Daily Tech Digest - February 24, 2022

Yann LeCun: AI Doesn​’t Need Our Supervision

Self-supervised learning (SSL) allows us to train a system to learn good representation of the inputs in a task-independent way. Because SSL training uses unlabeled data, we can use very large training sets, and get the system to learn more robust and more complete representations of the inputs. It then takes a small amount of labeled data to get good performance on any supervised task. This greatly reduces the necessary amount of labeled data [endemic to] pure supervised learning, and makes the system more robust, and more able to handle inputs that are different from the labeled training samples. It also sometimes reduces the sensitivity of the system to bias in the data—an improvement about which we’ll share more of our insights in research to be made public in the coming weeks. What’s happening now in practical AI systems is that we are moving toward larger architectures that are pretrained with SSL on large amounts of unlabeled data. These can be used for a wide variety of tasks. For example, Meta AI now has language-translation systems that can handle a couple hundred languages.

Leading from the top to create a resilient organisation

In the rush to keep operations going, many businesses made quick decisions and often, adopted the wrong services for their organisation. Our own research found that over half (53%) of UK IT decision makers believe they made unnecessary tech investments during the Covid-19 pandemic, and by speeding up or ignoring their original strategy, have hindered their long term resilience. One thing almost all businesses have recognised throughout the pandemic, is that their people are the most critical and limiting factor to their business. Employee time is valuable and by not having technology that supports them in their role, productivity will drop, and employees may become an internal threat in terms of cyber security. If businesses acknowledge that hybrid is the new normal, and their people should be the priority, they can go some way to understand how IT moves from an expense to adding value. Although most of this has stemmed from a pandemic no one could have predicted, businesses and their leaders must now make sure they haven’t created the perfect storm of a distributed, disconnected workforce that is at risk of service outages.

Details of NSA-linked Bvp47 Linux backdoor shared by researchers

The attacks employing the Bvp47 backdoor are dubbed as 'Operation Telescreen' by Pangu Lab. A telescreen was a device envisioned by George Orwell in his novel 1984 that enabled the state to remotely monitor others to control them. According to Pangu Lab researchers, the malicious code of Bvp47 was developed to give operators long-term control over compromised machines. 'The tool is well-designed, powerful, and widely adapted. Its network attack capability equipped by 0-day vulnerabilities was unstoppable, and its data acquisition under covert control was with little effort,' they said. Complex code, Linux multi-version platform adaption, segment encryption and decryption and extensive rootkit anti-tracking mechanisms are all part of Bvp47's implementation. It also features an advanced BPF engine, which is employed in advanced covert channels, as well as a communication encryption and decryption procedure. The researchers say the attribution to the Equation Group is based on the fact the sample code shows similarities with exploits contained in the encrypted archive file 'eqgrp-auction-file.tar.xz.gpg' which was posted by the Shadow Brokers after the failed auction in 2016.

Cloud computing vs fog computing vs edge computing: The future of IoT

Cloud computing is the process of delivering on-demand services or resources over the internet that allows users to gain seamless access to resources from remote locations without expending any additional time, cost or workforce. Switching from building in-house data centres to cloud computing helps the company reduce its investment and maintenance costs considerably. ... Fog computing is a type of computing architecture that utilises a series of nodes to receive and process data from IoT devices in real-time. It is a decentralised infrastructure that provides access to the entry points of various service providers to compute, store, transmit and process data over a networking area. This method significantly improves the efficiency of the process as the time utilised in the transmission and processing of data is reduced. In addition, the implementation of protocol gateways ensures that the data is secure. ... Cloud or fog data prove to be unreliable when dealing with applications that require instantaneous responses with tightly managed latency. Edge computing deals with processing persistent data situated near the data source in a region considered the ‘edge’ of the apparatus.

Data Unions Offer a New Model for User Data

One of the promises of a decentralized Web3 is the notion that as users we can all own our data. This is in contrast to Web 2.0, where the prevailing view is that we the users and our data are the product being exploited for financial gain by large centralized organizations. A data union is a scalable way to collect real-time data from individuals and package that data for sale, in a way that is mutually agreeable to both the data source and the packaging application. Much like workers joining a union in real life to rally around a common set of goals, data unions allow individuals to join these unions to aggregate data in a controlled way, complete with the ability to vote on how and where the data is used, through DAO (decentralized autonomous organization) governance. For users, one challenge to the idea of controlling your data is finding an interested buyer. Few data consumers want to go through the hassle of acquiring data from one individual at a time. Data unions solve this by aggregating data from a set of users who opt-in. 

How to protect your Kubernetes infrastructure from the Argo CD vulnerability

In terms of the impact of this vulnerability, Apiiro has determined the following (so far). Note that the following information was from Apiiro’s website at the time of the announcement and may be subject to change. Please refer to Apiiro’s website for the latest information. Here’s what we know about the vulnerability and what it could enable an attacker: The attacker can read and exfiltrate secrets, tokens, and other sensitive information residing on other applications; The attacker can “move laterally” from their application to another application’s data. The risk was given a severity rating of high given that the malicious Helm chart could potentially expose sensitive information stored on a Git repository and also “roam” through applications allowing attackers to read secrets, tokens, and sensitive data that reside within the applications. The team behind Argo CD quickly provided a patch that impacted organizations should apply as soon as possible as the vulnerability affects all versions of the tool. The patch is available via Argo CD’s GitHub repository.

Understanding your automation journey

In order to achieve shorter-term automation goals, businesses need to evaluate their existing automation needs and ask a few key questions. Are they seeking to automate mundane tasks to increase personal productivity, such as processing emails, setting up notifications or organising files? Personal productivity automation is employee-driven and used to tackle multiple tasks for productivity gains at the individual level. Are they seeking to streamline business processes, such as processing a high volume of invoices or moving data from one system to another? Business process automation (BPA) is also employee-driven but it streamlines business processes to deliver efficiencies and productivity gains across users and departments. Automation might also be an ongoing project, often referred to as an automation Centre of Excellence (CoE), which focuses on intricate, enterprise-wide automation and orchestration. CoE-driven automation is fairly complicated and has a significant influence on automating connected processes.

