Daily Tech Digest - July 20, 2017

7 Hot IT Outsourcing Trends - 7 Going Cold

Enterprises are moving more workloads to the public cloud, but continuing to run certain applications in dedicated private cloud environments for security, regulatory or competitive reasons. So they’re looking for providers that can seamlessly manage and integrate their hybrid cloud environments, says Rahul Singh, managing director with business transformation and outsourcing consultancy Pace Harmon. ... Over the past decade, the offshore delivery of infrastructure management services from network services and help desk support to server maintenance and desktop management became mainstream. But remote infrastructure management is no longer a growth industry for IT services providers; it can’t compete on price with the public cloud, where adoption rates are growing at compound rates of 25 percent a year.

OCI container standards arrive at last

OCI's newly finalized standards cover two key components of the container ecosystem -- the image format for containers, and the runtime specification. The OCI Image Format, as the first is formally called, is easy enough to grasp. It describes the way a container image is laid out internally and what its various components are. OCI likens the Image Format to Linux package manager formats like .deb and .rpm, "a dependable open specification that can be shared between different tools and be evolved for years or decades of compatibility." The other standard, the OCI Runtime Specification, describes how a container is configured, executed, and disposed of on all the major platforms where OCI containers run -- Linux, Windows, and Solaris. All three platforms now support Docker-style containers, but each platform has its own implementation quirks, and the spec is intended to encompass those.

Top cloud security controls you should be using

All cloud services are not the same, and the level of responsibility varies. Software-as-a-service (SaaS) providers will make sure their applications are protected and that the data is being transmitted and stored securely, but that is typically not the case with cloud infrastructure. For example, the organization has complete responsibility over its AWS Elastic Compute Cloud (EC2), Amazon EBS and Amazon Virtual Private Cloud (VPC) instances, including configuring the operating system, managing applications, and protecting data. In contrast, Amazon maintains the operating system and applications for Simple Storage Service (S3), and the organization is responsible for managing the data, access control and identity policies. Amazon provides the tools for encrypting the data for S3, but it is up to the organization to enable the protection as it enters and leaves the server.

This scary Android malware can record audio, video and steal your data

In total, there are three versions of GhostCtrl -- one which steals information and controls some of the device's functions, a second which adds more features to hijack, and now the malware is on its third version which combines the most advanced capabilities of previous incarnations while adding further malicious capabilities. Those include monitoring the phone's data in real time, and the ability to steal the device's data, including call logs, text message records, contacts, phone numbers, location, and browser history. GhostlCtrl can also gather information about the victim's Android version, wi-fi, battery level, and almost any other activity. The most worrying aspect of the malware isn't just its ability to intercept messages from contacts specfied by the attacker, as GhostCtrl can also stealthily record audio and video, enabling the attackers to conduct full-on espionage on victims.

Instead of hacking self-driving cars, researchers are trying to hack the world they see

Researchers from Google, Pennsylvania State University, OpenAI, and elsewhere have been studying the theoretic application of these attacks, called “adversarial examples,” for years, and declared that they would be possible in the real world. By altering just 4% of an image, a Google paper showed that AI could be fooled into perceiving a different object 97% of the time. Now, an independently-published paper from the University of Illinois at Urbana Champaign has brought the discussion specifically to self-driving cars, but the conclusions of the paper are much less clear-cut. Over a number of tests, the Illinois team printed fake stop signs with and without altered pixels and recorded videos approaching the signs as a self-driving car would. The resulting paper’s conclusion was that due to the different angles and sizes that the car would see the sign, a single pattern applied to a sign could not reliably fool a car.

Massive Amazon S3 breaches highlight blind spots in enterprise race to the cloud

According to Rob Enns, vice president of engineering for Bracket Computing, the prevalence of the S3 breaches highlights the fact that organizations must own their cloud security—they cannot outsource it. ... "To manage complexity in these new environments, consistency from on-premise to cloud and enabling IT to retain control of information security gives application architects and developers a base on which they can move fast while remaining compliant with the enterprise's security requirements." When considering a public cloud storage provider, Tran said, businesses should look at both the Service Letter Objective (SLO) and Service Letter Agreement (SLA) to determine what level of risk they're willing to take on, as they address different issues. Sometimes, the risk is too much and it needs to be left on the table.

The Dark Web Goes Corporate

Just as many enterprises no longer build or even deploy their own in-house tools, so too do many criminals outsource the deployment of their misdeeds. Even if you're sick of the endless "-as-a-service" acronyms in IT, you'll need add another one: RaaS, or ransomware-as-a-service. "RaaS providers give their customers fully functional ransomware with a dashboard to track victims and support services should they need it," says Shier. "In exchange, the authors of the RaaS portal ask for either a percentage of the ransom or a flat fee. The only thing left is for the customer to distribute the ransomware, possibly using the services of a spammer purchased separately or by doing it themselves using the knowledge they gained from the tutorials." And if you need more evidence of this in the real world, experts are now beginning to see the Petya ransomware as a RaaS attack.

Why you should use Apache Solr

Apache Solr is a subproject of Apache Lucene, which is the indexing technology behind most recently created search and index technology. Solr is a search engine at heart, but it is much more than that. It is a NoSQL database with transactional support. It is a document database that offers SQL support and executes it in a distributed manner. ... Solr is a document structured database. Entities like “Person” are composed of fields like name, address, and email. Those documents are stored in collections. Collections are the closest analog to tables in a relational database. However, unlike in a relational database, “Person” can completely contain the entity, meaning if a person has multiple addresses those addresses can be stored in one “Person” document.

Elon Musk’s top cybersecurity concern: Preventing a fleet-wide hack of Teslas

“I think one of the biggest risks for autonomous vehicles is somebody achieving a fleet-wide hack,” Musk said in response to a question from North Dakota Governor Doug Burgum. “In principle, if somebody was able to hack, say, all of the autonomous Teslas, they could, say—I mean just as a prank—they could say like ‘send them all to Rhode Island’ from across the United States. And that would be like, well OK, that would be the end of Tesla. And there would be a lot of angry people in Rhode Island, that’s for sure.” Preventing a fleet-wide hack is “pretty fundamental.” In fact, he said, “It is my top concern from a security standpoint—that Tesla is making sure that a fleet-wide hack or any vehicle-specific hack can't occur.” Musk added

Affordable React Native Mobile App Development

Although a write once, run anywhere approach may seem attractive as it minimizes development efforts and corresponding costs, it is deemed impractical in today’s technological landscape. Different devices and operating systems offer unique features and design languages to mark their brand and differentiate themselves from the competition, so applications must adapt to those differences and use those unique features to maximize user experience. In such environments, a learn once, write anywhere approach, which is best exemplified by React Native, would be most suitable. Developers skilled in React Native can develop applications for different platforms, thereby eliminating the need for additional developers for different operating systems. React Native can, therefore, result in huge savings in development costs.

