Daily Tech Digest - December 15, 2018

How leaders should prep up to lead AI enabled business
An aware and compassionate leader will want to leverage the opportunities, as well as try to minimize the adverse impact on people. This is a very tricky balance to achieve, needing a lot of foresight. And, it needs to be compassionate foresight. It doesn’t mean that decisions about letting people go will not be taken. It means that a leader with compassionate foresight gives a lot of importance to people-related decisions. He keeps himself aware of possible changes, which may be far in the distance now, but could impact people when they actually take place. His foresight helps him evaluate the possible consequences of the impending change, and it also gives him time to change course, or come up with creative solutions before the change is on his head, forcing him to act.  Continuing with the cab operator example, he would start seeking answers to questions like - What about all the drivers and chauffeurs on my rolls? Can I reskill my drivers to manage the operation of driverless cars?

How Blockchain And AI Will Threaten Advisors’ Revenue

The concurrent development of blockchain technology and the proliferation of blockchains for myriad purposes will enable access to data and transactions by consumers, at their leisure, just by talking and listening.  The implications for advisors’ survival are clear: They must concentrate on truly advising clients, drawing on human qualities that machines can’t replicate (yet)— balance, perspective, empathy and goal-based analysis. But to re-fashion their practices accordingly—and in ways that mesh with the coming blockchain environment--advisors must gain a clear understanding of how the transaction world is changing, what it will look like in five or 10 years and the future service expectations of tomorrow’s clients. It’s also critical to understanding how this transformation will disrupt the global economic system’s machinery.  

The most important tech trend that wealth management industry should pay attention to is the ability to leverage AI and Big Data to develop new business models that deliver value to customers, instead of extracting value from them. One such use case is auto pilot personal finance management, propelled by the availability of data and the power to process and glean insights from it. While the ability to “look back” and provide historical reference on prior transactions can be useful, we need to move beyond insights into forecasting and action. With consumers becoming increasingly comfortable with robo-advisor and DIY models, financial institutions could position themselves to be the trusted guide for their customer’s financial well-being. Imagine a machine that learns your spending habits and helps you set aside money for bills, in addition to “safe to spend”, “emergency savings”, and “long-term savings/investment” buckets. Such model would not only serve to improve the customer’s financial future; it would also help to earn trust in an era where relationships are becoming increasingly transactional and firms are looking for new points of differentiation.

GE plans to launch independent industrial IoT company, unloads ServiceMax: Too little, too late?

GE said that it will launch an industrial Internet of things company that consists of its software portfolio including its Predix platform. Separately, GE said it will sell a majority stake in ServiceMax, a software firm acquired in 2016, to Silver Lake. The moves come as parent company GE is struggling with debt and growth at its various units including GE Power. In a statement, GE said its industrial IoT company will have about $1.2 billion in revenue and a global base of companies. The company will have its own brand, identity, equity structure, but be owned by GE. As for the portfolio, the new company will products including Predix, Asset Performance Management, Automation, Manufacturing Execution Systems, Operation Performance Management and GE Power Digital and grid software.

The research found that among the main threats posed to networks within the UK were unpatched security vulnerabilities (28%), online consumers themselves (25%) and internet-connected devices (21%). Within the UK, artificial intelligence (43%) was cited as the technology most likely to be implemented within the next year, followed by internet-connected devices (35%), portable media technology (24%), omni-channel technology (23%) and augmented reality (17%). The majority of IT decision-makers in the UK (55%) said they were concerned about new technologies, in stark contrast to those in the Netherlands, where only 20% claimed to be concerned. The survey also polled consumers on their experiences and attitudes towards online data privacy and security while shopping online. Although most global consumers shop online to some degree, 17% do nothing to protect their data while doing so.

Disruption Is Creating Opportunity In Canadian Banking

Canadian banks form the cornerstone of my investment portfolio. They operate within a protected Canadian regulatory system that virtually guarantees their success. Between the Big 5 Canadian Banks, they touch almost every part of Canadian society from both a personal and business perspective. But we live in an era of extraordinary change, and the banking sector is no different. Whether it be fintech, piracy or government interference, there are shadows lurking around every corner potentially impacting their businesses, but you don't generate billions in profits every quarter sitting back and letting the world happen. In my personal portfolio, I own the 3 largest Canadian banks - Royal Bank of Canada (NYSE:RY), TD Bank (NYSE:TD) and Scotiabank (NYSE:BNS) - and they have proven their willingness to reinvent their businesses, laying the groundwork for future success.

Oracle's 'Open' Approach To Cloud-Native Software

The firm’s latest software development developments see it try to directly address some of the cloud-native issues that are holding back some developers. Oracle has announced the Oracle Cloud Native Framework to give software programmers a cloud-native solution that spans public cloud, on premises and hybrid cloud deployments. Oracle says that as organizations move to the cloud, they are facing new and difficult challenges addressing cultural change and increased complexity. Connected working practices such as DevOps and cloud-native tooling have left many developers and projects behind the curve. Moreover, organizations are eager to use standard open source components and leverage cloud capabilities, but are impeded by the number of complex choices, lack of training and fear of cloud vendor lock-in. ... The Oracle Cloud Native Framework also introduces a set of new cloud-native offerings on Oracle Cloud Infrastructure that include Oracle Functions, a new breakthrough serverless cloud service based on the open source Fn Project.

The Cloud Was Made for Automation

There is one common attribute for workloads that do meet the ROI test for moving to the cloud, whether they are to remain a collection of nodes, or get transformed into microservices and packaged/deployed as containers. These workloads are always worth automating. Automation allows an organization to consistently and effortlessly create multiple identical environments for the workload (e.g. test, staging, production), making it far safer to test changes before they are rolled into production. In addition, automation unlocks the ability to easily move the workload to different availability zones or regions. Using platform-neutral automation tools extends this portability benefit across cloud providers, or even back to API-driven hyperconverged infrastructure running on-premises, providing maximum flexibility in the choice of deployment environment.

