April 04, 2014

How Do You Evaluate a Data Scientist?
Good data scientists will not just address business problems; they will pick the right problems that offer the most value to the organisation. It is essential for a data scientist to understand the domains of programming, machine learning, data mining, statistics, and hacking--in the positive sense. These are keys to getting in and grabbing the data one needs.  A good data scientist needs to understand his domain, whether it’s science, engineering or business. He needs to be able to cut through the myths associated with big data.


Seven Steps to Create an Unbeatable Enterprise Mobility Strategy
An enterprise mobility strategy is less about managing mobile devices and more about being an advocate for the business—enabling the business to integrate and deliver new and innovative business services more quickly. It is more about enabling and accelerating new windows of opportunity and efficiencies and less about restricting access and choices, which can have the unintended consequence of slowing business down. Even so, security remains fundamental to making these new and innovative business services possible.


Key Considerations in Establishing a Chief Data Office
Many organizations are setting up centralized data management departments. These departments may be called Enterprise Data Management, Enterprise Information Management or the Chief Data Office. Whatever they are called, these departments are accountable for getting their organizations to treat data as an enterprise asset, they share some common characteristics and they increasingly report into the business rather than IT.


Yorgen Edholm of Accellion, on the Motivation of Passion
You can’t have people who are afraid of making mistakes. In high-tech, there are no templates. And when you have no templates, you can’t think that with the right time and resources, you’ll have a 95 percent chance of success. We can’t have people who approach problems by thinking, “If I can’t guarantee success, it’s going to hurt me.” The idea is not to celebrate mistakes, but to be somewhat tolerant of them. Whenever something unexpected happens in a big company, that’s not a good thing.


Competition from FinTech startups keeps big suppliers on their toes
The large suppliers are even asking Barclays for advice on how to become more agile after the bank launched it mobile service PingIt in just seven months. “We have articulated the model as to how we acted as a startup internally to disrupt ourselves and we’re starting to industrialise that,” said White. “I can count five large technology companies all of the names you would imagine have come to Barclays and have asked how we are doing it,” he said. Alistair Grant, EMEA CIO at Citi has also noticed how startups are keeping the big suppliers on their toes.


Financial firms and social media remain top Phishing targets
Social networks were the top Phishing target in 2013, with nearly 36 percent of the overall volume, which makes sense given that those attacks often have a goal of propagation. If a person's social presence is compromised, then their friends and any associated accounts (especially if they recycle passwords), such as email, are likely to fall too. On the other hand, financially-based Phishing attacks were also popular last year. Kaspersky says that nearly 23 percent of the year's Phishing attacks targeted the financial sector globally.


API testing ensures smooth sailing for SOA enterprises
API testing at the integration level is where the application consuming the service is examined. Various scenarios should be investigated to ensure caching or interpretation issues, for example, don't arise. While manual testing is encouraged, Dan said it's not always a viable method for service and API testing, particularly at the service function level. "A service is something more than a way to process information," Dang said. "A way to process that information is always by some kind of data going in and some sort of response coming back."


Twitter uses code refactoring to reduce risk and improve testing
One risk comes from overly large files. Large files should be broken up into multiple smaller ones when possible. Modifying these smaller files is less risky, said Ornelas, because there is less for a developer to keep in his head when working on them. Other risks relate to the separation of the groups working on the same file. Ornelas said other research has shown that as code is touched by a larger number of groups, the risks can go up. "The more cohesive your organization is with the code base, the better the quality of code," he said. If a lot of different teams are modifying a single file, it probably means something is wrong.


How to keep the rush to cloud from clouding enterprise judgement
In many ways, cloud represents a step backwards from a decade of work to bring applications and systems together within a common, standardized framework. The authors point out that architecture -- service-oriented architecture -- is taking on an even greater urgency as enterprises latch onto "legacy clouds." While not mentioned specifically in the article, many cloud services are now criss-crossing enterprises in spaghetti-like fashion, used and paid for by lines of business outside of IT. There is no doubt plenty of money being spent on services that are either duplicated or going virtually unused.


Interview with Tobias Mayer about the People’s Scrum and AgileLib
The people’s Scrum by Tobias Mayer is a collection of essays based on material written by him between 2005 and 2012. The essays describe agile ideas and practices, examples of the topics covered are self-organizing, team working, craftsmanship, technical debt, estimation, retrospectives, culture and Scrum adoption. InfoQ interviewed Tobias about the importance of people, teams and self organization with Scrum and about AgileLib.net, a new initiative for sharing agile resources.


Quote for the day:

 "There is a difference between knowing the path & walking the path." -- Morpheus
Posted by at No comments:
Labels: , , , , , , , , , , , ,

April 03, 2014

Public Wi-Fi speeds to get a boost from Qualcomm's new antenna technology
On Thursday, Qualcomm announced radios for network equipment that can send three or four data streams as well as chipsets for mobile devices and consumer electronics with up to two streams. The number of streams decides the maximum theoretical speed, and two streams are capable of transmitting more than 600Mbps (bits per second), Qualcomm said. A version of MU-MIMO that can receive one stream is already integrated with Qualcomm's Snapdragon 801 processor, which powers smartphones including the HTC One M8, Samsung's Galaxy S5 and the Z2 from Sony.


5 Steps to Choosing a Gamification Platform
When valued customer visiting cards and buy-9-get-1-free engagement techniques are not enough anymore, many business owners are at a loss how to grow and develop their loyalty programs or engage their long-time employees. Gamification platforms are developed by companies specializing in user engagement. They can make the life of a non tech-savvy owner much easier by centralizing and organizing all engagement efforts. However, new engagement solutions seem to be popping up every day.


White House-MIT Big Data Privacy Workshop – Top Researcher Reports
Due to the massive scale of Big Data, previously top-down solutions for security, e.g., anticipating and preventing security breaches, will simply not scale to Big Data. They must be augmented with new approaches including bottom-up solutions such as Stonebraker’s logging to detect and stem previously unanticipated security breeches and Weitzner’s accountable systems. “Big data” has rendered obsolete the current approach to protecting privacy and civil liberties[1]. Hence, Big Data requires a shift from a focus on top-down methods of controlling data generation and collection to data usage.