Going Digital in the Middle of a Pandemic

Independent work-streams allowed them to work in parallel. Does that mean we did not have any dependencies? Not really. We had a stand-up which we called as Scrum of Scrum, conducted daily, with participation from each development team, with focus on dependencies and impediment resolution during the iteration. Given the nature of program and diverse set of stakeholders, we decided to conduct consolidated program iteration planning and showcase events. Development teams would conduct their planning meetings individually. And join this program meeting to share summary of key features taken up in the iteration, and the sprint goal. Lastly, to provide stakeholders a view of how we were progressing against defined release milestones, we tracked progress against iteration goals vis-à-vis release objectives. A release was defined as a set of features required to board users from a specific Geography. We provided a one-page weekly/fortnightly program summary to senior CIO leadership and program stakeholders, with data from ALM tool, along with any blockers & issues that needed executive leadership support.

Cyber Insurance's Battle With Cyberwarfare: An IW Special Report

While the clauses were issued in the company’s marketing association bulletin and allowed individual underwriters flexibility in applying them to individual policies, they were widely interpreted as signifying a shift toward non-coverage. All of Lloyd’s cyber policies are expected to include some variation of these clauses going forward. Lloyd's of London's definition of cyberwar broadly includes “cyber operations between states which are not excluded by the definition of war, cyber war or cyber operations which have a major detrimental impact on a state.” Formal attribution is not necessary for exclusion, an important caveat that would allow for broad latitude in making determinations of whether a given event is actually cyberwar or not. “I think you're going to see a lot more of that, unless there is legislation that comes out that more specifically defines cyberwar. I don't think we're really seeing it at this point,” notes Adrian Mak, CEO of AdvisorSmith. The language in the individual contracts is “what is driving the coverage at this point. And also, interpretation of that [language].”

Digital transformation: Do's and don'ts for IT leaders to succeed

Fear is a natural reaction when we enter uncharted territory. Moreover, the digital transformation journey also requires skill, patience, and a huge financial investment, which adds an extra level of anxiety. Many leaders are uncertain about investing resources into an initiative that they are unsure of, even if there are plenty of stats available to back it up. If you are feeling uncomfortable, try to focus your energy toward embracing your digital transformation initiative and giving it everything it needs to succeed. Remind yourself that in time, you will witness the positive results of your efforts and even scale your business’s revenue. Every enterprise and organization must eventually make digitalization a strategic cornerstone to remain competitive and better serve their constituents. If convenience, scalability, and security are among your business priorities, implementing a thoughtful digital transformation initiative is essential.

---

Quote for the day:

"Absolute identity with one's cause is the first and great condition of successful leadership." -- Woodrow Wilson

---

Daily Tech Digest - May 27, 2019

No cloud required: Why AI’s future is at the edge

More compact and capable software is paving the way for AI at the edge as well. Google LLC, for instance debuted its TensorFlow Lite machine learning library for mobile devices in late 2017, enabling the potential for smart cameras to can identify wildlife or imaging devices to can make medical diagnoses even where there’s no internet connection. Some 2 billion mobile now have TensorFlow Lite deployed on them, Google staff research engineer Pete Warden said at a keynote presentation at the Embedded Vision Summit. And in March, Google rolled out an on-device speech recognizer to power speech input in Gboard, Google’s virtual keyboard app. The automatic speech recognition transcription algorithm is now down to 80 megabytes so it can run on the Arm Ltd. A-series chip inside a typical Pixel phone, and that means it works offline so there’s no network latency or spottiness. Not least, rapidly rising privacy concerns about data traversing the cloud means there’s also a regulatory reason to avoid moving data off the devices. “Virtually all the machine learning processing will be done on the device,” said Bier

DDoS: a weapon of mass disruption

The five most commonly used in attacks were the Domain Name System (DNS) protocol, the Network Time Protocol (NTP) based weapons, the Simple Service Discovery Protocol (SSDP), Simple Network Management Protocol (SNMP) and the Trivial File Transfer Protocol (TFTP), this last of which is a new entrant into the top five. So, as new protocols are being highlighted as the source of DDoS weapons, and the total number of attacks looks set to grow, what security measures can be taken? Cybersecurity companies compile millions-strong inventories of DDoS weapons, allowing blacklisted IP addresses to be blocked. Shin says that A10 Networks can create up to 96 million entries in a blacklist. “If you can get ahead and identify them, we can use this as a strategy to prevent DDoS attacks,” says Shin. A10 Networks and its partners use several approaches, including tracking bot-herders, analysing forensic data, scanning the internet for weapons signatures and tapping networks. Shin says it is important to have an “actionable defence”.

U.S. Airports Will Use AI To Scan 97% Of Passengers' Faces Within 4 Years

The AI system has already been placed in 15 airports across the U.S. It has currently been tested on more than 15,000 flights and identified over 7,000 travelers who overstayed their visas. CBP calculates that 666,582 passengers who arrived by plane or boat overstayed visas in fiscal 2018. The main goal of the airport scans is to catch those who have overstayed their visas. For the past few years, overstayers have represented a majority of undocumented immigrants, larger than those who enter the country illegally. However, not everyone is thrilled about this venture. Critics argue that this use of AI is an invasion of privacy and it could be of concern how this information could be used outside the airport. With access to facial recognition from many people, it could be used by hackers or given to law enforcement and used unlawfully. The documents released by President Trump explicitly said there were no limits on how partnering airlines can use this facial recognition data. CBP did not answer specific questions about whether there are any guidelines for how other technology companies involved in processing the data can potentially also use it.

VMware talks up multi-cloud era, need to transform security

"How do you make 250 security products work [together]? It's insanity," Gelsinger quipped, noting that 80 percent of security budgets were being spent on detection and response, as opposed to prevention. He called for the need to help lower enterprises' attack surface and build the underlying infrastructure to prevent security incidents from happening in the first place.  Again, VMware was looking to provide the tools to help simplify this and enable its customers to better manage their security requirements. Last August, the vendor introduced VMware Secure State to automate configuration security and compliance monitoring in native cloud environments.  Rima Olinger, AWS's global alliance lead, also spoke at the forum to pitch the cloud platform's partnership with VMware Cloud, which she said had been adopted by enterprises across various sectors including financial services and healthcare.  VMware Cloud on AWS recently launched in Singapore and also was available in Sydney and Tokyo, according to Olinger.

Top 10 Cybersecurity Risks For 2019

Unfortunately, Cloud storage is susceptible to abuse. A large risk factor is that Infrastructure as a Service (IaaS), which is responsible for functionality, has no secure registration process. What does that imply? Provided you have a credit card, you have the key to signing up and using the cloud as soon as you are done. The simplicity, in turn, makes the cloud vulnerable to spam mails, criminals, and other malicious attacks. To mitigate the situation, it is advisable that cloud service providers develop authentication and registration processes. Additionally, they should have a way of monitoring credit card transactions. A thorough evaluation of network traffic is also crucial in eliminating cyber abuse. ... Shadow IT is software used within an organization, but not supported by the company’s central IT system. What causes a breach in shadow IT is the fact that the risk of data loss does not receive much attention when it comes to data backups. More so, there is no control over who gets to access the data. Also, the backup and recovery processes have no one to monitor.

