Daily Tech Digest - January 16, 2019

The Rise of Automated Machine Learning

AI and machine learning require expert data scientists, engineers, and researchers, and there's a worldwide short supply right now. The ability of autoML to automate some of the repetitive tasks of ML compensates for the lack of AI/ML experts while boosting the productivity of their data scientists. By automating repetitive ML tasks -- such as choosing data sources, data prep, and feature selection -- marketing and business analysts spend more time on essential tasks. Data scientists build more models in less time, improve model quality and accuracy, and fine-tune more new algorithms. More than 40 percent of data science tasks will be automated by 2020, according to Gartner. This automation will result in the increased productivity of professional data scientists and broader use of data and analytics by citizen data scientists. AutoML tools for this user group usually offer a simple point-and-click interface for loading data and building ML models. Most autoML tools focus on model building rather than automating an entire, specific business function such as customer analytics or marketing analytics.

Model-driven RESTful API for CRUD and More

This article introduces a model-driven RESTful API for CRUD (Create, Read, Update, Delete). With it, you can write simple models (specifying a database table and the set of columns to be exposed) and the REST endpoints for CRUD will become available automatically. No hand-coding of any SQL is necessary. The concept could be implemented on different technology stacks and languages. Here, I used JavaScript (which generates SQL) with Node.js, Express, and PostgreSQL. Most projects need to Create, Read, Update, and Delete objects. When these objects are simple enough (one driving table and a few columns in the database), the code is very similar from one object to the next. In fact, the patterns are the same, and the only differences are the names of the tables and the names and types of the columns. Of course, there will always be complex endpoints which need to be written by hand but by automating the simple ones, we can save a lot of time.

Progressing beyond a pre-digital age: Building the business case for ‘digital HR’

Progressing beyond a pre-digital age: Digital HR image
Humans are, well, only human. Mistakes happen, but a mistake can have a huge impact on an organisation’s health and future success. Introducing technology to manage a range of processes can help to reduce and mitigate HR related risk by minimising all manner of issues from poor HR consistency and visibility, to data loss. Manually updating changes in spreadsheets can be a cumbersome and ineffective process, especially when the data is being entered into multiple documents. Research from Salesforce shows that 88% of all spreadsheets have significant errors in them. Applying intelligent automation will not only reduce the risk of human mistakes but also help to flag errors and data problems before they create a negative impact on the business. The huge issue of risk and compliance aside, automation reduces the HR admin mountain and allows a focus on people strategies which are so critical when competing for talent and reducing churn. 

Get ready for edge computing’s rise in 2019

While many of you may see edge as exclusive to IoT, its value is much wider and will prove as critical to driving up customer experience as content delivery networks (CDN) were in the early days of the web . . .which explains why you are now seeing edge compute and AI services from all the major cloud vendors and on the road maps of the leading telecom companies. Twenty-seven percent of global telecom decision makers, who responded this year to the Forrester Analytics Global Business Technographics® Mobility Survey, 2018, said that their firms are either implementing or expanding edge computing in 2019. Many of these vendors will require new wireless tools and updated skill sets to achieve this digital transformation. This aligns to Verizon's recent employee buyout offer, as a result of which over 10,400 of its staff will be gone next year, driving nearly $10 billion in savings that it can apply to its edge-compute-empowered 5G network. And speaking of CDNs, nearly every one of these vendors is adding edge compute to their core market values.

World's first robot hotel massacres half of its robot staff

Terminator head
The story highlights the shortcomings of purportedly “state of the art” AI automation that are rarely discussed. One is that they’re installed to solve a management problem rather than a customer need, as was the case here - the hotel is in an area with an acute labour shortage. Secondly, they’re just plain annoying. As hotel manager Hideo Sadawa explained: “When you actually use robots you realize there are places where they aren’t needed - or just annoy people”. While robotics has advanced steadily in industry, the picture is different in consumer electronics. Trade group the International Federation of Robotics noted that sales of industrial robots had doubled in five years. But it’s largely cyclical, IFR president Junji Tsuda admitted. Adoption doubled even more dramatically between 2009 and 2010, which had nothing to do with AI and a lot to do with the falling cost of sensors and microelectronics. In industries where automation is highly advanced, such as car production, it may not move the dial much: wage rates largely govern the substitution phenomenon

The Key Cybersecurity Takeaways From The Recent SEC Charges

The Key Cybersecurity Takeaways From The Recent SEC Charges
Hackers continue to prefer phishing schemes to almost any other infiltration or social engineering tactic. In part, their effectiveness ties into their mundanity; phishing attacks look like legitimate emails, and employees without proper training will reliably open their emails. Phishing attacks, therefore, provide a low effort, high impact cyber threat. Furthermore, if it can hit the SEC, it can hit your enterprise as well. To prevent a phishing attack from inflicting damage on your databases, make sure your employees can recognize a phishing attack if they receive one; there are tell-tale signs for almost all of them. Incentivize recognizing phishing attacks before they occur, either through a small rewards program or by making cybersecurity a part of your employees’ everyday job duties and performance reviews. Additionally, ensure your cybersecurity platform includes a SIEM solution with strong threat detection capabilities. Your enterprise can also benefit from an email security solution to prevent phishing attacks from reaching your inboxes.

Major Security Breach Discovered Affecting Nearly Half of All Airline Travelers

With the PNR and customer name at our disposal, we were able to log into ELAL’s customer portal and make changes, claim frequent flyer miles to a personal account, assign seats and meals, and update the customer’s email and phone number, which could then be used to cancel/change flight reservation via customer service. Though the security breach requires knowledge of the PNR code, ELAL sends these codes via unencrypted email, and many people even share them on Facebook or Instagram. But that’s just the tip of the iceberg. After running a small and non-threatening script to check for any brute-force protections, none of which were found, we were able to find PNRs of random customers, which included all of their personal information. We contacted ELAL immediately to point out the threat and prompt them to close the breach before it was discovered by anyone with malicious intentions. We suggested stemming the vulnerability by introducing captchas, passwords, and a bot protection mechanism, in order to avoid using a brute-force approach.

