February 05, 2014

Software [in]security and scaling automated code review
As the tools have matured to cover a broad range of vulnerabilities, they have in general evolved for integration into a build process on a big build server. That means in some cases they may not be feasible for use at the developer desktop. Simply put, the industrial-strength tech eats a workstation alive. ...  If a developer has to tie up her development workstation for two to three hours to run a scan on a single build component, the result is that her productivity diminishes as she waits around for results.


Interview: The Need for Big Data Governance
There are three main ways bad data gets into systems, and they’re all essentially technology-agnostic. The first is during data migration. Before you go live on a new system, you will normally bulk load some information. If your initial data load contains poor quality data, it can be really expensive to fix. If you’re talking about an ERP system, it can break essential business processes like being able to bill customers. A big data project could lose credibility with the users if they see a lot of data issues. It’s simpler and cheaper to prevent bad data getting in in the first place.


British intelligence used DDoS tactics against Anonymous, Snowden documents show
The British spy agency GCHQ secretly waged war against the hacker collective Anonymous a few years ago, according to documents taken from the NSA by Edward Snowden and revealed late Tuesday by NBC. At the time, certain members of Anonymous were themselves waging war against British government institutions and various companies.


Audit committees increasingly uncomfortable about cyber threats
“Given the rapidly growing public, political and media profile of the cyber threat, it is very worrying that audit committee members feel more concerned now about the issue than they did a year ago,” said Stephen Bonner, partner at KPMG. “It shows that either companies are losing the battle against cyber criminals, or they are still not yet fully engaging with the threat. It is a difficult issue that takes many executives and non-executives out of their comfort zone. However, it is simply too big and fast-growing a risk for companies to tackle half-heartedly.”


Those many faces of fraud
The past few years have seen several headline-grabbing incidents of corporate fraud in India. These have not just tested the Indian ‘trust-based’ business framework, but also sent ripples across the business community and stock markets. In many ways, India woke up to the reality of fraud in the past few years. It realised that it was not a Western phenomenon, but a universal one. Greed is, after all, a human failing. Predicting a fraud before it occurs is, at least for now, the subject of science fiction.


Strategies and Code for Creating Fluent APIs
There are numerous ways to implement a fluent API, depending on the degree of control you want to maintain over the API, how many classes you want to be able to use it with, and how you want to extend your API. Here are your options. In an earlier column, "Implementing a Fluent Interface," I showed how to create a fluent API for a single class. However, there are other strategies that offer more flexible solutions.


When No One Is Just a Face in the Crowd
“Just load existing photos of your known shoplifters, members of organized retail crime syndicates, persons of interest and your best customers into FaceFirst,” a marketing pitch on the company’s site explains. “Instantly, when a person in your FaceFirst database steps into one of your stores, you are sent an email, text or SMS alert that includes their picture and all biographical information of the known individual so you can take immediate and appropriate action.”


Senate cybersecurity report finds agencies often fail to take basic preventive measures
“Almost every agency faces a cybersecurity challenge,” said Michael Daniel, special assistant to the president on cybersecurity policy. “Some are farther along than others in driving awareness of it. It often depends on whether they’ve been in the crosshairs of a major cyber incident.” ... The report concluded that the department had failed even to update essential software — “the basic security measure just about any American with a computer has performed.”


SHA-1 to SHA-2: The future of SSL and enterprise application security
Organizations should push ahead with the upgrade to SHA-2 now and not hope for a last-minute reprieve despite the fact that no SHA-1 collisions have yet been found. The areas that will require the most work are legacy systems that make SSL connections, and software and hardware such as game consoles, phones and embedded devices that rely on hard-coded certificates. These certificates will all need to be replaced and have the software updated if they are unable to currently support SHA-2 encryption.


12 predictions for the future of programming
To help you prepare for -- or at least start contemplating -- a future that's screaming across the sky faster than we can see, we've compiled a dozen predictions about how the next five years of programming will shake out. Our crystal ball is very subjective, and some of the following conjectures might not prove universal. Some won't be fully realized in five years. Others are already true, but the extent of their truth is not as well-established or widely known as it will be fairly soon.


Quote for the day:

 "Concentration comes out of a combination of confidence and hunger."-- Arnold Palmer
Posted by at No comments:
Labels: , , , , , , , , , , ,

February 04, 2014

A Cost Analysis of Media Consumption using System Dynamics Modeling
Compare the heavily discounted cost of $3/GB for disk to the average price of 10¢ to 13¢ per GB for tape. Or in the case of our simulation and model, $102.9M for a disk architecture and $3.4M for a tape architecture. With a difference of more than 30x the cost for disk than tape, one needs to step back and consider if they really want to jump into the world of disk based backup without considering ways to lower the total cost of ownership. The fundamental cost in the average enterprise is the retention of data that is backed up. With altering the retention level of data backed up, we can effect an impact on the TCO.


Satya Nadella's to-do list: Here are the first 10 battles Microsoft's new CEO will have to fight
And now finally Microsoft has finally ended the wait by confirming that Satya Nadella is to be its new CEO. Nadella needs to get moving as soon as possible; after months of Microsoft's staff effectively treading water while waiting for a new chief to be appointed, he'll have an overflowing inbox and many decisions to make about the future direction of the company and its products. Here are some of the knotty interrelated issues Microsoft's new chief executive will have to struggle with sooner rather than later.


