NovaED - Building IT Careers
  • Home
  • About Us
    • Facilities
  • Programs
    • Schedule
  • Student Log-In
  • FAQ
  • News
  • Careers
  • Contact Us

Security skills shortage is real, and it's not going away anytime soon

6/20/2014

0 Comments

 
Computerworld - There's good news and bad on the cybersecurity skills availability front.

On the positive side, the current shortage of cybersecurity professionals in the U.S will likely resolve itself over the next several years as the result of recent efforts involving education, training and security awareness.

But for the time being, organizations will find it disturbingly difficult to find the skilled workers they need to defend themselves from internal and external threats, the RAND Corp. warned this week.

Not only will cybersecurity skills become increasingly costly, they will also become very hard to come by in the near future, said Martin Libicki, one of the authors of a 125-page report from RAND.

"There's plenty of evidence that there is a shortage" of cybersecurity professionals -- especially within government organizations, Libicki said. "The problem cannot be solved overnight. It will take a long time to get the right people into this profession."

The RAND report examines the nature and the source of the cybersecurity skills shortage in the U.S. and how the private sector and the government have responded to the crisis.

Demand for security professionals has skyrocketed since 2007 as the result of increased connectivity, raised awareness, more vulnerabilities and ever more hacker activity. The sudden and rapid rise in demand has led to substantial increases in compensation packages for security professionals in recent years, but that has done little to attract new cybersecurity professionals, RAND said.

"In the longer term, as long as demand does not continue to rise, higher compensation packages and increased efforts to train and educate people in cybersecurity should increase the number of workers in the field" -- putting downward pressure on salaries, it noted.

Some of the increased demand may also run counter to the underlying realities. Because of the heightened attention paid to cybersecurity, it's possible that some companies think they're at greater risk than they were a few years ago and assume they need more people.

As organizations come to better understand their true security needs, demand for cybersecurity workers may fall in the longer term, RAND said.

Here are four other takeaways from the report

Government organizations are hurting the mostThe increased demand for cybersecurity professionals has pushed compensation packages to levels that government organizations have a hard time matching. This is especially true for their ability to attract or retain top-level security professionals, Libicki said.

Government compensation is often constrained by rigid pay scales and grade levels that restrict the ability of agencies to hire the skills they need in a supply-constrained labor market. The problem is less acute for lower to mid-tier IT security pros.

"However, once professionals can command more than $250,000 a year, the competitiveness of the U.S. government as an employer suffers correspondingly," the report noted. Though special rates are often available to senior level IT specialists, the long recruitment processes, vetting and security clearance delays can discourage candidates.

Companies can pay all they want and still not find enough peopleIn the short term, the supply side of the manpower equation will not be responsive to higher salaries because there simply aren't enough professionals to go around. Since training and educating a new generation of cybersecurity workers can take years, organizations that need security skills will be hard pressed to find them.

On a positive note, the higher compensation packages offered to security professionals could begin to attract would-be hires from other areas such as engineering.

Organizations should look at alternate approachesCompanies and government entities should consider adopting more secure system architectures and best practices to reduce their dependence on manpower. Organizations spend close to $70 billion on cybersecurity annually around the world, Libicki said. If even a 10th that amount was invested in making software more secure, there would be less of need for so many cybersecurity professionals.

"We have a model that basically says 'I accept the world of software as is and I am going to patch everything at a systemic level,'" he said. It is an approach that is basically unsustainable in the long term. A company that has 600 security professionals today might require 1,000 in a few years -- and still not be secure.

Importing talent may not be a good approachA great deal of cybersecurity work is already internationalized, RAND said. For another, bringing in workers from other countries could depress wages and discourage U.S.-born professionals from entering the field. This could become a problem because foreign-born nationals will not have the security clearances required to work for many government organizations.


Source: http://www.computerworld.com/s/article/9249272/Security_skills_shortage_is_real_and_it_s_not_going_away_anytime_soon
0 Comments

Oracle buys LiveLook for co-browsing technology

6/19/2014

0 Comments

 
Oracle is scooping up co-browsing software maker LiveLook in a bid to flesh out its suite of customer experience software.

LiveLook's product is already being used by more than 100 Oracle customers, having been embedded into Oracle's customer service application. It gives support and sales representatives a way to browse alongside customers in order to fix problems and help them make the right purchases, according to a statement.

[ InfoWorld dishes on must-have iPad office apps, essential Android productivity apps, androad warrior standbys. Start downloading! | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

Some 500 customers use LiveLook, according to a FAQ document released Friday in conjunction with the acquisition announcement.

