April 30, 2016

Advice To Fintech Firms: How To Partner With Banks

Banks need help, and they have recognized that some of that help will come from Fintech firms. That is why so many banks have created incubators and accelerators. Banks and Fintech firms need each another. It took a while to sink in, but most players now agree. But Fintechs struggle with how to partner with banks, and vice versa. What will a good Fintech partner look like? Without a doubt, banks are looking for partners. They want companies that will share their business goals and understand their vision. They want partners who will measure success the way they do. But what partnering model are we talking about? There are several existing or emerging models.

The Open Group IT4IT Architecture Offers a New Direction

Within IT, there are places where we want to move in a more agile way -- where we want to move faster. There are also certain activities where waterfall is still an excellent methodology to drive the consistency and predictability that we need. A good example of that comes with large releases. We may develop changes or features in a very agile way, but as we move towards making large changes to the business that impact large business functions, we need to roll those changes out in a very controlled, scripted way. So, we take a little bit different look at Bimodal than some companies do. Your other question was on Shadow IT. One of the things that we have challenged a lot over the last year or so is this concept the role of the IT organization relative to the rest of the enterprise.

The API Economy: A Big Ball of CRUD

Services and APIs are only loosely-coupled in conceptual architecture, but not in the real-world where people still have to manually discover and integrate them at the Application and Process layers. This is the reason why Service Orientation has yet to have delivered “Business Agility”. From that high-level Enterprise Architecture perspective (as opposed to the bottom up IT view) it’s not useful or scalable to be stuck manually considering individual APIs. It would be better to have an abstraction, a model for looking at all of these endpoints as objects that expose functionality, but hide their complexity and automate management of the end-to-end API contract lifecycle in order to advance the Service Orientation architectures.

Key Differences Between A Poiny-To-Point Vs. Enterprise-Wide Data Integrity Solution

Extract, Transform and Load (ETL) systems commonly integrate data from multiple applications and systems and are typically developed and supported by different vendors or hosted on separate computer hardware. The disparate systems containing the original data are frequently managed and operated by different employees as well. It is likely you have found some point-to-point tools in your tool kit to help with this enormous data corralling challenge, but what about maintaining the integrity of the data as it moves away from your original system downstream? An even more elusive question to answer is do you need enterprise visibility into the overall integrity of your key business data?

How artificial intelligence is changing the way illness is diagnosed and treated

The industry's interest in AI, Rajan says, has been driven both by rising costs and increasing volumes of data. "There isn't necessarily the capacity to capture and process and understand all of it. I think AI, particularly a lot of early solutions, are targeting those issues -- being able to take large volumes of data, put it through levels of processing that can allow some level of relevancy to crop up to support decision making and influence the course of care." The aim is for AI systems to do what doctors can't always: keep up on every detail of every patient's visit to every specialist or hospital, as well as each pertinent new piece of research, disease outbreak, and public health recommendation. The system must not only digest all that information, but also factor in the patient's symptoms and then recommend a diagnosis or course of treatment that takes all those elements into account.

Big Data & Logistics: 7 Current Trends to Watch

“Hey ‘Big Data’ is just a big fuzzy word for me” quoted a Vice President of an Innovation Center at a big logistic company back in early 2015. Just one year later, he not only has to admit that ‘Big Data’ is the next big revolution, but has already applied big data technology to dramatic effect significantly growing the business and reducing costs. In fact, he’s been so successful that he’s been given the funding for a new Machine Learning department! UPS’ 1 billion investment in big data more broadly blows the whistle for all logistics companies all around the globe to get very serious about becoming data-driven or otherwise be in fear of being wiped out. The delta being created by those who have been quick to embrace big data is growing rapidly.

Phil Zimmermann speaks out on encryption, privacy, and avoiding a surveillance state

Talking of Snowden, Zimmermann notes with a certain amount of pride: "Snowden got his hands on some documents that showed some products that [the NSA] had broken the crypto [on]—and none of my stuff was on the list." Silent Circle's Blackphone device runs a security-toughened version of Android it calls PrivatOS. Calls are encrypted end-to-end which means even the company itself can't hand over the details to anyone. "We have no access to it. None. We can't disclose what we don't have access to," the company says. Since the V&A exhibition opened, the Blackphone has been added to the collection of a second museum—the International Spy Museum in Washington DC. Its 'Weapons of Mass Disruption' gallery explores the challenges facing the intelligence community in the twenty first century.

Reflecting software architecture evolution in your stack

While the disconnect between the conception of "business processes" as being "business process flows" and event architecture -- or microservices architecture -- seems obvious, it's not being adequately reflected in most enterprise architecture methodologies. The business process output of EA is often prestructured into business process flows and leans toward workflow thinking when translating EA requirements to IT requirements. It is possible to "retroject" an understanding of modern software architecture evolution and design approaches based on the cloud and microservices into today's EA methodologies, but this is difficult to do in a consistent and organized way.

International IT trade group urges firms to prepare for GDPR

“There are challenges ahead. A lot of companies will have their work cut out for them to be compliant in time,” said Bridget Treacy, partner at Hunton & Williams. “All organisations that have not done so already, really have to start thinking in very pragmatic terms about what the GDPR means for the business and how they are going to handle their data assets, because two years is not much time,” she said. The final alarm bell has been sounded, said Stewart Room, cyber security and data protection partner at PricewaterhouseCoopers (PwC). “There are no more alarm bells after this. There is no more pretending. All organisations that have not started preparing now need to start taking this seriously,” he said.

IT guru Batya Friedman talks tenets of value-sensitive design

There's nothing in value-sensitive design that's about a specific technology. It's about how do we foreground what's important to people in the tools and technologies and infrastructure we build. Most of my work has focused on information technology, but other people have applied it to wind turbines, to designing processes for customs in major ports, for transportation systems. ... When you're designing a system, who do you focus on? The language in the field is to talk about users and user-sensitive design. So when people design, they think about who is going to use the technology. We have methodologies for doing usertesting, but we know that others are stakeholders, too. So one of the key changes is to bring other stakeholders in to make sure they're considered along with the users.

Quote for the day:

"Just because something doesn't do what you planned it to do doesn't mean it's useless." -- Thomas A. Edison

April 29, 2016

Cyber security in Belgium will gain prominence after terror attacks

There is some good news for the country’s cyber security. Belgium is one of the countries least affected by online banking trojans.  And there is a very good reason for that, according to Eddy Willems, security evangelist at Gdata Software. “Most Belgian banks use advanced authentication system, which makes it more difficult for cyber criminals to obtain the required authentication details to get entrance to the victim’s bank account,” he said. ... Not such good news for Belgium is that it and the other Benelux countries, the Netherlands and Luxembourg, have seen a dramatic increase in the number of ransomware incidents. More incidents have been reported in February 2016 alone than in the last six months of 2015, according to research by security supplier Trend Micro.

In the digital enterprise, everyone is a security newb

In the digital enterprise, protecting critical data has changed. Communication is the missing ingredient because security teams don't have the information they need for the other business leaders who are focused on different objectives, like sales goals or the customer experience. "Those department heads are so concerned about keeping their own systems up so that they can continue bringing in revenue, that they overlook security. For example, the managers of a POS system do not want to have their IT guy take the system offline for an hour to fix a patch during Black Friday," Stolte said. In order to best defend against the threats of malicious actors, leaders across all departments need to become more security savvy. "Line of business and application owners, those who manage assets that contain valuable information, must first recognize that the information they manage is of high value and they must communicate with the security team," Stolte said.