Top 10 Ways to Improve Your Cloud Career and IT Skill Set
New data center demands are creating a wide array of new types of specialists. Engineers become architects, programmers become cloud designers, and database administrators become data scientists! There are a lot of new and interesting options out there to help you push your career to the next level. To be successful in the IT and cloud arena you’ll have to optimizeyour existing skill set. With that, let’s take a look at 10 great ways you can accomplish this.


Predictive Analytics: Finding the Future in Big Data
Using PA to properly assess risks based on actuarial data and proven hypotheses can mean the difference between new product ROIs and catastrophic liability. Weather models forecasting everything from hurricanes to sea-ice melt allow scientists to measure the effects of climate change and illustrate future scenarios. Crime prevention, genomics, human and knowledge performance indicators, natural resource exploration, project management, and other disciplines have stakes in PA.


The Persistent Imbalance Between Supply and Demand for Software Development Labor
We're currently in the midst of another structural increase in the demand for software development labor, this time being driven by analytics and smart devices (the alleged "internet of things", from cars to coffee pots), with the odd halo application (e.g., wearable tech) thrown in for good measure. Every indication is that for the foreseeable future, demand for software developers will continue to increase at a rate faster than the supply of software developers available to develop it. What does this mean to the business of software?


Healthcare among most opportunistic use cases for boundaryless information flow improvement
In the healthcare landscape, and in other industries, there are a lot of players coming to the table and need to interact, especially if you are talking about a complex episode of care. You may have two, three, or four different organizations in play. You have labs, the doctors, specialized centers, and such, and all that requires information flow. Coming back to the methodology, I think it’s bringing to bear an architecture methodology like provided in TOGAF.


The Enterprise IT Infrastructure Agenda for 2014
Procurement of hardware, software, and services required to operate an enterprise environment is becoming more challenging for senior infrastructure managers. Even as more procurement spending is devoted to software, many infrastructure organizations continue to use techniques developed for hardware procurement. These techniques are not entirely effective given software’s product fragmentation and relatively high switching costs.


Despite Target data breach, PCI security standard remains solid, chief says
"Any time there's a breach it sheds a spotlight on what we do," Russo said. But instead of pointing fingers at PCI, there should be more focus on working collaboratively to address security issues in the payment card industry, he said. "Everybody is looking for a silver bullet," in the wake of the recent breaches, said Russo, who is scheduled to testify before Congress pn Wednesday on the issue. "As far as I know, no silver bullet exists. It's a combination of people, process and technology."


Debug / Inspect WebSocket traffic with Fiddler
This is my first time writing code project article. Thanks for your supports. I have recently written a project using SignalR, which supports HTML 5 WebSocket. However I cannot find good tools to debug or inspect WebSocket traffic. I know that both Chrome and Fiddler support inspecting the WebSocket traffic, but they are very basic. If you have very high volume of traffic or each frame is very large, it becomes very difficult to use them for debugging. I am going to show you how to use Fiddler (and FiddlerScript) to inspect WebSocket traffic in the same way you inspect HTTP traffic.


Mobile device management vs. mobile application management
Mobile device management and mobile application management are two of the more popular technologies for enabling secure smartphone and tablet use in the enterprise. They have different use cases, but some of their features overlap, and more vendors are combining the two technologies into single products. That means mobile device management vs. mobile application management isn't necessarily the discussion you should be having in your IT department.


Quote for the day:

"If you define your company by how you differ from the competition, you're probably in trouble." -- Omar Hamoui
Posted by at No comments:
Labels: , , , , , , , , , , , , ,

February 03, 2014

The risks of Agile software development: Overcoming feature creep
It is important not to confuse scope creep with intentional technical debt. In Agile projects, some teams will purposely incur debt because delivering to the market can trump the quality or completeness of the solution. Developers have to get something out there because the competition has some functionality that their product lacks. That said, developers must plan to prevent scope creep even when they incur intentional technical debt.


OpenStack creates innovation for private clouds + competition
Giving large enterprises the power of a large cloud platform isn’t in Kemp’s opinion just about technology. Technology is important in order to make things possible, but “you are dealing with a cultural transformation.” “You are dealing with a different way of thinking about building software and with a lot of existing applications that are not going to run very well in the ideal cloud architecture that we see the Amazon-style cloud companies leveraging,” said Chris Kemp.


Oracle's cloud growth: Will it measure up?
What Goldmacher is trying to solve for with Oracle's cloud growth is going to be a common problem for the industry. Mixed revenue models---licensing, support and cloud subscriptions---ultimately mean less transparency by product line. While Workday, Salesforce and NetSuite are easier to understand regarding cloud growth, tech giants can talk growth with a lot of footnotes and other assumptions. Simply put, cloud washing is an epidemic.


Data classification for cloud readiness
Several types of processes exist for classifying data, including manual processes, location-based processes that classify data based on a user’s or system’s location, application-based processes such as database-specific classification, and automated processes used by various technologies, some of which are described in the ”Protecting confidential data” section later in this paper. This paper introduces two generalized terminology models that are based on well-used and industry-respected models. These terminology models, both of which provide three levels of classification sensitivity, are shown in the following table.


Big Data Goes Legal
Attorneys are fighting back against the seemingly insurmountable onslaught of big data as it relates to their litigation practice. Legal analytics, a term often made interchangeable with technology assisted review or predictive coding, attempts to help an attorney be a “copilot” in the matrix of litigation, with big data guiding the focus and prioritization of data review and categorization. Leaders and innovators in the legal technology space are now in an arms race to create the most defensible, statistically validating tools to sift through data and locate the “smoking gun” as quickly as possible.


