Daily Tech Digest - June 27, 2017

8 Ways Millennials Impact Your Security Awareness Program

Millennials are the first generation for whom computer devices are ubiquitous in their daily activities. Consider that laptops have become the computer of choice and can be taken anywhere. Cellphones are more powerful and functional than computers were a decade ago — and millenials have had these devices in their pockets for as long as most of them can remember. But use of a technology does not mean that it is safely used and millennials' comfort with technology does not mean that they are more security aware. The tendency is to use technology in a way that is most convenient, not most secure. And while there has been some effort to protect their privacy — primarily from their parents and others — this does not mean that they are aware of all the things there are to protect and how to protect them. The fact is, the more information that is available, the more vulnerable it is made.


Tools that increase IT efficiency pave the way for digital transformations

Content is core to the work of Densho, an organization whose mission is to preserve the testimonies of Japanese Americans who were held in internment camps during World War II. In the past, Densho needed a complex storage environment to house its 30TB of production data, says Geoff Froh, deputy director and CIO at the nonprofit organization based in Seattle. “The two-tier infrastructure was composed of high-performance SAN hardware and high-capacity consumer-grade NAS appliances. The SAN was expensive, difficult to manage and not scalable. The NAS gear was unreliable and lacked the IOPS to handle our workload,” Froh recalls. Densho turned to storage start-up Qumulo, which aims to help enterprises store their data more efficiently and with greater visibility into how content is being used.


Good managers give constructive criticism—but truly masterful leaders offer constructive praise

Most leaders “vastly underestimate the power and necessity of positive reinforcement,” Jack Zenger and Joe Folkman, CEO and president of Zenger/Folkman, write in Harvard Business Review. An abundance of research shows that giving positive feedback increases employees’ sense that they’re learning and growing at their jobs, makes them feel valued, and leads to increased confidence and competence. A 2015 Gallup survey found that 67% of employees whose managers communicated their strengths were fully engaged in their work, as compared to 31% of employees whose managers only communicated their weaknesses. One study found that high-performing teams receive nearly six times more positive feedback than less effective teams—evidence that positive reinforcement really does help the bottom line.


A massive cyberattack is hitting organisations around the world

Many of the initial reports of organisations affected came from Ukraine, including banks, energy companies and even Kiev's main airport. But since then more incidents have been reported across Europe, indicating the incident is affecting more organisations more widely. The National Bank of Ukraine said it has been hit by an "unknown virus" and is having difficulty providing customer services and banking operations as a result, while Kiev's Boryspil International airport is also understood to be suffered from some kind of cyber attack. Ukraine's Interior Ministry has already called the cyberattack the biggest in Ukraine's history. Danish transport and energy firm Maersk has confirmed that its IT systems are down across multiple sites due to a cyberattack, while Russian petroleum company Rosneft has reported a "massive hacker attack" hitting its servers.


How Proper Offboarding Can Help Prevent Data Breaches

"We need to move beyond having a key card or simply taking away people's keys," Hoyas added. "That's not effective nowadays because we have a very mobile workforce." Employees use mobile phones, work remotely on laptops, and log in to company systems from their own computers through shared drives or the cloud. "You need to manage your employees wherever they exist and wherever they log in from," he said. "Users log in from home, from their office and they can log into apps and e-mails from their own devices. Most of the time companies aren't paying for people's cellphones," he pointed out. Employers should keep that in mind when an employee leaves and they must cut off access to his or her computer, Hoyas said.


Under pressure, Western tech firms bow to Russian demands to share cyber secrets

The demands are being made by Russia’s Federal Security Service (FSB), which the U.S. government says took part in the cyber attacks on Hillary Clinton’s 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts. The FSB, which has denied involvement in both the election and Yahoo hacks, doubles as a regulator charged with approving the sale of sophisticated technology products in Russia. The reviews are also conducted by the Federal Service for Technical and Export Control (FSTEC), a Russian defense agency tasked with countering cyber espionage and protecting state secrets. Records published by FSTEC and reviewed by Reuters show that from 1996 to 2013, it conducted source code reviews as part of approvals for 13 technology products from Western companies. In the past three years alone it carried out 28 reviews.


