Daily Tech Digest - December 18, 2018

The banking CFO’s future looks promising, but there are barriers to success. Banks have been relatively late adapters of some important new technologies; for example, nearly half (43%) of banks told us they do not have a cloud strategy in place or have only started to implement basic cloud practices. Bank CFOs often need to work around a legacy architecture that hampers access to big data and makes it more difficult to plug in analytics, perform stress-testing and satisfy regulatory demands for high-quality, comprehensive data. The to-do list for banking industry CFOs is a long one – they must demonstrate the benefits of technology in their own functions, recruit data scientists and other needed talent to new roles in finance, and champion innovation throughout the organization. But, as respondents told us, there has never been a more exciting time to work in finance. The digital transformation of banking should position CFOs not only as trusted advisers but as the developers of new sources of value for their organizations.

An Interview with Greg DeArment, Head of Infrastructure at Palantir

Modern applications are developed to run in “containers”, a way of packing applications and necessary dependencies in a portable, standardized format. This makes deploying easier and more repeatable across environments than deploying software directly on bare bones operating systems. Enterprise architects and developers are probably familiar with the container solution Docker, but there are many others and even a standard for containers called OCI for Open Container Initiative (OCI). Whatever the container solution, there is a need for better orchestration and management of the containers. This is where Kubernetes comes in. ... Most open-source compute platforms today, such as Hadoop Yarn, lead to a trade-off between security and robustness of the toolset users have at their disposal to empower their business. With Kubernetes, we can enable Foundry users to work with the tools of their choice without compromising the security posture of the platform and putting at risk the security of our customers’ data. 

What’s Changed? The Gartner 2018 SIEM Magic Quadrant
Gartner readjusts its Magic Quadrant evaluation criteria, usually in response to market changes, each year. Therefore, vendors who appeared in the MQ report one year may not return for the next one. By the same token, vendors who once did not make the cut in a previous report may find themselves on the next iteration.  Gartner’s states in its report that a vendor’s appearance or disappearance from the quadrant is not a reflection of a change in quality or in opinion, but simply a result of market changes and updated inclusion criteria.  LogPoint made the cut for the 2018 SIEM Magic Quadrant, having met all of Gartner’s inclusion criteria. By the same token, three vendors who previously appeared did not meet the inclusion criteria in this year’s report. Gartner excluded Trustwave and FireEye, as both vendors shift focus from SIEM to managed services and platforms. In addition, Micro Focus (NetIQ) Sentinel lost Gartner’s coverage as the vendor focuses on its ArcSight product instead.

Warding off security vulnerabilities with centralized data

Centralizing information also means that no information should be stored on local devices. USB keys are one of the biggest offenders. These devices are often lost or stolen. In late 2017, a USB stick with highly confidential Heathrow Airport security data was found on the street. The drive’s files included detailed airport security and anti-terror measures. Moreover, people tend to use USB keys that they’ve gotten for free from conferences. It’s possible that these devices have been intentionally infected with viruses. A security event in Taiwan recently awarded quiz winners USB sticks that contained malware designed to steal personal information. That’s not all, the list of USB drive-related incidents goes on. There is also the possibility that your phone or laptop will be lost or stolen. Those odds become even greater when you’re traveling or running between meetings, events, and other appointments. If you have all of your files saved directly on your physical laptop or phone, you’re presented with an obvious problem.

Network Innovation or Iteration? – A Matter of Perspective

Enterprises have taken notice of what the web scale providers, like Amazon, are achieving, and want to duplicate those strategies. The problem is, most companies do not have teams of developers to build custom network infrastructures, nor the resources to support them. In addition, the network traditionally is not included as a key part of the core business plan. Rather, the network is just one of many tools in IT’s toolbox, often deployed ‘out of the box’ and relied upon to perform and support the demands of the business.  So, while they want the same network agility and manageability the web scale companies enjoy, enterprises struggle to achieve agility and performance based on the available iterations of technology presented to them by known vendors. In addition, network innovation presents an exceptional challenge due to the silos created around network roles and the need for IT staff to manage the network. Because of this isolation, it is easier to pass through iterative solutions as new and continue the cycle of inefficiency.

