It’s like discussing politics or religion at a social gathering. Too controversial. Too inflamed. It’s one of those third rails of software development. Be careful if you touch it—you may get shocked. What makes this topic such a hot button one? For one thing, it seems like developers are really bad at it. Ask for an estimate on a feature, get the answer that it will be done by the end of the week, and discover that two weeks later it’s still work in progress. Or ask a developer for an estimate and the answer is, “I don’t know. Two to two hundred hours.” What are you supposed to do with that? For another thing, developers seem to resent being asked for estimates. Whether they are or aren’t good at estimating, they seem to find the whole activity to be a time waster.
To build security into the fabric of your organization, it can't be an afterthought. Gourlay said that money spent on tools like perimeter security is money wasted, as there is no guarantee that it can always be done the right way. "If you don't do it perfectly once, you've left the door open for somebody to get in that shouldn't be there," Gourlay said. So, their approach is to re-platform for security, with an architecture designed from the get-go to be hardened and secure by default. The Skyport system is composed of a two major components: An on-premise server and a management system. "The reality is that any mid-size company and larger is going to have a blend of on-premises compute and cloud-based compute,"
Onwurah said the default government position was to do nothing, and called for a more progressive “interventionist industrial strategy”. Asked what she might include in a hypothetical communications white paper, were she sitting on the government benches, Onwurah picked on three themes – digital exclusion, the IoT and data privacy and security. She said that, in her constituency of Newcastle-upon-Tyne Central, she saw people come to her surgeries who were unable to get online to conduct their mandatory job searches to continue to claim benefits, so were sanctioned and had to resort to food banks. Onwurah challenged the secretary of state for work and pensions, Iain Duncan Smith, to consider the impact of digital exclusion in his controversial welfare reforms.
Lawyers must wake up to the possibility and likelihood that the machine will evolve from dealing solely with commoditised and research related legal work and move into the realm of reasoning and judging too; it already can, but we're only using this brilliant technology currently as a carthorse rather than its true calling as a thoroughbred. It’s also inevitable that more of the Top 100 firms that have been sniffing around the AI technology suppliers will tip, eventually. They will have no choice. They too will deploy IBM Watson or RAVN or another alternative AI software tech start-up provider perhaps for commoditised and/or high end complex due diligence work or a bespoke niche offering. The AI Armageddon is only a puff away.
The most important change brought by cloud computing, however, might be in spending. The dot-com bubble was fueled by a hardware and software buying explosion as companies built and grew computer networks, but that spending was cyclical, and after people and companies bought what they needed, it crashed: U.S. technology spending by companies grew at a compound annual growth rate of 13% from 1995 to 2000, before falling to -3.5% over the next three years. Since the end of 2003, however, technology spending growth has smoothed — the 2009 economic crash notwithstanding — and generally come in line with economic growth. Over the past 11 years, the mean growth rate has been about 4.3%, topping 7% only once and falling below 3% only in 2009.
The more complicated reality is that, while this recent re-identification demonstration provided some important warning signals for future potential health privacy concerns, it was not likely to have been implemented by anyone other than an academic re-identification scientist; nor would it have been nearly so successful if it had not carefully selected targets who were particularly susceptible for re-identification. As I’ve written elsewhere, from a public policy standpoint, it is essential that the re-identification scientists and the media accurately communicate re-identification risk research; because public opinion should, and does, play an important role in setting priorities for policy-makers. There is no “free lunch”.
Organizations for the most part agree on the great value of corporate date. Unfortunately, for the most part data professionals believe their organizations do a poor job of interpreting and using that data. A new study from Dimensional Research reveals this disconnect, and concludes that “data professionals have little confidence in the way business stakeholders within their organizations use corporate data when making important business decisions.” The study finds a number of areas in which those that capture and manage data, and those that act on it, are out of sync. ... Data models are also valued, but not used effectively, at many organizations. Again, the vast majority of data professionals see the value of data models, but only 20 percent of IT leaders fully understand that value. And, conversely, a majority of business users complain about data professionals on the same point.
"It’s obviously concerning that a CA would have such a long-running issue and that they would be unable to assess its scope after being alerted to it and conducting an audit," Ryan Sleevi, a software engineer on the Google Chrome team, wrote in the blog post. He went on to require that, beginning in June, Symantec publicly log all certificates it issues or risk having Chrome flag them as potentially unsafe. Currently, under the Chrome certificate transparency policy, Symantec and all other Chrome-trusted CAs must log all extended validation certificates—that is, TLS credentials that certify a site is owned by a specific organization, such as PayPal, Microsoft, or Bank of America. Beginning June 1, Symantec will be required to log all certificates, not just those with the extended validation flag.
While the Arno release is a nice start, OPNFV has a way to go before establishing itself as the de facto open source NFV platform. Looking at the project list for OPNFV's next release, Brahmaputra, we can start to get a sense of which problems OPNFV will soon target. A couple of exciting examples include service function chaining, as well as group-based policy, so we will hopefully have the ability to orchestrate the insertion of virtualized network functions into service chains on an open-source platform. In the meantime, there is plenty more to learn and glean from the existing Arno release.
Given the fundamental disconnect between how a security policy is described and how the security policy is implemented, the question has to be asked: “Is the perfect security policy even achievable? And if it is possible, what is the probability of introducing an error once the security policy is inevitably changed?” For that matter, what is the perfect security policy? The “ideal” security policy marries the current state (running context) of all workloads in a data center, the applications that those workloads take part in, the environment the applications run in (for instance, development, PCI, production), and the minimum of ports that need to be open to make the application work. This would effectively reduce the exposure of each workload and every application to the bare minimum.
Quote for the day:
"Machines will gain common sense when we master unsupervised learning" -- Yann LeCun