May 31, 2015

IT party is over. Now's the time to reinvent or die
What's happening in the industry is `creative destruction'. New technologies are destroying old jobs but creating many new ones. There is an insatiable demand for developers of mobile and web applications. For data engineers and scientists. For cyber security expertise. So for anyone who is a quick learner, anyone with real expertise, there will be abundant opportunities. ... While India may have a big challenge overall in creating enough jobs for its youthful population, at the individual level there is no shortage of opportunities. The most important thing is a positive attitude. The IT boom was a tide that lifted all boats -even the most mediocre ones.However, this has bred an entitlement mentality and a lot of mediocrity . To prosper in the new world, two things will really matter.

Virtual Eyes Train Deep Learning Algorithm to Recognize Gaze Direction
The problem here is that large databases of this kind do not exist. And they are hard to create: imagine photographing a person looking in a wide range of directions, using all kinds of different camera angles under many different lighting conditions. And then doing it again for another person with a different eye shape and face and so on. Such a project would be vastly time-consuming and expensive. Today, Erroll Wood at the University of Cambridge in the U.K. and a few pals say they have solved this problem by creating a huge database of just the kind of images of eyes that a machine learning algorithm requires. That has allowed them to train a machine to recognize gaze direction more accurately than has ever been achieved before.

Best Kept Secrets for Successful Data Governance
Across industries, a growing number of organizations have put data governance programs in place so they can more effectively manage their data to drive the business value. But the reality is, data governance is a complex process, and most companies practicing data governance today are still at the early phase of this very long journey. In fact, according to the result from over 240 completed data governance assessments on, a community website dedicated to everything data governance, the average score for data governance maturity is only 1.6 out of 5. It’s no surprise that data governance was a hot topic at last week’s Informatica World 2015.

Where are the self-tuning systems?
In 2015, self-tuning systems mostly don’t exist. Every single piece of software still relies on magic numbers found empirically or pulled out of thin air, by developers or by users, possibly manually adjusted later in order to get closer to an acceptable security/reliability/performance balance. Collecting system, application and network metrics is a long-solved problem. Accessing all the knobs in a unified way remains an unsolved, but engineering-only problem (that systemd is bound to tackle at some point). Databases, network stacks, and virtual memory managers have been partly self-tuning for a long time, but only partly. Cluster resource managers/schedulers are pretty smart, but still rely too much on parameters whose value has to be chosen by humans.

The Persuasiveness of a Chart Depends on the Reader, Not Just the Chart
The user’s attitude matters. Research from Ansul Pandey and colleagues at New York University indicates that the persuasive power of dataviz may not be perfectly universal. The success of a visualization seems to be dependent on the initial attitude of the person assessing it. When participants in their study didn’t have strong opinions about the message being conveyed, visuals persuaded effectively. But they were less effective when participants held strong opinions in opposition to the message being conveyed. This makes sense. It takes more to convince someone who doesn’t believe you than someone who simply doesn’t know or doesn’t care. But there’s more. Those with stronger opposing views were more likely to be swayed when a disagreeable message was presented in the form of a table.

The real reason why micro SD card slots are disappearing from smartphones
The reason that smartphone manufacturers are ditching micro SD card slots in their devices, especially at the high end, is money. Manufacturers can't charge a premium for an SD card slot, but they can charge a $100 for a few extra gigabytes of flash storage. What Apple began with the iPhone, other manufacturers are now doing with their smartphones. And from a making money point of view, it makes good sense. A 128GB iPhone 6 costs the consumer $200 more than the 16GB version, but adding that extra storage costs Apple less than $50. For the consumer, this means having to decide up front how much storage they plan to need over the lifespan of the device, and a lot of hassle or even early obsolescence if space becomes an issue.

Google Wants You to Control Your Gadgets with Finger Gestures, Conductive Clothing
“You could use your virtual touchpad to control the map on the watch, or a virtual dial to control radio stations,” said Poupyrev. “Your hand can become a completely self-contained interface control, always with you, easy to use and very, very, ergonomic. It can be the only interface control that you would ever need for wearables.” Poupyrev also showed how he could perform the same motion in different places to control different things. He used the scrolling gesture to adjust the hour on a digital clock, then moved his hand about a foot higher and used the same motion to adjust the minutes. No details were given on what kind of devices the radar sensor might be built into.

How the cloud helped police warm up to body-worn cameras
While the cloud has paved the way for the data-intensive process of managing these cameras, the technology still has room for improvement. Automatic syncing of video footage from the camera to the cloud sounds ideal, but it's simply not practical yet. With Vievu, for example, officers need to bring their cameras back to their department headquarters, manually connect them to a PC, and load the footage to the cloud storage system on their own. Although the software is designed to prevent officers from tampering with the footage before storing it in the cloud, the process still leaves room for error. Policies may mandate that officers upload all of their footage, but that likely won't stop an officer with something to hide from destroying the device before immortalizing any incriminating footage.

CoderDojo’s vision to bring coding to every child in every school
The dream of bringing CoderDojo sessions like this to young people around the world may sound ambitious, but Mizzoni sees little difference between this and the establishment of sports clubs in school environments. “It’s important that every child is exposed to coding in some shape or form at school,” she said. “It’s like [the way] you might learn football in your PE class in school and, if you got a real interest for it, you’re going to go and join a football club, and that’s what CoderDojo is. It’s fun, it’s social, it’s informal learning. There’s no curriculum. It’s about kids learning what they want to learn and building what they want to build, so it’s entirely different to a school environment.”

7 Questions For The Guy Who Designed Minority Report's Futuristic UIs
Even if you don’t know the name "John Underkoffler," you surely know his work. His gesture-based interface for Minority Report influenced the 13 years of of user interface and hardware innnovation that have followed. But Minority Report's magical UI is only one of many products to come from both his his days at MIT and his LA studio Oblong. And his consistent quality is why he received a 2015 Cooper Hewitt National Design Award for interaction design. In recognition of the win, Underkoffler agreed to go through our seven-question wringer.

Quote for the day:

"I don't believe in taking foolish chances. But nothing can be accomplished without taking any chances at all." -- Charles Lindbergh

May 30, 2015

How wearables will shape the future of mobile payments
PayPal's Varun Krishna, senior director of its consumer wallet division, sees wearable computing as a significant opportunity for the company that will eventually "give rise to more connected, more personal experiences." ... "Wearables provide connectivity at a point that mobile apps can't," Krishna says. "By nature, they're more connected to the user than a phone can be." However, Krishna stressed that the mass adoption of wearables for mobile payments will hinge on the size of the "acceptance network," or the number of retailers and destinations that support a wide variety of digital payment options. PayPal is aggressively trying to develop and expand that acceptance network, according to Krishna.

The biggest news from Google I/O? That the search giant is streamlining
Sundar Pichai, the senior vice president in charge of projects like Android and Maps, spoke about the need for refinement and streamlining. This is a trend that makes sense for anyone who has followed tech for more than a few years. Before the days of Facebook and Twitter, and even before Google became a tech monolith, those in IT circles spent many long hours in meetings with business groups trying to explain the need for simplicity. In the 90s, IT admins tried to explain how it makes more sense to use one main operating system for all computers. Then, we tried to explain that everyone using a different app for business purposes or even a different phone didn't make sense.

Microsoft Universal Mobile Keyboard is the best in class
The mechanical operation feels natural when typing, a product of the key spacing, large keys, and width of the keyboard. The experience rivals that of many laptops, at least those with nice keyboards. The keys on the Microsoft model go all the way to the edge of the unit, which is as wide as the iPad. Microsoft uses dedicated keys for the tablet control functions that are commonly found on keyboards, e.g. Home, Back, volume controls. This is great, as it means there is no need for using the Fn key in combination with another key to control the tablet. There is a small power button on the right edge of the unit, although the keyboard turns on when the lid is opened. There are two rubber strips on the bottom of the keyboard unit that keep it from moving, even on a relatively slippery surface.

