April 27, 2016

A History of Containerology and the Birth of Microservices

Not only has Microsoft jumped on the container bandwagon, but they also shared the vision of Docker’s application focused model for containers. Microsoft partnered with Docker, and as a result, one can run Linux or Windows containers with Docker. Being able to run applications in either Linux or Windows hosted containers will provide companies flexibility and reduce any refactoring costs associated with rewriting, tweaking or re-architecting existing applications. The bold new world that containerology will take us to is that of microservices. In my opinion, microservices (specifically as enabled by Docker) represent the first feasible step towards mechanized or industrialized applications. In the mechanical engineering world, complex systems were built buying off the shelf components and widgets. In contrast, the software world was accustomed to fabricating every part needed to built complex applications.

API security: Key takeaways from recent breaches

A good practice in approaching API security is first and foremost to know your API assets. An API management suite can help identify the API and exact version, whether in development, QA or production, tracked by its internal registry. This is instrumental in controlling API sprawl. And in the event of a breach, knowing the exact variables in play at the time of the breach will help to expedite the solution. A second detection strategy is knowing your consumers and solidifying their authentication. While most companies may start out exposing their APIs publicly, allowing developers to freely build applications using the APIs, it may help to configure multilayer security elements right down to the API level so that API consumers are easily identifiable. This is also crucial as API providers rely on standards such as OpenID for single sign-on between different applications.

5 years into the ‘cloud-first policy’ CIOs still struggling

The greatest challenge is not getting a contract in place, but what you find out is where those boundaries cross of who's now responsible because you're in a different infrastructure set-up, and what the cloud provider's going to do versus the contract staff, versus the application support staff versus the infrastructure staff," Andrews says. "So, that's the greatest challenge we're having now is defining roles and responsibilities and who's going to do what because the world has changed as we've known it, and we've been client-server for so many years that this is truly a different environment for us." Andrews recalls a recent meeting concerning the role of a cloud vendor and a somewhat tense discussion about "what does the word 'manage' mean in a cloud environment," and who has ownership over the systems and who bears responsibility for resolving the inevitable problems when they arise.

Third Generation Robo-Advisors Are Born

The application of machine learning to robo-advisory is still in inchoate stages, and only a few firms have stepped forward describing plans. Little-known Marstone (which focuses on business-to-business advice) has partnered with IBM Watson to deliver some form of cognitive-computing powered advice. It appears that Wealthfront will use artificial intelligence to provide more data-driven and personalized investment recommendations on its Dashboard. Personalization will be dynamic and driven by the client’s specific risk tolerance, financial profile, and investments as assessed across aggregated accounts. Machine learning in robo-advisory may also analyze, adapt to, and learn from investor behavior and correct for cognitive biases. As Wealthfront states, “observed behavior may reveal insights about ourselves that we aren’t even consciously aware of.”

Data Visualization Drives the Era of Information Activism

The information activism trend draws parallels to the printed word. From the invention of the Gutenberg printing press until the advent of the Internet, the ability to write and publish information was a highly technical skill, in the hands of a select few individuals. The arrival of blogging made the written word a mass activity, open to all. Similarly, people are now eager to express themselves using data visualization to tell engaging and visually stimulating stories without the need for a graphic artist or cartographer. They can just do it for themselves. ... Information activism is catalyzing a renaissance in the world of data, transforming the entire field of analytics. People no longer are mere data consumers, passively waiting for information.

MIT’s Teaching AI How to Help Stop Cyberattacks

A system called AI2, developed at MIT’s Computer Science and Artificial Intelligence Laboratory, reviews data from tens of millions of log lines each day and pinpoints anything suspicious. A human takes it from there, checking for signs of a breach. The one-two punch identifies 86 percent of attacks while sparing analysts the tedium of chasing bogus leads. ... Most of AI2‘s work helps a company determine what’s already happened to it can respond appropriately. The system highlights any typical signifiers of an attack. An extreme uptick in log-in attempts on an e-commerce site, for instance, might mean someone attempted a brute-force password attack. A sudden spike in devices connected to a single IP address suggests credential theft.

Backlash against a bimodal IT strategy

The big problem with a bimodal IT strategy is that it doesn't go far enough, according to the authors. Rather than face digital business head on, bimodal IT is a more staggered introduction, giving CIOs a chance to continue clinging to the security and the stability of tradition rather than fully accept the unpredictability and even the riskiness that come with going fast. "Yes, it's a big transition, but if you only do it partway, you're going to make it so much harder on yourself," Sharyn Leaver, Forrester analyst and an author of the report, said during a recent webinar. One of the consequences of going digital "partway" is that it introduces complexity. Divvying up IT tasks can result in two separate technology stacks and two separate teams that develop different value systems, different cultures and are evaluated on different metrics -- all of which CIOs will eventually have to untangle if they want to fully align with the business and move at a faster pace, according to Leaver.

What The Google I/O Schedule Tells Us About The Future Of Android

Google has big ambitions in virtual reality. Cardboard is just the start, as there have been rumors of the company building its own VR headset and indications from Android N about how the operating system will give more native support to VR. So set your eyes on the VR at Google session on May 19, which is hosted by Clay Bavor, Google’s vice president of virtual reality (who also has a fascinating photography blog). Right now Facebook-owned Oculus is leading the VR game and Google’s frenemy Samsung makes the most popular consumer device in the Gear VR. So expect Google to invest heavily to ensure the company’s services are where the Internet is going. YouTube, as an example, recently added support for VR and 360-degree video.

Will Healthcare Data Encryption be Impacted by NIST Guide?

NIST produced a development process for cryptographic standards and guidelines based on nine principles, which are transparency, openness, balance, integrity, technical merit, global acceptability, usability, continuous improvement, and innovation and intellectual property. Notably, NIST added the global acceptability principle to the final draft after public comments suggested that the organization address the global nature of the current economy and exchange of information. The final document reiterates NIST’s intentions to fostering collaborations with all stakeholders, such as security professionals, researchers, standard developing organizations, and users, to establish strong encryption standards and processes. Stakeholders who contribute to the development process are also part of a variety of industries, including healthcare, academia, and government.

Null Object Design Pattern in Automated Testing

In object-oriented computer programming, a Null Object is an object with no referenced value or with defined neutral ("null") behavior. The Null Object Design Pattern describes the uses of such objects and their behavior (or lack thereof). ... The main idea is that sometimes we need to add promotional codes and then assert that the correct amounts are displayed or saved in the DB. As you can assume, there are various ways to accomplish that. One way is to use the UI directly and assert the text is present in the labels. Another way is to use a direct access to the DB and insert the promotional code, then assert the calculated entries saved in some of the DB's tables.

Quote for the day:

"When you do the common things in life in an uncommon way, you will command the attention of the world." -- George W. Carver