New chip techniques are needed for the new computing workloads

New chip techniques are needed for the new computing workloads
Intel has designed a new approach. Called Foveros, it allows many different chips built with different technology “nodes” and of different functionality to be stacked on top of each other with very fast communications between them. It also has sufficient power and heat transfer to make the resulting device nearly as effective as a monolithic chip. This type of technology has always been attractive, but it’s only now that Intel has found a way to make its performance and cost of manufacture competitive. ... Some would say Intel is moving down this route because it lost its once two- to three-year advantage in process technology to more nimble players (e.g., TSMC). Certainly Intel has much to do to fix its process manufacturing problems. But many future chips will need circuits that don’t always lend themselves to the most modern process (e.g., FPGAs for AI programming, non-volatile memories, Input/Output and communications/5G), nor do well being embedded in massive monolithic system chips.

Does AI Truly Learn And Why We Need to Stop Overhyping Deep Learning

Whether neural network, Naïve Bayes or simply linear regression, data scientists train their machine learning models on carefully constructed piles of training examples then claim their algorithms have “learned” about the world. Yet, machine learning is in reality merely another form of machine instruction, different from purely expert manual coding of rules, but still guided, with the algorithms and workflows manually tuned for each application. Why does this matter? It matters because as we increasingly deploy AI systems into mission critical applications directly affecting human life, from driverless cars to medicine, we must understand their very real limitations and brittleness in order to properly understand their risks. Putting this all together, in the end, as we ascribe our own aspirations to mundane piles of code, anthropomorphizing them into living breathing silicon humans, rather than merely statistical representations of patterns in data, we lose track of their very real limitations and think in terms of utopian hyperbole rather then the very real risk calculus needed to ensure their safe and robust integration into our lives.

How Governments Are Adopting Blockchain and AI In Advanced Economies

How Governments Are Adopting Blockchain and AI In Advanced Economies Part 2
The government of Denmark is looking into the use of AI and the blockchain in digital identity, healthcare, business support and its welfare system. Denmark is one of those countries which have ensured that most of its service provision to citizens is done digitally. Indeed, 90% of Denmark’s governmental services are already being done digitally (Basu, 2017). But the people want more. Danish citizens are demanding even faster response and delivery times for government services. Denmark is also being forced into the blockchain evolution by the country’s population demographics. Denmark’s ageing population means that fewer younger people are available to get into the public service. Therefore, this is a classical case where augmentation of the human workforce using the blockchain and AI is desirable. For Denmark, this has become a necessity, even though it can be quite controversial. Denmark has a welfare system which caters to retirees, vulnerable groups and pensioners.

Brute force and dictionary attacks: A cheat sheet

Brute force attacks involves repeated login attempts using every possible letter, number, and character combination to guess a password. An attacker using brute force is typically trying to guess one of three things: A user or an administrator password, a password hash key, or an encryption key. Guessing a short password can be relatively simple, but that isn't necessarily the case for longer password or encryption keys—the difficulty of brute force attacks grows exponentially the longer the password or key is. The most basic form of brute force attack is an exhaustive key search, which is exactly what it sounds like: Trying every single possible password solution (i.e., lowercase letters, capital letters, numbers, and special characters) character by character until a solution is found. Other brute force methods attempt to narrow the field of possible passwords by using a dictionary of terms (which is covered in more detail below), a rainbow table of precomputed password hashes, or rules based on usernames or other characteristics known about the account being targeted.

Practical CIO: Agility, speed, and business alignment

IT leadership is becoming proficient in all aspects of the business, whether it's marketing, whether it's HR, whether it's legal, whether it's advertising, whether it's the medical side. You have to become knowledgeable on how to apply that technology to get those wins and put game changers, from an IT standpoint, into the business so that you get future growth, you get further merger and acquisitions, scalability and flexibility but, at the same time, keeping it easy and simple. Typically, it's through research. It's peers, other CIOs across the industry, in other industries as well and, in my background, I've been in several different verticals within IT and in leadership, so transportation, retail, insurance, and so bringing that background, some of that background, that experience within healthcare. IT is IT, but how you solve those problems, I think you can bring experience and expertise. You can apply those and get wins in other verticals as well.