Quote for the day:

"Too often we enjoy the comfort of opinion without the discomfort of thought." -- John F. Kennedy

Daily Tech Digest - July 19, 2017

UN survey ranks nations by cyber security gaps

“There is still an evident gap between countries in terms of awareness, understanding, knowledge and finally capacity to deploy the proper strategies, capabilities and programmes,” the survey said. 50% of countries don’t have a national security strategy, which is said to be the first step towards closing cyber security gaps. “Cybersecurity is an ecosystem where laws, organisations, skills, cooperation and technical implementation need to be in harmony to be most effective,” the survey said. “The degree of interconnectivity of networks implies that anything and everything can be exposed, and everything from national critical infrastructure to our basic human rights can be compromised.” North Korea, in 57th place, was among countries that ranked higher than their economic development but were let down by their “cooperation” score

AI Will Be In Almost Every New Software Product By 2020, Says Gartner

The growing interest in AI for enterprise software is evident in Gartner’s search data; in January 2016, the term “artificial intelligence” was not in the top 100 search terms on gartner.com. By May 2017, the term ranked at number seven. “As AI accelerates up the Hype Cycle, many software providers are looking to stake their claim in the biggest gold rush in recent years,” said Hare. “AI offers exciting possibilities, but unfortunately, most vendors are focused on the goal of simply building and marketing an AI-based product rather than first identifying needs, potential uses and the business value to customers.” Hype and “AI washing” is obscuring the real benefits to be gained by the technology. To successfully exploit the AI opportunity, technology providers need to understand how to respond to three key issues

Financial Services and Neo4j: data lineage and metadata management

Specifically, data lineage compliance can be a challenge because the same data can be replicated across many different systems. ... Neo4j’s flexible schema enabled the global firm to model all its data flows and rapidly answer questions about how and where its data is used. Given the success realised with Neo4j, the firm plans on widening its coverage of datasets and offering the solution to other parts of the bank. ... An enterprise whose data management process is both flexible and responsive in real time can better respond to the evolving compliance landscape while offering more competitive products and services to customers. In terms of both flexibility and performance, Neo4j is far and away the best database to manage these growing and interconnected datasets.

Where Do Businesses Fall Short With Digital Transformation?

“The number one challenge is finding the right talent to execute on it. Gartner has done research with CIOs asking them about what they see as their top challenges. Number one was lack of talent and resources. ... Where the demand for talent is already about five times bigger and supply and demand is growing faster and faster, attracting this talent is a major challenge.” – Roald Kruit, Co-Founder, Mendix.  “Probably the biggest challenge is having a real understanding of what it means to dangerously transform the business. Many people believe that digital transformation means making the forms that round the business available online, or making some transactions available on a website or on an iPhone. However, true digital transformation means rethinking the way you run your business from top to bottom. ...” – Rod Willmott, Chief Wzard, Wzard Innovation

The hidden horse power driving Machine Learning models

Something needs to be done. Maybe we could move this problem into the cloud and let the big boys with their big machines take over. The problem is moving your data into the cloud. For universities and the likes of Google, this isn’t really a problem, providing you’ve got access to end-to-end fast networks. Universities in Britain are all connected over the Janet network, whose backbone runs at 100Gbps, more than enough to shift large datasets around. Google, of course, has its own dark net, but what if we want to move data out of our walled garden and onto a public cloud ML system? This was just the problem we faced a few years back at Dundee University when trying to use Microsoft’s Azure to process Mass Spectrometer data. These files were fairly big - a few gigabytes in size - but we were hoping to process lots of them in near real time.

What is gamification? Lessons for awareness programs from Pokemon Go

While many vendors, as well as security practitioners, want to describe their gamification products/programs as a fun way to learn, the effort to provide information is not gamification. Again, gamification is about rewarding actual behaviors, not achieving a specified learning objective. All security practitioners should be aware that just because a user knows what is proper behavior, it doesn’t mean that they actually practice that behavior. For example, some vendors created games about how to tell if a password is strong. They then have in-game contests to tell if a student can tell which passwords are strong and which are weak. If a student knows that a good password has eight or more characters, the “game” issues them a certificate deeming them security aware.

Goodbye Age of Hadoop – Hello Cambrian Explosion of Deep Learning

While data scientists are a little cautious to talk about the wonders of artificial intelligence, they are very enthusiastic in talking about the new capabilities presented by Deep Learning. This may seem a little paradoxical but I invite you to think about it this way.  Robust AI is the accumulated capabilities of speech, text, NLP, image processing, robotics, knowledge recovery, and several other human-like capabilities that at this point are very early in development and not at all well or easily integrated. Deep Learning however is a group of tools that we are applying to develop these capabilities, including Convolutional Neural Nets, Recurrent Neural Nets, Generative Adversarial Neural Nets, and Reinforcement Learning to name the most popular.

Advanced social technologies and the future of collaboration

Most companies have begun adopting digital tools, including social technologies, or even transforming their businesses with digitization in mind. But a mistake that many make is choosing the tool first and then expecting change will follow. Any improvement via social tools must begin with people changing the way they work first, then using the tool that fits best. Agile ways of working (such as cross-functional teams, scrums, or innovation hubs that are apart from company hierarchy), as well as user-centric approaches to product development, require the greater collaboration provided by the message-based platforms. And the more that message-based platforms are integrated into business processes and systems, the more critical they will be.

Why cyberattacks should keep CFOs up at night

"Bringing cybersecurity up a level to the C-suite and providing it to them in a framework of risk helps them to really put the investments we want to make in the right framework, so they can understand those investments versus the overall compensation structure or the R&D pipeline," Driggs said. In this way, the CFO can act as a cybersecurity advocate to the board. "If we are hit with a cyber attack or subject to ransomware or fraud, there is certainly a financial impact and a reputation impact and a business continuity impact," Driggs said. "The CIO should view a relationship with the CFO as beneficial to them—they will get an advocate to represent their issues to the board and the C-suite for investments and awareness around the risks they are trying to mitigate for the company."

The simple way to scan documents with your Android phone

It's kind of astonishing when you stop and think about all the once-cumbersome tasks our smartphones have simplified. From check depositing to audio recording and even airplane boarding, our tiny pocket computers have truly become all-in-one life organizers and productivity machines. Our phones can do so much, in fact, that I'd wager hardly anyone actually takes advantage of all their mobile-productivity powers. Case in point: One easily overlooked way your phone can save you time and frustration is by serving as a quick 'n' simple on-the-go document scanner. Google actually offers two useful tools for scanning and managing physical papers -- and both can come in quite handy when you find yourself needing to save or share any sort of document, card, or receipt.

