Daily Tech Digest - December 29, 2018

Facebook's and social media's fight against fake news may get tougher

Filippo Menczer, a professor of informatics and computer science at Indiana University who's studied how automated Twitter accounts spread misinformation, said that because of the lack of available data, it's hard to tell if fake news is being spread through ephemeral content.  "Even the platforms themselves don't want to look inside that data because they're making promises to their customers that it's private," Menczer said. "By the time someone realizes that there's some terrible misinformation that's causing a genocide, it may be too late." Snapchat, which started the whole ephemeral content craze, appears to have kept itself mostly free of fake news and election meddling. The company separates news in a public section called Discover. Snapchat's editors vet and curate what shows up in that section, making it difficult for misinformation to go viral on the platform.

Google's E-Money License And The 8 Reasons Why Bankers Are Relaxed

Thinking of the bank as a provider of products makes it seem as an illustriously big deal that the e-money providers can't offer loans or interest on balances but in effect, when you think of the endless possibilities of contextual MoneyMoments, it is only payments and transfers that offer them and those are firmly possible without a full banking license. ... "But that's not their core business" is one of the most thrown-around phrase of soothing consolation when it comes to discussing any big technology giant entering the financial services arena. That just seems to be firmly outside of the realm of possibility that they would be interested in anything other than search, Prime delivery or spying on our private conversation but it's a healthy exercise to at times recall that the "core business" purpose of any of these companies, is, as it is for the banks themselves - turning a profit.

Microsoft’s ML.NET: A blend of machine learning and .NET

The ultimate tech giant, Microsoft, recently announced a top-tier open source and cross-platform framework. The ML.NET is built to support model-based machine learning for .NET developers across the globe. It can also be used for academic purposes along with the research tool. And that isn’t even the best part. You can also integrate Infer.NET to be a part of ML.NET under the foundation for statistical modeling and online learning. This famous machine learning engine – used in Office, Xbox and Azure, is available on the GitHub for downloading its free version under the permissive MIT license in the commercial application. The Infer.NET helps to enable a model-based approach to the machine learning which lets you incorporate domain knowledge into the model. The framework is designed to build a speak-able machine learning algorithm directly from that model. That means, instead of having to map your problem onto a pre-existing learning algorithm, Infer.NET actually constructs a learning algorithm based on the model you have provided.

An Intro to Data Mining, and How it Uncovers Patterns and Trends

Data mining is essential for finding relationships within large amounts and varieties of big data. This is why everything from business intelligence software to big data analytics programs utilize some form of data mining. Because big data is a seemingly random pool of facts and details, a variety of data mining techniques are required to reveal different insights. Our example from earlier explains how data mining can segment customers, but data mining can also determine customer loyalty, identify risks, build predictive models, and much more. One data mining technique is called clustering analysis, which essentially groups large amounts of data together based on their similarities. This mockup below shows what a clustering analysis may look like. Data that is sporadically laid out on a chart can actually be grouped in strategic ways through clustering analysis.

Microsoft Announces a Public Preview of Python Support for Azure Functions

According to Asavari Tayal, program manager of the Azure Functions team at Microsoft, the preview release will support bindings to HTTP requests, timer events, Azure Storage, Cosmos DB, Service Bus, Event Hubs, and Event Grid. Once configured, developers can quickly retrieve data from these bindings or write back using the method attributes of your entry point function.Developers familiar with Python do not have to learn any new tooling; they can debug and test functions locally using a Mac, Linux, or Windows machine. With the Azure Functions Core Tools (CLI), developers can get started quickly using trigger templates and publish directly to Azure, while the Azure platform will handle the build and configuration. Furthermore, developers can also use the Azure Functions extension for Visual Studio Code, including a Python extension, to benefit from auto-complete, IntelliSense, linting, and debugging for Python development, on any platform.

This type of vulnerability --known as a side-channel attack-- isn't new, but it's been primarily utilized for recovering cleartext information from encrypted communications. However, this new side-channel attack variation focuses on the CPU shared memory where graphics libraries handle rendering the operating system user interface (UI). In a research paper shared with ZDNet and that will be presented at a tech conference next year, a team of academics has put together a proof-of-concept side-channel attack aimed at graphics libraries. They say that through a malicious process running on the OS they can observe these leaks and guess with high accuracy what text a user might be typing. Sure, some readers might point out that keyloggers (a type of malware) can do the same thing, but the researcher's code has the advantage that it doesn't require admin/root or other special privileges to work.

Top 10 overlooked cybersecurity risks in 2018

Most cyber attacks injure either the confidentiality or availability of data. That is to say, they are either spying on or disabling some system. But there is of course another option: attacks on integrity. If you found out your bank records were, even in some small way, remotely altered say… 18 months ago? How would that change your perception of the safety of keeping your money in the bank? What if 1 percent of the bottles of some over the counter medication had the formula altered to change efficacy, how would that affect your trust in the medical system? Subtle, these operations are hard to detect, harder to prove, and leave a lasting stigma of distrust and conspiracy even if caught. Already we see some criminal groups engaging in this sort of activity to modify gift cards and other forms of petty cyber larceny, which means that more sophisticated operations and nation-state challenges won’t be far behind.

You’ve Heard of IoT and AI, but What is Digital Twin Technology?

A digital twin is a highly advanced simulation that’s used in computer-aided engineering (CAE). It’s a digital duplicate that represents a physical object or process, but it is not intended to replace a physical object; it is merely to inform its optimization. Other terms used to refer to digital twin technology include virtual prototyping, hybrid twin technology, and digital asset management, but digital twin is quickly winning out as the most popular name. Both NASA and the United States Air Force are planning on using digital twin technology to create future generations of lightweight vehicles that are sturdy and able to haul more than their current counterparts. Goldman Sachs recently examined digital twin technology in their series “The Outsiders,” which seeks to identify “emerging ecosystems on the edge of today’s investable universe.” 

