Daily Tech Digest - May 18, 2018

businessman bridges gap
“Elicitation of requirements and using those requirements to get IT onboard and understand what the client really wants, that’s one of the biggest responsibilities for BAs. They have to work as a product owner, even though the business is the product owner,” Gregory says. “[They need to ask:] What do the systems need to do, how do they do it, who do we need to get input from, and how do we get everyone to agree on what we need to do before we go and do it? The BA’s life revolves around defining requirements and prioritizing requirements and getting feedback and approval on requirements,” says Jeffrey Hammond, vice president and principal analyst at Forrester Research. The role of a business analyst is constantly evolving and changing – especially as companies rely more on data to advise business operations. Every company has different issues that a business analyst can address, whether it’s dealing with outdated legacy systems, changing technologies, broken processes, poor client or customer satisfaction or siloed large organizations.



Why AI is the perfect software testing assistant

Software testers are highly analytical, creative problem solvers. To identify hidden defects and areas where users might get frustrated, they must ask what others haven't asked and see what others don't see. But the analytical process takes time, and it isn't always as efficient as today's businesses and the users of their software demand. Artificial intelligence (AI), and its ability to search data sets for golden nuggets, could really come in handy here. An AI tool could quickly locate tests that have already been written to cover a particular scenario or new line of code. The system could even tell testers which test cases are most appropriate for the requirement. Over time, an AI tool could even pinpoint what might be causing the bugs that those tests find, based on past data. When combined with testers' wealth of knowledge about the product and its users, AI has the potential to significantly increase testing efficiency. ... We are beginning to see a few AI-enhanced testing tools hit the market now; initial capabilities include highlighting areas of risk that need further testing or that weren't covered at all. There will be many more advanced tools released in the coming months and years.


Blockchain technology lacks enough use cases to be disruptive, says Worldpay


A lack of strong use cases for blockchain is preventing the technology from disrupting the financial services industry, according to Worldpay. The payment company’s head of technology operations, Jason Scott-Taggart, said the organisation had not ruled out using blockchain in future, but the technology still has some way to go. “You’d be surprised, but in payments blockchain is not as disruptive as people assume it is. There’s not a lot of demand for cryptocurrencies, and blockchain as a technology is not something we have seen a good application for in what we do yet,” he told Computer Weekly in an interview at the ServiceNow Knowledge 18 conference. His view echoes research from Gartner, which found just 1% of CIOs are currently undertaking blockchain projects and 8% plan to start one in the short term. The analyst firm’s vice-president, David Furlonger, said the technology was “massively hyped” and warned “rushing into blockchain deployments could lead organisations to significant problems of failed innovation, wasted investment [and] rash decisions”.


Improve the rapid application development model for deployment readiness

An increasing number of enterprises adapt rapid application development tools rather than reworking their DevOps toolchain. Kubernetes, Marathon and other container orchestration platforms easily combine with continuous integration tools such as Jenkins to make every stage of rapid development, from unit testing through production, part of an explicit flow. The move from idea to prototype is defined in rapid development terms, using rapid development tools. Jenkins, Buildbot, CruiseControl and similar tools frame production as a stage of rapid or continuous development. At each stage, they link to container orchestration for deployment. Simply hosting application code in containers does not guarantee that the orchestration practices for each stage will be comparable, but it does organize the process overall. Containers, and a single orchestration tool, provide commonality across all stages of rapid application development to ensure that every stage is tested, including the transition to production.. The rapid application development model, in both setups, is a string of testing and integration phases linked together.


Adware bundle makes Chrome invisible to launch cryptojacking attacks

screen-shot-2018-05-17-at-12-48-33.jpg
Known as cryptojacking, this practice involves the use of often-legitimate mining scripts which are deployed on browsers without user consent, before funneling the proceeds to mining pools controlled by threat actors. According to the publication, the bundle creates a Windows autorun which launches the Google Chrome browser -- in a way which is invisible. By using specific code to launch the browser, the software forces Chrome to launch in an invisible, headless state. The browser then connects to a mining page whenever the user logs into Windows. This page launches the CoinCube mining script that steals processing power to mine Monero. CPU usage may spike to up to 80 percent, and while victims may notice their PCs are slow, it could be a very long time before the software is uncovered and removed -- or users may simply blame Chrome as the oddity. The researcher opened the website page responsible for the script in a standard browser window and came across an interesting element of the script; the page masquerades as a Cloudflare anti-DDoS page.