UX is Grounded in Rationale, not Design

Sketching out things is great as it allows you to visualize and conceptualize something, but don’t sketch solutions without understanding of problem. You will end up boxing in your thought process too early if you do that. Though some places may say that sketching in the beginning is good, you could be using your time to distill information and create a solid framework of the work you are trying to do. ... Without building a rationale behind the problem, my reasoning behind my design decisions would end up being part of a non-existing framework I didn’t have to support them. The things I built wouldn’t be as effective if I had just focused on making sense of my research in the beginning.


Building a Blockchain PoC in Ten Minutes Using Hyperledger Composer

Hyperledger Composer, one of the Hyperledger projects hosted by The Linux Foundation, aims to solve this problem by making it easy for blockchain developers to model business assets, participants and transactions and to turn these models into viable blockchain applications. Hyperledger was set up in December 2015 as a collaborative effort to advance cross-industry open-source blockchain technologies for business. It is the fastest growing project in Linux Foundation history and the Hyperledger umbrella currently includes several technologies, from blockchain frameworks such as Hyperledger Fabric and Hyperledger Sawtooth to tools that provide services such as monitoring, identity, development and deployment. Hyperledger Composer is one of these tools.


26 Tools and Frameworks for HTML-based Desktop and Web App Interfaces

If Angular 2 development is your thing, check out Kendo UI for Angular 2, and all-new version of Kendo UI built with TypeScript, JavaScript, and NativeScript -- no jQuery dependencies! Kendo UI for Angular 2 is in Beta as we go to press. Licensing details will be announced along with the V1 release in 2017. Kendo UI professional is available with a free trial version and per-developer, royalty-free licenses at several tiers providing access to additional Telerik developer resources. jQuery UI is another option for building HTML and JavaScript-based application interfaces. It's completely open source and has the advantage of being directly compatible with jQuery, jQuery Mobile, the QUnit JavaScript unit testing framework, and the Sizzle pure-JavaScript CSS selector engine, all directed and licensed by the jQuery foundation.


Windows Seerver Gets The Fast Train

Nano as a container image made for a good strategic fit, Gaynor opined, with the every-six-month upgrade pace justified by the tempo of containerization. "Just look at what's happened with containers in the last five years," he said. Meanwhile, making Server Core available as either always-changing or static also "made sense" to Gaynor because it had taken the place of Nano as the default smaller-footprint installation. The faster tempo lets aggressive customers "have their cake and eat it, too," said Gaynor. Cumulatively, those twice-annual upgrades will compose the feature set of the next Windows Server X. In two or three years, Microsoft will put a stake in the virtual ground by christening Windows Server 2018 or Windows Server 2019, built by the iterative process of shipping Server Core updates.



Quote for the day:


"A positive attitude will not solve all your problems. But it will annoy enough people to make it worth the effort " -- Herm Albright


Daily Tech Digest - June 26, 2017

12 'best practices' IT should avoid at all costs

Legitimizing the idea of internal customers puts IT in a subservient position, where everyone in IT has to make their colleagues happy, whether doing so makes sense for the business or not, let alone whether it encourages the company’s actual customers to buy more products and services. ... Want to do some damage? Establish formal service level agreements, insist your “internal customers” sign them, and treat these SLAs like contracts. And if you really want IT to fail, argue about whether you’ve satisfied your SLAs every time an “internal customer” (there’s that word again) suggests IT isn’t doing what they need it to do. It’s a great way to keep relationships at arm’s length.


Bill Gates and Digitization: Ahead of the Curve Yet Again

While we’ve had elements of a digital supply chain for quite some time, in this more holistic sense of a digital nervous system, we are only beginning to scratch the surface. A nervous system can take our sensory inputs – sight, sound, touch, taste, and smell – and a person can react either instantly or more thoughtfully to what is happening around them. While a WMS is a digital supply chain application, it has a limited scope in how it is using sensor data. It certainly does not react in the holistic way that a nervous system does. There has been an explosion of new sensor data available to be used to create digital supply chains. We are using, or learning to use, SNEW data – social media, news, event, and weather data 


