Daily Tech Digest - April 30, 2018

10 reasons to love the secret Surface Phone

whisper shh quiet mouth lips men antique vintage secret
Microsoft phones failed. Windows Mobile, Windows Phone, Windows 10 Mobile — all too little, too late.But I think Microsoft could succeed with its next device.Rumor has it that Microsoft is working on a two-screen clamshell mobile device code-named Andromeda that may be branded the “Surface Phone.” (The more likely branding may be “Surface Pad,” or something like that, to de-emphasize the phone function.) I believe the rumors are true and predict this device could even be teased at Microsoft’s Build Conference in Seattle May 7. From Microsoft’s perspective, creating a new mobile device is an existential necessity. Apple is threatening Microsoft’s enterprise business with a steady infiltration by iPhone and iPad. These client devices invite all kinds of non-Microsoft solutions into the enterprise. Something must be done. Microsoft would likely fail in a fair fight against Apple with conventional phones or tablets. So Microsoft needs to offer a very appealing, business-friendly device that breaks all the rules. Going further, I think the Surface Phone is just what the mobile market needs — just what you need — and for the following 10 reasons

No internet: The unbearable anxiety of losing your connection

So, that was Tuesday. Remember, I work from home. Getting my job done was a major challenge with minimal internet. While I could take my laptop to one of the many coffee shops Oregon has to offer, some work required being hooked up to my dual large-screen monitors and giant tank of directly-attached media asset storage. Watching TV at night was a crapshoot. Sometimes it would work. Other times, not so much. Now, you have to understand, I have a relatively large offline video collection, much of it digitized on one of my NAS boxes. So, even if the internet was fully down, my wife and I could watch movies or TV shows. But did we? No, if Netflix or Hulu or HBO Now or CBS All Access or Prime Video or Showtime or -- heaven forbid! -- YouTube was offline, it was a Category Five level of distress. Being intermittently disconnected from the internet created a level of separation anxiety that, in some ways, eclipsed constructive problem-solving. We didn't have to watch Netflix. We could have just as easily watched something on our own media tank.

Juniper battles Cisco, VMware with Contrail cloud tools

Contrail Enterprise Multicloud simplifies networking through its Contrail Command console. Companies, for example, can use the software's graphical user interface to request workload-to-workload connectivity without knowing the underlying components, like ports, switches, routers and subnets. AppFormix reduces complexity further by providing intelligence on the different cloud infrastructures and the overlay services running across them. The information is useful for planning and diagnostics. Casemore expects Juniper to eventually create a single Contrail-based software console that unifies data center, cloud and branch networks. "They're looking at extending this over the WAN," he said. Piling as much networking as possible into a single management console is also Cisco's strategy. So, to differentiate itself, Juniper is positioning its product as more open than Cisco's Application Centric Infrastructure (ACI). ACI requires the use of at least some Cisco switches. Contrail Enterprise Multicloud, on the other hand, supports Juniper, Arista and Cisco hardware.

7 Reasons Why Open-Source Elassandra (Cassandra + Elasticsearch) Is Worth a Look

For organizations that rely on the Cassandra NoSQL database but require more efficient search capabilities, Elassandra offers a compelling open-source solution. Elassandra combines the powers of Elasticsearch and Cassandra by utilizing Elasticsearch as a Cassandra secondary index. While companies may use both Elasticsearch and Cassandra on their own (and unite them by developing their own custom integration or synchronization code), Elassandra negates the challenges of implementing these measures and managing that software separately. By closely integrating Elasticsearch with Cassandra, Elassandra provides search latencies that approach real-time responsiveness. Better yet, it achieves this while also delivering access to all the advantages of Elasticsearch’s established ecosystem of REST APIs, plugins, and other solutions. Through these tools — such as the powerful Kibana UI that allows users to search, analyze, and visualize data quickly and easily — database ops can be carried out with much more efficiency than is possible using Cassandra and Elasticsearch independently.

Why intent-based networking is important to the Internet of Things

Why intent-based networking is important to the Internet of Things
To date, the driving forces behind the change have been things like moving apps to the cloud, the erosion of the enterprise perimeter, and an increase in mobility. But none of these will have the impact that IoT will have on the enterprise network. IoT adds orders of magnitude more devices, many of which are not owned by the IT department. Also, many IoT devices have no inherent security capabilities and often have old operating systems and embedded passwords, making them easy to breach and creating backdoors into other critical systems. IBN can solve many of those challenges. One could argue that organizations could continue to run a data center without IBN, as companies could throw more people and money at that part of the network. It would be difficult, but it might be doable. However, IoT deployments at scale are likely to fail without IBN, and one could argue that the concept of an IBN was designed with something like IoT in mind where unpredictability and randomness are the norms. The more variables in the network equation, the harder the problem is to solve — and that's happening to the network right now.

 'Cyber blindspot' threatens energy companies spending too little

Companies are aware of the need protect raw data, but they’re often less sophisticated about the need to protect recently computerized systems for operational assets, according to Stegall. “When you get to a discussion on locking down the operations issues, they kind of look like deer caught in the headlight,” he said. Based on analysis developed over 15 years, energy companies that earn $1 billion in revenue a year generally spend about $1 million for cybersecurity, Precision found. In comparison, companies within the financial industrial with $1 billion in revenue could spend as much as $3 million. according to the data. Financial services and retailers have been in the limelight for data breaches. Walker, who works directly with energy executives, said he’s found it surprising how many believe the Defense Department or Homeland Security is defending them. They can’t, Walker said, because the government lacks the capability, expertise and, importantly, the legal standing to defend civilian assets before they’re attacked.

The 14 Soft Skills Every IT Pro Needs

The 14 soft skills every IT pro needs
Hiring managers and recruiters bemoan a soft skills gap in IT, and recent data backs up the sentiment. A LinkedIn report conducted with consulting firm Capgemini found that more employers say their organization lacks soft skills (nearly 60 percent) than hard digital skills (51 percent).  Some firms, such as Vodafone and Citi, find soft skills important enough that they’re using surveys and AI in their interview process to assess communication skills, according to this year’s Global Recruiting Trends report from LinkedIn. ... If you’re a candidate with any or all of these skills, they’re useful talking points in your next interview. If not, you may find some areas worth brushing up. And if you’re doing the hiring, these are the skills your peers value most on their teams. ... “At a certain level, irrespective of whatever role you might have, you’re in sales,” says Jay Jamison, vice president of strategy and product management at Quick Base. “Selling people on your ideas or vision for the future — or whether you’re carrying a quota and need to close out a month. Communication skills, self-awareness and the capacity to sell and influence are the top three soft skills I’m looking for.”