New CIOs need at least two years to take charge, research finds
Ninety days is often quoted by management books, such as Michael Watkins’ ‘The First 90 Days: Proven Strategies for Getting Up to Speed Faster and Smarter’, as the critical amount of time an executive needs to succeed in their role. However, Peppard believes that there is a process of learning that all CIOs have to go through until they have mastered the assignment of a new role, which takes much longer.


Hackers use '.enc' trick to deliver Zeus banking malware
Gary Warner, Malcovery's chief technologist, posted on his blog an assortment of spam messages, which spoofed brands and organizations such as the payment processor ADP, the Better Business Bureau and the British tax authority HMRC. The spam messages contain a ".zip" file, which, if opened, contains a small application called UPATRE. That executable file downloads a ".enc" file, which it then decrypts. The decrypted file is GameOver Zeus, a variant of the notorious Zeus malware.


Dell offers bare-metal switches through Cumulus partnership
With the right skills in place, an IT organization can greatly reduce the cost of network operations by exploiting the programmability of these bare-metal Dell switches, he said. The capital costs will also be lower. Dell isn't disclosing how much it will charge for bare-metal switches, but Joshipura said the price will be around 20% lower than switches running Dell's proprietary software, depending on volume and type of customer.


Malicious intent can turn Chrome speech recognition into spying device
Ater first reported his findings privately to Google in September 2013. Ater said Google engineers had a fix within weeks. Then a week ago, with no evidence of Google removing the bug from Chrome, Ater decided to go public: “As of today, almost four months after learning about this issue, Google is still waiting for the standards group to agree on the best course of action, and your browser is still vulnerable.”


Data-driven policy and commerce requires algorithmic transparency
Part of the trouble is that big data has long since become a big buzzword, enabling marketers, vendors, media, academics, and politicians to project whatever they like upon it. That bubble is hard to puncture with criticism, real or otherwise. That reality has been acknowledged by close observers of the phenomenon, like Ken Cukier, The Economist's data editor, who suggests thinking about it in terms of its features:


Quote for the day:

 "The key to successful leadership today is influence, not authority." -- Ken Blanchard
Posted by at No comments:
Labels: , , , , , , , , , , ,

February 02, 2014

How ISO 31000 standardises risk management
Any organisation’s risk management should be capable of review and evaluation by any risk manager or auditor. ISO 31000 sets a framework for ‘components that provide the foundation and organisational arrangement for designing, implementing, monitoring, reviewing and continually improving risk management processes’. The framework of ISO 31000 follows the Plan, Do, Check, Act model, like other global management system standards.


Enterprise software marketing: Sell the value, not the box
The drive to perfect features before achieving a profound understanding of customer needs, pains, and business context comes from the mistaken assumption that technology, like idealized love, can overcome any obstacle. This mindset pushes many startups to believe their core mission is creating a great product. In a blog post and video, entrepreneur and Stanford professor, Steve Blank, challenges startups to rethink the fundamental nature of their challenge and goal. Instead of pushing for better product and technology alone


Holacracy 101: Could This Nontraditional Business Structure Work for You?
Holacracy is a self-governing, purpose-driven business structure that reassigns authority and responsibility based on the task at hand. The model recently made headlines for sparking the interest of Zappos CEO Tony Hsieh. His company reportedly will become a holacracy by the end of 2014. Here’s a brief explanation of how holacracy works and why it could benefit a small business.


2014 Enterprise Architecture: Increasing Business Architecture ROI
BAs need to focus on creating value to drive value realization as the outcome for our annual work plan for the organization. ... This model is comprehensive, fits with the BA role, and is well-accepted type of concept as it covers the value planning, value creation, and value realization process illustrated below. Simply put, BAs must align and drive the business strategy from the C-suite for realization of the expected business goals and mission outcomes.


4 things I learned from a career in tech startups
Umang Gupta is the former CEO of Keynote, which was recently acquired by Thoma Bravo LLC.Nothing in my childhood would have suggested that I’d grow up to be a Silicon Valley entrepreneur. In fact, the opposite was more likely. ... "With Keynote, I made sure from the beginning to recognize that my job, like any parent, was to give the company its roots and wings, and like any parent when the job was done, I would have to separate my own life from the company’s life. Today, Keynote is a solid, stable company that is a leader in its space, but still has a long way to go before it will have fulfilled its potential."


Building Applications With Hadoop
When building applications using Hadoop, it is common to have input data from various sources coming in various formats. In his presentation, “New Tools for Building Applications on Apache Hadoop”, Eli Collins, tech lead for Cloudera’s Platform Team overviews how to build better products with Hadoop and various tools that can help, such as Apache Avro, Apache Crunch, Cloudera ML and the Cloudera Development Kit.


What Dropbox for Business has to offer admins and users
Administrators with security concerns about Dropbox (and its well-publicized security breaches of the past) can sleep a little easier knowing that Dropbox has also taken some steps to secure data. It now encrypts all stored files using 256-bit Advanced Encryption Standard protection and uses the Secure Sockets Layer protocol to provide a secure tunnel for transferring data. Administrators can take advantage of third-party tools to provide additional encryption, and Dropbox continues to support a two-step verification process beyond just passwords.


How to Hire a Data Scientist
Given the relative newness of the role, many experienced data scientists and value architects come from an experience-based rather than trained background. Because their skills will be aligned to their experience, it is important to plan for targeted training and development. Someone who is a great culture fit, analytical capabilities, and value measurement knowledge but lacks certain programming skills may need to get skilled up in-house. Being prepared to accept someone that doesn’t have every skill needed (supported by an appropriate training program) is a pragmatic approach.