Is your organisation throwing big data down the drain?
The problem is that today, the term 'mobile technology' in business is often synonymous with the use of consumer-grade smartphones. However, consumer smartphones are not equipped to deal with the stresses and strains of large and complicated workplace environments.  In many sectors, consumer-grade smartphones simply do not equip employees with the ability to safely access data or analytics on the go. With the proliferation of consumer device use, many companies have resorted to strategies incorporating consumer devices and implementing BYOD strategies in an attempt to give employees efficient access to data. This brings with it a whole host of compliance, security, technology and accessibility issues.

Top 8 Smart Devices For The Kitchen Of The Future
The Internet of Things is building the kitchen of the future. Everything from an app to turn on your coffee maker to a pan that monitors heat on your iPhone to cook the perfect steak is so close we can (almost literally) taste it. ... This one aims to be an easy-to-use kitchen baking scale that guides you through select recipes connected to an iPad app. You pick out which recipe you want on the app and then place a bowl on the bluetooth connected scale, drop in each ingredient until the app says you have added enough into the bowl and follow along with the instructions to make the perfect cake, cookies or whatever else you desire. ... The HAPIfork is an electronic fork that helps you monitor and track your eating habits for weight loss. It measures how long it took you to eat, the amount of fork servings and the time in between servings.

Household Robots Are Here, but Where Are They Going?
They can’t wash windows or make an omelet. “When they can do physical work, that will be much more compelling,” Mataric says. Roboticists hesitate to guess when that will happen. “Eventually, they’ll be able to make gumbo,” says Cynthia Matuszek, a robotics researcher at the University of Maryland, Baltimore. But “multiple decades” is her closest guess to when that will be. In the meantime, social robots can perform fairly simple tasks, with varying degrees of success, in response to voice commands. Echo goes by the name “Alexa,” So you can say “Alexa, play the new Mumford & Sons album,” and it will do so. Or you can ask it for the weather forecast. Jibo, meanwhile, can engage in simple conversations, as it swivels and wriggles about and displays video images. It can teach kids languages, or, sitting on the kitchen counter, teach adults recipes.

Trusting the ecosystem that sustains and maintains the Internet of Things
IoT ecosystem trust needn’t be tied purely to IoT security, in terms of my discussion in this IBM Data magazine article from 2013. Trusting IoT ecosystems involves more than making sure every IoT manufacturer, service provider and application developer isn’t planting malware. It also requires a more comprehensive certification of confidence in the provenance and ongoing maintenance of every element that anyone in the ecosystem might provision into the Internet of Things. Certification is not too strong a word to describe what’s needed. Having some rudimentary degree of certification-based trust across the IoT ecosystem would enable all users to count on some basic assured level of reliability, availability, isolation, performance and interoperability associated with any endpoints or infrastructure nodes, considered individually or in various combinations.

CIO interview: Billie Laidlaw, RSPCA
“I’m always mindful of cost. Is it the right thing to do? Can we really spend any money on anything other than the animals? We are considering this all the time,” says Laidlaw. And with the organisation largely dependent on donations, she’s acutely aware that supporters are motivated by animal welfare concerns, not the state of the charity’s IT systems, when it comes to parting with their cash. “When they put a pound in a collecting tin, they’re not thinking, ‘Oh, wow, that’ll go towards the cost of a new customer relationship management [CRM] system or reporting suite’, they’re thinking about how their contribution will make a difference to a kitten or dog in our care,” says Laidlaw.

Not Your Father's EMC
The benefits to the customer are clear – more features, more quickly, without lock-in. “And free?” I hear you say. Not necessarily. I still believe that most customers will want to buy a complete working system (hardware + software + service) and for that they will be happy to pay. I do not believe we are heading back to a world where organizations buy component parts to spend days and weeks doing self-assembly. With that in mind, last week, we announced the CoprHD open source project, essentially a release of the ViPR Controller source code into the community. I’ve been very clear that this project is merely the first we’ve picked and it is a part of a much more expansive open source effort you’ll see roll out over the next year.

From Doodles to Delivery: An API Design Process
Succeeding with an API design means designing an interface whose usage fosters its purpose. As API designers, each decision we make has an impact on the success of the product. There are big decisions to be made, such as the transport protocol that the API will use, or the message format that it will support. But, there are also many smaller decisions related to the controls, names, relationships and sequences of an interface. When you put them together, all these decisions drive a pattern of usage. If you’ve made only good decisions, then that pattern will support and foster the purpose of the API perfectly. If you want to make a correct design decision, you’ll probably need to make the wrong one first and learn from that experience.

Quote for the day:

"Commitment doesn't guarantee success, but lack of commitment guarantees you'll fall short of your potential." -- Denis Waitley

May 28, 2015

NSA chief: Encryption isn't bad, it's the future
"Can we create some mechanism where within this legal framework there's a means to access information that directly relates to the security of our respective nations, even as at the same time we are mindful we have got to protect the rights of our individual citizens?" Encryption is a hot topic right now: following the revelations by NSA-contractor-turned-whistleblower Edward Snowden about the scale of internet surveillance by the intelligence agency, many more companies have started encrypting their customers' communications. However, the growth in such communications has in turn led to fears from intelligence agencies and law enforcement - particularly in the US and UK - that, by using uncrackable encrypted communications, criminals will be able to plot in secret.

20 Expert Tips on Integrating Mobile and Cloud Strategies
“Put an API layer between mobile and cloud,” advised Chris Purpura, VP of digital enterprise strategy, MuleSoft. “Most mobile applications need to access many backend services, which might include identity, CRM, location, storage, social graph, customer history, and payment status… With an API strategy and platform in place, you can easily swap or update services behind the scenes.” To fast track your mobile development efforts, Jeff Bolden, managing partner, Blue Lotus SIDC, suggests you utilize the mobile SDKs offered by public cloud providers to take advantage of the server PaaS you are using. Do it with some trepidation, warned Bernard Golden, VP of strategy, ActiveState,

What scares you most about ‘the cloud’?
Beyond eliciting the usual tick-box survey responses, one of the questions included in the study simply asked: “What is the scariest or most bizarre business use of cloud services you have come across?”, letting participants type whatever they wanted in response. Our aim was to bring to life some of the dangers associated with the inappropriate use of cloud, which are so easy to ignore when discussed in an abstract or theoretical manner. On the ‘bizarre’ front, apart from a couple of references to employees being caught uploading their porn-collection so they always had it at hand (ahem), we didn’t hear much of general interest. On the subject of ‘scariness’, however, we received a lot of responses that collectively illustrate some of the most common challenges.

CTOvision Interviews RADM Paul Becker, Director for Intelligence, On The Cyber Threat
Better defenses are imperative. But it is also important to put in place, better Information Sharing with those who can help: That is to say if you are in industry and being attacked and you know it, you need to be incentivized to ask for help. No one can beat an adversary like Russia or China alone. Tell the local law enforcement or the FBI that you're being attacked. And call in professionals from industry who know how to rapidly assess and react to breach. Studying the high-end threat should also lead you to think through how to protect your most important data. Prioritizing protection around your crown jewels will enable you to mount a better defense and perhaps contain damage while you are signaling for help.

Pictionary Agile Retrospectives
Practice team he works with looks for creative ways to breathe life back into stale retrospectives. They love to embody techniques that require engagement from the WHOLE team, and prevent a few strong personalities from taking over the session. Teams get bored when they have run the sailboat six sprints in a row. They get even more bored when the cadence reverts to “what went well” and “what did not go well”. It´s easy for teams to go through the motions when retrospectives get boring, and their suite of retrospective techniqueswill definitely prevent boredom from creeping into your team’s mindset.  This technique is what they call “Pictionary”, and requires your team to rely on their art skills to convey improvement opportunities throughout the sprint.

