Daily Tech Digest - November 21, 2019

California's IoT Security Law: Why It Matters And The Meaning Of 'Reasonable Cybersecurity'

uncaptioned
According to the law, a reasonable security feature must be “appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.” The law is specific about security as it relates to authentication for devices outside a local area network, stating that “the preprogrammed password is unique to each device manufactured” and “the device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.” As you can see, guidance included as part of the law is specific to authentication, and it remains vague regarding other reasonable cybersecurity measures that are necessary beyond password management. However, companies can look to prior guidance for clarity, which defines compliance with the 20 security controls in the CIS Critical Security Controls for Effective Cyber Defense as the "floor" for reasonable cybersecurity and data protection.



Serverless HTTP With Durable Functions

Durable functions rely on a main orchestrator function that coordinates the overall workflow. Orchestrator functions must be deterministic and execute code with no side effects so that the orchestration can be replayed to “fast forward” to its current state. Actions with side effects are wrapped in special activity tasks that act as functions with inputs and outputs and manage things like I/O operations. The first time the workflow executes, the activity is called, and the result evaluated. Subsequent replays use the returned value to ensure the deterministic code path. Until the release of version 2.0, this meant interacting with HTTP endpoints required creating special activity tasks. As of 2.0, this is no longer the case! Now, with the introduction of the HTTP Task, it is possible to interact with HTTP endpoints directly from the main orchestration function! The HTTP Task handles most of the interaction for you and returns a simple result. There are some trade-offs.


Google's new AI tool could help decode the mysterious algorithms that decide everything


Users can pull out that score to understand why a given algorithm reached a particular decision. For example, in the case of a model that decides whether or not to approve someone for a loan, Explainable AI will show account balance and credit score as the most decisive data. Introducing the new feature at Google's Next event in London, the CEO of Google Cloud, Thomas Kurian, said: "If you're using AI for credit scoring, you want to be able to understand why the model rejected a particular model and accepted another one." "Explainable AI allows you, as a customer, who is using AI in an enterprise business process, to understand why the AI infrastructure generated a particular outcome," he said. The explaining tool can now be used for machine-learning models hosted on Google's AutoML Tables and Cloud AI Platform Prediction. Google had previously taken steps to make algorithms more transparent. Last year, it launched the What-If Tool for developers to visualize and probe datasets when working on the company's AI platform.


The cybercrime ecosystem: attacking blogs

Thirty-seven percent of the top 40 blogs in Sweden where running an outdated version of WordPress, with the oldest version being from 2012, vulnerable to a lot of exploits—even full remote code execution allowing the attacker to compromise not just the WordPress installation, but the server it is running on, too. When checking the server hosting this extremely old WordPress installation, I found that 13 other websites were running on the same server. Most of the outdated WordPress installations where from 2018. As mentioned before, this is a very common way for cybercriminals to spread malware, but how does it work in real life? After the WordPress site is compromised, the most common technique is to redirect the user to a so-called exploit kit. This is a system which will enumerate the browser, and if a list of requirements is met, deliver the malicious payload to the victim. For example, some of the requirements may be to exploit a certain browser only, if the exploit kit only has exploits for Firefox. In that case, nothing will happen if you visit the website in Chrome or Internet Explorer.


cloud network blockchain bitcoin storage
"These services may be half the price of Amazon S3, but they’re 100 times greater risk given the decentralized nature of the storage and the nascent companies behind them," Bala said via email. "Comparatively, AWS is a trusted provider with 10s of exabytes under management. I am also very skeptical of the performance claims being made relative to S3, particularly when objects need to be rebuilt in case a peer in the storage network disappears." Cloud storage provider Backblaze offers capacity through its B2 service at a quarter the price of Amazon AWS, but without the risk a P2P architecture poses, Bala said. "B2 is built and operated by sophisticated people from a technical perspective with a successful track record. So one need not use a P2P storage service just to save money," Bala said. Bala also criticized P2P-based storage services for claiming to use blockchain's innate cryptography and resilliency when, in fact, the distributed ledger technology is only used for the purposes of payment.


How to Build a Regex Engine in C#

This is an ambitious article. The goal is to walk you through the building of a fully featured regular expression engine and code generator. The code contains a complete and ready to use regular expression engine, with plenty of comments and factoring to help you through the source code. First of all, you might be wondering why we would develop one in the first place. Aside from the joy of learning how regular expressions work under the hood, there's also a gap in the .NET framework's regular expression classes which this project fills nicely. This will be explained in the next section. I've previously written a regular expression engine for C# which was published here, but I did not explain the mechanics of the code. I just went over a few of the basic principles. Here, I aim to drill down into a newer, heavily partitioned library that should demystify the beast enough that you can develop your own or extend it. I didn't skimp on optimizations, despite the added complication in the source. I wanted you to have something you could potentially use "out of the box."


Under the microscope: inbound versus outbound email protection

email security
Times change, technologies continue to evolve, and yet email remains the easiest avenue of attack for cybercriminals looking to hack into your business Need convincing? Well, in 2018 94% of malware attacks were deployed by email, 78% of cyber espionage incidents used phishing, and 32% of all reported breaches involved phishing (let’s not dwell too much on the possible scale of unreported breaches). The truth is that email has been the easiest avenue of attack for at least two decades and, unless there are some fundamental changes in how the problem is addressed at a global level, it will probably remain so for another decade. In the meantime, businesses continue to look for ways of increasing their level of inbound protection – deploying security products that attempt to block access to infected sites or identify unsavoury email content before it reaches the recipient. These products come in many different shapes and sizes and are then augmented by a ‘human shield’, i.e. the vigilance of the employees to spot phishing scams and fraudulent messages that have outwitted the technology.


Q&A on the Book Rebooting AI

There are many legitimate concerns about AI. People with bad intentions - criminals, terrorists, militaries carrying out war, authoritarian governments carrying out surveillance - will undoubtedly misuse it, as they do every powerful technology. People, both in the general public and in positions of authority, are apt to trust it too much. Unless it is audited very carefully, AI can perpetuate existing social biases, as we've seen in many scandals over the last decade, such as the Amazon job recruitment program that was unshakably biased against women applicants.But our largest concern is that the great potential of AI that could benefit mankind will end up unrealized: first, because people will be frightened by the dangers and, after a certain point, discouraged by the limitations and failures of existing AI; and, second, because AI research, fixated on the short-term successes of machine learning, will fail to explore other approaches that have longer-term payoffs but a greater benefit in the long term.


