Daily Tech Digest - May 14, 2018

Next-Gen ERP: Finance Leaders Transform into Superheroes


Finance leaders across many small and midsize businesses (SMBs) are truly modern-day business superheroes, flexing their influence across entire companies more than ever. They own responsibilities spanning regulatory compliance; treasury and asset management; investor relationships; and strategic advice to the CEO, president, or owner – all while concurrently managing their traditional finance, budgeting, and accounting functions. Today’s finance leaders are evolving into prominence as they deal with significantly more business risks as markets change at an unrelenting pace and huge chunks of critical data become more readily available. Finance leaders don’t need “super vision” to see they must focus on making fact-driven decisions that potentially impact every area of the company – from recruiting to manufacturing and logistics. According to the SAP-sponsored Oxford Economics report, “How Finance Leadership Pays Off: Small and Midsize Business,” 82% of surveyed finance leaders are accepting this challenge. Yet, many still struggle with outdated technology and manual processes.



Crypto Fight: US Lawmakers Seek Freedom From Backdoors

Crypto Fight: US Lawmakers Seek Freedom From Backdoors
"It is troubling that law enforcement agencies appear to be more interested in compelling U.S. companies to weaken their product security than using already available technological solutions to gain access to encrypted devices and services," Lofgren says. Other House lawmakers co-sponsoring the bill are Thomas Massie, R-Ky.; Jerrold Nadler, D-N.Y; Ted Poe, R-Texas; Ted Lieu, D-Calif.; and Matt Gaetz, R-Fla. Their effort has earned plaudits from digital rights groups, including the Electronic Frontier Foundation, which on Thursday said that the bill "gets encryption right." The EFF's David Ruiz says in a blog post: "This welcome piece of legislation reflects much of what the community of encryption researchers, scientists, developers and advocates have explained for decade - there is no such thing as a secure backdoor." The move by technology vendors to strengthen data protections in their products has been fueled by ever-increasing cybercrime, hacking efforts sponsored by nation-states, and the scale of the mass surveillance programs being conducted by the U.S. and U.K. governments, as revealed in 2013 by former National Security Agency contractor Edward Snowden.


Google Duplex beat the Turing test: Are we doomed?

Modern AI scientists have called what became known as the Turing test somewhat simplistic, because computer intelligence can be seen in a wide variety of actions beyond the imitation of human conversation. Even so, Turing's test has gone essentially unsolved since 1952. The test is simple. In Volume LIX, Number 236 (October 1950) of Oxford University's MIND, a Quarterly Review of Psychology and Philosophy, Turing published a paper, Computing Machinery and Intelligence. While there were many important concepts in this document, one concept he put forth was what he called an "imitation game." There's a 2014 movie by that name, starring Sherlock's Benedict Cumberbatch. It's about Turing, and it's worth watching. The idea of the imitation game was that both a human and a computer would be communicated with by a second human, the "interrogator." The interrogator would send, essentially, text messages to the human and to the computer and get replies. If the interrogator could not tell which of the two respondents was the human and which was the computer, the computer was said to have passed the Turing test, where a computer could so fully imitate a human that a human couldn't tell the difference.


Data Science for Startups: Introduction


This series is intended for data scientists and analysts that want to move beyond the model training stage, and build data pipelines and data products that can be impactful for an organization. However, it could also be useful for other disciplines that want a better understanding of how to work with data scientists to run experiments and build data products. It is intended for readers with programming experience, and will include code examples primarily in R and Java. One of the first questions to ask when hiring a data scientist for your startup is how will data science improve our product? At Windfall Data, our product is data, and therefore the goal of data science aligns well with the goal of the company, to build the most accurate model for estimating net worth. At other organizations, such as a mobile gaming company, the answer may not be so direct, and data science may be more useful for understanding how to run the business rather than improve products. However, in these early stages it’s usually beneficial to start collecting data about customer behavior, so that you can improve products in the future.


Scaffolding Entity Framework Core with CatFactory

Code generation it's a common technique developers use to reduce time in code writing, I know the most programmers build a code generator in their professional lifes. EF 6.x had a wizard for code generation, that tool generates DbContext and POCOs but there isn't code for Fluent API, Repositories and other things like those; with .NET Core there is a command line tool for code generation but we have the same scenario, there is generation only for DbContext and Entities; with CatFactory we're looking for a simple way to generate code with enterprise patterns, please don't forget this is an alpha version of CatFactory, don't pretend to have in this date a full version of code generation engine. Why don't use code CodeDOM? CodeDOM it's a complex code generation engine, I don't saying CodeDOM sucks or something like that, but at this moment we're focus on generate code in the more simple way, maybe in the incoming versions we'll add integration with CodeDOM.


