Cluster computing

Sunday, May 5, 2024

This is a summary of the book titled “Reputation Analytics: Public opinion for companies” written by Daniel Diermeier and published by University of Chicago Press in 2023. This book outlines the necessity and method for a corporation to protect itself from a corporate reputation crisis. The author explains how small actions and even inactions can cascade into a massive crisis and potentially harm the business, even in the long run. By providing examples and learnings, the author provides a step-by-step framework to achieve that goal. Some of the highlights are that managing a corporate reputation is like thinking as a political strategist. People form both specific and general impressions and they do so in six primary ways. Companies face reputational crises when they trigger a “moral outrage”. It is difficult to fight perceptions that a brand is causing harm, so taking accountability becomes a consideration. The tasks in an activist’s campaign are something that a company must be comfortable managing. Leveraging a deep understanding of media and social network influence and harnessing emerging technologies are necessary. A risk management mindset that avoids common mistakes also helps.

Managing a corporate reputation is similar to managing public opinion, but companies must consider various publics, including customers, employees, investors, business partners, suppliers, and external groups like regulators and the media. Successful reputation management requires assuming external actors' perspectives and viewpoints, as public perceptions are not always rooted in direct experiences and may differ across constituencies, products, and markets. People form specific and general impressions of a brand in six primary ways: repetition, relevance, attention, affect, concordance, and online processing. Companies face reputational crises when they trigger "moral outrage," which is emotional response to a brand's break with ethical norms or values. Moral judgment hinges on three main principles: the duty to avoid causing others harm, upholding fairness, justice, and rights, and respecting moral conventions and values. People employ two modes of thinking when making moral judgments: experiential (experiential) and analytical (logic-based). Companies must make reputation management an integral part of their strategic operations to avoid reputational crises and maintain a positive brand image.

Brands must take accountability for their actions and consider "folk economics" before taking action. The public's perception of commerce and industry can affect a company's reputation. Companies should fight against accusations with clear, easy-to-understand arguments and apologize for any harm caused. Leaders should demonstrate commitment to handling crises and empathy towards those harmed by the company's actions. Modern companies are more likely to face activist campaigns that damage reputations due to increased ethical expectations, media criticism, and trust-based business models. Social activism is more common and less localized, thanks to social media. Companies should adopt corporate social responsibility (CSR) practices but not be afraid of activist attacks. Statistical modeling should consider these factors to avoid misinterpretation. Companies should also leverage a deep understanding of media and social network influence to avoid negative media coverage that can trigger a reputational crisis. For example, Toyota's stock prices plummeted after a car crash, despite the company's overall safety record.

Perceptions and attitudes are influenced by peers, third-party experts, and media, both traditional and user-generated. Building and maintaining a successful reputation in the marketplace requires a deep understanding of these channels of influence. Media outlets can play a significant role in determining the issues to which people pay attention, and when one company in a particular industry or product area comes under media scrutiny, the potential for reputational damage increases for all businesses in that sector and those in closely related sectors. Social media also wields influence over public opinion, and using linear regression models can help identify triggers for a rise in certain variables.

To manage corporate reputation proactively, organizations should explore alternative ways of collecting and analyzing consumer data, such as sentiment analysis, machine learning algorithms, text-analytic scores, and supervised learning models. A risk management mindset is essential, as people will consider a company's current actions and past actions when under public scrutiny.

To avoid reputational crises, shift from reactive crisis management to proactive risk management. Develop a reputation management system into your corporate strategy and appoint a tactical team to oversee it. Regularly update leadership on potential risks and employ preparation strategies for those you cannot avoid. Invest time in assessing important issues that could risk reputational damage. Monitor emerging issues and respond accordingly. By developing a proactive reputation management capability, you increase the likelihood of preventing crises before they occur.

Summarizing Software:

SummarizerCodeSnippets.docx

##codingexercise https://1drv.ms/w/s!Ashlm-Nw-wnWhO1TAZ1Y860-W7-vGw?e=s3pvmb

Saturday, May 4, 2024

This is a summary of the book titled “Leveraged: the new economics of debt and financial fragility” written by Prof.Moritz Schularick and published by University of Chicago Press in 2022. This collection of essays presents an overview of the latest thinking and their practical implications. Assumptions such as those before 2008 that financial institutions will just be fine, are questioned in some contexts and the work of Hyman Minsky who explained human nature’s tendency towards boom-and-bust cycles is a recurring theme and inspiration.

