Daily Tech Digest - January 16, 2019

The Rise of Automated Machine Learning

AI and machine learning require expert data scientists, engineers, and researchers, and there's a worldwide short supply right now. The ability of autoML to automate some of the repetitive tasks of ML compensates for the lack of AI/ML experts while boosting the productivity of their data scientists. By automating repetitive ML tasks -- such as choosing data sources, data prep, and feature selection -- marketing and business analysts spend more time on essential tasks. Data scientists build more models in less time, improve model quality and accuracy, and fine-tune more new algorithms. More than 40 percent of data science tasks will be automated by 2020, according to Gartner. This automation will result in the increased productivity of professional data scientists and broader use of data and analytics by citizen data scientists. AutoML tools for this user group usually offer a simple point-and-click interface for loading data and building ML models. Most autoML tools focus on model building rather than automating an entire, specific business function such as customer analytics or marketing analytics.

Model-driven RESTful API for CRUD and More

This article introduces a model-driven RESTful API for CRUD (Create, Read, Update, Delete). With it, you can write simple models (specifying a database table and the set of columns to be exposed) and the REST endpoints for CRUD will become available automatically. No hand-coding of any SQL is necessary. The concept could be implemented on different technology stacks and languages. Here, I used JavaScript (which generates SQL) with Node.js, Express, and PostgreSQL. Most projects need to Create, Read, Update, and Delete objects. When these objects are simple enough (one driving table and a few columns in the database), the code is very similar from one object to the next. In fact, the patterns are the same, and the only differences are the names of the tables and the names and types of the columns. Of course, there will always be complex endpoints which need to be written by hand but by automating the simple ones, we can save a lot of time.

Progressing beyond a pre-digital age: Building the business case for ‘digital HR’

Progressing beyond a pre-digital age: Digital HR image
Humans are, well, only human. Mistakes happen, but a mistake can have a huge impact on an organisation’s health and future success. Introducing technology to manage a range of processes can help to reduce and mitigate HR related risk by minimising all manner of issues from poor HR consistency and visibility, to data loss. Manually updating changes in spreadsheets can be a cumbersome and ineffective process, especially when the data is being entered into multiple documents. Research from Salesforce shows that 88% of all spreadsheets have significant errors in them. Applying intelligent automation will not only reduce the risk of human mistakes but also help to flag errors and data problems before they create a negative impact on the business. The huge issue of risk and compliance aside, automation reduces the HR admin mountain and allows a focus on people strategies which are so critical when competing for talent and reducing churn. 

Get ready for edge computing’s rise in 2019

While many of you may see edge as exclusive to IoT, its value is much wider and will prove as critical to driving up customer experience as content delivery networks (CDN) were in the early days of the web . . .which explains why you are now seeing edge compute and AI services from all the major cloud vendors and on the road maps of the leading telecom companies. Twenty-seven percent of global telecom decision makers, who responded this year to the Forrester Analytics Global Business Technographics® Mobility Survey, 2018, said that their firms are either implementing or expanding edge computing in 2019. Many of these vendors will require new wireless tools and updated skill sets to achieve this digital transformation. This aligns to Verizon's recent employee buyout offer, as a result of which over 10,400 of its staff will be gone next year, driving nearly $10 billion in savings that it can apply to its edge-compute-empowered 5G network. And speaking of CDNs, nearly every one of these vendors is adding edge compute to their core market values.

World's first robot hotel massacres half of its robot staff

Terminator head
The story highlights the shortcomings of purportedly “state of the art” AI automation that are rarely discussed. One is that they’re installed to solve a management problem rather than a customer need, as was the case here - the hotel is in an area with an acute labour shortage. Secondly, they’re just plain annoying. As hotel manager Hideo Sadawa explained: “When you actually use robots you realize there are places where they aren’t needed - or just annoy people”. While robotics has advanced steadily in industry, the picture is different in consumer electronics. Trade group the International Federation of Robotics noted that sales of industrial robots had doubled in five years. But it’s largely cyclical, IFR president Junji Tsuda admitted. Adoption doubled even more dramatically between 2009 and 2010, which had nothing to do with AI and a lot to do with the falling cost of sensors and microelectronics. In industries where automation is highly advanced, such as car production, it may not move the dial much: wage rates largely govern the substitution phenomenon