This malware is harvesting saved credentials in Chrome, Firefox browsers

screen-shot-2018-05-14-at-07-40-45.jpg
The new malware has a subset of the same functionality but has also been upgraded with an arsenal of expanded features, including a new network communication protocol and Firefox stealing functionality. Vega Stealer is also written in .NET and focuses on the theft of saved credentials and payment information in Google Chrome. These credentials include passwords, saved credit cards, profiles, and cookies. When the Firefox browser is in use, the malware harvests specific files -- "key3.db" "key4.db", "logins.json", and "cookies.sqlite" -- which store various passwords and keys. However, Vega Stealer does not wrap up there. The malware also takes a screenshot of the infected machine and scans for any files on the system ending in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf for exfiltration. According to the security researchers, the malware is currently being utilized to target businesses in marketing, advertising, public relations, retail, and manufacturing. The phishing campaign designed to propagate the malware, however, is not sophisticated.


Growing CDN services market changes to meet cloud needs

The basic purpose of a CDN is still the same. But cloud use, growing reliance on mobile devices and application developers' needs to optimize their platforms are driving demands for CDN services that boost network performance and scalability, according to Ted Chamberlin, research vice president of cloud service providers at Gartner. Enterprises need their websites to be as dynamic as possible, and now they're looking at other pain points and turning to their CDN providers for help, he said. "They're saying, 'What else?'" That "what else" includes services like web application firewalls, distributed denial-of-service (DDoS) protection, bot mitigation, streaming video and e-commerce optimization.  Most of this happens through cloud platforms. The use of cloud-based CDN services continues to grow because they improve capabilities of web applications and storage, Chamberlin said. "Cloud is spurring everybody to do more than static content."  The general consensus is CDN services are in for a period of big growth. MarketsandMarkets forecasts the CDN services market will grow from $7.5 billion in 2017 to $30 billion in 2022, as CDN providers focus on security, compression, video, web optimization and data duplication features.


ASP.NET Core - The Power of Simplicity


Microsoft decided to go all-in on Open Web Interface for .NET, or OWIN as it’s also known, and abstract away the webserver completely. This allows the framework, as well as its users, to completely ignore which server is responsible for accepting the incoming HTTP requests, and instead, focus on building the functionality that is needed. OWIN isn’t a new concept though. The OWIN specification has been around for quite a few years, and Microsoft has allowed developers to use it while running under IIS for almost as long, through an open source project called Project Katana. In reality, Microsoft hasn’t just allowed us developers to use it through Katana, it has been the foundation for all ASP.NET authentication functionality for several years. So, what is OWIN really? To be honest, it’s fairly simple! And the simplicity is actually the thing that makes it so great. It’s an interface that manages to abstract away the webserver using only a predefined delegate and a generic dictionary of string and object. So instead of having an event driven architecture where the webserver raises events that you can attach to, it defines a pipeline of so called middlewares.


The rise of outcome-driven software development

In theory, outcome-driven development is about investigating customer or end-user needs in order to work toward desired outcomes. As a business idea, the outcome-based methodology has been circulatingsince at least 2002, when a Harvard Business Review contributor outlined a multi-step outcome-based process for business growth, beginning with conducting outcome-focused customer interviews; registering and noting desired outcomes; organizing and rating those outcomes based on degrees of customer satisfaction; and finally harnessing desired outcomes to inform product design. But if the theoretical basis for outcome-driven development was laid nearly 20 years ago, it’s only in recent years that we’ve seen it take hold in industries like software development, where the traditional “Big Bang” software launch is quickly being supplanted by a model of continuous development and delivery. Rather than focus on perfecting a piece of software in time for a perfect launch, innovative development teams view software as a constant work-in-progress.


IoT and personal devices pose huge security risk to enterprises


While 88% of the IT leaders that responded to the survey believe their security policy is either effective or very effective, nearly a quarter of employees from the US and UK did not know if their organisation had a security policy. Of those that reported that their organisation did have a security policy for connected devices, 20% of UK respondents claimed they either rarely, or never, follow it. Only one-fifth of respondents in the US and UK reported that they followed it to the letter. While security policies and security awareness have their place, they also have their limitations, according to RBS CISO Chris Ulliott. Commenting specifically on cyber security awareness training programmes, he told attendees of CrestCon 2018 in London that security professionals need to realise the limitations of such programmes. Ulliott is among those information security professionals who believe that device manufacturers and service providers need to put more effort into making things secure by design so they are safe to use without any fear of security risk.



Quote for the day:


"Grounded leaders are present for others, operate with fortitude, and influence with the full impact of their vision and strength." - Catherine Robinson-Walker