Credit and leverage are fundamental factors in recent crises. Credit booms distort economies and slowdowns follow. A banking system with higher capital to lending ratios does not affect the financial crisis. Financial sector expectations drive lending booms and busts. When credit grows, the price of risk is lowered. A historical categorization of financial crises might just be worth it. This might reveal that a great depression might have been a credit boom gone wrong. Even though credit plays such a big role in creating instability, its policy implications are far from straightforward.

Credit booms distort economies and lead to economic slowdowns. Current financial system regulation is too focused on minimizing the risk of banks getting into trouble, which leads to a dramatic drop in consumer spending and loss of confidence in the wider economy. To address this, the current structure of banking regulation should split risk between creditors and debtors in a socially beneficial manner. One way to tackle this is using "state-contingent contracting" (SCCs), which automatically reduce the amount a borrower needs to pay back during a downturn. Examples of SCCs include student loans and loans to countries based on GDP growth. Credit booms often generate distortions and vulnerabilities that often end in crises. The 2008 financial crisis revealed that both executives and shareholders take risks underwritten by the taxpayer. To address this, "lockups" or "debt-based compensation" for bankers' pay could be created, setting the condition that there will not be bankruptcies or taxpayer bailouts for some time after the remuneration period.

Excessive subprime lending was a popular narrative that led to the 2008 US financial crisis. However, non-investors, such as real estate investors, often had other non-real estate loans in distress, leading to policy implications that differ from those based on the notion that subprime borrowers drove the crisis. Young professionals, who were approximately 14% of all borrowers, represented almost 50% of foreclosures during the crisis's peak. A banking system with higher capital-to-lending ratios does not affect the likelihood of a financial crisis. Despite regulations increasing capital after previous crises, no evidence suggests that banks with more capital suffered less during that period. Research shows that better capital ratios do have an influence on recovery from a crisis. Financial sector expectations drive lending booms and busts, as they amplify trends of the recent past and neglect the mean reversion that long-term data suggests.

Investment industry methodology could improve the process of assessing the riskiness of banks, as recent crises have shown. Portfolio-assessing methodology, which combines market data and bank accounting data, could be a useful tool for banks to assess their risk. Studies show that low asset volatility in the past can predict credit growth, as agents update their views on risk based on the past and are overoptimistic about risk going forward. This could lead to excessive risk, resulting in fragility and raising the likelihood of a bad event.

A comprehensive historical categorization of financial crises is valuable, as it focuses on real-time metrics like bank equity returns, credit spread measures, credit distress metrics, nonperforming loan rates, and other bank data. This quantitative approach contrasts with the vagaries of commentators reporting on financial crises and the filtration of narratives by historians.

Narrative accounts of crises are still valuable, but research reveals that some "quiet crises" with less impact on the general economy have been forgotten or misunderstood. The spread of government-backed deposit insurance and the shift from lending to businesses to real estate were significant events in the US Great Depression.

The US Great Depression may have been a credit boom gone wrong, as credit played a crucial role in generating the bubble. The growth of the money supply continued until 1926, but credit growth continued for a few manic years. Total private credit reached 156% in 1929, more than other developed countries. The New York Fed pressured member banks to cap brokers' loans, but interest rates on brokers' loans proved attractive, leading to nonmember banks, financial institutions, companies, and individuals filling the gap. The Federal Reserve raised interest rates in 1928 to contain the boom, but the stock market continued to rise, attracting money from abroad. The importance of credit in creating financial instability has revived since the 2008 crisis. Evidence suggests that the allocation of credit matters as much as its quantity, and excessive credit directed toward real estate is more likely to come before a financial crisis.

Friday, May 3, 2024

Thursday, May 2, 2024

This is a continuation of a previous article on cloud resources, their IaC, shortcomings and resolutions with some more exciting challenges to talk about. The previous article cited challenges and resolutions with regards to Azure Front Door and its backend services aka origins. This article focuses on ip access restrictions of the origins such as app services but we resume from the earlier mentioned best practices that a good access restriction will not only specify the ip address range of the sender but also verify the header which in the case of Azure Front Door is x-Azure-FDID and is stamped by the Front Door with its GUID. Since the GUID is specific to the instance of the typically unique and global Front Door in most deployments, a rule that checks the header only needs one value to compare against. This header is set by the Front Door on every request so the access restriction rule works against every request.

In this case, the app services must be configured to do IP address filtering to accept traffic from the Front Door’s backend IP address space and Azure’s infrastructure only. As pointed out earlier, this does not mean the ip addresses to which the Front Door’s endpoint resolves to. Instead a complete list of Ip addresses for the backend can be found with the use of a service tag named AzureFrontDoor.Backend which comes helpful not only to find the ip addresses but also to configure rules in the network security group, if desired. The backend ip addresses can be found from their publication at https://www.microsoft.com/download/details.aspx?id=56519 and appropriate CIDR ranges can be determined to encompass all. Note that these pertain to a large number of locations, specifically metros that are spread the world over. Should an ipv6 CIDR be need for these ip ranges, they can be succinctly denoted by 2a01:111:2050::/44 range.