CMO & CIO Collaboration- Integrating The Best Of C-Suite Management

To achieve new pinnacles of customer delight, the CMOs and CIOs know that it’s time for the collaboration. Mature collaborations follow similar paths of evolution, transitioning from a role-specific focus to broader internal partnerships to integrated teams. As the data grows in an enterprise, the CMOs are turning to the CIOs to make sense of this information with a common goal to increase the revenue in the dynamic competitive era. The CIOs have a continuous role to play to turn new technology into revenue. They need the CMOs to help them meet the customer’s demand for this intelligent information. Thus, the CIOs and CMOs need to work together, for turning all this data into growth numbers. As the worldwide volume of data grows at least 40 percent a year, the CIOs and CTOs have come to a stage to be dependent on each other in much more collaborate manner than ever before. That’s why many CMOs are waking up to the fact that IT can’t be treated like a back-office function anymore; rather, the CIO is becoming a strategic partner who is crucial to developing and executing marketing strategy.

Most enterprise IoT transactions are unencrypted

Researchers looked through one month’s worth of enterprise traffic traversing Zscaler’s cloud seeking the digital footprints of IoT devices. It found and analyzed 56 million IoT-device transactions over that time, and identified the type of devices, protocols they used, the servers they communicated with, how often communication went in and out and general IoT traffic patterns. The team tried to find out which devices generate the most traffic and the threats they face. It discovered that 1,015 organizations had at least one IoT device. The most common devices were set-top boxes (52 percent), then smart TVs (17 percent), wearables (8 percent), data-collection terminals (8 percent), printers (7 percent), IP cameras and phones (5 percent) and medical devices (1 percent). While they represented only 8 percent of the devices, data-collection terminals generated 80 percent of the traffic. The breakdown is that 18 percent of the IoT devices use SSL to communicate all the time, and of the remaining 82 percent, half used it part of the time and half never used it.

Beware of email lawsuit scam, an Android missed call con

A new kind of spam may be coming to Android phone users. The news site Bleeping Computer has a report that a security company has discovered a campaign that tries to trick users with a message that says “Missed call.” One version suggests you’re going to get a new iPhone, or there’s some sort of reward. The idea is to get you to click on an image or a link. Don’t fall for these scams. If you don’t know who a call is from, delete the message. Finally, some countries do a better job of filtering out malicious email than others. That’s one of the findings of a British information site called Merchant Machine.Thirty-six per cent of the email in Brazil carried malware, according to its research. Mexico was second with a rate of almost 30 per cent. By comparison, almost nine per cent of email in the U.S. was malicious, almost five per cent in China. The lowest was 3.6 per cent in the Middle East country of Oman. Still, all of the countries studied 60 per cent of their email had spam. The security industry and Internet service providers have to do better.

Fog computing vs. edge computing: What's the difference?

According to OpenFog, fog computing, which is also called fog networking and fogging, standardizes cloud extension out to the edge, encompassing all the space and activity between the two. Edge computing, in this case, is more limited in scope, as it refers to individual, predefined instances of computational processing that happen at or near network endpoints. With this paradigm, edge computing cannot create direct network connections between two endpoints or between an endpoint and an IoT gateway on its own; for that, it needs fog. ... Still other IT pros say the use of fog computing vs. edge computing depends specifically on the location of the distributed compute and storage resources. If processing capabilities are embedded directly within a connected endpoint, they call that edge computing. But if intelligence resides in a separate network node stationed between an endpoint and the cloud, such as a local node or IoT gateway, then it's fog.

Being an Ethical Software Engineer

What can we do if we care about ethics and want to bring it more into our practice? The main thing to do is probably to keep an open mind and keep asking questions. This is what it’s mostly about- asking questions. Thinking about what we do and how it would affect other people, and if we are happy with how it affects other people. We’re lucky because we’re in a needed profession, and we have the ability to make a stand and be heard. We need to raise those questions when we encounter them, start making these conversations, and even if we don’t have answers, at least bring it up, get people involved, raise awareness. Another powerful tool we have is choosing who we work for. There might always be some compromises when it comes to business priorities, but we can at least avoid helping the obvious ‘evil’ ones, companies that exploit their users or working in questionable fields. Early on in my career, I had a very short period of working for a company in the online gambling industry. The ease I felt leaving the job made it clear to me that feeling good about where you work and knowing that your efforts aren’t contributing to damaging society, is priceless.

---

Quote for the day:

"We cannot choose our external circumstances, but we can always choose how we respond to them." -- Epictetus

---

Daily Tech Digest - November 09, 2018

Cisco Accidentally Released Dirty Cow Exploit Code in Software

“A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently allowed a set of sample, dormant exploit code used internally by Cisco in validation scripts to be included in shipping software images,” the company said in an advisory. “This includes an exploit for the Dirty CoW vulnerability (CVE-2016-5195). The purpose of this QA validation step is to make sure the Cisco product contains the required fixes for this vulnerability.” Cisco said that it is not aware of “malicious use of the issue” and that the issue does not open the impacted software (Cisco Expressway Series and Cisco TelePresence Video Communication Server image versions X8.9 through X8.11.3) to any sort of attack. “The impacted software images will be removed and will be replaced by fixed images,” the company said. It did not specify when.

The Role of a Manager Has to Change in 5 Key Ways

“First, let’s fire all the managers” said Gary Hamel almost seven years ago in Harvard Business Review. “Think of the countless hours that team leaders, department heads, and vice presidents devote to supervising the work of others.” Today, we believe that the problem in most organizations isn’t simply that management is inefficient, it’s that the role and purpose of a “manager” haven’t kept pace with what’s needed. For almost 100 years, management has been associated with the five basic functions outlined by management theorist Henri Fayol: planning, organizing, staffing, directing, and controlling. These have become the default dimensions of a manager. But they relate to pursuing a fixed target in a stable landscape. Take away the stability of the landscape, and one needs to start thinking about the fluidity of the target. This is what’s happening today, and managers must move away from the friendly confines of these five tasks.

