Daily Tech Digest by Kannan Subbiah

Daily Tech Digest - September 15, 2017

Tesla crash shows man and machine must cooperate

This complex failure, which both man and machine contributed to, sounds an important warning about autonomous-drive technology: until the systems are so good they need no human input, the human driver must remain at the center of "semi-autonomous" drive system design. Engineers must assume that if there's a way for people to misuse these systems, they will. Just as important, companies need to understand that if they over-promote a semi-autonomous drive system's capabilities in hopes of pulling ahead in the race to autonomy, they run the risk of making the technology less safe than an unassisted human driver. There's a lesson to be learned here from aviation. As computers and sensors improved in the 1980s, aircraft manufacturers began to automate more and more of the controls simply because they could.

What is Kotlin? The Java alternative explained

Kotlin has relaxed Java’s requirement that functions be class members. In Kotlin, functions may be declared at top level in a file, locally inside other functions, as a member function inside a class or object, and as an extension function. Extension functions provide the C#-like ability to extend a class with new functionality without having to inherit from the class or use any type of design pattern such as Decorator. For Groovy fans, Kotlin implements builders; in fact, Kotlin builders can be type checked. Kotlin supports delegated properties, which can be used to implement lazy properties, observable properties, vetoable properties, and mapped properties. Many asynchronous mechanisms available in other languages can be implemented as libraries using Kotlin coroutines, which are experimental in Kotlin 1.1.

Markets, GPS could be first to go in the event of global cyber conflict

Evil state-sponsored hackers do want to wreak mass havoc on the societies they deem to be the enemy. I would counter that it is probable, not just possible, that cyberattacks will shut down the power grid, erase or paralyze financial data systems (see above) or cause military equipment to malfunction in the near future. ... “It certainly is very odd that so many incidents have taken place in a relatively short period of time,” Finnish computer programmer Harri Hursti told me. Hursti said vulnerabilities in GPS technology would be the logical place to start any investigation into the U.S. Navy mishaps that have plagued the Pacific fleet this year, but pointed out that there was not enough information about the systems used to make an educated guess at what may have happened.

What is BlueBorne? Billions of phones, laptops and TVs at risk of silent Bluetooth hack

"These silent attacks are invisible to traditional security controls and procedures," said YevgenyDibrov, the chief executive of Armis, in a statement. "Companies don't monitor these types of device-to-device connections in their environment, so they can't see these attacks or stop them," he added. Armis said that it first reported the vulnerabilities to Google, Microsoft and Linux in April and patches have now been released as part of vendors' regular scheduled updates. Users are recommended to urgently download all security fixes to stay safe. Ars Technica reported that the time to exploit a device was "no more than 10 seconds" and that it would theoretically work even if a device was already paired with another. A spokesperson for Microsoft claimed it first released patches for BlueBorne in July this year.

Power, Performance, and the Cloud

There are a lot of security vendors today offering cloud-enabled security tools, devices and platforms. What is lacking is a comprehensive security approach that can tie the hybrid nature of networks together into a single, holistic security strategy without compromising performance. Many of the security tools on the market continue to operate in isolation, which diminishes effective cross-platform visibility. Cloud-based tools don’t necessarily work well in more traditional, physical environments. And nearly all of them collapse in terms of performance when deep inspection is required, which is nearly all the time given the increasingly sophisticated nature of threats and the fact that more than half of all network traffic is now encrypted.

10 tips for better search queries in Apache Solr

Apache Solr is an open source search engine at heart, but it is much more than that. It is a NoSQL database with transactional support. It is a document database that offers SQL support and executes it in a distributed manner. Previously, I’ve shown you how to create and load a collection into Solr; you can load that collection now if you hadn’t done it previously. ... The original scoring mechanism that Solr used is called TF-IDF, for “term frequency versus the inverse document frequency.” It returns how frequently a term occurs in your field or document versus how frequently that term occurs overall in your collection. The problem with this algorithm is that having "Game of Thrones" occur 100 times in a 10-page document versus ten times in a 10-page document doesn't make the document 10 times more relevant. It makes it more relevant but not 10 times more relevant.

Digital Transformation Is More Outside The Enterprise Than Inside

When an enterprise starts a digital transformation initiative, the boundaries for that extend far beyond the enterprise. It goes and touches every part of the ecosystem, which we loosely call the customer, whether he is a paying customer, a prospective customer, a next generation customer or an accidental customer. With all the availability of the digital technologies, we have far more ways to engage the so-called customer. The CIO in the years gone by, whether he was a driver, implementer, endorser, his focus was handling IT systems. Today the CIO’s hands are full in keeping the lights on, and still in a cost-sensitive position, he still has to prepare for the future. ... When you start thinking about real digital transformation inside and outside the enterprise, he may not have the bandwidth and that’s where the CDO comes in.

Workplace IoT Puts Companies on Notice for Smarter Security

Given the understandable unease, employers may be tempted to take a knee-jerk approach and ban employees from using their connected devices in the workplace, similar to what they did when people started taking smartphones to work. But organizations should avoid that inclination and instead focus on providing clear instructions for how employees can safely and appropriately use their devices in a way that does not put the organization at risk. Otherwise, current and prospective employees may look for a friendlier workplace to take their devices — and their talents. Putting a sound IoT policy in place — with emphasis on separate network segments for employee-owned devices — is a far better alternative. The policy should address issues such as whether devices will be allowed to connect to the Internet and how to handle devices capable of recording sound or video.

The future is coming. Here's what it might look like

Emergent technologies are poised to radically change how we work and live. They will transform our cities and workplaces, shifting jobs and entrepreneurship in new directions, and spur new ways to manage our lives. All of society will be affected, up to and including how we interact with machines themselves. Sophisticated machines and applications that communicate online will accelerate demand for broadband internet and challenge existing information and telecommunication norms. All of this will require ongoing discussions about security, infrastructure and open-data policy and planning. We now need action. We must move past: “We know it’s coming and have to do something” to “Here is how we can implement and collaborate to make it happen.”

Is TDD a Form of OCD?

