Daily Tech Digest - July 03, 2018

Facebook releases its load balancer as open-source code

Facebook releases its load balancer as open-source code
Google is known to fiercely guard its data center secrets, but not Facebook. The social media giant has released two significant tools it uses internally to operate its massive social network as open-source code. The company has released Katran, the load balancer that keeps the company data centers from overloading, as open source under the GNU General Public License v2.0 and available from GitHub. In addition to Katran, the company is offering details on its Zero Touch Provisioning tool, which it uses to help engineers automate much of the work required to build its backbone networks. This isn’t Facebook’s first foray into open-sourcing the software that runs its network. Last month, the company open-sourced PyTorch, the software used for its artificial intelligence (AI) and machine learning projects. PyTorch is a Python-based package for writing tensor computation and deep neural networks using GPU acceleration. Facebook has to develop these kinds of software packages because while there are plenty of off-the-shelf software products out there, none of them is made for a global social media company that has 2 billion users.

If you thought GDPR was bad – Just wait for ePrivacy Regulation

GDPR delineates rules for obtaining clear and unambiguous consent for collection and use of personal information. ePR follows the same definition of what constitutes valid consent but makes it the “central legal ground” for the processing of electronic communications data, direct marketing communications and the access to end users’ terminal devices (phones, wearable devices, gaming consoles, etc.). One area of concern under ePR is that while GDPR also includes legitimate interest (as long as the consumers are aware of this and have consented to it) and contractual necessity as allowable factors for collecting and processing personal data, ePR lacks these exemptions to consent. This adds ambiguity, brings into question the alignment and relationship between GDPR and ePR and may effectively narrow how companies can process electronic communications data as well as what they can collect. ... Or on the flip side, does it mean that companies have to alter account origination processes to obtain consent for processing necessary to set up the account? Both questions seem to extend the need for obtaining consent beyond what the GDPR established.

Jabra Elite 65t true wireless earphones review: A true AirPod alternative

jabra elite 65t
They’ll remain safe during a shower, and they’ll be fine if you get caught in the rain. But just don’t take them swimming. With their IP55 rating, they’ll stand up to a blast from a jet of water. But submersion? Not so much. ... If you remove one of the buds from your ear, it’ll pause whatever you’re listening to. Put it back in, and the music continues—a nice touch of sophistication. And staying true to Jabra’s roots as a Bluetooth headset maker, the Elite 65t can also be used with just one earbud, the right one, pushed into your ear canal. This makes the earphones a good choice for anyone looking to use his or her phone handsfree while driving. Oh, and should you lose one of your earphones, Jabra makes it easy to buy a replacement through its accessory site. Jabra says the 65t can run for up to five hours off of a single charge. I found this estimate to be reasonably accurate. The earphone’s slim charging case, while larger than what you’ll see with a set of AirPods, has enough juice to provide two additional five-hour charges. Users will appreciate the fact that 15 minutes worth of charging in the case will provide about 90 minutes worth of music.

Ransomware: Not dead, just getting a lot sneakier

Ransomware may no longer be flavour of the month but it still remains a significant threat. The short-term damage means business can't be done while files are encrypted while the longer-term impact may result in loss of trust from customers and users who may not feel that the victim can be trusted to keep their data secure. There's also the possibility that a victim who pays the ransom could easily become infected again as attackers realise they've got an easy target on their hands. For cybercriminals ransomware still offers a big payday, quickly, unlike malicious cryptocurrency mining which requires patience to realise a pay-off. Behind much of the potency of ransomware is the EternalBlue SMB vulnerability which allowed WannaCry, NotPetya and other ransomware attacks to self-perpetuate around networks. It's over a year since the NSA vulnerability was leaked by hackers but there are plenty of organisations which, despite the clear demonstrations of the damage attacks exploiting EternalBlue can do, still haven't patched their networks.

The pros and cons of serverless architecture

Fundamentally, serverless lets developers focus on writing code. There are still servers somewhere in the stack, but the developer doesn't need to worry about managing those underlying resources. While services like Amazon Elastic Compute Cloud (EC2) require you to provision resources for the OS and the application, a serverless architecture simply asks how many resources a single demand of your function requires. For example, a web testing suite might require 128 MB of RAM for any single website. Even if you deploy 10 million copies of that function, each individual one needs only 128 MB. They can even all run at the same time. Serverless focuses on what each individual request requires and then scales automatically. There are several different approaches to serverless development. Most developers who transition from a traditional framework, such as Flask, Rails or Express, might choose to use a serverless framework, such as Chalice for Python or Serverless for Node.js. These frameworks are similar to the traditional ones, which help ease the transition for those developers.

