October 10, 2016

Software Fail Watch 2016, Quarter Three

Ultimately it doesn’t matter if you are a restaurant, a legal firm, a plastic manufacturer, or an investment bank: your software is your brand. As such, every unexpected error message, forced restart, or failed update is a ding against your brand’s shiny reputation. We’ve said it before and we’ll say it again: software may come and go, but software testing is here to stay. ... As per usual, the first place for most-software-bugs in Quarter 3 goes to the Government sector, with 41 stories. Transportation comes in second with 20 incidents, another not-so-surprising figure given how travel related bugs always seem to emerge just in time for vacation. The surprise this quarter has been the uptick in finance related software fails. In our experience, software fails in the finance industry are hard to come by. It is not that the industry does not have software fails – rather, they simply seem to be reported less.

Payments & Marijuana: Different Ways The Blockchain Is Being Used Today

Everyone from Brazilian software developers waiting for payrolls that never arrive to legal marijuana dispensaries in Colorado, blockchain solutions are in use today. When you think about international payments, you might think about guest workers sending a remittance home to a family member in Mexico, or payroll for call center employees in the Philippines, or perhaps a large invoice payment to a manufacturer in China. Those are all interesting scenarios, but Brazil turns out to be one that had some surprising obstacles. Paying developers there can cost 4% to 8% of the total pay, take up to fifteen days, and it isn’t unheard of for wire payments to simply vanish. How did a blockchain change this?

The smart credit card designed for preventing fraud

However, having the security code in digitised form establishes a potential problem that needs to be answered: can the card itself be hacked? If it now has a digital display, can this be compromised externally? David Emm, principal security researcher at Kaspersky told Information Age that this is “possible, of course. But the attackers would have to gain access to the providers’ systems and steal the algorithm used to generate the one-time generated codes. This happened to RSA in 2011. However, this was almost certainly not done to commit fraud against consumers.” He went on to suggest that this technology will only “add security for cases where the card *details* have been stolen. It will not help where the card itself has been stolen.” However, Emm did also mention that MotionCode will reduce the ‘window of opportunity’ available to a criminal to use a stolen card number.

Even the US military is looking at blockchain technology—to secure nuclear weapons

The case for using a blockchain boils down to a concept in computer security known as “information integrity.” That’s basically being able to track when a system or piece of data has been viewed or modified. DARPA’s program manager behind the blockchain effort, Timothy Booher, offers this analogy: Instead of trying to make the walls of a castle as tall as possible to prevent an intruder from getting in, it’s more important to know if anyone has been inside the castle, and what they’re doing there. A blockchain is a decentralized, immutable ledger. Blockchains can permanently log modifications to a network or database, preventing intruders from covering their tracks. In DARPA’s case, blockchain tech could offer crucial intelligence on whether a hacker has modified something in a database, or whether they’re surveilling a particular military system.

How to keep IT security together in a company that's gone bankrupt

The supply chain upon which modern multinational commerce depends was thrown into chaos earlier this year when South Korea's Hanjin Shipping filed for bankruptcy. Dozens of container ships with hundreds of crew and thousands of pounds of cargo onboard were essentially stranded at sea, as ports barred the ships' entry for fear that they wouldn't be able to pay for docking services. If you're working for a company that's filed for bankruptcy, the consequences probably won't be as dramatic—you'll be able to stay on dry land, for one thing. But you're definitely going to encounter choppy waters when it comes to maintaining tech security. We talked to IT pros who have been through it to find out the best ways to cope.

Five top tips for making agile development work for you

"We use many of the principles associated to agile, such as visualising, stand-ups, and co-location, in how we run the business day-to-day," says Harding. "There are people in the call centre, for example, using daily stand-ups to analyse their metrics and customer satisfaction scores." The aim, he says, is to create a flexible, fluid environment that allows people across the organisation to work to the best of their abilities. Here, Harding provides five best-practice tips for business leaders looking to make the most of an iterative way of working. ... "Waterfall tends to lead to an environment in which everyone goes away, works on their document individually, and then passes it around. Agile really suits people that like to think on their feet and solve problems in a collaborative way," he says.

Singapore: a nation united on its digital future

The restructure reflects the blurring of lines between IT and media. The Singaporean government hopes the organisation will help businesses, workers and the local community ride the current global transformation wave, where digital technology is being adopted by consumers, governments and businesses. In a separate but intrinsic announcement, the Singapore government has announced GovTech, a new department focusing on government IT that will attempt to transform the delivery of public services by creating citizen-friendly digital government services and managing the government’s IT infrastructure. Both this and the IMDA support Singapore’s ambitions to become a smart nation.

Principles for strengthening our data infrastructure

Data infrastructure connects together different parts of our society and economy. Weather data is being used by everyone from farmers to the transport industry to individual citizens. Mapping data is created and shared by the public sector and then built on by diverse organisations, from Google to construction companies to the home insurance industry. People buying a home might use a service that combines data on house prices, schools, transport times and insurance premiums. Data is infrastructure for our cities, nations and globally across each and every sector. ... Data infrastructure should be as easy to use as our road networks. The time and effort that goes into fixing data infrastructure when the equivalents of potholes, toll booths and missing intersections are discovered would be better spent building services that improve our lives.

Smartwatches banned from UK Cabinet as EC plans IoT security standards

The move by the UK government coincides with heightened concerns about cyber espionage, with US officials claiming that a Russian cyber espionage campaign started more than a year ago has targeted Republicans and Democrats whose work is strategically important to the Russian government, reports NBC News. On 7 October 2016, the Obama administration finally blamed Russia publicly for cyber espionage against the Democratic National Committee, but US officials said the campaign targeted both parties by accessing private email accounts. The Russian government has denied any involvement. ... The UK government is not alone in being concerned about the security risks of IoT devices. The EC is reportedly planning to introduce laws that will require device makers to meet tough security standards and undergo a certification process to guarantee privacy.

A Quick Primer on Isolation Levels and Dirty Reads

A phantom read can occur when you perform a query using a where clause such as “WHERE Status = 1”. Those rows will be locked, but nothing prevents a new row matching the criteria from being added. The term "phantom" applies to the rows that appear the second time the query is executed. To be absolutely certain that two reads in the same transaction return the same data, you can use the Serializableisolation level. This uses “range-locks”, which prevent new rows from being added if they match a WHERE clause in an open transaction. Generally speaking, the higher your isolation level the worse your performance is due to lock contention. So to improve read performance, some databases also support Read Uncommitted. This isolation level ignores locks (and is in fact called NOLOCK in SQL Server). As a result, it can perform dirty reads.

Quote for the day:

"The primary cause of unhappiness is never the situation but your thoughts about it." -- Eckhart Tolle