretentious’ while failing to evoke any sort of emotional response. This is not just a failure of design; it’s a failure of leadership. There’s a glaring lack of vision in a world that craves authenticity and originality. Let’s talk about the missed opportunities here. Shutterstock had the chance to redefine itself, to shake things up and create a memorable identity that would resonate with both creators and consumers. Instead, it chose to play it safe, resulting in a brand that feels outdated and uninspired. This decision not only reflects poorly on Shutterstock but also sends a troubling message to the entire industry: that it’s okay to settle for mediocrity as long as it serves a purpose. To the leaders at Shutterstock, I urge you to take a long, hard look at what you’ve done. This rebrand is not just mundane; it’s a disservice to the creative community you claim to support. It’s time to stop playing it safe and start taking risks that could potentially elevate your brand to new heights. Remember, in the world of creativity, blending in is the fastest way to fade away. #Shutterstock #Rebrand #DesignCritique #Mediocrity #CreativityMatters
    Shutterstock’s ‘safe’ rebrand is mundane, but perfect
    It’s unpretentious design that serves its purpose.
    Like
    Love
    Wow
    Sad
    Angry
    584
    1 Commentaires 0 Parts
  • Block’s CFO explains Gen Z’s surprising approach to money management

    One stock recently impacted by a whirlwind of volatility is Block—the fintech powerhouse behind Square, Cash App, Tidal Music, and more. The company’s COO and CFO, Amrita Ahuja, shares how her team is using new AI tools to find opportunity amid disruption and reach customers left behind by traditional financial systems. Ahuja also shares lessons from the video game industry and discusses Gen Z’s surprising approach to money management.  

    This is an abridged transcript of an interview from Rapid Response, hosted by Robert Safian, former editor-in-chief of Fast Company. From the team behind the Masters of Scale podcast, Rapid Response features candid conversations with today’s top business leaders navigating real-time challenges. Subscribe to Rapid Response wherever you get your podcasts to ensure you never miss an episode.

    As a leader, when you’re looking at all of this volatility—the tariffs, consumer sentiment’s been unclear, the stock market’s been all over the place. You guys had a huge one-day drop in early May, and it quickly bounced back. How do you make sense of all these external factors?

    Yeah, our focus is on what we can control. And ultimately, the thing that we are laser-focused on for our business is product velocity. How quickly can we start small with something, launch something for our customers, and then test and iterate and learn so that ultimately, that something that we’ve launched scales into an important product?

    I’ll give you an example. Cash App Borrow, which is a product where our customers can get access to a line of credit, often that bridges them from paycheck to paycheck. We know so many Americans are living paycheck to paycheck. That’s a product that we launched about three years ago and have now scaled to serve 9 million actives with billion in credit supply to our customers in a span of a couple short years.

    The more we can be out testing and launching product at a pace, the more we know we are ultimately delivering value to our customers, and the right things will happen from a stock perspective.

    Block is a financial services provider. You have Square, the point-of-sale system; the digital wallet Cash App, which you mentioned, which competes with Venmo and Robinhood; and a bunch of others. Then you’ve got the buy-now, pay-later leader Afterpay. You chair Square Financial Services, which is Block’s chartered bank. But you’ve said that in the fintech world, Block is only a little bit fin—that comparatively, it’s more tech. Can you explain what you mean by that?

    What we think is unique about us is our ability as a technology company to completely change innovation in the space, such that we can help solve systemic issues across credit, payments, commerce, and banking. What that means ultimately is we use technologies like AI and machine learning and data science, and we use these technologies in a unique way, in a way that’s different from a traditional bank. We are able to underwrite those who are often frankly forgotten by the traditional financial ecosystems.

    Our Square Loans product has almost triple the rate of women-owned businesses that we underwrite. Fifty-eight percent of our loans go to women-owned businesses versus 20% for the industry average. For that Cash App Borrow product I was talking about, 70% of those actives, the 9 million actives that we underwrote, fell below 580 as a FICO score. That’s considered a poor FICO score, and yet 97% of repayments are made on time. And this is because we have unique access to data and these technology and tools which can help us uniquely underwrite this often forgotten customer base.

    Yeah. I mean, credit—sometimes it’s been blamed for financial excesses. But access to credit is also, as you say, an advantage that’s not available to everyone. Do you have a philosophy between those poles—between risk and opportunity? Or is what you’re saying is that the tech you have allows you to avoid that risk?

    That’s right. Let’s start with how do the current systems work? It works using inferior data, frankly. It’s more limited data. It’s outdated. Sometimes it’s inaccurate. And it ignores things like someone’s cash flows, the stability of your income, your savings rate, how money moves through your accounts, or how you use alternative forms of credit—like buy now, pay later, which we have in our ecosystem through Afterpay.

    We have a lot of these signals for our 57 million monthly actives on the Cash App side and for the 4 million small businesses on the Square side, and those, frankly, billions of transaction data points that we have on any given day paired with new technologies. And we intend to continue to be on the forefront of AI, machine learning, and data science to be able to empower more people into the economy. The combination of the superior data and the technologies is what we believe ultimately helps expand access.

    You have a financial background, but not in the financial services industry. Before Block, you were a video game developer at Activision. Are financial businesses and video games similar? Are there things that are similar about them?

    There are. There actually are some things that are similar, I will say. There are many things that are unique to each industry. Each industry is incredibly complex. You find that when big technology companies try to do gaming. They’ve taken over the world in many different ways, but they can’t always crack the nut on putting out a great game. Similarly, some of the largest technology companies have dabbled in fintech but haven’t been able to go as deep, so they’re both very nuanced and complex industries.

    I would say another similarity is that design really matters. Industrial design, the design of products, the interface of products, is absolutely mission-critical to a great game, and it’s absolutely mission-critical to the simplicity and accessibility of our products, be it on Square or Cash App.

    And then maybe the third thing that I would say is that when I was in gaming, at least the business models were rapidly changing from an intermediary distribution mechanism, like releasing a game once and then selling it through a retailer, to an always-on, direct-to-consumer connection. And similarly with banking, people don’t want to bank from 9 to 5, six days a week. They want 24/7 access to their money and the ability to, again, grow their financial livelihood, move their money around seamlessly. So, some similarities are there in that shift to an intermediary model or a slower model to an always-on, direct-to-consumer connection.

    Part of your target audience or your target customer base at Block are Gen Z folks. Did you learn things at Activision about Gen Z that has been useful? Are there things that businesses misunderstand about younger generations still?

