March 31, 2015

Creating a Creative and Innovative Culture at Scale
The development managers are responsible for holding regular one-on-one coaching talks. Each has a team that is spread over different game teams in different studios (see figure 1). The development managers remain developers and typically their team members share a similar skill set so that the development manager understands the domain in which their team works. Although spread out in the organization, development managers work as a community. All of them come together weekly to discuss what’s happening in different parts of the company, which allows them to identify issues and address them quickly.

Repository pattern, done right
The repository pattern has been discussed a lot lately. Especially about its usefulness since the introduction of OR/M libraries. This post (which is the third in a series about the data layer) aims to explain why it’s still a great choice. ... The repository pattern is an abstraction. It’s purpose is to reduce complexity and make the rest of the code persistent ignorant. As a bonus it allows you to write unit tests instead of integration tests. The problem is that many developers fail to understand the patterns purpose and create repositories which leak persistence specific information up to the caller.

Data Transparency Transformation
Data standardization is essential but not sufficient to improve the quality of financial data, to reduce or eliminate duplication, and carry out our work. We also need to improve ways to securely share sensitive data, both among authorities within the same jurisdiction and across borders. Data sharing is essential because none of us no one regulator or company alone  possesses or has access to all of the data needed to paint a complete picture of threats to financial stability. The financial system is complex and ever-changing, so even if we put all of our data together in one place, significant gaps would remain and new ones would emerge. It is a puzzle with many interlocking types and pieces of data

If Everybody is Responsible, Nobody is Responsible.
The tough part of compliance is the coordination of multiple compliance efforts and filling the gaps. When compliance fails, it often fails because a piece of compliance was not handled properly. It might have been a simple piece, but nonetheless a critical one. Everyone wants responsibility for compliance, because they have a piece of compliance and they believe theirs is most important. If you have ever watched the congressional hearings of Enron, WorldCom, or Tyco, you will have seen a parade of people from Audit, Legal and the Board saying, “I had my piece covered. What failed was not my responsibility and I was as surprised as you that it failed.”

The Privacy Challenges of Cloud Computing
Where an organization engages a cloud services provider it is important to identify whether the cloud provider is a controller or a processor. In most instances, it is likely that the cloud provider will be a processor. The Information Commissioner has issued guidance on this issue which may be helpful in making more detailed analysis. The geographical location of the servers used to store personal data is often contentious. Where the servers are based outside of the European Economic Area (EEA), a customer will need to address the eighth data protection principle which, in broad terms, requires adequate safeguards to be in place when personal data is transferred outside the EEA.

Distributed Cloud?
Migrating applications to the cloud is more than just moving virtual machines into the cloud; many tools, such as HotLink,CloudVelox, Veeam, and Zerto do this well enough. Migration is more about how those applications work within the cloud. It is about the connections between tools running within the VMs. Ultimately, it’s about applications and their attendant data. The intersection of data and application needs to be considered when moving to the cloud. To provide resiliency for an application using a cloud service, you may use multiple data centers within a cloud, or even multiple clouds. When you use multiple clouds, you end up with a hybrid cloud approach to your application.

BI and Big Data: Same or Different?
Contrary to some of the market hype, data democratization and big data do not eliminate the need for the "BI 101" basics, such as data governance, data quality, master data management, data modeling, well thought out data architecture, and many others. If anything, big data makes these tasks and processes more challenging because more data is available to more people, which in turn may cause new mistakes and drive wrong conclusions. All of the typical end-to-end steps necessary to transform raw data into insights still have to happen; now they just happen in different places and at different times in the process. To address this challenge in a "let's have the cake and eat it too" approach, Forrester suggests integrating the worlds of BI and big data in a flexible hub-and-spoke data platform.

Taking IT reorgs to the extreme
What's different today is the degree of uncertainty about what the IT group is if virtually all companies are now built, top to bottom, on technology. CIOs themselves are divided about their own futures. In our 2015 State of the CIO survey, 49 percent of 558 IT leaders said they're destined to become managers of contractors and cloud vendors--hardly strategic. Indeed, sometimes old ideas and established leaders don't cut it. RSA Insurance Group in London cleaned house last year, replacing several senior executives, including all IT leaders and the CIO. RSA also created the position of chief digital officer as it tries to move to "more disciplined and effective use of technology."

Hologram - Finally, AWS Key Distribution that Makes Sense
Hologram is written in Go, Google’s “systems programming language” written by some of the original designers of C and Plan 9 from Bell Labs. It is a language explicitly designed for aggressive simplicity, both of programming itself and of deployment / operational concerns. The ability to create a static binary with assets compiled in allowed us to do a sophisticated multi-stage rollout of Hologram to developers, which we credit with how quickly developers adopted it. Go allowed us to produce a version of the binary that had some placeholder credentials compiled in, that was first deployed to developers. This version would simply use the compiled-in credentials to generate temporary ones, and expose the same metadata interface that applications expected.

Taiwan seeks stronger cyber security ties with U.S. to counter China threat
Taiwan was the most-targeted country in the Asia-Pacific region during the first half of 2014 for hacking attempts aimed at penetrating computer systems to steal data, according to U.S. data security firm FireEye Inc. Chang said the percentage of cyber attacks on government systems originating from mainland China was "very high", and warned that there was potential for hackers to use Taiwan as a back door into the U.S. systems. "The possibility is there," Chang said, while emphasizing that the main purpose of Chinese hacking attempts into Taiwan is not to steal U.S. data and that he has "no way of knowing" if an incursion into Taiwan has led to any U.S. intelligence leaks.

Quote for the day:

"Example is not the main thing in influencing others. It is the only thing." -- Albert Schweitzer

March 30, 2015

Probing the Whole Internet for Weak Spots
The scan showed that more than five million sites were affected, including those operated by the FBI, Apple, and Google. Facebook’s like button, a fixture on many popular sites, was also vulnerable. The results prompted an urgent, careful effort to inform key companies and organizations before the problem was announced publicly. The FREAK flaw allows an attacker to break a secure connection between a Web browser and a vulnerable site, gaining access to encrypted data sent between the two. The attack works by forcing a site to fall back to a weak form of encryption mandated by the U.S. government in the 1990s.

Big data collection makes it hard for you to remain anonymous
The fault for the spread of this ”myth,” they say, is not with findings presented by researchers in primary literature, but “a tendency on the part of commentators on that literature to overstate the findings.” They contend that de-identification, done correctly, is close to bulletproof, reducing the chance of a person being identified to less than 1% – far less than the risk of simply taking out trash containing documents that might have PII in them. They also argue that unwarranted fear of a loss of anonymity may undermine, “advancements in data analytics (that) are unlocking opportunities to use de-identified datasets in ways never before possible … “creating anonymized datasets requires statistical rigor, and should not be done in a perfunctory manner.”

New threat intelligence report skewers industry confusion, charlatans
Today, there are large numbers of TI vendors and advisory papers (often issued through vendors' marketing departments) that describe extremely different products and services, all under the banner of threat intelligence. The research explains, "For example, at a high level, some products come in the form of prose that explains developments in a particular area, while at a lower level, others might be a stream of XML-formatted indicators of compromise, such as IP addresses or binary hashes." What's worse, "Even within similarly placed sources, such as feeds of indicators of compromise, there is very little overlap between competing products. Recent research suggests that in three popular feeds of flagged IP addresses, containing more than 20,000 IP addresses in total, there was as little as a 1% overlap."

Oracle HCM Cloud Adds Social, Mobile Learning Option
Using smartphones or tablets, salespeople are sharing video product demos, retailers are creating how-to-merchandize videos, and field-service staff are capturing maintenance-and-repair videos, for example. Oracle Learning Cloud is designed to enable employees at any level to create such videos, and HR or business leaders can then curate these and other assets, such as images, infographics, documents, or even massively open online courses (MOOCs) into learning tracks geared to specific departments and roles. "A manager can point to these tracks and say, 'I would like people in my organization to learn the following, so please follow this track,'" said Alarcon.