Quote for the day:

"If it's a good idea, go ahead and do it. It is much easier to apologize than it is to get permission." -- Admiral Grace Hopper

Daily Tech Digest - July 18, 2017

Why automation isn’t everything in cybersecurity

Some new generation solutions are purely focused on AI and machine learning. The promise is you turn it on in your environment and after a few days of the system learning on its own, it will be able to detect all the bad stuff. However, these systems suffer from a fatal flaw: missing the business context, adaptability and explainability needed to be truly effective. What do human analysts know better than any system or, more importantly, any intruder? They know their own environment and the enterprise context, as well as having an intuition about how their system operates and what is normal versus what is questionable. Humans also adapt quickly to fast changing conditions and can always explain why they did something. On the other hand, humans cannot scale and could struggle with mistakes and inconsistencies. Machines, as we know, are exponentially faster and consistent.

NEC claims new vector processor speeds data processing 50-fold

The company said its vector processor, called the Aurora Vector Engine, leverages “sparse matrix” data structures to accelerate processor performance in executing machine learning tasks. Vector-based computers are basically supercomputers built specifically to handle large scientific and engineering calculations. Cray used to build them in previous decades before shifting to x86 processors.  It fell out of favor as x86 closed the performance gap, but NEC has a series of supercomputers called SX that really up the ante. Each CPU in the new generation, SX-ACE, can crank out 256 gigaFLOPs of performance and address 1TB of memory, which is pretty powerful.  NEC said it also developed middleware incorporating sparse matrix structures to simplify machine-learning tasks.

How To Create An Effective Business Continuity Plan

Because restoring IT is critical for most companies, numerous disaster recovery solutions are available. You can rely on IT to implement those solutions. But what about the rest of your business functions? Your company's future depends on your people and processes. ... "There's an increase in consumer and regulatory expectations for security today," says Lorraine O'Donnell, global head of business continuity at Experian. "Organizations must understand the processes within the business and the impact of the loss of these processes over time. These losses can be financial, legal, reputational and regulatory. The risk of having an organization's "license to operate" withdrawn by a regulator or having conditions applied (retrospectively or prospectively) can adversely affect market value and consumer confidence. Build your recovery strategy around the allowable downtime for these processes."

Amazon Alexa is so smart it's stupid

Today, Alexa skills are somewhat like obscure command line directives: “Alexa, ask the Magic 8-Ball if I’ll ever remember any of these skills.” Amazon has built intelligence into Alexa that makes it easy for me to use Amazon services (e.g., buy replacement air filters, play Audible books, etc.) but has left much of the skills territory to third-party developers. This would be awesome if, as mentioned, it were easier to uncover these skills. But wait, you say, there’s a website devoted to helping you find new and exciting Alexa skills. That’s correct. Not only to discover but then enable a new skill—Alexa skills nearly always require enablement and then a special set of voice commands to trigger them—you have to visit a website. It’s a voice interface that requires you to type into a desktop web interface. Kinda silly, don’t you think?

Who controls the marketing tech stack in 2017: The CIO or CMO?

In an earlier era, one simply had to go through the IT department to get the technology one needed that would actually work with the existing infrastructure, technology standards, and enterprise architecture. No longer. The cloud and especially software-as-a-service (SaaS), has changed this equation forever. Every IT department is now faced with the most formidable possible day-to-day competitor: The combined services inventory of the entire SaaS industry, along with all the available mobile and enterprise app stores. These new sources of marketing IT collectively represent to the CMO -- as marketing technology tracker Scott Brinker has noted in his terrific industry analysis -- a genuine explosion of new options, going from a mere 150 business-ready marketing apps in 2011 to over an astonishing 3,500 in 2016.

'Absolutely Necessary': How Blockchain Could Help Tech Giant Cisco Reboot

It turns out, not only is Cisco exploring how to distribute identity to simplify employee logins across more than 20 of the company's subsidiaries, but that Cisco's customers themselves may someday use the service to better audit the transactions of suppliers. According to Greenfield, many database standards still have difficulty recognizing that a subsidiary is actually part of a parent company, making it hard to track who conducted which transactions and under whose authority. "We wanted to create a blockchain ID use case that uses the different APIs across these different organizations, and internal applications to establish one identity for internal users," he said. "But also customers as well, where it’s going to be easier to perform analysis."

3 compliance considerations for containerized environments

Instead of going to an operations team to get an app up and running, developers often build and deploy it themselves This means that many of the traditional workflows that organizations used to check for compliance before deploying new systems may no longer be in the loop. For example, in the past your operations team may have been responsible for ensuring PCI compliance before your retail app was updated. In a model in which the dev team can push that upgrade directly to production themselves, that manual check adds friction and delays to the process, if it happens at all.  Rather than relying on manual interaction, organizations can benefit from tools that integrate directly with the workflow and stress efficiency and prevention, rather than manual tasks and reaction.

Painlessly Migrating to Java Jigsaw Modules - a Case Study

The feature you’ll hear most about in the context of Java 9 is Project Jigsaw, the introduction of modules to Java. There are lots of tutorials and articles on exactly what this is or how it works, this article will cover how you can migrate your existing code to use the new Java Platform Module System. Many developers are surprised to learn that they don’t have to add modularity to their own code in order to use Java 9. The encapsulation of internal APIs is probably one of the features that concerns developers when considering Java 9, but just because that part of Jigsaw may impact developers does not mean that developers need to fully embrace modularity in order to make use of Java 9. If you do wish to take advantage of the Java Platform Module System (JPMS), there are tools to help you, for example the jdeps dependency analyzer, the Java compiler and your own IDE.

The 5 Fundamentals Of Effective Cloud Management

“A big mistake that many companies make is that they treat, particularly public cloud service, as though it is cable service, where you use it every month and pay a bill at the end of the month,” says Dennis Smith, a Gartner analyst who tracks the cloud management space. “Many find they’re spending more money than they did before [using their on-premises service]. Public cloud providers aren’t going to tell you there are more efficient ways of using their services. You need to manage it similar to the way you’d manage on-premises infrastructure." CIOs need to learn to manage those cloud systems with regard to cost, capacity planning, security and other conditions. That need has spawned a modest but growing market for cloud management tools, which companies use to apply policy to as well as automate and orchestrate across public and private cloud services in a uniform way, according to Smith.

How to sell to the CIO

There is good news: IT sales teams who develop a proactive, personal approach to CIOs can get a permanent foot in the door. Yet there's no room for complacency once a contract is signed. Proactivity must also extend to ongoing account management, which can be a merry-go-round. CIOs suggest salespeople tend to move accounts regularly, often as an IT leader has got used to a manager and the individual in question has begun to understand the demands of the CIO and his or her business. "The churn risk is huge," says interim CIO and consultant Toby Clarke, who adds that consistency will be rewarded. "The companies I've brought products from tend to have longevity in their account management team. It shows me that they have faith in the stuff they're selling because they're still working for the company."

