Daily Tech Digest - May 03, 2017

How Microsoft Plans To Reinvent Businesss Productivity

Intentional Programming was Simonyi's idea for making development easier for non-developers using domain-specific languages that describe all the details of an area of expertise, whether that’s marine engineering or shoe manufacturing. “The Intentional platform can represent domain specific information both at the meta-level (as schemas) and at the content level (as data or rules),” Simonyi notes in his rather vague explanation of the acquisition; it’s all about moving from generic applications that help anyone create a generic document like a letter or an invoice, to much more specific systems that incorporate rules and definitions but are still as easy to use as Word and Excel. An expert in pensions, for example, could write down the details of a pension contract as mathematical formulas and tables and test cases in text descriptions


Self Contained Systems (SCS): Microservices Done Right

It is important that an SCS does not just handle a specific domain object. For example a SCS for customer data does not make a lot of sense: There will be customer data in many different Bounded Contexts. So coming up with a single model for a customer and implementing it in a separate SCS is not possible. Even if it was, each system will use customer data and so there will be too many dependencies to that system. This is also the reason why the split into SCS should be motivated by user stories, Bounded Contexts or the user journey - this top-down-approach will lead to a set of decoupled systems. While it might make sense to identify common parts later on, this should not be the focus. Common logic might be separated in a different system, but that means that the SCSs will have a dependency on the common system, which means that they not that decoupled any more.


Cyber Security in Belfast: An Industrial Reinvention

Northern Ireland’s investment in CSIT and in developing a robust cyber security talent pool has already reaped significant dividends. An ultra-competitive recruitment market has driven U.S. tech companies to look overseas for talent, and Northern Ireland has taken advantage. Companies have been pouring into the area over the last few years enticed by the hard-to-find skillsets being nurtured at Queen’s and Ulster University. For instance, before making its decision on where to expand its Center for Open Source Research and Innovation, Massachusetts-based Black Duck advertised positions it was seeking to fill in both Boston and in Belfast. The result? Belfast produced five times as many qualified applicants as the U.S.


Is It Safe to Preserve Data in The Cloud

Eventually, it seems, that even the most secure organization can be infiltrated. As a result, organizations should also have a corruption detection and prevention system. Of course data stored in the cloud should be stored or sent to the cloud in such a way that a company can recover from any corruption or accidental deletion, and make it harder to accidentally delete cloud data, and the data must also be proactively monitored for corruption or attacks. Most cloud vendors do have the ability to have multiple copies of data in different geographies. However this is more of a HA rather than a preservation function as typically snapshot integration is not native nor simple in the cloud across tiers and across clouds. Traditional cloud vendors also do not yet support WORM functionality that could prevent accidental or malicious deletion or corruption of data, nor do they support automated integrity checks of the data.


In the digital era, CIOs not buying ‘this bimodal crap’

The CIOs say there were some bumps along the way, but nothing unexpected, while trying to cajole IT workers to unlearn years of learned processes. Management buy-in is also essential for success. "We have people who understand our business and secret sauce but they’ve been doing things a different way for 20 years," Shurts says. "They get excited about agile, they see that it’s better but then we do a pilot and it’s a lot harder than they think. They really want to do it but they have to unlearn habits learned over 20 years… The good news is we’re getting through that and we’re starting to see innovation and really good results." Schulze says people may need to be retooled because they were successful learning how to do IT in a certain way but success will ultimately hinge on having the right culture and mindset to facilitate change.


IoT Security Concerns

When looking at all of the different ways that IoT devices can be modified to do bad things a few different ideas come to mind in terms of risk. How easy is it for a non-authorized user to gain access to a given device and what kind of device is it? If the device is a network router, that is a big problem. If the device is a water sensor and you need a lot of networking equipment to do it, then the risk can be classified as a low risk. How an IoT device is modified is also a problem. If the IoT device is hacked in such a way that it becomes unusable, because the code ran out the the battery power that is a bigger deal than say an IoT device which can be fixed by sending it a reboot. Knowing something about the people involved and the process used to gain access can help assessing risk. There are also broadly speaking three classifications of users who work on accessing things which they don’t have access.


Microsoft will separate Edge from OS updates

It’s no secret that Microsoft’s Edge browser, the revamped browser that shipped with Windows 10 as a replacement for Internet Explorer, is struggling to gain any sort of traction. As IE fades rapidly, Google Chrome has been picking up share while Edge remains stubbornly at 5%. As I illustrated last week, Edge doesn’t really have one (and edge, that is). It’s painfully slow. I should not be able to watch a website load piece by piece in 2017 on a broadband connection. Much of the problem stems from the fact that Edge updates are tied to operating system updates. So Edge doesn’t get an overhaul until Windows does, and that has only really happened twice, with the Anniversary and Creators Updates. Compare that to Chrome, which seems to get a new build every week.


Making Sense Of Cybersecurity Qualifications

It’s a growing problem for many employers. Increasingly, hiring companies must sift through resumes that tout cybersecurity-related degrees, certificates, industry certifications, apprenticeship credentials, digital badges, micro master’s degrees, nanodegrees and other credentials – trying to determine what a candidate really knows and how those credentials fit together. The influx of credentials is causing plenty of confusion for students, employers, policymakers and for the certifying organizations themselves, says Holly Zanville, senior adviser for credentialing and workforce development Lumina Foundation, a private group focused on increasing success in U.S. higher education. “It used to be that most of these [credentials] would be awarded by colleges and universities, but not anymore,” Zanville says.


Serverless Takes DevOps to the Next Level

Function-as-a-Service (FaaS) provides a managed runtime for executing any arbitrary code that has been uploaded to this service. This may look identical to just deploying a runnable artifact onto a compute instance (server) and having an operating system execute it but it’s not. FaaS takes care of making the function available at the scale required to satisfy the current demand but only charges for the execution count and time. At the same time it abstracts away the setup of the actual runtime (like JVM or NodeJS) and the operating system itself. ... And that’s the beauty of it - the entire compute stack is completely managed by the cloud provider, including the OS process running the function code. This simplifies the management of the compute infrastructure immensely, and combined with a pay-as-you-go billing model, offers an incredibly flexible and cost-effective compute option, compared to a more traditional Infrastructure-as-a-Service (IaaS) compute model.


Financial Services Sector the #1 Target of Cybercriminals

"The primary goal is money," says Dave Hylender, senior network engineer at Verizon. "That is the driving force behind most of these attacks." Financial services organizations cut the intermediary step between cybercriminals and the funds they seek. Hackers can obtain troves of data in attacks on healthcare organizations, but they have to take additional steps to monetize that information and open fraudulent accounts. However, money is more easily accessible if you can get malware onto bank systems, he explains. Threat actors can access usernames and passwords, withdraw money, and create fake debit cards, among other illicit activities. "Financial services targets will always be a lucrative reward if successfully compromised," says Michelle Alvarez, threat researcher at IBM X-Force. "Healthcare and retail targets can be profitable



Quote for the day:


"An intellectual is a man who says a simple thing in a difficult way; an artist is a man who says a difficult thing in a simple way." -- Charles Bukowski