Key Abstractions for IoT-Oriented Software Engineering

The term "IoT system" generally refers to a set of IoT devices and the middleware infrastructure that manages their networking and interaction. Specific software can be deployed logically above an IoT system to orchestrate system activities to provide both specific services and general-purpose applications (or suites of applications). Providing specific services means enabling stakeholders and users to access and exploit things and direct their sensing or actuating capabilities. This includes coordinated services that access groups of things and coordinate their capabilities. For instance, in a hotel conference room, besides providing access to and control of individual appliances, a coordinated service could, by accessing and directing the lighting system, the light sensors, and the curtains, change the room from a presentation configuration to a discussion configuration.


Cybersecurity: The New Normal

Today, cybersecurity is high on everyone’s radar, as a powerful new reality that is penetrating all facets of cyberspace. On a near-daily basis we read of damages to hardware, software, content, products, processes.. No one is immune. No one is safe. This new reality — with the variety of threats, exploits and damages that seemingly multiply day by day — creates new markets, new business opportunities, new strategic concerns and threats to our collective views of law and order. These elements are shaping a new normal which is not yet fully understood. But they are clearly anchored in the nature of the hardware, ever changing uses and functions enabled by evolving software and fueled by the power of human ingenuity. When the Internet was designed, threats to security were not central to the basic architecture nor to the core design principles.


Companies are wasting massive amounts of money on ineffective security solutions

The survey also found that massive amounts of time and money are wasted on ineffective endpoint security solutions and lack of endpoint visibility and control is a major issue. Ineffective overall endpoint security protection costs an average of $6 million in detection, response, and wasted time. Only 27% of survey respondents have confidence that their company can identify the endpoint devices which pose the greatest risk in a highly effective fashion. Worse, 20% reported having no endpoint security strategy at all. On average, according to the report, companies spend over 1150 hours on a weekly basis attempting to detect and contain insecure endpoints, which represents a cost of $6 million spent detecting and containing insecure endpoints or suffering unplanned downtime. Nearly half of those hours are spent chasing false positives, which equates to $1.37 million of annual wasted expenditures.


How to handle risks of hypervisor hacking

First, hold virtualization implementers to high standards. We have learned a lot in the last few decades about development methodologies that reduce defects and quickly detect and remediate defects that make it through development and into production. When consistently practiced, DevOps, the methodology that removes the traditional boundaries between development, deployment, and production, and embraces continual improvement, has greatly increased system reliability. Hypervisor implementations have fared well. Although potential exploits have been found, the hypervisor developers have also been diligent about fixing problems. This has kept the number of actual malicious exploits low. However, developers make mistakes and diligence is not absolute protection. Some flaws always creep in.


7 reasons to switch to microservices — and 5 reasons you might not succeed

With microservices, your code is broken into independent services that run as separate processes. Output from one service is used as an input to another in an orchestration of independent, communicating services. Microservices is especially useful for businesses that do not have a pre-set idea of the array of devices its applications will support. By being device- and platform-agnostic, microservices enables businesses to develop applications that provide consistent user experiences across a range of platforms, spanning the web, mobile, IoT, wearables and fitness tracker environments. Netflix, PayPal, Amazon, eBay, and Twitter are just a few enterprises currently using microservices.


MicroStrategy CEO Michael Saylor speaks about ‘expanding universe’ of BI

Every company has to decide where to make its investments. Some BI company might come along and say “we are the best for the Hortonworks distribution of Hadoop”, and that might fly for a while. But I have to say I have been in this business for 27 years and every three years there is a new data technology which is the rage. I remember one that was billed as the world’s fastest database, and I asked one of their sales people what was in the next release, and he said “joins”. That’s a colossal joke because there is no serious problem that you can solve without doing table joins. So, yes, as long as you don’t need to ask the next question or need mathematics or need more than two users to run a query, it’s super-fast and great.


