Daily Tech Digest - June 30, 2017

What is Docker? Linux containers explained

Containers decouple applications from operating systems, which means that users can have a clean and minimal Linux operating system and run everything else in one or more isolated container. Also, because the operating system is abstracted away from containers, you can move a container across any Linux server that supports the container runtime environment. Docker, which started as a project to build single-application LXC containers, introduced several significant changes to LXC that make containers more portable and flexible to use. Using Docker containers, you can deploy, replicate, move, and back up a workload even more quickly and easily than you can do so using virtual machines. Basically, Docker brings cloudlike flexibility to any infrastructure capable of running containers. Thus, Docker is often credited for the surging popularity of modern-day containers.


Teardown of 'NotPetya' Malware: Here's What We Know

The malware can spread by using two attack tools built by the "Equation Group" - likely the National Security Agency - and leaked by the Shadow Brokers. The tools generate packets that attempt to exploit an SMB flaw in prior versions of Windows. "The new ransomware can spread using an exploit for the Server Message Block (SMB) vulnerability CVE-2017-0144 (also known as EternalBlue), which was fixed in security update MS17-010 and was also exploited by WannaCrypt to spread to out-of-date machines," Microsoft says. "In addition, this ransomware also uses a second exploit for CVE-2017-0145(also known as EternalRomance, and fixed by the same bulletin). "Machines that are patched against these exploits (with security update MS17-010) or have disabled SMBv1 are not affected by this particular spreading mechanism."


Eight obstacles to overcome in your digital transformation journey

"Digital transformation involves a significant change, and usually changes to people's jobs, compensation, bosses, and the type of work they do," said Marc Cecere, vice president and principal analyst on Forrester's CIO role team. "Making that kind of change is difficult, and is something where there is not a lot of science. Make sure you have someone on board who knows how people's minds are changed, and how to adapt to new business models." Organizational siloes are one of the biggest impediments to digital transformation efforts, in terms of understanding the customer journey, said Gianni Giacomelli, chief innovation officer at Genpact, and head of its Genpact Research Institute. Often either the IT group or the business lines try to solve it, and do not work together deeply, Giacomelli said.


Critical Infrastructure Protection: Security Problems exist despite compilance

The electronic security perimeter (ESP) is the control systems, server room, telecom room and so on. The critical cyber-assets will fall under this section of CIP. For the most part, entities covered by CIP will spend a good deal of time and energy constructing a hard exterior (the ESP), but assets contained within – the guts – are soft. "We're talking fairytale darkness here, all of the stuff you see on television when the power grid goes down, that's going to happen when the ESP is successfully breached," Grimes said. You would think that the ESP would be the ultimate hard point, but it isn't in most cases. physical access controls (PACs) are not covered under the ESP section. For example, video cameras are a weak point, as they're not considered when it comes to the ESP.


Global shipping feels fallout from Maersk cyber attack

The impact of the attack on the company has reverberated across the industry given its position as the world's biggest container shipping line and also operator of 76 ports via its APM Terminals division. Container ships transport much of the world's consumer goods and food, while dry bulk ships haul commodities including coal and grain and tankers carry vital oil and gas supplies. "As Maersk is about 18 percent of all container trade, can you imagine the panic this must be causing in the logistic chain of all those cargo owners all over the world?" said Khalid Hashim, managing director of Precious Shipping (PSL.BK), one of Thailand's largest dry cargo ship owners. "Right now none of them know where any of their cargoes (or)containers are. And this 'black hole' of lack of knowledge will continue till Maersk are able to bring back their systems on line."


How to write event-driven IoT microservices that don’t break

One concept that jumped out at me was the notion of a “heisenbug,” which the article defines as “timing-related bugs that often disappear during an investigation of it.” The term “heisenbug” stems from the analogy of physics’ Heisenberg Uncertainty Principle, under which the attempt to observe a system inevitably alters its state. Where computing environments are concerned, heisenbugs are equivalent to probe effects, in which attaching a test probe—or simply sending an asynchronous test ping—to a system changes its behavior. What that implies is that the very act of trying to isolate, analyze, and debug some systemic glitches will alter the underlying systemic behavior of interest—perhaps causing the bugs in question not to recur. One of the chief causes of heisenbugs are race conditions, under which a system behaves erratically when asynchronous input events don’t take place in the specific order expected by that system’s controlling program.


Blockchain remains a work in progress for use in healthcare

Blockchain has inherent qualities that provide trust and security, but it is not a technological panacea for all that ails healthcare when it comes to cybersecurity, believes Debbie Bucci, an IT architect in ONC’s Office of Standards and Technology. “When I look across other industries, I don’t see any of them really aggressively adopting it,” says Bucci, whose primary focus is on the privacy and security aspects of health information exchange. “There’s a lot of proof of concepts, pilots and use cases being defined. But, I have yet to see major companies stepping up to support blockchain—beyond Bitcoin, of course.” According to Bucci, ONC continues to keep a close watch on what develops in the marketplace when it comes to blockchain, which is still evolving and maturing, especially with respect to its applicability to healthcare.


The 360 degree approach to cyber security

In order to take the right security measures, you need to understand where to direct your attention. A good start is to assess who the potential adversaries are, and what damages a security compromise can cause – a risk analysis if you will. Getting a full view of the attack surface is an integral part of this, but it’s not easy. Many companies don’t even know their digital footprint, leaving them unaware of potential entry points for attackers and threats. Plus, the IT systems in many companies have grown organically, resulting in intertwined systems, outsourced infrastructure, and 3rdparties that are digitally connected and integrated with business processes. Keeping all of this under rigid control is virtually impossible. And while there are technical solutions that provide the visibility you need, just mapping your digital footprint isn’t enough.


Five DevOps principles to apply to enterprise architecture

Because DevOps breaks down barriers that traditionally separate various teams within an IT organization, individual roles need to be malleable. For example, someone whose job title is "developer" should have the organizational flexibility to participate in IT operations work when needed. DevOps is about cultural practices, not specific technologies or tools. Still, DevOps works best when the IT team has modern, agile tool sets and frameworks at its disposal. For example, migrating from virtual machines to containers can help your organization manage DevOps more effectively. When designing your enterprise architecture, controlling access to sensitive information about the infrastructure or the data stored on it is important. But this need should be balanced against the importance of maximizing visibility across the organization.


Medical Device Cybersecurity: A Long Way to Go

In a statement provided to ISMG, the FDA says it generally does not comment on specific studies, "but evaluates them as part of the body of evidence to further our understanding about a particular issue and assist in our mission to protect public health. The FDA is carefully reviewing the findings of the report. The FDA takes medical device cybersecurity seriously , and we look forward to engaging directly with the sponsor of the report so we can have a better understanding of the report's data, methodologies of information collection and conclusions." The FDA also notes: "Medical device manufacturers must comply with federal regulations. Part of those regulations, called quality system regulations, require that medical device manufacturers address all risks, including cybersecurity risk.



