Daily Tech Digest by Kannan Subbiah

October 05, 2016

Github’s Phil Haack on Moving from Engineering to Management

It’s important to be able to take an evidential approach to identifying the practices and approaches that work for collaborative outcomes, however there is not a lot of research in these areas. Take what research we do have and try it out – does it really work or is it just “conventional wisdom” that may not actually apply in the development space? ... Sane Development Practices: techniques like setting up a build environment that just works – download the project and hit F5 to have it build without having to configure many different things before you can even do the simplest activity. If you clone a repository there should only be a couple of steps needed to have it running on your machine. ... Having things like automated builds and continuous integration are about helping developers maintain their sanity.

Beyond Dashboards – Predictive Analytics and Decision Management

The first and most obvious benefit provided by the combination of decision management and predictive analytics is the collaboration inherently resulting from the former. No longer are we dependent on the mad data scientist in a white lab coat! Now every concerned group – business analyst, IT, business owner and the data scientists can all view, understand and work with the same information. This removes the ubiquitous black box and enables truly effective data governance. But let’s face it – what we really want most of all is to create something actionable from all that data. We know more and more of it will be coming in real time. By beginning to incorporate additional elements of decision management while collaborating across all stakeholders, we can create (or significantly enhance) the ability to:

Malaysia and Singapore face IT talent shortage

Randstad’s ranking of the most popular tech jobs in Singapore shows cyber security and technology risk professionals being in highest demand, with the potential to earn S$120,000 (£69,000) to S$240,000 a year. Project management and business analysts are ranked next highest. Their functional knowledge and in-depth technical know-how are in demand as organisations seek to become more lean and cost-effective. Randstad ranked application developers as third most in demand, due to Singapore being an attractive hub for companies setting up centres of excellence. Demand for experienced developers exceeds supply in the country due to a lack of experienced developers and an influx of startups.

The Data Science Hierarchy of Needs

The urgency to establish a big data strategy propels companies into the third step of diving into infrastructure without a clear directive. You start with installing Hadoop, maybe some Kerberos and SSO for security, even a NoSQL Database just for fun. However, if you start with the business problem, you may find that you don’t need any new infrastructure or complex machine learning at all. A good rule of thumb is to employ the YAGNI (You Ain’t Gonna Need It) principle from agile programming. Start by doing the simplest thing that could possibly work. A lot of problems can be solved by smart people armed with modest data and tools designed with the business in mind, before ever requiring a big data infrastructure.

7 ways DevOps benefits security programs

Organizational culture and its processes and technology are evolving at a pace we have never experienced before. As a result, we can’t just sit back and wait for the “DevOps fad” to fade away because it isn’t going to. It’s not a fad – it’s an evolved way of software development. Furthermore, security cannot be the elephant in the room that everyone avoids because it gets too complicated. Security must evolve, as well, segueing into SecDevOps. Many organizations are regularly pushing out tens if not hundreds of releases and updates on a daily basis. With help and guidance from the security team, organizations can push secure releases on the first try and save lots of money and time along the way. Checkmarx explains why DevOps can end up being a major benefit to security.

2016 State of Digital Transformation

When everyone and everything is connected to the Internet, companies must leverage information and digital technologies including cloud computing, mobile, social, Internet of Things (IoT) and AI to transform how they connect with customers in a whole new way. Per Gartner, 89% of marketers expect to compete primarily on the basis of customer experience. Customer experience is a top priority and managed as a team sport. Digital business transformation will require an experimental and technology-led mindset that must be inclusive of the entire business - marketing, sales, services, IT, R&D and customer and partner communities. How can companies today leveraging technology to drive digital business transformation?

Google Home: What it does and when you can get one

Google Home has a built-in edge when it's time to ask the speaker a question...Google Assistant. Take the speaker's My Day feature. Tell Google Home "Good morning," and it will launch in with today's weather and information about your commute. It will also tell you about upcoming appointments you've got scheduled for the day and list any reminders...Google Assistant is pulling all this information from your Gmail, calendar and other Google Maps. ... Google Home...will go on sale Nov. 4 for $129...The purchase price also comes with a free six-month trial of YouTube Red, an ad-free version of the video sharing service. ... Google Home is coming to the U.S. only at first, and will be sold in the online Google Play Store...Target, Walmart and Best Buy; Google starts taking preorders Tuesday.

How today’s CIOs are getting sales cycles ‘Back in Black’

"The job of a CIO has changed," said Gainsight CEO Nick Mehta, whose company helps sales organizations deliver customer success through big data. "Server design has been replaced with service delivery." As CIOs are now accountable to business users, they demand results — not products — from their vendors. Modern CIOs are asking vendors about their business process — often called their "customer success" process — to ensure that they are achieving their desired outcomes from the business relationships. "It's all about the outcome," Mehta said. To accomplish this, vendors need to get business users and CIOs talking to one another to make sure it's a good fit for everyone.

Putting the pieces together: The intersection of strategy and agility

Generally speaking, strategic responsiveness increases with the frequency of corporate strategic-planning activities. Most of the survey respondents use an annual planning cycle. However, organizations that conduct either continuous or annual planning with quarterly rolling plans have the highest level of strategic responsiveness. Though ongoing corporate planning has the highest level of strategic responsiveness, there is negligible improvement between ongoing planning and using an annual planning with quarterly rolling plans. Organizations that use an annual planning cycle with quarterly rolling plans have the ability to balance long- and short-term goals and ensure a structured method to review changes in the external business environment and incorporate them in the strategy as needed

By 2020, your Wi-Fi-connected car will pay for parking, gas

"Connected vehicles will streamline many of the processes currently in use in the businesses. For example, a rental car could be provisioned remotely, allowing the customer to pick it up and drop it off without having to go to an office," said James Hines, a research director at Gartner and the report's author. "They will also enable new modes of operation; for example, when combined with autonomous driving capability, connected vehicle technology will allow a customer to request a ride and a vehicle could be automatically dispatched to the customer’s location." Connected vehicles will improve access to EV charging by locating available stations and paying for charging services; they'll also be able to monitor the state of charge of the battery in the vehicle, Hines said.

Quote for the day:

"A man must be big enough to admit his mistakes, smart enough to profit from them, and strong enough to correct them." -- John C. Maxwell

October 04, 2016

How Big Data Velocity Informs Population Health, Patient Safety

“You may have a patient surveillance system that requires really large datasets to monitor their vitals and maybe do some predictive analytics about how they’re trending, and that requires immediate, truly real-time insights for the patient while they are still in your care setting.” But population health management prioritizes different metrics and aims to achieve somewhat different results, he added. “Population health is about identifying groups of patients and figuring out a commonality around their needs. After you identify a common need, you redesign care around delivering that service or improving that outcome.” Population health programs also tend to generate large volumes of data that is often used to track improvements over time.