The current fanatical TDD experience leads to a primary focus on unit tests (...) I don't think that's healthy. Test-first units leads to an overly complex web of intermediary objects and indirection (...) It's given birth to some truly horrendous monstrosities of architecture. A dense jungle of service objects, command patterns, and worse. It is easy to see that most organizations are shifting away from TDD as a testing paradigm and towards Behavioural Driven Development (BDD). Atlassian’s Heather Krebsbach writes unequivocally in 2016: This test-first approach became increasingly popular and was coined as test driven development (TDD), but businesses quickly realized it didn’t give them the visibility and coverage they needed for the most important business cases in their systems. So, a variant of TDD was born called behavior driven development (BDD),

Quote for the day:

"The useless men are those who never change with the years." -- J.M. Barrie,

Daily Tech Digest - September 14, 2017

Delivering Genuine Emails in an Ocean of Spam

Deliverability is the industry term for an email’s ability to reach a given in-box. If an organization sends high-quality emails that maintain a sizeable forensic distance between themselves and the hordes of spam, more of them will pass the filtering inspections and end up in the customer’s in-box. If more emails end up in more customers’ in-boxes, then more are opened and clicked on (engaged with, in marketing speak). But this isn’t just a desirable outcome for marketing-oriented emails. If you need to deliver an alert or a confirmation email to users, it’s imperative that it lands in their in-box. For example, suppose you’re trying to send information on medications that are vital to your customers’ health. Huge amounts of spam continually try to sell various dubious medicines to the public, and automated spam filters have become sensitive to them.

AbsurdIT: the old data centre computing model is broken

Companies that dispensed with older approaches and embraced client/server and new technologies more generally aren’t any better off as the spaghetti cranked out by generations of systems from various vendors has led to issues of space, heat, complexity and high energy consumption. Little wonder that there is a thriving boutique business in designing and refurbishing data centres. Some even repurpose spaces from cowsheds, aeroplane factories and caves to churches, military bunkers and salt mines. Attempts to cool facilities have led to a boom in firms selling liquid cooling, fans, heat sinks, air- and glycol-cooled chillers and other devices. And here’s the rub: cooling sucks up about as much electricity as the machines they are taking the heat off. We all know why we have this absurdity (or absurdIT, if you will). Change is tough and, in the case of the data centre, often requires comprehensive auditing

Unwanted By Oracle, Java EE Gets Adopted By Eclipse

Oracle cited Eclipse’s experience in Java EE and related technologies as why it is transferring Java EE to Eclipse. “This will help us transition Java EE rapidly, create community-friendly processes for evolving the platform, and leverage complementary projects such as MicroProfile,” said Oracle softwareevangelist David Delabassee. (MicroProfile arose as a Red Hat- and IBM-driven effort to fit Java EE with microservices capabilities last year after part of the Java community feared that Oracle was neglecting the platform. MicroProfile has since moved over to Eclipse.) "Moving Java EE to open governance and collaboration is going to be a process, not an event,” said Eclipse Executive Director Mike Milinkovich. "Our early discussions with Oracle, IBM, and Red Hat have shown that there is a lot of support for this among their leadership teams.”

7 Tips to Fight Gmail Phishing Attacks

"We have definitely seen a rise in sophistication of phishing attacks over the past few years and a shift toward 'quality' over 'quantity,'" says Amy Baker, vice president of marketing at Wombat Security. Broad-based attacks are still happening, but spearphishing and BEC are on the rise. "Cybercriminals are increasingly using social media channels to mine for data and lay the groundwork for high-value attacks," Baker continues. "In these situations, we see multi-faceted approaches that incorporate social engineering techniques outside of email that ultimately make an email communication more believable." Hackers want to take advantage of users' familiarity with Gmail, and other products from high-visibility organizations like Amazon and Facebook.

Why Redis beats Memcached for caching

You’ll almost always want to use Redis because of its data structures. With Redis as a cache, you gain a lot of power (such as the ability to fine-tune cache contents and durability) and greater efficiency overall. Once you use the data structures, the efficiency boost becomes tremendous for specific application scenarios. Redis’ superiority is evident in almost every aspect of cache management. Caches employ a mechanism called data eviction to make room for new data by deleting old data from memory. Memcached’s data eviction mechanism employs a Least Recently Used algorithm and somewhat arbitrarily evicts data that’s similar in size to the new data. Redis, by contrast, allows for fine-grained control over eviction, letting you choose from six different eviction policies. Redis also employs more sophisticated approaches to memory management and eviction candidate selection.

UK companies are still struggling to comply with latest data protection regulations

Companies in the UK mostly store in the public cloud product information (47 percent), information about clients (40 percent), and information about employees (39 percent), and avoid storing off-premise what they perceive to be more sensitive data, such as research into new products ... “The risk of being GDPR non-compliant means not only negative publicity and damage to the companies’ reputation as it has been until now, but also penalties that can total up to 4% of a company’s global annual revenue,” Bitdefender’s Senior eThreat Analyst Bogdan Botezatu says. “With 2017 having already set new records in terms of magnitude of cyberattacks, boards should be aware that it’s only a matter of time until their organization will be breached since most still lack efficient security shields.”

House passes bill paving the way for driverless cars

The “Self Drive Act” was unanimously approved by the House Energy and Commerce Committee in July, before Congress left for August recess, and passed the full House on a voice vote. “Self-driving cars hold the promise of making America’s roads safer, creating new economic opportunities, and helping seniors and those with disabilities live more independently," Commerce Chairman Greg Walden (R-Ore.) and Rep. Bob Latta (R-Ohio) said in a joint statement. “This bipartisan bill paves the way for advanced collision avoidance systems and self-driving cars nationwide, and ensures that America stays a global leader in innovation.” The bill would pre-empt states from implementing certain laws governing the new technology. It would also allow car manufacturers to deploy up to 100,000 self-driving cars a year that don’t meet normal safety standards.

Beware: Your Latest Cybersecurity Threat Could Be the One You Just Hired

Many employees are now familiar with the phenomenon. Spear phishing is specific kind of phishing attack where the phishers pose as trustworthy individuals. The attackers use email spoofing to mask unfamiliar email addresses with those of a coworker or manager to get an employee to divulge important information, make a money transfer, or open an attachment with a piece of malware. This type of scam is becoming increasingly prevalent. It is estimated that over 400 businesses are targeted by business email compromise (BEC) scams every day, with small- and medium-sized businesses the most targeted. Estimates from the FBI place the value of money lost to BEC scams over the past three years at $3 billion, with more than 22,000 businesses falling victim worldwide.

What You Need To Know About Law Firm Cybersecurity

As entities, law firm systems contain highly-sensitive financial data, corporate strategies, trade secrets, business transaction information and plenty of both PIIA and PHI. Unfortunately, many firms lack a complete, effective, privacy and security program. According to an ALM Legal Intelligence study, 22% of law firms did not have an organized plan in place to prepare for or respond to a data breach. Only 50% of law firms included in the study have cyber security teams in place to handle and implement the types of complex programs and initiatives necessary to deal with a data breach. And, unsurprisingly, hackers have noticed these vulnerabilities. In February of 2016, Russian cybercriminal, under the name of “Oleras,” targeted law firms; in March, the Wall Street Journal reported that the nation’s biggest firms have been hacked

Break down silos to manage your cyber risks

A lot of has changed very quickly in the cybersecurity realm in recent years. Where previously it was largely a support function, today cybersecurity is front and centre for any organisation that relies on technology. “Increasingly, it is the very fabric of the digital business itself,” said Mr Gerry Chng, partner and cybersecurity leader at professional services firm EY. “As a result, you need to have the whole business come together and it is really the board and the management that need to be overall responsible and accountable for cybersecurity and bring the right resources into it,” Mr Chng added. Experts say while it is tempting to assume that cybersecurity is a big organisation issue that does not affect smaller companies as significantly, this would be the wrong mindset.