The Key Cybersecurity Takeaways From The Recent SEC Charges

The Key Cybersecurity Takeaways From The Recent SEC Charges
Hackers continue to prefer phishing schemes to almost any other infiltration or social engineering tactic. In part, their effectiveness ties into their mundanity; phishing attacks look like legitimate emails, and employees without proper training will reliably open their emails. Phishing attacks, therefore, provide a low effort, high impact cyber threat. Furthermore, if it can hit the SEC, it can hit your enterprise as well. To prevent a phishing attack from inflicting damage on your databases, make sure your employees can recognize a phishing attack if they receive one; there are tell-tale signs for almost all of them. Incentivize recognizing phishing attacks before they occur, either through a small rewards program or by making cybersecurity a part of your employees’ everyday job duties and performance reviews. Additionally, ensure your cybersecurity platform includes a SIEM solution with strong threat detection capabilities. Your enterprise can also benefit from an email security solution to prevent phishing attacks from reaching your inboxes.

Major Security Breach Discovered Affecting Nearly Half of All Airline Travelers

With the PNR and customer name at our disposal, we were able to log into ELAL’s customer portal and make changes, claim frequent flyer miles to a personal account, assign seats and meals, and update the customer’s email and phone number, which could then be used to cancel/change flight reservation via customer service. Though the security breach requires knowledge of the PNR code, ELAL sends these codes via unencrypted email, and many people even share them on Facebook or Instagram. But that’s just the tip of the iceberg. After running a small and non-threatening script to check for any brute-force protections, none of which were found, we were able to find PNRs of random customers, which included all of their personal information. We contacted ELAL immediately to point out the threat and prompt them to close the breach before it was discovered by anyone with malicious intentions. We suggested stemming the vulnerability by introducing captchas, passwords, and a bot protection mechanism, in order to avoid using a brute-force approach.

What is COBIT? A framework for alignment and governance

New concepts and terminology have been introduced in the COBIT Core Model, which includes 40 governance and management objectives for establishing a governance program. The performance management system now allows more flexibility when using maturity and capability measurements. Overall, the framework is designed to give businesses more flexibility when customizing an IT governance strategy. Like other IT management frameworks, COBIT helps align business goals with IT goals by establishing links between the two and creating a process that can help bridge a gap between IT — or IT silos — and outside departments. One major difference between COBIT and other frameworks is that it focuses specifically on security, risk management and information governance. This is emphasized in COBIT 2019, with better definitions of what COBIT is and what it isn’t. 

The report on the security analysis of radio remote controllers for industrial applications highlights notes the use of obscure, proprietary protocols instead of standard ones makes controllers vulnerable to command spoofing, so an attacker can selectively alter their behaviour by crafting arbitrary commands, with consequences ranging from theft and extortion to sabotage and injury. “The legacy and widespread RF technology used to control industrial machines is affected by serious security issues that impact several market verticals, applications, products and brands,” the report said. The researchers warned that currently and widely used legacy RF technology for industrial applications can be abused for sabotage of equipment, theft of goods by manipulating equipment and extortion by demanding payment to hold off or cease equipment interference.

Getting Started with PouchDB - Part 1

PouchDB is an open-source JavaScript NoSQL database designed to run offline within a browser. There is also a PouchDB server version that can be used when online. These two databases synchronize from one to another using a simple API call. You may also use CouchDB on the server to synchronize your data. A NoSQL database is storage where there is no fixed table structure as in a relational database. There are a few different methods NoSQL databases use to store data: column, document, Graph, and key-value pair. Of these, the most common are column and document. PouchDB supports document-oriented where data in the model is stored as a series of JSON objects with a key value assigned to each document. Each document in PouchDB must contain a property called _id. The value in the _id field must be unique per database. You may use any string value you want for the _id field. In this article, I am going to use a value that is very simple.