10 Social Media Predictions for 2019

Storytelling emerged in 2018 as a core technique for engaging consumers. But up until now a lot of storytelling was stored on blogs and websites and then shared to social media. I see 2019 being the year when storytelling combined with augmented reality is hosted on the main social media platforms. I also see 2019 as the year when brands align their storytelling with enacting positive social change. Studies show that 92% of consumers have a more positive image of a company when it supports a social or environmental issue. And almost two-thirds of millennials and Gen Z express a preference for brands that stand for something. Nike nailed social media storytelling even before the emergence of sophisticated AR technologies. In its Equality campaign it focuses on social change and inspires people to act. The message: by wearing Nikes or even interacting with them on social media, you are supporting the movement.

China is racing ahead in 5G. Here’s what that means.

China sees 5G as its first chance to lead wireless technology development on a global scale. European countries adopted 2G before other regions, in the 1990s; Japan pioneered 3G in the early 2000s; and the US dominated the launch of 4G, in 2011. But this time China is leading in telecommunications rather than playing catch-up. In a TV interview, Jianzhou Wang, the former chairman of China Mobile, China’s largest mobile operator, described the development of China’s mobile communication industry from 1G to 5G as “a process of from nothing to something, from small to big, and from weak to strong.” Money is another good reason. The Chinese government views 5G as crucial to the country’s tech sector and economy. After years of making copycat products, Chinese tech companies want to become the next Apple or Microsoft—innovative global giants worth nearly a trillion dollars.

Quote for the day:

"What great leaders have in common is that each truly knows his or her strengths - and can call on the right strength at the right time." -- Tom Rath

Daily Tech Digest - December 28, 2018

01 intro prediction
Two years after its unveiling, Microsoft Teams has firmly established itself as a real rival to Slack. In the past 12 months, Teams has essentially replaced Skype for Business Online as Microsoft's central communications tool, and a free version is now available - a clear swipe at Slack, which has had sustained success with its freemium model. The app is now used by 329,000 organizations worldwide, Microsoft said during its 2018 Ignite conference, up from 125,000 a year earlier. Thanks to Teams’ inclusion within the Office 365 product suite, it is likely a matter of time before Teams is the most widely used team chat app – though just how often it is actually used remains a cause of debate. Unlike Slack, Microsoft doesn't break out daily active user figures. A recent Spiceworks' report claims that Teams is set for the fastest growth of all business chat apps over the next two years. The survey indicates that 41% of respondents expect to use Teams by 2020, compared to 18% for Slack.

Why have we become desensitised to cyber attacks?

Of course, security is a broad term – it can encompass anything from continuity and recovery to governance. Yet regardless of the area, the trend remains: even when people are clearly literate on the topic, they aren’t putting the safeguards in place required in this day and age. Alternatively, they introduce adequate security practices when it’s too late and the damage has already been done. Given the sensitivity of the data they carry, banks and building societies are the anomaly here. However, organisations spanning all other sectors are exhibiting an often shambolic approach to security at best. Some companies are failing to patch their systems, while some employees store important passwords in easily accessible files. I’ve even seen healthcare organisations operating on legacy systems, having no option but to isolate their systems when faced with a breach. Whether it’s cyber criminals or a state-sponsored attack, many businesses aren’t even monitoring their environments for attacks – and this could have serious repercussions.

Establish a configuration management strategy to guide transition

Address knowledge gaps with internal trainings -- Carfax established quarterly courses -- in addition to the vendor's materials. Make sure staff members can actually do tasks when they leave a workshop, and give them supporting documentation. "You can't manage the systems if you don't know how to use the tool," Woods said. Mix formal and informal training with a focus on teamwork and team organization as part of the overall configuration management strategy. Set a clear agenda, but adapt as tool use matures across the organization. "Standardize early, or expect chaos," Woods said. On the flip side, learn where to pull back and enable creativity. Start the configuration management push with weekly meetings, but space them out more as it becomes a normalized part of the teams' jobs, she advised.

What's the big deal with application integration architecture?

Application integration also continues to change because other aspects of application development evolve. Agile operations have created a need for a new set of tools, and those tools are already evolving into more complicated orchestration tools to deploy and link applications and components running on pools of resources. These tools, as they evolve and improve, are absorbing some of the functions that were traditionally part of application integration. All of these trends influence application integration architecture and the use of databases and information flows to link the IT support components for business processes. The most important trend in application integration today is the fact that, in the traditional sense, it's no longer the only problem or even the most significant one. If you ask CIOs today what their greatest challenge is, application integration is unlikely to figure prominently, but all three of the new factors probably will.

New Intel Architectures and Technologies Target Expanded Market Opportunities

2d and 3d packaging drive new design flexibility
The workloads associated with this computing landscape are changing. No longer do consumers or enterprise customers have simple applications that can be addressed with straightforward scalar architectures alone. Instead we see programs that are solving problems faster by integrating additional architectures from graphics processors to artificial intelligence accelerators to image processors and even adaptable designs like FPGAs powered by new memory technologies. We will combine computing and architecture innovations through high-speed interconnects with new models for software development that simplify APIs for developers and allow more performance and efficiency to be unlocked from Intel computing architectures. ... The message of Moore’s Law is about more than transistors alone, with the combination of transistors, architectural research, connectivity advancements, faster memory systems, and software working together to drive it forward.

Defense contractor: IT must embrace ‘radical transparency and culture change’

The one thing that's permanent in life is change. Once you have a company culture that embraces it, challenges it, and says we can never rest on our laurels, we can never stick with status quo -- we always have to be improving, challenge ourselves to be better, and also thinking about what's the new thing that's going to obsolete. Whatever our customers are relying on or that we think we're good at, we have to be ahead of everybody. You have to embrace innovation. You have to make that part of your corporate culture. You have to encourage risk-taking because that's a necessary, and frequently not enough spoken about, an element of innovation, which is the willingness to take risks, the willingness to be bold, put yourself out there, and be courageous. One of the things that I talk about from a strategy is, I tell people, "I want you to be unreasonable. Don't give me anything reasonable. I'm totally bored with that. I want to see your daring, courageous, bold things that have never been heard of before.