IT performance management pegged for increase of virtualization tools

"There are [fewer] IT organizations using cloud services than everybody expects," said Edward Haletky, CEO and principal analyst for The Virtualization Practice LLC. There has been a large increase in shadow IT, wherein cloud services are purchased ad hoc by workers, but since IT pros are not involved with these unknown services, they aren't factored into decisions about what management tools to buy. Many companies have just started to branch out into the cloud. MetLife Insurance, for example, started with development platforms and has moved to putting new and some existing apps in the cloud, but most of its IT operations are still in owned and hosted data centers, according to Tony Granata, assistant vice president of capacity performance & monitoring engineering at the New York-based insurer.

Rip up the script when assembling a modern security team

Hiring analysts who’ve worked at the same companies or attended the same schools means you may end up with a team that approaches security issues in a similar manner. If they all think alike, they’ll probably miss the same security blind spots. ... look for people who have worked in different companies and industries and have experience fighting a variety of threat vectors. Ideally, your team will include someone with either a military or government background. They’ll have a completely different way of looking at security, forcing your company out of its comfort zone. Military personnel are often familiar with nation-state attacks and malicious intent and understand how complex offensive operations work. And with hackers launching advanced attacks against companies, people who have experience dealing with these threats can apply their knowledge to defend a business.

Don't overlook these two hidden risks to your corporate data

The data your SMB partners have in hand may seem minimal, but it's still critical corporate data. Contact information and services rendered may be valuable to an individual who hacks the SMB's network. As an InfoSec professional, you know what measures you have in place—but what about the SMB? The extent of its security depends upon available resources and what's affordable for it to implement. ... When it comes to internal colleagues exposing sensitive corporate data, it's all about timing and pulling the emotional strings. Along with having the technical skill set to spoof a business's email address, the attacker executed the data breach beautifully by understanding the time of year and knowing who to target at a busy time. The accountant's inbox was potentially flooded with deadline notifications and requests, which created a stressful environment. This makes for an easy target.

The Holistic Approach: Preventing Software Disasters

Understanding each kind of source code and scripts, interpreting the configuration files, evaluating the value of variables throughout the execution cycle for finally piecing all these findings together and reverse-engineering the system blueprint gives CIOs an “X-Ray view” into the inner workings of their organization’s software systems and empowers the CIO to make data-informed decisions to fortify overall software quality. ... But looking at the unit-level source code is not everything, it’s just the beginning - specifically with modern architectures where loose coupling between the different layers is a must. Hence CIOs must also X-Ray the “glue” between software layers and components, which is sometimes defined in configuration, property files or annotations stored directly inside the source code files

10 Free Tools For API Design, Development And Testing

The rise of RESTful APIs has been met by a rise in tools for creating, testing, and managing them. Whether you’re an API newbie or an expert on an intractable deadline, you have a gamut of services to help you get your API up and running quick, and many of them won’t cost you a dime. Following is a sampling of free services for working with APIs: load testers, API designers, metrics collectors, and much more. Some are quick and dirty applications to ease the job of assembling an API. Others are entry-level tiers for full-blown professional API services, allowing you to get started on a trial basis and later graduate to a more professional level of (paid) service if and when you need it.

Is There a Need to Redesign Cyber Insurance?

As insurers increasingly focus on operational risk — that is, failure due to systems, processes, people and external events — as a key element of managing their capital adequacy and solvency, how will the regulators and insurance commissioners view the potential increase in the risk of someone infiltrating an insurer’s own site through some form of remote device? Overall, there seems to be agreement that prevention is better than cure, but where cyber crime happens, it is critical that companies carry appropriate insurance cover. Cyber insurance cover has been around for a decade or so, but as cyber crime has developed, then doesn’t insurance cover also need to mature? With policies provided by some major insurers giving cover to $100m, isn’t it time to think about whether this is enough?

You'll soon be using GPU as a Service

As an example of this new wave, AMD and AP are collaborating to bring immersive experience to news and storytelling. This can significantly enhance the ability to get information to content viewers, while also providing a more concise way to impart information, including the ability to see multiple perspectives, exhibit full dimensional accuracy, get a better sense of time, etc. Although still a niche market, this will help accelerate the adoption of VR clients. In addition to VR clients, the need to process immersive information means that there will be a significant need for high performance graphics processors -- not only at the individual server level, but available as an on-demand service based in the cloud. GPUs as a Service will expand greatly over the next 2-3 years, and will eclipse the PC GPU market in sheer numbers of units.

Production Like Performance Tests of Web-Services

Tests should always keep the end user view in mind to ensure that the software meets with acceptance on the part of the users. But how to test web services which are not directly customer-facing, and in particular, how to performance test them in a meaningful way? This article outlines performance test approaches that we have developed and proven to be effective in the company HERE, which is a leading location cloud company.  ... Tests should be created with knowledge regarding the end user so that they are effective and risk-based. Because of this factor, as well as release techniques such as canary releases and feature toggles, the line between tests run prior to the release and of the released software on production becomes blurred.

Quote for the day:

"Fear causes hesitation and hesitation will cause your worst fears to come true." -- Patrick Swayze

April 28, 2016

Vulnerability in Java Reflection Library Still Present after 30 Months

The ability to load classes dynamically at runtime using custom ClassLoaders has created the opportunity for a number of applications that wouldn’t be possible otherwise, but unfortunately it has also created a number of security concerns, particularly around class impersonation. A developer could, in theory, create a custom ClassLoader that loads a compromising implementation of the primordial class java.lang.Object, and use this custom Object in a Java application. ... When the issue resurfaced in March 2016, the latest available version at the time, 8u74, proved to be vulnerable. Since then, Oracle has released three updates for Java, namelt 8u77, 8u91and 8u92. However, judging by their release notes, none of those seems to have addressed the problem. 

Docker on Windows Server 2016 Technical Preview

To build and run your first Windows container, get Windows Server 2016 TP5 running, begin writing Dockerfiles for Windows, share images on Docker Hub and don’t hesitate to reach out with questions or feedback on the Docker Forums. ... Docker and Microsoft have come a long way since the 2014 partnership announcement of the Windows Server port of Docker engine, through the first publicly available version, up to today’s release. This journey also sawJohn Howard from Microsoft join the ranks of core Docker maintainers. We’re proud of the progress we’ve made to empower developers and ops teams using Windows with Docker’s proven tools and APIs for building, shipping and running containers and that we can help bring together the Windows and Linux communities with a common toolset for shipping software.

Paying ransomware is what ills some hospitals

Data backups are the key to surviving ransomware attacks. But some hospitals and physician practices don’t back up their data at all. This lack of security awareness puzzles McMillan. “It’s possible is that security is still not seen as a critical business function” in those organizations, he suggests.  Even if a hospital or a physician group does back up its data, it might do so only on a nightly basis. So, if a ransomware attack occurs and the organization uses its data backup to continue operations, the database will be missing everything that has been entered into the system since the previous evening, notes Gibson. That’s much better than nothing, but it will still send clinicians scrambling.  Many hospitals do near-real-time backups of data on mirrored servers. In case one server goes down, the other can take up the slack.

