Daily Tech Digest - September 15, 2017

Tesla crash shows man and machine must cooperate

This complex failure, which both man and machine contributed to, sounds an important warning about autonomous-drive technology: until the systems are so good they need no human input, the human driver must remain at the center of "semi-autonomous" drive system design. Engineers must assume that if there's a way for people to misuse these systems, they will. Just as important, companies need to understand that if they over-promote a semi-autonomous drive system's capabilities in hopes of pulling ahead in the race to autonomy, they run the risk of making the technology less safe than an unassisted human driver. There's a lesson to be learned here from aviation. As computers and sensors improved in the 1980s, aircraft manufacturers began to automate more and more of the controls simply because they could.

What is Kotlin? The Java alternative explained

Kotlin has relaxed Java’s requirement that functions be class members. In Kotlin, functions may be declared at top level in a file, locally inside other functions, as a member function inside a class or object, and as an extension function. Extension functions provide the C#-like ability to extend a class with new functionality without having to inherit from the class or use any type of design pattern such as Decorator. For Groovy fans, Kotlin implements builders; in fact, Kotlin builders can be type checked. Kotlin supports delegated properties, which can be used to implement lazy properties, observable properties, vetoable properties, and mapped properties. Many asynchronous mechanisms available in other languages can be implemented as libraries using Kotlin coroutines, which are experimental in Kotlin 1.1.

Markets, GPS could be first to go in the event of global cyber conflict

Evil state-sponsored hackers do want to wreak mass havoc on the societies they deem to be the enemy. I would counter that it is probable, not just possible, that cyberattacks will shut down the power grid, erase or paralyze financial data systems (see above) or cause military equipment to malfunction in the near future. ... “It certainly is very odd that so many incidents have taken place in a relatively short period of time,” Finnish computer programmer Harri Hursti told me. Hursti said vulnerabilities in GPS technology would be the logical place to start any investigation into the U.S. Navy mishaps that have plagued the Pacific fleet this year, but pointed out that there was not enough information about the systems used to make an educated guess at what may have happened.

What is BlueBorne? Billions of phones, laptops and TVs at risk of silent Bluetooth hack

"These silent attacks are invisible to traditional security controls and procedures," said YevgenyDibrov, the chief executive of Armis, in a statement. "Companies don't monitor these types of device-to-device connections in their environment, so they can't see these attacks or stop them," he added. Armis said that it first reported the vulnerabilities to Google, Microsoft and Linux in April and patches have now been released as part of vendors' regular scheduled updates. Users are recommended to urgently download all security fixes to stay safe. Ars Technica reported that the time to exploit a device was "no more than 10 seconds" and that it would theoretically work even if a device was already paired with another. A spokesperson for Microsoft claimed it first released patches for BlueBorne in July this year.

Power, Performance, and the Cloud

There are a lot of security vendors today offering cloud-enabled security tools, devices and platforms. What is lacking is a comprehensive security approach that can tie the hybrid nature of networks together into a single, holistic security strategy without compromising performance. Many of the security tools on the market continue to operate in isolation, which diminishes effective cross-platform visibility. Cloud-based tools don’t necessarily work well in more traditional, physical environments. And nearly all of them collapse in terms of performance when deep inspection is required, which is nearly all the time given the increasingly sophisticated nature of threats and the fact that more than half of all network traffic is now encrypted.

10 tips for better search queries in Apache Solr

Apache Solr is an open source search engine at heart, but it is much more than that. It is a NoSQL database with transactional support. It is a document database that offers SQL support and executes it in a distributed manner. Previously, I’ve shown you how to create and load a collection into Solr; you can load that collection now if you hadn’t done it previously. ... The original scoring mechanism that Solr used is called TF-IDF, for “term frequency versus the inverse document frequency.” It returns how frequently a term occurs in your field or document versus how frequently that term occurs overall in your collection. The problem with this algorithm is that having "Game of Thrones" occur 100 times in a 10-page document versus ten times in a 10-page document doesn't make the document 10 times more relevant. It makes it more relevant but not 10 times more relevant.

Digital Transformation Is More Outside The Enterprise Than Inside

When an enterprise starts a digital transformation initiative, the boundaries for that extend far beyond the enterprise. It goes and touches every part of the ecosystem, which we loosely call the customer, whether he is a paying customer, a prospective customer, a next generation customer or an accidental customer. With all the availability of the digital technologies, we have far more ways to engage the so-called customer. The CIO in the years gone by, whether he was a driver, implementer, endorser, his focus was handling IT systems. Today the CIO’s hands are full in keeping the lights on, and still in a cost-sensitive position, he still has to prepare for the future. ... When you start thinking about real digital transformation inside and outside the enterprise, he may not have the bandwidth and that’s where the CDO comes in.

Workplace IoT Puts Companies on Notice for Smarter Security

Given the understandable unease, employers may be tempted to take a knee-jerk approach and ban employees from using their connected devices in the workplace, similar to what they did when people started taking smartphones to work. But organizations should avoid that inclination and instead focus on providing clear instructions for how employees can safely and appropriately use their devices in a way that does not put the organization at risk. Otherwise, current and prospective employees may look for a friendlier workplace to take their devices — and their talents. Putting a sound IoT policy in place — with emphasis on separate network segments for employee-owned devices — is a far better alternative. The policy should address issues such as whether devices will be allowed to connect to the Internet and how to handle devices capable of recording sound or video.

The future is coming. Here's what it might look like

Emergent technologies are poised to radically change how we work and live. They will transform our cities and workplaces, shifting jobs and entrepreneurship in new directions, and spur new ways to manage our lives. All of society will be affected, up to and including how we interact with machines themselves. Sophisticated machines and applications that communicate online will accelerate demand for broadband internet and challenge existing information and telecommunication norms. All of this will require ongoing discussions about security, infrastructure and open-data policy and planning. We now need action. We must move past: “We know it’s coming and have to do something” to “Here is how we can implement and collaborate to make it happen.”

Is TDD a Form of OCD?

The current fanatical TDD experience leads to a primary focus on unit tests (...) I don't think that's healthy. Test-first units leads to an overly complex web of intermediary objects and indirection (...) It's given birth to some truly horrendous monstrosities of architecture. A dense jungle of service objects, command patterns, and worse. It is easy to see that most organizations are shifting away from TDD as a testing paradigm and towards Behavioural Driven Development (BDD). Atlassian’s Heather Krebsbach writes unequivocally in 2016: This test-first approach became increasingly popular and was coined as test driven development (TDD), but businesses quickly realized it didn’t give them the visibility and coverage they needed for the most important business cases in their systems. So, a variant of TDD was born called behavior driven development (BDD),

Quote for the day:

"The useless men are those who never change with the years." -- J.M. Barrie,