Daily Tech Digest - August 17, 2017

Machine Learning: More Than Just Algorithms

If machine learning is relegated to playing a supporting role, this means that it won’t be algorithms that companies must master. Rather, algorithms will be procured for sure, as part of broader solutions. And, if done well, the actual algorithms will be analogous to source code—important but ideally obfuscated if the solution is functioning as desired. Of course, algorithms are not what drives the eventual solution behaviour. The models that the algorithms produce will be the means by which generalised rules become contextualised and so enable more effective behaviour patterns. In fact, in a networking environment, if the goal of machine learning is to automate workflows as part of adaptive or predictive operations, generalised algorithms are simply building blocks.

Driving Architectural Simplicity - The Value, Challenge, and Practice of Simple Solutions

There are several key benefits to designing and maintaining a simple architecture. First, simple architectures are easier to communicate. Communication includes both documentation and comprehension. A simple architecture can be documented with a smaller model and fewer drawings/annotations which would lead to improved comprehension by stakeholders. Comprehension is critical for shared understanding, which some define as the architecture (from Martin’s Fowler’s seminal Who Needs an Architect?). A shared understanding is critical to maintaining alignment across teams and team members, and ensuring an efficient implementation. Second, simple architectures are often easier to implement. 

How Ray makes continuous learning accessible and easy to scale

Ray is something we've been building that's motivated by our own research in machine learning and reinforcement learning. If you look at what researchers who are interested in reinforcement learning are doing, they're largely ignoring the existing systems out there and building their own custom frameworks or custom systems for every new application that they work on. ... For reinforcement learning, you need to be able to share data very efficiently, without copying it between multiple processes on the same machine, you need to be able to avoid expensive serialization and deserialization, and you need to be able to create a task and get the result back in milliseconds instead of hundreds of milliseconds. So, there are a lot of little details that come up.

How Upgrading Your Digital Mindset Offers Big Benefits

There can be many obstacles to digital transformation, from a lack of leadership to an absence of change management expertise, as the SAP/Oxford study noted. But buy-in amongst conservative medical professionals was critical at the largest heart hospital in Latin America, according to Guilherme Rabello.  “We had to convince them that ... the technology was not dragging them out of their main service, but assisting them to provide even better care to their patients,” Rabello said at SAP Leonardo Live. “So we engaged with all of them upfront, and we showed them why we were doing [what we were doing].” InCor’s uptake of SAP Leonardo was quick, especially for younger medical professionals who are comfortable in digital environment, according to Rabello.

Powerful backdoor found in software used by >100 banks and energy cos.

The module performs a quick exchange with the controlling DNS server and provides basic target information (domain and user name, system date, network configuration) to the server. The C&C DNS server in return sends back the decryption key for the next stage of the code, effectively activating the backdoor. The data exchanged between the module and the C&C is encrypted with a proprietary algorithm and then encoded as readable Latin characters. Each packet also contains an encrypted "magic" DWORD value "52 4F 4F 44" ('DOOR' if read as a little-endian value). Our analysis indicates the embedded code acts as a modular backdoor platform. It can download and execute arbitrary code provided from the C&C server, as well as maintain a virtual file system (VFS) inside the registry.

Building the Future of Finance

When you look at the process of building and deploying an AI model, it’s actually a very interesting world, because if you start off trying to build and trying to create and craft machine learning models – AI models – you need an enormous amount of data to create, craft, test, validate, calibrate, etc. But then in reality, you need a much smaller world or universe of data to run it on a daily basis. So from a bank’s perspective, you need to have an enormously elastic, cost controlled, efficient environment to mine for calibration, for creation purposes, for you to be able to create these models. Then when the rubber hits the road, you can have a much smaller, more dynamic, more discreet universe of data. So you can have these running, but for creation purposes you need the terabytes and petabytes; you don’t have to have that on a daily basis

Mitigating security risks posed by emerging tech: Expert advice

"If something brand new came to market tomorrow that could substantially improve the business, we have policies and protocols in place to evaluate it so we can set it up right away. We can move quickly to assess and determine whether it would work well with a minimal security risk or maximum security risk, and we can make recommendations based on that to move forward," Patria said. For Patria, it's about having layers of protection that can be used to counter the known security risks of an emerging tech as well as any potential threats that haven't yet been identified. Take, for example, the college's approach to the security risks associated with the internet of things (IoT), as it adds more and more devices to the school's IT infrastructure.

This Is Why Digital Currencies Need A Self-Regulating Organization

Did you know that participants within an industry may create a self-regulating body that self-governs and polices themselves? The SEC is not a government agency, rather they are a self-regulating body that was created by the member exchanges to protect and educate the public about securities. Similar agencies exist around the world providing the same service to their own citizens as the SEC does in the United States. We, the Crypto Community (the Community), have a right to do this for ourselves and do it globally. We have a right to define this new industry we created and govern that industry to protect and serve individuals and/or organizations that participate in all things crypto. ... We can be regulated OR we can regulate ourselves, and the only thing to decide this fate is whether we choose to organize and take action.

Automated Journey Testing with Cascade

You could divide the codebase into several codebases and have different teams work on each. In concurrent programming terms, we have removed the single exclusion lock in favour of multiple locks. We suffer less contention, developers are waiting less. We have solved one problem but we have introduced another. We now have different deliverables, whether they are microservices, or libraries, which are tested independently. The deliverables share a contract. Our tests have lost sight of the global picture. We are no longer certain that these components interact with each other since they are independent systems now with an independent set of tests. Our tests are now less inclusive, less exhaustive, and ultimately of less use to the product owner and user as an Acceptance Test.

How to Avoid the 6 Most Common Audit Failures

Since everything you do in security should be based on risk, a complete risk assessment is a must. But, what is a good risk assessment? Some people confuse a list of failure scenarios with a risk assessment. Stating that a DDoS attack could cripple your organization is not a risk statement, it is a statement of impact. Risk statements must include probabilities of occurrence of the threat such as: “It is highly likely in the next year that we will experience a DDoS attack that cripples our Internet services.” Conversely, the chance of a threat occurring alone is not a risk statement. Receiving lots of password guessing attacks against your SSH services is not a risk. However, if you say “there is a high likelihood of an SSH attack succeeding with an attacker gaining access to confidential data,” that is an actionable risk statement.