IoT sensors must have two radios for efficiency

Maersk container ship / shipping containers / abstract data
For the Internet of Things to become ubiquitous, many believe that inefficiencies in the powering of sensors and radios has got to be eliminated. Battery chemistry just isn’t good enough, and it’s simply too expensive to continually perform truck-rolls, for example, whenever batteries need changing out. In many cases, solar battery-top-ups aren’t the solution because that, usually-fixed, technology isn’t particularly suited to mobile, or impromptu, ad hoc networks. Consequently, there’s a dash going on to try to find either better chemistries that allow longer battery life or more efficient chips and electronics that just sip electricity. An angle of thought being followed is to wake-up network radios only when they need to transmit a burst of data. Universities say they are making significant progress in this area. “The problem now is that these [existing] devices do not know exactly when to synchronize with the network, so they periodically wake up to do this even when there’s nothing to communicate,” explains Patrick Mercier, a professor of electrical and computer engineering at the University of California, San Diego, in a media release.


Facebook: Microsoft's Visual Studio Code is now our default development platform


While Facebook is making VS Code the default developer environment, Marcey notes that Facebook does not have a "mandated development environment" and that some developers use other IDEs such as Vim and Emacs. Nonetheless, the default status for VS Code means that Facebook is backing it for its development future. "Visual Studio Code is a very popular development tool, with great investment and support from Microsoft and the open-source community," said Marcey. "It runs on macOS, Windows, and Linux, and has a robust and well-defined extension API that enables us to continue building the important capabilities required for the large-scale development that is done at the company. Visual Studio Code is a platform we can safely bet our development platform future." Facebook is also teaming up with Microsoft to improve the remote-desktop experience with VS Code via remote development VS Code extensions. Microsoft in May announced previews of three extensions that enable development in containers, remotely on physical or virtual machines, and with the Windows Subsystem for Linux (WSL).



Quote for the day:


"Leadership cannot just go along to get along. Leadership must meet the moral challenge of the day." -- Jesse Jackson


Daily Tech Digest - November 20, 2019

Mind-reading technology is everyone's next big security nightmare


Non-invasive systems read neural signals through the scalp, typically using EEG, the same technologies used by neurologists to interpret the brain's electrical impulses in order to diagnose epilepsy. Non-invasive systems can also transmit information back into the brain with techniques like transcranial magnetic stimulation, again already in use by medics. Invasive systems, meanwhile, involve direct contact between the brain and electrodes, and are being used experimentally to help people that have experienced paralysis to operate prostheses, like robotic limbs, or to aid people with hearing or sight problems to recover some element of the sense they've lost. Clearly, there are more immediate hazards to invasive systems: surgery always brings risks, particularly where the delicate tissue of the brain is concerned. So given the risks involved, why choose an invasive system over a non-invasive system – why put electronics into your grey matter itself? As ever, there's a trade-off to be had. Invasive systems cut out the clutter and make it easier to decode what's going on in the brain.



Mobile security perceptions don't approach reality

Security  >  Binary lock + circuits
Banks, for very good reasons, keep as many details about their security programs secret for as long as they can. So how can consumers claim to switch businesses based on information that they can't possibly access? The bottom line is that they can't. But — and here's where Molly Hetz, an Iovation product marketing manager and the main author of the report, makes a useful observation — those consumers can make such a decision based on their perception of security. And that's where things get tricky. Consider: One of the best security and authentication approaches today is continuous authentication, where the system considers typing speed, typing pressure (for mobile devices), IP address, time of access, what files are being accessed, duration of session, typing accuracy (number of typos per minute), etc. — and compares all of it against a profile of a session that presumably was of the actual user associated with those credentials. The best part about continuous authentication is that it's indeed continuous, meaning that it won't theoretically be fooled by an attacker who does everything properly and within character for 10 minutes and then does the evil things that the attacker always planned to do.


Technical Debt: How to Balance Between the Velocity of Production and Code Quality?

Balance
It is also important to create a road map of tech debt projects and evaluate the risks so the company can plan accordingly. According to Dmitriy Barbashov, the Chief Technology Officer at QArea, a service-level agreement might help as well. “I would say that transparent SLA established and agreed with developers would be a good reference point for them,” he notes. It goes without saying that striving for perfection in development is not always the right choice. For example, if a startup is building its first prototype, quickly created MVP minimizes the risk of investing much effort into an idea that won't work. Developers should be very careful when trying to deliver features rapidly or make some quick fixes. On one side, investing time in a solid foundation may help build new features in the future. On the other side, some hacky fixes or some cheapest and fastest solutions may accumulate and turn into too much technical debt. Like in many aspects, smooth communication plays an important role in finding and proving the balance between code quality and speed. Open conversation between executives and developers is crucial.


The leader’s secret weapon: Listening


Listening can be particularly challenging for anyone in a management or leadership position, given all the pressures they face. Dozens of unread emails pile up by the hour, and calendars are a wall of back-to-back meetings. It can be hard to be present in the moment. But listening is not just a nice-to-have skill for senior executives; it is essential for effective leadership for two distinct reasons. First, to navigate the disruptive forces roiling every industry, leaders realize they need to build a team that brings a diversity of perspectives and experiences to the challenges their company faces. Getting this right is just the start. Once they have assembled a diverse team, leaders then have to draw out opinions with intentional listening. Leaders can remind themselves in these team meetings of the WAIT acronym, which stands for “Why am I talking?” It’s a powerful reminder for senior executives to let others share their opinions first, and also to be brutally honest with themselves about their motives for speaking when they do chime in.


How to Become a Credible IT Leader


Building credibility, like many things in life, is easier said than done. I learned a hard lesson on credibility early in my career—one that, ironically, centered on failure. At the time, we were working on a complex, massive, and difficult IT project, one which turned out to be a lot more difficult than initially anticipated, and we were struggling to meet the demanding deadlines. We were working weekends for months on end, and I drove into the office one Saturday morning with boxes of donuts for the team. But I could see on their faces and in their body language a level of stress that no amount of sugar would fix. I stood in front of the group and told them we were delaying the project. Immediately, I could sense their relief. Their bodies relaxed, their jaws unclenched, and I felt the stress leaving the room. We regrouped, set new priorities and eventually delivered the project with the key functionality necessary for the business users. After we went live with the new system, our company CEO said, “I was worried how the delay may negatively impact your reputation within the company, however, the quality of delivery proved otherwise.”


10 tips to push past your leadership comfort zone: Women in IT Award winners share

10 tips to push past your leadership comfort zone: Women in IT Award winners share image
Nicole Hu, CTO and co-founder, One Concern: As CTO, I don’t really code anymore. So the biggest strides I’ve made have been on the non-engineering aspects of my responsibilities, such as getting people to rally behind the business and managing the delicate and often complicated parts of people dynamics. It’s not just about the coding. I realized I had different shoes to fill. That really caused me to transform, because if I didn’t do it, it was going to hurt the entire team and company. I was very scared. I think that’s normal. Good support systems (your family, friends, partner) will help you believe in what you’re doing because there are days you won’t have the belief, or you’ll lose your resolve. Constantly surround yourself with people who are clear with what you want to do, have confidence in your ability to do it, and empower you to do your work. For me, the key was in realising the cost of inaction. What would happen if I didn’t step up? If I’m not loud enough in a meeting, what will happen?


