June 20, 2015

The APIs.json Discovery Format: Potential Engine in the API Economy
The goal of APIs.json is to provide a simple, common format that can be used to index APIs and the supporting elements of API operations. APIs.json works much like the Sitemap XML format. But instead of indexing websites, APIs.json is designed to index APIs and offer that index at a well-known location where API providers can publish an index of their API resources. APIs.json is designed to give API providers an easy way to update their own index but also allow other search engines, directories, and API service providers access to that local index, making all API resources within the domain discoverable.

Can You Really Define Culture? 4 Lessons From a Growing Startup
Culture is a common theme these days; every startup CEO talks about their amazing culture and how it drives them and inspires their team. Research shows that companies with a high-performance culture have a distinct competitive advantage in part because competitors cannot duplicate your culture like they can copy your technology. Investors are known to invest in the team and often, its underlying culture. One of the key components of a winning team from a venture capital perspective is the clear articulation and proof of that amazing culture. So I find myself now wondering what it really is for our company. How do I define it? And more importantly: How on earth am I going to institutionalize it as we grow?

How to stop the Internet of Things overwhelming your network
The internet can be unreliable and disconnect and reconnect with very little warning. Internet connection speeds can also vary between different clients and devices. The problem is that the IoT assumes the internet is reliable and able to transmit information in real-time. However, this isn’t the case. As human beings, we are notoriously impatient and this is true when it comes to our apps as we want the information we require straight away – internet connections are easily dropped and can often take a while to reconnect. The IoT doesn’t account for this. This is particularly important when it comes to banking apps on a smartphone.

How to structure an outsourced IT project for less risk, more leverage
“This comes into play when implementing a software-as-a-service platform,” says Alpert. “In these implementations there is typically a much smaller software development and testing lifecycle and more focus on agile configuration and testing.” An IT organization may also like the clarity that can accompany working with a sole provider. Unfortunately, “the perceived accountability benefits of ‘one throat to choke’ are typically unrealized due to poor commercial structure and provider unwillingness to accept real risk,” explains Alpert. “With a single provider, future phases of work are often overpriced due to lack of competitive leverage, and the project scope is not yet well defined to determine the discrete schedule, deliverables, requirements, and timeline to hold the provider accountable.”

Three of the worst responses to cyber security threats
A large part of cyber security is monitoring; without monitoring your network, it’s damn near impossible to know which threats you’re facing and what they’re targeting. So, if you get a red flag about a possible intrusion, or several members of staff raise concerns, then you listen and gather all the evidence you can, and come to a conclusion about whether you do something. Or you can do what the follow three organizations did ... “Backing up data is one thing, but it is meaningless without a recovery plan, not only that a recovery plan – and one that is well-practiced and proven to work time and time again,” Code Spaces said. “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.”

IT staff should be embedded in business
“It is an exceptionally lean approach to IT, but it is also extremely flexible in growth and changing situations,” says Alppi. The core IT team also gets some outside help. While not part of Alppi’s five specialists, Rovio has 20 to 30 employees (excluding games developers) with IT-related job descriptions. Instead of having IT as a separate bastion, they work for different units in the company. “Most of our business IT people work inside business units and are our major internal stakeholders. It allows them to be very hands-on with what is happening there. “Typically, anyone with even the slightest association to IT is put into the IT department and then you assign an IT manager to every business unit, but in our model those in charge of business IT also work in business,” says Alppi.

Q&A on Test Driven Development and Code Smells with James Grenning
TDD leads to code that does what the programmer thinks the code is supposed to do. Modules are developed with an executable specification of the module, the test cases. The test cases document very precisely what the code is supposed to do. If the code starts to violate the specification, a test fails. One of the big problems with code is that unwanted side effects are very difficult to anticipate. I make a change to one part of the code, and a seemingly unrelated other part of the code breaks. ... Simply, if you cannot identify with some precision a problem in the code’s structure, how can you fix it. I recall code reviews in my career were usually just a matter of opinion. “I don’t like that, I would have done this”, totally unsupported. Any programmer can announce “this code stinks”, but that is not good enough.

Information Security - Reducing Complexity
There is a drastic change in the threat landscape between now and the 1980s or even 1990s. Between 1980 and 2000, a good anti-virus and firewall solution was considered well enough for an organization. But now those are not just enough and the hackers are using sophisticated tools, technology and sills to attack the organizations. The motive behind hacking has also evolved and in that front, we see that hacking, though illegal is a commercially viable profession or business. ... The driver of adoption of these evolution is the business need. As businesses want to stay ahead of the competition, they leverage the evolving technologies and surge ahead of the competition. With a shorter time to market, all departments, including the security organization should be capable of accepting and implementing such changes at faster pace.

IT Professionals lack confidence in board’s cyber security literacy
“There’s a big difference between cyber security awareness and cyber security literacy,” said Dwayne Melancon, chief technology officer for Tripwire. “If the vast majority of executives and boards were really literate about cyber security risks, then spear phishing wouldn’t work. I think these results are indicative of the growing awareness that the risks connected with cyber security are business critical, but it would appear the executives either don’t understand how much they have to learn about cyber security, or they don’t want to admit that they that they don’t fully understand the business impact of these risks.”

EBay's security chief says collaboration key to keeping data safe from cyberattacks
On a high level there are primarily three reasons that drive hacker activity. The first one is kind of the category that Sony fell into and that is state-sanctioned or government-authorized hacks. And in that scenario they're usually trying to send a message but it's something that allegedly is authorized by a state or a government. The second category is hackers that are looking to monetize their hacks. They're out there hoping to get something they can sell and make money. The third one is really your activist hacker. Those are the ones that want to either deface a website to put their message up. They don't do anything really to extract money. They're just trying to send a message, which also falls into your Sony example.

Quote for the day:

“No one can make you feel inferior without your consent.” -- Eleanor Roosevelt