June 29, 2016

The devil is in the details: The importance of tight processes to strong information security

Policies do not have to be long. In fact, the more succinct the better, so long as they cover the required details. In my experience, they should be quite granular -- single policies that cover a variety of topics are hard to maintain and follow.  Policies are usually augmented by procedures. A procedure defines the specific steps you will follow in the implementation of the related policy, and by their nature should be very detailed. If a procedure is well written, someone familiar with your organization but not a particular function should be able to follow the procedure and complete the function.


How to install MongoDB community edition on Ubuntu Linux

MongoDB is a NoSQL database that avoids the traditional structure of relational databases in favor of document-oriented JSON-like objects. What this translates to is the integration between application and data is faster and easier. If that's not enough, consider this: MongoDB is one the databases preferred by big data and large enterprise companies, including Adobe, Craigslist, eBay, FIFA, Foursquare, and LinkedIn. There are different versions of MongoDB; the version I'll focus on is the community edition. You can easily install MongoDB on Ubuntu from the standard repositories, but that version tends to be out of date. Because of that, I'll show how to install the version from the official MongoDB repositories.


Windows 10's Biggest Controversies

Since the release of Windows 10 last summer, users of Windows 7 or Windows 8 whose computers have Windows Update set to automatically update the OS have gotten pop-up notices telling them to upgrade to Windows 10, and the large installation files for it (which can be about 6GB) have downloaded in the background onto their system’s main drive, usually without the user directly consenting to this. Initially, Microsoft did provide the option to delay the upgrade, and hacks were figured out by users to put off the upgrading and stop the installation files from being downloaded. But Microsoft has become more aggressive in thwarting efforts to block the download by pushing through strongly worded notices that give just two options: “Upgrade now” or “Upgrade tonight.”


Indian Startups Need Lessons from Their Israeli Counterparts

Solving a problem lies at the core of the Israeli tech startups. Outbrain, one of the world’s most successful content recommendation engine, is one such example which highlights the problem solving nature of these active startups. In the words of Ori Lahav and Yaron Galai, founders of Outbrain, the company has solved a complex problem for two business communities. For newspapers facing tough competition from online channels, it helped them develop a significant and sustainable new revenue source in their hard times while for marketers, it provided them with an opportunity to tell their brand story on the internet in a more effective way. By addressing this problem, Outbrain jumped ahead of the curve by coming up with a new business model that solved problems for all parties involved.


BlueData Introduces First Big-Data-as-a-Service Offering

“One of the challenges for organizations thinking about deploying big data workloads in a public cloud is that their data may already be on-premises, and moving it all to the cloud can be challenging, time-consuming and expensive,” says Jason Schroedl, VP of marketing at BlueData. With the latest EPIC release, end users can run big data applications such as Hadoop and Spark on any infrastructure, whether on-prem, public cloud or hybrid deployment. Initially, the offering will be a direct availability program running on AWS, but over time the company plans to make the platform available on Microsoft Azure, Google Cloud and other public cloud services. The user interface and experience remains constant whether customers are using BlueData on-prem or in the cloud, giving the same security and control in terms of how many resources are given to different groups for individual use cases.


Ransomware and Cyber Extortion Are on the Rise – What Can Be Done?

Hardly a day goes by anymore without ransomware or cyber extortion making the news. A seeming turning point in the severity of this crime was the mid-February 2016, cyber extortion of a large Los Angeles hospital chain where a reported ransom of $3 million was originally demanded. Although the ransom ultimately paid was 40 bitcoins (about $17,000, a far cry from $3 million), its payment nevertheless represents a substantial and noteworthy increase from the hundred dollar ransoms that were previously commonplace. Among those taking note are insurers providing cyber coverage, who often will include ransomware coverage in their policies. Since this manner of cybercrime is going to be with us for the foreseeable future, insurers and their insureds are best served by proactively managing, and thereby perhaps eliminating, the harm that may result from a ransomware attack.