Self Contained Systems (SCS): Microservices Done Right

Finding Bounded Context can be done by grouping user stories together. So for example searching for products by full-text search, by categories or by recommendations might be part of the same Bounded Context. Of course the split is not clear-cut - depending on the complexity the search might be split into multiple Bounded Contexts. Also a user journey might provide ideas about a split into SCSs. The customer journey describes the steps a customer takes while interacting with the system e.g. search for products, check-out or registration. Each of these steps could be a candidate for a SCS. Usually these steps have little dependencies. Oftentimes there is a hand-over between these steps: The shopping cart is handed over to the checkout where it becomes an order, and is then handed over to fulfillment.


Using supercomputing to attract research and investment

This enables the team, led by Dr. David Matthews, Senior Lecturer in Virology at the University, to examine how the virus had evolved over the previous year, informing public health policy in key areas such as diagnostic testing, vaccine deployment and experimental treatment options. This complex data analysis process took around 560 days of supercomputer processing time, generating nine thousand billion letters of genetic data before reaching the virus’ 18,000 letters long genetic sequence for all 179 blood samples. This is just one of many examples of how HPC at the University is contributing to significant research projects. Now in its 10th year of using HPC at Bristol, each phase from the first supercomputer through to BC4 has been bigger and better than the last and, in years to come this trend will definitely continue.



Quote for the day:


"Once you've accepted your flaws no one can use them against you." -- George R.R. Martin


Daily Tech Digest - June 25, 2017

7 Disruptive Technologies Destined To Change The World

Before 2020, fully autonomous vehicles will become a fixture on our highways and not long after, autonomous taxi networks will experience unprecedented growth that will radically transform the nature of travel and transportation, with a corresponding boost in productivity. Autonomous travel, costing only half as much as driving a personal car, will drive car sales down. The decline in battery costs will make electric vehicles (EVs) more preferable to gas-powered vehicles because it will be far less costly to own an EV. This will lead to widespread adoption of EVs and companies like Tesla will stand to gain the most ... Although it is the auto industry that might have driven the sale of industrial robots, it’s now far from being the only industry that employs the use of this technological innovation. Especially as capital and programming costs continue to decline, manufacturing companies will benefit more from employing robots and automating more of their processes.


Why blockchains fail and decentralization succeeds

With all of the excitement around blockchain technology, it’s easy to think what we have now is the foundation for the next wave. Yet, it’s worth remembering we are still in the early stages. The blockchains we have today probably won’t be the blockchains of tomorrow. ... It also has a lot of technical questions that surround it. As Muneeb Ali of Blockstack said, “At scale, Ethereum is designed to fail” — though he was quick to add that there’s always room to make changes in the future. He didn’t mean, “it will intentionally fail.” However, if you think about the nature of blockchains — everyone has a copy of the ledger, which these days is about a 100GB download. Furthermore, in the case of Ethereum, ever more third-party applications and sub-economies are being launched to run on top of it, and all of that code runs on the distributed network too. So it makes sense to start asking questions.


Microsoft: No, It's Not An Audit

Because Microsoft and its partners offer fee-based SAM services, concerns on the part of customers about their practices could easily dampen enterprise enthusiasm for the evaluations, and thus reduce revenue from SAM programs. And Microsoft clearly sees SAM as a money maker for its partners. "The SAM opportunity in enterprise has never been bigger. Learn about Microsoft's plan for enterprise and industry accounts, and how you can build new revenue streams with SAM," states a description of one of several SAM-related sessions listed on the schedule for the upcoming Inspire conference in Washington, D.C. July 9-13. Microsoft Inspire is the renamed Worldwide Partner Conference, long the yearly massive meet-up of the firm's global partner network, on which Microsoft relies for much of its software and services sales.


Finding data relationships with intelligent graph analytics

In an RDF data store, we can pre-define the schema models - called Ontologies - as well as load new dataset as they come in. So, instead of spending enormous amount of time in creating the data model, we started out with a standard – Financial Industry Business Ontology (FIBO) model and decided to extend it as we encounter a new set of data. The expense involved with mastering custom code was avoided through the use of RDF Graph DB features. We could load multiple datasets into RDF Graph DB, as they are maintained in the source system without creating special extract files. The connections happen at the database at the attribute level between multiple domains as well as with transaction data. The major mindset change required is to not process master and transaction data separately and then build dimensional model, but to build an integrated RDF Graph DB where they can co-exist and fully connected through a single set of processes.


