Daily Tech Digest - October 08, 2018

A rough guide to your next (or first) fog computing deployment

city skyscrapers emerge from foggy cloudy / environment pollution / uncertainty / unknown future
There’s a hierarchy of storage options for fog computing that runs from cheap but slow to fast and expensive. At the former end, that option is network-attached storage. A NAS offers huge storage volumes, particularly over a distributed network, but that means latency times measured in seconds or minutes. Rotating disks could work well for big media libraries or data archives, according to Byers, while providing substantially better response times. Further up the hierarchy, flash storage, in the form of regular SSDs, provides much the same functionality as a spinning platter, with the well-known tradeoff in increased price-per-GB for much faster access times. That could work best for fast bulk storage, though Byers also notes that there are concerns about access speeds dropping off after a large enough number of read/write cycles. “After you write to a given address in the chip more than about 2,000 times, it starts getting harder to reprogram it, to the point where, eventually, you’ll get write failures on that sector of flash drive,” he said.



GDPR As Catalyst: Protect Data And Grow the Business (Part 4)

A successful collaboration depends on the ability to share information quickly and easily with third-party companies, working across organizational and geographical boundaries. However, it is vital to balance the need to provide business partners with ready access to enterprise data while safeguarding valuable intellectual property and sensitive corporate information. In addition, they must meet many industry- and country-specific compliance requirements – including the General Data Protection Regulation (GDPR) for managing personal data. Data processors and controllers are both responsible for GDPR requirements for personal data, wherever that data may be in their business network. They need to be able to quickly and securely share data with partners. By using dynamic attribute-based access controls, they can classify and segregate data based on metadata, content, association, or policy; establish fine-grained, attribute-based access policies; automate access authorization based on policies; and centralize activity logging and auditing to simplify compliance reporting.


Sony Smart TV Bug Allows Remote Access, Root Privileges


The flaws – a stack buffer overflow, a directory traversal and a command-injection bug – were found by Fortinet in March by its FortiGuard Labs team. The most serious of the vulnerabilities is the command-injection (CVE-2018-16593) bug, which is tied to a proprietary Sony application called Photo Sharing Plus. The app allows users to share multimedia content from their phones or tablets via Sony TVs. “This application handles file names incorrectly when the user uploads a media file,” wrote Fortinet’s Tony Loi, who found the vulnerability. “An attacker can abuse such filename mishandling to run arbitrary commands on the system, which can result in complete remote code-execution with root privilege.” Fortinet researchers said a compromised TV could be recruited into a botnet or be used as springboard for additional attacks against devices that shared the same network. To be successful, an adversary would need to be on the same wireless network as the Sony TV.


Separating high value from low value KPIs in data governance efforts

It's not necessarily a bad thing for a business to know how many overall data quality problems happen in a specified span. But, the reason this could be a lower-value KPI in many organizations is that it is likely not adequately specific. In contrast, a KPI for resolved issues indicates if a company is making gains in remedying problems or not. Looking at the number of data quality issues also becomes more problematic if a company has numerous locations. Failing to separate data quality issues into outstanding and resolved categories could also promote inaccurate presumptions about performance. Indeed, it's best to keep the number of data quality issues as low as possible. But, it's arguably even more critical for company representatives to accurately ensure they're promptly addressing and thoroughly handling all issues. Only viewing overall issues may not represent how those problems get treated.


The first smart display for business: Your Android phone

google home
The new smart display interface will constantly show contextual information such as the time, the weather, battery status, and other data. Google released its third version of the smartphone operating system Wear OS, which comes with an improved Google Assistant feature. The biggest change: proactivity. The Wear OS Google Assistant can offer all kinds of contextual information (some of it based on personal data mined in Gmail). This makes sense, because wristwatches can gather amazing contextual data, such as user location and also whether the user is walking or sitting. I think this is a preview of what’s coming for the docked Android phone version of Google Assistant. Phones have even better contextual information than watches, because placing the phone in the dock says a lot about intention — namely that the user is not intending to leave and go somewhere else, but plans to stay in a single place and may want hands-free notifications and assistance.


Microsoft halts rollout of Windows 10 October 2018 Update: What happens next?