    What we’ve learned is that Gen Z, millennial customers, aren’t going to do things the way their parents did. Some of our stats show that 63% of Gen Z customers have moved away from traditional credit cards, and over 80% are skeptical of them. Which means they’re not using a credit card to manage expenses; they’re using a debit card, but then layering on on a transaction-by-transaction basis. Or again, using tools like buy now, pay later, or Cash App Borrow, the means in which they’re managing their consistent cash flows. So that’s an example of how things are changing, and you’ve got to get up to speed with how the next generation of customers expects to manage their money.
    #blocks #cfo #explains #gen #surprising
    Block’s CFO explains Gen Z’s surprising approach to money management
    One stock recently impacted by a whirlwind of volatility is Block—the fintech powerhouse behind Square, Cash App, Tidal Music, and more. The company’s COO and CFO, Amrita Ahuja, shares how her team is using new AI tools to find opportunity amid disruption and reach customers left behind by traditional financial systems. Ahuja also shares lessons from the video game industry and discusses Gen Z’s surprising approach to money management.   This is an abridged transcript of an interview from Rapid Response, hosted by Robert Safian, former editor-in-chief of Fast Company. From the team behind the Masters of Scale podcast, Rapid Response features candid conversations with today’s top business leaders navigating real-time challenges. Subscribe to Rapid Response wherever you get your podcasts to ensure you never miss an episode. As a leader, when you’re looking at all of this volatility—the tariffs, consumer sentiment’s been unclear, the stock market’s been all over the place. You guys had a huge one-day drop in early May, and it quickly bounced back. How do you make sense of all these external factors? Yeah, our focus is on what we can control. And ultimately, the thing that we are laser-focused on for our business is product velocity. How quickly can we start small with something, launch something for our customers, and then test and iterate and learn so that ultimately, that something that we’ve launched scales into an important product? I’ll give you an example. Cash App Borrow, which is a product where our customers can get access to a line of credit, often that bridges them from paycheck to paycheck. We know so many Americans are living paycheck to paycheck. That’s a product that we launched about three years ago and have now scaled to serve 9 million actives with billion in credit supply to our customers in a span of a couple short years. The more we can be out testing and launching product at a pace, the more we know we are ultimately delivering value to our customers, and the right things will happen from a stock perspective. Block is a financial services provider. You have Square, the point-of-sale system; the digital wallet Cash App, which you mentioned, which competes with Venmo and Robinhood; and a bunch of others. Then you’ve got the buy-now, pay-later leader Afterpay. You chair Square Financial Services, which is Block’s chartered bank. But you’ve said that in the fintech world, Block is only a little bit fin—that comparatively, it’s more tech. Can you explain what you mean by that? What we think is unique about us is our ability as a technology company to completely change innovation in the space, such that we can help solve systemic issues across credit, payments, commerce, and banking. What that means ultimately is we use technologies like AI and machine learning and data science, and we use these technologies in a unique way, in a way that’s different from a traditional bank. We are able to underwrite those who are often frankly forgotten by the traditional financial ecosystems. Our Square Loans product has almost triple the rate of women-owned businesses that we underwrite. Fifty-eight percent of our loans go to women-owned businesses versus 20% for the industry average. For that Cash App Borrow product I was talking about, 70% of those actives, the 9 million actives that we underwrote, fell below 580 as a FICO score. That’s considered a poor FICO score, and yet 97% of repayments are made on time. And this is because we have unique access to data and these technology and tools which can help us uniquely underwrite this often forgotten customer base. Yeah. I mean, credit—sometimes it’s been blamed for financial excesses. But access to credit is also, as you say, an advantage that’s not available to everyone. Do you have a philosophy between those poles—between risk and opportunity? Or is what you’re saying is that the tech you have allows you to avoid that risk? That’s right. Let’s start with how do the current systems work? It works using inferior data, frankly. It’s more limited data. It’s outdated. Sometimes it’s inaccurate. And it ignores things like someone’s cash flows, the stability of your income, your savings rate, how money moves through your accounts, or how you use alternative forms of credit—like buy now, pay later, which we have in our ecosystem through Afterpay. We have a lot of these signals for our 57 million monthly actives on the Cash App side and for the 4 million small businesses on the Square side, and those, frankly, billions of transaction data points that we have on any given day paired with new technologies. And we intend to continue to be on the forefront of AI, machine learning, and data science to be able to empower more people into the economy. The combination of the superior data and the technologies is what we believe ultimately helps expand access. You have a financial background, but not in the financial services industry. Before Block, you were a video game developer at Activision. Are financial businesses and video games similar? Are there things that are similar about them? There are. There actually are some things that are similar, I will say. There are many things that are unique to each industry. Each industry is incredibly complex. You find that when big technology companies try to do gaming. They’ve taken over the world in many different ways, but they can’t always crack the nut on putting out a great game. Similarly, some of the largest technology companies have dabbled in fintech but haven’t been able to go as deep, so they’re both very nuanced and complex industries. I would say another similarity is that design really matters. Industrial design, the design of products, the interface of products, is absolutely mission-critical to a great game, and it’s absolutely mission-critical to the simplicity and accessibility of our products, be it on Square or Cash App. And then maybe the third thing that I would say is that when I was in gaming, at least the business models were rapidly changing from an intermediary distribution mechanism, like releasing a game once and then selling it through a retailer, to an always-on, direct-to-consumer connection. And similarly with banking, people don’t want to bank from 9 to 5, six days a week. They want 24/7 access to their money and the ability to, again, grow their financial livelihood, move their money around seamlessly. So, some similarities are there in that shift to an intermediary model or a slower model to an always-on, direct-to-consumer connection. Part of your target audience or your target customer base at Block are Gen Z folks. Did you learn things at Activision about Gen Z that has been useful? Are there things that businesses misunderstand about younger generations still? What we’ve learned is that Gen Z, millennial customers, aren’t going to do things the way their parents did. Some of our stats show that 63% of Gen Z customers have moved away from traditional credit cards, and over 80% are skeptical of them. Which means they’re not using a credit card to manage expenses; they’re using a debit card, but then layering on on a transaction-by-transaction basis. Or again, using tools like buy now, pay later, or Cash App Borrow, the means in which they’re managing their consistent cash flows. So that’s an example of how things are changing, and you’ve got to get up to speed with how the next generation of customers expects to manage their money. #blocks #cfo #explains #gen #surprising
    WWW.FASTCOMPANY.COM
    Block’s CFO explains Gen Z’s surprising approach to money management
    One stock recently impacted by a whirlwind of volatility is Block—the fintech powerhouse behind Square, Cash App, Tidal Music, and more. The company’s COO and CFO, Amrita Ahuja, shares how her team is using new AI tools to find opportunity amid disruption and reach customers left behind by traditional financial systems. Ahuja also shares lessons from the video game industry and discusses Gen Z’s surprising approach to money management.   This is an abridged transcript of an interview from Rapid Response, hosted by Robert Safian, former editor-in-chief of Fast Company. From the team behind the Masters of Scale podcast, Rapid Response features candid conversations with today’s top business leaders navigating real-time challenges. Subscribe to Rapid Response wherever you get your podcasts to ensure you never miss an episode. As a leader, when you’re looking at all of this volatility—the tariffs, consumer sentiment’s been unclear, the stock market’s been all over the place. You guys had a huge one-day drop in early May, and it quickly bounced back. How do you make sense of all these external factors? Yeah, our focus is on what we can control. And ultimately, the thing that we are laser-focused on for our business is product velocity. How quickly can we start small with something, launch something for our customers, and then test and iterate and learn so that ultimately, that something that we’ve launched scales into an important product? I’ll give you an example. Cash App Borrow, which is a product where our customers can get access to a line of credit, often $100, $200, that bridges them from paycheck to paycheck. We know so many Americans are living paycheck to paycheck. That’s a product that we launched about three years ago and have now scaled to serve 9 million actives with $15 billion in credit supply to our customers in a span of a couple short years. The more we can be out testing and launching product at a pace, the more we know we are ultimately delivering value to our customers, and the right things will happen from a stock perspective. Block is a financial services provider. You have Square, the point-of-sale system; the digital wallet Cash App, which you mentioned, which competes with Venmo and Robinhood; and a bunch of others. Then you’ve got the buy-now, pay-later leader Afterpay. You chair Square Financial Services, which is Block’s chartered bank. But you’ve said that in the fintech world, Block is only a little bit fin—that comparatively, it’s more tech. Can you explain what you mean by that? What we think is unique about us is our ability as a technology company to completely change innovation in the space, such that we can help solve systemic issues across credit, payments, commerce, and banking. What that means ultimately is we use technologies like AI and machine learning and data science, and we use these technologies in a unique way, in a way that’s different from a traditional bank. We are able to underwrite those who are often frankly forgotten by the traditional financial ecosystems. Our Square Loans product has almost triple the rate of women-owned businesses that we underwrite. Fifty-eight percent of our loans go to women-owned businesses versus 20% for the industry average. For that Cash App Borrow product I was talking about, 70% of those actives, the 9 million actives that we underwrote, fell below 580 as a FICO score. That’s considered a poor FICO score, and yet 97% of repayments are made on time. And this is because we have unique access to data and these technology and tools which can help us uniquely underwrite this often forgotten customer base. Yeah. I mean, credit—sometimes it’s been blamed for financial excesses. But access to credit is also, as you say, an advantage that’s not available to everyone. Do you have a philosophy between those poles—between risk and opportunity? Or is what you’re saying is that the tech you have allows you to avoid that risk? That’s right. Let’s start with how do the current systems work? It works using inferior data, frankly. It’s more limited data. It’s outdated. Sometimes it’s inaccurate. And it ignores things like someone’s cash flows, the stability of your income, your savings rate, how money moves through your accounts, or how you use alternative forms of credit—like buy now, pay later, which we have in our ecosystem through Afterpay. We have a lot of these signals for our 57 million monthly actives on the Cash App side and for the 4 million small businesses on the Square side, and those, frankly, billions of transaction data points that we have on any given day paired with new technologies. And we intend to continue to be on the forefront of AI, machine learning, and data science to be able to empower more people into the economy. The combination of the superior data and the technologies is what we believe ultimately helps expand access. You have a financial background, but not in the financial services industry. Before Block, you were a video game developer at Activision. Are financial businesses and video games similar? Are there things that are similar about them? There are. There actually are some things that are similar, I will say. There are many things that are unique to each industry. Each industry is incredibly complex. You find that when big technology companies try to do gaming. They’ve taken over the world in many different ways, but they can’t always crack the nut on putting out a great game. Similarly, some of the largest technology companies have dabbled in fintech but haven’t been able to go as deep, so they’re both very nuanced and complex industries. I would say another similarity is that design really matters. Industrial design, the design of products, the interface of products, is absolutely mission-critical to a great game, and it’s absolutely mission-critical to the simplicity and accessibility of our products, be it on Square or Cash App. And then maybe the third thing that I would say is that when I was in gaming, at least the business models were rapidly changing from an intermediary distribution mechanism, like releasing a game once and then selling it through a retailer, to an always-on, direct-to-consumer connection. And similarly with banking, people don’t want to bank from 9 to 5, six days a week. They want 24/7 access to their money and the ability to, again, grow their financial livelihood, move their money around seamlessly. So, some similarities are there in that shift to an intermediary model or a slower model to an always-on, direct-to-consumer connection. Part of your target audience or your target customer base at Block are Gen Z folks. Did you learn things at Activision about Gen Z that has been useful? Are there things that businesses misunderstand about younger generations still? What we’ve learned is that Gen Z, millennial customers, aren’t going to do things the way their parents did. Some of our stats show that 63% of Gen Z customers have moved away from traditional credit cards, and over 80% are skeptical of them. Which means they’re not using a credit card to manage expenses; they’re using a debit card, but then layering on on a transaction-by-transaction basis. Or again, using tools like buy now, pay later, or Cash App Borrow, the means in which they’re managing their consistent cash flows. So that’s an example of how things are changing, and you’ve got to get up to speed with how the next generation of customers expects to manage their money.
    Like
    Love
    Wow
    Sad
    Angry
    449
    2 Commentaires 0 Parts
  • Rewriting SymCrypt in Rust to modernize Microsoft’s cryptographic library 

