Daily Tech Digest - December 15, 2017

Digital Disruption: 10 Ways To Survive & Thrive

Digital disruption: 10 ways to survive and thrive
Some CEOs are embarking on vision quests to help navigate digital disruption, which is marked by a shift in profitability from one prevailing business model to another. Puthiyamadam, who leads the PwC's digital services practice and oversees its experience center, recalls one recent conversation with a CEO client who attended a "digital bootcamp" in Europe. The CEO was told he must join Twitter and that his business would be disrupted in two years. Puthiyamadam quickly assured the CEO that the threats weren’t so imminent. Indeed, he regularly cautions clients against acting rashly because the wrong bets, from service ideation to technology choices, can set a business back years. "Don't believe you need to act frantically and in panic mode because your business is going to get completely overwhelmed," Puthiyamadam tells CIO.com.

DevOps in the public sector: Assessing the challenges and the benefits

“The public sector is often saddled with a significant burden of legacy systems which must be maintained and, where possible, modernised,” says Jason Rolles, CEO of software development monitoring software supplier BlueOptima. This means making use of open source development tools, such as Git and Jenkins, but also having the right IT environment to reap the benefits of these DevOps tools. It is inevitable that legacy systems will slow down a DevOps approach which is meant to bring an organisation both flexibility and speed. This shift away from incumbent providers and legacy infrastructure is to do with finance too. But, without the budget needed to move away from legacy technologies, recruiting DevOps personnel gets even harder, and this becomes a vicious cycle that encourages departments to remain the same.

5 tips for better NGINX security that any admin can handle

NGINX continues to rise in popularity. According to the October, 2017 Netcraft stats, it has nearly caught up with Apache—meaning more and more people are making use of this lightweight, lightning fast web server. That also means more and more NGINX deployments need to be secured. To that end, there are so many possibilities. If you're new to NGINX, you will want to make sure to deploy the server in such a way that your foundation is safe. I will walk through five ways to gain better security over NGINX that won't put your skills or resolve to too much of a test. ... It is possible to limit the rate NGINX will accept incoming requests. For example, say you want to limit the acceptance of incoming requests to the /wp-admin section. To achieve this, we are going to use the limit_req_zone directory and configure a shared memory zone named one and limit it to 30 requests per minute.

Cloud computing: Getting bigger but more complicated too

The location of the company offering a cloud service is something that has come under particular scrutiny recently. For example, the UK government's National Cyber Security Centre (NCSC) warned about the use of some cloud-based antivirus products from Russian companies, but also warned more broadly about the use of cloud services within the government supply chain. "The country of origin matters. It isn't everything, and nor is it a simple matter of flags -- there are Western companies who have non-Western contributors to their supply chain, including from hostile states. But in the national security space there are some obvious risks around foreign ownership," NCSC CEO Ciaran Martin wrote in a letter to civil service chiefs. The NCSC noted that government departments might not even be aware they are using cloud-based services: "It's easy to overlook the nature of these cloud interactions, and the security implications. 

Employers And Employees Need To Step Up On Cybersecurity

Even with the clear need for IT and network security experts, kununu found that job security ranked lowest for employees. Due to management changes or layoffs and the lack of a clear plan in place, internal organization was at an all-time low. This was leading to bad morale and disaffected employees can always be equated with company security vulnerability Within the reviews, employees even shared that their companies were not up to par in terms of the technology and were using antiquated kit, offering hackers a free pass into companies’ most sensitive data. Based in Vienna and leading the European market, kununu launched in the US last year in a joint venture with Monster and has already collected more than half a million reviews on its website. Its reviews are broken down into 18 key dimensions of workplace satisfaction to provide job seekers with workplace insights that matter in order to to make sound work-life decisions

Could blockchains rattle ECM?

Blockchains are distributed, crowd-validated ledgers which use internet-connected computers and open source software all over the world to verify transactions. One of their major benefits in financial transactions is their immunity to tampering, thanks to the built-in consensus mechanism. In theory, this could also make blockchain a secure, verifiable and permanent solution for exchanges of any kind – for managing records, for instance. Sweden’s land registry authority is currently exploring blockchains’ potential as a mechanism for recording property deals. In this context, the blockchain would confirm and save each step in the contract process between buyers and sellers, while making each deal’s information transparent to all parties such as banks and local governments. But how far could this go, and what does it mean for ECM as we know it? To assess the potential and any limitations we must consider what sets blockchains’ approach apart.

Figure 1
Enterprises that wish to deliver disruptive innovation must understand their own strategy and objectives, their current operational environment and challenges, and their external environment. They can begin by identifying opportunity areas and key markets. Once a consensus is reached, they can identify priority market segments. This may lead to redefining market segments and segmentation criteria. At this point, they should analyze the industry structure—segment clients, suppliers, potential new entrants, substitution products—and then identify what makes each player powerful, using strategic tools. For example, “The Five Competitive Forces That Shape Strategy”9 shows that suppliers boasting strong concentration, high switching costs, genuine differentiation, unique intellectual property (IP) and strong value for clients will command higher prices than industry incumbents. 

20 Ways To Rekindle Your Passion For IT

20 ways to rekindle your passion for IT
In March 2017, Zucker left the financial services firm and launched a new career providing training and advisory services in project management, agile development and leadership. "The change has been wonderful," he declares. "I'm working harder than before, but I'm passionate and enthusiastic about what I am doing." Zucker is hardly the only IT leader to watch his early enthusiasm spill into a drain of frustration, boredom and ennui. A 2016 Stress and Pride survey, sponsored by IT talent management and solutions company TEK Systems, found that a sizeable number of senior-level IT professionals are dissatisfied with their jobs. In fact, 24 percent of respondents stated that while they were proud they had chosen IT as a career, they were not proud of their current role, assignments and responsibilities. Worse yet, a discouraging 16 percent agreed that if they had to do it all over again, they wouldn't go into IT.