5 trends that will impact digital transformation initiatives

As enterprises continue to map the physical world to an intelligence-rich digital one, smart “things” will become a driving force for implementing next-generation platforms in 2019. This advance will enable large quantities of industry-specific data from the internet of things (IoT) to be analyzed, uncovering novel, hyper-dimensional correlations that provide fresh insights, enhance decision-making capabilities and improve business outcomes. Organizations will benefit greatly from leveraging digital platforms to interpret mass amounts of data and enable correlations that wouldn’t otherwise be possible because there are simply too many factors for the human brain to process. For example, collecting data from heart monitors, fitness watches, the human genome and more can lead to the best possible diagnosis of a condition and, therefore, the most effective treatment plan.

7 best practices for combating cybersecurity risks

Cyber risk reports often focus on technical details and technological risks. Yet, leaders, CEOs and board members should view cyberattacks as business risks and think about the holistic impacts that cyber breaches can have on business reputation, company culture, and profitability. Leaders must also pay special attention to their organization’s extended enterprise and the security flaws these partners could expose. Deloitte recently found that a majority of CEOs fail to hold their extended enterprise to the same risk standards as their own organizations and leaders see IT providers as the third parties that pose the greatest threat. These third parties expose the organization to significant cyber threats. But because these providers are external, they’re beyond management’s direct control. It’s critical that IT vendors are effectively managed and that the entire enterprise is held to strong security standards in 2019.

Building a VPC with CloudFormation - Part 2

AWS has made it easy and inexpensive to take advantage of multiple Availability Zones (AZs) within a given region. For an overly simplistic explanation, you can think of an Availability Zone as a huge independent datacenter. AZs within a region are connected to each other by high-speed, low-latency, privately operated links. They are close enough to each other to support synchronous communications, but far enough apart to mitigate the effect of natural disasters, power outages, etc. Exactly how far apart is not disclosed, and not really relevant. Two AZs is a good number to achieve basic high-availability at minimum cost. But sometimes a single AZ is better for simple cases like demos or POC’s. Other times three is desired for marginally improved high availability, or to make better use of the spot market. So let’s adjust the template to make the number of AZ’s variable. Using the template from article 1, add the following section above the “Resources” section.

India to lead hybrid cloud adoption globally in the next two years: Report

India to lead hybrid cloud adoption globally in the next two years: Report
Interestingly, the study also reveals that cost is not a driving factor anymore in the Indian market in the adoption of cloud technology.  Hybrid cloud is a computing environment that uses a mix of on-premises, private cloud and third-party, public cloud services with orchestration between the two platforms. Hybrid cloud also provides an array of other benefits including workload flexibility, simplicity in processing big data, broader use of cross platform IT services, enhanced data security and compliance, dramatic cost reduction and business growth and RoI, adds the report. Talking to ETtech, Sankalp Saxena, SVP and Managing Director – Operations, India, Nutanix, said that while BFSI is still leading in the adoption of the technology, traditional brick and motor businesses are now running on cloud along with other late adpapters like healthcare beefing up their technology back-ends.  Nutanix is now also exploring IoT and blockchain along with other areas which can be collaborated with cloud.

Quote for the day:

"Leadership is the other side of the coin of loneliness, and he who is a leader must always act alone. And acting alone, accept everything alone." -- Ferdinand Marcos

Daily Tech Digest - December - 27, 2018

Doxxing: What It Is How You Can Avoid It

Doxxing What It Is How You Can Avoid It
Doxxing means publishing private information about someone online to harass or intimidate them. It has ruined reputations and caused untold distress to hundreds of people. On occasion, doxxing has resulted in injury or even death. Being doxxed can have serious consequences for your safety and privacy. How can you prevent it? Doxxing and cyberbullying often go hand in hand, although doxxing has also been used — controversially — by journalists in pursuit of public interest stories. It’s a relatively new phenomenon grown out of early internet subculture, but it’s gaining both popularity and efficacy, driven partly by social media. Information obtained in doxxing attacks is generally gathered from public or semi-public sources: website logs, WHOIS records, social media profiles,and simple Google searches or directories. In some cases, it’s harvested by more sinister means like hacking or social engineering. 

The temptation to measure everything is understandable, but that can be the road to ruin. "Pick something that you don't like," Wallgren said. "Pick something that drives you nuts. Pick something that takes too long. Pick something that fails too often. Just pick something and then figure out a way to measure that and drive a better outcome for that thing. And then move on to the next thing." If you continue to find ways to get better, be it with mean time to recovery, release frequency or any number of other DevOps metrics, you should be able to deliver better software and keep your customers happy. Adopting DevOps metrics does not mean you should count the lines of code produced. While that may be an objective measurement, it's not in any way relevant to outcomes. Concentrate on a few things that help you make better decisions, experts insist, even if those items don't seem like they make an enormous difference to IT overall.

Q&A on the Book Digital Transformation at Scale

For many organisations, agile teams represent a very new way of working. It isn’t really possible to learn that in a classroom, or even be coached towards it. To really establish agile within an organisation, you need to bring in the full team, not just ones and twos (‘the unit of delivery is the team’ was a GDS mantra). That team should be given the conditions that allow them to deliver quickly, work in the open, and become a visible and tangible demonstration of what an agile team is. Some of that is intensely practical - having a decent workspace for them to all sit together, for example. Some of it is more challenging for institutions - moving to governance that is based on show and tells rather than steering boards is a big culture shock for many. Without that team showing what it means for real, agile is just words on a page for people, and not very clear ones at that.

6 Ways to Anger Attackers on Your Network

(Image: ls_design - stock.adobe.com)
"Make no mistake: It is happening. Companies are hacking back," he explains, and much of their activity is arguably in violation of the CFAA. That said, he isn't aware of any prosecutions under CFAA against organizations engaged in what is often called "active defense activities." Legal trouble aside, getting into a back-and-forth with attackers is dangerous, Straight cautions. "Even if you're really, really good and know what you're doing, the best in the business … will tell you it's very hard to avoid causing collateral damage," he explains. Chances are good your adversaries will see your "hack back" and launch a more dangerous attack in response. The worst thing you can do is go after the wrong party, the wrong network, or the wrong machines, he continues. Most hackers aren't using their own equipment when they attack. "There are times when I have really wanted to strike back, but you can't and you don't," says Gene Fredriksen, chief information security strategy for PCSU.