A career in Unix: The best and the worst

Of all the work I've done over the years, the one that I miss the most was one in which what I did every day seriously mattered. I was a Unix admin and managed a network of servers and workstations. My users were highly intelligent, dedicated analysts who helped to ensure that intelligent decisions were being made on a national level. At some other positions, I provided an environment that supported development of products that made a difference to many thousands of individuals (e.g., emergency communications), but was so remote from the end product that I never got a sense that I was contributing to something of great value.


'Socially-cooperative' cars are part of the future of driverless vehicles, says CMU professor

The basic idea is that if you program a robot to do some tasks, it may not behave in a way that human beings would normally behave when other human beings are around. You can imagine situations where robots are in a lab and they really don't care, they just get a job done. But things are different out of a lab, when you're in a driving situation. Think about when our car enters a highway from an entrance ramp. We negotiate with nearby cars; if we're close to another car, if it's ahead, we let it go. If we're ahead, it lets us go. If we're close to it, we negotiate with visual cues, and also with speed cues. We speed up in order to indicate that we don't want to yield to the other car. Or, vice versa—they speed up in order to get in front of us.


Decentralizing IoT networks through blockchain

A decentralized approach to IoT networking would solve many of the questions above. Adopting a standardized peer-to-peer communication model to process the hundreds of billions of transactions between devices will significantly reduce the costs associated with installing and maintaining large centralized data centers and will distribute computation and storage needs across the billions of devices that form IoT networks. This will prevent failure in any single node in a network from bringing the entire network to a halting collapse. However, establishing peer-to-peer communications will present its own set of challenges, chief among them the issue of security. And as we all know, IoT security is much more than just about protecting sensitive data. The proposed solution will have to maintain privacy and security in huge IoT networks and offer some form of validation and consensus for transactions to prevent spoofing and theft.


Cybersecurity: Is AI Ready for Primetime In Cyber Defense?

Machine learning is a subset of Artificial Intelligence, a field of computer science that started in 1958 when Marvin Minsky founded the Artificial Intelligence lab. Everyone, including DARPA, was pouring money into it. Their goal was to build a fully artificial intelligence capable of passing the Turing test in fifteen years. However, their plans were overly ambitious, for two reasons. They underestimated the technical difficulty and simply didn’t have enough compute power. When it became clear they weren’t going to meet their goal, funding suddenly dried up and the lab closed. AI became a dirty word. However, AI research continued and went in and out of favor for years. In the 1980s, the Japanese became enamored with AI and started applying it to everything from rice cookers to automated subway trains. But until recently nobody called it AI.



Quote for the day:


"The first responsibility of a leader is to define reality. The last is to say thank you. In between, the leader is a servant." -- Max de Pree


June 28, 2016

A Letter to the Manager: Release the Power of Your Agile Teams

In knowledge work, like software development, there is an almost infinite amount of new stuff to learn and therefore an infinite potential to get more productive. Just using some of this potential will get you far. A team getting together every week or two in a safe space to discuss what works or not will find the most productive ways to work together. A product developed through exploring different possible solutions, will more likely be the one that's even better than you thought in the beginning. One way you can start is to make sure there is slack in the process. By slack we mean time that is not dedicated to specific work and what the time is used for can be decided by either the team or a team-member when the slack time occurs. 


Microsoft-backed Langauge Server Protocol strives for language, tools interoperability

"We developed the protocol based on many learnings and contributions from teams across Microsoft and partners," Microsoft said in a statement. "Visual Studio Code is the first Microsoft product to take advantage of this protocol but in the future other Microsoft products may adopt it as well, including Visual Studio and Xamarin." ... Driving the protocol has been a shift to micro-services and developers writing business logic in any language, Jewell said. Previously, companies such as Microsoft or Red Hat were wedded to a particular language and provided proprietary tooling. "They protected that stack and made it proprietary and guarded it with zealotry that was very intense. All that has changed."