Quote for the day:

"Increasingly, management's role is not to organize work, but to direct passion and purpose." -- Greg Satell

Daily Tech Digest - December 17, 2018

Dell XPS 13: The best Linux laptop of 2018

The system comes with 16GB of RAM. This isn't plain-Jane RAM. It's fast 2133MHz LPDDR3 RAM. It's backed by a 512GB PCIe solid state drive (SSD). To see how all this hardware would really work for a developer, I ran the Phoronix Test Suite. This is a system benchmark, which focuses primarily on Linux. This system averaged 461.5 seconds to compile the 4.18 Linux kernel. For a laptop, those are darn good numbers. When it comes to graphics, the XPS 13 uses an Intel UHD Graphics 620 chipset. This powers up a 13.3-inch 4K Ultra HD 3840 x 2160 InfinityEdge touch display. This is a lovely screen, but it has two annoyances. First, when you boot-up, the font is tiny. This quickly changes, but it still can lead to a few seconds of screen squinting. The terminal font can also be on the small side. My solution to this was upscaling the display by using Settings > Devices > Displays menu and moving the Scale field from its default 200 percent to a more reasonable -- for me -- 220 percent. Your eyesight may vary.

Using Microsoft Flow to connect Office 365 to Google's GSuite

Flow is an easy way of integrating applications adding basic business logic around a connection. You don't need to have a Flow-specific subscription to use it, as some of its features are available for free. Flow has a long list of available connectors, offering a mix of endpoints in both Microsoft and third-party services. Connectors are available for standard and premium accounts, with some — like Salesforce and ServiceNow — only available to premium subscribers. Luckily that doesn't affect anyone wanting to connect their Office 365 and GSuite services, as Office and Google endpoints are all part of the standard tier. Currently you'll find endpoints for Gmail, Google Calendar, Google Contacts, Google Drive, Google Sheets, and Google Tasks. Similar endpoints exist for matching Office 365 services, so you can map one service into another, with much of the functionality you need handled by triggers in the Office 365 Outlook endpoint.

CIO interview: Alan Talbot, CIO, Air Malta

Talbot says he has also dedicated time and resources to other significant technology projects, including the overhaul of flight operation systems with the introduction of best-of-breed technology from Lufthansa. Talbot also points to an integration project with Ryanair, whereby Air Malta now sells flights from the ryanair.com website.  “That project helped break the barrier when it came to proving the benefits of integration within our business,” he says. “Even the most tech-sceptical could see you can really change operations for the better. There’s a lot of pain and effort behind the scenes, of course, but the organisation is already seeing the benefits of transformation.”  Air Malta currently offers an additional 150 destinations through code-share agreements with a number of airlines. About 80% of all passengers are incoming to Malta, with most arriving for holidays.  The airline carries a sizeable amount of cargo each year, including valuables, perishable consignments, pharmaceuticals and microelectronics, and handles special cargo consignments.

Why data privacy professionals need a new approach to compliance

The first approach is a manual approach to identify and document personal data across your organization’s technology environment. This approach requires a significant amount of time to validate the data inventory and mapping. The second approach is the automated approach using data discovery and scanning tools to develop your data inventory mapping. This approach uses less effort to validate the data inventory and mapping, but could potentially miss shadow IT in your organization. If you take this approach, you may still need to ask the business units if they use any technology solutions that fall outside of the IT environment. Most organizations have already implemented a data retention and disposal policy and a retention schedule. Many organizations have already updated these two documents for GDPR; however, most organizations have difficulty disposing of data, even if they have an updated retention schedule.

