June 30, 2014

How to protect yourself against privileged user abuse
One way to tackle it is by focusing on Privileged User Monitoring and Access (PUMA), which relies on monitoring human behavior to determine the context of the behavior and people's intent as well as automated tools such as video replay to keep an eye on privileged user activities. Monitoring human behavior is especially important with privileged users because they often have the know-how to cover their tracks, a feat that becomes much harder with video replay and other technologies that can have a deterrent effect by their presence. If privileged users know you're monitoring their activity, they're less likely to behave badly.

As Technology Changes ‘Everything,’ Don’t Forget About People
Technology companies, in particular, will need to change the ways in which they utilize their talent. For many decades, there was one way to access talent — by hiring it. Today, workforces are flexible and may be spread across time zones and continents. Knowledge workers still contribute as employees on company payrolls, of course. But increasingly, they are just as likely to collaborate on a specific project as partners or as subject-matter experts sharing knowledge within cross-functional or cross-industry groups.

The Internet Of Things Will Need Millions Of Developers By 2020
It's standard to size a market by the number of widgets sold, but in the Internet of Things, which numbers sensors and devices in the billions, widget counts don't really matter. In part this is because the real money in IoT is not in the "things," but rather in the Internet-enabled services that stitch them together. More to the point, it's because the size of the IoT market fundamentally depends on the number of developers creating value in it. While today there are just 300,000 developers contributing to the IoT, a new report from VisionMobile projects a whopping 4.5 million developers by 2020, reflecting a 57% compound annual growth rate and a massive market opportunity.

8 ways the password is dying
Google's massive I/O conference was chock full of trends and portents, but one of the most intriguing messages to trickle out of the show was far more subtle than the Android-everywhere blitz: Google is finally making good on its quest to kill the password. Every single major platform Google promotes declared war on the password in some fashion. And Google's far from the only company to come up with interesting authentication alternatives to memorizing long codes of numbers, letters, and special characters. From digitized tattoos to Bluetooth trickery and beyond, here's how big names like Google, Apple, Samsung, and others are trying to kill the password.

10 Breakthrough Innovations That Will Shape The World In 2025
No more food shortages and no more food-insecure people. The innovation? Lighting. "In 2025, genetically modified crops will be grown rapidly and safely indoors, with round-the-clock light, using low energy LEDs that emit specific wavelengths to enhance growth by matching the crop to growth receptors added to the food’s DNA," the report says. "Crops will also be bred to be disease resistant. And, they will be bred for high yield at specified wavelengths."

How Capgemini's UK financial services unit helps clients manage risk using big data analysis
When Capgemini's business information management (BIM) practices unit needed to provide big data capabilities to its insurance company customers, it needed to deliver the right information to businesses much faster from the very bottom up. That means an improved technical design and an architectural way of delivering information through business intelligence (BI) and analytics. The ability to bring together structured and unstructured data—and be able to slice and dice that data in a rapid fashion; not only deploy it, but also execute rapidly for organizations out there—was critical for CapGemini.

OWASP Top 10 Risks: #1: Injection
For a number of years now, OWASP have been publishing a list of the Top 10 Application Security Risks for developers to use to be more responsible with their applications. The words “responsible” and “software developer” are not words you hear together to often. But in the day of online banking accounts, personal profiles and online shopping, software developers should be taking a more responsible approach to their craft. One way to demonstrate responsibility is being very well versed in the common security risks that online applications face. A way to achieve that is through the familiarity of the risks that have been identified in OWASP’s Top 10 list and the information they provide for identifying and recommended countermeasures.

Smartwatches at work: Boon or bane for IT?
Many smartwatches, including the Samsung Gear 2 that went on sale in April, do have a fair amount of native storage capacity. So IT shops will have to be concerned with smartwatches as standalone computing devices, not simply as devices governed by management policies like Android Work in connected smartphones. Given that smartwatches are still evolving, several analysts said they remain unsure how popular or necessary the devices will have to be before they pose demands on IT.

Buying WAN optimization tools: What you need to know
If your data consists of alphanumeric data with repeated characters or spaces, you are virtually guaranteed benefits. On the other hand, if you are sending backup data that has been compressed before transmission (e.g., .zip archive files), WAN optimization compression probably won't help you. In fact, if the WAN optimization device blindly tries to compress everything, you might even see performance suffer. That's because you will incur latency as the WAN device tries to compress -- but doesn't succeed -- in shrinking your payload in any appreciable way.

How to Ideate? Be a Hunter
Hunters use dogs to flush out their quarry. They do this because of a scent hound’s profound sense of smell. You can’t smell a good idea but you can certainly sense it in other ways. If you put the time in you should start to notice a feeling you get when you’ve got a good idea. It’s inconvenience. You can notice it in someone else, but for passion/product fit it's a sensation that should be your own. Inconvenience makes an excellent compass. When you feel it, head in that direction. Ask "why?" Ask that often enough and you'll get a glimpse of the beast you're looking to snare. The idea won't yet be clear but the general outline of the problem should be apparent.

Quote for the day:

"The key to most difficulties does not lie in the dilemmas themselves, but in our relationship to them." -- David Seabury

June 29, 2014

Why We Should Love 'null'
null has been the cause for countless troubles in the history of software development. Today, 'null' and 'the billion-dollar mistake' are synonyms. Therefore some developers try to avoid null by using techniques such as 'return zero instead of null', the NullObject pattern or the Optional/Maybe pattern. Should you use these techniques in your source code? Do they lead to more reliable software? Or is there a better solution? These are the questions this article tries to answer.

Book Review: Integration Testing from the Trenches
The book posits early on that Integration tests are brittle and hard to diagnose, so they should not be used instead of unit tests, and that is the reason that continuous integration servers generally measure coverage of unit tests but not integration tests. Most of the time, Integration Testing is either crudely defined, wrongly understood or imperfectly used. In order to maximize the ROI, the most important guideline should be: the larger the SUT (System Under Test), the lesser the required code coverage

Governance of Agile Delivery
Critics say that Agile methodology is all about working in an unstructured way and for that reason, they believe that governing agile practices is always a challenge. While some of the Agile principles appear to support such criticism, there are many cases where organizations have successfully implemented processes and frameworks towards governance of Agile practices. Agile practitioners believe that because the agile methods are designed to be self-assuring, when practiced right, there exists built-in governance and accountability.

Unique Scrum Practices for a Better-Quality Product
Without making real improvements to software development practices, expecting a quality improvement is a sin. ... Do detailed design only for the code that you need to write for the sprint. There is additional effort spent on coming up with a generic design and generic reusable libraries. While they are good to keep for future use, it is critical to design only for the sprint's need. ... The team should be able to collectively own the entire code base. This means everyone on the Scrum team should know the code, to at least a certain level. It's OK to have an owner for the code, but it shouldn't be a black box for other developers in the team.

Operational Efficiency Identity Management Metrics
The idea behind this article is to discuss and classify specific metrics that indicate the need to adopt identity management practices and solutions. Although this list will not be exhaustive, it will provide most of the top identity management metrics that most companies will benefit from. Again we will break down the metric in the main drives for identity management as defined by my Top Reasons to Implement Identity Management. Note that for the purpose of this exercise we will cover drivers across identity provisioning as well as governance solutions, and the metrics are technology and platform agnostic.

From Software-Defined to Metadata-Driven
Software is eating the world! Every company is becoming a software company. If companies don’t, they cease to exist. Just imagine: you are a thermostat maker and suddenly you have Google as a competitor (via its Nest acquisition). This is just one of the many recent examples. Interestingly a lot of the innovations in the software industry are fuelled by abstraction and automation, concepts that are well-known in the Model-Driven Development (MDD) community. As the world is awakening to these concepts there is a clear opportunity (and need!) to bring MDD to a much broader audience.