Swedish hospitals suffer IT crashes


“The computers that have experienced serious crashes are spread all over the West Götaland region, in every division,” said Thomas Schulz Rohm, press secretary for the West Götaland authority. Maria Skoglöf, manager of the authority’s IT support centre, said the matter was being taken very seriously because many computers were affected. “The problem is not solved,” she said. “But the number of hard disk crashes has gone down since last week.” Skoglöf said she could not say where the problems had hit the hardest. “It is up to every division to say how they were hit and how they solved it,” she added. Staff have resorted to manual processes to alleviate the problems, said Skoglöf. “It is important to have manual routines to use when there are no computers available.” Skoglöf said that as far as she knew, the computer crashes had not affected any patients’ health.


Predicting Time to Cook, Arrive, and Deliver in Uber Eats


There’s no other way to ensure accuracy without utilizing machine learning technologies. However, challenges arise along the way with its core development. Compared with other machine learning problems, our biggest challenge is lacking ground truth data, which is pretty common in the online-to-offline (O2O) business model. However, it’s the most critical component in machine learning, as we all know "garbage in, garbage out." Another one is the uniqueness of Uber Eats as a three-sided (delivery partners, restaurants, and eaters) marketplace, which makes it necessary to take all partners into account for every decision we make. Fortunately, Uber’s in-house machine learning platform - Michelangelo has provided tremendous help in simplifying the overall process for data scientists and engineers to solve machine learning problems. It provides generic solutions for data collecting, feature engineering, modeling, serving both offline and online predictions, etc., which saves a lot of time compared to reinventing the wheels. ... The greedy matching algorithm only starts looking for a delivery partner when there’s an order coming in. The result is optimal for a single order but not for all the orders in our system from a global perspective. Therefore, we changed to the global matching algorithm so that we can solve the entire set of orders and delivery partners as a single global optimization problem.


Singapore moots regulated trading in cryptocurrencies


The regulator said: "While advancements in digital cryptography and distributed ledger technology have the potential to improve access to services, generate cost efficiencies, and spur competition between new and conventional business models, the specific use cases for digital tokens have, thus far, remained embryonic. Meanwhile, their transformative possibilities may produce new sources of risks, requiring participants and regulators to think of new ways to mitigate these risks, and retain the trust and stability in the financial sector." It noted that the trading of popular digital tokens such as Bitcoin and Ether had largely been on unregulated markets, which had been fraught with allegations of fictitious trades and market manipulation. This had spurred interest amongst international institutional investors for an alternative, regulated environment in which some of these risks could be mitigated, MAS said, adding that Bitcoin futures, for instance, currently were listed an traded on the US futures exchanges.  The Singapore regulator last year had warned eight cryptocurrency exchanges against engaging in unauthorised trading, specifically, those involving securities or futures contracts.


certification education knowledge learning silhouette with graduation cap with abstract technology
While the number of jobs related to blockchain and cryptocurrencies such as bitcoin has skyrocketed in the past four years, the number of searches for those jobs has drastically dropped recently, according to job search site Indeed. Over the past year, the share of cryptocurrency- and blockchain-related job postings per million has slowed on Indeed, increasing 26%. At the same time, the share of searches per million for jobs in the field has decreased by 53%. ... Bitcoin's value has been on a roller coaster ride in the past two years. In 2018, the cryptocurrency's price plummeted from nearly $19,500 in Februrary to around $3,600 by the end of last year. Over the past year, however, bitcoin's value jumped to more than $12,000 before settling back to about $9,200 today. The volatility seems to be turning potential job seekers off. "For the first time, the number of jobs per million exceeded the number of searches per million," Cavin wrote. It could be reasonable to assume that if bitcoin drops dramatically again, a candidate looking for a blockchain role would run into less competition than they would after a large increase."



Quote for the day:


"The quality of leadership, more than any other single factor, determines the success or failure of an organization." -- Fred Fiedler and Martin Chemers


Daily Tech Digest - November 19, 2019

AI Projects Fail — Here's Why

Image title
We tend to expect that AI systems perform intellectual tasks as well as we do — or better. That’s a reasonable thing to expect since we all know that “AI is outperforming humans at more and more tasks.” It is. It even beat a Go champion. However, our minds are much more flexible than AI systems. Think about recommendations: you meet an interesting person at a startup event. Let’s give him a name: it’s John. John enjoys talking to you and appreciates your knowledge of business and technology - he asks for a recommendation of a book that will help him gain more knowledge about these things too. You quickly run through all the titles in your head. There’s book A, B, C, D, E… OK, John, I’ve got it. You should read (insert title here). How did you know what you should recommend to John? Your brain scanned the information you’ve gathered so far — what John knows, what he was interested in when talking to you, what his style is - to assess which book will be best for him, even though you have no idea about his actual taste in books. You had a feeling he’ll like it, and you might be right. Now, let’s look at an AI system that “meets” John. John enters the website of an online bookstore and he’s instantly welcomed with a list of bestselling books.



Application Security Report: Urgent Need for Remediation

WhiteHat Security isn’t the only organization that has addressed problems with app vulnerability remediation. Their report is the among most recent, but Deloitte, Edgescan and other organizations have made similar revelations. The risks associated with app security issues are too grave to ignore. A report from Positive Technologies found that inadequate web app security was responsible for 75% of network penetrations. Another study published earlier this year found that 46% of websites had high security vulnerabilities, which was largely due to app security flaws. The discovery of app security flaws coincides with a 38% increase in SQL injection attacks. Since many security breaches are caused by security vulnerabilities in web apps, remediation needs to be a top priority moving forward. Organizations need to take a variety of measures to deal with web app security risks. The following findings have been highlighted by multiple independent web security reports, which suggests they warrant the most attention. Security analysis must be performed during the development stage of enterprise applications - Security issues are sometimes introduced during updates or patches after the initial app is released.


Julia VS Python: Can This New Programming Language Unseat The King?

python vs julia
Alan Edelman, Jeff Bezanson, Stefan Karpinski, and Viral Shah started to create Julia in 2009, and they took inspiration from Python. Their objective was to create a programming language for better and faster numerical computing. They launched the 1st version of Julia in February 2019, and it’s an open-source language. Julia caters specifically to scientific computing, machine learning, data mining, and large-scale linear algebra. The language also caters to distributed and parallel computing. The creators of Julia wanted a language as fast as C, moreover, it should be as dynamic as Ruby. They intended that their creation should be as useful for general purpose as Python, however, it should be as useful as R for statistics. The team of 4 lead developers also wanted Julia to have the good features of Perl and MATLAB. Read more about the history of Julia in “Julia | Definition, Programming, History”. Julia has seen plenty of development already. At the time of writing, its stable release is v1.2.0, which was released in August 2019. Despite it being a new language, the usage of Julia is picking up, as you can read in “How a new programming language created by four scientists now used by the world’s biggest companies”.


