October 27, 2016

Tech Bytes - Daily Digest: October 27, 2016

Dealing with multiple service providers - A necessary evil, Can fintech prevent the next financial crisis, The difference between open source & open governance, 5 strategies to reboot your IT career, A quick primer on isolation levels & dirty reads, Residential routers easy to hackand more.

How IoT technologies are disrupting the aerospace and defence status quo

While current solutions only permit the airborne transfer of data for key vital parameters to maintenance crews, expanding this remit would allow them to determine the continual status and performance of individual parts and components within the engines, systems, and subsystems across the wider aircraft. This continuous visibility of the aircraft’s performance is crucial. If, for example, one of the engine vitals fails mid-air, a standby system would kick in and run all of the necessary functions to enable it to complete its journey safely. An alert would then be sent to the ground staff, who could use the real-time information to determine the cause of the failure, before engaging the necessary personnel and sourcing the components required to get the aircraft back up and running as soon as it lands.


Dealing with multiple service providers: A necessary evil

If dealing with an ever-expanding IT ecosystem is a mandate for enterprises, then developing the organizational maturity and capability of integrating and managing services purchased from disparate and specialized vendors is a necessary part of it. This means automating multi-vendor governance capabilities and leveraging tools and processes that help integrate the delivery and management of services from an end-to-end perspective. The fast-developing ecosystem proffers a strategic choice: to buy services (outsource to a third party) or to build services (develop in-house capability and implement within the enterprise). And, at the risk of stating the obvious, there’s no one-size-fits-all answer.


Can Fintech Prevent The Next Financial Crisis?

Under the current system, bankers do not risk their own money; rather, the risk is entirely on their savers aka the bank’s depositors. Under extreme circumstances, the government may be required to foot the bill if and when things turn sour at the bank. As for the bankers themselves they have very little at stake; in fact, their willingness to take risks (with their depositors’ funds, of course) often leads to lucrative bonuses. Bankers at no time do they risk their own savings or pensions. And that’s the real problem; how can professionals be expected to take low risk on behalf of others when they have so much to gain and so little to lose? We can’t expect them to take the high road; indeed, the sub-prime crisis proves that. So how exactly will P2P lending make a difference?


The difference between open source and open governance

On the open domain, the only two non-functional things that matter in the long term are whether it is open source and if it has attained momentum in the community and industry. None of this is related to how the software is being written, but this is exactly what open governance is concerned with: the how. Open source governance is the policy that promotes a democratic approach to participating in the development and strategic direction of a specific open source project. It is an effective strategy to attract developers and IT industry players to a single open source project with the objective of attaining momentum faster. It looks to avoid community fragmentation and ensure the commitment of IT industry players.


Ransomware: The Next Big Automotive Cybersecurity Threat?

“The current ransomware business model works well because the attackers ensure that the price paid is well worth the data restored,” explained Tony Lee, technical director at security research firm FireEye. “Can home users put a price on precious family photos or financial documents? Can organizations put a price on critical information necessary to conduct business? If that answer is yes and the price is low enough, the ransom will be paid.” The same rationale can be extended to vehicles. Approximately 250 million connected cars are expected to be on roads worldwide by 2020, according to a 2015 analysis by technology consulting firm Gartner, making connected cars the next potential market for hackers. These attacks could range from simply locking motorists out of their vehicles to locking them inside; a more ominous scenario would allow hackers to freeze the ignition, essentially “bricking” the car and making it completely unusable.


5 strategies to reboot your IT career

Technology changes faster than many of us can keep up with it. New paradigms like software-defined networks and the cloud emerge, and the old ones continue to hang around. But while the hotshot programmers and big data geeks get to play with the shiny new toys, you're busy waiting for the robots to come and take away your job. ... It doesn't have to be that way. Whether you cut your teeth on Unix and AIX or you tire of doing the necessary but thankless tasks that come with keeping the lights on and the datacenter humming, there's still time to reinvent yourself. It won't be fast or easy. It will mean investing a lot of time and possibly some money, taking risks, and hacking code. But it can turn into a much greater reward, both financially and psychically.


A Quick Primer on Isolation Levels and Dirty Reads

If you need to repeat the same read multiple times during a transaction, and want to be reasonably certain that it always returns the same value, you need to hold a read lock for the entire duration. This is automatically done for you when using theRepeatable Reads isolation level. We say “reasonably certain” for Repeatable Reads because of the possibility of “phantom reads”. A phantom read can occur when you perform a query using a where clause such as “WHERE Status = 1”. Those rows will be locked, but nothing prevents a new row matching the criteria from being added. The term "phantom" applies to the rows that appear the second time the query is executed. To be absolutely certain that two reads in the same transaction return the same data, you can use the Serializableisolation level.


Residential routers easy to hack

Weak passwords can be easily exploited. Fourteen percent of simulated attacks on the routers were, in fact, victorious. The probing attack methodology was simply to use common default usernames and passwords, along with some frequently used combinations. Telnet was left open on 20 percent of the routers, and command injection vulnerabilities were also caught. Telnet, as an unsecured service, shouldn’t be openly available to even a local network, ESET explains. Command injection vulnerabilities “aim for the execution of arbitrary commands on the host operating system.” They use a vulnerable application, the security company says. Proper input validation fixes the deficiency. Of that 7 percent of the now-common household devices with software vulnerabilities, about half (53 percent) had “bad access rights vulnerabilities,” or permissions problems, in other words.


Can government-funded innovation solve the cyber security threat?

Expecting the federal government to produce solutions is hopeful at best and woefully naive at worst, though that isn’t to say that it can’t somehow play a part. Even if it can’t actually develop the technologies necessary to compete in this new battle arena, it can still fund innovative R&D that can be developed into the next generation of defense infrastructure. This can be achieved through the Small Business Innovation Research (SBIR) program, a highly competitive research initiative through which domestic small businesses respond to federally specified R&D requirements with commercial applications. Awards are distributed in two phases, first for feasibility and proof of concept of the product, and then for further development and commercialization.


Five Questions General Counsels Should Ask About Privacy and Cybersecurity in Third-Party Contracts

Regulators are cultivating an ever-increasing patchwork of data protection laws and regulations. Because third parties may host and process data in various locations around the world, companies must keep abreast of constantly evolving developments in global data protection laws and regulations, including data localization laws and data transfer regulations. Compliance failures may subject a company to considerable fines and penalties (e.g., the EU General Data Protection Regulation, effective in May 2018, will allow penalties of up to four percent of worldwide revenues for compliance failures). In addition, data localization laws, which require that data must remain in the country, are emerging. For example, Russia has such a law, and others have been proposed in Indonesia and China.



Quote for the day:


"Without Simplicity and Transparency, you could become a Happy Underachiever." -- @GordenTredgold