Technologically Constrained Banks Face A Challenge From Agile Fintech Firms

“Banks still struggle with legacy systems and with their culture.” One European bank partnered with a fintech firm on a project. Eighteen days later the technologists had a app and a proof of concept, while the bank was still struggling with deciding who should be in the room to meet with them. Interviews with bank CXOs revealed some startling contrasts with some large banks realizing the need for change while some regionals and super-regionals don’t think fintech innovations will impact them. “Banks are underestimating the value fintech firms provide in delivering a good experience and efficient service, as well as their potential influence on all areas of banking,” the report said. “From the customers’ perspective, fintech firms have value in being easy to use (81.9 percent), offering faster service (81.4 percent), and providing a good experience (79.6 percent).

Man jailed for failing to decrypt hard drives

"His confinement stems from an assertion of his Fifth Amendment privilege against self-incrimination," wrote the man's lawyer, Keith Donoghue. The US Constitution's Fifth Amendment is designed to protect people from being forced to testify and potentially incriminating themselves and states: "No person shall be... compelled in any criminal case to be a witness against himself." The Electronic Frontier Foundation, which campaigns for digital rights, said: "Compelled decryption is inherently testimonial because it compels a suspect to use the contents of their mind to translate unintelligible evidence into a form that can be used against them." The man's appeal also contends that he should not be forced to decrypt the hard drives because the investigators do not know for certain whether indecent images are stored on them.

Singapore Is Taking the ‘Smart City’ to a Whole New Level

“Singapore is doing it at a level of integration and scale that no one else has done yet,” says Guy Perry, an executive of the Los Angeles engineering design firm Aecom who studies “smart city” technologies. It helps in Singapore that government- or state-owned companies own or control many aspects of daily life, including public transport networks and housing. More than 80% of Singapore’s 5.5 million people live in government housing. And while Singapore is a democracy, it has always been dominated by a single party whose control of the system means it can move quickly. Leaders also see a chance to pioneer applications for export. The market for smart-city technology in Asia alone will reach US$1 trillion a year by 2025, according to IDC Government Insights, a unit of International Data Corp., the Framingham, Mass., research firm.

Why Won’t They Pair?

The organizational challenges continue from the physical equipment to how developers are rated for recognition, raises and promotions. If an organization stack ranks their employees, the chance of developers learning to pair effectively is severely hampered. In many cases, the developer wants to be seen as the super hero thereby raising their rank above their peers. Performance reviews are another blocker. Few companies recognize teamwork as a valued skill and instead look for the ‘super hero’ who can come in to save the day during a crisis. Further, organizations that consistently work in a tactical fire-fighting mode will struggle to see the value that comes from pairing where developers share knowledge of technical and domain expertise.

BIP 75 Simplifies Bitcoin Wallets for the Everyday User

One of the main downfalls of BIP 70 is that it doesn’t work well for P2P payments. While it gets the job done for transactions between a customer and a merchant, Bitcoin wallets are unable to receive payment requests when they’re offline. Store-and-forward servers can be used to forward new payment requests to wallets when they come online, but this setup creates new privacy and security concerns. BIP 75 is an attempt to solve this issue by encrypting all communication in the Payment Protocol end to end. “By adding encryption at the application layer we create secure private communications, even in the case where there is a store and forward server for mobile or desktop wallets,” Netki founder and CEO Justin Newton, who co-authored BIP 75, told Bitcoin Magazine.

Ransomware-as-a-service is exploding: Be ready to pay

It starts with a fast click on a link in a harmless-looking email. Then your PC slows to a crawl. A message suddenly pops up and takes over your screen. "Your files and hard drive have been locked by strong encryption. Pay us a fee in 12 hours, or we will delete everything." Then a bright red clock begins counting down. No antivirus will save your machine. Pay the fee or lose everything. You're the latest victim of a ransomware attack. The scary thing is, you're not alone. The ransomware market ballooned quickly, reported TechRepublic's Michael Kassner, from a $400,000 US annual haul in 2012, to nearly $18 million in 2015. The average ransom—the sweet spot of affordability for individuals and SMBs—is about $300 dollars, often paid in cash vouchers or Bitcoin.

Cyber Attacks on Small Businesses on the Rise

Almost half of cyber-attacks worldwide, 43%, last year were against small businesses with less than 250 workers, Symantec reports. The FBI reported last summer that more than 7,000 U.S. companies of all sizes were victims of cyber hacks via phishing email scams as of late 2013, the latest data available, with losses of more than $740 million.  The cyber crooks steal small business information to do things like rob bank accounts via wire transfers; steal customers’ personal identity information; file for fraudulent tax refunds; commit health insurance or Medicare fraud; or even steal intellectual property. The criminals can also hijack a small business’s website to cyberhack other small businesses. “There are probably 20 different ways a bad guy can get into a website” run by a small business, Scott Mann, CEO of Orlando-based Highforge Solutions, has said.

Quote for the day:

"A business of high principle attracts high-caliber people more easily, thereby gaining a basic competitive and profit edge."-- Marvin Bower

April 27, 2016

A History of Containerology and the Birth of Microservices

Not only has Microsoft jumped on the container bandwagon, but they also shared the vision of Docker’s application focused model for containers. Microsoft partnered with Docker, and as a result, one can run Linux or Windows containers with Docker. Being able to run applications in either Linux or Windows hosted containers will provide companies flexibility and reduce any refactoring costs associated with rewriting, tweaking or re-architecting existing applications. The bold new world that containerology will take us to is that of microservices. In my opinion, microservices (specifically as enabled by Docker) represent the first feasible step towards mechanized or industrialized applications. In the mechanical engineering world, complex systems were built buying off the shelf components and widgets. In contrast, the software world was accustomed to fabricating every part needed to built complex applications.

API security: Key takeaways from recent breaches

A good practice in approaching API security is first and foremost to know your API assets. An API management suite can help identify the API and exact version, whether in development, QA or production, tracked by its internal registry. This is instrumental in controlling API sprawl. And in the event of a breach, knowing the exact variables in play at the time of the breach will help to expedite the solution. A second detection strategy is knowing your consumers and solidifying their authentication. While most companies may start out exposing their APIs publicly, allowing developers to freely build applications using the APIs, it may help to configure multilayer security elements right down to the API level so that API consumers are easily identifiable. This is also crucial as API providers rely on standards such as OpenID for single sign-on between different applications.

5 years into the ‘cloud-first policy’ CIOs still struggling

The greatest challenge is not getting a contract in place, but what you find out is where those boundaries cross of who's now responsible because you're in a different infrastructure set-up, and what the cloud provider's going to do versus the contract staff, versus the application support staff versus the infrastructure staff," Andrews says. "So, that's the greatest challenge we're having now is defining roles and responsibilities and who's going to do what because the world has changed as we've known it, and we've been client-server for so many years that this is truly a different environment for us." Andrews recalls a recent meeting concerning the role of a cloud vendor and a somewhat tense discussion about "what does the word 'manage' mean in a cloud environment," and who has ownership over the systems and who bears responsibility for resolving the inevitable problems when they arise.