Super Micro: Audit Didn't Find Chinese Spying Chip

"After thorough examination and a range of functional tests, the investigations firm found absolutely no evidence of malicious hardware on our motherboards," according to a Dec. 11 letter to Super Micro customers signed by company executives, including President and CEO Charles Liang. San Jose, California-based Super Micro Computer, which markets itself as Supermicro, further says "no government agency has ever informed us that it has found malicious hardware on our products, and we have never seen any evidence of malicious hardware on our products." Bloomberg's Oct. 4 story, headlined "The Big Hack," struck fear across the technology industry. It claimed that agents with China's People's Liberation Army subverted Super Micro's supply chain in Asia. The result was the implantation of tiny microchips on Super Micro motherboards capable of siphoning data to remote servers.

The Current State of Blockchain - Panel Discussion

The immutability in a blockchain (at least the older blocks) makes the replication/change history more transparent than a traditional RDBMS (where one would have to perform additional work to ensure no-one had sneakily changed a historic transaction). We designed our "VeloChain" from scratch, built in C for small foot-print and performance (six figures per second). Security takes top priority as we work in international banking, geo-fenced (which you can't do with a DLT) and options for post-quantum security. Everything on our system from AML to KYC, sanctions and SWIFT messages are recorded and logged on our blockchain. Our clients (payor, banks and payees or sellers, banks and buyers if you prefer) can add metadata, e.g. invoices, statements, on boarding documents to our blockchain and prove that the processes, payments, regulatory and compliance requirements were met.

Quote for the day:

"Leadership is particularly necessary to ensure ready acceptance of the unfamiliar and that which is contrary to tradition." -- Cyril Falls

Daily Tech Digest - December 14, 2018

Technology Penetrating Fashion World

New technologies and textile innovations are not only changing how the fashion industry functions, but also how its products interact with the environment and consumers. Streamlining processes, developing more efficient systems, and modernizing operations within the fashion and retail industry are indispensable components of the fashion tech sector. Supply chain technology makes processes more efficient, while the use of data analytics, social media tools, artificial intelligence and augmented reality help guide purchasing and business decisions. The blockchain is a new digital record guaranteeing product safety, authenticity and ethical standards as records cannot be altered once added to the blockchain. Consumers can rest assured where and out of what material an item was made, who it was made by, the conditions they worked in and how much they were paid. Textile innovations and recycling processes are playing a major role in the development of a more sustainable future of fashion. 

Wine doesn't enable all Windows applications to run on Linux. But it does a good job. And that's even with Wine's developers not having access to the full story on Windows' APIs and system calls. Microsoft's software engineers, of course, have full access to Windows' internals. In addition, for several years now, Microsoft's WSL developers have been working on mapping Linux API calls to Windows and vice-versa. A lot of the work needed for Windows apps to run without modification on Linux has already been done. In short, Windows developers won't have to worry about modifying their applications. Microsoft could, without too much trouble, make it possible for them to keep running on Linux without major changes. With many applications, no change at all will be needed. For example, Office 365 now brings Microsoft more cash than MS-Office. With Microsoft doing all it can to get customers to move to cloud-based apps from shrink-wrapped programs, the underlying desktop operating system loses its importance.

Imagining banking without keyboards, apps or screens

Bank of America, Erica advertisement
The challenge facing banks, according to executives, is finding meaning and context for banking services in a simulated and automated environment.More simply, can the tangible quality of handling money translate into virtual service? The answer that banks are gravitating toward relies on crafting experiences suitable for the technology that are available at any given moment. “The way we like to think about this topic is from the perspective of the customer,” Ben Soccorsy, senior vice president of Wells Fargo virtual channels, said at a recent industry conference. “We like to think of it in the realm of contextual banking, with the notion of our customers being more hyperconnected” to multiple devices. “What can they do in banking within that context?” David Hoffman, the global banking and capital markets leader for PwC in the United States, asks banks to think of future technology innovation in the realm of what the firm calls “the art of the possible.”

Machine identity protection development gets funding boost

Venafi’s Machine Identity Protection Development Fund aims to address issues such as these directly, by building a community of funded developers to accelerate industry’s ability to protect machine identities, including hardware, software, platforms, containers, algorithms, apps and websites that are used by consumers and businesses on a daily basis.  Unlike other funds, Venafi said it was not a referral programme to third parties like venture capitalists (VCs) or private equity partners. Instead, the fund provides direct sponsorship from Venafi to incentivise developers to build integrations that speed up the industry’s ability to protect all machine identities. The fund will initially focus on integrations with DevOps tools and frameworks, cloud providers and data visualisation providers.

Android security audit: An easy-to-follow annual checklist

Android Security
Android security is always a hot topic on these here Nets of Inter — and almost always for the wrong reason. As we've discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you'll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, right?) The reality is that Google has some pretty advanced methods of protection in place for Android, and as long as you take advantage of those and use a little common sense, you'll almost certainly be fine (yes, even when the Play Store guards slip up and let the occasional bad appinto the gates). The biggest threat you should be thinking about is your own security surrounding your devices and accounts — and all it takes is 20 minutes a year to make sure your setup is sound.

Most organizations suffered a business-disrupting cyber event

business-disrupting cyber event
The research – which surveyed 2,410 IT and infosec decision-makers in six countries – found 29 percen of respondents reported having sufficient visibility into their attack surface (i.e. traditional IT, cloud, containers, IoT and operational technology) to effectively reduce their exposure to risk. To further complicate this lack of visibility, more than half of respondents (58 percent) said their security function lacks adequate staffing to scan for vulnerabilities in a timely manner, with only 35 percent scanning when it’s deemed necessary by an assessment of risks to sensitive data. Together, these data points reveal that the tools and approaches organizations are using fail to provide the visibility and focus required to manage, measure and reduce cyber risk in the digital era. Of those organizations that measure the business costs of cyber risk, 62 percent are not confident their metrics are actually accurate.