Quote for the day:


"Do not be concerned that no one recognizes your merits; be concerned that you may not recognize others." -- Confucius


Daily Tech Digest - June 29, 2017

On-premise or In the cloud? Most suitable location for apps in a hybrid environment

If the application, or the data it processes, is subject to regulatory oversight under compliance regimes such as HIPAA or PCI, then there is a clear need to understand the security compliance status of that application, and if moving it to the cloud will risk a compliance violation. For example, HIPAA requires accountability practices on all Local Area Networks, Wide Area Networks, and for users accessing the network remotely through a Virtual Private Network (VPN). If the application needs to be compliant with PCI, you will need to have a firewall at each Internet connection the application uses, and between any network demilitarised zone and the internal network zone. Applications under this regulation, and others, are not ideal candidates for migration to the cloud.


Building AI: 3 theorems you need to know

Combined with the no-free-lunch-theorem, we realize this is the only way to create an effective learner: change its inductive biases so it can become effective for something else, namely, our data. Inductive biases also have to do with the problem of overfitting. In machine learning, overfitting occurs when your model performs well on training data, but the performance becomes horrible when switched to test data. Overfitting happens when you apply incorrect inductive biases in a model. If the equations of the model truly reflect the data (for example, a linear model applied to data generated by a linear process), then any fit will be a correct fit for test data. In a way, the model – in its very architecture – contains knowledge about the data. Such a model can learn very fast; with only a few data points, it can begin generating accurate predictions.


This Cell Phone Can Make Calls Even Without A Battery

There is still a long way to go before that happens. The phone has a basic touch-sensitive number pad and its only display is a tiny red LED that glows briefly when a key is pressed. A large touchscreen would require around 400 milliwatts—over one hundred thousand times as much as power as Talla's phone currently needs. Most importantly, voice calls are still awkward. You have to press a button, walky-talky style, to switch between listening and talking, and sustaining a conversation through clouds of static is near impossible. Talla promises better call quality and an E-Ink display for text messages on the next generation device, possibly along with a camera to snap selfies. Smith says that even as the prototype stands, built from off-the-shelf components, it is much cheaper than a normal phone.


The Internet of Things is Revolutionizing Tracking and Receiving Packages

In a perfect world, pressing a button in your bathroom when you are out of toilet paper only to have a drone drop it on your doorstep hours later is the height of convenience. You don't even have to make a shopping list or tie a string around your finger in order to remember this often-forgotten necessity. But when you have to worry about someone driving by and seeing the toilet paper on your doorstep, realizing they are also out of toilet paper, and taking it for themselves, this stops being a convenience and instead becomes another burden of daily life. Going to the store on your way home is certainly preferable. The Internet of Things has come up with a number of solutions to stolen packages. So far the doorbell camera seems to be one of the most popular choices, followed by sitting at home waiting for your package to arrive.


Rise of the Machines

Move over R2D2 – robots are no longer just the stuff of sci-fi. They’re already here, and whether it’s through advancing drug design or charting the oceans, UK technology is transforming the impact that robots are having on our lives. At STFC, we’re helping to develop robots that can combat world hunger and explore the universe. Our research is driving forward the field and bushing the boundaries of what robots can do. Meanwhile, a whole variety of other UK-funded research is developing robots for use in medicine, disaster relief, deep sea exploration and so much more. Robots are helping us to achieve incredible things, and they’re changing the world around us in ways that nobody – not even George Lucas himself – could have predicted.


Can Design Thinking Unleash Organizational Innovation?

Design thinking’s ability to uncover customers’ unarticulated needs and its processes for testing potential success with small inexpensive experiments provided the framework they needed. The team ultimately focused on three core design principles: “customer empathy,” “go broad before narrow” and “rapid experimentation.” I love the phrase: “Uncover customers’ unarticulated needs.” The heart to any organization looking to become more innovative and creative in their thinking is to “uncover customers’ unarticulated needs.” It is likely the biggest operationalization challenge when it comes to integrating data science into an organization’s business models; to help organizations to become more effective at leveraging data and analytics to uncover their customers’ unarticulated needs.


Microsoft Cognitive Services brings cloud AI to the enterprise

The learning curve for Microsoft Cognitive Services is minimal for developers already familiar with building cloud applications, and those who are unfamiliar can integrate Cognitive Services with Azure Logic Apps with minimal coding. Still, these services aren't without their challenges. For example, it can be difficult to connect cloud-based applications with internal data sources, whether they reside on central databases or are distributed across remote systems and sensors. Implement a hybrid network and data integration strategy before you deploy production AI applications. Developers should also use Microsoft's free service tier to become familiar with the AI services, APIs and SDKs and to build and test applications.


‘Separating IT and cyber security: A necessity not a nice to do’

Cyber security and IT responsibilities must be separated in order to provide adequate checks and balances and ensure that existing cybersecurity measures are effective in protecting the business against a variety of malware and ransomware. In most organisations, IT departments are responsible for configuring and maintaining on-premises network infrastructures and cloud based systems, so they cannot also be responsible for verifying the security of these networks. This situation would be akin to asking a payroll professional to audit their own entries – in short, it’s simply not appropriate. When a business reaches a certain size, it will almost certainly engage with two separate accountancy firms, one to file its taxes, and another to complete its annual audit. The two very rarely interact, and it is unlikely that businesses would entrust the same firm with both responsibilities.


Security in a cloud-native environment

If you are architecting a cloud solution that can scale to support large volume, can run across different data center instances, and can be provisioned semi or fully automatically, you need to consider security as one of the core building blocks of your architecture. Cloud-native microservices are growing in numbers exponentially, and the rise of IoT is making ways to create more and more interfaces and service endpoints—this makes it more critical to secure application endpoints based on role-based authentication. Every incoming request knows the caller and its role with respect to the called application endpoint. These roles essentially determine if the calling client has enough privileges to perform the requested operation on the called application.


Life As An IT Contractor

Jerry McKune, an independent IT contractor based in the St. Louis area, said he appreciates the variability of IT contracting and the opportunity to keep learning new skills. “I love variety. I cannot stand to do the same thing over and over and over again. There’s a lot of variety in the contract world.” The challenge of variety, however, is that each new assignment means a new learning curve. “Education takes time,” McKune said. “If you’re on a six-month contract, and there’s a four- to five-month learning curve, there’s only going to be a short period of time at the end of it where you really know what you’re doing and you’re capable of performing the tasks assigned to you without help from somebody else.” Learning to rely on other people and not being afraid to say you don’t know something are essential traits.