New alliances focus on open-source, data science empowerment

Continuum Analytics, the creator and driving force behind Anaconda — a leading open data science platform powered by Python — has allied with IBM to advance open-source analytics for the enterprise. Data scientists and data engineers in open-source communities can now embrace Python and R to develop analytic and machine learning models in the Spark environment through its integration with IBM’s DataWorks Project. ... This program empowers corporations to better understand, use and maximize the value of their data. The program will support IBM’s DataFirst Method, a methodology that IBM says provides the strategy, expertise and game plan to help ensure enterprise customers’ succeed on their journey to become a data-driven business.

Core systems should have built-in obsolescence

The issue is that this mentality of the “big deal” still pervades for many senior bank decision-makers, yet today it’s no big deal. If a startup can get a full suite of banking software up and running like Ant Financial, Solaris, Thought Machine, PrivatBank and more, then you know the answer today is all about speed and agility at low-cost. There’s no big deal here. In fact, as alluded to in an earlier blog, if you can build a developer-driven bank where a micro-services architecture allows very small teams to change little parts of the architecture continually, then you have a bank built for today – a bank that can provide updates for its apps and APIs every day (or even intraday), rather than every year or even biannually.

The Challenges Fintech Startup Companies Are Facing

Behind every successful fintech firm, there is an agile and well-diversified team of forward-thinkers. Since startup companies operate with limited resources, every employee counts. Therefore, it is imperative to have employees with a combination of experience and relevant skills for fintech companies. Even if you find skilled individuals, they will most likely ask higher wages because their opportunity cost is very high. ... Unless one is speaking to a financially and technologically savvy investor, it’s often difficult for startups companies to describe the value proposition and more explanation is needed than in other industries. Therefore, fintech companies are required to know their products and to have efficient ways to tell their story for anyone to understand.

Yahoo hack spurs push for legislation

The Yahoo breach has drawn particular attention not only for its size — 500 million accounts were exposed by hackers Yahoo says were nation state actors — but for the time the company took to notify victims. The breach occurred in 2014, with Yahoo only announcing it this month. But reports indicate that the company may have been aware of the hack in July or August of this year. The timing of the disclosure drew swift criticism from lawmakers who suggested that the company might have sat on the breach to avoid disrupting a purchase deal with Verizon. “As law enforcement and regulators examine this incident, they should investigate whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon,” Sen. Richard Blumenthal

3 survival skills for reluctant IT managers

Systems programmers and database administrators in large shops earn six-figure incomes. They earned these incomes by polishing their skills in a particular technical specialty, and by mastering tools that have proven their worth over time and that they trust. Their career calling cards are their expertise and their ability to use these tools to solve difficult problems, so they are not always open to new tools and technologies that challenge the tools and approaches that they cut their teeth on. If you are considering a new approach or vendor toolset, it is really important to obtain staff buy-in before moving forward. If you can't get buy-in, and you and the company have determined that it's absolutely necessary to move forward, you should be prepared to lose people.

What CIOs Need To Know About Open Source

"At one extreme, forking is one of the fundamental rights you have with open source code and we talk about how great it is to have the freedom to fork — it can be a good way to revive a dying project," says Allison Randal, president of the Open Source Initiative. As an example, Randal points out that before the LibreOffice fork, OpenOffice.org was suffering from "human problems" that prevented the code from moving forward. The LibreOffice fork was successful and now has overshadowed OpenOffice.org. Unfortunately, forking doesn't always produce such a positive outcome. "I have seen cases when forking a project divides the community, introduces tensions, cuts resources and ultimately kills both projects," Randal says.

Attacks Are Advancing; Are Your Threat Detection and Response Capabilities?

Many organizations rely on traditional SIEMs to store data and run simple, real-time, rules-based analytics. This works for providing insights into activities at a point in time, but most attacks are more subtle and may unfold over weeks or even months. The ability to consider more and varied data types over a longer period of time offers richer insight as to who the attacker was, what malicious activities were performed, and how to remediate the threat. Newer big data platforms overcome the limitations of traditional SIEMs and provide the ability to keep up with the volume, velocity, and variety of data while conducting more sophisticated statistical and machine learning analytics.

Transactional Microservices Using Aggregates, Event Sourcing and CQRS

It is an approach to modularity that functionally decomposes an application into a set of services. It enables teams developing large, complex applications to deliver better software faster. They can adopt new technology more easily since they can implement each service with the latest and most appropriate technology stack. The microservices architecture also improves an application’s scalability by enabling each service to be deployed on the optimal hardware. Microservices are not, however, a silver bullet. In particular, domain models, transactions and queries are surprisingly resistant to functional decomposition. As a result, developing transactional business applications using the microservice architecture is challenging.

Mobile is part of e-commerce, not a rival

Mobile devices are at the heart of merged channel because those handheld computers — and, yes, mobile phones are computers — make any other compensation approach ridiculous. How, for example, is a Macy's in-store-versus-online mentality supposed to deal with someone scanning a barcode in-store with a mobile device and then purchasing it from Macys.com? No need to worry about which division gets what percentage of the sale. It's a Macy's purchase and that's that. The point is to look at purchases from the shopper's perspective. That is what retailers tell their shareholders, right? That they are so customer-centric? Shoppers see it as a Kohl's transaction or a Walmart purchase.

Quote for the day:

"Even if you are doing robust risk assessments, between that and human error, breaches will happen."

-- Pam Hepp

October 03, 2016

Body-based transmission system keeps passwords secure

The system works by making use of the low-frequency signals generated by a smartphone's fingerprint sensor that locate the finger's position in space and read the grooves in a user's fingerprint using capacitive coupling. Registering between 2 and 10 MHz, these signals aren't strong enough to travel through the air, but do travel through the human body well. Usually read by the sensors as input, the UW team's technique turns these signals into output containing the authentication data, which is then transmitted through the body and picked up by a receiver, such as the electronic door handle. "Fingerprint sensors have so far been used as an input device," says senior author Shyam Gollakota. "What is cool is that we've shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body."

Evaluating customer engagement cloud solutions: Key questions to ask

It’s important to note that it’s not enough to move monolithic applications to public cloud infrastructures. To truly deliver on the promise of the cloud, applications must be developed from scratch (or re-written) to take full advantage of advanced infrastructure and platform-as-a-service capabilities—similar to writing a brand new operating system with unique characteristics. Thus, be careful not to get stuck with the old stuff in the new world. You’ll be left with more of the same. Whether you’re experiencing exponential growth like a hot new startup or are a more traditional business going digital, make sure you select a cloud customer engagement and business communications solution designed for the future.

Rise of the SPI: Atlassian spin or a better variation of the API?

SPI originated when Atlassian was a young company and had only a single product, JIRA. As a young company wanting to scale, the company released its source code for others to hack on and build their own features. Over time, some of these developments were included back up the chain and made part of the core product. Initially, this was achieved through the use of Java applets. Developers coded against a Java API that would modify the core application code without forking the source code. Over time, this approach was adopted into Atlassian’s other products, and, almost randomly, a partner ecosystem grew around it. From this ecosystem, the company then built the Atlasssian marketplace, which allowed third-party software vendors to build and market products.