Kubernetes vendors target container security, operations and management

Kubernetes vendors target container security, operations and management
VMware said that with the rise of cloud-native architectures built on distributed microservices, developers are encountering challenges with visibility, management and control of these new applications. The microservices that these apps are comprised of are developed on cloud-native platforms like Kubernetes or Cloud Foundry, using a variety of programming languages, and often across multiple cloud environments. “NSX Service Mesh builds on the foundation of Istio, addressing problems we’re finding in cloud-native environments. For one, NSX Service Mesh will simplify the onboarding of Kubernetes clusters and federate across multiple clouds and Kubernetes clusters. This will enable the service mesh to plug into the broader NSX portfolio and platform, creating a unified and intelligent set of policies, network services and visibility tools,” VMware wrote in a blog describing the service.

AI Driven Cyber Security- The Biggest Weapon for CSOs in the Era

Besides containing any immediate threats to cyber assets, efficient incident management entails three critical steps: remediation, recovery, and retrospection. The MDR service-driven threat management system creates a record of different incidents affecting the organisation. This recorded data then helps the security system to prevent the same attacks from taking place again. AI can significantly augment the capabilities of security experts by providing them with relevant insights to take the right call. Through a combination of advanced data analytics and machine learning, AI-driven MDR solutions can complement human-led security interventions to offer comprehensive protection of enterprise networks and data. Considering the rate of data generation and digital adoption, it is imperative that organisations have the security tools defend themselves against sophisticated threats. To achieve this, CISOs must begin investing in AI-driven solutions, as well as towards strong human-machine collaborations in the context of enterprise security – right away!

What is cryptojacking? How to prevent, detect, and recover from it

vulnerable cryptojacking hacking breach security
The simple reason why cryptojacking is becoming more popular with hackers is more money for less risk. “Hackers see cryptojacking as a cheaper, more profitable alternative to ransomware,” says Alex Vaystikh, CTO and cofounder of SecBI. With ransomware, a hacker might get three people to pay for every 100 computers infected, he explains. With cryptojacking, all 100 of those infected machines work for the hacker to mine cryptocurrency. “[The hacker] might make the same as those three ransomware payments, but crypto mining continuously generates money,” he says. The risk of being caught and identified is also much less than with ransomware. The crypto mining code runs surreptitiously and can go undetected for a long time. Once discovered, it’s very hard to trace back to the source, and the victims have little incentive to do so since nothing was stolen or encrypted. Hackers tend to prefer anonymous cryptocurrencies like Monero and Zcash over the more popular Bitcoin because it is harder to track the illegal activity back to them.

How Australia is keeping pace with microservices

The migration to microservices is seen as a way to help large companies move away from monolithic systems – not just legacy platforms – and large modern systems that can be hard to update and change. Microservices, by comparison, offer a more modular architecture in which elements can be updated independently of each other to allow incremental refresh. In its recent Predictions 2019: Software report, technology analyst firm Forrester says a sea-change is under way that will promote more widespread use of microservices. “Microservice architectures are hand-crafted by PhDs today,” it says. “Over the next year, vendors including Amazon Web Services, Google and Pivotal will prototype platforms that will bring them to the masses.

Quote for the day:

"Teamwork is the secret that make common people achieve uncommon result." -- Ifeanyi Enoch Onuoha

Daily Tech Digest - December 13, 2018

AI and investing: The artificial intelligence analytical revolution

AI and investing: The artificial intelligence analytical revolution image
In the next five years, investment management will go through an analytical revolution, AI and investing will come together and revolutionise the way that investment information is analysed, packaged and presented to investors. This will change the face of investment management, with professional investors able to make informed investment decisions faster and will for the first time give private investors access to the same advanced stock selection and portfolio construction tools as the professionals. At the heart of this revolution is Augmented Intelligence, harnessing the power of AI combined with human decision making. As Paul Tudor Jones famously said, “No human is better than a machine, but no machine is better than a human with a machine”. ... By bringing out “interesting” insights, whether to confirm or enhance a suspected salient point or by identifying one that might have been overlooked otherwise, AI is the humble ‘idiot-savant’ that can usefully take on the tedious data-intensive work that humans are not best suited for.

A radical new neural network design could overcome big challenges in AI

The layer approach has served the AI field well—but it also has a drawback. If you want to model anything that transforms continuously over time, you also have to chunk it up into discrete steps. In practice, if we returned to the health example, that would mean grouping your medical records into finite periods like years or months. You could see how this would be inexact. If you went to the doctor on January 11 and again on November 16, the data from both visits would be grouped together under the same year. So the best way to model reality as close as possible is to add more layers to increase the granularity. (Why not break your records up into days or even hours? You could have gone to the doctor twice in one day!) Taken to the extreme, this means the best neural network for this job would have an infinite number of layers to model infinitesimal step-changes. The question is whether this idea is even practical.

DevOps adoption is creating chaos in the enterprise

With DevOps a nearly universal concept in the modern enterprise, it stands to reason that there are going to be issues. If so, the numbers in OverOps' report indicate there's more than just a margin of implementation error at work: Something is going wrong in a lot of DevOps organizations. Take automation, for example: DevOps is designed for faster release schedules, which means that automated tools are used to catch an increasing percentage of software errors. Despite increased use of automation, 76.6% of respondents said they're still using manual processes, and a shocking 52.2% rely on customers to tell them about errors. All that manual troubleshooting takes time, with 20% of respondents saying they spend one full workday a week fixing bugs, and another 42% spend between one half and one full day. Think back to the shared responsibility that developers and operations feel under DevOps, and you can start to see where OverOps' report is going: The big problem in DevOps is confusion.

Computers could soon run cold, no heat generated

Computers could soon run cold, no heat generated
The new “exotic, ultrathin material” is a topological transistor. That means the material has unique tunable properties, the group, which includes scientists from Monash University in Australia, explains. It’s superconductor-like, they say, but unlike super-conductors, doesn’t need to be chilled. Superconductivity, found in some materials, is partly where electrical resistance becomes eliminated through extreme cooling. “Packing more transistors into smaller devices is pushing toward the physical limits. Ultra-low energy topological electronics are a potential answer to the increasing challenge of energy wasted in modern computing,” the Berkeley Lab article says. ... Another group of researchers from the University of Konstanz in Germany say supercomputers will be built without waste heat. That group is working on the transportation of electrons without heat production and is approaching it through a form of superconductivity.

