Daily Tech Digest - December 12, 2017

Microsoft's Edge browser is in serious trouble

microsoft edge browser resized
Edge wasn't the only browser that came out looking worse than presumed prior. Microsoft's legacy browser, Internet Explorer (IE) also was revealed as a Potemkin village. Under the old data regime, which included bots, IE's user share was overblown, at times more than double the no-bots reality. Take May 2016 as an example. With bots, Net Applications pegged IE at 33.7%; without bots, IE's user share dwindled to just 14.9%. Together, IE and Edge - in other words, Microsoft's browsers - accounted for only 16.3% of the global user share last month using Net Applications' new calculations. Back in January, however, IE+Edge had a user share of 24.1% with bots, just 14.9% without the shady tools. Put plainly, Microsoft's place in the browser race, while definitely dismal when calculated previously, became ghastly when the bot traffic was subtracted. Other data sources also called IE's and Edge's position weak, and long before Net Applications scoured its data.

Using Big Data to transform business processes

Too often, businesses build data centers that are fragmented into unusable silos, which bar them from gaining the actionable insights they seek. One of the most overlooked of these silos is the call centre audio data, which is tremendously valuable since it holds the very voice of the customer in a specific moment in time," he says. "This is where the expertise and technology available with established analytics programs make the difference. Figuring out how to pull Big Data into one usable trove of information is a large part of the task, ultimately breaking open the floodgates for gaining valuable insights that allow businesses to operationalise on their findings." ... "A treasure trove of Big Data doesn't provide answers. A carefully managed analytics program designed around business goals and desired outcomes, alongside constant review of where the program is successful or needs improvement, is how organisations ultimately rise into the sweet spot of fast and efficient decision making and operationalisation of insights," he adds.

5 Reasons the Cybersecurity Labor Shortfall Won't End Soon

In late 2013, Cisco projected there were 1 million job openings globally. For several years after that, cybersecurity labor figures were only minimally updated. Various surveys (as opposed to research) have drastically underestimated the problem because they relied on polls that didn't sample enough companies, or they focused on information/IT security and failed to take the broader cybersecurity market into consideration. This leaves out heaps of workers involved with Internet of Things security, ICS (industrial control systems) security, automotive security, embedded security, and numerous other large categories. Some surveys, ..., portray a workforce with the number of unfilled cybersecurity jobs not even doubling in nearly a decade, from 2013 to 2022. This is a stark departure from my own research, which shows the number of unfilled positions actually is expected to grow 3.5 times during an even shorter timeframe, from 1 million in 2013 to 3.5 million in 2021.

5 top machine learning use cases for security

artificial intelligence / machine learning / network
In principle, machine learning can help businesses better analyze threats and respond to attacks and security incidents. It could also help to automate more menial tasks previously carried out by stretched and sometimes under-skilled security teams. Subsequently, machine learning in security is a fast-growing trend. Analysts at ABI Research estimate that machine learning in cyber security will boost spending in big data, artificial intelligence (AI) and analytics to $96 billion by 2021, while some of the world’s technology giants are already taking a stand to better protect their own customers. Google is using machine learning to analyze threats against mobile endpoints running on Android -- as well as identifying and removing malware from infected handsets, while cloud infrastructure giant Amazon has acquired start-up harvest.AI and launched Macie, a service that uses machine learning to uncover, sort and classify data stored on the S3 cloud storage service.

Android vulnerability allows attackers to modify apps without affecting their signatures

android modify apps without affecting signatures
“Although Android applications are self-signed, signature verification is important when updating Android applications. When the user downloads an update of an application, the Android runtime compares its signature with the signature of the original version. If the signatures match, the Android runtime proceeds to install the update,” Guard Square researchers explained. “The updated application inherits the permissions of the original application. Attackers can, therefore, use the Janus vulnerability to mislead the update process and get unverified code with powerful permissions installed on the devices of unsuspecting users.” The vulnerability (CVE-2017-13156) can be exploited to replace any kind of app, even a system app, without the user noticing anything or Android preventing the installation.