The Biggest Risks of Big Data

Any project can fail for any number of reasons - bad management, under-budgeting or a lack of relevant skills. However Big Data projects, due to their nature, bring their own specific risks. Due to the advanced technology often needed, and the relative newness of the skillsets required to truly “think Big” (or as I prefer to say, “think Smart”) with data, care must be taken at every step to ensure you don’t stumble into pitfalls which could lead to wasted time and money, or even legal hot water! Business people are used to taking risks – assessing those risks and safeguarding against them comes naturally, or we don’t stay in business for long! So there’s no need to be scared of Big Data. But of course we always need to be aware of dangers that could potentially arise if we fail to cover all of the bases.

Consortium Forms Framework for Industrial Cybersecurity

"The Security Framework looks at IIoT security from three different perspectives," Hamed Soroush, the IIC's security working group chair, told EE Times in an interview. "Chip makers, equipment developers, and end users all have an important role in security for the IIoT, but often work without knowing one another's perspectives. The Framework will help them talk to each other." It also provides guidance to management on risk management when considering security, he added. Part of the motivation for creating the Framework is the difference between industrial IoT and consumer IoT security needs, Soroush noted, which calls for a discussion focused on industrial IoT system needs. Security in the industrial IoT should be more robust than for consumer IoT, for instance, to reduce the risks to critical infrastructure such as power generation.

How Microsoft Cortana will run your entire office by 2020

Cortana will take over for Tell Me someday. You’ll talk to the bot and tell her you want to create a presentation for the shareholder meeting or a brochure for your startup. Like MyAnalytics, she’ll know you have been working in Excel the past few days and offer to create some of the slides with your financial data. You’ll dictate the bullet points. She’ll know to use a color scheme that matches your company logo. She’ll even know how to correct your wording, a capability that is already in Microsoft Word called the Editor. Cortana will know if you are talking in passive voice and correct your wording on the fly. She’ll fact check what you say, and offer to use stronger verbs.

Killer Keyboard Shortcuts To Help You Master Windows

Despite notable advancements in speech-recognition technology and voice input, and the popularity of tablets, the humble PC continues to be the workhorse device of choice for many workers around the world. And whether you're an office-bound professional slouched behind a desktop PC, or a globetrotting executives armed with the latest ultrabook, the "physical" hardware keyboard continues to play a crucial role in productivity. The last thing you want in the heat of the moment is to fumble around for a mouse or have to take multiple steps to complete a task that could be done with a quick keyboard shortcut. Of course, learning and remembering such shortcuts can be hard work, and you'll need to take some time to find the appropriate shortcuts for you.

What makes IoT ransomware a different and more dangerous threat?

“While traditional ransomware affects your computer and locks your files, IoT ransomware has the opportunity to control systems in the real world, beyond just the computer,” says Neil Cawse, CEO at Geotab, a manufacturer of IoT and telematics for vehicles. “In fact, due to the many practical applications of IoT technology, its ransomware can shut down vehicles, turn off power, or even stop production lines. This potential to cause far more damage means that the potential for hackers can charge much more, ultimately making it an appealing market for them to explore.” Some argue that in most cases, IoT hacks can be reversed with a simple device reset. However, the incentive to pay for IoT ransomware will not stem from irreversibility but rather from the timeliness of the attack and the criticality and potential losses of losing access to critical devices for any amount of time.

Largest DDoS attack ever delivered by botnet of hijacked IoT devices

Some of the attacking machines are running clients known to run on cameras, he says. “It’s possible they are faking it or it’s possible it’s a camera that was doing these attacks,” he says. “There are indicators that there are IoT devices here, at scale” The attack didn’t use reflection or amplification, so all the traffic consisted of legitimate http requests to overwhelm Krebs’s site, Ellis says. “It’s not junk traffic.” A lot of things about the attack are still unknown such as who’s behind it and what method the botmasters used to infect the individual bots. Ellis says some other providers Akamai had contacted report similar but smaller attacks likely from the same botnet. Many of them were aimed toward gaming sites, and Krebs has written about such attacks, so there may be a connection there, he says.

Conduct an honest IT performance evaluation in problem areas

A good first step for IT performance measurement is to at least somewhat follow either a DevOps methodology or ITIL; both have their merits and each team or business needs to decide what fits them best. Some measures to improve IT will line up with DevOps and others won't, but are best practices that solve these issues. When reviewing a failure, consider whether the fault occurred in the project, due to a change, or in the IT operation. Each need to be treated a bit differently, but will also have overlaps with how it is assessed and remediated during the IT performance evaluation.

Quote for the day:

"Opportunities don't happen. You create them." -- Chris Grosser

October 02, 2016

Standardizing Requirements Descriptions on Scrum Projects for Better Quality

The direct impact of standardizing requirements descriptions on development can be seen in the example of a large social media company that owns several popular websites used by millions. A rapidly developing Agile project, with high reaching market goals set by stakeholders, existing documentation was narrowed down to information that served users and ongoing development purposes. The stakeholders were not interested in investing in the creation and support of hundreds of pages of documentation, which would have made sense and is common practice for most Agile projects. The client already had their own development team and many ambitious plans, but needed more resources to implement them.

Will the coming robot nanny era turn us into technophiles?

Despite the thorniness of some of the issues between humans and robots, the reason we are entering this robot age is because of one simple fact: functionality. Robots will make our lives far easier. In fact, the robot nanny is a prime example: It will be adored by parents — and likely much more so than the human nannies who are known to call in sick, show up to work late and, on occasion, sue their employers when they hurt themselves on the job. Robot nannies will replace real nannies like the automobile replaced the horse and cart — allowing parents much new free time and opportunity to pursue careers. One major factor going for the development of robot nannies is their cost effectiveness. I’ve been either watching my kids or hiring nannies for the last five years.

Dear tech industry: Stop renaming stuff all the time. Just. Stop. It.

G Suite is the new name of Google Apps. Except Google Cloud is the new name for Google for Work (which is Google Apps, but for more people) and Google Apps, Enterprise, which had a comma in its name. Okay. Okay. Deep breath. Get off my lawn! No. wait. This isn't a get off my lawn moment. This isn't just whining on the part of a tech pundit who doesn't want to remember new names anymore. I got this. I read 50 tech news articles every morning. I can keep track of this because it's my job, and we have an editorial guide here at ZDNet. But regular users don't have the time for this crap. Renaming core products has serious repercussions beyond merely my desire to rant.

Retail cloud computing: The key benefits of moving to cloud-based SCM

The fact is, customers expect to be able to make purchases from whatever channel they choose in a fast, efficient manner. To make this happen, retailers are increasingly working to update traditional supply chain management (SCM) systems by embracing retail cloud computing. By using cloud-based SCM technologies and services, retailers can gain visibility and track inventory throughout the entire lifecycle, allowing them to ultimately become more agile, profitable and relevant to today’s tech-savvy and increasingly demanding consumers. Though traditional SCM platforms take a more siloed and transactional approach to the entire fulfillment lifecycle, this method no longer works in an omnichannel, hyperconnected world.