Third Generation Robo-Advisors Are Born

The application of machine learning to robo-advisory is still in inchoate stages, and only a few firms have stepped forward describing plans. Little-known Marstone (which focuses on business-to-business advice) has partnered with IBM Watson to deliver some form of cognitive-computing powered advice. It appears that Wealthfront will use artificial intelligence to provide more data-driven and personalized investment recommendations on its Dashboard. Personalization will be dynamic and driven by the client’s specific risk tolerance, financial profile, and investments as assessed across aggregated accounts. Machine learning in robo-advisory may also analyze, adapt to, and learn from investor behavior and correct for cognitive biases. As Wealthfront states, “observed behavior may reveal insights about ourselves that we aren’t even consciously aware of.”

Data Visualization Drives the Era of Information Activism

The information activism trend draws parallels to the printed word. From the invention of the Gutenberg printing press until the advent of the Internet, the ability to write and publish information was a highly technical skill, in the hands of a select few individuals. The arrival of blogging made the written word a mass activity, open to all. Similarly, people are now eager to express themselves using data visualization to tell engaging and visually stimulating stories without the need for a graphic artist or cartographer. They can just do it for themselves. ... Information activism is catalyzing a renaissance in the world of data, transforming the entire field of analytics. People no longer are mere data consumers, passively waiting for information.

MIT’s Teaching AI How to Help Stop Cyberattacks

A system called AI2, developed at MIT’s Computer Science and Artificial Intelligence Laboratory, reviews data from tens of millions of log lines each day and pinpoints anything suspicious. A human takes it from there, checking for signs of a breach. The one-two punch identifies 86 percent of attacks while sparing analysts the tedium of chasing bogus leads. ... Most of AI2‘s work helps a company determine what’s already happened to it can respond appropriately. The system highlights any typical signifiers of an attack. An extreme uptick in log-in attempts on an e-commerce site, for instance, might mean someone attempted a brute-force password attack. A sudden spike in devices connected to a single IP address suggests credential theft.

Backlash against a bimodal IT strategy

The big problem with a bimodal IT strategy is that it doesn't go far enough, according to the authors. Rather than face digital business head on, bimodal IT is a more staggered introduction, giving CIOs a chance to continue clinging to the security and the stability of tradition rather than fully accept the unpredictability and even the riskiness that come with going fast. "Yes, it's a big transition, but if you only do it partway, you're going to make it so much harder on yourself," Sharyn Leaver, Forrester analyst and an author of the report, said during a recent webinar. One of the consequences of going digital "partway" is that it introduces complexity. Divvying up IT tasks can result in two separate technology stacks and two separate teams that develop different value systems, different cultures and are evaluated on different metrics -- all of which CIOs will eventually have to untangle if they want to fully align with the business and move at a faster pace, according to Leaver.

What The Google I/O Schedule Tells Us About The Future Of Android

Google has big ambitions in virtual reality. Cardboard is just the start, as there have been rumors of the company building its own VR headset and indications from Android N about how the operating system will give more native support to VR. So set your eyes on the VR at Google session on May 19, which is hosted by Clay Bavor, Google’s vice president of virtual reality (who also has a fascinating photography blog). Right now Facebook-owned Oculus is leading the VR game and Google’s frenemy Samsung makes the most popular consumer device in the Gear VR. So expect Google to invest heavily to ensure the company’s services are where the Internet is going. YouTube, as an example, recently added support for VR and 360-degree video.

Will Healthcare Data Encryption be Impacted by NIST Guide?

NIST produced a development process for cryptographic standards and guidelines based on nine principles, which are transparency, openness, balance, integrity, technical merit, global acceptability, usability, continuous improvement, and innovation and intellectual property. Notably, NIST added the global acceptability principle to the final draft after public comments suggested that the organization address the global nature of the current economy and exchange of information. The final document reiterates NIST’s intentions to fostering collaborations with all stakeholders, such as security professionals, researchers, standard developing organizations, and users, to establish strong encryption standards and processes. Stakeholders who contribute to the development process are also part of a variety of industries, including healthcare, academia, and government.

Null Object Design Pattern in Automated Testing

In object-oriented computer programming, a Null Object is an object with no referenced value or with defined neutral ("null") behavior. The Null Object Design Pattern describes the uses of such objects and their behavior (or lack thereof). ... The main idea is that sometimes we need to add promotional codes and then assert that the correct amounts are displayed or saved in the DB. As you can assume, there are various ways to accomplish that. One way is to use the UI directly and assert the text is present in the labels. Another way is to use a direct access to the DB and insert the promotional code, then assert the calculated entries saved in some of the DB's tables.

Quote for the day:

"When you do the common things in life in an uncommon way, you will command the attention of the world." -- George W. Carver

April 26, 2016

What’s eating your lunch? A tale of strategy and culture

“We can’t do what you’re suggesting,” the head of sales shouted at one of his colleagues. “Product development will never deliver on time and we will be stuck with a financial target that there is no way we can meet! They screwed us over last year and we’ve been racing to close the gap for the last 10 months. Our sales teams are spent and frustrated!” These leaders were part of a company that had grown from a young startup, full of energy and fresh ideas, to a billion-dollar firm with thousands of employees. Today, it bears little resemblance to the firm they had all joined years before, and the leaders were experiencing the frustration of navigating a bureaucracy that they had to own a hand in creating.

Agile is Dead

Who said Agile is dead? The founders of Agile and its practitioners said it, not me. Don't go thinking I made this up. ... In the meantime when you say "Agile Software Development" everyone will know you are referring to just another methodology, one that failed to produce the promised results, one that was widely implemented inadequately, one no better than Waterfall or Spiral overall, one with certain relative strengths and even more weaknesses. 'No more magic dust. Several of the founders of Agile Software Development and many other influential developers have pronounced it dead. Only consultants and managers with a vested interest in the brand-name "Agile" still want it alive.

How a CIO can help the CEO drive business growth

CIOs are highly skilled using technical expertise to "keep the IT engine" working 24/7 while simultaneously using creative skills to facilitate the innovative use of new technologies for growth and customer engagement. CIOs need to embrace this dual role with importance emphasized on strategic business matters. In situations where the CEO and senior executive feel that their CIO is not sufficiently business-centric a new trend of engaging a chief digital officer (CDO) is emerging to accelerate the flow of digital benefits into the "front office" or customer facing areas. This may not be necessary, if CIOs can redefine their role as business leaders responsible for leveraging technology advancements for business growth, They should take an ‘outside-in’ approach to their business than the traditional ‘inside-out’ of approach.

Exclusive Q&A: IBM Security’s Marc van Zadelhoff 100 Days In

Customers are placing controls in place of security, but they’re missing the big picture of a Big Data security platform and a team, a SOC (security operation center) that leverages Big Data analytics — our QRadar platform — and has the ability to hunt for the attacker as opposed to looking at historical data. We’re enabling them to transform their security operations with forward and predictive analytics around attacks, compliance and insiders. I think this year will be the year of the SOC transformation that’s going to be driven by the increase in ransomware, the increase in high-value data theft like health care data. It’s ransomware, it’s the theft of high-value data, it’s the emergence of IoT (Internet of Things) and cloud — all these things mean you have to have a highly-analytical SOC in place, and that’s what we’re helping customers to do.