To improve network throughput, scrap the ones-and-zeros system

To improve network throughput, scrap the ones-and-zeros system
Improvements proposed, in addition to the aforementioned abandonment of binary, is to match dodgy signals that are harder to decode to customers close by who don’t need particularly clean signals, then create good signals, which are easier to decode, for the distant customers. By doing that, you optimize the pipe for everyone. Throughput improves, too, as capacity goes up — everyone needs less time to communicate. Van der Linden says one does this by making changes to the actual signal levels. “Normally you would go for four or eight equidistant levels. But if you position the levels with unequal intermediate spaces, you open up larger gaps between pairs of levels that are closer together. The bit encoded within the large distance is easier to decode and thus can handle a worse signal quality,” he says. He says that his “smarter” fiber optimization ideas, which produce better data rates, are based on technology already used in wireless, cable, and DSL. Other proposals he makes in his thesis include more colors in the same fiber — that makes more data streams — and three different clock rates.

BDD Tool Cucumber is 10 Years Old

The difference in productivity between a programmer who has to wait 1-5 seconds for test feedback and 30+ seconds is significant. At 1-5 seconds you can attain (and stay) in state of flow where you're hyper productive, for hours. That just doesn't happen if you're interrupted all the time. We've become so accustomed to slow feedback that we've invented and adopted practices to work around them rather than fixing them. The test pyramid is one such workaround. Conventional wisdom tells us that full-stack tests that go through the UI are slow and brittle. Therefore, we'll have fewer of the slow, flaky tests, and more of the fast, consistent ones. A much better way to address this is to make slow tests fast and make flaky tests stable. What's not to like about confidence *and* speed? Nat Pryce and Josh Chisholm have independently explored ways to make full stack tests run sub-second by removing all I/O and running everything in-process. This used to be something we only knew how to do with domain level tests.

Ericsson and HPE accelerate digital transformation 

It is more bespoke than we would like. It’s not as easy as just sending one standard shipping container to each country. Each country has its own dynamic, its own specific users. The other item worth mentioning is that each country needs its own data center environment. We can’t share them across countries, even if the countries are right next to each other, because there are laws that dictate this separation in the telecommunications world. So there are unique attributes for each country. We work with Ericsson very closely to make sure that we remove as many itemized things as we can. Obviously, we have the technology platform standardized. And then we work out what’s additionally required in each country. Some countries require more of something and some countries require less. We make sure it’s all done ahead of time. Then it comes down to efficient and timely shipping, and working with local partners for installation.

Quote for the day:

"I wish that we worried more about asking the right questions instead of being so hung up on finding answers." -- Madeleine L'Engle

Daily Tech Digest - April 29, 2018

Institutional Innovation: How blockchain could transform student ROI

Colleges and universities are recognizing that degrees are much like currency. They are sheets of paper that serve as an exchange with employers to signal the graduate has the types of skills that are necessary for the job. The better the degree, the more value a student may have in the workforce. By moving degrees into a form of digital record where the student can own it as a type of currency, rather than the institution holding it, they can put that currency into a massive decentralized network, much like bitcoin. This would allow employers to see students' records more easily. Feng Hou, CIO of Central New Mexico Community College, explained that his institution's decision to look into blockchain technology came from an initiative to convert college-owned technology into student-owned technology — with one of those areas being digital credentials and transcripts. Central New Mexico Community College, working with a vendor called “Learning Machine,” developed an open-source platform where digital diplomas could be recorded and shared in major professional networks.

Google Co-Founder Sergey Brin Warns Of AI's Dark Side

AI tools might change the nature and number of jobs, or be used to manipulate people, Brin says—a line that may prompt readers to think of concerns around political manipulation on Facebook. Safety worries range from “fears of sci-fi style sentience to the more near-term questions such as validating the performance of self-driving cars,” Brin writes. All that might sound like a lot for Google and the tech industry to contemplate while also working at full speed to squeeze profits from new AI technology. Even some Google employees aren’t sure the company is on the right track—thousands signed a letter protesting the company’s contract with the Pentagon to apply machine learning to video from drones. Brin doesn’t mention that challenge, and wraps up his discussion of AI’s downsides on a soothing note. His letter points to the company’s membership in industry group Partnership on AI, and Alphabet’s research in areas such as how to make learning software that doesn’t cheat), and AI software whose decisions are more easily understood by humans.

3 Innovative Ways Blockchain Will Build Trust In The Food Industry

Just look to Chipotle. After a major E. coli breakout in late 2015, the company’s profits dropped 44% compared with the same quarter the previous year. It has since given out millions of coupons to lure customers back with free food, but the company still hasn’t fully restored customer trust. There is a way to increase trust in the food industry. Blockchain solutions are already up and running in other industries like pharma and gold production—and they are ready to be applied to the food space. Every year, one in 10 people around the world become ill due to foodborne diseases, and approximately 420,000 of them die. Part of the reason we still see statistics like this is because it takes far too long to isolate product recall or contamination issues in the supply chain. Right now, IBM and Walmart are working on a solution for this. They’re improving Walmart’s food tracking abilities in China. Under the company’s current system, the pair estimated that it took days—even weeks—for Walmart to track a package of mangos from the farm to the store.

Your next coworker soon may be an avatar humanoid robot

Avatar robots are still experimental, but if the market for collaborative robots is any indication, there could be significant demand. Also known as cobots, collaborative robots are covered with soft materials and can work alongside people in assembly and other jobs. The market for cobots is expected to grow to $12 billion by 2025, according to Barclays Equity Research. Remote operation of robots for work outside the factory, however, is already well established. Intuitive Surgical, for instance, has sold over 4,200 of its da Vinci surgical robots, which reproduce a surgeon's hand motions through small incisions in a patient's body during operations such as hysterectomies; benefits may include shorter recoveries. Many workers around the world may be concerned about losing their jobs to automation, but the risk varies from country to country. A recent OECD study estimates that 33 percent of jobs in Slovakia are "highly automatable", but only 6 percent in Norway, though the authors caution that "the actual risk of automation is subject to significant variation."

Why A Per-App Approach to Application Services Matters

app svcs dev wants soad18_thumb[2]
The problem is that most of these application services are delivered in a shared infrastructure model. Each application gets its own “virtual representation” but it physically resides on a shared piece of software or hardware. This can cause real problems – and is in part a source of the friction that remains between IT and app dev. It’s this shared nature of systems that brought us change windows and review boards and Saturday night deploys (with pizza, to keep us placated) – the processes that slow down development and make deployment a frustrating experience for all involved.  We’re no longer deploying monolithic monster apps. Even if we haven’t gone manic microservices and decomposed apps into hundreds of little services, we still have more apps that are on more frequent deployment schedules. Apps that are developed in week-long sprints rather than year-long projects, and need to push updates faster and more frequently. That, ultimately, is more of the reason (public) cloud has been so successful. Because it’s my app and my infrastructure and I don’t have to wait for Bob or Alice or John before I push an update.