Cloud, edge, and fog computing: understanding the practical application for each

Fog computing effectively “decentralises” computational and analytical power. It sits between your local equipment and mobile devices — equipment with limited processing power and storage, in other words — and provides a way to sift through streams of information from these and other components in your IoT. You can get a better mental image of fog computing by thinking about driverless automobiles navigating a city block. If the vehicles, their sensors, and their controllers are the “edge layer” for a city’s smart transportation system — we’ll get to edge computing in a moment — then there are likely micro-data centres alongside mesh routers and cell towers that serve as the “fog layer.” Fog computing isn’t quite as decentralised as the edge, but it does further reduce the amount of data transferred across the network or upwards into the cloud layer. It facilitates communication and collaboration between the “nodes” in the edge layer. In the example above, the nodes are the driverless cars.

Don’t make your cloud migration a house of cards

The biggest architectural mistake that I see in the cloud involves coupling. Back in the day, applications were tightly coupled between other applications and data sources. If one thing stopped, the entire system stopped. So if the database went down, all connected applications did as well, including any systems that sent or received data from the database. Years ago, we learned that tight coupling was bad. It killed resiliency, scalability, and the ability to independently use resources such as applications, databases, and queues. Consultants like me gave presentations on it, and books were published on the topic, but IT organizations are still making the same architectural mistakes in 2018 that diminish the value of cloud computing. IT is not fixing things that are moving to the cloud that need fixing. At the core of the issue is money. Enterprises do not allocate enough funding to fix these issues before they move to the cloud. I assume the hope is that the issues won’t be noticed, or that the use of a more modern platform will magically fix the issues despite their poor architectures. 

What are deepfakes? How and why they work

Seeing is believing, the old saw has it, but the truth is that believing is seeing: Human beings seek out information that supports what they want to believe and ignore the rest. Hacking that human tendency gives malicious actors a lot of power. We see this already with disinformation (so-called "fake news") that creates deliberate falsehoods that then spread under the guise of truth. By the time fact checkers start howling in protest, it's too late, and #PizzaGate is a thing. Deepfakes exploit this human tendency using generative adversarial networks (GANs), in which two machine learning (ML) models duke it out. One ML model trains on a data set and then creates video forgeries, while the other attempts to detect the forgeries. The forger creates fakes until the other ML model can't detect the forgery. The larger the set of training data, the easier it is for the forger to create a believable deepfake. This is why videos of former presidents and Hollywood celebrities have been frequently used in this early, first generation of deepfakes — there's a ton of publicly available video footage to train the forger.

Cross-platform frameworks offer one-code path to mobile dev

The creation of one code base that is easy to maintain and publishes well across multiple OSes is no easy feat, said Jonathan Marston, director of software at Optimus Ride, a self-driving car company in Boston. Tools such as Adobe Air have tried and failed to achieve it, he said. "In the past, that dream has never lived up to the reality," Marston said. The ability to share code across multiple mobile OSes is getting more attainable with tools such as NativeScript and React Native, but the particular idiosyncrasies of each OS make it difficult to achieve complete code sharing, said Jesse Crossen, lead developer of VoiceThread, an education software company in Durham, N.C. For example, developers might want to write one set of code for an iOS visual component and another for an Android visual component, due to different screen sizes and resolutions. "You're always going to have that level of customization per platform or have [an app] that's a little bit generic," Crossen said.

Researcher urges IoT security legislation

While IoT is generally thought of in terms of consumer products, he pointed out that some IoT systems are widely used in the business context such as building management systems that control the heating, cooling, door locks and fire alarms. “It is important that businesses think about the IoT devices they have in their environments. The gap between IT and services often creates opportunities for technology to cause problems, and so there are some key questions businesses need to ask suppliers, retailers, hardware manufacturers so you know whether you are buying a good product or one full of security vulnerabilities.” Munro said he was able to buy a controller of a business management system online and was able to find vulnerabilities that could be exploited to discover the password of the embedded server that would enable an attacker to take complete control of the building management system.

Microsoft: .NET Core Is the Future, So Get Moving

"As we move forward into the future, with .NET Core 3, we're going to see some more workloads that we're going to be working on here, mainly Windows desktop," Massi said. "We're bringing Windows desktop workloads to .NET Core 3, as well as AI and IoT scenarios. "The big deal here is now that if you're a WinForms or WPF developer you can actually utilize the .NET Core runtime." It's still Windows, she said. It's still your Windows application framework for desktop apps, but developers will be able to take advantage of the .NET Core feature set, such as improved performance, side-by-side installs, language features and other innovations being made in the platform itself. "So that's kind of a big deal," Massi said. While .NET Core is about improved performance, self-contained .exe files for desktop application deployment flexibility and more, it also provides UI interop. "It's about, instead of totally rewriting your apps to take advantage of Windows 10 or more modern UI controls, we're making it so that you can use modern UI controls in WinForms and WPF -- that's what UI interop is," Massi said.

10 signs you may not be cut out for a systems analyst position

The ability to say "No" is important in managing all areas of life, but as a systems analyst, someday your job may depend on it. Suppose you're in a meeting with your boss, their boss, and management from the operations side. Someone tries to get you to commit, on the spot, to adding new functionality, and your boss is not interceding for you. Under pressure, many people would say "Yes" just to get out of the meeting. But if you don't know absolutely that you can do the project, within the time and budget required, resist the temptation to get them off your back temporarily. Agreeing to a task that turns out to be unreasonable is just a setup for failure. ... Saying "No" may prevent you from promising the impossible, but it's best to use the word sparingly. To succeed as a systems analyst, you'll need to think of yourself as an in-house consultant. The business needs IT tools to make money, and you have to figure out how to provide those tools. Work with your in-house customers to develop a plan you can say "Yes" to. Figure out what you need—more time, more money, more human or technical resources—and be prepared to back up your requests.

The security skills shortage: A golden opportunity for creative CISOs

The very shallow security skills talent pool has also led to another opportunity, one that serves to up-skill and empower in-house (and even outsourced) development teams. It is a known fact that most of the world’s highest-scale security breaches were made possible due to errors in the software code itself, and with the average breach costing in excess of US$3.6 million, it makes sense to examine the application security budget. It stands to reason that if developers remain untrained, the same mistakes will be made year after year, and the same reactive, expensive after-the-fact fixes will need to be applied. It seems a crazy way to burn through cash, all while an organization’s reputation as a security-conscious company goes down the drain. So, why not change it up and secure software from the start of production? Empowering development teams to write secure code is the golden opportunity for CISOs to seize proactive control over looming security issues, and where there is the chance for fast, easy and measurable improvements – for both security and development teams.

