Daily Tech Digest - September 18, 2019

The Seven Patterns Of AI

The Seven Patterns of AI
From autonomous vehicles, predictive analytics applications, facial recognition, to chatbots, virtual assistants, cognitive automation, and fraud detection, the use cases for AI are many. However, regardless of the application of AI, there is commonality to all these applications. Those who have implemented hundreds or even thousands of AI projects realize that despite all this diversity in application, AI use cases fall into one or more of seven common patterns. The seven patterns are: hyperpersonalization, autonomous systems, predictive analytics and decision support, conversational/human interactions, patterns and anomalies, recognition systems, and goal-driven systems. Any customized approach to AI is going to require its own programming and pattern, but no matter what combination these trends are used in, they all follow their own pretty standard set of rules. ... While these might seem like discrete patterns that are implemented individually in typical AI projects, in reality, we have seen organizations combine one or more of these seven patterns to realize their goals. By companies thinking of AI projects in terms of these patterns it will help them better approach, plan, and executate AI projects. In fact, emerging methodologies are focusing on the use of these seven patterns as a way to expedite AI project planning.

Aliro aims to make quantum computers usable by traditional programmers

Stages of quantum computing are generally divided into quantum supremacy—the threshold at which quantum computers are theorized to be capable of solving problems, which traditional computers would not (practically) be able to solve—is likely decades away. While quantum volume, a metric that "enables the comparison of hardware with widely different performance characteristics and quantifies the complexity of algorithms that can be run," according to IBM, has gained acceptance from NIST and analyst firm Gartner as a useful metric. Aliro proposes the idea of "quantum value," as the point at which organizations using high performance computing today can achieve results from using quantum computers to accelerate their workload. "We're dealing with enterprises that want to get business value from these machines…. "We're not ready for many levels of abstraction above the quantum hardware, but we're ready for a little bit. When you get down to the equivalent of the machine language, these things are very, very different, and it's not just what kind of qubits they are. It's noise characteristics, it's connectivity," Ricotta said. "Riggeti and IBM Q machines both use superconducting Josephson junctions around the same number—approximately, the same order of magnitude of qubits—but they are connected in different ways ..."

New hacking group targets IT companies in first stage of supply chain attacks

In two of the attacks, researchers found that hundreds of computers were compromised with malware, indicating that the attackers were simply infecting all the machines they could throughout the organisations in order to find key targets. The most recently recorded activity from Tortoiseshell was in July 2019, with attacks by the group identified by a unique custom payload: Backdoor.Syskit. This malware is built in both Delphi and .NET programming languages and secretly opens an initial backdoor onto compromised computers, allowing attackers to collect information including the IP address, the operating system version and the computer name. Syskit can also download and execute additional tools and commands, and Tortoiseshell attacks also deploy several publicly available tools as information stealers to gather data on user activity. While it remains uncertain how the malware is delivered, researchers suggest that it could potentially be distributed via a compromised web server, because in one instance the first indication of malware on the network was a compromised web shell – something that can provide an easy way into a targeted network.

How Ransomware Criminals Turn Friends into Enemies

As someone whose job it is to learn as much as possible about the online criminal ecosystem, I often spot trends before they make mainstream headlines. This type of attack was high on my list of attacks likely to increase. Supply chain attacks aren't new. They've been increasing in frequency, however, and gaining more attention. While there are many types of supply chain attacks, this particular type — compromising a service provider to gain access to its customers — is becoming more popular among skilled ransomware crews. ... Managing IT can be hard, especially for small and midsize businesses lacking the necessary resources. It probably seemed like a great idea for these small dental practices to outsource IT to Digital Dental Record. They're not alone. The managed services industry is growing extremely fast with businesses struggling to manage the technology required to run a modern establishment. With attacks on MSPs on the rise, MSPs need to step up their security game, regardless of the kind of specialized services they provide.

AI in cyber security: a necessity or too early to introduce?

AI in cyber security: a necessity or too early to introduce? image
Dr Leila Powell, lead security data scientist from Panaseer, agrees that “the key challenge for most security teams right now is getting hold of the data they need in order to get even a basic level of visibility on the fundamentals of how their security program is performing and how they measure up against regulatory frameworks like GDPR. This is not a trivial task! “With access to security relevant data controlled by multiple stakeholders from IT to MSSPs and tool vendors there can be a lot of red tape on top of the technical challenges of bringing together multiple siloed data sources. Then there’s data cleaning, standardisation, correlation and understanding — which often require a detailed knowledge of the idiosyncrasies of all the unique datasets. “As it stands, once all that work has gone in to data collection, the benefits of applying simple statistics cannot be underestimated. These provide plenty of new insights for teams to work through — most won’t even have the resources to deal with all of these, let alone additional alerting from ML solutions.

2019 Digital operations study for energy

Looking ahead to the next five years, the picture improves somewhat and offers more hope for the utilities sector. For instance, of the EMEA utilities surveyed by Strategy&, 5 percent said they had already implemented AI applications and another 9 percent sa they had piloted such programs. That compares with 20 percent and 6 percent, respectively, for chemicals companies. But through 2024, including planned technologies, AI adoption in the utilities sector may increase by another 15 percent, according to the survey, and that would be on par with chemicals companies and just below oil and gas AI implementation. ... Many utilities make the mistake of trying to implement too many ambitious digital strategies at the same time and end up spreading their financial and staff resources, as well as their capabilities, too thin. A better approach is to define the three to five critical digitization efforts that are strategically essential to defending and expanding competitive advantage among startups and established power companies.

Microsoft brings IBM iron to Azure for on-premises migrations

Microsoft brings IBM iron to Azure for on-premises migrations
Under the deal, Microsoft will deploy Power S922 servers from IBM and deploy them in an undeclared Azure region. These machines can run the PowerVM hypervisor, which supports legacy IBM operating systems, as well as Linux. "Migrating to the cloud by first replacing older technologies is time consuming and risky," said Brad Schick, CEO of Skytap, in a statement. "Skytap’s goal has always been to provide businesses with a path to get these systems into the cloud with little change and less risk. Working with Microsoft, we will bring Skytap’s native support for a wide range of legacy applications to Microsoft Azure, including those dependent on IBM i, AIX, and Linux on Power. This will give businesses the ability to extend the life of traditional systems and increase their value by modernizing with Azure services." As Power-based applications are modernized, Skytap will then bring in DevOps CI/CD toolchains to accelerate software delivery. After moving to Skytap on Azure, customers will be able to integrate Azure DevOps, in addition to CI/CD toolchains for Power, such as Eradani and UrbanCode.