According to Veracode’s State of Software Security (SOSS) report, 87.5 percent of Java applications, 92 percent of C++ applications, and 85.7 percent of .NET application contain at least one vulnerability. In addition, over 13 percent of applications contain at least one critical vulnerability. “Our annual SOSS data puts hard evidence on the table to explain why so many security professionals experience anxiety when they think about application security (AppSec),” the report stated. “There is no way to sugar coat it: the sheer volume of flaws and percentage of vulnerable apps remain staggeringly high.” Among the vulnerabilities, SQL injection flaws and cross-site scripting (XSS) remained most common, which is consistent with previous years. SQL injection flaws were found in about one in three applications, while XSS vulnerabilities were present in about half of the applications.

Best tools and methods for designing RESTful APIs

API visualization is one of the fundamental steps in design, because it frames a graphical view of the API for users and enables users to interact with services that use a type of generalized API GUI. Most interactive development environments have visualization tools available, but these tools only offer basic capabilities. Swagger UI is a popular API visualization example that makes the in/out data structure of an API visible; it also exhibits simulated responses to given API caller requests. An API catalog is the central element of any API design strategy. Catalogs hold API definitions and make them available to developers. In some cases, catalogs may also drive API management processes, like access control or load balancing. Most API management suites will include a catalog, and separate API catalog tools are available from companies like Swagger, Oracle and IBM, as well as in open source form, like ReDoc.

Three key trends that will change cybersecurity strategies in 2019

Traditional VM tools identify thousands of vulnerabilities at any given time for a large enterprise, making it near impossible for security teams to know which vulnerabilities to prioritize and address first. As Gartner pointed out, advanced risk-based VM tools take into consideration the impact to the business of each vulnerability if exploited, and produce a clear, prioritized list of actions for the security team to take. As devastating breaches at organizations large and small, public and private, continue to make headlines, companies will gravitate toward risk-based tools to more effectively and efficiently avoid getting breached. Cybercriminals are constantly evolving their attack methods, and in response, security teams must advance their approaches to protecting their data. This means rethinking antiquated processes and tools. 2019 is sure to bring new challenges, but companies will also be taking steps in the right direction to properly secure data and proactively prevent breaches.

As Bitcoin sinks, industry startups are forced to cut back

Man sweeping Bitcoins into dustpan
The latest victim is Bitmain, a provider of bitcoin mining hardware that very recently submitted its IPO prospectus to the Stock Exchange of Hong Kong. The company confirmed to CoinDesk this week that cutbacks would begin imminently: “There has been some adjustment to our staff this year as we continue to build a long-term, sustainable and scalable business,” a spokesperson for Bitmain told CoinDesk . “A part of that is having to really focus on things that are core to that mission and not things that are auxiliary.” Beijing-based Bitmain hasn’t clarified just how many of its employees will be impacted, though rumors — which Bitmain has since denied — on Maimai, a Chinese LinkedIn-like platform, suggest as many as 50 percent of the company’s headcount could be laid off. This news comes after the crypto mining giant confirmed it had shuttered its Israeli development center, Bitmaintech Israel, laying off 23 employees in the process. Bitmain employs at least 2,000 people, up from 250 in 2016, according to PitchBook, as the company’s growth has skyrocketed.

Tracking Analytics with Artificial Intelligence

As we head into 2019, it’s hard to find an industry that has been untouched by the data revolution. Even segments known for the hands-on nature of its work, like construction, are being reimagined with 3D-printed buildings, augmented reality and robots. The three industries below stand somewhere between those most and least affected by digital transformation. ... The worst kind of usage for a car is when a vehicle is driven mostly in traffic while the best is when it’s mostly highway driving, with less stopping and starting. An automaker in that case can offer everyone the same warranty for the first year but then can offer a different warranty package in the next year based on usage. Though no automakers have done so yet, this type of warranty package (similar to how the car insurance industry uses in-car tracking devices) can save automakers a lot of money and reward drivers who are gentler on their cars. For example, one of our auto clients was able to reduce warranty costs by 35% using sensor data.

When quantum computing threats strike, we won't know it

If a country was able to develop and successfully implement quantum computing for the purpose of breaking RSA encryption, they're not going to tell anyone. At some point, academia or the private sector will make advances that might show that it's plausible. But I think we have to be realistic and understand that the largest investors in this area are doing so such that it is highly unlikely that we will actually be aware when they are successful. ... You can assume that none of the people with access to the data were insider threats, but can you be 99.99% sure? Could that actually be the way the data was leaked? Or could it be flaws in the implementation of existing algorithms? It's not just good enough to have strong algorithms, we need strong implementations of the algorithm. If data all of a sudden is leaked, was it because the algorithm was cracked or one of these other government agencies identified a vulnerability that they chose not to disclose?

Quote for the day:

"When you practice leadership,The evidence of quality of your leadership, is known from the type of leaders that emerge out of your leadership" -- Sujit Lalwani

Daily Tech Digest - December 26, 2018

Digital Transformation: How to Create an Intelligent Company

For a company to shift towards becoming intelligent, it needs to have more than just the technology to enable the transformation. There is a need for significant changes in the way employees think about data and how it can be effectively processed and acted on, i.e. a change in culture and the way employees go about their daily business. In particular, data scientist Ronald van Loon has identified the following areas as key to creating intelligent processes that augment the abilities and efficiency of employees: Design thinking is part of a broad methodology that amalgamates elements of imagination, intuition, holistic reasoning, and logic, to explore all the probable solutions for a given problem. It includes the identification of all unarticulated needs expressed by a consumer. After identifying the needs, the team creates solutions that address all those needs and end up creating the “wow” effect. The solutions are generated creatively and analytically. Design thing should always be more solution-oriented than problem-oriented.