---

Quote for the day:

"Perhaps the ultimate test of a leader is not what you are able to do in the here and now - but instead what continues to grow long after you're gone" -- Tom Rath

---

Daily Tech Digest - October 08, 2018

A rough guide to your next (or first) fog computing deployment

There’s a hierarchy of storage options for fog computing that runs from cheap but slow to fast and expensive. At the former end, that option is network-attached storage. A NAS offers huge storage volumes, particularly over a distributed network, but that means latency times measured in seconds or minutes. Rotating disks could work well for big media libraries or data archives, according to Byers, while providing substantially better response times. Further up the hierarchy, flash storage, in the form of regular SSDs, provides much the same functionality as a spinning platter, with the well-known tradeoff in increased price-per-GB for much faster access times. That could work best for fast bulk storage, though Byers also notes that there are concerns about access speeds dropping off after a large enough number of read/write cycles. “After you write to a given address in the chip more than about 2,000 times, it starts getting harder to reprogram it, to the point where, eventually, you’ll get write failures on that sector of flash drive,” he said.

GDPR As Catalyst: Protect Data And Grow the Business (Part 4)

A successful collaboration depends on the ability to share information quickly and easily with third-party companies, working across organizational and geographical boundaries. However, it is vital to balance the need to provide business partners with ready access to enterprise data while safeguarding valuable intellectual property and sensitive corporate information. In addition, they must meet many industry- and country-specific compliance requirements – including the General Data Protection Regulation (GDPR) for managing personal data. Data processors and controllers are both responsible for GDPR requirements for personal data, wherever that data may be in their business network. They need to be able to quickly and securely share data with partners. By using dynamic attribute-based access controls, they can classify and segregate data based on metadata, content, association, or policy; establish fine-grained, attribute-based access policies; automate access authorization based on policies; and centralize activity logging and auditing to simplify compliance reporting.

Sony Smart TV Bug Allows Remote Access, Root Privileges

The flaws – a stack buffer overflow, a directory traversal and a command-injection bug – were found by Fortinet in March by its FortiGuard Labs team. The most serious of the vulnerabilities is the command-injection (CVE-2018-16593) bug, which is tied to a proprietary Sony application called Photo Sharing Plus. The app allows users to share multimedia content from their phones or tablets via Sony TVs. “This application handles file names incorrectly when the user uploads a media file,” wrote Fortinet’s Tony Loi, who found the vulnerability. “An attacker can abuse such filename mishandling to run arbitrary commands on the system, which can result in complete remote code-execution with root privilege.” Fortinet researchers said a compromised TV could be recruited into a botnet or be used as springboard for additional attacks against devices that shared the same network. To be successful, an adversary would need to be on the same wireless network as the Sony TV.

Separating high value from low value KPIs in data governance efforts

It's not necessarily a bad thing for a business to know how many overall data quality problems happen in a specified span. But, the reason this could be a lower-value KPI in many organizations is that it is likely not adequately specific. In contrast, a KPI for resolved issues indicates if a company is making gains in remedying problems or not. Looking at the number of data quality issues also becomes more problematic if a company has numerous locations. Failing to separate data quality issues into outstanding and resolved categories could also promote inaccurate presumptions about performance. Indeed, it's best to keep the number of data quality issues as low as possible. But, it's arguably even more critical for company representatives to accurately ensure they're promptly addressing and thoroughly handling all issues. Only viewing overall issues may not represent how those problems get treated.

The first smart display for business: Your Android phone

The new smart display interface will constantly show contextual information such as the time, the weather, battery status, and other data. Google released its third version of the smartphone operating system Wear OS, which comes with an improved Google Assistant feature. The biggest change: proactivity. The Wear OS Google Assistant can offer all kinds of contextual information (some of it based on personal data mined in Gmail). This makes sense, because wristwatches can gather amazing contextual data, such as user location and also whether the user is walking or sitting. I think this is a preview of what’s coming for the docked Android phone version of Google Assistant. Phones have even better contextual information than watches, because placing the phone in the dock says a lot about intention — namely that the user is not intending to leave and go somewhere else, but plans to stay in a single place and may want hands-free notifications and assistance.

Microsoft halts rollout of Windows 10 October 2018 Update: What happens next?

Via email, a Microsoft spokesperson confirmed that announcement: "We have paused the rollout of the update while we continue to investigate reports from some customers." In a tweet, Dona Sarkar, who runs the Windows Insider Program, advised anyone affected by this issue to call Microsoft's support lines: "They have the tools to get you back to a good state." The implication in that tweet (and in the language from the original bulletin) is that the files have not been deleted but are available elsewhere on the system disk. Update: Roughly 36 hours after the initial publication of the support bulletin, Microsoft edited its contents. It now reads, "If you have manually checked for updates and believe you have an issue with missing files after an update, please minimize your use of the affected device and contact us directly..." [emphasis added] In the United States, you can reach Microsoft Support at 1-800-MICROSOFT (1-800-642-7676). For Windows 10 customers in other regions, check the list of local support numbers on the Global Customer Service Phone Numbers page.

Software-defined networking security involves 3 factors

To fully protect confidentiality, it's necessary to encrypt network traffic. IT teams should also consider encrypting the control channel in the environment, which includes the communications between an SDN controller and the data plane devices that actually move packets. Moreover, if an SDN system includes any ability to cache data -- e.g., as part of a network flight recorder feature -- or if it has data compression features, it may be necessary to encrypt data stored in memory, or even on a disk, in data plane devices or the controller. SDN systems can defend themselves from attack, but this requires hardened platforms for both controllers and data plane devices. If the SDN controller is running on a poorly secured Linux server, for example, it doesn't matter how secure the SDN system riding on the nodes is at a high level. Any off-the-shelf SDN system should have a secured base -- whether Linux, CentOS or something else -- when it comes out of the box.

Juniper CEO Rahim talks network, security and multicloud trends

There’s no way to get around the biggest trend, and that is the tectonic shift to cloud and multicloud. I am not just talking about the hyperscale users either. I am talking telcos and enterprises. It’s a sign of the times that every CIO is trying to take advantage of a multicloud environment, whether it’s to build out an infrastructure to handle it or deploy an overlay or underlay – they just cannot do it by themselves. That’s why we have so heavily invested in multicloud connectivity and software services development.  The second one is the move to 5G. Overall we don’t think 5G technologies will go mainstream until next year, but the preparation for it is well underway. Cloud services and providers are developing the infrastructure and capacity to take advantage of 5G now. Security would be the third, and what we are seeing is the trend of customers tying together networks and security technologies to develop more effective policies to block malware and protect the enterprise against threats better than ever before.