Eliminating Passwords in the Enterprise
While issuing an enterprise credential with a strong password is fairly easy to accomplish, managing that password over the credential's lifetime is more difficult. User password resets, compromised passwords and a lack of synchronized passwords across enterprise systems all cause problems for users, IT departments and security professionals. And users truly hate passwords. There are too many to remember, each system has different rules, and there is a lack of standards for reset processes. A positive associated with passwords is that they are well understood by both providers and end-users. ... But, usability and security of password-backed credentials are in decline and a passwordless future is something that keeps coming up in the IAM conversation. So what will it take?

Leverage Big Data Cross-Industry Panel: Video Now Available
Big data represents a challenge to Kerry Hughes, the advanced computing leader at Dow Chemical, who was also on the panel. For Hughes, connecting big data and high performance computing (HPC) technology with the person with the requisite domain expertise is the tough part to crack. Helping clients to act on fast-moving data is important for panelist Asif Alam, the head of enterprise capabilities at Thomson Reuters. The advent of machine readable financial data generated by more than 400 different exchanges, in combination with outside data such as weather and news, allows Thomson Reuters to help its clients make decisions quickly in our fast-changing world.

What happens with data from mobile health apps?
Mobile health applications as a class are becoming more sophisticated, and vacuuming up information like glucose levels, heart rate and fertility, all while operating unchecked by the statutory restrictions that apply to information collected in a medical setting. Pooled together, those data points could provide potential indicators for conditions such as obesity or Alzheimer's. But the market for that data is fairly opaque, and Bedoya fears that health information in the hands of data brokers could be sold to businesses for dubious purposes, such as insurance companies that might deny applicants coverage or charge steeper premiums based on information collected through health apps.

GitHub recovering from massive DDoS attacks
Anthr@X wrote that it appeared advertising and tracking code used by many Chinese websites appeared to have been modified in order to attack the GitHub pages of the two software projects. The tracking code was written by Baidu, but it did not appear the search engine—the largest in China—had anything to do with it. Instead, Anthr@X wrote that some device on the border of China’s inner network was hijacking HTTP connections to websites within the country. The Baidu tracking code had been replaced with malicious JavaScript that would load the two GitHub pages every two seconds. In essence, it means the attackers had roped in regular Internet users into their attacks without them knowing.

Cyber what? (part 2 of 2)
All the different “cyber” terms sure are confusing and it’s no help that many of the terms used to describe the threat actor behind a cyber attack are often used interchangeably. In part I, we established what constitutes a “cyber attack” within “cyberspace”. Now the real fun begins – we’ll dissect the four most commonly confused terms: “cyber war,” cyber terrorism,” “cyber vandalism” and “cyber espionage” and provide a common lexicon. The objective is to dispel myths and, by establishing common understanding, provide a way for managers to cut to the chase and understand risk without all the FUD. The graph below shows the four terms and attributes at a glance.

Crossing the Cybersecurity Trust Chasm
It is a rare case, where the perpetrators of cyber-theft crossed the line in to threatening violence in real life. Cyber attacks are now a top national issue. People are outraged that cyber terrorism could lead to physical terrorism. They want to know how the government and private sector can safeguard them against such scenarios. Everyone’s interests are seemingly aligned. Let us all seize the moment before it is lost and build trust. A critical piece for rebuilding trust is having the right talent focused on it. Box recognized thattrust is a competitive advantage and appointed a Chief Trust Officer few years ago to build trust with their customer base on their security practices.

Quote for the day:

"Always and never are two words you should always remember never to use." -- Wendell Johnson

March 29, 2015

Compliance biggest cloud security challenge
Of those concerned most about compliance, 58 percent said that cloud services violated data protection laws in their country, 31 percent said they violated internal security policies, and 11 percent said they violated laws against moving sensitive data out of a country. As a result of the data residency laws in particular, there were significant geographical differences in whether companies opted for encryption or tokenization. CipherCloud's technology allows companies to use platforms such as Salesforce, Office 365 and Gmail while encrypting sensitive data and allowing the companies to control the encryption keys. And the encryption mechanism used still allows for some functionality to be preserved, including searching and sorting while the data is still in encrypted form.

Implement Performance Measurement in Project Ripples
One of the easy-to-correct reasons that most organisations do get paralysed with performance measurement is that they stack too much at the start: learning the methodology; proving the methodology; engaging the entire organistion in applying the methodology; tailoring and tweaking the methodology; perfecting each step of the methodology and striving to hit high-performance targets. ... It might sound counterintuitive, but starting smaller actually means you achieve much more, and much faster. That’s what a system of project ripples achieves. We implement performance measurement systematically, in ever-growing ripples of projects.

The Role of Domain Experts in Data Science
Domain expertise is most relevant, perhaps, in the interpretation of insights, particularly those insights gained using unsupervised learning about the workings of complex physical processes. An example of just such a situation was the use of Aster discovery platform to perform root cause analysis of failures in a multiple aircraft fleet from aircraft sensor and maintenance data. While the analysis started with no a priori model, a post prioriinterpretation of the results from the path analysis and the subsequent follow-up to improve aircraft safety certainly required domain expertise.

5 Ways For IT Organizations To Enable Business Success
When it comes to all the challenges facing IT organizations these days, there is no shortage of issues to focus on–everything from retiring legacy systems to figuring how to do more with less. Given the competing priorities, it’s critically important for IT organization to focus their efforts on the initiatives that will have the most strategic impact on the business. With that said–and to that end–there are things every IT organization should do to enable their business partners to succeed:

Control vs Chaos: Taming the Project Requirements Beast
One of the intrinsic challenges in software development occurs in the initial elicitation phase, when stakeholders get together and figure out what they want to achieve. The analysis, specification, and validation stages are all important moments in the project requirements definition and management, but elicitation remains a crucial first step, one that will determine the fate of the whole project. When the requirements are clear and realistic from the outset, the rest of the project unfolds naturally, even gracefully, but when the requirements are vague and impractical, they create problems that invariably snowball.

Right Now, The IoT is Like the Internet of the 1990s
Tibbets compares it to the early days of the web, which saw "a decade or more of unrestrained value" before patterns and standards around security started to emerge. "So one of the things we need to learn from is, once we learn from that value piece—which is really crucial, otherwise you're going to have a really secure thing that no one uses—that very next step has to be the follow-up, how to understand that value, and how to secure it," he says. ... "Every bike should be connected, so you can figure out where it is when it gets stolen. Bikes get stolen all the time," he says. "Once you're into less expensive products like that, it's going to become more ubiquitous."

Humanizing Big Data: The Smart Guide to Tracking Customers
“Humanizing Big Data” contends that every business recognizes the power of collecting and learning from data. But Strong insists the problem has to do with where some businesses focus when getting this information. More and more, businesses may be exclusively focusing on technology to bring in customers only to forget the customer in the process. But placing too much emphasis on technology without considering its impact on human behavior can have implications that affect the bottom line of a business now and in the future, Strong says. In other words, humans are more than a collection of clicks, Likes, mentions and Pins.

Beware of these IoT designs with security flaws
Preventing someone from attacking a device via Baby Duck Authentication is almost impossible for the average consumer-grade electronic device. The money, time, and effort put into Blu-Ray DVD security or satellite television set-top box protection is the level of effort to make something robust in the consumer market. That level of effort is rarely economical for consumer-grade hardware. ... Secret Handshakes are a very insecure design pattern because they are trivial and obvious to spoof. If a Secret Handshake can be captured, then it can be replayed. Anti-replay design patterns exist, but they often add complexity to a process or workflow that does not tolerate a lot of complexity, like the reset procedure, reconfiguration procedure, or initialisation process.