Quote for the day:

"The most common way people give up their power is by thinking they don't have any." -- Alice Walker

Daily Tech Digest - September 13, 2017

Strategic thinking in the age of digital transformation

“Most board members are 60-plus, which means that many don’t have first-hand experience of technology,” Clayton explains. “On the other hand, those IT and digital specialists who do are young, in their late-20s or 30s, and may not have enough experience to be an effective NED.” She adds: “We need to find a balance and it’s tricky to get this right. You only have to look at British Airways and its IT crisis to see how essential it is that boards do have the right expertise and knowledge base. ” It’s an issue that affects all organisations with a big customer base and data, not just corporate boards. Clayton adds: “Charities are also highly vulnerable to IT issues. Imagine if Oxfam’s donor list were hacked?” And the problem will get worse as technology speeds up.

Nearly 400 million PCs at risk from new attack method that could hide any malware

"Bashware does not leverage any logic or implementation flaws in WSL's design. In fact, WSL seems to be well-designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system," Check Point researchers said. Hackers using Bashware also don't require to write malware programs for Linux to run them via WSL on Windows. Instead, Bashware installs a program called Wine, which in turn launches and hides known Windows malware. In order for hackers to use Bashware, they need to already be in possession of the victim's PC admin privileges.

DNSSEC key signing key rollover: Are you ready?

DNSSEC works as a hierarchy with different bodies responsible for each layer and signing the key of the entities in the layer below. The key signing key is a cryptographic public-private key pair, and the root zone KSK secures the topmost layer of the hierarchy, the starting point for DNSSEC validation. There is nothing wrong with the key—it hasn’t been stolen or tampered with—but it is good security practice to periodically rotate the signing key so that even if it falls into the wrong hands, everyone is already using the newer, stronger key. There is no reason to wait for something bad to happen—for the key to be cracked, for example—before updating to a newer, stronger, key. “Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate,” the United States Computer Emergency Response Team (US-CERT) wrote in a recent advisory.

How to Upgrade Judges with Machine Learning

Kleinberg suggests that algorithms could be deployed to help judges without major disruption to the way they currently work in the form of a warning system that flags decisions highly likely to be wrong. Analysis of judges’ performance suggested they have a tendency to occasionally release people who are very likely to fail to show in court, or to commit crime while awaiting trial. An algorithm could catch many of those cases, says Kleinberg. Richard Berk, a professor of criminology at the University of Pennsylvania, describes the study as “very good work,” and an example of a recent acceleration of interest in applying machine learning to improve criminal justice decisions. The idea has been explored for 20 years, but machine learning has become more powerful, and data to train it more available.

The best laptops of 2017: Ultrabooks, budget PCs, 2-in-1s, and more

Choosing the best laptop is about to get a lot harder. Fall is coming—and so are a slew of new laptops. In fact, if you’re hunting for a new ultraportable, we recommend holding off on any purchases for the time being. Intel recently announced four 8th-generation Core i5 and Core i7 mobile processors that could result in a dramatic leap in performance in thin-and-light convertibles, 2-in-1s, hybrids, and traditional laptops. Reveals of notebooks with these chips have begun, with likely more to follow. If you must buy now, though, we’ve got you covered with our current top laptop picks. And if you’re instead in the market for a gaming laptop or even a budget laptop, you’re in luck: Recent reviews include the Gigabyte Aero 15, Asus ROG Zephyrus GX501, and the Acer Aspire E 15.

In the boardroom: mobility in a connected world

I certainly think it is a critical part of virtually every boardroom conversation out there – to have an effective understanding of how that individual company or identity is going to participate in the realm of IoT. Certainly this next era is IoT. Depending on whose numbers you want to believe, there is somewhere between 20 and 50 billion devices that will be hanging off the internet by 2020. Whether we like it or not, it’s coming to us and our devices more directly, through any kind of product manufacturer or government agency, or any other business models. First and foremost we’ve got to provide our customers and end-consumers with an experience that will differentiate us, where utilising our assets will lead to increased demand and loyalty.

Rapid7 CEO: Rethink IT & Security Organizational Structures

Companies are under constant pressure to innovate in today’s fast-paced business environment. That might mean creating a better product, improving efficiency, or creating a better customer experience. Unfortunately, the security function tends to be separate from the innovation process or, worse, after the innovation has created a new vulnerability. That problem will persist unless companies rethink their organizational structures around IT and security. That’s the message that Rapid7 CEO Corey Thomas is delivering in his keynote today at the company’s United 2017 event in Boston. He believes that IT and security teams can work together effectively to innovate, create a better user experience, and adopt new technology without increasing the vulnerability surface.

British Army enhances data-driven decision making to staunch churn

“The model has proven instrumental in helping staff officers identify the conditions that could lead to the early exit of valuable personnel, allowing them to take pre-emptive action to encourage the soldier to stay.” Since initial deployment, adoption of its platform has, the supplier said, expanded to 700 users in the army today. “While primarily used by planners and policy makers, SAS also sees significant use by logistics, education and investment teams as well as for sentiment analysis of the workforce,” it said. The army is using SAS Visual Analytics and now using SAS Operations Research to help it optimise processes and personnel deployment. It has also recently approved a proof of concept for SAS Text Analytics, which it hopes will allow it to use open source data and more efficiently process freedom of information requests and paperwork.

The Time Is Now for Digital Transformation

You do not want to look back and discover you should have started earlier. You may be creating a crisis which you have not yet discovered. A great quote from Stanford economist Paul Romer is, "A crisis is a terrible thing to waste." Unfortunately, a crisis may be the only way you can convince your organization to rapidly embrace digital transformation. Digital transformation is a change in business and a change in mind set. Think of it as a business turnaround. It doesn't matter whether you are a non-profit, government, business, or any other type of organization. Digital transformation will require imagination. How you did business in the past will not be the best way to do business in the future. The traditional IT organization with projects that may last months or years is inadequate for digital transformation success.

BlueBorne is Bluetooth's Stagefright moment

BlueBorne takes advantage of the fact that Bluetooth-enabled devices are always listening for other devices they can connect to. While devices typically have to be manually paired to form that initial wireless connection, once paired those devices reconnect automatically whenever they are near each other. BlueBorne exploits the vulnerabilities in a way that it can establish the Bluetooth connection with devices nearby without having to go through the pairing process. Unless someone happens to be looking at the list of Bluetooth devices, it’s unlikely these connections will ever be discovered. “BlueBorne is different from past Bluetooth-based exploits, which relied on weaknesses in the protocol that no longer exist, or authentication-based issues related to idiotic PIN codes,” said Nadir Izrael, CTO and co-founder of Armis. “It [BlueBorne] requires nothing from the user.”