Quote for the day:

"The greatest danger in times of turbulence is not the turbulence; it is to act with yesterday's logic." -- Peter Drucker

Daily Tech Digest - July 17, 2017

Look beyond job boards to fill cybersecurity jobs

Companies have to step up both their offensive and defensive capabilities in order to find and retain the talent they need. "The people you want already have jobs," says Bob Heckman, VP and CISO at Vienna, Virginia-based Criterion Systems, Inc. To get to the best people, to those who are successful and happy in their jobs, and aren't actively job hunting, takes work. One successful strategy is to draw on the personal connections of your own employees, Heckman says. "We have a cybersecurity architect who is brilliant, and his personal reputation draws other people like him," he says. That means that the current employees have to be able to make friends, build reputations and personal networks. "Not only do we encourage it, we make them do it," says Heckman. "We make them attend cyber functions that aren't sales."

CFOs Can Expect Pain When Hit With a Security Breach

While cybersecurity is often seen as an IT concern, the impact that a data breach has on an organization’s financial standing makes it a serious issue for financial executives. The real cost of a data breach to a company’s bottom line based on recent research is shocking. While data breaches are an inevitable part of doing business today, there are steps you can take to lessen their damage to your company’s finances over the long term. Centrify teamed up with security researcher Ponemon Institute to survey a large group of IT, information security, senior marketing and communication professionals as well as a healthy number of consumers. A key objective of the study was to get a handle on the financial impact of a cybersecurity breach on a typical organization.

9 Developer Secrets That Could Sink Your Business

When it comes to working on an existing application, management has a choice: Push the development team to make quick fixes or ask them to re-engineer the whole stack. Quick fixes often feel good — and appear to cost less. With a quick fix, you get to solve your problems immediately and we get to please you, which for the most part we like to do. But over time the bandages and duct tape build up. Some smart developer coined the term "technical debt" to capture all the real work that should have been done but was delayed by a decision to use bailing wire and chewing gum. Of course, it's not an accurate term. You don't need to pay the debt. If you're lucky, you can keep the software running without reworking everything. But eventually some major event is going to break everything in a way that can't be fixed easily.

Every generation brings different cybersecurity risks to work

According to Les Willliamson, Citrix’s APAC vice president, high-profile attacks on organisations such as the one on the Bureau of Meterology, show Australia is on the receiving end. “Cyber-crime alone poses a real threat in Australia, with the Australian Crime Commission estimating the annual cost of cyber-crime to Australia is over AUD$1 billion in direct costs. With that in mind, it’s particularly concerning to see that ANZ security professionals don’t feel confident they can protect their organisations’ security, especially with the new working behaviours we’re seeing from millennial employees,” Williamson says. However, recognising security issues and putting protective frameworks still face conflict between confidence and executive leadership, despite 88% investing more than $1 million in their information security budget.

Why serverless? Meet AWS Lambda

Why would a developer use AWS Lambda? In a word, simplicity. AWS Lambda—and other event-driven, “function-as-a-service” platforms such as Microsoft Azure Functions, Google Cloud Functions, and IBM OpenWhisk—simplify development by abstracting away everything in the stack below the code. Developers write functions that respond to certain events (a form submission, a webhook, a row added to a database, etc.), upload their code, and pay only when that code executes. In “How serverless changes application development” I covered the nuts and bolts of how a function-as-a-service (FaaS) runtime works and how that enables a serverless software architecture. Here we’ll take a more hands-on approach by walking through the creation of a simple function in AWS Lambda and then discuss some common design patterns that make this technology so powerful.

Verizon leak a reminder to businesses: safeguard your cloud data

More such exposures are likely until businesses, which are increasingly using the cloud to store and analyze customer data and their own content  ...  “When you have these complex systems and you force humans to solve the problem manually, we make mistakes,” Nathaniel Gleicher, head of cybersecurity strategy at Illumio and former director of cybersecurity policy in the Obama administration. “Complexity is the enemy of security.” His take: data leaks are going to keep happening until cloud storage systems become more automated and enterprises have more help dealing with systems. Amazon Web Services, where the Verizon data was stored, operates under a "shared responsibility" model with the customer — the Amazon cloud unit controls the physical security and operating system, and gives customers encryption tools, best practices, and other advice to help them maintain security of their data.

How cognitive and robotic automation play in SecOps

The prevalence of automation is everywhere in our modern, tech-first culture and continuously on the rise — with good reason. Cybersecurity experts see vast amounts of data and countless attempted breaches, becoming literally overwhelmed and specifically because of two challenges: (1) effectively finding attacks hidden among billions of daily security events, (2) efficiently responding to those attacks in a timely manner. These challenges are not being addressed and, in most SOCs, decades-old tools are used to do only a partial job. These tools are simple, rules-based systems and fundamentally limited in capabilities. For those testing new techniques, automation is consistently used at the wrong times and in the wrong ways. This leads to a rise in breaches and millions of unfilled security analyst positions.

Winning the Digital Race

The Millennial generation was born with an extended brain called the Internet. As a result, the education system has become outdated. Many parents of these digital pioneers report that their kids can’t remember as well as mom and dad. Those observations are supported by research in California, where CAT scans of digital natives have found areas of the brain associated with memory function greatly diminished while the area that networks right and left spheres of the brain has enlarged. What is behind this? Smartphones. The Millennial brain is just efficiently handing over memory function to a machine in order to concentrate on the integration of information rather than data storage. But these physiological changes have substantial implications. In fact, as the first generation of digital natives, Millennials are one of the most important generations in the history of human evolution.

The augmented reality boom will transform phones (and business)

The ultimate and eventual hardware platform for augmented reality will be glasses and goggles. But until technology advances enough to enable that broadly, AR will live on smartphones and tablets. The industry is focusing on mobile devices because they're ubiquitous and have the basic necessary hardware ingredients for AR - connectivity, screens, cameras, processors, motion sensors and the ability to run apps. Everybody will be surprised when the obvious and inevitable happens -- when the capabilities and performance of AR on phones and tablets becomes the reason to buy one brand of phone over another. You can bet that smartphone makers will then innovate with new hardware features to boost AR. It's actually already happening. Silicon Valley is suddenly exploding with chatter about an industry-wide race to optimize smartphones for AR.

Why AI still has a ways to go in wealth management

Drew Sievers, CEO of Trizic, a company that provides wealth management software for large firms, also sees limitations to AI in this field. “AI is emerging technology,” he said. “It’s not as sophisticated as everybody thinks. In this wealth space as we talk about new fintech, there's a lot of emerging technology that's being deployed; in some cases either the technology is not quite there yet, or the technology is there but the implementation of that technology isn't quite yet. In the area of AI, it's the former.” Sievers agrees with McMillan that natural language processing has gotten better. But he also agreed that content needs to be structured in a way that the processing can read and retrieve the right information. “You're effectively tagging content, because people don’t write in the way that NLP is coded,” Sievers said. 