Managing a cloud computing project
Cloud computing can both simplify a project (since capabilities already exist and providers want to help) and make it more complex (since not all required features or qualities may be readily available). Each cloud project should be planned and organized to fit its user’s requirements and to ensure sufficient control is applied to the processes. ... The on-demand availability of cloud resources can present interesting opportunities for the PM to move some activities forward, to eliminate some activities, and to apply more agile design, development and continuous improvement processes. For example, testing on a production platform, access to common security functions, pay-as-you-go billing are areas of focus in cloud computing projects that are either glossed over or taken for granted on traditional projects.

Meeker: Internet Has Only Begun Changing Our Lives
Time spent with digital media per day has shown regular growth -- from 2.7 hours a day in 2008 to 5.6 hours today. Mobile computing is almost entirely responsible for that growth. Use of a desktop or a laptop computer as the means of access has remained basically steady at 2.4 hours a day. Access via mobile device has increased from .3 hours to 2.8 hours, now accounting for 51% of the total, Meeker said. The growing use of mobile opens the door for more mobile advertising. Mobile users account for 24% of the time spent on the Internet but just 8% of the $50 billion in advertising dollars spent trying to reach Internet consumers. That means there's a $25 billion opportunity remaining for new mobile advertising, Meeker said.

How your employees put your organization at risk
The danger is more than a potential work-place harassment lawsuit. Most of these sites often hide malicious content within links. That's how websites offering free adult content make their money, through installing malware on your computer. So it's less about the content employees are accessing, and more about the threats that lie within the links, according to Joseph Steinberg, cybersecurity expert and author. Steinberg points out that the threat is greater than websites offering free pornography. It also includes "anything that has pirated software and movies," he says. "A lot of them are actually in the business of putting malware onto computers. So it's not just the blocking for the sake of preventing the employee from doing something wrong, it's also preventing damage to the businesses computers and potentially data."

Five ways retailers can start using IoT today
The Internet of Things (IoT) is viewed as a major driver of the third Industrial Revolution. There is no question that the connectivity of "things" will only continue to affect how businesses run in the future. However, retail and CPG companies should avoid chasing after the 'killer IoT application' that promises to solve all their problems. Rather, they should focus on near-term IoT use cases that will demonstrate positive returns on investment in IoT, lay down the groundwork, and prepare the organization for that yet-to-be developed 'killer IoT application'. ... With the massive number and variability of SKUs in the retail supply chain, retailers face an ever-growing challenge of being able to properly manage and understand where the inventories are. In the near term, retailers should use IoT to focus on inventory. Here are areas where the IoT can be employed to improve retailers' operations

Dealing with Politics in Agile or Lean Teams
Politics seems to me seems to occur because of internal motivations and interpretations of individuals about what’s going on around them. Although Agile/Lean might make activities, intentions and outcomes more clear, it doesn’t control the motivations and interpretations of the individuals who are doing the activities, having the intentions and dealing with the outcomes – so that’s all still prone to delusion, aversion and misunderstanding if you don’t have good facilitation. For instance, one of the key complaints about stand-ups is that they run too long or are ineffective. A pattern you will notice in stand-ups is that although it appears that the team have transparency because people are displaying their current status openly, they can still (and do) generate politics inside, before and after that standup – just because its natural for human beings to try to influence outcome to their own agenda

Quote for the day:

"Leadership is a dynamic process that expresses our skill, our aspirations, and our essence as human beings." -- Catherine Walker

May 27, 2015

CIO Interview: Mike Young, CIO, Dentsu Aegis Network
“One of the issues CIOs have to contend with is how to bring the data story together while doing this other stuff around the tech,” says Young. “We’ve deliberately made our IT transformation process a move to simplified architecture rich in collaboration toolswith one provider – Microsoft – to allow us to tap into the simplified data architecture that gives us,” he says. The hub, which is based on Cloudera, has a service-oriented architecture and allows the firm and its clients to analyse customer data and adapt their marketing strategy to boost sales. The hub hosts global applications that are available to all clients, connecting them to the big data system, and allows use of a statistical model called “R”, allowing on-boarding, cleansing and analytical insight, all in real-time.

Deliver Infrastructure at the Speed of Need
Working in tandem with VACS, Cisco UCS Director combines the virtual network fabric and services with compute, storage and virtualization components to deliver infrastructure templates. These templates deliver infrastructure pre-configured to the specific application’s needs, such as Puppet on Windows, SQL with high availability, dev/test environments or multi-tier generic infrastructure instances. Now for the real magic. The built-in Stack Designer with Cisco ONE Enterprise Cloud Suite enables application architects to combine infrastructure templates with application components to create automated application services. These application services can be deployed, via the self-service portal, into private or hybrid cloud environments within minutes.

Data breach costs now average $154 per record
According to the Ponemon report, data breach costs varied dramatically by industry and by geography. The US had the highest per-record cost, at $217, followed by Germany at $211. India was lowest at $56 per record. Sorted by industry, the highest costs were in the healthcare industry, at an average of $363 per record. The reason, said Barlow, is because the information in a medical record has a much longer shelf life than that of, say, a credit card number. "With credit cards, the time frame from the breach to mitigation is very short," he said. The credit card company just has to cancel the old credit card number and issue a new one, he said. "But the healthcare record can be used to establish access in perpetuity," he said, pointing out that healthcare records include a wealth of personal information as well as Social Security numbers and insurance numbers.

New Image Compression Technique Helps Reduce Image Payload
According to the May 2014 Forrester Research report entitled “Optimize Your Responsive Website Performance To Overcome Mobile Hurdles,” reducing the image weight with resizing and variable compression techniques — as appropriate to screen size and resolution — significantly reduces time-to-first-render and time-to-first-interaction. “As we see web browsing behavior continue to spike across multiple devices, browsers and connection speeds, a fast and consistent delivery experience is more important now than ever” says Kent Alstad, vice president of acceleration, Radware. “Designed to be fast and easy to implement, the click of one button allows an image to be compressed with up to an 80% image payload reduction despite the browser the end user has chosen, and virtually no difference in image quality.”

Big data helps Conservation International proactively respond to species threats
From our perspective, what we want to do is get the best available data at the right spatial and temporal scales, the best science, and the right technology. Then, when we package all this together, we can present unbiased information to decision makers, which can lead to hopefully good sustainable development and conservation decisions. These decision makers can be public officials setting conservation policies or making land use decisions. They can be private companies seeking to value natural capital or assess the impacts of sourcing operations in sensitive ecosystems. Of course, you never have control over which way legislation and regulations can go, but our goal is to bring that kind of factual information to the people that need it.

Employees know better, but still behave badly
Ironically, employees working in the IT sector were among the worst offenders, with only 12 percent saying that they had not engaged in any of these risky behaviors, second only to charity and non-profit employees, at 5 percent. ... The highest level of awareness, overall, had to do with opening attachments from unknown sources and viewing adult content on work devices. On average, 73 percent of respondents rated each of these behaviors it was risky or seriously risky. Only 2 percent said that opening attachments from unknown senders posted no risks, and only 3 percent said the same about adult content. However, 20 percent admitted to opening those attachments, and 6 percent to viewing adult content at work.

More responsive PSN security compliance regime goes live
Public sector bodies will now need to take five steps towards completing an application for a PSN connection compliance certificate. These involve completing a Code of Connection (CoCo); providing a network diagram; providing an IT Health Check (ITHC) report; updating contact details; and, finally, submission. Of these steps, CoCo completion remains the heaviest burden, and will cover the nature of the infrastructure that the council wishes to connect. This includes information such as network size, user numbers, number of sites and number of IP addresses on the network.