Oracle is locked in fierce competition with Salesforce.com, SAP, Microsoft and other vendors in the customer experience software market, which spans a continuum from marketing to sales and post-sale service and support.

The LiveLook announcement comes shortly after Salesforce.com announced SOS, a support feature inspired by Amazon's Mayday button. With a click, a customer needing help can fire up an SOS video chat session with a support agent.

LiveLook's technology similarly provides "one-click access to visual help on any device," according to a presentation Oracle released Friday.

Beyond making customers happy, LiveLook can also cut costs since support calls can be resolved faster, and drive more sales, as agents working with a customer can spot opportunities to increase order sizes or sell related products, the presentation states.

Financial terms of the deal were not disclosed.


Source: http://www.infoworld.com/d/the-industry-standard/oracle-buys-livelook-co-browsing-technology-244742
0 Comments

Get Ready For Wearable Tech To Plug Into Health Insurance

6/18/2014

0 Comments

 
Today the average American’s health insurance payments fluctuate once a year. Imagine if that rate changed each day, determined in part by a sensor-rich gadget on the wrist. Sound far fetched?

That could be our startling future as the next generations of devices like the Fitbit or Jawbone Up play a bigger role in how individual-and-group health insurance costs are decided, tech developers and experts in the healthcare space have told Forbes. It’s all thanks to the growth of real-time, detailed data they’re generating about our bodies.

Wearable devices aren’t mainstream yet; only one in 10 American adults say they own a fitness tracker. But they’ll become more widespread over the next decade, according to Pew Research, and that will happen alongside an explosion of wearable sensors that monitor everything from steps to breathing to heart rate, and apps that can sense the onset of chronic illnesses or stress. In the meantime, more employers are opting to monitor some of the data being generated by fitness trackers — to the extent they can see it on a dashboard — and are holding their insured staff to account with rewards as part of a growing number of so-called corporate-wellness programs.

Some are even exploring punishments for unhealthy behavior recorded by a wearable. With health insurance costs on the rise, it’s perhaps not surprising that Fitbit’s sales to employers are now one of the fastest growing parts of its business.

Greater health monitoring would naturally put wearables in a very gray area on privacy. It would go beyond giving doctors deeper access to your data, to giving health payers — the big names like United Health, Kaiser Foundation Group, Humana Group and Aetna, along with self-insured employers — access to data to help them create more detailed risk profiles on insured workforces and put a lid on ever-rising costs.

The opportunity could shift towards individual marketplaces over the next decade as the entire business model for health insurance gets upended, with hospitals potentially taking a greater role in coverage, Forbes’ senior writer on health Matthew Herper tells me.


Tech entrepreneurs in the health space say insurance companies are currently figuring how to best access the data generated by today’s fitness trackers.

“They don’t have the solution,” says Florian Gschwandtner, founder and CEO of the popular running app Runtastic.

Gschwandtner held multiple meetings with U.S. and Austrian insurance companies last year, before he realized they weren’t looking to partner — they wanted advice on getting access to the fitness data generated by apps like his. “They are trying to learn,” he says, adding that he recently stopped taking such meetings. “We are not a consultant.”

Kelly Barnes, who tracks healthcare for PricewaterhouseCoopers (and is a consultant for insurers), says regular feedback from wearables would be extremely valuable to a health insurance company. “I’m very confident we’re all going to be on insurance marketplaces in the not-too-distant future,” she says.

Tracking “gadgets” already play a role in car insurance for some Americans. Progressive, for instance, offers drivers a small device they can plug it into their dashboards so the company can monitor their driving over 30 days. Safe drivers are then eligible for a discount.

Barnes argues that insurers could do the same with health care, especially since a large portion of today’s $2.6 trillion health care bill is driven by behavior; in particular, bad-diet decisions that lead to obesity and diabetes.

Insurers already use data points like BMI (body mass index) to set rates, says Vaughn Kauffman, health industries advisor at PwC. “If you think of the wearable devices as a way to value improvement of BMI, who knows maybe one day — it’s scary to think — but maybe on a real time basis, the healthier you get the lower your premiums go.”

“I can see health care going that way,” added Barnes. “If you can take this wearable and I can see a constant level of activity and constant parameters on fitness activities, I’ll take points off your premium… I can set rates on a daily basis as opposed to just once a year.”