Quote for the day:

"Integrity is the soul of leadership! Trust is the engine of leadership!" -- Amine A. Ayad

Daily Tech Digest - August 16, 2017

The merging of enterprise and consumer identities means it’s time for a universal identity

An Identity Broker is a system that can support Bring-Your-Own-Identity (BYOI) schemes by taking a user’s existing identity and allowing them to authenticate to unaffiliated websites using that identity. With identity brokering, a single user account can be linked to identities from different identity sources. This is done using protocols such as SAML 2.0 or Open ID connect specifically set up for a brokering scenario. In the future, we may see an increasing number of identity providers that not only support isolated enterprise identities, but rather providers that increasingly support numerous external identities, such as social media accounts, healthcare smart cards, commercially acquired identities, as well as identities created with off-the shelf wearables that are embedded with smart card chips.

Is the smart home predestined for a mass-market win?

Looking at wider trends in home automation, particularly in architecture and interior design, the question begs to be asked: Are designers and solution experts trained to focus as intently on security and privacy as they are in making the home connected? Once a home’s ‘infrastructure’ is exposed to the internet or becomes wireless-enabled, it becomes susceptible to cyberattacks locally, and globally. For example, it’s not out of the realm of possibility that a criminal could access a smart home’s data, or even open garage doors, locks and other devices without ever physically touching the property. The design phase is where smart home products receive their security DNA, so it’s important not only to ensure devices are able to defend against known security vulnerabilities, but also easily accommodate future over-the-air fixes.

Forget Tough Passwords: New Guidelines Make It Simple

"We focus on the cognitive side of this, which is what tools can users use to remember these things?" Grassi says. "So if you can picture it in your head, and no one else could, that's a good password." While these rules may seem suspiciously easy, Grassi says these guidelines help users create longer passwords that are harder for hackers to break. And he says the computer security industry in both the public and private sectors has received these new rules positively. "It works because we are creating longer passwords that cryptographically are harder to break than the shorter ones, even with all those special character requirements," Grassi says. "We are really bad at random passwords, so the longer the better." Previously, security experts recommended the use of password manager apps to ensure users' accounts were protected.

10 Artificial Intelligence (AI) Technologies that will rule 2018

Artificial Intelligence is changing the way we think of technology. It is radically changing the various aspects of our daily life. Companies are now significantly making investments in AI to boost their future businesses. According to a Narrative Science report, just 38% percent of the companies surveys used artificial intelligence in 2016—but by 2018, this percentage will increase to 62%. Another study performed by Forrester Research predicted an increase of 300% in investment in AI this year (2017), compared to last year. IDC estimated that the AI market will grow from $8 billion in 2016 to more than $47 billion in 2020. “Artificial Intelligence” today includes a variety of technologies and tools, some time-tested, others relatively new.

Google’s DeepMind made an AI that can imagine the future

The researchers argue that giving AI imagination is crucial for dealing with real-world environments, where it’s helpful to test a few possible outcomes of actions ‘in your head’ to predict which one is best. Recently, DeepMind’s founder Demis Hassabis wrote a paper published in Neuron about how the development of general-purpose AI is dependent on understanding and encoding human abilities like imagination, curiosity, and memory into AI. With these papers, his company seems to be making headway in at least one of those areas. ... Of course the type of imagination described in these papers is nowhere near what humans are capable of, but it does show that AIs can and benefit from being able to efficiently imagine different scenarios before acting.

CodeFights offers a unique tool for developer recruiting

Sloyan described CodeFights as like Angry Birds, but for coding. A developer can choose a world -- that can be a language like Python or a concept like graphing -- and then pick a location in that world to begin. Each task solved is a coding problem, and they get more complicated at each step. Johnston said it was all fun, but it was also very much like the kinds of problems you might be asked to solve during a developer recruiting interview. And it’s competitive. "You can compete with real people and race to see who can code up a solution," he explained. "Or you can compete against company bots, which is much more difficult. I competed against two of the company bots, and I beat them."

Cost of insider threats vs. investment in proactive education and technology

The strength of an investment is normally measured by the certainty and size of return it will provide. The proposals with the most profitability potential usually win; which is what makes cybersecurity proposals such a hard-won investment. When pitching for an investment almost every department will emphasize the urgency of their need for funds, and often they can prove profitability. However, in security an investment does not provide more revenue normally, but it does provide savings during the inevitable cyber attack. In the security discipline we usually call this loss prevention, while in business this falls under the category of opportunity cost. When executives talk about opportunity cost, they are attempting to measure the value of one investment option against another one.

Google Chrome under attack: Have you used one of these hijacked extensions?

The main intent of the attack on Chrome extension developers is to divert Chrome users to affiliate programs and switch out legitimate ads with malicious ones, ultimately to generate money for the attacker through referrals. The attackers have also been gathering credentials of users of Cloudflare, an availability service for website operators, which probably could be used in future attacks. The hijacked extensions were coded mostly to substitute banner ads on adult websites, but also a range of other sites, and to steal traffic from legitimate ad networks. "In many cases, victims were presented with fake JavaScript alerts prompting them to repair their PC, then redirecting them to affiliate programs from which the threat actors could profit," notes Kafeine.

Social cybersecurity: Influence people, make friends and keep them safe

The basic idea behind this is that we're looking at how to change people's awareness, knowledge and motivation to be secure. The work is grounded in a discipline known as social psychology. This discipline looks at how people influence one another. ... We use a technique known as social proof, which is people tend to do what everyone around them is doing. One of the common pranks fraternities will do from time to time is to have a few fraternity members point up at the sky, and if you look at the number of passers-by who also look up, it's actually very high. It's a simple mechanism that most people aren't aware of, but it's very common. Another example is, let's say you just got off a plane, which way do you go? Do you turn left or right? The simple heuristic is to follow where everyone else is going, and you will probably be going in the right direction.

Scottish Parliament hit by “brute force” cyber attack

Chief executive of Holyrood, Sir Paul Grice relayed the confirmation of the attack in a message to MSPs and staff with parliamentary email addresses. Grice said “robust cyber security measures” identified the attack early, and systems “remain fully operational”. This early identification can be attributed, in part, to the major the cyber attacks that have plagued organisations in recent months, namely the number of Scottish NHS boards affected in May. Parliamentary corporate body member David Stewart told MSPs in June that as a result of this clearly escalating threat, an independent review of “cyber security maturity” had been carried out, and had “offered assurance that sufficient and effective arrangements are in place to manage cyber threats and risks”.

Quote for the day:

"The value of having numbers - data - is that they aren't subject to someone else's interpretation." -- Emily Oster

Daily Tech Digest - August 15, 2017

Let’s Corrupt a Database Together, Part 3: Detecting Corruption

In theory, you keep them all the way back to your last clean CHECKDB. In practice, you’ll need to keep them longer than that. If you do CHECKDB every 7 days, and you delete log files older than 7 days, then when CHECKDB fails, a human being probably won’t disable the log-deletion job fast enough to keep the log backups online. In that scenario, 10-14 days of log backups might be a better choice – especially if there’s only one DBA, and everyone else just leaves the alert emails for the DBA to handle when they get back from vacation. You could run CHECKDB more often, or on a restored copy of production. It kills me when I see people doing index rebuilds every night, but CHECKDB only once a week.