Three Ways Machine Learning Is Improving The Hiring Process

Technology’s advance into all industries and jobs tends to send ripples of worry with each evolution. It started with computers and continues with artificial intelligence, machine learning, IoT, big data and automation. There are conflicting views on how new technology will impact the future of jobs. But it's becoming clear that humans will need to work with technology to be successful -- especially as it relates to the hiring process. There’s a great example of this explained by Luke Beseda and Cat Surane, talent partners for Lightspeed Ventures. On a recent Talk Talent To Me podcast episode, they spoke with the talent team at Hired, where I work, about why it's critical to understand why a candidate is pursuing a given job. They concluded that machines can’t properly manage the qualitative aspect of hiring. For example, machines can’t tell if a candidate is seeking higher compensation or leveraging a job offer to negotiate new terms with their current employer. Humans can. However, machines are better at making processes more efficient.

Data and digital infrastructure key to genomic sequencing success, say MPs

Giving evidence to the committee, professor Sian Ellard of the South West NHS Genomic Medicine Centre said it was unrealistic to expect “all of the planned infrastructure to be in place” for the launch of the genomic medicine service.  “Significant digital infrastructure is needed to support routine genomic medicine, and it is welcome that some centres and hospitals already have solutions in place. However, the wider programme to improve NHS infrastructure is running to a later timeframe than the planned genomic medicine service,” the committee’s report said. “The digital infrastructure in place should be one consideration involved in decisions on providing whole genome sequencing in place of conventional alternative diagnostic tests, to avoid attempting to roll out a Genomic Medicine Service at a speed that cannot be delivered.” Committee chair, Norman Lamb, said that the new service “could dramatically improve the health outcomes of UK citizens, but that the committee is concerned its potential is threatened by delays to digital projects.

How Intel's 8th-gen CPUs will affect budget gaming laptops

acer predator helios 300 1
Intel’s 8th-gen “Coffee Lake” mobile CPUs arrived en masse this month, packing more cores and higher performance than ever before. What does that mean for budget gaming laptops? If you’ve been waiting for the prices of gaming laptops to plunge now that next-gen processors are here, prepare to be a little disappointed. Prices of older laptops generally don’t drop too much when the next big thing shows up. The reasons vary, but in general, PC vendors typically manage inventories fairly tightly to avoid being left with a lot full of Oldsmobiles when the new models come in. That’s not always the case though, and sometimes you’ll find some nice deals if you know where—and when—to look. Discounts on older hardware isn’t the only way Intel’s 8th-gen CPUs will affect budget gaming laptops though. Beyond straightforward discounts, it’s also worth keeping in mind that with the 8th-generation of Intel processors, you’re essentially getting yesteryear’s Core i7 performance in today’s Core i5 chips—and at Core i5 prices too.

How to Increase Backup and Recovery? – Rubrik Briefing Note

Most data protection solutions today comprises two distinct components; the backup software and the backup hardware. The software moves data from production storage to backup storage. It also manages critical factors like ensuring the online backup of applications, as well as locating protected data when necessary, and rapid data recoveries. Data protection hardware typically focuses on cost-effectively storing data for an extended time frame. Ironically, other than the move from tape to disk, most data protection hardware solutions have not invested in making sure that the recovery process is fast. While some backup software vendors have come out with backup appliances, these solutions are typically just pre-installed versions of their software on a set piece of hardware. There is seldom any optimization for leveraging those aspects of that hardware. IT needs a new approach; one that more seamlessly integrates backup hardware and software into a single solution where the software takes full advantage of the hardware and creates an environment specific to data protection.

What Will Our Society Look Like When Artificial Intelligence Is Everywhere?

Imagine you are a woman in search of romance in this new world. You say, “Date,” and your Soulband glows; the personal AI assistant embedded on the band begins to work. The night before, your empathetic AI scoured the cloud for three possible dates. Now your Soulband projects a hi-def hologram of each one. It recommends No. 2, a poetry-loving master plumber with a smoky gaze. Yes, you say, and the AI goes off to meet the man’s avatar to decide on a restaurant and time for your real-life meeting. Perhaps your AI will also mention what kind of flowers you like, for future reference. After years of experience, you’ve found that your AI is actually better at choosing men than you. It predicted you’d be happier if you divorced your husband, which turned out to be true. Once you made the decision to leave him, your AI negotiated with your soon-to-be ex-husband’s AI, wrote the divorce settlement, then “toured” a dozen apartments on the cloud before finding the right one for you to begin your single life.

Quote for the day:

"Many people think great entrepreneurs take risks. Great entrepreneurs mitigate risks." -- Jal Tucher

Daily Tech Digest - April 27, 2018

Developers, rejoice: Now AI can write code for you

A new deep learning, software coding application can help human programmers navigate the increasingly complex number of APIs, making coding easier for developers. The system—called BAYOU—was developed by Rice University computer scientists, with funding from the US Department of Defense's Defense Advanced Research Projects Agency (DARPA) and Google. While the technology is in its infancy, it represents a major breakthrough in using artificial intelligence (AI) for programming software, and can potentially make coding much less time intensive for human developers. BAYOU essentially acts as a search engine for coding, allowing developers to enter a few keywords and see code in Java that will help with their task. Researchers have tried to build AI systems that can write code for more than 60 years, but failed because these methods require a lot of details about the target program, making them inefficient, BAYOU co-creator Swarat Chaudhuri, an associate professor of computer science at Rice, said in a press release.

6 Reasons Why IT Workers Will Quit In 2018

Across every generation, job satisfaction is strong, with 70 percent of IT workers saying they are content with their current job. But while they enjoy their careers, nearly two-thirds of IT pros said they aren’t happy with their compensation. By generation, 68 percent of millennials (those born between 1981 to 1997) said they feel underpaid, while 60 percent of Gen Xers (those born between 1965 to 1980) and 61 percent of baby boomers (those born between 1946 to 1964) said the same. Of those who said they were looking for a new job in 2018, 81 percent of millennials said they wanted to get a higher salary, while 70 percent of Gen Xers and 64 percent of baby boomers said the same. Millennials may be more motivated by salary considering they make an average salary of $50,000 per year. Meanwhile, Gen Xers in IT earn an average of $65,000 per year, while baby boomers average around $70,000 per year. Some companies are already taking steps to secure their junior workers with a pay raise, as 62 percent of millennials expect to get a raise in 2018 from their current employer and 31 percent expect a promotion.