Little Bits of Security – Micro-Segmentation in Clouds

Wouldn’t it be nice if I could create a hardened shell around each one of my applications or services within my datacenter? Opening access to the applications through firewalls and segmented networks that would make your security even more robust? If my outer datacenter security walls were breached, hackers would uncover a set of additional security walls—one for each service/application in your IT infrastructure. The best way to envision this is to think about a bank that has safety deposit boxes in the safe. Even if you broke into the safe there is nothing to take—just a set of secure boxes that also need to be cracked. One of the benefits of this approach is when someone hacks into your datacenter, they only get access to at most one application.


Microsoft’s open source .NET Core and ASP.NET Core hit 1.0

While the 1.0 release of .NET Core is definitely the most important launch today, Microsoft also made a number of other announcements at the Red Hat Summit. The company, for example, is working with Red Hat and CodeEnvy to bring to other tool and language providers the protocol that allows its free Visual Studio Code editor to support more than 100 programming languages already. “This means that any developer can have a consistent, productive editing experience for their favorite programming language on any tool — even if that tool isn’t Visual Studio Code,” Microsoft’s corporate VP for its Data Group Joseph Sirosh explains in today’s announcement. The company is also showcasing a few more of its open-source technologies today, though the demo that will likely draw the most attention is SQL Server 2016 running on Red Hat Enterprise Linux.


Artificial Intelligence Has a ‘Sea of Dudes’ Problem

That's not so surprising, given how few women there are in the field, said Fei-Fei Li, who runs the computer vision lab at Stanford University. Among the Stanford AI lab's 15 researchers, Li is the only woman. She's also one of only five women professors of computer science at the university. "If you were a computer and read all the AI articles and extracted out the names that are quoted, I guarantee you that women rarely show up," Li said. "For every woman who has been quoted about AI technology, there are a hundred more times men were quoted." Much has been made of the tech industry's lack of women engineers and executives. But there's a unique problem with homogeneity in AI. To teach computers about the world, researchers have to gather massive data sets of almost everything.


What the JIT!? Anatomy of the OpenJDK HotSpot VM

OpenJDK HotSpot VM converts bytecode into machine executable code by “mixed-mode” execution. With “mixed-mode”, the first step is interpretation, which converts bytecode into assembly code using a description table. This pre-defined table, also known as the “template table”, has assembly code for each bytecode instruction. Interpretation begins at JVM startup, and is the slowest form of bytecode execution. Java bytecode is platform independent, but interpretation and compilation into machine executable code are definitely dependent on the platform. In-order to get faster, efficient (and adaptive to the underlying platform) machine code generation, the runtime kicks off just-in-time compilation, i.e. JIT compilation. JIT compilation is an adaptive optimization for methods that are proven to be performance critical.


Y Combinator wants to build a tech city, too

More to the point, perhaps, is that a true city is more like an organic entity, growing on its own when conditions are right, than a planned, organized, intentional creation. To date, most attempts to plan and create new cities have turned out to be sterile failures instead of vibrant communities. Cities aren’t companies, where you can hire and fire your way into making sure everyone is on board with the plan. They’re messy, disorganized, contentious places where multiple ideas and goals and cultures ebb and flow according to the needs and desires of the cities’ citizens and would-be citizens. Trying to carefully orchestrate all of that spontaneous confusion and complex energy isn’t just impossible, it’s not a very good idea. Careful command and control in the service of over-arching principles or goals tends to founder on the shoals of residents’ own goals and ambitions. And that’s how most people like it.


Yahoo Wants to Sell Its ‘Chicken Coop’ Data Center Designs

Yahoo plans to structure the potential transaction in a way that will allow it to continue using innovations in the portfolio, including its data center designs, by licensing them from the future buyer. The Yahoo Computing Coop has been a key part of the company’s data center strategy in the US, and it plans to continue using it and iterating on it in the future. “We’ll continue to have access to the Chicken Coop design through our license-back and will look for opportunities to continue to leverage that incredibly efficient design going forward,” the spokesperson said. “Equally, we see value in sharing our data center cooling technology patents as part of the portfolio that we’re divesting, so architectural design and construction firms can leverage that patented technology.”


