Daily Tech Digest - April 16, 2018

Busted! Cops use fingerprint pulled from a WhatsApp photo to ID drug dealer

Cops use fingerprint pulled from a WhatsApp photo to ID drug dealer
A bust resulted in the police getting hold of a phone that had a WhatsApp message and image of ecstasy pills in a person’s palm. The message read: “For sale – Skype and Ikea-branded ecstasy pills…are you interested?” The phone was sent to South Wales Police where the photo showing the middle and bottom portion of a pinky was enhanced. As for fingerprint identification, the BBC reported that “a search of the national database did not bring a match” as “when offenders give fingerprints, it is just the top part taken — with the middle and bottom part only occasionally left.” Here’s where it gets a bit confusing, as a different BBC article stated that “other evidence meant officers had an idea who they believed was behind the drugs operation.” Although that makes it sound like tips from locals about “a large number of visitors to one address” was the real way cops found the guy whose partial pinky was in the photo, Dave Thomas of the South Wales Police’s scientific support unit told the BBC, “While the scale and quality of the photograph proved a challenge, the small bits were enough to prove he was the dealer.”



Overclock puts your idle servers to work for other people

Overclock puts your idle servers to work for other people
Once you set up the Akash agent, you are done. Workloads are sent to your servers, they're executed, the results are sent back, and shut down. No intervention is needed on your part. That said, Overclock does provide the necessary tools to configure, deploy, monitor, and manage the workloads. A developer who needs the resources specifies their deployment criteria, such as resources needed, topology, and the price they are willing to pay, in a posting to the Akash blockchain. Providers with server cycles to offer automatically detect the new bid request and programmatically bid to host it. The lowest bid wins the auction, a lease is created, and the parties exchange keys. All of this is done with no human intervention. The Akash agent then begins picking up workloads in Docker containers, orchestrated by Kubernetes and distributed over Akash’s peer-to-peer file sharing protocol. Your applications can be run as is because they run in Docker containers. Payment via the Akash token is also done via the blockchain, allowing for a full audit of transactions by lessors and lessees.



Is Hybrid Cloud Right For Your Organization?

Hybrid cloud is less about using private and public cloud in concert for the same applications — and more about using the right mix of these separate and distinct computing resources to accomplish your organization’s overall IT objectives. As the name suggests, private cloud is a secure, private computing environment in which only a single organization operates. The pubic cloud, meanwhile, includes Amazon Web Services (AWS), Microsoft Azure and the Google Cloud Platform. And common SaaS subscription providers include Salesforce, Office365, Google Apps, Workday and Cisco WebEx. According to IDG, all eyes have been on the public cloud over the last few years, but private and hybrid clouds are set for big growth in 2018. Each of the major IaaS public cloud vendors spent 2017 clarifying their hybrid cloud strategy, setting 2018 to be the year of adoption. The biggest effort has come from Microsoft who finally released Azure Stack, a private cloud IaaS platform that is meant to mirror the Azure public cloud. Deployments of Azure Stack have been hitting the market this year.


Get an AI Head Start: Buy It

(Image: maxuser/Shutterstock)
If you are buying your AI from SAP or Oracle, and your competitor is buying the same thing from SAP or Oracle, how do you get a competitive edge? Isn't that a pretty level playing field? What's the point? Your data itself will be the real competitive edge going forward. AI solutions will become commoditized. But your data remains proprietary and valuable. Flannagan told me that in almost every meeting he has with customers, executives are recognizing that their data has value, either for internal purposes or for selling to a data partner. That's what the third-party experts are saying, too. "Enterprises that are leveraging the AI investments built into enterprise platform software need to look beyond algorithms for competitive differentiation," Purcell told me. "At the end of the day, the machine learning algorithms at the brain of AI are commoditized and widely available in open source as well as vendor technologies. Data will be the key source of competitive differentiation in the world of AI -- emerging data sources, innovative data transformations, and business-infused data understanding will lead to better models and ultimately better results from AI."


Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust

Survey results show once it's in the cloud, this information is at risk. One in four organizations using infrastructure-as-a-service (IaaS) or software-as-a-service (SaaS) has had their data stolen. One in five has been hit with an advanced attack against their public cloud infrastructure. McAfee researchers discovered an overall decline in the "cloud-first" mentality, with only 65% of respondents reporting a cloud-first strategy compared with 82% one year ago. This drop can be attributed to two factors, says Vittorio Viarengo, vice president of marketing for McAfee's Cloud Business Unit. The first is a growing awareness of the responsibility that comes with storing data in the public cloud. "Customers are realizing they're still on the hook to provide security for some of the things that happen in the cloud," he explains. They're learning, for example, service providers don't ensure their logins are properly set up, or the security risks of remote employees using cloud services. They're learning what they're responsible for when they use IaaS platforms versus SaaS.