Half of enterprises have no budget at all for mobile security, survey finds
These are large companies we're talking about. Put that in the context that today's enterprises spend millions of dollars on security, locking down everything from databases to desktops. However, scant attention is being paid to today's client of choice: mobile apps. These findings come from new research released by IBM and the Ponemon Institute, which looked at the two sides of mobile security -- the apps that enterprise teams produce for customers, employees and clients. Looking at internal app development, the study concludes that mobile security is virtually non-existent, even in the largest corporations.

Beena Ammanath, GE on the Industrial Internet for Data-driven Innovation
The Industrial Internet connects brilliant machines with people at work and data analytics to find new ways to address major global challenges and improve healthcare, increase transportation and energy efficiency, and eliminate waste across every major industry. The Industrial Internet will unleash a productivity revolution to build, power, move and cure the world. ... The global economic impact of building cleaner, safer, more productive railroads, airlines, hospitals and power plants will transform industry and help our customers be more efficient and productive. By eliminating downtime, waste and guesswork, the Industrial Internet will save hundreds of billions of dollars, unleashing a productivity revolution.

Quote for the day:

"The leader who exercises power with honor will work from the inside out, starting with himself." -- Blaine Lee

March 28, 2015

Work in the 21st Century: Between the Industrial and the ICT Revolution
In the age of social media and the end of fixed workstations, large corporations have no choice but to adapt themselves. In order to survive, companies must promote change from within. The new BBVA headquarters in Madrid, designed by Herzog & de Meuron, is an example of how corporate architecture can adapt to a new working environment, where a culture of collaborative, flexible and open work is nurtured, supported by technology. The “New Approaches to Work” project linked to the newly built BBVA headquarters focuses on the functional and personal needs of employees, as the BBVA New Headquarters Team explains in OpenMind.

The economic laws of positive technology disruption
Increasingly this decision comes down to the IT leader, but this person is perhaps not always the CIO or the CTO. The emergence of the Chief Digital Officer (CDO) might require an additional key to the C-suite washroom, but it is a role worth creating. With a CDO firms are creating a special new role in terms of someone who understands business outcomes as much as he or she understands software application development (or at least what the code is supposed to achieve) today. The Chief Digital Officer’s role today revolves around IT value. But specifically, what does this really mean? The CDO has to be able to read the disruption barometer, decide how to ride the storm and be able to assess outcomes and future direction for the firm as a result of actions taken.

Microsoft EA 101
So how can an EA help you take advantage of this exciting, new cloud-first, mobile-first world? Microsoft has released some pretty interesting products in the last six months to help guide you through that. As part of the Enterprise enrollment, you get a cloud-optimized option with Office 365. You get the server cloud enrollment that’ll give you Azure and other products that are all catered towards the cloud. In the newest offering, the Enterprise Cloud Suite even offers Windows on a user base license as needed. There’s a tremendous amount of flexibility there. Oh, and don’t get the wrong idea—those “big savings” I mentioned earlier are still there. If you’re comparing EA to current select licenses, you could have anywhere between 15–45% savings. There’s still no better way to save on Microsoft.

A Look at How Keyless SSL Works
In keyless SSL used by CloudFlare, the “handshake” operations are typically broken down into two segments. One, the public key operation, and Two, the private key operation. In order to prevent the private key from being handed over to a third party, all aspects of the private key handshaking process happens within the origin website's infrastructure. To do this, CloudFlare simply sets up a remote key server at the customer's end. This way, the private part of the handshaking process is complete within the origin web server and thus stays exclusive. So what happens now is that when a visitor approaches a secure website, the web server first sends out the public key certificate along with the random symmetric encryption key to the browser.

Delving deeply into the narrative hierarchies of computer vision analytics
The more disruptive real-world applications of deep learning will be those that generate deeper situational insights through correlation with additional contextual variables. This added context can help deep learning algorithms to unambiguously identify that a particular person is in a particular circumstance at a particular time and place. ... This is a daunting technical challenge, and deep learning researchers aren’t promising that they’ll crack it any time soon. But this challenge has a clear path to a solution, through ongoing efforts in the deep learning community to leverage the extrinsic context that comes from other machine learning algorithms, such as those used for natural language processing, sentiment analysis and behavioral analytics.

Facebook Lets Developers Build on Its Chat App
Messenger Platform became available Wednesday, and Marcus said that more than 40 apps are participating. Facebook also unveiled a plan to let businesses chat with customers in a new way. The hope is that when you’re buying something online, a retailer will let you choose to be contacted via Messenger about your order, and if you assent, you can see an order confirmation, shipping details, and other information in the app. You’ll even be able to do things like change your order or, as a demo with online clothing retailer Everlane indicated, buy additional items via chat.

The Indian Banking Community Cloud
Community clouds offer services to support organizations with shared objectives and common security and privacy requirements. By providing cloud-based services exclusively to Indian banks, the Indian Banking Community Cloud (IBCC) aims to address the financial sector’s growing demand for secure cloud-based services. ... The IBBC team developed a cloud security framework based on the available guidelines from the US National Institute of Standards and Technology, PCI-DSS, the European Network and Information Security Agency, and the Cloud Security Alliance, and recommendations from chief in- formation security officers in the Indian bank- ing sector. This framework is used to implement IBCC security.

Microsoft's Nano Server: What to expect from this leaner, meaner Windows Server
As traffic increases, administrators will want to launch additional VMs with shorter boot times, but Windows Server isn’t the best operating system (OS) for elastic workloads. It also undergoes frequent reboots, usually in response to a new software patch or security update, which has a knock-on effect on the uptime of applications. With the addition of components and services that are not core to the applications, Windows’ footprint has increased over time, bringing with it a larger attack surface for malware and viruses. Furthermore, the large VM image size hogs network bandwidth during provisioning, which should go some way to further explaining why Microsoft is looking to introduce a pared-back version of Windows server.

A Budget is Not an IT Strategy
The generally accepted rule of thumb is that, for most companies, IT-spend usually runs somewhere between 1 to 5 percent of overall revenues. Many CEOs assume that so long as their IT leaders keep it within an acceptable range, they don’t need to focus too much on how it’s being spent. But a revenue-based metric is meaningless unless you think about factors such as the organization’s business model, maturity, industry, capital structure, and most importantly, their overall objectives. Investing in IT Does Not Imply Investing Wisely

How virtual reality will impact the enterprise
This is most useful for remote observers in order to feel like they are actually there and in conjunction with telepresence robots could allow remote employees, students, security guards, managers, or executives to instantly feel they are actually in a remote location and gain similar freedom of movement and engagement to folks that are actually there.  This is much better than teleconference because it forces the remote person to concentrate on the image they are seeing and it makes them less likely to be looking at something else on their PC screen or their local room when an important point is being made or a critical observation needs to be captured.

Quote for the day:

"If you spend your life trying to be good at everything, you will never be great at anything." -- Tom Rath

March 27, 2015

Ayasdi Raises $55M to Blend AI and Machine Learning
“Traditional analytics have hit the wall,” said Ayasdi Chief Marketing Officer Patrick Rogers. “It starts with an analyst asking questions, and then applying them against data that may or may not find insight. You must then go back and reformulate until you find something impactful. There are a lot of tools, but it’s still fundamentally a human-driven process. That model is not going to scale—the number of possible questions grows exponentially with data sets.” Rather than the hypothesis/test approach, Ayasdi takes a very machine-driven one to address complex data. At the heart of Ayasdi’s machine intelligence is topological math, which is building a more automated discovery process and eliminating manual processes.

The dark side of commercial open source
This brings us to one critical problem with commercial open-source companies: they can be bought. And sold. And when they are, the community can be shafted. Completely. Not that this must necessarily happen. Most companies that have acquired open-source companies have done so to benefit from and grow their associated communities. Not surprisingly, open-source leader Red Hat has acquired a range of companies, from JBoss to InkTank (Ceph), and has worked hard to grow their communities. But even proprietary software companies -- like VMware, which acquired SpringSource, and Oracle, which acquired MySQL -- have gone to great lengths to continue development of the open-source code they've acquired.