Via email, a Microsoft spokesperson confirmed that announcement: "We have paused the rollout of the update while we continue to investigate reports from some customers." In a tweet, Dona Sarkar, who runs the Windows Insider Program, advised anyone affected by this issue to call Microsoft's support lines: "They have the tools to get you back to a good state." The implication in that tweet (and in the language from the original bulletin) is that the files have not been deleted but are available elsewhere on the system disk. Update: Roughly 36 hours after the initial publication of the support bulletin, Microsoft edited its contents. It now reads, "If you have manually checked for updates and believe you have an issue with missing files after an update, please minimize your use of the affected device and contact us directly..." [emphasis added] In the United States, you can reach Microsoft Support at 1-800-MICROSOFT (1-800-642-7676). For Windows 10 customers in other regions, check the list of local support numbers on the Global Customer Service Phone Numbers page.


Software-defined networking security involves 3 factors


To fully protect confidentiality, it's necessary to encrypt network traffic. IT teams should also consider encrypting the control channel in the environment, which includes the communications between an SDN controller and the data plane devices that actually move packets. Moreover, if an SDN system includes any ability to cache data -- e.g., as part of a network flight recorder feature -- or if it has data compression features, it may be necessary to encrypt data stored in memory, or even on a disk, in data plane devices or the controller. SDN systems can defend themselves from attack, but this requires hardened platforms for both controllers and data plane devices. If the SDN controller is running on a poorly secured Linux server, for example, it doesn't matter how secure the SDN system riding on the nodes is at a high level. Any off-the-shelf SDN system should have a secured base -- whether Linux, CentOS or something else -- when it comes out of the box.


Juniper CEO Rahim talks network, security and multicloud trends

There’s no way to get around the biggest trend, and that is the tectonic shift to cloud and multicloud. I am not just talking about the hyperscale users either. I am talking telcos and enterprises. It’s a sign of the times that every CIO is trying to take advantage of a multicloud environment, whether it’s to build out an infrastructure to handle it or deploy an overlay or underlay – they just cannot do it by themselves. That’s why we have so heavily invested in multicloud connectivity and software services development.  The second one is the move to 5G. Overall we don’t think 5G technologies will go mainstream until next year, but the preparation for it is well underway. Cloud services and providers are developing the infrastructure and capacity to take advantage of 5G now. Security would be the third, and what we are seeing is the trend of customers tying together networks and security technologies to develop more effective policies to block malware and protect the enterprise against threats better than ever before.


Open source is the future, but it will cost you more than you think

money.jpg
Open source has never been known for being the people that sit and finish up projects. They've always sort of gotten it to a good solid point that does 80% of what you want it to do, or it works well enough but there's not great interfaces and things on it. What tends to happen is, either commercial companies like Red Hat...end[] up making it usable for them afterwards. We obviously also see the public cloud beginning take those open source projects and turn them into managed services as well. Such companies—including system integrators—do the "last mile" work necessary to get open source projects ready for enterprise consumption. Red Hat makes billions on this model, yet it still remains more of an anomaly than it should. We have MongoDB, Elastic, the combined Cloudera and Hortonworks, and other open source companies, but not nearly as many as we should, given how dominant open source has become in the area of enterprise infrastructure.


Be Prepared for Disruption: Thinking the New Unthinkables


The fear is that talk of “purpose” still remains a convenient and fashionable slogan, but empty. It may only be mainstreamed when there is hard evidence that having strong values adds money and social value to the company. Mayer is leading the charge to find rigorous data through his work at Oxford and the British Academy project on the Future of the Corporation to establish a causal link between values and value. “Until that’s the case, it’s going to be extremely difficult to persuade the investment community that they should be moving in this direction in a big way,” he says. This is despite the very clear signals now being sent by the public to both corporate and political leaders that purpose matters. These unthinkable scenarios — such as Collymore’s young customers deserting overnight — must be accepted, not ignored. The challenge is even more acute in a world of digital transformation. Artificial intelligence and biotech are bringing huge changes to society. For leaders, a new clarity of purpose and a moral compass is essential, as is an understanding that huge new disruptions are the hallmark of the new normal.



Quote for the day:


"Open Leadership: the act of engaging others to influence and execute a coordinated and harmonious conclusion." -- Dan Pontefract