Quote for the day:

"Facts do not cease to exist because they are ignored." -- Aldous Huxley

Daily Tech Digest - September 12, 2017

Automation, robotics, and the factory of the future

Advances in computing power, software-development techniques, and networking technologies have made assembling, installing, and maintaining robots faster and less costly than before. For example, while sensors and actuators once had to be individually connected to robot controllers with dedicated wiring through terminal racks, connectors, and junction boxes, they now use plug-and-play technologies in which components can be connected using simpler network wiring. The components will identify themselves automatically to the control system, greatly reducing setup time. These sensors and actuators can also monitor themselves and report their status to the control system, to aid process control and collect data for maintenance, and for continuous improvement and troubleshooting purposes.

The next big thing in hard disks may be glass

Hard disk makers are in a big of a struggle for survival. As SSDs grow in capacity and shrink in price, hard disk makers are losing business on the low end. Only the cheapest of laptops don’t have a SSD standard any more. And with affordable 1TB SSDs on the market, it’s a good choice for most desktops, as well. ... Forget 3TB or 6TB hard disks, we now have 12TB and 14TB drives coming to market. These are done by cramming a lot of disk platters in the drive case and using helium inside the drive to reduce friction. Even there, drive makers are reaching the limits of physics. But a Japanese firm, Hoya Corp., thinks it has the solution. The company told Nikkei Technology it believes glass substrates, already used in 2.5-inch notebook drives, can be designed for 3.5-inch desktop and server disks.

Hybrid Cloud – is it really the future of enterprise IT?

It’s clear to see that the appetite for agility and flexibility in the enterprise IT arena is increasing dramatically. Just like virtualisation revolutionised the traditional data centre over a decade ago, cloud-based technology is driving a dramatic shift in how enterprise organisations design, deploy and manage IT services today. IT professionals now expect the on-demand, robust and consistent characteristics of cloud-based platforms to exist across the entire IT estate they carefully manage and the services they consume. End-users and consumers expect fast, reliable and accessible services without any real appreciation for the technical complexities involved in delivering new applications that meet these demands. Business leaders want to see increased productivity, greater security and a better return on investments as a result of adopting new, modern cloud-based technologies.

10 Tips For Getting Started With Machine Learning

AI adoption outside of the tech sector is mostly at an early, experimental stage, with few firms deploying it at scale, McKinsey reports. Companies that have not yet adopted AI technology at scale or as a core part of their business are unsure of the returns they can expect on such investments, according to McKinsey. But Olley, whose ML efforts at Elsevier have helped pharmaceutical clients discover drugs and deliver relevant medical information to clinicians, said use cases for ML abound in talent management, sales and marketing, customer support, and other areas. ... In fact, it may make sense to embed data science and machine learning into every department, including sales, marketing, HR and finance. Olley suggested CIOs try something that works for him at Elsevier, where he pairs data scientists with software engineers or oncology specialists

Number of women in executive roles could surpass men by 2037

The number of women in executive leadership roles, STEM fields, and small business ownership roles could match or exceed that of men within the next 20 years, according to the the 2017 Bank of America Women Business Owner Spotlight survey. The report, which surveyed 1,022 small business owners (375 women) on the aspirations and concerns of women business owners, found that a majority of the respondents believed women would at least match men in the number of these roles filled. A majority of the respondents also believed that women would reach pay equity with men within that time frame as well. Of the women surveyed, 80% believed there will be equal or greater representation in STEM fields, 68% believed there will be equal or greater representation in the C-suite, 61% believe women's wages will be equal to or greater than men's

How Android One could complete Google's grand Android plan

Unlike on the high-end of the spectrum, where every detail counts and a finely tuned holistic experience is part of the package, letting third-party phone-makers retain some amount of branding and control of these lower-cost devices is a compromise Google can afford to make. After all, Google may not want to invest the resources in developing its own devices at every level of the Android price spectrum. Creating a comprehensive line of products would be costly, for one, and it'd risk alienating and irritating third-party manufacturers even more than it (probably) already has. For now, at least, this could be a clever way to accomplish a good-enough-for-the-affordable-realm goal while getting just involved enough to maintain critical core standards.

Top 5 elements of cybersecurity risk management

Cybersecurity has evolved to become one of the greatest threats to global organisations and the individual alike in the last few years alone. This transition has left behind the world of simple software that applies locks, doors, moats, drawbridges, turrets and shields to a business, and now risk management is key. Attacks and the hackers behind them have become more formidable, capitalising on unsecured IoT devices to launch grievous enterprise-scale attacks such as the notorious Mirai Botnet. While the severity and sophistication of attacks has increased, some of the most damaging attacks are still simplistic, but the volume of attacks has exploded. This never before seen volume is leaving IT to face a bombardment that cannot be controlled, meaning that attacks are bound to end up inside the network, or they already are.

Build a cloud-based infrastructure one layer at a time

Cloud-based infrastructure is like a multilayer cake, with each component providing a foundation for the next. To get a grasp on the entire stack, IT teams must delve into the individual technology layers involved, starting from the bottom -- the data center -- and moving up to the cloud applications and services that users access. In this series, you'll learn how to prepare for a shift to cloud-based infrastructure, including private, public and hybrid clouds. You'll learn about prepping a server fleet for a private cloud implementation, how to evolve storage and networking architectures for private and public cloud, and how to make application development and infrastructure management processes cloud-ready. We also offer insights on how cloud bridges a gap between old and new with mobile computing, enabling employees to be productive from any location on any device.

In-House or Cloud? Where is More Secure?

Without the right security strategy and best in class technology, both approaches can be unsecure. Thus, the real question to ask yourself is whether you feel comfortable with the security of your systems? Data loss protection, data encryption, access control, anti-malware and DDoS protection are just a few of the areas you need to address. Secure data processing requires highly trained and experienced engineers, investment in security infrastructure and appropriate security governance. With that in mind, can you say that you are truly at ease with the effectiveness of your security? Today, the real question is not whether we should outsource IT infrastructure, but when we will be ready to do so.

The Sun sets on Solaris and Sparc

This isn’t exactly a shocking development. Back in January, Oracle laid off 1,800 workers, a tiny number relative to its size, but it included 450 workers from the company's hardware group and reportedly half of the Solaris division. Layoffs have a habit of coming in waves, and last Friday’s was the second wave. Also in January, Oracle changed the release road map for Solaris. Instead of Solaris 12, it switched to "Solaris 11.next," a rolling release that would be pretty much security fixes but no new features or advances in the OS. The same thing happened with the Sparc line, with Sparc next replacing planned chip upgrades and featuring less ambitious improvements to the line. Sparc and Solaris won’t disappear overnight, and Oracle has promised to support both until 2034. But the two will likely be long gone by then.