An Effective Cyber Hygiene Program Can Save A Business

Most small businesses have overarching cybersecurity plans that establish antivirus programs, firewalls, and other defenses to thwart cyberattacks. However, rarely do these plans consider individual behavior, which is why more than half of all cyberattacks aim for American small businesses. In addition to these cybersecurity measures, businesses need to consider cyber hygiene. Cyber hygiene, also called security hygiene, is general behavior that keeps individuals safe from cyberattack. Unlike cybersecurity, which pertains to an organization’s largescale efforts, hygiene consists of an individual’s responsibilities and actions. For example, an IT department might build and monitor firewalls and intrusion detection systems, but if individual employees fail to generate strong passwords, install software updates, or run regular malware scans, then a business remains insecure.

BlueBorne Attack Highlights Flaws in Linux, IoT Security

Researchers at IoT security firm Armis earlier this year discovered Blueborne, a new group of airborne attacks. The vulnerabilities let attackers take full control of any device running Linux, or OS derived from Linux, putting the majority of IoT devices at risk of exposure. The researchers discussed and demonstrated their latest findings at Black Hat Europe 2017, held last week in London. Vulnerabilities in the Bluetooth stack have been overlooked for the past decade, they explained. Bluetooth, often perceived as peripheral, could benefit attackers if they successfully break into a high-privilege device. As the researchers demonstrated, one compromised product can spread its attack over the air to other devices within Bluetooth range. "These attacks don't require any user interaction or any authentication," said Armis head researcher Ben Seri in their presentation.

Quote for the day:

"The most common way people give up their power is by thinking they don't have any." -- Alice Walker

Daily Tech Digest - December 14, 2017

The role of Chief Data Officer (CDO) would seem to be a godsend to answer the data monetization challenge. They should be the catalyst in helping organizations to become more effective at leveraging data and analytics to power the digital transformation. However, all is not well in the world of the CDO. Many organizations appoint a CDO with an Information Technology (IT) background – the same background and experience as the Chief Information Officer (CIO). The organization then ends up splitting the existing CIO role between the current CIO and the CDO; giving the CDO the tasks associated with data collection, governance, protection and access. Splitting the existing CIO role isn’t sufficient. Instead, the CDO needs a totally different charter than the CIO, and a key aspect of that charter must be around data monetization.

Microservices Solution Patterns

Microservices Architecture (MSA) is reshaping the enterprise IT ecosystem. It started as a mechanism to break the large monolithic applications into a set of independent, functionality focused applications which can be designed, developed, tested and deployed independently. The early adopters of MSA have used this pattern to implement their back-end systems or the business logic. Once they have implemented these so-called back-end systems, then came the idea of implementing the same pattern across the board. The idea of this article is to discuss the possible solution patterns which can be used in an MSA driven enterprise. ... On top of the back-end systems, there is the integration layer which interconnects heterogeneous back-end systems. Once these services are integrated, they need to be exposed as APIs to internal and external users as managed APIs through API management layer. Security and analytics will be used across all those 3 layers.

Outlook 2018 – Key Trends In The Indian Information Management Domain

Outlook 2018 – Key trends in the Indian Information Management domain
Paperwork is an integral part of doing business, but physical paper is not. In fact, reliance on paper documents results in costs, which could be eliminated or at least radically reduced by going paperless. As physical paperwork piles up, so do issues such as: a) Slower time to complete routine tasks that rely on paper as an input b) Increased risk of a security breach through lost or stolen documents c) Potential for data entry errors from manually keying information into systems d) Costs for office or offsite space to store paper documents.  ... Flexibility has become a business imperative with the upsurge of new technologies, BYOD and more employees working remotely. Keeping this in mind, CIOs will focus on compatibility - the ability to scale and transcend devices and platforms (i.e. the open network) for enhanced collaboration. Integration capabilities will be a basic requirement for any technological implementation.

Has Deep Learning Made Traditional Machine Learning Irrelevant?

It is true that many of the competitions you see on Kaggle these days contain unstructured data that lends itself to Deep Learning algorithms like CNNs and RNNs. Anthony Goldbloom, the founder and CEO of Kaggle observed that winning techniques have been divided by whether the data was structured or unstructured.  Regarding structured data competitions, Anthony says “It used to be random forest that was the big winner, but over the last six months a new algorithm called XGboost has cropped up, and it’s winning practically every competition in the structured data category.” More recently however, Anthony says the structured category has come to be dominated by what he describes as ‘hand crafted’ solutions heavy on domain knowledge and stochastic hypothesis testing. When the data is unstructured, it’s definitely CNNs and RNNs that are carrying the day.

Will 2018 be the big year for machine learning?

"We have reached the tipping point where adoption of machine learning in the enterprise is poised to accelerate, and will drive improved business operations, better decision making and provide enhanced or entirely new products and services," said Paul Sallomi, vice chairman of Deloitte. ML, a core element of artificial intelligence, will progress "at a phenomenal pace," according to the study. "As impressive as it is today, in 50 years' time the ML abilities of 2018 will be considered baby steps in the history of this technology," the report said. The report highlights areas that Deloitte thinks will unlock more intensive use of ML in the enterprise by making it easier, cheaper and faster. The most important key area is the growth in new semiconductor chips that will increase the use of ML, enabling applications to use less power, and at the same time become more responsive, flexible and capable.

Understanding the role of Information Rights Management

Naturally, the bigger the scale of the enterprise, the harder it’s going to be to keep IRM consistent. Many software packages and internal procedures are easy to maintain when you only have a few dozen people to worry about. The more people you add to a system, the more points of vulnerability you’ll contend with, and the less secure and less consistent your practices will become. If you want your company’s information to be safe, you need to take IRM more seriously. You should consider establishing a partnership with an IRM organization, or relying on products that give you more control over your own internal IRM. Your documents, messages, and files are the lifeblood of your organization, and all it takes is one breach to compromise your work. Don’t let it happen on your watch; invest in the right infrastructure for IRM, and don’t let it become a secondary priority.