Quote for the day:

"Assumptions are the termites of relationships." -- Henry Winkler

Daily Tech Digest - July 16, 2017

Getting Started With Apache Ignite

Although often associated with relational database systems, it is now used far more widely with many non-relational database systems also supports SQL to varying degrees. Furthermore, there is a huge market for a wide range of SQL-based tools that can provide visualization, reports, and business intelligence. These use standards such as ODBC and JDBC to connect to data sources. ... The latest releases of the Apache Ignite project provide support for Data Manipulation Language (DML) commands, such as INSERT, UPDATE, and DELETE. Additionally, some Data Definition Language (DDL) support has also been added. Furthermore, index support is also available and data can be queried both in RAM and on disk. A database in Apache Ignite is horizontally scalable and fault-tolerant, and the SQL is ANSI-99 compliant. Figure 1 shows the high-level architecture and vision.

How a new wave of machine learning will impact today’s enterprise

Advances in deep learning and other machine learning algorithms are currently causing a tectonic shift in the technology landscape. Technology behemoths like Google, Microsoft, Amazon, Facebook and Salesforce are engaged in an artificial intelligence (AI) arms race, gobbling up machine learning talent and startups at an alarming pace. They are building AI technology war chests in an effort to develop an insurmountable competitive advantage. Today, you can watch a 30-minute deep learning tutorial online, spin up a 10-node cluster over the weekend to experiment, and shut it down on Monday when you’re done – all for the cost of a few hundred bucks. Betting big on an AI future, cloud providers are investing resources to simplify and promote machine learning to win new cloud customers. This has led to an unprecedented level of accessibility that is breeding grassroots innovation in AI.

Under the hood of machine learning

The key design point that allows Apache Mesos to scale is its two-level scheduler architecture. Unlike a monolithic scheduler that schedules every task or virtual machine, the two-level scheduler delegates actual tasks to the frameworks. The first-level scheduling allows Mesos Master to decide which framework gets the resources based on allocation policy. The second-level scheduling happens at the framework level, which decides which tasks to execute. This enables data services to run without resource contention with the other data services in the cluster, improving framework scheduling regardless of scale. It also allows the Mesos Master to be a lightweight piece of code that is easy to scale as the size of the cluster grows. Working with Apache Mesos, though, can be challenging in terms of building the framework and components.

5 Common Challenges to Building BI in the Cloud

Building successful Business Intelligence solutions is a well-documented process with many successful, and unsuccessful projects to learn from. The traditional BI/DW model has always been challenging, but a lot of good practices and patterns have emerged over the years that BI professionals can leverage. A net-new BI solution or migration of an existing on-prem BI solution into the cloud creates a different set of challenges to be addressed. What I wanted to do was to try to come up with a top 5 list that may help you in considerations for your cloud BI project planning. I've been focused on building analytics, BI and Big Data solutions in the cloud in Azure for the past 2 years, so I'm going to share a few of my findings for you here.

Blockchain The Chain of Trust and its Potential to Transform Insurance Industry

In the longer term, the potential disruption to the insurance industry from blockchain technology is staggering. Blockchain technologies will enable the creation of assets in a new, distributed form — such as documents, credentials, assessments and transactions— that span the entire insurance value chain. These distributed assets will challenge the traditional insurance business model. IBM is helping Insurers across the globe to determine what use cases are best suited for blockchain, and how to make it easier to innovate on top this middleware fabric. During our discussions, it has come out clearly that a majority of the Insurance CIO’s are keen to understand how they can potentially leverage Blockchain to overcome the challenges they are facing today in the Insurance Industry.

What’s your risk appetite? Your robo-adviser has the answer

The wealth management industry has been transitioning its focus on mere product sales to higher value-added service-based offerings over the past few years, a result of the segmentation of different products and their underlying volatility based on financial advisers’ feedback of what investors want, according to Barry Freeman. He said Xuanji, a robo-adviser platform launched by Pintec last year, was able to make suggestions on asset allocation in a full portfolio of mutual funds based on investment target and risk tolerance levels derived from a set of questions answered by the investors, powered by big data, quantitative modelling and machine learning. As the robo-advisory platform owns data of 80 per cent of mutual funds in China through partnership with all the fund houses, algorithms based on the data and performances of different funds will be able to segment different opportunities, making it a better performer compared with a human stock broker, Freeman said.

Bitcoin Crashes as Chain-Split Risks Increase

We tried to speak to Jeff Garzik, the lead maintainer of the new segwit2x client, to gain some clarity on the relationship between segwit2x and Bitcoin Core, but have received no response at the time of writing. Segwit2x implements segwit largely unchanged, but there are suggestions after the activation the client may only accept segwit blocks, while Bitcoin Core would accept both segwit and non-segwit blocks, which may lead to a split. However, as some 90% of miners seem to be supporting segwit2x, it appears unlikely any miner would produce non-segwit blocks, so they would probably remain in consensus. On the bigger blocks side, there is Bitcoin Unlimited and BitcoinABC, which largely follows the approach of Bitcoin Unlimited but goes further in implementing a User Activated Hard-Fork that will chain-split regardless of miners support.

A pervasive security solution that makes practical sense

First, the SDSN platform’s automated threat remediation capability enforces security all the way down to the network layer, including end clients or data centers populated with switches and wi-fi access points from different vendors. With the SDSN platform, you can still quarantine or block infected hosts in a multivendor environment, without swapping out your existing infrastructure. Imagine not having to write off the thousands or even millions of dollars in equipment investments while taking your security game to the next level. ... The decision to migrate workloads to clouds, or determining what applications run on which cloud, should not break your network’s security posture. SDSN goes one step further, not only enforcing consistent policies in all the deployments but also interoperating with native cloud technologies to maintain the same level of enforcement granularity available in physical networks.

5 Steps to Migrate Unisys Mainframes to AWS

The most effective method to exploit the value of Unisys mainframe applications and data is a transformative migration to modern systems frameworks in AWS, reusing as much of the original application source as possible. A least-change approach like this reduces project cost and risk (compared to rewrites or package replacements) and reaps the benefits of integration with new technologies to exploit new markets — all while leveraging a 20- or 30-year investment. The best part is that once migrated, the application will resemble its old self enough for existing staff to maintain its modern incarnation; they have years of valuable knowledge they can also reuse and pass on to new developers. The problem is most Unisys shops, having been mainframe focused for a very long time, don’t know where to start or how to begin. But don’t let that stop you. The rest of this article will give you some guidance.