Prepare for cloud security and shared responsibility

IT infrastructure teams typically control the platform from the ground up and through the OS layer. Admins work with security teams to ensure platforms are hardened and adhere to compliance needs. After the platform is built, infrastructure and security teams turn it over to the dev or application owners for final installations and deployments. Application owners still work with an infrastructure team to ensure security and compliance measures are maintained through the deployment process. Ideally, the platform gets a final verification from the security team. The same parties will still be involved and maintain that level of ownership and responsibility even if an organization uses automation. But this process gets upended when a cloud provider gets involved. AWS manages the hypervisor, hardware and, in some cases, the OS. This means the deployment process starts in the middle of the traditional application lifecycle rather than at the beginning. Admins have to find a way to contribute in an ecosystem where the infrastructure is run by another party.

Digital dexterity: What it is, why your organization needs it, and how CIOs can lead the charge

If you're not sure what digital dexterity is, you aren't alone. Craig Roth, Gartner Research vice president, explained it as "the ability and ambition to use technology for better business outcomes."  That definition can still seem a bit fuzzy if you aren't sure where ability and ambition come in to the successful use of tech in business, but digging down just a bit helps make the whole thing more understandable. Helen Poitevin, vice president and analyst at Gartner, expands the definition of digital dexterity by adding that it's less about tech skills and more about "a specific set of mindsets, beliefs and behaviors." ... So, where does the CIO fit into all of this? They're basically the cornerstone of the entire concept, said Daniel Sanchez Reina, senior director and analyst at Gartner. "The CIO will play a key role in supporting desired behaviors and changing the processes, procedures, policies and management practices that shape how work gets done to encourage desired behaviors." It can be tough to transform an entire organization from one that resists, or at the very least grudgingly accepts, new technology. CIOs have a tough road ahead of them, but that doesn't mean it's impossible.

New ransomware strain uses ‘overkill’ encryption to lock down your PC

FortiGuard Labs says that 2048 and 4096 strings are generally more than adequate to encrypt and secure messages, and so the use of an 8192 size is "overkill and inefficient for its purpose." "Using the longer key size adds a large overhead due to significantly longer key generation and encryption times [...] RSA-8192 can only encrypt 1024 bytes at a time, even less if we consider the reserved size for padding," the researchers note. "Since the configuration's size will surely be more than that due to the fact that it contains the encoded private key, the malware cuts the information into chunks of 1000 (0x3e8) bytes and performs multiple operations of the RSA-8192 until the entire information is encrypted." The heavy use of encryption means that it is "not practically possible" to decrypt a compromised system, according to the cybersecurity firm. This is unfortunate, as decryption programs offered by cybersecurity firms can sometimes be the only way to recover files lost to ransomware infections without paying up.

Quote for the day:

"Don't measure yourself by what you have accomplished. But by what you should have accomplished with your ability." -- John Wooden

Daily Tech Digest - September 17, 2019

Doing Digital Transformation Right

Image: WriteStudio - stock.adobe.com
If you are one of the organizations asking these questions, chances are that you are what McKinsey refers to as a "digited incumbent," defined as an incumbent business competing substantially in new ways through digitization (more than 20% of your business is digital and you are launching new digital businesses while transforming the core). If you fit into this category, you are already on the road to success. McKinsey said that digital incumbents are twice as likely as traditional incumbents to experience organic revenue growth of 25% or higher. McKinsey defines traditional incumbents as those that compete primarily in traditional, non-digital ways -- more than 80% of their business isn't digital. Top performers are making three "bold moves,"  ... "When companies digitize the core business, our research shows, strong IT capabilities help enormously," the report says. "According to respondents in a survey on the IT function's effectiveness, companies with top performance on core IT tasks have made more progress than other companies in becoming fully digital and mastering key digital activities."

APIs are not new. What has changed is how they are being adopted to facilitate open banking. Today, banks, their clients and their partners can share data and integrate ecosystems securely – and often in real time. In the corporate-to-bank space, the use of APIs is becoming mainstream. This is in part due to well-publicized success in cases such as the insurance industry (for new policies, renewals and claims handling) and in facilitating ride sharing, food delivery and other new consumer models. However, solutions are now emerging across industries – from the immediate release of a car at a showroom through to subscription models for consumer products. Ultimately, companies are seeking to create integrated, frictionless client-centric experiences. To date, APIs have been used mainly to enrich corporate-to-bank integration. However, there is now an opportunity to improve banks’ engagement with their financial institution clients. Today, much of this interaction takes place via Swift, which prescribes how often and what type of data can be exchanged.

Employees say companies use IT for pure profit, not worker empowerment

Texting woman
Upliftingly, 52.7% said they believed companies only introduced new technology if they could see it turning a profit, rather than if it would empower their employees to become more productive. Some might gaze at this and consider that, if the employees became more productive, their companies might be more profitable. It seems, though, that the employees aren't merely meaning that they'd do more work better. In this study, you see, almost one-third said having better IT tools makes them happier. It's rarely wise underestimating the value of a happy employee. In these times of relatively full employment, retaining cheerful employees would seem at least as important as squeezing out an additional 40 shillings of profit. Even employees with golden collars -- and, for all I know, golden cuffs -- know that they are threatened by the inevitable Dance of the Apocalypso, when artificial intelligence will be routinely preferred to its human counterpart. Especially because it'll be robots making those decisions. Amusingly, however, a recent survey showed that most people would rather be replaced by humans, just as they'd prefer their co-workers to be replaced by robots.

3 strategies to simplify complex networks

3 strategies to simplify complex networks
Networks generate massive amounts of data that can use useful for operating the environment. The problem is that people can’t analyze the data fast enough to understand what it means – but machines can. This is where network professionals must be willing to cede some control to the computers. The purpose of machine learning isn’t to replace people, but to be a tool to let them work smarter and faster. Juniper acquired Mist Systems earlier this year to provide machine learning based operations to Wi-Fi, which is a great starting point because Wi-Fi troubleshooting is very difficult. ... The long-term goal of network operations is akin to a self-driving car where the network runs and secures itself. However, like with a self-driving car, the technology isn’t quite there yet. In the auto industry, there are many automation features, such as parallel park assist and lane change alerts that make drivers better. Similarly, network engineers can benefit by automating many of the mundane tasks associated with running a network, such as firmware upgrades, OS patching, and other things that need to be done but offer no strategic benefits.

Why Fintech is the Next Ad Industry Disruptor

FinTech and Digital Marketing
With in-store sales still accounting for 90% of all retail sales and U.S. consumers spending more than $3.1 trillion in offline sales last year, the real need of ad innovation is centered around better capturing in-store activity. Marketers are in desperate need of the same level of disruption e-commerce has seen but to the physical world. A means for them to bridge their omni-channel marketing efforts and tie both online and offline tactics to the trackable in-store purchases. Simultaneously, credit and debit cards have increasingly become consumers’ purchase method of choice. Even for consumers who have a complete distrust in banks, new options like prepaid debit cards have eased the barrier to plastic. In fact, the total dollar value loaded on prepaid cards was expected to be $112 billion in 2018.  These payment options are also impacting retailers. With more consumers using credit or debit cards either by swipe or tied to their mobile wallets, cashless stores are taking root and becoming the norm. And new payment entrants -like Square, Stripe and Shopify - have streamlined and modernized POS systems, allowing retailers and merchants an easily rip and replace solution for their dated cash registers. 

