May 22, 2015

Fido Alliance launches authentication standards certification
“Where passwords are still used, the Fido authenticator supplants the security dependence on the password, which is then just an identifier,” said Fido Alliance executive director Brett McDowell. “Security shifts to the U2F device, and it is much easier to use than any other two-factor authentication method available before Fido 1.0,” he told Computer Weekly. Announcing the certification programme, the Fido Alliance said 31 suppliers have already passed Fido certification for existing products and services. These include Google’s login service that uses a USB security key as a simpler, stronger alternative to the six-digit, one-time passcodes (OTPs) used by its 2-Step Verification facility.


How Virtual Reality May Change Medical Education And Save Lives
Spio’s hope is that Next Galaxy’s virtual reality model will better educate and prepare health care providers–as well as consumers–for learning CPR, based on a more realistic learning environment. She advocates a paradigm shift, away from the current approach–which relies upon passively watching videos and taking written exams–to a method for learning that involves the use of gestures, voice commands and eye gaze controls, thereby transforming the how medical providers and laypersons experience such situations. As a first step towards developing this new reality, Next Galaxy Corporation recently announced an agreement with Miami Children’s Hospital to engage Next Galaxy’s VR Model and develop immersive virtual reality medical instructional content to educate medical professionals as well as patients.


Americans’ Attitudes About Privacy, Security and Surveillance
Key legal decisions about the legitimacy of surveillance or tracking programs have hinged on the question of whether Americans think it is reasonable in certain situations to assume that they will be under observation, or if they expect that their activities will not be monitored. A federal appeals court recently ruled that a National Security Agency program that collects Americans’ phone records is illegal. In striking down the program, Judge Gerald Lynch wrote: “Such expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans. Perhaps such a contraction is required by national security needs in the face of the dangers of contemporary domestic and international terrorism. But we would expect such a momentous decision to be preceded by substantial debate, and expressed in unmistakable language.”


Bring your own cloud: Understanding the right policies for employees
By ignoring cloud policies, employees are also contributing to cloud sprawl. More than one quarter of cloud users (27%), said they had downloaded cloud applications they no longer use. Moreoever, with 40% of cloud users admitting to knowingly using cloud applications that haven’t been sanctioned or provided by IT, it’s clear that employee behaviour isn’t going to change. So, company policies must change instead – which often is easier said than done. On the one hand, cloud applications help to increase productivity for many enterprises, and on the other, the behaviour of some staff is unquestionably risky. The challenge is maintaining an IT environment that supports employees' changing working practices, but at the same time is highly secure.


Description, Discovery, and Profiles: A Primer
Most of the approaches today are support the API-First concept. You describe your API using a meta-language based on XML, JSON, or YAML and the resulting document (or set of documents) is used to auto-generate implementation assets such as server-side code, human-readable documentation, test harnesses, SDKs, or even fully-functional API clients. An example of the API-First approach is Apiary's API Blueprint format. It’s based on Markdown and has the goal of supporting human-readable descriptions of APIs that are also machine-readable. In the example below you can see there is a single resource (/message) that supports both GET and PUT. You can also see there is support for human-readable text to describe the way the API operates.


How Big Data Can Drive Competitive Intelligence
The practice of selling data to the marketplace appears to be much more prevalent in Asia than in Europe or the United States, according to Tata. That may reflect regulatory considerations. U.S. data brokers generally ensure that big data sets have been stripped of individually-identifiable consumer information, both to ensure regulatory compliance and to prevent the inevitable public backlash. But it’s telling that China’s southwestern province of Guizhou is establishing an exchange,GBDex, to provide data cleaning, modeling, and data platform development. Alibaba is a partner in the exchange in Guiyang. A small firm with a progressive attitude toward analytics may be able to carve out a competitive advantage against a much bigger rival simply by understanding their niche in the market better.


CIO interview: Myron Hrycyk, CIO, Severn Trent Water
“A lot of organisations that run large asset bases are always looking for ways they can run that infrastructure more productively, ultimately giving customers a better service,” says Hrycyk.  “The two technologies that I see as key to driving the productivity and efficiency that are needed to drive bills down are improved telemetry and technologies related tothe internet of things that can pull data back from the infrastructure so we can proactively manage it.  “That way, we can have a lower-cost infrastructure overall and avoid reactive work and outages by managing our assets to keep the flow of water to our customers going, and doing a lot more predictive and proactive maintenance.”


Why Skills Matter More than Ever in Our Data-Driven Economy
There are no easy solutions. Two well-known factors affecting employment decisions — compensation and culture — require flexible budgets and organizational change, neither of which plays to government’s strengths. But government should not give up. The UK’s Government Digital Service fundamentally rebuilt the nation’s public-sector strategy for IT, proving that disruptive innovation in government is possible. Moreover, government agencies do have an advantage in that many of the problems they’re working on — like increasing access to affordable health care, improving the quality of schools, and making cities safer and cleaner — are the types of problems that attract the sharpest minds. While they may not be able to match the pay or benefits of Silicon Valley, they offer the chance to improve the world.


Harnessing the power of your hidden leaders
To the naked eye, it may seem they are simply able to get things done. Look closer, and you’ll see that they are demonstrating strong leadership and influence by dint of relationships they’ve developed. Look closer still, and you’ll see that it isn’t simply niceness or collegiality that has earned them this influence. Too many people seek to establish trusting business relationships centering on likeability. ... Try identifying your Hidden Leaders. Who are they? What do they do differently? Ask yourself what kind of an impact it would have on your business if more employees behaved as they do — even 20% or 30% more? My bet is that you’ll see great power in cultivating more of them. And if you are reading this article, it is likely that is your job.


Here comes the future of application development: Treating infrastructure as code
Key to this approach is the idea of the immutable container. Containerization is perhaps best thought of as a way of adding more abstraction into our virtual infrastructure, though instead of abstracting virtual infrastructures from the physical, here we're making our applications and services their own abstraction layers. With immutable containers, a Docker or similar container wrapping an application or a service is the end of a build process. Deployment is then simply a matter of unloading the old container, installing the new, and letting your application run. The immutable container is an ideal model for a microservice world. Wrapping up a node.js service with all its supporting code in a container means not only having a ready-to-roll service, we also have an element that can be delivered as part of an automated scale-out service.



Quote for the day:

"Whenever you find yourself on the side of the majority, it is time to pause and reflect." -- Mark Twain