Daily Tech Digest - June 12, 2017

CPaaS market evolves with new API suite from Twilio

The Programmable Communications Cloud is where most CPaaS vendors focus today, as they offer voice, SMS and similar capabilities. As a developer, you decide on the specific communications channel you want to use and ask for a specific action to take place -- for example, "Send an SMS to a phone number." The Engagement Cloud is more nuanced. It is a higher level of abstraction where Twilio decided to wrap certain best practices it has seen across its customers and their behaviors. In the Engagement Cloud, Twilio is delivering four separate products: Authy, which handles authentication; Notify, which sends application-to-person messages; TaskRouter, which handles queuing; and Proxy, which connects people across groups.


Mobile app developers: Make sure your back end is covered

Developers need to make sure they are baking security right into the application code and protecting how the app handles the data, but as Appthority’s research shows, they also need to know how the back-end servers and data stores are being configured. The security best practices for these systems are well-documented, but someone needs to be checking and verifying that these controls are implemented so that the data remains protected. “No amount of on-device application security can make up for relaxed security where the application stores user data,” said Hardy. Appthority dubbed the problem “HospitalGown”— because like hospital gowns, the front end is covered but since the issue lay in the application infrastructure, the back end is not. HospitalGown is not a specific vulnerability in the mobile operating system, a type of weaponized app that could lead to data compromise if installed on the mobile device, or a flaw in the app’s code.


Intel Core i9: Everything We Know So Far

Core i9 is Intel’s fifth PC processor family, starting with the Core m and moving up through the traditional Core i3, i5, and i7 chips to Core i9. As the numerical sequencing suggests, Core i9 represents Intel’s most prestigious chip family, offering the best performance at the highest price.  It’s important to know that Core i9 is an architecture as well as a brand. Intel has taken some of these new chips and named them Core i7 and even Core i5. Though they share some common features with the Core i9 (more on that later), two of the new chips, the Core i7-7740X and the Core i5-7640X, are based on Intel’s 7th-generation Kaby Lake architecture (rather than 6th-generation Skylake). These two chips, with only four cores apiece, are the most modestly priced members of the Core i9 family.


State pressures create gaps in cybersecurity training

Budgeting is only one reason why some states have a hard time with cybersecurity. An aide to U.S. Rep. Jim Langevin of Rhode Island, a Democrat and co-chair of the Congressional Cybersecurity Caucus, said state agencies often misunderstand cybersecurity risks. State officials sometimes treat hacking as an IT problem, not a security problem, he said. The aide added that poor leadership can create situations where it might be easier for cyber aggressors to access information, including residents’ tax and driver's license data. Eric Goldstein, branch chief of partnership and engagement at the Department of Homeland Security’s Office of Cybersecurity and Communications, said that while the DHS is making progress on alerting state officials to cybersecurity risks, the department still has “ways to go.”


Open source documentation is bad, but proprietary software is worse

While lack of documentation is bothersome, it's not fatal, as developer Ted Wise indicated to me: "Code is still usable without docs. Barrier to entry is higher and some capabilities may be obscured, but still usable." Or, as Google lead product manager Vanessa Harris stated: "Outcomes matter more than documentation." Those outcomes are more easily come by with open source, given the lowered barriers to using and writing software. Plus, it's not clear what "bad documentation" even means. As professor and former Joomla! developer Elin Waring said to me: "[Y]ou can read the code and automated docs. When people complain about docs it is not always clear what they mean".... She went on: "Different people need different docs, [which is] why 'everyone complains about docs' is so hard to respond to. It's a constantly moving target."


Windows 10: IT wants to manage PCs like phones

“Enterprises want to start piloting a new release as soon it comes out, starting with the IT organization, to see how productivity and line-of-business apps and devices work with it,” Niehaus notes. Typically, customers decide the new releases are ready for broad deployment after four months, he says. The support life cycle for Windows 10 pushes businesses in this direction. With Windows releases now coming in March and September every year, the rather complicated formula of servicing for the two most recent CBB releases plus a 60 days’ grace period becomes a much clearer 18 months of support. Kleynhans cautions against trying to use the Long Term Servicing Branch (LTSB, soon to be known as the Long Term Servicing Channel) as a way to avoid updating Windows 10.


How to work with RabbitMQ in C#

RabbitMQ is an increasingly popular open source, fast message broker written using Erlang and built on the Open Telecom Platform framework. It implements the Advanced Message Queuing Protocol (AMQP) for exchanging data between processes, applications, and servers. It’s particularly enticing because it is extensible via plug-in support, supports many protocols, and offers high performance, reliability, clustering, and highly available queues. You can create queues in RabbitMQ by writing code, via the administration user interface, or through PowerShell. ... Now that you have installed Erlang and RabbitMQ in your system, you need to install the RabbitMQ .Net client to connect to and work with the RabbitMQ service. You can install the RabbitMQ client via the NuGet Package Manager. Create a new console application in Visual Studio. Next, install the RabbitMQ.Client package via the NuGet Package Manager.


Inside the Motivations Behind Modern Cyberattackers

Knowing who is behind cyberattacks, in a way, "doesn't really help you much," he noted. Instead of trying to classify individual threat actors, he urged his audience to try and better understand how these adversaries work together and use this information to inform their security strategies. "Today, the most important information about cyberattacks is locked inside your company, which has been attacked," he noted. However, businesses aren't using this information to its full advantage and sharing it to protect against threats. In his session, "Collecting and Using Threat Intelligence Data", Polarity CEO Paul Battista emphasized the importance of leveraging intelligence for threat warnings, prevention, and informed decision-making.


The best identity management advice right now

So far two things have saved us from biometric identity theft being a widespread problem (beyond the fact that biometrics just aren’t accepted in many places beyond phones and laptops). First, most biometrics are stored and used locally. This means the hacker has to access and compromise your device to get access to your biometric identity, and even if he gets access, the biometrics would not work beyond that single compromised device. A second, and related issue, is that once you logon using your biometric identity, what happens authentication-wise from then on is that the authentication system uses one of the other previous discussed authentication methods. It is using some other authentication token besides your fingerprint. Your biometric identity (usually) doesn’t leave your local device. That would change if people started to overly rely on biometric authentication globally.


Why Citi puts a premium on mobile users' satisfaction

Point of view"For a while we looked at mobile as a companion to our website and we've completely flipped that," says Alice Milligan, chief customer and digital experience officer for Citigroup's global cards unit.Upon joining the $1.7 trillion-asset bank in 2014, Milligan faced an uphill battle convincing senior executives that customer satisfaction was worth spending money on. She focused initially on quick wins to persuade them. In one instance, by going through the analytics she discovered that some customers were experiencing login errors, which compelled them to call Citi's service center—an expense for the bank. By fixing that problem, she not only lifted customer satisfaction but was demonstrably able to save the bank money.



Quote for the day:


"To accomplish great things, we must not only act, but also dream; not only plan, but also believe." --
Anatole France