August 27, 2016

What is Bitshares?

With BitShares it is possible to trade many different types of assets in addition to the native cryptocoin. In particular, there are what are called Smartcoins and User-Issued Assets. Smartcoins are coins like bitUSD, bitGOLD, and bitCNY that track the value of their counterparts, so that 1 bitUSD today will be worth 1 USD a week, month or year from now. With Smartcoins, people can enjoy the benefits of the blockchain payment network without being exposed to the volatility associated with its disruptive yet nascent stage of development. User-Issued Assets are, as the name suggests, assets issued by the user – meaning anyone can issue their own asset. The issuer of the asset can set various levels of control that they have of the asset, including having no control at all.

FinTech in Canada Explained

Robo-advisors are no joke, they’re completely changing the industry. Now you can get a professionally managed portfolio at a fraction of the price of mutual funds. It’s not like it’s actual robots running your portfolios, there are real people behind the scenes that have designed portfolios based around ETFs. The general idea is that you answer a series of questions and then a portfolio will be recommended to you. The portfolios are passive and change only happens when certain preset conditions are met. It’s still cheaper to be a DIY investor, but there’s no denying that robo-advisors are a good alternative. Your investments are also protected under the Canadian Investor Protection Fund. Don’t worry if you have lots invested, many robo-advisors have additional insurance available that is free.

Will Blockchain Technology Revolutionize the Banking Industry?

Given the unique capabilities of blockchain, it is no surprise that financial organizations are actively exploring its use in a variety of potential applications. They can, for example, use it to enable faster processing time, gain greater insight into market moves, increase transparency and compliance, and substantially lower costs. According to a report co-authored by Santander, it’s estimated that blockchain technology could reduce banks' infrastructure costs alone by up to $20 billion a year. There are broader applications of blockchain across other industries, as evidenced by the fact that investments and funding of blockchain-related start-ups had grown from US$298 million in 2014 to almost US$460 million. The potential exists to transform any transaction where speed, trusted and reconciled data, and secure handling of payments.

Public blockchains gaining acceptance at Bank of Japan’s Payment and Settlement Forum

“When digital currencies become to be widely used, people will not have to have bank accounts for payment purposes.” Commercial banks could become “unable to provide ‘finality’ to payments,” Hoki states. In this scenario, non-bank financial intermediation “might become more pronounced,” he claimed, and the possibility of using public-type DLTs for fund settlements will subsequently be undeniable. A discussion about financial blockchain applications followed Koji's presentation. Ryu Takaki, an Associate Partner at IBM Japan, Ltd, raised various issues including anonymity, transparency, delayed finality, and maintaining mining incentives.

How the ‘third unbundling’ is disrupting traditional business

The third unbundling is reshaping entire industries, as businesses break down enormous operating structures into smaller, more agile and innovative units. As with most transformational trends, this idea is heavily rooted in Silicon Valley thinking – where companies think big and think disruptive, asking the question, ‘How can we challenge the big institutions that are forcing us to do things in a certain way?’ The ‘Silicon Valley’ mind-set takes the view that by using the right people, processes, tools and technologies, it is possible to remake whole industries for the better. The services and suppliers that are causing unnecessary hassle in people’s lives are disassembled and then remade as ‘customer first’ businesses.

Why Compliance is a Key Element in Fintech

Consider a case where a client’s fraudulent scheme placate a financial institution. If they willfully defects to file a Suspicious Activity Report (SAR), then by default it will be flagged as the co-conspirator and becomes liable to litigation. This renders a clear message for fintech companies to possess higher accountability for actions which it may have otherwise neglected. CCOs (Chief Compliance Officers) will be under the constant burden to substantiate that their ventures are on track and compliant with the rules. Hence, nowadays they primarily come up with sandbox protocols for testing required compliance issues. To augment it, they are creating internal control processes to analyze Currency Transaction Reports (CTRs) and SARs. Regular audits are invoked to rejuvenate the regulatory updates to the concerned officials.