Cybercrime industry growing rapidly, cybersecurity can't keep up

"It's a constant game of cat and mouse between the defenders and the attackers," Maor noted. With technology constantly changing, security has a tough time keeping up. Maor explained that the security industry moves significantly slower than the cybercrime industry because there are no regulations for cybercrime. Maor said it's imperative for people to change how they approach security. Companies are not doing basic things to protect themselves from cybercrime, they need to have backups in place and always be prepared, Maor furthered. The mindset around cybersecurity and cybercrime must shift. Businesses need to run under a "when will I get hacked" instead of an "if I get hacked" mentality, making security more of a priority than expediency to release a product.


The next industrial revolution is upon us … and many don’t even realize it.

As we enter the Fourth Industrial Revolution, rapid and unpredictable shifts in technology will present both challenges and opportunities. The sheer volume of available data in the new world could fundamentally change the way society operates by developing previously unthinkable solutions to problems we didn’t know existed. Digitization of everyday things, when coupled with the ability to self-enhance through artificial intelligence, will drive significant change in the global economy.  Failure to prepare for and respond to digitization in the Fourth Revolution will be costly, especially as new market entrants test and evolve. The dramatic rise and fall of video rental giant, Blockbuster, is a poignant illustration of how digital innovator, Netflix, overtook the $5 billion incumbent by gradually siphoning off its customer base.


The Revolution Will Begin Eventually (Maybe): AI and Recruiting

Evaluating motivation is about improving sourcing, which is typically a low-yield, labor-intensive business. Every recruiter knows that reaching out to candidates who have not applied often produces few results because of low response rates. However, a machine learning system can identify people who are more likely to to consider a solicitation for a job; in other words, those who are more motivated to change jobs or accept a new one. There’s an abundance of data on social networks and other places that can be tapped for this purpose. For example, Google’s Timeline tracks your every move (check it out) and can be used to accurately determine a person’s commute. A candidate with a long commute is more likely to respond to a solicitation than someone who has a short one, especially if the former travels through heavy traffic.


India Sees a Significant Rise in Data Breach Cost

The increased speed of these cyber incidents allows for more such attacks to occur, and Shahani suggests that has an had adverse impact on organizations' bottom line. "The penalty is huge as the cost of data breach incidents for companies in India and Asia [and] is significantly increasing this year from what was observed during the previous year," Shahani says. According to the study, the cost of a data breach in India this past year increased by 12.3 percent. The cost of lost or stolen records in the past year rose by 12.8 percent. The study cites malicious or criminal attacks, insider negligence and system glitches as the root causes of data breaches and that, Shahani says, makes a huge impact on the cost, besides the time to detect and contain the incident.


Multigenerational workforces: 6 ways to foster digital change

Digital transformation is not all about tools or technology—it’s about people too. Today's workplaces are becoming increasingly multigenerational. Older employees are staying in the workforce longer and mixing with younger colleagues who are just starting their careers. As such, the range of ages in the workplace is naturally expanding. A recent survey from executive development firm Future Workplace and Beyond, The Career Network, found that 83 percent of respondents have seen millennials managing Gen X and baby boomer workers in their office. However, 45 percent of baby boomers and Gen X respondents said millennials lack managerial experience, which could have a negative impact on a company's culture. More than a third of millennial respondents said managing older generations is challenging.


The inextricable link between IoT and machine learning

Optimizing computational cost of the machine learning model like all other use cases there is a trade-off between accuracy and image resolution.  Also the lower the resolution that optimizes accuracy, the shorter the flight time of a drone to criss-cross a field and the longer the battery life. In addition to saving the time and cost of deploying IoT devices and networks to interconnect them, machine learning could be a separate path to confirm an IoT system is working. A critical IoT device could fail and report a false condition. For instance, IoT sensors might fail to report critical conditions such as a fire, an unauthorized person entering or a door left open, but a machine learning model sampling a video feed could recognize the critical condition, all as adaptations of Resnet 50 or another convolution network.



Quote for the day:


"The obvious is that which is never seen until someone expresses it simply." -- Khalil Gibran