Open source is the future, but it will cost you more than you think

Open source has never been known for being the people that sit and finish up projects. They've always sort of gotten it to a good solid point that does 80% of what you want it to do, or it works well enough but there's not great interfaces and things on it. What tends to happen is, either commercial companies like Red Hat...end[] up making it usable for them afterwards. We obviously also see the public cloud beginning take those open source projects and turn them into managed services as well. Such companies—including system integrators—do the "last mile" work necessary to get open source projects ready for enterprise consumption. Red Hat makes billions on this model, yet it still remains more of an anomaly than it should. We have MongoDB, Elastic, the combined Cloudera and Hortonworks, and other open source companies, but not nearly as many as we should, given how dominant open source has become in the area of enterprise infrastructure.

Be Prepared for Disruption: Thinking the New Unthinkables

The fear is that talk of “purpose” still remains a convenient and fashionable slogan, but empty. It may only be mainstreamed when there is hard evidence that having strong values adds money and social value to the company. Mayer is leading the charge to find rigorous data through his work at Oxford and the British Academy project on the Future of the Corporation to establish a causal link between values and value. “Until that’s the case, it’s going to be extremely difficult to persuade the investment community that they should be moving in this direction in a big way,” he says. This is despite the very clear signals now being sent by the public to both corporate and political leaders that purpose matters. These unthinkable scenarios — such as Collymore’s young customers deserting overnight — must be accepted, not ignored. The challenge is even more acute in a world of digital transformation. Artificial intelligence and biotech are bringing huge changes to society. For leaders, a new clarity of purpose and a moral compass is essential, as is an understanding that huge new disruptions are the hallmark of the new normal.

---

Quote for the day:

"Open Leadership: the act of engaging others to influence and execute a coordinated and harmonious conclusion." -- Dan Pontefract

---

Daily Tech Digest - October 04, 2018

The risks of regulating artificial intelligence algorithms

We have to describe the world as it is for us to gain useful insights. Sure, we might then use those to convert that reality to how it ought to be, but our ingoing information, plus its processing, has to be morally blind. There is quite a movement out there to insist that all algorithms, all AIs, must be audited. That there can be no black boxes – we must know the internal logic and information structures of everything. This is so we can audit them to ensure that none of the either conscious or unconscious failings of thought and prejudice that humans are prey to are included in them. But, as above, this fails on one ground – that we humans are prey to such things. Thus a description of, or calculation about, a world inhabited by humans must at least acknowledge, if not incorporate, such prejudices. Otherwise the results coming out of the system aren’t going to be about this world, are they?

Understanding Spring Reactive: Introducing Spring WebFlux

With the introduction of Servlet 3.1, Spring MVC could achieve non-blocking behavior. But, as the Servlet API contains several interfaces that are still blocking (maybe because of support for backward compatibility), there was always the chance of accidentally using blocking APIs in the application, which was intended to be developed as non-blocking. In such scenarios, the usage of a blocking API will certainly bring down the application sooner or later. ... The purpose of this series is to demonstrate the evolution of the Servlet/Spring from the blocking to non-blocking paradigm. I am not going into the details of Spring WebFlux in this tutorial. But, still, I am going to introduce a sample Spring Boot application using Spring WebFlux. One point which we should notice in the above diagram is that Spring WebFlux is Servlet Container agnostic. Spring Webflux works on Servlet Container and also on Netty through Reactor Netty Project. In my Spring boot application, I have a dependency on WebFlux as spring-boot-starter-webflux, and at server startup, it says that the application is ready with Netty.

Asking the right questions to define government’s role in cybersecurity

Cyberthreats cross national boundaries, with victims in one jurisdiction and perpetrators in another—often among nations that don’t agree on a common philosophy of governing the internet. And complicating it all, criminal offences vary, legal assistance arrangements are too slow, and operating models for day-to-day policing are optimized for crimes committed by local offenders. ... Each country is addressing the challenge in its own way, just as companies tackle the issue individually. Approaches vary even among leading countries identified by the Global Cybersecurity Index, an initiative of the United Nations International Telecommunications Union. Differences typically reflect political and legal philosophy, federal or national government structures, and how far government powers are devolved to state or local authorities. They also reflect public awareness and how broadly countries define national security—as well as technical capabilities among policy makers.

Iron Ox uses AI and robots to grow 30 times more produce than traditional farms

Iron Ox’s first 1,000-square-foot farm, which is in full production as of this week, taps a robotic arm equipped with a camera and computer vision systems that can analyze plants at sub-millimeter scale and execute tasks like planting and seeding. A 1,000-pound mobile transport system roughly the size of a car, meanwhile, delivers harvested produce — including leafy greens such as romaine, butterhead, and kale and herbs like basil, cilantro, and chives — using sensors and collision avoidance systems “similar to that of a self-driving car.” Cloud-hosted software acts as a sort of brain for the system, ingesting data from embedded sensors and using artificial intelligence (AI) to detect pests, forecast diseases, and “ensure cohesion across all parts.” It might sound like pricey tech, but Alexander and company said they worked to keep costs down by using off-the-shelf parts and implementing a scalable transport system.

From Visibility To Vision: Staying Competitive In An Open Banking Future

One of the reasons the digital experiences of established banks remain so lackluster is a failure by both customers and employees to report instances of slow or faulty systems. Across the board there is a growing apathy and acceptance of poorly performing technology, creating a self-perpetuating cycle of unsatisfied users. The first step in rectifying this problem is to give the power and visibility back to the IT team and business by providing them with system monitoring solutions that can quantify “normal” behavior as a benchmark to identify deviations from normal, so they can truly measure the user’s experience. These solutions would effectively bypass the reliance on the end-user to report issues and instead focus on creating more agile capabilities to proactively identify and rectify areas of degrading performance. Once IT departments are equipped with an intelligent and proactive infrastructure, banks can effectively compete by delivering digital services that offer a superior customer experience.