FBI Says It Will Ignore Court Order If Told To Reveal Its Tor Browser Exploit

There are a bunch of different cases going on right now concerning the FBI secretly running a hidden Tor-based child porn site called Playpen for two weeks, and then hacking the users of the site with malware in order to identify them. The courts, so far, have been fine with the FBI's overall actions of running the site, but there are increasing questions about how it hacked the users. In FBI lingo, they used a "network investigative technique" or a NIT to hack into those computers, but the FBI really doesn't want to talk about the details.  In one case, it was revealed that the warrant used by the FBI never mentions either hacking or malware, suggesting that the FBI actively misled the judge. In another one of the cases, a judge has declared the use of the NIT to be illegal searches, mainly based on jurisdictional questions.

Angular 2 and TypeScript - A High Level Overview

AngularJS is by far the most popular JavaScript framework available today for creating web applications. And now Angular 2 and TypeScript are bringing true object oriented web development to the mainstream, in a syntax that is strikingly close to Java 8. According to Google engineering director Brad Green, 1.3 million developers use AngularJS and 300 thousand are already using the soon to be released Angular 2. ... You can also develop Angular 2 apps in JavaScript (both ECMAScript 5 and 6) and in Dart. In addition, the Angular team integrated yet another Microsoft product - the RxJS library of reactive JavaScript extensions, into the Angular 2 framework. Angular 2 is not an MVC framework, but rather a component-based framework. In Angular 2 an application is a tree of loosely coupled components.

New regulatory environment demands CCOs become ‘compliance technologists’

As companies attempt to take a global approach to compliance, 48% of symposium attendees reported that their organizations take a centralized approach to cross-border regulations, meanwhile some have run into issues scaling the compliance function due to the fragmented nature of local regulations. More than a third of respondents said their firms preferred a regional set-up over a more centralized approach. Beyond the teams themselves, an often overlooked area that CCOs need to consider is how their technology systems will evolve and adapt across the enterprise, particularly as rules are increased or changed in multiple countries and jurisdictions.

SWIFT warns customers of multiple cyber fraud cases

Monday's statement from SWIFT marked the first acknowledgement that the Bangladesh Bank attack was not an isolated incident but one of several recent criminal schemes that aimed to take advantage of the global messaging platform used by some 11,000 financial institutions. "SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the group warned customers on Monday in a notice seen by Reuters. The warning, which SWIFT issued in a confidential alert sent over its network, did not name any victims or disclose the value of any losses from the previously undisclosed attacks. SWIFT confirmed to Reuters the authenticity of the notice.

How to prepare your business to benefit from AI

Both the customer-centricity and the ability to act on the customer, asks a lot of these organizations. What we're seeing is that a lot of organizations are introducing chief digital officers or VPs of Digital who are responsible for the overarching customer experience or the overarching ability to understand that on the data. ... For artificial intelligence to be truly useful and truly holistic, it needs to be connected across all these different functions, and organizations are going to have to think a lot differently about how they want to deploy technology like this to be able to take advantage of it. Ultimately, most organizations today aren't really structured to take advantage of being truly customer-centric and having the ability to act on that understanding with algorithms or insights or machine learning and so forth.

Juniper's New 100-Gbps Firewall Is 'Absolutely Ridiculous -- In A Good Way'

"A 100 Gbps virtual firewall sounds absolutely ridiculous -- in a good way," said Dominic Grillo, executive vice president of Atrion Communications, a Branchburg, N.J.-based solution provider and longtime Juniper partner. "That's really impressive. You're seeing more people looking towards protecting things east-west [server-to-server] internally, so the more you can enable in that virtual environment, the better. A 100-Gbps [firewall] would be a great new asset for us." The new cSRX is a software-defined networking (SDN) controlled firewall providing advanced layer 4 to layer 7 microservices that Juniper says is the industry's fastest virtual firewall. CSRX includes content security, Juniper's application security suite and unified threat management for providing security as a service in large multi-tenant cloud networks.

Quote for the day:

"Leaders are visionaries with a poorly developed sense of fear and no concept of the odds against them." -- Robert Jarvik

April 25, 2016

Cyberattack prediction to improve drastically

AI2, as the new system is called, merges analyst intuition with AI. The researchers believe they can obtain an 85 percent prediction rate with the combination. That’s “roughly three times better than previous benchmarks,” the publication says. AI2 plows through the data looking for patterns, as do other detection systems. When it finds something, it tags it and alerts the human analyst, which is pretty run of the mill. Nothing special there. Where it gets clever is that after the analyst has made a determination—bad code, good code—the AI system takes over again and pumps that knowledge back into the machine. Thus the feedback from the human analyst gets incorporated into the learning.

Q&A: Bill Gates

For a lot of energy innovations, you’ve got to give government credit. With nuclear energy, all the key research was done either by the government or by government funding. With fossil fuels, there was clearly some spillover effect from the digital revolution to analyze geological data, but it was government investing that helped to get to this incredibly precise horizontal drilling capability. So basic R&D spending has been the thing that has driven most of the breakthroughs. We do need private-sector risk-takers to go out and scale the stuff up, which is why we paired the idea that 20 leading countries must double their energy R&D over the next five years with a group of investors [the Breakthrough Energy Coalition] that will take on funding high-risk, breakthrough companies.

How Israel is rewriting the future of cybersecurity and creating the next Silicon Valley

Israel is a land of mystery, science, faith, reason, tension, and peace. Today, it is most widely known for its long-smoldering geopolitical conflict and its religious sites held sacred by four world faiths. But, the aspect of modern Israel that is having the most significant impact on global civilization in the 21st century often goes under the radar. Since the rise of the personal computer, Israel has been quietly making major contributions to the technologies that are transforming humanity and giving people tools to solve age-old problems in powerful and exciting news ways. And, these contributions to the global technology ecosystem have accelerated in the past two decades.

Bitcoin, Schmitcoin. The Real Breakthrough is the Blockchain Behind It

“Reliable,” “permanent.” Not words we’re used to in the online world. But the distributed nature of the blockchain and the strength of the cryptography make sabotaging the blockchain unusually tough for would-be hackers or terrorists. (Cough, cough: digital banking records.) And the system’s continually being strengthened. The blockchain community is currently prioritizing scalability—the bitcoin system’s still a bit slow—and locking down privacy. Given the permanence of the blockchain's record, there’s a lot of info to, well, hide. Also, there's a debate raging within the community about whether there should be multiple blockchains for different uses, or one for everything. We're not taking sides.

How cloud computing and the on-demand economy are remaking IT careers

Evidence suggests more businesses will need specialist managers to take control of a portfolio of diverse IT projects. Research from the Tech Partnership and Experian suggests future growth in specialist technology roles is likely to be greatest amongst IT directors, with 37.5 per cent growth between 2015 and 2025. Interestingly, the demand will only be part met by churn within the profession. New entrants will fill most opportunities (81 per cent), including job changers from non-technology positions. BCS director of professionalism Adam Thilthorpe says there is a notable upwards trend in the amount of people -- from all kinds of disciplines -- who see their future in IT. "I would argue that we need evangelists for the positive power of IT in all areas of the business," he says.

Why IoT Affects Every Industry Today. Yes! Including Yours.