Google Dumps MapReduce in Favor of New Hyper-Scale Analytics System
“We don’t really use MapReduce anymore,” Hölzle said in his keynote presentation at the Google I/O conference in San Francisco Wednesday. The company stopped using the system “years ago.” Cloud Dataflow, which Google will also offer as a service for developers using its cloud platform, does not have the scaling restrictions of MapReduce. “Cloud Dataflow is the result of over a decade of experience in analytics,” Hölzle said. “It will run faster and scale better than pretty much any other system out there.” It is a fully managed service that is automatically optimized, deployed, managed and scaled. It enables developers to easily create complex pipelines using unified programming for both batch and streaming services, he said.

God-Mode in Production Code
Takipi operates at the native JVM level, which allows it to detect and show you any form of exception or error in your code, regardless of whether it was thrown by the application code, the JVM, a 3rd party library, or how it was caught. You can see and sort through all the errors through Takipi’s dashboard which operates as a sort of spreadsheet for all the errors in your application. You can sort and filter them by the most recent ones, ones that have recently increased in volume, or by a specific type. When a new location in your code begins firing an error, Takipi will notify you by email. It also sends daily digests that summarize which new errors have been introduced into your code, and top errors across your cluster.

What is the job of Chief Information Security Officer (CISO) in ISO 27001?
ISO 27001 is written in such a way that it is applicable to companies of any size, in any industry, so requiring small companies to have a designated CISO would be overkill. Since ISO 27001 does not require the CISO, it does not prescribe what this person should do, either – so it is up to you to decide what suits your company the best. Generally, this person should coordinate all the activities related to securing the information in a company, and here are some ideas on what this person could do (divided by ISO 27001 sections):

Engineering Velocity: Continuous Delivery at Netflix with Diane Marsh
Netflix's Dianne Marsh told the story of the open source based tool stack supporting continuous delivery at Netflix. Very inspiring to see DevOps at work, although Dianne's remark that she "never had to argue a business case or think much about cost" caused some of us to wonder whether successful DevOps implemenations were dependent on unlimited budget availability...

Quote for the day:

"Lead and inspire people. Don't try to manage and manipulate people. Inventories can be managed but people must be lead." —-- Ross Perot

June 28, 2014

Preparing for the Internet of Things
What are you doing to prepare for the Internet of Things in your company? How are you going to handle connectivity of the new internet-enabled "things"? How will you handle the new bandwidth requirements from network-hungry devices? Are you prepared for the amount of storage required to maintain those devices? What about security concerns for new devices? And, how will you handle the significant amount of device and user management that's coming your way? You might not know the answers to any of these questions, but fortunately, you have colleagues who at least have taken their best guesses at it.

Why Android Wear is the new iPad
The consensus was wrong, and the erroneous judgments emerged because pundits lacked three things. First, they lacked personal experience -- most initial naysayers hadn't tried it yet. Second, they lacked the cultural context -- those who dismissed the iPad pretended that human nature and culture were irrelevant, and that consumer electronics exist in a vacuum somehow. And third, they lacked a broader vision -- the anti-iPad crowd couldn't imagine the influence of the iPad user interface on the larger world.

Introducing the Big Data MOPS Series
Consider these questions, for starters: On monetization: If data is deemed a corporate asset, what are we doing to monetize it?; On ownership: Beyond our corporate data, who owns the “big” data we can now pull in from the outside? If we don’t own it, can we still monetize it?; On privacy: What are we doing to protect the privacy of our customers’ data? Are we using “big” data to expose more about our customers without their knowledge, understanding or permission?; and On security: What are we doing to secure our data from corporate data breaches? One breach alone could bring an organization down to its knees. Permanently.

Games and the Internet: Fertile Ground for Cultural Change
In game theory, expectations of behavior have a critical effect on which of a number of possible equilibria actually occurs. If a person expects that everyone else will drive on the right, she will drive on the right also. If she expects everyone else to drive on the left, she will drive on the left. Everyone thinks this way. The right-driving equilibrium occurs because of the universal expectation that it will occur. If the universal expectation were left-driving, then left-driving would occur. In cultural affairs, expectations create the conditions for their own fulfillment.

Google’s Grand Plans: A Conversation With Larry Page and Sundar Pichai
I’m not trying to minimize the issues. For me, I’m so excited about the possibilities to improve things for people, my worry would be the opposite. We get so worried about these things that we don’t get the benefits. I think that’s what’s happened in health care. We’ve decided, through regulation largely, that data is so locked up that it can’t be used to benefit people very well. Right now we don’t data-mine health care data. If we did we’d probably save 100,000 lives next year. I’m very worried that the media and governments will try to stoke the people’s fears and we’ll end up in a state where we could benefit a lot of people but we’re not able to do that. That’s the likely outcome.

The Challenges of Flexible Work Trends
Today’s flexible work trends are the opposite of the trends of the 80’s and 90’s that emphasized efficiency and cost cutting: six-sigma, just–in–time, out–sourcing, the great moderation, and leverage buyouts. All of these strategies were about extracting more value from what was already being produced. While, today’s trends and technology place a premium on quality and cleverness over efficiency: typically by creating flexible work environments. However, today’s work trends are not without problems. We have created a flexible work environment at CAN and here are several of the challenges we have experienced.

Wearables in the enterprise: Unlimited possibilities
These functions that wearables could fill in the workplace are the first that come to mind but are by no means the only ones. Imaginative IT staff could find all sorts of uses for wearables that benefit the company. Google's SDK for Android Wear should be a good place to check for ideas and how to implement them. Wearables aren't restricted to smartwatches or smart cards as described here. There's no telling what forms wearables will ultimately assume, and no doubt some will be a good fit for the enterprise.

Svpeng Malware: Empty Threat or Cause for Alarm?
"When we dissected it we found that some of the claims were true," he says. "It was trying to clone devices, but the reality is it fell far short of its claims," Britton says. Yet others say it's still early and that the risks remain serious. When Svpeng — a piece of financial "ransomware" targeting Android devices —surfaced in the U.S., it appeared to be more destructive than any mobile banking malware that had come before it.  It scans for the presence of specific mobile banking apps, collects data about those apps and sends them to a central location. It also locks down a user's phone and demands ransom money to unlock it.

Data Modeling with Key Value NoSQL Data Stores – Interview with Casey Rosenthal
KV databases in general are moving toward co-existence with other styles of databases. Riak in particular is a solid highly available, fault-tolerant, scalable data platform. The KV database in Riak itself is the platform, a solid foundation, and in the future we at Basho will leverage that strength to provide other non-KV APIs to the developers. The large-object S3 and Swift APIs, for example, are already provided on top of Riak in the form of Riak CS. In Riak 2.0, we will be providing Solr API on top of the data platform. In future versions, we will expand the set of APIs offered on this platform.

Communicating Enterprise Architecture changes using ArchiMate 2
Enterprise Architecture Management means to address a number of stakeholder´s concerns regarding the company and its business, applications and infrastructure. Stakeholders are key roles of an organization (regardless of internal or external) who have specific concerns which depend on their role. Each stakeholder has a specific view on the organization (e.g. an auditor is focussing on compliance aspects, not on network bandwidth). ArchiMate, as a modelling language for Enterprise Architecture, offers viewpoints on the architecture for three specific purposes

Quote for the day:

“We’re living at a time when attention is the new currency." -- Pete Cashmore

June 27, 2014

Android TV gives Intel a new shot at the market after previous failures
Google and Intel will "work together to bring this platform and experience to market," Intel said in a statement. An Intel spokeswoman said more details about the partnership will be shared at a later date. It is likely that Intel will supply chips for TVs, set-top boxes and devices like Chromecast, analysts said. The goal is to put as many Intel chips as possible in more consumer electronics, which is a hot market right now. "You've got to be in consumer electronics, that's where everything is going on," said Jim McGregor, principal analyst at Tirias Research. The partnership is perhaps the best way for Intel to attack the TV market following previous failures, analysts said.