Emergent Leadership Topples the Pyramid
Anyone who has been a member of a high performing team knows that leadership flows among team members, depending on who has the needed skills, knowledge or attitude in the moment, and that at various times each team member significantly influences the team. A team that is dependent on one person will never fulfill its full potential. Over the years, I have asked hundreds of people to list the top five qualities of a high performance team, and “shared leadership” is always on the list. Perhaps you agree emergent leadership can work for a team, but think it’s not possible for a complex organization. Actually, the idea of a non-hierarchical company is not far-fetched at all.


Top Trends in Cloud Innovation
Most of the providers today only do a piece of the needed puzzle – just SFA or just HR. And most only offer cloud, so using them requires a “rip and replace” approach. At SAP we realize that most companies have existing software assets that are working well for them. Hybrid solutions will be the norm, and we’re perfectly situated to take advantage of that trend. It’s just one of the reasons our cloud solutions have been growing at more than 160% year over year.


How Boeing is using the cloud
This week at Interop, Boeing’s chief cloud strategist, David Nelson, outlined a couple of ways the aircraft manufacturer is not only using the public cloud, but combining that that with on-premises virtualized workloads to create a hybrid environment. The results are applications that Nelson says run more efficiently, are less expensive and serve the needs of Boeing better than if the company had done it all in-house. Nelson first described an application the company has developed that tracks all of the flight paths that planes take around the world. Boeing’s sales staff uses it to help sell aircraft showing how a newer, faster one could improve operations.


How Employee Engagement Can Improve a Hospital's Health
For healthcare providers and their employees, ongoing uncertainty can lower employee engagement, which in turn can have a negative effect on organizational success and patient care. Research by Gallup and Loma Linda University Medical Center shows that employee engagement and employee safety work together to enhance patient safety. When healthcare employees work in a safe environment and are engaged, the chances are much greater that they will perform activities that are known drivers of patient safety outcomes better.


Medical Software Brings Intuitive Interface To Health Records
Understanding the importance of the user interface was one of the things Cane learned at his previous company, Blackboard, which he co-founded in the late 1990s. Blackboard became one of the leading e-learning and education technology companies. Cane left in 2009 after moving back to Florida, where he had grown up. While he was between ventures, his wife told him he needed to take time to get a thorough physical, which in turn led to a referral for a skin check. That was how he met his co-founder, dermatologist Michael Sherling.


Enterprise cloud outlook: Inevitably hybrid, surprisingly agile and (eventually) cheap
For all its promise and potential, the cloud still remains a relatively immature market. Major players such as Google and Amazon have both slashed on-demand prices in the past couple weeks as infrastructure providers race to lock down top-tier enterprise customers through a variety of pricing and service options. This sorting out of the how and the how much is exactly the kind of thing that keeps some CIOs on the sidelines. "The cloud will be way, way cheaper than on-premise within five years or so," said Amr Awadallah, Cloudera's chief technology officer. "There's no doubt that this will be much cheaper in the future, but it's still not cheaper today."


Are Enterprises Leveraging M2M Technology?
Are enterprises willing to go the IoE way? What would be the requirement for enterprises to adopt IoE? Does t make sense for enterprises to bank on the new technology trend? The list goes on. We spoke to IT heads to understand how they are planning to exploit the technology in coming days. Subhamoy Chakraborti, General Manager – IT, Magma Fincorp , says, “We are definitely looking forward to adopt IoE. We have around 280 branches and most of our assets are managed manually. There is a lot of scope in our organization. We are looking forward to automation in a big way. In the future, we plan to embrace machine to machine communication for our field work as well.”


Are You Dutiful or a Disruptor? Career Advice for the Innovator in All of Us
The greatest innovations are inherently disruptive and the sub-trait of disrupting underlies all of the discovery skills. In a Forbes piece, “Disruption vs. Innovation: What’s the difference?” author Caroline Howard wrote, “Innovation and disruption are similar in that they are both makers and builders. Disruption takes a left turn by literally uprooting and changing how we think, behave, do business, learn and go about our day-to-day.”


Quote for the day:

 "The first responsibility of a leader is to define reality. The last is to say thank you. In between, the leader is a servant." — -- Max DePree
Posted by at No comments:
Labels: , , , , , , , , , , ,

April 02, 2014

GRC regulations force cloud services providers and customers to adapt
"With increased legislation around data privacy, the rising threat of cybertheft and the simple requirement to be able to access your data when you need it, organizations need to know precisely to what extent they rely on cloud storage and computing," Durbin said. Compliance regulations, for example, often have very specific requirements for what data needs to be stored, and where. Emerging privacy rules require certain data management processes. And of course, rapidly advancing cyberthreats from a variety of sources require cutting-edge information security tools.


Dell's new research division wants computers to detect your mood
The mood experiments are among others underway at Dell Research that stretch across four broad areas: security, data insights, mobility and the Internet of Things, and cloud and modern data centers, according to Jai Menon, a vice president and Dell's chief research officer. Dell's focus on moods and emotions will use a person's brain waves combined with heart rate, pulse or other body functions in hopes of detecting when a person is happy, sad, anxious, fearful or has other feelings, Menon said in an interview.


Microservers: What you need to know
Microservers are a new category of system designed to shine when carrying out these well-defined computing workloads. The need for microservers has in part been fuelled by the growth of the web and online services. That's because the demands that serving this kind of content place on a system — the CPU load and I/O required to deliver static elements for a web page, for example — is predictable. The quantifiable nature of these workloads allows microserver circuitry to be pared back to what's needed to execute these tasks.


CIOs: It’s time to prepare for bring your own smart machine
According to Gartner Inc. analyst Tom Austin, there are three classes of smart machines: The doers, the movers and the sage. It’s that last category CIOs will need to pay attention to, which includes both virtual personal assistants and smart advisors, such as IBM’s Watson. Virtual personal assistants will learn what you do, who you work with and what you’re working on. Smart advisors, on the other hand, are subject-matter experts that will, say, help a doctor recommend medical treatment. Both are poised to push their way into the enterprise in the next two years, according to Austin.


Why CIOs Should Look Outside for Data Expertise
Predictive scores include fraud scores (who is trying to scam us?), churn scores (who is most likely to cancel?), social influencer scores (which customers affect peers' behavior?), wealth scores (what is the predictive buying power of my consumers?), shopper scores (who are discount shoppers vs. full price?), and recommendation scores (which offers should be sent to which consumers?). At the council meeting, Barbara Wixom, an expert in business intelligence at MIT's Center for Information Systems Research, offered other examples of companies getting data and analytics from external providers--either while they build their internal capacity or in lieu of doing so.


