June 12, 2014

Russian mobile banking Trojan gets ransomware features, starts targeting US users
That ransomware function was further improved and at the beginning of June a new variant of Svpeng was identified on mobile phones outside of Russia. Ninety-one percent of users affected by the new version were based in the U.S., but the malware also infected devices in the U.K., Switzerland, Germany, India and Russia, Unuchek said. Upon installation, the new Svpeng modification claims to perform a device scan and displays a fake notification from the FBI warning the user that the device was used to visit porn websites and has downloaded "prohibited content."

Purely Functional Configuration Management with Nix and NixOS
Many of Nix’s advantages flow from the use of these hashes. For instance, let’s look at what happens if we upgrade a package. Nix installs packages from sets of package descriptions calledNix expressions. One such set is the Nix Packages collection (Nixpkgs), which provides thousands of packages. You can get it by cloning its Git repository, but most users get it through a so-called Nix channel. ... In Nix, whenever you install, upgrade or uninstall a package via nix-env, Nix builds a tree of symbolic links (called a user environment) pointing to the installed packages. The current user environment is reachable from the user’s PATH environment variable, through some indirections.

CEOs of Microsoft, HP, Intel talk future of computing
HP's Whitman said the "explosion of data" is going to happen in two or three years -- not 10. "Because of the explosion of data, the existing way we do compute is not going to scale," she said. "Maybe even two years from now or three years from now. People think, well, we don't have to worry about this too much because it will be 10 years from now. But this is happening much faster." The Machine, a brand-new computing architecture HP described earlier in the day, is designed to deal with this data explosion, Whitman explained. It will move and process massive amounts of data much faster than today's computer architectures, she promised.

Google engineer: We need more Web programming languages
"The Web is always available, except when it is not," Bracha said. "It isn't always available in a way that you can always rely on it. You may have a network that is slow or flaky or someone may want to charge you." Therefore any Web programming language, and its associated ecosystem, must have some way of storing a program for offline use, Bracha said. The Web programming language in the future must also make it easier for the programmer to build and test applications. The chief language used today for the Web is JavaScript, which is deficient in a number of ways, such as support for offline usage of apps. And this may remain the case for a while: JavaScript is based on the ECMAScript standard, which can take years to be updated. "It should be easier to do these things," Bracha said.

New OpenSSL vulnerability puts encrypted communications at risk of spying
The man-in-the-middle attack is possible because OpenSSL accepts ChangeCipherSpec (CCS) messages inappropriately during a TLS handshake, Kikuchi said in a blog post. These messages, which mark the change from unencrypted to encrypted traffic, must be sent at specific times during the TLS handshake, but OpenSSL accepts CCS messages at other times as well, Kikuchi said. The problematic code has existed since at least OpenSSL 0.9.1c, which was released in December 1998, so the bug is over 15 years old, Adam Langley, a senior software engineer at Google, said in an analysis of the issue posted on his personal blog.

SQL-on-Hadoop brings open source framework into mainstream
Williams said a lot of the time required to develop SQL software goes to "pure SQL wizardry." What he describes as SQL overhead includes studying data, conceiving a schema, normalization, index creation and query creation. The time required to rework established programs may be the bigger issue, he insisted. "If anything in the application changes, you have to redo all that work," he said, suggesting that development techniques centered more on Java or Python languages be used where possible for unstructured data. Still, TrueCar is working with Hive, Tez and other SQL-on-Hadoop technologies as well, he admitted.

MasterCard expects big growth from 'big data' insights
While MasterCard expands in "big data", Cairns sees no slowdown in its traditional business of processing payments, with plenty of potential for growth as 85 percent of consumer transactions are still made by cash or cheque. "Moving money and doing it safely and securely is so deeply cared about by so many people around the world that it will be a business that has fantastic value now and for years to come," said Cairns, who previously worked at Citigroup and ABN Amro. London-based Cairns, whose division accounts for 60 percent of MasterCard's business, said the expansion of e-commerce and emerging markets is driving growth, noting that 2.5 billion people are still without access to financial services.

Transactional NoSQL Database
NoSQL databases have come along, in many cases providing a more natural fit from a modeling perspective. In particular, document-oriented databases, with their rich JSON and/or XML persistence models have effectively eliminated this impedance mismatch. And while this has been a boon to developers and productivity, in some cases developers have come to believe that they’d need to sacrifice other features to which they have become accustomed, such as ACID transaction support. The reason is that many NoSQL databases do not provide such capabilities, citing a trade-off to allow for greater agility and scalability not available in traditional relational databases. For many, the rationale for such a tradeoff is rooted in what is known as the CAP theorem.

High Performance search using MongoDB and ASP.NET MVC
MongoDB is an implementation of an object-oriented document database which is a flavor of NoSQL databases. NoSQL is an alternative to the traditional relational DMBS that solves several limitations of relational databases although usually at the cost of normalization or referential integrity at the DBMS level. Document databases are a type of NoSQL databases that pair a key with a complex data structure known as a document. A document can contain one or more key-value pairs. Because NoSQL database have simpler structures and do not have the overhead of enforcing referential integrity, they are more scalable than relational databases and provide superior performance, particularly for searching.

How to pitch enterprise architecture in one long breath
EA is the integrated, consistent and navigable description of the enterprise as well as the governance principles that guide the coherent enterprise change and strategic transformation. Your credibility has risen here. The Director should smile meekly now. But there is still work to do, you utter before long. Because you have to come up with the why and with an one page next steps that show how the planned deliverables concur to shape your EA and deliver benefits to your Director, specifically, beside those to the entrprise as a whole.

Quote for the day:

"Coolly observe,calmly deal with things,hold your position,hide your capacities,bide your time,accomplish things where possible." -- Deng