6 types of cyber security risks you need to know about

“Technology can’t help a human problem which involves someone manipulating an employee or contractor to perform an action or divulge confidential material. “In one instance, a stranger came onto the premises for an alleged job interview, told the receptionist he had spilled coffee on his CV, handed her a USB and asked her to print it for him. Once the USB was inserted to her computer the attacker gained remote access to that machine and from there, the entire network,” said Dicks. Physical security is a basic but often overlooked form of defence, said Dicks. “Staff must report all strangers they see in the office that are not clearly marked with a visitor’s access card. Access to the building needs to be rigorously managed. “Unknown USBs may not be used and sensitive information should be shredded. Password protection policies must be strictly adhered to – people are still writing their passwords on a piece of paper.”

Disruptive Effects of Cloud Native Machine Learning Systems and Tools

Automated machine learning (AutoML) goes one step further. It can completely automate training a machine learning model and serve it out in production. It accomplishes this by training models from labeled columns (say, images) and automatically evaluating the best model. Next, an AutoML system registers an API that allows for predictions again that trained model. Finally, the model will have many diagnostic reports available that allow for a user to debug the created model—all without writing a single line of code.  Tools like this drive AI adoption in the enterprise by empowering and democratizing AI to all employees. Often, important business decisions are siloed away in the hands of a group of people who are the ones with the technical skills to generate models. With AutoML systems, it puts that same ability directly into the hands of decision makers who create AI solutions with the same ease that they use a spreadsheet.

YES Bank Unveils 20 Data Driven Products at YES Datathon

Yes Bank
The top 20 models identified by the Bank will be taken live within a month and the remaining will be moved to the Bank’s product library to be iteratively developed and taken live within a period of three months. ... Talking about the event, Rajat Monga, Senior Group President, Financial Markets, YES BANK, said “YES BANK embarked on a data centered business model as part of our TechTonic initiative and now has a full stack of technology and talent capability built up. In order to leap frog on this data native transformation, YES Datathon provides us with an opportunity to engage with 6000+ data scientists. It has helped us identify newer use cases as well as statistical techniques and also incorporate cross-industry best practices. Going forward, YES BANK will also host AI/ML challenges and data engineering workshops to deepen practical and technical knowhow of future technology leaders and to facilitate this, has partnered with top IITs and BITS Bombay to further develop the data science ecosystem, allowing students the opportunity to build algorithms and data models in a deployment ready environment.

Cybersecurity Is Providing Information And Solutions Not Selling Fear

Even the most sophisticated companies with massive code review bureaucracies and elaborate deployment checklists can inadvertently push a bad update out. The issue here is not that SiteLock sent an errant malware alert to Domain.com’s customers. Rather, the issue is that the email did not contain any actionable information for the user to triage the situation, non-SiteLock customers had no ability to access any information about the reported malware and the company waited more than 24 hours to send a correction email to affected users, while Domain.com did absolutely nothing to assist its customers. A website that is actively serving malware to visitors is an incredibly serious situation and could indicate that the site has been breached and that customer data may be stolen as well. Waiting more than an entire day before telling users that a malware alert was in error is immensely irresponsible in today’s day and age.

Enterprise SBCs: Why They Matter

Enterprise Network
Today, securing VoIP sessions and applications has become a huge challenge. With a growing number of calls and collaborative sessions using VoIP on public and private networks, service providers must respond to enterprises’ increasing concerns about security. Session border controllers (SBCs) have always been the backbone of secure, quality VoIP. Today, enterprise session border controllers (E-SBCs) are making it possible for even the most mission-critical, massive enterprise VoIP systems to securely connect with SIP trunks, over-the-top trunks, and cloud-based unified communications (UC) technology. There are different types of SBCs, each serving similar but different purposes in a network. Essentially, SBCs are guardians at the gate: They make sure that only certain people are allowed in or out of a network domain. An E-SBC is a type of SBC that is specifically deployed to manage SIP traffic access – including VoIP, video, or instant messaging traffic – between SIP trunks and the enterprise network or between a UC service and the enterprise network.

Hyperledger Sawtooth 1.1 Adds New Consensus Algorithms

As a result of rearchitecting its consensus engine API, consensus protocols are now implemented as “consensus engines”, which improves their modularity. This required creating a new implementation of the Proof of Elapsed Time (PoET) consensus algorithm, which is one of Sawtooth main tenets and strives to achieve minimal resource consumption. PoET is a form of Nakamoto-style consensus, where a leader is elected through some form of lottery to choose a block to be added to a chain of previously committed blocks. While in Bitcoin the lottery is won by the first participant to solve a cryptographic puzzle, PoET leverages Intel Software Guard Extensions (SGX), which are becoming widely available in consumer and enterprise processors. SGX allow applications to create a trusted-code enclave. In short, each participant in PoET requests a wait time from the enclave and claims its role as a leader at the end of the wait. The first participant to claim its leader role wins.

Are Countries Finally Outgrowing Their Fear of Blockchain?

Are Countries Finally Outgrowing Their Fear of Blockchain?
Switzerland is not the first country to offer a national blockchain program. Australia, Malta, Cyprus, the United Arab Emirates, Ireland, Russia, Brazil, China and India, to name a few, have announced a slew of programs. Some countries, like India, have taken a dichotomous approach to cryptocurrency and blockchain. The Central Bank of India (RBI) is still “evaluating” the legality of cryptocurrencies, like bitcoin, while mulling over its own version, the Laxmi coin. On the contrary, the incumbent central government, headed by Prime Minister Narendra Modi, and various tech-savvy state governments like Maharashtra, Andhra Pradesh and Karnataka, have latched on to the blockchain bandwagon. Blockchain is now appearing in nation’s strategies, lawmakers’ lingo and in the agenda of think-tank sessions. Governments seem to have embarked on the process of appearing out of the fear psychosis of cryptocurrencies.

The opportunities and challenges of a freelance data scientist

Freelancing gives me the opportunity to work with people from all over the world — for example, I have worked with clients in Italy, India, Amsterdam and Belgium. The variety means I get lots of opportunities to learn about new fields and new techniques. These kinds of learning experiences are vital to providing clients with quality deliverables. Perhaps the most successful project I have worked on as a freelancer was with a team that was evaluating survey data for an international authors’ journal. The survey had hundreds of questions and results for several thousand authors and editors, who were located in five different countries. I developed smart techniques for analysing such a vast amount of data and the client was delighted with the outcome. I particularly enjoy helping clients frame their projects, helping them to ask the right questions of the data and pointing out the value of generating testable hypotheses.

