June 25, 2016

Configure Once, Run Everywhere: Decoupling Configuration and Runtime

Configuration is a common cross cutting concern across all applications. Properties are usually specified as key = value pairs, and are supplied in files that can be loaded into a Java Properties object. Unfortunately OSGI, Spring, Java EE, SE and other frameworks and solution running in Java all provide their own configuration APIs and formats. Many of them use propertiary XML formats, others use more modern formats such as Yaml. Java EE even does not support dynamic or remote configuration in most cases. And combining different frameworks in an application always is cumbersome due to different configuration formats, locations and redundancies. All these add unnecessary complexity and is error prone. And it affects code written for one application, but also has impact on integration with surrounding systems.


Passwords… can’t live with them, can’t live without them

According to CSID’s ‘password habits’ survey (September 2012), 61% of people reuse the same password on multiple websites and 54% of consumers have only five passwords or less. In fact splashdata recently posted a blog that listed the 25 most common passwords and worst offenders. This list took its influence from the major security breach suffered by Adobe in which 38 million accounts were compromised. Here are the top 10. ... When you calculate risk, you take into account the probability of something happening and the impact it would have, if it were to happen. This is simplifying it somewhat, but in basic terms this calculation will provide a risk level. So the fact that 61% of online users are adopting the same password/s across multiple websites and in some cases choosing commonly used passwords, multiplied by the increasing number of data security breaches over the past 3 years, it becomes clear that the resulting risk could be problematic.


Data Mining Reveals the Crucial Factors That Determine When People Make Blunders

The bottom line is that the difficulty of the decision is the most important factor in determining whether a player makes a mistake. In other words, examining the complexity of the board position is a much better predictor of whether a player is likely to blunder than his or her skill level or the amount of time left in the game. That could have important implications for the way researchers examine other decisions. For example, how does the error rate of highly skilled drivers in difficult conditions compare with that of bad drivers in safe conditions? If the difficulty of the decision is the crucial factor, rather than driver skill, then much more emphasis needs to be placed on this. “We think of inexperienced and distracted drivers as a major source of risk, but how do these effects compare to the presence of dangerous road conditions?” ask Anderson and co.


The implications of large IoT ecosystems

“Most people don’t understand the notion of scale,” says Ken Tola, CEO of IoT security startup Phantom. “Effective security needs to provide a realistic mechanism to control millions of devices.” Which becomes a nightmare with current solutions. “Current options rely on internet connections which kill batteries, overwhelm the extremely fragile mesh networks onto which most IoT systems rely and fail completely when the internet goes down,” Tola explains. According to Tola, the solution is to move much of the functionality to the edge, between devices themselves. “Working in a peer-based manner makes it much easier to handle scale,” he says. “No matter how big a system is, when authentication/authorization takes place between devices, it can happen simultaneously across millions of devices without requiring internet access, heavy network loads or any other burdensome features.”


When Do You Need ECM vs. Cloud File Sharing?

In the past few years, cloud-based file sharing and sync services (CFSS) have become quite popular. The rise of consumer-oriented services such as Dropbox and Google Drive is a testimony to their increasing popularity. These services are simple to use, usually require no up-front investment, run off a public cloud, and provide lightweight document and collaboration services. These tools provide useful services for file sharing, multi-device sync, and the ability to work offline using a cloud-centric deployment model. Not surprisingly, many enterprises want to explore whether these relatively newer category of tools could obviate the need for heavyweight, complex Enterprise Content Management (ECM) platforms. I can understand why, because from a services standpoint, the two segments definitely overlap, and indeed in RSG's research, we evaluate them according to the same criteria.


Why banks shouldn’t fear blockchain

Many individual banks are examining and experimenting intensely with the technology on their own as well — but are doing so in an open, collaborative way. At UBS, for example, we set up our blockchain laboratory in the famous Level39 technology incubator in London, where we can rub elbows with over 190 fintech start-ups, sharing our insights and profiting from theirs. We are also working closely with peers on developing blockchain capabilities. With these initial experiments and projects the industry is collaborating on solving some of the smaller, individual blockchain puzzles, in the hope they will provide the pieces needed to one day solve the great puzzle of a blockchain-enabled financial system. That would benefit everyone involved. At the moment it is impossible to say how or when this puzzle will be solved, or what it will look like when it is.


What Must We Do to Fix Broken IoT Security?

Good security is at least half about good management of the product. Yet the consumer technology industry prioritizes the user experience over everything else. If a more secure product requires one more page of user manual to read, or 30 seconds more brain power for the end-user to configure, the increased security benefit is often dismissed. As an industry, we must weight security more heavily when making product decisions. The recently discovered Samsung SmartThings flaws raise some important questions about smart home security. Do these systems really need a mobile app? Does the app need to connect to central server in the cloud? And, most importantly, is it right to have a smartphone control anything that is critical to you? In many cases the app itself is developed not by the smart device OEM but a third party over which they might have little control or visibility.


Johanna Rothman on Agile and Lean Program Management

A more traditional program manager tends to tell people when she needs this done. That is because a more traditional approach works backwards from the deadline to accomplish the deliverables. If you ever worked on a stage-gate program, it’s a mess before the second stage. Requirements take forever. Architecture boxes the program into a narrow place and by the design/spec stage, the people realize they can not work in the architecture. Or, they realize it by the coding stage and the architects are long gone. The technical people work like crazy, and that’s when the program manager has to make crushing decisions: do we reduce scope or testing? We all know what happens: we have a less-useful product that does not work.



Do you want to be a machine learning ninja

Google’s bear-hug-level embrace of machine learning does not simply represent a shift in programming technique. It’s a serious commitment to techniques that will bestow hitherto unattainable powers to computers. The leading edge of this are “deep learning” algorithms built around sophisticated neural nets inspired by brain architecture. Google Brain is a deep learning effort, and DeepMind, the AI company Google bought for a reported $500 million in January 2014, also concentrates on that end of the spectrum. It was DeepMind that created the AlphaGo system that beat a champion of Go, shattering expectations of intelligent machine performance and sending ripples of concern among those fearful of smart machines and killer robots.


Tesla speaks: How we will overcome the obstacles to driverless vehicles

The typical early response to Autopilot is people are a little bit anxious. They're used to a glitchy laptop or a problematic smartphone, and they tend to implicitly extend that experience into the car, and they think, "Man, if my car were to have a glitch like my phone or my computer typically do, this could be really bad." The extrapolation there is not quite accurate, nor is the standards or the bar the same for some of these consumer devices as they are for vehicles. Autopilot obviously won't account for all scenarios, but it also is explicitly designed not to be at the ultra-pedigree state that a lot of consumer electronics devices typically are.



Quote for the day:


"What lies behind us and what lies before us are tiny matters compared to what lies within us." -- Ralph Waldo Emerson