Managing risk in machine learning

As we deploy ML in many real-world contexts, optimizing statistical or business metics alone will not suffice. ... Given the growing interest in data privacy among users and regulators, there is a lot of interest in tools that will enable you to build ML models while protecting data privacy. These tools rely on building blocks, and we are beginning to see working systems that combine many of these building blocks. ... Because there’s no ironclad procedure, you will need a team of humans-in-the-loop. Notions of fairness are not only domain and context sensitive, but as researchers from UC Berkeley recently pointed out, there is a temporal dimension as well (“We advocate for a view toward long-term outcomes in the discussion of ‘fair’ machine learning”). What is needed are data scientists who can interrogate the data and understand the underlying distributions, working alongside domain experts who can evaluate models holistically.

When a NoOps implementation is -- and when it isn't -- the right choice

"Basically, NoOps is the same thing as no pilots or no doctors," Davis said. "We need to have pathways to use the systems and software that we create. Those systems and software are created by humans -- who are invaluable -- but they will make mistakes. We need people to be responsible for gauging what's happening." Human fallibility has driven the move to scripting and automation in IT organizations for decades. Companies should strive to have as little human error as possible, but also recognize that humans are still vital for success. Comprehensive integration of AI into IT operations tools is still several years away, and even then, AI will rely on human interaction to operate with the precision expected. Davis likens the situation to the ongoing drive for autonomous cars: They only work if you eliminate all the other drivers on the road.

Microsoft is telling awesome open source stories

Open source isn't just about code. Or needn't be. The spirit of open source is collaboration and sharing, which Microsoft has recently kicked up a notch with a new series of blogs that show how company culture can change, and what it could mean for open source development. Microsoft is already the world's biggest contributor to open source, at least as measured by the number of employees contributing to open source projects. It doesn't need to tell tales, and yet that's exactly what the company is doing, to cool effect, with its new Microsoft Open Source Stories blog. The blog aims to share the behind-the-scenes stories about how certain projects went open source. As Microsoft's Dmitry Lyalin related to Microsoft watcher Paul Thurrott, "We hope to tell over 20 stories through this process as we have had a lot of great stuff hidden behind the firewall."

Social engineering at the heart of critical infrastructure attack

Analysis reveals that the malware moves in several steps. The initial attack vector is a document that contains a weaponised macro to download the next stage, which runs in memory and gathers intelligence. The victim’s data is sent to a control server for monitoring by the actors, who then determine the next steps.  The researchers said it was still unclear whether the attacks they observed were a first-stage reconnaissance operation with more to come. “We will continue to monitor this campaign and will report further when we or others in the security industry receive more information,” they said. Raj Samani, chief scientist and fellow at McAfee, said Operation Sharpshooter was yet another example of a sophisticated, targeted attack being used to gain intelligence for malicious actors. 

Merging Internet Of Things And Blockchain In Preparation For The Future

Companies, users of IoT and Blockchain, as well as prominent figures in these futuristic technologies are all starting to come around to the idea that the Fourth Industrial Revolution will not just be built on one, but rather an amalgamation of all of them in different facets. If IoT has issues with security and corruption, it makes sense that Blockchain come to its aid and help secure the data with its immutable ledger. At the same time, if AI is struggling with its recording of data and a record of the AI, a distributed ledger can help with that too. So, as AI and IoT, for example, gain an edge in their previous issues with the integration of blockchain, so does the blockchain become more ingrained and useful going forward, making it indispensable in some sectors. Adoption like this always has been the hope for the distributed ledger technology. It is probably time for blockchain builders and implementers to stop worrying about disrupting current and past sectors with the use of a single blockchain, and instead look to how they can use blockchain in alliance with IoT, Big Data, AI, and others. to build that Fourth Industrial Revolution.

Top 10 Tech Predictions for 2019

Image: Pixabay
Some predictions are easy. For example, it’s a good bet that popular buzzwords like digital transformation, cloud computing, artificial intelligence and quantum computing will continue to get a lot of attention in the news. What is less clear is exactly how these areas of technology might evolve. Which innovations will become an integral part of doing business and which will fade in importance? How will enterprises attempt to leverage these technologies for competitive advantage? And what should IT leaders be doing now to prepare for the near future? ... The analyst predictions, on the other hand, could be useful to CIOs and other IT leaders who are writing goals, setting budgets and deciding on training priorities for the coming year. In many cases, the analysts have offered direct advice to enterprise IT on how to capitalize on these trends. Often the various research firms agree with each other in regards to which steps enterprises should take. But in other cases, cybersecurity being one, the analysts had wildly divergent ideas on how trends are likely to impact enterprises and what leaders should do about it to prepare.

Quote for the day:

"A leader should demonstrate his thoughts and opinions through his actions, not through his words." -- Jack Weatherford

Daily Tech Digest - December 12, 2018

crystal ball
Koley predicted growth in in the use of server disaggregation, which is separating the compute and memory so those resources can be allocated according to the demands of specific workloads. "We are betting big on that," he said. "I believe it will become big because we are really treating open source as fundamental to our strategy. You will continue to see more products that make it easier for users to build features and applications on top of it making it more powerful and useful." ... “Intent networking is here and it's transforming how operations have done. The form it's going to take is how am I going to inform the network as a whole?" Koley said. "When I talk to CIOs or CEOs, they ask ‘How can I manage my infrastructure like Google or AWS?’ I tell them to write software so you don't need a ton of developers to operate it. We're betting big on that." He said intent-based networking describes how organizations' infrastrcture behaves. "It's an important tool because when you're doing complex automation, you want the software layer that takes care of the intent," he said.