The Gap Between Strong Cybersecurity & Demands For Connectivity Is Getting Massive

Although outbreaks related to these two superbugs of the cyberworld originally happened over two years ago, a recent VxWorks advisory was issued to serve as a warning that millions of devices could fall victim to a similar outbreak soon. The reason is that the devices run on older versions of the Windows OS, which makes them unpatchable. Therefore, those traditional security solutions will not stand up for the fight. This latest announcement demonstrates how urgency is the course of action in these times, not complacency. Responsible IT leaders need to step away from their dependency on outmatched, overutilized technologies from yesteryear and beyond. 1995 was a simpler time, where firewalls and VPNs were state of the art and served our needs pretty well. But networking in 2019 is a whole new ball of wax. The operational technology and information technology that used to be separate are now converging. Achieving a successful hybrid IT/OT environment clearly includes a strong cybersecurity play, but that isn’t the only major area of concern.

How a PIA Can CYA

Image: adiruch na chiangmai via Adobe Stock
More than a diagnostic tool or compliance checklist, PIAs are essentially templated questionnaires that help organizations identify their privacy risks are with information they collect, use, or store, says Rebecca Herold, CEO of the Privacy Professor, a security consultancy. PIA templates typically have some combination of multiple choice and open-ended questions. While often administered quarterly, PIAs can be done more frequently or after a breach or suspicious incident. But mostly, PIAs help expose potential privacy issues that may get overlooked in the rush to market. Herold recalls an organization she worked with that developed a saliva test to detect concussions. Unlike doctors and hospitals that are subject to federal privacy protections, this organization was HIPAA-exempt and hadn't really thought through the ramifications of the data it wanted to collect.  Not surprisingly, consumers became concerned about who'd be able to access the saliva test results.

How to handle anxiety as a tech professional

Anxiety is the most common form of mental health issues in the US, impacting 40 million adults every year, according to the Anxiety and Depression Association of America. While anxiety disorders are very treatable, that doesn't make them any easier to handle, especially in the workplace.  Handling anxiety in daily life is difficult enough, but is even more challenging when attempting to be productive in a formal working environment. Work-induced stress is one of the leading causes of anxiety disorders, the Mayo Clinic found. This anxiety can have a major impact on an employee's performance, oftentimes resulting in burnout. More than half of US employees (55%) experience burnout at work, a recent University of Phoenix study reported, and anxiety (67%) was cited as the no.1 cause. Negative work environments and task overload can make completing assignments unbearable, causing many employees to quit.  These stressors are sometimes even deeper for tech professionals in non-technical organizations, said Nina LaRosa, marketing director of workplace safety, health and HR online training company Moxie Media.

10 things you need to know about MU-MIMO Wi-Fi

Like with 11ac, wireless devices aren't required to have multiple antennas to receive MU-MIMO streams from wireless routers and APs. If the wireless device has only one antenna, it still can receive one MU-MIMO data stream from an AP. However, with uplink MU-MIMO, wireless devices are required to have a minimum of two antennas to transmit with MU-MIMO back to the AP or wireless router, even for one stream connections. More antennas would allow a device to support more simultaneous data streams (typically one stream per antenna), which would be good for the device's Wi-Fi performance. However, including multiple antennas in a device requires more power and space, and adds to its cost. It would take eight antennas to take full advantage of the 11ax features. ... Although legacy 11n and 11ac Wi-Fi devices won’t directly see any range or performance improvement of their connections to 11ax APs or wireless routers, they can see an indirect benefit. Remember, Wi-Fi is all about airtime: the faster any device is served, the more time there is for other devices.

Life After Snowden: US Still Lacks Whistleblowing Rules

Debate over the mass surveillance programs being run by the U.S. government and its Five Eyes partners continues. Snowden also revealed that the U.S. government - together with allied agencies, including Britain's GCHQ - was intercepting en masse worldwide data flowing to technology giants' data centers. Those revelations led Apple, Facebook, Google and Microsoft to begin encrypting user data by default as well as to design messaging services that are end-to-end encrypted (see: Crypto Wars Continue, as Feds Seek Messenger Backdoor). Debate over Snowden and the actions he took also continues. But some of those with intelligence experience say that for someone who witnesses wrongdoing at the NSA or another intelligence agency, there is no way to bring such wrongdoing to the attention of someone with oversight without opening themselves up to prosecution. "Did I break the law? Again, what's the question that's more important here? Was the law broken or was that the right thing to do?" Snowden tells CBS in a Monday interview.

Quote for the day:

"The key to successful leadership today is influence, not authority." -- @KenBlanchard

Daily Tech Digest - September 16, 2019

What is Computer Vision And The Amazing Ways It’s Used In Business

What is Computer Vision And The Amazing Ways It's Used In Business
Many car manufacturers from Ford to Tesla are scrambling to get their version of the autonomous vehicle into mass production. Computer vision is a critical technology that makes autonomous vehicles possible. The systems on autonomous vehicles continuously process visual data from road signs to seeing vehicles and pedestrians on the road and then determine what action to take. Computer vision in medicine helps in diagnosing disease and other ailments and extends the sight of surgeons during operations. There are now smartphone apps that allow you to diagnose skin condition using the phone's camera. In fact, 90 percent of all medial data is image-based—X-rays, scans, etc. and a lot of this data can now be analyzed using algorithms. Digital marketing: By using computers to sort and analyze through millions of online images, marketers can bypass traditional demographic research and still target marketing to the right online audience and do this work dramatically quicker than humans could. Marketers even use computer vision to ensure ads are not placed near content that is contradictory or problematic for its audience.

Research explores economic benefits of full-fibre and 5G at local level

“Knowledge-intensive sectors are shown to benefit most,” said the report. “Education and health sectors have also been shown to experience larger-than-average productivity impacts of increased connectivity… [and] there is also a likelihood for full-fibre and 5G in particular to lead to productivity improvements in industrial and manufacturing settings.” Therefore, an area with a particularly high density of knowledge workers will benefit more than area with a relatively low density. Likewise, an area with a high concentration of manufacturing businesses, such as the West Midlands, where the UK’s first regional testbed for 5G is taking place, will benefit more than an area with a low concentration. “Many reports already estimate the benefits that full-fibre and 5G can bring to the UK economy,” said BSG CEO Matthew Evans. “But what does it mean for Manchester, Merthyr Tydfil or the Midlothian hills?