Everyone, everywhere is responsible for IIoT cyber security

Cyber security threats are coming at us from every direction, not just from our corporate networks. Operational networks were simply not built for connectivity, and carefully thought-out security protocols are being ignored for the benefit of data access to drive productivity gains. Unfortunately, threat vectors now extend even to base-level assets. Attackers can target anything from a connected thermostat to a wireless field device in order to cause danger. This heralds a new type of aggressive, innovative cyber attack for industrial control systems, which are becoming increasingly accessible over the internet, often inadvertently. The actors, too, have changed, and they are becoming more sophisticated every day. Attack techniques, tools and lessons are readily available on the dark web, which means low-level cyber criminals have access to the information they need to attempt more serious attacks.

How updating an outdated industrial control system can work with fog computing

According to fog computing and automation startup Nebbiolo Technologies – which declined to name the client directly, saying only that it’s a “global” company – the failure of one of those Windows IPCs could result in up to six hours of downtime for said client. They wanted that time cut down to minutes. It’s a tricky issue. If those 9,000 machines were all in a data center, you could simply virtualize the whole thing and call it a day, according to Nebbiolo’s vice president of product management, Hugo Vliegen. But it's a heterogeneous environment, with the aging computers running critical control applications for the production lines – their connections to the equipment can't simply be abstracted into the cloud or a data center. Architecturally, however, the system is a bit simpler. Sure, there are a lot of computers, but they’re all managed remotely. The chief problem is visibility and failover, Vliegen said. “If they fail, they’re looking at six hours downtime,” he said on Tuesday in a presentation at the Fog World Congress in San Francisco.

5 mistakes even the best organizations make with product and customer data

“In 2018, digital business transformation will be played out at scale, sparking shifts in organizational structure, operating models, and technology platforms. CEOs will expect their CIOs to lead digital efforts by orchestrating the enabling technologies, closing the digital skills gap, and linking arms with CMOs and other executive peers better positioned to address the transformational issues across business silos.”  The need to address these business silos has been a key driver in the growth of master data management (MDM). MDM integrates multiple disparate systems across organizations by streamlining the process of aggregating and consolidating information about products, customers, suppliers, employees, assets and reference data from multiple sources and formats. It connects that information to derive actionable insights and publishes it to backend systems as well as online and offline channels.

Codefirst: The Future of UI Design

If you look at your laptop, tablet, or mobile phone today, you’ll notice that the latest craze to sweep the industry is flat design. Flat design was a dramatic departure from Apple’s ubiquitous skeuomorphism style to one that celebrated minimalism. This trend boasted a UI that leveraged simplicity, flat surfaces, cleaner edges, and understated graphics. The flat design trend evidences a shift within the industry to make designs scale across many different form factors. Websites, on the other hand, have incorporated polygonal shapes, simple geometric layers, and bold lines that grab the audience’s attention. Tactile designs have also grown in popularity in recent months. This design trend makes objects appear hyper-real. Beyond these current trends, there are many examples of websites without borders, without multiple layers, with purposeful animation, and large images. Going forward, you can undoubtedly expect the bar to be raised within the app and web world to ensure that both UI and UX work seamlessly together to improve user interactions.

Incorporate NIST security and virtualization recommendations

The main goal of following these NIST virtualization recommendations is to ensure the secure execution of the platform's baseline functions. These recommendations primarily target cloud service providers that offer infrastructure as a service and enterprise IT teams planning to implement virtual infrastructures to host line-of-business applications. According to NIST, hypervisor platforms are susceptible to security threats via three primary channels: the enterprise network where the hypervisor host resides, rogue or compromised VMs accessing virtualized resources, and web interfaces for the platform's management services and consoles. NIST breaks down the hypervisor platform into the following five baseline functions: VM process isolation (HY-BF1), device mediation and access control (HY-BF2), direct command execution from guest VMs (HY-BF3), VM lifecycle management (HY-BF4), and hypervisor platform management (HY-BF5).

---

Quote for the day:

"Great Leaders Focus On Sustainable Success Rather Than Quicker Wins." -- Gordon TredGold

---

Daily Tech Digest - July 02, 2018

Microsoft Surface Studio: A cheat sheet

From the point of view of artists and designers, the Studio offers a high-end computer built around their creative needs, which does away with having to use a separate drawing tablet and computer. Even if creatives ignore the Surface Studio, its release is good news, likely to prompt incumbents like Apple and Wacom to spec up and cut the prices of new machines — in particular for the iMac, which the Studio has been compared to many times, despite the iMac lacking a touchscreen. By following up the immaculately designed Surface Book laptop with a striking machine like the Surface Studio, Microsoft also appears to be trying to establish itself as a competitor to Apple on the design front. The Surface Studio garnered good reviews but with sizable caveats. TechRepublic's sister site ZDNet praised its attractive high-resolution screen and snappy performance but criticized its high price, limited build-to-order and upgradeability options, as well as the fact the Surface Dial is not included by default. CNET had similar concerns, and also highlighted limitations of the GPU choice and lack of front-mounted USB ports and Thunderbolt connection.

UK government cyber security standard welcomed

The standard outlines a set of cyber security outcomes for government departments to achieve in the areas of identification, protection, detection, response and recovery. The outcomes-based approach is aimed at allowing government departments flexibility in how the standards are implemented, “dependent on their local context”, the document states, adding that “compliance with the standards can be achieved in many ways, depending on the technology choices and business requirements in question.” Some of the key requirements include clear lines of responsibility and accountability to named individuals for the security of sensitive information, training and guidance for senior accountable individuals, strict access control, use of secure configurations, regular patching, attention to email and web application security, developing an incident response and management plan and the testing of contingency mechanisms to ensure continued delivery of essential services. One of the few prescriptive uses of technologies is the use of Transport Layer Security version 1.2 (TLS v1.2) to protect email and data in transit.

How to Write Better Code

For the first of these points, great books help you to read code. Some books that I strongly recommend are Clean Code, Implementation Patterns, Refactoring, The Art of Agile, Pragmatic Programmer, and Practices of an Agile Developer. I've enjoyed reading all of these books immensely. These books will teach you considerations such as low coupling, high cohesion, and simple design. They will teach you useful principles like the Single Responsibility Principle and the Open-Closed Principle. The patterns and principles teach you new information and code to discuss with your team. For the second of these points, Test-Driven Development is one great way to learn how to write code. I enjoy doing coding katas myself and often use them for teaching. But, the most valuable skill when writing code is one I learned at code retreats. It is essential to learn when to delete the code you write. I don't just mean refactor it in order to be smaller. I mean that, for coding exercises, highlight all the files and press the delete button. I mean for production code, after spending a few hours working on a task, use git reset --hard HEAD.