Telegrab: Russian malware hijacks Telegram sessions

Cisco Talos researchers Vitor Ventura and Azim Khodjibaev dubbed the malware Telegrab. They analyzed two versions of it. The first one, discovered on April 4, 2018, only stole browser credentials, cookies, and all text files it can find on the system. The second one, spotted less than a week later, is also capable of collecting Telegram’s desktop cache and key files and login information for the Steam website. To steal Telegram cache and key files, the malware is not taking advantage of software flaws. The malware is capable of targeting only the desktop version of the popular messenger because it does not support Secret Chats and does not have the auto-logout feature active by default. This means that the attacker can use those stolen files to access the victim’s Telegram session (if the session is open), contacts and previous chats. Telegrab is distributed via a variety of downloaders, and it checks if the victim’s IP address is part of a list that includes Chinese and Russian IP addresses, along with those of anonymity services in other countries. If it is, it will exit.


Blockchain will be the killer app for supply chain management in 2018

blockchain maersk ibm
Private or "permissioned" blockchains can be created within a company's four walls or between trusted partners and centrally administered while retaining control over who has access to information on the network. Blockchain can also be used between business partners, such as a cloud vendor, a financial services provider and its clients. Bill Fearnley, Jr., research director for IDC's Worldwide Blockchain Strategies, recently returned from visiting company clients in China where he found "everybody wanted to talk about supply chain. "If you build a blockchain ledger within [a single company] that has a certain value," Fearnley said. "The real value for blockchain is when you use distributed electronic ledgers and data to connect with suppliers, customers and intermediaries." One major challenge with supply chain management today involves trade finance record keeping, because a lot of trade finance record keeping is still based on inefficient systems: including faxes, spreadsheets, emails, phone calls and paper.


Zara concept store greets shoppers with robots and holograms

At Zara’s new flagship store in London, shoppers can swipe garments along a floor-to-ceiling mirror to see a hologram-style image of what they’d look like as part of a full outfit. Robot arms get garments into shoppers’ hands at online-order collection points. iPad-wielding assistants also help customers in the store order their sizes online, so they can pick them up later. “Customers don’t differentiate between ordering online or in a store,” spokesman Jesus Echevarria Hernandez said. “You need to facilitate that as best as you can.” The store, which opened Thursday, shows how retailers are increasingly blending online and bricks-and-mortar shopping in a bid to keep up with the might of Amazon.com Inc. Inditex SA, the Spanish company that owns Zara, calls it an example of the technologies it will implement around the world. ... Amazon is moving the other way, building out its physical retail presence. Not only has it acquired grocer Whole Foods Market Inc., it has opened Amazon Go convenience stores, which use artificial intelligence and video cameras in lieu of checkouts, in several U.S. cities.


Icinga Enterprise-Grade Open-Source Network Monitoring That Scales

analytics network monitoring
Icinga runs on most of the popular Linux distros and the vendor provides detailed installation instructions for Ubuntu, Debian, Red Hat (including CentOS and Fedora) and SUSE/SLES. Icinga does not publish specific hardware requirements, but our installation ran well on a quad-core processor with 4 GB RAM and this is probably be a good starting point for a basic installation. ... As with most monitoring applications, storage is an important variable that largely depends on the number of hosts and services monitored and how often information is written to the log. With too little storage, the logs can easily fill up and freeze the system. We were able to quickly install Icinga on Ubuntu 16.04 LTS with just a few simple commands at the prompt. The first step was to download the necessary files to the local repository, and then install the actual Icinga application. Icinga can be used to monitor the availability of hosts and services from switches and routers as well as a variety of network services like HTTP, SMTP and SSH.


CISO soft skills in demand as position evolves into leadership role

You need to be able to understand what engineering is trying to do and what their goals are, what marketing and procurement are doing, what the customer is trying to do and what their goals are. If you can't empathize with what their goals and challenges are, you can't influence. So much flows from that: Your communication skills and communication style will flow from empathy. You also need to be understanding of what we call the data subject -- the consumer who doesn't understand what's happening to their data -- and having empathy for them, as well as empathy with all the stakeholders. It's empathizing with everybody and making the wisest decision to push for the best outcome you can. ... It's important for at least two different reasons. One, from a practical perspective, I've talked a lot about the skills gap. If we're blocking 50% of the planet from joining this career path, we're really contributing to our biggest challenge. Then the other part: Women across the globe are economically oppressed, and information security is a lucrative field. I want to get women into the information security field so they can be financially independent and make a good living.



Quote for the day:


"Leadership - leadership is about taking responsibility, not making excuses." -- Mitt Romney