    Outdated coding practices and memory-unsafe languages like C are putting software, including cryptographic libraries, at risk. Fortunately, memory-safe languages like Rust, along with formal verification tools, are now mature enough to be used at scale, helping prevent issues like crashes, data corruption, flawed implementation, and side-channel attacks.
    To address these vulnerabilities and improve memory safety, we’re rewriting SymCrypt—Microsoft’s open-source cryptographic library—in Rust. We’re also incorporating formal verification methods. SymCrypt is used in Windows, Azure Linux, Xbox, and other platforms.
    Currently, SymCrypt is primarily written in cross-platform C, with limited use of hardware-specific optimizations through intrinsicsand assembly language. It provides a wide range of algorithms, including AES-GCM, SHA, ECDSA, and the more recent post-quantum algorithms ML-KEM and ML-DSA. 
    Formal verification will confirm that implementations behave as intended and don’t deviate from algorithm specifications, critical for preventing attacks. We’ll also analyze compiled code to detect side-channel leaks caused by timing or hardware-level behavior.
    Proving Rust program properties with Aeneas
    Program verification is the process of proving that a piece of code will always satisfy a given property, no matter the input. Rust’s type system profoundly improves the prospects for program verification by providing strong ownership guarantees, by construction, using a discipline known as “aliasing xor mutability”.
    For example, reasoning about C code often requires proving that two non-const pointers are live and non-overlapping, a property that can depend on external client code. In contrast, Rust’s type system guarantees this property for any two mutably borrowed references.
    As a result, new tools have emerged specifically for verifying Rust code. We chose Aeneasbecause it helps provide a clean separation between code and proofs.
    Developed by Microsoft Azure Research in partnership with Inria, the French National Institute for Research in Digital Science and Technology, Aeneas connects to proof assistants like Lean, allowing us to draw on a large body of mathematical proofs—especially valuable given the mathematical nature of cryptographic algorithms—and benefit from Lean’s active user community.
    Compiling Rust to C supports backward compatibility  
    We recognize that switching to Rust isn’t feasible for all use cases, so we’ll continue to support, extend, and certify C-based APIs as long as users need them. Users won’t see any changes, as Rust runs underneath the existing C APIs.
    Some users compile our C code directly and may rely on specific toolchains or compiler features that complicate the adoption of Rust code. To address this, we will use Eurydice, a Rust-to-C compiler developed by Microsoft Azure Research, to replace handwritten C code with C generated from formally verified Rust. Eurydicecompiles directly from Rust’s MIR intermediate language, and the resulting C code will be checked into the SymCrypt repository alongside the original Rust source code.
    As more users adopt Rust, we’ll continue supporting this compilation path for those who build SymCrypt from source code but aren’t ready to use the Rust compiler. In the long term, we hope to transition users to either use precompiled SymCrypt binaries, or compile from source code in Rust, at which point the Rust-to-C compilation path will no longer be needed.

    Microsoft research podcast

    Ideas: AI and democracy with Madeleine Daepp and Robert Osazuwa Ness
    As the “biggest election year in history” comes to an end, researchers Madeleine Daepp and Robert Osazuwa Ness and Democracy Forward GM Ginny Badanes discuss AI’s impact on democracy, including the tech’s use in Taiwan and India.

