Daily Tech Digest - September 08, 2017

IT disruption hits outsourcing’s legal profession

IT infrastructure outsourcing deals in the large enterprise sector, usually high value and long term, are today largely cloud deals using utility-like services from the likes of Amazon Web Services and Microsoft Azure. This is often cited as a new form of outsourcing, but while IT outsourcing service providers are all offering cloud services, it is a different competency. Lewis says even the Financial Conduct Authority, which regulates some of the world’s biggest technology users, sees outsourcing and the cloud as being the same. “But we know they are different,” he says. “Cloud and automation deals are not outsourcing because they are not about complex service provision. There are complex services being provided, but you are not buying bodies – it’s a product you have to license, customise and integrate, which is not outsourcing.”


FinTech: The Genie Is Out

“Payments and lending solutions continued to drive a significant amount of fintech investment. While ticket-sizes were relatively low, there have been numerous deals focused on personal lending and small-business loans. Those focused on providing short-duration loans (up to 15 to 90 days) attracted the most attention in the lending space, as bridge-financing is considered a relatively large issue for both individuals and businesses,” says Neha Punater, Head-Fintech, KPMG (India). While there are block-chain firms too, a viable model is a mirage. As for insurtech, “While it has not gained a significant amount of traction (in India), the tide may be starting to turn,” adds Punater; Acko may be a harbinger.


Stop pretending you really know what AI is and read this instead

At the very least, we might want to avoid the word “intelligence” when referring to software, because nobody really knows what it means. For example, Google’s Go-playing computer system was “smart” enough to beat the world’s best human players—but if you try to get it to generalize what it “learned” about Go to any other domain, you’ll find it’s dumber than a houseplant. Even Alan Turing, the genius who mathematically defined what a computer is, considered the question of defining intelligence too hard; his eponymous Turing test dodges it, essentially saying “intelligence is as intelligence does.” So what should we call “AI”, if not that? Orwell suggests that the cure for words that cloud our thinking is better words: simpler ones, crisper ones. Some commentators suggest merely using “software”; personally, I think “automation” does the trick.


If Blockchain Is the Answer, What Is the Security Question?

The brilliance of blockchains is that a transaction has truly happened only when it is captured in the ledger and thus recorded forever. This means there is a one-to-one link between the action and the audit log — perfect forensics evidence. However, this perfection requires your business transaction to be modeled as a blockchain transaction (perhaps using smart contracts on Ethereum or Burrow). If you merely post an audit entry to a blockchain afteryour business transaction completes, that magical property is lost. There's no guarantee that every business transaction was posted to the chain, or that every element in the chain is the result of a real business transaction. If your software is merely posting audit logs to a blockchain, you should ask yourself why a blockchain is the right answer, versus a database or some other data structure.


Hackers gain access to switch off the power in America and Europe

The attackers, a group called Dragonfly, has been conducting cyber attacks on energy companies for years — since at least 2011. The group went quiet after being exposed in 2014. The Dragonfly 2.0 campaign first started in at least December 2015. But over the past year, using malicious email campaigns to harvest network credentials, the hackers managed to penetrate energy firms in the U.S., Switzerland and Turkey. According to a new report by Symantec, they now have the ability to “severely disrupt affected operations.” Earlier Dragonfly campaigns are believed “to have been more of an exploratory phase,” but Symantec is concerned Dragonfly 2.0 campaigns could be aimed at “access to operational systems, access that could be used for more disruptive purposes in the future.”


Hackers send silent commands to speech recognition systems with ultrasound

First, you can defeat DolphinAttack simply by turning off wake phrases. That way you’d have to have already opened the voice recognition interface for the attack to work. Second, even if you keep the wake phrase on, many devices restrict functions like accessing contacts, apps and websites until you have unlocked them. An attacker could ask about the weather or find nearby Thai places, but it couldn’t send you to a malicious website. Third, and perhaps most obviously, in its current state the attack has to take place within a couple of feet and against a phone in the open. Even if they could get close enough to issue a command, chances are you’d notice right away if your phone woke up and said, “OK, wiring money to Moscow.”


What is IaaS? The modern datacenter platform

Organizations that use IaaS can self-provision the infrastructure services, and pay for them on a per-use basis. ... In some cases, providers charge clients for infrastructure services based on the amount of virtual machine (VM) capacity they’re using over a period of time. Similar to other cloud computing services, IaaS provides access to IT resources in a virtualized environment, across a public connection that’s typically the internet. But with IaaS, you are provided access to virtualized components so that you can create your own IT platforms on it—rather than in your own datacenter. The pool of IaaS services offered to clients is pulled from multiple servers and networks that are generally distributed across numerous datacenters owned and maintained by the cloud provider.


HTTPS interception gets a bad rap; now what?

Earlier this year, a group of researchers from Google, Mozilla, Cloudflare, the University of California at Berkeley, the University of Michigan, the University of Illinois at Urbana-Champaign and the International Computer Science Institute published a detailed study, "The Security Impact of HTTPS Interception." The research looked at the heuristics of HTTPS interception "in the wild" on three networks: Mozilla Firefox update servers, a group of e-commerce sites and the Cloudflare content distribution network. Researchers found notable security gaps: In the course of analyzing corporate middleboxes and client-side security software, we uncovered a range of TLS implementation errors, many of which allow connections to be intercepted by a man-in-the-middle attacker.


What Is JSON? JavaScript Object Notation Explained

JavaScript Object Notation is a schema-less, text-based representation of structured data that is based on key-value pairs and ordered lists. Although JSON is derived from JavaScript, it is supported either natively or through libraries in most major programming languages. JSON is commonly, but not exclusively, used to exchange information between web clients and web servers.  Over the last 15 years, JSON has become ubiquitous on the web. Today it is the format of choice for almost every publicly available web service, and it is frequently used for private web services as well. The popularity of JSON has also resulted in native JSON support by many databases. Relational databases like PostgreSQL and MySQL now ship with native support for storing and querying JSON data.


How can CIOs help create the next generation of IT leaders?

"It can be tough to find people and to convince them that a technical background isn't everything when it comes to the next generation of IT leadership. When you find those people, they can require a lot of reassurance." Informal activities are important, too. As part of his technology leadership programme, Shiraji has introduced a shadowing system, where nominees within the IT team attend senior leadership team meetings. There is no prerequisite in terms of skills and capabilities. The key, says Shiraji, is that shadowing allows people to contribute. "Shadowing builds appetite and helps IT professionals understand the role of the next-generation information leader," he says. "The indicators for success for me will be that we will have a very different make-up at senior IT gatherings in the future.



Quote for the day:


"People who enjoy meetings should not be in charge of anything." -- Thomas Sowell