Brain hack devices must be scrutinised, say top scientists

Neurons in brain
 In future, "people could become telepathic to some degree" and being able to read someone else's thoughts raises ethical issues, experts said. This could become especially worrying if those thoughts were shared with corporations. ... Among the risks highlighted by the report was the idea of thoughts or moods being accessed by big corporations as well as the bigger question about whether such devices fundamentally change what it means to be human. Dr Tim Constandinou, director of the next generation neural Interfaces (NGNI) Lab, at Imperial College London and co-chair of the report, said: "By 2040 neural interfaces are likely to be an established option to enable people to walk after paralysis and tackle treatment-resistant depression, they may even have made treating Alzheimer's disease a reality. "While advances like seamless brain-to-computer communication seem a much more distant possibility, we should act now to ensure our ethical and regulatory safeguards are flexible enough for any future development. "In this way we can guarantee these emerging technologies are implemented safely and for the benefit of humanity."

Microservices Migration Use Cases

By migrating to microservices IT will enable your teams to become more innovative as they are freed up from daily mundane tasks supporting and developing on a legacy system that simply cannot compete in the competitive world we are in today. The other primary benefit customers see is scale — an elastic environment that allows your business to auto-scale takes the worry out of slow performance during critical events or peak traffic seasons. This could be a retail outlet during Black Friday/Cyber Monday, or an insurance company during a natural disaster or macro-economic changes that cause a flurry of activity on Wall Street. We create value on mobile apps with external development providing an entry point to enter the data center and consume our APIs. We empower from hundreds to thousands of microservices to happen with a self-service platform for developers to publish new services and new versions as needed. All of this is automated allowing the platform team to set boundaries on what teams can do.

It’s not easy going green – but the Internet of Things can help

Only through cross-system communication is compliance and energy efficiency possible. Much of the IoT’s value lies in its ability to integrate the various, complex components and IT systems that make up any modern building or facility. When building systems can ‘talk’ with each other, the resilience of the infrastructure is strengthened. This provides access to a greater volume of intelligence, leading to more robust compliance and better use of resources. An IoT-connected system enhances an organisation’s pursuit of greater energy efficiency, where the rapid collection of, and reaction to, massive amounts of information is essential. For example, having IoT devices and sensors integrated with a heating, ventilation and air conditioning system means that organisations can collect real-time data on energy consumption and device health. Armed with this information, organisations are empowered to take a fresh look at their current practices, generate business change and create efficiencies that cut costs and emissions. From an energy management perspective, Schneider Electric’s PowerLogic ION9000 is the ideal connected solution.

Open source and open data

First and foremost, our primary mission is “to organize the world’s information and make it universally accessible and useful.” Certainly one obvious way to make information universally accessible and useful is to give it away! Second, making these materials available stimulates scientific research outside of Google. We know we can’t do it all, and we spend a lot of time reading, understanding and often extending work done by others, some of which has been developed using tools and data we have provided to the research community. This mix of competition and cooperation among groups of researchers is what pushes science forward. Third, when we hire new employees, it’s great if they can hit the ground running and already know and use the tools we have developed. Familiarity with our software and data makes engineers productive from their first day at work. There are many more reasons to share research data, but these three alone justify the practice. We aren’t the only internet company to appreciate the power of open data, code, and open research.

New NetCAT CPU side-channel vulnerability exploitable over the network

Hands typing on a laptop keyboard binary code and a hazard symbol on screen.
The culprit is Intel’s Data Direct I/O (DDIO) technology, which gives peripheral devices such as network cards direct access to the processor’s internal cache to achieve better performance, less power consumption, and higher data throughput. Before DDIO, these devices exchanged data with the CPU through RAM, whose latency can be a bottleneck. DDIO was designed with ethernet controllers and fast datacenter networks in mind to allow servers to handle 10-gigabit ethernet (10 GbE) connections and higher. The technology was first introduced in 2011 in the Intel Xeon E5 and Intel Xeon E7 v2 enterprise-level processor families. CPU attacks like Spectre and Meltdown and their many variants have used the CPU cache as a side-channel to infer sensitive data. Researchers from the VUSec group at Vrije Universiteit Amsterdam have now shown that DDIO’s cache access can be exploited in a similar manner. In a new paper released today, the researchers described an attacked dubbed NetCAT which abuses DDIO over the network to monitor access times in the CPU cache triggered by other clients connected to the same server over SSH (Secure Shell).

NHSX emphasises need for ethical patient data access

“NHS and care organisations have an obligation to protect patient data, but in my view, they also have the obligation to make best use of it,” she said. “Collaborations need to benefit everyone involved – patient lives are at stake.” Donnelly also mentioned that “citizen juries” are currently taking place to debate the matter of how patient data should be used what constitutes a fair partnership between the NHS and researchers, charities and industry on uses of patient and operational data from the NHS. “By testing different commercial models against the principles on which our citizens are not prepared to compromise, we hope to reach a consensus on what good looks like and how best we achieve the promised benefits.” In July, a programme was launched by Public Health England and NHSX with the aim to usher in a “new era of evidence-based self-care”, with patients increasingly expected to allow access to their personal data.

Gartner sees blockchain as ‘transformational’ across industries – in 5 to 10 years

Chains of binary data.
"Once it has been combined with the Internet of Things (IoT) and artificial intelligence (AI), blockchain has the potential to change retail business models forever, impacting both data and monetary flows and avoiding centralization of market power," Gartner said. As a result, Gartner believes that blockchain has the potential to transform business models across all industries — but the opportunities demand that enterprises adopt complete blockchain ecosystems. Without tokenization and decentralization, most industries will not see real business value. The journey to create a multi-company blockchain consortium is inherently awkward, Garter said. "Making wholesale changes to decades-old enterprise methodologies is hard to achieve in any situation. However, the transformative nature of blockchain works across multiple levels simultaneously (process, operating model, business strategy and industry structure), and depends on coordinated action across multiple companies."

Rethinking Flink’s APIs for a Unified Data Processing Framework

Flink’s existing API stack consists of the Runtime as the lowest level abstraction of the system that is responsible for deploying jobs and running Tasks on distributed machines. It provides fault-tolerance and network interconnection between the different Tasks in the JobGraph. On top of Flink’s Runtime sit two separate APIs, the DataSet and DataStream APIs. The DataSet API has its own DAG (directed acyclic graph) representation for tying together the operators of a job, as well as operator implementations for different types of user-defined functions. The DataStream API has a different DAG representation as well as its own set of operator implementations. Both types of operators are implemented on a disjointed set of Tasks which are given to the lower-level Runtime for execution. Finally, we have the Table API / SQL which supports declarative-style programming and comes with its own representation of logical operations and with two different translation paths for converting Table API programs to either the DataSet or DataStream API, depending on the use case and/or the type of sources that the program comes with.