How to prevent your IoT devices from being forced into botnet bondage

Some of the problem stems from inherent limitations characterizing IoTdevices. “Device constraints preventagents such as antimalware, antivirus and firewall to be run on the device to protect itself, thus, traditional IT security practices are difficult to deploy on IoT devices,” says Preetham Naik, business development expert at Subex. These constraints include computation and storage limitations, as well as the use of stripped-down versions of known operating systems such as Linux. As Zeifman points out, the combination of advanced computing capabilities, high connectivity and lackluster security makes IoT devices “perfect candidates for botnetrecruiters.” Also relevant is the mostly autonomous nature of IoT devices.

Debunking the most common big data backup and recovery myths

Big data has become a priority for most organizations, which are increasingly aware of the central role data can play in their success. But firms continue to struggle with how to best protect, manage and analyze data within today's modern architectures. Not doing so can result in extended downtime and potential data loss costing the organization millions of dollars. Unlike traditional data platforms (Oracle, SQL*Server, etc.), which are managed by IT professionals, big data platforms (Hadoop, Cassandra, Couchbase, HPE Vertica, etc.) are often managed by engineers or DevOps groups and there are some common misconceptions around big data backup and recovery that need to be cleared up.

So your company’s been hacked: How to handle the aftermath

"Companies are getting hacked left and right. When you get to the point where every day you read about another major company getting hacked and your reaction is, like, 'OK,' then that's a really, really big problem. People are apathetic about cyber security. We have a serious problem. "It's not like we use devices only as a tool. They have become part of daily life and we rely on them. We have shifted to where have so many different types of systems -- from banking to healthcare to transit and the power grid." Cohen Wood believes companies need to educate workers about cyber threats and that IT shops need to assiduously stay on top of cyber threats with a shed of tools. She's also concerned that the major university computer science programs in the U.S. are failing to do nearly enough to prepare IT workers and coders with cyber security courses.

The 3 Biggest Mistakes In Cybersecurity

Cyber security is not an IT problem. It is a risk management problem. This is easier to understand in you work in a regulated industry. There, the concept, language, even governance of risk management is part of the daily lexicon. Not so with small and mid-market business less familiar with the risk management function. It doesn’t help that the very nature of the threat and the way the “payload” of the attack is delivered is via information technologies. It almost makes sense to have IT deal with cyber security. But the victims are not the computers. The victims are the businesses and their people. More importantly: A company’s Information Technology generates Value. It does so a myriad different ways depending on the business you are in, from the actual delivery of goods to clients to complementing, enhancing, and realizing the mission and vision of the company

Quote for the day:

"If Columbus had turned back, no one would have blamed him. Of course, no one would have remembered him either." -- Unknown

August 26, 2016

Financial Networking Company Prepares for ‘Post-Quantum’ World

Traditional computers process information encoded in a binary format — represented by either 0 or 1. Quantum computers, by contrast, work on quantum mechanical principles, including the concept of “superposition” — the idea that a particle can be in two different states, representing both a 0 and 1, simultaneously. This is what potentially gives quantum computers their incredible processing power, theoretically carrying out trillions of calculations per second. And that is what has cybersecurity experts worried. Most digital encryption systems rely on numerical keys that are tens or hundreds of digits long. To break one by trying every possible combination, or by searching for numerical patterns that would allow the encryption algorithm to be reverse-engineered, is beyond the capability of conventional computers — at least in reasonable timescales.

Data lakes security could use a life preserver

The most important security functions with regard to data lakes are authorization and access. Research firm Gartner has warned companies not to overlook the inherent weaknesses of lakes. Data can be placed into a data lake with no oversight of the contents, Gartner analyst Nick Heudecker noted at the firm’s Business Intelligence & Analytics Summit last year. Many data lakes are being used by organizations for data whose privacy and regulatory requirements are likely to represent risk exposure, Heudecker said. The security capabilities of central data lake technologies are still emerging, and the issues of data protection will not be addressed if they’re left to non-IT personnel, he said. Many of the current data lake technologies on the market “don’t have fine-grained security controls that allow for multi-faceted control at the object level,” Hockenberry says.