Employees still in the dark about data protection

According to the EEF report, a “worryingly large” 12% of manufacturers surveyed have no process measures in place to mitigate against the threat, only 62% of respondents said they train staff in cyber security, 34% said they do not offer cyber security training and 4% said they did not know. “The Beyond the phish report illustrates the importance of combining the use of assessments and training across many cyber security topic areas, including phishing prevention,” said Joe Ferrara, general manager at Wombat. “Our hope is that by sharing this data, infosec professionals will think more about the ways they are evaluating vulnerabilities within their organisations and recognise the opportunity they have to better equip employees to apply cyber security best practices and, as a result, better manage end-user risk.” According to Wombat, the report validates the need for organisations to use a combination of simulated attacks and question-based knowledge assessments to evaluate their end-users’ susceptibility to phishing.

Organizations gaining new benefits by automating data engineering

Historically, the necessity of data engineering was only matched by its tediousness. Preparation for data analytics and application use involved some wrangling that produced two undesirable side effects. First, wrangling measures like cleansing, transforming, integrating and curating raw data traditionally monopolized data scientists’ time. Secondly, the complexity and lengthy duration of these tasks often alienated the business from using data. However, a number of advancements in data engineering have now decreased data preparation time while increasing time for exploration and applications. By automating aspects of the wrangling process, expediting data quality measures, and making these functions both repeatable and easily shared with other users, alternative solutions to this problem are “empowering your more business type users with functionality that maybe would have only been available to a database administrator or DB doers,” explains Noah Kays, director of content subscriptions at Unilog, which offers a product information management platform.

Apple Is Struggling To Stop A 'Skeleton Key' Hack On Home Wi-Fi

Even with all Apple's expertise and investment in cybersecurity, there are some security problems that are so intractable the tech titan will require a whole lot more time and money to come up with a fix. Such an issue has been uncovered by Don A. Bailey, founder of Lab Mouse Security, who described to Forbes a hack that, whilst not catastrophic, exploits iOS devices' trust in Internet of Things devices like connected toasters and TVs. And, as he describes the attack, it can turn Apple's own chips into "skeleton keys." There's one real caveat to the attack: it first requires the hacker take control of an IoT technology that's exposed on the internet and accessible to outsiders. But, as Bailey noted, that may not be so difficult, given the innumerable vulnerabilities that have been highlighted in IoT devices, from toasters to kettles and sex toys. Once a hacker has access to one of those broken IoT machines, they can start exploiting the trust iOS places in them.

“SamSam” ransomware – a mean old dog with a nasty new trick

One cybersecurity catchphrase you’ll hear these days is that “X is the new ransomware”. That’s because the ransomware scene is no longer clearly dominated by long-running, well-known “brand names” (so to speak) such as CryptoLocker, TeslaCrypt or Locky. In other words, many people are convinced that ransomware has had its day, is dying out, and new threats are taking over. A popular value for the variable X in in the equation above is cryptojacking, where crooks sneakily insinuate cryptocurrency mining software onto your computer or into your browser. Rather than snatching away your files, like ransomware does, cryptojackers steal your processing power and your electricity instead. This means that the crooks earn a tiny bit of money from every victim for as long as they’re infected, rather that taking the all or nothing approach of ransomare, where victims face a stark choice: pay and win, or refuse and lose.

Five areas of fintech that are attracting investment

Overall investment and merger and acquisition activity in fintech almost halved from a record high of $46.7bn in 2015 to only $24.7bn last year, according to KPMG. This is partly a natural, even welcome, correction after the initial hype. Uncertainty created by the Brexit vote and Mr Trump’s election has also had an effect, however. Another negative factor was the governance scandal last year at Lending Club, the biggest online lender in the US, combined with disappointing performances by some of its rivals, which turned investors off peer-to-peer lending. Investor interest continues to rise in some areas of fintech, however, including cyber security, artificial intelligence, blockchain technology and insurtech. There has also been positive news from the two winners of last year’s Future of Fintech awards. Paytm, the Indian electronic payments company, has thrived following the country’s withdrawal of high-value banknotes, and Transmit Security, the cyber security start-up, recently announced a $40m self-funding round.

Data and privacy breach notification plans: What you need to know

draft eprivacy regulation   privacy by design
IT alone is not in a position to have all the knowledge needed to execute on even the most refined notification plans. Instead, “the lawyers, the security officers, crisis communication specialists and IT professionals all need to be lashed together at the hip,” Bahar said. “It takes their combined expertise and judgment.” Bahar even suggests that your organization’s legal team might have to take a leadership role in the notification process. “The potential litigation and regulatory stakes are so high, not to mention the public relations and reputational stakes, so the lawyers need to be heavily involved,” he says. The legal team can help work out what is said and how it is said to best meet requirements and minimize risk—and they don’t need to be wasting time conducting time-sensitive legal research. Many regulations require public disclosure of the breach, whether that’s to customers, shareholders, partners, and so on. This is where marketing and public relations teams can help with that communication.

Best Security Software: How 9 Cutting Edge Tools Tackle Today's Threats

Movie preview test pattern
Threats are constantly evolving and, just like everything else, tend to follow certain trends. Whenever a new type of threat is especially successful or profitable, many others of the same type will inevitably follow. The best defenses need to mirror those trends so users get the most robust protection against the newest wave of threats. Along those lines, Gartner has identified the most important categories in cybersecurity technology for the immediate future. We wanted to dive into the newest cybersecurity products and services from those hot categories that Gartner identified, reviewing some of the most innovative and useful from each group. Our goal is to discover how cutting-edge cybersecurity software fares against the latest threats, hopefully helping you to make good technology purchasing decisions. Each product reviewed here was tested in a local testbed or, depending on the product or service, within a production environment provided by the vendor. Where appropriate, each was pitted against the most dangerous threats out there today as we unleashed the motley crew from our ever-expanding malware zoo.

Sustainable Software with Agile

In the Agile Software Factory of Cegeka, all teams have a bi-weekly reporting to monitor whether we’re still doing the right things right within the agreed budget and timeframe. They are filling in a Progress report – PMI style reporting on customer, timing, budget, scope, dependencies & quality. This report is made available towards the software factory management & the customers. We value the transparency, openness of the status of all project activities. It includes reporting on the sprint, the agreed SLA’s, the defects… The monitoring of the application is happening from different perspectives on a permanent basis. The Ventouris team has implemented a continuous build & deploy environment in which the automated tests are running by each check-in of new code. If the code is broken the information radiator is indicating that it must be claimed to be fixed with the highest priority. With a test coverage of more than 100%, the team can avoid regression. The Ventouris team is using "New Relic" as application monitoring tool for the performance follow-up on each of the SLA per transaction type.