Understanding the Basics of Biometrics

There is no one-size solution for the optimal biometric modality, however. Each has a specific set of strengths and weaknesses that must be considered when planning a system, based on the requirements and the application context. Certain deployments may even require multiple biometric modalities (commonly referred to as multimodal biometrics), often with fusion of the results, to ensure the highest levels of accuracy and protection. In addition to considering budget and performance, other factors in selecting the right biometric modalities include accuracy, risk of error, user acceptance, and hygiene. For example, DNA is among the most accurate biometric modalities if the sample isn’t degraded, but the option demands proximity to the person or actual DNA sample to touch and collect it—a requirement that isn’t possible in every scenario.

Quote for the day:

"Great leaders go forward without stopping, remain firm without tiring and remain enthusiastic while growing" -- Reed Markham

Daily Tech Digest - July 15, 2017

Grooming effective remote developers in the world of DevOps

"You really have to double down on being good at communication and being clear and building relationships and trust with people," Copeland said in an interview. "Because if you don't trust somebody they're going to think you're a talking head." Copeland noted that a base level of technology is required for remote developers to be effective. A chat system is required, he said, as well as a video conferencing system that supports multiple users and a good microphone for each user. Regarding synchronous communication, Copeland said, "I hope that we have holographic telepresence someday," but until then seeing each other on screens will have to do. Often, remote developers like Copeland are among an organization's top development assets.

Enterprise Software Fuels IT Spending As CIOs Become Builders Again

Gartner's predictions for 2017 IT spending have gone up and down over the last few quarters, but most of the tweaks to its forecasts were due to fluctuations in the value of the dollar. (In constant currency terms, Gartner predicts IT spending growth this year to be 3.3 percent.) Those fluctuations are not altering the fundamental trends in IT spending: As users hang on to their mobile phones for two, three or even four years, rather than refreshing them every year or so, the big driver for IT growth will be the digital transformation of businesses. Digital business trends include the use of IoT infrastructure in manufacturing and blockchain technology in financial services and other industries, as well as "smart machines" in retail, Lovelock said.

Physical Security Is Critical For Protecting Your Data

A good example of how this matters is the theft of physical devices. If someone can break through physical security then they can steal a server. Even if the data on that server is encrypted, once a thief has physical access to a device, they can take their time to break the encryption or work around it to access data. Once we start thinking about hacking physical security, we move quickly into the realm of IoT. Vizza says hacking these devices is relatively easy. "A lot of IoT devices have been, historically, set up on a completely different architecture. Unlike the seven-layer OSI model, the IoT is set up on a four-layer model and security was an afterthought at best. A lot of the original PLCs and other devices have security bolted on, if it's done at all".

Here's the brutal reality of online hate

Online abuse is as old as the internet. Being anonymous encourages people to say things they'd never say in public and push the boundaries of accepted behavior because they feel they won't be held accountable. Distance adds to the problem. It's a lot harder to pull out all the stops when you're looking someone in the eye. On the internet, you don't see your target or the emotional devastation you leave behind. Racial minorities often get the brunt of the abuse online. Black Lives Matter activists, including DeRay McKesson, have been harassed in tweets, emails and posts. And there's enough hatred out there to ensure feminists, Jews, Muslims and the LGBTQ community are constant targets. The internet amplifies the effect, organizing the haters into packs of digital attack dogs.

IoT: What You Need to Know About Risk and Responsibility

The Internet of Things (or, IoT) is a blanket term used to describe all of the technology that is being deployed in homes and businesses. That is, technology that isn’t normally considered part of traditional IT infrastructure -- things your IT staff already manage, like computers, mobile devices, network equipment, etc. These new devices connect to the public Internet and communicate in ways that make them “smarter”. They include security cameras, climate control, inventory logistics, power meters, and even “smart beds” in hospitals. While the improvements in efficiency and cost savings that IoT devices can bring to a business cannot be ignored, it’s important to understand the risks associated with “smart” devices.

Which Spark machine learning API should you use?

Consider if a car manufacturer replaces the seat in a car and surveys customers on how comfortable it is. At one end the shorter customers may say the seat is much more comfortable. At the other end, taller customers will say it is really uncomfortable to the point that they wouldn’t buy the car and the people in the middle balance out the difference. On average the new seat might be slightly more comfortable but if no one over 6 feet tall buys the car anymore, we’ve failed somehow. Spark’s hypothesis testing allows you to do a Pearson chi-squared or a Kolmogorov–Smirnov test to see how well something “fits” or whether the distribution of values is “normal.” This can be used most anywhere we have two series of data.

Why mobile hardware security is fundamentally broken

Recent exploits show that our devices are not as secure as we are led to believe. For instance, hacker Jan Krissler published a high-profile hack of Samsung’s Galaxy S8 iris scanning feature, using a consumer grade camera and contact lenses. In Singapore, ethical hackers from the Whitehat Society at the Singapore Management University (SMU) showed that it was possible to take over a user’s device using only their phone number, and then use the device’s camera and audio equipment to spy on the user. Even the smartcard chip, which provides tamper-proof security for phones and cumbersome hardware tokens, offers practically no protection against misuse. Smartcard chips don’t authenticate the user, and are unable to decipher the intent of the person using it, be it for the owner or a person with malicious goals.

Beyond user interface testing: Here's what you need to know

The most common way to look beyond user interface testing is by examining and verifying database values. Software applications update data constantly. Changes in the UI can trigger ongoing or multiple database value updates, kick off triggers and be managed through indexes, just to name a few possibilities. Tracking and verifying data value changes triggered from UI actions provides valuable testing data. For example, many QA testers use SQL to create a repository of tests for verifying database values and then execute them before user interface testing. Defects not visible in the UI can frequently be evident in the database, and testing within the database can find defects before user interface testing occurs.

A View from the Trenches: the C-Suite’s Role in Organizational Transformation

Transformations in tech-focused companies impact not just the development team, but the entire organization. Transformations represent a fundamental shift in how an organization as a whole thinks, acts, and produces. They are collaborative, self-organizing, open, and efficient, but changing the way an entire organization operates - from the way teams are organized to how they interact with clients - takes time and a willingness to trudge through the initial discomfort and uncertainty of change. Recent data from the State of Agile survey shows that three of the top four reasons why Agile projects fail fall under the category of culture. Culture at "odds with agile values" accounted for 46% of answers, while both "lack of management support" and "lack of support for cultural transition" accounted for 38% of answers each.

A.I. innovation finds a home on mobile devices

Innovative mobile apps married to increasingly powerful artificial intelligence (A.I.) are rapidly getting smarter -- making them even more helpful for users. These kinds of apps, showcased at VentureBeat's two-day MobileBeat conference here this week, are designed to anticipate user needs. Who knew, for example, that you can use your smartphone to simplify the process of getting a green card to enter the United States or to streamline corporate travel? During a "Startup Showcase" session, Visabot showcased its appropriately-named Green Card app. The program is based on a bot that walks users through a series of simple questions that, when answered, generates a package of documents you can file with U.S. Citizenship and Immigration Services to complete the application process.