The AI revolution is coming fast. But without a revolution in trust, it will fail

Deploying AI will require a kind of reboot in the way companies think about privacy and security. AI is fueled by data. The more the machine learns about you, the better it can predict your needs and act on your behalf. But as data becomes the currency of our digital lives, companies must ensure the privacy and security of customer information. And, there is no trust without transparency – companies must give customers clarity on how their personal data is used. It turns out that the capability of AI to detect and remedy security breaches plays a critical role in protecting user privacy and building trust. AI is going to unleash a whole new level of productivity and augment our lives in many ways.

The Most Practical Big Data Use Cases Of 2016

Timely analysis of real-time data is seen as key to driving business performance – as Walmart Senior Statistical Analyst Naveen Peddamail runs Wal Mart’s Data Cafe and tells me: “If you can’t get insights until you’ve analysed your sales for a week or a month, then you’ve lost sales within that time. Our goal is always to get information to our business partners as fast as we can, so they can take action and cut down the turnaround time. It is proactive and reactive analytics.” Peddamail gives an example of a grocery team struggling to understand why sales of a particular produce were unexpectedly declining. Once their data was in the hands of the Cafe analysts, it was established very quickly that the decline was directly attributable to a pricing error. The error was immediately rectified and sales recovered within days.

SD-WAN, NFV deployment leads software-defined networking charge

SD-WAN products combine the power of big data analytics and traditional networking. They monitor traffic flows and network latency and jitter, making real-time decisions on traffic management. A common comparison to SD-WAN is voice traffic management. A PBR approach may dictate leveraging aMultiprotocol Label Switching (MPLS) connection for all voice traffic and a lower-quality Internet VPN for non-latency sensitive traffic. This isn't a hard-and-fast rule; if an MPLS connection is congested on the far side, the Internet VPN is the more viable option. Trying to create a routing policy for this type of dynamic traffic routing wasn't feasible -- at least not until SD-WAN vendors combined the power of general compute with inexpensive network links. Using real-time traffic analysis, middleboxes direct traffic over the best available link.

Threats on Every Side

Some of VMware's liveliest competition is coming from open source communities and suppliers that have based their offerings on open source projects. This includes competitors such as Red Hat Inc., SUSE, Canonical Ltd. and others. The open source communities have addressed all seven layers of the Kusnetzky Group model. The technology coming out of these efforts often are well-tested and quite sound; but they do require some IT background and flexibility. The suppliers in these communities typically ask, "Why pay the xtax on your business?" (where "x" is whatever commercial supplier they're competing with at the moment) when speaking about any commercial vendor. Red Hat, for example, is known to speak about the "Red Hat discount" that other vendors would offer when they learned that Red Hat was one of the competitors.

Mozilla launches free website security scanning service

The tool doesn’t only check for the presence of these technologies, but also whether they’re implemented correctly. What the tool doesn’t do is scan for vulnerabilities in the actual website code, something that already exists in a large number of free and commercial tools. In some respects, achieving a secure website configuration—using all the available technologies developed in recent years by browser makers—is even harder than finding and patching code vulnerabilities. “These technologies are spread over dozens of standard documents, and while individual articles may talk about them, there wasn’t one place to go for site operators to learn what each of the technologies do, how to implement them, and how important they were,” King said in a blog post.

Apple May Be Too Late To Make A Big Social Impact

"Apple is behind in social media," said Jeff Kagan, an independent industry analyst. "This does not mean they will ever be a significant player in social media, but I'm sure that's a target they would like to achieve... If they can marry a successful social media app with their technology, it will help them grow further and faster." Judith Hurwitz, an analyst with Hurwitz & Associates, said it might be easier for the company to buy its way into the social networking world. "It would be interesting to see if Apple will buy a company like Twitter," she told Computerworld in an email. "Starting from scratch may be difficult." However, Hurwitz also noted it might make sense for Apple to focus on a social network based on photos since that would tie into the use of the iPhone's camera.