Quote for the day:

"If you don't demonstrate leadership character, your skills and your results will be discounted, if not dismissed." -- Mark Miller

Daily Tech Digest - April 26, 2018

Delivering future-focused enterprises

crystal ball
It is important that CIOs and their teams ensure that IT isn’t perceived as the group that always says no, moves too slow, or doesn't understand what the business needs. Part of fixing this is knocking down siloes within IT. As a part of this, CIOs need to empower their organizations to look out for themselves for technology change that impacts the business services they support. CIOs need to overcome these too by staffing strategy and designing roles that are not only good at transitions and operations. CIOs said as well that it is important to adopt and train everyone on a framework that brings IT together with one voice and as one team. Framework examples include ITIL, TOGAF, and IT4IT. Our CIOs said this process should optimize things IT-wide rather than for a single team. CIOs said IT leaders as well need to push back on tactical band-aids and responses wherever possible. They need to establish proactive planning, strategic goals, and business-oriented metrics. For example, instead of measuring tickets per month for disk space, they should instead be rolling up this kind of data into a strategic metric regarding capacity planning effectiveness.

Tackling Edge Computing Challenges

edge computing
It’s easy to think edge computing magically solves many problems that cloud computing can’t, but there’s a trade-off due to the highly distributed nature of edge systems. Each of the edge nodes are not completely independent, as each may need to share information with other nodes, and keeping data consistent is a challenge. The question is: How do I coordinate a large number of edge computing systems while still allowing them to work independently? This is a problem that has perplexed designers of distributed systems for many years. People call this the distribution, consistency, and synchronization problem. The number of edge computing systems will be high, so any solution will need to scale greatly. Altogether, this is a big problem to solve. Except for some very specialized workloads that simply process events and upload data, many applications processed at the edge need to share security, customer, and other contextual information. What kind of apps need to do this? IoT apps, gaming, advertising, virtual or augmented reality, and mobile apps are good examples.

5 signs you've been hit with an advanced persistent threat (APT)

APTs rapidly escalate from compromising a single computer to taking over multiple computers or the whole environment in just a few hours. They do this by reading an authentication database, stealing credentials, and reusing them. They learn which user (or service) accounts have elevated privileges and permissions, then go through those accounts to compromise assets within the environment. Often, a high volume of elevated log-ons occur at night because the attackers live on the other side of the world. If you suddenly notice a high volume of elevated log-ons across multiple servers or high-value individual computers while the legitimate work crew is at home, start to worry. APT hackers often install backdoor Trojan programs on compromised computers within the exploited environment. They do this to ensure they can always get back in, even if the captured log-on credentials are changed when the victim gets a clue. Another related trait: Once discovered, APT hackers don't go away like normal attackers. Why should they? They own computers in your environment, and you aren't likely to see them in a court of law.

Almost all London law firms are using or plan to use artificial intelligence

According to a survey of more than 100 law firms by real estate advisory CBRE, 48% are already using AI software in their businesses and 41% have imminent plans to do the same. The survey found 61% of the companies already using AI are doing so to generate and review legal documents. It also revealed 47% are using AI for due diligence purposes and 42% for research. About a third (32%) are using AI to carry out compliance and administrative legal support. Almost half (45%) said they expect a reduction in the staff numbers as a result, but only 7% think senior jobs will be cut. “Our study found considerable uncertainty around the impacts of AI on employment, reflected by over 30% who were unsure of the potential impact at each level,” said Frances Warner Lacey, senior director of the central London tenant advisory group at CBRE. “This will make formulating a dynamic real estate strategy, to cope with these structural changes to the sector, particularly problematic for law firms.”

Cisco reinforces storage with new switches, mgmt. software

data storage man watch
The idea is to eliminate the cycles spent in provisioning new devices and avert errors that typically occur when manually configuring complex zones. Even when a host or storage hardware is upgraded or a faulty facility is replaced, the switch automatically detects the change and zones them into the SAN, Cisco said. The switches also support a number of features that are typically only found in higher-end boxes, according to Cisco’s Adarsh Viswanathan senior manager, storage product management and marketing. These include redundancy of components, HVAC/HVDC power options and smaller failure domains to ensure higher reliability. The switches also support Fibre Channel-NVMe to help customers moving towards all-flash storage environments. NVMe was developed for SSDs by a consortium of vendors including Intel, Samsung, Sandisk, Dell, and Seagate and is designed as a standard controller technology for PCI-Express interfaces between CPUs and flash storage. The switches fill out Cisco’s existing MDS storage-fabric switch line which includes the 9132T 32 Port 32G Fibre Channel Switch and MDS 9396S 16G Multilayer Fabric Switch.

Artificial intelligence will be worth $1.2 trillion to the enterprise in 2018

Companies including Google, Apple, Microsoft, IBM, and Nvidia are already heavily involved in the research and development of AI-based products and services. According to CB Insights, startups worldwide are springing up to specialize in artificial intelligence with an emphasis in industries including customer relationship management, automotive, sales, marketing, and commerce. At first, Gartner believes strong growth will appear in the customer experience sector while enterprise players experiment with AI and offshoot technology, such as deep learning, neural networking, and machine learning software. Virtual agents, for example, can take over simple customer requests and tasks from call centers, reducing the cost for companies in offering customer helplines. By taking over the simple issues, human operators are then free to dedicate their time to complicated issues, which, in turn, may improve customer service.

SD-WAN benefits the changing network connectivity landscape

The future for services like MPLS, then, depends on the requirements for security and end-to-end traffic performance guarantees. With so many providers pushing SD-WAN as internet-based VPN services, MPLS will see a decline in usage, as IT teams view the platform as restrictive and expensive. The private nature of MPLS connections means an organization can access only certain cloud services, depending on whether it has connections to private cloud services in its data center or office locations. But MPLS is the technology of choice when enterprises require end-to-end traffic performance and privacy. While internet-based SD-WAN benefits include granular traffic control for both prioritization and connection states, quality of service (QoS) exists primarily at the customer edge. With MPLS, end-to-end traffic prioritization is an inherent property of the technology that translates into predicable latency and jitter to support mission-critical and delay-sensitive applications.

Why Hackers Love Healthcare

Most healthcare organizations spend just 3% of their IT budgets on security, while the SANS Institute — the largest provider of cybersecurity training and certifications — recommends spending at least 10%. For most healthcare organizations, security is often an afterthought. They don't provide regular cybersecurity training for their employees, which could help reduce insider threats. For example, 18% of healthcare employees say they're willing to sell their login credentials for between $500 and $1,000. And about one-quarter of healthcare employees know someone in their organization who has engaged in this practice. To address employee-related cyber vulnerabilities, it's important to note that while training is essential, it won't magically protect patients’ digital data. Although some hospitals struggle to deploy the most basic IT security measures, such as intrusion detection and the ability to wipe lost or stolen devices, it is imperative that basic cyber hygiene practices are coupled with ongoing training to both protect well-intended employees and mitigate future data loss from those seeking to profit.