All physical devices that play an important part in our daily lives can be IoT devices. What makes them unique is that they have sensors, actuators, and embedded communication hardware to remain connected to the internet. ATMs were the first IoT-related devices that were in use as early as 1974. The story of the ATM’s rapid rise to ubiquity is also one of a revolution in retail banking. The staff at modern retail-banking branches are now free to engage customers in higher-value services, such as insurance, mortgages and stock-market trading. ... This innovation opened the door to more advanced customer services like telephone and Internet banking. That’s the power of IoT devices! As technology protocols are advanced, more and more devices have now begun to interact with each other. Together, they have become more aware, autonomous and capable of providing actionable insights into the world around us.

Bangladesh Bank attackers used custom malware that hijacked SWIFT software

There are still many unknowns about the well-planned Bangladesh Bank heist, such as who was behind it, how they got into the bank's network in the first place, and how they initiated the rogue transfers. However, the existence of this custom malware toolkit should serve as a warning to other financial institutions. "This malware was written bespoke for attacking a specific victim infrastructure, but the general tools, techniques and procedures used in the attack may allow the gang to strike again," the BAE researchers said. "All financial institutions who run SWIFT Alliance Access and similar systems should be seriously reviewing their security now to make sure they too are not exposed."

Navigating the Data Breach Regulatory Maze

In addition to incident variability, data breach laws are a maze of growing complexity and ambiguity. There are 51 state and territory breach notification laws that have different definitions of personal information, allow varying exceptions and have different requirements regarding notification thresholds, content and timing. And these laws are rapidly changing and getting stricter: In 2015 and the first part of 2016, 10 states enacted new addendums or breach laws. Adding to the complexity is a plethora of federal regulations and standards—HIPAA, GLBA and PCI to name a few—as well as international laws and the long awaited European Union’s General Data Protection Regulation (GDPR). The primary struggle for privacy and compliance professionals is lack of consistency given the manual and highly subjective methods of conducting the required multifactor risk assessments. 

IoT Security Will Reach $840 Million By 2020, Garter Finds

"Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 11.4 billion by 2018," Ruggero Contu, research director at Gartner, wrote in Monday's report. "However, considerable variation exists among different industry sectors as a result of different levels of prioritization and security awareness." IoT devices used across vertical industries will be the largest area of growth, followed by energy management, automotive applications, and the consumer-driven IoT category. From 2013 through 2020, Gartner expects IoT endpoints to experience an annual growth rate of 32%, and for endpoint spending to be dominated by connected cars and machinery, such as commercial aircraft, as well as farming and construction equipment.

Software audits: How high tech plays hardball

Technically, a software audit is a way to prove you've installed only software you've paid for, or for a publisher to prove you've installed or used too much. But the audit process often ends by the customer signing a check -- either to pay for software that was over- or misinstalled, or to strike a new deal for a longer-term commitment “There is going to be a sale at the end of an audit," says Peter Turpin, vice president at Snow Software. "Auditing is a way of collecting money for the software a customer has installed. Therefore you need to pay for it.” But major publishers also use the threat of an audit as a way to close new deals, says Craig Guarente, co-founder of Palisade Compliance, which helps enterprises manage Oracle licensing issues.

Quote for the day:

"You will face your greatest opposition when you are closest to your biggest miracle." -- Shannon L. Alder

April 24, 2016

Finding the Truth Behind Minimum Viable Products

When we start off building a new feature or product, there are a million questions to answer. “Is this solving the customer’s problem? Does this problem really exist? What does the user expect to gain with the end result?” We have to find the answers to these questions before committing ourselves to building a solution. This is why starting with a minimum feature set is dangerous. When you jump into building a version one of a new product or feature you forget to learn. Experimenting helps you discover your customer’s problems and the appropriate solutions for them by answering these questions. It also doesn’t end with just one experiment. You should have multiple follow-ups that keep answering questions. The more you answer before committing yourself to the final solution, the less uncertainty there is around whether users will want or use it.

This finance trend is so hot even Amazon wants in

This would be a logical progression for Amazon, which already has a significant and active user base. Amazon has been experiencing increased growth tied to payments, as its payments unit has 23 million active users and has recorded 200% year-over-year growth in merchants adding the "Pay with Amazon" buy button to their online stores. There is also precedent for Amazon to make such a move. Chinese e-commerce giant Alipay has more than 450 million monthly active users and has more than 50% of the online payments market in China. So Amazon could be on the path to building up a similar type of momentum with its own customers. Fintech acquisitions would also make Amazon more competitive with other checkout services such as Apple Pay and Visa Checkout.

Intel Pivots From PCs to Cloud

"The data center and Internet of Things businesses are now Intel's primary growth engines, and combined with memory and FPGAs, form and fuel a virtuous cycle of growth," CEO Brian Krzanich said. "Together these businesses delivered $2.2 billion in revenue growth last year, made up 40 percent of our revenue and the majority of our operating profit." Details of the cuts will be announced in the weeks, he said, adding that the restructuring was not something he took lightly. Krzanich has been focused on making this transitional move since he became CEO three years ago. The restructuring announcement was made alongside Intel's first-quarter earnings report.

Bitcoin and Blockchain Have Their Own Futures

Gil Luria, in response to the question by Bloomberg’s Joe Weisenthal and Scarlet Fu about blockchain technology, clarifies the difference between bitcoin and its underlying technology. Blockchain is superseding bitcoin when it comes to investments made by big banks and investment firms. Many banking and financial institutions have already invested their time and resources in the development of a private blockchain network for their regular operations. While bitcoin is used for payment applications, blockchain is used for an entirely different range of applications. According to him, blockchain is a vast tool suitable for asset classes while bitcoin serves a much simpler purpose of making payments and executing simple banking functions.

7 Test Automation Requirements for Higher Software Quality

For unit testing, there are many testing frameworks developers use to ensure that their code does not break. JUnit in Java and Karma in JavaScript are some examples that most organized development teams should already be using. As for larger-scale integration tests, scripts are usually created to simplify tasks that would be too tedious to perform manually. However, creating these automated tests is often time-consuming and not cost-effective, especially if the environment requires many components and environmental configurations to be observed and coordinated. Automated regression testing, which largely relies on the user interface, is very effective, and many QA professionals are achieving excellent results with programmatic approaches such as APIs and service virtualization testing.

Man vs. Tool? On the Role of Software Tools and Human Experts in SQA Activities

There are several tasks that can only be performed by human experts and not by software tools (such as ‘Define relevant quality aspects/ scope of analysis/ quality goals’ or ‘Configure/ customize/ administrate software tools’). Furthermore, there are several tasks that have to be completed jointly by software tools and human experts because each contributes a subpart of the overall task (for example ‘Analyze software quality’ or ‘Perform tests’). Hence, we conclude that a combination of software tools and human expertise should be used in software quality activities (‘man and tool’ instead of ‘man vs. tool’). Only the combination of both gives a holistic picture of software quality and only human commitment ensures software quality and its improvement.

Reasoning About Software Quality Attributes

Just as general scenarios provide a template for specifying quality attribute requirements, quality attribute design primitives are templates for "chunks" of architectural designs that target the achievement of specific quality attribute goals. Attribute primitives provide building blocks for constructing architectures. However, they are building blocks with a focus on achieving quality attribute goals such as performance, reliability and modifiability goals. Quality attribute design primitives will be codified in a manner that illustrates how they contribute to the achievement of quality attributes. Therefore each attribute primitive will be described not only in terms of their constituent components and connectors, but also in terms of the qualitative and/or quantitative models that can be used to argue how they affect quality attributes.