17 Skills Of Highly Effective Software Testers

Testing is not as easy as it is often presumed to be! It holds great significance to any software development process. For any software tester, a knack for analytics and logical application of concepts is necessary. When testing software, it is imperative to analyze the given situation and accordingly create a solution for the same. The thought process and right mindset will help break down the problem into parts, making it easy to examine the elements of the problem and its relationships. ... Testing can be a long and tiring process sometimes requiring the tester to sit down for hours and analyze a certain situation. But, after spending these hours it is crucial to have the right communication sent to the higher authorities. This leads to the correct decisions being taken in terms of the release and timelines. A good report along with effective communication is vital to establish healthy transparency & trust of all the stakeholders as it conveys about all the actions taken, the bugs found, the bugs solved and any other issues encountered.

How Tech Market Makers Build Value

Market makers, by contrast, embrace risk, tolerate failure (so long as they learn from it), and continually spend M&A and R&D dollars to create demand where none presently exists. They cultivate a workforce composed of people with diverse backgrounds and skill sets, who reflect the rapidly changing and expanding population they serve. This enables them to better understand and anticipate the needs of the broadest possible audience. These companies don’t just invent new products. They reinvent themselves and swiftly adapt to a rapidly changing world. Amazon, for example, could have rested on its laurels, first as a dominant bookseller, then as a dominant e-tailer. Instead, it has expanded into cloud computing, physical grocery sales, and, more recently, pharmaceutical retail with its $1 billion deal to buy PillPack. Similarly, Google could have restricted itself to its highly profitable search engine. Yet with Android, it created a new digital platform.

Lumentum CIO talks building an enterprise cloud computing strategy

The value of the cloud for us, for instance, in our factory use case is that I'm pushing very large volumes of data up into a shared cloud environment where it is easier for me to have a contract manufacture partner or a downstream enterprise customer interact with that data and have access to that data, versus the old way of providing a VPN tunnel into my on-prem piece of hardware where they're competing with me from a resource perspective to access that data. The cloud allows for collaboration and connectivity to occur in a way that the old on-prem model really doesn't. In addition to that, [it enables] agility, scalability and flexibility. The other big difference is on prem is an asset -- there's a capital buy and capital depreciation schedule and a fix commitment, whereas the cloud allows the flexibility to move up and down in volume as needed. ... To pick up a workload and to move it to another environment is somewhat easy; the hard thing is then to go retune, rebuild all your runbooks and optimize for that experience.

Why 86% of enterprises are increasing their IoT spending in 2019

Enterprises increased their investments in IoT by 4% in 2018 over 2017, spending an average of $4.6M this year. Nearly half of enterprises globally (49%) interviewed are aggressively pursuing IoT investments with the goal of digitally transforming their business models this decade. 38% of enterprises have company-wide IoT deployments today, and 55% have an IoT vision and are currently executing their IoT plans. ... The percent of enterprises scoring 75 or higher on the Intelligent Enterprise Index gained the greatest of all categories in the last 12 months, increasing from 5% to 11% of all respondents. The majority of enterprises are improving how well they scale the integration of their physical and digital worlds to enhance visibility and mobilise actionable insights. The more real-time the integration unifying the physical and digital worlds of their business models, the better the customer experiences and operational efficiencies attained.

6 steps to implement a successful data compliance strategy

Although it's crucial for data governance professionals to stay abreast of best practices for handling information, the entire staff at an organization should receive relevant training on the subject. That's because when regulated data gets exposed, malicious actions are not to blame the vast majority of the time. Metadata from Radar Inc. collected from 2016 and 2017 discovered more than 92 percent of incidents and 87 percent of breaches are unintentional or inadvertent. Given those extremely high percentages, it's unlikely the figures in 2019 will show a significant change across such a short period. So, a smart thing for companies to do is ensure all staffers who work with data in any capacity receive ongoing and up-to-date training about data governance and management. Then, instances of human error should decline as people become increasingly familiar with best practices and the expectations the company has for them to follow.

Announcing Oracle Functions

Serverless functions change the economic model of cloud computing. Customers are charged only for the resources used while a function is running. There’s no charge for idle time! This approach is different from the traditional one of deploying code to a user provisioned and managed virtual machine or container that is typically running 24x7 and which must be paid for even when it’s idle. Pay-per-use makes Oracle Functions an ideal platform for intermittent workloads or workloads with spiky usage patterns. ... Security is the top priority for Oracle Cloud services, and Oracle Functions is no different. All access to functions deployed on Oracle Functions is controlled through Oracle Identity and Access Management (IAM), which allows both function management and function invocation privileges to be assigned to specific users and user groups. And after they are deployed, functions themselves may access only resources on VCNs in their compartment that they have been explicitly granted access to.

How Java has stood the test of time

How Java has stood the test of time
Java implementations typically use a two-step compilation process. In other words, the source code is turned into bytecode by the Java compiler. The bytecode is then executed by the Java Virtual Machine (JVM). JVMs today use a technique called Just-in-Time (JIT) compilation to produce native instructions that the system's CPU can execute. This promotes the "write once, run anywhere" (WORA) approach that Sun espoused in Java's early days. The flexibility of bytecode provides a real boon to portability. Instead of compiling applications for every platform, the same code is distributed to every system and the JVM in residence manages it. The problem comes in when small footprint devices don't deal well with the overhead of interpretation that is required. In addition, the Java machine has grown considerably and is far too monolithic for small footprint applications that need to react quickly. As a result, we are seeing offshoots that involve significantly less overhead such as Avian and Excelsior JET that provide optimized native executables that sacrifice portability for performance.

Using Golang to Building Microservices at The Economist: A Retrospective

The platform, called the Content Platform, is an event based system. It responds to events from different content authoring platforms and triggers a stream of processes run in discrete worker microservices. These services perform functions such as data standardization, semantic tagging analysis, indexing in ElasticSearch, and pushing content to external platforms like Apple News or Facebook. The platform also has a RESTful API, which combined with GraphQL, is the main entryway for front end clients and products. While designing the overall architecture, the team investigated what languages would fit the platform needs. Go was compared against Python, Ruby, Node, PHP, and Java. While every language had its strengths, Go best aligned with the platform’s architecture. Go's baked in concurrency and API support along with its design as a static, compiled language would enable a distributed eventing systems that could perform at scale.

