Daily Tech Digest - January 24, 2019

The team used a graph convolutional neural network — an algorithm that operates on nodes, edges, properties, and other graph structures — to model the statistical relationship among parking locations, traffic flow, parking demand, road links, and parking blocks. Together with a recurrent neural network with long-short term memory (LSTM) — a type of AI algorithm capable of learning long-term dependencies — and a multi-layer decoder, the system extracted parking information from traffic-related data sources (such as parking meter transactions, traffic speed, and weather conditions) and output occupancy forecasts. The researchers trained it on data sourced from the Pittsburgh downtown area, which they note has 97 on-street parking meters across 39 street blocks. Historical parking stats came from the Pittsburgh Parking Authority, while connected car company Inrix’s Traffic Message Channel and Weather Underground’s API supplied traffic speed data and hourly weather reports, respectively.

Evidence-Based Management Guide - Updated

Most organizations need to start by looking at the value they deliver today, or Current Value. Organizations often use revenue to measure this, and if you can measure it instantaneously, it’s not a bad measure; for example, if you are selling items online, by knowing daily sales, or even moment-to moment sales, it can give an organization some sense of the value that customers experience. A better measure is actual customer satisfaction, since sometimes people buy things they never end up using, or buy things only because they have no better alternatives. Measures like Net Promoter Score (NPS), if measured as close to the actual experience as possible, can give a better indicator of value. Even measures that simply show how often a feature is used, and for how long, can give a better picture of what customers value, than does revenue. Going deeper, measures that give insight into why the customer is using the product are even better and can serve as true aligning measures of success. For example, we’ve worked with a company that helps organizations process their insurance claims.

Multi-vector attacks target cloud-hosted technologies

10 cloud security breach virtualization wireless
Attackers often break in by exploiting unpatched vulnerabilities or insecure configurations in services like the Redis data structure store, the Apache Hadoop big-data processing toolset or the Apache ActiveMQ messaging middleware. They also launch brute-force password guessing attacks against a large number of services including MySQL, MongoDB, Memcached, CouchDB, PostgreSQL, Oracle Database, ElasticSearch, RDP, VNC, Telnet, RSync, RLogin, FTP, LDAP and more. One of the most commonly used malware tools observed in attacks against cloud-hosted services is the XBash worm, which first appeared in May 2018. This malware is used to infect both Windows and Linux servers and deploys additional payloads depending on which OS is running. XBash is typically associated with a cybercriminal group known in the security industry as Iron. However, another group called Rocke is also using an XBash variant and has recently been in the news after it started disabling cloud security and monitoring agents.

Linux’s Hyperledger to give developers supply chain building blocks

binary chains / linked data / security / blockchain
"What attracts many organizations to blockchain technology is the possibility of sharing data across corporate boundaries while maintaining a high degree of rigor and accuracy," said Robert Beideman, a vice president with the GS1 standards organization. Last week, SAP launched a blockchain-based a supply chain tracking service that will enable drug wholesalers to authenticate pharmaceutical packaging returned from hospitals and pharmacies. The Linux Foundation described its Hyperledger Grid project as a framework, not a blockchain or an application. "Grid is an ecosystem of technologies...that work together, letting application developers make the choice as to which components are most appropriate for their industry or market model," the Grid project said in a blog post. Grid includes a set of libraries, data models and SDKs to accelerate development for supply chain smart contracts and client interfaces. (Smart contracts are self-executing code based on pre-determined business agreements.

Financial Services and Social Value Can Mix

Many of the problems facing our society come from a lack of social cohesion. Social inequality affects us all. In global terms, economic conditions may have improved, but in real terms, when examined at an individual level within a particular country, inequality can be felt more and more. This perceived impact goes some way toward explaining the recent appearance of populist movements, which is one of the biggest threats to economic development. Any form of populism will always work against the stability that we need. Another significant concern, which is in effect also an opportunity, is social and technological disruption. If we don’t tackle this issue properly, it’ll put an end to insurance as we know it. Consumer profiles and society have changed dramatically, and people expect and demand more from companies. Young people expect companies to be much more committed, more socially active, and more transparent.