Microsoft takes on Google Optimize with Clarity

Microsoft says the Bing team uses Clarity to delve into sessions that saw negative customer satisfaction and determine what went wrong. In a few cases, the team figured out that poor user experience was due to malware installed on the end user’s machine that was hijacking the page and inserting bad content. Clarity requires a small piece of JavaScript added to the HTML webpage (desktop or mobile) so it can listen to browser events and instruments layout changes, network requests, and user interactions. The instrumentation data is then uploaded to the Clarity server running on Microsoft Azure. Over on GitHub, Microsoft has open-sourced the JavaScript library that instruments pages. Session Replay is probably enough to pique a web developer’s curiosity, but Microsoft’s plans for Clarity are even more interesting. Literally called “Interesting sessions,” this feature will use Clarity’s AI and machine learning capabilities to help web developers review user sessions with abnormal click or scroll behavior, session length, JavaScript errors, and so on.

Low-code could change much more than just IT, according to exec

With low-code, the opposite is true: by allowing and encouraging users to help develop the system they need, it is possible not only to get everyone on side but also to maximise value as the original system is tweaked to help individuals at the ‘coal face’ do their job better. This is why the new wave of low-code solutions could truly revolutionise corporate IT, allowing businesses to harness the entrepreneurial spirit of their employees and escape the cycle of cumbersome IT procurement, compatibility issues and legacy systems. Everyone has this spirit – but it’s not always aimed in the right direction. Naturally, workers want to make their job easier, although even these solutions can be ingenious and useful: Think of the bottling plant that installed a state-of-the-art system to detect unfilled plastic bottles making their way into the final crates. When managers went to investigate why the system never sounded the alarm, they found an employee had placed a fan next to the conveyor belt, blowing any empties into a convenient bin, before they reached the new sensors. Why?

Seven Ways Artificial Intelligence Will Impact Future Workplaces

As a cause, AI is resetting how we think about human labour. At this point in time, very few people really know how AI will impact organisations or how quickly AI will replace, modify or destroy jobs. Business leaders are confronted with the challenge of unpredictable future headcounts and traditional rules of thumb for forecasting labour needs are no longer valid. As AI platforms become more sophisticated, they will eventually start managing workflows and job creation in organisations (they already are in some leading organisations). Ultimately, these platforms will be better equipped than humans to understand headcount volatility and predict long-term trends, allowing for smarter real estate strategies. AI will not stop unpredictability – just help us understand and manage it better. So, AI is causing us headcount headaches today, but it will take time before AI steps in to help sort out the problem it has created.

Simplifying Blockchain Security Using Hyperledger Ursa

Ursa’s primary objective is to simplify and consolidate cryptographic libraries in a trusted, consumable manner for use in distributed ledger technology projects in an interoperable way.  Within Project Ursa, a comprehensive library of modular signatures and symmetric-key primitives will be available so developers can swap in and out different cryptographic schemes through configuration and without having to modify their code. In addition to this base library, Ursa will also include newer cryptography, including pairing-based, threshold, and aggregate signatures. In addition to these signatures, zero-knowledge primitives including SNARKs will also be included.  Blockchain security is highly dependent upon cryptographic operations, but for developers, choosing the correct implementation is a challenge.

Can Algorithms Run Things Better Than Humans?

The exponential growth of digital sensors, computational devices, and communication technology is flooding the world with data. To make sense of all this new information, Danaher observes, humans are turning to the impressive capabilities of machine-learning algorithms to facilitate data-driven decision making. "The potential here is vast," he writes. "Algorithmic governance systems could, according to some researchers, be faster, more efficient and less biased than traditional human-led decision-making systems." Danaher analogizes algocracy to epistocracy—that is, rule by the wise. And epistocracy is not too dissimilar from the early 20th century Progressive idea that corruptly partisan democratic governance should be "rationalized," or controlled by efficient bureaucracies staffed with objective and knowledgeable experts. If rule by experts is good, wouldn't rule by impartial, infallible computers be better?