What is COBIT? A framework for alignment and governance

New concepts and terminology have been introduced in the COBIT Core Model, which includes 40 governance and management objectives for establishing a governance program. The performance management system now allows more flexibility when using maturity and capability measurements. Overall, the framework is designed to give businesses more flexibility when customizing an IT governance strategy. Like other IT management frameworks, COBIT helps align business goals with IT goals by establishing links between the two and creating a process that can help bridge a gap between IT — or IT silos — and outside departments. One major difference between COBIT and other frameworks is that it focuses specifically on security, risk management and information governance. This is emphasized in COBIT 2019, with better definitions of what COBIT is and what it isn’t. 

The report on the security analysis of radio remote controllers for industrial applications highlights notes the use of obscure, proprietary protocols instead of standard ones makes controllers vulnerable to command spoofing, so an attacker can selectively alter their behaviour by crafting arbitrary commands, with consequences ranging from theft and extortion to sabotage and injury. “The legacy and widespread RF technology used to control industrial machines is affected by serious security issues that impact several market verticals, applications, products and brands,” the report said. The researchers warned that currently and widely used legacy RF technology for industrial applications can be abused for sabotage of equipment, theft of goods by manipulating equipment and extortion by demanding payment to hold off or cease equipment interference.

Getting Started with PouchDB - Part 1

PouchDB is an open-source JavaScript NoSQL database designed to run offline within a browser. There is also a PouchDB server version that can be used when online. These two databases synchronize from one to another using a simple API call. You may also use CouchDB on the server to synchronize your data. A NoSQL database is storage where there is no fixed table structure as in a relational database. There are a few different methods NoSQL databases use to store data: column, document, Graph, and key-value pair. Of these, the most common are column and document. PouchDB supports document-oriented where data in the model is stored as a series of JSON objects with a key value assigned to each document. Each document in PouchDB must contain a property called _id. The value in the _id field must be unique per database. You may use any string value you want for the _id field. In this article, I am going to use a value that is very simple.

Quote for the day:

"Your talent and giftedness as a leader have the potential to take you farther than your character can sustain you. That ought to scare you." -- Andy Stanley

Daily Tech Digest - January 15, 2019

Coding, cloud skills are most in demand for network pros

Computerworld Tech Forecast 2017 - Hottest Tech Skills for 2017
The premise of incorporating development know-how with operations skills isn’t new and often falls under the umbrella of DevOps, a process methodology that encompasses software development and IT operations teams working more closely together from design to production. The benefits are said to include software that works better and as expected on the production network because the operations team shared insights with developers. ... Another network-specific security skill is traffic scrubbing. This quality of service prioritization puts filters in place to find offensive traffic, mitigate it and protect the remaining network without losing access to the Internet, CompTIA’s Stanger explains. Network professionals are being tasked by their CIOs to fulfill security roles in part due to trends such as IoT and cloud. Another factor only network managers could understand is the impending reality of IPv6.

Tick-tock: The year-long Windows 7 countdown by the numbers

windows 7 logo in the rear view mirror
36, the percentage of all Windows PCs that will run Windows 7 at its retirement, based on a rolling 12-month average of change tracked by Net Applications; that average was then projected into the future. The number has fluctuated significantly over the last two years, from a low of 29% to nearly 40%. It's also the maximum number of months Microsoft will offer corporate customers "Windows 7 Extended Security Updates" (ESU) after the January 2020 support retirement. The extended support will be available only for PCs running Windows 7 Professional or Windows 7 Enterprise, and then only if those operating systems were obtained via a volume licensing deal. Microsoft will discount ESU for customers who also have Software Assurance plans in place for Windows or have subscriptions to Windows 10 Enterprise or Windows 10 Education, including the Microsoft 365 subscription. Windows 7 ESU will be sold in 12-month increments, with as many as two extensions of the additional-support plan.

What you must know about moving ERP to the cloud

What you must know about moving ERP to the cloud
The migration of critical business applications is happening right now for several reasons. First, hardware leases are up for renewal, or upgrades need to occur to move to the next generation of ERP or other critical applications. So, the ERP providers are showing up with new software and new compute requirements that are also growing, and this means more hardware procurement and data center space for IT. That cost is becoming prohibitive. With today’s public cloud alternatives, the issue is not if you think cloud is safe or not, it’s that you can’t afford the on-premises alternative. Second, the sky has not fallen. A few years ago, naysayers predicted outages, breaches, the Zombie Apocalypse, and so forth as a consequence of cloud migration—none of which happened at a noticeable scale. So, those who pushed back on cloud computing based on the impending-doom argument are no longer listened to, or they were moved out of IT leadership.

Robust data governance is key for machine learning success

Industry pundits speculate about machine learning algorithms being a potential ‘Black Box’, primarily due to the scepticism around trusting an ecosystem which exhibits limited transparency to its data compliance and decision making processes. The global data analyst community has helped design semi or fully-automated analytics systems that are AI or ML driven. However, the core and often-niggling issue of data quality may always prevail. Add to this, the multifarious and disparate data sources, immense data volumes, and unstructured data types that augment the already existing data management problems, especially those relating to data governance. As ML gains momentum and continues to be at the forefront of transforming the way organizations operate, it may be advisable to exercise some caution. In the absence of robust data governance processes, the zeal to allow ML to take over the decision-making process entirely has the potential to unleash some critical issues – unreliable and misleading information and unexpected expense overheads.

Tech usage in school more likely in UK than Germany

Darren Fields, regional director of UK and Ireland at Citrix, said the UK is making progress in the promotion of science, technology, engineering and mathematics (Stem) subjects, but that more needs to be done to keep ahead of growing skills gaps. “As a nation, it’s critical that we continue to invest in future generations, encouraging greater engagement with technology and creating a culture whereby young people are eager to get involved with and learn more about Stem subjects,” he said. “Employers currently report a significant tech skills gap, and the next generation of tech-savvy workers will be vital in helping to close this.” Fields highlighted the need for ensuring the UK is producing the technology talent to match the UK’s technology “ambitions”, and said education is the “start of the pathway” for ensuring this outcome.