Quote for the day:

"Courage is the ability to execute tasks and assignments without fear or intimidation." -- Jaachynma N.E. Agu

Daily Tech Digest - September 15, 2019

Gartner: Get ready for more AI in the workplace

automation iot machine learning process ai artificial intelligence by zapp2photo getty
AI will help out with the more mundane tasks managers already do. “Let's think about what managers do every day: they set schedules, assign work, do performance reviews, offer career guidance, help you access training, they do approvals, they cascade information and they enforce directives,” Cain said. “We can have AI doing a lot of that. “Your manager won't be replaced by an algorithm, but your manager will be using a lot of AI constructs to help improve and to make more efficient a lot of the routine work that they do. We think that that is going to be the combination.” There will also be more intelligence embedded in the workplace, as smart office technologies become more common, said Cain. “First of all, we are going to see workplaces have huge amounts of beacon and sensor networks woven throughout the physical workspace,” he said. “This can be used for space optimization, heating and cooling, energy use, supply replenishment [and] contextual data displays as you navigate the workplace.

Intelligent Field Instruments: The Smart Way to Industry 4.0

A key aspect in realizing a smart factory is the use of field instruments possessing intelligence—so-called smart transmitters. They support factory monitoring and diagnostics as well as networking with additional new field instruments. These transmitters can be distributed over the entire plant, different sensors can be connected, and previously unconnected parts can be monitored. The field instruments form the universal, intelligent basic unit of Industry 4.0. These units will be considered in more detail using the example of an instrument that can be employed with various sensors, such as resistance thermometers, thermocouples, and pressure sensors. Developed from the field instruments commonly in use today, smart transmitters are intelligent field instruments that are either purely loop-fed or supplied with auxiliary energy. A smart transmitter, besides containing other components, utilizes a microprocessor containing the software needed to make a transmitter smart.

How AI Is Changing Cyber Security Landscape and Preventing Cyber Attacks

How Artificial Intelligence Is Changing Cyber Security Landscape and Preventing Cyber Attacks
Organizations have to be able to detect a cyber-attack in advance to be able to thwart whatever the adversaries are attempting to achieve. Machine learning is that part of Artificial Intelligence which has proven to be extremely useful when it comes to detecting cyber threats based on analyzing data and identifying a threat before it exploits a vulnerability in your information systems. Machine Learning enables computers to use and adapt algorithms based on the data received, learning from it, and understanding the consequent improvements required. In a cybersecurity context, this will mean that machine learning is enabling the computer to predict threats and observe any anomalies with a lot more accuracy than any human can. Traditional technology relies too much on past data and cannot improvise in the way that AI can. Conventional technology cannot keep up with the new mechanisms and tricks of hackers the way AI can. Additionally, the volume of cyber threats people has to deal with daily is too much for humans and is best dealt with by AI.

7 key relationships for the transformational CIO

handshake deal vendor management hands business relationship agreement
This last relationship is one of the hardest for the CIO. Board members are often not technologically savvy and are business and/or financially minded. CIOs, on the other hand, are not typically business and/or financially minded. Nor does the CIO typically have exposure to the board of directors. Hence, the challenge with this relationship. Even so, this relationship is key for two reasons: a) differentiated company strategies rely heavily on technology and b) cybersecurity and risk. Like any relationship, relationships do not happen overnight and take time to build. Remember that relationships are one-to-one, not one-to-many. The combination of respect and trust becomes the foundation for each relationship. As the CIO, consider going to where the other person is. Do not expect or ask them to come to you. This is not a statement of physical location but rather a statement of current state. Consider where the other person is and approach the relationship from their perspective. With time, the work put into developing and nurturing these relationships will pay dividends for a long time. The effort also sets a good example for your teams to follow.

Does Education For Entrepreneurs Miss The Mark?

Particular areas of interest for entrepreneurs looking for this kind of just-in-time learning include identifying their customers and understanding their needs, developing and testing prototypes, creating value propositions, defining go-to-market strategies, determining the right profit model and learning from other entrepreneurs how they addressed these issues. In the two to four years it typically takes to launch a venture, it’s likely that founders will struggle with all of these challenges multiple times. It is not unusual for an entrepreneur to revisit these issues every two to three months and seek guidance from other entrepreneurs. This is why I joined forces with my Stanford GSB colleagues Jim Lattin and Baba Shiv to develop Stanford’s latest offering, Embark, a subscription based offering that combines frameworks and insights from our unique position in Silicon Valley with tactical steps necessary to launching or validating a sustainable business. The platform provides video advice from dozens of entrepreneurs about how to use these frameworks and is designed to support thousands of members.

What is incident response management and why do you need it?

The longer it takes an organisation to detect a vulnerability, the more likely it is that it will lead to a serious security incident. For example, perhaps you have an unpatched system that’s waiting to be exploited by a cyber criminal, or your anti-malware software isn’t up to scratch and is letting infected attachments pass into employees’ inboxes. Criminals sometimes exploit vulnerabilities as soon as they discover them, causing problems that organisations must react to immediately. However, they’re just as likely to exploit them surreptitiously, with the organisation only discovering the breach weeks or months later – often after being made aware by a third party. It takes 175 days on average to identify a breach, giving criminals plenty of time to access sensitive information and launch further attacks. As Ponemon Institute’s 2019 Cost of a Data Breach Study found, the damages associated with undetected security incidents can quickly add up, with the average cost of recovery being £3.17 million.

How Artificial Intelligence Will Transform Marketing in 2020

How Artificial Intelligence Will Transform Marketing in 2020
While one attempts to leverage the knowledge of AI to empower marketing, it also helps in fostering relevant and compelling interactions with customers, boost ROI, and affect revenue figures positively. Artificial Intelligence Marketing can function to work with a truckload of data at a much faster rate compared to any marketing team run by humans ever. Thus, finding hidden insights that affect consumer behavior, critical data points, and recognizing purchaser trends are valuable touchpoints for any marketing team to focus upon in order to develop creative content and impact strategy. Though a lot has been said about AI and the future of marketing, it is significant to understand why and how organizations are bent on implementing AI solutions for their marketing wing to prosper. Reportedly, brands who have recently adopted AI for marketing strategy, predict a 37 percent reduction in costs along with a 39 percent increase in revenue figures on an average by the end of 2020 alone. AI provides traditional marketing with tools that make way for personalized and relevant content brought at the right time to impact conversion rates for any business out there.

What Makes A Data Visualisation Elegant?

Perhaps a more sophisticated and flexible modern approach to the somewhat blunt notion of minimalism is that of “refinement”. What’s important is editing and, at times, being courageous or restrained about what you should not include or attempt to do. It’s about finding that moment — perhaps only through experience — where something just ‘feels right’. That leads me to one of my favourite German words, fingerspitzengef├╝hl, which means having an intuitive flair or instinct — a ‘finger tip feeling’ where you just know. Moritz Stefaner mentions another key German word for this discussion, “pragnanz”, as meaning “concise and on point, but also memorable and assertive… so, not minimal for minimalism’s sake, but maximally effective with minimal effort”. Refinement is about being decisive. Possessing the clarity of vision and caring for the little details. This conveys to your viewer that your work has been thought-through and thought-about.

