Daily Tech Digest - August 14, 2018

Image: Shutterstock
Once your DevOps team understands the metrics that connect your work to customer satisfaction, look at all the tools your DevOps team uses to deliver for your success metrics, says Rosalind Radcliffe, a distinguished engineer at IBM. "Many of the tools that people adopt as part of their DevOps transformation help generate data that can help drive numbers into these metrics," says Radcliffe.  Knowing what to measure and how to measure is half the battle, but what's possibly more important is knowing who needs to raise their hand to keep the DevOps team on track.  “The glib answer,” says Mann, “is that everyone should care [about DevOps success metrics].” However, the more specific answer Mann gives is leaders of application development or a project management office (PMO) or project manager (PM) for application development at larger companies. If you’re at a smaller company, Mann says a scrum master could be in charge of evaluating a DevOps team’s value stream and success metrics.


Does Facebook even need a CSO?

Facebook / network connections / privacy / security / breach / wide-eyed fear
As sister publication CIO has reported, not every company needs a CSO. “It's not a person who needs a seat at the table,” Simple Tire CIO CJ Das said at a CSO event, “The topic needs a seat at the table.” Indeed, Flick says, “We expect to be judged on what we do to protect people's security, not whether we have someone with a certain title.” Pinterest and Tumblr don’t have CSOs. ... “The creation -- and I guess I would say appointment of any leadership role,” Coates notes, “also tells a story to the public, intentional or otherwise. In some regards, a chief security officer is also a central point to inspire confidence that this is something where they're putting a senior role at the table to tackle this issue.” That’s why, he says, New York State mandates all financial institutions have a CSO. “Because there is a challenge in security when the work is distributed amongst teams without a central owner, you can lose some of that experience and central visibility that a security organization brings to the table,” Coates explains, “A commitment to a high placed individual shows the company has kind of matured to that level and is thinking of it that way.”


Why you should shift from systems thinking to capability thinking

ipopbaistock-653884384.jpg
At a basic level, a capability is nothing more than an ability to perform a function. This capability could be unique in the industry, or relatively rudimentary, and in some cases a seemingly simple capability requires all manner of supporting capabilities to successfully realize it. For example, Amazon has a capability for same-day package delivery in most areas, a feature that's easy to articulate and understand, but it provides a significant advantage over competitors that don't have the logistical prowess to match Amazon. Generally speaking, most IT projects and policies start with a capability in mind. That capability might range from an ability to close financial reporting within a certain time frame to providing low-cost voice communications across geographies. However, most IT shops abandon this capability mindset once they select a suite of tools designed to deliver that capability. Suddenly, IT shifts from "providing a supply chain capability" to "we're an Oracle shop." Think of this like a carpenter going from saying "I'm a cabinet maker" to "I'm a Stanley 15-106A coping saw shop."


Why Choosing Python For Data Science Is An Important Move

data science and python
Python has also become ubiquitous on the web powering numerous high-profile websites with Web development frameworks like Django, Tornado, and TurboGears. More recently, there are signs that Python is also making its way into the field of cloud services with all major cloud providers including it in some capacity in their offerings. Python obviously has a bright future in the field of data science, especially when used in conjunction with powerful tools such as Jupyter Notebooks, which have become very popular in the data scientist community. The value proposition of Notebooks is that they are very easy to create and perfect for quickly running experiments. In addition, Notebooks support multiple high-fidelity serialization formats that can capture instructions, code, and results, which can then very easily be shared with other data scientists on the team or as open source for everyone to use. For example, we’re seeing an explosion of Jupyter Notebooks being shared on GitHub with more than 2.5 Million and counting.


Malicious Cryptocurrency Mining: The Road Ahead

Scammers are even resorting to API abuse to freeze their victims’ browsers with the primary target being Chrome, followed by Brave and Firefox. Fraudsters that operate by providing fake tech support services mainly depend on gaining control of easily-exploitable business functions rather than on specific tools. Apart from exploiting security flaws in Bitcoin transactions, scammers are capitalizing on the long patch lag time for tech support cases to make large profits. In January of this year, processors were greatly impacted by vulnerabilities namely, Meltdown and Spectre. While Meltdown was exclusively used against Intel processors, Spectre could attack almost all processors. These vulnerabilities can be used to access people’s login credentials, banking information, and personally identifiable information. Notably, Microsoft, Intel, and other vendors have implemented patches, but there are issues that may need to be addressed in the long run.