How Employees of the Future Will Be Different

"The employee of the future might have many careers, skill sets and expertise she wants to pursue--all at the same time," says Wong. "Her 'boundless self' means that that she might be more interested in creating an increasingly complex, non-linear career journey, filled with her many interests and experiences. [...She] may no longer imagine herself in one role, company or career track for the rest of her life; instead; she might look to reinvent both herself and her career continuously, often at the same time." ... "Traditionally, employees have experienced much less flexibility in how they work, collaborate, and communicate. But for the employee of the future, endless choice in how, where, and with whom they work will increasingly be the norm. This can create anxiety on how to make the right choice. So, companies should seek to help these employees navigate the sea of options by offering clear and simple guidelines or ways to navigate to the best decision."

5 Important Augmented And Virtual Reality Trends For 2019 

5 Important Augmented And Virtual Reality Trends For 2019 Everyone Should Read
Computer vision – an AI (artificial intelligence) technology which allows computers to understand what they are “seeing” through cameras, is essential to the operation of AR, allowing objects in the user's field of vision to be identified and labeled. We can expect the machine learning algorithms that enable these features to become increasingly sophisticated and capable. The Snapchat and Instagram filters we are used to, to, e.g. overlay bunny ears and cat whiskers on selfies, are a very consumer-facing application of AI tech combined with AR. Their popularity in these and various other applications of image enhancement functionality isn’t likely to dwindle in 2019. For more scientific use cases, there’s Google’s machine learning-enabled microscope to look forward to, which can highlight tissue which it suspects could be a cancerous tumor growth as a pathologist is looking at samples through the viewfinder. VR is about putting people inside virtual environments and those environments – and their inhabitants – are likely to become increasingly intelligent over the next year.

Artificial Intelligence: Bright Future or Dark Cloud?

There is a fierce debate on campuses and in boardrooms about the life-altering effects of AI. Elon Musk has warned of a “fleet of artificial intelligence-enhanced robots capable of destroying mankind”, while Larry Page of Google and Alphabet foresees advancements in human progress. I believe there is merit in both arguments, and the good news is that we have time to shape AI in a positive direction. In human terms, we are in the toddler stage in the development of AI--a period of rapid neurogenesis. A child’s early years are shaped by external stimuli like pictures, music, language, and of course, human interaction. The result of this neurogenesis will determine a person’s intelligence, compassion, thoughtfulness and, importantly, capacity for empathy. Similarly, for AI to evolve in a positive direction, we need to involve the humanities, law, ethics as well as engineering. We need diversity of thought amongst the people working on these solutions. I know others share this view.

API integration becomes an enterprise priority

The pre-built integration templates in API integration products bring quick connectivity between previously siloed cloud applications. These packaged integrations also help with self-service deployment for line-of-business employees, increasing the speed and reducing labor costs of integration. Those attributes led Humantelligence, which offers an AI-driven recruiting and culture-analytics platform, to adopt API integration. Juan Luis Betancourt, Humantelligence's CEO, sought automated integration capabilities to connect the company's app environments with customers' cloud and homegrown apps, particularly their applicant-tracking applications. After evaluating five products, Betancourt implemented Jitterbit Harmony iPaaS. This API integration platform helps his company quickly connect SaaS, on-premises and cloud applications. "The iPaaS solution provides the built-in integrations and automated tools we need to navigate the complexities of API integration," he said.

Insider threats will dominate cybersecurity trends in 2019

The proliferation of SaaS applications is giving insiders more ways to exfiltrate data, and this trend shows no signs of slowing down – in fact, SaaS spending is expected to double by 2020. Accidental and purposeful exfiltration insiders will take advantage of multiple new channels to exfiltrate data and hide their tracks ... Insider threat statistics from the Ponemon Institute show that two out of three insider threat incidents happen by accident. While malicious insider threats tend to capture more of the headlines, far too many incidents are accidental and could have been prevented. Organizations will take more initiative to gain insight into the context behind insider threat incidents, including user intent. This level of context can help cybersecurity teams stop user mistakes before they become full-blown breaches. As such, more organizations will adopt ongoing insider threat training as a company-wide cybersecurity awareness initiative

Quote for the day:

"No persons are more frequently wrong, than those who will not admit they are wrong." -- François de La Rochefoucauld

Daily Tech Digest - January 14, 2019

Right to be forgotten is not global, says EU court adviser

Szpunar said in his opinion that Google “is not required, when acceding to a request for de-referencing, to carry out that de-referencing on all the domain names of its search engine” and that it only had to “ensure full and effective de-referencing within the EU”. Peter Fleischer, senior privacy counsel at Google, said in a statement: “Public access to information and the right to privacy are important to people all around the world, as demonstrated by the number of global human rights, media and other organisations that have made their views known in this case. “We have worked hard to ensure that the right to be forgotten is effective for Europeans, including using geolocation to ensure 99% effectiveness.” Richard Cumbley, partner and global head of technology at UK law firm Linklaters, said this important case pits fundamental rights to privacy against freedom of expression and highlights the continuing conflict between national laws and the internet. There are a number of risks in extending the right to be forgotten globally, including the risk that other states would also try to suppress search results on a global basis.

Phishing: The simple attack that shreds the defenses of sensitive networks

Many organizations focus their cybersecurity strategy on threat detection and buying tools to detect the most advanced threats. Email security, and therefore antiphishing, then typically becomes a lower priority and is usually delegated to junior staff. As is evidenced by this cyberattack, which was allegedly conducted by one of the most sophisticated threat actors in the world, the simplest attacks can have the most damaging outcomes. Due to their manipulative nature, phishing emails are quite difficult to detect and block. They target their victims by masking malicious links and attachments to mimic routine tasks or urgent requests. The attacker may sit in your network for months, observing the comings and goings of company correspondence to craft the perfect personalized email that fools even experienced S&R pros.