Agility Is Within Reach
The sweet spot lies somewhere in between. The appropriate level of agility won’t be the same for everyone, but for all companies in all industries, we’ve found that being agile depends on developing two key attributes: strategic responsiveness and organizational flexibility. These two qualities are mutually reinforcing but are developed in different ways, and it is easy for a company to possess one without the other. But until you explicitly develop proficiency in both, you won’t have the agility you need. It’s an absence that will become all the more glaring. In PwC’s latest CEO study, more than half of CEOs surveyed said they believe they will be competing in new sectors in the next three years, and 60 percent said they see more business opportunities now than they did three years ago.

Cloud Native Application Maturity Model
Cloud native applications are built to run optimally on cloud infrastructure. Cloud native application architectures are very different than traditional tiered applications which are designed for a data center. In this post I will discuss maturity model, from the Open Data Center Alliance (ODCA), for assessing the cloud nativeness of an application. ... The Cloud Application Maturity Model from the Open Data Center Alliance provides a way to assess the cloud nativeness of an application, understand best practices, and plan improvements. Although, I would have used slightly different level names and terms, the differences are minor. Keep in mind that this model only assess the maturity of an application. To be successful, you will also need to build a DevOps culture. Perhaps we need a DevOps maturity model as well?

An SDN vulnerability forced OpenDaylight to focus on security
Security will be an integral component of SDN, since a flaw could have devastating consequences. By compromising an SDN controller -- a critical component that tells switches how data packets should be forwarded -- an attacker would have control over the entire network, Jorm said. "It's a really high value target to go after," Jorm said. The Netdump flaw kicked OpenDaylight into action, and now there is a security team in place from a range of vendors who represent different projects within OpenDaylight, Jorm said. OpenDaylight's technical steering committee also recently approved a detailed security response process modeled on one used by the OpenStack Foundation, Jorm said.

7 exceptional Windows hybrids ready for Windows 10
Hybrids, or 2-in-1s, offer decent mobility as laptops and tablets, and are reasonable candidates to take advantage of the features in Windows 10. They are good options for those wanting very portable notebook computers that can operate as tablets when that best fits the situation. Some hybrids use a display that rotates under the keyboard to form the tablet, while others have a detachable screen that operates independently from the laptop dock. The eight hybrids in this collection come in various shapes and sizes. There are devices at the top of the price range, and others more budget-friendly. Most in the hunt for a good hybrid that should run Windows 10 well should find one that fits their needs.

Rethink How Your Business Consumes Technology
Using a consumption-based IT management approach, you collect all pertinent data across the hybrid IT environment -- both internal operations and external sources, including public cloud, private cloud, virtual resources, traditional resources, network and applications. This usage data is enriched with business intelligence, allowing views of usage by department, geography, technology, and application. When the data is married with unit costs, a financial control plane is created, allowing IT to understand the cost of all IT resources in aggregate. By having the most up-to-date view of usage by user and costs, your reports and analytics show both the historical perspective across a variety of views that enhances forecasting.

New cybersecurity models driven by tsunami of data, devices
"If something happens that looks odd, it's not an immediate stop, it's just more that the security officer or someone will have a conversation and say, ‘I see you are trying to access this application that you don't normally access, is there a reason? Can you tell me why? Or are we seeing abnormal patterns?'" he said. "I think that is what we need to get into, which is almost like the machine is helping to tip and cue what looks odd. There may be a valid reason, or it may be a hardware or software issue, but there's just so much going on in an organization that if we are reliant solely on human eyes paying attention to it, we will miss things. We need the machines that can actually say, ‘I'm not exactly sure what's going here, but someone needs to take a look at it.'"

Making Agile Deliver Good Software
The key thing is to do it, to have the information exchange. The reason this is often a meeting of some form is because people don't do it unless they're made to. People go to meetings when they're told to. Well, mostly. But if you cajole people to do the information share it can work in other ways. Note that it's not just writing the information share that's important. You also have to READ it. Just as when you have a meeting it's not just giving your status update that's important but listening to everyone else's. That's why the meeting (when you have one) needs to be short. Remember that a standup is not just the tech team. It's the product owner from the business. The test people. Any support people. Anyone involved in what you're doing. You've got to find a way to keep all those people involved in what you're doing, preferably everyday.

IT Security Lessons from the World’s Biggest Data Breaches
Hackers see small business as easy targets. Often with less IT security measures and lots of valuable data to be had – small businesses across the country are at risk for data breaches. Don’t believe me? According to a survey by the National Small Business Association, 44% of small businesses have been hacked, with associated costs averaging $8,700. According to a study by the Ponemon Institute, that number is even bigger with 55% of respondents reporting a data breach. With risks and vulnerabilities only increasing as hackers continue to target small business, it’s important to explore takeaways from some of the world’s biggest data breaches and apply them to your organization’s IT security.

Quote for the day:

"The very essence of leadership is that you have to have vision. You can't blow an uncertain trumpet." -- Theodore M. Hesburgh

March 26, 2015

If you want to succeed you must fail first, says the man who dreamt up the IoT
The point if the story is that anyone can make an important creative contribution. That's because creating is innate, and instinctive, and, as a result, we see it in all children. The same is true of trying to understand technology. All children have an instinct to explore technology, just as they have an instinct to explore nature. That's why you see them playing telephone about the same time as you see them getting excited when they see dogs or birds. The role of education should be to enable and enhance that innate, instinctive ability, and otherwise get the hell out of the way of its development. Instead, sadly, we have an education system that prioritizes control, compliance, and conformity, frankly for its own convenience.

8 CIO Leadership Lessons for Enterprise Success
Lillie shares that the secret sauce of Equinix, besides having highly reliable state-of-the-art data centers, is that they have an interconnection fabric with close to 150,000 interconnections which are cross connects, either physical or virtual, where their customers connect to each other to move forward digital commerce. As an enterprise CIO for the past seven years, Lillie is focused on helping Equinix grow, scale and be efficient and successful as a company by connecting with customers in a more meaningful way. And that's not just through technology; it's also through communicating best practices. Building on the four pillars of excellence (operational, transformational, innovational and organizational) Lillie gives advice to CIOs to ensure not only their success, but the success of their company as well.

Government Surveillance Dilemmas Present Challenges for Data Centers
One challenge with some data requests made by law enforcement is a provision which includes a “gag order” on the infrastructure provider. “Google and larger companies have an agreement with the Attorney General,” he noted, “that allows them to reveal the number of requests for data that they have responded to, in ‘bands.’ For example, a band is 0-100, in number of requests. Most companies are a lot smaller than Google or Yahoo!. When the bands are larger rather than smaller, customers assume the worst, so if a band is 0 to 100, they assume 100 requests. It would be better to have narrower bands.”

Smart Big Data: The All-Important 90/10 Rule
The 90% structured time should be used putting the steps outlined in the SMART Data framework into operation. Making a logical progression through an ordered set of steps with a defined beginning (a problem you need to solve), middle (a process) and an ending (answers or results). This is after all why we call it Data Science. Business data projects are very much like scientific experiments, where we run simulations testing the validity of theories and hypothesis, to produce quantifiable results. The other 10% of your time can be spent freely playing with your data – mining for patterns and insights which, while they may be valuable in other ways, are not an integral part of your SMART Data strategy.

Five steps to maintaining PCI compliance
Maintaining a vigilant policy compliance program using automated management processes enables companies to reduce risk and continuously provide proof of compliance. Additionally, a policy compliance program helps identify and assess key security settings in your systems, which indirectly helps improve PCI compliance. The requirements of PCI DSS are clear, but take work to accomplish across an organization. The above are a sampling of some best practices, but it’s also important to look for a solution that provides your business with an easy, cost effective and highly automated way to achieve compliance with PCI DSS. Keeping up-to-date with the requirements will benefit your business in the long term.