Is Fintech Recruitment Heading for Troubling Times?

To attract and retain talent, both from abroad and at home, employers will have to do everything they can to vie for talent. Fintech is a competitive recruitment market. To put it simply, companies need people that are smart, talented, and innovative, with a wide range of skills. Unfortunately talent like this is hard to come by. They know their worth and are choosy about who they want to work for. To combat this, employers will need to focus on creating a compelling offer for potential employees. In our opinion a key strategy for attracting Fintech talent has to be offering flexible working at the point of hire. Much of today’s workforce wants to work flexibly. In a recent PowWowNow study, 70% of workers felt that offering flexible working makes a job more attractive to them. This is especially apparent amongst millennial talent who make up a large proportion of the Fintech sector. Tech talent want to be in control of their working hours. They don’t want to waste time commuting if they don’t have to, and they want to work when they are most productive.

Quote for the day:

"When a man assumes leadership, he forfeits the right to mercy." -- Gennaro Angiulo

Daily Tech Digest - December 25, 2018

DevOps disruptors in 2019

In 2019, we see will be a significant shift from commercial testing to open source tools, which will have a dramatic effect on the testing vendors in the market. There are several reasons for this. We all know that continuous testing is a critical component for optimising DevOps pipelines, and by its definition, to continuously test teams must be able dramatically scale the number of tests being executed, including running full regression cycles nightly as opposed to end of the Dev cycle and a massive “shift-left” of testing, all the way to the pre-commit and per-commit level. However, traditional commercial solutions struggle to meet the demands of continuous testing in two ways. Firstly, they do not scale, nor do they have the reliability to meet continuous testing requirements. Secondly, with shift-left, the persona of the test author shifts from QA to Dev. All this means that yesterday’s commercial solutions are simply not a fit for today’s developers. Instead, Open Source solutions are a vital piece of making continuous testing a reality.

Web Portals: More Breaches Illustrate the Vulnerabilities

Web Portals: More Breaches Illustrate the Vulnerabilities
One factor contributing to security issues in web portals is that "most organizations don't think about the total cost of running the system/application," says Mark Johnson, a former healthcare CISO and shareholder at consulting firm LBMC Information Security. "Because of that, a newly reported vulnerability may not get patched, or they may be resource constrained and they make 'risky' configuration choices - like adding too many support people as system or application admins. Finally, they may not dedicate the resources necessary to monitor these systems as closely." Based on what BJC has publicly disclosed about its portal incident, it's unclear exactly what caused the breach, Johnson says. "If it was a problem with the portal software or some underlying system or middleware application configuration or patching, there are some basic things that everyone should look to do when they have interactive systems, especially portals, on the internet," he says. Those steps include understanding the requirements of the system or application and reviewing and then implementing security controls that need to be in place based on the "risk of the system or application" and the type of data involved.

Training machines sans bias will only augment humans: AWS executive

When it comes to humans, they are good in dealing with situations that have ambiguous kind of data points.  "Humans are really good at learning quickly with very little information. ML models are the opposite. They require a lot of data inputs to be able to be trained. "I would argue that you show someone a bicycle a few times and you show them how to ride a bicycle after few times the human being is able to ride that bicycle pretty easily. To just train a robot to ride a bicycle takes millions of hours of training," explained Klein.  In the last one year, AWS has released over 200 ML services and features.  When it comes to Amazon Alexa now talking to humans, he said lot of their customers are using the platform to do voice profiling for a variety of reasons.  "For example, in the financial services industry, we have customers that are looking into voice profiling as an additional factor at their call centres. So if they want to verify if it's you, they can add voice profiling as an additional factor to further reduce fraudulent or impersonation calls," he explained.

NIST Risk Management Framework 2.0 Updates Cyber-Security Policy

"The RMF provides a dynamic and flexible approach to effectively manage security and privacy risks in diverse environments with complex and sophisticated threats, evolving missions and business functions, and changing system and organizational vulnerabilities," the RMF states. "The framework is policy and technology neutral, which facilitates ongoing upgrades to IT resources and to IT modernization efforts—to support and help ensure essential missions and services are provided during such transition periods." The RMF 2.0 includes a long list of tasks that includes an outline of risk management roles within an organization as well as strategy. Identifying common controls as well as having a continuous monitoring strategy is another key component that is part of RMF. Risk itself is at the core of RMF 2.0, with the requirement that organizations execute a risk assessment that includes all assets that need to be protected.

Business owners must understand that having a one-size-fits-all approach to cybersecurity can leave substantial gaps making their businesses vulnerable. The first step is to think about exposure: this includes the hardware and software you are using as well as operations conducted via web or cloud-based systems. You should also consider what unique threats there are to a particular system. An important note: it isn’t enough to think about your own business. What about the third-party vendors you’ve hired? Any of their vulnerabilities will affect you, too. Connectivity of systems both internally and externally has been a major driver of technological progress, and the advent of things like cloud-based storage and mobile payment options have made doing business easier. But while interconnected systems may make things run more efficiently, it also can increase the risk – a vulnerability in one system can affect the connected ones as well.  Keeping critical systems like payroll, business email, and point-of-sale (POS) separate can decrease the inherent risks of connectivity and help ensure that one cyber threat doesn’t compromise a business’ entire operation.

Digital KYC – why it’s finger-clickin’ good

The universal availability of electronic documentation, such as identity cards, is a fundamental building block without which a fully digitised, automated and near real-time KYC capability proves difficult. Progress towards this is being made, notably in developing nations where the challenge of undocumented segments of the population was tricky until digital solutions became available. The Unique Identification Authority of India (UIDIA) was established in 2008 to give a digital identity to every resident. This ‘Aadhaar’ ID now gives access to many key services, including banking ... “Estonia’s approach makes life efficient: taxes take less than an hour to file, and refunds are paid within 48 hours. By law, the state may not ask for any piece of information more than once, people have the right to know what data are held on them and all government databases must be compatible, a system known as the X-road. In all, the Estonian state offers 600 e-services to its citizens and 2,400 to businesses.”