Blockchain: It's not just for finance anymore

Use of blockchain in financial systems continues to expand and will be an increasingly important technology going forward. But blockchain capability may actually be as or more important to enabling a growing number of high value IoT functions that must also be effectively protected. In the important field of the Enterprise of Things (EoT), having proof of unaltered data is often mission critical and can make the difference in a life or death situation, in hazardous response requirements, or in many other high value interactions/operations. For example, imagine health related data from some monitors that could control life or death situations, being sent to the cloud for processing. How do you know that data is legitimate and unaltered?

Person-to-object interface: Next gen bionics for amputees

In practice CBAS’s aim is to replace the cup and socket system that usually connects prosthetics to the body. This socket is customised to the patient – so expensive – but still doesn’t work very well. People experience pain, their limbs lack functionality and it is hard to track gradual everyday wear and tear. CBAS wants to “standardise the interface” explains Hewage. And using advanced bioengineering and monitoring technologies it aims to create the “USB connector” of prosthetics. This is the next wave of integrated bionics and allows complex interactions between a range of different devices and a number of the body’s organs and systems. The benefit of this standardisation is clear. There is an immediate decrease in the cost of amputee care.

Quote for the day:

"It doesn’t make sense to hire smart people and then tell them what to do; we hire smart people so they can tell us what to do." -- Steve Jobs

August 25, 2016

Reprogram Your Culture

There is power in story as they inform, persuade and educate. Using the power of story, you can tap into foundational beliefs that shape culture. ... Although that’s unlikely, the reinforcing power of the story is that it communicates the value of customer service. It’s far more impactful to share that story than to say, “a Nordstrom core value is customer service.” ... There are four types of stories that shape culture. Identity stories are about who we are and where we came from. They capture what’s unique and special in the DNA. Success and Failure stories are about what is rewarded versus punished. Finally, future stories are about where the organization is going. ISFF (Identity, Success, Failure and Future) are the core stories that you can tell or will be defined by your culture. Change the story to change the culture.

European law enforcement seeking smart ways to fight cyber crime

Manufacturers need to wake up to the risks they face in the connected world and realise that most cyber security vulnerabilities are not solvable using bolt-on systems, but instead relying on sound engineering, software development practices and cyber security best practices. “The most effective cyber security work occurs during the planning, design and early implementation phases of the products, with the difficulty and cost of remediation increasing in correlation with product age and complexity,” said Thuen. Failing to address security at the early development stages could be very costly in the long-run, he said, leading to loss of consumer confidence or even product recalls, which some vehicle manufacturers would find difficult to recover from.

Are You Agile Enough for Polyglot Programming?

An interesting case study in Polyglot Programming is the Obama re-election campaign. The entire project was conceived of, designed, deployed, and dismantled in 583 days. It was spread across 3 data centers and 2000 nodes; it consumed 180 TB of data and supported 10,000 requests per second. Luc Perkins (@lucperkins) says in his blog that the Obama campaign was unbelievably agile. It was 100% cloud based and polyglot. Poly-language, poly-framework, and poly-db. Harper Reed, the CTO for the Obama re-election campaign, knew from the beginning he was resource constrained, so he bet big on the cloud. Without millions of dollars for servers, Harper chose Amazon Web services to host everything.

Trying to make sense of Google's messaging mess

Google's overall approach to development is a problem that impacts strategy and branding throughout the company, according to Dawson. "Teams within Google seem to be empowered to go and create stuff without coordinating with other teams — that can lead to great innovations, but more often than not it appears to lead to this kind of fragmented, disjointed approach to a space," he says. ... Google's seemingly unfocused approach to messaging is also related to the company's failure to create or acquire a wildly popular app. None of its messaging apps have ever reached the scale of WhatsApp, Facebook Messenger, WeChat, Line or others. "The best case scenario for Google is that they hit it big with one of their messaging and communication platforms, and then can start from a base of success before consolidating," says Patrick Moorhead

