Daily Tech Digest - August 08, 2017

CIO interview: David Ivell, CIO, The Prince’s Trust

According to the CIO, the methodology allows the charity to use a test-learn-adapt approach in which the content, experience, platform and online mentoring are all being tested at scale and refined in real time. This approach also enables the team to quickly identify how the business will need to adapt because of the change process, as well as where the bottlenecks are and what technology is needed to bypass them. “We took technology components off the shelf and put them in our business, and rather than evaluate, we asked the business to tell us how it would make them work,” says Ivell. “We have worked with organisations around the world that are seen as leaders in the e-mentoring space and have learnt from others.”


Malicious code in the Node.js npm registry shakes open source trust model

Between July 19 and July 31, an account named hacktask published a series of packages on npm with names that were similar to existing npm packages, wrote npm CTO CJ Silverio. Packages are used by developers to implement common functions without having to write the code from scratch. If developers aren’t careful and add the wrong packages as dependencies to their code, they wind up with malicious code in their applications. “The package naming was both deliberate and malicious—the intent was to collect useful data from tricked users,” Silverio said. The account hacktask has been closed, all packages associated with the account removed from npm, and the user’s email address banned from using npm.


Google Teach New Managers These 6 Things

Implementing research from Dr. Carol Dweck, professor of psychology at Stanford University, Google encourages its managers to develop a growth mindset. As opposed to a fixed mindset (the belief that skills and abilities are predetermined), individuals with a growth mindset believe that intelligence can be cultivated. This simple idea develops leaders who are more eager to learn, challenge themselves, and experiment, and it eventually boosts their performance. Although success will always require tenacity, hard work, and concentration, this research suggests these traits are byproducts of a quality that underpins them, optimism. Also, Google encourages its managers to identify values and leverage them within their management styles.


Don’t waste your time with a hybrid cloud

The problem with hybrid clouds is that they are typically defined to be paired private and public clouds, which is the correct definition. The problem with this architecture is that they have the concept of “private cloud” in the architecture, and that dog does not seem to hunt anymore.  The feature gap between public and private clouds has grown so wide that the private cloud demos that I attend are laughable considering the subsystems that enterprises need, such as security, governance, databases, IoT, and management, versus what private clouds actually deliver.  Moreover, you’re on the hook for installing the software on typically new on-premises systems, hooking everything up, testing it, and making that private cloud work and play well with a public cloud provider that may do a poor job in providing the integration. At the end of the project, you’ll feel like an abused spouse.


Cyber resilience weaves cybersecurity into dev process

Cyber resilience is a concept that is similar to cybersecurity. I think it's kind of grown out of the cybersecurity realm, but it's broader. It encompasses not just security, but the stability, the integrity and the availability of the environment that you're developing or that you're bringing to your customers. Traditionally, the security concerns have been siloed to the CISO's office. And the disaster recovery and business continuityconcerns have been siloed to the operations team, which is a different team. The CISO typically sits separate from the operations team and separate from the development team. The CISO and the [quality assurance] organization oversee development, and it's been a piecemeal approach to making sure that what you deliver is actually stable, it's robust, it's resilient and it's secure.


Machine learning: A chance for engineering students to look beyond software services

“The good part is courses are available online. Instead of working with the AICTE (All India Council for Technical Education) to change curriculum, which takes a long time, we are working to get students and professionals to access these courses,” says Sangeeta Gupta, senior vice -president of Nasscom, the apex body for the $154 billion tech and BPO industry.  Nasscom has yet to analyse the job scenario, estimate the number of people needed, or the number of people who might lose jobs because of new technologies. Gupta talks about platforms for MOOCs, or massive online open courses, like Coursera, Udacity and edX, through which Nasscom is trying to address the problem of gap between existing industry demand and lack of skills both within the industry as well as among final-year engineering students.


UK calls for smart car cyber protection

Transport minister Martin Callanan said it is important that smarter and self-driving technologies are protected against cyber attacks. “That’s why it’s essential all parties involved in the manufacturing and supply chain are provided with a consistent set of guidelines that support this global industry. Our key principles give advice on what organisations should do, from the board level down, as well as technical design and development considerations,” he said. Mike Hawes, chief executive of the Society of Motor Manufacturers and Traders, welcomed the government initiative: “We’re pleased that government is taking action now to ensure a seamless transition to fully connected and autonomous cars in the future and, given this shift will take place globally, that it is championing cyber security and shared best practice at an international level.”


Cisco admits accidentally losing customer data due to Meraki cloud configuration error

Cisco did not specify how many customers' were affected in the incident. Its Meraki service is used by over 140,000 customers and 2 million network devices, according to the company's website. Customer data erased include Meraki dashboard custom splash themes, custom floor plans, branding logos, summary reports and uploaded device placement photos. Other data deleted in the incident include custom enterprise apps, interactive voice response menus, music on hold, contact images and voice mail greetings. The latest cloud-related incident comes amid security experts' growing concerns about digital and cloud security following numerous gaffes that have led to users' data being erroneously publicly exposed.


Android Vs. IOS: Which Is More Secure?

Android is expected to maintain the lead this year, according to Forrester, with 74% market share, followed by Apple with 21% and Windows Phone with just 4%. "The truth is, when Android gets attacked, it tends to be more vulnerable because there are more devises out there and more people also hear about it," Gold said. "Android also has a problem in that the latest version of Android OS is generally a small portion of the base of devices in the marketplace. So, when upgrades are issued, not everyone gets them. Whereas, when Apple upgrades, everyone gets it." Additionally, as enterprises develop more of their own custom applications -- many of them mobile apps as part of a mobile-first strategy -- in-house developers are increasingly at risk of unwittingly using open-source code rife with vulnerabilities.


Get started with Visual Studio Code

Built using GitHub’s cross-platform Electron framework, Visual Studio Code is a full-featured development editor that supports a wide selection of languages and platforms, from the familiar C and C# to modern environments and languages like Go and Node.js, with parity between Windows, MacOS, and Linux releases. Visual Studio Code quickly became a standard part of my personal device setup, replacing Notepad as my default text editor, and its now one of the first tools I install on a new PC. With its support for IntelliSense code highlighting, it’s also now my standard code viewer for web content, and it’s where I build and test JSON and JavaScript, for working with microservices and for configuring containers. Visual Studio Code has even added support for a command-line terminal, including the Windows Linux Subsystem, so you can use it to build and test Unix apps without having to leave your PC.



Quote for the day:


“People haven't even begun to tap into the potential of what the mind is possible of doing...” -- David Blaine