Best Programming Languages To Build Smart Contracts

A smart contract is a self-executing contract where the terms of the agreement between the buyer and the seller are directly written into lines of code. The code and the agreements are contained therein exist over a distributed, decentralized blockchain network. Smart contracts allow for trusted transactions and agreements to be carried out among anonymous parties without the need for a central entity, external enforcement mechanism, or legal system. This way, the transactions are transparent, irreversible, and traceable. Implementing smart contracts across various blockchains is made possible through Solidity, the high-level object-oriented programming language. ... Solidity was first developed by Gavin Wood, Yoichi Hirai, Christian Reitweissner, and many other core contributors of Ethereum to help develop smart contracts. With the Ethereum blockchain leading the way as a major smart contract platform, many alternative blockchains want to make use of Solidity compatible contracts to run on their networks. Smart contracts that are deployed on the Ethereum network can be easily ported to alternative blockchain networks. 


City scape with superimposed internet of things icons
Increasingly, though, the biggest benefit of edge computing is the ability to process and store data faster, enabling for more efficient real-time applications that are critical to companies. Before edge computing, a smartphone scanning a person’s face for facial recognition would need to run the facial recognition algorithm through a cloud-based service, which would take a lot of time to process. With an edge computing model, the algorithm could run locally on an edge server or gateway, or even on the smartphone itself, given the increasing power of smartphones. Applications such as virtual and augmented reality, self-driving cars, smart cities and even building-automation systems require fast processing and response. “Edge computing has evolved significantly from the days of isolated IT at ROBO [Remote Office Branch Office] locations,” says Kuba Stolarski, a research director at IDC, in the “Worldwide Edge Infrastructure (Compute and Storage) Forecast, 2019-2023” report.



Programming Languages You Should Learn in 2020

languages 2020
Programming languages and computer coding have made life simpler for us. Whether it’s automobiles, banks, home appliances, or hospitals, every aspect of our lives depends on codes. No wonder, coding is one of the core skills required by most well-paying jobs today. Coding skills are especially of value in the IT, data analytics, research, web designing, and engineering segments. So, which programming languages will continue to be in demand in 2020 and beyond? How many languages should you know to pursue your dream career? We will attempt to answer these tricky questions in this post. The ever-growing list of programming languages and protocols can make it tough for programmers and developers to pick any one language that’s most suitable for their jobs or project at hand. Ideally, every programmer should have knowledge of a language that’s close to the system (C, Go, or C++), a language that’s object-oriented (Java or Python), a functional programming language (Scala), and a powerful scripting language (Python and JavaScript). Whether you are aiming at joining a Fortune 500 firm or desire to pursue a work-from-home career in programming, it’s important to know what’s hot in the industry. Here are a few programming languages we recommend for coders who want to make it big in 2020.


Hacking and cyber espionage: The countries that are going to emerge as major threats


"Over the last five years you've seen more and more countries gaining offensive cyber capabilities. You have a lot of different tiers, but none of them are at the level of the big four attackers that we talk about," says Sahar Naumaan, threat intelligence analyst at BAE Systems. "There's a huge number in that second and third tier that are upcoming that haven't got to the level of professionalised level of APT you see from other states: but it's only a matter of time before you see them develop," she says. While they don't sit up there with the most sophisticated hacking groups – at least yet – some of these operations have already emerged onto the world stage. One of these is APT 32, also known as OceanLotus, which is a group working out of Vietnam that appears to work on behalf of the interests of its government. The main target of attacks are foreign diplomats and foreign-owned companies inside Vietnam. Many of these campaigns begin with spear-phishing emails that encourage victims to enable macros to allow the execution of malicious payloads. It's not a sophisticated campaign, but it appears to be doing the job for now – and that's enough.


Space-sourced power could beam electricity where needed

sun in clouds solar
“Developers envision a system that is a constellation of satellites with solar panels, about 10,000-square meters, or about the size of a football field or tennis court,” writes Scott Turner of the Albuquerque Journal. The Air Force Research Laboratory (AFRL), in Albuquerque, along with defense technology company Northrop Grumman have just announced that they plan to spend $100 million dollars developing the hardware, called the Space Solar Power Incremental Demonstrations and Research (SSPIDR) project. Two kinds of solar-panel technology are in common use on land now. Photovoltaic solar panels work by converting energy from the sun into electricity. They don’t have moving parts, so are inexpensive to maintain, unlike turbines. Another kind of solar panel uses mirrors and lenses. They grab, and then concentrate sunlight, producing heat, which then operates steam turbines. “This whole project is building toward wireless power transmission,” Maj. Tim Allen, a manager on the project, told Turner. It will “beam power down when and where we choose.” Precise power beams will automatically track the target that needs the power, too. “We can put them down in specific locations and keep them there,” he says.


13 Practices for Better Code Reviews


As an implementer, if you get a comment to rename a variable but think the suggested names are similar, with no clear difference: accept it. As a reviewer, if you want to suggest a change, but you cannot explain a clear advantage for your suggestion: skip it. You may think, "My solution is as good as my peer's solution. Why should I retreat?" The answer is clear. Your assumption is wrong. What seems equally good to you, may not be true for your teammate. If in your weighting system, the options are equivalent, you are the one who can tolerate it and show flexibility. So do it. Save the debate for the cases that matter to you. ... In comments and comment responses, don’t complain or blame, just append your reasoning if it’s not clear. Commenting can be a hard situation on its own. You are going to disagree with a teammate; you are going to catch a problem in their work. So don’t make it even harder by complaining. When your teammate reads your note, they may not read it with the same tone and strength you intended. If it’s a negative sentence, it’s not a surprise if they read it as a shout in their face or as it was written with total contempt. Emoji icons can help, but it’s difficult to show both seriousness and respectfulness with an emoji!


Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware'


The goal of this new initiative is to build a wireframe for fighting abuse perpetrated with the aid of stalkerware. The coalition plans to operate on multiple fronts to achieve this. It will work with antivirus vendors to improve the detection of known stalkerware apps that are often used by abusers to spy and track their partners. It will also work to develop and share technical guides on how to deal with stalkerware at the level of frontline non-profits that handle victims of domestic abuse. Finally, the coalition hopes that sometime in the future, it will establish partnerships with law enforcement agencies to go after the companies that sell stalkerware apps. In alphabetical order, founding members of the Coalition Against Ransomware include Avira, the Electronic Frontier Foundation, the European Network for the Work with Perpetrators of Domestic Violence (WWP), G DATA CyberDefense, Kaspersky, Malwarebytes, National Network to End Domestic Violence (NNEDV), NortonLifeLock (formerly Symantec), Operation Safe Escape, and the WEISSER RING.