Android Wear smartwatches: The benefits for professionals
"They're well-equipped to fill a lot of needs in the enterprise where employees need quick updates on timely information, but also can't afford the distraction of being fully immersed in whatever the system is," Martin said. The glanceable nature of most smartwatches does indeed make them a great way to quickly access notifications, but Android Wear devices do offer other tools and services that can positively impact the daily life of corporate users. Here are four ways professionals can benefit from using an Android Wear smartwatch.

Agile coding in enterprise IT: Code small and local
In MSA, you want simple parts with clean, messaging-style interfaces; the less elaborate the better. And you don’t want elaborate middleware, service buses, or other orchestration brokers, but rather simpler messaging systems such as Apache Kafka. MSA proponents tend to code in web-oriented languages such as Node.js that favor small components with direct interfaces, and in functional languages like Scala or the Clojure Lisp library that favor “immutable” approaches to data and functions, says Richard Rodger, a Node.js expert and founder of nearForm, a development consultancy. This fine-grained approach lets you update, add, replace, or remove services—in short, to integrate code changes— from your application easily, with minimal effect on anything else.

How web services became cloud magic, then turned real again
Conceptualising the business as a set of APIs has potential benefits: Faster systems implementation times, reduced costs, more agile business structures, and a business focused on what makes it unique. But it also brings new risks. "Clearly, there are security aspects. An ill-designed API can give access to internal systems, or be open to malware," Dawson said. "There are valid reasons you do need to worry." It seems like we've come full circle. A decade or two ago, before we started calling it "the cloud", it was just "the internet". Discussions about live data linkages between businesses were all about data standards, interoperability, reliability, and security. Then we started calling it "the cloud", and the cloud would apparently solve everything with sparkly unicorn magic.

Security best practices for users is your first line of defense
Users can be your weakest link, sure, but they can also be your greatest asset, says Dr. Guy Bunker, Senior Vice President, Products, security solution provider Clearswift. "Users are both the greatest asset and the weakest link when it comes to security. Users ‘know’ what is really happening in terms of processes and policies that are followed and those that are ignored – they can be a great barometer for gauging the effectiveness of security measures," says Bunker. "This is particularly true for processes which are not secure, or not as secure as they could be. However, users have to be educated. They need to understand that for instance, with many types of malware there is an application installed – and for that to happen there will be some further interaction requested.

UK attacks on crypto keys and digital certificates endemic
But that is no surprise, he said, with leading researchers from FireEye, Intel, Kaspersky, Mandiant and many others consistently identifying the misuse of key and certificates as an important part of advanced persistent threats (APTs) and cyber criminal operations. Bocek said that trust in online security is difficult to achieve, with the report showing that 63% of UK organisations do not know where all keys and certificates are located or how they are being used. The research uncovered that attacks are becoming more widespread as the number of keys and certificates deployed on infrastructure such as web servers, network appliances and cloud services has grown by 40% to almost 24,000 per enterprise in the past two years.

Quote for the day:

"It's hard to lead a cavalry charge if you think you look funny on a horse." -- Adlai E. Stevenson II

March 25, 2015

Questions I’m Asking Myself About SD-WAN Solutions
If I was evaluating SD-WAN, I’d be asking these questions and more in the exploration phase. Then if I moved into a trial phase, I’d make a long list of specific business goals to meet and application behaviors to expect when implementing the solution. And then I’d get medieval, breaking it any way that I could think of to see how the system recovers, up to and including blasting the SD-WAN endpoints with both too much volume and too many unique flows. What happens when you try to kill the tunnel endpoints? All useful stuff to find out before you commit to a vendor providing you with technology you’ll likely come to rely on heavily once it’s in place and working.

Can Predictive Analytics Help Decrease Discrimination in the Workplace?
When you are part of a human system, it is very difficult not to make decisions based in your own experiences in life. On a basic level, people tend to hire those like themselves regardless of gender or race. Add in our instincts, relationships, work experiences, generational traits, and deeply ingrained cultural belief systems and what do you get? A lot of unconscious forces that can interfere with our ability to hire and promote in a truly unbiased way. Turning to a more data-driven approach will mitigate those factors, and potentially move the United States' workforce into one that reflects its rich cultural diversity, no longer leaving the talent of women and minorities untapped.

Microsoft: Office will be free for devices under 10 inches
Kirk Koenigsbauer, the corporate vice president for the Office 365 Client Apps and Services team, revealed in a blog post that Microsoft believes that 10.1 inches is the dividing line between a “personal” and “professional” experience. Pros need the reliability and security of paid apps, while “personal” users are more interested in free. “Currently, we are also using screen size to delineate between professional and personal use,” Koenigsbauer wrote. “Based on our research, we are classifying anything with a screen size of 10.1 inches or less as a true mobile device: You’re probably using it on the go, when it’s not practical to use a larger computing device such as a PC or a Mac. You probably aren’t using a mouse or a keyboard, instead navigating via touch interface. It’s probably not a “pro” category tablet that is used for design or presentations.”

Amazon Simplifies Global Business With Cross-Region Data Replication
It’s theoretically possible to run an application from a single data center, as every point on the network eventually connects to every other. Build something in Virginia, and customers in Washington and New York and Tokyo and Sydney and London can all get to it. For a surprisingly large number of use cases, any delays (latency) in the network connection will not cause anyone undue concern. And yet we persist in building ever-more data centers in ever-more places. Sometimes we put them in frankly stupid places, like London or Tokyo or New York. We stretch power grids to breaking point, and pay exorbitant prices for scarce land and power, to shave a millisecond or so off that latency.

Snowden Urges Cloud Providers to Take Action Against Mass Surveillance
Snowden said that the amount of encrypted traffic has more than doubled since 2013, and a lot of work on encryption is happening in academics and technology companies. The type of security actions a person or organization might take “ultimately depends on what security specialists call a threat model,” Snowden said. “You need to think what the likely vectors are for attack.” When Harrison mentioned that more journalists were clearing their browser histories, Snowden said that “as a basic practice, clearing your browser history is great…however that’s not really how surveillance works.”

How to scale online services for millions of users without losing vital data
Erlang's technical prowess at handling these kinds of tasks is why Facebook's WhatsApp uses Erlang to handle the tens of billions of messages sent by the service each day. "Erlang is a very small language with reliability and scalability built into it as a core foundation. "We've found we can run things much more in parallel, use more of the CPU in the box and, because the concurrency semantics are via message passing, it vastly simplifies the software we're writing." The compact, modular code enabled by Erlang has resulted in a "massive reduction" in the size of Erlang applications compared to Java, which in turn has allowed bet365 to "massively reduce testing".

Storage: The Next Generation
It's not a trivial manner to create an enterprise-grade storage system/file system, and they don't come around very often. Over the last two decades, I've seen very few show up; ZFS was introduced in 2004, the Isilon OneFS in 2003, Lustre in 2001 and WAFL in 1992. So when the new Qumulo storage system was released, I naturally jumped at the chance to work with it to see what benefits it could bring to the datacenter. Brett Goodwin, VP of Marketing at Qumulo, invited me up to Seattle to work with the company's new product. I wanted the full experience, so we agreed that I would first do an install and then work a bit with the product.

ITSM or ITIL? That Isn’t the Question
IT organizations that make use of ITIL decide for themselves which aspects to adopt. Many IT organizations choose to adopt only the operational processes, such as incident management and change management. On their own, these do provide some value, of course, but they are only a small part of the whole ITIL framework. However, you’ll get the best value from ITIL by taking a lifecycle approach to ITSM. This covers everything from your overall IT strategy through the design, transition, and operation of services; and it incorporates continual improvement into everything you do.