On the other hand, traffic from the Azure’s basic infrastructure services will originate from the virtualized host ip addresses of 168.63.129.16 through 169.254.169.254.

Wednesday, May 1, 2024

This is a continuation of a previous article on cloud resources, their IaC, shortcomings and resolutions with some more exciting challenges to talk about. When compared with a variety of load balancer options, the Azure Front Door aka AFD we cited in the previous article often evokes misunderstanding about the term global. It is true that an instance of the Azure Front Door and CDN profile is not tied down to a region and in fact, appears with the location property set to the value global. But it is really catering to edge load balancing. When clients connect to it from a variety of different locations, AFD provides the entrypoint based on where the nearest edge location is. As a contrast and for a cross region or global load balancer, that’s always entering Azure from the same endpoint, so the entrypoint is what it decides as what is closest to that endpoint. Based on this entrypoint, clients from two different locations, an Azure cross region or global load balancer will route in the same exact way. An AFD will determine the edge location and it doesn’t matter where the azure call was made but what is closest to the FD Edge location, and this provides higher control over latency. Having called out the difference, the similarity is that it uses anycast protocol and slip TCP. It is layer 7 technology and is solely internet facing.

One of the challenges from an internet facing resource is its addressability and the best practice to overcome limitations with ip address is to use DNS names always. This brings into consideration DNS caching where the nameserver goes down, but the time-to-live aka TTL helps to keep the routing going albeit to an unhealthy endpoint. A retry or re-resolve would fix this issue and again that falls under the best practices. Some other best practices are about determining whether the client needs a global or a regional solution, where the traffic enters Azure or if it is latency sensitive, what is the type of workload – on-premises or cloud or hybrid.

When the choice for Azure Front Door is determined, the above plays a big role in connecting destination cloud resources as origins in an origin group. Cloud solution architects are surprised when they connect app services with ip access restrictions behind the Front Door. No matter whether they specify one rule or another, or whether they include the ipv4 and ipv6 addresses that the Front Door endpoint resolves to, they will encounter a 403. AFD leverages 192 edge locations across 109 metro cities – a vast global network of points of presence (POP) to bring the applications closer to the end users. When there are such multiple POP servers involved, all those POP servers must be allowed in the ip access restrictions in the Azure App Services. It is also possible to allowlist based on virtual networks.

Lastly, securing the access restrictions on the app services when it involves IP ACLs, is not complete without setting X-Azure-FDID header check to have the value of the Front Door’s unique identifier in the form of a universal identifier (GUID). This check prevents spoofing.

Tuesday, April 30, 2024

This is a continuation of previous articles on IaC shortcomings and resolutions. One of the primary concerns with cloud-based deployment is cost and there are several built-in features at all levels of resource hierarchy and management portal to become more efficient. Some of the mitigations translate back into the IaC where, for example, existing app services in Azure public cloud that were behind several regional Application Gateways may need to be directly associated with a consolidated global FrontDoor. Such transitions must be carefully planned as there is a chance this will affect ongoing traffic. Both source and destination might have their own DNS aliases and callers may need to eventually move to the global FrontDoor.

The steps can be easily articulated in the form of azure cli commands as requiring the creation of a new origin group within the FrontDoor backend and adding the app services as origin within the group, then creating the ruleset and route to associate with the origin group which are listed in the addendum below.

However, care must be taken to ensure that the resources with private links are not mixed with the resources without private links. So, the organization of app services might differ from the source. Another difference might be the creation of appropriate ruleset where the rules articulate a more fine-grained redirect than was possible earlier. That said, Front Door offers fewer rewriting capabilities than the source, so some selection might be involved.

Finally, it is important to prepare for the contingency of region failures so the FrontDoor can divert traffic between regions. Configuration that prevents this will likely not help with Business Continuity and Disaster Recovery initiatives. Also, probes, logging, private network access, and continuous monitoring for usage and costs will be incurred.