Quote for the day:


"The only person you should try to be better than, is the person you were yesterday." -- Tim Fargo


Daily Tech Digest - June 28, 2017

What ever happened to Google Docs' Android add-ons?

Google's developers' site does note that add-ons for Docs and Sheets on Android are still in a "developer preview" status -- meaning Google reserves the right to change certain things about how the integration works as well as "the way in which this feature is distributed, discovered and used." Still, the site is actively encouraging developers to create their own add-ons -- most sensibly by modifying an existing standalone app to support the integration as opposed to creating a separate app solely for this purpose. All developers have to do, according to the published guidelines, is implement the integration and then request a "style review." The review ensures all add-on apps are "designed well, [follow] the UX Style Guide, and [do] not include or produce any spam, malware, or unacceptable content."


6 Ways To Prevent Burnout In Your IT Staff

Tech pros don’t want to feel that they’re cogs in a wheel, nor do they want to be micromanaged; rather, they want to feel they’re making an impact and that they have input into decisions that drive results. That’s the philosophy at online mortgage lender Quicken Loans, according to Teresa Wynn, senior vice president for the office of the CIO at the company. Wynn says the IT executives and managers at Quicken Loans strive to empower tech pros by creating a culture that allows them to take charge. Management principles, such as giving workers a degree of freedom and support to pursue their own ideas when tackling projects, as well as formal programs like Bullet Time, a weekly four-hour period when IT team members can work on projects of their own choosing, help achieve that goal, she says.


8 Major Problems Healthcare CIOs are Facing

While security and privacy concerns have been created by modern technology, it has done really well when it comes to patient cares. Security challenges are come in two levels. The first one is the current security risks. Although business protection is a key goal that businesses have worked to maintain, it's still a challenge that many businesses struggles with. Most businesses unknowingly are prone to common vulnerabilities by leaving their data open. The second problem is that of the internet of things (IoT). The more gadgets are connected to the Internet presents a great security challenge as brand new security threats are to be monitored. This disposes the business to new attacks and creates a new security problem that business must understand very quickly and be able to deal with it.


Security leaders need to focus on minimum effort, not minimum compliance

At the end of the day, companies need to stop worrying about the myriad of regulations and trying to do the bare minimum for each, rather they need to develop a comprehensive policy that, yes, meets the regulations, but also maximizes the benefits for the organization and consumers. What we see time and time again is that the companies who are prepared save money—not just in hard costs, such as insurance premiums and third-party services, but in the more holistic manner in which they approach overall cybersecurity. For example, proper assessment and preparation can help companies demonstrate they have taken reasonable and appropriate actions in the face of a breach, potentially limiting their liability and protecting their reputation.


7 keys to structuring your Node.js app

As adoption continues to rise, more and more developers will climb the Node.js learning curve, confronting similar problems and coding similar functionalities. Thankfully, the Node.js community has come to the rescue with frameworks and design patterns that not only solve common problems, but also help in structuring applications. Frameworks generally implement MV patterns like MVC (model-view-controller), MVVM (model-view-viewmodel), MVP (model-view-presenter), or just MV. They also tell you where the code for models, views, and controllers should be, where your routes should be, and where you should add your configurations. Many young developers and Node.js enthusiasts do not really understand how design patterns or OOP (Object Oriented Programming) diagrams map to the lines or structure of the code in their application.


Bankers Are Hiring Cyber-Security Experts to Help Get Deals Done

The wake-up call for cybersecurity expertise during mergers and acquisitions came after a 2014 Yahoo! Inc. hack affected about 500 million accounts, damaging the company’s reputation and causing Verizon Communications Inc. to cut its offer to buy the company by $350 million. There’s concern that computer viruses can be planted and remain dormant until after a deal, leaving the acquirer to cope with stolen customer data, industrial secrets or ransom demands. At Deloitte, Bittan’s French team started the service about 3 months ago and has signed up about a dozen customers since. Deloitte’s global cybersecurity unit more broadly had sales of $850 million during the full-year that ended end-May 2016 and has a target for $1.8 billion by end-May 2020.


How cyber insurance helps you deal with a data breach

Data breach is a phenomenon every company hates yet we hear about data breaches so frequently. Not only a data breach can financially wreak a havoc on a companies’ finances, it can also seriously damage its public image and goodwill. Who can forget the massive 4 billion dollar data breach cost Epsilon had to pay in 2011 and who can also forget the immense reputation damage Target faced due to its customers’ credit card compromise in late 2013! So if data breaches are almost inevitable, how can we deal with its aftermath? A solid cyber insurance policy can go a long way in efficiently assessing the given situation and guiding you in the right direction. To learn more about how Cyber insurance helps with data breach management, read on below ‘Infographic’ created by Cyberpolicy.


Understanding analytics and storage performance

Within analytics there are a number of workload types that include: big data environments such as Hadoop and Apache Spark; data warehousing with query-intensive workloads, usually emanating from structured data; streaming, such as ingestion technologies that store raw data and make it available for batch or stream processing; NoSQL for non-tabular data storage, and; search, such as that deployed by log file analysis companies like Splunk. Organisations increasingly need a mix of different analytics capabilities. Some small, data-focused systems can easily shoulder the load of an SQL database on a standard platform. But, information-focused analytics will require something like Hadoop with a completely different I/O footprint, while a NoSQL approach creates different I/O demands altogether. These can be boiled down to two basic models: synchronous vs asynchronous.


What CISCO's New Programmable Switches Mean For You

The ability to program network components is not new. Cisco’s Application Centric Infrastructure (ACI), the company’s original software-defined networking platform, had some of these components. In 2014 Cisco launched DevNet, its developers' network that provides an array of training resources for programming network components and integrating applications – both third-party and custom ones - into Cisco network hardware. The launch last week of Cisco’s new intent-based networking platform continues this trend. Use cases for this programmability are far ranging, says Zeus Kerravala of ZK Research and a Network World Blogger. “Not all networks are going to be programmed by developers,” he explains. “Part of this is about the ability for application developers to use resources from the network to improve their apps.”


The economics and impact of bad CISO leadership

Strong leadership is crucial to counteract daily attacks from hackers, and if your leadership skills are weak, other CISO’s are going to easily recruit your staff away to improve their cybersecurity program. The best leaders in cybersecurity don’t have employee retention issues, because it is a competitive market and employees don’t have the career patience for lousy leadership. Often employees are willing to take a pay and title cut to escape poor leadership that can be emotionally disruptive outside of the workplace. Unfortunately, there are many cases when an employee has to drag themselves out of the car in the company parking lot to earn a paycheck, because they dread the leadership they have to face in the office on a daily basis. Poor leaders are always going to disappoint and let down employees every day, often times because they are broken within themselves



Quote for the day:


"Coming up with an idea is the least important part of creating something great. ... The execution and delivery are what's key." -- Sergey Brin


Daily Tech Digest - June 27, 2017

8 Ways Millennials Impact Your Security Awareness Program

Millennials are the first generation for whom computer devices are ubiquitous in their daily activities. Consider that laptops have become the computer of choice and can be taken anywhere. Cellphones are more powerful and functional than computers were a decade ago — and millenials have had these devices in their pockets for as long as most of them can remember. But use of a technology does not mean that it is safely used and millennials' comfort with technology does not mean that they are more security aware. The tendency is to use technology in a way that is most convenient, not most secure. And while there has been some effort to protect their privacy — primarily from their parents and others — this does not mean that they are aware of all the things there are to protect and how to protect them. The fact is, the more information that is available, the more vulnerable it is made.