It's time to rebuild the web

Stone wall
We'd also need to avoid many of the privacy and security flaws that were rampant in the early internet, and for which we're still paying. That technical debt came due a long time ago. Paying off that debt may require some complex technology, and some significant UI engineering. All too often, solutions to security problems make things more difficult for both users and attackers. Crowdflare's new 1.1.1.1 service addresses some basic problems with our DNS infrastructure and privacy, and their CEO proposes some more basic changes, like DNS over HTTPS. But even simple changes like this require non-technical users to change configuration settings that they don't understand. This is where we really need the help of UX designers. We can't afford to make "safe" difficult. And we'd have to admit that our current web, with all its flaws, evolved from these simple building blocks. To some extent, then, it's what we wanted—or, perhaps, what we deserved. It's certainly what we accepted, and begs the question: "why wouldn't we accept the same thing again?"


CrowdStrike tools help businesses recover quickly after cyberattack

By leveraging contextual data and technologies like machine learning, security advances like those from CrowdStrike could help cyber professionals more effectively protect their organizations and respond to attacks. The cornerstone of this approach is CrowdStrike's Falcon X. Built on the existing Falcon platform from Crowdstrike, Falcon X is an endpoint solution that combines "malware sandboxing, malware search and threat intelligence into an integrated solution that can perform comprehensive threat analysis in seconds instead of hours or days," according to a press release. According to the Falcon X release, the tool offers indicators of compromise (IOCs) for the threat it comes across in your organization, along with all of its known variants. Additionally, integrated threat intelligence makes it easier for human cybersecurity pros to research and defend against threats. Falcon X is known for five core capabilities: Automated threat analysis of quarantined files, malware search on the CrowdStrike Falcon Search Engine, malware analysis, threat intelligence, and custom-tailored intelligence for your organization, the release said.


The Quirky Secrets of the World’s Greatest Innovators

Innovators are also typically blessed (or cursed) with a deep sense of what psychologists call self-efficacy, which is a nice word for what, in other contexts, might be called hubris: the conviction that one can accomplish whatever one sets one’s mind to. This is crucial because the very nature of breakthrough innovations means that most people will be skeptical of their value. Indeed, most of the people Schilling writes about were, in one sense or another, outsiders in the fields they helped revolutionize. They were also idealists, convinced that they could change the world. As Schilling puts it, “They are willing to pursue an idea even when everybody else says it’s crazy precisely because they don’t need the affirmation of others — they believe they are right even if you don’t agree.” It was that sense of self-efficacy that allowed Elon Musk to believe he could become the first civilian to put rockets into space, and that allowed Dean Kamen to build a wheelchair that could climb stairs, even though everyone told him it was impossible.


Managing Data in Microservices


High-performing organizations with these kinds of requirements have some things to do. The DevOps Handbook features research from Gene Kim, Nicole Forsgren, and others into the difference between high-performing organizations and lower-performing ones. Higher-performing organizations both move faster and are more stable. You don't have to make a choice between speed and stability — you can have both. The higher-performing organizations are doing multiple deploys a day, versus maybe one per month, and have a latency of less than an hour between committing code to the source control and to deployment, while in other organizations that might take a week. That's the speed side. On the stability side, high-performing organizations recover from failure in an hour, versus maybe a day in a lower-performing organization. And the rate of failures is lower. The frequency of a high-performing organization deploying, having it not go well, and having to roll back the deployment approaches zero, but slower organizations might have to do this half the time. This is a big difference.


Can the Law Stop Ransomware?

Cybersecurity experts and legal scholars contend that the best approach is preparation: following best practices such as regularly backing up data, educating employees about threats and risks and maintaining robust firewalls. That approach, however, has continued to lag, with cash-strapped cities and states often still unable to afford or simply unwilling to make the costly systems upgrades frequently needed to seal off vulnerabilities. Atlanta Mayor Keisha Lance Bottoms, for example, acknowledged to The New York Times that cybersecurity had not been a priority until the city was attacked. "Cybersecurity, it's something that is abstract, it's invisible, so in politics it's difficult to say, 'OK, we're going to spend $10 million on cybersecurity,'" says Cesar Cerrudo, chief technology officer of IOActive Labs. ... That's created the surreal scenario of city councils, state governments and even police departments agreeing to pay ransoms simply to get their stuff back. Indeed attackers deliberately set the ransoms low enough that the risk of losing the files altogether – or the expense of hiring a security firm to try to recover them – simply isn't worth it.



Quote for the day:


"Behind every beautiful thing, there's been some kind of pain." -- Bob Dylan