Quote for the day:

"Never be ashamed of your past. It’s all part of what made you the amazing person you are today." --Yehuda Berg

Daily Tech Digest - July 14, 2017

9 cutting-edge programming languages worth learning now

The world is filled with thousands of clever languages that aren’t C#, Java, or JavaScript. Some are treasured by only a few, but many have flourishing communities connected by a common love for the language’s facility in solving certain problems. There may not be tens of millions of programmers who know the syntax, but sometimes there is value in doing things a little different, as experimenting with any new language can pay significant dividends on future projects. The following nine languages should be on every programmer’s radar. They may not be the best for every job—many are aimed at specialized tasks. But they all offer upsides that are worth investigating and investing in. There may be a day when one of these languages proves to be exactly what your project — or boss — needs.

So, you want a master's degree in cybersecurity?

Carnegie Mellon University (Pittsburgh)—In 16 or 20 months, the Master of Science in Information Security enhances a technical education in computer systems and security with research/development opportunities and the option to take additional courses in areas complementary to security. Graduates may pursue doctoral degrees or positions as security experts equipped to manage the growing complexities associated with securing data, networks and systems. This graduate degree program meets the criteria for the NSF-funded CyberCorps Scholarship for Service Program (SFS). U.S. citizens who are accepted may be eligible for a full scholarship and stipend from the federal government.

Disruptive Technologies and Industry 4.0

Humankind requires an open mind to bring about Industry 4.0. The technology required by the IoT requires a healthy dose of supply and demand to survive and succeed. Good salaries and plentiful employment provide consumers with money to spend on things they want. Rewarding and encouraging the development of technology and creativity brings about the advancement. The good news is that this action is already in place around the world. Manulife’s Lab of Forward Thinking (LOFT), located in the thriving areas of Singapore, Toronto, and Boston, builds competitive advantages within the financial services industry. Employees are encouraged to use technologies like artificial intelligence (AI) to determine new solutions for building wealth and prioritizing customer needs.

Singapore unveils first look at new cybersecurity laws

CSA Chief Executive David Koh noted that the country's current legislation, the Computer Misuse and Cybersecurity Act, focused primarily on cybercrime. A more multi-faceted bill was necessary to oversee a cybersecurity landscape that continued to evolve, Koh said. Amongst the proposed bill's key components was a regulatory framework targeted at CII owners, which formalised the duties of such providers in securing systems under their responsibility, including before a cybersecurity had occurred. The bill would detail CII owners' responsibilities, which would include providing information on the technical architecture of the CII, carrying out regular risk assessments of the CII, complying with codes of practice, reporting of cybersecurity incidents "within the prescribed period" after the event.

Why Resilience Is Necessary As A Leader

Perhaps we think of resiliency from a personal perspective. When we think of resiliency, the image comes to mind of a person who just completed an ultra-marathon with two prosthetic legs. We do not think of a leader who went through a grueling year and came out a better leader. While personal resiliency is important, it is a critical component of effective leadership. The true grit of a leader is not how they perform during the good times but rather how they display emotional strength, courage and professionalism during the most trying times. It is impossible to demonstrate resilience unless you have gone through difficult times. For example, a leader who leads a team during a time of leadership transition, through a period of high turnover, through an organizational restructuring or through a season where surveys revealed poor performance.

8 keys to DynamoDB success

While DynamoDB generally works quite well, it’s inevitable that we all run into issues. A few months ago at Segment, my colleagues wrote a detailed blog post about our own DynamoDB issues. Mainly, we were hitting our rate limits due to problems with our partitioning setup – a single partition was limiting throughput for an entire table. Solving the problem took a superhuman effort, but it was worth it ... In DynamoDB, read throughput is five times cheaper than write throughput. If your workload involves a lot of writes, see if you can read the data first to avoid updating in-place. Reading first will help avoid throttling and cut your bill in a write-heavy environment where keys may be written multiple times.

Transforming the PMO into an SVMO to Drive Software Value

The PMO for software development is typically focused on planning, implementing, monitoring, and controlling projects. It often serves as the “bad guy” informing management about missed deadlines and keeping the staff on task, ensuring they are following the standard processes as they were defined. ... So, I am certainly not saying that they should be eliminated but I am saying that it’s necessary to focus on more than what has historically been done. I believe the PMO needs to be transformed into more of a strategic partner within the organization, focusing on optimizing process to maximize value flow and measure value rather than just standardizing process to improve efficiency and measure compliance and, consequently, being repositioned as a Software Value Management Office (SVMO).

Who Is A Target For Ransomware Attacks?

“There are a wide variety of ransomware types, but one thing is certain,” says Morey Haber, vice president of technology for BeyondTrust, which offers a privileged access management platform. “No vertical, government, or organization is immune to its effects. Unfortunately, some are more susceptible to successful attacks, based on the type of technologies they deploy, their age, cost for replacement, identity governance and privilege maturity, and overall cyber security hygiene implementations regulated by government or third-party compliance initiatives.” ... it’s never been more important to protect your organization. Here’s a look at who the usual ransomware targets are today and are likely to be in the near future, why they’re targets, and best practices for protecting your data.

Verizon Breach: 6 Million Customer Accounts Exposed

The data exposure was discovered by Chris Vickery, a researcher with the cyber risk team at security vendor UpGuard. The data was contained in an unsecured Amazon Web Services Simple Storage Service (S3) "bucket," or storage instance, Dan O'Sullivan, a cyber resilience analyst at UpGuard, writes in a blog post. Israel-based NICE Systems, one of Verizon's partners, controlled the repository. Verizon says in its statement that NICE was supporting "a residential and small business wireline self-service call center portal and required certain data for the project." UpGuard notified Verizon on June 13 about the data exposure, but the bucket wasn't locked down until June 22. UpGuard characterized that length of time as "troubling." Officials at NICE couldn't immediately be reached for comment.

Companies must hire a CISO to address cyber threats at the executive level

The office of a CISO is a structure you put in place to help your organisation deliver a continually relevant response to cyber risk. You want your CISO to have an impact, you want to see processes challenged and informed consensus with business units achieved, you want to see tweaks to staff behaviours, as well as to the technical environment. You want your customers to have trust in your organisation. You want your suppliers to be vigilant against the potential impact on you if they don't hold up their end. Cyber risk management is not static and there absolutely is no finish line. As your organisation continues its search for pragmatism in approaching cyber risk, you'll want your CISO to be supported in their role, both with their own team as well as senior executive sponsorship because their success is your organisation's digital wealth protection.