Tools that increase IT efficiency pave the way for digital transformations

Content is core to the work of Densho, an organization whose mission is to preserve the testimonies of Japanese Americans who were held in internment camps during World War II. In the past, Densho needed a complex storage environment to house its 30TB of production data, says Geoff Froh, deputy director and CIO at the nonprofit organization based in Seattle. “The two-tier infrastructure was composed of high-performance SAN hardware and high-capacity consumer-grade NAS appliances. The SAN was expensive, difficult to manage and not scalable. The NAS gear was unreliable and lacked the IOPS to handle our workload,” Froh recalls. Densho turned to storage start-up Qumulo, which aims to help enterprises store their data more efficiently and with greater visibility into how content is being used.


Good managers give constructive criticism—but truly masterful leaders offer constructive praise

Most leaders “vastly underestimate the power and necessity of positive reinforcement,” Jack Zenger and Joe Folkman, CEO and president of Zenger/Folkman, write in Harvard Business Review. An abundance of research shows that giving positive feedback increases employees’ sense that they’re learning and growing at their jobs, makes them feel valued, and leads to increased confidence and competence. A 2015 Gallup survey found that 67% of employees whose managers communicated their strengths were fully engaged in their work, as compared to 31% of employees whose managers only communicated their weaknesses. One study found that high-performing teams receive nearly six times more positive feedback than less effective teams—evidence that positive reinforcement really does help the bottom line.


A massive cyberattack is hitting organisations around the world

Many of the initial reports of organisations affected came from Ukraine, including banks, energy companies and even Kiev's main airport. But since then more incidents have been reported across Europe, indicating the incident is affecting more organisations more widely. The National Bank of Ukraine said it has been hit by an "unknown virus" and is having difficulty providing customer services and banking operations as a result, while Kiev's Boryspil International airport is also understood to be suffered from some kind of cyber attack. Ukraine's Interior Ministry has already called the cyberattack the biggest in Ukraine's history. Danish transport and energy firm Maersk has confirmed that its IT systems are down across multiple sites due to a cyberattack, while Russian petroleum company Rosneft has reported a "massive hacker attack" hitting its servers.


How Proper Offboarding Can Help Prevent Data Breaches

"We need to move beyond having a key card or simply taking away people's keys," Hoyas added. "That's not effective nowadays because we have a very mobile workforce." Employees use mobile phones, work remotely on laptops, and log in to company systems from their own computers through shared drives or the cloud. "You need to manage your employees wherever they exist and wherever they log in from," he said. "Users log in from home, from their office and they can log into apps and e-mails from their own devices. Most of the time companies aren't paying for people's cellphones," he pointed out. Employers should keep that in mind when an employee leaves and they must cut off access to his or her computer, Hoyas said.


Under pressure, Western tech firms bow to Russian demands to share cyber secrets

The demands are being made by Russia’s Federal Security Service (FSB), which the U.S. government says took part in the cyber attacks on Hillary Clinton’s 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts. The FSB, which has denied involvement in both the election and Yahoo hacks, doubles as a regulator charged with approving the sale of sophisticated technology products in Russia. The reviews are also conducted by the Federal Service for Technical and Export Control (FSTEC), a Russian defense agency tasked with countering cyber espionage and protecting state secrets. Records published by FSTEC and reviewed by Reuters show that from 1996 to 2013, it conducted source code reviews as part of approvals for 13 technology products from Western companies. In the past three years alone it carried out 28 reviews.


UX is Grounded in Rationale, not Design

Sketching out things is great as it allows you to visualize and conceptualize something, but don’t sketch solutions without understanding of problem. You will end up boxing in your thought process too early if you do that. Though some places may say that sketching in the beginning is good, you could be using your time to distill information and create a solid framework of the work you are trying to do. ... Without building a rationale behind the problem, my reasoning behind my design decisions would end up being part of a non-existing framework I didn’t have to support them. The things I built wouldn’t be as effective if I had just focused on making sense of my research in the beginning.


Building a Blockchain PoC in Ten Minutes Using Hyperledger Composer

Hyperledger Composer, one of the Hyperledger projects hosted by The Linux Foundation, aims to solve this problem by making it easy for blockchain developers to model business assets, participants and transactions and to turn these models into viable blockchain applications. Hyperledger was set up in December 2015 as a collaborative effort to advance cross-industry open-source blockchain technologies for business. It is the fastest growing project in Linux Foundation history and the Hyperledger umbrella currently includes several technologies, from blockchain frameworks such as Hyperledger Fabric and Hyperledger Sawtooth to tools that provide services such as monitoring, identity, development and deployment. Hyperledger Composer is one of these tools.


26 Tools and Frameworks for HTML-based Desktop and Web App Interfaces

If Angular 2 development is your thing, check out Kendo UI for Angular 2, and all-new version of Kendo UI built with TypeScript, JavaScript, and NativeScript -- no jQuery dependencies! Kendo UI for Angular 2 is in Beta as we go to press. Licensing details will be announced along with the V1 release in 2017. Kendo UI professional is available with a free trial version and per-developer, royalty-free licenses at several tiers providing access to additional Telerik developer resources. jQuery UI is another option for building HTML and JavaScript-based application interfaces. It's completely open source and has the advantage of being directly compatible with jQuery, jQuery Mobile, the QUnit JavaScript unit testing framework, and the Sizzle pure-JavaScript CSS selector engine, all directed and licensed by the jQuery foundation.


Windows Seerver Gets The Fast Train

Nano as a container image made for a good strategic fit, Gaynor opined, with the every-six-month upgrade pace justified by the tempo of containerization. "Just look at what's happened with containers in the last five years," he said. Meanwhile, making Server Core available as either always-changing or static also "made sense" to Gaynor because it had taken the place of Nano as the default smaller-footprint installation. The faster tempo lets aggressive customers "have their cake and eat it, too," said Gaynor. Cumulatively, those twice-annual upgrades will compose the feature set of the next Windows Server X. In two or three years, Microsoft will put a stake in the virtual ground by christening Windows Server 2018 or Windows Server 2019, built by the iterative process of shipping Server Core updates.