A Code Quality Problem in Washington State Puts Dangerous Criminals Back on the Street

A defect in the software used to calculate early release resulted in good behavior credits being applied to inmates. These inmates were not supposed to receive the credits and as a result were allowed out early. The issue was flagged more than three years ago when a family was notified about the early release of a dangerous perpetrator. Nick went on to explain that the family calculated the date themselves and contacted the department about the miscalculation. After the software defect was noticed in 2012, the issue remained in tact because the department did not take measures to fix the problem. The issue was brought to the governor’s attention in December of 2015, who immediately began working to resolve the issue.

11 Myths About Software Qualification and Certification

With software taking on an ever-greater role in embedded systems, companies are realizing that “quality code” requires more than just the developer’s claim. Even for systems that don’t require formal certification for functional safety or security, software qualification is becoming more common. After all, who really wants to risk expensive field support, product recalls, or even legal action if software fails? Still, at least 11 myths continue to circulate about software qualification and certification.

Characteristics of a Great Scrum Team

According to the Scrum Guide the Scrum Master is responsible for ensuring Scrum is understood and enacted. Scrum Masters do this by ensuring that the Scrum Team adheres to Scrum theory, practices, and rules. The Scrum Master is a servant-leader for the Scrum Team. The Scrum Master helps those outside the Scrum Team understand which of their interactions with the Scrum Team are helpful and which aren’t. The Scrum Master helps everyone change these interactions to maximize the value created by the Scrum Team. The role of a Scrum Master is one of many stances and diversity. A great Scrum Master is aware of them and knows when and how to apply them, depending on situation and context. Everything with the purpose of helping people understand and apply the Scrum framework better.

Quote for the day:

"The value of a company is the sum of the problems you solve." -- Daniel Ek

April 23, 2016

How IoT security can benefit from machine learning

“Machine learning is a critical component to developing Artificial Intelligence for IoT security,” says Uday Veeramachaneni, co-founder and CEO at PatternEx. “The problem is that the IoT’s will be distributed massively and if there is an attack you have to react in real-time.” Most systems relying on machine learning and behavior analysis will gather information about the network and connected devices and subsequently seek everything that is out of normal. The problem with this primitive method is that it produces too many false alarms and false positives. The approach suggested by PatternEx is to develop a solution that incorporates machine learning and augments it with human analyst insight for greater attack detection.

Blockchain - Legal and regulatory issues around distributed ledger technology

As with any potentially transformative new technology, distributed ledgers raise a number of questions for policy makers and regulators at both national and international levels. Regulators are certainly closely analysing and monitoring distributed ledger developments and, for now, appear cautiously optimistic about its potential, especially because of the potential that distributed ledgers could actually help to improve regulatory compliance tracking and reporting. But, guess what?: most authorities are taking a "wait and see" approach. Blockchain and distributed ledger technology is not without its challenges, including scalability and latency, lack of mainstream understanding, lack of readiness in some sectors to rely exclusively on data in digital form, over-reliance on out-dated legacy systems which would need to be overhauled before distributed ledger technology could be implemented.

What can a toothbrush instruct us about IoT business styles?

Let’s make a Bluetooth-related toothbrush that comes with a smartphone app. Now the “smart” toothbrush helps Oral-B do a improved task in protecting dental well being by “focusing, tracking, motivating and sensing”. The toothbrush is smarter, but the business product is not. The related solution supposedly generates extra worth for buyers, but all the other things of the business product continue being the same. The worth is nevertheless shipped by way of a toothbrush unit, captured by sales by way of retail channels access to the retail shelf-room is nevertheless the essential competitive edge. Not a great deal business product innovation here. ... Sceptics, of course, will ask, “Who wants builders to extend the toothbrush?” But moms of youthful kids will see a sea of opportunity here

EU charges Google with foisting its search and browser on smartphone makers

This is the second set of charges against Google by the commission. On April 15 last year, it announced a “statement of objections” against the search giant in an investigation into charges that its Internet search in Europe favored its own comparison shopping product. The commission announced on the same day an investigation into Google’s conduct with regard to the Android operating system that would look, among other things, into whether Google had illegally hindered the development and market access of rival mobile applications or services by requiring or providing incentives to smartphone and tablet manufacturers to exclusively pre-install Google’s own applications or services.

10 Important Predictions for the Future of IoT

"A recurring theme in the IoT space is the immaturity of technologies and services and of the vendors providing them. Architecting for this immaturity and managing the risk it creates will be a key challenge for organizations exploiting the IoT. In many technology areas, lack of skills will also pose significant challenges." In the coming years, IoT will look completely different than it does today. IoT is a greenfield market. New players, with new business models, approaches, and solutions, can appear out of nowhere and overtake incumbents. But business is the key market. While there is talk about wearable devices and connected homes, the real value and immediate market for IoT is with businesses and enterprises.

A digital crack in banking’s business model

Across the emerging fintech landscape, the customers most susceptible to cherry-picking are millennials, small businesses, and the underbanked—three segments particularly sensitive to costs and to the enhanced consumer experience that digital delivery and distribution afford. For instance, Alipay, the Chinese payments service (a unit of e-commerce giant Alibaba), makes online finance simpler and more intuitive by turning savings strategies into a game and comparing users’ returns with those of others. It also makes peer-to-peer transfers fun by adding voice messages and emoticons. From an incumbent’s perspective, emerging fintechs in corporate and investment banking (including asset and cash management) appear to be less disruptive than retail innovators are.

When Does Deep Learning Work Better Than SVMs or Random Forests?

Random forests may require more data but they almost always come up with a pretty robust model. And deep learning algorithms... well, they require "relatively" large datasets to work well, and you also need the infrastructure to train them in reasonable time. Also, deep learning algorithms require much more experience: Setting up a neural network using deep learning algorithms is much more tedious than using an off-the-shelf classifiers such as random forests and SVMs. On the other hand, deep learning really shines when it comes to complex problems such as image classification, natural language processing, and speech recognition. Another advantage is that you have to worry less about the feature engineering part.

Digital data and the fine line between you and your government

The question before consumers and the courts today is three-fold: What kinds of valuabledata is the IoT generating; who should have access to and control over that data; and who can be legally compelled to share that information with law enforcement. In the recent Apple encryption case, the FBI went directly to the manufacturer of a product to gain access to digitized information residing on that device. In our digitally connected future before us, will law enforcement simply bypass end users like you and me and compel companies to turn on our Nest cameras, unlock our August Smart Locks or tune in to our Echos? The Apple encryption case and its predecessors have broad implications for the entire tech community — not just those building smartphones and running data centers. The way in which we’ll interact with technology in the future has been turned on its head.

Build Your Own Container Using Less than 100 Lines of Go

To really understand what a container is in the world of software, we need to understand what goes into making one. And that's what this article is explains. In the process we’ll talk about containers vs containerisation, linux containers (including namespaces, cgroups and layered filesystems), then we’ll walk through some code to build a simple container from scratch, and finally talk about what this all really means. ... Caching is what makes Docker images so much more effective than vmdks or vagrantfiles. It lets us ship the deltas over some common base images rather than moving whole images around. It means we can afford to ship the entire environment from one place to another. It’s why when you `docker run whatever` it starts close to immediately even though whatever described the entirety of an operating system image.