    Listen now

    Opens in a new tab
    Timing analysis with Revizor 
    Even software that has been verified for functional correctness can remain vulnerable to low-level security threats, such as side channels caused by timing leaks or speculative execution. These threats operate at the hardware level and can leak private information, such as memory load addresses, branch targets, or division operands, even when the source code is provably correct. 
    To address this, we’re extending Revizor, a tool developed by Microsoft Azure Research, to more effectively analyze SymCrypt binaries. Revizor models microarchitectural leakage and uses fuzzing techniques to systematically uncover instructions that may expose private information through known hardware-level effects.  
    Earlier cryptographic libraries relied on constant-time programming to avoid operations on secret data. However, recent research has shown that this alone is insufficient with today’s CPUs, where every new optimization may open a new side channel. 
    By analyzing binary code for specific compilers and platforms, our extended Revizor tool enables deeper scrutiny of vulnerabilities that aren’t visible in the source code.
    Verified Rust implementations begin with ML-KEM
    This long-term effort is in alignment with the Microsoft Secure Future Initiative and brings together experts across Microsoft, building on decades of Microsoft Research investment in program verification and security tooling.
    A preliminary version of ML-KEM in Rust is now available on the preview feature/verifiedcryptobranch of the SymCrypt repository. We encourage users to try the Rust build and share feedback. Looking ahead, we plan to support direct use of the same cryptographic library in Rust without requiring C bindings. 
    Over the coming months, we plan to rewrite, verify, and ship several algorithms in Rust as part of SymCrypt. As our investment in Rust deepens, we expect to gain new insights into how to best leverage the language for high-assurance cryptographic implementations with low-level optimizations. 
    As performance is key to scalability and sustainability, we’re holding new implementations to a high bar using our benchmarking tools to match or exceed existing systems.
    Looking forward 
    This is a pivotal moment for high-assurance software. Microsoft’s investment in Rust and formal verification presents a rare opportunity to advance one of our key libraries. We’re excited to scale this work and ultimately deliver an industrial-grade, Rust-based, FIPS-certified cryptographic library.
    Opens in a new tab
    #rewriting #symcrypt #rust #modernize #microsofts
    Rewriting SymCrypt in Rust to modernize Microsoft’s cryptographic library 
    Outdated coding practices and memory-unsafe languages like C are putting software, including cryptographic libraries, at risk. Fortunately, memory-safe languages like Rust, along with formal verification tools, are now mature enough to be used at scale, helping prevent issues like crashes, data corruption, flawed implementation, and side-channel attacks. To address these vulnerabilities and improve memory safety, we’re rewriting SymCrypt—Microsoft’s open-source cryptographic library—in Rust. We’re also incorporating formal verification methods. SymCrypt is used in Windows, Azure Linux, Xbox, and other platforms. Currently, SymCrypt is primarily written in cross-platform C, with limited use of hardware-specific optimizations through intrinsicsand assembly language. It provides a wide range of algorithms, including AES-GCM, SHA, ECDSA, and the more recent post-quantum algorithms ML-KEM and ML-DSA.  Formal verification will confirm that implementations behave as intended and don’t deviate from algorithm specifications, critical for preventing attacks. We’ll also analyze compiled code to detect side-channel leaks caused by timing or hardware-level behavior. Proving Rust program properties with Aeneas Program verification is the process of proving that a piece of code will always satisfy a given property, no matter the input. Rust’s type system profoundly improves the prospects for program verification by providing strong ownership guarantees, by construction, using a discipline known as “aliasing xor mutability”. For example, reasoning about C code often requires proving that two non-const pointers are live and non-overlapping, a property that can depend on external client code. In contrast, Rust’s type system guarantees this property for any two mutably borrowed references. As a result, new tools have emerged specifically for verifying Rust code. We chose Aeneasbecause it helps provide a clean separation between code and proofs. Developed by Microsoft Azure Research in partnership with Inria, the French National Institute for Research in Digital Science and Technology, Aeneas connects to proof assistants like Lean, allowing us to draw on a large body of mathematical proofs—especially valuable given the mathematical nature of cryptographic algorithms—and benefit from Lean’s active user community. Compiling Rust to C supports backward compatibility   We recognize that switching to Rust isn’t feasible for all use cases, so we’ll continue to support, extend, and certify C-based APIs as long as users need them. Users won’t see any changes, as Rust runs underneath the existing C APIs. Some users compile our C code directly and may rely on specific toolchains or compiler features that complicate the adoption of Rust code. To address this, we will use Eurydice, a Rust-to-C compiler developed by Microsoft Azure Research, to replace handwritten C code with C generated from formally verified Rust. Eurydicecompiles directly from Rust’s MIR intermediate language, and the resulting C code will be checked into the SymCrypt repository alongside the original Rust source code. As more users adopt Rust, we’ll continue supporting this compilation path for those who build SymCrypt from source code but aren’t ready to use the Rust compiler. In the long term, we hope to transition users to either use precompiled SymCrypt binaries, or compile from source code in Rust, at which point the Rust-to-C compilation path will no longer be needed. Microsoft research podcast Ideas: AI and democracy with Madeleine Daepp and Robert Osazuwa Ness As the “biggest election year in history” comes to an end, researchers Madeleine Daepp and Robert Osazuwa Ness and Democracy Forward GM Ginny Badanes discuss AI’s impact on democracy, including the tech’s use in Taiwan and India. Listen now Opens in a new tab Timing analysis with Revizor  Even software that has been verified for functional correctness can remain vulnerable to low-level security threats, such as side channels caused by timing leaks or speculative execution. These threats operate at the hardware level and can leak private information, such as memory load addresses, branch targets, or division operands, even when the source code is provably correct.  To address this, we’re extending Revizor, a tool developed by Microsoft Azure Research, to more effectively analyze SymCrypt binaries. Revizor models microarchitectural leakage and uses fuzzing techniques to systematically uncover instructions that may expose private information through known hardware-level effects.   Earlier cryptographic libraries relied on constant-time programming to avoid operations on secret data. However, recent research has shown that this alone is insufficient with today’s CPUs, where every new optimization may open a new side channel.  By analyzing binary code for specific compilers and platforms, our extended Revizor tool enables deeper scrutiny of vulnerabilities that aren’t visible in the source code. Verified Rust implementations begin with ML-KEM This long-term effort is in alignment with the Microsoft Secure Future Initiative and brings together experts across Microsoft, building on decades of Microsoft Research investment in program verification and security tooling. A preliminary version of ML-KEM in Rust is now available on the preview feature/verifiedcryptobranch of the SymCrypt repository. We encourage users to try the Rust build and share feedback. Looking ahead, we plan to support direct use of the same cryptographic library in Rust without requiring C bindings.  Over the coming months, we plan to rewrite, verify, and ship several algorithms in Rust as part of SymCrypt. As our investment in Rust deepens, we expect to gain new insights into how to best leverage the language for high-assurance cryptographic implementations with low-level optimizations.  As performance is key to scalability and sustainability, we’re holding new implementations to a high bar using our benchmarking tools to match or exceed existing systems. Looking forward  This is a pivotal moment for high-assurance software. Microsoft’s investment in Rust and formal verification presents a rare opportunity to advance one of our key libraries. We’re excited to scale this work and ultimately deliver an industrial-grade, Rust-based, FIPS-certified cryptographic library. Opens in a new tab #rewriting #symcrypt #rust #modernize #microsofts
    WWW.MICROSOFT.COM
    Rewriting SymCrypt in Rust to modernize Microsoft’s cryptographic library 
    Outdated coding practices and memory-unsafe languages like C are putting software, including cryptographic libraries, at risk. Fortunately, memory-safe languages like Rust, along with formal verification tools, are now mature enough to be used at scale, helping prevent issues like crashes, data corruption, flawed implementation, and side-channel attacks. To address these vulnerabilities and improve memory safety, we’re rewriting SymCrypt (opens in new tab)—Microsoft’s open-source cryptographic library—in Rust. We’re also incorporating formal verification methods. SymCrypt is used in Windows, Azure Linux, Xbox, and other platforms. Currently, SymCrypt is primarily written in cross-platform C, with limited use of hardware-specific optimizations through intrinsics (compiler-provided low-level functions) and assembly language (direct processor instructions). It provides a wide range of algorithms, including AES-GCM, SHA, ECDSA, and the more recent post-quantum algorithms ML-KEM and ML-DSA.  Formal verification will confirm that implementations behave as intended and don’t deviate from algorithm specifications, critical for preventing attacks. We’ll also analyze compiled code to detect side-channel leaks caused by timing or hardware-level behavior. Proving Rust program properties with Aeneas Program verification is the process of proving that a piece of code will always satisfy a given property, no matter the input. Rust’s type system profoundly improves the prospects for program verification by providing strong ownership guarantees, by construction, using a discipline known as “aliasing xor mutability”. For example, reasoning about C code often requires proving that two non-const pointers are live and non-overlapping, a property that can depend on external client code. In contrast, Rust’s type system guarantees this property for any two mutably borrowed references. As a result, new tools have emerged specifically for verifying Rust code. We chose Aeneas (opens in new tab) because it helps provide a clean separation between code and proofs. Developed by Microsoft Azure Research in partnership with Inria, the French National Institute for Research in Digital Science and Technology, Aeneas connects to proof assistants like Lean (opens in new tab), allowing us to draw on a large body of mathematical proofs—especially valuable given the mathematical nature of cryptographic algorithms—and benefit from Lean’s active user community. Compiling Rust to C supports backward compatibility   We recognize that switching to Rust isn’t feasible for all use cases, so we’ll continue to support, extend, and certify C-based APIs as long as users need them. Users won’t see any changes, as Rust runs underneath the existing C APIs. Some users compile our C code directly and may rely on specific toolchains or compiler features that complicate the adoption of Rust code. To address this, we will use Eurydice (opens in new tab), a Rust-to-C compiler developed by Microsoft Azure Research, to replace handwritten C code with C generated from formally verified Rust. Eurydice (opens in new tab) compiles directly from Rust’s MIR intermediate language, and the resulting C code will be checked into the SymCrypt repository alongside the original Rust source code. As more users adopt Rust, we’ll continue supporting this compilation path for those who build SymCrypt from source code but aren’t ready to use the Rust compiler. In the long term, we hope to transition users to either use precompiled SymCrypt binaries (via C or Rust APIs), or compile from source code in Rust, at which point the Rust-to-C compilation path will no longer be needed. Microsoft research podcast Ideas: AI and democracy with Madeleine Daepp and Robert Osazuwa Ness As the “biggest election year in history” comes to an end, researchers Madeleine Daepp and Robert Osazuwa Ness and Democracy Forward GM Ginny Badanes discuss AI’s impact on democracy, including the tech’s use in Taiwan and India. Listen now Opens in a new tab Timing analysis with Revizor  Even software that has been verified for functional correctness can remain vulnerable to low-level security threats, such as side channels caused by timing leaks or speculative execution. These threats operate at the hardware level and can leak private information, such as memory load addresses, branch targets, or division operands, even when the source code is provably correct.  To address this, we’re extending Revizor (opens in new tab), a tool developed by Microsoft Azure Research, to more effectively analyze SymCrypt binaries. Revizor models microarchitectural leakage and uses fuzzing techniques to systematically uncover instructions that may expose private information through known hardware-level effects.   Earlier cryptographic libraries relied on constant-time programming to avoid operations on secret data. However, recent research has shown that this alone is insufficient with today’s CPUs, where every new optimization may open a new side channel.  By analyzing binary code for specific compilers and platforms, our extended Revizor tool enables deeper scrutiny of vulnerabilities that aren’t visible in the source code. Verified Rust implementations begin with ML-KEM This long-term effort is in alignment with the Microsoft Secure Future Initiative and brings together experts across Microsoft, building on decades of Microsoft Research investment in program verification and security tooling. A preliminary version of ML-KEM in Rust is now available on the preview feature/verifiedcrypto (opens in new tab) branch of the SymCrypt repository. We encourage users to try the Rust build and share feedback (opens in new tab). Looking ahead, we plan to support direct use of the same cryptographic library in Rust without requiring C bindings.  Over the coming months, we plan to rewrite, verify, and ship several algorithms in Rust as part of SymCrypt. As our investment in Rust deepens, we expect to gain new insights into how to best leverage the language for high-assurance cryptographic implementations with low-level optimizations.  As performance is key to scalability and sustainability, we’re holding new implementations to a high bar using our benchmarking tools to match or exceed existing systems. Looking forward  This is a pivotal moment for high-assurance software. Microsoft’s investment in Rust and formal verification presents a rare opportunity to advance one of our key libraries. We’re excited to scale this work and ultimately deliver an industrial-grade, Rust-based, FIPS-certified cryptographic library. Opens in a new tab
    0 Commentaires 0 Parts
  • New Zealand’s Email Security Requirements for Government Organizations: What You Need to Know

    The Secure Government EmailCommon Implementation Framework
    New Zealand’s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service. 
    Key Takeaways

    All NZ government agencies must comply with new email security requirements by October 2025.
    The new framework strengthens trust and security in government communications by preventing spoofing and phishing.
    The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls.
    EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting.