SQL Server Execution Plans, Second Edition
An execution plan describes what's going on behind the scenes when SQL Server executes a query. It shows how the query optimizer joined the data from the various tables defined in the query, which indexes it used, if any, how it performed any aggregations or sorting, and much more. It also estimates the cost of all of these operations, in terms of the relative load placed on the system. ... Grant Fritchey is a SQL Server MVP with over 20 years' experience in IT including time spent in support, development, and database administration.


Google seeks Supreme Court review of Wi-Fi packet sniffing ruling
Google in its appeal to the Supreme Court does not, however, accept that the collection of the data was illegal, pointing out that the U.S. Department of Justice, Federal Trade Commission and the Federal Communications Commission declined to take enforcement action after investigating Google, including for possible violations under the Wiretap Act. The company said in its appeal that an adverse ruling could in fact hurt security professionals who routinely use the same kind of technology as Google's Street View cars did to collect packet data in order to secure company networks.


A CTO reflects on VDI implementation trials and errors
The promise is compelling. As a result, I have experimented with virtual desktop infrastructure (VDI). Sometimes, my experiments succeeded. Other times, they never advanced beyond experimentation. What was the difference? As I reflect back on my VDI implementation successes and failures, this is what I have learned: The business case is exciting but ambiguous. There are hard dollar costs and benefits but those are sometimes dwarfed by the more nebulous costs, benefits and considerations.


CFOs could be technology evangelists, if they took the plunge
There is a weight of expectation on the chief financial officer (CFO) of most organisations, and that they should be in the front line of driving changes in the structure of IT. The problem is that only about a fifth are actually doing it. That's one of the conclusion of a new report into the changing role of the CFO compiled by Oracle and Accenture. The report found that some two thirds (65 percent) of C-suite executives in large organisations believe that CFOs should be "strong evangelists for the transformation potential of technology".


eXtreme Programming The Methodology
The biggest advantage the customer liked about eXtreme Programming in this case was the flexibility to change the prioritization and stories within the Iteration. Scrum for the most is in-flexible on this front. By letting the customer have the flexibility greatly reduced their stress from planning the perfect iteration. From the team’s perspective, the biggest advantage was the reduction of time for planning. Again, in Scrum, the planning meetings can go for an entire day if you are planning a four week iteration. But, since the iterations in Extreme Programming are much shorter and flexible, the planning is fairly quick – less than 45 minutes in this case.


Quote for the day:

 "The greater the artist, the greater the doubt. Perfect confidence is granted to the less talented as a consolation prize." -- Robert Hughes
Posted by at No comments:
Labels: , , , , , , , , , , ,

April 01, 2014

Enterprises haven't been entirely asleep at the wheel. We've gradually adopted more agile methodologies, service-oriented architectures, shared services organizations, virtualization,DevOps and other updates to the IT craft. But rarely have enterprises put them together in a coordinated way that reflects how enormously the demands on IT and the product capabilities have changed. In contrast, go into shops that already operate at hyperscale -- say a cloud or high-performance computing shop -- and you'll see many of those techniques in use. They are agile, service-oriented, virtualized, and DevOps personified.


Microsoft to highlight its 'One Windows' progress at Build 2014
At the developer confab this week, officials are expected to disclose fully the feature sets of the Windows Phone 8.1 and Windows 8 Update 1 operating systems. They also, according to sources, will share a bit about the next major version of Windows -- Windows 9, codenamed "Threshold," aka Windows 9, which is supposedly due to arrive in the spring of 2015. Few expect Microsoft to unveil the full feature list or even the target arrival date for Windows 9 at Build 2014. Instead, Microsoft officials are likely to discuss at a high level the company's goal to create a new Windows 9 SKU that would run on Windows Phones, ARM-based Windows tablets/PCs, phablets and other kinds of devices.


CryptoDefense ransomware leaves decryption key accessible
"Due to the attacker's poor implementation of the cryptographic functionality they have quite literally left their hostages with a key to escape," Symantec wrote. The decryption key may have been left under the door mat, but it's doubtful an average user infected with CryptoDefense would have the technical skills to figure it out. CryptoDefense has been seen sent out in spam messages, masquerading as a PDF document. If a user installs it, the malware tries to communicate with four domains and uploads a profile of the infected machine, Symantec wrote.


Cloud Security Solutions for Hybrid Clouds
Recent cloud security advancements present an innovative approach to the key management issue using technologies such as split-key encryption. Going back to the banker metaphor, with split-key encryption, the encryption key is split in half, allowing the customer to maintain control of the encryption key while, at the same time, host its most sensitive data in the cloud. Such technologies are enabling secure migration to the cloud and support hybrid use cases such as RaaS.


Sustainability a CFO Can Love
The benefits of looking for momentum and finding a way to add to it are undeniable. If you push something in the direction it is already going, you will accomplish much more with each unit of energy. That is the guiding philosophy behind the process described below, which may not be unique to us. The sustainability activities of some of the companies we admire most seem to reflect similar thinking. These companies have found ways to apply their direction, strengths, and acumen to accelerate positive change.


6 Changes and Challenges in Transactional Banking Today!
Transaction banking as a global business has largely remained under-leveraged though it was one of the most resilient businesses during financial crisis despite plunging trade volumes. Despite shrinking margins, significant revenue growth of approximately 170 percent or a compounded annual growth rate of roughly 11 percent is expected from 2011 to 2021 (Source: BCG, Transaction Banking advantage, 2012). With right focus, proper positioning and alignment with customer preferences, we believe that transaction banking will continue to deliver value and be a front runner for being the shining and guiding star for banks.


How to build an enterprise private cloud that looks better than AWS
The enterprise's private cloud management and infosec stack lack the automation to stand anything up in that timeframe. The virtual machine might be there in five minutes, but then a week or more goes by for manual infosec and management provisioning. You were vendor-led like a lamb to the slaughterhouse, and your cloud build was butchered. You can neither build a viable private cloud with 15-year-old IT automation suites held together with bailing wire and gum, nor with big-vendor converged infrastructure stacks on prepackaged, partially automated frameworks. If you're still determined to build an internal cloud stack that rivals Amazon, here's what you need to do in five steps:


HP makes fresh software-defined networking push
”Our mission is OpenFlow-enabling that connection point. Then we can say that YouTube shouldn't have quality of service, that's just a best effort service, but the Lync application needs to have QoS, so we can differentiate per application. That's what really gives you the user quality.” To configure OpenFlow SDN on HP devices companies will need to run HP's Virtual Application Networks (VAN) SDN Controller software. VAN allows an administrator to set up rules for managing and orchestrating network traffic flowing over an OpenFlow-enabled network and is compliant with OpenFlow 1.0 and 1.3 protocols.