Quote for the day:


"Leaders who won't own failures become failures." -- Orrin Woodward


Daily Tech Digest - November 18, 2019

5 disruptive storage technologies for 2020

big data / data center / server racks / storage / binary code / analytics
Supporting low-latency commands and parallel queues, NVMe is designed to exploit the performance of high-end SSDs. "It not only offers significantly higher performance and lower latencies for existing applications than legacy protocols, but also enables new capabilities for real-time data processing in the data center, cloud and edge environments," says Yan Huang, an assistant professor of business technologies at Carnegie Mellon University's Tepper School of Business. "These capabilities can help businesses stand out from their competition in the big data environment." NVMe is particularly valuable for data-driven businesses, especially those that require real-time data analytics or are built upon emerging technologies. The NVMe protocol is not limited to connecting flash drives; it also can serve as a networking protocol. The arrival of NVMe-oF (NVMe over Fabrics) now allows organizations to create a very high-performance storage network with latencies that rival direct attached storage (DAS). As a result, flash devices can be shared, when needed, among servers.



Book Review: A Leader's Guide to Cybersecurity

The authors note that certain standards may indicate what is not compliant but do not provide guidance on how to move the item into compliance. Otherwise, they observed the common state that many organizations are "perennially noncompliant with corporate standards." In one example used, a breach of Singhealth, the book lays out a series of occurrences where auditors gave a clean bill of compliance but the organization was compromised. While a no-finding audit may seem desirable to many at the time, these often simply shift costs forward: the audit was paid for, a breach happened, and the breach incurs significant cost. Post-breach, many organizations must patch the root cause plus anything else that was harmed after attackers made their beach-head, then the organization must deal with any regulatory/financial fall-out based on the type of data lost. Those previous clean audits offer no assistance in the aftermath, as they have been proven deficient.


Inside the Microsoft team tracking the world’s most dangerous hackers


Cyber threat intelligence is the discipline of tracking adversaries, following bread crumbs, and producing intelligence you can use to help your team and make the other side’s life harder. To achieve that, the five-year-old MSTIC team includes former spies and government intelligence operators whose experience at places like Fort Meade, home to the National Security Agency and US Cyber Command, translates immediately to their roles at Microsoft.  MSTIC names dozens of threats, but the geopolitics are complicated: China and the United States, two of the most significant players in cyberspace and the two biggest economies on earth, are virtually never called out the way countries like Iran, Russia, and North Korea frequently are. “Our team uses the data, connects the dots, tells the story, tracks the actor and their behaviors,” says Jeremy Dallman, a director of strategic programs and partnerships at MSTIC. “They’re hunting the actors—where they’re moving, what they’re planning next, who they are targeting—and getting ahead of that.”


explainable AI artificial intelligence
While it may seem trivial, the conflict here is a fundamental one in approaches to artificial intelligence. Namely, how far can you get with mere statistical associations between huge sets of data, and how much do you need to introduce abstract concepts for real intelligence to arise? At one end of the spectrum, Good Old-Fashioned AI or GOFAI dreamed up machines that would be entirely based on symbolic logic. The machine would be hard-coded with the concept of a dog, a flower, cars, and so forth, alongside all of the symbolic “rules” which we internalize, allowing us to distinguish between dogs, flowers, and cars.  Such a system would be able to explain itself, because it would deal in high-level, human-understandable concepts. The equation is closer to: “ball” + “stitches” + “white” = “baseball”, rather than a set of millions of numbers linking various pathways together. There are elements of GOFAI in Google’s new approach to explaining its image recognition: the new algorithm can recognize objects based on the sub-objects they contain.



The recent demand for low-code development comes from a desire to modernise IT environments quickly without taking a rip-and-replace approach, says Scheurman. “The push from the business on software development is to do things fast. They also want to automate. That is why I think low-code and robotic process automation (RPA) are part of a continuous spectrum.” Nick Ford, vice-president of product and solution marketing at low-code supplier Mendix, agrees that the hidden benefit of low-code is meeting user needs. “What often happens is there is an impetus for an idea – a new insurance product, for example,” he says. “That might be built as a prototype by a subject-matter expert who creates the data model on-screen in low-code, but over time that is fleshed out and made production-ready, including integration with back-office systems, by a developer collaborating on the same model. It is not waterfall – they have different windows into the model to do different things.”


Crossword Cybersecurity launches new family of ML based security ...

Many of today’s security and fraud problems occur within applications and are difficult, if not impossible, to detect externally to the applications. For example, if a fraudster has obtained a user’s login details via a credential attack, their access to the site while logging in can appear normal – but once inside the site, can start to behave maliciously. Nixer CyberML allows development teams to rapidly add machine learning based detection to online applications (online banking, ecommerce systems, ticket sites, critical business apps, etc.) that can learn to accurately distinguish between good and bad user behaviour. This initial release designed for developers, includes the Nixer CyberML architecture, code libraries for Spring framework based applications, and a local Nixer CyberML Engine designed to help with credential protection functionality. The Nixer CyberML Engine, stores and processes anonymous application event data, and contains the machine learning algorithms which determine whether events are normal or potentially malicious.


This 5G ambulance could be the future of emergency healthcare

nhs-1.jpg
Combined with real-time feeds of the patient's ultrasound scans, this lets the clinician recognise vital signs and decide whether a hospital intervention is needed, or if the wound can be managed directly in the vehicle. "To improve the efficiency of healthcare, we need to understand that not everyone needs to come to the hospital," said Clutton-Block. "With this technology, we can decide a lot better whether a wound should be healed on the spot, or if it requires further assistance." If the patient needs to be operated, he added, the clinician can make sure that the hospital has surgeons ready as soon as the ambulance pulls in. It is slightly premature, however, to expect to see smart ambulances driving around every city corner anytime soon. Clutton-Block explained that, contrary to preconceptions, this is not because the technology is too immature: "Actually, I don't think the technology is very difficult," he laughed. "And compared to some hospital equipment, which can reach hundreds of thousands of pounds, a VR headset isn't very expensive either."