10 data scientist interview questions job seekers can expect

"To assess if a candidate can be successful as a data scientist, I'm looking for a few things: baseline knowledge of the fundamentals, a capacity to think creatively and scientifically about real-world problems, exceptional communication about highly technical topics, and constant curiosity," said Kevin Safford, senior director of engineering at Umbel. Demonstrating that you have a strong understanding of the business at hand and how data can be used to reach business goals will also set you apart. "In addition to many technical questions—knowing your algorithms, knowing your math—a great data scientist must know the business and be able to bring strong ideas to the table," said Rick Saporta, head of data science at Vydia. "When hiring, I would rather have one creative data scientist who has a strong understanding of our business, than a whole team of machine learning experts who will be in a constant 'R&D' mode."

An Introduction to Anti-Patterns - Preventing Software Design Anomalies

The common symptoms of islands of implementation are an incorrect use of technology standards, usability and interoperability issues, excessive cost and time escalations due to changing business needs. The root cause for this is typically around not having enterprise level standards, organizational structures leading to poor communications, inappropriate trained resources deployed in projects. But these can also occur during corporate mergers, acquisitions or due to vendor-lock ins. ... The root causes can be due to lack of architectural vision, technological disruptions, tight coupling, insufficient use of metadata, lack of abstraction layer etc. Use of component architectures that provides flexible substitutions of software modules due to fast-changing business/technology landscapes can solve this issue.

Is a Good Offense the Best Defense Against Hackers?

First there’s the issue of "attribution." How do you correctly identify your attacker? It’s not as easy as it sounds. What if an attack comes from a botnet? Not one computer, but thousands or millions spread over the globe. Owners of botnet computers may not know they’re contributing to an attack. If your attacker is somewhere in the cloud, good luck finding her. Are you going to strike back against your cloud provider? They’re potentially innocent middlemen. Second, ACDC wouldn’t allow striking back against distributed denial-of-service (DDoS) attacks, for example, a common attack. DDoS attacks don’t involve unauthorized access. And who are you going to blame? Typical DDoS attacks come from devices that are part of the Internet of Things (IoT). Say Grandma’s digital picture frame routed requests in a DDoS attack. Are you going to hack back against Grandma?

What Should Software Engineers Know about GDPR?

GDPR is only interested in personally identifiable information (PII). GDPR does not apply to data that is not attached to a person, such as product or accounting information. You might still classify it as sensitive and might still want to protect it, but GDPR considers it non-PII data and ignores those situations. GDPR identifies two classes of PII data. There is data that can be used to uniquely identify a person like social-security number, e-mail address, or anything directly connected to these identifiers such as purchase history. Then there is extra-sensitive data such as medical/health information, religion, sexual orientation, or any information on/collected from a minor. Do note that according to GDPR, combinations of information that may not be unique in isolation can potentially identify an Individual. So PII also includes identities that may be deduced from values like postcode, travel, or multiple locations such as places of purchase.

Quote for the day:

"Learn from the mistakes of others. You can never live long enough to make them all yourself." ― Groucho Marx

Daily Tech Digest - December 13, 2017

Cyber security skills shortage can be addressed, says (ISC)2

McCumber, who has been working in information security in military, national security and civilian roles for the past 30 years, argues that in the light of the fact that there are jobs for people coming out of trade schools, there is no reason that aspects of cyber security cannot be turned into trades. “By treating cyber security as a trade, it will enable school leavers to get some basic skills without having to do a four-year course and to provide valuable services in well-paid jobs in the cyber security field,” he said. “There are a lot of productive jobs in the cyber security field that do not need a four-year degree.” ... “We work with industry to ensure we are training people to meet industry’s needs, and government that wants to drive down unemployment rates, and provide transportable certifications that are recognised by government, industry and academia,” he said.

HP Spectre 13 review: This stylish ultrabook conceals real power

HP Spectre Laptop 13 af0xx
Whether open or closed, the Spectre 13’s elegance shines through. It’s a beautifully architected notebook PC, with metallic accents that complement the understated white of the chassis. (Normally, the Spectre 13 ships in black; the Ceramic White option our test machine included is an extra $10—and worth it.) Would I have chosen a series of circular holes to replace the hexagonal slits of the fan grille? Maybe. A narrow power button to one side also feels a bit out of place. But these are just nitpicks. ... At 2.4 pounds, the Spectre 13 is light, yet solidly constructed. Many aspects reminded me, though of a tablet: its weight; the power-efficient, 1080p display; and the pair of silver hinges that conceal the I/O and electric connections, slightly lifting the display above the keyboard. HP also includes a pleather laptop sleeve to protect the Spectre Laptop from nicks and scratches while in your bag.

Programmers and developers more important to companies than IT managers

"IT is really going to have to shift to more of a partner to the business, and making sure they are in lockstep with what the business goals are," Hayman said. ... Decentralization makes it challenging for IT and the business to align, Hayman said. For successful digital transformation projects, both parties need to be at the table for important conversations about how technology can help realize goals, rather than IT waiting for direction from the business. "Digital transformation is going to give organizations this unique opportunity to use technology as that strategic asset for the whole enterprise," Hayman said. "Those capable IT teams that can support it are really going to help separate and differentiate organizations from the rest of their competition. That's going to mean identifying areas to increase efficiency, and add greater value to the technology."