Cyber security is economic opportunity for the UK, says government
“CERT-UK is going to play an incredibly important role in ensuring that we have that firm, resilient, foundation underpinning our economy. It is crucial,” said Maude. He said the publication of the National Cyber Security Strategy two years ago marked a “ratcheting up” of the seriousness with which the government takes cyber security. “At a time when budgets across government have been cut, we put more money into cyber security - £860m to be precise,” he said.


Edison Invoked in Rare U.S. High Court Look at Software Patents
The case involves the basic question of eligibility for patent protection. Other parts of the Patent Act impose additional requirements, including novelty and usefulness. Alice’s patents are under fire even from companies that say that software generally should be eligible for legal protection. Microsoft, Adobe and Hewlett-Packard Co. filed a brief urging the court to rule against Alice, even while setting a low bar for patent eligibility in other cases. “The patents at issue here are directed to an unpatentable business method combined with an equally abstract directive to perform that method using a computer,” the three companies argued.


Quote for the day:

 "If you have accomplished all that you have planned for yourself, you have not planned enough." -- Meddigo Message
Posted by at No comments:
Labels: , , , , , , , , , ,

March 31, 2014

SmartThings Founder Sees a Limitless Internet of Things
SmartThings builds a hub that connects to a home router and to sensors that can detect states like motion, moisture, temperature, or presence, such as the comings and goings of pets. But more important, it's building an open development platform for independent developers and device makers developing tools for the Internet of Things. For instance, in SmartThings offices, a Sonos wireless speaker suddenly blares with the sound of a barking dog. It sounds very real. A developer created a connection between a door bell and a virtual guard dog that will bark if no one is home.


Reading the Global Threat Intelligence Report (GTIR)
The GTIR was based on threat intelligence and attack data from the NTT Group companies which include Solutionary, NTT Com Security, Dimension Data, NTT Data and support from NTT R&D. The security experts have analyzed approximately three billion worldwide attacks occurred in 2013, the Finance and Technology industries are that most targeted by attackers which used mainly botnet for their offensives. The majority of the vulnerabilities listed in the report are related to patch management, firewall and application settings.


McAfee CSO article stirs up the whitehat infosec community
The article itself may be some kind of link bait – Security Magazine has a wide readership that brings in all types of roles and it asks you to register and give up a bunch of info. (There is a non-registration version here: on PasteBin). That being said, when you consider the title and that the level of reader that would most likely read an article regarding the hiring of ethical hacker would be high level CSO or CISO, it’s quite possible it was written just to find out what decision makers are interested in the topic. Whether this was written by Conran himself or not, his name is still on it and his word is attached to this article.


Ensuring HIPAA Compliance
Any company dealing with protected health information is required by HIPAA to make sure that security measures are in place for every record kept, from physical copies, to network and digital copies. HIPAA also extends to the processing of information, requiring measures to be taken to ensure that even during administration, the privacy of information is maintained. The penalties for violating HIPAA are severe, ranging from $100 to $50,000 per violation, up to maximum of $1,500,000 a year with the threat of criminal charges also present. Not something which you and your business want to get mixed up with.


With a piracy rate of 80 percent, can the tech world convince Africa to buy legitimate software?
"Everybody knows somebody that can get a hold of any software," he says. "In most cases no fees are involved as it usually involves a form of bartering, where software you want is exchanged for software you already have. Established IT shops won't typically sell pirated software off the shelf, but you'll still be able to obtain pirated software from them via interaction with their employees." Coetsee is managing director of Noctranet, a software company specializing in cloud. He says it isn't uncommon for him to find people, even clients, pirating his own software.


Smartphone kill-switch could save consumers $2.6B per year
If a kill-switch led to a sharp reduction in theft of phones -- something supporters argue would happen because stolen phones would lose their resale value if useless -- most of the $580 million spent on replacing stolen phones would be saved. A further $2 billion in savings could be realized by switching to cheaper insurance plans that don't cover theft. Not all consumers would make the switch, but Duckworth said his research suggests at least half would. As part of the report, Duckworth contracted a survey of 1,200 smartphone users in February 2014 by ResearchNow.


How the open transport switch will make operator SDN a reality
Most SDN technology has been developed for Ethernet networks. Generally the control plane and the data plane are disaggregated from the physical network and centralized into a software controller that manages flows all over the network. But optical transport networks often vary in architecture and protocol, making it a big challenge to decouple the control and data planes and apply one kind of controller over the network. To tackle this challenge, a number of vendors are currently developing open transport switches (OTSes) that act as the intermediary between an SDN controller and an optical transport switch.


Business counts cost of cyber attackers’ secret weapon
“Hackers already know about advanced evasion techniques and are using them on a daily basis,” said Ashish Patel, regional director, network security UK & Ireland at McAfee. “What we’re hoping to do is educate businesses so they know what to look for and understand what’s needed to defend against them. Education is absolutely key,” he told Computer Weekly. This will be in the form of roadshows, reports, security summits and client briefings. “The study has shown the real lack of understanding, knowledge and awareness in the community,” said Patel.


Orchestrating Your Delivery Pipelines with Jenkins
Here, we will discuss how to put a number of these recommendations into practice in a concrete setting, namely setting up a delivery pipeline in Jenkins. Many of the steps we will present carry over to other Continuous Integration (CI) and orchestration tools, and there are analogous extensions or core features for many of the plugins we will introduce, too. We are focussing here on Jenkins, however, because it is the most widely-used Continuous Integration server out there. Even if you are using different CI servers or services in your environment, it should be relatively easy to experiment with the steps we will cover in a “sandbox” Jenkins installation, before carrying them over to your own CI environment.