Quote for the day:

"You must expect great things of yourself before you can do them." -- Michael Jordan

Daily Tech Digest - September 11, 2017

Functional Risks: Adapt or Die

The security function within an organization is one of the most misunderstood parts of an organization and I tip my hat those that recognize the benefits of a finely tuned security function. For those in a security function, the following is not something new, but rather an affirmation that a competent, proactive security leader(s) can wear many hats in an organization in support of their objective of preventing threats to organizational assets, and moreover responding to events with the goal of minimizing the recovery time and impacts to the organizations brand and image. Beyond the multi-disciplinary responsibilities that a security leader has, they will be the person that everyone in the organization will seek guidance and direction from during a crisis.

More artificial intelligence, fewer screens: the future of computing unfolds

In the survey, 79% of executives agree that AI will help accelerate technology adoption throughout their organizations. ... The Accenture authors cite a prime example of where AI is making its first inroads into enterprise UI and UX: voice-activated systems. "Advances in natural language processing and machine learning make technology more intuitive to use, like telling virtual assistants to schedule a meeting instead of accessing scheduling software to find a time, create an event,and type the details," they state. "AI already plays a variety of roles throughout the user experience. At the simplest level, it curates content for people, like the mobile app Spotify suggesting new music based on previous listening choices. In a more significant role, AI applies machine learning to guide actions toward the best outcome."

Evolving Threat from Botnets, IoT Zombies

Today there are vibrant online marketplaces where just about anyone—even those with very limited technical knowhow—can buy tools to execute an attack. Cryptographic currencies enable untraceable digital payments, while old-fashioned economics is driving the growth of these marketplaces. Demand for services now outpaces supply, and DDoS-as-a-Service providers can bring in more than $100,000 annually. Purchasing an attack can be surprisingly inexpensive. On the Clearnet, for as little as $19.99 a month, an attacker can run 20-minute bursts for 30 days utilizing a number of attack vectors like DNS, SNMP, SYN and slow GET/POST application-layer DoS attacks. All an attacker has to do is create an account, select a plan, pay in Bitcoin and access the attack hub to target the victim by port, time and method.

A damaging spring of internet worms and poor performance

In what threatens to become an unpleasant trend, uninsured disruptions and other business fallout from these attacks are increasingly cited as key factors in disappointing earnings reports. Cybersecurity is becoming a ratings boon for CNBC and other media outlets that report on stock markets and financials. More than a few security professionals are feeling the heat, however, as the industry is forced to take a closer look at the up-leveling of age-old deployment methods, like spear-phishing emails and internet worms, which don't require human interaction to spread. What else could go wrong? Plenty. With HTTPS deployments on the rise, researchers from top universities and technology companies like Google have joined forces to document growing concerns about the risks associated with traditional man-in-the-middle defenses using Transport Layer Security (TLS) interception.

Disinformation as a service? DaaS not good!

The computer-enhanced disinformation campaigns launched by Russia and others are fairly crude, and the effort to cover their tracks limited. The future of disinformation is likely to be much more sophisticated and harder to defend against. Disinformation is rapidly going multimedia, for example. Advances in A.I. and CGI will enable convincing audio and video that can make it appear that anyone is saying or doing anything. University of Washington researchers used A.I. to create a fake videoshowing former president Barack Obama saying things he never actually said. And Stanford researchers developed something they call Face2Face, which creates real-time faked video, so basically anybody can be shown to say anything in a live video chat. These techniques aren't perfect. But given time and better technology, they will be.

Why Microsoft will drive serious Linux innovation

Even so, given just how dependent Microsoft increasingly is on Linux, it’s time for the company to not just innovate around the edges of the Linux ecosystem but to start contributing directly to the Linux kernel, commensurate with the value it derives therefrom. Ten years ago, Microsoft couldn’t do this without suspicion. Today, this is what we expect of Microsoft. Microsoft seems to understand this ... Without fanfare, Microsoft has started hiring Linux kernel developers like Matthew Wilcox, Paul Shilovsky, and Stephen Hemminger. Hemminger’s hire is particularly interesting not only because he’s considered one of the big-time kernel developers, but also because it was he back in 2009 who called out Microsoft for violating the GPL in its Hyper-V code.

Researcher publicly discloses 10 zero-day flaws in D-Link 850L routers

Peeved about previous vulnerability disclosures experiences with D-Link, a security researcher has publicly disclosed 10 zero-day vulnerabilities in D-Link DIR 850L wireless AC1200 dual-band gigabit cloud routers. Security researcher Pierre Kim opted to publicly disclose the vulnerabilities this time, citing a “very badly coordinated” disclosure with D-Link in February; that time around he had reported nine vulnerabilities, but he said it took D-Link five months to release new firmware which ended up patching only one the flaws he found. Overall, Kim thinks D-Link 850L routers are “badly designed” as “basically, everything was pwned, from the LAN to the WAN. Even the custom MyDLink cloud protocol was abused.”

How Network Automation Can Speed Deployments And Improve Security

Traditionally, network provisioning and configuration management are manual, error-prone processes. Network virtualization enables the creation of networks in software, abstracted from the underlying physical hardware. IT can provision networks quickly, with network and security services attached to workloads using a policy-driven approach. Automation takes things to the next level; network functions, including managing bandwidth, load balancing, and performing root cause analysis, are provisioned automatically based on predefined policies. To eliminate the network bottleneck at the University of New Mexico, it deployed VMware’s NSX network virtualization platform and vRealize Automation cloud automation software.

Modernization boosts cybersecurity anxieties, survey says

The chaotic nature of IT transformation may also be a factor, as agencies attempt to simultaneously operate in two worlds: the old IT environment and the new. Tony Sager, senior vice president at the Center for Internet Security, said it's already challenging for federal IT leaders to meet the regulatory reporting requirements of the status quo without the "trauma" that comes from most large scale IT transformations. "Where I see people stressed is if they see old requirements they're stuck dealing with while trying to change the IT infrastructure at the same time," said Sager. Of those who said their security issues have increased, more than half (53 percent) cited their IT staff's difficulties supporting and completing the transition from old technologies to new. Increased compliance reporting was the second-most frequently cited reason

How to detect preinstalled malware in custom servers

Super Micro designs and assembles server components, such as network cards, storage interfaces and CPUs. For the Super Micro operating system to run on modern systems, it interfaces with the BIOS and firmware and, many times, the BIOS and firmware include significant functionality. These tools could be from an additional third-party contracted by the manufacturer. The BIOS and firmware may need to be updated, and can still be compromised. Despite being custom servers, many of the server's components are similar to that of mass market servers, and Super Micro uses similar firmware and drivers to keep costs low. As more third parties get involved, the server attack surface grows larger, and responsibility for hardware security of the finished product gets less clear.