Cyber attack surface facts, figures and statistics for 2017 to 2022

Cyber attack surface grows immensely, raises security concerns
The far corners of the Deep Web — known as the Dark Web — is intentionally hidden and used to conceal and promote heinous criminal activities. Some estimates put the size of the Deep Web (which is not indexed or accessible by search engines) at as much as 5,000 times larger than the surface web and growing at a rate that defies quantification, according to one report. ABI has forecasted that more than 20 million connected cars will ship with built-in software-based security technology by 2020 — and Spanish telecom provider Telefonica states by 2020, 90 percent of cars will be online, compared with just 2 percent in 2012. Hundreds of thousands — and possibly millions — of people can be haced now via their wirelessly connected and digitally monitored implantable medical devices (IMDs) — which include cardioverter defibrillators (ICD), pacemakers, deep brain neurostimulators, insulin pumps, ear tubes and more.

GDPR and the human element of personal data protection

Finding the precise location of data defined as ‘personal’ under GDPR from among the thousands of tables and columns (or fields) in complex and customized packaged systems, represents a significant challenge. Traditional tools and methods, such as searching for documentation, using templates and reference models or employing external consultants, do not address the challenge in an effective and timely fashion. Safyr offers an interesting approach - it interfaces with all the most popular ERP and CRM solutions in order to speed up that discovery process. Speed and accuracy here are vital for several reasons - obviously ‘bad’ data discovery initially means that risk assessments will be skewed, and even worse it may cause a loss of focus, so that less critical issues are fixed first, rather than the real high risk issues. These issues are the major benefit of using a discovery tool, rather than attempting hand cranked scripted procedures.

A robotic path lined with cybersecurity bumps

The robot controller is a complex device composed of multiple interconnected subsystems and computer systems. A controller can work in automatic mode – typically for regular operation of the robot; and in manual mode, in which the robot performs movements according to specific inputs fed by the operator.  Under this attack, the cybercriminal changes the setting of the control system so the robot moves unexpectedly or inaccurately. This type of attack could lead to production of defective or modified products, subsequently resulting in massive recalls. The first time a robot is connected to a controller, the sensing equipment must be calibrated. The controller uses the calibration data to compensate for known measurement errors. Manipulation on the calibration parameters can cause the servo motor to move erratically or unexpectedly. If an attack is launched when a robot is moving, the controller can detect it and engage stopping procedures.

A Pragmatic Assessment Of Disruptive Potential In Financial Services

Fintechs have seized the initiative – defining the direction, shape and pace of innovation across almost every subsector of financial services – and have succeeded as both stand‐alone businesses and crucial parts of financial value chains Fintechs have reshaped customer expectations, setting new and higher bars for user experience. Through innovations like rapid loan adjudication fintechs have shown that the customer experience bar set by large technology firms, such as Apple and Google, can be met in financial services Customer willingness to switch away from incumbents has been overestimated. Customer switching costs are high, and new innovations are often not sufficiently material to warrant the shift to a new provider, especially as incumbents adapt* Fintechs have struggled to create new infrastructure and establish new financial services ecosystems, such as alternative payment rails or alternative capital markets.

AIG launches new cyber threat analysis to gauge companies' risks

AIG’s underwriters have been using the computerized analysis since November, which combines information from a new insurance application designed for the process and data about current cyber threats to generate scores on various related factors, said Tracie Grella, AIG’s global head of Cyber Risk Insurance, in an interview. The analysis scores companies on the degree to which a cyber attack may affect their businesses and the potential costs of various cyber incidents, among other issues, according to a sample report seen by Reuters. Cyber coverage is a mounting concern worldwide as hackers increasingly target companies’ technology systems. Insurers are also struggling to estimate their potential exposure as cyber risks and interest in coverage increase.

Cloud-to-cloud backup: What it is and why you need it

In small-scale scenarios, users can copy files from, for example, Office 365 and G Suite to a local volume, or if security rules permit, an external drive. But this is a manual process that might not be reliable, and will struggle to scale. For larger files and larger applications, this is rarely practical. Enterprises using infrastructure-as-a-service (IaaS) or SaaS applications can use application programming interfaces (APIs) or third-party software to back up to local servers, network-attached storage (NAS) equipment or their own datacentre. But backing up cloud services to local storage is a step backwards. Instead of taking advantage of the cloud, it forces companies to retain on-site infrastructure, increases costs and limits flexibility. Enterprises that back up software-as-a-service applications will have the reassurance that they have copies of their data, but they will not be able to replicate or run the SaaS environment in-house.

Top 5 open source tools for MySQL administrators

Top 5 open source tools for MySQL administrators
For database administrators (DBAs), keeping databases running at peak performance can be a little like spinning plates: It takes agility, concentration, quick reactions, a cool head, and an occasional call out from a helpful onlooker. Databases are central to the successful operation of almost every application. As DBAs are responsible for an organization’s data, finding dependable tools that help them to streamline the database management process and ease day-to-day maintenance tasks is essential. DBAs need good tools to keep their systems spinning smoothly. So what are the tried and trusted tools for MySQL administrators? Here I share my top five open source tools for MySQL administrators and discuss their value in the support of day-to-day MySQL administration tasks. For each of them, I’ve provided a link to the GitHub repository and listed the number of GitHub stars at the time of writing.

Quote for the day:

"Failure defeats losers, failure inspires winners.” -- Robert T. Kiyosaki

Daily Tech Digest - December 12, 2017

Microsoft's Edge browser is in serious trouble

microsoft edge browser resized
Edge wasn't the only browser that came out looking worse than presumed prior. Microsoft's legacy browser, Internet Explorer (IE) also was revealed as a Potemkin village. Under the old data regime, which included bots, IE's user share was overblown, at times more than double the no-bots reality. Take May 2016 as an example. With bots, Net Applications pegged IE at 33.7%; without bots, IE's user share dwindled to just 14.9%. Together, IE and Edge - in other words, Microsoft's browsers - accounted for only 16.3% of the global user share last month using Net Applications' new calculations. Back in January, however, IE+Edge had a user share of 24.1% with bots, just 14.9% without the shady tools. Put plainly, Microsoft's place in the browser race, while definitely dismal when calculated previously, became ghastly when the bot traffic was subtracted. Other data sources also called IE's and Edge's position weak, and long before Net Applications scoured its data.