An Integrated Implementation of ISO 31000
ISO 31000 has left open the problem of implementations. That is, ISO 31000 is in large normative in nature. For instances, ISO 31000 describes a generic process to manage risks, but it does not describe how to establish the organizational devices so that the process can be executed; it describes a risk management framework, but it does not explain the dynamics between the risk management process and the framework; it lists several principles reflected in effective risk management, but it does not describe how to realize the principles in implementations


How to use Workshops to Boost Creativity, Team Commitment and Motivation
To be creative, participants have to feel comfortable both with themselves and with the group. They need to know that their ideas will be accepted in the group, and that everyone's opinions count equally. They need to feel welcome in the group and comfortable with the facilitator. Experienced workshop facilitators make a conscious effort to help the participants feel safe, and set the tone that maximizes motivation and creativity in the group.


Quote for the day:

 "Regardless of the changes in technology, the market for well-crafted messages will always have an audience." -- Steve Burnett
Posted by at No comments:
Labels: , , , , , , , , , , , , ,

February 01, 2014

With regard to protecting your own end-user privacy agreements, the first question to ask is: "Have my developers read our privacy policy and do they even know it exists?" Legal counsel, in consultation with marketing and other business functions, typically drafts privacy agreements. The contents of the agreements are often not explicitly communicated to the teams building the systems that handle data with privacy implications.


Insights and Trends: Current Project Portfolio Management Adoption Practices
Another interesting fact that came from the survey was that 76 percent of the respondents still use homegrown spreadsheets internally to manage projects in some capacity. Since 55 percent of respondents have more than 1,000 employees, this can easily lead to PPM data integrity issues and ponderously slow feedback loops. Definitely not a path that enables firms to pivot with rapidly changing business conditions. Moreover, from our experience this manual approach significantly impacts project performance.


Getting Real Value from BI Investments
Now things are different. Database technologies, “big data” storage, in-memory analytics, and the ability to leverage multiple types of data expand the value proposition of what business intelligence has to offer. The challenge becomes understanding the options that are available and making sure that the right choices are made within organizations that not only reflect current needs, but that can also support future needs.


After NSA Backdoors, Security Experts Leave RSA for a Conference They Can Trust
The allegation of the $10 million RSA/NSA deal compounded with leaks earlier in the year about NSA’s efforts to sabotage global cryptography has lead some speakers to withdraw from the 2014 RSA Conference in San Francisco, which attracts some 25,000 attendees each year. Nine speakers have canceled their coveted slots and many have chosen to speak instead at TrustyCon, an alternative conference started this year to provide a platform for speakers who protest RSA and NSA's long-standing collaboration.


Transact-SQL Named 'Programming Language of the Year' for 2013
This "award" further emphasizes the importance of competency in SQL. I earlier wrote about how SQL gurus and other database-related programmers enjoyed excellent job security and how SQL Server developers were in high demand. That's the good news. The bad news, according to TIOBE, "It is a bit strange that Transact-SQL wins the award because its major application field, Microsoft's database engine SQL Server, is losing popularity. The general conclusion is that Transact-SQL won because actually not much happened in 2013."


2014 Developer Opportunities and Challenges, Part II: UX Skills Gap, Crowdsourcing
It's an old problem, he said, but a new opportunity. "UX is one of the big things to get your arms around in 2014," he said. "It presents a great opportunity to outpace your competitors if you do, especially if you recognize that it isn't just important for consumers using your mobile app, it's also important to the productivity and satisfaction of your internal employees." Another opportunity Knipp sees ahead for developers comes from what might for many be an unexpected place: crowdsourcing and hackathons.


How developers could have avoided HealthCare.gov technical problems
As we all know, fixing hundreds of bugs right before a release can have a crippling effect on software and is guaranteed to create additional bugs that will not be caught in the final testing phases. That is, unless you have seasoned testers who know how to expand upon the documented test cases during the final integration testing. Unfortunately, the testers for the October release involved 200-300 government and insurance employees who tested only a few days before launch.


Taking Advantage of the Kinder, Gentler Takeover
This Darwinian scenario benefits both rivals and shareholders. In contrast to the widely held argument—which has been cited frequently in opposition to the rumored Sprint–T-Mobile deal—that mergers have collusive, anti-competitive effects on an industry, most of the evidence suggests that competing firms “learn from the productive efficiency driving the merger, possibly putting some rivals in play for a later date,” the author writes.


Tor-enabled malware stole credit card data from dozens of retailers
Most of the affected retailers are based in the U.S., but PoS infections with this malware were also detected in 10 other countries, including Russia, Canada and Australia, the RSA researchers said Thursday in a blog post. "At this time our research indicates that 119 PoS terminals within 45 unique retailers show evidence of being infected with the ChewBacca malware," said Uri Fleyder, manager of the Cybercrime Research Lab at RSA, via email. Thirty-two of the affected retailers are based in the U.S., he said.


What is the Board’s Role in Strategy and Strategy Execution? Post 1 of 3
It’s a pretty simple two-part argument: What’s the spend on Strategy Execution? What if it’s $5M or $55M? Given that failure rates on strategic initiatives range from 44-70% (see “Time to kill the 70% phantom failure rate”), there is $2.2M - $38.5M directly at risk; and Perhaps even more importantly, does realization of those strategies materially affect the future of the organization? In combination, surely these are equivalent to any of the board’s other responsibilities.