Dell Focuses On Security
With products such as CE, Dell hopes to bring enterprise-class security resources to small and midsized businesses. Pitched as turnkey products that take the complexity out of BYOD programs and other device and data-management challenges, Dell's Data Protection lineup exemplifies the company's ongoing effort to redefine itself as not only a PC and server manufacturer, but also a leading enterprise software player. Dell also announced Dell Data Protection Hardware Crypto Accelerator (HCA). Available on select Dell Latitude, Optiplex, and Precision PCs, HCA supports self-encrypting drives that make encryption keys inaccessible if a device is tampered with.

Using Big Data to Tackle Supply-Chain Demands
BriefingsDirect had an opportunity to learn first-hand how big data and analysis help its Global 500 clients identify the most pressing analysis from huge data volumes we interviewed Ernie Martinez, Business Information Management Head at the Capgemini Financial Services Global Business Unit in London. The discussion, at the HP Discover conference in Barcelona, is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions. Here are some excerpts:

Take control of the Command Prompt with PromptPal
For the life of me, I couldn't recall the name of the tool. However, after a bit of searching on the web, I was able to find it. Called PromptPal from Technology Lighthouse, I immediately downloaded the tool. After reacquainting myself with it, I soon discovered that the newest version of PromptPal provides all sorts of new features that really make it a nice addition to Windows 7/8.1 when working from the Command Prompt. Knowing that there are a lot of command-line junkies out there, I decided to write an introduction to some of my favorite features in PromptPal.

The Practical Science of Data Center Capacity Planning
Through it all, you need to apply the practical science of capacity planning to really create a powerful data center model. Key emerging industry trends toward Data Center Infrastructure Management (DCIM) and Software Defined Data Centers (SDDC) demonstrate a continuing need to look at the key balance between IT and communications and facilities management. Capacity planning brings together all the key resource and output factors that constitute a data center’s reason for commission and its means of fulfilling that. As critical resources become more expensive or scarce, being able to plan for future capacity requirements becomes more critical.

How to develop a consumer cloud services strategy
That's not to suggest you should give up your management and monitoring strategies, but you need to go beyond the traditional enterprise systems to know what your workers are doing. There are no easy answers here, and coming up with an honest appraisal of the situation might depend, at least in part, on the relationship between IT and the rest of your organization. You might need to outsource the discovery process in order remove IT from the picture. If nothing else works, ask your employees directly what services they're using.

Ford to use wearables to improve health and safety in cars
"If we can tell a little bit more about your state at any particular time, we can tune the vehicle -- [and] the information coming to you -- to your current conditions," said Buczkowski. "If you're very tired, if you appear very distracted, maybe we hold off on that phone call and send a [text] message: 'call you back later'." Stromolo speculated that this could help people with health challenges or chronic illnesses to be safer drivers. "Most people go through most of their driving lives without ever being in a serious auto accident," he said, "but they may have a chronic illness that they have every day. And so the question is can we deal with the needs people have on a daily basis and not on this rare occasion when [an accident] happens."

'Luuuk' banking malware may have stolen $682K in a week
The fraud campaign was nicknamed "Luuuk" by Kaspersky after that name appeared in a file path of the server's administrator control panel. It appears the server managed the theft of funds from victims' accounts, automatically transferring the money to the accounts of "mules," or people who agree to receive the funds for a cut and transfer the bulk of the funds onward. Server logs indicated that as much as $682,000 may have been transferred in a single week, wrote Kaspersky's Global Research and Analysis Team. The data indicated around 190 victims. Analysts also saw on the server descriptions of fraudulent transfers and the IBAN (international bank account number) numbers for victims and money mules.

Banks Beef Up Data-Gathering in Bid to Personalize Service
Banks are gathering data in many different ways. Some are building data-gathering capabilities into their technology upgrades. Others are starting to track customers' location by their mobile phones, and such data could come in handy in pitching products — auto loans for customers who may be car shopping, for example. And some banks are simply asking more questions. Comerica Bank rolled out last year an online questionnaire tool that, based on their answers, will advise web visitors which accounts best suit their needs.  Dollar Bank is using data analytics technology from IBM so that its call center agents could have better visibility into when and where consumers were running into issues in online banking, said Pamela Dancisin

CISO Rising: New Roles and Responsibilities
The entire executive team, including the board of directors, must assume a new management and governance role at the intersection of technology, business and risk— and they must be equipped to own such risks. The CISO must provide the support to fulfill this new mandate, bridging the gap between operations and IT to keep critical business systems, data and other assets secure. To succeed in this role, CISOs must have deep knowledge not only of IT, but of the entire enterprise, forging strong relationships with the company’s customers, top management and external suppliers. They also must be granted greater authority, direct reporting lines to the C-suite, and regular interaction with the board as it steps up its oversight and involvement in defending and responding to cyber-attacks.

Quote for the day:

"Discovery consists of seeing what everybody has seen and thinking what nobody has thought." -- Albert von Szent-Gyorgy

June 26, 2014

Big IT vs SME IT in government - it's really about changing IT suppliers' behaviour
Of course, government takes its share of the blame for that - the Civil Service outsourced its IT expertise and left itself vulnerable to suppliers who will, inevitably, look to make as much money as they reasonably (and sometimes unreasonably) can. The best change that GDS has introduced is to re-skill government IT and to place the emphasis back onto bringing in the best digital and IT management staff that it can. Forget Labour's attitude to suppliers - the real scandal would be if they reversed that recruitment policy. I've seen no suggestions that they will.

Antifragility – the goal for high-performance IT organizations
Antifragile is the term meant to describe the exact opposite of fragile. It’s not the same as robust or resilient, two terms often conflated with the notion of antifragility, and two terms I’ve used to describe desirable attributes often associated with well-designed and well-managed online services. When customers say the cloud service they’re reliant upon is “robust” or “resilient”, we, as the IT professionals responsible for that service, can be justifiably proud of our efforts. The term antifragile is meant to describe objects that actually benefit from experiencing some form of failure or stress. In the context of IT, we’d probably say systems or services.

A Security Awareness Success Story
More important, when there are acknowledged Security Awareness success stories, it is rare for organizations to share those stories, even internally. As principles in a company devoted to the human aspects of security and Security Awareness, we see Security Awareness success stories on a daily basis, however we cannot disclose those stories without permission. So it was a pleasant surprise when we saw the CSO Salted Hash column, Inside an Attack by the Syrian Electronic Army, which highlights a major Security Awareness success story.

Cloud adoption: Why some IT chiefs think it's still too complex
"The complexities we get into on licensing models make me want to weep sometimes," Essex County Council CIO David Wilde told the recent Cloud World Forum in London. "The market has still got a long, long way to go to commoditise its own products sets, make more sense of its licensing, get over the fact that actually in future — and cloud is driving this — it will no longer be about a corporate-based licensing," he said. His organisation delivers services for at least half a dozen other public agencies but cloud licences currently make it difficult to set up such arrangements.

How Vulnerabilities are Exploited: the Root Causes of Exploited Remote Code Execution CVEs
As long as human beings write software code, mistakes that lead to imperfections in software will be made – no software is perfect. Some imperfections simply prevent the software from functioning exactly as intended, but other bugs may present vulnerabilities. Manual code reviews performed by developers and testers, in concert with automated tools such as fuzzers and static analysis tools, are very helpful techniques for identifying vulnerabilities in code. But these techniques cannot find every vulnerability in large scale software projects. As developers build more functionality into their software, their code becomes more and more complex.

The Five Year Plan Your Network Needs
Keeping up with the growing demands in today’s world of overloaded data centers requires tough conditioning so your network is in its best shape. Cisco’s 2013 Global Cloud Index report suggests that data center traffic will triple by 2017; 76 percent of that traffic is server to server traffic within the data center. With this in mind, many networks are already behind. Revamping a data center network requires IT decision makers to step back and see the long-term potential by preparing for the growth and obstacles along the way. With one, three, and five year mile markers, consider this five year plan that every network team should apply to make sure their network can grow with demand in a linear fashion.