How Machine Learning Is Changing the World -- and Your Everyday Life
Machine learning and the IoT is enhancing the way we communicate and live our daily lives. Impressive advancements are being made in mind-reading technology, such as the AlterEgo headset that responds to our brainwaves to control appliances around the house. This tech has been in development for some time, and while the AlterEgo is still a little awkward looking, it isn't difficult to picture how its wearability will be improved over the next decade. It's exciting to imagine the implications for these advancements to change the way you operate the appliances in your home. The automation of our domestic lives is already occurring. Amazon's Echo and Alexa allow for the voice-activated control of your smart-home (the dimming of lights, closing of blinds, locking of doors, etc., all at your command). Even the humble fridge has been given the 21st-century makeover and is now connected to the internet. You can be at work and still see inside your fridge to know exactly what food you're running low on. You don't even necessarily need to go to the shop to restock. Your groceries can be ordered on the road and delivered to your door at your convenience.

Q&A on the Book Kanban Maturity Model: Evolving Fit-for-Purpose Organizations

The KMM is based on an organizational maturity model inspired and synthesized from a combination of the Capability Maturity Model Integration (CMMI) and Jerry Weinberg's maturity model published in his 1997 book, Software Quality Management, volume 1. The result of this synthesis gives us 7 levels from 0 through 6. Levels 1 to 5 are intended as direct mapping to the CMMI levels but with some minor changes in naming, to improve clarity, and a direct mapping to defined and observable business outcomes – something that was never explicit in CMMI. The unique selling point and key differentiator for the KMM is that the model maps increasing levels of business performance. We then correlated the observed practices and patterns of Kanban implementations against those observable business outcomes. For example, if a business steadily delivers good quality and predictable service and its customers are satisfied, then that is good enough for maturity level 3. If the satisfaction level is intermittent because service levels vary, and expectations aren't always met, then that is at most only maturity level 2. 

Quote for the day:

"The essence of leadership is the capacity to build and develop the self-esteem of the workers." -- Irwin Federman

Daily Tech Digest - April 25, 2018

SOCs require automation to avoid analyst fatigue for emerging threats

avoid analyst fatigue
SecOps needs an immediate shift across industries. Some SecOps teams develop playbooks for an additional layer of training, but when security events occur, it is uncommon to follow every step a playbook describes. The data becomes overwhelming and the resulting alert fatigue leads to analysts overlooking threats entirely, leading to an increase in emerging threats. The typical security analyst is facing a 40 percent increase in persistent threats and data breaches year over year. In the last year, there were over 1,500 breaches in the U.S. alone, exposing close to 179 million records. Additionally, the rising shortage of cybersecurity skills throughout the industry contributes to the threat detection fatigue experienced by current analysts. “In the ever-evolving threat landscape, we know machines can scale very well, but we cannot expect them to outpace human intelligence,” said Kumar Saurabh, CEO at LogicHub. “CISOs need to capitalize on irreplaceable expert human analyst knowledge to enrich security automation and provide the industry with the right training tools. This is the only way enterprises will stand a chance in protecting their most valued data.”

Introduction to Security and TLS

Encryption relies a lot on math, random number generators, and cryptographic algorithms. With encryption, there is the need for "keys:" sequences of bits and bytes which are used to lock (encrypt) and unlock (decrypt) the data. With symmetric encryption, the same key is used to encrypt and decrypt a message. It means that everyone having that (blue) key will be able to decrypt the message. So, security depends how securely I can distribute and keep that key. With asymmetric encryption, I have a pair of mathematically connected keys: a shared green key and a private red key. I keep the red key private and do not disclose and distribute it. The green key is public: everyone can use it. Everyone can encrypt a message with the green public key, but only the one with the red private key is able to decrypt it. The public and private key build a pair of keys. They are different but mathematically related. That way, only the private key is able to decrypt a message encrypted with the public key.

Securing smart factories: How Schneider Electric connects devices and prevents outages

Robot factory automation
What's happening over time for sure is, as you aggregate that data, as you can start to look at broader trends, you could start to bring in things like machine learning, and the thing that I think that we're seeing today that is the most pronounced, is that you still need quite a bit of human interaction when it comes to machine learning or AI. You need to identify patterns, and then you need to feed those back into machine learning so that you know what that pattern recognition looks like, and then you can start to take proactive measures, and so, just one example. You know a lot of outages or problems that happen in industrial setting, often start, you can actually look at things like partial discharge, or electrical partial discharge that happens in equipment. ... And so today, if you kind of looked at the signatures of what that looks like, a human being can look at that, you know we have thousands of electrical engineers in our company. Incredibly intelligent about what they do. You might not necessarily want to go out drinking with them but, they're a lot of fun too, to actually identify these problems. These guys can look at that, they can look at those signatures, they can instantly say, "You're going to have a problem here."

Is the U.S. headed toward a cashless economy through blockchain?

multiple-exposure image of FinTech symbols, laptop, circuit board, and a dollar bill
A government-backed digital currency could do away with banking fees that often target the poor who make many small, electronic payment transfers via services such as Western Union, while at the same time creating greater efficiencies. ... Cryptographic keys controlling funds could be in a consumer's control; the consumer could be issued a private key associated with their electronic funds and be able to use public keys for payments. Sweden's central bank, The Riksbank, is currently considering issuing a digital currency or cryptocurrency similar to bitcoin for mobile payments. Called the e-Krona, the digital currency would be used for smaller payments between consumers, businesses or with government agencies, and it would create safer and more efficient transactions, the government has argued. In 2015, Ecuador created the world's first state-sponsored digital currency, called Sistema de Dinero Electrónico, which was backed by the central bank; it allowed people to have money in accounts that could be traded on their phones. Ecuador, however, shuttered its electronic money system last year "due to lobbying by the banks," Garratt said.

How APIs can help prevent data warehouse hell

The challenges of breaking down data silos is just as much a problem of company culture. Department heads and even individual technicians may become territorial about the data in their care, reluctant to share it with others and suspicious about any plans to end a data silo as is typical during your traditional central warehousing efforts. A mandate from the top of the company can start the process of openig a data silo, but data owners may want to be able to do it at their own pace and comfort level. Adapting to those preferences is all but impossible to accomplish in traditional big data projects. These problems shouldn’t cause despair. There’s a way to open data silos that addresses both the technical and human problems mentioned above. Data owners shouldn’t be forced to immediately dump all of the information together in a warehouse. The process should happen at a deliberate pace, set in part by the owners of the data. The data doesn’t ever have to leave the silo to be shared. The right API inserted into the data silo by the data owner provides access to the information to everyone who might need it.