The Problem With Configurations
CM tools have no way to identify what parameters changed in your configuration file and whether a reload is sufficient to activate the changes. As a result, we are forced to always use the nuclear option – restart. ... Like most operational aspects of programs, configuration issues can and should be resolved by grassroots engineering work rather then after-the-fact makeshift solutions. A good example of an attempt to tackle this at the core is Netflix Archaius project and many others have followed suite. There are several simple design principles that can help make the configuration of your program much easier to work with. To some degree, you can even apply these principle to 3rd party programs using CM tools

Intro to .NET Unit & Integration Testing with SpecsFor
Hopefully the first question you’re asking is, “What exactly is SpecsFor?” It’s a testing framework designed to abstract away all the annoying testing concerns out of your way so that you can write clean tests quickly. It is both flexible and extensible.... At its core, SpecsFor sits on top of NUnit, meaning any test runner or build server that supports NUnit will also work just fine with SpecsFor, no need for separate plug-ins or setup. Next, SpecsFor provides Should, a library of extension methods for common test assertions. Instead of writing awkward to read assertions, like “Assert.AreEqual(x, 15),” you can write readable assertions like “x.ShouldEqual(15).” It’s a subtle change, but it makes a big impact!

Quote for the day:

"Leadership is the art of getting someone else to do something you want done because he wants to do it." -- Dwight D. Eisenhower

March 24, 2015

The data breach quiz: What have we learned?
Data breaches from Target to Sony to Anthem have been getting a lot of attention as millions of personal records are violated, and there’s lessons to be learned about data security from all these events. Here’s a short quiz about some of these and cyber security in general that will gauge how well you are prepared to deal with these threats. Keep score as you go and find out how well you did at the end.

Microsoft Apps Coming To Android Smartphones, Tablets
Through business-to-business sales channels, companies have access to the Business, Business Premium, and Enterprise versions of Office 365, which will be coupled with Knox. Microsoft's cloud-based Microsoft Office 365 offers access to the company's suite of Office applications, which include email, calendar, videoconferencing, and documents. The applications are optimized to provide a seamless experience across a variety of Internet-connected devices, including PCs, smartphones, and tablets. As part of the agreement, Samsung will include a setup service and provide ongoing support. The Galaxy S6 and Galaxy S6 edge will also come with 100 GB of additional free cloud storage for two years through Microsoft OneDrive

Data science done well looks easy, which is a big problem
In most cases, if the data scientist has done her job right the statistical models don't need to be incredibly complicated to identify the important relationships the project is trying to find. In fact, if a complicated statistical model seems necessary, it often means that you don't have the right data to answer the question you really want to answer. One option is to spend a huge amount of time trying to tune a statistical model to try to answer the question but serious data scientist's usually instead try to go back and get the right data. ... The really tricky twist is that bad data science looks easy too. You can scrape a data set off the web and slap a machine learning algorithm on it no problem. So how do you judge whether a data science project is really "hard" and whether the data scientist is an expert?

Good Design is About Process, not Product
When you study another designer’s trash, you will uncover the processes that drive her work. How many iterations of an unused idea were made before that idea was finally thrown away? How much variety can you find in the attempts at solving a particular problem? What common traits kept popping up between revisions? ... The tangible results of all creative acts are just the ash left behind by the way we work. What makes a design process healthy? I have some practical answers to this question. What I have to share comes from a variety of sources. These are in no particular order:

Google Play adds humans to the app review process
The manual checks are performed by a team of experts who will check for malware. An additional process will require developers to answer questionnaires that will help assign age-based ratings. "The move by Google is a good sign ­ the more eyes on the unsafe mobile app problem the better. In addition to the increasing threat of mobile malware, is the increasing exfiltration of sensitive data by seemingly legitimate apps. While other apps have been specifically designed to perform malicious actions other apps unknowingly access insecure third-party libraries and frameworks," Veracode's VP of Mobile, Theodora Titonis, told Salted Hash.

Awesome Analytics: Are We There Yet?
A hot topic of Gartner BI research in the late 1990s was the increasingly large ‘fact gap,’ whereby the amount of data available for decisions was rapidly outstripping the available analytic resources. With some minor modifications, such as changing ‘Terabytes’ to ‘Petabyes’ and ‘Analytic Personnel’ to ‘Data Scientists,’ the picture looks remarkably similar twenty years later. ... The top three problems remain data quality, ease of use, and the difficulty of integrating different systems. ... The top three barriers to business intelligence have remained largely unchanged for over a decade The reality is that today’s technology is much more powerful and widely used than in the past — but what was hard then remains hard today.

CFOs and the Many Flavors of Cloud
The emergence of Infrastructure-as-a-Service (IaaS) public cloud providers and hundreds of other SaaS applications have indeed brought innovation and time to market benefits, yet without oversight, adoption of these technologies can backfire quickly. Pretty soon, a company is overspending, using multiple services for the same purpose and exposing a company to data loss, security breaches and integration issues. This is where the CFO comes into the game. Beyond business applications, CFOs need to understand the quickly changing world of IT infrastructure and outsourcing. The more CFOs know about cloud computing and hosting options, the more they can influence IT decisions and help the CIO avoid a scenario of integration chaos and waste.

The data science ecosystem
Because data science is growing so rapidly, we now have a massive ecosystem of useful tools. I've spent the past month or so trying to organize this ecosystem into a coherent portrait and, over the next few days, I'm going to roll it out and explain what I think it all means. Since data science is so inherently cross-functional, many of these companies and tools are hard to categorize. But at the very highest level, they break down into the three main parts of a data scientist's work flow. Namely: getting data, wrangling data and analyzing data. I'll be covering them in that real-world order, starting first with getting data, or data sources.

Why the CIO must become the Chameleon In Chief
"The IT professional's longstanding focus on governance, strategy, and information means many technology executives have more in common with the finance chief than some of their more entrepreneurial executive peers, especially those in the marketing and sales departments," says Hand. But an insular style of leadership is simply not an option. As businesses look to gain a competitive advantage from digital transformation, engagement seems to be the watchword for IT leaders, who must continue to spend less time in the data centre and more time facing internal and external customers.

Tech-savvy NYPD cop allegedly hacked NYPD computer and FBI database to run a con
Although federal investigators don’t spell out how the cop was profiting from the scheme in the press release, the New York Daily News reported the “rogue” cop would collect information about traffic accidents and then pose as “an ambulance-chasing lawyer” when he contacted victims. “Numerous calls on his cellphone were associated with medical clinics, law firms and chiropractors, suggesting he was getting kickbacks for referrals.” After Katz accessed and gathered information from NYPD computer and law enforcement databases, he allegedly “contacted individuals who had been involved in traffic accidents and falsely claimed to be, among others, an attorney with the fictitious ‘Katz and Katz law firm’ who could assist them with potential legal claims.”

Quote for the day:

"A goal should scare you a little, and excite you a lot." -- Joe Vitale

March 23, 2015

One on One with IBM’s Global VP for Data Analytics
Projects that have an opportunity to be less successful are ones that are way too broad in scope. People’s patience and tolerance for longer-term projects in today’s world just isn’t there anymore. If something is taking 18 months, that’s way too long. If you have a much smaller set of projects that are in these three-to-four month increments, then they can see success, they can see something building, they can start getting value right away, and then they can move onto the next thing. And then before you know it, a year-and-a-half has elapsed and it looks like you have had a tremendous amount of success, because you’ve probably had five small projects, and you’re already seeing value and outcomes from those projects. And that’s typically what companies are looking for now.

Technology and Persuasion
If habit formation as a business model was once largely limited to casinos and cigarette manufacturers, today technology has opened up the option to a broad range of companies. Insights from psychology and behavioral economics about how and why people make certain choices, combined with digital technologies, social media, and smartphones, have enabled designers of websites, apps, and a wide variety of other products to create sophisticated persuasive technologies. How these technologies work and why are the big questions this Business Report will answer.