Semantic Technology Unlocks Big Data's Full Value
While organizations realize the potential of effectively incorporating data into multiple facets of their business, many are unsure as to how to best take action upon this insight. Consider the amount of data generated on an on-going basis in the financial services space alone; there is transaction data, consumer data, market data, regulatory data—the list goes on. The volume of information alone can be staggering and many organizations may not even have the appropriate tools to access all of their data. This is where semantic technology comes into play. At the highest level, semantic technology gives meaning and context to both structured and unstructured data, and makes it actionable, thereby solving major challenges financial institutions are facing when it comes to realizing the full value of their data.

Apple Pay’s weakest link
In order to use Apple Pay, the user (or the fraudster, it turns out) must enter pertinent information about her credit or debit cards. In addition to the static card information from the user, Apple provides the issuing bank with some low-level information on the user, such as the device’s name and location. But when a fraudster gets the card information in conjunction with a hijacked Apple iTunes account, all of that information too can be spoofed, thereby allowing fraudsters to enter their victims’credit card data into an iOS device. Once the credit card data is entered and accepted (by the banks) into Apple Pay, it becomes as powerful to the fraudster as a physical card. It can even then be used at any of the brick-and-mortar companies that accept Apple Pay because they will think the fraudster has possession of the card.

Net neutrality could become law in Italy - unless internet users would rather opt out
"The premise of the bill is that having neutral access is a right and the providers cannot strip their users of it. At the same time, users can give up that right by voluntarily asking for prioritization of sort, provided that they do it voluntarily and without having been induced to," Quintarelli said. For example, a customer might ask that, on top of their normal (neutral) subscription, their VoIP traffic should be treated as privileged on their access loop so that they could keep having conversations even when, say, some heavy file transfer is going on. The same thing could be put in place for IPTV or cloud backup services' traffic. "But it must be the customers asking for it because it fulfills their needs," Quintarelli said.

Quote for the day:

"With ordinary talent & extraordinary perseverance, all things are attainable." -- Thomas Foxwell Buxton

May 26, 2015

How to Better Guard Against a Security Breach
Despite their investments in SIEM and the notable progress in developing strategy and policy, barely half (51%) of survey respondents that utilize security and event log data have strong confidence in their ability to detect or mitigate breaches. That may reflect the continuing focus on perimeter protection and firewall technologies—the top priority for coming investments, according to 56% of survey respondents. Interestingly, that’s despite the growing industry-wide recognition that building higher fences is no longer a viable security strategy in the face of sophisticated cyber assaults. Many enterprises “are investing, typically, in the same things they invested in last year and the year before,” says Schou.

Q&A on the Book More Fearless Change
The primary purpose of a pattern is to document a common, recurring problem with ​the solution that has been validated. This is why they are called "patterns"​ -- because the problem and solution have been seen in more than one instance. So, each of the Fearless Change patterns is not simply the idea of one person-- rather, each one has been used by different types of change leaders in different environments. Therefore, others can use the patterns ​knowing that they have been shown to work. In addition, each pattern documents the benefits and challenges of using ​ it​. Therefore, leaders of change can not only feel confident in the solution, but will also know the consequences. And, when each individual pattern is combined with other patterns (in the form of a pattern language), the organization now has a collection of powerful strategies for addressing complex problems.

Identity Management in the Cloud Goes Beyond Security
IAM (identity and access management) is clearly the best security model and best practice for the cloud. That’s why some cloud providers, such as AWS, provide IAM as a service out of the box. Others require you to select and deploy third-party IAM systems, such as Ping Identity and Okta. But you should be thinking of identity management not only as a security technology, but also as a business driver. Thus, when you deploy IAM, you need to focus on the core business processes and on the details around security. This is a shift from the recent thinking in which the business drivers were largely out of IT’s consideration. Enterprises that develop mature IAM capabilities can reduce their identity management costs and, more important, become significantly more agile in supporting new business initiatives.

Agile security lessons from Aetna and the state of Texas
Moving to an agile model can make some traditional security professionals nervous, he said, especially those with a command-and-control view of the process. "There's a perception among security people that developers don't care about security," he said. But agile offers security employees the opportunity to become resources early on in the development process, instead of coming in afterwards and looking for mistakes. "Which is still an important thing to do. but you don't want your development team to have all the interactions with the security team be negative," he said. "That creates a pretty toxic environment."

Entertain, inform, and connect with the AT&T ZTE Spro 2 Smart Projector
While the device works fine without a connected power source, you are limited to low and medium (100 lumen) brightness. In order to experience the full 200 lumen output, you need to connect the external power source. With dimensions of 5.3 x 5.2 x 1.2 inches and 19.4 ounces, the ZTE Spro 2 is quite portable. ZTE also includes a carrying case that holds the device, charger, and HDMI cable. The device is powered by a Snapdragon 801 quad-core 2.0 GHz processor, Adreno 330 GPU, 2GB RAM, 16GB integrated storage, WiFi, and Bluetooth. ... It performed flawlessly, projecting onto blank walls with good brightness and even included audio. I connected external speakers through the audio out port and also tested Bluetooth audio output, both of which were much better than the small internal speaker.

How a change in thinking can stop 59% of security incidents
So, how do you approach this problem with employees? ISO 27001, the leading information security standard, offers a less attractive, yet much more effective approach to this problem: (1) strictly defining the security processes, and (2) investing in security training & awareness. The security experts who developed this standard long ago realized that the technology itself cannot resolve the organizational and the people issues: technology is only a tool; it is only a part of the wider picture. Or, to view this issue from the management theory point of view, the organization is basically a mixture of three essential elements: people, processes, and technology.

NoSQL Databases: comparing MongoDB, HDInsight, and DocumentDB
Availability is not a problem with both MongoDB and DocumentDB. MongoDB ensures there is high availability through the configuration of a secondary server to act as the primary server when the primary server goes down. DocumentDB uses the Azure feature to manage server availability. DocumentDB is designed specifically for web applications and mobile devices. This means you will not get the best from it if you are not using web applications or mobile devices. ... For consistency, both DocumentDB and MongoDB are good options because they use ACID properties (at the document level) to ensure safe updating of documents. If there is error, the operation rolls back. With MongoDB, developers can specify the write concerns.

Hybris-as-a-Service: A Microservices Architecture in Action
Micro Services are a new paradigm for software architecture: small services in separated processes take the place of large applications. This way monolithic architecture can be avoided, and systems are easily scalable and changeable. The microXchg conference looks at a variety of aspects of Micro Services. ... Andrea Stubbe explains how to create cloud applications with microservices using Hybris’ platform and API. Andrea Stubbe is Product Lead of the core part of the as-a-service product at Hybris. Having been a software developer for most of her career, she loves working on an architecture that addresses many of the problems and challenges she has observed in earlier projects. She also finds this a perfect fit for lean and agile development principles.

5 Critical Ways to Take a More Collaborative Approach to IT Security
First, it seems that most organizations‘ approach to security is inward-focused. Call it the “outrunning the bear“ response: the IT team at your organization doesn‘t have to be faster than the cybercriminals, only faster than the other organizations trying to outrun them. While about 75 percent of IT security staffers say they have plenty of opportunity to collaborate with peers within their organization, 60 percent say they have little to no opportunity to collaborate with peers at other companies. ... Second, IT security staffers get most of their information about security trends, threats, vulnerabilities, warnings, and technologies not from their peers, but from online forums and cybersecurity news sites.

Mobile Internet To Be Worth More Than Apple By 2018
Despite huge scale and growth, mobile is still evolving. M-commerce remains the primary engine of growth, which is why VCs bet more than half of $41 billion invested in mobile in the last 12 months into m-commerce-related sectors. Mobile advertising is set to leapfrog in-app purchases to move from third to second place in the revenue hierarchy by 2018, as app developers rebalance their business models to capture new opportunities. Enterprise mobility growth continues, although not as fast as the consumer market. Finally, the Apple Watch is helping the wearables sector to gain deeper penetration and revenue.