Overcoming imposter syndrome: How managers can boost employee confidence

"Any time you have an employee who's feeling like they don't belong, the first thing is to just focus on frequent feedback, and certainly affirmative and positive feedback to let them know where they are doing a great job and that their contribution is valued," Romansky said. Once you've provided that affirmation, then help the employee look forward, Parr recommended. Some employees are confident in their current abilities, but may not be as confident in accomplishing future goals or challenges. Ask the employee where they want their career to go and what they want to accomplish, and then help them formulate a direct, specific, and logical approach to achieve those goals, Parr said. "There is then no impostor syndrome to deal with because you've already explained what the exact actions are that you're going to take," Parr added. "So stop thinking that you are not good enough when you now have a clear roadmap to get there."

Yes, Henry David Thoreau Was an Industrial Innovator

Thoreau’s story is instructive, Henry Petroski tells us in The Pencil: A History of Design and Circumstance, “because it is a reminder that innovative and creative engineering was done by those who were interested in a wide variety of subjects beyond the technical. Whether or not they had college degrees, influential early-nineteenth-century engineers could be a literate lot, mixing freely with the most prominent contemporary writers, artists, scientists, and politicians. And this interaction hardened rather than softened the ability of the engineers to solve tough engineering problems.” In the modern, teamwork-obsessed workplace, Thoreau might not seem the ideal hire. He was probably happiest by himself, as in his cabin at Walden Pond, or in his room, writing. But he had a keen eye — and no patience — for folderol, a trait perhaps too rare in today’s corporations. And he would be the last person in the world to succumb to groupthink. What could be more valuable than a brilliant and brutally honest individual you can always trust to tell you the unvarnished truth?

Microsoft takes community approach to artificial intelligence in Sweden

Microsoft’s engagement with customers who are developing apps is enhanced through its software development kits (SDKs), which are often free, enabling the creation of platforms where developers can contribute ideas. “You can ask questions and provide feedback,” said Otel. “This is a brilliant way for Microsoft to engage with the customer. Customers can share experiences and contribute features they have developed. They can also suggest features that they would like to have. In this way, it is possible for Microsoft to engage closely with its developer community. Together we build new use cases.” Microsoft can work with developers that are building applications or directly with end-users, and all users build products via Microsoft’s technology. “We see a lot of very interesting new players here in Sweden,” said Otel. “The economic situation in the Nordics is very good at the moment, so this could be a perfect time to start exploring whether you are interested in starting your own AI business.”

AI Speaks – A Call With The Disruptor

With the average user touching their smartphone over 2600 times every day, it is evident that smartphones currently process multiple functions to produce the result as desired by the user. Artificial Intelligence makes it possible for assessing these functions and procuring a pattern that best fits an individual’s personalized mobile phone consumption requirements. This includes efficient RAM and memory allocations, thus decluttering data to deliver a seamless user experience. Additionally, this pattern can include thorough battery management in order for smartphones to deliver optimum results. In fact, smartphone users have been vocal about bringing Artificial Intelligence into the picture for improving battery management. At this rate, 2019 is expected to witness AI-led battery management features being introduced in the mid-range mobile phone segment and under the 10K segment as well. Soon, this concept of machine perception will enable smartphone sensors to learn, plan, and solve real-time problems for their users.

What is a CISO? Responsibilities and requirements for this vital leadership role

intro woman leadership leader executive cityscape vision
Technical knowledge isn't the only requirement for snagging the job — and may not even be the most important. After all, much of a CISO's job involves management and advocating for security within company leadership. IT researcher Larry Ponemon, speaking to SecureWorld, said that "the most prominent CISOs have a good technical foundation but often have business backgrounds, an MBA, and the skills needed to communicate with other C-level executives and the board."  Paul Wallenberg, Senior Unit Manager of Technology Services at staffing agency LaSalle Network, says that the mix of technical and nontechnical skills by which a CISO candidate is judged can vary depending on the company doing the hiring. "Generally speaking, companies with a global or international reach as a business will look for candidates with a holistic, functional security background and take the approach of assessing leadership skills while understanding career progression and historical accomplishments," he says.

Good data in, good data out: How innovation in technology has evolved

If you think about security organizations before, they were the organization of no. They were Dr. No. You ask, you want to do something, no, we're not gonna be able to do that. The most secure system is one that is not open, that's one that's not connected. Moving from that, we, I think at a very fast pace, jumped into the consumerization of IT, right? That means being driven by IT, by consumers. People wanting to have more access, people having that access. Even though businesses were not capitalizing on technology, the consumer population and their personal lives were able to capitalize on technology. That gives us a different feel in trajectory and pace. My career trajectory has spanned over 20 years, it has definitely moved very quickly throughout each of the phases of technology and now, when we think about internet things, when we think about AI and machine learning and the possibility that it has for us, we don't have the same bounds as we used to. We don't have the same resistance as we used to because I think we've learned that we can't have that amount of resistance.

Scaling a Distributed Stream Processor in a Containerized Environment

Stream Processors are software platforms that enable users to process and respond to incoming data streams faster. There are a number of stream processors available in the market to choose from. Flink, Heron, Kafka, Samza, Spark Streaming, Storm, and WSO2 Stream Processor are some examples of open source stream processors. Real-time operation of stream processors is critical to provide a high-quality service in terms of system performance. Most of the modern stream processors can handle 90% of the streaming use cases with few computer nodes. However, with time, due to business expansions most profitable businesses have to handle increasing amounts of workloads. Hence the chosen stream processor requires to be capable of scaling and handling larger workloads easily. Increasingly, stream processors have been deployed as Software as a Service (SaaS) in cloud computing systems. Some notable examples include Amazon Kinesis Data Analytics, Microsoft Azure Stream Analytics, Google Cloud Dataflow, etc.

Capturing images from camera using Python and DirectShow

OpenCV provides some basic methods to access the camera linked to the PC (through the object VideoCapture), but most of the time they aren’t enough even for a simply prototype. For instance, it’s not possible to list all the cameras linked to the PC and there isn’t a quick way to tune the parameters of the camera. Alternatively, you can use PyGame or the SDK provided by the camera manufacturer, if available.  In Windows to interact with the cameras it’s often used DirectShow. Its main strengths are: Almost any camera provides a driver that allows it to be used from DirectShow; It’s a technology well established and widely used; and It’s based on the COM framework, so it is designed to be used from different programming languages. Conversely, it’s a quite old technology that is being replaced by the Windows Media Foundation and Microsoft is not developing it anymore. But it’s not a bit deal because it’s has all the features needed and it’s used in so many applications that (in my opinion) Microsoft will keep it available for a long time.