Individual premiums typically go up annually as older people are deemed more costly to the system. Insurers make these decisions based on aggregate profiles that include gender and age. But wearable devices could also help create more insightful profiles as sensors pick up details like heart rate and stress levels.

As we previously reported, Microsoft is working on a smart watch that will measure continuous heart rate over days and weeks. Temperature and potentially even blood-glucose monitoring is on the table for wearables too. The “Holy Grail,” according to one person working on a stealth wearables project, is glucose monitoring because of the insights that could give into what someone has eaten. That would be a crucial data point for insurers, since diet has a far greater impact on health than activity.

Several startups on places like Kickstarter have tried and failed to make a wearable product that senses glucose without breaking the skin. But Apple might crack the challenge. Last year it reportedly hired data scientists from now-defunct diabetes company C8 MediSensors, which had regulatory approval for a non-invasive optical glucose monitor. That raised suspicions Apple wanted to put a glucose monitor in it forthcoming iWatch. Apple also talked with FDA officials last December about how a device with a glucose meter might be regulated.

Who Might Be The Bridge To Our Health Data?

Once the sensors are there, employers seem like the most obvious conduit between the tech we wear and our insurance. One large health insurer, Cigna, already launched a pilot program last year where it distributed armbands made by BodyMedia to thousands of employees at one of its corporate customers. Early results showed a number of the employees on the verge of contracting diabetes have improved their risk profiles, according to Cigna spokesman Joe Mondy. “We can literally bend the cost curve,” he says.

Self-insured employers who pay directly for claims have been among the first to experiment with wearables. One tame example is software design firm Autodesk, who for the last two years has bought Fitbit trackers in bulk and sold them at a discount to its staff.

Autodesk managers can’t see the activity data of their employees, yet its global benefits director Lori Wong believes there’s a correlation between distributing the devices and the slide in cases of chronic conditions like high-blood pressure. Autodesk’s bosses “are not pushing us to produce direct return-on-investment (ROI) numbers,” she says. “But when we look at national averages of healthcare increases, we find that we are a little below those… increases.”

Self-insured oil giant BP has taken the monitoring a step further. Last year around 14,000 employees opted to wear a free Fitbit Zip in exchange for letting the company track their steps over the year 2013. If they crossed one million steps, they gained points that could go towards a lower insurance premium.

Another “large, self-insured employer” is using the data provided by employees who use Wildflower, an app for pregnant women that measures data such as weight-gain and other pregnancy milestones. The goal: targeting medical claim costs. One of the app’s board members recently noted that maternity “is a top cost area for almost every employer.”

Using Our Data To Change Behavior

New rules under Obamacare let employers offer greater incentives for healthy behavior. For employers who are desperate to cut healthcare costs, there’s wiggle room to define “incentive” as either a carrot or even a stick. While BP uses wellness points as a carrot, others are exploring more punitive measures that exploit the real-time data from wearables.

The founders of StickK, a Boston based startup that sells white-label software for corporate-wellness programs, have been trying to talk large U.S. companies into plugging both wearable devices and punitive measure in their wellness plans. These punishments include taking away wellness points if employees don’t reach certain activity targets. It’s a controversial approach, but StickK argue it’s far more effective than offering rewards. (More self-insured employers are already looking at adding $50 surcharges onto the premiums of employees who smoke.)

“A lot of companies are reluctant to do things that could risk a cultural backlash within the organization,” says StickK founder Jordan Goldberg, whose software is based on Yale research into accountability and behavior change. Goldberg has 14 corporate clients using his corporate wellness software, along with three Fortune 500 companies. He’s currently talking to one of those about incorporating a Fitbit-like wearable device in the punitive program. “We haven’t gotten a bite yet.”

Plugging Directly Into The Healthcare System 

While services like Fitbit, StickK and Wildflower sell to employers, other health tracking services are looking for lucrative partnerships in the healthcare system itself, which can involve working with insurers too.

Nudge, a free app that aggregates fitness data from wearables to give users a health score of between 1 and 110, says insurance companies could use its data for risk mapping or for setting premiums. Its founders say they’ve talked to “a handful of groups” in the health insurance field, but they want Nudge’s first partnerships to be with doctors.

“Right now we want to stay away from [insurance] to keep the trust of our users and keep the data private,” says co-founder Phil Beene.

