Daily Tech Digest - April 04, 2017

Augmented, Virtual, and Mixed Reality: the Outlook for Tomorrow

Augmented reality can be described as an additional layer to our reality. It does not replace the real world, it just adds something, you can still see or hear the environment around you, whereas VR completely puts you in a different reality with total immersion. AR can’t change people’s imagination of the world and its representation, but complements the real world with artificial objects and new information. There are various types of AR. The key differences between them are the objectives and use of applications. ... Of all the three ‘realities’, this one is the least known, but ironically, perhaps, has the easiest path to consumers. The easiest way to explain MR is to say it combines the best aspects of VR and AR. MR mixes with virtuality, adds believable virtual elements to the world. The aim of MR is to unite the best characteristic of virtual reality and AR.

The 2 Biggest Cybersecurity Fears of NASDAQ's Chief Information Security Officer

I recently spoke with Lou Modano, Chief Information Security Officer of NASDAQ, and asked him what his greatest fears are right now when it comes to keeping NASDAQ cyber-safe. Of course, there are many threats facing NASDAQ - from criminals to hacktivists to nation states - and the stock exchange obviously has an army of highly skilled information-security professionals, intensive information-security-related training, and a robust information-security technological infrastructure, so my question went beyond the usual technological and human issues, and, instead focused on what risks are hardest to correct even with significant cybersecurity resources. As such, CISO Modano's observations provide insight into the big-picture problems that businesses, cybersecurity professionals, and policymakers should be thinking about.

Fortify IoT infrastructure now, even for simple deployments

"A lot of the current deployments really don't need that much bandwidth," Stolarski said. Latency is not a concern for these IT pros, and they typically view data on dashboards, rather than use real-time analytics or decision-making at the edge, Stolarski said. Kevin Roberts, director of platform technology at FinancialForce, a cloud-based software startup in San Francisco, is building out the financial back end to support a growing number of IoT deployments in the enterprise. Roberts said he's seen a turnaround in terms of the acceptance of cloud computing in recent years, which has shifted from mistrust of the cloud to widespread acceptance. Right now, it's unclear what sort of backbone enterprises will use to support their IoT efforts, Roberts said. There will continue to be a shakeout to decide who will buy, own and manage IoT infrastructure.

Chinese hacking group targeted firms though IT MSPs

The espionage campaign has targeted managed MSPs, potentially allowing the APT10 group unprecedented access to the intellectual property and sensitive data of those MSPs and their clients around the world. This campaign provides a useful reminder that an organisation’s entire supply chain needs to be managed and that organisations cannot outsource their risk, said the NCSC, adding that MSPs are particularly attractive to attackers because they often have highly privileged access to systems and data. “As part of your procurement, you should have ensured that your service providers all manage their security to a level broadly equivalent to that you would expect from your internal functions. This incident provides a useful impetus to revisit those discussions,” the NCSC said.

Cybercriminals Seized Control of Brazilian Bank for 5 Hours

The operation actually began at least five months prior to the actual hijack on Saturday, Oct. 22. Bestuzhev says it's unclear just how the attackers were able to compromise the DNS provider, but notes that Registro.br in January of this year patched a cross-site request forgery flaw on its website. "Maybe they [the attackers] exploited the vulnerability on that website and got control. Or … We found several phishing emails targeting employees of that registrar, so they could have spear-phished them," he says. "We don't know how exactly they originally compromised" the DNS provider, he says. The bank didn't deploy the two-factor authentication option offered by Registro.br, which left the financial institution vulnerable to an authentication-type attack as well as authentication-type flaws such as CSRF, Fabio Assolini, a Kaspersky Lab researcher said here today during a presentation about the bank hijack discovered by Kaspersky.

A Comprehensive Look at F# 4.1

At the top of the list are Struct Tuples. Tuples are very important to idiomatic code in F# and other functional programming languages. A major criticism of F#’s implementation, known as System.Tuple, was that it is a reference type. This means potentially expensive memory allocation is needed each and every time a tuple is created. Being immutable objects, that can happen quite frequently. This was solved in .NET by the introduction of the ValueTuple type. Also used by VB and C#, this value type will improve performance in scenarios where memory pressure and GC cycles are an issue. Care has to be used, however, as repeatedly copying ValueTuples more than 16 bytes in size may introduce other performance penalties. In F#, you can use the struct annotation to declare a struct tuple instead of a normal tuple. The resulting type works similarly to a normal tuple, but is not compatible so switching is a breaking change.

Data Deduplication: It’s Not Just About Storage Savings Anymore

The data backup and deduplication solution should allow discovery of how content propagates across the organization. It should not obscure the trail that shows where a piece of content originated. And it’s important to remember that dark data doesn’t just comprise files but also the metadata associated with each file, which tells what devices contain the content, when the file was created, when modifications were made and other key data points. Endpoint data is incredibly vulnerable to theft and loss since the devices that contain it are more likely to be lost or stolen. And the dangers are growing since there is a huge profit motive to gain access to that data. Ransomware attacks, for example, are growing at an alarming pace. And data breach costs in general are rising.

Why Enterprises Are Upgrading To Windows 10 Faster Than Expected

One reason the pilots and deployments are going so smoothly is that, in many cases, enterprises are rolling out Windows 10 as if it were Windows 7, says Kleynhans. “It's pretty much as a direct replacement; they're not necessarily making much use of the new features.” Instead they’re using the pilots and early deployments to gain familiarity with the new OS, starting with an experimental pilot in one division (or even one country) that then expands across the organization. “They're turning on maybe one or two new features but they're not really rushing forward with all the new enterprise features,” he says. The features enterprises do adopt are the security enhancements in Windows 10. “They’re really intrigued by the new security capabilities; they're looking forward to those. That's one of the things driving Windows 10 adoption,” says Kleynhans.

Application support and maintenance add up to operational ALM

To achieve true software-enabled automation of application support and maintenance -- the holy grail -- the operations team must implement the complete state-event description of an application's operational lifecycle in DevOps tooling. Continuous delivery and application availability management becomes a reality when development and change management tasks, implemented through ALM practices and tools, are integrated with DevOps-based operational application maintenance and support. With more cloud and virtualization adoption, the imperative to manage operational lifecycles grows. These same forces demand the use of software automation to improve efficiency and reduce configuration errors. Without an effective way of managing the operational lifecycle of applications, much of the effort put into traditional ALM will go to waste.

Analytics, internet of things to drive data volumes to 163ZB by 2025

According to the study, we are transitioning from a period in which information has been transformed from analog to digital to one in which digital information will increasingly be a critical part of systems required for everyday life-critical systems that use analytics, machine learning and the internet of things (IoT).  According to the study, Data Age 2025: The evolution of data to life critical, nearly 20% of the world’s data will be critical to our daily lives by 2025, and nearly 10% of that will be “hypercritical”. A large portion of this will be created by embedded systems and the IoT. By 2025, an average connected person anywhere in the world will interact with connected devices nearly 4,800 times per day. That’s one interaction every 18 seconds. The amount of data subject to analysis is estimated to grow by a factor of 50 to 5.2 ZB in 2025.

Quote for the day:

"If you're not prepared to be wrong, you'll never come up with anything original." -- @SirKenRobinson