10 Bad Coding Practices That Wreck Software Development Projects
The Pareto principle states that 80 percent of outcomes can be attributed to 20 percent of the possible causes of a given event. Also known as the 80-20 rule, it's relevant to almost every field of human endeavor. In the field of software development, the principle can be summarized by saying that most problems are caused by a small number of bad coding practices. Eliminate them and your work will be very much easier and more productive. These 10 coding practices are the worst culprits.

Intel's mood-capturing 3D camera will be in tablets early next year
The mobile camera technology is derived from similar 3D cameras that will be in PCs starting late this year. Such cameras, combined with touch and voice recognition, will improve human interaction with tablets, Bhowmik said. A handful of tablets already have 3D cameras, but Intel wants its camera to do more than capture images. Intel's RealSense 3D tablet cameras will determine whether a person is happy or sad based on its analysis of a face. The RealSense camera chip has technology to recognize a face, analyze the shape of lips, eyes and cheeks, and then draw conclusions about facial expression.

The Disruption FAQ
When a competitor misdirects attention by selling a product that draws usage from existing customers and adds non-consuming new customers because it enables new uses, then the incumbent feels no pain from the entry because they don’t sense a reduction in customers. We call this a “new market disruption“. The challenger gains a foothold and grows/evolves, eventually capturing customers exclusively. ... The new product does not actually do the same thing as the incumbent product or does a subset of valuable tasks poorly while excelling at menial tasks. The entrant may be highly profitable but they are not taking profits away from incumbents because they “grow the pie”, capturing value by fulfilling unmet needs.

Will a VMware hyper-converged product arise from the rumor mill?
While speculation was rampant, there was little evidence to confirm the existence of this construct. Then Fletcher Cocquyt , a technical architect from Stanford University, reignited the chatter after he tweeted a picture on June 6 purportedly showing a poster on the VMware campus with the text, "Introducing the world's first 100% VMware powered hyper-converged infrastructure appliance." The poster also featured the name "MARVIN" and declared, "Arriving summer 2014." Some sleuthing uncovered VMware had filed for the MARVIN trademark on Jan. 8, 2014. In documents, the company described that the trademark was for, "Computer hardware for virtualization; computer hardware enabling users to manage virtual computing resources that include networking and data storage."

Quote for the day:

"If a man does not know to what port he is steering, no wind is favorable to him." -- Seneca

June 25, 2014

Data Distribution Network (DDN) vs. Content Distribution Network (CDN)
The difference from the CDN vs. data distribution network (DDN), is that live conversational data is cached in real-time rather than content cached at regular periods so it’s typically much smaller and much more up to date. The data is cached in a hierarchy of topics to allow for easy subscription to subsets of data (topic branches). The data comes from an originating server, typically called data sources, such as a database or an enterprise service bus. Instead of requesting the data, applications (used by customers, employees, machines) subscribe to the data. If data is already cached, the end user or machine will get the current version (or state) of the data and then any subsequent updates are pushed as the data changes.

Canary release is an application of ParallelChange, where the migrate phase lasts until all the users have been routed to the new version. At that point, you can decomission the old infrastructure. If you find any problems with the new version, the rollback strategy is simply to reroute users back to the old version until you have fixed the problem. A benefit of using canary releases is the ability to do capacity testing of the new version in a production environment with a safe rollback strategy if issues are found. By slowly ramping up the load, you can monitor and capture metrics about how the new version impacts the production environment. This is an alternative approach to creating an entirely separate capacity testing environment, because the environment will be as production-like as it can be.

Leading Innovation is the Art of Creating ‘Collective Genius’
Collective Genius shows how Bill Coughran, Google's then senior vice president of engineering, created an environment where engineers could figure out on their own how to best address the company's massive storage challenges in 2006. The problem: Storage issues were created by the huge amount of data processed by the Google File System, (GFS), designed for Google web searches. One team, called Big Table, argued for adding systems on top of GFS; the other team, called Build from Scratch, wanted to replace GFS entirely. Coughran decided to give the two teams space to defend their ideas, letting them collect data and test rigorously.

5 best practices for a world-class SAS environment
SAS administration requires specialized knowledge that typical IT teams do not have on hand. Over the last 10 years, my colleagues and I have found that SAS support requires IT skills, knowledge of the company’s data and knowledge of how that data gets applied to solve specific business problems.  Companies that want a world-class SAS environment need to have dedicated resources who can proactively maintain SAS. With a dedicated resource, you'll be well-positioned to increase performance, minimize downtime and ultimately maximize your investment in SAS software.

A checklist for defining your mobile application architecture
Given the wide range of technology available in the mobile space and the rapidly evolving nature of a mobile enterprise, it is important to go through a process to define the application architecture blueprint. ... A robust architecture is not just for the current release; it will help you build a long-term mobile foundation. There are many other architectural decisions you will have to make around integration, testing and hosting for your mobile solution. In this post, I focused on the key components of the mobile application architecture that will serve as a guideline to the application development team.

eBook: De-identification Protocols: Essential for Protecting Privacy
Recent reports, including those emanating out of John Podesta’s Big Data and Privacy Workshops, have further fuelled this misunderstanding. ... We again submit that these views are an over-simplification, inconsistent with current evidence, and largely based on the re-identification of poorly de-identified information. The purpose of this paper is to clarify what it means to properly de-identify personal information, to underscore the value of strong de-identification, to interpret recent research which has been used to call into question the value of de-identification in the protection of privacy, and to emphasize the conclusions that may properly be drawn from this research.

Verizon Virtual Visits Enters Telehealth Market
Medical services are provided through a relationship Verizon forged with a third-party provider network, which the company declines to name. Virtual Visits matches patients to the next available participating clinician in their state. Organizations such as health systems also can use their own healthcare professionals or use a hybrid mix that combines a blend of internal clinicians augmented by external clinicians for after-hours support, says Kling. "Some may want more nurse practitioners; some may want more physicians," Kling says of Virtual Visits' contracts with payers. "Verizon did its own market research on that. Customers and consumers are fine with both." Typical visits take 30 minutes and can occur almost anywhere, according to Verizon Enterprise Solutions.

Casework for Data Governance
If data governance simply reacts in an ad hoc manner to the services requested of it, then it is likely to be limited in its effect and will have difficulty demonstrating how it is making a positive difference. However, if data governance can manage its service requests via a casework approach then it can be much more successful. Casework involves using a standard process to record, assign, prioritize, manage, report on and close out service requests. We often think of casework as something that the police, or social workers, doctors or elected representatives do, but it is quite feasible - and actually quite necessary - for successful data governance units to adopt casework principles and apply them to their everyday activities.

Gartner’s top 10 security technologies for 2014
Gartner yesterday highlighted the top ten technologies for information security and their implications for security organisations in 2014. Analysts presented their findings during the Gartner Security & Risk Management Summit, taking place this week in the US. “Organisations are dedicating increasing resources to security and risk,” said Neil MacDonald, vice president and Gartner Fellow. “Nevertheless, attacks are increasing in frequency and sophistication. “Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programmes that simultaneously enable business opportunities and manage risk.”

Encrypted Web traffic can reveal highly sensitive information
Almost all websites that exchange sensitive data rely on SSL/TLS (Secure Sockets Layer/Transport Security Layer) technology, which encrypts data exchanged between a person's computer and a server. The data is unreadable, but the researchers developed a traffic analysis attack that makes it possible to identify what individual pages in a website a person has browsed with about 80 percent accuracy. Previous research had shown it was possible to do such analysis, but the accuracy rate was 60 percent. They evaluated the effectiveness of the attack using 6,000 web pages within 10 websites: the Mayo Clinic, Planned Parenthood, Kaiser Permanente, Wells Fargo, Bank of America, Vanguard, the ACLU, Legal Zoom, Netflix and YouTube.