Building technology with a social purpose

“We want people to be wearing devices in a nonintrusive way, that keeps their dignity, and allows them to get a good level of care from their family or care provider. “They must not feel they have a 'big brother' or have someone watching them all the time, but they can get help when they need it,” he says. “We needed wearables that are smart enough as a standalone device,” says Feijo. “It is a mobile phone on your wrist. It does not depend on a mobile phone to call.” Jupl is a Kiwi company, co-founded by Sir Ray Avery and Allan Brannigan, that provides technology to connect people wearing medical devices, carers and healthcare professionals to assist in daily care management. The company’s cloud-based platform, the Virtual Biometric Network, coordinates hardware and software to create a unique and interactive experience, which gives everyone access to key features and tools.

Cloud computing is consolidating, raising the risk of customer lock-in

For customers, consolidation so far has been more of a problem than a blessing, Forrester said. In contrast to the common perception that cloud services enable ease of switching, the analysts asserted that the risk of lock-in is actually greater in the cloud. Buyers of on-premises software have more options than cloud buyers to resist captivity. “For example, they can skip upgrades or turn to third-party maintenance providers to cut fees in half,” the report said. “Clients of SaaS vendors don’t have these options; if they stop paying the vendor, they lose access to the apps.” As dominant cloud vendors consolidate their market share, some are likely to increase prices, reduce research and development investments and generally cut back on innovation. They’ll also make it more difficult for customers to migrate data to other services.

Data lake implementation: Data security, privacy a top priority

One of the challenges is that we are currently running the project on limited hardware. We can elevate the project to a production-ready stage only after it gets to a certain stage. I don't report into the IT group, but IT generally runs the Progress infrastructure. We don't have the buy-in from Progress yet, because we have to prove it works first. We prefer to move into the cloud, but we have sensitive PII data of customers and while CIOs and CMOs share data, they have to work together to ensure that the right governance, data privacy and security are in place. ... With data lake implementation, I don't want to say you just dump a bunch of data into a data lake and see what happens, but that's kind of what we did. Knowing what I know now, we would have taken some measures to address things like the infrastructure

The new Data Protection Bill will reduce Brexit uncertainty – if it’s implemented smartly

More positively, companies who comply with the new rules will also be able to reap the rewards by build trust and improving their customer relationships, thereby giving themselves significant opportunity for growth. How organisations approach these regulations will have an enormous effect on company performance and customer experience. For instance, better data protection and well executed consumer control will be major differentiating factors and can become a competitive advantage. ... For consumers, the immediate effect will be increased assurances from service providers that they have control about who and what has access to their data. However, having more control of personal data could easily prove confusing for many people.

IT's 9 biggest security threats

IT security pros have to contend with an increasing number of loose confederations of individuals dedicated to political activism, like the infamous Anonymous group. Politically motivated hackers have existed since hacking was first born. The big change is that more of it is being done in the open, and society is acknowledging it as an accepted form of political activism. Political hacking groups often communicate, anonymously or not, in open forums announcing their targets and hacking tools ahead of time. They gather more members, take their grievances to the media to drum up public support, and act astonished if they get arrested for their illegal deeds. Their intent is to embarrass and bring negative media attention to the victim as much as possible, whether that includes hacking customer information, committing distributed denial of service (DDoS) attacks

Conversational Finance: The Impact of Chatbots, AI and Machine Learning

Chatbots are essentially pieces of software that simulate human, natural language conversations and can respond to and act upon queries and commands from users. The advantage these systems have over a real conversation with a human is that they are able to extract and analyse a user’s needs and intent and ultimately return the information a user has requested or perform actions for them faster, at any time of day or night and at significantly lower cost than a human counterpart.  The benefits of this type of technology are clear with many people choosing to apply and research investments or loans through these types of systems rather than spending the extra time and potentially cash on a human broker that may not necessarily have the best deals available.

5 Innovation Keys for the Future of Work

Innovating just to innovate doesn't do any good--real innovation always has the end user in mind and creates something that will meet their needs and address their pain points. However, many people aren't aware of or can't vocalize what they really want in a product. The best innovators see how customers really interact with products and services to find pain points and create the product of their dreams. At Xerox, this happens by bringing in groups of end users so innovators can see how they work with the product and tapping into ethnographic experts for a different approach to customer dreams and pain points. True innovation understands what customers need and pushes beyond what they hear to provide the best possible solution.

TD Ameritrade accelerates innovation with agile, design thinking

It's hard to find a hotter technology in financial services than roboadvisors. Launched last fall, TD Ameritrade's Essential Portfolios roboadvisor enables long-term investors to choose an investment plan for crucial financial goals, including retirement, college or home purchases. Using the app from computers or smartphones, clients can dial up or scale back their contributions and view a graphical projection of their investments over time. TD Ameritrade will eventually allow clients to aggregate non TD Ameritrade accounts. "It's becoming a digital financial cockpit for our self-directed, long-term investors," Sankaran says. Many industry watchers eye roboadvisors with suspicion, as they are ostensibly replacements for financial planners at a time automation is viewed as a threat to jobs.

Legacy technology – an enabler to digital transformation, not a barrier

While the definition of ‘legacy’ will vary between (and within) organisations, this finding confirms my experience that this is a consistent issue across a wide range of sectors and size of organisation. Many IT departments face the issue that their organisation has grown over time, building a complex dependency of operational, organisational and technological legacies. Many elements of the organisation are highly dependent on these legacies for their day-to-day business. As such these legacy elements are regarded as intractable barriers blocking the road to digital transformation, deemed ‘to risky’, or assumed unable to be included in the journey. Legacy is not a barrier born in ‘yesterday’s world’. It is the reason an organisation is where it is now and often holds a great deal of future value for the organisation.

Quote for the day:

I would rather have questions that can't be answered than answers that can't be questioned." -- Prof. Richard Feynman

Daily Tech Digest - August 14, 2017

How IT Can Prepare For VR, AR & MR In The Enterprise

With great opportunities come great responsibility, as Uncle Ben might have said if he’d worked in IT. “Like anything else, when you adopt a new technology, it puts a strain on your infrastructure,” warns Chad Holmes, principal and cyber CTO at professional services organization EY. “You have to uplift your infrastructure to support a new communication path or channel.” Unfortunately, Holmes continues, many companies don’t have the back-office capabilities required to support AR, MR and VR. “The technology is there, but a lot of improvements need to be made to old legacy systems to make sure that these types of technologies can function how they’re supposed to,” he says. “For most, it’s a big investment.” The other big concern cited by Holmes and others is the security issue raised by the addition of new remote devices sharing data wirelessly.