Quote for the day:

"Your talent and giftedness as a leader have the potential to take you farther than your character can sustain you. That ought to scare you." -- Andy Stanley

Daily Tech Digest - January 15, 2019

Coding, cloud skills are most in demand for network pros

Computerworld Tech Forecast 2017 - Hottest Tech Skills for 2017
The premise of incorporating development know-how with operations skills isn’t new and often falls under the umbrella of DevOps, a process methodology that encompasses software development and IT operations teams working more closely together from design to production. The benefits are said to include software that works better and as expected on the production network because the operations team shared insights with developers. ... Another network-specific security skill is traffic scrubbing. This quality of service prioritization puts filters in place to find offensive traffic, mitigate it and protect the remaining network without losing access to the Internet, CompTIA’s Stanger explains. Network professionals are being tasked by their CIOs to fulfill security roles in part due to trends such as IoT and cloud. Another factor only network managers could understand is the impending reality of IPv6.

Tick-tock: The year-long Windows 7 countdown by the numbers

windows 7 logo in the rear view mirror
36, the percentage of all Windows PCs that will run Windows 7 at its retirement, based on a rolling 12-month average of change tracked by Net Applications; that average was then projected into the future. The number has fluctuated significantly over the last two years, from a low of 29% to nearly 40%. It's also the maximum number of months Microsoft will offer corporate customers "Windows 7 Extended Security Updates" (ESU) after the January 2020 support retirement. The extended support will be available only for PCs running Windows 7 Professional or Windows 7 Enterprise, and then only if those operating systems were obtained via a volume licensing deal. Microsoft will discount ESU for customers who also have Software Assurance plans in place for Windows or have subscriptions to Windows 10 Enterprise or Windows 10 Education, including the Microsoft 365 subscription. Windows 7 ESU will be sold in 12-month increments, with as many as two extensions of the additional-support plan.

What you must know about moving ERP to the cloud

What you must know about moving ERP to the cloud
The migration of critical business applications is happening right now for several reasons. First, hardware leases are up for renewal, or upgrades need to occur to move to the next generation of ERP or other critical applications. So, the ERP providers are showing up with new software and new compute requirements that are also growing, and this means more hardware procurement and data center space for IT. That cost is becoming prohibitive. With today’s public cloud alternatives, the issue is not if you think cloud is safe or not, it’s that you can’t afford the on-premises alternative. Second, the sky has not fallen. A few years ago, naysayers predicted outages, breaches, the Zombie Apocalypse, and so forth as a consequence of cloud migration—none of which happened at a noticeable scale. So, those who pushed back on cloud computing based on the impending-doom argument are no longer listened to, or they were moved out of IT leadership.

Robust data governance is key for machine learning success

Industry pundits speculate about machine learning algorithms being a potential ‘Black Box’, primarily due to the scepticism around trusting an ecosystem which exhibits limited transparency to its data compliance and decision making processes. The global data analyst community has helped design semi or fully-automated analytics systems that are AI or ML driven. However, the core and often-niggling issue of data quality may always prevail. Add to this, the multifarious and disparate data sources, immense data volumes, and unstructured data types that augment the already existing data management problems, especially those relating to data governance. As ML gains momentum and continues to be at the forefront of transforming the way organizations operate, it may be advisable to exercise some caution. In the absence of robust data governance processes, the zeal to allow ML to take over the decision-making process entirely has the potential to unleash some critical issues – unreliable and misleading information and unexpected expense overheads.

Tech usage in school more likely in UK than Germany

Darren Fields, regional director of UK and Ireland at Citrix, said the UK is making progress in the promotion of science, technology, engineering and mathematics (Stem) subjects, but that more needs to be done to keep ahead of growing skills gaps. “As a nation, it’s critical that we continue to invest in future generations, encouraging greater engagement with technology and creating a culture whereby young people are eager to get involved with and learn more about Stem subjects,” he said. “Employers currently report a significant tech skills gap, and the next generation of tech-savvy workers will be vital in helping to close this.” Fields highlighted the need for ensuring the UK is producing the technology talent to match the UK’s technology “ambitions”, and said education is the “start of the pathway” for ensuring this outcome.