Microsoft confirms that Chrome extensions will run on new Edge browser

Microsoft is believed to be aiming to allow all existing Chrome extensions to work unmodified on the new Edge browser, but developers will still need to package the extensions for the Microsoft Store. Pflug also responded to Windows application developers looking for answers about what the switch would mean for Universal Windows Platform (UWP) apps and Progressive Web Apps (PWAs) if Microsoft ditched the EdgeHTML browser engine. Both app categories depend on EdgeHTML and may need overhauling if Microsoft completely abandoned them. Pflug said existing UWP and PWA apps in the Microsoft Store will continue to use EdgeHTML and Microsoft's Chakra JavaScript engine "without interruption". Microsoft isn't planning on adding an interpretation layer for existing apps to run on the new rendering engine. However, Microsoft does "expect to offer a new WebView that apps can choose to use based on the new rendering engine", according to Pflug. Microsoft is also aiming to enable PWAs to be installed on Edge from the web, rather than restricting installs to the Microsoft Store as it currently does for PWAs.

Quote for the day:

"Leadership is the art of giving people a platform for spreading ideas that work" -- Seth Godin

Daily Tech Digest - December 11, 2018

Using a password manager: 7 pros and cons

login password - user permissions - administrative control
NIST SP 800-63 recommends using non-password methods where possible, and although the recommendations are definitely against forcing users to use very long and complex passwords, they don’t limit password length or complexity. When people are forced to create and use long, complex, and frequently changing passwords, they do a poor job at it. They reuse the same passwords among different websites or use only slightly different passwords, which create an easy-to-decipher pattern. If those same humans use MFA or other non-memorization authentication methods, then the overall risk of repeated passwords and patterns can be broken. If a person can use a password manager, which creates and uses long and complex passwords that the person doesn’t have to remember, then perhaps you can get the best of both worlds. Until recently, I had never completely depended on them, throwing all my memorized passwords away. I felt bad about recommending them without “living” with them. 

Facebook Filed A Patent To Calculate Your Future Location

Another Facebook patent application titled “Location Prediction Using Wireless Signals on Online Social Networks” describes how tracking the strength of Wi-Fi, Bluetooth, cellular, and near-field communication (NFC) signals could be used to estimate your current location, in order to anticipate where you will go next. This “background signal” information is used as an alternative to GPS because, as the patent describes, it may provide “the advantage of more accurately or precisely determining a geographic location of a user.” The technology could learn the category of your current location (e.g., bar or gym), the time of your visit to the location, the hours that entity is open, and the popular hours of the entity. For example, in the map below that demonstrates how the tech would work, Facebook would see that you are in geographic location 302 — and it could predict you’d be likely to go to locations 304, 306, and 308 next, based on places you’ve visited before (maybe you’ve gone to Starbucks after visiting Walgreens) or on the travel behavior of other users the same age as you.

Be Prepared for Disruption: Thinking the New Unthinkables

The main conclusion is that the conformity — defined as adhering to conventional wisdom — that gets leaders to the top too often disqualifies them from grasping the scale and nature of disruption. Leaders are saddled with what Geoff Mulgan, chief executive of Nesta, a global innovation foundation in the United Kingdom, labels “zombie orthodoxies.” These leaders rise through the ranks listening and conforming to those like them. But disruption requires precisely the opposite: It needs leaders to think, and plan for, unthinkables. In order to do this, it is imperative to have a clear purpose and to embrace diversity, inclusivity, and new behaviors, which will help leaders understand and even anticipate the impact of disruption. It is an enormous Rubik’s Cube. As one top professional told us: Leaders today confront having to “eat an elephant in one mouthful.” This is not a case of trying to break down today's challenges into neat solutions.

IT strategy: How to be an influential digital leader

Like von Schirmeister, Gideon Kay -- who is European CIO at Dentsu Aegis Network -- says IT leaders must be alert to the fact that people on the board increasingly have a take on technology, just like they would on sales, marketing and operations. Kay says CIOs must see this new interest in digital transformation as an opportunity to influence. "You don't have to bite your lip," he says. "Once you've built your credibility, which you need to do pretty quickly, and providing you've built a reputation for explaining technology in the right way -- which is about talking in terms of the business and commercial impact -- then you can give the business the definitive line on technology." Kays says CIOs can use their experience to say which services the business should be worried about, and which are the ones that don't matter: "These are the things that are hot, and these are the things that are not," he explains.

How to tame enterprise communications services

How to tame enterprise communications services
Having an organization-wide communications policy in concert with both organizational objectives and IT capabilities is a first step, just as is the case with BYOD and security. Solutions must similarly be in concert with this policy, and with no exceptions. Once the communications policy is in place, a solution set can be assembled and aligned with the general framework we introduced above. In general, the process here will follow that which is typically applied to all IT services, including a requirements analysis, service set definition, long and short lists of candidate products and services (and, increasingly rarely, new internal development), and experiential analysis and evaluation via alpha and beta tests. The rollout of the solution must be accompanied by consciousness-raising, education, support, and monitoring for management visibility with respect to both the policy and the solution. Once again, IT must reinforce the importance of using only approved channels and facilities and avoiding difficult-to-impossible-to-monitor out-of-band solutions, including social media.

Is Blockchain A Solution For Securing Centralized ID Databases?

Clearly, the way that some centralized identity databases are currently secured doesn't work. I believe that technology industry professionals should think outside the box to create a security solution for centralized databases. Some think blockchain is the answer. They believe that a distributed ledger could be used to decentralize identity information. Using the blockchain, identity information could be stored securely using cryptography. This is similar to how cryptocurrencies are cryptographically stored in wallets on the blockchain. A wide variety of identity documents could be stored on the blockchain in a single place — an identity wallet of sorts — and each wallet could have its own form of encryption. The main advantage of doing this is that the identity information would become decentralized on a distributed ledger. This would make it a lot harder for cybercriminals to perform large-scale identity data breaches because they would have to hack into each wallet individually.