Banks like to talk about blockchain, but none wants to be the first to actually use it

If it becomes mainstream, proponents see many possibilities for blockchain. Instead of each party in a transaction keeping separate records and copies of contracts, blockchain is a bit like a Google document, where many people can look at the same record at once. The transaction takes place between two parties without an intermediary, and all changes are clear, unchangeable, and validated by everyone involved. Any additional transactions that take place get added to the chain and form part of a golden record of transactions. This opens up the possibility of what the industry calls "smart contracts." For example, let's say shoes are being manufactured in China for sale in the US. Every step of the process could be part of a blockchain.

Silicon Valley Selects Synereo Over Ethereum As Blockchain Platform

With this recent partnership Synereo is likely to catapult in the blockchain discussion and attract many of the top dApp developers. James Currier, Managing Partner at NFX, explained the Guild’s decision to choose Synereo’s technology for the project, stating: “If you do the analysis, Synereo comes out as the superior platform for developing decentralized apps. It runs fully distributed instead of massively replicated. It’s JVM top to bottom rather than Python. It’s forward compatible, vs other platforms anticipating multiple hard- forks. Synereo has the identity layer built in which provides distribution advantages and network effects. Lastly, fine-grained concurrency, vs other platforms’ linearity, provides greater speeds and scalability”

.Net application that works online and offline [Smart Client Concept]

In windows application, we are going to log in with same credentials which we have registered in web application and while we are logging for the first time in windows application we need an Internet connection to that you can also login into the application while the application is offline. After Successful login, a new form is shown in which User is going to add new product and while doing this process we do not require an internet connection. When an internet connection is available it will sync all data from windows application to web application [web server] and this process will run in background. Meanwhile it is transferring all data to the web server it will also delete that data from windows application database which is transferred.

Ways to Make Code Reviews More Effective

As with all architecture/design areas, the non-functional requirements for the performance of a system should have been set upfront. Whether you’re working on a low-latency trading system which has to respond in nanoseconds or you’re writing a phone app to manage a “To Do” list, you should have some idea of what’s considered “too slow.” Before deciding on whether we need to undertake code reviews based on performance, we should ask ourselves a few questions about what our requirements are. Although some applications really do need to consider how every millisecond is spent, for most applications there’s limited value spending hours agonizing over optimizations that will save you a few CPU cycles. But there are things a reviewer can check for in order to ensure that the code doesn’t suffer from common avoidable performance pitfalls.

Goldman Sachs: We're in the 'second wave' of fintech

Gido believes that we are currently in the second wave of fintech development, wherein "incumbents are using their brands and infrastructure to remain competitive with the startups." ... This third wave in fact, is already happening. An increasing number of fintech startups are focusing on B2B models, with the goal of selling to and partnering with traditional players. They want to take advantage of incumbents' vast and loyal customer base and offer up their own nimble, innovative technology. And what are people most excited about in fintech? Insurance policies, he said. These seemingly unexciting two words hold a ton of possibility for innovation.

One proven way to boost software quality: Increase your QA team's diversity

Diversity is not just about hiring equal shares of male, female, black, white, Asian, and Hispanic professionals. Real, meaningful diversity requires a collection of individuals with unique perspectives based on their backgrounds, knowledge, past experiences. and environments. Diverse testers better understand diverse end users Your applications are supposed to work for a variety of users: young, old, new language learners, people with disabilities, etc. So who better to test them than people from a wide variety of backgrounds? What’s intuitive for a teenager may not be so easy for a person not as comfortable with today’s fast-changing digital realities. A recent college grad will look at her health care provider page differently than a parent researching ways to treat a child’s condition.

Quote for the day:

"Good leaders make people feel that they're at the very heart of things, not at the periphery." -- Warren Bennis

October 01, 2016

Too few women in cybersecurity: a gap in our protections that must be addressed

Diversity in cybersecurity matters for a very practical reason. Those seeking to breach cybersecurity are willing and able to exploit any flawed thinking, any inadvertent blind spot. Cybersecurity teams that fall into group-think or are blind to alternative ways of working through challenges are more likely to miss things and enable hostile actors. Teams that include people with different expertise, backgrounds, genders, ages, cultures are more likely to deliver robust cybersecurity outcomes; implicit assumptions can be more easily challenged and the fullest range of insights on what can go wrong (and hence what can be done) can be gathered.

How to steal the mind of an AI: Machine-learning models vulnerable to reverse engineering

Taking advantage of the fact that machine learning models allow input and may return predictions with percentages indicating confidence of correctness, the researchers demonstrate "simple, efficient attacks that extract target ML models with near-perfect fidelity for popular model classes including logistic regression, neural networks, and decision trees." That's a polite way of saying such models can be reverse engineered. The researchers tested their attack successfully on BigML and Amazon Machine Learning, both of which were told of the findings in February. In an email, Cornell Tech computer science professor Ari Juels, a coauthor of the paper, suggested mitigating these attacks could prove challenging. "Effective countermeasures to model extraction could well be possible, but this remains an open research question," he said.

How Blockchain can bolster interoperability and information security at the same time

Blockchain has potential value due to its shared, fixed record of peer-to-peer transactions, built from linked transaction blocks and stored in a digital ledger, Deloitte said. The network is both secure and actionable by relying on established cryptographic techniques, and letting participants in a network interact (e.g. store, exchange, and view information), without pre-existing trust between the parties. “Interactions with the blockchain become known to all participants and require verification by the network before information is added, enabling trustless collaboration between network participants while recording an immutable audit trail of all interactions,” Deloitte explained.

Industrial IoT leaders work towards interoperability and open source collaboration

GE and Bosch are working together to shape the connected world through a collaboration between the software divisions of both organizations, GE Digital and Bosch Software Innovations. The organizations have signed a memorandum of understanding where GE Digital and Bosch Software Innovations will further facilitate openness and growth of the Industrial Internet of Things (IoT). The agreement focuses on technology interoperability and platform integration through GE’s Predix operating system and the Bosch IoT Suite. GE Digital and Bosch Software Innovations intend to make complementary software services available on the other company’s cloud platforms to enhance the overall value of each cloud offering and provide solutions to a wider customer base.

Shaw says NHS is under frequent cyber attack

“We are seeing more and more ransomware attacks,” he said. This included one big, but unsuccessful, national level attack early this month which “may or may not have been state sponsored”. “It was big and it was hard and it was sustained... before, we didn’t know this sort of thing was happening until we got the worst outcome, but now we are in detect mode, rather than defence mode.” Shaw revealed a wide range of attacks were being made on the NHS, with some of these using well-known techniques such as spear phishing, in which hackers target an individual to inadvertently reveal useful information or spread malware. He said NHS Digital itself was successfully targeted in a spear phishing attack by a hacker pretending to be an old friend of one of its staff, using information from social media.

Tech Giants Team Up To Devise An Ethics Of Artificial Intelligence

The Partnership on AI announcement lays out an ambitious agenda for research to be conducted or funded by members, in partnership with academics, user group advocates, and industry experts. Topics on the research agenda include ethics, fairness, inclusivity, transparency, privacy, and interoperability. A recent white paper from IBM called "Learning to Trust Artificial Intelligence Systems" provides some hints as to what the Partnership on AI might be tracking. Authored by Guruduth Banavar, IBM's chief science officer for cognitive computing, it basically expands the concept of garbage-in/garbage-out to now include garbage in-between.

