Daily Tech Digest - May 09, 2018

Europe may come to regret its new set of data rules


Worse, the rules could impede innovation. Many blockchain companies could be shut out entirely. Cloud computing may become substantially more complicated. Systems that rely on artificial intelligence could in many cases be incompatible with the GDPR’s mandates. It’s an ominous sign that Facebook has already started pulling some data projects from Europe. Yet all this is more or less by design; there will also be unintended consequences. Although the GDPR aims to improve data security, for instance, its privacy rules may compromise a crucial tool used by security researchers, thereby increasing spam, phishing attacks and malware. Its compliance costs could inhibit cybersecurity investment. Its emphasis on obtaining consent for data collection is, in practice, likely to mean endless “click to proceed” boxes that leave customers little more informed — and significantly more irritated — than before. For all these drawbacks, the EU deserves credit for illuminating — and attempting to resolve — a very real problem. European law enshrines a right to privacy. 


In Cybersecurity, Accountability Could be the Ultimate Innovation

Sacrificing short-term gains to reinforce the company’s mission has understandably been a big positive for their brand—and it’s been great for their business. In December of 2017, CVS announced it would buy Aetna, a move that could very well reshape the health insurance landscape in this country. Cybersecurity is an industry that can desperately use a dose of accountability-as-innovation. Accountability in cybersecurity is virtually non-existent. Despite billions of dollars spent worldwide on cybersecurity solutions, our position in cyberspace is now more precarious than ever. Recently, the World Economic Forum’s (WEF) Global Risks Landscape 2018 ranked cyber attacks alongside extreme weather events and the prospect of nuclear war as the most likely and dangerous risks threatening the stability of society. That means, on the internet, “attackers could trigger a breakdown in the systems that keep societies functioning.” Which we just saw happen last month when cyber actors held critical services provided by the city of Atlanta for ransom and even took Baltimore’s emergency 911 response system offline.


Forget Windows; Microsoft is now all about the cloud

open windows clouds
Windows resides in the More Personal Computing segment, the revenue leader, but don’t let that deceive you. A closer look tells the real story. ... There’s no breakdown of Windows versus cloud, but Microsoft did say the Azure public cloud’s revenue boomed 93% year over year. The previous quarter it grew 98% year over year. And Microsoft also said that what it calls its “commercial cloud,” made up of Azure, Office 365, Dynamics 365 and other cloud services, brought in $6 billion in revenue in the third quarter, which was up 58% year over year. The More Personal Computing segment was up far less — only 13% year over year. Also notable in the third quarter: Windows and Devices chief Terry Myerson left the company. You can be sure he didn’t depart because Microsoft was going to devote more attention to Windows. Keep in mind, also, that a lot of Microsoft products are now essentially cloud-based, so there’s even more cloud revenue at the company than first meets the eye. Microsoft Office, for example, is increasingly a cloud service, with the company pushing Office 365 heavily over the client version of the Office suite.


What is an API? Application programming interfaces explained

What is an API? Application programming interfaces explained
Diving a little deeper, an API is a specification of possible interactions with a software component. For example, if a car was a software component, its API would include information about the ability to accelerate, brake, and turn on the radio. It would also include information about how to accelerate: Put your foot on the gas pedal and push. The “what” and “how” information come together in the API definition, which is abstract and separate from the car itself. One thing to keep in mind is that the name of some APIs is often used to refer to both the specification of the interactions and to the actual software component you interact with. The phrase “Twitter API,” for example, not only refers to the set of rules for programmatically interacting with Twitter, but is generally understood to mean the thing you interact with, as in “We’re doing analysis on the tweets we got from the Twitter API.” Let’s dig in by looking at the Java API and the Twitter API as examples. First, we’ll get a quick picture of these two APIs and how they fulfill the definition of “what” and “how.” Then, we’ll talk about when you’ll likely use APIs and what goes into a well-designed API.



Antipattern of the Month: Unresolved Proxy

Image title
Any proxy must be respected as having executive authority regarding value, so as not to be undermined. This includes authority over the articulation and ordering of work on a Product Backlog and how it is represented to the Development Team. The proxy must be a genuine and competent representative of the "real" PO, and recognized as being fully able to take decisive action and to provide information in a timely way. Unfortunately, though, a proxying model can be resorted to as a salve when genuine product ownership is weak. Stakeholders might expect a certain product capability to be available, but none may necessarily wish to own it. This can be the case with middleware for example. Several proxies might then be used, each of whom will represent certain capabilities on behalf of a notional though absent Product Owner. Great discipline is needed when a single clear proxy is unrecognized, since all must then agree to establish compensatory protocols through which they collaborate beyond their narrow interests.