Keeping AI Beneficial and Safe for Humanity

One analogy that Stuart Russell uses that I find helpful is bridges. When we ask a civil engineer to build a bridge, we don’t have to specify ‘make sure it’s safe’ or ‘make sure it doesn’t fall down’. These concepts are built-in when we talk about bridges. Similarly, CHAI would like to get the field of AI to the point where if we ask a software engineer to build an AI system, we don’t have to specify things like value alignment, ethics, and human-compatibility — they should be built right into the definition of AI. If AI is not beneficial to humans, it’s not actually achieving its purpose. Yet we currently have no guarantees that the systems that are in development at the moment are going to be beneficial, and some good reason to believe they won’t be by default — just as a bridge built without the right engineering expertise likely wouldn’t be safe. “I’m not sure we need to have ‘smarter than human’ AI for a system to be dangerous. Any system that is sufficiently competent could be dangerous, even if it doesn’t resemble something that we would recognise as human-like. ...”

2019 Security Predictions Report Released

This year’s security predictions span the categories of cloud, consumer, digital citizenship, security industry, SCADA/manufacturing, cloud infrastructure, and smart home. I won’t spoil your reading of it, but one of the predictions that jumped out for me was regarding Business Email Compromise (BEC) and how targeted threats will go lower down in the org chart. This makes a lot of sense given that CxOs are getting harder to exploit via BEC. They are becoming more aware of the threat and more BEC safeguards are deployed to protect them. An example of such a safeguard is machine learning to fingerprint executive writing styles, like our Writing Style DNA. This prediction is quite actionable, especially given there are tools and techniques being deployed to protect the C-suite, that can be expanded to protect their direct reports as this threat pivots.

Report: Over 300 British Blockchain Companies Shut Down in 2018

Report: Over 300 British Blockchain Companies Shut Down in 2018
Putting a number on it, the U.K.’s Sky News has found out that at least 340 companies claiming to be involved with crypto or blockchain were shut down this year. It obtained these findings by analyzing publicly available figures from the databases of Companies House and Open Corporates. This figure is an increase of 144 percent from just 139 blockchain-related companies that went bust in 2017. The data shows that over 200 of those companies were established during 2017 and 60 percent of them closed down between June and November 2018 alone. On the other side, the number of newly-registered blockchain companies continued to raise throughout the year, reaching a total of 817 in November 2018, which means the market continued to grow overall. However, the report notes that the number of new companies is now growing slower than the number of blockchain businesses shutting down for the first time. And of the companies which haven’t been shut down, over 50 have removed references to blockchain or crypto from their name.

Digital disruption may widen the gender gap: Jessie Qin, EY

Digital innovation is taking over the workplaces and now is the right time to build diversity. In digital innovation, you need the left brain and the right brain to work together. However, there are pain points and frustration that come from the hypothesis that digital disruption is likely to increase the gender gap.  For instance, there is World Economic Forum data that shows if you look at the 15 top economies of the world, digital, robotics and AI will lead to job losses of about 5 million. Men will get one new job out of the three jobs they lose; women, on the other hand, will get only one job out of the five jobs they are losing. What’s even more alarming is that while the disruption stems from technology, women are far less digitally connected — the global Internet user gender gap grew from 11% in 2013 to 12% in 2016, according to data from the International Telecommunication Union. The gap remains large in the world’s Least Developed Countries (LDCs) at 31%.

Quote for the day:

"Leadership is liberating people to do what is required of them in the most effective and humane way possible." -- Max DePree

Daily Tech Digest - December 24, 2018

Prioritizing TD over MVP and vice versa needs to be someone’s responsibility, otherwise who would handle the delivery time from this balance? Thanks to the gains of my Project Management knowledge, now I do handle. I’m the one who should forecast when it makes sense to spend more time working on a better engineering because I know my Stakeholder enough to predict his or her next move towards a brand-new MVP. Let me quickly change contexts for didactic purposes: Ordering pizza while savagely hungry at home, I expect it to arrive maximum within an hour and hot. I know a lot of stuff might go wrong on the way to my house. I would probably embrace some and others I wouldn’t. If the pizza arrives two hours later, I won’t accept it. If it arrives simply warm, it’s fine. The same applies to projects. Most valuable to stakeholders won’t stand a perfect engineering if that doesn’t pay its cost, which means delivery right on time or sooner.

Automated Cyber Attacks Are the Next Big Threat. Ever Hear of 'Review Bombing'?
This is not a theoretical risk, either. It is already happening. Recent incidents involving Dunkin Donuts' DD Perks program, CheapAir and even the security firm CyberReason's honeypot test showed just a few of the ways automated attacks are emerging “in the wild” and affecting businesses. In November, three top antivirus companies also sounded similar alarms. Malwarebytes, Symantec and McAfee all predicted that AI-based cyber attacks would emerge in 2019, and become more and more of a significant threat in the next few years. What this means is that we are on the verge of a new age in cybersecurity, where hackers will be able unleash formidable new attacks using self-directed software tools and processes. These automated attacks on their own will be able to find and breach even well-protected companies, aand in vastly shorter time frames than can human hackers. Automated attacks will also reproduce, multiply and spread in order to massively elevate the damage potential of any single breach.

A data inventory is key to maintaining data privacy compliance

Building and maintaining a comprehensive data inventory can enhance overall data quality and help create a path to streamline the compliance efforts, which helps in the effort of reducing risk through the creation of an effective controls framework. Additionally, identifying potential processes that can be automated creates opportunity for better regulatory reporting in both accuracy and efficiency. Improved accuracy supports improved data security. Clear data maps and inventories can support more effective and proactive security measures that address critical issues, such as which specific business processes the data touches and the related risks of that interaction. Complete data lineage capability is also enabled through data accuracy, allowing for a cohesive approach by audit, security, and compliance groups alike.