    Start a Free Trial

    What is the Secure Government Email Common Implementation Framework?
    The Secure Government EmailCommon Implementation Framework is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service.
    Why is New Zealand Implementing New Government Email Security Standards?
    The framework was developed by New Zealand’s Department of Internal Affairsas part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the Domain Name Systemto enable the retirement of the legacy SEEMail service and provide:

    Encryption for transmission security
    Digital signing for message integrity
    Basic non-repudiationDomain spoofing protection

    These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications.
    What Email Security Technologies Are Required by the New NZ SGE Framework?
    The SGE Framework outlines the following key technologies that agencies must implement:

    TLS 1.2 or higher with implicit TLS enforced
    TLS-RPTSPFDKIMDMARCwith reporting
    MTA-STSData Loss Prevention controls

    These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks.

    Get in touch

    When Do NZ Government Agencies Need to Comply with this Framework?
    All New Zealand government agencies are expected to fully implement the Secure Government EmailCommon Implementation Framework by October 2025. Agencies should begin their planning and deployment now to ensure full compliance by the deadline.
    The All of Government Secure Email Common Implementation Framework v1.0
    What are the Mandated Requirements for Domains?
    Below are the exact requirements for all email-enabled domains under the new framework.
    ControlExact RequirementTLSMinimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.TLS-RPTAll email-sending domains must have TLS reporting enabled.SPFMust exist and end with -all.DKIMAll outbound email from every sending service must be DKIM-signed at the final hop.DMARCPolicy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.MTA-STSEnabled and set to enforce.Implicit TLSMust be configured and enforced for every connection.Data Loss PreventionEnforce in line with the New Zealand Information Security Manualand Protective Security Requirements.
    Compliance Monitoring and Reporting
    The All of Government Service Deliveryteam will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies. 
    Should compliance changes occur, such as an agency’s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually.
    Deployment Checklist for NZ Government Compliance

    Enforce TLS 1.2 minimum, implicit TLS, MTA-STS & TLS-RPT
    SPF with -all
    DKIM on all outbound email
    DMARC p=reject 
    adkim=s where suitable
    For non-email/parked domains: SPF -all, empty DKIM, DMARC reject strict
    Compliance dashboard
    Inbound DMARC evaluation enforced
    DLP aligned with NZISM

    Start a Free Trial

    How EasyDMARC Can Help Government Agencies Comply
    EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance.
    1. TLS-RPT / MTA-STS audit
    EasyDMARC enables you to enable the Managed MTA-STS and TLS-RPT option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures.

    Note: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three CNAME records provided by EasyDMARC. It’s recommended to start in “testing” mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to “enforce”. The process is simple and takes just a few clicks.

    As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources.
    2. SPF with “-all”In the EasyDARC platform, you can run the SPF Record Generator to create a compliant record. Publish your v=spf1 record with “-all” to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain’s protection against impersonation.

    Note: It is highly recommended to start adjusting your SPF record only after you begin receiving DMARC reports and identifying your legitimate email sources. As we’ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports.
    Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That’s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues.
    3. DKIM on all outbound email
    DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases.
    As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly. If you’re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you’ll need to retrieve the public DKIM key from your provider’s admin interface.
    EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on how to configure SPF and DKIM correctly for major ESPs. 
    Note: At the end of this article, you’ll find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid – helping you avoid common misconfigurations and get aligned with SGE requirements.
    If you’re using a dedicated MTA, DKIM must be implemented manually. EasyDMARC’s DKIM Record Generator lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS.

    4. DMARC p=reject rollout
    As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated. 
    This phased approach ensures full protection against domain spoofing without risking legitimate email delivery.

    5. adkim Strict Alignment Check
    This strict alignment check is not always applicable, especially if you’re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC TXT record, or simply enable strict mode in EasyDMARC’s Managed DMARC settings. This ensures that only emails with a DKIM signature that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender.

    6. Securing Non-Email Enabled Domains
    The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record.
    Under this new framework, you must bulk import and mark parked domains as “Parked.” Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place: • SPF record: “v=spf1 -all”.
    • Wildcard DKIM record with empty public key.• DMARC record: “v=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:…”.
    EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject.
    7. Compliance Dashboard
    Use EasyDMARC’s Domain Scanner to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework.

    8. Inbound DMARC Evaluation Enforced
    You don’t need to apply any changes if you’re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails.
    However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. about this in our step-by-step guide on how to set up SPF, DKIM, and DMARC from Microsoft Defender.
    If you’re using a third-party mail provider that doesn’t enforce having a DMARC policy for incoming emails, which is rare, you’ll need to contact their support to request a configuration change.
    9. Data Loss Prevention Aligned with NZISM
    The New Zealand Information Security Manualis the New Zealand Government’s manual on information assurance and information systems security. It includes guidance on data loss prevention, which must be followed to be aligned with the SEG.
    Need Help Setting up SPF and DKIM for your Email Provider?
    Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We’ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients.
    Below you’ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs.
    Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider.
    Here are our step-by-step guides for the most common platforms:

    Google Workspace

    Microsoft 365

    These guides will help ensure your DNS records are configured correctly as part of the Secure Government EmailFramework rollout.
    Meet New Government Email Security Standards With EasyDMARC
    New Zealand’s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail.
    #new #zealands #email #security #requirements
    New Zealand’s Email Security Requirements for Government Organizations: What You Need to Know
    The Secure Government EmailCommon Implementation Framework New Zealand’s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service.  Key Takeaways All NZ government agencies must comply with new email security requirements by October 2025. The new framework strengthens trust and security in government communications by preventing spoofing and phishing. The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls. EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting. Start a Free Trial What is the Secure Government Email Common Implementation Framework? The Secure Government EmailCommon Implementation Framework is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service. Why is New Zealand Implementing New Government Email Security Standards? The framework was developed by New Zealand’s Department of Internal Affairsas part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the Domain Name Systemto enable the retirement of the legacy SEEMail service and provide: Encryption for transmission security Digital signing for message integrity Basic non-repudiationDomain spoofing protection These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications. What Email Security Technologies Are Required by the New NZ SGE Framework? The SGE Framework outlines the following key technologies that agencies must implement: TLS 1.2 or higher with implicit TLS enforced TLS-RPTSPFDKIMDMARCwith reporting MTA-STSData Loss Prevention controls These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks. Get in touch When Do NZ Government Agencies Need to Comply with this Framework? All New Zealand government agencies are expected to fully implement the Secure Government EmailCommon Implementation Framework by October 2025. Agencies should begin their planning and deployment now to ensure full compliance by the deadline. The All of Government Secure Email Common Implementation Framework v1.0 What are the Mandated Requirements for Domains? Below are the exact requirements for all email-enabled domains under the new framework. ControlExact RequirementTLSMinimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.TLS-RPTAll email-sending domains must have TLS reporting enabled.SPFMust exist and end with -all.DKIMAll outbound email from every sending service must be DKIM-signed at the final hop.DMARCPolicy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.MTA-STSEnabled and set to enforce.Implicit TLSMust be configured and enforced for every connection.Data Loss PreventionEnforce in line with the New Zealand Information Security Manualand Protective Security Requirements. Compliance Monitoring and Reporting The All of Government Service Deliveryteam will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies.  Should compliance changes occur, such as an agency’s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually. Deployment Checklist for NZ Government Compliance Enforce TLS 1.2 minimum, implicit TLS, MTA-STS & TLS-RPT SPF with -all DKIM on all outbound email DMARC p=reject  adkim=s where suitable For non-email/parked domains: SPF -all, empty DKIM, DMARC reject strict Compliance dashboard Inbound DMARC evaluation enforced DLP aligned with NZISM Start a Free Trial How EasyDMARC Can Help Government Agencies Comply EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance. 1. TLS-RPT / MTA-STS audit EasyDMARC enables you to enable the Managed MTA-STS and TLS-RPT option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures. Note: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three CNAME records provided by EasyDMARC. It’s recommended to start in “testing” mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to “enforce”. The process is simple and takes just a few clicks. As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources. 2. SPF with “-all”In the EasyDARC platform, you can run the SPF Record Generator to create a compliant record. Publish your v=spf1 record with “-all” to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain’s protection against impersonation. Note: It is highly recommended to start adjusting your SPF record only after you begin receiving DMARC reports and identifying your legitimate email sources. As we’ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports. Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That’s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues. 3. DKIM on all outbound email DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases. As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly. If you’re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you’ll need to retrieve the public DKIM key from your provider’s admin interface. EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on how to configure SPF and DKIM correctly for major ESPs.  Note: At the end of this article, you’ll find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid – helping you avoid common misconfigurations and get aligned with SGE requirements. If you’re using a dedicated MTA, DKIM must be implemented manually. EasyDMARC’s DKIM Record Generator lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS. 4. DMARC p=reject rollout As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated.  This phased approach ensures full protection against domain spoofing without risking legitimate email delivery. 5. adkim Strict Alignment Check This strict alignment check is not always applicable, especially if you’re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC TXT record, or simply enable strict mode in EasyDMARC’s Managed DMARC settings. This ensures that only emails with a DKIM signature that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender. 6. Securing Non-Email Enabled Domains The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record. Under this new framework, you must bulk import and mark parked domains as “Parked.” Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place: • SPF record: “v=spf1 -all”. • Wildcard DKIM record with empty public key.• DMARC record: “v=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:…”. EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject. 7. Compliance Dashboard Use EasyDMARC’s Domain Scanner to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework. 8. Inbound DMARC Evaluation Enforced You don’t need to apply any changes if you’re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails. However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. about this in our step-by-step guide on how to set up SPF, DKIM, and DMARC from Microsoft Defender. If you’re using a third-party mail provider that doesn’t enforce having a DMARC policy for incoming emails, which is rare, you’ll need to contact their support to request a configuration change. 9. Data Loss Prevention Aligned with NZISM The New Zealand Information Security Manualis the New Zealand Government’s manual on information assurance and information systems security. It includes guidance on data loss prevention, which must be followed to be aligned with the SEG. Need Help Setting up SPF and DKIM for your Email Provider? Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We’ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients. Below you’ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs. Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider. Here are our step-by-step guides for the most common platforms: Google Workspace Microsoft 365 These guides will help ensure your DNS records are configured correctly as part of the Secure Government EmailFramework rollout. Meet New Government Email Security Standards With EasyDMARC New Zealand’s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail. #new #zealands #email #security #requirements
    EASYDMARC.COM
    New Zealand’s Email Security Requirements for Government Organizations: What You Need to Know
    The Secure Government Email (SGE) Common Implementation Framework New Zealand’s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service.  Key Takeaways All NZ government agencies must comply with new email security requirements by October 2025. The new framework strengthens trust and security in government communications by preventing spoofing and phishing. The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls. EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting. Start a Free Trial What is the Secure Government Email Common Implementation Framework? The Secure Government Email (SGE) Common Implementation Framework is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service. Why is New Zealand Implementing New Government Email Security Standards? The framework was developed by New Zealand’s Department of Internal Affairs (DIA) as part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the Domain Name System (DNS) to enable the retirement of the legacy SEEMail service and provide: Encryption for transmission security Digital signing for message integrity Basic non-repudiation (by allowing only authorized senders) Domain spoofing protection These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications. What Email Security Technologies Are Required by the New NZ SGE Framework? The SGE Framework outlines the following key technologies that agencies must implement: TLS 1.2 or higher with implicit TLS enforced TLS-RPT (TLS Reporting) SPF (Sender Policy Framework) DKIM (DomainKeys Identified Mail) DMARC (Domain-based Message Authentication, Reporting, and Conformance) with reporting MTA-STS (Mail Transfer Agent Strict Transport Security) Data Loss Prevention controls These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks. Get in touch When Do NZ Government Agencies Need to Comply with this Framework? All New Zealand government agencies are expected to fully implement the Secure Government Email (SGE) Common Implementation Framework by October 2025. Agencies should begin their planning and deployment now to ensure full compliance by the deadline. The All of Government Secure Email Common Implementation Framework v1.0 What are the Mandated Requirements for Domains? Below are the exact requirements for all email-enabled domains under the new framework. ControlExact RequirementTLSMinimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.TLS-RPTAll email-sending domains must have TLS reporting enabled.SPFMust exist and end with -all.DKIMAll outbound email from every sending service must be DKIM-signed at the final hop.DMARCPolicy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.MTA-STSEnabled and set to enforce.Implicit TLSMust be configured and enforced for every connection.Data Loss PreventionEnforce in line with the New Zealand Information Security Manual (NZISM) and Protective Security Requirements (PSR). Compliance Monitoring and Reporting The All of Government Service Delivery (AoGSD) team will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies.  Should compliance changes occur, such as an agency’s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually. Deployment Checklist for NZ Government Compliance Enforce TLS 1.2 minimum, implicit TLS, MTA-STS & TLS-RPT SPF with -all DKIM on all outbound email DMARC p=reject  adkim=s where suitable For non-email/parked domains: SPF -all, empty DKIM, DMARC reject strict Compliance dashboard Inbound DMARC evaluation enforced DLP aligned with NZISM Start a Free Trial How EasyDMARC Can Help Government Agencies Comply EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance. 1. TLS-RPT / MTA-STS audit EasyDMARC enables you to enable the Managed MTA-STS and TLS-RPT option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures. Note: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three CNAME records provided by EasyDMARC. It’s recommended to start in “testing” mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to “enforce”. The process is simple and takes just a few clicks. As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources. 2. SPF with “-all”In the EasyDARC platform, you can run the SPF Record Generator to create a compliant record. Publish your v=spf1 record with “-all” to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain’s protection against impersonation. Note: It is highly recommended to start adjusting your SPF record only after you begin receiving DMARC reports and identifying your legitimate email sources. As we’ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports. Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That’s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues. 3. DKIM on all outbound email DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases. As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly (see first screenshot). If you’re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you’ll need to retrieve the public DKIM key from your provider’s admin interface (see second screenshot). EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on how to configure SPF and DKIM correctly for major ESPs.  Note: At the end of this article, you’ll find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid – helping you avoid common misconfigurations and get aligned with SGE requirements. If you’re using a dedicated MTA (e.g., Postfix), DKIM must be implemented manually. EasyDMARC’s DKIM Record Generator lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS (see third and fourth screenshots). 4. DMARC p=reject rollout As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated.  This phased approach ensures full protection against domain spoofing without risking legitimate email delivery. 5. adkim Strict Alignment Check This strict alignment check is not always applicable, especially if you’re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC TXT record, or simply enable strict mode in EasyDMARC’s Managed DMARC settings. This ensures that only emails with a DKIM signature that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender. 6. Securing Non-Email Enabled Domains The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record. Under this new framework, you must bulk import and mark parked domains as “Parked.” Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place: • SPF record: “v=spf1 -all”. • Wildcard DKIM record with empty public key.• DMARC record: “v=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:…”. EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject. 7. Compliance Dashboard Use EasyDMARC’s Domain Scanner to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework. 8. Inbound DMARC Evaluation Enforced You don’t need to apply any changes if you’re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails. However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. Read more about this in our step-by-step guide on how to set up SPF, DKIM, and DMARC from Microsoft Defender. If you’re using a third-party mail provider that doesn’t enforce having a DMARC policy for incoming emails, which is rare, you’ll need to contact their support to request a configuration change. 9. Data Loss Prevention Aligned with NZISM The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s manual on information assurance and information systems security. It includes guidance on data loss prevention (DLP), which must be followed to be aligned with the SEG. Need Help Setting up SPF and DKIM for your Email Provider? Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We’ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients. Below you’ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs. Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider. Here are our step-by-step guides for the most common platforms: Google Workspace Microsoft 365 These guides will help ensure your DNS records are configured correctly as part of the Secure Government Email (SGE) Framework rollout. Meet New Government Email Security Standards With EasyDMARC New Zealand’s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail.
    0 Commentaires 0 Parts
  • My unexpected Pride icon: Link from the Zelda games, a non-binary hero who helped me work out who I was