Q&A with Jim Hietala on Security and Healthcare
There’s a plethora of things out there right now that organizations need to be concerned about. Certainly advanced persistent threat, the idea that maybe nation states are trying to attack other nations, is a big deal. It’s a very real threat, and it’s something that we have to think about – looking at the risks we’re facing, exactly what is that adversary and what are they capable of? I think profit-motivated criminals continue to be on everyone’s mind with all the credit card hacks that have just come out. We have to be concerned about cyber criminals who are profit motivated and who are very skilled and determined and obviously there’s a lot at stake there. All of those are very real things in the security world and things we have to defend against.


Quote for the day:

 "When winds of change blows, some build walls while others build windmills." --  Chinese proverb
Posted by at No comments:
Labels: , , , , , , , , , , ,

March 30, 2014

Why Twitter, Facebook, Google and Amazon Want to be Each Other
Speaking of tweets, the use of the word tweet is one of Twitter's charms. Others include endearingly antiquated features like the use of @ replies and hashtags. Suddenly, however, all this is in peril as Twitter appears to be suffering a fit of Facebook-envy. ... Facebook, meanwhile, is suffering from Google envy. While Mark Zuckerberg has been toiling away trying to prevent a general flight from Facebook to smaller social sites by first creating the Poke app to stem the flow to Snapchat and then spending a fortune on Instagram and Whatsapp, he's no doubt looked with envy at all the fun Sergey Brin and Andy Rubin have been having at Google.


Turning Emotion-Based Decisions into Fact-Based Decisions
Today, the human is the bottleneck in the decision-making process. The computer is able to deliver oceans of information on a variety of devices-desktop, tablet, and mobile phones. And that creates a new challenge for us: We must now sift through all this information at our fingertips and decide what is relevant and what isn't for our task at hand. We're no longer searching for information; we're drowning in it. I know that we've been talking about this for a while at TARGIT, but it's never been truer. If we're not careful with how we process that information with our brains, we won't find the courage to act; we'll just be confused.


The Enterprise of Things
The EoT wave will encompass many different device types, some of which haven't even been developed yet. While EoT is not a near-term phenomenon, needing the next three to five years to mature, it nonetheless will impact nearly all corporate systems. If your organization had trouble dealing with user demands for BYOD, this will present an order-of-magnitude-bigger challenge. EoT will have a profound effect on an organization's infrastructure, including its network connectivity, VPN, identity access management, security infrastructure and management functions.


14 Mobile Certifications That Meet IT Demands
Certification, then, is a great way to determine the effectiveness of an employee's ability to meet business demands and expectations. This article looks at several types of mobile certifications — app development, networking, security and a mixed bag of mobile workforce and digital forensics offerings. Most of the featured companies and cert programs provide training courses, which are typically not required, along with self-study materials, sample exam questions, candidate forums and other certification prep resources. All prices are in U.S. dollars.


For Bitcoin Lessons In The History Of Failed Currencies
While payment systems tend to evolve, specific currencies have come and gone over the centuries. Take for example the Continental Dollar of early America. Writing by email from Mongolia Jack Weatherford, author of “The History of Money,” explained that Brits immigrating to the American colonies were not allowed to import British money. After failed attempts to use the Mexican silver dollar — there simply weren’t enough to finance a revolution — they started issuing paper dollars known as Continental Dollars. “Like the Bitcoin, it was a revolutionary idea that got out of hand and the value of the dollars dropped drastically,” writes Weatherford.


Shadow IT: Balancing productivity and security
Shadow IT typically refers to corporate staff going outside the confines of established IT department processes to procure computing resources. Line of business users create shadow IT when they go beyond the enterprise IT framework for cloud-based applications like Google Apps, Basecamp and Dropbox. Similarly, corporate developers use shadow IT to go around hardware procurement and licensing issues. For example, developers might do application development and testing in the cloud to deliver value with the speed the business demands.


What does the next big thing in technology mean for the data center?
New products promise a compelling increase in performance, efficiency, productivity or end results. Sometimes these improvements justify an immediate rip and replace, but it's more likely that a careful evolutionary approach is warranted. For example, big data presents a potentially disruptive opportunity. The amount of interesting and available data is growing fast. Our competitive natures make us want to mine all the value out of it as quickly as we can. In response, a multitude of emerging infrastructure systems offers to help us cruise through these floods of data. It can be hard to know where to look first.


Creating an IT Strategy & Succeeding in Strategic Execution
Well sure, if you’re busy 24/7 then there is no time, but perhaps there’s a reason why you have no time. It can be because your organisation really has overcommitted to that extent, the problem then is that without spending time with your head up looking around you may have missed the exact reason why you are overcommitted. It may be that further resource is required, or that time efficiencies are not being made, projects with little or no value are taking up valuable time or perhaps that ineffective management of systems or people is occurring.


Bring Data Governance To Your Cloud Backup Strategy
“You want employees to be able to get their data from anywhere but you don’t want someone else accessing it if their laptop is lost or stolen,” Venkataraman says. Especially when employees bring their own devices, it’s important for enterprise IT to have visibility into and policy control over the corporate data that’s on them. To ensure that it is automatically encrypted and backed up to the Cloud, and that, in emergency situations, that data can be remotely wiped off the device without affecting users’ personal information. IT also needs to be able to set policies for data access, so that workers can be authorized to self-restore their corporate information from the cloud to a new mobile device, to be back up and running quickly.


What Is the Relationship between Data Architecture and Data Governance?
Data Architecture provides an understanding of what data exists where and how it travels throughout the organizations and systems. It highlights changes and transformations made as data moves from one system to the next. These data inventory and data flow diagrams provide the information and the tools that the DGT needs in order to properly make decisions regarding data policies and standards. These artifacts also help the DGT perform root cause analysis when data issues are raised by business people, and they help to solve those issues.


Quote for the day:

 “But better to get hurt by the truth than comforted with a lie.” -- Khaled Hosseini
Posted by at No comments:
Labels: , , , , , , , ,

March 29, 2014

Invasion of the body snatchers: Wearable devices are coming for you
The current boom in wearables can be traced back to around 2006 when Nike gave the pedometer a digital twist. Its small Plus device slipped into a running shoe and counted the steps taken and time elapsed on a run. The information was sent to an iPod application and to an online community where people could track and compare their workouts. Other companies followed, and in late 2008 Fitbit attracted considerable attention with its namesake fitness tracker. It captured the imagination of many because it was small, could be worn easily and silently collected data all day long -- no matter what shoes you were wearing.