Anomaly detection methods unleash microservices performance

Traditional single or simple n-tier applications require platform and performance monitoring, but microservices add several logical layers to the equation. Along with more tiers come the y and z axes of the scale cube, including Kubernetes or another cluster manager for containers; a service layer and associated tools, such as the fabric and API gateways; and data and service partitioning across multiple clients. To detect and analyze performance problems, begin with the basics of problem identification and cause analysis. The techniques described here are relevant to microservices deployments. Each aims to identify and fix the internal source of application problems based on observable behavior. A symptom-manifestation-cause approach involves working back from external signs of poor performance to internal manifestations of a problem to then investigate likely root causes.

Why the founder of Apache is all-in on blockchain

Data container block with hexagons
As a result, "blockchain technology seemed urgent to get involved in [and] that lined up with these idealistic and pragmatic impulses that I've had—and I think other people in open source have had," he adds. Specifically, it was the emergence of a set of use cases beyond programmable money that drew in Behlendorf. "I think the one that pulled me in was land titles and emerging markets," he recalls. It wasn't just about having a distributed database. It was about having a distributed ledger that "actually supported consensus, one that actually had the network enforcing rules about valid transactions versus invalid transactions. One that was programmable, with smart contracts on top. This started to make sense to me, and [it] was something that was appealing to me in a way that financial instruments and proof-of-work was not." Behlendorf makes the point that for blockchain technology to have a purpose, the network has to be decentralized. For example, you probably want "nodes that are being run by different technology partners or … nodes being run by end-user organizations themselves because otherwise, why not just use a central database run by a single vendor or a single technology partner?" he argues.

Quote for the day:

If you can't handle others disapproval, then leadership isn't for you. -- Miles Anthony Smith

Daily Tech Digest - September 14, 2019

Chinese APT Group 'Thrip' Powers Ahead

Chinese APT Group 'Thrip' Powers Ahead
Thrip continues to attack the same types of organizations as when Symantec researchers first discovered the group in June 2018. What caught the researchers' attention last year was the group's targeting of a satellite communications operator, infecting computers that included software designed to monitor and control satellites. ... The 12 attacks that Symantec attributes to Thrip since it was first detected have spanned targets in maritime communications, education and the media in addition to the military and satellite communications, researchers say. "Thrip seems to be leaning, like most other targeted attacking entities, toward usage of clean tools in-built into the operating system," Thakur says. "This is critical for Thrip as their targets over the past couple years have spanned satellite operators, defense contractors and militaries of countries. Maintaining presence on such sensitive networks requires the attackers to avoid reliance on custom, low-prevalence malicious files. In one sense, Thrip has evolved in their tools and procedures over the past year. Their targets continue to remain high-profile by anyone's standards."

Sandboxie becomes freeware, soon-to-be open source

“Sandboxie has never been a significant component of Sophos’ business, and we have been exploring options for its future for a while,” Seth Geftic, the Director of Product Marketing at Sophos, explained. “Frankly, the easiest and least costly decision for Sophos would have been to simply end of life Sandboxie. However, we love the technology too much to see it fade away. More importantly, we love the Sandboxie community too much to do that.” So, they decided to open-source it. They are still working on the details of making the transition but, in the meantime, they decided to make all premium features of Sandboxie free. To that end, they have released v5.31.4 of the software, which does not restrict any features. It can be downloaded here. The software supports Windows 7 through 10, all major browsers, Microsoft’s Office suite, PDF and multimedia files. Versions up to 5.22 support Windows XP.

Google: We've changed search rankings to reward 'original news reporting'

"This means readers interested in the latest news can find the story that started it all, and publishers can benefit from having their original reporting more widely seen," wrote Gingras. However, Google hasn't described how these changes will direct more search traffic to original stories. For example, whether original stories would stay longer in the Top Stories section at the top of search results. Gingras told the New York Times that the changes are intended to serve Google's interest in engaging its users. "We do everything here with Google Search and Google News to continue to earn and retain the trust of our users," he told the publication. The change also comes as 50 US state attorney generals mount an antitrust investigation into the company's advertising business.  For the time being, most publishers will have to just wait and observe how Google's changes impact them, since Google doesn't actually have a clear definition of original reporting when it comes to search rankings. That's somewhat understandable, given that even original stories are often built on top of earlier reports from other publications, while other reports can provide background and context that wasn't included in the breaking story.

Azure Data Lake Analytics and U-SQL

Even though big data and Hadoop technologies are more than a decade old now, big data and big data analytics are more relevant than ever. While the initial version of Hadoop was only able to handle batch workloads, now Hadoop ecosystem has tools for other use cases like structured data, streaming data, event processing, machine learning workloads and graph processing. While Hadoop ecosystem has a bunch of tools like Hive, Impala, Pig, Storm, and Mahout to provide the complete set of features, newer data analytics framework like Spark have an integrated approach to handle different types of workloads. Azure Data Lake Analytics, or ADLA, is one of the newer big data analytics engines. ADLA is Microsoft’s fully managed, on-demand analytics service on Azure cloud. Together with Azure Data Lake Storage and HDInsight, Azure Data Lake Analytics forms the complete cloud hosted data lake and analytics offering from Microsoft. Azure Data Lake Analytics introduces a new big data query and processing language called U-SQL.

The use of AI in robotics and hardware — what CTOs need to know

The use of AI in robotics and hardware: what CTOs need to know image
“In truth, the fears around humans losing their jobs to robots are, for the most part, unfounded. When one thinks about this, for every complex task resolved, there will always be another more difficult one set to appear, so the advancements made in robotics will leave humans free to focus on more pressing and important jobs. This, in turn, will naturally upskill the workforce and ensure it is better equipped to deal with future problems that arise.” While this is true to an extent, it is difficult to imagine a taxi or lorry driver being able to run the software of an autonomous fleet ahead of a wide-eyed tech graduate or tech professional. Where will the automation age leave those whose careers have been forged in manual intensive roles? Organisations will have to invest more time and effort into helping employees develop new skills — they can’t be left behind. “It is an economic shift that has be planned and take action progressively,” Espingardeiro agrees. “Yes, the ethical standards are crucial but most importantly it’s how we shape the foundations and how we put it into practice that will make the real difference.”