Business failing to see strategic value of cyber security

Security professionals said boards perceive them as functional but not as a force for competitive advantage, with 56% saying they feel restricted by the board and only 41% reporting that their organisations have a CISO in place on the board.  Although the security team can be instrumental in business transformation, only 44% believe that the C-suite sees them as a positive force for innovation, and just one in 10 respondents (13%) believe that the board sees them as helping the company to gain a competitive advantage.  The findings suggest that boards may be paying lip service to IT security teams, as there is a disparity between what the board says and how this translates into investment. While 87% of security professionals believe that the board listens to them and values their input, a considerable proportion (62%) believe that the board can’t always see the business case for security investments.

AIOps tools supplement -- not supplant -- DevOps pipelines

AIOps tools enable an IT organization's traditional development, test and operations teams to evolve into internal service providers to meet the current and future digital requirements of their customers -- the organization's employees. AIOps platforms can also help enterprises monitor data across hybrid architectures that span legacy and cloud platforms, Grabner said. These complex IT environments demand new tools and technologies, which both require and generate more data. Organizations need a new approach to capture and manage that data throughout the toolchain -- which, in turn, drives the need for AIOps tools and platforms. AIOps can also be perceived as a layer that runs on top of DevOps tools and processes, said Darren Chait, COO and co-founder of Hugo, a provider of team collaboration tools based in San Francisco. Organizations that want to streamline data-intensive, manual and repetitive tasks -- such as ticketing -- are good candidates for an AIOps platform proof-of-concept project.

Desktop-as-a-Service: The new frontier for end user computing?

Desktop-as-a-Service: The new frontier for end user computing? image
The workspace strategy has evolved. It was static, but has been transcended through a hardware refresh. It is now in what Hill calls “an adaptive phase, which represents a shift to software modernisation and innovation”. Still, however, this transition to adaptive, is a mixed experience if you try and traverse these platforms. In this adaptive phase, DaaS and VDI are often conflated. VDI is a technology and DaaS is a service — an off-premise workspace on-demand via a provider. Here, the responsibility of security can be unclear: the customer, service provider, tooling provider or infrastructure platform provider? ... Workspace analytics will drive innovation and transformation, by enabling the identification of new devices: monitoring them, assessing them and adapting to them. Machine learning will play a huge roll in this more pervasisve analytics strategy, which will enable the next stage of continuous improvement across three channels.

What is malware? Viruses, worms, trojans, and beyond

binary code, magnifying lens, skull and crossbones
Antivirus softwareis the most widely known product in the category of malware protection products; despite "virus" being in the name, most offerings take on all forms of malware. While high-end security pros dismiss it as obsolete, it's still the backbone of basic anti-malware defense. Today's best antivirus software is from vendors Kaspersky Lab, Symantec and Trend Micro, according to recent tests by AV-TEST. When it comes to more advanced corporate networks, endpoint security offerings provide defense in depth against malware. They provide not only the signature-based malware detection that you expect from antivirus, but anti-spyware, personal firewall, application control and other styles of host intrusion prevention. Gartner offers a list of its top picks in this space, which include products from Cylance, CrowdStrike, and Carbon Black. It's fully possible—and perhaps even likely—that your system will be infected by malware at some point despite your best efforts.

Why Do We Need Architectural Diagrams?

The main beneficiary should be the team (developers, test engineers, business analysts, devops, etc.) who have direct involvement in the project. In my experience, outside of the team, there are very few stakeholders who really care about documentation. In the best case, they might be interested in one or two high-level diagrams (e.g. context diagram, application or software component diagram) which roughly describe the structure of the system and give a high-level understanding of it. However, most of the time we fail in identifying the real beneficiaries and their real needs and try to create too much documentation. This quickly becomes a burden to maintain and is quite soon outdated. In other cases, we just simply omit to create any kind of diagram because there is no time, no specific interest, or nobody wants to take on this responsibility. Besides this, the Agile Manifesto prescribes that teams should value working software over comprehensive documentation, which discourages cumbersome documentation processes

Quote for the day:

"A true dreamer is one who knows how to navigate in the dark" -- John Paul Warren

No comments:

Post a Comment