Quote for the day:

"Successful leadership requires positive self-regard fused with optimism about a desired outcome." -- Warren Bennis

Daily Tech Digest - January 13, 2019

Experts Say Blockchain Has Yet To Become The Game-Changer Many Had Expected

Brent Jaciow, head of blockchain affairs at Utopia Music, a music data tracking platform, argues, though, that as with any software or technology, the user experience must make the end user's life easier. "Blockchain is still an emerging technology (even if it has been around in one form or another for 20 years), and developers must work hard to remove any roadblocks to firm's harnessing its capabilities," he added. "Given the current market environment, only those projects which clearly provide value to its end users in a compliant structure which investors understand will receive the funding necessary to bring their idea to fruition." Of course, while the authors of the McKinsey & Company report note that the "blockchain is a poorly understood (and somewhat clunky) solution in search of a problem," it's not all doom and gloom about the technology.

Blockchain and the reshaping of investment management

Blockchain offers no exception to the rule that new technologies involve some degree of risk and disruption. The road ahead is unlikely to be smooth, and the consequences will not be uniformly positive. Regulation may pose the greatest threat to blockchain’s widespread adoption in the short term. This was certainly the consensus among CCAF’s Global Blockchain Benchmarking Study respondents, who deemed extant legal frameworks “unclear”. The fact that distributed ledgers, by their very nature, have neither a specific location nor a centralized source of administration raises substantive hurdles in terms of jurisdiction and applicable law. Obtaining a framework that recognizes blockchains as genuinely tamperproof is likely to prove a contentious affair, as is the task of persuading multiple agencies to reach consensus on global standards

Self-driving cars will create 30,000 engineering jobs that the US can't fill

Emerging mobility technologies like autonomous trucks and drones could mean even more engineers than predicted will be needed, the report found. While typical engineers today work on specific automotive components, like engines or electronics, in the future, they will need to have more cross-functional skills to work on interconnected automotive systems. This means they will need skills in math, physics, artificial intelligence (AI), machine learning, robotics, data science, and software, the report said. Because these skills remain in high demand and low supply, the talent gap will likely persist, it added. Along with engineers, the move toward connected vehicles will created more than 65,000 jobs for skilled trade workers, including autonomous vehicle and electric vehicle mechanics, and autonomous vehicle safety drivers, according to the report. Thousands more jobs for remote-support staff for self-driving vehicles and fleet maintenance will also be needed.

Serious cybersecurity enforcement is coming in 2019, but are advisers ready?

The good news is that the financial services industry has done a pretty good job of adapting to new cybersecurity requirements, at least in comparison to other industries like retail, said Robert Cattanach, partner at law firm Dorsey & Whitney. Where it's most often falling apart is with the smaller registered investment advisers and broker-dealers. "Modest-sized companies lack the resources to really make good on their paper policies," Mr.Cattanach said. "Someone can gin up the right-sounding IT governance policies and procedures. But it's a whole additional step to make sure they are followed." At smaller firms, there can be a sense of fatigue and helplessness when it comes to cybersecurity, because even the largest companies get hacked. "There is this general feeling of, 'Holy cow, how can I, this little RIA out here, protect [against a breach] if these large institutions can't?'" said Wes Stallman, provider of cloud-based cybersecurity for advisers. "I do think that causes some frustration."

A framework for auditing blockchain

In case of a private blockchain, the information is shared among all the participating nodes, but if competitors are present on the same blockchain, they may be able to discover the commercial-in-confidence information stored in the blockchain platform, thus putting sensitive data at risk. Lack of a governance model for blockchain, therefore, may lead to unresolved disputes over incorrect transactions or cross-border transaction flows. Other concerns remain with respect to ownership, governance, dispute resolution, security and privacy around smart contracts, and the blockchain-based platforms themselves. The risks are amplified due to the absence of a central regulator or governing body to deal with disputes when they arise. Traditional models of audit fail to take into consideration many of the risks associated with blockchain-enabled processes, and hence the need for understanding the specific set of unique risks and development of an evolved auditing approach specifically for blockchain-enabled solutions.

Fintech sector hurt by shutdown

The federal government’s influence on fintech is proving even more expansive than many expected, touching on the latest developments in banking, derivatives, securities, online lending and more. The halt of most agency operations is impacting a host of key issues concerning every fintech business, from the rate at which money can be raised to how (and even whether) business plans are finalized. However, not all pockets of the industry are impacted in the same way. Most visibly affected are companies issuing securities to raise capital. Large technology firms planning to do initial public offerings (IPOs) — think Lyft, Airbnb and Slack — could be affected with no one at the Securities and Exchange Commission to process registration statements of firms seeking to sell stock to the public. Planned IPOs would then have to be delayed, and if the stock market deteriorated, indefinitely postponed. In any event, when the SEC reopens, staff face a daunting backlog of filings.

Germany's Mega-Leak Takeaway: Noisy Young Hacker Got Caught

Germany's Mega-Leak Takeaway: Noisy Young Hacker Got Caught
Individuals and organizations would do well to treat the German personal data mega-leak as a cautionary tale. Here's the right question for all public figures, politicians or celebrities to be asking right now: "Could I fall victim to any attacker who used the same tactics, and how do I protect myself?" If so, the obvious next question is: "What should I do now to solve it?" Authorities in Germany say they're crafting guidelines for their country's politicians in the wake of last month's mega-leaks. Arguably, Germany's cybersecurity agency is already well behind the curve. "Why are standards agencies only now telling politicians and others how to protect their ID?" Woodward asks, noting that in the U.K., the National Cyber Security Center has long provided information security advice to lawmakers. On the other hand, "I'm not entirely sure politicians listen to that advice, or even read it," he says.

