In almost every software team there are members titled as quality engineers (QA). Their role is mainly to understand the specifications and based on them define a set of test cases in order to validate the product and to detect possible flaws. If we search what QA and QC mean by looking at the definitions, we see that a QC is "an aggregate of activities (such as design analysis and inspection for defects) designed to ensure adequate quality especially in manufactured products", whereas the QA is "a program for the systematic monitoring and evaluation of the various aspects of a project, service, or facility to ensure that standards of quality are being met", as per merriam-webster.com definitions. Based on these definitions, people embedded in software development teams in charge of defining test cases and validating the product are more QC engineers. This might cause problems.
You can’t secure what you don’t know about. The only way to know if a breach or vulnerability exists is to employ broad discovery capabilities. A proper discovery service entails a combination of active and passive discovery features and the ability to identify physical, virtual and on and off premise systems that access your network. Developing this current inventory of production systems, including everything from IP addresses, OS types and versions and physical locations, helps keep your patch management efforts up to date, and it’s important to inventory your network on a regular basis. If one computer in the environment misses a patch, it can threaten the stability of them all, even curbing normal functionality.
Achieving synergy between applications and infrastructure is more than just blending disparate management regimes. A functioning application-centric environment requires enterprise executives to make changes to their current ecosystem on both a systems and an operational level. This can be difficult for organizations that maintain substantial legacy infrastructure geared toward conventional data workloads. One of the first things to do is to stop depending on silo-specific tools. When application requirements were fairly predictable, it was common for organizations to provision infrastructure to support the most demanding circumstances, even if that resulted in over-provisioned resources that would sit idle for long periods. This also often led to isolated application and infrastructure environments within the datacenter ecosystem as solutions were crafted to solve unique challenges at particular times.
Business architects (BA's) have to interact with so many different stakeholders that staying out of turf wars can be difficult. Strategy development teams may question why you want to hear about their strategies. Business process teams may push back against capability modeling as being redundant with process optimization efforts. Other architecture teams may be challenged by your very existence. And of course consulting firms will pop up everywhere and claim they can do everything. Avoid turf wars at all costs and stay away from decision rights conversations. (See my previous post on being politically savvy.) In most companies, there is plenty of work to get done, so leveraging the time and talents of other teams is crucial to making progress. Get these teams involved, make them part of what you are doing, and help them to see the business outcome you are striving for. \\
Life after the smartphone will be wondrous. We’ll be amazingly productive. Our faces won’t be filled with light, our fingers won’t be a chaotic symphony. We won’t be strangled by USB charging cables. We'll never have nomophobia. As you could probably guess if you’ve read this column lately, you know that smartphones will be replaced by artificially intelligent bots. They already live among us. Soon, they won’t run on our phones or laptops. They will just run. They will exist in the cloud, at your office, in your car, and everywhere you happen to need help and stay productive. First, they need to get a lot smarter. A companion bot will follow you constantly -- sometimes literally. You’ll talk to the bot, but simple tasks like asking about the weather or the Golden State Warriors playoff schedule will seem trite.
With greater amounts of data comes larger challenges in understanding the lineage, quality and relationships between data from multiple sources and of different types. And CIOs arguably struggle more than ever to effectively manage and analyse data to make it actionable. At one company the hype about machine learning had executives excited about using proprietary algorithms to gain competitive advantage. A data scientist was hired and told there are years’ worth data stored in Amazon S3, and was tasked with figuring out how to drive innovation with it. Unfortunately, there was no metadata to show where the data came from and how the data lake integrated with the rest of the company’s data. There was also no infrastructure for data analysis, forcing the data scientist to try to find tools compatible with the technology stack and install them.
Traditional DNS has weaknesses like that. With certain types of DNS attacks an adversary can make you think you are going to a favorite website but can re-direct you to a bad one, perhaps to steal your login info or to download malicious code. This is another very important reason to use a managed DNS service. There are cautions to consider when selecting a DNS provider. Some DNS providers collect information from you in ways that may creep you out. For example, if you select the free DNS service from Google, although there are privacy protections, they will be aggregating even more data on you and your browsing habits. It is free and offers protection and is backed by a company with incredible engineers, but you will give up some info you might want kept private.
Writing documentation can be downright boring sometimes, but great documentation is an excellent precursor to increased adoption of an API. Writing excellent documentation is as exacting as the code itself. There are syntax errors and unwanted whitespace that you can introduce. Sometimes your ideas simply stop flowing, but you still need to fill in the blanks to make sure your documentation is complete. With the growth of APIs as products, your documentation is more important than ever in order to create a successful API. API definitions and documentation go together, and while API specifications today are increasingly managed as code in GitHub, the API docs are not. Let’s change this to make the standard to write and manage API documentation, including related web sites, in GitHub and related code repositories.
We all know personal hygiene habits that we’re supposed to have, but probably don’t practice consistently (did you really floss three times yesterday?). And there are social behaviors that we really look out for – and probably even judge people on. But when it comes to IT habits, most organizations don’t seem be screening consultants for key behaviors and policies. This is not a good state of affairs because IT habits and internal policies make a material difference to the likelihood of project success. The short list of policy issues below should be part of any screening criteria for cloud consultants, in general, and Salesforce consultants, in particular. Now, it’s not essential that a consultant comply with every item on the checklist below, but wherever policies diverge from these, it’s an opportunity to engage in a healthy conversation … before you sign.
Victims that fall for the scheme will be redirected to an actual Google page, which can authorize the hacking group's app to view and manage their email. Users that click “allow” will be handing over what’s known as an OAuth token. Although the OAuth protocol doesn't transfer over any password information, it's designed to grant third-party applications access to internet accounts through the use of special tokens. The OAuth protocol may have been designed for convenience, but security experts have warned it can be used for malicious effect. In the case of Fancy Bear, the hacking group has leveraged the protocol to build fake applications that can fool victims into handing over account access, Trend Micro said.
Quote for the day:
"Life is a mystery. You never know which small decision will make the biggest difference." -- @Leadershipfreak