How to collaborate better by collaborating less

With fewer (but higher-quality) collaborative projects, the team needed fewer meetings. Fewer meetings meant less time developing agendas and building presentations and fewer invitations clogging already packed in-boxes. The best part? The meetings that they did have felt essential and relevant to everyone attending them, meaning they did better work. The M&M’s retail leadership team became better collaborators by collaborating less. Less collaboration cleared the calendar and mental space that allowed them to dig deeper for higher-quality work. The impact wasn’t only in dollars (though the business was more profitable than it had been in years.) Their engagement scores went up because employees were doing more meaningful collective work. It might seem counterintuitive to think about how you can collaborate less. But when you collaborate in projects that truly matter the most, you’ll get much better results. Sure, you could opt for hypercollaboration, and maybe you can’t undo all the apps already put in place for it.


Digital Realty jumps into interconnection business

digital transformation /finger tap causes waves of interconnected digital ripples
PlatformDIGITAL is intended to provide a foundation for customers to address the need for global coverage, capacity, and ecosystem connectivity from a single data center provider; tailor infrastructure deployments and controls matched to business needs; operate deployments as a seamless extension of any global infrastructure; and enable global distributed workflows at centers of data exchange to remove data gravity barriers and scale digital business. Digital Realty's PDx approach was developed by enterprise IT practitioners and was created by codifying hundreds of product deployment combinations into repeatable implementation patterns. The goal is to allow customers to quickly deploy enterprise infrastructure and to scale their digital businesses globally.  It’s a similar interconnection strategy to that of DRT’s chief rival Equinix, but slightly different, notes David Cappuccio, distinguished analyst with Gartner. “This is a move by Digital Realty to compete on a global scale with Equinix. They have 220+ sites and have interconnected them all, similar to Equinix. But rather than focusing on the interconnection strategy and being the infrastructure glue for global enterprises like Equinix, they are focusing on the data part, with the idea that as you move applications or workloads closer to the customer, or a specific geo to solve location or compliance issues, you are also moving data.


AI is here to make you work smarter, not harder

Although it might at first sound counterintuitive, AI enables marketers to create highly personalised consumer experiences. It does so by offering a deeper understanding of the consumer, particularly when it comes to how they perceive and interact with the company and brand. By analysing input such as social media activity, marketers can harness real-time data to see what is being said about their brand and specific marketing campaigns, and then use this information to modify the messaging to achieve maximum effectiveness. Data-driven AI solutions are also a massive aid when it comes to creating personalised marketing campaigns that gets the right message across to the right people.  Previous data that was available to marketers was typically made up of demographic data such as age, location and gender. Now, there’s an abundance of much more informative data that is readily available to capture and analyse, including customers' past and present behavioural patterns and previous interactions between the two parties. Just think how much time it would take a small team to capture and analyse each consumer interaction!



Quote for the day:


"People seldom improve when they have no other model but themselves." -- Oliver Goldsmith


Daily Tech Digest - November 17, 2019

How banks and fintechs can balance security, safety and convenience


Craig Schleicher, who heads innovation for City National Bank in California, said he thinks the industry will see more automation in security. "As we move toward a lot more transactions being automated with triggers, we're going to see an evolution from card controls to much more dynamic and robust controls around individual transactions and what you permit without a human in the loop and what you don't. It's going to be a fun space to see evolve," he said. Schleicher said the concept of a financial institution's fiduciary relationship — doing everything in the best interest of the client — can be applied to how banks can help customers manage their identity. "We're seeing a lot of appetite for value-add services around identity theft protection and dark web monitoring," he said. "Some of these services started out with preventing financial fraud, but are now looking to protect their clients in other ways." Jig Patel, chief innovation officer for Fiserv's digital banking group, said it's imperative that fintechs and banks forge partnerships to combat security threats.


Image 11
Angular and React have many similarities and many differences. Angular is an MVC framework and structures the application very well, but you have less flexibility. React only provides the “view” in MVC – you need to solve the M and C on your own. Due to this, you can choose any of your own libraries as you see fit. Both React and Angular are component based. A component receives an input, and returns a rendered UI template as output. React’s use of a virtual DOM is to make it so fast. A virtual DOM only looks at the differences between the previous and current HTML and changes the part that is required to be updated. Angular uses a regular DOM. This will update the entire tree structure of HTML tags until it reaches the user’s age. React decided to combine UI templates and inline JavaScript/Typescript logic, which no company had ever done before. The result is called “JSX”(javascript) or “TSX” (typescript). JSX/TSX is a big advantage for development, because you have everything in one place, and code completion and compile-time checks work better.


Enterprise Architecture Alignment for the Intelligent Enterprise


In many ways, disruptive technologies are like a travel adventure – a journey beyond “business as usual” to “business unusual and unexplored.” These technologies offer opportunities to go back to basics, reimagine processes in the context of today’s realities, and recreate satisfying customer and employee experiences. Silently and gradually, disruptive technologies – such as the Internet of Things (IoT), cloud platforms, analytics, robotic process automation (RPA), artificial intelligence (AI), and machine learning – have made it to the list of must-have technologies for most progressive and innovative organizations. With the cost of devices and storage falling, the variety of available protocols and technologies is deep, and the pool of experts is growing. However, the journey from initial experimentation to full deployment of disruptive solutions requires the ability to deal with the uncertainties of a complex enterprise application landscape.


How to Use Redis TimeSeries with Grafana for Real-time Analytics


Time-series data is broadly defined as a series of data stored in time order. Examples of time-series data can range from stock prices over a period of many years to CPU performance metrics from the past few hours. Time-series data is widely used across many industry verticals. It has carved out its own category of databases, because relational, document-oriented and streaming databases do not fulfill the needs of this particular type of data. ... A typical time-series database is usually built to only manage time-series data so one of the challenges it faces is with use cases that involve some sort of computation on top of time-series data. An example would be capturing a live video feed in a time-series database. If you were to apply some sort of an AI model for face recognition, you would have to extract the time-series data, apply some sort of data transformation and then do computation. This is not ideal for a real-time use case. Multi-model databases that also manage other data models solve for these use cases where multiple data models can be manipulated in place.



According to Forbes, with time the trust factor in the capabilities of blockchain is expected to rise. The real impact of a distributed ledger is still under speculation, but given the spurt of applications already crowding the markets, it is only a matter of time before blockchain penetrates every industry sector. This universality of blockchain can be compared to “all things digital,” which Gartner predicted in 2017, and within two years that prediction turned into a formidable reality. Something that could reduce the growth period for blockchain is the existing transactional-integrity features of cryptocurrency. In near future, critical data will reside on distributed data stores — combining on-premise, cloud, and remote facilities — and blockchain will emerge as a savior for transactional integrity. According to J. Christopher Giancarlo, Chairman of U.S. Commodity Futures Trading Commission, free markets foster “creativity and economic expression to promote human growth and advancement.” This assertion comes from the belief that “sustained prosperity” is a natural byproduct of “open and competitive markets, free of political interference, combined with free enterprise, personal choice, voluntary exchange and legal protection of person and property.”