Using Big Data to transform business processes

Too often, businesses build data centers that are fragmented into unusable silos, which bar them from gaining the actionable insights they seek. One of the most overlooked of these silos is the call centre audio data, which is tremendously valuable since it holds the very voice of the customer in a specific moment in time," he says. "This is where the expertise and technology available with established analytics programs make the difference. Figuring out how to pull Big Data into one usable trove of information is a large part of the task, ultimately breaking open the floodgates for gaining valuable insights that allow businesses to operationalise on their findings." ... "A treasure trove of Big Data doesn't provide answers. A carefully managed analytics program designed around business goals and desired outcomes, alongside constant review of where the program is successful or needs improvement, is how organisations ultimately rise into the sweet spot of fast and efficient decision making and operationalisation of insights," he adds.

5 Reasons the Cybersecurity Labor Shortfall Won't End Soon

In late 2013, Cisco projected there were 1 million job openings globally. For several years after that, cybersecurity labor figures were only minimally updated. Various surveys (as opposed to research) have drastically underestimated the problem because they relied on polls that didn't sample enough companies, or they focused on information/IT security and failed to take the broader cybersecurity market into consideration. This leaves out heaps of workers involved with Internet of Things security, ICS (industrial control systems) security, automotive security, embedded security, and numerous other large categories. Some surveys, ..., portray a workforce with the number of unfilled cybersecurity jobs not even doubling in nearly a decade, from 2013 to 2022. This is a stark departure from my own research, which shows the number of unfilled positions actually is expected to grow 3.5 times during an even shorter timeframe, from 1 million in 2013 to 3.5 million in 2021.

5 top machine learning use cases for security

artificial intelligence / machine learning / network
In principle, machine learning can help businesses better analyze threats and respond to attacks and security incidents. It could also help to automate more menial tasks previously carried out by stretched and sometimes under-skilled security teams. Subsequently, machine learning in security is a fast-growing trend. Analysts at ABI Research estimate that machine learning in cyber security will boost spending in big data, artificial intelligence (AI) and analytics to $96 billion by 2021, while some of the world’s technology giants are already taking a stand to better protect their own customers. Google is using machine learning to analyze threats against mobile endpoints running on Android -- as well as identifying and removing malware from infected handsets, while cloud infrastructure giant Amazon has acquired start-up harvest.AI and launched Macie, a service that uses machine learning to uncover, sort and classify data stored on the S3 cloud storage service.

Android vulnerability allows attackers to modify apps without affecting their signatures

android modify apps without affecting signatures
“Although Android applications are self-signed, signature verification is important when updating Android applications. When the user downloads an update of an application, the Android runtime compares its signature with the signature of the original version. If the signatures match, the Android runtime proceeds to install the update,” Guard Square researchers explained. “The updated application inherits the permissions of the original application. Attackers can, therefore, use the Janus vulnerability to mislead the update process and get unverified code with powerful permissions installed on the devices of unsuspecting users.” The vulnerability (CVE-2017-13156) can be exploited to replace any kind of app, even a system app, without the user noticing anything or Android preventing the installation.

AI is a Business Imperative and Boardroom Agenda

In the age of the connected customer, the most effective method of closing the customer experience gap is for companies to invest in advanced predictive analytics and artificial intelligence (AI) powered customer relationship management (CRM) platforms. According the research, forward-looking companies have invested in new technologies capable of consolidating and analyzing key customer data and have reorganized to be able to act on that customer insight in a more nimble way. The biggest and most significant shift will be the use of advanced predictive analytics to drive data-driven customer experience decisions. The competitive battleground is now squarely based on superior customer experience, and only companies that invest in AI technologies can meet the ever-growing expectations of the hyper connected, and knowledge-sharing stakeholder - employees, partners and customers.

Application-Defined Networking Basics

A core concept of the OSI model is that each layer is largely isolated from the details of any other layer. While that has led to great independence—as, for example, an application developer doesn’t have to worry about whether or not there is copper or fiber optic cable being run at the Physical Layer—it has led to siloed workers that don’t necessarily appreciate the details of the work that goes into the other layers. Traditionally, an application developer working at the top of the OSI model only cares about an IP address and a port number provided by the Network Layer, since that provides a specific place on the network where a client-server connection can be maintained. But a whole lot of design, art and maintenance goes into setting up a set of routers and switches to make sure traffic doesn’t bottleneck between any two IP addresses. This means there’s a network engineer who spends a lot of time managing tickets that represent requests for changes to an existing network design.

Faster Java Releases: A Challenge for the Spring Framework Project

"A new JDK generation every half year means a new bytecode level, which means tooling needs to be ready to handle a new JDK version," he said, "a new bytecode level, every half year. This can be quite a challenge, and quite disruptive to the Java ecosystem. Many tools are based on bytecode generation, possessing libraries such as ASM, CGLib, ByteBuddy. They historically have not needed to evolve to leniently embrace new JDK generations. They have evolved to be designed for a particular set of JDK versions only, and they had to be updated every single time." "So we'll have to change our minds a little," he added. "We'll have to design our infrastructure, our bytecode processing, in such a way that a new JDK generation is a totally normal thing." Hoeller underscored the fact that Oracle will provide a feature release every six months, update releases every quarter, and a long-term support release every three years.