Argentina's IT Industry Aims to Become Regional Leader
“We need to defy the myth that people here don't speak English, or that there are problems due to the time zone or to cultural differences,” Medica says. In fact, she argues that as a nearshore outsourcing destination, Argentina offers the advantages of cultural and geographic proximity for better cooperation with the client, less travel expenses and lower total cost of engagement. For now, the network consists of five country groups: Chile, Colombia, Mexico, Brazil and the US. The US group is the largest with 16 member companies, Colombia and Chile have 11 together, Mexico has six and Brazil has four.


Global Mobile Data Traffic to Surpass 15 Exabytes Per Month by 2018
"Our findings continue to highlight trends around the pervasiveness and continuing demand for mobile connectivity and services," says Thomas Barnett, marketing director for the Cisco Service Provider program. At the end of 2013, more than 4 billion people were mobile users, Barnett says. That number will grow to 5 billion by 2018. By then, the average mobile connection speed will have surpassed 2Mbps, Cisco says. "These numbers really speak to the pervasive nature of mobile technology," Barnett says. "This trend is particularly relevant in emerging markets where the mobile Internet may be some users' only connection to the Internet."


For Swiss Data Industry, NSA Leaks Are Good as Gold
Switzerland isn’t the only country hoping to cash in. Finland’s F-Secure recently released a Dropbox competitor called Younited. And a consortium of German telecoms, ISPs, and e-mail providers has backed an “E-Mail Made in Germany” program that aims to keep communication data routed and stored in-country when possible. In February, German chancellor Angela Merkel attended talks in Paris on building an all-European communications network so that “one shouldn’t have to send e-mails and other information across the Atlantic.”


The Big Data Era: How Should Consumers Deal With the New Definition of Privacy?
So, times are changing and for consumers it is important to be aware of the changed situation. More and more organisations will start using their data in the coming years, and they should if they want to remain competitive. So consumers should get used to the new situation. Of course, this does not mean that organisations can completely forget about the privacy of their customers. On the contrary. Customers should not become the victim of the Big Data era and organisations should stick to the four ethical guidelines to protect their customers.


IT-centrism and real-world enterprise-architecture
IT-centrism is, in essence, an extension of the delusions of Taylorism, that desire or hope or assumption that everything ‘should’ be subject to predictable control, and hence ‘should’ be controllable by certainty-oriented means. Unfortunately, this just doesn’t work in practice: any real-world context will always include elements of inherent uncertainty. In practice, the Taylorist delusion plays out in two distinct forms. The first is an assertion that if the (automated) system can’t handle it, we can safely ignore it.


OS upgrades are a right, not a privilege
Tech reporters who offer buying advice must recognize this. It seems utterly irresponsible for them to ignore the importance of a clear, free and defined upgrade path for the products they get paid to talk about. In the changing technology landscape the price of OS upgrades and the accessibility of those upgrades is as important as the specifications of the device, because software and cloud services will define the future of the industry. People who use devices to do things will want to do the latest things, and for this they will need the latest software.


EA Principles and Policies
If you are involved in business transformation, governance or technology alignment activities, you should access the Enterprise Architecture as a consistent and robust base of knowledge about the Agency. This page will enable you to access guidance and support to help you. The Enterprise Architecture is supported by the Enterprise Architecture Team who can provide detailed advice and assistance to your project as it progresses through the governance process. ... Check out here for Documents relating to the Highways Agency Enterprise Architecture Principles and Policies.


Refactoring tests for better application design
Through the act of writing a test first, we ponder on the interface of the object under test, as well as of other objects that we need but that do not yet exist. We work in small, controllable increments. We do not stop the first time the test passes. We then go back to the implementation and refactor the code to keep it clean, confident that we can change it any way we like because we have a test suite to tell us if the code is still correct. Anyone who’s been doing this has found their code design skills challenged and sharpened. Questions like agh maybe that private code shouldn’t be private or is this class now doing too much are constantly flying through your mind.


The user acceptance testing conversation
User Acceptance Testing (UAT) focuses primarily on verifying that the functionality delivered, and proven in system and system integration testing, meets the end users’ business requirements. An often pressured and compressed phase of the testing lifecycle, UAT represents the final quality gate before delivery to the live environment. As such, it is critical that the testing performed by the business during this phase achieves the appropriate level of coverage and quality demanded by the business sponsor. Below are two fictional conversations between a test manager and a business sponsor, regarding a planned UAT phase.


Quote for the day:

 “To handle yourself, use your head; to handle others, use your heart.” -- Eleanor Roosevelt
Posted by at No comments:
Labels: , , , , , , , , ,

March 28, 2014

Amazon hints at new German datacenter, but probably not for the reasons you might think
What's significantly more likely, as Jassy hinted, is that it's more to do with "data sovereignty requirements" - specifically knowing where your data is stored, and under which legal jurisdiction. That's a major proponent of the new European data protection and privacy legislation that's currently going through the European Parliament, which sped up in the wake of the Edward Snowden leaks. There's no doubt there's a push-pull effect going on here, but it's not the be-all and end-all by a long shot.


Payment card security revamp becoming chip vs. PIN tussle
EMV chip cards are used widely around the world and are considered much safer than magnetic stripe cards, especially when used in conjunction with a Personal Identification Number (PIN). However, retailers, which have to bear the bulk of the migration costs to EMV, say it's possible to improve U.S. payment card security quickly by simply implementing a mandatory PIN requirement for all credit and debit card transactions. Just as PINs are required to withdraw money from ATMs, PINs should be required for all payment card transactions, they say.


Migrating to Office 365 requires planning, pilot-testing
With Microsoft Office 365, Microsoft has entered the hosted/cloud email hosting market, and it's now among the company's fastest-growing products. As with any such changes, though, it's important to do the Office 365 migration right; email communication is too critical to put at risk. Companies need to plan their migrations carefully and pilot-test and verify at every step.


A Cyber History Of The Ukraine Conflict
Over the last few months Ukrainian websites (within the TLD .ua) have seen their fair share of defacements. Evidence indicates that Muslim hacking groups with pro-Syrian or anti-Israeli agendas conducted the majority of the defacements. A recent round by a group named Cyber Berkut is particularly troubling. Based on the targets attacked and symbolism used it’s very clear that the Cyber Berkut is pro-Russian. Some of the group’s tactics, techniques, and procedures (TTPs) are similar to those used in cyber operations in 2007 and 2008 by the Kremlin against Estonia and Georgia.


