February 13, 2015

Pivotal CEO says open source Hadoop tech is coming
Multiple external sources have told Gigaom that Pivotal does indeed plan to open source its Hadoop technology, and that it will work with former rival (but,more recently, partner) Hortonworks to maintain and develop it. IBM was also mentioned as a partner. Members of the Hadoop team were let go around November when active development stopped, the sources said, and some senior big data personnel — including Senior Vice President of R&D Hugh Williams and Chief Scientist Milind Bhandarkar — departed the company in December, according to their LinkedIn profiles. Both of them claim to be working on new startup projects.


Keeping The Cloud Up--The Great Amazon Microsoft Cloud Reliability Showdown
In assessing what the results mean for organizations using AWS, CloduEndure was quick to point out that planning the location of infrastructure based on the historical number of errors and performance issues is probably not the best approach. While cloud provider issues are undeniably important, as I’ve said many times before, it is important to remember that the top reason for application downtime remains human error. The best way to resolve many issues is to be as redundant as possible – geographically and from a vendor perspective.


Obama to sign executive order on cybersecurity info-sharing
"The federal government cannot, nor would Americans want it to, provide cybersecurity for every private network. Therefore, the private sector plays a crucial role in our overall national network defense," the White House said. "The framework recognizes that no organization can or will spend unlimited amounts on cybersecurity. Instead, it enables a business to make decisions about how to prioritize and optimize its cybersecurity investments." Along with tech giants Apple and Intel, plus Bank of America and PG&E, companies committing to the framework include US Bank, AIG, Walgreens, QVC and Kaiser Permanente. Also joining in the effort are the Entertainment Software Association, network software company FireEye and online storage provider Box.


Transforming Customer Experience Culture Through Natural Language Processing
The new WDS Virtual Agent, manages customer care interactions by analysing data and learning from its human colleagues. Silently listening, it detects how human agents diagnose customer problems and offer solutions. In doing this it quickly develops the intelligence it needs to understand and solve customer queries itself, without having to be programmed. “Because many first-generation virtual agents rely on basic keyword searches, they aren’t able to understand the context of a customer’s question like a human agent can,” explains WDS’ Nick Gyles, Chief Technology Officer. “The WDS Virtual Agent has the confidence to solve problems itself because it learns just like we do, through experience.


Will increasing cyber attacks spell the end of username and password security?
Bruce Schneier, a leading voice on cybersecurity ... said cybersecurity-focused regulators and the constituencies they serve, might be better off focusing on outcomes instead of mandating specific security requirements. “Let the companies figure out how to do it. Good regulation regulates the results, not the process,” Schneier told the Guardian. “It always surprises me that people who understand there’s never a one-size-fits-all solution in other aspects of their lives, when it gets to IT, they start demanding – where’s the answer? Well, where’s the answer to burglary? To murder? There’s just a whole lot of things you do. And even then, the murder rate is never going to be zero.”


Anatomy of the Target data breach: Missed opportunities and lessons learned
Poulin suggests several attack scenarios, "It's possible that attackers abused a vulnerability in the web application, such as SQL injection, XSS, or possibly a 0-day, to gain a point of presence, escalate privileges, then attack internal systems." Not knowing the details, makes it difficult to offer a remediation for this portion of the attack. However, Poulin opines that IPS/IDS systems, if in place, would have sensed the inappropriate attack traffic, notifying Target staff of the unusual behavior. According to this Bloomberg Business article, a malware detection tool made by the computer security firm FireEye was in place and sent an alarm, but the warning went unheeded.


Determining whether penetration testing is effective
Attackers are side-stepping perimeter defenses by getting company employees to initiate an external connection. The two most popular methods are using a phishing email or duping employees to visit a malicious website. According to Marrison, internally establishing a connection outside the company's network perimeter allows the APT attacker a way in. Cisco's 2014 Annual Security Report affirms Marrison's claim. It states, "Most organizations, large and small, have already been compromised and don't even know it: 100 percent of business networks analyzed by Cisco have traffic going to websites that host malware."


Facebook Finally Realizes Its Members Die
Not only do you need to know who to leave your house to, but who is going to run your Facebook account. If you set this up with Facebook, your selected buddy to the end will get to memorialize you with tribute status updates, post new pictures in tribute, and even accept new friend requests from people who didn't like you enough when you were alive to friend you, but somehow decided it was OK when you were dead. Truthfully, I'm guessing most people were already doing this on their own by using the credentials of their loved ones to maintain pages. This will allow you to select someone to be the caretaker (undertaker?) of your page, but the person won't get to see your private messages from when you were alive.


Simplifying F# Type Provider Development
Type providers are one of the most interesting and empowering features of the F# 3.0 release. Properly written type providers make data access virtually frictionless in F# applications as they eliminate the need for manually developing and maintaining the types which correspond to the underlying data structures. This aspect is particularly important for data exploration tasks where many competing data access technologies require a fair amount of configuration before they're useful. For all their strengths, type providers tend to be a bit of a black box; once referenced, they usually just work. Not being the type of developer that settles for magical incantations, I recently spent some time delving into their depths.


Getting Data Governance and Legal to Work Together
Legal is, or should be, the source of regulations about data privacy and protection in the jurisdictions within which the enterprise stores, manages, or accesses data. However, legal typically cannot translate these rules into operationalized practices that ensure the enterprise is truly in compliance with the law. Data governance can bridge that gap. It can provide an understanding of the situation in the environments that manage data, and help to identify potential gaps with respect to laws and regulations. Jointly, with legal, data governance can help to determine what solutions have to be put in place to deal with these gaps. These solutions will often be changes to business practices rather than changes to the underlying systems.



Quote for the day:

"Your greatest area of leadership often comes out of your greatest area of pain and weakness.  -- Wayde Goodall