Quote for the day:


"A positive attitude will not solve all your problems. But it will annoy enough people to make it worth the effort " -- Herm Albright


Daily Tech Digest - June 26, 2017

12 'best practices' IT should avoid at all costs

Legitimizing the idea of internal customers puts IT in a subservient position, where everyone in IT has to make their colleagues happy, whether doing so makes sense for the business or not, let alone whether it encourages the company’s actual customers to buy more products and services. ... Want to do some damage? Establish formal service level agreements, insist your “internal customers” sign them, and treat these SLAs like contracts. And if you really want IT to fail, argue about whether you’ve satisfied your SLAs every time an “internal customer” (there’s that word again) suggests IT isn’t doing what they need it to do. It’s a great way to keep relationships at arm’s length.


Bill Gates and Digitization: Ahead of the Curve Yet Again

While we’ve had elements of a digital supply chain for quite some time, in this more holistic sense of a digital nervous system, we are only beginning to scratch the surface. A nervous system can take our sensory inputs – sight, sound, touch, taste, and smell – and a person can react either instantly or more thoughtfully to what is happening around them. While a WMS is a digital supply chain application, it has a limited scope in how it is using sensor data. It certainly does not react in the holistic way that a nervous system does. There has been an explosion of new sensor data available to be used to create digital supply chains. We are using, or learning to use, SNEW data – social media, news, event, and weather data 


Key Abstractions for IoT-Oriented Software Engineering

The term "IoT system" generally refers to a set of IoT devices and the middleware infrastructure that manages their networking and interaction. Specific software can be deployed logically above an IoT system to orchestrate system activities to provide both specific services and general-purpose applications (or suites of applications). Providing specific services means enabling stakeholders and users to access and exploit things and direct their sensing or actuating capabilities. This includes coordinated services that access groups of things and coordinate their capabilities. For instance, in a hotel conference room, besides providing access to and control of individual appliances, a coordinated service could, by accessing and directing the lighting system, the light sensors, and the curtains, change the room from a presentation configuration to a discussion configuration.


Cybersecurity: The New Normal

Today, cybersecurity is high on everyone’s radar, as a powerful new reality that is penetrating all facets of cyberspace. On a near-daily basis we read of damages to hardware, software, content, products, processes.. No one is immune. No one is safe. This new reality — with the variety of threats, exploits and damages that seemingly multiply day by day — creates new markets, new business opportunities, new strategic concerns and threats to our collective views of law and order. These elements are shaping a new normal which is not yet fully understood. But they are clearly anchored in the nature of the hardware, ever changing uses and functions enabled by evolving software and fueled by the power of human ingenuity. When the Internet was designed, threats to security were not central to the basic architecture nor to the core design principles.


Companies are wasting massive amounts of money on ineffective security solutions

The survey also found that massive amounts of time and money are wasted on ineffective endpoint security solutions and lack of endpoint visibility and control is a major issue. Ineffective overall endpoint security protection costs an average of $6 million in detection, response, and wasted time. Only 27% of survey respondents have confidence that their company can identify the endpoint devices which pose the greatest risk in a highly effective fashion. Worse, 20% reported having no endpoint security strategy at all. On average, according to the report, companies spend over 1150 hours on a weekly basis attempting to detect and contain insecure endpoints, which represents a cost of $6 million spent detecting and containing insecure endpoints or suffering unplanned downtime. Nearly half of those hours are spent chasing false positives, which equates to $1.37 million of annual wasted expenditures.


How to handle risks of hypervisor hacking

First, hold virtualization implementers to high standards. We have learned a lot in the last few decades about development methodologies that reduce defects and quickly detect and remediate defects that make it through development and into production. When consistently practiced, DevOps, the methodology that removes the traditional boundaries between development, deployment, and production, and embraces continual improvement, has greatly increased system reliability. Hypervisor implementations have fared well. Although potential exploits have been found, the hypervisor developers have also been diligent about fixing problems. This has kept the number of actual malicious exploits low. However, developers make mistakes and diligence is not absolute protection. Some flaws always creep in.


7 reasons to switch to microservices — and 5 reasons you might not succeed

With microservices, your code is broken into independent services that run as separate processes. Output from one service is used as an input to another in an orchestration of independent, communicating services. Microservices is especially useful for businesses that do not have a pre-set idea of the array of devices its applications will support. By being device- and platform-agnostic, microservices enables businesses to develop applications that provide consistent user experiences across a range of platforms, spanning the web, mobile, IoT, wearables and fitness tracker environments. Netflix, PayPal, Amazon, eBay, and Twitter are just a few enterprises currently using microservices.


MicroStrategy CEO Michael Saylor speaks about ‘expanding universe’ of BI

Every company has to decide where to make its investments. Some BI company might come along and say “we are the best for the Hortonworks distribution of Hadoop”, and that might fly for a while. But I have to say I have been in this business for 27 years and every three years there is a new data technology which is the rage. I remember one that was billed as the world’s fastest database, and I asked one of their sales people what was in the next release, and he said “joins”. That’s a colossal joke because there is no serious problem that you can solve without doing table joins. So, yes, as long as you don’t need to ask the next question or need mathematics or need more than two users to run a query, it’s super-fast and great.


Self Contained Systems (SCS): Microservices Done Right

Finding Bounded Context can be done by grouping user stories together. So for example searching for products by full-text search, by categories or by recommendations might be part of the same Bounded Context. Of course the split is not clear-cut - depending on the complexity the search might be split into multiple Bounded Contexts. Also a user journey might provide ideas about a split into SCSs. The customer journey describes the steps a customer takes while interacting with the system e.g. search for products, check-out or registration. Each of these steps could be a candidate for a SCS. Usually these steps have little dependencies. Oftentimes there is a hand-over between these steps: The shopping cart is handed over to the checkout where it becomes an order, and is then handed over to fulfillment.


Using supercomputing to attract research and investment

This enables the team, led by Dr. David Matthews, Senior Lecturer in Virology at the University, to examine how the virus had evolved over the previous year, informing public health policy in key areas such as diagnostic testing, vaccine deployment and experimental treatment options. This complex data analysis process took around 560 days of supercomputer processing time, generating nine thousand billion letters of genetic data before reaching the virus’ 18,000 letters long genetic sequence for all 179 blood samples. This is just one of many examples of how HPC at the University is contributing to significant research projects. Now in its 10th year of using HPC at Bristol, each phase from the first supercomputer through to BC4 has been bigger and better than the last and, in years to come this trend will definitely continue.