    Growing up steeped in the aggressive gender stereotypes of the 1990s was a real trip for most queer millennials, but I think gamers had it especially hard. Almost all video game characters were hypermasculine military men, unrealistically curvaceous fantasy women wearing barely enough armour to cover their nipples, or cartoon animals. Most of these characters catered exclusively to straight teenage boys; overt queer representation in games was pretty much nonexistent until the mid 2010s. Before that, we had to take what we could get. And what I had was Link, from The Legend of Zelda.Link. Composite: Guardian Design; Zuma Press/AlamyLink is a boy, but he didn’t really look like one. He wore a green tunic and a serious expression under a mop of blond hair. He is the adventurous, mostly silent hero of the Zelda games, unassuming and often vulnerable, but also resourceful, daring and handy with a sword. In most of the early Zelda games, he is a kid of about 10, but even when he grew into a teenager in 1998’s Ocarina of Time on the Nintendo 64, he didn’t become a furious lump of muscle. He stayed androgynous, in his tunic and tights. As a kid, I would dress up like him for Halloween, carefully centre-parting my blond fringe. Link may officially be a boy, but for me he has always been a non-binary icon.As time has gone on and game graphics have evolved, Link has stayed somewhat gender-ambiguous. Gay guys and gender-fluid types alike appreciate his ageless twink energy. And given the total lack of thought that most game developers gave to players who weren’t straight and male, I felt vindicated when I found out that this was intentional. In 2016, the Zelda series’ producer Eiji Aonuma told Time magazine that the development team had experimented a little with Link’s gender presentation over the years, but that he felt that the character’s androgyny was part of who he was.“back during the Ocarina of Time days, I wanted Link to be gender neutral,” he said. “I wanted the player to think: ‘Maybe Link is a boy or a girl.’ If you saw Link as a guy, he’d have more of a feminine touch. Or vice versa … I’ve always thought that for either female or male players, I wanted them to be able to relate to Link.”As it turns out, Link appeals perhaps most of all to those of us somewhere in between. In 2023, the tech blog io9 spoke to many transgender and non-binary people who saw something of themselves in Link: he has acquired a reputation as an egg-cracker, a fictional character who prompts a realisation about your own gender identity.Despite their outdated reputation as a pursuit for adolescent boys, video games have always been playgrounds for gender experimentation and expression. There are legions of trans, non-binary and gender non-conforming people who first started exploring their identity with customisable game characters in World of Warcraft, or gender-swapping themselves in The Sims – the digital equivalent of dressing up. Video games are the closest you can come to stepping into a new body for a bit and seeing how it feels.It is no surprise to me that a lot of queer people are drawn to video games. A 2024 survey by GLAAD found that 17% of gamers identify as LGBTQ+, a huge number compared with the general population. It may be because people who play games skew younger – 40 and below – but I also think it’s because gender is all about play. What fun it is to mess with the rules, subvert people’s expectations and create your own character. It is as empowering as any world-saving quest.
    #unexpected #pride #icon #link #zelda
    My unexpected Pride icon: Link from the Zelda games, a non-binary hero who helped me work out who I was
    Growing up steeped in the aggressive gender stereotypes of the 1990s was a real trip for most queer millennials, but I think gamers had it especially hard. Almost all video game characters were hypermasculine military men, unrealistically curvaceous fantasy women wearing barely enough armour to cover their nipples, or cartoon animals. Most of these characters catered exclusively to straight teenage boys; overt queer representation in games was pretty much nonexistent until the mid 2010s. Before that, we had to take what we could get. And what I had was Link, from The Legend of Zelda.Link. Composite: Guardian Design; Zuma Press/AlamyLink is a boy, but he didn’t really look like one. He wore a green tunic and a serious expression under a mop of blond hair. He is the adventurous, mostly silent hero of the Zelda games, unassuming and often vulnerable, but also resourceful, daring and handy with a sword. In most of the early Zelda games, he is a kid of about 10, but even when he grew into a teenager in 1998’s Ocarina of Time on the Nintendo 64, he didn’t become a furious lump of muscle. He stayed androgynous, in his tunic and tights. As a kid, I would dress up like him for Halloween, carefully centre-parting my blond fringe. Link may officially be a boy, but for me he has always been a non-binary icon.As time has gone on and game graphics have evolved, Link has stayed somewhat gender-ambiguous. Gay guys and gender-fluid types alike appreciate his ageless twink energy. And given the total lack of thought that most game developers gave to players who weren’t straight and male, I felt vindicated when I found out that this was intentional. In 2016, the Zelda series’ producer Eiji Aonuma told Time magazine that the development team had experimented a little with Link’s gender presentation over the years, but that he felt that the character’s androgyny was part of who he was.“back during the Ocarina of Time days, I wanted Link to be gender neutral,” he said. “I wanted the player to think: ‘Maybe Link is a boy or a girl.’ If you saw Link as a guy, he’d have more of a feminine touch. Or vice versa … I’ve always thought that for either female or male players, I wanted them to be able to relate to Link.”As it turns out, Link appeals perhaps most of all to those of us somewhere in between. In 2023, the tech blog io9 spoke to many transgender and non-binary people who saw something of themselves in Link: he has acquired a reputation as an egg-cracker, a fictional character who prompts a realisation about your own gender identity.Despite their outdated reputation as a pursuit for adolescent boys, video games have always been playgrounds for gender experimentation and expression. There are legions of trans, non-binary and gender non-conforming people who first started exploring their identity with customisable game characters in World of Warcraft, or gender-swapping themselves in The Sims – the digital equivalent of dressing up. Video games are the closest you can come to stepping into a new body for a bit and seeing how it feels.It is no surprise to me that a lot of queer people are drawn to video games. A 2024 survey by GLAAD found that 17% of gamers identify as LGBTQ+, a huge number compared with the general population. It may be because people who play games skew younger – 40 and below – but I also think it’s because gender is all about play. What fun it is to mess with the rules, subvert people’s expectations and create your own character. It is as empowering as any world-saving quest. #unexpected #pride #icon #link #zelda
    WWW.THEGUARDIAN.COM
    My unexpected Pride icon: Link from the Zelda games, a non-binary hero who helped me work out who I was
    Growing up steeped in the aggressive gender stereotypes of the 1990s was a real trip for most queer millennials, but I think gamers had it especially hard. Almost all video game characters were hypermasculine military men, unrealistically curvaceous fantasy women wearing barely enough armour to cover their nipples, or cartoon animals. Most of these characters catered exclusively to straight teenage boys (or, I guess, furries); overt queer representation in games was pretty much nonexistent until the mid 2010s. Before that, we had to take what we could get. And what I had was Link, from The Legend of Zelda.Link. Composite: Guardian Design; Zuma Press/AlamyLink is a boy, but he didn’t really look like one. He wore a green tunic and a serious expression under a mop of blond hair. He is the adventurous, mostly silent hero of the Zelda games, unassuming and often vulnerable, but also resourceful, daring and handy with a sword. In most of the early Zelda games, he is a kid of about 10, but even when he grew into a teenager in 1998’s Ocarina of Time on the Nintendo 64, he didn’t become a furious lump of muscle. He stayed androgynous, in his tunic and tights. As a kid, I would dress up like him for Halloween, carefully centre-parting my blond fringe. Link may officially be a boy, but for me he has always been a non-binary icon.As time has gone on and game graphics have evolved, Link has stayed somewhat gender-ambiguous. Gay guys and gender-fluid types alike appreciate his ageless twink energy. And given the total lack of thought that most game developers gave to players who weren’t straight and male, I felt vindicated when I found out that this was intentional. In 2016, the Zelda series’ producer Eiji Aonuma told Time magazine that the development team had experimented a little with Link’s gender presentation over the years, but that he felt that the character’s androgyny was part of who he was.“[Even] back during the Ocarina of Time days, I wanted Link to be gender neutral,” he said. “I wanted the player to think: ‘Maybe Link is a boy or a girl.’ If you saw Link as a guy, he’d have more of a feminine touch. Or vice versa … I’ve always thought that for either female or male players, I wanted them to be able to relate to Link.”As it turns out, Link appeals perhaps most of all to those of us somewhere in between. In 2023, the tech blog io9 spoke to many transgender and non-binary people who saw something of themselves in Link: he has acquired a reputation as an egg-cracker, a fictional character who prompts a realisation about your own gender identity.Despite their outdated reputation as a pursuit for adolescent boys, video games have always been playgrounds for gender experimentation and expression. There are legions of trans, non-binary and gender non-conforming people who first started exploring their identity with customisable game characters in World of Warcraft, or gender-swapping themselves in The Sims – the digital equivalent of dressing up. Video games are the closest you can come to stepping into a new body for a bit and seeing how it feels.It is no surprise to me that a lot of queer people are drawn to video games. A 2024 survey by GLAAD found that 17% of gamers identify as LGBTQ+, a huge number compared with the general population. It may be because people who play games skew younger – 40 and below – but I also think it’s because gender is all about play. What fun it is to mess with the rules, subvert people’s expectations and create your own character. It is as empowering as any world-saving quest.
    0 Commentaires 0 Parts
  • Powering next-gen services with AI in regulated industries 