Quote for the day:

"Life is too short to waste time waiting for other people's approval on how you live it." -- Steve Maraboli

Daily Tech Digest - September 10, 2017

Why You Need a (Big) Data Management Platform for Your Digital Transformation

The organizations and businesses of today must think far beyond the traditional confines of an enterprise and need to consider the entire ecosystem to ensure that they are making the right decisions which can help with survival. It is now essential for organizations and businesses to take several factors into consideration, the most prominent of which are the customers, suppliers, competitors, and consortiums which the organization or business might be a part of. Fortunately for many, a digital transformation makes all of that—and much more!—possible. The importance for organizations and businesses of evaluating and analyzing data streams in the world today cannot be emphasized enough.

How can creative industries benefit from blockchain?

In the creative economy, blockchain can redefine how artists are remunerated by acting as a platform for creators of intellectual property to receive value for their work. A common complaint lodged by artists is that, as performance-rights organizations and new intermediaries such as YouTube and Spotify increasingly insert themselves into the value chain between artists and their audiences, artists receive smaller cuts of revenue and have less say over how their creative works are priced, shared or advertised. For example, on Spotify it would take between 120 to 170 streams for rights holders to receive their first penny. “Today, when anyone wants to pay for the right to play a song at a concert or the right to play a song in a movie, this causes quite a lot of transaction friction and takes time,” says Wences Casares, CEO of Xapo, one of the largest custodians of Bitcoin.

How Quantum Computers Will Revolutionize AI, Machine Learning And Big Data

Once one of these industry leaders succeed at producing a commercially viable quantum computer, it’s quite possible that these quantum computers will be able to complete calculations within seconds that would take today’s computers thousands of years to calculate. ... That will be critical if we are going to be able to process the monumental amount of data we generate and solve very complex problems. The key to success is to translate our real-world problems into quantum language. The complexity and size of our data sets are growing faster than our computing resources and therefore place considerable strain on our computing fabric. While today’s computers struggle or are unable to solve some problems, these same problems are expected to be solved in seconds through the power of quantum computing.

How to Keep Your Company’s Information Organized

While plenty of businesses start out with a relatively well-organized information system, it's essential that the company's organization protocol continually adapts and evolves. Businesses need to make a point to ensure that their system of organization is constantly reviewed and improved to compensate for the biggest areas of weakness. All of the policies that a company puts in the place in order to educate employees about proper information organizations should be expanded and systematically sharpened on a regular basis for maximum efficiency. The more committed that your company is to constantly improving its organization efforts, the safer its information will ultimately be. By making sure to establish the most stable control points for information monitoring, your company is always in the best position to counteract any potential security breaches.

How Blockchain Revolutionizes Supply Chain Management

Blockchains make it possible for ecosystems of business partners to share and agree upon key pieces of information. But they can do it without having to appoint an intermediary and deal with all the complex negotiations and power plays that come with setting the rules before handing over really critical business information. Instead of having a central intermediary, blockchains synchronize all data and transactions across the network, and each participant verifies the work and calculations of others. This enormous amount of redundancy and crosschecking is why financial solutions like bitcoin are so secure and reliable, even as they synchronize hundreds of thousands of transactions across thousands of network nodes every week.

Seven aftershocks of the Equifax breach: What bankers need to know

"This is about fraudsters being able to go out and open a brand new account in your name, and potentially selling Social Security numbers," Clements said. "The thing that wakes people up, at least wakes me up, is that it's a lot of numbers and the nature of the information means the type of damage that could be done is a lot more serious than just taking over a credit card." Equifax said that it hasn't seen any unusual activity among any of the 143 million victims. To Clements, this is cold comfort. "This stuff takes time," he said. "If names and Social Security numbers and dates of birth are out there, they will be used at some point. No one should take reassurance that a few weeks in, they don't detect a high level of activity." When he worked at Citi, "you'd see, months later, stolen information turning into new accounts or fraudulent activity. There's a long shelf life here."

A Small Oversight by Equifax In the Middle of a Massive Data Breach

So, what was this oversight? Well, it is highly likely that the folks managing the rollout of the website https://www.equifaxsecurity2017.com/ forgot to consider that scammers would very quickly look to register very similar domain names to spoof their victims. Luckily, they caught this error quickly and appear to have taken corrective action. Here are the facts behind this assertion. The domain name of their primary site was registered on August 22nd, 2017 at around 22:07 UTC. This domain was registered through MarkMonitor, Inc. and points Cloudflare name servers. All standard stuff. However, when I was doing my research I ran a quick lookup using the tool URLCrazy. This tool processed 251 different versions of the original domain name and I started to see some interesting results.

Cryptographic vulnerabilities in IOTA

Though the technology is exciting, the due diligence required to make sound investments in the technology isn’t keeping up with the pace of the hype. Aside from the financial risk, I don’t think developers and investors are thoroughly evaluating these systems technically, either. Many investors are relying on signaling — if enough well-known institutions like universities or large companies sign on as investors or advisors, it indicates approval of the project and its software. The problem is that some of these technologies have serious issues, and the large companies and well-known individuals either aren’t doing due diligence and investing the resources and time needed to evaluate the projects with which they are partnering, or aren’t sharing their findings with everyone else. The cryptocurrency space still doesn’t have a good way to assess these projects.

How big data can build better customer relationships

By utilizing big data for business intelligence and customer insights, an element of ‘dangerous guesswork’ is eliminated. Instead of hunches, benchmarked metrics help corroborate findings and guide marketing decision-making and idea formulation. Landing pages, launch ideas, social media campaigns — all these can be sent out en-masse, with the incoming data analyzed for effectiveness and ROI. At the same time, real-time data also compels businesses to be able to change their minds and pull back from campaigns quickly if initial feedback is negative. From a customer experience point of view, data is all about joining up the dots between a business’s disparate channels and services. With evidence-based segmentation and reporting in place, adjustments further down the line can justified and implemented easily, providing a more fluid and user-driven customer experience.

Understanding your network of continuous delivery tools

The Continuous Delivery Map is designed to help you make sense of all the different tools available, providing you with a simple visual guide of where they sit in the overall Devops landscape. Each line represents a different technology category and includes products that are available within that category. We’ve based the map on a simple metro system, akin to the London Underground, with each line representing a specific catgory. You can click on any ‘stop’ and learn more about the tool, in what context it can be used and its capabilities. It also offers insight into where the different tools can integrate with one another. The map also highlights the fact that, as with a distribution network, a central hub exists, from which the various tools can be orchestrated – much like an assembly line. This hub enables processes which have been planned, structured and defined to be repeated.