Quote for the day:


"Once you've accepted your flaws no one can use them against you." -- George R.R. Martin


Daily Tech Digest - June 25, 2017

7 Disruptive Technologies Destined To Change The World

Before 2020, fully autonomous vehicles will become a fixture on our highways and not long after, autonomous taxi networks will experience unprecedented growth that will radically transform the nature of travel and transportation, with a corresponding boost in productivity. Autonomous travel, costing only half as much as driving a personal car, will drive car sales down. The decline in battery costs will make electric vehicles (EVs) more preferable to gas-powered vehicles because it will be far less costly to own an EV. This will lead to widespread adoption of EVs and companies like Tesla will stand to gain the most ... Although it is the auto industry that might have driven the sale of industrial robots, it’s now far from being the only industry that employs the use of this technological innovation. Especially as capital and programming costs continue to decline, manufacturing companies will benefit more from employing robots and automating more of their processes.


Why blockchains fail and decentralization succeeds

With all of the excitement around blockchain technology, it’s easy to think what we have now is the foundation for the next wave. Yet, it’s worth remembering we are still in the early stages. The blockchains we have today probably won’t be the blockchains of tomorrow. ... It also has a lot of technical questions that surround it. As Muneeb Ali of Blockstack said, “At scale, Ethereum is designed to fail” — though he was quick to add that there’s always room to make changes in the future. He didn’t mean, “it will intentionally fail.” However, if you think about the nature of blockchains — everyone has a copy of the ledger, which these days is about a 100GB download. Furthermore, in the case of Ethereum, ever more third-party applications and sub-economies are being launched to run on top of it, and all of that code runs on the distributed network too. So it makes sense to start asking questions.


Microsoft: No, It's Not An Audit

Because Microsoft and its partners offer fee-based SAM services, concerns on the part of customers about their practices could easily dampen enterprise enthusiasm for the evaluations, and thus reduce revenue from SAM programs. And Microsoft clearly sees SAM as a money maker for its partners. "The SAM opportunity in enterprise has never been bigger. Learn about Microsoft's plan for enterprise and industry accounts, and how you can build new revenue streams with SAM," states a description of one of several SAM-related sessions listed on the schedule for the upcoming Inspire conference in Washington, D.C. July 9-13. Microsoft Inspire is the renamed Worldwide Partner Conference, long the yearly massive meet-up of the firm's global partner network, on which Microsoft relies for much of its software and services sales.


Finding data relationships with intelligent graph analytics

In an RDF data store, we can pre-define the schema models - called Ontologies - as well as load new dataset as they come in. So, instead of spending enormous amount of time in creating the data model, we started out with a standard – Financial Industry Business Ontology (FIBO) model and decided to extend it as we encounter a new set of data. The expense involved with mastering custom code was avoided through the use of RDF Graph DB features. We could load multiple datasets into RDF Graph DB, as they are maintained in the source system without creating special extract files. The connections happen at the database at the attribute level between multiple domains as well as with transaction data. The major mindset change required is to not process master and transaction data separately and then build dimensional model, but to build an integrated RDF Graph DB where they can co-exist and fully connected through a single set of processes.


Cybercrime industry growing rapidly, cybersecurity can't keep up

"It's a constant game of cat and mouse between the defenders and the attackers," Maor noted. With technology constantly changing, security has a tough time keeping up. Maor explained that the security industry moves significantly slower than the cybercrime industry because there are no regulations for cybercrime. Maor said it's imperative for people to change how they approach security. Companies are not doing basic things to protect themselves from cybercrime, they need to have backups in place and always be prepared, Maor furthered. The mindset around cybersecurity and cybercrime must shift. Businesses need to run under a "when will I get hacked" instead of an "if I get hacked" mentality, making security more of a priority than expediency to release a product.


The next industrial revolution is upon us … and many don’t even realize it.

As we enter the Fourth Industrial Revolution, rapid and unpredictable shifts in technology will present both challenges and opportunities. The sheer volume of available data in the new world could fundamentally change the way society operates by developing previously unthinkable solutions to problems we didn’t know existed. Digitization of everyday things, when coupled with the ability to self-enhance through artificial intelligence, will drive significant change in the global economy.  Failure to prepare for and respond to digitization in the Fourth Revolution will be costly, especially as new market entrants test and evolve. The dramatic rise and fall of video rental giant, Blockbuster, is a poignant illustration of how digital innovator, Netflix, overtook the $5 billion incumbent by gradually siphoning off its customer base.


The Revolution Will Begin Eventually (Maybe): AI and Recruiting

Evaluating motivation is about improving sourcing, which is typically a low-yield, labor-intensive business. Every recruiter knows that reaching out to candidates who have not applied often produces few results because of low response rates. However, a machine learning system can identify people who are more likely to to consider a solicitation for a job; in other words, those who are more motivated to change jobs or accept a new one. There’s an abundance of data on social networks and other places that can be tapped for this purpose. For example, Google’s Timeline tracks your every move (check it out) and can be used to accurately determine a person’s commute. A candidate with a long commute is more likely to respond to a solicitation than someone who has a short one, especially if the former travels through heavy traffic.


India Sees a Significant Rise in Data Breach Cost

The increased speed of these cyber incidents allows for more such attacks to occur, and Shahani suggests that has an had adverse impact on organizations' bottom line. "The penalty is huge as the cost of data breach incidents for companies in India and Asia [and] is significantly increasing this year from what was observed during the previous year," Shahani says. According to the study, the cost of a data breach in India this past year increased by 12.3 percent. The cost of lost or stolen records in the past year rose by 12.8 percent. The study cites malicious or criminal attacks, insider negligence and system glitches as the root causes of data breaches and that, Shahani says, makes a huge impact on the cost, besides the time to detect and contain the incident.


Multigenerational workforces: 6 ways to foster digital change

Digital transformation is not all about tools or technology—it’s about people too. Today's workplaces are becoming increasingly multigenerational. Older employees are staying in the workforce longer and mixing with younger colleagues who are just starting their careers. As such, the range of ages in the workplace is naturally expanding. A recent survey from executive development firm Future Workplace and Beyond, The Career Network, found that 83 percent of respondents have seen millennials managing Gen X and baby boomer workers in their office. However, 45 percent of baby boomers and Gen X respondents said millennials lack managerial experience, which could have a negative impact on a company's culture. More than a third of millennial respondents said managing older generations is challenging.


The inextricable link between IoT and machine learning

Optimizing computational cost of the machine learning model like all other use cases there is a trade-off between accuracy and image resolution.  Also the lower the resolution that optimizes accuracy, the shorter the flight time of a drone to criss-cross a field and the longer the battery life. In addition to saving the time and cost of deploying IoT devices and networks to interconnect them, machine learning could be a separate path to confirm an IoT system is working. A critical IoT device could fail and report a false condition. For instance, IoT sensors might fail to report critical conditions such as a fire, an unauthorized person entering or a door left open, but a machine learning model sampling a video feed could recognize the critical condition, all as adaptations of Resnet 50 or another convolution network.