Bitcoin’s Revolution Is Only Just Beginning

It is interesting to note that countries, now recognizing that they are in competition with one another, are trying to make sure they win the bitcoin economy. The smartest of these are either allowing bitcoin to prosper or recognize that they need a light touch in regulating bitcoin to attract all the creativity, money and startups that are flooding into the field. The U.S. was wise to leave the internet unregulated and free because all the internet entrepreneurs created startups domestically and the economy around the internet blossomed. Keeping its regulatory hands light should help innovators stay in the U.S. There are many parallels between bitcoin now and the internet in 1994. In 1994, the internet was just for hobbyists and hackers. I remember when I first used the Internet, the only things I could do were to buy diamonds and try to break into NORAD. There were very few uses. It took many years for the internet to become mainstream, but when it did, it transformed industries.

Is GDPR Compliance Tougher Than HIPAA Compliance?

"U.S. healthcare entities that are subject to GDPR need to ensure that they undertake proper diligence when using third-party products and services to ensure that they do not cause them to be in violation of their GDPR obligations," she says. "The hospital in this case argued that it was using a system provided by the Portuguese healthcare authorities, but the regulators pushed back on this argument on the basis that the hospital could, and should, have known that its use was in violation of GDPR." Attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C., notes: "The findings that the security measures were so lax as to present a threat to the maintenance of integrity and confidentiality of the PHI itself - although no PHI was referred to as having been compromised from either a integrity or confidentiality perspective - would in my opinion be sufficient to trigger an investigation."

This campaign has targeted victims across the globe on an almost unprecedented scale, with a high degree of success. We have been tracking this activity for several months, mapping and understanding the innovative tactics, techniques and procedures (TTPs) deployed by the attacker. We have also worked closely with victims, security organizations, and law enforcement agencies where possible to reduce the impact of the attacks and/or prevent further compromises. While this campaign employs some traditional tactics, it is differentiated from other Iranian activity we have seen by leveraging DNS hijacking at scale. The attacker uses this technique for their initial foothold, which can then be exploited in a variety of ways. In this blog post, we detail the three different ways we have seen DNS records be manipulated to enable victim compromises.

Quote for the day:

"If you are not willing to give a less experienced qualified professional a chance, don't complain you are charged double for a job worth half." -- Mark W. Boyer

Daily Tech Digest - January 12, 2019

Many businesses and individuals are optimistic that this AI-driven shift in the workplace will result in more jobs being created than lost. As we develop innovative technologies, AI will have a positive impact on our economy by creating jobs that require the skill set to implement new systems. 80% of respondents in the EY survey said it was the lack of these skills that was the biggest challenge when employing AI programs. It is likely that artificial intelligence will soon replace jobs involving repetitive or basic problem-solving tasks, and even go beyond current human capability. AI systems will be making decisions instead of humans in industrial settings, customer service roles and within financial institutions. Automated decisioning will be responsible for tasks such as approving loans, deciding whether a customer should be onboarded or identifying corruption and financial crime. Organisations will benefit from an increase in productivity as a result of greater automation, meaning more revenue will generated. This thus provides additional money to spend on supporting jobs in the services sector.

One important characteristic distinguishing startup projects from strategic initiatives is an expectation that the idea might not work. This is an appreciably different mindset. Established companies that pursue major strategic initiatives invariably make big investments of resources, making the initiative both high profile and high risk. Leaders end up loathe to abandon struggling initiatives, usually choosing instead to revamp and reinvest. Startups simply pivot. Because the initial goal of the startup is to identify a viable value proposition, most leaders of startups will be quick to jump ship if an idea is headed nowhere. They are eager to explore for ideas that work and are not possessive of those that don’t. Admirers tend to pay most of their attention to the successful innovations at digital companies. But failures play just as important a role in the success of digital businesses. Airbnb’s founders learned early on that the market for renting an air mattress on a stranger’s floor was limited. 

microsoft edge browser resized2
If Microsoft were to dump IE, when would be the best time? The logical moment would be when Windows 7 - currently the world's second-most-popular operating system - is itself retired Jan. 14, 2020. IE and Windows 7 have a relationship, forged in the years when the browser accounted for more than half of all user share, that simply doesn't exist between IE and Windows 10; in Windows 10, the browser was never more than a sop to backwards compatibility. Not coincidentally, by that time Microsoft should be finished with its conversion of Edge to the technology that powers Google's Chrome. The transformation of Edge, announced in early December, is to take place "over the next year or so," a Microsoft executive said a month ago. The "full-Chromium" Edge - called that because Microsoft will adopt the Chromium open-source code to power its browser - will be available not just for Windows 10, but also for Windows 7 and Windows 8.1.

Improbable vs. Unity: Why enterprise cloud users should take notice

“As we move towards more online, more complex, more rapidly-evolving worlds, we will become increasingly interdependent on a plethora of platforms that will end up having enormous power over developers. The games we want to make are too hard and too expensive to make alone,” the blog post reads. “In the near future, as more and more people transition from entertainment to earning a real income playing games, a platform going down or changing its Terms of Service could have devastating repercussions on a scale much worse than today.” The company then goes on to make a case for the creation of a “code of conduct” that would offer developers a degree of protection in disputes like this, by laying down some rules about what is (and what is not) permissible behaviour for suppliers within the ecosystem to indulge in. There are similar efforts afoot within the enterprise cloud space focused on this, led by various governing bodies and trade associations. 

Intel announces new data center processors and more
The bigger news was that Intel showed off the 10nm Ice Lake architecture, which is based on a whole new microarchitecture and finally achieves 10nm fabrication. Intel has been stymied for years at getting to 10nm. The company expects to ship desktop and notebook Ice Lake processors at the end of this year, with server processors coming in 2020. The Ice Lake architecture is called Sunny Cove, which promises a significant improvement in performance over the current Skylake generation of processors through a set of changes that are inordinately complex to explain, and I don’t want to spend time on it. Suffice it to say, all of the changes mean the processor can execute code with much more depth and breadth than Skylake. It also has fixes for the Spectre v2 exploit. Spectre v1 has already been fixed in shipping products. Intel also announced a brand-new class of AI processor called the Nervana NNP-1, which stands for neural network processor and is being positioned as an alternative to GPU-based AI.