The Enterprise Architecture Versus Business Architecture Vs Business Design ...

The mission of the Architecture of the Enterprise remains crucial though. It has to integrate all disparate views and diagrams in the enterprise in one enterprise blueprint. Hence, the IT Enterprise and Business Architectures approaches need to be properly merged/ linked though so that they can deliver the entire blueprint of the enterprise. In addition, the enterprise level architects should also consider integrating all enterprise level activities that deliver process modelling, quality processes and products, non-IT schematics and engineering disciplines that ensure the trimming of the operation by measuring and adjusting the processes, and provide security, availability and scaling of the enterprise.  To sum up, the top Architect of the Enterprise should operate higher up in the enterprise hierarchy to cover the business architecture and integrate it with the technology and people architecture. This architect should ensure that it is the full blueprint of the enterprise that it is delivered rather than the IT blueprint or solutions. The architect should make sure that the audience is the whole enterprise rather than IT.


Security in the supply chain – a post-GDPR approach


The crux of the issue is this: although the GDPR sets out requirements relating to security – appropriate technical and organisational measures – it is not very prescriptive. The text is inherently legalistic and businesses are often left wondering how to apply the requirements. So, while a processor may be required to comply with the legal requirements, the processor’s view of what technical and organisational security measures are appropriate may differ from the controller’s own views. Likewise, where processors perform commoditised processing activities, they may not have sufficient knowledge of the personal data and how the controller uses it to assess the risks adequately. ... Clearly, if a processor is responsible for a security failure in breach of the GDPR, then the processor will have direct responsibility under the regulation. 


Generate TypeScript Client API for ASP.NET Web API

If you have ever developed SOAP base Web services using WCF, you might have enjoyed using the client API codes generated by SvcUtil.exe or Web Service References of Visual Studio IDE. When moving to Web API, I felt that I had got back to the Stone Age, since I had to do a lot of data type checking at design time using my precious brain power while computers should have done the job. I had developed some RESTful Web services on top of IHttpHandler/IHttpModule in 2010 for some Web services that did not handle strongly typed data but arbitrary data like documents and streams. However, I have been getting more Web projects with complex business logic and data types, and I would utilize highly abstraction and semantic data types throughout SDLC. I see that ASP.NET Web API does support highly abstraction and strongly typed function prototypes through class ApiController, and ASP.NET MVC framework optionally provides nicely generated Help Page describing the API functions.


Can Data Security And Employee Privacy Coexist In A BYOD Enterprise?

uncaptioned
The enterprise security perimeter has all but dissolved, and business apps and data are increasingly dispersed across devices and networks that companies don’t own or control. Cybercriminals have jumped on this widespread disruption to take advantage of security gaps to launch all kinds of attacks, such as phishing, man-in-the-middle, device takeovers and more. In the past, security professionals were able to lock everything down behind a firewall, but now we can’t put the genie back in the bottle. Enterprise mobility is here to stay, and it’s up to every CIO to figure out how to make enterprise data and user privacy securely coexist on employee-owned devices. We need to address these challenges head-on because enterprise mobility and BYOD trends will only continue to expand rapidly around the globe. Worldwide, the BYOD and enterprise mobility market is projected to grow by $84 billion, driven by a compounded growth of 16.3%. So while it’s clear that mobile enterprise users aren’t going back to their old PC workstations any time soon, enterprise security strategies must catch up to the rapid evolution of modern mobility ASAP.


Proof Of Work Doesn't Solve Every Blockchain Use Case

Proof-of-Work Doesn’t Solve Every Blockchain Use Case
What is Bitcoin? A question with many answers. Digital gold, magic internet money, a hedge against macro risk, tulip mania? One thing is for certain, Bitcoin found a product–market fit as a new form of money owned by the people. The Bitcoin brand is well known around the globe, the userbase is growing fast, and it continues to attract developers to the ecosystem. However, Bitcoin is not a panacea. When Satoshi first launched Bitcoin, he made design choices that were optimal for becoming a hard money with a limited attack surface at the cost of base-layer scalability and an expressive scripting language. One of those major choices was to implement a distributed proof-of-work (PoW) system to form network consensus. In other words, Bitcoin is great at being money but not very good at all the other potential use cases for a blockchain. The lesson here is that design choices come with tradeoffs, and Bitcoin has already cemented its path. This leaves room open for alternative blockchain architectures to capture value in a different market — such as supply chain management, enterprise software, social media, voting, prediction markets and more.



Quote for the day:


"Ninety percent of leadership is the ability to communicate something people want." -- Dianne Feinstein


Daily Tech Digest - November 16, 2019

Facebook machine learning aims to modify faces, hands and… outfits

Facebook Facial Recognition
Deepfakes use a carefully cultivated understanding of the face’s features and landmarks to map one person’s expressions and movements onto a completely different face. The Facebook team used the same features and landmarks, but instead uses them to tweak the face just enough that it’s no longer recognizable to facial recognition engines. This could allow someone who, for whatever reason, wants to appear on video but not be recognized publicly to do so without something as clunky as a mask or completely fabricated face. Instead, they’d look a bit like themselves, but with slightly wider-set eyes, a thinner mouth, higher forehead and so on. The system they created appears to work well, but would of course require some optimization before it can be deployed as a product. But one can imagine how useful such a thing might be, either for those at risk of retribution from political oppressors or more garden variety privacy preferences. In virtual spaces it can be difficult to recognize someone at all — partly because of the lack of nonverbal cues we perceive constantly in real life.



Cybersecurity is heading into a recruitment crisis: Here's how we fix the problem


Part of the problem is how people get into cybersecurity. Only 42% of the security professionals in the survey started out working in the field. There are few university degrees in cybersecurity, and there isn't an A-level or GCSE in security. There are plenty of certifications (not least the CISSP program (ISC)2 runs) and almost half of the organizations in the survey are increasing their training budget for security - but cross-training existing staff isn't going to fill the whole gap. And to get people interested in gaining a certification, they have to know that it's a viable career in the first place. "When you choose what you're going to do in your life, you probably make your choice when you choose your university and your course, and even the first year of university may be too late [to reach people]," says (ISC)2 board member Biljana Cerin. "I think we need to give high school students a bit more information about the field and the different aspects of it." There are plenty of bootcamps and campaigns to encourage children (and adults who want to switch into a technology job) to go into coding; there are far fewer teaching IT administration or security.