Hot IT skills that will get you hired and well-paid
Tech skills are the future of business, as each corner of the enterprise depends on technology in some fashion to meet goals and objectives. With those skills come the promise of more money and job security. But the question remains: Which skills are worth your investment in time and resources? Talk of DevOps, big data, cybersecurity and other IT skills fill the ether, but how do they stack up in the real world? We spoke with to find the answer as well as look at the IT job market as a whole One of the best predictors of what's to come is to look at the past. So with the first quarter of 2015 almost behind us, we look back to see what's going on within the tech jobs market and which skills have grown in demand over the past year.

The Data Lake Debate: Pro is Up First
Organizations have been capturing data for years, long before big data. Typically, a fraction of this data gets scrubbed, transformed, aggregated, and moved into structured data warehouses, data marts, analytical sandboxes, and the like. Business users then use their reporting and analytical tools to go ask this subset of data predefined questions (based on what and how the data is structured)—and the data answers. This is today’s tried-&-true process. Here’s how the story changes with a data lake: An organization captures whatever data it wants in its raw form in the data lake. A business user can now ask the data lake any question based on the known data in the lake.

How Startups Are Using Big Data Tech to Disrupt Markets
Big data has made a dramatic impact on companies all over America, but running big data programs is only one side of the puzzle. After collecting the data, companies need to analyze it. A huge part of analysis is creating visuals that explain large amounts of seemingly abstract data in a clear, concise way. It’s no surprise then that many companies are turning to data visualization tools to streamline the transformation of their business data into something more useful. With a surge in start-up companies seeing big results in figures and customers, it’s no surprise to discover they haven’t done this all on luck alone. Companies like Pandora, Uber, Netflix and other start-ups that went big use big data to determine what their customers want more of, who their friends are, and generally what they like—all before their customers do.

The Open Group Explores Security and Ways to Assure Safer Supply Chains
One of the things we are going to do with the new document is focus on the software and systems engineering process from the start of the stakeholders, all the way through requirements, analysis, definition, design, development, implementation, operation, and sustainment, all the way to disposal. Critical things are going to happen at every one of those places in the lifecycle The beauty of that process is that you involve the stakeholders early. So when those security controls are actually selected they can be traced back to a specific security requirement, which is part of a larger set of requirements that support that mission or business operation, and now you have the stakeholders involved in the process.

How to think about risk mitigation
At first glance this term may seem to have a pejorative connotation. After all, developing nations generally want to improve themselves by going forward or becoming more progressive which seems to run counter to going backwards on anything. Rather, in this instance, I mean a nation must begin working backwards as a mental exercise rather than a physical one. That is, a developing nation must envision a worst case scenario that could occur through a deliberate information security attack by another nation, cyber-criminals or computer hacktivists. Then, working backwards, the country can put in place those safeguards would be necessary in order to have rapidly, detected, reacted, contained, corrected and learned from the event.

Are your restores ready for World Backup Day 2015?
In case you forgot or did not know, World Backup Day is March 31 2015 (@worldbackupday) so now is a good time to be ready. The only challenge that I have with the World Backup Day (view their site here) that has gone on for a few years know is that it is a good way to call out the importance of backing up or protecting data. However its time to also put more emphasis and focus on being able to make sure those backups or protection copies actually work. By this I mean doing more than making sure that your data can be read from tape, disk, SSD or cloud service actually going a step further and verifying that restored data can actually be used (read, written, etc).

The Electric Mood-Control Acid Test
The device, which you’ll be able to buy later this year for a price that has yet to be disclosed, was developed by a team of neuroscientists and engineers at the startup Thync. It’s a small, curved piece of plastic that snaps onto electrodes and produces pulses of electricity. A wireless signal from a smartphone app controls the frequency and intensity of the pulses, gradually changing them in five- to 20-minute long programs that Thync calls vibes. The amount of electricity it produces is small—once it’s set up properly, I can barely feel it. Yet Thync says it has a marked impact on key parts of a person’s brain. An energy vibe, the company contends, can make you feel as if you’ve just had a Red Bull or similar energy drink.

My latest Microsoft update problem
What happened was that, when my machine started to shut down, it told me it was going to ""Configure Windows Updates". Then it rebooted, and on startup it continued with "Configuring Windows Updates". But after a while it said, "Update Installation Failed", and it was backing out the updates. Grr. Then it rebooted again, and said again that it was "Removing Update Installation" or some such, and after a while it rebooted again. Just as I started to fear that it had stuck itself in an endless reboot loop, the third reboot succeeded. But then when I went to shut down again, it started the same cycle... and it is obvious that it is going to do that over, and over, and over again now. Three reboots and a lot of waiting for "Configuring Windows Updates" followed by "Removing Windows Updates".

Quote for the day:

"Responsibilities gravitate to the person who can shoulder them; power flows to the man who knows how." -- Elbert Hubbard

March 22, 2015

Refactoring Coderetreats: In Search of Simple Design
In general terms, the idea is that you can explore your craft as a programmer without the usual pressures of deadlines and expectations. Not being expected to finish a solution in any session frees you up to explore new ideas, and think about how you are approaching the problem. The constant change of partners, with new and challenging constraints applied to each session, constantly gives you new perspectives on the problem, and how to solve it. Essential to a coderetreat is the opportunity for reflection. There are brief retrospectives at the end of each session and, at the end of all coderetreats, the following three questions are asked:

XaaS: Today and Tomorrow
In order to move ahead with XaaS, corporations will need to look at all of the services their IT department currently provides, and determine whether or not they are commodity services. If a company’s IT department is not able to compete with the cost-effectiveness or efficiency of a specialist service provider, it is likely a commodity service. The same is true if investing in a particular service will not return measurable value to a business. In the future, many companies will likely source those services identified as commodity services to specialist providers. This will allow them to increase their investments in areas that will result in a return of value.

A World of Mobile Delights – And Dangers
The issue with employee-owned mobile devices is that they access corporate resources outside of the control of the corporate IT team. So it can be difficult to identify even basic environmental data for these devices, such as the number and type of devices being used, and the operating systems and applications. In addition mobile malware is growing, which further increases risk. Research from Cisco indicates that 99% of malicious attacks on mobiles in 2013 occurred on devices running Google's Android operating system. Given the lack of even basic visibility, most IT security teams certainly don’t have the capability to identify potential threats from these devices.

Microsoft reveals who gets Windows 10, and how
Microsoft has not yet spelled out all the details of the upgrade process, but what it calls the "direct upgrade" from Windows 7, 8 and 8.1 will presumably retain settings, applications and data. There will be no upgrade path to Windows 10 from either the now-retired but still widely used Windows XP or its successor, Windows Vista. ... Also on the nix list is Windows RT, the scaled-back Windows 8 Microsoft failed to push as a tablet OS. While Windows RT will receive a still-undefined updatedown the line, it won't be upgraded to Windows 10. The lack of an upgrade path from Windows RT may be the closest Microsoft ever comes to explicitly saying "RT is dead."

Is Self-Service Creating Acceptance of Average?
With it, and other tools, we can all do analysis. But if we don’t have a good statistical background, is our analysis flawed? To me, this is why data scientists are so important. We need some experts to go beyond what we can do for ourselves. Average is not always good enough. This is not about being a power-user? It is about having the experience and expertise outside of the technology to use the technology to its fullest. Does this mean that self-service is a bad thing? No, but I do think more time should be spent figuring out when true experts are needed. And recognizing that means we have to accommodate that in planning.

Connecting code to business value - a foray into Behavior Driven Development
This article is a walk-through starting with a definition of what is actually useful to an end-user (the aims or business value part) and then connecting that formal value statement to code that should test whether the (software) system actually delivers that value. The discussion in the post is focused on the process of developing in such a way i.e. the pros and cons of BDD in practice, while not describing technical aspects (for a how-to in .NET see BDD using SpecFlow ). As such, it should be relevant to any programming language; Please do not read this as best practice, I am rather sharing my first experiences developing this way and the issues that surface.