Apps for Work vs. Office 365 debate as much about culture as tech

Companies are increasingly looking to outsource their email and other productivity software like calendaring and word processing. They're enticed by lower costs, better disaster recovery and scalability offered by vendors, but the market is still nascent. A 2016 study by market research outfit Gartner shows 13% of publicly traded companies are using cloud offerings from either Microsoft or Google. Office 365 claims nearly 9% of the email market; Apps for Work grabs just under 5%. The remaining 87% has email in-house, in data centers or private clouds, or use hosted email services. The two vendors' software packages have the same basic lineup: web-based email, word processing, calendar, messaging, spreadsheets and slideshow generator.

Phishing for Insurance Coverage

Frequently, insurers assert that there is no coverage because the loss did not proximately result from the fraudulent hack, but rather from the intervening actions of duped individuals. Last year, in Apache Corp. v. Great American Insurance Co., a federal court in Texas ruled on an insurer’s challenge that the requirement in the Computer Fraud clause of a Crime policy that the loss result “directly” from the use of a computer was not met. An Apache employee received a call, and then an email attaching a letter, from a person claiming to be an employee of one of Apache’s vendors, requesting a change of the account information to which payment was to be sent for the vendor’s services. The change was made, and $2.4 million was directed to the fraudulent account.

Advocates Want FCC to Address Car Hacking Threat

The PSA noted that a vehicle’s susceptibilities may lie in its wireless communications functions, for example in a mobile device connected to the car through Bluetooth, a USB or Wi-Fi. Third-party devices connected to the car can also cause vulnerabilities, the agencies said. “In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle,” the announcement said. In July 2015, two hackers showed WIRED how they could remotely access a Jeep Cherokee’s systems to manipulate the air conditioning and radio settings, as well as cut the transmission entirely while the reporter was on the highway. Later that month, Fiat-Chrysler formally recalled 1.4 million of their cars that could have been affected by the vulnerability.

How Bloomberg is advancing C++ at scale

Large projects differ in complexity and difficulty in multiple dimensions, which kick in at different magnitudes. For example, as software size crosses the threshold where frequently recompiling the entire system becomes infeasible, you need to be taking insulation techniques seriously.There are three global techniques available in C++, two of which are architectural and one of which is not. The procedural interface, the first of the two architectural techniques, is very specific to C APIs; the second is the pure abstract interface, or protocol, which we use routinely throughout BDE and in system integration in general. The non-architectural technique uses a concrete class, also called PIMPL, or “pointer to implementation”. But, all three are totally insulating, meaning that with them you can insulate the entire implementation.

CISCO Starts Patching Firewall Devices Against NSA-Linked Exploit

ExtraBacon was released earlier this month together with other exploits by one or more individuals who use the name Shadow Brokers. The files were provided as a sample of a larger Equation group toolset the Shadow Brokers outfit has put up for auction. ... Even though the ExtraBacon exploit was designed to work for versions 8.4(4) and earlier of the ASA software, other researchers demonstrated that it can be modified to also work on newer versions. Cisco confirmed in an advisory that all versions of SNMP in Cisco ASA software contain the flaw. On Wednesday, the company updated its advisory to announce the availability of patched versions for different Cisco ASA branches, namely 9.1.7(9), 9.5(3), and 9.6.1(11).

How CISOs can adopt a proper risk management approach

A better approach would be to have a flight detector approach on individual endpoints. When you're on the plane you hope you never need it but in case you have a crash it is a critical feature. Likewise, if you see any unusual network activity you can activate this endpoint and do a real-time analysis. Enterprises should analyse the network traffic in real- time and look for anomalies. This process will give them an early warning. It's called breach detection system and it is very effective on the network layer. But trying to record change at every end point in real-time is cost prohibitive and not very meaningful. Installing an intelligent smart endpoint sensor and a flight recorder at end points will be more beneficial for the enterprises.

Quote for the day:

"If a window of opportunity appears, don't pull down the shade." -- @tom_peters