Ransomware, Everywhere: What’s The Science Behind It?

Money isn’t just a motive; money is the enabler. Cybercriminals whose crimes make money can invest in new attacks, invest in defeating countermeasures, and invest in developing new targets. Until recently, attacks on critical infrastructure and the Internet of Things have also been rarely-realized theoretical concerns. There are many hackers who would think that bringing down a power station with a cyberattack is cool, but making that happen would require a group effort to build the necessary hacker tool chain. Ransomware delivers both the motive and the resources to make that happen. And once that ransomware-funded tool chain exists, it will be launched for many other purposes, ranging from idle curiosity to political vengeance.

Quote for the day:

"If a cluttered desk is a sign of a cluttered mind, of what, then, is an empty desk a sign of?" -- Albert Einstein

April 22, 2016

The 4 Stages of Better Technology Adoption

Every business is at a different stage in their technology evolution. For some, they’re just starting to see that the break-fix relationship with their provider isn’t serving them properly. For others, they have a fully integrated technology strategy, but need a way to take it to the next level. So often we discuss topics that involve technology innovation without paying as much attention to topics that cater to the initial stages of businesses improving technology. This is important because a small business owners need to understand how they can improve and innovate their technology just as much as a more sophisticated business that is farther along in their technology process. Here are the four stages of better technology adoption to help you get a better idea of where you stand and what the next steps might be for you to innovate your technology at a pace that’s right for you.

How to be More Productive as a Data Scientist

Greater productivity can be gained beyond avoiding unnecessary repeated tasks. The cloud has become an indispensable tool for all sorts of businesses and industries, with one of its greatest strengths being increased productivity. This holds true for a field as complex and new as data science. Various cloud services and tools have been developed designed to help data scientists conduct their analyses, clean data, and visualize their results. With the cloud, data scientists can perform their duties from nearly anywhere while having access to vast stores of data they would otherwise not be able to use. Many productivity tips are much simpler than using cloud services or getting rid of unhealthy iterations.

Why enterprise developers could save Windows 10 Mobile

Microsoft is well aware of its market share problem and the related shortage of quality mobile apps, of course, and it purchased Xamarin in February to make it simpler, and thus cheaper, for Windows developers to port their desktop applications to iOS, Android or Windows 10 Mobile. "This is not for people who write iOS or Android apps, but if you are a corporate Windows developer and you have held back on mobile applications, now you have the possibility of building your applications for third party mobile platforms," according to Wes Miller, an analyst at Directions on Microsoft, who spoke with CIO.com last month.  Windows no longer rules the business software world unchallenged, but a huge install base of Microsoft applications still exists within in midsize and large businesses.

The tech industry’s “diversity” focus favors one group over pretty much any other

Rarely, though, will you ever hear white people lamenting about working conditions that their black or brown children, spouses and siblings might have to endure. They rarely have those relationships, so they aren’t forced to develop empathy for brown and black people. Colorless diversity is okay with spending tens of millions of dollars on conferences, summits, retreats, and outreach for and about white women, but finds it distasteful when others point out the disparity in spending for people of color. Colorless diversity would have black and brown people sit down and wait their turn. Let me be clear: I’m not writing this because I think it’s bad that companies are spending money on diversity programs for women. These programs are necessary.

The Era of the Intelligent Cloud Has Arrived

The more enterprises seek out insights to drive greater business outcomes, the more it becomes evident the era of the Intelligent Cloud has arrived. C-level execs are looking to scale beyond descriptive analytics that defines past performance patterns. What many are after is an entirely new level of insights that are prescriptive and cognitive. Getting greater insight that leads to more favorable business outcomes is what the Intelligent Cloud is all about. The following Intelligent Cloud Maturity Model summarizes the maturity levels of enterprises attempting to gain greater insights and drive more profitable business outcomes. Line-of-business leaders across all industries want more from their cloud apps than they are getting today.

Microsoft’s Nadella taps potential of industrial internet of things

With more of the value in industrial products shifting from hardware to software, it is no surprise that many industrial companies are reconsidering their software strategies. According to GE, the industrial internet as a whole will be a $225bn market in terms of annual revenues by 2020 — dwarfing the expected $170bn for the consumer internet of things, which has attracted more public attention, and bigger even than the enterprise cloud computing market which is predicted to hit $206bn. Of the new industrial software market, GE estimates that some $100bn will go to a small handful of companies that provide the central platforms for the industrial internet — the software that collects and aggregates data, acts as the foundation for higher-level applications and creates shop windows for developers to reach an audience in the industrial world

Why HTC may be the next Motorola of Android

HTC's been moving in the right direction for a while now, with an impressive and ever-improving focus on overall user experience and post-sales support. It's been climbing higher every year on my Android upgrade report card and this year came in with stronger scores than ever -- an 86% overall, following only Google's Nexus devices in terms of all-around upgrade reliability.  HTC may earn its profits from hardware sales like everyone else, but where it differs is that it actually seems to place value on positive long-term relationships with the people who buy its devices. ... It's not just timely upgrades that make HTC the new consumer-friendly king of Android manufacturers: It's things like stepping up and answering my call for a guaranteed two full years of upgrades for flagship phones, long before any other manufacturer was willing to make such a commitment.

9 Free Windows Apps That Can Solve Wi-Fi Woes

As we all know, life isn't quite that easy. Your home or office network can have dead spots where devices can't seem to connect, or where the connections get slow or flaky. Public hotspots can make you prey for hackers and snoopers. And when you are at a hotspot, you might need to share your connection with your other devices, including smartphones and tablets. While there is no way to immediately solve all the problems associated with wireless connectivity, there are applications that can make things better -- and many of them are free. I've rounded up nine free pieces of Windows software that can go a long way toward helping you solve your Wi-Fi issues at home, in your office or on the go.

Google's problem with the cloud is that it's too innovative and not practical enough

Google practically invented the cloud, yet struggles to translate its benefits to more earth-bound enterprises. Even at GCP Next, which was essentially an enterprise love-in, Google couldn't help but tout its science fiction bona fides. Sure, Google started well. Chairman Eric Schmidt intoned that "Cloud is about automating the tedious details and empowering people." Tedious...enterprise...so far, so good! But then, Google started into machine learning, an area where it's heads and shoulders above its competition, with Google senior fellow Jeff Dean telling the crowd, "Machine learning is one of the most important topics in computing." The company went on to blog that "now any application can take advantage of the same deep learning techniques that power many of Google's services."

SEC Warns More Cyber Enforcement Actions Coming

"Cyber is obviously a focus of ours, as I know it is for the other divisions, and we've brought a number of cases there relating to Reg S-P and failure to have policies and procedures relating to safeguarding information," Ceresney said, citing the case the commission brought against R.T. Jones, a St. Louis-based RIA, this past summer. "There'll be others coming down the pike," Ceresney cautioned. The SEC is reviewing the cybersecurity policies in place at advisors and broker-dealers. Separately, the commission has been shifting exam personnel from the BD side of the Office of Compliance Inspections and Examinations to the unit that oversees RIAs. But even with those moves, commission officials acknowledge that they can't keep up with the rapid growth of the RIA sector. The SEC is only able to examine about 10% of registered advisors in a given year

Quote for the day:

"The older I get the less I listen to what people say and the more I look at what they do." — -- Andrew Carnegie