Hacking Value Delivery: CIOs and the Age of the Customer - Infographic
CIOs are uniquely positioned to drive their organizations forward into the "age of the customer." That's because any organization-wide shift to improving the customer experience today must be driven by technology. But it may not happen naturally: CIOs must seize the initiative and drive strategy and process around developing CX innovations. IT priorities remain stubbornly narrow in scope. 90% of organizations claim improving efficiency and increasing productivity as the top priorities for IT. These are traditional bottom line drivers.

It’s Time for a Radically Different Approach to Application Security
Security solutions need to match the level of sophistication we’re dealing with today by understanding the fundamental nature, purpose, and characteristics of an application. They need to know how an application should look, behave, respond, and react. More to the point, however, they must be able to strike a balance between the known bad and the known good. So, rather than being an afterthought, they must be fundamentally involved in every aspect of the application flow, from the client all the way to the app server, wherever it resides. These characteristics are what define an intrinsic security solution.

The Microservice Revolution: Containerized Applications, Data and All
Martin Fowler points out in his aforementioned article, that due to the distributed nature of microservice architectures, the individual services “need to be designed so that they can tolerate failure of [other] services.” For companies like Netflix, with infrastructure spread across the globe, dealing with service failures is a constant reality. To make sure these challenges are met, Netflix famously tests their systems with their Simian Army, a set of tools that deliberately kill or degrade parts of their running software to test that the system still functions adequately under these conditions. It is the distributed nature of microservice architectures that allows this to happen.

OpenSSL fixes serious denial-of-service bug, 11 other flaws
The flaw was quietly patched in OpenSSL in January, but it was classified as low severity at the time because it can only be used to attack connections to servers that support an outdated cipher suite known as RSA export, a condition that was thought to be rare. However, recent studies have shown that support for RSA export cipher suites is far more common than previously believed, which is why the vulnerability has been reclassified as high severity, the OpenSSL Project said. The new OpenSSL patches also address eight moderate-severity flaws, some of which can also be used for denial-of-service attacks under certain conditions, as well as three low severity issues.

Quote for the day:

"Truly successful decision making relies on a balance between deliberate and instinctive thinking." --Malcolm Gladwell

March 21, 2015

IoT and smart devices need ethical programmers, says Gartner
At Level 3, Evolutionary Ethical Programming, tech companies would need to introduce ethical programming as part of a connected device that learns and evolves, because the more a smart device does learn, the more it departs from its original design. Here the user would maintain overall control, but the smart device would have some degree of autonomy. How future devices are trusted by users will become key at this level, said Gartner. For example, if a smartphone app is not trusted to report your business expenses accurately, or if an autonomous car was not trusted to safely navigate a dangerous stretch of road, the user would be able to take back control.

Goodbye, Internet Explorer
The changes both to the browser and the branding make a lot of sense. Internet Explorer, first released in the mid-1990s, dominated the browser market at its peak in the early 2000s, but it came to be associated with poor security and compatibility with other browsers and has since languished. Spartan’s success is critical if Microsoft is to remain relevant in the Web browser business—a market in which it used to dominate but now trails Google’s Chrome. According to data from StatCounter, in February, Chrome had 43.2 percent of the global browser market (including desktop, mobile, and other platforms), while Internet Explorer captured 13.1 percent and Firefox had 11.6 percent.

Artificial Intelligence Is Almost Ready for Business
The biggest application of Watson has been in health care. Watson excels in situations where you need to bridge between massive amounts of dynamic and complex text information (such as the constantly changing body of medical literature) and another mass of dynamic and complex text information (such as patient records or genomic data), to generate and evaluate hypotheses. With training, Watson can provide recommendations for treatments for specific patients. Many prestigious academic medical centers, such as The Cleveland Clinic, The Mayo Clinic, MD Anderson, and Memorial Sloan-Kettering are working with IBM to develop systems that will help healthcare providers better understand patients’ diseases and recommend personalized courses of treatment.

Premera, Anthem data breaches linked by similar hacking tactics
One of Deep Panda’s attack methods is to create fake websites that imitate corporate services for companies. In Anthem’s case, the attackers set up several subdomains based on “,” which were designed to mimic real services such as human resources, a VPN and a Citrix server. By targeting Anthem employees with phishing emails and luring them to the fake sites, it may have been possible for the attackers to collect the logins and passwords and eventually access the insurer’s real systems. ThreatConnect, an Arlington, Virginia-based security company, found that Premera appears to have been targeted by the same style of attack.

Facebook releases open source ORC reader for Presto
"The level of SQL functionality that's implemented in Presto I think is unprecedented in the Hadoop world," Navruzyan says. "They decoupled the distributed SQL query engine from the underlying data store. This was a really great design decision." ... "We are always pushing the envelope in terms of scale and performance," writes Dain Sundstrom, a Facebook software engineer and creator of Presto. "We have a large number of internal users at Facebook who use Presto on a continuous basis for data analysis. Improving query performance directly improves their productivity, so we thought through ways to make Presto even faster. We ended up focusing on a few elements that could help deliver optimal performance in the Presto query engine."

Agile and Enterprise Architecture
“The real value of enterprise architecture is not in making better architectures…it’s in making a better enterprise” Gary Doucet, Chief Architect, Government of Canada Treasury Board of Canada Secretariat GC. How does enterprise architecture support agile that seems to focus on “light” processes? Are the two concepts in conflict with one another? In my view they complement one another ... True agility enables teams to have access to accurate as-is content as modeled artifacts and to move towards to-be artifacts in a collaborative managed environment. This implies that models are not only used in projects, but also in daily operations i.e. managing change requests and service requests.

Latest Dridex Campaign Evades Detection with AutoClose Function
“The user is enticed to enable macros and open the attachment, and when they open it, they see a blank page and, under the hood, nothing bad happens,” said a Proofpoint advisory. “Instead, the malicious action occurs when the document is closed. The macro payload, in this case, listens for a document close event, and when that happens, the macro executes.” The use of this type of VBscript function, Proofpoint said, is effective against sandbox detection capabilities. Malware that delays execution isn’t necessarily a new evasion tactic, but attackers have been getting innovative about side-stepping security protections in place. For example, sandboxes and intrusion detection software became wise to short delays in execution times. By executing only when the document closes, this current string of Dridex seems to have taken the next step.

Virtual Reality Advertisements Get in Your Face
The huge value of the online advertising market suggests it could be lucrative to experiment in this area. According to Magna Global, a media market researcher and investor, digital media revenue rose 17 percent in 2014 to $142 billion. It’s expected to climb another 15 percent to $163 billion globally this year. Dallas-based Airvirtise certainly hopes advertisers will be willing to try to reach people inside virtual scenes. It’s working on virtual 3-D models that are integrated with real-world locations, which it discerns from longitude, latitude, and elevation—think a giant Angry Birds game in a park or a life-size virtual car you can walk around.

Web Application Firewalls - Enterprise Techniques 
WAFs compare requests to generic attack signatures and application specific policies for the web application being protected and alert or block violations. A WAF can follow a positive or negative security model to develop security policies for an applicatin. ... The negative security model is acchieved by compiling a list of attack signatures, comparing web traffic against those signatures blocking the traffic that matches. Blocking only what is known as bad is considered the more functional approach in business perspective. ... negative security model does not provide protection against unknown attacks.

Public sector slow to pick up on the internet of things, says Gartner
"The majority of IoT spending for smart cities will come from the private sector. This is good news for technology service providers (TSPs) as the private sector has shorter and more succinct procurement cycles than public sectors and cities," said Bettina Tratz-Ryan, Gartner research vice-president. Tratz-Ryan urged technology companies to plan, engage and position their offerings now, or risk missing out on the money-spinning opportunities. “We expect commercial IoT implementations to be used across multiple industries, such as smart energy, environmental service or journey planning, which will offer TSPs the opportunity to monetise IoT by building IoT-related service models," said Tratz-Ryan.

Quote for the day:

"The measure of success isn't if you have a tough problem, but whether it's the same one you had last year." -- J.F. Dulles