What to do when hackers break into your cloud

There are two major types of public cloud computing attacks: single-tenant and cross-tenant. A cross-tenant attack is the stuff of IT nightmares, but it has not yet occurred. Single-tenant breaches are more likely to occur. In these attacks, the hacker has compromised one or more machine instance, but can't go beyond that. The most likely cause of a single-tenant breach is that user IDs and passwords have been compromised. That's typically due to malware or phishing attacks on client devices. In this case, it's all on you; the cloud provider has done its job, but you haven't done yours. When such breaches occur, hopefully you'll figure it out quickly. When you recognize the breach, the best response is to invoke a prebuilt set of processes that can do the following

Task Force Tackles Healthcare Cybersecurity Challenges

According to Theresa Meadows, co-chair of the Health Care Industry Cybersecurity Task Force and CIO of Cook Children’s Health Care System, the panel’s 20 subject matter experts are drawn from a wide variety of organizations including providers, payers, pharmaceutical companies, medical device manufacturers, IT vendors, and government agencies. “We have representation from all the segments within healthcare so that we can have well-rounded discussions,” said Meadows. “There’s also a patient advocate on the task force.” Meadows said the task force has held several public and private meetings to date and will be “wrapping up its charge” early next year, after which it will report to Congress on its findings and recommendations.

An Open API Initiative Update

WebHooks can be tricky, but with the support we’ve been planning, a server designer can tell the consumer exactly what sort of signature they need to implement for successful handling of a WebHook, and even how the consumer can send messages back to the event producer with different response codes, so you can potentially describe the subscription, unsubscription, and retry flows, making the connections 100% automatable. Also, looking at representations and schemas; it may be a JSON world right now, but remember when the XML world would rule forever? We do, and getting more support for different schema formats is essential for the next 5-10 years of API design. Expect to see new and flexible techniques in 3.0 for this topic. Again, we’ll ensure that the final solution is implementable and not just a modeling proof-of-concept.

DNS Security Extensions - Complexities To Be Aware Of

Interoperability amongst the DNS software is another issue that is adding to the problems. Above all, attackers can abuse improperly configured DNSSEC domains to launch denial-of-service attacks. The following are some such major complexities that one should be aware of. .. This is an attractive target for attackers since it allows them to ‘amplify’ their reflection attacks. If a small volume of spoofed UDP DNSSEC requests is sent to nameservers, the victim will receive a large volume of reflected traffic. Sometimes this is enough to overwhelm the victim’s server, and cause a denial of service. Specifically, an attacker sends a corrupted network packet to a certain server that then reflects it back to the victim.

Quote for the day:

"The underlying principles of strategy are enduring, regardless of technology or the pace of change." -- Michael Porter

September 30, 2016

Ransomware Spreads Through Weak Remote Desktop Credentials

According to Kaspersky Lab, the TeamXRat attackers peform brute-force attacks against internet-connected RDP servers and then manually install the Xpan ransomware on the hacked servers. "Connecting remote desktop servers directly to the Internet is not recommended and brute forcing them is nothing new; but without the proper controls in place to prevent or at least detect and respond to compromised machines, brute force RDP attacks are still relevant and something that cybercriminals enjoy," the Kaspersky researchers said in a blog post. "Once the server is compromised, the attacker manually disables the Antivirus product installed on the server and proceeds with the infection itself."

This Emerging Tech Company Has Put Asia's Tuna On The Blockchain

A British company just ended a pilot in Indonesia, using blockchain to pioneer a new method of traceability when it comes to fishing, which could stop many of the troubling practises within the illegal fishing industry–including slavery. Provenance used mobile, blockchain technology and smart tagging to track fish caught by fishermen with verified social sustainability claims. Their pilot successfully tracked fish in Indonesia from January to June of 2016, and demonstrated not just another digital interface, but a solution to tracking systems and claims securely and without the need for a centralized data management system.

Wealth and Asset Management Report Predicts Blockchain Use by 2021

It is predicted that by 2021, the convergence of these smart technologies will produce a huge impact on the wealth profession, unlocking the doors of global wealth across a diverse universe of investors. However, with a fast-paced marketplace, it is important for investors to understand their customers’ needs and behaviors, and make the necessary technology changes to meet their requirements. Bob Reynolds, President and CEO of Putnam Investments, commented in the report that ‘the business moves in cycles, and some are severe.” ... As a consequence, economist Dr. Nouriel Roubini said in the report that “mediocre growth and low interest rates have become the new normal.”

The Open Group Launches the O-BA Preliminary Standard Part I

Developed by The Open Group Governing Board Business Architecture Work Group, this is the first installment of a three-part standard. Combined, the three parts of the standard will explicitly address all aspects of a business architecture practice. Not only will it examine the holistic approach in modeling required, but also the way of working and thinking, as well organizing and supporting. The standard clearly defines the systemic nature of transformations, the varying interests and goals of stakeholders, and prepares for consistent communication of business priorities and needs throughout the transformation lifecycle. It addresses a real need to solve structural challenges in enterprise and organizational transformations.

How is IoT Paving The Way for the Future

As the tech world is moving towards the cloud, it’s hard to imagine it functioning without IoT. And as we indulge ourselves in our devices and pour large amounts of data in this enormous mesh called IoT, it has swelled up to gigantic proportions. Such a huge system demands an extensive amount of technology and skills in order to sustain itself. But do we have the what it takes to monitor, maintain and secure IoT? According to Nick Jones, VP Distinguished Analyst at Gartner, “A recurring theme in the IoT space is the immaturity of technologies and services and of the vendors providing them. Architecting for this immaturity and managing the risk it creates will be a key challenge for organizations exploiting the IoT. In many technology areas, lack of skills will also pose significant challenges.”

Shutterstock CIO shares SDDC architecture lessons learned

With an SDDC, there are APIs for everything, so I can enable our software deployment for our product. They can have an API through Puppet and deploy through the infrastructure, and we can set up the key metrics, so if we're seeing load increase on our conservative platform, we can automatically expand that, or I can move that up to AWS. I've got some drivers from the leadership team: [They said] 'We want to move to AWS, we want to be faster.' Okay. I would argue that an SDDC makes you incredibly fast when you look at what we need to do as a company and how we need to service dev and products team -- it's that API-driven economy. They just want to be able to fire code out and know that that code gets deployed and we're operating and monitoring it and we're ensuring that stuff is staying up.

WhatsApp’s privacy U-turn on sharing data with Facebook draws more heat in Europe

In the PM interview, Denham was also pressed on whether the ICO is doing anything to stop data flowing now, while it probes the arrangement, but she said she thinks no data is yet flowing from UK WhatsApp users to Facebook. “We are told that data is not yet being shared — so I am hoping that there is a pause in the data-sharing, and some rethinking of the terms and the consent and what data is being shared,” she said. We’ve asked Facebook to confirm whether or not it is harvesting UK WhatsApp data at this point or not and will update this post with any response. Making a general statement about the data-sharing agreement earlier this month, Europe’s Article 29 Working Party ... asserted that: “Users should keep control of their data when Internet giants massively compile it.”