Becoming a ‘Digital Bank’ More Than Lipstick on a Legacy Pig

To digitally deliver an exceptional customer experience, an organization must build from within, engaging all functional areas and stakeholders, to ensure a seamless and easy journey from shopping to purchase to use. This includes looking at all back-office processes and data flows to make sure they are in alignment with what is required by the digital consumer. For instance, it is virtually impossible to develop a 5-minute consumer loan product for both customers and prospects without completely revamping the process flow behind the scenes. It is obviously even more difficult to match the 30-second delivery offered by leading banks and credit unions worldwide. Beyond just changing the process, data needs to flow between legacy silos from the initiation of the process to the fruition. The digitization is even more difficult for a home loan, where the stakeholders include the realtor, loan underwriter, regulator, builder, insurer and the end customer. To optimize the journey, all of these stakeholders must be aligned and understand the final objective … to remove all friction from the consumer journey.

Artificial Intelligence: 6 Step Solution Decomposition Process

Success with artificial intelligence doesn’t begin with technology, but rather the business, and more specifically the people and processes running the business. Before deploying technology, leaders should seek to understand (envision) how artificial intelligence could power a profitable business, and drive compelling customer and operational outcomes. Collaboration with stakeholders and key constituents is critical to understanding the decisions and needs of the business. While every organization’s needs vary, there exists a consistent, transparent process that can drive a more stable and widespread adoption of artificial intelligence. Note: throughout this blog, when I use the term “artificial intelligence,” I mean that to include other advanced analytics such as deep learning, machine learning (supervised, unsupervised, reinforcement), data mining, predictive analytics, and statistics ... The power of this process is its simplicity. By staying focused on the business or operational objectives and tasks, businesses can successfully transform how they use data and analytics to produce optimal outcomes.

The importance of firmware security

There are several lessons to be taken away from the Fusée Gelée exploit, and they apply to OEMs as well IT professionals. First off, manufacturers need to be sure that their hardware has been properly tested against all possible attacks. Fusée Gelée allows a device owner to hack their own hardware, which isn't a risk itself, but it could also allow an attacker to write code to remotely execute a similar attack. Firmware security is a critical part of device design that can easily be exploited—just look at Spectre and Meltdown. Had Intel been diligent in seeking out vulnerabilities, it might not be facing a vulnerability in nearly every single processor it ever created. For IT support staff and security professionals, Fusée Gelée paints a whole other set of complications: hardware security. In the case of the Nintendo Switch, hardware modification was necessary to force the device to boot into recovery mode. Doing so isn't complicated though: It just requires the bending of an exposed pin.

Introduction to GraphQL

GraphQL was created directly for different APIs. Its main purpose is to use flexible syntax and systems that simply describe the data requirements and interactions. Throughout its history, GraphQL became an example of properly functioning and reliable software, which could be used in a pretty simple way — even by junior-level programmers. Thanks to its features and opportunities, which have been implemented by the creators, GraphQL was able to replace other earlier customized tools, which have been designed for the same purpose. When we discuss the functions and aspects of GraphQL, it is essential to present those key opportunities. ... As you may have already noticed, one of the main benefits of GraphQL is that you, as a potential user, can do some development things much more quickly. For example, instead of writing huge texts of code, it may be enough just to use one or two primary functions to achieve what you need.

Data protection is critical for all businesses

“Personal data is considered to be one of the most sensitive categories of data an organisation has access to, and perhaps it is the most valuable,” he says. “As the value of personal data increases, so should the controls needed to protect it. Personal data should be processed only with clear consent given by the data owner, with a transparent agreement and an organisation-wide focus on preventing data theft or misuse.” To identify misuse, he believes firms should constantly analyse their businesses procedures and operations to ensure they are compliant with the latest data protection safeguards. At Netskope, Thacker treats data protection as a constant operation. Firms should not assume that once they have installed or developed a system to protect customer data, they have nothing else to do. “I recommend enterprises continually discover new and amended business processes, working alongside the business to apply the necessary safeguards needed for protection,” he says. “The aim is to understand how employees – and third parties – are using personal data and to ensure it meets the sole purposes for which it was originally collected.

Quote for the day:

"I think the next best thing to solving a problem is finding some humor in it." -- Frank A. Clark

Daily Tech Digest - April 24, 2018

The Importance Of EA for Business Transformation: Lessons Learned

In short, managing uncertainty is a necessity. Despite all the turbulence created by digital disruption, we believe that EA is mandatory for becoming a pioneer of innovation and a critical enabler of business vision. The main driver of this is that business reality is changing, and therefore IT needs to change. And EA practices need to reflect this change as well. Organizations that support Business Architecture as an integral part of EA have a significantly higher ability to execute on their corporate strategy because they have a clear understanding of the strategy and its impact on business and IT – and therefore have guidance to drive delivery. Enterprise Architects that deliver the highest business value and outcomes to their organization are those that focus on understanding the impact of major trends and opportunities on their business ecosystem, not just their own business. SKF IT uses Business and Enterprise Architecture to gain business insight and increase the relevance of IT.

Study Reveals Hottest Trends in Industrial IoT

Study Reveals Hottest Trends in Industrial IoT TechNative
Any time automation is mentioned, concerns about jobs are raised. While disruptive technology will affect job markets, it’s also leading to increased demand for talent, as AI and machine learning provide valuable information that must be carefully interpreted. When asked, CEOs around the globe discuss how critical talent is for remaining competitive, and demand will fuel higher salaries as companies compete for the best talent available. In the US, for example, over 80 percent of manufacturers claim to have difficulty finding qualified talent. Furthermore, 3.5 million jobs across the globe are likely to be created, leading to an increasing skills gap. New technology provides valuable opportunities for manufacturing and other fields, but it’s also placing pressure on C-level executives, as the cost of this new technology will demand responses for companies to remain viable. Executives will need to ensure they properly understand these new technologies and how they affect their segments, and they’ll need to uncover problems promptly to avoid being undercut by competitors.

Threat Actors Turn to Blockchain Infrastructure to Host & Hide Malicious Activity

Because blockchain top-level domains such as .bit are not centrally managed and have DNS lookup tables shared across a peer-to-peer network, takedown efforts become much more difficult. "When an individual registers a .bit — or another blockchain-based domain — they are able to do so in just a few steps online, and the process costs mere pennies." Domain registration is not associated with an individual's name or address but with a unique encrypted hash of each user. "This essentially creates the same anonymous system as Bitcoin for Internet infrastructure, in which users are only known through their cryptographic identity." Criminal interest in cryptocurrency-related topics are not new. As FireEye notes, threat actors have been exploring the possibility of leveraging the unique properties of blockchain technology to support malicious operations since at least 2009. One example is malicious actors' interest in Namecoin, a Bitcoin code-based cryptocurrency that allows pretty much anyone to register and manage domain names with the .bit extension. 