Fed Agencies Look to Encourage Use of Ethical Hacking In Healthcare

Given the need to improve cybersecurity, Savage revealed to the group that ONC is studying the issue of how the agency can accelerate the rate at which ethical hacking occurs in healthcare. “We are all in this together, and we have to figure it out,” Savage added. “I have no idea at the end of the day if we facilitate more ethical hacking in healthcare whether it will be happening at hospitals or in some lab where the data’s not live. I don’t really have an answer for that today. That’s exactly the kind of thing we’re thinking about.” Dale Nordenberg, MD, a member of the Health IT Standards Committee and CEO of Novasano Health and Science, said that it was exciting to hear that ethical hacking is being considered in healthcare.


McAfee Labs reveals new mobile apps collusion threats

Mobile app collusion requires at least one app with permission to access the restricted information or service, one app without that permission but with access outside the device, and the capability to communicate with each other. Either app could be collaborating on purpose or unintentionally due to accidental data leakage or inclusion of a malicious library or software development kit. ... “Improved detection drives greater efforts at deception,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs group. “It should not come as a surprise that adversaries have responded to mobile security efforts with new threats that attempt to hide in plain sight. Our goal is to make it increasingly harder for malicious apps to gain a foothold on our personal devices, developing smarter tools and techniques to detect colluding mobile apps.”



Quote for the day:


"People often seek and find complexity where there is none" -- Gordon Tredgold


June 27, 2016

BYOD can pose privacy risks to employees

Another worrying feature of MDM platforms is the ability to do a remote wipe. The software can wipe managed apps, or individual apps, or it can wipe the entire phone. "It's something that organizations might want, but it puts personal data at risk," Hafid said. One reason that a company might want to do a full wipe is if employees download company documents to non-managed applications. But it could result in employees losing personal photos and personal messages. "Say you leave the organization and your employer wants to makes sure that there's no corporate data you take with you," he said. "They may wipe the device without notifying you." In addition, many MDM solutions allow companies to restrict smartphone features such as iCloud backups.


Board presentations on IT risk: Don't make these five mistakes

IT leaders fail in their board presentations when they try to use presentations to advance management decisions, such as setting budgets, making investment trade-off decisions, and soliciting guidance on strategic projects. These types of management decisions are the C-suite's job, not the board's. Rather, the board's role is to fulfill its fiduciary duty to ensure risk is managed. This is primarily accomplished by evaluating leadership's effectiveness and ensuring the organization has the right management team in place.  IT leaders who come to their board presentation asking the board to make management decisions about information security are likely to fail. Instead, the best IT leaders ensure that every aspect of their presentation is designed to build their credibility as a leader.


How You Can Improve Customer Experience With Fast Data Analytics

In today’s constantly connected world, customers expect more than ever before from the companies they do business with. With the emergence of big data, businesses have been able to better meet and exceed customer expectations thanks to analytics and data science. However, the role of data in your business’ success doesn’t end with big data – now you can take your data mining and analytics to the next level to improve customer service and your business’ overall customer experience faster than you ever thought possible. Fast data is basically the next step for analysis and application of large data sets (big data). With fast data, big data analytics can be applied to smaller data sets in real time to solve a number of problems for businesses across multiple industries.


Brexit: Uncertainty around funding and skills likely to affect UK tech startups

Christoph Gerlinger, CEO of German Startups Group, said the Brexit was good news for the German startup scene. “We expect a significant decrease in new incorporations in London in favour of Berlin, as well as an influx of successful London startups,” he said. Techspace, a flexible co-working space for tech startups, has expanded to Berlin – a decision which was taken ahead of the referendum. However, its CEO David Galsworthy added that there is “no doubt London will also continue to be a central hub”. Computer Weekly previously reported that Australia has called on UK technology startups to set up shop on its shores, with the promise of government support, a highly skilled workforce and a stepping stone to Asia.