NHS and technology: Making the case for innovation

The NHS has tried to fix this before, with the giant National Programme for IT, which attempted, at massive cost, to build gigantic systems that could work across the entire health service. It failed. Since then there has been something of a backlash against centralised systems, but this in turn has made it hard for the NHS bodies to communicate across boundaries -- something which brings new risks, as Hancock bluntly pointed out: "A world in which we ask an ill patient many times over for their name and address is a problem. A world in which a hospital can't pull up a patient's GP record is downright dangerous. So our systems need to be able to talk to each other." The bigger problem is that, while NHS spending continues to rise, it's still being outpaced by increased demand for services. The population continues to grow, and while we're living longer we're also more likely to have multiple, expensive, long-term conditions for doctors to treat.

Quote for the day:

"When we lead from the heart, we don't need to work on being authentic we just are!" -- Gordon Tredgold

Daily Tech Digest - December 16, 2018

Is This The End Of Blockchain?

However, a recent study into 43 initiatives reported that despite a great number of promises and convincing arguments, none of the projects have been able to show that they have been able to use blockchain technology to achieve their objectives. With Bitcoin and other cryptocurrencies steadily losing value during 2018 – as much as 80% compared to their peaks last year – is it time to admit that the great experiment with decentralized, distributed ledgers has failed? Whenever any new technology emerges which has the potential to shake things up, the loudest noise will be made by those selling it. ... Beyond that, Blockchain has other fundamental barriers to adoption. One of these is the fact that it isn't always easy to explain to someone what's so revolutionary about blockchain. Sure, it allows us to keep secure records of transactions – but so do other conventional databases if properly secured with cryptography.

What Machine Learning Can Learn From DevOps

The hardest thing that any organization can do: change the culture. In the case of ML engineers and data scientists, some cultural aspects can impact a lot, but the most compelling one I have seen is related to the background of the professionals. The majority of them have a very academic background, meaning that they are used to spending long periods working on one problem until it is good enough to be accepted in a publication. The bar there, to be good enough, is extremely high, not just on some metrics but also on the design of the experiments, mathematical rigor, and so on. In a business context this is important, but less so... That means that it is OK to publish a model with 60% accuracy and have it on a deployable state. It is better to have that ready and consider putting it in production today, than waiting months to have something "good enough".

Internet of Things – Will Humans be Replaced or Augmented?

Human-computer symbiosis denotes the collaborative interaction between human beings and computers. In the context of IoT, a symbiotic human-computer relationship will emerge when IoT collects the data and AI tools perform the routine data calculations based on criteria determined by humans and prepares the insights to perform evaluations and make decisions. The basic assumption of human-computer symbiosis is that computers and human beings have complementary strengths and problem-solving capabilities. Intelligence is augmented when we optimize the computational power of computers and IoT with the cognition, intuition and “common sense” of human beings. Augmented Intelligence is not a new concept, and it is akin to Human Computer Research on Human Computer Interaction (HCI), but IoT is a new domain for research in HCI. Interestingly, HCI researchers have always warned about the simplistic nature of AI, which views human beings as perfectly rational machines.

Blockchain and the GDPR: Addressing the compliance challenge

The NIST and the EUBOF papers also raise an important threshold question: Does one need to use a blockchain system at all? The NIST report recommends evaluating a couple of factors before deciding to use blockchain technology, including to choose a blockchain type: permissioned or permissionless. Each has its strengths and weaknesses, but for private companies looking for increased GDPR compliance, NIST recommends a permissioned solution. To address the key issues highlighted in the NIST and the EUBOF reports and satisfy privacy compliance requirements, one may want to carry out a data protection impact assessment alongside an initial information-security risk assessment. However, the European Data Protection Board disagrees, stating that the use of new or innovative technology in itself does not trigger the need to conduct a DPIA.

How Python made it big at Microsoft

Microsoft continues to fascinate because it offers an exceptionally rare example of a company that has managed to completely change its culture, turning that cultural change into significant revenue for the company. In the story of how the company came to embrace Python, despite that "Python was a language that belonged to other people, and so Microsoft was not interested," we can learn a lot about how change can happen within a big company. Today, Python is "one of the essential languages for services and teams to support, as well as the most popular choice for the rapidly growing field of data science and analytics both inside and outside of the company," as Microsoft engineer Steve Dower wrote in one of Microsoft's new Open Source Stories posts. But just eight years ago, Python's footprint within Microsoft was a few scattered engineers who cared about the open source language, with most of the company giving it a Redmond shrug.