Quote for the day:

"A leader has the vision and conviction that a dream can be achieved.He inspires the power and energy to get it done." -- Ralph Nader

May 25, 2015

Startup Beams the Web’s Most Important Content from Space, Free
Outernet is putting together the first 100 prototypes of those devices, code-named “Pillars,” and starting to test them in the field. One is up and running in a village in western Kenya. Another is in the Dominican Republic, and a third will soon be installed at a Detroit anarchist community attempting to live off the grid. Outernet’s current signal broadcasts about 200 megabytes of data over the course of a day, making it possible to update content such as daily news and weather forecasts periodically. It covers North and Central America, all of sub-Saharan Africa, Europe, and parts of Asia and the Middle East.

Software Defined Reality – NFD9 Redux
The idea that SDN means networking engineers have to be Python programmers persists in the minds of many and, sadly, the products of many as well. Even just a year ago, the first thing we were being told about any SDN-compliant product was what APIs it supported. Is it RESTful? XML RPC? Does it support OpenFlow fully? Bottom line: we (the sane) are not going to be writing code to program every single flow on a switch using OpenFlow. I believe what we really want is products that support standardized interfaces, yes, but only because we like the idea that somebody other than the product vendor might be able to do a better job of controlling that device.

Your SaaS Metrics Are Wrong if You Include These Customers
Ultimately, when it comes to defining “users” you probably want to start only with those that are actually “engaged” with your product or service (whatever “engaged” means… hopefully it’s well-defined in your world). This means getting away from low-value metrics like “signups” or “installs” or “logins” or even general “activity” and into specific metrics like “contextual activity” or activity that indicates whether the user is doing something from which they will derive value. I’ll be honest… this will likely reduce the number of “users” you have – which will cause a hit to the ego – but it will give you a better, more realistic view of what’s really going on in your business.

How to Make the First Minutes of a Major IT Incident Count
How an IT or DevOps organization communicates during the first few minutes of a service outage is crucial – businesses are negatively impacted by even a IT outage lasting only a few minutes.A recent survey of more than 300 IT professionals by Dimensional Research reveals that finding the right person to restore service takes at least 15 minutes. While IT searches for the right individual, the business is often suffering. However, it doesn’t have to be that way. Here are some ways reduce business downtime and improve the customer interaction significantly: .. If everyone is transparent with communications, the major incident manager can designate someone other than resolvers to proactively communicate what happened and next steps to customers, partners, marketing and public relations teams and executives.

8 Reasons IT Pros Hate The Cloud
Some find it hard to believe that cloud computing is only continuing to gain popularity. Some object to the purely technical issues that pose problems for IT pros who are used to maintaining data and applications in-house. They feel the cloud creates more work for them. Oftentimes, the issue is rooted in the difficulty that IT admins are having transitioning to new roles. With cloud-based infrastructure, platforms, or software, hands-on technical skills aren't needed as much as they once were in IT. Instead, many enterprises seek professionals who can act as systems architects, bringing a high-level vision of end-to-end infrastructure. With time, these and other pet peeves will be resolved. For now, though, cloud hatred is a serious problem.

Big Data: Uncovering The Secrets of Our Universe At CERN
Crunching all of the data collected from monitoring 600 million particle collisions per second would require more processing power than any one organization has at its disposal. To get around this problem, CERN initiated the construction of the Worldwide LHC Computing Grid, utilising computer facilities available to the universities and research groups collaborating on the project, as well as private data and computing centers. This “distributed computing” gives the experiment access to processing power and storage capacity which would be far too costly to build into one data center. It has other advantages over a centralized system – the data can be accessed at greater speed by researchers wherever they are in the world, and if disaster strikes at one location, multiple mirrors of the project exist elsewhere.

The best of jobs, the worst of jobs
All CIOs need the gravitas to be perceived as a peer of the other executives. Without it, they will not garner the respect necessary to manage the corporate project prioritization process. But with many fewer staff than their Fortune 500 counterparts, mid-tier CIOs also need enough technology expertise to be respected by their IT staff and to avoid being viewed simply as a “suit.” The best mid-tier CIOs have a broad set of skills. They are equally comfortable discussing detailed technology options, project management methodologies and shareholder value.

Connecting Big Data, Cloud and Watson to the Car for a Safer Ride Home
Many high-end cars already have electronic stability control plus adaptive cruise control and lane departure warnings. If you merge these technologies together, you get the first step in automated driving. When we make that leap, the car will be able to obtain and process even more information to keep the driver informed. The car will know the street ahead and make the necessary adjustments. In 2016, we will start seeing mass production for semi-automated driving solutions. By 2020, we will be ready for highly automated driving scenarios and fully automated by 2025. One of the main tasks will lie in using the cloud as an information carrier for the vehicle. Automated vehicles will need to know what lies around the next corner – is the road free, or is there a construction site?

Practitioner's Guide to Establishing a SOC
Establishing a Security Operation Center is a necessary step for an organization to be able to detect and efficiently contain a breach. Once you’ve determined to establish a SOC, the next important question to ask is, “how can my organization most efficiently achieve this goal?”  ... When establishing the Security Operation Center it is important that realistic understandings of these constraints are considered in order to ensure that an effective solution is created. If technology already exists, but access to the data cannot be guaranteed due to political reasons, it is of little use. Similarly, if technology is acquired but the overhead required for deployment, integration and management is beyond the capabilities of the current employees then it will be of little help.

The science behind virtual routers and their emerging roles
To understand a virtual router, it's important to understand the elements of a physical router. In its simplest form, a router links two LANs together via a protocol that implements and understands sub-networks and the routes between those subnets. That is, a routable protocol. Moving up a step, routers also link subnets -- via a wide area network (WAN) -- to subnets that are based in different geographic locations. Thus, three components are needed: a LAN interface, a WAN interface and the routing code that can decide which traffic needs to traverse the WAN and how to package it accordingly. When WAN routing first became a viable way to connect geographically dispersed corporate LANs in the 1990s, the routing world was in its "Wild West" phase.

Quote for the day:

"Feedback is the breakfast of champions." -- Ken Blanchard

May 24, 2015

6 Psychological Triggers That Make UX Design Persuasive
You must learn about human psychology to design compelling user experiences. If you understand how the human mind works, it’s easier to get people’s attention and keep it. It’s also easier to get them to take some form of action (like subscribing or buying). But how do you find out what goes on inside the mind of your users? Well that’s where psychological triggers come in. They’re invisible forces that influence and persuade people. And when you use them in your design you can get more people to say yes to what you’re asking. In this post I’ll break down psychological experiments and academic research into simple, actionable steps that can help you design better experiences that lead to more sales online.

5 Smart Ways to Convince your CEO to Go Mobile
A common (and surprising) complaint I have been hearing is the difficulty CIOs and CTOs face in persuading CEOs to extend their business to mobile platforms. Today the mobile revolution seems to be pretty obvious just by looking at Apple’s performance. However, I realized that some are still reluctant to change their success formula. ... As mobile technology is evolving, we are finding newer ways to interact. Apple recently updated touch screens with force touch. Voice assistants are getting smarter, wearable devices have gained interest, fingerprint technology has become a lot better and new payment methods like Apple Pay are available. All these advancements have significant business applications. It’s important to be proactive and be a company that innovates instead of waiting for your industry to change dramatically and then reacting.

Security Concerns Extend to ‘Big Data Life Cycle’
The security flaws in Hadoop are well known. Apache Hadoop was an open source development project with little initial regard for security. As Hadoop’s security problems emerged, distributors and the Apache community began offering security add-ons for access control and authentication (Apache Knox), authorization (Apache Sentry), encryption (Cloudera’s Project Rhino) along with security policy management and user monitoring (the proposed Apache Argus based on Hortonworks‘ XA Secure acquisition). “Hadoop itself is very weak in security. You can be a Linux user and take all the data from Hadoop,” Manmeet Singh, co-founder and CEO of Dataguise, a provider of data masking and encryption tools for Hadoop, told Datanami last November. “The problem is the insider threat. Anybody can walk away with billions of credit card numbers.”