Gartner analyst predicts doom for on-premises data centers

Gartner analyst predicts doom for on-premises data centers
Although he didn’t mention it by name, you have to think Microsoft is in that category because it is already cloud-first with its enterprise apps. Office 365 already outsells the packaged Office 2016, so I can see a major de-emphasis of the client product in the coming years. However, this move will be more of a win for the SaaS providers than customers. SaaS prices have risen about 8 percent in the last three years, Govekar said, who also warned that SaaS vendors such as Salesforce, Oracle and SAP are engaging in a “lock-in strategy” not unlike what enterprise software vendors used to do, integrating their products so deeply that moving or switching is prohibitively difficult. And when you are dependent on software you don’t own but rent as a service, it becomes a little like the cable monopoly where there is little anyone can do to prevent them from raising prices on a regular basis.

HP patches hundreds of laptops to remove hidden keylogger

hp spectre keyboard
If you bought an HP laptop anytime in the last five years, it could be tracking your every keystroke. Over the weekend HP revealed that nearly 500 of its notebooks dating as far back as 2012 shipped with a secret keylogger installed. Alongside the announcement, HP released driver updates to eradicate the software on affected laptops. Security researcher Michael Myng discovered the keylogger when probing the Synaptics touchpad software on an HP laptop. HP’s security bulletin says the “potential security vulnerability” affects all laptops with “certain versions of Synaptics touchpad drivers”—not necessarily just HP models. The keylogger is disabled by default, however. “A party would need administrative privileges in order to take advantage of the vulnerability,” the bulletin states. “Neither Synaptics nor HP has access to customer data as a result of this issue.” HP told Myng that the keylogger was a debugging tool.

Quote for the day:

"Problems are not stop signs, they are guidelines." -- Robert Schuller

Daily Tech Digest - December 11, 2017

With smartphones like these, why do we need laptops?

sek smartphone expansion keyboard
In a nutshell, it’s a laptop powered by a smartphone processor running a desktop operating system. Specifically, the new Windows 10 laptops that will be built initially by HP, Lenovo and Asus are powered by the Qualcomm Snapdragon 835 processor. This is the same chip that powers high-end smartphones such as the Galaxy S8 and Note8. Microsoft has tweaked Windows 10 to run natively on ARM chipsets. Initially these devices will ship with Windows 10 S, Microsoft’s simplified and locked-down version of Windows. But customers will be able to upgrade free to Windows 10 Pro. While these laptops aren’t as powerful as other Windows laptops available, the smartphone processor inside them enables faster “always-on” LTE connectivity and “all-day” battery life. Microsoft calls the new category Always Connected PCs. This new kind of laptop will eventually prove valuable for certain types of enterprise users.

A layered approach to modern identity

With this shift towards mobile access at work, home and everywhere in between, comes a shift in both user expectations and behaviors. Instant access to information – anytime, anywhere – is the norm, which means our tolerance for friction has greatly diminished. This new attitude allows employees to be more productive and responsive, and even make more informed decisions. However, this digital era consumers have grown accustomed to is built on a house of cards from a security perspective. The apps consumers access at the touch of an icon or the imprint of a finger are all protected with passwords – and with more and more work and personal data moving online, hackers are having a heyday circumventing passwords to get at this information. Implementing more rigorous security seems like an easy next step, but many organizations are slow to adopt new security approaches due to the presumed negative impact on user experience.

An expert's guide to navigating the world of bitcoin

Cryptocurrencies are decentralized projects, so no one is really in charge. There’s no resolution process for disagreements. In August, a group of disgruntled users cloned the bitcoin blockchain and created a new coin called Bitcoin Cash, also known as Bcash. A few months later, people created another clone called Bitcoin Gold. This can be really confusing for new users, because if they download the wrong wallet or buy the wrong coin, they can lose their money. This is also a good thing, that no one is in charge, so people don’t worry about seeking permission before building new features. We’re seeing new developments in digital currencies that protect user privacy, and projects to bring Bitcoin to people without internet access. ... Bitcoin uses public key cryptography, where each bitcoin account has a public key and a private key. The public key is the bitcoin address and the private key is used to authorize transactions.

The Value of Logging within Cloud Native Applications

Software nowadays is no longer a single body of code you can build and test in isolation. Cloud, containers and all this tech obviously provides a lot of advantages, but at the cost of “understandability” (which is maybe the best way to view the term “observability”). The system components are increasingly scattered and remote, and less likely to be under your direct control. This evolution goes hand in hand with devops movement which has changed the way people think about software. There are a lot of teams now who now have “a system they care about”, as opposed to just building a piece of software and “throwing it over the wall to ops”. So “understanding” the behaviour of your software system is now largely only possible in the wild. Most software systems are a composition of other systems that out of your control. Think of your software system as an autonomous car: it has to be put on the road to be tested and improved, but in many ways we’re still building software as if we could test it in the lab.

Blockchain At Heart of Personal Data Monetization Service

“We’re allowing users to own their data by creating a personal secure vault where individuals can store their data, and if they choose to share it, they get compensated with tokens to view ads,” Silver says. “So instead of advertising on Facebook to target specific types of users, advertisers can target those users precisely the same way, if not better, by offering them compensation directly.” It’s a new business model for Algebraix, which spent several years developing something that it calls “the algebra of data.” This technology, which was spearheaded by Indiana math professor Gary Sherman, was originally created to speed up big data processing on cloud platforms or parallel clusters running Hadoop and Spark. Now Silver and company are looking to apply their mathematical techniques to workloads running on the Blockchain, the peer-to-peer transactional ledger that provides the technological foundation for cryptocurrencies.

