Daily Tech Digest - January 31, 2017

Agile Is King, But Continuous Integration Is An Elusive Goal

Continuous integration with an ability to deploy hourly, often described as an end goal of adopting an agile development process, was cited by 28% as the destination they were shooting for. However, only 14% were actually doing so. Hourly continuous integration a year ago was a goal for only 18%. The added 10% a year late shows how quickly continuous integration is rising in the consciousness of development staffs. It's rising faster than the actual ability to deploy, currently at 14%, but a year ago a similar Dimension Labs survey showed it to be 10%. On the other hand, everyone is trying to practice the meshing of a software update into a production system. Thirty-five percent of respodents said they could integrate updates daily and 17% said weekly. Another 20% do updates on a "less than weekly basis" but still more frequently than the six-month or annual update periods practiced by development staffs of yore.

A human capital challenge in information technology

Leaving IT jobs unfilled can have serious consequences. For instance, with the rise of the IoT, the number of connected devices is estimated to increase to 200 billion by 2020, from 2 billion in 2006.5 Cyberattacks—crimes ranging from data theft to malware—are also on the rise. In 2015, the number of breaches involving the exposure of more than 10 million identities increased by 125 percent and new mobile vulnerabilities increased by 214 percent.6 Without the right IT talent in cybersecurity, the proliferation of the IoT could give cyber criminals increased opportunity to attack and breach businesses. Moreover, IT skills such as cybersecurity and data analytics span all industries from manufacturing and retail to financial services and government. In fact, IT skills in general span several industries, and therefore, filling IT job openings with the right talent is important to the overall performance of the economy.

Smart Cities of the Future: An Innovation or Intrusion?

An interconnected city grid of traffic and pedestrian cameras offers a wealth of actionable Big Data. As an example, in the Dutch city of Rotterdam, “the traffic authority monitors about 22,000 vehicle movements every morning, while the regional environment agency produces hourly data about air quality from sensors across greater Rotterdam resulting in over 175,000 observations per year.” In addition to better managing traffic and public transit, as well as controlling pollution, proponents highlight the ability of such data to enable enhanced policing, crowd control, and even public sentiment monitoring. However, others express grave concerns about the potential for abuse in such systems, especially given the integration of smartphones into connected apps utilized by many smart cities. Although ostensibly “anonymous,” smartphones contain personal markers, and a wealth of information that represents great value to marketers, government agencies, and fraudsters.

Why open source helps you build your applications that much faster

The ability to create new applications quickly, reliably and economically is drawing businesses to open source and inspiring them to use it for ever-larger projects. When developers think of open source, they think "free." And with good cause: it’s technology you can get at no cost and use with few licensing restrictions. However, the association I prefer is to business agility. According to the Forrester Research report "Development Landscape: 2013, 76% of developers have used open-source technology at some level. Open-source technologies offer a variety of benefits to that makes it easier to build your apps, be it bringing innovative ideas to market fast with reduced development costs, creating scalable and portable apps and services, or continuously building, testing and delivering high quality production code.

VR + AI: the very real reality of virtual artificial intelligence

By layering in aspects of natural artificial intelligence, experiences are developing that lose the feeling of being so “unreal;” distinct memories, interactions and relationships are being created that cause the user to question — well, if it happens in real life, but inside of a headset, does that not make it real? Of our five senses, Head Mounted Displays (HMDs) handle vision, a solid pair of 3D headphones like OSSIC handle sound; AxonVR and others are working on haptics and touch…next up is smell and taste, those should be, well…interesting. But beyond our five senses which create the feeling of physical “presence” in a virtual space, is the “immersion” of having a real experience, experiencing the unexpected and having the opportunity to create very real memories. As opposed to playing a pre-programmed “AI” game experience, natural social interaction is the key to this.

Who owns the data from the IoT?

There are two major classes of parties in this space. The first category includes corporations, data brokers and marketplaces, which exchange data among themselves. This is not typically exposed to tight government regulation. The second category is composed of consumers who submit data to a vendor in exchange for a product or service. Agreements in the consumer space may be subject to government oversight. The result is that certain industries such as healthcare must comply with a network of statutes and agency rules. On the other end of the spectrum is the give-and-take approach. Under this approach, the vendor may collect in-depth data from a sensor platform to optimize the user's experience. Here, the contract allows all data to be exchanged in return for incentives such as a curated service or discount. This approach conveys all data usage rights and data title once the end user opts in.

Linux: The 10 best privacy and security distributions

The awesome operating system Linux is free and open source. As such, there are thousands of different ‘flavours’ available – and some types of Linux such as Ubuntu are generic and meant for many different uses. But security-conscious users will be pleased to know that there are also a number of Linux distributions (distros) specifically designed for privacy. They can help to keep your data safe through encryption and operating in a ‘live’ mode where no data is written to your hard drive in use. Other distros focus on penetration testing (pen-testing) – these come with tools actually used by hackers which you can use to test your network’s security. In this article, we’re going to highlight 10 of the best offerings when it comes to both privacy and security.

No silver bullet for business IoT security

One way to sabotage IoT deployments is to replace trusted devices with rogue ones. Existing technologies can help here. SSL/TLS encryption not only ensures that data transmitted by devices is secure, it also confirms a device’s identity. To this end, there has also been renewed interest in PKI (public key encryption). This means more encryption certificates as devices proliferate, which may mean upgrading certificate management capabilities. The encryption suppliers all have new messages around IoT security, including Symantec, Gemalto, Thales, Entrust Datacard, Vormetric and Venafi. Other approaches are being developed to help with IoT device identification. Third-party registries are gaining popularity. These can be referred to for identifying devices and their expected location and function. DNS service providers such as Neustar list known devices and there are specialist databases such as Xively.

Security Automation Isn’t Artificial Intelligence Security

What is confusing many security technology buyers at the moment lies with the inclusion of AI buzzwords around products and services that are essentially delivering “automation.” Many of the heavily marketed value propositions have to do with automating many of the manual tasks that a threat analyst or incident responder would undertake in their day-to-day activities, such as sifting through critical alerts, correlating them with other lesser alerts and log entries, pulling packet captures (PCAPs) and host activity logs, overlaying external threat intelligence and data feeds, and presenting an analytics package for a human analyst to determine the next actions. All these linked actions can of course be easily automated using scripting languages if the organization was so inclined.

Introduction to Machine Learning with Python

Machine learning at a high level has been covered in previous InfoQ articles (see, for example, Getting Started with Machine Learning in the Getting a Handle on Data Science series), and in this article and the ones that follow it we’ll elaborate on many of the concepts and methods discussed earlier, emphasizing concrete examples, and venture into some new areas, including neural networks and deep learning. We’ll begin, in this article, with an extended “case study” in Python: how can we build a machine learning model to detect credit card fraud? (While we’ll use the language of fraud detection, much of what we do will be applicable with little modification to other classification problems—for example, ad-click prediction.) Along the way, we’ll encounter many of the key ideas and terms in machine learning, including logistic regression, decision trees, and random forests, true positive and false positive rate, cross-validation, and ROC and AUC curves.

Quote for the day:

“When you innovate, you’ve got to be prepared for everyone telling you you’re nuts.” --@LarryEllison