Smart cities face challenges and opportunities


One constant across all projects is data traffic. Although replicating projects is a challenge, data collection and traffic variation among various city pilot projects, compared to full-scale deployments, varies greatly. In a recent RootMetrics by IHS Markit test of internet of things (IoT) technologies in Las Vegas, even at a full-scale phase, the network exhibited significant problems. In fact, certain IoT networks were unable to provide enough coverage to support even the simplest smart city applications. Due to the ever-increasing volume of sensors and their data, robust connectivity technology is a requirement for success. It is also often limited by a city’s budget. According to RootMetrics, coverage and reliability across the entire city is the key to launching any successful smart city programme. Digital security is another threat cities face when they try to implement smart city projects. As personal data gets uploaded into the cloud, it is often shared with digital devices, which, in turn, share the information among multiple users.


The Impact Of Artificial Intelligence On The (Re)Insurance Sector

AI and data will take us into a world of ex-ante predictability and ex-post monitoring, which will change the way risks are observed, carried, realized and settled. This fundamental change will lead to profound changes to market balances and equilibriums in the (re)insurance sector, and will completely redefine the dynamics of the insurance market, on both the supply and the demand side. Although (re)insurers might have an early advantage given that they have greater means and more tools and, for the time being, more data, AI will transform both sides of the insurance transaction in the long run. All parties to the insurance ecosystem, be they risk carriers, brokers, or even customers, will use AI tools. It is even likely that negotiations and discussions could take place between the AI systems of the different parties to the insurance contract! This might appear futuristic, but the idea of two AI systems dueling with each other and trying to “fool” each other already underpins generative adversarial networks (GAN) and the concept of adverse learning, which are used in research for video recognition and analysis


Web security gets a boost as TLS gets major overhaul

CloudFlare implemented one of those early versions of TLS 1.3 on its servers in 2016, but by the end of 2017 found most traffic still relying on TLS 1.2. ... Since then however web giants like Facebook have enabled TLS 1.3. Google enabled it in Chrome 65 -- the latest version of Chrome is version 68 -- but at the time had only rolled out support on Gmail. Firefox-maker Mozilla also announced that TLS 1.3 draft 28 is already shipping in Firefox 61, noting that one of its biggest improvements on the security front is that it cuts out outdated cryptography in TLS 1.2 that made attacks like FREAK, POODLE, Logjam and others possible. It will ship the final version off TLS 1.3 in Firefox 63, due out in October. "Although the previous version, TLS 1.2, can be deployed securely, several high profile vulnerabilities have exploited optional parts of the protocol and outdated algorithms," IETF engineers said in a statement. "TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities."


Samsung Announces New SmartThings Mesh Wi-Fi System

Samsung Announces New SmartThings Mesh Wi-Fi System
SmartThings Wifi works as a SmartThings Hub to serve as the “brain” of the smart home. Samsung’s open SmartThings ecosystem makes it easy to automate and manage the smart home with one hub and the SmartThings app. Compatible with hundreds of third-party devices and services, SmartThings enables users to expand their smart home with lights, door locks, cameras, voice assistants, thermostats and more. SmartThings Wifi delivers a simple, convenient 2-in-1 solution, offering whole-home automation out of the box. For corner to corner coverage, users can choose the right Wi-Fi configuration to fit their needs, from a home with multiple levels to a small apartment. Each SmartThings Wifi router has a range of 1,500 square feet, with the 3-pack covering 4,500 square feet, and users can expand coverage by adding additional mesh routers to the set-up. It is easily set-up and managed by the Android and iOS compatible SmartThings app.


Five key security tips to avoid an IoT hack

While layered security must remain the key priority, it is essential to understand that generic networking equipment and IoT devices are the weak link. They often have no continuous update program for firmware and software, low lifetime support, and insufficient computational power to host an antivirus or any other security agents. As practice shows, they are almost always left alone without proper supervision at consumer homes, network perimeter of small & medium business offices or branches of huge corporations. It is crucial to keep up with the evolving threat landscape. To do that, companies need to move away from traditional security approaches to the next generation solutions, especially security controls that are driven by artificial intelligence. The latter are capable to precisely map a network and identify all devices (even those that might be left alone somewhere on the edge of the network).



Quote for the day:


"When you have to make a decision, you can't wait for tomorrow to make it. You've got to make it now, and then if it's wrong, maybe tomorrow you can make a better one." -- Harry S. Truman