Why Automation Doubles IT Outsourcing Cost Savings

Automation is having the biggest impact on areas in which employees manage physical devices, such as network services. Most IT towers see an average 25 percent decrease in the number of resources required as a result of automation, but certain IT services experience a 50 percent headcount reduction, according to ISG. ISG found that network and voice costs are declining by 66 percent mostly due to the convergence of voice, video and data solutions built on highly standardized and virtualized capabilities, an environment ripe for leveraging automation. Service desk and end user support costs declined by 26 percent due to increased adoption of self help and remote support, the introduction of self-healing functionality, and significant automation of level one and two incidents.

The Top 10 AI And Machine Learning Use Cases Everyone Should Know About

Machine learning is a buzzword in the technology world right now, and for good reason: It represents a major step forward in how computers can learn. Very basically, a machine learning algorithm is given a “teaching set” of data, then asked to use that data to answer a question. For example, you might provide a computer a teaching set of photographs, some of which say, “this is a cat” and some of which say, “this is not a cat.” Then you could show the computer a series of new photos and it would begin to identify which photos were of cats. Machine learning then continues to add to its teaching set. Every photo that it identifies — correctly or incorrectly — gets added to the teaching set, and the program effectively gets “smarter” and better at completing its task over time.

On Abstractions and For-Each Performance in C#

A common misconception is the foreach loop in C# operates on IEnumerable. That is almost correct, but it actually operates on anything that looks like an IEnumerable. That means it must have a GetEnumerator method and that method must return an object (or struct) with Current and MoveNext methods, the latter of which returns a Boolean. This was necessary back in the .NET 1.x era when we didn’t have generics or IEnumerable<T>. If you used a non-generic IEnumerable to loop over an integer array, it would have to allocate a new object for each item in the array (an operation known as boxing). As that would be ridiculously expensive, they decided C# would look for a custom enumerator first, and if it couldn’t find one then it would fall back on IEnumerable.GetEnumerator.

Quote for the day:

"The Crystal Wind is the Storm, the Storm is Data, and the Data is Life The Players Litany" -- Daniel Keys Moran

September 28, 2016

Data Governance: From Insight Comes Action

On average, a knowledge worker spends 36 percent of their time looking for information. If content creators can’t keep up with the amount of data across apps, how could we expect IT to protect it? This is the paradox of shadow IT: corporate intellectual property stored in many repositories must be secured and protected by IT professionals not consulted by users as they select the apps to work and collaborate on this content. The conversation needs to shift from blocking unsanctioned productivity apps manipulating this content, to intelligently protecting the content at the source (i.e. repository) itself so users who should be able to leverage their favorite apps – even when not approved by IT - but only for the content they are allowed to access to. Information governance is the industry term for having clear processes for users and IT on the secure handling of content.

The Role of Data in Digital Transformation

Disparate data sources are often a barrier to organizations looking to make use of their digital content to gain greater business insights. Only a third of those surveyed see themselves as extremely effective in managing and utilizing digital content and channels, and less than a third reported being “extremely confident” in their ability to integrate all data sources and applications. Many organizations have taken to storing data in data lakes, which, put simply, are archives that store a tremendous amount of raw data in its native format (whether structured, unstructured, or semi-structured) for as long as it needs to be held for analysis purposes. However, as the business ingests new types of poly-structured data, it can become increasingly difficult to make sense of it without accessing all of the data stored in the various sources.

73% of companies using vulnerable end-of-life networking devices

Old equipment that is no longer supported by the vendors who made it are vulnerable because newly-discovered vulnerabilities and other problems are not being patched. That puts those companies at higher risk of security breaches, network outages and higher future replacement costs. "If its an older device, there are vulnerabilities against it," he said. But companies often keep the older equipment around because it still works. "If something isn't having an issue, we tend to forget about it," Vigna said. "If there isn't pain, there isn't a reason to change a lot at companies." In addition, the companies might not even be aware that some of their equipment is past its due date.

In The “Second Wave” Of Cloud Computing, Hybrid Cloud Is The Innovator’s Choice

Hybrid is the palette they’re painting with, best expressed by the analysts at Frost and Sullivan. “At their core, successful hybrid cloud strategies support the delivery of high-value applications and services to the business, while at the same time driving cost and inefficiency out of the IT infrastructure,” the study said. Fine, but how does adopting a hybrid cloud strategy support business success, particularly as we enter the era of cognitive computing? Successful organizations provide the answer. They aren’t adopting cloud technology for its own sake. Instead, they’re pursuing a business strategy that’s equally about transformation and industry disruption.

Improve application rollout planning with advanced options

One drawback of canary deployment to consider during application rollout planning is the time it takes to complete an update, as the new version is tested and phased gradually into production. This means the application owners must manage more than one version simultaneously, and it demands careful change and version management on the part of IT operations staff. The incremental increase in usage allows ample opportunity to gather load metrics, however, allowing production IT capacity planners to see how load demands change with the updated code. And the canary process provides a relatively safe and rapid rollback process if unintended consequences occur.

BTCPoint Creates 10,000 Bitcoin-Enabled ATMs Using Spanish Bank Network

To access the service, BTCPoint users enter the amount of money they'd like to withdraw from an ATM using the application and send bitcoin to a company address. Next, users receive an SMS and a PIN code, input the PIN code into an ATM on the network and withdraw their funds. The service today is one-directional, with users only being able to withdraw cash from units, though Lopera said BTCPoint is working on solutions that diversify its service. "We are focusing on changing bitcoin into cash, and we’re also talking with different credit card processors, who could enable the buy option so you can buy at a very low fee," he said. Lopera suggested BTCPoint is in talks with US and Latin American banks as a means to expand its service.

Enabling a digital future requires smart capital strategy.

Executives recognize that digital transformation is impacting all aspects of their business — from the front - end to the back. They also know that the competitive landscape is changing rapidly as barriers to entry are eroded. Digital is a continuous form of disruption to existing (or new) business models, products, services or experiences, enabled by data and technology across the enterprise. The key challenge for many companies will be a lack of sufficient capital to meet their digital ambition. Enabling a digital future requires smart capital allocation. Selecting the right strategic investments — organic or inorganic — offers routes to growth. The key question is can companies build the capabilities required to succeed in the brave new world — or do they need to buy?

Why London will remain a global tech hub post-Brexit

London’s corporate tech base is impressive and should also help maintain its position. The presence of big global tech companies, such as Google, Amazon, Facebook, Microsoft and Yammer, provide a solid foundation for the tech sector, while fast-growing smaller companies, such as Skyscanner, Badoo, Hailo and Mind Candy, provide that drive for innovation for which London’s tech sector is renowned. Accelerator programmes to help the Capital’s tech start-ups expand and succeed are another factor why the doomsayers over London’s tech future are wrong. Currently there are around 4,000 start-ups in the Capital and about 40 accelerator programmes, such as Seedcamp, TechStars, Wayra and Oxygen, help foster these young firms and buoy their growth.