New Legal Framework in Switzerland Gives Boost to Blockchain

New Legal Framework in Switzerland Gives Boost to Blockchain
Swiss law adheres to several know-your-customer (AML) and anti-money laundering (AML) guidelines common among financial hubs. However, they still have room to improve as they are known for a “lack of adequate regulation of some potential means of facilitating money laundering.” This is even more urgent considering the anonymous nature of cryptocurrencies. Still, Switzerland is poised to take on the challenge of blockchain technology. According to the Heritage Foundation’s 2018 Index of Economic Freedom, Switzerland ranked 4th, demonstrating its initiative in promoting economic development based on “rule of law, government size, regulatory efficiency, and open markets.” This latest move ensures Switzerland’s place as a promising option for companies and developers interested in pursuing blockchain development.

Best practices for IAM in the public cloud

The best way to understand the best practices around IAM is to walk you through an example. The first step is, if you use IAM or not, you create an account on your cloud provider’s platform, and that account is yours. All other users do the same. However, in order to provide the best integration, users in your company need to be authenticated in your corporate network, and then they don’t want to sign in again. Thus, their identities are federated between the user directories that exist on premises, and the user directories that exist within your public cloud provider, sometimes providers.  So, now that we understand who is using the system, their identities, and we can federate those identities between cloud and on-premises directories, we need to manage those identities as to what groups of users can do, as well as single users. Groups in the world of IAM are simply collections of IAM users.

Blockchain Beware: DAG And Block Lattice Are Here

Blockchain Beware DAG And Block Lattice Are Here Nano IOTA Holochain
Often cryptocurrency is heavily associated with blockchain, but there are other protocols and platforms in the broader realm of decentralized and distributed technology.Some examples of alternative cryptocurrency infrastructure include Directed Acyclic graphs (DAG), distributed hash tables (DHT), and block lattice, among others. In this article, we discuss three cryptocurrency projects that do not use blockchain as their core protocol:Nano, Iota, and Holochain. These projects explore scalability, data storage, consensus among nodes, and improving transaction processes. ... Unlike the blockchain, IOTA utilizes a Tangle, which in which each transaction references two previous transactions and stores them on the DAG. When a new transaction occurs, it must approve two previous transactions on the ledger, so users must work to approve other activity on the network.

Q&A with Christoph Windheuser on AI Applications in the Industry

Data is the foundation of any machine learning algorithm. For supervised learning like backpropagation, you need a significantly higher number of training patterns than you have parameters which you optimize (weights) to achieve a good generalization of your network. And for deep learning models with a high number of layers and a high number of units per layer, the number of parameters can easily go into millions, which requires an even bigger amount of training patterns for a successful training. For supervised learning, the training pattern requires labels (for example, the right classification of this pattern), which usually have to be curated by hand. Additionally to that, the data pattern has to be brought into the right form to be digested by the learning algorithm. This means, that the right features have to be extracted from the training data.

What Developers Need to Know about Blockchain

What Developers Need to Know about Blockchain
Broadly speaking, blockchain applications fall into two categories: The first consists of applications that are written and deployed in a conventional way on a single server (or a cluster of servers inside a single data center), but that read or write data from a blockchain. You might, for example, write an application for managing inventory and use a blockchain to store the data. These types of applications essentially use a blockchain as a database, but otherwise operate as a normal application; The second category includes applications that are actually executed on a blockchain. As noted above, some blockchains, such as Ethereum, are constructed using decentralized networks of computers that provide not only storage resources, but also compute resources. ... This type of application, which is called a decentralized application (or DApp), makes it possible to construct entirely new deployment architectures.

Quote for the day:

"Your most important task as a leader is to teach people how to think and ask the right questions so that the world doesn't go to hell if you take a day off." -- Jeffrey Pfeffer