IT pros look to iPaaS tools for LOB integration demands

Application automation and integration are central to nearly every project these days at Wilbur-Ellis, a $3 billion holding company, with divisions in agribusiness, chemicals and feed. "If I look back on the last three major projects, they all involve a separate system that has to integrate," said Dan Willey, CIO at the San Francisco-based company. Many of these iPaaS tools are conceptually good for modern, cloud-based companies, but sometimes you are saddled with an application that doesn't play well. In the case of Wilbur-Ellis, an ERP system by Oracle's JD Edwards is a stumbling block, Willey said. Wilbur-Ellis uses Dell Boomi's connectors to connect customer and order data. The company will also use the tool in a broader sense as an API management platform. "It's a hard problem to solve," Willey said. "It's interchanging between your tool sets, data in your back-end systems, front-end systems, IoT data and other things that need to be lined up to make it happen."

CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks

Three-quarters of enterprises this year discovered on their own they had been hacked rather than learning from a third party. The bad news: It took them an average of 85 days to spot an attack. That means hackers still have the upper hand. What's more, they only need less than two hours, on average, to move from the initially attacked machine to further inside a target's network, according to CrowdStrike, which today published its "Cyber Intrusion Services Casebook, 2018," a report on a sampling of its real-world incident response (IR) investigations for clients. "We noticed attackers this year were pretty brazen and stealthy: Eighty-six days [before getting discovered] is still a problem," even when victim organizations are getting better at self-detection, says Tom Etheridge, vice president of services for CrowdStrike. The number of hacked organizations that spotted their own attacks rose 7% this year over those from CrowdStrike Services' IR engagements in 2017.

The top skills needed by data scientists in 2019

The data analyst role is suited to most businesses. Able to convert business challenges into opportunities for data analysis, the analyst often bridges the gap between technical and practical. A machine learning engineer is looking to make an algorithm run quickly and in a distributed environment. Asking them to analyze data and find nuggets of relevant business insights isn’t their forte, but an ML engineer can select the appropriate algorithm and implement it within the company’s production system without introducing a bottleneck. A research data scientist is interested in investigating cutting-edge techniques or inventing new techniques. This role usually requires a Ph.D. Extreme familiarity with the underlying mathematics is a must. It’s important to note this type of individual contributor would be bored out of their mind working on everyday-business problems. The manager is the ultimate bridge between various technical roles, business stakeholders, and other leadership. Managers are frequently facilitating their teams’ best work while ensuring outcomes are mapped to business goals and prove ROI.

Satan Ransomware Variant Exploits 10 Server-Side Flaws

"There is a risk of extensive infections because [of the] big arsenal of vulnerabilities that [the malware] attempts to exploit," says Apostolos Giannakidis, security architect at Waratek, which also posted a blog on the threat. All of the vulnerabilities are easy to exploit, and actual exploits are publicly available for many of them that allow attackers to compromise vulnerable systems with little to no customization required, he says. Several of the vulnerabilities used by Lucky were disclosed just a few months ago, which means that the risk of infection is big for organizations that have not yet patched their systems, Giannakidis says. All but one of the server-side vulnerabilities that Lucky uses affect Java server apps. "The vulnerabilities that affect JBoss, Tomcat, WebLogic, Apache Struts 2, and Spring Data Commons are all remote code execution vulnerabilities that allow attackers to easily execute OS commands on any platform," he notes.

Quote for the day:

"Colors fade, temples crumble, empires fall, but wise words endure." -- Edward Thorndike

Daily Tech Digest - December 10, 2018

What is an SSD? How solid state drives work

ssd computer chip solid state device
A simple USB flash drive (or thumb drive) is an example of solid-state drive technology. An SSD is a larger, more complex device that aggregates pools of NAND flash storage, the type of storage also found in MP3 players and digital cameras. Unlike RAM, which doesn’t retain data when the machine shuts off, SSD flash memory is non-volatile, which means data is retained whether the device is powered on or not. With SSDs, every block of data is accessible at the same speed as every other block, no matter the location. This makes SSDs inherently faster than hard drives, where platters are spinning and drive heads are moving to the right location. With HDDs, large files can be broken up and tucked into unused nooks and crannies of the drive, and data can be easily updated in place. This allows for efficient use of the total drive capacity. On the other hand, scattered data obviously takes longer to locate, which is why defragmenting a hard drive has become a standard part of device maintenance.

Online Shopping – Not so old but worth much more!

Ai in eCommerce Researchers or Explorers Trootech Business Solutions
People under the Researcher category exhibit that they have crossed the awareness stage are now into the consideration stage. They are considering their potential options. If a person is conducting research about anything, it means he/she is looking for details. Details that can satiate their confused mind, provide answers to their underlying questions. Researchers are a notch above browsers in terms of potential buyers. If a website provides a detailed explanation of products, trustworthy support, easy navigation, and crisp product images, they may more incline towards buying from that website. Hence trust is the most important factor for researchers. Simply providing consistent information and clear to the point product descriptions work here. Since trust is mentioned here, product reviews or user reviews become the most influential factor here. Researchers will tend to trust previous customers who have bought similar items. Comprehensive user reviews and ratings act as a catalyst.

Will the imminent death of Microsoft Edge lead to an insecure browser monoculture?

As Callan says, Microsoft certainly has the ability to adopt Google’s HTML rendering engine without abdicating other browser interface and technology decisions, but the possibility definitely looms of the new Microsoft browser becoming little more than a re-skinned version of Chrome, whatever it is called. "In the certificate space, this monoculture could lessen the influence of many important voices," Callan warns. "Interoperability requirements have caused public PKI mechanisms such as TLS certificates to be governed by standards bodies such as the IEFT and the CA/Browser Forum." And for good reason as these bodies incorporate the unique expertise of not only browser manufacturers but also CAs, information providers, auditing firms and others to create a robust ecosystem that defends against myriad attack vectors."As a single browser manufacturer gains the ability to flex its muscle and make decisions unilaterally that all others must comply with," Callan said, "these other viewpoints and their valuable knowledge threaten to be lost..."