The City of Burnaby’s CIO offers an Internet of Things reality check
“What we’d like to get to is really to start thinking of these sensors more out of the optimization of the business process to how we can do things better as a city,” she said. This could include smarter traffic flows, remote proactive information before infrastructure fails, or being able to email citizens or send out tweets about something important happening in their area. Other use-case scenarios for sensor-based technologies today is on the City of Burnaby’s pump stations, which Wallace said are used to remotely monitor things like pressure flow and depth. “What really interests me is the education piece: if your water usage has gone up for 20 percent, for example, this is what it means for our reservoir,” she said. “Some of these things we’re doing were not called the Internet of Things. They were just things good cities did.”

Banking on IT Governance: Benefits and Practices
In banking today, more systems, applications and services are exposed to the customer through self-service channels which have a direct bearing on customer experience. They can create significant opportunities but increase the risk of poor performance. Thus, quality of IT governance has become an important tool for managing risk and marketplace effectiveness. However, IT governance comes with a slew of risks, and the distinctions among them are distorted with the merger of people, process and technology. This can lead to a serious impact on operational effectiveness. There is a need for security governance within banks, which entails building a robust framework and laying down a comprehensive information security policy. In addition, it relates to creating a data prevention framework for minimizing data breach.

Halamka and Branzell Urge CIOs To Be “Revolutionaries”
It is particularly difficult now that CIOs are pelted daily with new requests and demands from inside and outside their organizations, Halamka said. “People say, ‘OK, I get it, we need to be prepared for the accountable care future, we need to prepare for care management and care in the home, and even though there’s this cool project that some stakeholder wants, we really don’t have the bandwidth for that.’ And so what not to do” as a CIO “is as important as what to do, because each of us gets this laundry list of hundreds of things that stakeholders wants.” He said with a bit of humor, “The technique I usually use is not to say ‘no’; ‘no’ is such a negative word, so loaded with emotion. So, I say, ‘not now.’” Meanwhile, he added, “My role on the resource side is not to create fear, uncertainty and doubt, but to explain to the board what we need to do.”

DAM and the Art of Governance
A good DAM manager, like a librarian who is differentiating between reference-only items and circulating materials, will keep records. These may take the form of spreadsheets or flowcharts in a secure location delineating user group permissions, asset restrictions, metadata fields both required and optional, workflows, controlled vocabulary terms and taxonomy structure. The most important aspects of the governance strategy are the organizational buy-in on the policies for digital asset management and the documentation of these rules. The benefit will be the ease of decision-making enabled by an established governance plan. Don’t worry about how formal or official these policies may be – the value is in having the discussions leading to the creation of the governance plan and simply in having it all written down.

Three Ways Data Breaches Are Reshaping Data Governance
With the public increasingly cognizant of the amount of personal data they share with businesses, the organizations that collect this information will need to do a better job of determining how much stored data could be potentially exposed in a breach. Businesses need more context around stored data and a stronger understanding of the type of personal information that is collected and how it is protected. Metadata analysis enables businesses to take stock and identify which systems interact with what data, where that data is stored, how much of it is personally identifiable data (PID), and more. This can reveal gaps in data security or material risk factors – a crucial capability for businesses that desire proactive breach mitigation.

There is certainly a reliance on each other; however, a solid BI strategy cannot exist without MDM. Let's face it, a report is only as good as the data from which it is drawn. ... MDM ensures the data you present in your BI layer is clean, complete, consistent and de-duplicated. These data issues arise when you are combining several data sources, eg, CRM, ERP, billing, stock, helpdesk, etc. Duplicates also arise as a result of fast-growing companies which, while on the acquisition path, acquire many new ERP and CRM systems along the way. ... If all this data is pulled into a data warehouse, they will be seen as different records and be counted as different customers. When creating BI views or reports, the data will be incorrect because of underlying problems in the source systems.

e-Book: Managing Third-Party Risks
This e-Book, produced by Compliance Week in cooperation with ProcessUnity, reviews the latest thinking in vendor and third-party risk. It provides compliance professionals with everything they need to know about third-party risk management and how to avoid regulatory complications. In the first article, we explore topics from a recent executive forum, which discussed vendor risks and why building a systematic approach is important. Next, in “Four Keys to Creating a Vendor Risk Management Program That Works,” ProcessUnity deconstructs the idea of vendor risk management and provides four principles that compliance practitioners should follow. Then we examine what happens when third parties engage in bribery and corruption. “Mapping Third-Party Risks” discusses the size and scope of the third-party universe and why companies should have a plan to monitor their vendors.

Quote for the day:

"If you can’t handle others’ disapproval, then leadership isn’t for you." -- Miles Anthony Smith

May 23, 2015

Government should take agile approach to policy and service delivery, says Hancock
Speaking at the Institute for Government, Hancock hailed the development of digital services during the last government, such as the website and online identity system Verify, as an illustration of how the Cabinet Office is “leading by example” on matters of providing solutions. “Small teams of developers building a product quickly and cheaply then iterating to improve it, not through long consultations and private advice but by seeing how it survives contact with reality,” said Hancock. “It will more and more be the way of the future – not just in digital but for all policy-making and service delivery.” Hancock said the next steps for the Cabinet Office will be to deliver a better government and society by acting as a “cohesive centre” for government to challenge and support the Cabinet.

Firefox Maker Battles to Save the Internet—and Itself
Suddenly, though, the Internet looks nightmarish to Mozilla. Most of the world now gets online on mobile devices, and about 96 percent of smartphones run on either the Apple iOS or Google Android operating systems. Both of these are tightly controlled worlds. Buy an iPhone, and you’ll almost certainly end up using Apple’s Web browser, Apple’s maps, and Apple’s speech recognition software. You will select your applications from an Apple-curated app store. Buy an Android phone, and you will be steered into a parallel world run by Team Google. The public-spirited, ad hoc approaches that defined Mozilla’s success in the Internet browser wars have now been marginalized. Developers don’t stay up late working on open-source platforms anymore; instead, they sweat over the details needed to win a spot in Apple’s and Google’s digital stores.

Data Encryption In The Cloud: Square Pegs In Round Holes
In the end, the resulting encryption algorithms are not only secure, but solve the key usability issues of making it easy to specify a “peg size.” Innovative security vendors offer the ability to specify regular expressions to allow fast prototyping of formats at customer sites, and to greatly decrease the cost of developing new encryption engines. In most encryption products for structured data, each different type of field needs its own encryption engine. This is time-consuming, complex, and error-prone. With FPE, the process of creating a new encryption engine is as simple as picking a regular expression, which describes the field. Thus, creating a new encryption engine is something that any developer can do seamlessly. This allows them to quickly adapt to the particulars of different cloud services.

Three must-read cyber security green papers
All businesses must address the issue of cyber security. You need to know what risks your business faces, what to do about them, and how to protect yourself in the future. Cyber criminals lurk everywhere and look for weaknesses in systems and networks. It’s not personal (most of the time); it’s simply the exploitation of a vulnerability. If you don’t address these vulnerabilities, you put your business and your customers at risk. But before you panic and throw your computer out the window, help is at hand. At IT Governance we specialise in helping businesses find cost-effective cyber defences. We’ve distilled this knowledge into a range of green papers to help you get to grips with what you need to know and what you need to do to protect yourself.

Application Delivery, Management, And Ongoing Change Are All Part of DevOps
Every business today is a digital business, and every digital business runs on apps. There are apps for employees, internal constituents, vendors, and customers. Some apps are focused business to business (B2B) while others are geared business to consumer (B2C). For many companies, application delivery and management are competitive differentiators in the marketplace, critical to acquiring and retaining customers. Apps are the way people engage, interact, and get business done. It’s no surprise, then, that IT departments are pouring time, effort, and money into application development – whether for their own company’s proprietary use or to sell on the open market. And the twin guiding lights for all application development are speed and quality.