Seagate Business Storage Windows Server review: No-nonsense NAS for business
You don’t set up this box as you would a NAS box that runs on Linux, by connecting the device to your network, typing a predefined IP address into your web browser, and having at it. You must first attach a keyboard and VGA display, and then define a password using its local interface. Once that’s completed, you can remove the keyboard and display, connect it to your network, and administer the box via Remote Desktop from another Windows PC on your LAN.


The Value of Being Approachable: Priceless
If you want to be approachable, the opportunities that come your way will dramatically increase. All you have to do is act as if you are wearing a name tag. When you wear a name tag, people know that you want them to be free to engage you in conversation. It’s an invitation that tells people, “Approach me, introduce yourself. It’s OK!” If you’re a manager, that’s the way you want people to see you and that’s the way you want your people to be seen. When people see you as approachable, all sorts of opportunities open up.


Pair Painting
We’ve established that there’s much to be gained from working as a pair - high standards, joint ownership, even fun! You need to be prepared to work at it, however. Simply sitting two people in front of a screen won’t automatically produce these results - but with a bit of effort and some careful inspect-and-adapt the magic will start to happen. If you and your team decide to give pair programming a go, there are many great resources available to help you get off the starting block


Conscious uncoupling in the enterprise: Time for the next phase of services
The API economy is well understood, as we've been working to put SOA practices in place for more than a decade now. However, what McNee calls the Internet of Everything is a vast, little-understood frontier. "Everything is a source of data, and everything is connected or connectable," he observes. "This emergent inter-connected business and IT reality brings with it unprecedented challenges, mainly due to its almost completely unpredictable scale and complexities.... its effects are likely to be outside of previous experience and its requirements will be beyond most existing skills and resources."


Cisco fixes denial-of-service flaws in IOS software for networking devices
The newly released IOS versions contain patches for two vulnerabilities identified in the software's Network Address Translation (NAT) feature that's commonly used in routing scenarios. One vulnerability could be exploited by sending malformed DNS packets to be processed and translated by an affected device and the other by sending certain sequences of TCP packets. "To determine whether NAT has been enabled in the Cisco IOS Software configuration, log in to the device and issue the 'show ip nat statistics' command," Cisco said in a security advisory published Wednesday


Software test management: Know which rules to follow, which to break
When you stop to think about the idea of 100% utilization as a measure of success, its absurdity is obvious. What if you kept all of your people busy all the time, but they were focusing on the wrong things? "When test managers hear me talk about this myth, they say, 'Oh my gosh,' and they look at me with their mouths open," Rothman said. To ensure success, test managers should focus on getting software projects – and features that are part of those projects -- out the door. The way to accomplish that is to optimize the team's workflow at a steady rate, according to Rothman.


Quote for the day:

 "No man can think clearly when his fists are clenched." -- George Jean Nathan
Posted by at No comments:
Labels: , , , , , , , , , ,

March 27, 2014

OpenLDAP configuration tips for working smarter, evading common stress
OpenLDAP configuration is difficult for some, but your implementation may not be the source of the problem. Those who lament OpenLDAP configuration are actually having issues with Lightweight Directory Access Protocol (LDAP), said Howard Chu, chief architect of OpenLDAP. "It's a very broadly applicable protocol and that tends to leave people lost, wondering where to begin," Chu said. He advised IT pros installing LDAP to read, research and experiment. We asked OpenLDAP users to answer some frequently asked questions on configuring and deploying the protocol.


Dissatisfaction with IT grows
IT managers are being told that "you've got to grow the business, not just run the business," said Mark Peacock, an IT transformation practice leader and principal at Hackett. McKinsey & Co., in its online survey of more than 800 executives -- with 345 having a technology focus -- also found that executives want less of their budgets to go to infrastructure so more resources can be shifted to analytics and innovation. The McKinsey survey found that business executives are less likely to say now that IT performs effectively, compared to their views two years ago.


Hackonomics: Stolen Twitter accounts ‘more valuable’ than credit cards
Stolen Twitter accounts now fetch more than credit cards on the cybercrime black market, according to a new report released by the RAND Corporation. The report is the first in a series commissioned by Juniper Networks. "Markets for Cybercrime Tools and Stolen Data: Hacker's Bazaar" explains that a Twitter account now costs more to purchase than a stolen credit card, because Twitter account credentials potentially have a greater yield.


5 musts to get people on board with social business
It’s a fact that people are still struggling to get social business to take root across the organization. Heck, sometimes it’s still a struggle to get it to work within its own department, wherever it starts. Or to get people to even notice and pay attention to these ideas in the first place. The only way to scale social business is to get it out of its nesting place – marketing, customer service, IT – and get it all the way to the edges of the organization. That means having people buy into the vision for social business, invest the time and resources in the practices and tools, and enthusiastically do what they can to support those efforts.


Convincing the C-suite to fund IT security
"The C-suite doesn't understand the full vulnerabilities that their organizations face," Moss says. "This has always been the challenge. But now that they're finally seeing quantitative losses, they want to get ahead of the problem. They're tired of always acting post-breach." One of the biggest challenges Moss faces with his clients is helping them distinguish between vulnerability and risk. Vulnerability is the likelihood that an organization may suffer a security incident. Risk is the amount of damage that such an incident will inflict on the organization.


Code Kingdoms teaches children to program through gaming
Targett told Computer Weekly that Entrepreneur First founders Matt Clifford and Alice Bentinck had encouraged them to apply. “We had the idea, and they convinced us it was a great idea,” he said. “They helped us to think about raising funds and to think about the customer. We put coding out to kids' imagination and let them build the games.” Code Kingdoms is now available online on desktop and mobile. In six months' time, the company plans to be generating revenue and to have a team of five on board.


Microsoft warns Word users of ongoing attacks exploiting unpatched bug
According to the security bulletin Microsoft issued today, three members of Google's security team reported the Word vulnerability to Microsoft. The bug is in Word's parsing of RTF files, which are often used to exchange documents when all users are not using Microsoft Word. Although the attacks seen so far by Microsoft have been aimed at Word 2010, the bulletin noted that the affected software also includes Word 2003, Word 2007, Word 2013 and Word 2013 RT, the version especially crafted for Microsoft's Windows RT tablet operating system. Office for Mac 2011's version of Word is also vulnerable.