How Employees of the Future Will Be Different

"The employee of the future might have many careers, skill sets and expertise she wants to pursue--all at the same time," says Wong. "Her 'boundless self' means that that she might be more interested in creating an increasingly complex, non-linear career journey, filled with her many interests and experiences. [...She] may no longer imagine herself in one role, company or career track for the rest of her life; instead; she might look to reinvent both herself and her career continuously, often at the same time." ... "Traditionally, employees have experienced much less flexibility in how they work, collaborate, and communicate. But for the employee of the future, endless choice in how, where, and with whom they work will increasingly be the norm. This can create anxiety on how to make the right choice. So, companies should seek to help these employees navigate the sea of options by offering clear and simple guidelines or ways to navigate to the best decision."

5 Important Augmented And Virtual Reality Trends For 2019 

5 Important Augmented And Virtual Reality Trends For 2019 Everyone Should Read
Computer vision – an AI (artificial intelligence) technology which allows computers to understand what they are “seeing” through cameras, is essential to the operation of AR, allowing objects in the user's field of vision to be identified and labeled. We can expect the machine learning algorithms that enable these features to become increasingly sophisticated and capable. The Snapchat and Instagram filters we are used to, to, e.g. overlay bunny ears and cat whiskers on selfies, are a very consumer-facing application of AI tech combined with AR. Their popularity in these and various other applications of image enhancement functionality isn’t likely to dwindle in 2019. For more scientific use cases, there’s Google’s machine learning-enabled microscope to look forward to, which can highlight tissue which it suspects could be a cancerous tumor growth as a pathologist is looking at samples through the viewfinder. VR is about putting people inside virtual environments and those environments – and their inhabitants – are likely to become increasingly intelligent over the next year.

Artificial Intelligence: Bright Future or Dark Cloud?

There is a fierce debate on campuses and in boardrooms about the life-altering effects of AI. Elon Musk has warned of a “fleet of artificial intelligence-enhanced robots capable of destroying mankind”, while Larry Page of Google and Alphabet foresees advancements in human progress. I believe there is merit in both arguments, and the good news is that we have time to shape AI in a positive direction. In human terms, we are in the toddler stage in the development of AI--a period of rapid neurogenesis. A child’s early years are shaped by external stimuli like pictures, music, language, and of course, human interaction. The result of this neurogenesis will determine a person’s intelligence, compassion, thoughtfulness and, importantly, capacity for empathy. Similarly, for AI to evolve in a positive direction, we need to involve the humanities, law, ethics as well as engineering. We need diversity of thought amongst the people working on these solutions. I know others share this view.

API integration becomes an enterprise priority

The pre-built integration templates in API integration products bring quick connectivity between previously siloed cloud applications. These packaged integrations also help with self-service deployment for line-of-business employees, increasing the speed and reducing labor costs of integration. Those attributes led Humantelligence, which offers an AI-driven recruiting and culture-analytics platform, to adopt API integration. Juan Luis Betancourt, Humantelligence's CEO, sought automated integration capabilities to connect the company's app environments with customers' cloud and homegrown apps, particularly their applicant-tracking applications. After evaluating five products, Betancourt implemented Jitterbit Harmony iPaaS. This API integration platform helps his company quickly connect SaaS, on-premises and cloud applications. "The iPaaS solution provides the built-in integrations and automated tools we need to navigate the complexities of API integration," he said.

Insider threats will dominate cybersecurity trends in 2019

The proliferation of SaaS applications is giving insiders more ways to exfiltrate data, and this trend shows no signs of slowing down – in fact, SaaS spending is expected to double by 2020. Accidental and purposeful exfiltration insiders will take advantage of multiple new channels to exfiltrate data and hide their tracks ... Insider threat statistics from the Ponemon Institute show that two out of three insider threat incidents happen by accident. While malicious insider threats tend to capture more of the headlines, far too many incidents are accidental and could have been prevented. Organizations will take more initiative to gain insight into the context behind insider threat incidents, including user intent. This level of context can help cybersecurity teams stop user mistakes before they become full-blown breaches. As such, more organizations will adopt ongoing insider threat training as a company-wide cybersecurity awareness initiative

Quote for the day:

"No persons are more frequently wrong, than those who will not admit they are wrong." -- Fran├žois de La Rochefoucauld