Larger tech companies also hope to be those trustworthy bridges between our health data and healthcare: think Apple, Samsung and Google. All three are working on creating data platforms that will aggregate, store and share health data collected from wearable sensors. Apple’s HealthKit will allow health apps to talk to one another inside Apple’s own framework, while Samsung has a biometric bank called Sami. Last week we were the first to report that Google is also gearing up to announce a health-tracking platform called Google Fit. None of these services have been released to the general public — or the health care industry.

“It’s all going to lead to this real race of who can build out the best interfaces for different stakeholders in health care,” says Nudge’s Beene.

Capitalizing On The Most Popular Wearables

Some argue that monitoring wearables won’t become widespread until employers figure out how to tap into the devices that consumers actually want to buy — not just the Fitbits that BP and Autodesk have bought in bulk. It’s why most health-rewards programs are currently failing, according to MobiHealthNews.

“It’s just like when phones came out,” says Derek Newell, the CEO of health platform Jiff, which aggregates employee health data for self-insured companies. Ten years ago people started bringing their own smartphones to work, sparking the BYOD phenomenon. Now they’re bringing their own fitness trackers.

“Our management of population health isn’t one generic program for everyone, [but to] connect to hundreds of apps devices,” says Newell. He claims that over time, Jiff’s platform will be able to show employers which apps and wearable devices being used by staff are most effective at lowering medical cost, and he’s keeping track of all the wearables preparing to hit store shelves. “There’s going to be this evolution of wearables thats going to be amazing. You’re going to see activity monitors in jewelry, literally a ring, in the next 18 months. There are people working on it now.” Devices that can passively monitor what we eat are also on way, he says. “We’re really big on passive monitoring.”

Jiff is yet another claimant to the “bridge” role between employers and health data, but it has the benefit of being able to synch with a range of popular trackers. Right now Jiff competes with a couple of other third-party platforms, WellTok and StayWell, and its clients include chip giant Qualcomm, Red Bull and game developer Activision. The company makes money from selling its software, and collects extra fees each time its helps an employee reduce their premium.

The Implications 

With 1.8 billion smartphones in the world and an explosion of other devices getting connected to the web, people are unconsciously generating more data about themselves than ever before. How that data gets used is still an open question.

Wearable devices like the Fitbit and apps like Wildflower are marketed to consumers with the promise of the Quantified Self movement: that they’ll help us learn more about ourselves. But to stay solvent, many of these services are exploring business models that incorporate employers and insurers, for whom our quantified health data can impact their bottom line.

The result of greater monitoring could lead to some unintended consequences. Some say it could create a two-tier system where those who can afford the best health tracking devices can ultimately get access to lower premiums. As wearables transmit more health data to employers, there also lies the risk that data could leak, and be used by marketers peddling diabetes medication or as extra fodder for insurers seeking to deny coverage.

There is also the fundamental question of whether people will ever be comfortable having their health data monitored this extensively.

“It’s going to be very important that as we move towards the future we don’t set up a system where people become pressured into wearing devices to monitor their health,” says Pam Dixon, executive director of World Privacy Forum, who is exploring ways to promote standards for health monitoring devices. “That’s a real problem. That’s just not very free.”


Source: http://www.forbes.com/sites/parmyolson/2014/06/19/wearable-tech-health-insurance/
0 Comments

Amazon Announces Mobile Associates API for iOS

6/17/2014

0 Comments

 
Amazon has announced that it has started exploring integration of the Mobile Associates API (MAA) into iOS apps. Amazon encourages developers to present their use cases for them to participate in a private beta program that will guarantee early access to MAA for iOS. Interested developers will be selected by Amazon based on their use case and their willingness to provide feedback.

The Amazon Mobile Associates API offers an additional ways for developers to monetize their apps. Usually developers have had three major monetization methods for their apps:
  • selling them;
  • using the "freemium" model to offer additional purchases or subscriptions from within the app;
  • displaying ads.
In addition to this, Amazon MAA allows to offer physical and digital products distributed through Amazon and earn up to 6% advertising fees on purchases made through the Amazon Associate program.

Amazon MAA has been available since August 2013 on Android based devices, while there is still no way to use it on iOS devices. Apps that use the Amazon Mobile Associates API may be distributed through any Android store as long as they are available through the Amazon Mobile App Distribution Program.

In the past, Amazon has been known to force developers to kill apps that were using their data in an effort to have customers only buy products on Amazon through their website and mobile apps. As already noticed, this policy changed last year with the introduction of MAA for Android, but still leaves iOS developers out in the cold.

It is also known that Apple has been rejecting apps using outside payment schemes from their App Store. So, it remains to be seen how this will be worked out between Amazon and Apple.