Next generation of SCADA industrial controls will protect against cyber attack

Industrial control systems – known as supervisory control and data acquisition (SCADA) systems – which are used to control valves, motors and other industrial processes, are frequently based on technology that pre-dates the internet, and can be vulnerable to attack in modern control systems which transmit and receive data over the internet. But large oil and manufacturing companies are working on plans to replace existing control system infrastructure with lower-cost alternatives that promise greater security against cyber attacks on control devices connected to the industrial internet of things which links millions of internet-connected industrial devices. The project, co-ordinated by the Open Process Automation Forum, part of independent standards organisation The Open Group, aims to help oil and gas and process companies break free from manufacturer-specific industrial control systems, which are expensive to maintain and upgrade and difficult to patch to protect against the latest security vulnerabilities.

Spring Has Splunk'd: Announcing New & Expanded Artificial Intelligence Capabilities

Reports claim AI is shaping the latest in consumer tech and also threatening future job growth. All of this is in the absence of a widely accepted definition of the term. Those of us dedicated to enterprise software are presented with a critical opportunity to move beyond the buzz. I’m excited to lead Platform marketing at Splunk, a company that has, for a decade, invested heavily in machine learning (ML)—predictive analytics, data clustering, and anomaly detection—which is a subset of artificial intelligence. Our customers—Hyatt, Recursion Pharmaceuticals, and TransUnion to name a few—rely on Splunk AI and ML to deliver actionable performance, productivity, and security benefits that map their real-world IT, security and business needs. Artificial intelligence through machine learning is integrated across our portfolio. AI through ML is embedded in our premium solutions (Splunk ITSI and Splunk UBA) for specific IT and security use cases. We also offer a customizable solution, Splunk Machine Learning Toolkit (MLTK)—applicable for a broad variety of use cases—within Splunk Cloud and Splunk Enterprise.

Nurses want to use IT, but are held back by barriers

“Poor connectivity when mobile working hinders information technology from being used to best effect,” the report said. “Systems fail to update and/or synchronise, programmes used for recording information fail to load and systems crash. This leads to nurses having to use paper-based methods of recording information and duplicating this onto IT systems back at base.” Another challenge is the cost of good IT systems. NHS organisations often work on yearly budgets, whereas the return on investment (ROI) of implementing digital systems is usually more long-term. “The ‘up-front’ cost of IT in a tight financial climate serves to increase the risks of waste if technology is not fully used,” the report said. “Systems are prone to crashing and are slow, leading to frustration and compelling community nurses to work from paper.” Some of the nurses surveyed also highlighted concerns that the use of IT took away from time spent with the patient, and that they often felt like the use of technology has “detracted from the role of being a nurse”.

Tech support scams are on the rise, up 24%, warns Microsoft

Tech support scams are up 24%, warns Microsoft
Not all of those scams were cold calls from fake tech support; some started at random websites that had a popup warning about detecting fake threats or fake error message popups. Other social engineering attacks started in email campaigns where the user would click on a URL or open a malicious attachment; once malware is on a computer, it can make system changes or flash fake error messages with a number to call to fix the problem. Scammers continue to resort to these tactics because they work so well to scare the pants off non-tech-savvy users. Of the 153,000 tech support scams reported to Microsoft, 15 percent of victims admitted to losing money in the scam. While most paid between $200 and $400 for the fake problems to be “fixed,” one scammer managed to drain the bank account of a user in the Netherlands. That poor person lost €89,000, which is about $108,838.54. For anyone wondering how a scammer managed to empty the victim’s bank account, Oregon’s FBI explained that some victims of tech support scammers first received a notification about a refund after overpaying for a previous tech support incident.

5 key enterprise IoT security recommendations

5 key enterprise IoT security recommendations
Not so long ago, the phrase “consumerization of IT” was on everyone’s lips. Whole publications and conferences (remember CITE, for Consumerization of IT in the Enterprise?) were created to chronicle the trend of corporations relying on products and services originally created for consumers — which was often easier to use and of higher quality than its business-oriented competitors. ... It turns out that in addition to the “enterprise grade” Internet of Things (IoT) devices they buy, corporate IT teams also have to deal with “consumer-grade” devices that may enter the company via a variety of channels, from non-IT company purchases to staff members bringing them in on their own. Examples include smart TVs, thermostats, smart speakers, fitness trackers, video cameras … basically anything connected to the company network that isn’t a computer, a phone, or a router. Not surprisingly, these devices often lack the comprehensive security features more commonly found on IoT products designed for enterprise use. Worse, perhaps, IT teams may not even be aware that these devices are being connected to their networks, much less be able to plan for their security.

'Death to JavaScript!' Blazor, for .NET Web Apps Using WebAssembly, Goes Alpha

Instead of a heavy dependence on JavaScript, notorious for its complex ecosystem, the new .NET Web framework lets developers use C#, Razor and HTML to create Web apps, with the help of WebAssembly, a low-level assembly-like language that serves as a compilation target for higher-order languages, including C, C# and C++. Razor is "an ASP.NET programming syntax used to create dynamic Web pages with ... C# or Visual Basic .NET." All those technologies combine to form Blazor, which we first reported on when a developer asked Microsoft's Scott Hanselman if the company was working on .NET targeting WebAssembly "so that we can get delivered from the insanity of JavaScript." The answer was "yes," and that answer has been realized in the first public preview. "Blazor enables full stack Web development with the stability, consistency, and productivity of .NET," Microsoft's Daniel Roth announced in a post yesterday. "While this release is alpha quality and should not be used in production, the code for this release was written from the ground up with an eye towards building a production quality Web UI framework."

Optimizing web apps with the Sonarwhal linter

The heart of Sonarwhal is its rule set. These contain the tests it applies to your website, and you can turn them on and off or adjust severity in its configuration files. The default configuration offers a selection of rules, so you can choose to test HTTP options, as well as HTML, site security, and support for PWA functions. Many of the tests require a deep knowledge of web server capabilities as well as HTML and JavaScript. However, once you’ve tested a site, the report data can help tune content and server for the best, and most secure, performance. Results arrive in any of several formats. One option gives you the data in a raw JSON format, ideal for use in other applications. While JSON isn’t human-readable, other options show summaries, a list of specific code issues, or a table of error data. You can even drop result data in an Excel spreadsheet. The formatter model is extensible, so you can create your own and offer them to other users.

Quote for the day:

"Speak when you are angry, and you'll make the best speech you'll ever regret." -- Laurence Peter