Quote for the day:

 "I have been up against tough competition all my life. I wouldn't know how to get along without it." -- Walt Disney
Posted by at No comments:
Labels: , , , , , , , , , , , ,

January 31, 2014

How Geospatial Data Can Enrich Your Customer Experience and Drive Revenue
Geospatial analysis offers many possibilities for organisations. It can be used to show social media activity on a map during an environmental crisis. Mapping tweets, posts or blogs to a certain location can help relief workers know where they have to be. For example, during Hurricane Irene, which struck the American East Coast in 2011, many of such tools where used to gain a better picture of the damage that had been done by the hurricane.


The Future of Personal Entertainment, In Your Face
So what makes the Glyph special? Avegant says it’s the headset’s image projection method, which reflects light onto each retina through a series of lenses and tiny mirrors and makes for sharper, easier-to-watch images than using a screen, as many competing products like Oculus Rift do. Its ability to mimic depth certainly makes it particularly good at showing natural-looking 3-D content.


Rise of Open Source Technologies in Middle East
Open source customization is one of the trendiest technologies, these days in order to bring up the imagination and unique ideas into real action. Open source technology is one such software and IT related technology which has changed the course of business and industry over there in Middle East and the biggest nation getting influenced from this is Dubai. Open source consultants Dubai have become the one of the greatest hub around the world today to look for quality assured yet highly pocket friendly open source services.


Why Line of Business Managers Hate IT (and How ITaaS Can Change That)
To this day, in many companies, there is a rift between IT and LoB departments. It starts with physical separation. When they’re not working from home, LoB employees work in cubicles or (more recently) shared open spaces geared toward collaboration. When they’re not working at home, IT employees are likely to dwell in the basement or other windowless location, behind locked doors. Such physical separation leaves little opportunity for spontaneous cross-departmental discussion.


Winning the Talent Game: How Gamification Is Impacting Business and HR
Gamification applications are most effective when they are customized to various industries and their specific needs. For example, some firms leverage their employee base by creating recruitment “ambassadors” and lead generators by conducting gamified events across campuses. This achieves all the benefits of crowdsourcing as well as creates an effective brand for the organization. Gamified new hire programs are personalized, engaging and often convey a creativity within an organization.


What You Really Need to Know about Artificial Intelligence
For those who started their careers in AI and left in disillusionment (Andrew Ng confessed to this, yet jumped back in) or data scientists today, the consensus is often that artificial intelligence is just a new fancy marketing term for good old predictive analytics. They point to the reality of Apple’s Siri to listen and respond to requests as adequate but more often frustrating. Or, IBM Watson’s win on Jeopardy as data loading and brute force programming. Their perspective, real value is the pragmatic logic of the predictive analytics we have.


The Why, How, and Where of moving to the Cloud
Once you have answered the “Why” and “How” of your Cloud journey you will have a fair idea of where the organization is. For any successful journey, it is important to know the starting point and destination in order to develop a path that considers all factors before embarking on the journey. It also helps you in other important decisions that you will need to make along the way to ensure that you have considered all of the factors and are on track with where the organization is heading. Here are a few pointers to ensure that you are on track to taking the organization in the right direction with the transition to the Cloud.


A Virtual Bill of Rights is Needed to Guard Our Data
Chances are that all such attempts to legislate will be superseded as new forms of information gathering and analysis develop. One only has to look at the number of cameras being installed on next-generation cars, or the fears around utilities using smart grids to switch off energy without the home-owner's consent, to appreciate some of the difficulties which lie ahead. The debate becomes even more complex when metadata (data about data, such as phone call records), data aggregation and anonymising are taken into consideration.


Delegated Authority: An Agile Trust Experiment
For my part, just the act of thinking about what is important to me allows me to let go of some areas of responsibility that I might otherwise have gripped tightly. As issues come up, I am constantly thinking about this contract and my role in the decision-making process. For the team, they recognized that this is a living document. They're already thinking about ways to improve or change it. Before this experiment, we had individuals named as technical leads for our different technologies.


Federal IT Procurement Reform Proposed
Obama administration officials argue that efforts to reform federal IT management, through the administration's "Cloud First" initiative and PortfolioStat IT investment review process have already saved billions of dollars and improved the way agencies acquire and manage commodity hardware and software. They also point to efforts, such as the President's Open Data initiatives, that are making government data more transparent and accessible, and meeting with experts to capitalize on IT innovations.


Quote for the day:

 "Success is the prize for those who stand true to their ideas!" -- Josh S. Hinds
Posted by at No comments:
Labels: , , , , , , , , , ,

January 30, 2014

The real measure of Agile success
Another factor spreading Agile practices beyond software development is the movement of millennial generation employees into the work place, said Diana Larsen, a partner at Agile consultancy FutureWorks, in Portland, OR. "They are a lot more comfortable working collaboratively." As a result, many Agile practices come naturally to them. "They want to check in on a daily basis and get feedback early," she said.


Mass e-surveillance project set for launch
The Centre’s highly advanced telecom and Internet surveillance project — the Central Monitoring System (CMS) — is in its final stage of deployment. Yet, there has been no word on the legal and procedural framework under which the country’s security agencies can track phone calls, voice over Internet protocol (VoIP) and e-mails in real time. In seven of the 11 states covered in the first phase, the Centre for Development of Telematics (C-DoT) — a government agency — has already installed the equipment for this massive snooping programme


IBM's suggestions for mid-market cloud security
Since cloud computing is based upon today's complex IT infrastructure it would be very wise to make sure company business and IT decision makers are speaking with one voice and thinking with one mindbefore contracts are signed and the company begins using a cloud computing solution. Decision makers who don't understand this technology should not be making purchasing and implementation decisions without the help of those who do.