Moving to the cloud? 3 critical data efforts you must make

No matter if you’re talking about a blockchain database, an in-memory database, a distributed database, or a data lake, there are special-purpose databases that are built for a particular purpose that may be better fits for your applications. At least ask the question before your migration. With many enterprises using the same old enterprise relational databases that are demanding higher and higher license fees, moving to a special-purpose database not only will be an increase in functionality and optimization, but it is likely to be much cheaper in the cloud. Most databases are not designed well, and many organizations are just picking up those bad designs and relocating them to the cloud. Moreover, they are not considering other databases models, such as object databases and graph databases. Moving to the cloud is a great time to look at other database models. However, what is pretty much mandatory is that you revise any deficiencies in the existing structures. This means revising your databases so they best resemble the business.

Commercial drones… Ready for take-off?

Commercial drones… Ready for take-off? image
While the mainstream adoption of drone deliveries is not quite ready, the technology is already displaying how it can make a significant impact across different industries. The public sector, in particular, is a beneficiary of its use. Most recently, the New York Police Department, America’s largest police force, announced that it will be trialling drone technology in hostage situations as well as search and rescue operations. Drones will be used to scope out incidents before officers arrive, warning of any potential hazards or emergencies. Similarly, it was recently revealed that Chinese students have designed Net Guard, drone technology that uses netting to safely rescue those who have to abandon buildings due to fire emergencies. In healthcare, commercial drones are already being used to administer aid. Zipline, a Silicon Valley start-up, is helping medical professionals to overcome locational barriers by medicine to those in difficult-to-reach areas. In fact, it has already helped to deliver 1000 blood drops in Rwanda, saving lives and providing relief.

Where You Go Tells Who You Are—and Vice Versa

Estimating travel demand in a city is a critical tool for urban planners to understand traffic patterns, predict traffic congestion, and plan ahead for transportation infrastructure maintenance and replacement. For years, researchers have used the classic practice of multiplying the number of trips per day per person for different demographic groups to model activity-based travel demand. But because this method was developed before the current era of ubiquitous sensors—GPS devices, smartphones, cameras on light poles, and connected vehicles, among them—researchers have found it difficult to validate their estimates in real-world situations. Mining data to analyze tracking patterns, Sharon Di, assistant professor of civil engineering and engineering mechanics at Columbia Engineering, has discovered that she can infer the population travel demand level in a region from the trajectories of just a portion of travelers.

A neural network can learn to organize the world it sees into concepts

“There’s a chance for us to learn what a network knows from trying to re-create the visual world,” says David Bau, an MIT PhD student who worked on the project. So the researchers began probing a GAN’s learning mechanics by feeding it various photos of scenery—trees, grass, buildings, and sky. They wanted to see whether it would learn to organize the pixels into sensible groups without being explicitly told how. Stunningly, over time, it did. By turning “on” and “off” various “neurons” and asking the GAN to paint what it thought, the researchers found distinct neuron clusters that had learned to represent a tree, for example. Other clusters represented grass, while still others represented walls or doors. In other words, it had managed to group tree pixels with tree pixels and door pixels with door pixels regardless of how these objects changed color from photo to photo in the training set.

Reimagining the Digital Bank Branch of the Future: Let’s Get Practical

Virtually all banks have been migrating service transactions to digital channels, yet the pace of change and the return on investment vary substantially. The leaders make it easy for customers and take care to help them adopt and use digital tools. Citibanamex, for instance, took on the bad volume challenge, which is particularly vexing in Mexico. The bank reckoned that its customers and employees were spending 5 billion minutes per year in service transactions at branches, with the vast bulk of that time on the customers’ end. This waste took a toll on the bank’s cost-to-income ratio and ultimately on profits—not to mention customer and employee advocacy. Through a combination of initiatives ranging from simplifying online forms and printing formats, to migrating more transactions to ATMs, to reducing wait time at teller windows, Citibanamex freed up 1 billion minutes—providing a major boost to customer satisfaction and employee advocacy. 

Quote for the day:

"It's not about how smart you are--it's about capturing minds." -- Richie Norton

Daily Tech Digest - January 10, 2019

Senior leaders must objectively assess not only their own strengths, but also where they have knowledge or experience gaps — areas where they need to build new skills. A recent PwC study (pdf) found, as one might expect, that those in senior management roles are less likely than, for example, those in factory or clerical roles to be entirely displaced by automation. But the nature of leaders’ work will undoubtedly undergo major shifts. These shifts will open up more time for forward-looking activities; executives will be helped further here by the presence of increasingly sophisticated data. Meanwhile, leaders in customer-facing roles need to figure out how to best serve customers, taking advantage of automation to provide customized products and services on demand. Functional leaders must consider the following matters as they define their role in the age of robots: What actions will they need to take now to prepare for the ways that robots will transform their industry and business? Structurally, what has to change in the organization?

fog obscures the horizon beyond a highway / uncertainty / unknown future
The inevitable next step — something that is already happening — is the augmentation and eventual automation of corporate decision making based on this proprietary knowledge. Cognitive platforms such as CognitiveScale and Maana are at the forefront of this type of contextual, knowledge management automation — but they are just the leaders in a rapidly developing market full of some of the brightest, most progressive minds in technology. While every company that is developing AI-based technologies today will tell you that their goal is to augment human capabilities rather than replace workers, the reality is that this story is leading to an inevitable conclusion. While it may not be politically correct (or good for sales) to acknowledge it openly today, the writing is on the wall: if we can reduce something to an algorithm, we will automate it in the very near future. 

How to tackle phishing with machine learning

As the various elements of an email are very clearly defined (return-path, content-type, etc.) EdgeWave reviews each of these for every email against our threat database. In many cases, we see where individual elements can be suspicious, but when combined together they create a malicious email. ... The challenge for email is that it tends to be the starting point for cyber-attacks rather than the sole perpetrator. Consider, for example, situations where JavaScript is embedded in a PDF attachment, which is opened. JavaScript only kick-offs the exploit process. Determining if the JavaScript itself is malicious is challenging without directly running the script and evaluating the subsequent actions (sandboxing). The outcome of the JavaScript actions can be evaluated against our threat database to determine a level of suspicion. EdgeWave has a taxonomy of over 40k rules based on the information and processes described above. Many of these are the result of machine learning (A+B+C = bad) plus detailed analysis by our threat detection analysts.