Quote for the day:

"Be willing to make decisions. That's the most important quality in a good leader." -- General George S. Patton, Jr.

Daily Tech Digest - July 13, 2017

What are the differences between Office 2016 and Office 365?

Think of Office 2016 as traditional software made and sold in traditional ways. That holds for servicing, too. Microsoft provides monthly security updates for Office applications, usually on the second Tuesday of each month, and also fixes non-security bugs for the first five years of the SKU's lifecycle. But Office 2016 does not receive upgrades with new features and functionality. What you get when you buy the suite, feature-wise, is it. When Microsoft produces a new edition, which it will eventually do, you will need to pay another up-front fee to run that. Office 365, on the other hand, has a completely different servicing model. While the Office applications licensed to users through Office 365 receive the same security patches distributed to Office 2016, they also acquire new features and functionality on a twice-a-year schedule.

Machine Learning, Artificial Intelligence, and Robo-Advisers: The Future of Finance?

One issue relating to neural network–based machine learning–enabled AI applications in investment management is one familiar to readers of this blog and its posts on market structure, high-frequency trading, and algorithmic trading. The black-box issue, in which the workings of an algorithm are not understood by its user or other stakeholders and lead to potentially unintended actions or consequences, is a well-known headache for regulators trying to ensure market stability. Although some attempts have been made to check the source code of algorithmic traders, the most effective protection against algorithmic errors are circuit breakers on markets that limit the amount of damage a failing algorithm can cause.

Next WannaCry attack could cost insurers $2.5B

“Sooner or later we, will see a billion-dollar cyber claim and the insurance market is well positioned to absorb that,” said Thomas Seidl, an analyst at Sanford C. Bernstein in London. “Everybody has exposure to cyber risks and the best precaution can’t eliminate that, so there is a strong demand for insurance making cyber coverage by far the biggest opportunity for non-life insurers for the next years.” ... With cyber coverage growing rapidly and insurers increasingly seeing the segment as their next blockbuster, regulators are concerned that the industry could be taken by surprise. Insurers writing cyber policies “are expected to introduce measures that reduce the unintended exposure to this risk,” the U.K.’s Prudential Regulation Authority said in a statement on Wednesday.

What Is Hyper Convergence?

Hyperconverged platforms include a hypervisor for virtualized computing, software-defined storage, and virtualized networking, and they typically run on standard, off-the-shelf servers. Multiple nodes can be clustered together to create pools of shared compute and storage resources, designed for convenient consumption. The use of commodity hardware, supported by a single vendor, yields an infrastructure that's designed to be more flexible and simpler to manage than traditional enterprise storage infrastructure. For IT leaders who are embarking on data center modernization projects, hyperconvergence can provide the agility of public cloud infrastructure without relinquishing control of hardware on their own premises.

Businesses warned of insider cyber threat

"Too many people are chasing shadows, it's an education process, teaching them not to open suspicious emails and so on, but even CEOs open their own emails. There's all kind of scams out there but they are people scams, not technology scams." For executives worried about the impact of insider threats within their organisations, the Federal Attorney General's department last year amended its 'Managing the insider threat to your business' publication to provide guidance for managers. Key to the Federal Government's advice is to have rigorous recruitment procedures including properly checking references, watching for changes in staff behaviour and maintaining internal access and security controls on data. Mr Meyer said organisations should also focus on monitoring behaviour on their networks to get early warning of untoward activity.

A cloud in your datacenter? Azure Stack arrives

The business model around Azure Stack is an interesting one, using subscription pricing much like Azure. You can pay per hour or per month, with a Base VM charge of $0.008/vCPU/hour or $6/vCPU/month). Like Azure, on top of a Base VM host, you can use your existing Windows Server or Linux licenses. If you don’t have any licenses, then a Windows Server VM comes in at $0.046/vCPU/hour or $34/vCPU/month. There’s similar pricing for storage and for the Azure App Services, all based around vCPU usage. As expected, it’s cheaper than Azure’s pricing for similar features, but here you’re paying for the hardware yourself, and that’s not going to come cheap. Getting used to a subscription fee for your on-premises usage is going to be the biggest change to using Azure Stack.

Salesforce brings digital transformation to field workers with AI, analytics tools

While customers have benefitted from company digital transformation efforts, field technicians often still find it difficult to deliver a modern, onsite experience, said Mary Wardley, program vice president, customer care and CRM at IDC, in the release. "Customer expectations have escalated across the board, and so have expectations for in-the-field diagnostics and issue resolution," Wardley said in the release. "With features including image recognition, automated equipment tracking and analytics baked into the field service process, digital transformation is reaching the field and will enable companies to run their field service organization faster and more efficiently." In terms of availability, Field Service Equipment and Inventory Management can be purchased today with any Field Service Lightning license, which start at $150

What IT Workloads Say About Your True Priorities

The survey found that IT pros enjoy modernizing technology, troubleshooting or assisting users and planning or strategizing. However, respondents estimated that they spend, on average, only 11 percent of their time on “IT planning and strategy,” and 13 percent on “modernizing technology.” While day-to-day issues in IT will never go away — there will always be hardware to deploy, software to update and help desk tickets to attend to — there are ways you can ease some of the grunt work in IT. “The secret here is to identify and automate those time-consuming, repetitive tasks that are sapping your organization’s ability to focus on more business-critical issues and find ways to automate them,” says Peluso.

5 Privacy Worries on 4 Wheels: Staying Safe in the Connected Car Era

As modern vehicles are upgraded to include Internet-enabled technologies designed to access, store, and transmit data for entertainment and safety purposes, consumers are presented with a double-edged sword. On one hand, these connected systems provide important convenience benefits for consumers, but on the flip side, motor vehicles are being exposed to a growing number of security and privacy risks. As the market for connected cars continues to grow (an estimated $155 billion by 2022) and more semi-autonomous vehicles roll off assembly lines, the severity of security and privacy threats rises exponentially, becoming major concerns for both car buyers and manufacturers. Here are five of the top privacy issues associated with connected motor vehicles

Quantum fiber network to launch in August

“This is a major step toward building a global long-haul and truly-secure satellite communication network,” it said in a press release yesterday. Lasers are expected to play an important part in future satellite constellations partly because currently used radio frequency bands are congested. Light will allow transmissions to be more efficient, with lower power, and thus allow smaller and cheaper satellites. A major part of that new satellite communications technology will be the securing of it. Distance, however, has been a problem area for QKD development in general. While conceptually the subatomic communicating particles that make up the warren of entangled keys affect each other wherever they are in the stream, they actually dilute over distance—just as any other medium. Scattering takes place, for example.

Quote for the day:

Remember the difference between a boss and a leader; a boss says "Go!" - a leader says "Let's go!" -- E.M. Kelly