Top 3 Reasons Why Companies Struggle With Agile & Scrum

why companies struggle with agile
Organizations need to understand that the methods that comprise “Agile” will not solve any pertinent issue in their culture or “the behavior of their employees.” Problems of distrust, lack accountability, respect, or fear of failure are all readily exposed by Scrum( Framework of agile). For instance, the goal of scrum is to produce a potentially releasable product increment in every sprint that often exposes the business to the “technical debt” due to past product development efforts that has not been paid off and lack of quality practices within software engineering. Most of the organizations are not able to deal with these surfacing issues. As they don’t have a neutral party to facilitate their exploration and resolution, most organizations tend to ignore them or consider Agile/Scrum liable to create them. ... In case that mirror reflects back, an organization does not like and blames the “mirror” rather than looking at the objectively provided feedback and evaluating to address it.

How can banks fight cybercrime?

Banks Cybercrime
Earlier this year, Nick Cook, the FCA’s head of data and information operations, said that the regulator was “still learning” how to support the adoption of automated, digitised compliance. The FCA reports that the number of successful cyber attacks has risen from 5 to 49 annually between 2014 and 2017. Bain believes that placing confidence into newer forms of security will benefit banks greatly: “Machine learning uses a compound set of algorithms to detect patterns and predict outcomes from a large amount of data online. As such, the self-learning capabilities and ability to recognise patterns and anomalies within them, makes AI and machine learning a great tool to detect cyber security threats.” Bains’ words ring true with Rob Grupperra, the FCA’s head of financial crime, who said that firms are trying to replace humans with AI to detect money laundering, as stated on the FCA’s website. Grupperra mentioned the positive effect such advanced technology would have on firms if they were to replace human monitoring with AI.

The Neuroscience Of Social Learning

The Neuroscience Of Social Learning
A growing body of research is showing that our need to connect socially with other people is as basic as any other survival need. In fact, UCLA professor Matthew Lieberman has challenged Abraham Maslow and his famous hierarchy of needs, placing social needs at the bottom of the pyramid. This makes them more essential than food and water! He explains how our brains have been evolving for millions of years to turn us into the social creatures we are today. That’s why creating social connections in learning can have such an impact. To our brains, it simply feels more natural than learning on our own. There is also a clear link between emotions and learning. Emotions are handled by the brain’s prefrontal cortex, and the same area is used for our memories. In fact, our working memory has been shown to be impaired by negative emotions, such as fear and anxiety. Psychologist Daniel Goleman says that by building social and emotional learning programs, we can pave the way for more effective learning.

One year later, enterprises still wrestle with Windows 7's cumulative updates

Windows logo with padlocks
Under the earlier patch scheme, users were able to set questionable updates aside - perhaps for further testing, maybe to give Microsoft more time to quash a just-found bug - even as they deployed all other updates. That isn't't possible under the all-or-nothing cumulative regime. Nearly 14 months later, enterprises labor to adapt. "It's elongated the patch cycle," said Chris Goettl, a product manager with client security and management vendor Ivanti, in an interview. He explained that many businesses were forced to postpone all patches, at least on some systems, because a code change included in the cumulative Windows 7 update had broken a critical application. "We're seeing a lot of customers who have not been able to roll out any updates until a problem was resolved, either by Microsoft or a third-party vendor," Goettl said.

Data Science is Plutonium Powerful: Dangerous and Handle With Care

Data Science is Plutonium Powerful: Dangerous and Handle With Care
It may seem that business intelligence (BI) is similar to data science (DS). Data science encompasses predictive analytics, machine learning, data mining, and even parts of what is considered to be artificial intelligence. It is routinely touted as improving revenue, profit, and ROI. It is often presented as automated and able to discover knowledge. These huge impacts and the automated nature of many of its applications make DS particularly dangerous. Business intelligence (BI), on the other hand, is used for processing and organizing business data so that it can be adeptly navigated by a competent human data analyst. It supports decision makers in making better and faster decisions. It is not typically relied upon for making decisions directly. Under the hood both BI and DS are about processing data to find patterns that can aid in making business decisions.

Quote for the day:

"Life is too short to waste time waiting for other people's approval on how you live it." -- Steve Maraboli

Daily Tech Digest - December 10, 2017

No CEO needed: These blockchain platforms will let ‘the crowd’ run startups

In the late ’90s, the Internet changed business. We also saw a new set of businesses emerge at that time that were only possible because of the arrival of that new technology. With the benefit of hindsight, it is clear that there was a difference between Barnes & Noble putting up a website and Amazon being a “digital native” organization, even if it was not obvious at the time. With DAOs, we are witnessing the birth of entirely new way of coordinating, aligning, and rewarding work. The blockchain-native entities built on platforms like Aragon, Colony, District0x, DAOStack, and the competitors that are bound to follow are going to pose a threat to incumbents who cannot react as quickly. More importantly, they will enable entirely new types of organizations that will change the world just as Facebook, Amazon, and Google did the last time around.

How tomorrow’s technologies can help the finance function of today

CFOs must reach across the enterprise to act as a catalyst for innovation, but many are hampered by fragmented, decentralized systems. Forty-eight percent of CFOs surveyed for PwC’s 2017 Global Digital IQ Survey cited outdated technology as an emerging barrier to successful digital initiatives, while 40 percent said data and technology integration would be the biggest challenge they would need to overcome. This IT fragmentation is in addition to the typical organizational and process issues most enterprise executives face. When finance professionals spend more time gathering data than analyzing it, or adjusting and reconciling entries manually rather than predicting future outcomes, they’re experiencing the effects of fragmentation. Intelligent automation helps alleviate the symptoms of IT fragmentation in three ways:

Alibaba’s Cainiao Tests Delivery Robots on ZJU Campus

Hangzhou ZJU Alibaba Logistics Robot Autonomous Delivery Vehicle Campus News AI Front View Storage Room
The idea behind that is to let the vehicle learn where the students commonly are at what time of the day to improve the efficiency of the solution. For example, it could move to a dorm area in the morning and remain stationary for students to take out their parcels as they pass by the vehicle in the morning on their way to the lecture, and drive to the cafeteria around lunchtime. It is planned that the students will also have the ability to communicate with the delivery vehicle via a smartphone app or a similar kind of web platform. The ZJU is the only university with such a test run right now and it’s in an early stage, but it could already be seen around the time of the Singles’ Day. The vehicle itself has been provided by Cainiao, a logistics subsidiary of Alibaba. Taking into account that both the university and Alibaba are located in the Chinese city of Hangzhou, it makes sense to deploy experimental vehicles in a ring-fenced environment.