Quote for the day:

"'Emergencies' have always been the pretext on which the safeguards of individual liberty have been eroded." -- Friedrich August von Hayek

June 24, 2013

WMI Objects Used By Citrix Director for troubleshooting Sessions
One of the important features of Citrix Director is Help Desk and User Details. These pages provide required Information pertaining to a particular user session and helps troubleshoot issues with the session. Director employs Windows Management Instrumentation (WMI) on Desktop OS and Server OS VDI Machines to get some of the session and user specific details. Director fetches this information from preinstalled Windows WMI objects and Citrix specific WMI providers installed during VDA installation. It is important to mention here that there is substantial difference between Director 7.x and earlier versions of Director.

Nest devices can now talk to the rest of your house
Nest, the Google-owned company behind the popular Internet connected Nest Thermostat and Protect smoke and carbon monoxide detector, today announced a new developer program that allows app-cessory makers to work with Nest products to improve the customer experience. In a blog post announcing the new program, Nest co-founder Matt Rogers said the program is all about making a "more conscious and thoughtful home." The program appears to focus a lot on security, allowing various devices to interconnect without sharing more data than necessary with each company. In an interview with The Wall Street Journal, Rogers said that most data shared will focus on whether users are at home or not and that third-party companies will not get a name, email, or home address of users from Nest.

Cognitive Computing Deep Dive
View this presentation of a professional gathering that takes a deep dive into the IBM Watson™ Ecosystem program for developers and business professionals. Sridhar Sudarsan, chief technical officer (CTO) of the IBM Watson Ecosystem, begins with a quick, high-level overview of the IBM Watson Ecosystem program, offers tips for integrating Watson into applications, and takes a deep dive into IBM Watson Ecosystem.

Top 10 Traits of Successful IT Pros
What makes a successful IT professional? This has been discussed and debated and considered for years. While there are many technical abilities that relate to a person's success - and all are vital - I'd like to focus on the general character attributes every IT pro should have and on the things that every IT pro should know or do. While general character attributes, like being ethical or inquisitive, are more difficult to learn and develop, professional skills, such as knowing when to say you don't know something or not being afraid to call technical support, can be learned and honed.

The Truth About Enterprises and the Public Cloud
It may well be true that some new features in the cloud versions of software depend on massive scale and compute power unlikely to be available in a corporate data center or private cloud — but it's particularly dishonorable to make a commitment to deliver features to both versions of your product, only to reverse that commitment months later because the cloud is the "only place" where such compute resources are available. It's as if Microsoft and other vendors simply don't trust IT pros to make the necessary decisions and deployments to make the technology work, even in large enterprises with big IT budgets.

Software Defined Cloud (Object) Storage?
The idea is quite simple and can easily be summed up with the ability to maintain control over data and, above all, metadata while the physical store location can be managed through specific data-placement policies. In this case, (please, let me use the buzz-word) we could talk about “Software-Defined Object Storage 2.0″ where the control plane (data+metadata management layer) and data plane (the physical storage) are separate. It simply means that you can build your (small) private object store and you can use the public cloud(s) if and when needed. Compatibility with protocols like S3 becomes fundamental to communicate (on both sides!)

Quantum Computing Could Be the Next Big Thing in Finance
To better understand how quantum computing can impact the financial industry, one must first understand how quantum computing works. Most people who use computers on a frequent basis are aware of the binary code, which states that every bit of information is interpreted as a 1 or 0. As a result, modern computers are limited to interpreting information in either one state or the other, but not both simultaneously. For that reason, large amounts of data, such as what is generated by the financial industry, can be incredibly slow to process. Quantum computers are not beholden to the vastly limited binary code. Quantum computing deals in something called quantum bits, also known as qubits, which can exist simultaneously.

Following the Data
Ultimately, following the data also means following it back to its source: understanding where it came from and how it got to be where it ended up. Data is repurposed from all kinds of places and put to all kinds of different uses. Understanding the meanings of big data requires knowing its origins and how the data was shaped and manipulated along the way. Following the data just means paying attention to the sorts of trails (as difficult as they may be to unravel). Let’s see where following the data can take us.

New tools and hardware are on developers' wish lists at Google I/O
Google is trying to drum up interest for the platform on its developer website before the arrival of the first devices, with blog posts on how applications can be customized for round displays and integration with smoke detectors from the company's Nest. Getting developers excited about Wear is key to the future success of the platform. If Google and its partners can't offer a large variety of apps, they'll just end up with a regular watch, said Francisco Jeronimo, research director for European mobile devices at IDC.

CFEngine's Decentralized Approach to Configuration Management
CFEngine is the all-terrain vehicle of automation software, and it has gone through many variations since it was released in 1993. It helped pioneer self-repairing automation and desired-state technology. After five years of extensive research, it was completely rewritten in 2008 (as CFEngine 3) to capture the lessons learned over its then 15 years of history. During the 2000s CFEngine 2 was very widespread and was involved in the growth of some of the major players like Facebook, Amazon and LinkedIn. Indeed that legacy is still with us in many more companies, but today's world needs a more sophisticated tool, hence CFEngine 3 was written.

Quote for the day:

"Attitude is a little thing that makes a big difference." -- Winston Churchill

June 23, 2014

Wearables At Work: Early Adopters Will Win
That next big thing is wearables. Devices like Google Glass, smartwatches, fitness trackers that attach to clothing, health monitors worn on (or even in) the body -- these hands-free innovations are the future. Information goes automatically to those who need it. The Internet of Things is becoming a functioning reality and is growing rapidly. IDC recently predicted that the IoT market would reach $7.1 trillion by 2020. ABI Research expects 90 million wearable devices to ship around the world in 2014.

Panasonic's 5-inch 'handheld tablet' redefines tough
"We don't want to call it a smartphone because some may order it without telephony," said Kyle Day, senior product manager at Panasonic. The handhelds have unique customization features, but what stands out is ruggedness. The Toughpads can withstand 3-meter drops to concrete, and can remain immersed in up to 1.5 meters of water for up to half an hour. The screens have been reinforced to withstand a drop of a 396-gram steel ball from 80 centimeters. I couldn't test that claim since I didn't have a steel ball handy, but Day said that the company provides a three-year warranty to repair or replace the products in case of an incident.

A Very Short History Of The Internet Of Things
There have been visions of smart, communicating objects even before the global computer network was launched forty-five years ago. As the Internet has grown to link all signs of intelligence (i.e., software) around the world, a number of other terms associated with the idea and practice of connecting everything to everything have made their appearance, including machine-to-machine (M2M), Radio Frequency Identification (RFID), context-aware computing, wearables, ubiquitous computing, and the Web of Things. Here are a few milestones in the evolution of the mashing of the physical with the digital.

From Order Taker to Trusted Business Partner
Regardless of the industry, understanding the fundamental drivers of IT cost and translating them in a meaningful way to the business is essential to aligning IT with business partners. In this context, CIOs often find that their biggest challenge is to drive and champion change in the business and make technology part of the discussion, rather than just a tactical part of the solution. To get a "seat at the table" for the business discussion, CIOs need to create practical ways to reduce costs to efficiently run operations, which in turn frees investments to proactively support and strategically partner with the business to drive change. This dual challenge likely requires material changes and a deeper review of how IT functions, both operationally and organizationally.

Ten of the Strangest Data Center Outages
Every once in a while, utility power goes out and the backup systems fail, or a technician makes a mistake, and the data center goes down. While outages have become less frequent, as the industry’s practices continuously improve, things still occasionally go wrong. But sometimes there are also instances when something strange and completely unexpected causes the dreaded unplanned data center downtime. Here is a list of some of the strangest data center downtime causes we’ve seen:

Consumerisation set to revolutionise healthcare
“This is not the way to set up a proposition," he said. "It cannot happen if everyone runs their own stack. You need to create an ecosystem to build a richer experience.” As CIO, he oversaw a common architecture to enable the smart products Philips develops to communicate together. People from healthcare and lighting are now staring to work together, using the same platform. “We are moving from product to proposition,” Tas said. This means the company is starting to link together products from different areas of the business to create something that enhances the customer experience.