Moving to a Next-Generation SOC: Critical Factors

Organizations looking to migrate to a next-generation security operations center must first carefully assess any problems they are facing with current security technology, says Vikram Mehta. "The first thing that organizations would need to do before they embark on this journey is to identify which problems they are really trying to solve, identify pain points and document use cases which are challenging to solve with the traditional framework of SOC implementation," Mehta says in an interview with Information Security Media Group. Organizations should make a gradual shift to a next-generation SOC, he advises. "Just implementing a piece of technology and expecting it to solve all problems is absolutely not the way to go," he says. In this interview Mehta also discusses: Common mistakes companies make while shifting to a next-generation SOC; Problems that a next-generation SOC can help resolve; The technology stack, including open source components, that MakeMyTrip leveraged to implement a next-generation SOC.

Unified communications market sees demand for customized offerings

"Some customers want a simple workflow that expands outside of a traditional UC application," he explained. "When we are helping customers with UC API engagements, we tend to look at the larger picture typically through an ideation process. As a result, we may help investigate ways to build a custom digital transformation outcome that may include ... UC, mobility and customer experience." But with the opportunity comes challenges, and the biggest one Lazar sees is the ability to find developer expertise. "API [and CPaaS] vendors like Nexmo/Vonage tout about 700,000 developers; others are diligently working to build developer awareness or create tools that enable nondevelopers to use API-based services," he said. Another challenge is matching API capabilities to customer's business workflows, said Derek Lohman, Cisco prototype lead at WWT.

How agile development can give organizations competitive edge

This works especially well in the tech industry, especially when dealing with new technologies like Blockchain, for a number of reasons, namely that there are a lot of pedants working to make those environments unpleasant and rigorous. This, fortunately, is an unsuccessful way to run almost any businesses as it prevents ingenuity and uniformity. Instead of fearing changelogs or criticism, the agile developers welcome it and work tirelessly to bring value to products over meeting deadline requirements. Agile developers value collaboration and welcome change. In other words, they eschew traditional working values. Individuals come first. Teams self-organize. Developers and corporate people interact and communicate. Why are Agile methodologies such a big deal in tech? Making it in the tech industry can be hard. Projects can get lost. Budgets can get devoured. It’s all very simple to lose track of it all when building a software product.

2FA bypass tool highlights top business security vulnerabilities

The reverse proxy tool, which is available on GitHub along with user guidelines, can be used to bypass most of the currently used 2FA authentication schemes and uses a technique that Duszyński said he has exploited for “quite a while already”. He further justifies the creation and release of the tool by saying it should be useful to all penetration testers who want to carry out an effective phishing campaign as well as for organisations’ red teaming exercises to test the effectiveness of their cyber defences. The tool puts an imperceptible phishing site between the user and the legitimate site in a classic man in the middle-style attack to harvest credentials including second factor authentication codes, and therefore does not require the attacker to create a fake version of the site to trick users into entering their details. However, this reverse proxy technique does not work against 2FA schemes that use universal 2nd factor (U2F), which is a type of physical authentication device that uses encryption and private keys to protect and unlock supported accounts.

Server sales projected to slow, while memory prices drop

While total server sales were up 5 percent, with Q2 of 2018 being especially strong with more than 10 percent quarter-over-quarter growth in global server shipments, the shipment growth is expected to slow down to 2 percent in the first half of the year. The reason is that there are new generations of processors from Intel and AMD on the way. Intel just announced its latest Xeon Scalable Platform processor, code-named “Cascade Lake,” while AMD has a next-generation Epyc code-named “Rome” in the works. ... Something else that’s slowing down: NAND flash memory output. The bit output from the NAND Flash industry in 2018 turned out to be higher than expected. Vendors such as Hynix and Micron got great yields from their 64-layer 3D NAND production lines. However, NAND Flash demand has remained sluggish for several reasons: the looming trade war between China and the U.S., the shortage of Intel CPUs, and the lower-than-expected sales of the new, overpriced iPhone.

The future of the CIO

Architectural dome reflected in a crystal ball. / future / predictions / forecast / fortune telling
CIOs say that today is crazy and challenging and in 5 years, it will be much the same. One CIO responded by saying as many years as I've been doing this, the details of what kind of crazy is what changes. Historically, IT was a supporting function to business strategy, but more and more with digital, IT is redefining business strategy. In 5 years, AI will manage all infrastructure (networks and systems) and machine learning may replace the need for strategic planning and robots will replace the CIO? The CIO role today has different impact across organizations and industries. In the future, CIOs will emerge into the front-line of driving customer engagement and business innovation.  IT is clearly moving from the back office to center stage, so any disruption instantly impacts every customer and employee. CIOs, for these reasons, must be more adept at communicating, leading, persuading, apologizing, and selling. One CIO suggest here that they call the path forward a three-legged race.

Digital insurance in 2018: Driving real impact with digital and analytics

We believe the industry is now in a position in which executives can embark on a digital journey to achieve real impact. It is no longer “if” digital technologies will change the industry, it is “how” and “when.” The challenge—or opportunity—for incumbents in the digital transformation lies in determining the concrete steps they should be taking right now to join (if not lead) the digital revolution while maximizing existing assets. With new attackers on the hunt for customers, incumbents must move quickly to integrate digital technologies into their operations. Claims should be a top priority. To capture the value of digital, claim functions must embark on a transformation to become customer-centric, digitally enabled organizations. So where to start? We offer five essential elements needed to digitize and transform property-and-casualty (P&C) claims. By examining each of these areas, P&C claim functions can start to rethink the claims customer journey and back-office processes.

Quote for the day:

"True leaders bring out your personal best. They ignite your human potential" -- John Paul Warren