How to move into a cloud career from traditional IT

So, if you have held very general roles in IT architecture or security, you now need to now focus on the solution-based use of specific cloud services, including security services. For many enterprise architects, this is a somewhat unnatural act, but it’s necessary if you want to command higher pay and job security. ... The path for a database admin is pretty easy to map. Basically, it’s a matter of understanding the databases that are likely to be used for cloud-based workloads, and then mapping your skills to those specific databases. For example, Oracle DBAs can certainly continue their career with Oracle running on the public cloud. However, enterprises that move to public clouds usually opt for cheaper and more modern database technology, so it would be good for Oracle database admins to learn how to admin other databases.

CIO interview: Mike Proudlock, interim head of IT, The Royal College of Surgeons

As with any period of major change, Proudlock anticipates there will probably be a lot of uncertainty for staff as the RCS progresses with its digital transformation plans.  “I expect my main challenge will be to keep everyone in the IT team fully engaged and committed to what we need to deliver despite the inevitable uncertainty – both for us as a department and staff in the wider organisation,” he says.  “From previous experience leading similar major changes, I have found the best approach is to be as open and transparent with people as possible, including admitting when there is no information available,” he adds. “I’ve seen too many cases where someone has tried to waffle their way through in such cases, and it almost always comes back to bite them.”

10 bad habits cybersecurity professionals must break

"As security layers need to be put in place, there will be incompatibilities between different technologies, so workarounds will be found, competing technologies will need to be turned down or off, repetitive settings will have to be changed and will be forgotten to be changed across different policies," Pozhogin said. Disabling or removing protections such as antivirus, network security protocols or two-factor authentication for convenience can lead to an exposed system with deliberately bypassed protections and unencrypted documents, said Travis Farral, director of security strategy at Anomali. "Any click on a phishing email or successful drive-by attack on exposed systems will give attackers access to them and anything that can be accessed through them," he added.

Overcoming the Misery of Mega-Project Delivery

While many project managers would readily agree with the importance of these questions, in practice, there are often inadequately addressed, resulting in (sometimes catastrophic) ripple effects. In the case of Deepwater Horizon, two pivotal behaviours were at the genesis of the outcome. The first was a combination of arrogance and overconfidence which resulted in the failure to effectively address the escalating pressure building up the pipe from the sea floor. The second was driving the drilling team to accelerate schedule at the expense of safety. Addressing these two behavioural attributes of the project culture may well have averted the disaster. In the end, the project failure was really a people failure. Many organisations use projects as vehicles for embedding strategic initiatives and effecting change.

Are Integrator IT Skills Overblown?

Due to technology advancement trends, including cloud computing, it is no longer true that all security systems integrators must become experts in all IT facets of computer, software, hardware and network deployment. There are some levels of enterprise security system deployment that continue to require advanced IT skills; however, many more security system deployments do not require such a high level of IT expertise. Based on the continued acceleration of information technology trends, we should expect to see electronic physical security systems become more capable, and become less trouble to own and maintain, as well as less trouble for integrators to install and commission. Even security system cyber protection should become easier –provided that manufacturers fully embrace current cybersecurity principles, practices and technologies.

Cybersecurity machine learning moves ahead with vendor push

Microsoft is positioning itself to fight back against the success of Amazon Web Services, according to Charlotte Dunlap, an analyst with Current Analysis in Sterling, Va. The company launched a new container service and joined the Cloud Native Computing Foundation (CNCF) amidst earnings reports indicating that its Azure platform is outcompeting Salesforce and other providers. Microsoft unveiled a preview of its Azure Container Instances service in a bid to support developers who want to avoid the complexities of virtual machine management. Dunlap said the announcement is significant because companies are still reluctant to deploy next-generation technologies incorporating containers and microservices, despite their advantages.

How to use Apache Kafka messaging in .Net

Both Kafka and RabbitMQ are popular open source message brokers that have been in wide use for quite some time. When should you choose Kafka over RabbitMQ? The choice depends on a few factors. RabbitMQ is a fast message broker written in Erlang. Its rich routing capabilities and ability to offer per message acknowledgments are strong reasons to use it. RabbitMQ also provides a user-friendly web interface that you can use to monitor your RabbitMQ server. Take a look at my article to learn how to work with RabbitMQ in .Net.  However, when it comes to supporting large deployments, Kafka scales much better than RabbitMQ – all you need to do is add more partitions. It should also be noted that RabbitMQ clusters do not tolerate network partitions.

The real success of AI will only come with treating workers well

A recent report by PWC on the future of work noted: "Automation and Artificial Intelligence will affect every level of the business and its people. It's too important an issue to leave to IT (or HR) alone. A depth of understanding and keen insight into the changing technology landscape is a must." That's true, but there's also an opportunity here for the technology industry. IT understands how AI works and needs to show other industries how it can be incorporated without simply destroying jobs. By their own behaviour, IT companies and IT departments need to show that using AI and automation isn't necessarily bad for jobs and skills: to show that harnessing this new technology can still create more jobs than it destroys. That means using AI for more than cutting costs and being willing to help workers adjust to the need for new and different skills.

4 steps to conducting a GDPR compliance audit

Even if your company is based outside the EU, you may still need to be GDPR compliant. What determines the need for compliance is who you hold data on. If you collect data on any EU citizen, you are subject to the regulatios. This includes selling or shipping an item to someone in the EU, or even shipping inside the U.S. but the person doing so is using a credit card from the EU. GDPR touches upon how we use and store data, for how long and for what purpose. It addresses how we inform individuals about which data we hold, how to anonymize the data and how we delete it. It also requires control over scenarios such as who responds to the request from the consumer exercising their right to be 'forgotten' and to make sure that it’s dealt with within reasonable time. The fact that some organizations are now required to hire a data protection officer (DPO) suddenly means that GDPR takes on an entirely different level of importance.

Quote for the day:

"An idea that is not dangerous is unworthy of being called an idea at all." -- Oscar Wilde

Daily Tech Digest - August 13, 2017

How to Seamlessly Include Geospatial Data Operations for Data Integration

With the increased availability of data through sensors, interconnected mobile devices, social media, and private or public spatial data sets, the demand for the seamless integration of spatial information into data-driven decision-making processes has reached a new high. We consider spatial data as any kind of data supplemented with additional information about the location and shape of objects on earth. One simple example would be the general information of companies, buildings, persons, and/or vehicles such as name, type, and color, with supplementary X, Y- coordinate values defining their current or permanent position on the earth respectively. But real-world objects often have much more complex forms.