Quote for the day:

"It is the framework which changes with each new technology and not just the picture within the frame." -- Marshall McLuhan

Daily Tech Digest - September 09, 2017

3 Possible Application of Machine Learning in finance

One area of fascinating area of technological advancement is machine learning and artificial intelligence. Even in India, Technology has enabled Finance more accessible and the result is Reserve Bank of India is finalising draft for Peer to Peer Lending License in India. Let’s evaluate some future financial areas that can really benefit from machine learning Evaluating credit score of clients It is becoming extremely hard to correctly determine the eligibility of a loan borrower. Even after careful evaluation of all available parameters, some successful companies and individuals still default their bank loan. This is not a nice trend. Loan eligibility evaluation tasks will be taken over by the smart machine learning technology. To determine the credit score of a client, machine learning can apply regression algorithms which are accurate.

The Future of the Bitcoin Market

Nobody takes dollars at 100% interest at exchanges, even though BTC is growing faster. And no wonder – cheaper dollars can be gotten locally in any country, the same cannot be said for the BTC, whose market is international, somewhat transparent as far as exchange price dynamics are concerned and visible to all, except in cryptopyramids, of course. A currency with such a swap rate should lose its value over a long period of time, e.g. as we have seen, historically, on the USDRUR graph. But a looming fall does not mean there can be no lengthy perk-up periods with so-called carry trade. Or let us point to how the Italian lira showed strong vs. The German mark in 1996-1999, when the swap rate reached 11% annual. An even more immediate example is carry trade with USDRUR in 1999-2008 and 2016-2017 at higher interest rates

The role of DevOps and its connection to enterprise architecture

Every DevOps model should be linked to any application that it supports, and businesses should then identify the EA business processes that those applications support in turn. This lets enterprise architects map out a zone of business impact for each DevOps process, and this mapping should be as fundamental a part of DevOps documentation as the target applications or components impacted would be. That way, the impact of DevOps changes on business processes -- even if the impact is simply a risk of disruption during the change -- can be assessed. That requirement will also insure that development teams understand the business process lifecycle, or even lifecycles, that their application lifecycles may impact.

How can CIOs help create the next generation of IT leaders?

"The connection between the CIO and business partners is now occurring at a much higher level," he says. "That's the direction we're heading in -- the digital leader as an agent of change is on the rise, while overhead and service provider roles are on the wane. CIOs are now truly embroiled in business strategy and the direction of the company." This emphasis on change has led some experts to suggest that CIOs could be surpassed by new up-and-coming C-suite positions, such as chief digital officer and chief data officer. The rise of these new roles might leave up-and-coming IT professionals to conclude that their senior career objectives would be better served by avoiding the CIO role. Mitchell is unconvinced. While he has heard anecdotal evidence of firms appointing CDOs to lead digital change, there are executives in other organisations who believe a CIO's hard-won experience of running transformation is worth its weight in gold.

Using machine learning to improve patient care

“The system could potentially be an aid for doctors in the ICU, which is a high-stress, high-demand environment,” says PhD student Harini Suresh, lead author on the paper about ICU Intervene. “The goal is to leverage data from medical records to improve health care and predict actionable interventions.” Another team developed an approach called “EHR Model Transfer” that can facilitate the application of predictive models on an electronic health record (EHR) system, despite being trained on data from a different EHR system. Specifically, using this approach the team showed that predictive models for mortality and prolonged length of stay can be trained on one EHR system and used to make predictions in another.

Top 5 traits of highly effective data scientists

Using data to solve problems is an essential element of the job, but data scientists must be able to ‘think outside of the box’ in other aspects of the position as well. Because the industry is so new, data scientists might find themselves without the proper tools and resources to complete a certain task. According to the CrowdFlower survey, 14 percent found themselves without adequate tools. HR managers should look for candidates that can get around this problem and use resources at hand to complete data tasks. Alternatively, data scientists that know what resources are necessary to get the job done and can request these tools are strong candidates as well. As the industry catches up with the need, this will change, but data scientists should be able to cope with the lack of technology and still complete necessary projects.

Why is data integration critical for business success?

As they attempt to support their digital transformation, companies and governments have to face the fact that expectations are continuing to increase exponentially; therefore they need to support increasing data volumes, more data types and data sources, more complex use cases and to deliver data insights out to more and more end users. Also, organisations face problems as data reside not only on-premise, but also in different applications, databases, file formats, and as well as in the cloud. We help them to get value out of that data by leveraging next generation technologies like real-time, machine learning, and self-service capabilities. We are seeing a lot of our customers moving to multi and hybrid cloud environment, and we can help ease this migration.

What Is IaaS? The Modern Data Center Platform

Similar to other cloud computing services, IaaS provides access to IT resources in a virtualized environment, across a public connection that’s typically the internet. But with IaaS, you are provided access to virtualized components so that you can create your own IT platforms on it—rather than in your own datacenter. The pool of IaaS services offered to clients is pulled from multiple servers and networks that are generally distributed across numerous datacenters owned and maintained by the cloud provider. IaaS resources can be either single-tenant or multitenant, and they are hosted at the service provider’s. “Multitenant” means multiple clients share those resources, even though their systems are kept separate. This is the most common way to deliver IaaS because it is both highly efficient and scalable, allowing cloud computing’s generally lower costs.

True Democratization of Analytics with Meta-Learning

The democratization of analytics has become a popular term, and a quick Google search will generate results that explore the necessity of empowering more people with analytics and the rise of citizen data scientists. The ability to easily make better use of your (constantly growing) pool of data is a critical driver of business success, but many of the existing solutions that claim to democratize analytics only do so within severe limits. If you have a complex business scenario and are looking to get revolutionary insights using them, it’s easy to come away disappointed. However, the democratization of analytics isn’t just a buzzword that refers to a narrow approach. It’s possible to do so much more. Let’s quickly review the current state of the market that you’re likely familiar with, and then dive into our proposed solution.

Artificial Intelligence And Big Data: Good For Innovation?