Daily Tech Digest - January 14, 2019

Right to be forgotten is not global, says EU court adviser

Szpunar said in his opinion that Google “is not required, when acceding to a request for de-referencing, to carry out that de-referencing on all the domain names of its search engine” and that it only had to “ensure full and effective de-referencing within the EU”. Peter Fleischer, senior privacy counsel at Google, said in a statement: “Public access to information and the right to privacy are important to people all around the world, as demonstrated by the number of global human rights, media and other organisations that have made their views known in this case. “We have worked hard to ensure that the right to be forgotten is effective for Europeans, including using geolocation to ensure 99% effectiveness.” Richard Cumbley, partner and global head of technology at UK law firm Linklaters, said this important case pits fundamental rights to privacy against freedom of expression and highlights the continuing conflict between national laws and the internet. There are a number of risks in extending the right to be forgotten globally, including the risk that other states would also try to suppress search results on a global basis.

Phishing: The simple attack that shreds the defenses of sensitive networks

Many organizations focus their cybersecurity strategy on threat detection and buying tools to detect the most advanced threats. Email security, and therefore antiphishing, then typically becomes a lower priority and is usually delegated to junior staff. As is evidenced by this cyberattack, which was allegedly conducted by one of the most sophisticated threat actors in the world, the simplest attacks can have the most damaging outcomes. Due to their manipulative nature, phishing emails are quite difficult to detect and block. They target their victims by masking malicious links and attachments to mimic routine tasks or urgent requests. The attacker may sit in your network for months, observing the comings and goings of company correspondence to craft the perfect personalized email that fools even experienced S&R pros.

Overcoming imposter syndrome: How managers can boost employee confidence

"Any time you have an employee who's feeling like they don't belong, the first thing is to just focus on frequent feedback, and certainly affirmative and positive feedback to let them know where they are doing a great job and that their contribution is valued," Romansky said. Once you've provided that affirmation, then help the employee look forward, Parr recommended. Some employees are confident in their current abilities, but may not be as confident in accomplishing future goals or challenges. Ask the employee where they want their career to go and what they want to accomplish, and then help them formulate a direct, specific, and logical approach to achieve those goals, Parr said. "There is then no impostor syndrome to deal with because you've already explained what the exact actions are that you're going to take," Parr added. "So stop thinking that you are not good enough when you now have a clear roadmap to get there."

Yes, Henry David Thoreau Was an Industrial Innovator

Thoreau’s story is instructive, Henry Petroski tells us in The Pencil: A History of Design and Circumstance, “because it is a reminder that innovative and creative engineering was done by those who were interested in a wide variety of subjects beyond the technical. Whether or not they had college degrees, influential early-nineteenth-century engineers could be a literate lot, mixing freely with the most prominent contemporary writers, artists, scientists, and politicians. And this interaction hardened rather than softened the ability of the engineers to solve tough engineering problems.” In the modern, teamwork-obsessed workplace, Thoreau might not seem the ideal hire. He was probably happiest by himself, as in his cabin at Walden Pond, or in his room, writing. But he had a keen eye — and no patience — for folderol, a trait perhaps too rare in today’s corporations. And he would be the last person in the world to succumb to groupthink. What could be more valuable than a brilliant and brutally honest individual you can always trust to tell you the unvarnished truth?

Microsoft takes community approach to artificial intelligence in Sweden

Microsoft’s engagement with customers who are developing apps is enhanced through its software development kits (SDKs), which are often free, enabling the creation of platforms where developers can contribute ideas. “You can ask questions and provide feedback,” said Otel. “This is a brilliant way for Microsoft to engage with the customer. Customers can share experiences and contribute features they have developed. They can also suggest features that they would like to have. In this way, it is possible for Microsoft to engage closely with its developer community. Together we build new use cases.” Microsoft can work with developers that are building applications or directly with end-users, and all users build products via Microsoft’s technology. “We see a lot of very interesting new players here in Sweden,” said Otel. “The economic situation in the Nordics is very good at the moment, so this could be a perfect time to start exploring whether you are interested in starting your own AI business.”