From not working to neural networking

Deep learning comes in many flavours. The most widely used variety is “supervised learning”, a technique that can be used to train a system with the aid of a labelled set of examples. For e-mail spam filtering, for example, it is possible to assemble an enormous database of example messages, each of which is labelled “spam” or “not spam”. A deep-learning system can be trained using this database, repeatedly working through the examples and adjusting the weights inside the neural network to improve its accuracy in assessing spamminess. The great merit of this approach is that there is no need for a human expert to draw up a list of rules, or for a programmer to implement them in code; the system learns directly from the labelled data.


Talking with your hands: How Microsoft researchers are moving beyond keyboard and mouse

“How do we interact with things in the real world? Well, we pick them up, we touch them with our fingers, we manipulate them,” said Shotton, a principal researcher in computer vision at Microsoft’s Cambridge, UK, research lab. “We should be able to do exactly the same thing with virtual objects. We should be able to reach out and touch them.” This kind of technology is still evolving. But the computer scientists and engineers who are working on these projects say they believe they are on the cusp of making hand and gesture recognition tools practical enough for mainstream use, much like many people now use speech recognition to dictate texts or computer vision to recognize faces in photos.


10 Ways Machine Learning Is Revolutionizing Manufacturing

Manufacturers often are challenged with making product and service quality to the workflow level a core part of their companies. Often quality is isolated. Machine learning is revolutionizing product and service quality by determining which internal processes, workflows, and factors contribute most and least to quality objectives being met. Using machine learning manufacturers will be able to attain much greater manufacturing intelligence by predicting how their quality and sourcing decisions contribute to greater Six Sigma performance within the Define, Measure, Analyze, Improve, and Control (DMAIC) framework. ... Manufacturers are turning to more complex, customized products to use more of their production capacity, and machine learning help to optimize the best possible selection of machines, trained staffs, and suppliers.


Step-by-step guide to a blockchain implementation

IT's involvement with blockchain implementations -- and therefore the level of urgency associated with putting this technology into operation -- will to some degree depend on the vertical industry the company is in, with financial services being the most urgent. But as evidenced by Caraher's enthusiasm for blockchain's application to legal services, interest in the technology is widespread. Vendors active around blockchain -- both broad IT vendors such as Microsoft and IBM, as well as niche blockchain suppliers -- say they're fielding calls from virtually all industries. In addition to financial services and legal industries, others include: insurance, utilities, public sector, advertising, healthcare, auditing, supply chain, manufacturing and real estate.


Automotive Grade Linux wants to help open source your next car

The average consumer doesn't know much about Linux and probably nothing about AGL. Truth be told, that doesn't matter. That same average consumer is already using Linux in devices at home and work; smartphones, embedded devices, clouds, chromebooks, etc. And when they purchase a car running AGL, it won't matter that it's Linux; it will only matter that it meets (and exceeds) their needs. AGL will do just that. Linux has already proved how well it can function in embedded systems and smartphones, so there is no reason to think it will not rise far and above what both Google and Apple are doing with their in-car solutions — solutions that cannot fully function without being connected to an external mobile device.


Banking IT community faces uncertain Brexit future

Emmanuel Lumineau, the CEO of Financial Conduct Authority regulated startup BrickVest, a real estate investment platform, said the company might have to move some of its business and people to other EU member states. “Without doubt, the UK is now a less attractive option for fintech investment platforms that want to operate across Europe,” said Lumineau. “Platforms such as Brickvest are typically regulated by the FCA, whose framework allows us, and companies such as ours, to target investors across Europe. “Brexit now means firms will eventually need to find a new regulator on the continent to continue doing business across Europe. Cities such as Paris, Berlin or Frankfurt can offer this. Consequently, BrickVest may have to shift some of our business and team abroad.”



Quote for the day:


"The key to successful leadership is influence, not authority." -- @kenblanchard