How a robot vacuum navigates your home

Newer, higher-end robot vacuums include self-navigation systems that use mapping technology. Each manufacturer implements its own particular spin on mapping, but each of them is currently built around two slightly different methods. One uses an onboard digital camera to take pictures of walls, ceilings, doorways, furniture and other landmarks. A version of this type of mapping is used in Roomba’s 900 series vacuums and Samsung’s Powerbots. The other method, employed in vacuums like Neato's Botvac series, uses a laser range finder (also called LIDAR for Light Detection and Ranging) that measures the distance to objects in the vacuum’s path. In either case, the robot vacuum uses the data it collects in combination with information from its other sensors to gradually build a map of the room during its initial cleaning. Mapping delivers significant advantages. Armed with a floor plan, the robot vacuum can plot the most efficient route through the room, which is why mapping models seem to move in more orderly straight lines than their non-mapping counterparts. Mapping also allows the robot vac to localize itself within the map, which informs it where it's been and where it yet needs to go.

Slack outages raise reliability concerns

In an interview last month, a Slack representative acknowledged the company's rapid growth has been challenging to keep up with at times. Since January 2015, the company has grown from 1.1 million daily users to 8 million regular users today. "To be frank, we're still learning as we go," said Julia Grace, senior director of infrastructure engineering at Slack, based in San Francisco. "This is such a complex piece of software. We're operating at a global scale. We're learning and evolving and growing and making the service better along the way." Some analysts pointed out that Slack's performance was much worse when it was starting out. "Once upon a time, in the very, very, very early days of Slack, they were built on a model that couldn't scale," said Michael Facemire, an analyst at Forrester Research. "You remember those outages; you remember the old days when [Slack] would be down, and it would be down for very perceivable amounts of time." Nevertheless, with tech powerhouses Cisco and Microsoft as competitors, Slack can no longer afford to look weak. Companies are unlikely to standardize on a collaboration vendor with an uptime record significantly less than rivals.

IEEE Sets Fog Computing Standard

“We now have an industry-backed and -supported blueprint that will supercharge the development of new applications and business models made possible through fog computing,” said Helder Antunes, chairman of the OpenFog Consortium and senior director at Cisco, said in a statement.  According to the OpenFog website: “The sheer breadth and scale of IoT, 5G and AI applications requires collaboration at a number of levels, including hardware, software across edge and cloud, as well as the protocols and standards that enable all of our ‘things’ to communicate. "Existing infrastructures simply can’t keep up with the data volume and velocity created by IoT devices, nor meet the low-latency response times required in certain use cases such as emergency services and autonomous vehicles. "By extending the cloud closer to the edge of the network, fog enables latency-sensitive computing to be performed in proximity to the data-generating sensors, resulting in more efficient network bandwidth and more functional and efficient IoT solutions. Fog computing also offers greater business agility through deeper and faster insights, increased security and lower operating expenses.”

HealthEngine's Latest Problem: A Data Breach

Embattled Australian medical appointment booking service HealthEngine says late Friday it has notified 75 users of a data breach that may have exposed some identifying information. The data breach is the latest in a string of problems for HealthEngine, which has fallen under scrutiny for tampering with patient reviews and for its third-party marketing activities, which underpin its free medical booking service. The breach involved HealthEngine's Practice Recognition system, which allows patients to write reviews of practices. It is unclear when the breach occurred. More than 59,600 patient feedback entries may have been improperly accessed, and 75 of those contained "identifying information," HealthEngine says in a notice on its website. "Due to an error in the way the HealthEngine website operated, hidden patient feedback information within the code of the webpage was improperly accessed, the company says on its website. "The information is ordinarily not visible to users of the site."

Shadow IT: When employees venture to the dark side

While the factors leading to shadow IT today are the same, the outcome (and risks) are largely new. Equipped with a company credit card and their web browser—users are willing to go outside the scope of IT to get the apps they need to work productively—jeopardizing security and corporate compliance in the process. Employees who play fast and loose with the rules of IT can lead to renegade apps stirring-up all sorts of trouble, and everyone can contribute to the problem. Executives who store sensitive notes and documents within apps like Evernote and Dropbox put company secrets at risk. The marketing department can cause financial headaches by, for example, purchasing unsanctioned Salesforce licenses for their team members. When shadow apps run amok outside the scope of IT, a lot can go wrong. Most importantly, without knowledge or control of the apps workers are using, IT admins cannot guarantee corporate or user privacy. Employee workflow and productivity are also at risk. Individual teams that use competing apps (for example, sales uses Slack while engineering uses Microsoft Teams) can make collaboration more difficult, if not impossible. And then there are the costs associated with paying for separate software licenses, or worse, paying double for the same software license across different teams.

Enabling stakeholders to boldly support data governance

Decisions on data governance programs ultimately affect many different stakeholders, some of whom are unknown when those decisions are made. Understanding the entirety of the people that are affected is where a lot of the change management aspects come into play. Widening the net to engage as many people as possible helps ensure the program is effective. Creating a data governance program behind closed doors with just a select few participants can be a recipe for disaster. Engagement depends on knowledge and buy-in, so don’t short-change your efforts by limiting participation. Communicate with as many data stakeholders as you can, especially with those who have taken on data community leadership roles. Data stakeholders want to be part of the process of creating, implementing and sustaining a data governance program. They want to know that their knowledge is appreciated and taken into account when decisions are made about policies, procedures, business rules, metadata and tools.

Dispatch From The Super Internet

The Super Internet is the sum total of how the internet operates when you’re running a very large number of Chrome extensions. It’s a different and better internet, where all the normal complaints don’t apply. On the Super Internet, you don’t enter passwords or see advertising. You don’t get tracked. Every page is HTTPS. And if you go to a page where your registered password has been leaked to the dark web, the Super Internet will tell you. Cloud applications on the Super Internet are ten times better than those available to most users. The Super Internet version of Gmail can send and receive SMS, do advanced mail merge, send recurring and scheduled emails, send PGP-encrypted emails, apply follow-up and due-date reminders to incoming emails, edit outgoing emails using HTML or Google Docs, block notification of senders when you open an email — the list goes on and on. The Super Internet has social networking features most users can’t even imagine. Twitter, for example, is enhanced with auto-refreshing streams, one-button account switching, instant and automatic following and unfollowing, the ability to remove any component of Twitter, including promoted tweets, and hundreds of additional features.

---

Quote for the day:

"The weak can never forgive. Forgiveness is the attribute of the strong." -- Mahatma Gandhi

---