3 Big Trends in Business Intelligence and Analytics

Lack of good, consistent quality data is cited as the number one challenge organizations face to realizing the full potential from analytics (A.T. Kearney’s “2015 LEAP Study - Leadership Excellence in Analytic Practice”). Excessive time and resources are needed to manipulate and “roll-up” data before business analysts can start to use it for reports, analytics and insights. Often these challenges are compounded when analysts create work-arounds that drive “shadow” data bases and ad hoc data management processes that undermine confidence in the data. Strong business intelligence can become the data syndication traffic cop and data clearing house for enterprises that need to make better, faster decisions using good quality data and insightful analytics.

Traffic Data Monitoring Using IoT, Kafka and Spark Streaming

In order to process the data generated by IoT connected vehicles, data is streamed to big data processors located in the cloud or the data centres. An IoT connected vehicle provides real time information of the vehicle like speed, fuel level, route name, latitude and longitude of vehicle etc. This information can be analysed and data can be extracted and transformed to the final result which can be sent back to the vehicle or to a monitoring dashboard. For example, using the information collected for different vehicles we can analyse and monitor the traffic on a particular route. In this article, we’ll use Apache Spark to analyse and process IoT connected vehicle’s data and send the processed data to a real time traffic monitoring dashboard.

Quote for the day:

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur Clarke

September 27, 2016

Why Hire a Corporate Lawyer When a Robot Will Do?

Well-tuned search engines could save people a lot of time and suffering. Luminance promises to increase the efficiency of contract review by at least 50 percent. Kira Systems claims a time reduction of as much as 90 percent. If Bayer’s legal team had included robot lawyers, maybe they could have completed due diligence for the Monsanto deal in days. So will the associate attorney, among the least satisfying jobs in the U.S., become a thing of the past? Not necessarily. Even though automated-review tools are great for organizing documents into actionable information, intelligent humans are required to step in when the computer encounters ambiguous language or unexpected cases. It’s like how self-driving cars still have human supervisors in the vehicle to deal with rogue squirrels or trolley problems.

One Fantastic Keyboard For Your Compiter, Phone And Tablet

This full-size, six row keyboard features a complete set of function keys and a number pad. Certain keys—such as Alt and Ctrl—will automatically change functions depending on which operating system you’re working in. Running the length of the keyboard is a rubberized tray that holds your mobile devices at the correct viewing angle. You can link up to three devices at a time to the K780 via Bluetooth. Those without Bluetooth can connect via Logitech’s Unifying USB dongle. At the top left of the keyboard are three white buttons used to pair your devices. Switching between paired gadgets is as simple as tapping the corresponding button.

How to succeed with hybrid cloud application integration

The biggest mistake you can make in hybrid cloud integration is overspecializing. You should establish a common network connection model across your entire hybrid cloud and then work to define a standardized hosting model to deploy applications/components. The connection model issue can only be addressed by creating a virtual private network that can host all of the applications and components. Enterprises are increasingly looking to adopt software-defined or virtual networks as their connectivity core, and if the proper software-defined network or software-defined wide area network model is adopted, it can connect everything, whether in the cloud or the data center. There's no substitute for open uniform connectivity, so it's critical to get this right, and enterprises are recognizing that the basic cloud networking tools are best used to supplement this enterprise virtual network, not create it.

Government lawyers don’t understand the Internet. That’s a problem.

Today, cyber, data and privacy questions lie at the core of numerous corporate and government cases, and there aren’t anywhere near enough practicing lawyers who can adequately understand the complex issues involved, let alone who can sufficiently explain them in court or advise investigators on how to build a successful case. “This is a problem that pervades all of the national security apparatus,” says Alvaro Bedoya, who previously worked as the chief counsel to the Senate Judiciary Committee’s subcommittee on privacy, technology and the law, and now leads Georgetown Law’s Center on Privacy & Technology. “You don’t have a pipeline of lawyers right now who can read code.”

Your users have porous passwords? Blame yourself, IT.

Maybe IT needs to tone down its security awareness efforts. New research by psychologists into password strength delivered the non-intuitive conclusion that users who are well briefed on the severity of security threats will not, as IT had hoped, create stronger passwords to better protect themselves. They actually tend to create much weaker passwords because the briefings make them feel helpless, as if any efforts to defend against these threats are pointless. The research, from a Montclair State University study — detailed here in a story from The Atlantic — suggests that IT staffers need to make sure that they emphasize how powerful a defense passwords, PINs and secure phrases can be in defending against threats, at least until we are able to deploy better authenticators.

Psychology Is the Key to Detecting Internal Cyberthreats

The key to identifying and addressing at-risk employees before a breach or incident occurs is to focus as much on understanding and anticipating human behavior as on shoring up technological defenses. The best way to do this systematically is by analyzing employees’ language continuously and in real time, in a way that still respects privacy. And, the data is readily available to do so because email, chat, and texts are now one the most common methods of communication in business. ... The opportunity for using psychological content analysis in the corporate workplace is vast. Not only can leaders utilize this to intervene before a security breach, but leaders can also use insights to support other efforts to build a healthier culture and develop the organization’s talent.

Mood of the Boardroom: Hacking a serious business

The fact that cybersecurity now ranks alongside what have long been seen as the world's greatest challenges is telling. A real estate director said, "Both terrorism and cybersecurity are always cause for concern of the highest level, as we do not know when and where it will next hit." In light of the increasing acknowledgement of the risk, there are opportunities for the businesses that help address it. Kordia acquired Aura Information Security, a leading cybersecurity company, for just over $10m in late 2015. Bartlett sees addressing cybersecurity threats as a potential selling point for New Zealand. "We are small enough to make our little country a stand-out example of how to get it right," he said. "If we can, our cyber-safe brand will be as important as, and more credible than, 100 per cent Pure New Zealand."

Companies say IoT matters but vary on how to secure it

Overall, their biggest challenges in deploying IoT revolved around security and privacy. But most are taking an “ad hoc” approach to security, doing things like securing individual devices using firewalls. However, 23 percent said they are integrating security processes into their IoT workflow. No single approach has won out yet, MacGillivray said. Finding people with the right job skills is another thing that makes IoT difficult, respondents said. That's a pain point especially in terms of crunching all the data that flows in from the new systems. Also, most enterprises haven’t taken advantage of edge computing, which may be one of the most important parts of IoT, according to IDC. A majority of organizations that have deployed IoT devices just use them to collect data and send it to the cloud or a data center for processing.

How To Mitigate Hackers Who Farm Their Victims

The farming is more sophisticated now with advanced Command and Control (C&C) servers that they use to make system changes remotely, multiple backdoors in multiple systems, bogus accounts they create to sell or reuse, and sensors they leave behind to identify and harvest specific data, says Inskeep. Command and control servers work by receiving communications from malware-infected systems that call out to the internet via outbound network traffic. This works because most network security is geared to defend against what is coming in, not what is going out. Hackers can spread large numbers of Trojans into different kinds of systems because they can pair these backdoors with many different kinds and pieces of legitimate software from OS and application updates to games.

Is the internet of things the new DDoS attack weapon?