AI Speaks – A Call With The Disruptor

With the average user touching their smartphone over 2600 times every day, it is evident that smartphones currently process multiple functions to produce the result as desired by the user. Artificial Intelligence makes it possible for assessing these functions and procuring a pattern that best fits an individual’s personalized mobile phone consumption requirements. This includes efficient RAM and memory allocations, thus decluttering data to deliver a seamless user experience. Additionally, this pattern can include thorough battery management in order for smartphones to deliver optimum results. In fact, smartphone users have been vocal about bringing Artificial Intelligence into the picture for improving battery management. At this rate, 2019 is expected to witness AI-led battery management features being introduced in the mid-range mobile phone segment and under the 10K segment as well. Soon, this concept of machine perception will enable smartphone sensors to learn, plan, and solve real-time problems for their users.

What is a CISO? Responsibilities and requirements for this vital leadership role

intro woman leadership leader executive cityscape vision
Technical knowledge isn't the only requirement for snagging the job — and may not even be the most important. After all, much of a CISO's job involves management and advocating for security within company leadership. IT researcher Larry Ponemon, speaking to SecureWorld, said that "the most prominent CISOs have a good technical foundation but often have business backgrounds, an MBA, and the skills needed to communicate with other C-level executives and the board."  Paul Wallenberg, Senior Unit Manager of Technology Services at staffing agency LaSalle Network, says that the mix of technical and nontechnical skills by which a CISO candidate is judged can vary depending on the company doing the hiring. "Generally speaking, companies with a global or international reach as a business will look for candidates with a holistic, functional security background and take the approach of assessing leadership skills while understanding career progression and historical accomplishments," he says.

Good data in, good data out: How innovation in technology has evolved

If you think about security organizations before, they were the organization of no. They were Dr. No. You ask, you want to do something, no, we're not gonna be able to do that. The most secure system is one that is not open, that's one that's not connected. Moving from that, we, I think at a very fast pace, jumped into the consumerization of IT, right? That means being driven by IT, by consumers. People wanting to have more access, people having that access. Even though businesses were not capitalizing on technology, the consumer population and their personal lives were able to capitalize on technology. That gives us a different feel in trajectory and pace. My career trajectory has spanned over 20 years, it has definitely moved very quickly throughout each of the phases of technology and now, when we think about internet things, when we think about AI and machine learning and the possibility that it has for us, we don't have the same bounds as we used to. We don't have the same resistance as we used to because I think we've learned that we can't have that amount of resistance.

Scaling a Distributed Stream Processor in a Containerized Environment

Stream Processors are software platforms that enable users to process and respond to incoming data streams faster. There are a number of stream processors available in the market to choose from. Flink, Heron, Kafka, Samza, Spark Streaming, Storm, and WSO2 Stream Processor are some examples of open source stream processors. Real-time operation of stream processors is critical to provide a high-quality service in terms of system performance. Most of the modern stream processors can handle 90% of the streaming use cases with few computer nodes. However, with time, due to business expansions most profitable businesses have to handle increasing amounts of workloads. Hence the chosen stream processor requires to be capable of scaling and handling larger workloads easily. Increasingly, stream processors have been deployed as Software as a Service (SaaS) in cloud computing systems. Some notable examples include Amazon Kinesis Data Analytics, Microsoft Azure Stream Analytics, Google Cloud Dataflow, etc.

Capturing images from camera using Python and DirectShow

OpenCV provides some basic methods to access the camera linked to the PC (through the object VideoCapture), but most of the time they aren’t enough even for a simply prototype. For instance, it’s not possible to list all the cameras linked to the PC and there isn’t a quick way to tune the parameters of the camera. Alternatively, you can use PyGame or the SDK provided by the camera manufacturer, if available.  In Windows to interact with the cameras it’s often used DirectShow. Its main strengths are: Almost any camera provides a driver that allows it to be used from DirectShow; It’s a technology well established and widely used; and It’s based on the COM framework, so it is designed to be used from different programming languages. Conversely, it’s a quite old technology that is being replaced by the Windows Media Foundation and Microsoft is not developing it anymore. But it’s not a bit deal because it’s has all the features needed and it’s used in so many applications that (in my opinion) Microsoft will keep it available for a long time.

Quote for the day:

"Successful leadership requires positive self-regard fused with optimism about a desired outcome." -- Warren Bennis