Addendum: steps for automation

# assuming a FrontDoor already exists that can be displayed with:

# az afd profile show --name my-fd-01 --resource-group rg-afd-01

az afd origin-group create \

--resource-group rg-afd-01 \

--origin-group-name my-fd-01-og-02 \

--profile-name my-fd-01 \

--probe-request-type GET \

--probe-protocol Https \

--probe-interval-in-seconds 120 \

--probe-path / \

--sample-size 4 \

--successful-samples-required 3 \

--additional-latency-in-milliseconds 50

az afd origin create \

--resource-group rg-afd-01 \

--host-name web-app-01.azurewebsites.net \

--profile-name my-fd-01 \

--origin-group-name my-fd-01-og-02 \

--origin-name web-app-01 \

--origin-host-header web-app-01.azurewebsites.net \

--priority 2 \

--weight 1000 \

--enabled-state Enabled \

--http-port 80 \

--https-port 443

az afd origin create \

--resource-group rg-afd-01 \

--host-name web-app-02.azurewebsites.net \

--profile-name my-fd-01 \

--origin-group-name my-fd-01-og-02 \

--origin-name web-app-02 \

--origin-host-header web-app-02.azurewebsites.net \

--priority 2 \

--weight 1000 \

--enabled-state Enabled \

--http-port 80 \

--https-port 443

az afd route create \

--resource-group rg-afd-01 \

--endpoint-name my-fd-01-ep \

--profile-name my-fd-01 \

--route-name my-fd-01-route-02 \

--https-redirect Enabled \

--origin-group my-fd-01-og-02 \

--supported-protocols Https Http \

--link-to-default-domain Enabled \

--forwarding-protocol MatchRequest \

--patterns-to-match /* \

--custom-domains my-fd-01-cd

az afd rule-set create \

--profile-name my-fd-01 \

--resource-group rg-afd-01 \

--rule-set-name ruleset02

az afd rule create \

--resource-group rg-afd-01 \

--rule-set-name ruleset02 \

--profile-name my-fd-01 \

--order 1 \

--match-variable UrlPath \

--operator Contains \

--match-values web-app-01 \

--rule-name rule01 \

--action-name UrlRedirect \

--redirect-protocol Https \

--redirect-type Moved \

--custom-hostname web-app-01.azurewebsites.net

az afd rule create \

--resource-group rg-afd-01 \

--rule-set-name ruleset02 \

--profile-name my-fd-01 \

--order 2 \

--match-variable UrlPath \

--operator Contains \

--match-values web-app-02 \

--rule-name rule02 \

--action-name UrlRedirect \

--redirect-protocol Https \

--redirect-type Moved \

--custom-hostname web-app-02.azurewebsites.net

Monday, April 29, 2024

This is an article on when to go local for hosting automation and apps before eventually moving it to the cloud. In the era of cloud-first development, this still holds value. We take the specific example of building copilots locally. The alternative paradigm to local data processing is federated learning and inferences which helps with privacy preservation, improved data diversity and decentralized data ownership but works best with mature machine learning models.

As a recap, a Copilot is an AI companion that can communicate with a user over a prompt and a response. It can be used for various services such as Azure and Security, and it respects subscription filters. Copilots help users figure out workflows, queries, code and even the links to documentation. They can even obey commands such as changing the theme to light or dark mode. Copilots are well-integrated with many connectors and types of data sources supported. They implement different Natural Language Processing models and are available in various flagship products such as Microsoft 365 and GitHub. They can help create emails, code and collaboration artifacts faster and better.   

This article delves into the creation of a copilot to suggest IaC code relevant to a query. It follows the same precedence as a GitHub Copilot that helps developers write code in programming languages. It is powered by the OpenAI Codex model, which is a modified production version of the Generative Pre-trained Transformer-3 aka (GPT-3). The GPT-3 AI model created by OpenAI features 175 billion parameters for language processing. This is a collaboration effort between OpenAI, Microsoft and GitHub.   

A copilot can be developed with no code using Azure OpenAI studio. We just need to instantiate a studio, associate a model, add the data sources, and allow the model to train. The models differ in syntactic or semantic search.  The latter uses a concept called embedding that discovers the latent meaning behind the occurrences of tokens in the given data. So, it is more inclusive than the former.  A search for time will specifically search for that keyword with the GPT-3 but a search for clock will include the references to time with a model that leverages embeddings.  Either way, a search service is required to create an index over the dataset because it facilitates fast retrieval. A database such as Azure Cosmos DB can be used to assist with vector search.  

At present, all these resources are created in a cloud, but their functionality can also be recreated on a local Windows machine with the upcoming release of the Windows AI Studio. This helps to train the model on documents that are available only locally. Usually, the time to set up the resources is only a couple of minutes but the time to train the model on all the data is the bulk of the duration after which the model can start making responses to the queries posed by the user. The time for the model to respond once it is trained is usually in the order of a couple of seconds.  A cloud storage account has the luxury to retain documents indefinitely and with no limit to size but the training of a model on the corresponding data accrues cost and increases with the size of the data ingested to form an index.  