Big Data: 6 Key Areas Every Product Manager Should Address

The two main considerations regarding storage are: how to store and where to store. How to store your data depends on your overall use case. The type of data you produce will determine the type of database you will require. If you have structured data, then a relational database such as SQL Server or MySQL are your best bet. On the other hand, if you have unstructured data such as images, videos, or tweets, then you probably need a schema-less database such as Hadoop or MongoDB. Or maybe, like some systems I’ve worked on, you need both. I’m not suggesting that Product Managers dictate the type of DB or the architecture of the data tier. That’s the role of your Architecture and IT team. However, it IS our job as Product Managers to define clear use cases and convey those to our technical team, so they can implement the right infrastructure for your product.

Preparing for the Next Disruption

Blockchain's ability to enable peer-to-peer transactions - financial or otherwise - that are simultaneously secure, indelible and almost instant has the potential to disrupt massive segments of society that are built around these kinds of interactions, including healthcare, financial services, real estate and almost anything that requires a transaction between two or more parties. And like the early days of the Internet, it is hard to imagine the full impact, the myriad use cases, and entirely new business models that will eventually emerge as result of blockchain's adoption. But that is mostly a reflection of our lack of imagination, perspective, and foresight - not of the potential impact of the technology. Recording artist Imogen Heap recently penned a Harvard Business Review articlethat did a fantastic job of taking blockchain from an abstract concept to a real-life potential use case

Are your IT Infrastructure & EA aligned towards Agile, DevOps and Automation?

Your IT infrastructure is essential to your enterprise’s success. However, it is often not given enough consideration as a key foundation component requiring true planning. It is typically addressed as an afterthought requiring some ‘bolt on’ later on down the road. It is important to put in some quality time in planning for an infrastructure that supports automation, scalability, availability (high availability where necessary), redundancy and security. All of these help support continuous integration with geographically dispersed resources, micro services, virtualized servers, storage, networks and containerization. Also, let’s not forget the elephant in the room – cloud enablement, as it can be an integral part of your current and long-term strategy.

Bitcoin Makes Even Smart People Feel Dumb

Understanding of Bitcoin’s mechanics remains in short supply. Even the most enlightened laypeople treat Bitcoin and its relations like the “here be monsters” zones on antique maps. Weird shit is happening out there! But the intricacies of the system elude even insiders. I’d wager that only a fraction of the people who currently own a collective $50 billion-plus worth of the digital currency could intelligibly explain what happened last week, when Bitcoin spun off a kind of mutated clone of itself called Bitcoin Cash. Warren Buffett famously advised us never to invest in anything that we don’t understand. Bitcoin investors are paying Buffett no mind. Of course, it’s not as if the workings of regular currency (what cryptocurrency devotees refer to as “fiat money”) are universally comprehended, either.

Importance of AI, data in law enforcement suggests growing tension with privacy

Law enforcement agencies then would need to determine how they could integrate data acquisition and analytics on a daily basis to sharpen risk management, and do so in and around locations during large-scale crisis situations so their internal systems could support decision making. Adding that there was no cookie-cutter approach, Lopez said systems and methodologies would need to extract data and be able to distinguish innocuous events from real and serious threats. "We must acquire the ability to distill the noise and sharpen our focus," he said. This further emphasised the importance of partnership between the private sector and law enforcement, which would ensure the necessary capabilities were developed "to fight the new order of threats".

62% of cybersecurity experts believe AI will be weaponized in next year

Some 62% of security experts believe that artificial intelligence (AI) will be weaponized and used for cyberattacks within the next 12 months, a Cylance survey released Tuesday found. This makes the growth of AI a double-edge sword, according to Cylance’s blog post on the finding. “While AI may be the best hope for slowing the tide of cyberattacks and breaches, it may also create more advanced attacker tactics in the short-term,” the post said. While the majority of those surveyed said that they felt there was a high possibility that AI would be used offensively, 32% said that there wasn’t a possibility of that happening, and 6% said they didn’t know. It was noted, however, that the potential use of AI as an offensive weapon wouldn’t slow the use of AI as a defensive tool.

Quantitative Analysis of Agile Methods Study (2017): Twelve Major Findings

Scaling of agile methods for large projects is a difficult task14. Teams are large, efforts difficult, and deadlines tight. Multiple releases often have to be worked in parallel across geographical distances in distributed environments. The outputs of these releases must be planned, coordinated and synchronized in such a manner that development. integration and test flows naturally. Based on the recent data shown in Figure 2, the organizations pursuing such large developments are using either an agile-at-scale (48%) or a hybrid (52%) methodology. This represents a dramatic change from two years ago when agile-at-scale usage was about half of what it is today. Such growth has been propelled primarily by the fan-out of agile methods enterprise-wide.

New Enterprise Cloud Integration Approach In Banking

Buying COTS (Commercial-off-the-shelf) products and to host and connect it to hundreds of other systems has been the primary focus of Bank’s IT department. At times, these projects run over several years and come at a very steep cost. Things are changing though: Workday for HR, Salesforce for CRM and the list goes on and on. Within Banking core systems space, new cloud-based systems are set to alter the significant servicing and origination value chains respectively. The implementation timeframe for these cloud-based systems is less than two-thirds of a comparable on-prem system and the upkeep isn’t too shabby either. While some banks continue to operate as a traditional bank, others are evolving into a Bank + Technology shop. They have expanded their portfolio to provide B2B services to other banks and to consumers.

4 KPI Traps you Must Avoid in Enterprise Architecture

It’s one of those management innovations that causes a fair amount of pushback in most people, partly because they have such a potential to go wrong. As a person who has been on the receiving end of a manager who’s been obsessed with metrics and nothing else, I can understand those who resists the whole idea of KPIs. But they can be useful, as long as they’re used properly. Put simply, KPIs are good servants but bad masters (to steal a quote about money). They can give useful information about how a program is going and the regular assessment of metrics can act as a reminder to assess how well a program is working in a wider sense. So they aren’t necessarily toxic – as with most things, the devil is in the details. Here are some ways that I’ve seen KPIs become toxic in EA departments.

Quote for the day:

"By failing to prepare, you are preparing to fail." -- Benjamin Franklin

Daily Tech Digest - August 12, 2017

The Difference Between Good and Bad Shadow IT

Shadow IT can have negative business impact because it breaks with all the processes and rigors that the IT department is so diligently trying to put in place for their employer’s digital transformation! Digital transformation needs rigor to succeed and has to start with the IT department identifying and implementing the right DevOps tools. Once the development tools are in place, then we can put in the methodologies for interaction with the various lines of business and make sure that we have a governing board and Center of Excellence in place to make sure that we can successfully fail fast. Digital transformation will fail if the lines of business are left on their own and go rogue. The key to an organization being able to successfully implement its digital transformation absolutely does require strong DevOps.