VPI Gateway Considerations
A VPI gateway looks exactly like a switch from the outside, but its logical behavior is more complex. This additional complexity must be taken into consideration during fabric design. Unless this is done, serious issues can result. For example, aggregate bandwidth may be low, or disruptive fabric changes may be required, or unexpected credit loops may be created. From the InfiniBand fabric perspective, ‘in band’, a gateway consists of an InfiniBand switch plus an internal HCA. The HCA is sometimes referred to as a TCA, and is connected to port N+1 on the switch ASIC.

Big data brings new power to open-source intelligence
Two overlapping developments in particular have greatly influenced the growth of open-source intelligence. First, the explosion of social media has given us instant access to a wealth of user-generated content. From Facebook to Twitter to Google+, we are now only ever a few keystrokes away from a potentially global audience. And as these tools increase global connectivity, people seem increasingly willing to project their thoughts, opinions and observations into cyberspace. The process of information generation has produced what has been described as “new digital commons of enormous size and wealth”. Second, and on a larger scale, the scope of open-source intelligence has been completely changed by the rise of big data.

Why Businesses Should Exercise Caution with Full Cloud Integration
No matter how popular cloud-based technology becomes, or how expedient it seems, consumers should exercise caution when it comes to full cloud integration. The cloud is not always as easy to access and use as the providers may claim. At any given time you could be denied access to data. This is not good at all considering the fact that cloud services are paid for and can get costly. The most concerning aspect of full cloud integration is security. The bottom line is that cloud security and privacy are not guaranteed. It is important to be fully aware of the terms and conditions, as well as the things you upload and store, when using cloud services and especially when considering full cloud integration.

Should I learn Java? Maybe, maybe not
The question is what depth of knowledge you need, given your stated professional direction. The answer to this question will help you decide if learning the desired new technology is nice-to-know, good-to-know, should-definitely-know, or cannot-live-without. For example, if you are a Business Analyst and would like to speak more technically with the programmers, then Java would be a good-to-know. If you are a programmer and want to expand your marketability, Java would be a should-definitely-know. Lastly, if you’re a production DBA and are just curious what the programmers are doing all day, learning Java is a nice-to-know, but your time may be better spent expanding your knowledge of database and data center based technologies.

Enterprise Architecture Beyond the Perimeter
An increasingly mobile workforce and the ubiquity of attacks on client platforms limit the effectiveness of the traditional corporate network perimeter-security model. Beyond Corp is a broad effort to re-architect the delivery of Google corporate computing services, removing privileges granted solely on the basis of network address. The Overcast architecture blueprint is key to this, presenting a model of machine identity, authentication, and inventory-aware authorization. We discuss the background of our work, our general approach, challenges encountered, and future directions. ... USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone.

Quote for the day:

"Our business in life is not to get ahead of others, but to get ahead of ourselves." -- E. Joseph Cossman

May 22, 2015

Fido Alliance launches authentication standards certification
“Where passwords are still used, the Fido authenticator supplants the security dependence on the password, which is then just an identifier,” said Fido Alliance executive director Brett McDowell. “Security shifts to the U2F device, and it is much easier to use than any other two-factor authentication method available before Fido 1.0,” he told Computer Weekly. Announcing the certification programme, the Fido Alliance said 31 suppliers have already passed Fido certification for existing products and services. These include Google’s login service that uses a USB security key as a simpler, stronger alternative to the six-digit, one-time passcodes (OTPs) used by its 2-Step Verification facility.

How Virtual Reality May Change Medical Education And Save Lives
Spio’s hope is that Next Galaxy’s virtual reality model will better educate and prepare health care providers–as well as consumers–for learning CPR, based on a more realistic learning environment. She advocates a paradigm shift, away from the current approach–which relies upon passively watching videos and taking written exams–to a method for learning that involves the use of gestures, voice commands and eye gaze controls, thereby transforming the how medical providers and laypersons experience such situations. As a first step towards developing this new reality, Next Galaxy Corporation recently announced an agreement with Miami Children’s Hospital to engage Next Galaxy’s VR Model and develop immersive virtual reality medical instructional content to educate medical professionals as well as patients.

Americans’ Attitudes About Privacy, Security and Surveillance
Key legal decisions about the legitimacy of surveillance or tracking programs have hinged on the question of whether Americans think it is reasonable in certain situations to assume that they will be under observation, or if they expect that their activities will not be monitored. A federal appeals court recently ruled that a National Security Agency program that collects Americans’ phone records is illegal. In striking down the program, Judge Gerald Lynch wrote: “Such expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans. Perhaps such a contraction is required by national security needs in the face of the dangers of contemporary domestic and international terrorism. But we would expect such a momentous decision to be preceded by substantial debate, and expressed in unmistakable language.”

Bring your own cloud: Understanding the right policies for employees
By ignoring cloud policies, employees are also contributing to cloud sprawl. More than one quarter of cloud users (27%), said they had downloaded cloud applications they no longer use. Moreoever, with 40% of cloud users admitting to knowingly using cloud applications that haven’t been sanctioned or provided by IT, it’s clear that employee behaviour isn’t going to change. So, company policies must change instead – which often is easier said than done. On the one hand, cloud applications help to increase productivity for many enterprises, and on the other, the behaviour of some staff is unquestionably risky. The challenge is maintaining an IT environment that supports employees' changing working practices, but at the same time is highly secure.

Description, Discovery, and Profiles: A Primer
Most of the approaches today are support the API-First concept. You describe your API using a meta-language based on XML, JSON, or YAML and the resulting document (or set of documents) is used to auto-generate implementation assets such as server-side code, human-readable documentation, test harnesses, SDKs, or even fully-functional API clients. An example of the API-First approach is Apiary's API Blueprint format. It’s based on Markdown and has the goal of supporting human-readable descriptions of APIs that are also machine-readable. In the example below you can see there is a single resource (/message) that supports both GET and PUT. You can also see there is support for human-readable text to describe the way the API operates.

How Big Data Can Drive Competitive Intelligence
The practice of selling data to the marketplace appears to be much more prevalent in Asia than in Europe or the United States, according to Tata. That may reflect regulatory considerations. U.S. data brokers generally ensure that big data sets have been stripped of individually-identifiable consumer information, both to ensure regulatory compliance and to prevent the inevitable public backlash. But it’s telling that China’s southwestern province of Guizhou is establishing an exchange,GBDex, to provide data cleaning, modeling, and data platform development. Alibaba is a partner in the exchange in Guiyang. A small firm with a progressive attitude toward analytics may be able to carve out a competitive advantage against a much bigger rival simply by understanding their niche in the market better.

CIO interview: Myron Hrycyk, CIO, Severn Trent Water
“A lot of organisations that run large asset bases are always looking for ways they can run that infrastructure more productively, ultimately giving customers a better service,” says Hrycyk.  “The two technologies that I see as key to driving the productivity and efficiency that are needed to drive bills down are improved telemetry and technologies related tothe internet of things that can pull data back from the infrastructure so we can proactively manage it.  “That way, we can have a lower-cost infrastructure overall and avoid reactive work and outages by managing our assets to keep the flow of water to our customers going, and doing a lot more predictive and proactive maintenance.”

Why Skills Matter More than Ever in Our Data-Driven Economy
There are no easy solutions. Two well-known factors affecting employment decisions — compensation and culture — require flexible budgets and organizational change, neither of which plays to government’s strengths. But government should not give up. The UK’s Government Digital Service fundamentally rebuilt the nation’s public-sector strategy for IT, proving that disruptive innovation in government is possible. Moreover, government agencies do have an advantage in that many of the problems they’re working on — like increasing access to affordable health care, improving the quality of schools, and making cities safer and cleaner — are the types of problems that attract the sharpest minds. While they may not be able to match the pay or benefits of Silicon Valley, they offer the chance to improve the world.