New Microsoft Teams calling features narrow gap with Skype

Three of the advanced features -- group call pickup, call park and shared line appearance -- should become available within the next several weeks. A fourth feature, location-based routing, is slated for release in the first quarter of 2019. Group call pickup improves an existing feature that lets users automatically forward incoming calls to groups of colleagues. The system can ring each member of the group simultaneously or one at a time in a predetermined order. The update lets users customize the appearance and type of notifications that members of the group receive with incoming calls. Call park is a sophisticated way to put callers on hold. Parking a call generates a code, which gets sent -- in a text message, for example -- to the employee the caller is attempting to reach. That employee can then answer the call in the Teams app. Shared line appearance lets businesses create user accounts with multiple phone lines. The incoming calls to those lines are all automatically forwarded to other users. 

HONOR: The Force of Innovation

In pursuit of innovation, HONOR has often played the long game, ignoring the latest hot trends if it believed certain technologies were not ready to be commercialized. “Virtual reality and augmented reality, for instance, still have unsolved concerns and matters that need to be addressed,” Zhao said. “Blockchain application on mobile phones is nothing more than a gimmick. At HONOR, we have our own mechanism for deciding what to invest in and innovate. Once we have set the direction, we will go all-in.” That determination has come to fruition in HONOR’s AI breakthroughs, which have been at the center of HONOR’s development strategy from the beginning. Long before the industry came to realize the importance of AI, HONOR had already invested heavily in R&D and building the AI ecosystem. “We have spent six years developing the chipset, system and application,” Zhao said. “We believe AI assists human brains in making decisions. If mobile phones have broadened our minds and experiences as users, then AI will narrow the gap between us and the experts.

What is digital trust? How CSOs can help drive business

security trust
Even if companies understand the value of trust, many simply overestimate their own standing in their customers eyes and how they compare to the competition. The report outlined an average of a 14-point gap between the level of trust customers have in whether organizations handle personal data appropriately compared to how much organizations think they are trusted. The report claims this illustrates how “dangerously out of touch” organizations are with their customers. Just a third of customers said their trust in organizations had increased over the last two years, compared to the 84 percent of business leaders who believe that trust has increased. Ninety percent of those business leaders claim they are very good or excellent at protecting customer data, and 93 percent say that it is a differentiator over the competition. Considering the number of organizations that admitted a data breach in the study, this clearly does not add up.

Quantum computers pose a security threat that we’re still totally unprepared for

The report cites an example of encryption that protects the process of swapping identical digital keys between two parties, who use them to decrypt secure messages sent to one another. A powerful quantum computer could crack RSA-1024, a popular algorithmic defense for this process, in less than a day. Such machines, which would require a couple of thousand “logical” qubits, are probably at least a decade away, say the US experts. Qubits’ delicate quantum state can be disrupted by things like tiny changes in temperature or very slight vibrations, so it can require thousands of linked qubits to produce a single logical one that can be reliably used for computation. Still, complacency would be a mistake. William Oliver, an MIT physics professor and a member of the group that produced the academies’ report, notes that governments and businesses like banks often need to keep data secure for decades. They therefore need to be thinking now about potential future threats to the encryption they’re using.

Brexit implications for data protection

GDPR brought massive changes to data protection legislation and expanded what was expected of data controllers and data processors. One of the biggest changes brought about by GDPR is that organisations must now have technical measures that enforce their data sharing policy. “You used to have a contract that said you would not misuse data, but GDPR says you now must have technology in place that prevents the misuse of data,” says Gary Lefever, CEO of Anonos. As the internet has become an integral part of our society, data protection has become a legislative necessity to ensure the sharing of personal information is conducted in a fair, secure and responsible manner. The requirements for data storage, sharing and processing have been articulated in the GDPR, which is necessary reading for any company with any form of online presence. According to both the GDPR and the UK Data Protection Act 2018, when a country leaves the EU, it will cease to be covered by the GDPR, and as such will be considered as a third country, which is any country or territory other than an EU member state.

Innovative anti-phishing app comes to iPhones

Apple, iOS, iPhone, iPad, security, MetaCert
Traditional security protection systems such as virus checkers and firewalls are still mandatory, but they are far less effective against the complex attack scenarios prevalent in today's digital economy. When it comes to enterprise security, network monitoring, location-based protection and cooperative sharing of security-related datasets are becoming key components of switched-on, 24/7, situation-awareness security protection systems. Within this landscape, MetaCert’s system seems a useful adjunct to existing systems. I imagine we’ll see this kind of alert-based security systems become components of future operating systems in the future, certainly within those from vendors that actually care about customer security, and privacy, come to that. On iOS, this new solution works with most email services, including Thunderbird and Apple Mail, with Outlook and Gmail support in development. The company is running a public beta test, so you can test this system for yourself.

Juniper ATP appliance gets broader device support

In the latest announcement, Juniper has made it possible for a Juniper ATP appliance to collect logs from security devices through their system logging facility, or syslog. To separate security-related log events, an administrator would go to the JATP user interface and create a log filter using one of its supported formats, such as XML, JSON and CSV. The admin can then create a parser that maps the log field from a firewall, for example, into the JATP's event fields to look for possible security threats, a Juniper spokesperson said in an email. Also, through the JATP UI, admins can see statistics on incoming logs and delete unneeded logs. Before the syslog support, easily collecting security data was limited to Juniper's SRX firewalls and devices made by the company's partners, such as Fortinet and Palo Alto Networks. "With the custom data collector capability, the integrations can be created from within the product by security personnel via an easy-to-use UI," the spokesperson said. Juniper plans to release the new capabilities in a software upgrade scheduled for release this month.

Quote for the day:

"Setting an example is not the main means of influencing others, it is the only means." -- Albert Einstein