The most dramatic advances in AI are coming from a data-intensive technique known as machine learning. Machine learning requires lots of data to create, test and “train” the AI. Thus, as AI is becoming more important to the economy, so too is data. The Economist highlighted the important role of data in a recent cover story in which it stated “the world’s most valuable resource is no longer oil, but data.” In this sense, both the ability to obtain data about customers, together with the ability to program AI to analyze the data, have become important tools businesses use to compete against each other, and against potential entrants. A potential entrant that lacks access to good data faces substantial hurdles, and this has led some regulators to question the extent to which control over data creates barriers to entry

Quote for the day:

"When a person can no longer laugh at themself, it is time for others to laugh at them." -- Thomas Szasz

Daily Tech Digest - September 08, 2017

IT disruption hits outsourcing’s legal profession

IT infrastructure outsourcing deals in the large enterprise sector, usually high value and long term, are today largely cloud deals using utility-like services from the likes of Amazon Web Services and Microsoft Azure. This is often cited as a new form of outsourcing, but while IT outsourcing service providers are all offering cloud services, it is a different competency. Lewis says even the Financial Conduct Authority, which regulates some of the world’s biggest technology users, sees outsourcing and the cloud as being the same. “But we know they are different,” he says. “Cloud and automation deals are not outsourcing because they are not about complex service provision. There are complex services being provided, but you are not buying bodies – it’s a product you have to license, customise and integrate, which is not outsourcing.”

FinTech: The Genie Is Out

“Payments and lending solutions continued to drive a significant amount of fintech investment. While ticket-sizes were relatively low, there have been numerous deals focused on personal lending and small-business loans. Those focused on providing short-duration loans (up to 15 to 90 days) attracted the most attention in the lending space, as bridge-financing is considered a relatively large issue for both individuals and businesses,” says Neha Punater, Head-Fintech, KPMG (India). While there are block-chain firms too, a viable model is a mirage. As for insurtech, “While it has not gained a significant amount of traction (in India), the tide may be starting to turn,” adds Punater; Acko may be a harbinger.

Stop pretending you really know what AI is and read this instead

At the very least, we might want to avoid the word “intelligence” when referring to software, because nobody really knows what it means. For example, Google’s Go-playing computer system was “smart” enough to beat the world’s best human players—but if you try to get it to generalize what it “learned” about Go to any other domain, you’ll find it’s dumber than a houseplant. Even Alan Turing, the genius who mathematically defined what a computer is, considered the question of defining intelligence too hard; his eponymous Turing test dodges it, essentially saying “intelligence is as intelligence does.” So what should we call “AI”, if not that? Orwell suggests that the cure for words that cloud our thinking is better words: simpler ones, crisper ones. Some commentators suggest merely using “software”; personally, I think “automation” does the trick.

If Blockchain Is the Answer, What Is the Security Question?

The brilliance of blockchains is that a transaction has truly happened only when it is captured in the ledger and thus recorded forever. This means there is a one-to-one link between the action and the audit log — perfect forensics evidence. However, this perfection requires your business transaction to be modeled as a blockchain transaction (perhaps using smart contracts on Ethereum or Burrow). If you merely post an audit entry to a blockchain afteryour business transaction completes, that magical property is lost. There's no guarantee that every business transaction was posted to the chain, or that every element in the chain is the result of a real business transaction. If your software is merely posting audit logs to a blockchain, you should ask yourself why a blockchain is the right answer, versus a database or some other data structure.

Hackers gain access to switch off the power in America and Europe

The attackers, a group called Dragonfly, has been conducting cyber attacks on energy companies for years — since at least 2011. The group went quiet after being exposed in 2014. The Dragonfly 2.0 campaign first started in at least December 2015. But over the past year, using malicious email campaigns to harvest network credentials, the hackers managed to penetrate energy firms in the U.S., Switzerland and Turkey. According to a new report by Symantec, they now have the ability to “severely disrupt affected operations.” Earlier Dragonfly campaigns are believed “to have been more of an exploratory phase,” but Symantec is concerned Dragonfly 2.0 campaigns could be aimed at “access to operational systems, access that could be used for more disruptive purposes in the future.”

Hackers send silent commands to speech recognition systems with ultrasound

First, you can defeat DolphinAttack simply by turning off wake phrases. That way you’d have to have already opened the voice recognition interface for the attack to work. Second, even if you keep the wake phrase on, many devices restrict functions like accessing contacts, apps and websites until you have unlocked them. An attacker could ask about the weather or find nearby Thai places, but it couldn’t send you to a malicious website. Third, and perhaps most obviously, in its current state the attack has to take place within a couple of feet and against a phone in the open. Even if they could get close enough to issue a command, chances are you’d notice right away if your phone woke up and said, “OK, wiring money to Moscow.”

What is IaaS? The modern datacenter platform

Organizations that use IaaS can self-provision the infrastructure services, and pay for them on a per-use basis. ... In some cases, providers charge clients for infrastructure services based on the amount of virtual machine (VM) capacity they’re using over a period of time. Similar to other cloud computing services, IaaS provides access to IT resources in a virtualized environment, across a public connection that’s typically the internet. But with IaaS, you are provided access to virtualized components so that you can create your own IT platforms on it—rather than in your own datacenter. The pool of IaaS services offered to clients is pulled from multiple servers and networks that are generally distributed across numerous datacenters owned and maintained by the cloud provider.

HTTPS interception gets a bad rap; now what?

Earlier this year, a group of researchers from Google, Mozilla, Cloudflare, the University of California at Berkeley, the University of Michigan, the University of Illinois at Urbana-Champaign and the International Computer Science Institute published a detailed study, "The Security Impact of HTTPS Interception." The research looked at the heuristics of HTTPS interception "in the wild" on three networks: Mozilla Firefox update servers, a group of e-commerce sites and the Cloudflare content distribution network. Researchers found notable security gaps: In the course of analyzing corporate middleboxes and client-side security software, we uncovered a range of TLS implementation errors, many of which allow connections to be intercepted by a man-in-the-middle attacker.

What Is JSON? JavaScript Object Notation Explained

JavaScript Object Notation is a schema-less, text-based representation of structured data that is based on key-value pairs and ordered lists. Although JSON is derived from JavaScript, it is supported either natively or through libraries in most major programming languages. JSON is commonly, but not exclusively, used to exchange information between web clients and web servers. Over the last 15 years, JSON has become ubiquitous on the web. Today it is the format of choice for almost every publicly available web service, and it is frequently used for private web services as well. The popularity of JSON has also resulted in native JSON support by many databases. Relational databases like PostgreSQL and MySQL now ship with native support for storing and querying JSON data.

How can CIOs help create the next generation of IT leaders?

"It can be tough to find people and to convince them that a technical background isn't everything when it comes to the next generation of IT leadership. When you find those people, they can require a lot of reassurance." Informal activities are important, too. As part of his technology leadership programme, Shiraji has introduced a shadowing system, where nominees within the IT team attend senior leadership team meetings. There is no prerequisite in terms of skills and capabilities. The key, says Shiraji, is that shadowing allows people to contribute. "Shadowing builds appetite and helps IT professionals understand the role of the next-generation information leader," he says. "The indicators for success for me will be that we will have a very different make-up at senior IT gatherings in the future.

Quote for the day:

"People who enjoy meetings should not be in charge of anything." -- Thomas Sowell