Harnessing the power of your hidden leaders
To the naked eye, it may seem they are simply able to get things done. Look closer, and you’ll see that they are demonstrating strong leadership and influence by dint of relationships they’ve developed. Look closer still, and you’ll see that it isn’t simply niceness or collegiality that has earned them this influence. Too many people seek to establish trusting business relationships centering on likeability. ... Try identifying your Hidden Leaders. Who are they? What do they do differently? Ask yourself what kind of an impact it would have on your business if more employees behaved as they do — even 20% or 30% more? My bet is that you’ll see great power in cultivating more of them. And if you are reading this article, it is likely that is your job.

Here comes the future of application development: Treating infrastructure as code
Key to this approach is the idea of the immutable container. Containerization is perhaps best thought of as a way of adding more abstraction into our virtual infrastructure, though instead of abstracting virtual infrastructures from the physical, here we're making our applications and services their own abstraction layers. With immutable containers, a Docker or similar container wrapping an application or a service is the end of a build process. Deployment is then simply a matter of unloading the old container, installing the new, and letting your application run. The immutable container is an ideal model for a microservice world. Wrapping up a node.js service with all its supporting code in a container means not only having a ready-to-roll service, we also have an element that can be delivered as part of an automated scale-out service.

Quote for the day:

"Whenever you find yourself on the side of the majority, it is time to pause and reflect." -- Mark Twain

May 21, 2015

Q and A on The Scrum Culture
Bluntly speaking, command and control is not compatible with Scrum. As soon as you allow Scrum to spread throughout the command and control enterprise, there is a clash of cultures and only one will survive. On the one hand command and control is more effective in a production line environment, and it is usually also the dominant approach in the organization. So it has the home field advantage and is the primary source of "gravity", drawing people back to the old way of doing things. The Scrum Culture on the other hand is more effective in development and research environments and is what more and more people demand from their employers.

Can OpenStack free up enterprise IT to support software-driven business?
Although it is often considered as a way to build a private cloud, OpenStack can also be used to provision datacentre hardware directly. Subbu Allamaraju, chief engineer for cloud at eBay, said he would like to use OpenStack as the API for accessing all datacentre resources at the auction site, but the technology is not yet mature enough. Walmart's Junejan added: "We aim to move more markets onto OpenStack and eventually offer datacentre as a service." OpenStack can also be used to manage physical, bare metal server hardware. James Penick, cloud architect at Yahoo, said the internet portal and search engine had been using bare metal OpenStack alongside virtualisation.

Certification, regulation needed to secure IoT devices
Xie explained in an interview with ZDNet that in traditional networks where components such as switches and routers were wired, there were well-established architecture frameworks that outlined where and how firewalls should be connected to switches, be it redundantly or as a single connection. These guidelines would no longer be effective with SDNs where the these "wires" were now defined by software and where switches could be "relocated" by the stroke of a key, he said. Firewalls, instance, would need to continue to operate the necessary policies to secure a database within a SDN, when that database is virtually relocated to a different city. "So all that becomes more intangible, and the big challenge is for security to be able to adapt to that kind of architecture," he noted.

Net Neutrality Rules Forcing Companies To Play Fair, ... Giant ISPs Absolutely Hate It
While the FCC's rules on interconnection are a bit vague, the agency has made it clear they'll be looking at complaints on a "case by case basis" to ensure deals are "just and reasonable." Since this is new territory, the FCC thought this would be wiser than penning draconian rules that either overreach or contain too many loopholes. This ambiguity obviously has ISPs erring on the side of caution when it comes to bad behavior, which is likely precisely what the FCC intended. ... And by "well functioning private negotiation process," the ISPs clearly mean one in which they were able to hold their massive customer bases hostage in order to strong arm companies like Netflix into paying direct interconnection fees. One in which regulators were seen but not heard, while giant monopolies and duopolies abused the lack of last mile competition.

Leaderless Bitcoin Struggles to Make Its Most Crucial Decision
The technical problem, which most agree is solvable, is that Bitcoin’s network now has a fixed capacity for transactions. Before he or she disappeared, Bitcoin’s mysterious creator, Satoshi Nakamoto, limited the size of a “block,” or group of transactions, to one megabyte. The technology underlying Bitcoin works because a network of thousands of computers contribute the computational power needed to confirm every transaction and record them all in a permanent, publicly accessible ledger called the blockchain (see “What Bitcoin Is and Why It Matters”). Every 10 minutes, an operator of one of those computers wins the chance to add a new block to the chain and receives freshly minted bitcoins as a reward. That process is called mining.

Machine learning as a fluid intelligence harvesting service
Developers are only human. They have limited capabilities, attention spans and so on. But data and the knowledge that can be gained from it are seemingly unlimited. Even the world’s data scientists and domain experts have to prioritize their efforts to extract insights from some relevant portion of the vast ocean of information that surges around them.  With only so many hours in the day, data scientists and analysts need to leverage every big data acceleration, automation and productivity tool in their arsenals to sift, sort, search, infer, predict and otherwise make sense of the data that’s out there. As a result, many of these professionals have embraced machine learning.

Software development skills for data scientists
You should learn a principle called DRY, which stands for Don't Repeat Yourself. The basic idea is that many tasks can be abstracted into a function or piece of code that can be reused regardless of the specific task. This is more efficient from a "lines of code" perspective, but also in terms of your time. It can be taken to an illogical extreme, where code becomes very difficult to follow, but there is a happy medium to strive for. A good rule of thumb: if you find yourself writing the same line of code with only minor changes each time, think about how you can turn that code into a function that takes the changes as parameters. Avoid hard-coding values into your code. It is also good practice to revisit code you've written in the past to see if the code can be made cleaner, more efficient, or more modular and reusable. This is called refactoring.

Marketing vs. IT: Data Governance Bridges the Gap
The key is to first understand how to govern information in the modern data era – not going back to the stone ages where marketers – and for that matter all business users -- had to follow naming conventions, put everything into schemas and build their work into models. Today, IT teams can empower the data-driven marketing organization by providing better tools and automation across the entire analytic process, including a new class of self-service data preparation solutions, which simplify, automate and reduce the manual steps of the analytic process. This new self-service data preparation “workbench” empowers marketing, sales, finance and business operations analysts with a shared environment that captures how they work with data, where they get it from and ultimately what BI tool they use to analyze it.

Full Stack Web Development Using Neo4j
Neo4j is a Graph database which means, simply, that rather than data being stored in tables or collections it is stored as nodes and relationships between nodes. In Neo4j both nodes and relationships can contain properties with values. ... While Neo4j can handle "big data" it isn't Hadoop, HBase or Cassandra and you won't typically be crunching massive (petabyte) analytics directly in your Neo4j database. But when you are interested in serving up information about an entity and its data neighborhood (like you would when generating a web-page or an API result) it is a great choice. From simple CRUD access to a complicated, deeply nested view of a resource.

Executive's guide to the hybrid cloud (free ebook)
Hybrid strategies have begun making inroads in several industries, including the financial sector, healthcare, and retail sales. In a widely cited report, Gartner predicted that nearly 50 percent of enterprises will have hybrid cloud deployments by 2017. Hybrid clouds can help ensure business continuity, allow provisioning to accommodate peak loads, and provide a safe platform for application testing. At the same time, they give companies direct access to their private infrastructure and let them maintain on-premise control over mission-critical data. Is hybrid an ideal strategy for all companies — or a panacea for all cloud concerns? ... This ebook will help you understand what hybrid clouds offer, and where their potential strengths and liabilities exist.

Quote for the day:

“It’s what you do in your free time that will set you free—or enslave you.” -- Jarod Kintz