Daily Tech Digest - February 25, 2017

EFF: Half of web traffic is now encrypted

Google played a significant role, having put pressure on websites to adopt HTTPS by beginning to use HTTPS as a signal in its search ranking algorithms. This year, it also ramped up the push towards HTTPS by marking websites that use HTTP connections for transmitting passwords and credit data as insecure. HTTPS, which encrypts data in transit and helps prevent a site from being modified by a malicious user on the network, has gained increased attention in recent years as users have woken up to how much of their web usage is tracked, and even spied on by their own government. Large-scale hacks have also generally made people more security-minded as well. A number of larger players on the web also switched on HTTPS in 2016, like WordPress.com which added support for HTTPS for all its custom domains, meaning the security and performance of the encryption technology became available every blog and website it hosted.


AI and Robotics Trends: Experts Predict

Many people fear losing their jobs to robots, but more than likely you will have a robot for a co-worker. Then again, if you've been in the workforce long enough, you've probably already had a robot for a co-worker, just in human form. "In 2017, we are seeing a growing emergence of robots designed to operate alongside people in everyday human environments. Autonomous service robots that assist workers in warehouses, deliver supplies in hospitals, and maintain inventory of items in grocery stores are emerging onto the market," said Sonia Chernova, assistant professor at Georgia Tech College of Computing. These systems need humans because one thing robotics researchers are still struggling with is robotic arms. There's no substitute for the human arm to pick things up and manipulate objects.


IT unbounded: The business potential of IT transformation

Creating an unbounded IT organization will require that CIOs think beyond their own experiences and domain expertise and begin viewing IT through a different operational and strategic lens. For example, they can take a look at the efficiency and effectiveness of current budgeting, portfolio planning, and vendor selection processes and try to identify procedural, administrative, and other constraints that can be eliminated. ... Likewise, they can help streamline their development processes by coming up with fresh approaches to testing, releasing, and monitoring newly deployed solutions. Important to development, IT organizations can work to replace bloated, inefficient skillset silos with nimble, multiskill teams that work in tandem with the business to drive rapid development of products from ideation all the way through to deployment.


Machine Learning-driven Firewall

A few days ago, I happened to come across a website called ZENEDGE which is offering AI driven web application firewall. I liked the concept and thought of making something similar and sharing it with the community. So, lets make one. The first thing to do was to find labelled data but the data I could find was quite old (2010). There is a website called SecRepo that has a lot of security related datasets. One of them was of http logs containing millions of queries. That was the dataset I wanted but it was not labelled. I used some heuristics and my previous knowledge of security to label the data set by writing a few scripts. After pruning the data, I wanted to collect some more malicious queries. Therefore, I went on for payloads and found some famous GitHub repositories containing Xss, SQL and other attack payloads and used all of them in my malicious queries dataset.


Bleeding clouds: Cloudflare server errors blamed for leaked customer data

According to Cloudflare, the problem could have started five months ago, on September 22, 2016. "The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests)," a blog post by Cloudflare's CTO, John Graham-Cumming, explains. In an email exchange, Cloudflare pointed Ormandy to the company bug bounty, which offers a reward of a t-shirt instead of financial compensation, leading Ormandy to speculate the company doesn't take the program seriously. As the disclosure deadline quickly approached, Cloudflare engineers worked around the clock to resolve the problem. Google has started removing cached copies of the leaked data, but other search engines are still holding some copies.


Is Your Industry at High Risk of Insider Threat?

In the movies, data theft is usually the work of outsiders. You’ve witnessed the scene a million times: A cyber thief breaks into a business, avoiding security measures, dodging guards and employees, and making off with a USB stick of valuable data seconds before he or she would have been spotted. But in the real world, data theft is much more mundane. Most cyberattacks are carried out by someone within the company or someone posing as such. Sometimes they take data that’s essentially harmless, like personal files they feel entitled to keep. Other times, what they take is potentially much more harmful. According to a 2016 report from Deloitte, 59 percent of employees who leave an organization say they take sensitive data with them! With IP making up 80 percent of a company’s value, insider threat is something that every company should take seriously.


Smart cities must be people-centered, equitable cities

The development of smart cities builds upon this strong historical foundation with a digital foundation that allows cities to function more efficiently, be more responsive to community members and ultimately create better, more equitable urban environments where people thrive. Cities are beginning to, and will continue to, integrate technological dynamism into municipal operations, from transportation to infrastructure repair and more. The back ends of these systems are not always apparent to the end user — but, as the integration of smart-city technology becomes more visible in our everyday lives, we will continue to see positive changes in our cities.


Report: Why the big challenges in AI aren't close to being solved

For most companies, the initial investment in AI comes in the form of a digital assistant or chat bot. These tools are often being offered free of charge, or folded into other core products, in order to generate and collect the data needed to strengthen the AI behind them. Digital assistant are "a good first yardstick of each ecosystem's competence in AI," the report said. AI is built on data, as is another product many people use everyday: Search engines. As such, it makes sense that companies like Google, Baidu, and Russia's Yandex are growing leaders in the AI space due to their focus on data-powered search. Under these leader, companies like Microsoft, Apple, and Amazon are also investing heavily in their own AI efforts as well.


What Will Tomorrow's Engineers Look Like?

To be sure, a good engineer is someone who has received solid scientific and technical training that allows him or her to devise a pertinent response to a problem, sometimes in a very short amount of time. An engineer must study a situation seriously, go out into the field to understand the facts and listen carefully to analyze phenomena and make improvements. An engineer is also someone who is not afraid of hard work, for more than ever, nothing is granted to anyone without effort. Work provides the opportunity to play a role and make a meaningful contribution to the community. However, as the digital revolution shows, in today's very open and rapidly changing world, an engineer also needs to demonstrate persistence, boldness, team spirit and leadership.


Doing Scrum with Multiple Teams: Comparing Scaling Frameworks

According to Craig Larman and Bass Vodde (the creators of LeSS) the primary rule of scaling agile is: don’t do it! If you have problems with: Cross team dependencies; Risks that affect several teams; and Scheduling of (coordinated) deliveries, you might need a scaling framework. If you can deal with these problems by re-arranging your teams and product structure, you are better off without one. If you can’t, please continue reading. All three frameworks start with cross-functional, self-organizing Scrum teams. The teams vertically slice requirements into the smallest possible increments that can be deployed independently. Teams are also expected to focus on technical excellence such as doing continuous integration and automated regression testing.



Quote for the day:


“Capital isn’t scarce; vision is.” -- Sam Walton