Does de-identification work or not?
Fortunately, under the HIPAA de-identification requirements, re-identification is typically time-consuming to conduct, expensive (often requiring identified linking data from commercial data vendors), requires serious computer/mathematical skills, is rarely successful and, most importantly, is usually uncertain as to whether it has actually succeeded (due to a high probability of "false positive" re-identifications when the re-identification probabilities are so low). Ms. Baker's article challenged us to ask ourselves "What risk level is acceptable in our eyes?" and, would we still have the same answer if it was us that might possibly re-identified?

SMBs Ignoring Insider Threats
Theft of intellectual property is often conducted by skilled professional staff such as scientists, engineers, and sales force personnel. Stolen intellectual property can be proprietary business information, source code, or industrial espionage. For fraud, insider activities consist of falsified payroll reimbursements, unauthorized acquisitions with company funds, theft and sale of confidential information, and modifying or hiding criminal activity after the fact. IT sabotage is almost always conducted by former employees, while fraud is usually committed by currently employed staff, and theft of intellectual property usually happens within 30 to 90 days of an individual's resignation, Theis said.

The Thought Experiment
For brain-controlled computers to become a medical product, there has to be an economic rationale, and the risks must be offset by the reward. So far, ­Scheuermann’s case has come closest to showing that these conditions can be met. In 2013, the Pittsburgh team reported its work with Scheuermann in the medical journal the Lancet. After two weeks, they reported, she could move the robot arm in three dimensions. Within a few months, she could make seven movements, including rotating Hector’s hand and moving the thumb. At one point, she was filmed feeding herself a bite of a chocolate bar, a goal she had set for herself.

Clayton Christensen Responds to New Yorker Takedown of 'Disruptive Innovation'
Disruption, as Lepore notes, has since become an all-purpose rallying cry, not only in Silicon Valley—though especially there—but in boardrooms everywhere. “It’s a theory of history founded on a profound anxiety about financial collapse, an apocalyptic fear of global devastation, and shaky evidence,” she writes. ... Christensen hasn’t responded in writing to the essay, but when I reached him by phone on Thursday afternoon, it was clear he’d been thinking about it. Consistently described by those who know him as a generous and thoughtful and upbeat person, he is also capable of fury. “Keep asking me questions,” he said, “it’s helping me.”

Quote for the day:

"The world economy no longer pays for what people know but for what they can do with what they know." -- Andreas Schleicher

June 22, 2014

13 Movies That Explore The Future Of Technology
Perhaps, one could go so far to say that futuristic stories are test-run simulations of what our world could be. And with the rapid evolution and advancements in visual CGI effects and moviemaking tools, even more fantastical, hyper-detailed visualizations of the imagination are possible. The rise in digital filmmaking technology has made it easier to depict a more accurate picture of the digital world of tomorrow.  So, post-Minority-Report and way post-2001: A Space Odyssey, what are filmmakers predicting next? What innovations will their visions inspire? Here are 13 more movies that take on the future of technology.

Sustaining Successful IT Governance Environment
IT governance represents a continuous journey, which focuses on sustaining value and confidence across the business functions. Many companies start on a short term approach and focus on the compliance component of IT governance, without developing a balanced longer term approach. ... People often think they have a choice between "governance" and "no governance," but in reality the choice is between "good governance" and "bad governance." Every organization has a framework of decision-making and some set of often unstated measures. The needs of the business and the role of IT evolve; these unintentional governance solutions do not. Good governance is intentional, and it takes effort and attention.

Smart Cities -- A $1.5 Trillion Market Opportunity
Frost & Sullivan research estimates a combined market potential of $1.5 trillion globally for the smart city market in segments of energy, transportation, healthcare, building, infrastructure, and governance. ... Yet, while the potential is huge, the challenge faced is finding funding and developing the right business model, as many cities in the Western world do not have the finances available to take on some mammoth-sized projects. As such, four main models that will be used, through which companies will engage with city authorities and utilities to tap into this market will be used: Build Own Operate (BOO), Build Operate Transfer (BOT), Build Operate Manage (BOM) and Open Business Model (OBM).

Cloud computing levels the BI playing field for small businesses
Speed ranks as another advantage of DeRoyal's cloud BI deployment. An on-premises rollout would have taken much longer, Sewell says, because of the time involved in selecting software, getting a hardware quote, negotiating terms with vendors and working through installation. DeRoyal inked a contract with MicroStrategy in July 2012; a prototype was operating in November, and the initial rollout took place in December of that year. Upgrades are quicker, too. Sewell says a typical enterprise resource planning (ERP) upgrade involves about 10 people and takes nine months to complete.

Understanding Application Performance on the Network – Part II: Bandwidth and Congestion
Addressing a pure bandwidth constraint is straightforward; the physical (i.e., infrastructure) solution is to increase bandwidth, while the logical (i.e., application) solution is to decrease the amount of data transferred. Data compression is a method for the latter that has been around for decades, and more recent WAN optimization approaches offer further options for data reduction. Caching, interface simplification, and thin client solutions may also provide relief. Similarly, addressing congestion can be as simple as increasing bandwidth. Alternatively, you may take a more studied approach, identifying and classifying the traffic that contends for bandwidth.

Breaking Down Information Governance
“The key factor that has been different in the past few years is that data is suddenly doubling and tripling and it’s more complex and larger than ever. We’re getting to a world that is more overwhelming in terms of the amount of data corporations have to deal with. It is a tremendous exponential curve that we’re seeing.” It should also be acknowledged that in 2012, technology assisted review was first acknowledged in published case law as a reasonable approach in eDiscovery, as an alternative to key word searching and manual review. This validation in the eDiscovery space was a jump start to all of us to have a conversation in our firms about how we use these kinds of techniques in ways that would add value to the law firm.

Single Stream Information Governance
The voice in my head is winning. I refuse to say that term in our office. Information governance has joined “records management” “platform” “metadata” and the myriad other terms destined to be met by the rolling eyes of my coworkers. Don’t ask me to champion this cause because doing so just strengthens their opinion that I don’t get it. I do get it. Those people have a job to do, a business to run and the documents and information artifacts that are consumed and created by those jobs are simply that – artifacts. Artifacts to be curated by someone who cares. Do those artifacts have value? Of course they do, and they are paying my department to bring that value to the table.

Digital Identities for Controlling Money Laundering
The bottom line is that there are huge problems catching and tracking financial crime. Interestingly, this is not cybercrime where criminals are robbing the bank, but terrorism and drug runners who are robbing from the government. Governments view banks as police for financial crime. It’s an interesting nuance in our world of money. Banks are commercial businesses but, for money laundering purposes, they are the police. That is why governments fine banks so heavily when they’re not acting as effective police. If banks do not effectively stop the use of accounts for criminal purposes, it is not the criminal held accountable but the bank.

Demonstrating the Value of Architects Through AVM
There are a number of ways architects can directly derive their value to the company as a team. Some are simply modifications of existing means of ascribing credit within business units that collaborate on programs and projects. For example, sales and marketing both play integral roles which are somewhat hard to untangle when it comes to overall sales performance. Was it the salesperson who closed the deal or the qualification of the lead? Business units have adapted to this by sharing credit or claiming credit for ownership of success and responsibility for failure, and the architect team can do the same. Here are four strategies your team can employ to come to a direct, measurable success figure for their business contributions.

Aligning Compliance Risk Management to Business Priorities
Analytics can help define and track a composite metric that reflects the state of a company’s reputation in quantitative terms, based on observable indicators such as media mentions and customer feedback. Using techniques such as historical analysis and predictive modeling, analytics can also forecast the potential reputational impacts associated with a given compliance incident, as well as the likely financial consequences of the reputational impacts. The good news is that just as compliance failures can potentially lead to a loss in value, effective compliance can lead to value preservation and creation.