It’s been posited that attackers are leveraging internet of things (IoT) devices to grow their botnet capacity to this new level, which in itself is troublesome, but first, the backstory. Krebs is one of the most prolific cybersecurity-focused investigative journalists and has broken a number of high-profile stories and been responsible for numerous arrests over the years. As a result of his intrepid work, Krebs has come into direct contact with plenty of criminal gangs and met the perpetrators of many of the world’s most notorious cybercrime fraternities face to face. Speculation that this is why his site was attacked has stemmed from his recent coverage of an Israeli online DDoS attack service called vDOS – still available to read via Google’s webcache.

Quote for the day:

"Optimism is the faith that leads to achievement. Nothing can be done without hope or confidence." -- Helen Keller

September 26, 2016

Why CIOs are embracing SaaS ID management

Shelving several legacy ID management products with one single sign-on tool is a common business case for Okta, as well as rival solutions from Centrify, OneLogIn and Ping Identity, says Gartner analyst Gregg Kreizman. Such solutions also compensate for companies' inability to retain skilled IT workers schooled in traditional ID management. In 2016, Experian CTO Joe Manna began testing Okta for a mobile app that enables consumers to access their credit reports. Manna told Libenson both the software and company were great to work with so Libenson instructed his staff to use Okta to manage Experian identities worldwide across cloud, on-premises and mobile applications, including authentication into its core Oracle ERP system.

IT operations automation requires code-wielding sys admins

Once, IT delays were caused by waiting for deliveries and hardware installation; today, an administrator who is taking too much time to deploy VMs is the problem. Using a graphical user interface (GUI) for IT tasks simply takes too much time. Administrators are asked to manage hundreds to thousands of VMs thanks to the explosive growth in virtualization and the VM sprawl that accompanied it. This has led to growth in automation to help admins cope with these tasks and duties. While some level of IT automation has existed for years, it was often smaller scripts and batch jobs that took care of a few stand-alone tasks. Today, automation has become a critical part of data center operations as our applications scale out while staffing stays the same.

Blockchain-Based Smart Identity Will Free World of Paper ID’s

An interesting facet of the Deloitte project is that Smart Identity as a protocol is portable on different Blockchains while the current version of the prototype has been using Ethereum Blockchain. We also asked Deloitte about who is going to hold the actual data and we were told that there is a number of trusted data repositories available but there is also scope for using a hybrid model with a network of trusted custodian services as well as distributed data services in the future. ... In order to migrate from the current system of paper based identity that we have today, there will invariably be the need for all parties involved like governments, corporations and individuals to work in tandem. Cointelegraph asked Shelkovnikov about the issue of provenance of identification and how it would all work.

The Emergency Alert System: Failure IS an option

While many reported a complete failure of the EAS, the FCC issued a report showing that the failure rate was close to 18 percent. Certainly not perfect, but when coupled with social media and other forms of communication that would likely have been deployed on an individual basis, I believe it's safe to assume the word would have gotten out in a timely fashion. The biggest problem I saw with the test was significant technology inconsistencies with what people heard and saw. Some stations showed the textual message but no audio and no alert tones, certainly a problem for someone who was blind, while other stations broadcast the audio for the emergency messages but did not show the text for those messages, leaving a person who is deaf or hard of hearing completely unaware of the situation at hand.

Why Amazon can't possibly be the only cloud winner

Enterprises have many workloads. Some workloads run best on one specific public cloud or another. For example, we've found that Google has far and away the best internal network performance. So, a network-intensive workload should probably run there. Microsoft has GPUs available in Azure for video rendering and HPC workloads. Amazon does a very good job at storing files and objects and distributing them globally for fast access. Enterprises also have troves of legacy data and applications. The reality of IT is that 90% or more of the budget goes to maintenance. That leaves very little for new development. Enterprises choose between migrating legacy applications to the cloud and writing new applications.

Robotic process automation technology gets to work

RPA, or robotic process automation, has a sexy ring to it these days, especially in the C-suite and company boardrooms. And why not? There's a lot about this emerging technology to pique a boss' interest. Robotic process automation technology -- defined in simple terms as software that automates other software -- promises to improve efficiency, boost productivity and save money by helping with or entirely replacing the manual, routine and often error-prone digital processing jobs still done with human labor at many companies. ... The software robots of RPA ilk -- virtual workers, if you please -- interact with computer systems the way most employees do, at the presentation layer through the user interface, requiring minimal code-based programming or deep back-end systems integration.

802.11ad is the fastest Wi-Fi that you might not ever use

“To date, the Wi-Gig products that are shipping in the market have been largely confined to peer-to-peer applications. Once infrastructure mode is widely available on Wi-Gig capable clients, enterprise radio vendors will rapidly follow,” he said. And while Qualcomm’s Grodzinsky hinted at major product releases coming within the next couple of weeks, nobody is particularly clear on the timeframe for widespread 802.11ad adoption, whether as a traditional Wi-Fi technology or, as Forrester’s Kindness suggests, as a wireless backhaul carrier. For the enterprise IT department, Kindness argues, it’ll be three years before decision-makers really need to get their arms around 802.11ad. “It takes about a year to two years to become mainstream, because it doesn’t have product support, you have to understand where you’re going to use it,” he said.

Biometric Skimmers Pose Emerging Threat To ATMs

The devices apparently act just like regular skimmers do in stealing payment card data. They are designed to connect physically to a target ATM and to steal fingerprint data that users may be required to input while authenticating their identity with the device. The stolen data can then be used to authorize other fraudulent transactions, the researchers say. Available evidence suggests that the first wave of biometric skimmer machines, which surfaced last September, were buggy and had to contend with multiple issues during initial tests in the European Union. The biggest hurdle apparently was the fact the GSM modules that the underground sellers used in their skimmers for transferring stolen biometric data, and were too slow to handle large data loads.

Data Interchange Flexibility

JSON and XML are two complementary standards, each suited to different situations. JSON’s popularity is in no small part owing to the fact that it is built into JavaScript. That is JavaScript can read JSON directly without any additional parsing. This is a huge convenience for JavaScript developers. Given that it is also less verbose than XML, it is the often logical choice for sending transient data between the client and server layers within many web applications. Whilst being more verbose, XML offers many other advantages. For example, XML schemas allow one to describe, extend, communicate and validate XML datasets. XSLT allows for easy transformation of XML from one format into another, and XPath/XFormat engines allow for deep querying of native XML files.

The Internet of Things is broken. We need better security to fix it

Even if individual devices are designed with device-level security, an interconnected architecture may still expose vulnerabilities. Electronic devices in general have accessible interfaces such as JTAG ports and MAC addresses that provide an increased 'attack surface' and make devices vulnerable to invasive attacks that reverse engineer security. Also, devices invariably share components and firmware across product lines, allowing a vulnerability detected in one system to be exploited in another one using the same chipset. Most IoT systems also have field sensors that can be subject to physical security issues: critical sensors can malfunction if subjected to higher operating temperatures or voltage ranges. They can simply be vandalised, or even replaced with rogue devices connected to a cybercriminal’s Bot network.

Quote for the day:

"Give your past a Teflon coating. Be honest with yourself and others making sure you’ve fully let go of the past." -- Karen Keller