Quote for the day:


"The obvious is that which is never seen until someone expresses it simply." -- Khalil Gibran


Daily Tech Digest - June 24, 2017

Compliance Does Not Always Cure Health Care Security Woes

According to a Level 3 report, “cyberthreats and the security landscape evolve rapidly, and industry standards cannot keep pace.” Compliance standards can only reflect best practices as of the time when the draft standards were approved. But because of the rapid evolution of the technology environment, best practices are a fast moving target. Today’s networks are liable to have far more endpoints than what was typical even a few years ago. Indeed, the contemporary focus of security thinking is shifting from primarily endpoint protection to an emphasis on trust of specific users and devices. The current compliance framework only imperfectly reflects this very recent development. In health care, we are now moving from mere mobile connectivity to the Internet of Things (IoT) and connected devices.


Will Technology Destroy Your Company or Make You a Fortune?

While corporate boards everywhere may be beginning to feel the cold wind blowing from the startup sector, it is possible for established companies to stay relevant—and even enjoy success—in the arenas of FinTech and the Internet of Things. It begins, of course, with the correct mindset: leadership must be willing to be bold and drive innovation with strategy. For example, Collins and Porras highlighted the importance of the Big Hairy Audacious Goal (BHAG), such as that determined by JFK in his desire to put a man on the moon in less than a decade. A BHAG is vital in the face of such disruptive technological change. The key to corporate survival in the FinTech and IoT arenas lies in the open-minded approach of embracing innovation and preparing for changing technologies. However, the fact remains that large, mature companies face unique challenges when it comes to innovation.


How HR can lead digital transformation

There is no denying that digitalisation means change. Many people fear change, an attitude which could halt, or even thwart, progress. The root of this fear is the perceived loss of control – by moving to something new, people will feel less in control. Processes which took no time at all, or they were comfortable with, will now take a bit longer, with new ways of working to be learnt. This can be disheartening, particularly during any transition period. The best advice is to take small steps. Take on one project (for instance, look at your own HR services – could you digitalise part of your HCM by moving it into the cloud, removing a legacy system and potentially reducing cost?). Identify your roadmap, what success looks like and then take the plunge from the low diving board. The high diving board will still be there when you, and your organisation, are confident enough to climb.


Microsoft says 'no known ransomware' runs on Windows 10 S -- so we tried to hack it

Although Hickey used publicly known techniques that are widely understood by security experts, we nevertheless privately informed Microsoft's security team of the attack process prior to publication. For its part, Microsoft rejected the claims. "In early June, we stated that Windows 10 S was not vulnerable to any known ransomware, and based on the information we received from ZDNet that statement holds true," said a spokesperson. "We recognize that new attacks and malware emerge continually, which is why [we] are committed to monitoring the threat landscape and working with responsible researchers to ensure that Windows 10 continues to provide the most secure experience possible for our customers." This hack may not have been the prettiest or easiest to launch. You could argue that the hack took too many steps that wouldn't be replicated in the real world,


How Artificial Intelligence will impact professional writing

Now, Artificial Intelligence is making inroads in the field by providing smart summaries of documents. An AI algorithm developed by researchers at Salesforcegenerates snippets of text that describe the essence of long text. Though tools for summarizing texts have existed for a while, Salesforce’s solution surpasses others by using machine learning. The system uses a combination of supervised and reinforced learning to get help from human trainers and learn to summarize on its own. Other algorithms such as Algorithmia’s Summarizer provide developers with libraries that easily integrate text summary capabilities into their software. These tools can help writers skim through a lot of articles and find relevant topics to write about. It can also help editors to read through tons of emails, pitches and press releases they receive every day.


Machine Learning Enhances Processes Greatly

Artificial intelligence (AI) has arrived in a big way, with corporations leveraging it to unleash new value-addition avenues for their businesses. This is seen in the statistics too—according to a PwC survey, 30% of the industry believes that AI will be a key disruptor to business within the next five years. Machine learning, or AI, is backed by hard-core logical data, enabling leaders to take better decisions. It finds numerous applications from process optimization to growing the top line, and is set to be the rage in the industry.  Companies today are still experimenting with machine learning technologies at various stages, with some of them driving pilot projects and others integrating it into their mainstream processes. At any stage, machine learning should be seen as translating into value-add to the customer.


Google’s New AI Is Better at Creating AI Than the Company’s Engineers

AutoML has the potential to impact many of the other AI and machine learning-driven softwares that were discussed at the conference. It could lead to improvements in the speech recognition tech required for a voice-controlled Google Home, the facial recognition software powering the Suggested Sharing feature in Google Photos, and the image recognition technology utilized by Google Lens, which allows the user to point their Google Phone at an object in order to identify it. Truly, AI has the potential to affect far more than just our homes and phones. It’s already leading to dramatic advancements in healthcare, finance, agriculture, and so many other fields. If we can use an already remarkable technology to actually improve that same kind of technology, every advancement made by humans can lead to machine-powered advancements, which lead to better tools for humans, and so on.


Know the Flow! Microservices and Event Choreographies

Central to the idea of event collaboration is that all microservices will publish events when something business relevant happens inside of them. Other services may subscribe to that event and do something with it, e.g. store the associated information in a form optimal for their own purposes. At some later point in time, a subscribing microservice can use that information to carry out its own service without being dependent on calling other services. Therefore, with event collaboration a high degree of temporal decoupling in between services becomes a default. Furthermore, it becomes easy and natural to achieve the kind of decentral data management we look for in a microservices architecture. The concept is well understood in Domain Driven Design, a discipline currently accelerating in the slipstream of microservices and the "new normal" of interacting, distributed systems in general.


The Future of Work: Death of the Single Skill Set In The Age Of Automation

This death of the single skill set has been documented by David Deming, associate professor of education and economics at Harvard University. Dr. Deming argues that many jobs requiring only mathematical skills have been automated, but roles which combine mathematical and interpersonal skills (such as economists, health technicians, and management analysts) will be in demand. These findings are reinforced by a study conducted by Business Higher Education Forum and Gallup that examined the percent of employers who say both data science and analytical skills will be required of all managers by 2020. As noted in the chart below, this is predicted to be true for managers who span the functions of finance, marketing, operations, supply chain and Human Resources.


Divvying up must-do secure application development list for dev and ops

It's a very different security situation with microservices for a couple of reasons. One reason is that microservices tend to be used because organizations want to iterate and deploy applications very, very quickly. And when they're doing very, very quick deployments, then that can compound the security challenge because you can't afford to run lengthy security procedures against every single deployment. So that's one challenge to consider. Another challenge to consider is that if an individual microservice were to be exploited in some way, then that could provide a gateway into the entire application. So it's very important to track and manage all of the traffic coming in, to control which microservices can be directly addressed by external parties and to focus on them with your security efforts to ensure that they are very, very difficult to compromise and they have limited privileges should they be compromised.