IT services firm ITC Infotech on data analytics in retail
One of the biggest challenges that retailers will face in 2014 is the fear of losing their customers, as well as winning new ones, in a very competitive business environment. To address these challenges more and more companies will make aggressive investments in technology to gather intelligence about the buying trends and experiences of their customers. The most exciting area of growth is expected to be the use of data analytics as companies try to understand real time consumer buying patterns and behaviours.


Cyber security quest strong in UK, says Isaca
“It has provided an opportunity for information security professionals to engage with their organisations about the implications of data leaks and how to do proper risk assessments,” he said. It has also raised fresh questions about what the role of chief information security officers (CISOs) should entail, where they should sit in an organisation, and how they should be relevant to an organisation. “One of the interesting things that some UK organisations are already doing is ensuring that the CISO role is not just a senior role, but moving forward from being reactive to being proactive,” said Stroud.


Sync Your Files without Trusting the Cloud
Klinker says Bittorrent Sync shows how popular applications of the Internet can be designed in a way that gives people control of their own data, despite prevailing trends. “Pick any app on the Web today, it could be Twitter, e-mail, search, and it has been developed in a very centralized way—those businesses are built around centralizing information on their servers,” he says. “I’m trying to put more power in the hands of the end user and less in the hands of these companies and other centralizing authorities.”


Data Governance: A Critical Starting Point in Addressing the Challenges of UDI Compliance
Data governance provides a structured approach to managing changes to core, shared business data. Without a governance program in place, the organization runs the risk that the changes initiated during the course of UDI compliance will negatively impact the quality, accuracy, usability or availability of the data used by the rest of the organization. Conversely, a solid governance program can facilitate the data, process and application changes needed to comply with unique device identification. It can also accelerate an existing UDI initiative.


Flash your way to better VMware performance
By consolidating server-side flash into a single shared flash cluster, PernixData FVP leverages many small flash investments into a large I/O improvement. Installation is quick and easy, and it doesn't even require a reboot of the hosts. PernixData FVP comes in SMB and Standard versions. The SMB version is $9,999 for up to four hosts and 100 VMs. The standard edition is $7,500 per host with no restrictions on the number of hosts or virtual machines.


Storage Innovations Bring Unparalleled Capacity Opportunities
Most recently, hard drive manufacturers have turned to helium to help continue to improve storage economics. Until recently, hard drives all had regular, everyday air inside the enclosure. Today, some hard drives are actually filled with helium, which is much lighter than air. As a result, as the disk spins and the heads are dragged through the enclosure, there is much less drag, which can mean better performance.


Software process: Guiding principles in a perfect world
Wilson offered his thoughts on the role of testers in a DevOps-oriented organization. But what emerged from our discussion was a broader, big-picture view of how the software development process should work—or could work if organizations were willing to rethink it and make needed changes. Here are my guiding principles for improving the software development process in 2014, based on ideas shared by Compuware's Wilson.


Quote for the day:

 "What gets measured gets done. If you don't measure morale, you wind up taking it for granted." -- Jack Stack
Posted by at No comments:
Labels: , , , , , , , , , , , , ,

January 29, 2014

VPN bypass vulnerability affects Android Jelly Bean and KitKat
A malicious app can exploit the newly identified Android vulnerability to bypass an active VPN connection and route all data communications from the device to a network address controlled by an attacker, the Ben-Gurion University researchers said Monday in a blog post. "These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure."


Crafting a data lifecycle management strategy to control capacity
As with data being classified, ILM also requires storage to be classified. Storage arrays offering specialty features such as fast access or slower access but low cost per-GB, or that offer special data protection services such as mirroring, replication or continuous data protection, can be given their own target classification, thereby providing discrete destinations for data writes and data moves.


When Design Best Practices Become Performance Worst Practices
It conforms to known design and usability best practices, and your testers loved it in the lab. You push the design to your live site and the results are … well, a little disappointing. Not terrible, but your conversion rate hasn’t made the leap you expected. Why? You’ve done everything by the book, but perhaps the book is missing a chapter or two. Chances are, you’ve accidentally made one of three common design mistakes, and these mistakes have affected how your pages load, which ultimately hurts page views, bounce rate, conversions, and pretty much every business metric you care about.


India Ranked 7th in Attacks by Trojans in Banking
The Internet among many things has made our daily activities very convenient, especially when it is percolated to mobile devices. Among other activities consumers now prefer ‘armchair banking’ where banking transactions are carried out easily. However, attackers who are financially motivated, target these online banking services and financial institutions by leveraging advanced Trojans to commit large scale financial fraud.


Leading by Taking a Step Back
We aspire to do more, dream more, learn more, and become more, and for better or worse, the traditional wisdom has been that we need to accomplish more in order to get more. But for many, experience, trial and error says differently. We pile on more projects, goals and objectives and lose sight of the one unifying vision that defines us as a company and as leaders. So how can leaders learn to step back and only move forward by putting one foot in front of the other at a time? How do we avoid becoming task managers and get back to being leaders? When everyone is “leaning in” to get ahead, does it make sense to “lean out” for a change?


Big Data's Opportunity for Information Optimization
Businesses are always looking for ways to grow and to streamline their operations. These two goals can come into conflict because as organizations become larger it becomes more complicated to be agile and efficient. To help them understand and modify their processes, businesses can derive insights from analytics applied to their data. Today that data is available not only in the enterprise and cloud computing environments but also from the Internet. To collect, process and analyze it all is a challenge, one that an increasing number of organizations are meeting through the use of big data technologies.