Network management must evolve in order to scale container deployments

Network management must evolve in order to scale container deployments
Highly containerized environments are subject to something called “container sprawl.” Unlike VMs, which can take hours to boot, containers can be spun up almost instantly and then run for a very short period of time. This increases the risk of container sprawl, where containers can be created by almost anyone at any time without the involvement of a centralized administrator. Also, IT organizations typically run about eight to 10 VMs per physical server but about 25 containers per server, so it’s easy to see how fast container sprawl can occur. A new approach to managing the network is required — one that can provide end-to-end, real-time intelligence from the host to the switch. Only then will businesses be able to scale their container environments without the risk associated with container sprawl. Network management tools need to adapt and provide visibility into every trace and hop in the container journey instead of being device centric. Traditional management tools have a good understanding of the state of a switch or a router, but management tools need to see every port, VM, host, and switch to be aligned with the way containers operate.

Office 365, Outlook Credentials Most Targeted by Phishing Kits

The phishing kit used the most during the second half of the year was a multi-brand kit that mainly targets Office 365 and Outlook credentials, but which also supports spoofed pages for AOL, Bank of America, Chase, Daum, DHL, Dropbox, Facebook, Gmail, Skype, USAA, Webmail, Wells Fargo, and Yahoo. The second most popular phishing kit in the timeframe also targets Office 365, Cyren says. This tool, however, was specifically built for Office 365 phishing and packs built-in techniques to evade detection, including blocking IPs and security bots, as well as user agents to hide from phishing defenses. A PayPal phishing kit has emerged as the third most used, and employs new levels of sophistication, with several evasive techniques, the researchers say. Fourth in line comes a multi-brand phishing kit that can target almost anything from lifestyle brands to data, banking and email credentials, and more. Apple, Netflix, Dropbox, Excel, Gmail, Yahoo, Chase, PayPal and Bank of America are among the targeted brands.

5 Cloud Trends That Will Dominate 2019

5 Cloud Trends That Will Dominate 2019
Despite the hubbub being raised about the job-stealing nature of automation, you should expect automation services to keep rising in popularity as 2019 unfolds. Automation platforms are more efficient today than ever before, which means that businesses of all shapes and sizes have a sizable economic incentive to digitize their operations to the greatest extent possible. While human capital will always be vital in the cloud marketplace, it’s growing quite obvious that the future of the cloud will at least partly be determined by clever algorithms that do some of our thinking for us. Major corporations like Amazon and Microsoft are already beginning to cash in on this trend with the use of lawyer SEO; Amazon Web Services has a wide variety cloud automation services, for instance, including automatic testing to locate weak security points. As digital privacy and network security grow more important to the public, especially as new data breaches continue to occur, automation will be viewed as a way of securing the cloud and making it a more reliable place to store our sensitive information.

Understanding Blockchain Basics and Use Cases

The use cases for blockchains are still being hotly debated. There is the obvious example of censorship-resistant digital currencies. However, the volatility and fragmentation seen in the cryptocurrency market during 2018 seems to suggest that the actual applicability of trustless digital currencies is limited. From the enterprise perspective, it is becoming clear that they can also be used to create systems or networks that are deployed as a shared construct between multiple entities that don't necessarily trust each other yet want to share data and maintain a form of consensus about concerns that all parties care about. These use cases, where a centralized authority is unacceptable to the participants, or too costly to set up, are still emerging. This is despite the time, effort and venture capital that has deployed into the wide array of blockchain projects created to date. As more projects come to market as we move into 2019, it remains to be seen whether the promise of blockchain will ever amount to the major impact that its advocates have now been promising for quite some time.

AI Inspires a Healthcare Revolution

Heart surgeons are employing data and analytics alongside scalpels and stents as they carry out intricate operations, using digital replicas of human hearts and AI to predict the likely outcomes of treatments. In the future, we may all have these replicas—known as digital twins—that are continuously fed data about our bodies and can help predict when we may become ill, and suggest preventive therapy and the most effective treatments. Digital twin technology has the potential to make significant improvements in diagnosis and treatment of a range of conditions. Building a digital replica of a heart requires collecting reams of data about the patient’s physiological condition, fitness levels and lifestyle. In one case, cardiologists created a digital version of the heart of a patient suffering from an irregular heartbeat, to test whether the patient was among the 70 percent likely to respond to a particular treatment.

When the Tide Goes Out: Big Questions for Crypto in 2019

Debates have raged around the globe about how cryptocurrencies, and particularly ICOs, fit within existing securities, commodities and derivatives laws. Many contend that so-called ‘utility tokens’ sold for future consumption are not investment contracts – but this is a false distinction. By their very design, ICOs mix economic attributes of both consumption and investment. ICO tokens’ realities – their risks, expectation of profits, reliance on the efforts of others, manner of marketing, exchange trading, limited supply, and capital formation — are attributes of investment offerings. In the U.S., nearly all ICOs would meet the Supreme Court’s ‘Howey Test’ defining an investment contract under securities laws. As poet James Whitcomb Riley wrote over 100 years ago: “When I see a bird that walks like a duck and swims like a duck and quacks like a duck, I call that bird a duck.” In 2019, we’re likely to continue seeing high ICO failure rates while funding totals decline.

Embracing agile development: Don’t let technical debt get in the way of innovation

By prioritising this type of approach first, you can begin to reduce debt and then resolve other portions as part of a long-term strategy. Remember: this isn’t going to resolve itself overnight. Get the whole team on board before committing to across-the-board technical debt reduction because unlike a Waterfall approach, Agile changes are small and frequent, so everyone will need to commit to the new method. Again, teams can tackle this by adopting an EAD approach, so they can focus on moving slowly and deliberately to avoid including any new changes that might introduce new debt or increases existing debt. An EAD approach also helps to ensure teams are committed to testing throughout the DevOps process, which in turn creates a more collaborative environment and promotes transparency. With Agile, each successive version of the software builds directly on the previous version. It also allows for repeat work that improves upon previously completed activities.

Quote for the day:

"The greatest leader is not necessarily the one who does the greatest things. He is the one that gets the people to do the greatest things." -- Ronald Reagan