AI is a Business Imperative and Boardroom Agenda

In the age of the connected customer, the most effective method of closing the customer experience gap is for companies to invest in advanced predictive analytics and artificial intelligence (AI) powered customer relationship management (CRM) platforms. According the research, forward-looking companies have invested in new technologies capable of consolidating and analyzing key customer data and have reorganized to be able to act on that customer insight in a more nimble way. The biggest and most significant shift will be the use of advanced predictive analytics to drive data-driven customer experience decisions. The competitive battleground is now squarely based on superior customer experience, and only companies that invest in AI technologies can meet the ever-growing expectations of the hyper connected, and knowledge-sharing stakeholder - employees, partners and customers.

Application-Defined Networking Basics

A core concept of the OSI model is that each layer is largely isolated from the details of any other layer. While that has led to great independence—as, for example, an application developer doesn’t have to worry about whether or not there is copper or fiber optic cable being run at the Physical Layer—it has led to siloed workers that don’t necessarily appreciate the details of the work that goes into the other layers. Traditionally, an application developer working at the top of the OSI model only cares about an IP address and a port number provided by the Network Layer, since that provides a specific place on the network where a client-server connection can be maintained. But a whole lot of design, art and maintenance goes into setting up a set of routers and switches to make sure traffic doesn’t bottleneck between any two IP addresses. This means there’s a network engineer who spends a lot of time managing tickets that represent requests for changes to an existing network design.

Faster Java Releases: A Challenge for the Spring Framework Project

"A new JDK generation every half year means a new bytecode level, which means tooling needs to be ready to handle a new JDK version," he said, "a new bytecode level, every half year. This can be quite a challenge, and quite disruptive to the Java ecosystem. Many tools are based on bytecode generation, possessing libraries such as ASM, CGLib, ByteBuddy. They historically have not needed to evolve to leniently embrace new JDK generations. They have evolved to be designed for a particular set of JDK versions only, and they had to be updated every single time." "So we'll have to change our minds a little," he added. "We'll have to design our infrastructure, our bytecode processing, in such a way that a new JDK generation is a totally normal thing." Hoeller underscored the fact that Oracle will provide a feature release every six months, update releases every quarter, and a long-term support release every three years.

Gartner analyst predicts doom for on-premises data centers

Gartner analyst predicts doom for on-premises data centers
Although he didn’t mention it by name, you have to think Microsoft is in that category because it is already cloud-first with its enterprise apps. Office 365 already outsells the packaged Office 2016, so I can see a major de-emphasis of the client product in the coming years. However, this move will be more of a win for the SaaS providers than customers. SaaS prices have risen about 8 percent in the last three years, Govekar said, who also warned that SaaS vendors such as Salesforce, Oracle and SAP are engaging in a “lock-in strategy” not unlike what enterprise software vendors used to do, integrating their products so deeply that moving or switching is prohibitively difficult. And when you are dependent on software you don’t own but rent as a service, it becomes a little like the cable monopoly where there is little anyone can do to prevent them from raising prices on a regular basis.

HP patches hundreds of laptops to remove hidden keylogger

hp spectre keyboard
If you bought an HP laptop anytime in the last five years, it could be tracking your every keystroke. Over the weekend HP revealed that nearly 500 of its notebooks dating as far back as 2012 shipped with a secret keylogger installed. Alongside the announcement, HP released driver updates to eradicate the software on affected laptops. Security researcher Michael Myng discovered the keylogger when probing the Synaptics touchpad software on an HP laptop. HP’s security bulletin says the “potential security vulnerability” affects all laptops with “certain versions of Synaptics touchpad drivers”—not necessarily just HP models. The keylogger is disabled by default, however. “A party would need administrative privileges in order to take advantage of the vulnerability,” the bulletin states. “Neither Synaptics nor HP has access to customer data as a result of this issue.” HP told Myng that the keylogger was a debugging tool.

Quote for the day:

"Problems are not stop signs, they are guidelines." -- Robert Schuller