BYOD and the Internet of Things bring unique challenges for hospital CIOs
Both of these trends offer special security and interoperability challenges for hospitals. Developers are still working on how to merge this data with the various electronic medical records (EMRs) in use, but that’s the easy part. Data security is the more difficult issue. Not only do you need to ensure that unauthorized people do not access the network via any of these devices, you need to ensure security in transmission of the data. Again, this is a scenario that would (or at least should) create a high level of concern for any CIO.


Executives debate need for the CIO title
When it comes to appointing an organization's IT strategy leader, how important is it to dub that person the CIO? In the absence of a CIO title, does the title of IT director carry the same weight? Technology experts debated these questions and more during the recent "CEO/CIO Marriage Proposal" panel at the American Society of Association Executives (ASAE) Technology Conference in Washington, D.C.


Kanban’s service orientation agenda
Service orientation with Kanban starts with viewing the organization through the Kanban “lens” of service delivery, work flow and knowledge discovery. Typically, this begins with the identification of customer needs, expectations and frustrations, matched to the corresponding capabilities and frustrations of internal systems. The tools of the sustainability agenda (visualization, WIP controls, feedback loops, and so on) are then applied with a deliberate end-to-end emphasis, extending to the customer both upstream and downstream.


Get Ready, It's the Year for Big Data Heists
These security breaches were all different but had a common cause: negligence. Although the technology and techniques to protect data, or at least to make life more difficult for hackers, have been around for years, companies and their customers mostly assumed that data theft was something that happened to other people. They need to start getting wise. The U.S. retail attacks are part of a recent trend, reported by the cybersecurity firm CrowdStrike, in which the hackers (or "adversaries," as the company describes them) target point-of-sale devices in which physical credit cards are swiped.


Quote for the day:

 "An inventor is simply a fellow who doesn't take his education too seriously" -- C. Kettering
Posted by at No comments:
Labels: , , , , , , , , , , , ,

January 28, 2014

The Internet of Things might not be what you're hoping for
The problem that we now face is that the internet into which IoT is being born is philosophically very different to the internet into which the web was born. The internet of twenty-plus years ago and prior was a place of free love and open standards. It all came from academia where commercial pressures were low. As we moved into the era where internet connectivity onto PCs was the norm -- I usually take this to be related to the introduction of Windows 95 -- what we as a society has done with the internet has had an uneasy relationship with this "free love", uncommercial philosophy.


Measuring the Impact of Social, Economic, and Technological Factors on Cybersecurity
Interestingly, the model found a paradox that stems from the modernization of information and communications technology. While increased Internet access and more mature technological development is correlated with improvement in cybersecurity at the global level, it has the opposite effect among countries with developing economies and lower levels of technological development. For example, as Broadband Penetration increases, Maximizers (countries that are more technologically mature) experience a decrease in malware, while Seeker countries (that are less technologically mature) experience an increase in malware.


Data-driven troubles
"Some time ago the company I work in decided to change one system with another. We wrote the new system and it was time for testing. In general at the first stage the new system must do the same things as the old one. We had a lot of tests for old system, so we decided to reuse these tests. The point was that the same test should be executed for both systems."


How and why to check port 32764 on your router
There are roughly 64,000 ports that are not tested by ShieldsUP. One of them is 32764. On a LAN, testing all 65,535 ports is a more do-able thing. Recently Eloi Vanderbecken did just that on his home network and turned up something interesting. His Linksys WAG 200G router responded to the virtual knock on the front door for port 32,764. The port was open and the router itself (not a computer on his LAN) was processing data sent to it.


Service Complexity And the Perils of Productization
Complexity can be a good thing. But when it comes to servicing customers, it is generally accepted that complexity reduces satisfaction. In other words, the proliferation of products in many service-based organizations prevents them from staying true to who they are—a service company. Service vision becomes clouded and the overall strategy is no longer clear to employees or customers. Modern banks simply have too many products and services for front-line staff to understand and properly explain to a customer.


Cisco aims to be cloud connector in hybrid data centers
Strategically, InterCloud may be the most interesting item for Cisco. If successful, InterCloud puts Cisco in the middle of the network and cloud connections on a software basis. Licensing models are still being worked out. If Cisco can make InterCloud a dominant software defined networking platform it'll have more licensing revenue and the profit margins that go with it. Meanwhile, InterCloud is designed to work with any server or switch, said Gori. Naturally, there will be more features enabled with Cisco's software and hardware combined.


Security testing basics: QA professionals take the lead
Having test professionals assume some responsibility for security testing basics is important for two reasons. First, application security is a growing concern for all software and test organizations as security breaches continue to make headline news. Second, getting testers involved can help solve a problem that plagues most software development organizations today, said Payne. "Where in the application lifecycle does security testing fit?"


Suspected email hackers for hire charged in four countries
Three other U.S. residents were charged with misdemeanor offenses for hiring email hackers from foreign countries. John Ross Jesensky, 30, of Northridge, Calif., is believed to have paid $21,675 to a Chinese website to get e-mail account passwords. Laith Nona, 31, of Troy, Michigan, and Arthur Drake, 55, of Bronx, N.Y., are suspected to have paid $1,081 and $1,011 respectively for similar services. The five defendants are expected to plead guilty in the coming weeks, the U.S. Attorney's Office said.