Artificial intelligence: The future IT help desk

Today, the average IT support ticket takes three calendar days to resolve. This process is painfully slow largely because it's managed by a long chain of people. Also, employees are very good at describing their problem — whether it's resetting a password, unlocking an account, getting a license for an application, or getting an answer to a simple question — but they don't always know what system to access to resolve the issue. We have IT help desk people that handle this type of diagnosis. But IT teams still spend far too much time working on highly repetitive tasks when they'd rather focus on more strategic parts of the business. ... On the backend, IT support has made some progress. It's at least looking better than it did 10 years ago. But not nearly enough has changed. The reason is that most IT ticketing and portal systems are unable to make the direct connection between what the employee needs and the mechanism to trigger the resolution. Current solutions focus on providing workflows to route and manage ticket queues, leaving the actual work of interpretation and understanding to IT service desk agents. It's also because the systems deployed today don't actually do the work to resolve the issue.

Cognitive computing is a game changer for HR

What can chatbots do for HR? … Free HR professionals’ time so they can focus on more value-added (and potentially meaningful) work by consolidating and simplifying a variety of HR tasks, such as open enrollment, PTO management, scheduling, time entry, and feedback processes. … Ease talent acquisition and lighten the load of recruiters and sourcers by fielding prospect and candidate questions and automating screening and interviewing processes. … Simplify onboarding new hires by guiding them through the necessary admin steps. … Drive a consumer-grade employee experience as part of a self-service digital gateway that gives employees access to all of their HR programs and services, from benefits to learning & development resources to internal mobility options and more. This type of digital workplace tool (Deloitte’s ConnectMe is an example) can also function as a digital assistant to complete requests and transactions, as well as a social platform for connecting with co-workers.

Why The Cybersecurity Skills Gap Won't Be Solved In The Classroom

The world is desperate for cybersecurity talent, yet the sector limits entrants and clings to obsolete training methods. As the skills gap grows and organizations become increasingly vulnerable to ever-more complex threats, the need for a diverse pool of cybersecurity experts to learn in real time, rather than a classroom, strengthens. The way that cyber talent is taught – at university and during training – is no match for the evolving threat landscape. Static measurements of skills, such as certification and periodic training, cannot keep pace with new threats that even the savviest security teams are unfamiliar with. The barrage of 24-hour threat intelligence is increasingly disconnected from the skills of these security teams, meaning badly trained defenders are simplifying attackers’ jobs. In my time at GCHQ I learnt that the best cyber talent is creative and curious; they develop by breaking things and thinking on their feet, not sitting in classrooms and learning passively. Unfortunately, this jars with traditional training methods, which is one of the factors contributing to an unnecessary talent drain.

The True Cost of Data

Marketers are mesmerised by its potential and with no obvious limit to the number of data points you can collect on target customers for the purposes of advertising or sales conversion, it’s easy to see why. Data has always been useful, but in an analogue world it was expensive to gather. In a digital world, it is infinitely easier to collect, combine and then mine with AI. Google, Facebook and other social companies have become a dominant oligopoly by collecting data-by-stealth and thereby controlling global advertising and more with their data-based business model. The advent of GDPR has brought this oligopoly under a spotlight, but other organisations who have shared BigTech’s addiction to customer data are finding it a tough habit to control. This is particularly true for brands that have relied on collecting customer data to build profiles to personalise customer experiences, such as those in retail or the travel sector. Recent high profile fines however are a stark reminder that addictions come with risks attached. Google itself was the first to come under fire when they were fined EUROS 50 million by France’s data protection supervisory authority – CNIL – for lack of transparency, inadequate information, and lack of valid consent regarding personalisation of ads.

Cyber-Intelligence Firm NSO Group Tries to Boost Reputation

NSO's critics say the company still has a lot of work to do to clean up its reputation. Siena Anstis, a senior legal adviser with Citizen Lab, took to Twitter to call out several problems that NSO still has, including a lack of disclosure over who buys the company's tools and whether governments that use NSO's service have a history of human rights abuses."Citizen Labs and Amnesty [International] research shows spyware is abused and deployed against human rights defenders, civil society and journalists. NSO Group has made no commitment to refusing to sell to states with records of such abuses," Anstis wrote on Twitter. ... "While on the surface it appears a step forward, NSO has a track record of refusing to take responsibility," Ingleton says. "The firm has sold invasive digital surveillance to governments who have used these products to track, intimidate and silence activists, journalists and critics." NSO did not respond to a request for comment.

Quote for the day:

"People seldom improve when they have no other model but themselves." -- Oliver Goldsmith

Daily Tech Digest - September 13, 2019

How 6G will work: Terahertz-to-fiber conversion

How 6G will work: Terahertz-to-fiber conversion
Upcoming 6G wireless, superseding 5G and arriving possibly by 2030, is envisaged to function at hundreds of gigabits per second. Slowly, the technical advances needed are being made. A hole in the tech development thus far has been at the interface between terahertz spectrum and hard, optical transmission lines. How does one connect terahertz (THz), which is basically through-the-air spectrum found between microwave and infrared, to the transmission lines that will be needed for the longer-distance data sends? The curvature of the Earth, for one thing, limits line of sight, so hard-wiring is necessary for distances. Short distances, too, can be impeded by environmental obstructions: blocking by objects, even rain or fog, becomes more apparent the higher in spectrum one goes, as wavelengths get shorter. ... The fiber-terahertz connection in 6G, though, isn’t the only area that must be addressed over the next few years. Spatial multiplexing also needs to be mastered at terahertz to get the kinds of throughputs desired, experts say. Spatial multiplexing is where individual data signals are beamed out in streams. Every bit of the bandwidth thus gets used and reused continually, introducing bandwidth efficiency.

Ultimate Guide to Become a REAL Programmer

As a beginner, mostly you are a learner in addition to the developer. In programming, your learning will never end. But as a junior, you will have to learn even more. Learning and impostor syndrome are closely related and one of the reason is that learning is a sole journey. People around could guide you but in the end, it is you who has to go through the fire. This sole journey amplifies the negative feelings and developers get demotivated and think of themselves as incompetent. Beware it is impostor syndrome. ... It is very difficult to keep yourself motivated. You may feel motivated by reading about a top performer having impostor syndrome but it will not last. I have created a tool of motivation that you can use it to keep your motivation up on-demand. I created it by documenting my progress. I use my journal to document my progress. Here is the step-by-step guide to documenting your progress. At the end of the quarter and year, I review my past progress with the help of my journal. I always get amazed by looking at the projects I have completed.

Microsoft's October 2 event will be about more than just new Surface devices

There's some speculation as to whether Microsoft also could introduce a new Surface-branded portable speaker at the event. It seems as if this device would be more business-focused and built around Microsoft's Teams group-chat service based on some hints in a recent patent filing. As one of my readers speculated, maybe such a device also could be used with "Teams for Life," an as-yet-unannounced (but expected) version of Teams that Microsoft could offer for families. I'd think if and when Teams for Life becomes available, it could be a cornerstone for Microsoft's expected Microsoft 365 Consumer subscription bundle. The biggest question in the minds of many of us Microsoft watchers is what, if anything, Microsoft will say about its still unofficially acknowledged "Windows Lite" OS, which is expected to be a ChromeOS competitor. Microsoft has been building a dual-screen PC, codenamed "Centaurus," which could be one of a number of different Microsoft and third-party devices to run Lite OS. Microsoft recently showed off advanced renders of Centaurus at an internal meeting, but my contacts say the device is still quite a way from being commercialized.