How Peter Thiel's Secretive Data Company Pushed Into Policing

What’s clear is that law enforcement agencies deploying Palantir have run into a host of problems. Exposing data is just the start. In the documents our requests produced, police departments have also accused the company, backed by tech investor and Trump supporter Peter Thiel, of spiraling prices, hard-to-use software, opaque terms of service, and “failure to deliver products” (in the words of one email from the Long Beach police). Palantir might streamline some criminal investigations—but there’s a possibility that it comes at a high cost, for both the police forces themselves and the communities they serve. These documents show how Palantir applies Silicon Valley’s playbook to domestic law enforcement. New users are welcomed with discounted hardware and federal grants, sharing their own data in return for access to others’.

How 3 Factors Will Drive Your Approach to Business Intelligence

Previous generations of business intelligence tools assisted with the cognitive awareness of clicks and page loads on the web and mobile arenas, but required a sprawling architecture that included brick-and-mortar data warehouses and separate visualization tools. This created a complicated workflow and failed to provide a full and efficient analysis of business analytics. In fact, data warehouses still have a complicated integration process, requiring knowledge of SQL and a development team. Not to mention the separate products to build out the warehouse are a huge expense, Mixpanel for funnel analysis, Amazon Redshift data system, and Tableau for dashboarding and BI. However, “Cloud deployments of BI and analytics platforms have the potential to reduce cost of ownership and speed time to deployment,” according to Rita Sallam, research vice president at Gartner.

How to address the cybersecurity analytics and operations skills shortage

The ramifications of skills and staff deficiencies are also apparent in the research. Cybersecurity operations staffs are particularly weak at things such as threat hunting, assessing and prioritizing security alerts, computer forensics, and tracking the lifecycle of security incidents. Of course, many CISOs propose an easy fix — simply hire more cybersecurity staff to bridge the knowledge and staffing gaps. In fact, 81% of the cybersecurity professionals surveyed say their organization plans to add cybersecurity headcount this year. Unfortunately, that isn’t always easy to do. According to the ESG research, 18% of organizations find it extremely difficult to recruit and hire additional staff for cybersecurity analytics and operations jobs, while another 63% find it somewhat difficult to recruit and hire additional staff for cybersecurity analytics and operations.

Data protection ‘monster’ looms

“First off, GDPR is a good thing as it is to protect all of our data and aims at preventing breaches. There is a lot of scaremongering about the new regulation, which needn’t be the case. “However, that doesn’t mean it shouldn’t be taken very, very seriously indeed. We are way, way behind still unfortunately but thankfully there does seem to be growing awareness,” he said. According to cyber security experts, under the new regulation, Irish firms will have to comply with up to 90 principles relating to data protection. Mr Murphy added: “What it boils down to is that data protection officers will be able to ask how data is stored, protected, kept and used on customers, consumers, employees, etc. It will affect companies, government agencies, private public partnerships, universities,” he said. He said he would advise firms to carry out a readiness assessment to see how prepared they were for the new law.

Four ways to build a culture of security

The most important step that companies can take is to build your culture change on a solid foundation of good policies. These need to be security policies customized to what you really want people to do, and not just paperweight. The policies need to be written and delivered in a way that is realistic for people to read and understand, and also as a quick reference in any given situation. These policies are critical not only to ensure your company is protected, but also in building trust among your customers and partners. At CA, we created five short, focused policy documents on different aspects of information security. We based these on the NIST Cybersecurity Framework and use the information security functions listed in the framework as the foundation for each document.

3 Ways To Beat Tech Giants And Fintech Firms With Behavioral Marketing

Behavioral marketing consumes online data and uses this data to power tailored messages to the user. These individualized messages can be sent in real-time, making it easier for brands to stay top-of-mind with busy consumers. More than any other industry, banks and credit unions have a wealth of data at their disposal. So, creating a personalized customer experience should be easier for the financial services industry than other, less connected alternatives. The challenge, however, has been access to real-time data to deliver responsive, personalized customer interactions that make doing business with you easier and more convenient. Behavioral marketing platforms have made it possible for companies to access real-time and historical behaviors of customers to identify key trends and to individualize customer interactions through responsive digital marketing.

Making Machine Learning Accessible: 3 Ways Entrepreneurs Can Apply It Today

With traditional machine learning, the computer has to be told which cat features -- whiskers, paws and tails -- to look for in the images. These hand-engineered models then make predictions based on those features. If an image doesn't follow the rules, the machine can't adapt. If a cat's tail is out of the frame, for example, the computer might not even know it's a cat. A baby, on the other hand, needs no such guidance. After viewing enough images, the baby will build a mental framework to distinguish what is or isn't a cat. Deep learning, like the baby, takes unstructured input without guidance and determines for itself, while considering all pixel values, which among the images contains a cat. Given enough time and data, deep learning models can make sense of virtually any unstructured data set.

The 5 surprising skills HR will need in the future

The impact of employee engagement on loyalty, productivity, innovation and customer satisfaction has revealed that an engaged workforce is not simply a nice-to-have, it’s a necessity for creating an innovative business that can withstand the constant flow of new competition. This has led executives to look to HR to recreate and drive the shift toward employee-centered processes, environments and strong value-based cultures, otherwise known as the employee experience. However, a gap still exists between translating data into actionable changes. Employee engagement is an abstract metric. Identifying a dip in your most recent engagement survey may not yield the information you need to find out why your people are less satisfied with their work life than the month before and how to address it. The challenge HR faces today is how to make people data human.

BigDL Democratizes Deep Learning Innovation

Big data and deep learning are technologies cut from the same cloth. They’re both enabled by the explosion of data brought about by the digital world. But to deal effectively with mountains of big data, data scientists have developed data architectures, supporting infrastructure, and software tools—like Apache Hadoop* and Spark*—that distribute data over networks of industry-standard servers, process it where it lives, and rapidly consolidate the results. Now, an Intel initiative called BigDL promises to quickly bring machine learning into the mainstream by enabling deep learning apps to piggyback on the same familiar infrastructure and take advantage of the same data architectures that enterprises and cloud service providers (CSPs) already put in place for big data analytics.

Quote for the day:

"Institutions will try to preserve the problem to which they are the solution." -- Clay Shirky

Daily Tech Digest - August 11, 2017

When it comes to cybersecurity, companies need force fields, not walls

Cybersecurity is no longer a matter of protecting against mere nuisance. Over the past 15 years, the digital threats to our physical lives have become graver, and the perpetrators of them more capable than most people realize. As the financial rewards for breaching institutions grew, amateur hackers gave way to professionalized cyberterrorists. Nation-states are putting young people through school and then aiming them at other countries. And as we saw with the Sony Pictures hack of 2014, nation-states are even directing attacks against specific companies. It’s these major companies, in fact, that are the most attractive targets. Unfortunately, enterprises today are dangerously ill-equipped to mitigate their risk of a breach.