Big Data Influences More Long-Term Storage
The pursuit of big data has led to an increase of companies keeping older files they would have previously discarded, confirms Scott Gillespie, expert on regulations and compliance and senior VP of business analysis at Quadron Data Solutions. There is a six-year retention requirement of client account data, he explains. Account records, trades, holdings, profile information, goals and objectives and so on fall into this category. There are three reasons these records, which have historically been discarded with regularity, are now starting to stick around.


Agile with Guts - A pragmatic guide to value-driven development
You want to deliver valuable software with iterative delivery. There might be dozens of stakeholders with dozens of definition of value. How do you ensure you are both “building the right thing” and “building the thing right”? Suppose you are increasing your productivity, you might be building the wrong product faster. This book describes how a large organization uses techniques to focus on the right product and to deeply anchor the idea that less output can deliver more outcomes.


Quote for the day:

 "The supreme quality for leadership is unquestionable integrity." -- Dwight D. Eisenhower
Posted by at No comments:
Labels: , , , , , , , , , ,

January 27, 2014

NSA surveillance revelations could lead to data collection policy
What one hopes it won't do is impede innovation. Sure, the data collection we see every day in things like targeted coupons and targeted advertisements can have a rather high creepiness quotient. But there's much good that big data collection can do. Examples abound -- from analyzing Tweets to understand smoking habits to collecting meter data to optimize the grid to improving automation. That's as long as the analytics end of the equations are sound.


The ROI of Data Governance
Many organizations have found success by “thinking globally and acting locally.” Sometimes referred to as guerilla governance, this may not be the fast path, but is likely the pragmatic path to enterprise data governance. This is not a shortcut – there’s no substitute for the broad-based communication, collaboration, coordination, executive sponsorship and investment required to obtain sustainable governance. It’s merely a way to align with the principles and practices of data governance and obtain some small, quick wins cheaply to build the evidence and confidence required to support greater investment.


Would NFC smartphones have helped at Target?
The answer is complicated and political, primarily because there are questions over who is liable for a data breach -- the retailers or the financial institutions and their associated card processing companies such as Visa and MasterCard. It is also expensive to install point-of-sale (POS) terminals in millions of retail locations and at ATMs that can read chips on the newer contactless cards, as well an NFC signal from a smartphone. It also doesn't help that Apple hasn't included NFC chips in its popular iPhones. "Apple's refusal to integrate NFC functionality is a blatant roadblock, there's no other way to put it,"


Hands-on with Knoppix Linux 7.2.0: A well-established and very stable Linux distribution
Over the years, Knoppix has evolved and expanded. In about 2005 a Live DVD version was added, with loads of additional applications, utilities and packages included. Rather than drop the Live CD version, however, both formats have been maintained since then, with the CD version as a "small/fast/easy" alternative, and the DVD version as an "everything including the kitchen sink" alternative. My first use of Knoppix came at SANS training classes, where they were using the Live CD version as a convenient way for course participants to gain access to Linux tools.


Wipro's CEO maps out a future for IT Services firms
The world continues to change rapidly for Indian IT Services firms. Here’s a recent interview with Wipro CEO T.K. Kurien with all the usual stuff about firms in transition, the trauma of effecting change and other such things. However, embedded in there are three observations that give us a glimpse into a brave new world for software services firms.


How Xerox Evolved From Copier Company To Creative Powerhouse
There’s one other thing that’s crucial to getting the best, most innovative work out of Xerox employees. “Having fun is one of the principles I always talk with new hires about,” says Vandebroek. “Unless you have fun, you can’t truly bring your intellect, your skills, and your deep knowledge to push the boundaries of the unknown, to invent and create.” She goes on: “Being innovative to me is being both creative and entrepreneurial. And you can’t be creative and entrepreneurial unless you truly bring your heart to work, and have fun at work. Having fun is really essential. You need to have fun every day.”


As security woes bedevil IT, guess who’ll shoulder more of the load?
So what’s the solution? One increasingly prevalent view is that end-users be enlisted to the cause, first by educating them about safe practices, about corporate security policies and regulations (and the penalties for breaking them) and finally by enforcing those policies. Let’s face it, if you are a knowledge worker, you need to collaborate with others, sometimes contractors, partners outside the firewall — and should have a good idea of who is to be trusted with documents and work product.


Myths and Misconceptions about Transaction Isolation Levels
In every discussed Isolation Level so far, you are also always able to get so-called Phantom Records – records that can appear and disappear in your result set. If you want to get rid of these phantom records, you have to use the Isolation Level Serializable, which is the most restrictive one. In Serializable SQL Server uses a so-called Key Range Locking to eliminate phantom records: you are locking complete ranges of data, so that no other concurrent transactions can insert other records to prevent phantom records.


Fiberlink president talks IBM MobileFirst plans, EMM consolidation
Candidly, what we were not good at was global marketing and global sales. We did not have the scale and we did not spend the money. We could, but we chose not to go that route to just try to buy market share. Over the course of the last couple of years, we continued to get close to IBM in terms of packaging some of their stuff for the laptop side, but also uniquely developing the whole mobile side of the house. It was becoming more and more obvious to us that the market in mobile management still has not found vendor loyalty…


Interview with Ole Jepsen on Leadership in Agile
Good leaders create an environment where self-organizing teams can thrive and create great products and services to delight their customers: that is what Ole Jepsen explained in this interview. At the XP Days Benelux conference he talked about truly leading people and the subtle but important differences between taking and giving control. InfoQ interviewed Ole on leadership in agile, self organizing teams and focusing on people


Quote for the day:

 "You can't improve and still be the same" -- John C. Maxwell
Posted by at No comments:
Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)