Quote for the day:

"Big goals get big results. No goals get no results or somebody else's results.." -- Mark Victor Hansen

June 21, 2014

Diving in OOP (Day 1) : Polymorphism and Inheritance
This article will cover almost every OOPS concept that a novice/beginner developer may hunt for, and not only beginners, the article’s purpose is to be helpful to experienced professionals who may need to brush-up on their concepts or who prepare for interviews. I will take the topics in a manner that we cover them in a simple, straightforward way giving code snippets as example wherever needed. We’ll take C# as our programming language throughout our readings. We’ll play with tricky questions and not go for enough theory. For theory you can refer MSDN.

Partition Tables--Implementing the techniques for query enhancement
This article is focused on implementing the techniques from in the first article, and checking the query performance in the environment. All the storage process begins with creating a database. Any database is created into a Default filegroup, otherwise you set the other place in the creation process. Also it’s possible to change to another filegroup in any time moving from the original place. To create a database and set the Filegroup Primary, you should name the .MDF file. Also the Transaction LOG should be name in .LDF file. Look for the code bellow, and check the full address for MDF and LDF files.

It Takes More Than Brains to Create a Learning Organization
How receptive is your organization to new information? How committed is your organization to sharing and acting on data in an organized, intelligent, and transparent way? Are employees encouraged to reflect on events, with the goal of identifying what went right, what went wrong, and what could be done better in the future? Does the culture encourage open dialogue? Is learning linked to performance? Culture is to an organization what personality is to an individual, and most of us are very wedded to our personalities — even when they hinder our growth. So the organization that proudly declares itself “fast paced,” while refusing to admit or even see it’s a chaotic mess of reactive nonsense, is holding close to what ails it, despite the costs.

Making Perfect De-Identification The Enemy of Good De-Identification
De-identification critics remain skeptical. Some have argued that any potential ability to reconnect information to an individual’s personal identify suggests inadequate de-identification. Perfect unlinkability may be an impossible standard, but this argument is less an attack on the efficacy of de-identification than it is a manifestation of a lack of trust. When some suggest we ignore privacy, it makes it easier for critics to not trust how businesses protect data. Fights about de-identification thus became a proxy for how much to trust industry. In the process, discussions about how to advance practical de-identification are lost. As a privacy community, we should fight over exactly what de-identification means.

Whats the Role of Leadership in Teamwork?
As leaders we may like to hide behind things like this, but we have the decision over who plays and who doesn’t, it’s our choice, our accountability, and when we select players who are clearly not performing well, then we are to blame for the outcome. It’s the leader who has to develop the team, create the team spirit, get the team to gel such that the team exceeds it’s collective potential, making the sum of the whole greater than the sum of the parts. Sometimes this can mean that we need to drop star players because the overall team is better without them than with them, or it maybe its that the best players attitude is not conducive to creating a great team spirit.

Cloud Security Market worth $8.71 Billion by 2019
The major forces driving this market are accelerated adoption of cloud computing, growing cloud specific attacks, absence of strict regulations on Cloud Service Providers (CSPs) and increase in need of identity and access management. The prime opportunity which is expected to boost this market is increase in adoption of cloud computing by Small and Medium Size Businesses (SMBs). There are three types of vendors operating in Cloud Security market including pure play security vendors, traditional security solution providers and diversified IT vendors. However diversified IT vendors hold the majority of market share.

App vs. infrastructure: Designing for horizontal scaling, availability
Architects need to accept that platform tools for scaling and availability management are going to improve over time, which is likely to erode the benefits of an application-centric approach. At the very least, applications are going to have to accommodate and use these tools to maximize user QoE, possibly stranding application-specific solutions. It's critical architects and planners track the progress of DevOps and cloud orchestration tools and standards so these can be integrated into applications properly. Furthermore, this will allow for component management and workflow management, and even component design can be optimized for the future.

Canon EDSDK Tutorial in C#
The Canon EOS Digital SDK is quite a powerful SDK to remote control Canon DSLRs. Unfortunately, it is quite difficult to find some good examples for it on the internet and the provided documentation is not very complete. Since I have found out many things already and want to make it easier for others, I thought I could compile some of the most important things together and do a tutorial.

Security skills shortage is real, and it's not going away anytime soon
Not only will cybersecurity skills become increasingly costly, they will also become very hard to come by in the near future, said Martin Libicki, one of the authors of a 125-page report from RAND. "There's plenty of evidence that there is a shortage" of cybersecurity professionals -- especially within government organizations, Libicki said. "The problem cannot be solved overnight. It will take a long time to get the right people into this profession." The RAND report examines the nature and the source of the cybersecurity skills shortage in the U.S. and how the private sector and the government have responded to the crisis.

The Top Automation Tools for Public Cloud at Scale
Automation capabilities are almost essential for public cloud to exist. Certainly some basic automation will be included in any decent cloud service - such as self-service provisioning, utilization measurement, or chargeback. ... It is therefore up to you to understand both the opportunities and the risks associated with public cloud adoption, to choose the right service providers for your workloads and goals, and supplement them with appropriate automation tools.

Quote for the day:

“In most cases being a good boss means hiring talented people and then getting out of their way.” -- Tina Fey, Bossypants

June 20, 2014

The Internet as we know it is dying
All is not well on the Web. While the particulars of each outburst of consternation and anger vary significantly, a common theme connects them all: The relentless corporatization and centralization of control over Internet discourse is obviously not serving the public interest. The good stuff gets co-opted, bought out, or is reduced to begging for spare change on the virtual street corner. The best minds of our generation have been destroyed by web metrics, dragging themselves across a vast wasteland in search of the next clickbait headline. At Twitch TV, the gamers are worried that Google’s “copyright monster” will tame their freewheeling Wild West and obliterate years of work.

Fast data: The next step after big data
Like Kafka, some NewSQL systems are built around shared-nothing clustering. Load is distributed among cluster nodes for performance. Data is replicated among cluster nodes for safety and availability. To handle increasing loads, nodes can be transparently added to the cluster. Nodes can be removed — or fail — and the rest of the cluster will continue to function. Both the database and the message queue are designed without single points of failure. These features are the hallmarks of systems designed for scale. In addition, Kafka and some NewSQL systems have the ability to leverage clustering and dynamic topology to scale, without eschewing strong guarantees.

Mobile security, privacy and future challenges
Modern mobile applications are distributed using centralized application stores, which is a recent trend in application distribution. While centralized application distribution is advantageous, this approach could also potentially lead to facilitating centralized distribution of Trojan horse applications, backed and given the stamp of approval of the application store vendor’s reputation. There can also be challenges with patching and updates. Keeping current with mobile platform releases by providing timely upgrades and patches on an ongoing basis is critical to reducing vulnerabilities. This is especially challenging on the Android platform due to its fragmentation. Loading mobile applications by means other than application store distribution can potentially lead to security or privacy exposures. The typical examples are USB or browser installs.

What cloud providers still get wrong, and what customers could do better
"One of the things that really gets my goat — normally enough for me to stop any relationship with a cloud provider — is when they go directly to the business with a sales pitch effectively saying, 'We can do this without involving your IT department'," Rammal said. "Sounds lovely — up until they need to integrate with some of the legacy environment. Then suddenly we're left with a badly thought out, badly [drafted] plan. So that's a definite a no-no to me. "The world of IT has changed substantially. We're not the blockers that we may once have been. Cloud companies need to understand they need to work with us on that process."

Speed in Software Development
Work experience in most cases affects speed as well. A developer with 20 years of experience will typically solve problems faster than a developer with 5 years of experience (even if they somehow have equal skills). Note, however, that skill does not equal experience. You can have a lot of experience applying quite irrelevant skills and will not be able to solve most problems that the company has. ... Most companies have a wide range of problems: some of them are simple, some of them are challenging. Inexperienced developers are passionate about everything, almost any problem will bring some new knowledge to them. Experienced developers are more picky and it is better to give them problems of adequate complexity.