Why state and local government still struggle with cybersecurity

Many state and local agencies have security solutions in place, yet attacks continue. Others have the most basic of protections in place but realize that more is needed as the threat landscape continues to grow and change. But why is a robust cybersecurity solution so hard to find? The use of the domain name system, a core internet protocol, is a common element exploited in many attacks. Any time an internet user types in a web address like www.example.com, the request is resolved by the recursive DNS infrastructure to recognize the IP address of the physical web server that hosts example.com. A kind of phone book for the internet, DNS translates easy-to-remember resource names into the IP addresses of the server where that resource is located.

Here's How Ugly Infosec Marketing Can Get

In the ultra-competitive information security market, vendors are known to sprinkle hyperbole among their claims and sling some mud. But the strategy has backfired for Denver-based DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to a "data exfiltration botnet." The result has been a widespread backlash against DirectDefense.
The blog post has been quickly picked apart by security experts for its inaccuracy and tone.  The tangle kicked off with a blog post published Wednesday by DirectDefense CEO Jim Broome. DirectDefense analysts found terabytes of data containing sensitive information that leaked because of how Carbon Black's endpoint protection platform, called Cb Response, is architected, he contended.

Take down: Hackers looking to shut down factories for pay

While online thieves have long targeted banks for digital holdups, today's just-in-time manufacturing sector is climbing toward the top of hackers' hit lists. Production lines that integrate computer-imaging, barcode scanners and measuring tolerances to a hair's width at multiple points are more vulnerable to malevolent outsiders. "These people who try to hack into your network know you have a set schedule. And they know hours are meaningful to what you're doing," Peterson said in an interview. "There's only a day and a half of inventory in the entire supply chain. And so if we don't make our product in time, that means Toyota doesn't make their product in time, which means they don't have a car to sell on the lot that next day. It's that tight."

When will your phone get Android O? A data-driven guide

It's a common question here in the land o' Android — and unfortunately, it's become a tough one to answer. After years of missed deadlines and broken promises, most Android manufacturers have just stopped making specific commitments altogether. (Hey, that's one way to handle it, right?) And most of 'em, as I've learned from closely tracking upgrade delivery performance since Android's earliest days, do a pretty shoddy job at getting new software into users' hands. So what can you expect when Android O rolls out into the world? The truth, by and large, is that no one can say for sure. What we can do, however, is look to the various device-makers' recent performance with Android upgrades as a general guide to what sorts of timelines seem likely.

The good software development manifesto

Much has already been written and much will be written about James Damore and his “The Google Manifesto.” (I’ve also written about how organizations can mitigate and detect bias.) As for Damore, his screed is the kind of recycled garbage that has already been studied and refuted. It flies in the face of history and ignores the data right in front of Damore’s face. For writing this dammed illogical dribble, no developer has ever been more rightly fired. Beyond the moral confusion Damore shows, he also doesn’t seem to actually understand engineering, as former Googler Yonatan Zunger wrote in a brilliant response to Damore’s manifesto. Zunger is right: Damore isn’t a good engineer or software developer. Software development is more than knowing what APIs to call or basic syntax.

Five Things You Need To Know About Executive Protection

“Periodic ego searches demonstrate to them that they are a target,” says Jason Taule, CSO at FEI Systems, a provider of health-related technology. Once they’ve done this they can see how a hacker could easily find out all kinds of information about the executive, and launch an attack by leveraging that knowledge.  Another way to demonstrate to executives how much of a target they are is to have them look in their email spam filters to see how many phishing emails have been sent to them, Taule says. Fortunately, these emails didn’t reach the inbox and trigger an attack, but the sheer volume of these attempts should get the point across.  The best and most effective way to make the case for security is to put on a challenge, Siciliano says. “Most people, especially Americans, think ‘it can't happen to me’, which is a societal norm based on myths that these things only happen to other people in other places,” he says.

The eyes have it: Bank of America, Samsung pilot iris-scan logins

Eye scanning isn't brand new in banking: Wells Fargo has been testing it in commercial banking with EyeVerify, which is now owned by Ant Financial, for more than a year. But where EyeVerify analyzes each person's unique pattern of eye veins to verify their identity, the Samsung technology measures the customer's iris, which requires an infrared camera. Samsung is the only phone manufacturer that embeds this type of camera in some of its phones. The British bank TSB recently announced plans to roll out iris scanning technology for its mobile banking app in September, also with Samsung. But few, if any, U.S. banks have tried this. So, getting a large bank like Bank of America to sign up for this is a coup for Samsung. Samsung’s first foray into iris scanning was unfortunately with the Galaxy Note 7.

Terrorism liability exposures grow

Covering terrorism liability exposures under a stand-alone policy can provide separate, added protection to policyholders that have a large self-insured retention or deductible on their general liability program, he said. “Or you treat it like a catastrophe risk and you want to protect your general liability program from a shock loss, like some people silo off excess flood or have a separate placement for California earthquake or Florida wind. Those are the things from a risk management point of view that one has to consider,” Mr. Leverick said. Third-party terrorism liability coverage programs are purchased through the stand-alone terrorism insurance markets mainly in New York and London, said Tarique Nageer, terrorism placement and advisory practice leader for Marsh USA Inc., in New York.

The untapped potential of machine learning for detecting fraud

Machine learning is increasingly being introduced to help enterprise defenders fight attackers who are after information or money. E-commerce fraudsters fall into the latter category. “Fraudsters are highly motivated to outsmart our system. To beat them with artificial intelligence, we have some big challenges,” Lin told Help Net Security. “Currently, we have access to lots of information about suspect fraudsters, including their purchase activities, online browsing activities, social networks, and even street pictures of their neighborhood and fake identification they submit to get their orders approved. The real challenge is how we can make sense of this unstructured data and then make good approve/decline decisions for thousands of merchants in real-time.” That’s because humans are good at handling unstructured information, but today’s machine learning technology is optimized to deal with mostly structured data.

Quote for the day:

"In between goals is a thing called life, that has to be lived and enjoyed." -- Joubert Botha

Daily Tech Digest - August 10, 2017

Securing Asia’s data centers against physical threats

“Security is not thought about much while the infrastructure is built. Security only happens after they have completed the infrastructure,” he said, noting that power and cooling are the components that initially gets the lion’s share of the attention and budget in most data centers. Cheong is hardly alone in his assessment. In our earlier report, a panel of experts speaking at the DCD Summit held at Interpol World last month agreed that security is implemented almost as an afterthought in many data centers. And it doesn’t help that IT managers don’t typically think as much of physical security for their colocation infrastructure. “IT managers are usually focused on cybersecurity more than physical security. In their minds, physical security is not in their [job] scope,” he said.