Organizations And Customers Opting For Passwordless Future: Study

Organizations and customers opting for passwordless future: Study - CIO&Leader
A dangerous side-effect of password forgetfulness is the use of easily guessable (AKA hackable) passwords. A weak password not only puts consumer data at risk—it puts the companies that hold this data at risk, too. Some extra authentication methods may include a notification email sent to the user or administrator. Here are some ways they do this ... CIAM software allows you to connect your app or website to a 3rd party provider that your customer uses. This way, your customers can sign in to your app or website using their existing credentials instead of creating a new password. Ex: Sign In with Apple. Therefore, anyone who uses Apple will never have to remember a password when connecting to integrated 3rd-party apps. In addition, users can hide their emails, allowing for greater privacy and security. A common example of BYOI is social login, where a customer may use Facebook or other social platforms to access a website or app ... Instead of asking people what they know (passwords), many enterprises are using authentication methods based on what people have—their smartphones. The common term for this is SMS-based authentication.

IoT will dominate Bluetooth market in 2024

Both Wi-Fi and Bluetooth will still rely on smartphones for the majority of its business, but in five years ABI reported that smartphones will represent less that 30% of the market. "Bluetooth will continue to grow in other areas, such as speakers, headsets, mobile, and PC accessories, and both technologies will continue to push into other consumer electronics devices such as connected toys and home entertainment. However, IoT is beginning to take an increasingly significant share of the market," said Andrew Zignani, principal analyst for ABI. The study laid out a number of different sectors that will begin to take larger shares of the Bluetooth and Wi-Fi markets as we move into the 2020s. ABI predicts that asset management, and device location tools will grow to become 8.5% of the Bluetooth market by 2024. These kinds of devices are mainly beacons or trackers, which will become more prevalent as factories turn more to robotic equipment. Smartwatches, activity trackers, and smart clothing will also drive sections of the Bluetooth market, with ABI predicting that there will be at least 400 million Bluetooth-enabled wearable devices by 2024. 

Secret CSO: Ryan Weeks, Datto

Secret CSO: Ryan Weeks, Datto
The shortfall of qualified InfoSec candidates is a real problem. If I can work closely with my team and those in supporting functions to expand their potential and grow their capability then that pays dividends for the cybersecurity programme and ultimately keeping data and systems safe from intrusion. ... I find qualified Intrusion Analysts and Experienced Penetration Testers to be difficult roles to fill, taking on average six months to find a suitable fit. I have built relationships with universities that have cybersecurity programmes and find that building a pipeline of talent from universities through mentoring, internships, ... In cybersecurity you can never stop learning. We have to stay aware of the latest trends and attacker tactics. I find podcasts, news articles, on-the-job experience, career development events, and peer groups to be a large source of continuous learning. ... Managing people is ‘real' work. A friend, who knew my propensity for individual contribution, challenged me with this statement and it helped me to focus on growing those around me as much as achieving outcomes independently. It gave me perspective that created balance at a key time in my career.

Top 3 Misconceptions About SD-WAN

istock 482453586
While you may find some areas where you can replace MPLS with a less costly service, there’s no guarantee that operational costs will be reduced with SD-WAN, especially if you add additional connections to some or all sites. “We don’t see spend immediately go down with SD-WAN. Rather, it stays the same or maybe increases,” because companies add services, Lawson says. “But it does provide more efficient bandwidth utilization and is a more efficient way to grow your network.”  Zeus Kerravala, founder and principal analyst with ZK Research, agrees. “If the business ditches its MPLS and replaces it with broadband, then the transport costs will certainly drop. In most of the implementations I have seen, though, the company keeps the MPLS and buys broadband to augment that network, which results in a net higher cost,” he writes in Network World. You may see reduced capital costs, however, since SD-WAN doesn’t require routers or switches; it’s delivered via an appliance or even as a virtual service.

Researchers invent cryptocurrency wallet that eliminates ‘entire classes’ of vulnerabilities

What makes Notary different is a set of hardware fail-safes designed to mitigate successful cyberattacks. Known as "reset-based switching," the wallet will reset the CPU, memory, and other hardware components when a user switches between one app to another. "The goal of this approach is for applications to be more strongly isolated from one another so that the security of apps in the wallet is not threatened if a single app is hacked or has a vulnerability," MIT says.  Reset-based switching is intended to remove the threat of vulnerability classes by changing the infrastructure of a device to act as a multiple computer system. Notary runs management code on one system and applications on another -- and so when task-switching occurs, the management console resets the application computer fully before booting up another app.  By using physically separate systems-on-a-chip, this could nullify threats such as Rowhammer. The research team says that due to reset-switching, memory errors -- especially those involving vulnerable memory protection units able to break app isolation, can be avoided. MPUs in themselves are not used, in favor of physically separate domains and resets.

Government Agencies Field More Cybersecurity Maturity Models 

As defined by DOE, "a maturity model is a set of characteristics, attributes, indicators, or patterns that represent capability and progression in a particular discipline," so organizations can identify their maturity level and then next steps for improvement. "Model content typically exemplifies best practices and may incorporate standards or other codes of practice of the discipline." ... Caltagirone at Dragos says the release of C2M2 and upcoming CMMC point to increasing cybersecurity maturity across multiple sectors and the importance of better sector-specific guidance. "Cybersecurity, and cybersecurity in critical infrastructure, is such a new domain that the proliferation of models and frameworks such as C2M2 is expected, and welcomed," he says. "It seems as if new models are created every day, and they are, but that is a sign of progress - that we recognize deficiency and work to improve it. The industry should have as many descriptive and supportive models as possible as none are perfect, but we should strive for few prescriptive models. ... "

Best Practices for Event-Driven Microservice Architecture

Of course, event-driven architectures have drawbacks as well. They are easy to over-engineer by separating concerns that might be simpler when closely coupled; they can require significant upfront investment; and often result in additional complexity in infrastructure, service contracts or schemas, polyglot build systems, and dependency graphs. Perhaps the most significant drawback and the challenge is data and transaction management. Because of their asynchronous nature, event-driven models must carefully handle inconsistent data between services, incompatible versions, watch for duplicate events, and typically do not support ACID transactions, instead of supporting eventual consistency which can be more difficult to track or debug. Even with these drawbacks, an event-driven architecture is usually the better choice for enterprise-level microservice systems. The pros—scalable, loosely coupled, dev-ops friendly design—outweigh the cons.

Quote for the day:

"Trust is the lubrication that makes it possible for organizations to work." -- Warren G. Bennis