American Express customers receiving new breach notifications
Customers of American Express are starting to get a new round of breach notification letters. This time, the letters (mostly identical in wording) are due to two separate incidents, but the full impact is unclear - as the exact number of customers set to receive these notices isn't known. For those keeping score: American Express has now had to issue three different notification letters this month, in order to address three different data breaches.

Do the math: your new enterprise technology may be a decade old
Lawson advises that enterprises start their cloud journey by “bridging the gap between existing on-premise resources and cloud-based solutions. Enterprises are finding that they can augment existing infrastructure and plug into cloud-based services to support their legacy hardware and to quickly innovate and extend capacity. Application Programming Interfaces, or APIs, make it easy for enterprises to access a wide range of capabilities.” All it takes is experience, he continues. “As companies gain experience with running software and cloud-based solutions, they begin moving more and more of their operations to these more agile solutions.”

Facebook has built its own switch. And it looks a lot like a server
The creation of a custom-designed switch that allows Facebook to control its networking like it currently manages its servers has been a long time coming. It began the Open Compute effort with a redesigned server in 2011 and focused on servers and a bit of storage for the next two years. In May 2013 it called for vendors to submit designs for an open source switch and at our last year’s Structure event Parikh detailed Facebook’s new networking fabric that allowed the social networking giant to move large amounts of traffic more efficiently.

Hacker puts 'full redundancy' code-hosting firm out of business
The attacker also gained access to Cloud Spaces' control panel on EC2 and deleted the company's digital assets from Amazon's infrastructure when the company tried to regain control of its account. "We finally managed to get our panel access back but not before he had removed all EBS [Amazon Elastic Block Store] snapshots, S3 [Amazon Simple Storage Service] buckets, all AMI's [Amazon Machine Images], some EBS instances and several machine instances," Cloud Spaces said in an announcement on its website. "In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted."

CIO interview: Mark Bramwell, head of IT, Wellcome Trust
“It is going to be very much about providing a support core – because if the main systems are not available, the whole credibility of IT is damaged. But it is going to be much about more business enablement, with more conversations, system exploitation and thought leadership,” Bramwell says. “We need to try to answer fairly crucial questions: how can we collaborate better without jumping into solutions before understanding them? What do we mean by collaboration – do we mean connecting communities, sharing information or video conferencing? What is the opportunity, challenge or issue we are trying to resolve?” he adds.

Quote for the day:

"Those who do not know how to weep with their whole heart don't know how to laugh either." -- Golda Meir

June 19, 2014

Indian IT Act is there to Help Enterprises
Indian companies are well equipped, because of their grounding in the outsourcing space – that have always had a very good internal securities and procedures and systems. Multinationals who have offices in India have to globally maintain a standard. So, India, I wouldn’t say, would be lower in compliance than it would be in America or the western world.  Banking is definitely pretty aware of it – because they have to, because of the criticality of data. But, what about sectors like manufacturing, automobile or e-commerce? They have so much of analytics coming in, cloud computing... Data is now residing not just on premise, it’s on cloud. So how are the vendors providing robust security?

How the Cloud Can Make IT Shops More Innovative
Jagdish Rebello, an analyst at IHS, agreed, saying he has seen a move by IT departments to free their employees to be more innovative. "IT has started to become a lot more innovative," he told Computerworld. "IT has become a cost center. Servers, the network, infrastructure -- it was all about cost. It was a necessary investment for the company. They didn't think about it as a way they could generate profit. The cloud is allowing IT to become a profit center instead of just a cost center." With cloud services managing processes like company email and data storage, enterprises IT departments have more time, for example, to help their companies be more interactive with customers and suppliers.

Agile TBD
The other interesting comparison is to look at the differences between companies doing agile versus companies selling agile. To sell something to someone else, by its nature, you have to package it up, make its value understandable to others, and teach others how to use the product. With any process, this means codifying the processes, practices and techniques so there is a consistent, repeatable methodology. There are many companies in the market doing this today with Agile. However, that's the very antithesis of agile, which is in fact not a process, practice nor methodology, but simply a way to think about problems and how to solve them. By its very nature, packaging up agile into a repeatable, static process violates agile principles.

BYOD vs CYOD: Which is right for your organisation?
Most organisations with a BYOD policy retain the right to wipe all data from a user's device if it is lost, as they do with CYOD policies. However, this can be upsetting for employees when it happens to a personal device. With CYOD, different employees could also be eligible for different devices and levels of corporate network access, depending on the type of work they do. Equally, some employees may not even qualify for CYOD devices, but instead be offered limited network access via their own equipment. Sophisticated mobile device management can make CYOD more flexible and BYOD more secure.

A third of boards remain in the dark on cyber defence status
“The lack of boardroom insight into cyber threats revealed by our survey may partly explain the reluctance of some companies to give up outdated security goals,” said Alan Calder, founder and executive chairman of IT Governance. “This situation is underlined by the fact that 38% of respondents still say their objective is to prevent all cyber-attacks, an aspiration which will strike many information security professionals as unrealistic or even naive.” Highlighting this sea change, the report revealed that 51% of respondents now accept that cyber security is no longer appropriate to ensure business sustainability, and the inevitability that some attacks will be successful.

Intel to Offer More Custom-Tailored Server Chips
Why all the effort? After all, Intel commands roughly 97% of industry shipments of server chips. For one thing, big Web companies including Google and Facebook have made noises about experimenting with new chip technologies, including the Power line that originated at IBM and the ARM Holdings designs that many companies sell for mobile devices. For another, Bryant is pushing to get standard processors from Intel into networking, data storage and other applications that now typically use chips based on Power or MIPS designs. Backers of ARM are racing to grab those same applications.

US banks are all set for an epic fail
From the perspective of the "unbanked" and those incorrectly assigned negative or no credit ratings--which number in the millions--the motivation is strong to embrace disruptors in an immediate and very big way. ...  Note also the website on the movement behind this film: it contains information meant to aid and empower regular citizens to change the financial industry as a whole and their own circumstances in particular. The copy there indicates American Express is wisely driving innovation to ensure its own financial security: "In an effort to drive innovation in financial services, American Express is supporting startups working on financial solutions and research focused on financial inclusion."

Kicking application latency off your network
Workload balancing, another option, migrates virtual machines between servers to optimize each host's application workload and bandwidth demands. Data centers can also replace a NIC port with one that is 10 GigE or greater, or add a separate NIC adapter and assign a troubled workload to the high-bandwidth NIC port. However, faster NICs are extremely expensive, require physical installation that can take a server offline, and usually impose collateral expenses in LAN switching infrastructure. For example, if you install a 10 GigE NIC on a server, you'll also need a switch with 10 GigE ports.

Can software solve our healthcare crisis?
Solving our current healthcare crisis requires something that other industries have done successfully for decades: efficiently managing complex relationships. But diagnostic healthcare entities require more than what is offered by traditional CRM. The easiest way to illustrate this point is by thinking of your own experiences in a healthcare setting. What is the first thing your primary care physician typically does when you pay them a visit? They almost always take a blood draw. This draw initiates the process of laboratory testing, which often occurs within a lab business that is external to your physician's office.

Rich Reimer on SQL-on-Hadoop Databases and Splice Machine
There are multiple reasons not to use MapReduce. First and foremost, HBase does not use MapReduce to access HDFS; instead, HBase accesses HDFS directly, while maintaining its own metadata to quickly find single records in HDFS files. MapReduce is designed for batch data access and therefore would not be appropriate for the real-time data access required by Splice Machine. MapReduce must start JVMs (Java Virtual Machines) for each query, which can take up to 30 seconds, even to retrieve a single record.

Quote for the day:

"For an organization to be exceptional, all teams within the organization must be moving toward a shared vision." -- Rich McCourt