Samsung unveils 1Tb V-NAND chip for commercial SSDs

Samsung Electronics has developed a 1 terabit (Tb) V-NAND chip that will be used for commercial products launching next year, the company announced. The South Korean tech giant will stack 16Tb dies for a single V-NAND package with memory capacity of 2 terabytes (TB), it said at the Flash Memory Summit in San Francisco. Use of the packages will significantly increase the memory capacities of solid-state drives (SDD), it said. Samsung also announced Next Generation Small Form Factor (NGSFF) SSD to replace the current M.2 SSD standard. The firm is sampling a 16TB NGSFF SSD. It measures 30.5mm x 110mm x 4.38mm, allowing four times the memory capacity of a 1U chassis that uses M.2, or NGFF. This will allow datacenteres to utilize space better and hyper-scale, it said.

Hackers Target Your Mobile Bank App; You Can Fight Back

Banks are developing methods to secure mobile devices and financial apps, but the best line of defense for online security is still with the consumer, Johnson says. Mobile device users should create screen lock passwords that are hard to guess, he says. That way, if the device is lost or stolen, there’s less of a chance a criminal, or any curious person who comes across the device, can access banking apps. In addition, be wary of conducting transactions over public Wi-Fi. If you’re not on a home network, consider switching to your cellular network to conduct mobile banking transactions, such as depositing checks and making account transfers. It’s also important to monitor your accounts regularly and immediately report any suspicious activity. It helps the cybersecurity department of your bank or credit union stay on top of the latest breaches, and you can protect yourself against liability for financial losses.

SMBs Practice Better IoT Security Than Large Enterprises Do

According to F5 Labs' new report on botnets, not only was there a dramatic three-digit rise in botnet activity in the first half of the year, but most of that movement happened in the first two months. It has been much quieter since then, and F5 believes attackers may have completed their reconnaissance of vulnerable IoT devices and are now the process of potentially building massive botnets. "We are seeing just the tip of the iceberg" for IoT botnets, says Sara Boddy, ... Approximately two years ago, telnet brute-force attacks were rather uncommon, she says. But with the rising popularity of IoT devices, which typically use the telnet protocol and Port 23 to allow remote administration of the device, Boddy says she expects to see a wide swath of IoT devices hijacked into botnet armies by way of the telnet protocol.

5 secrets of highly effective IoT strategies

“It is critical to have well-defined leadership driving the initiative,” says Scott Sandler, technology manager of cloud computing at Rockwell Automation, a provider of industrial automation technology. “This could be a chief IoT officer or other position who has the appropriate authority to drive the needed change in the organization,” Sandler says. “This leader also becomes critical in setting the strategy and ensuring that even as technology changes — as it does so fast in this space — you stay true to your strategy.” Rockwell in 2011 began an IoT effort as an extension of its existing business. Its IoT initiative enables the company’s customers to connect their industrial equipment and systems to the cloud so they can better analyze operational data and enhance decision support for operational technology and IT users.

DeSalvo: Healthcare data remains ‘very highly blocked’

Despite the widespread adoption of electronic health records, the integration of healthcare data remains a critical challenge for the industry, according to DeSalvo, who contends that unlocking data through tools like open application programming interfaces (APIs) remains an important piece of the interoperability puzzle. ... “I’ve been pleased to see that Don Rucker and the team have continued on the pathway of work we were doing around freeing data by requiring APIs and really putting the patient front and center,” notes DeSalvo. Rucker has touted the value of open APIs in helping to solve the problem of HIT interoperability. “You look at Silicon Valley, you look at modern computing,” he told reporters last month, “it’s all about APIs.”

Google Maps: 5 expert tips you should be using

There’s nothing worse than being on the road and having no idea where to pull off for that much-needed rest stop. Fortunately, Google Maps lets you plan your route in increments. For instance, if you’re dying to try out that vegan fast food joint on the way up to Mendocino County, you can add it as a stop along your route. From the Google Maps app, tap the menu option in the upper-right corner of the app and select “Add Stop.” The app will add another line for you to search for a locale. After you’ve located it, you can adjust where it falls on your route timeline by tapping the entry and dragging as necessary. After you’ve planned out your route, tap Done, then tap the same menu button to add a shortcut to your home screen. It’s a good idea to do this in case the Maps app crashes, or you’re planning out routes ahead of time and need to save your progress.

New in Windows security: Automatically log off suspicious users

The new feature in Cloud App Security (CAS), a security service launched in August 2016, collaborates with Azure Active Directory (AAD), another subscription service, to automatically bump off users behaving unusually and shut down accounts suspected of having been hijacked. CAS is built, at least in part, on technology Microsoft acquired in 2015 when it bought the Israeli cloud security vendor Adallom for $250 million. "When a suspicious activity is identified in Cloud App Security portal, you can now initiate an auto-remediation action[,] logging off these users and requiring users to sign in again to Office 365 as well as all apps accessed through Azure Active Directory," according to an unsigned post to a Microsoft blog today.

3 open source projects that make Kubernetes easier

Clearly, Kubernetes is an elegant solution to an important problem. Kubernetes allows us to run containerized applications at scale without drowning in the details of balancing loads, networking containers, ensuring high availability for apps, or managing updates or rollbacks. So much complexity is hidden safely away.  But using Kubernetes is not without its challenges. Getting up and running with Kubernetes takes some work, and many of the management and maintenance tasks around Kubernetes are downright thorny.  As active as Kubernetes development is, we can’t expect the main project to solve every problem immediately. Fortunately, the community around Kubernetes is finding solutions to those problems that, for one reason or another, the Kubernetes team hasn’t zeroed in on.

Scaleable Agility for Critical Systems

Agile practices have evolved over the past thirty years at a steady pace. Microsoft invented most practices in the early nineties. Driven by the fast growing complexity in their Windows and Office suites, Microsoft very early advanced concepts such as continuous build, feature-driven teams, and a close connect of business needs with requirements and architecture flexibility. A key milestone was the Internet Explorer which was fully re-developed in the late nineties to allow for flexible and scaleable evolution. These practices later found their way to the early agile frameworks. The initial agile manifesto which based on this experiences of Microsoft, IBM and others primarily collected practices and added the label “agile”.

Quote for the day:

"Just because you can get away with command and control, doesn't mean it's working." -- @LeadershipNow