Cybersecurity remains the top concern for middle market companies


"The middle market is low hanging fruit for attackers," said Brad LaPorte, senior director analyst of end security and threat intelligence at Gartner. "They often do not have the budget, skillset, or ability to implement proper security best practices."  Nearly half of organizations (47%) said they believe risk in their industry will increase in the next year, and almost the same number (48%) said they believe risk for their company will also grow, the report found. Cybersecurity remains the most challenged risk to manage for companies. In Q2, 47% of organizations rated cybersecurity as their top concern, and the trend followed in Q3, with cybersecurity taking the top spot at 46%, according to the report. "Midmarket enterprises have the same security concerns as larger enterprises," said Paul Furtado, senior director analyst at Gartner. ... However, stakeholders for middle market organizations are recognizing these issues and investing in proper security tools; and those that haven't, should, he said. Beneficial investments include cybersecurity awareness training, insider threat mitigation, cloud security, improved authentication, and managed security providers (MSSP) or managed detection response (MDR), Furtado said.


Could AI’s next chapter bring design of feeling machines?

New research paper from Kingson Man and Antonio Damasio at Brain and Creativity Institute, University of Southern California, Los Angeles, looks into robots with feeling. Feelings are a mental expression of the state of life in the body and play a critical role in regulating behavior. “Our goal here is to inquire about conditions,” said the authors, “that would potentially allow machines to care about what they do or think.” Jan Cortes in Medical Daily: “The gist is simple: Simply build a robot that would have the ability to be aware of its existence, and the perils of it… a modern A.I. brain could easily develop feelings and behavior that will help guide it to self-preservation and survival.” “Even if they would never achieve full-blown inner experience in the human sense,” said the authors about the robots, “their properly motivated behaviour would result in expanded intelligence and better-behaved autonomy.”


The Time To Tackle Cybersecurity In Self-Driving Cars Is Now


Futurists and experts predict that if self-driving cars become widely adopted by the public, the vehicle itself will transform into something of an entertainment or leisure zone. Parents could watch animated films with their children on long drives. Executives could conduct presentations and hold conference calls en route to their destination. And if passengers traveling from out-of-town forgot to pack their razor or toothpaste, some casual online shopping from the vehicle's network will ensure that new grooming and hygiene products await them when arrive at their hotel. For every instance of digital convenience a self-driving car may provide, there is an equal or greater cybersecurity risk associated with it. Hackers could manipulate a vehicle's AV system and disable screens or potentially stream malicious content. There may be an anonymous, unidentified viewer or eavesdropper on the executive's call taking note of confidential information, while also gaining access to other participants' computer systems and networks outside of the car.


5G Industrial Automation Isn't Right Around the Corner

Bosch is a leader in factory automation.
(Image source: Bosch)
"It is not enough if just industrial automation companies get together and discuss this because we are not necessarily the 5G experts," said Bosch's Andreas Mueller, who serves as chairman of 5G-ACIA, in explaining the purpose of the association. "It's hard to say what the infrastructure will be capable of. It's hard to say what the network operators will do. So that's why... we have to reach out to all these other stakeholders as well." The group counts almost 60 members spanning manufacturers, network operators, radio equipment vendors, chipmakers, module makers and test equipment vendors. "We are very much interested in attracting more companies," said Mueller. "We want to attract end users." End users of 5G industrial automation solutions are the big prize for the companies that are investing in and testing these new technologies. But so far, none of them have launched live production lines using 5G. Even at Bosch's own factories, the 5G trials run parallel to the live production lines, but are not responsible for actual manufactured deliverables. In the future, Mueller hopes to see Bosch and many other companies using 5G to connect mobile control panels that can instantaneously start and stop factory machines.


Intel Capital Invests In Innovation To Improve Cybersecurity For Everyone

circuit board
Intel has put in a fair amount of effort in an attempt to fully bake cybersecurity into its technology strategy. The acquisition, integration, and eventual spinoff of McAfee played a central role in recent years and demonstrated that the road is not necessarily easy. Intel is still focused on improving cybersecurity, though, and has made a decision to disregard business as usual and try a different approach. Now, they’re focused on cybersecurity and will continue to invest in the industry. ... Kurkure explained to me that the Intel Capital investment philosophy around cybersecurity is to partner with innovative companies that can integrate and work with Intel to create a more holistic approach to cybersecurity. As opposed to the acquisition path Intel pursued with McAfee, the new strategy is to invest in companies that provide some synergy and that can collaborate with Intel—and with each other—in a way where the sum is hopefully greater than its parts. With Duality in particular, Kurkure stressed the importance of the privacy space right now.


Google Chrome experiment crashes browser tabs, impacts companies worldwide

Chrome logo
According to hundreds of reports, users said that Chrome tabs were going blank, all of a sudden, in what's called a "White Screen of Death" (WSOD) error. The issue was no joke. System administrators at many companies reported that hundreds and thousands of employees couldn't use Chrome to access the internet, as the active browser tab kept going blank while working. In tightly controlled enterprise environments, many employees didn't have the option to change browsers and were left unable to do their jobs. Similarly, system administrators couldn't just replace Chrome with another browser right away. "This has had a huge impact for all our Call Center agents and not being able to chat with our members," someone with a Costco email address said in a bug report. "We spent the last day and a half trying to figure this out." "Our organization with multiple large retail brands had 1000 call center agents and many IT people affected for 2 days. This had a very large financial impact," said another user.


Make people, not tools, the focus of DevOps initiatives


What differentiates high-performers from less-productive teams? It all starts with a dedicated approach to upskilling team members, Groll said, which can include online resources and other techniques. "Companies that have really adopted a digital approach, an immersive learning approach, are much more successful." There are several ways for organizations to establish community structures to promote learning, both to identify common internal struggles and be more resilient to personnel or product changes. According to Accelerate, more than half of elite performers use communities of practice -- small groups of voluntary practitioners -- which was a common thread among attendees at the conference, as well. The report also named bottom-up DevOps initiatives and proofs of concept as common elements among elite performers -- those who nailed DevOps.


3 Reasons to Do a 'Proof of Concept' With MDR Providers

Every security vendor promises the moon in their marketing materials. As a small organization, we need to be confident that any tool we buy will do what we need it to do in our environment. The only way to do that is to kick the tires. PowerPoint presentations and demos are a helpful starting point. But just like buying a new car, you need to take technology for a test drive. Otherwise, you risk wasting time and money, not to mention your own reputation. A POC won't answer every possible question about a piece of technology or a service provider. But a provider's willingness to engage with you - and the way they engage with you - will help you learn a great deal about what your relationship will be like once the ink on the contract is dry. One of the most surprising things I found as we evaluated managed detection and response providers was how few of them would even agree to do a POC. When vendors refused, I could only conclude that our business wasn't a good fit for them or they couldn't back up their marketing claims. Ultimately, we selected Expel.



Quote for the day:


"Your greatest area of leadership often comes out of your greatest area of pain and weakness." -- Wayde Goodall