Cloudification denotes opportunity, not despair, for mainframes
So is cloudification of applications a credible threat to the mainframe in coming years? Many people have likened cloud computing to mainframe time-sharing, and there are some viable parallels. The answer is not straightforward, and will depend on user- and application-specific scenarios. But a significant amount of mainframe-based workloads will likely migrate to private and public cloud deployments. On a pure infrastructure and software cost per workload basis, Linux-based open systems prevail over mainframes.


Reliability Series #1: Reliability vs. resilience
The Institute of Electrical and Electronics Engineers (IEEE) Reliability Society states reliability [engineering] is “a design engineering discipline which applies scientific knowledge to assure that a system will perform its intended function for the required duration within a given environment, including the ability to test and support the system through its total lifecycle.” For software, it defines reliability as “the probability of failure-free software operation for a specified period of time in a specified environment.”


Facebook Debuts Web-Scale Variant Of MySQL
In a move that could shake up both the commercial and open source database management system markets, Facebook announced on Thursday that it has worked with fellow Internet giants Google, LinkedIn, and Twitter to develop WebScaleSQL, an open source, web-scale branch on top of Oracle's publically available MySQL Community Edition. "Our goal in launching WebScaleSQL is to enable the scale-oriented members of the MySQL community to work more closely together in order to prioritize the aspects that are most important to us," wrote Facebook software engineer Steaphan Greene in a draft blog post shared with InformationWeek.


Quote for the day:

 "Learn to see things as they really are, not as we imagine they are." -- Vernon Howard
Posted by at No comments:
Labels: , , , , , , , , , , , ,

March 26, 2014

Internet of Things (IOT): Seven enterprise risks to consider
Despite the opportunities of IoT, there are many risks that must be contended with. Any device that can connect to Internet has an embedded operating system deployed in its firmware. Because embedded operating systems are often not designed with security as a primary consideration, there are vulnerabilities present in virtually all of them -- just look at the amount of malware that is targeting Android-based devices today. Similar threats will likely proliferate among IoT devices as they catch on.


Use Daily Conversations to Promote Development
Rather than keeping professional development talk locked to the calendar, I’m a big fan of frequent “on the fly” conversations that directly support an individual’s developmental needs and goals. Frequent conversations keep the topic front and center and allow you to focus on providing active coaching that transcends a task orientation. And importantly, the regular development discourse helps build trust between you and your co-workers. After all, there’s no higher form of respect you can pay to someone in the workplace than helping them work towards achieving their career aspirations.


Google's new cloud strategy: Apply Moore's Law to prices
Touting that cloud pricing schemes should mimic hardware and "follow Moore's Law," Google is slashing prices for pay-as-you-go services, with Google's big data analytics BigQuery engine seeing its on-demand rates chopped down by as much as 85 percent. "Pricing is still way too complex," Hölzle lamented, adding that current cloud costs might seem cheap when compared to on-premise alternatives, but there's still a lot of room for reduction. Cloud Storage follows suit with up to 68 percent in price reductions, trailed by the Compute Engine fees lowered by up to 32 percent across all regions, classes, and sizes.


Scrabble-playing robot aimed at refining human interaction
‘We believe that for autonomous robots to be accepted, they will have to conform to the social conventions of people, rather than the other way around,’ Simmons said in a statement. The researchers are investigating whether changes in mood or emotions affect the desire to interact with robots and how personalisation, such as the robot remembering a person’s play from previous games, might affect the willingness to interact over time. Victor’s torso is topped with a mobile head on which a video screen displays its animated face, designed by Anne Mundell, associate professor of scene design.


In rare move, banks sue Target's security auditor
The lawsuit is one of the rare occasions where a PCI security auditor has been sued over a data breach involving a client. Companies like Trustwave are called qualified security assessors (QSAs) in PCI parlance. They are responsible for conducting security assessments of retailers and others covered by the PCI standard. In Trustwave's case, the company also provides a range of security services to help companies achieve PCI compliance status.


Coming Soon: Android Apps for Wearable Devices
Android’s dominant position in mobile software could give it an edge over Apple in smart watches. Cecilia Abadie, a developer at 33Labs, a mobile development company in Los Angeles, says she is building a personal fitness training app and personal assistant app for the Moto 360. “Android Wear has better chances of winning the next big battle of wearables against Apple, in the same way Android itself won the battle in number of [smartphone] units sold,” she says.


Go Directly To Fail
Despite ITs extensive experience in “implementations”, a quick review of projects shows that we seem to keep making the same mistakes over and over. Each failure (potentially) undermines our customer’s confidence in our ability to deliver on-time and on-budget. The good news is that this is entirely avoidable. Selecting and implementing an ITSM tool successfully isn’t hard, but it does take some work. The good news is that this work has benefits that can impact your implementation and beyond!


Gartner Says Asia Pacific Offshore Services Providers are Still Growing
“Although the use of Asian countries for offshore or nearshore services has not yet peaked, we are seeing some distinct changes in demand and supply patterns in the region,” Mr. Longwood said. “Ongoing cost pressures in Europe are driving some multinational corporations to consider moving their offshore services from mid-cost countries like Malaysia to lower-cost locations in Asia, Eastern Europe and Latin America. Some Western countries are becoming more protectionist, which is also having a negative impact on demand for offshore services from Asia Pacific.”


Advanced threat detection products yet to earn trust of enterprises
"We've had the capability for a long time across many different technologies to do automated blocking," Holland said. "We're never going to reduce the number of attacks that occur or speed the time to containment and remediation unless we have automation in the picture. So we need to move more in that direction, but most companies struggle with that." Andrew J., a security professional, ... said his organization has utilized FireEye's NX Series product, which provides detection and prevention capabilities for Web-based threats since 2011, but like Target has not enabled the product's automated response capabilities.


How Data-Sharing Can Keep Fraud from Spreading
"As stewards of the industry, our job is to share as much information as we can through our partners," says Aaron Glover, senior analyst at SunTrust Banks in Atlanta. SunTrust, for example, has built a relationship with the Internal Revenue Service in Atlanta in which the bank sometimes calls to verify Treasury checks. The bank recently asked the IRS about one $300,000 check, which turned out to be linked to an IRS investigation, so SunTrust put the check on hold. But despite such one-off successes, there's a strong need for protocols for information sharing about money laundering, corporate security and fraud, Glover says.


Quote for the day:

 “I must admit, that I have learned more from my negative experiences than I have ever learned from my positive one.” -- John Paul
Posted by at No comments:
Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)