Why CEOs Should Embrace Minimally Viable Moves

minimally viable moves
Minimally viable moves allow companies to pursue big bets with incremental amounts of risk instead of big sweeping chunks. It’s akin to an MVP (minimally viable product), which is designed to represent just enough of a new market-facing offer that you can get real feedback about it and course-correct as necessary. An MVM involves making just enough of an organizational change to determine whether or not the move will be valuable to your business. This is beneficial and empowering for business leaders at all levels. Instead of feeling that responding to disruption is equivalent to betting the farm, MVMs provide enough cover so that if mistakes happen, decision-makers don’t feel forced back to the drawing board. Going slow and steady allows for on-the-fly adjustments and never having to double back because of hastiness. Which minimally viable move you make depends on your organization and your objectives. For example, you can alter protocol for a common type of decision, skip a management feedback step in preparing for a customer visit, or shift hiring practices for a certain role.


Windows critical flaw: This security bug is under attack right now

In an advisory crediting Qihoo 360 Core Security researchers and Kaspersky Lab malware analysts for discovering a critical bug tagged as CVE-2018-8174, Microsoft details a remote code execution flaw residing not in Internet Explorer but the Windows VBScript engine. However, it also explains the bug can be exploited through Internet Explorer. Microsoft hasn't confirmed this is the bug reported by Qihoo 360 Core Security but notes the flaw is being exploited in the wild. "In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website," Microsoft notes. "An attacker could also embed an ActiveX control marked 'safe for initialization' in an application or Microsoft Office document that hosts the IE rendering engine." Observed attacks have started with a malicious Word document, which when opened downloads an exploit written in VBScript that's hosted on a webpage, according to malware analysts at Kaspersky Lab.


Google’s developer show highlights the promise and perils of its data hoard


Google has stressed that its data systems are more secure and it keeps information anonymous. “We’ve long had a very robust and strong privacy program at Google,” Pichai told investors last month. Yet Google already gives many Android app creators access to a sea of personal information, including location history and some shopping behavior. And it has been routinely criticized for the vast targeting in its advertising business and the spread of misinformation on search results and YouTube. Last week, Google said its latest security product, which restricts outside access to personal accounts like Gmail, was available for the iPhone. In March, it unveiled a new plan to stamp out fake news. Expect similar announcements at I/O. But the company will have to offer developers new features, too, some of which will likely give them fresh ways to track where people go and how they interact with their devices. There are about 25 conference sessions this week on the Google Assistant, a voice-enabled, AI-powered service that the company is trying spread further and faster than Amazon’s Alexa.


The Impact of MiFID II on Data Management: Q&A with MarkLogic's Ken Krupa

The volume of data that needs to be recorded makes the regulation a huge technology challenge. Many companies are finding that they have to update their technologies, infrastructures, and data management processes. To be compliant, firms need transparency and the ability to maintain a consistent view of the trade landscape at any point in time. All of these requirements will have a broad impact on data management and IT infrastructure, in large part because the old ways of dealing with data are no longer sufficient. The evolution of the IT infrastructure in the financial services industry has led to proliferation of systems and fragmentation of data. Also, the rapid rise of social media, instant messaging, forum usage, unstructured data as a source of new content, and trader behavior analytics has increased the amount of information that grows outside transactional systems. All of this new information now falls under the remit of compliance and business planning.


How to create a data strategy for enterprise IoT

When it comes to enterprise adoption of IoT, most deployments are still in a pilot or proof-of-concept phase, according to Forrester Research senior analyst Paul Miller. These projects are often driven by operational teams, and are not necessarily linked to enterprise-wide technology strategies for cloud or data. "A lot of these deployments are early, small, and often under the radar of central IT," Miller said. "As they become more mission critical, there will be a very real need to ensure that they do comply with things like data policies, privacy policies, and security policies. But it's still early days, and there's relatively little formal policy around IoT deployment at the moment." Most companies are examining how to manage their existing data, in terms of how to secure and extract value from it, said Mark Hung, a research vice president at Gartner. "Both the speed and scale of data that IoT brings is a new challenge," Hung said. With so many endpoints, companies need to prepare to manage a large influx of information that must be analyzed in close to real time to gain the greatest insights, he added.



Quote for the day:


"The tragedy of life doesn't lie in not reaching your goal. The tragedy lies in having no goal to reach." -- Benjamin Mays