Quote for the day:


"It does not suffice to hone your own intellect (that will join you in your grave), you must teach others how to hone theirs." -- EW Dijkstra


Daily Tech Digest - June 23, 2017

Where to spend your next security dollar

You probably haven’t thought about NACD for cyber security training. But, the program is the best security management course I have seen, is online and will give your senior executives a great overview of what your organization needs to be doing about security and risk management. The course describes the security management function and is general in scope, not compliance focused. If your executives participate in this training, they (and you) will have an excellent idea of the essential practices your organization needs to follow. The program connects security practices with business issues and language. I don’t have anything against my ISC2 and ISACA training courses, but their roots are in technology and audit. This training’s roots are in business.


Lightworks 14 review: Free video editing software lacks proper Mac decorum

With version 14, developer EditShare has taken great strides to make the Lightworks more consumer-friendly, consolidating the previously modular user interface into a fixed, full-screen workspace. (The flexible “classic” mode is still available from the Project Layout settings.) With the organized, single-window UI comes an easier to use application, but Mac users won’t feel quite at home. For starters, there are no menu options at all, and Lightworks shuns Apple’s traditional contextual menu shortcuts in favor of the Windows right-click approach. Likewise, the file browser has a distinctly Unix look and feel that makes macOS seem like a second-class citizen. Coming from years of experience with native Mac editing software, the transition was a bit jarring to say the least.


Atomistic and Holistic View of an Enterprise

Enterprises are complex adaptive systems where a complex adaptive system is defined as systems that are characterized by complex behaviors that emerge as a result of non-linear interactions in space and time among a large number of component systems at different levels of organization. That is a view of the enterprise arrived at by breaking it down into smaller units of organization may be useful in comprehending each individual part and how they fit into the larger whole, but it will not lead to a holistic understanding of the enterprise itself. To use an analogy, for example, if you get two cars, one from UK and the one from US, and break it apart and understand it in terms of their components, that analysis might answer some questions about the functioning of these cars, but that analysis alone will not tell you why one has the steering wheel on the left side and the other has it on the right side.


Automation And Society: Will Democracy Survive The Internet Of Things?

When the internet first went live, many commentators assumed it would provide a pure form of democracy. Everyone was given the same platform; age, race and gender were no longer relevant and we were all anonymous. But the reality was more chaotic, as we struggled to comprehend the power of a new tool that would revolutionize human life. This strange world was somewhere we could get lost and detach ourselves from everyday existence, but often it was also a quasi-reality that proved overwhelming and dangerous. Yet slowly we have found structure. Society has become inherently more intelligent - we can find the answer to almost anything at the click of a button. Those at the cutting-edge can now gain previously unimaginable insight into human tendencies and interests.


Stay out of the hot seat with turnkey private cloud

When it comes to implementing a multi-cloud strategy, your approach to private cloud can have a dramatic effect on your organization’s results. When compared with a DIY private cloud approach, implementing a turnkey private cloud will dramatically reduce the friction you experience. Less static friction with a turnkey private cloud means that your strategy will be implemented faster, accelerating time-to-value. Less dynamic friction with a turnkey private cloud means that ongoing cost and risk will be reduced, resulting in improved service levels and a better bottom line. Less friction means less heat. Keep yourself out of the hot seat and adopt a turnkey private cloud.


A new release management strategy depends on speed and efficiency

Dark launching is a similar process. Software is gradually and stealthily released to users in order to get their feedback as well as to test performance. Code is wrapped in a feature toggle that controls who gets to see the new feature and when. Facebook and Google rely on dark launches to gradually release and test new features to a small set of users before fully releasing them. This approach lets operations staff determine if users like or dislike the new function. It also allows for an assessment of system performance before moving ahead with a full release. As these different delivery options emerge, companies are looking for ways to train and familiarize their staff as part of a new software deployment strategy.


What it takes to be a security incident responder

The skills needed for a quality incident responder can be categorized into two main groups: personal skills and technical skills. “The greater one’s technical skills, the better the incident responder,” Henley says. Among the desirable skills are a good grasp of basic security principles such as confidentiality, authentication, access control and privacy; security vulnerabilities; physical security issues; protocol design flaws; malicious code; implementation flaws; configuration weaknesses and user errors or indifference. Responders should also know about the Internet of Things (IoT), risk management, network protocols, network applications and services, malicious code, programming skills and intruder techniques. IT security professionals who become leaders or members of response teams sometimes take circuitous routes to these positions.


5 ways businesses can cultivate a data-driven culture

The pressure on organizations to make accurate and timely business decisions has turned data into an important strategic asset for businesses. In today’s dynamic marketplace, the ability for businesses to use data to identify challenges, spot opportunities, and adapt to change with agility is critical to its survival and long-term success. Therefore, it has become an absolute necessity for businesses to establish an objective, data-driven culture that empowers employees with the capabilities and skills they need to analyze data and use the insights extracted from it to facilitate a faster, more accurate decision-making process. Contrary to what many people think, cultivating a data-driven culture is not just a one-time transformation. Instead, it’s more like a journey that requires efforts from employees and direction from both managers and executives.


The fight to defend the Internet of Things

One job of the IoT ecosystem, including technology, products, and service providers, is to protect millions (or even billions) of other people by introducing robust security capabilities into the wide variety of connected devices shipped everyday. A robot or IP camera might require advanced computer vision and data processing power, while a connected light bulb may only need basic connectivity and a simple microcontroller. But they all need to be protected. Security needs to be considered in every aspect of the IoT, whether that’s the device itself, the network, the cloud, the software, or the consumer. Attacks are imminent. A study from AT&T, for instance, revealed a stunning 458 percent increase in vulnerability scans of IoT devices in the course of two years. Hackers usually exploit combinations of vulnerabilities to perform an attack.


It's Time To Upgrade To TLS 1.3 Already

The designers of TLS 1.3 chose to abandon the legacy encryption systems that were causing security problems, keeping only the most robust. That simplicity is perhaps one of the reasons it will be ready in half the time it took to design its predecessor. Connections will still fall back to TLS 1.2 if one end is not TLS 1.3-capable -- but if a MITM attacker attempts to force such a fallback, under TLS 1.3 it will be detected, Valsorda said. Almost 93 percent of the websites in Alexa's top one million supported TLS 1.2 as of January, up from 89 percent six months earlier, according to a survey by Hubert Kario's Security Pitfalls blog. But seven percent of one million means a lot of websites are still running earlier and even less secure protocols. Among the laggards are some sites you would hope to be on top of security: those taking online payments.



Quote for the day:


"A good programmer is someone who always looks both ways before crossing a one-way street." -- Doug Linder