Big Data and marketing – heady cocktails and crushing hangovers

Big Data Marketing
In most real worlds, they don’t acknowledge each other, perch on different stools, chug different drinks, and go their separate ways. The more data explodes, the more decision making practices remain the same. I was recently talking to a COO who described his role as the ability to take the most impactful decisions with the thinnest possible information. It is the nature of data – Big or Otherwise. We keep talking of social feeds and Facebook posts and mobile phone penetration. All of these make for great story telling. But unless the information extracted from these sources is explicitly useful taking a marketing decision – in talking to a customer, creating a campaign, or driving a cross-sell, it is of limited value. It is this absence of a meaningful connect between data sciences and marketing that we need to bridge.

Robots Will Transform Fast Food

Business owners insist that robots will take over work that is dirty, dangerous, or just dull, enabling humans to focus on other tasks. The international chain CaliBurger, for example, will soon install Flippy, a robot that can flip 150 burgers an hour. John Miller, the CEO of Cali Group, which owns the chain, says employees don’t like manning the hot, greasy grill. Once the robots are sweating in the kitchen, human employees will be free to interact with customers in more-targeted ways, bringing them extra napkins and asking them how they’re enjoying their burgers. Blaine Hurst, the CEO and president of Panera, told me that his no-longer-needed cashiers have been tasked with keeping tabs on the customer experience. Panera customers typically retrieve their food from the counter themselves. But at restaurants where they place their orders at kiosks, employees now bring food from the kitchen to their tables.

The Rise of the ICO

Cryptocurrency has revolutionized currency transactions, and now people are finding even more uses for the digital currency technology. When startups need to raise money to get their businesses off the ground many are turning to ICOs, or Initial Coin Offerings, to fund their projects in an unregulated way. This method is similar to IPOs and even crowdfunding in that investors own something related to the company when they make an investment. Just like IPOs and Crowdfunding there is no guarantee you will ever get your money back. The risk in investing in ICOs comes from the fact that there is a small percentage of people taking advantage of the fact there are no regulations by scamming unsuspecting investors. Jordan Belfort, better known as the Wolf of Wall Street, has warned against ICOs, calling them the biggest scam going as well as way worse than anything he ever did.

The Surgeon Who Wants to Connect You to the Internet with a Brain Implant

“A true fluid neural integration is going to happen,” Leuthardt says. “It’s just a matter of when. If it’s 10 or 100 years in the grand scheme of things, it’s a material development in the course of human history.” Leuthardt is by no means the only one with exotic ambitions for what are known as brain-computer interfaces. Last March Elon Musk, a founder of Tesla and SpaceX, launched Neuralink, a venture aiming to create devices that facilitate mind-machine melds. Facebook’s Mark Zuckerberg has expressed similar dreams, and last spring his company revealed that it has 60 engineers working on building interfaces that would let you type using just your mind. Bryan Johnson, the founder of the online payment system Braintree, is using his fortune to fund Kernel, a company that aims to develop neuroprosthetics he hopes will eventually boost intelligence, memory, and more.

3 advanced prevention technologies expected to grow in 2018

3 advanced prevention technologies expected to grow in 2018
Despite years of innovation and VC investment, vulnerability management remains one of the biggest operational challenges for most organizations. Why? It’s a numbers game — large enterprises have thousands of systems with different software revisions and configurations deployed across global networks. How do you prioritize patching activities when CVE scores and vulnerability scanning tools report thousands of high-priority incidents requiring immediate remediation?  In the past, we used analogue tuning to define which systems were considered mission-critical, but this didn’t provide a level of useful granularity. Fast forward to 2018, and risk-based intelligent vulnerability management tools can consume terabytes of configuration data, asset data, vulnerability data, and threat intelligence to create a fine-grained analysis of which systems really need immediate patching.

The Holy Grail Of Innovation In Today’s Digital Era

In the digital economy, where the only certainty is change, the only sources of lasting competitive advantage are knowledge and skills. While companies are looking to keep pace with their competition, 64% of respondents to a recent IDT survey said they do not have the resources with the skills necessary for digital transformation. Skills and lifelong learning are the key enablers for innovation adoption and form the foundation for effectively executing digital strategies. By 2020, one in five core skills in the workplace will be different than they were in 2015, and complex problem-solving, critical thinking, and creativity are viewed among the top five most-needed skills, according to the World Economic Forum. This is an important change in the nature of work and needs to be taken seriously by individuals and organizations alike.

The “Learning from Unintended Failures” Pattern

It is a frustrating truth that software systems sometimes fail. These failures impact the system's users, therefore a primary goal of the system's developers is to minimise the failures and their impact. Fortunately, every failure provides learning opportunities to improve the resilience of the system. The “Learning from Unintended Failures” pattern is a four-step approach where unintended system failures are identified, resolved as quickly as possible to limit impact and then analysed to establish root cause. Improvement ideas are generated based on the analysis and then delivered. This pattern appears very well-known—even obvious—to many at first glance. The real benefits from this approach are only gained, however, if the analysis is effective and thorough and the ideas are actually implemented. This pattern describes an effective method for gaining real system improvements following system failures.

Quote for the day:

"Be a Strong Leader, Even If You Follow a Weak Leader." -- Miles Anthony Smith