How careless app developers are risking data of millions of sensitive users

The poorly secured backend database in thousands of apps is leaking sensitive user data. Many app developers have put at risk millions of sensitive medical and financial records of users due to their poor coding practices.  Recently released report by the mobile security firm Appthority describes the data leaks. The report pins the blame on app developers that failed to properly use Google’s Firebase cloud database. The platform acquired by Google in 2014 is used for authentication of user details. Firebase is intended to make app development much easier by doing much of the manual authentication work for coders. Appthority’s report lists more than 3,000 apps that leaked the user details. Most of these apps are Android-based while only 600 apps are on iOS. These incorrectly configured Firebase databases have exposed many users on the internet. Many of these apps record sensitive information such as financial data, employee medical records, and plain text passwords.

Why accounting matters to your cloud computing plans
While cloud computing can save you millions of dollars a year, it may actually cost you money, at least in the short term. That’s something that I’ve run into from time to time with clients over the years. At issue is that you need to consider net savings. That mean looking for the all-in cost of the cloud, including dealing with tax and other accounting implications. Although cloud computing is typically a superior model, walking away from traditional hardware and software has a cost as well. Indeed, in a few cases I’ve found that a cloud computing solution that will save $10 million a year actually will cost $15 million considering the impact of taxes. The gross savings made sense for cloud, but the net savings did not. So, how are cloud geeks supposed to deal with these accounting issues? By using business analysts to work up cloud ROI models. It’s not uncommon for these business analysts to be CPAs. Even more complex is the fact that most companies are multinational these days, and so you to figure out not only the net cost impact for a single country, but for dozens of countries that have some pretty odd laws when it comes to accounting, especially tax issues.

The modern CSO: Future-proofing your organization in a disruptive world

Thinking well in advance about the risk involved in moving to new IT platforms should allow CSOs to make sure that some things (e.g., privacy by design) are taken into account from the start and the emphasis on security and compliance is kept. “It’s also worth keeping up with what is taking place on the security side by looking at the low hanging fruit for security problems. Patching machines, keeping software updated, managing access control – these are all well-understood issues that keep getting exploited,” he notes. “The big problems like WannaCry in 2017 were all due to known issues. Understanding those breaches and patching vulnerabilities quickly should keep companies ahead of the large majority of potential attacks.” New technologies such as containers should also make this easier. “Rather than having to build upon that existing IT infrastructure and keep updating it, you can use a clean container build each time that is up to date. You keep the containers as up to date as possible, you audit any third-party software or plug-ins that get used within those containers continuously, and you focus on those images in your library,” he explains.

Pulse Secure VPN enhanced to better support hybrid IT environments

Pulse Secure VPN enhanced to better support hybrid IT environments
Pulse Connect Secure is fully mobile-aware, with features such as certificate-based authentication with an embedded certificate authority and integrated endpoint container. Support for SAML authentication allows enterprises to blend data center and cloud resources into a robust user experience.  Pulse Connect Secure simplifies network administration and compliance management with a centralized web-based console, end user self-provisioning, and integration with EMM policy management platforms. Centralized appliance management delivers an IT administration experience that enables proactive and rapid responses to security threats and network events. Administrators are able to replicate configuration and policies from one appliance to others and perform bulk operations for firmware updates and policy changes. An administrative dashboard provides appliance status and unified compliance reporting with context-aware visibility of devices and users. Pulse Connect Secure can be deployed as a hardware, virtual, or cloud appliance. Pulse Secure recently announced a new release of Pulse Connect Secure aimed at simplifying connectivity and security in cloud and hybrid IT environments.

Cybersecurity remains non-core competency for most C-suite executives

Whilst cybersecurity has now become a critical business function, it remains a non-core competence for a significant number of boards. CISOs have become increasingly common in recent years (recent research suggests that nearly two-thirds of large US companies now have a CISO position), but the majority do not report directly to the CEO, which reduces their effectiveness. Cyrus Mewawalla, Head of Thematic Research at GlobalData commented, “The frequency of cyberattacks is only likely to accelerate over the coming years, therefore it is vital that senior executives have a full understanding of the inherent risks and implications. The losers will be those companies whose boards do not take cybersecurity seriously, as they run a higher risk of being hacked.” It is hard to assess a company’s exposure to cybersecurity risk, but the composition of the board often provides clues: CEOs who do not have a CISO reporting directly to them present a high risk.

Quote for the day:

"The leadership team is the most important asset of the company and can be its worst liability." -- Med Jones