    Businesses in highly-regulated industries like financial services, insurance, pharmaceuticals, and health care are increasingly turning to AI-powered tools to streamline complex and sensitive tasks. Conversational AI-driven interfaces are helping hospitals to track the location and delivery of a patient’s time-sensitive cancer drugs. Generative AI chatbots are helping insurance customers answer questions and solve problems. And agentic AI systems are emerging to support financial services customers in making complex financial planning and budgeting decisions. 

    “Over the last 15 years of digital transformation, the orientation in many regulated sectors has been to look at digital technologies as a place to provide more cost-effective and meaningful customer experience and divert customers from higher-cost, more complex channels of service,” says Peter Neufeld, who leads the EY Studio+ digital and customer experience capability at EY for financial services companies in the UK, Europe, the Middle East, and Africa. 

    DOWNLOAD THE FULL REPORT

    For many, the “last mile” of the end-to-end customer journey can present a challenge. Services at this stage often involve much more complex interactions than the usual app or self-service portal can handle. This could be dealing with a challenging health diagnosis, addressing late mortgage payments, applying for government benefits, or understanding the lifestyle you can afford in retirement. “When we get into these more complex service needs, there’s a real bias toward human interaction,” says Neufeld. “We want to speak to someone, we want to understand whether we’re making a good decision, or we might want alternative views and perspectives.” 

    But these high-cost, high-touch interactions can be less than satisfying for customers when handled through a call center if, for example, technical systems are outdated or data sources are disconnected. Those kinds of problems ultimately lead to the possibility of complaints and lost business. Good customer experience is critical for the bottom line. Customers are 3.8 times more likely to make return purchases after a successful experience than after an unsuccessful one, according to Qualtrics. Intuitive AI-driven systems— supported by robust data infrastructure that can efficiently access and share information in real time— can boost the customer experience, even in complex or sensitive situations. 

    Download the full report.

    This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.

    This content was researched, designed, and written entirely by human writers, editors, analysts, and illustrators. This includes the writing of surveys and collection of data for surveys. AI tools that may have been used were limited to secondary production processes that passed thorough human review.
    #powering #nextgen #services #with #regulated
    Powering next-gen services with AI in regulated industries 
    Businesses in highly-regulated industries like financial services, insurance, pharmaceuticals, and health care are increasingly turning to AI-powered tools to streamline complex and sensitive tasks. Conversational AI-driven interfaces are helping hospitals to track the location and delivery of a patient’s time-sensitive cancer drugs. Generative AI chatbots are helping insurance customers answer questions and solve problems. And agentic AI systems are emerging to support financial services customers in making complex financial planning and budgeting decisions.  “Over the last 15 years of digital transformation, the orientation in many regulated sectors has been to look at digital technologies as a place to provide more cost-effective and meaningful customer experience and divert customers from higher-cost, more complex channels of service,” says Peter Neufeld, who leads the EY Studio+ digital and customer experience capability at EY for financial services companies in the UK, Europe, the Middle East, and Africa.  DOWNLOAD THE FULL REPORT For many, the “last mile” of the end-to-end customer journey can present a challenge. Services at this stage often involve much more complex interactions than the usual app or self-service portal can handle. This could be dealing with a challenging health diagnosis, addressing late mortgage payments, applying for government benefits, or understanding the lifestyle you can afford in retirement. “When we get into these more complex service needs, there’s a real bias toward human interaction,” says Neufeld. “We want to speak to someone, we want to understand whether we’re making a good decision, or we might want alternative views and perspectives.”  But these high-cost, high-touch interactions can be less than satisfying for customers when handled through a call center if, for example, technical systems are outdated or data sources are disconnected. Those kinds of problems ultimately lead to the possibility of complaints and lost business. Good customer experience is critical for the bottom line. Customers are 3.8 times more likely to make return purchases after a successful experience than after an unsuccessful one, according to Qualtrics. Intuitive AI-driven systems— supported by robust data infrastructure that can efficiently access and share information in real time— can boost the customer experience, even in complex or sensitive situations.  Download the full report. This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff. This content was researched, designed, and written entirely by human writers, editors, analysts, and illustrators. This includes the writing of surveys and collection of data for surveys. AI tools that may have been used were limited to secondary production processes that passed thorough human review. #powering #nextgen #services #with #regulated
    WWW.TECHNOLOGYREVIEW.COM
    Powering next-gen services with AI in regulated industries 
    Businesses in highly-regulated industries like financial services, insurance, pharmaceuticals, and health care are increasingly turning to AI-powered tools to streamline complex and sensitive tasks. Conversational AI-driven interfaces are helping hospitals to track the location and delivery of a patient’s time-sensitive cancer drugs. Generative AI chatbots are helping insurance customers answer questions and solve problems. And agentic AI systems are emerging to support financial services customers in making complex financial planning and budgeting decisions.  “Over the last 15 years of digital transformation, the orientation in many regulated sectors has been to look at digital technologies as a place to provide more cost-effective and meaningful customer experience and divert customers from higher-cost, more complex channels of service,” says Peter Neufeld, who leads the EY Studio+ digital and customer experience capability at EY for financial services companies in the UK, Europe, the Middle East, and Africa.  DOWNLOAD THE FULL REPORT For many, the “last mile” of the end-to-end customer journey can present a challenge. Services at this stage often involve much more complex interactions than the usual app or self-service portal can handle. This could be dealing with a challenging health diagnosis, addressing late mortgage payments, applying for government benefits, or understanding the lifestyle you can afford in retirement. “When we get into these more complex service needs, there’s a real bias toward human interaction,” says Neufeld. “We want to speak to someone, we want to understand whether we’re making a good decision, or we might want alternative views and perspectives.”  But these high-cost, high-touch interactions can be less than satisfying for customers when handled through a call center if, for example, technical systems are outdated or data sources are disconnected. Those kinds of problems ultimately lead to the possibility of complaints and lost business. Good customer experience is critical for the bottom line. Customers are 3.8 times more likely to make return purchases after a successful experience than after an unsuccessful one, according to Qualtrics. Intuitive AI-driven systems— supported by robust data infrastructure that can efficiently access and share information in real time— can boost the customer experience, even in complex or sensitive situations.  Download the full report. This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff. This content was researched, designed, and written entirely by human writers, editors, analysts, and illustrators. This includes the writing of surveys and collection of data for surveys. AI tools that may have been used were limited to secondary production processes that passed thorough human review.
    0 Commentaires 0 Parts
  • Devs are considering quitting en masse because of embarrassing legacy tech, survey finds

    Developers are increasingly quitting jobs over outdated tech stacks, citing embarrassment, poor morale, and dysfunctional CMS tools as major reasons for career rethinking.
    #devs #are #considering #quitting #masse
    Devs are considering quitting en masse because of embarrassing legacy tech, survey finds
    Developers are increasingly quitting jobs over outdated tech stacks, citing embarrassment, poor morale, and dysfunctional CMS tools as major reasons for career rethinking. #devs #are #considering #quitting #masse
    WWW.TECHRADAR.COM
    Devs are considering quitting en masse because of embarrassing legacy tech, survey finds
    Developers are increasingly quitting jobs over outdated tech stacks, citing embarrassment, poor morale, and dysfunctional CMS tools as major reasons for career rethinking.
    0 Commentaires 0 Parts
Plus de résultats