Interested deveopers can submit their use case on Amazon website.


Source: http://www.infoq.com/news/2014/06/amazon-mobile-associate-api-ios
0 Comments

An Introduction to Microservices Design

6/15/2014

0 Comments

 
We have been building monoliths, big pieces of software, we then moved to SOA but we still had problems, now we are moving to microservices, Russ Miles recently described current state of software development in an introduction to designing and building antifragile microservices, using Java as a platform.

Russ compares with boulders, rocks and pebbles where monoliths are like boulders, very hard to change or move. SOA are like rocks, still hard to shift and not really giving the payback we expected. Microservices are like pebbles, very easy to shift around.

Antifragility for Russ means we embrace that system will break; we need to not just embrace change but thrive on it, so that we get better. The starting point to achieve this is for Russ simplicity, with lots of small things that do one job, having one single purpose. Designing for simple components and systems is key when moving to microservices. The focus is on evolution of components, how we build systems that allow evolution and change.

Russ defines microservices as single purpose services that do one thing and do it well at the level of granularity that supports your systems evolution and the strains that you consider important for runtime and design time. The main focus is trying to build software that can adapt and we can only do that if the pieces are small enough to support the differentiation in change across your architecture.

Is Microservices doing SOA the right way? One problem Russ has with SOA is the substantial baggage he thinks goes with the term. He argues that the biggest architectural difference between SOA and microservices is the flow of data through a system, a pipeline of data which he sees as a key abstraction, comparing it with a UNIX pipeline. Russ believes that this pipeline is important and the key motivator driving which microservices to create. In SOA, typically with a hierarchy of services organised in layers, we lose this flow of data because it’s orchestrated within the services.

One big complaint Russ hears is about problems in management and monitoring when breaking one system into many small services. His best advice is to not build services that send out messages either that they are OK or that they are failing, instead have them send “actionable information”, a service should inform about its problems but also what should be done.


Source: 
http://www.infoq.com/news/2014/06/introducing-microservices
0 Comments

Google open sources PDF software library

6/11/2014

0 Comments

 
Google has started an open-source project for a PDF software library, which developers will be able to incorporate into applications designed for a variety of platforms.

The project, called PDFium, will also be wrapped into Google's Chrome browser, replacing closed-source code, according to a post from Google's Chromium project evangelist, François Beaufort.

[ InfoWorld dishes on must-have iPad office apps, essential Android productivity apps, androad warrior standbys. Start downloading! | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

The Chrome browser is mostly open source code, but parts of it have been closed for licensing reasons, such as Adobe Systems' Flash plug-in and a plug-in for PDF files, wrote Peter Kasting, senior software engineer for Chrome's user interface team.

"With PDFium, one of those major moving parts is now open as well," Kasting wrote. "This is great for a lot of reasons. It reduces the number of closed pieces of Chrome, and thus the surface area for which people can be suspicious that we're doing something shady."

A crucial part of the library, the rendering engine, was developed by Foxit Software, which said it will help support the project, hosted on Google Code. Foxit Software specializes in creating products around the PDF standard.

Kasting wrote that Foxit's component is "almost certainly the highest-quality PDF engine available in the open-source world, and can now serve as a reference for other projects." Redditors have been discussing the implications of the project for about three weeks after someone saw the project appear on Google Code.

The code will carry a BSD-3 clause software license. That allows developers to modify and redistribute the code with a proper copyright notice.

Kasting ended his post with: "Now if we could just open-source Flash..."



Source: http://www.infoworld.com/d/open-source-software/google-open-sources-pdf-software-library-244202

0 Comments

Google engineer: We need more Web programming languages

6/10/2014

0 Comments

 
Web applications may one day surpass desktop applications in function and usability -- if developers have more programming languages to choose from, according to a Google engineer.

"You should have more choices of viable languages," said Gilad Bracha, software engineer at Google, speaking to an audience of programmers Wednesday at the QCon developer conferencein New York.

[ Work smarter, not harder -- download the Developers' Survival Guide from InfoWorld for all the tips and trends programmers need to know. | Keep up with the latest developer news with InfoWorld's Developer World newsletter. ]

"I think the Web platform could make Web applications as good or better than native applications," Bracha said. "Ultimately it has to do that. Otherwise, the proprietary app stores will come and eat us all."

The benefits of Web applications are well-understood by developers. They don't need to be installed and they can work on any platform that supports the Web.

Unfortunately, one of the chief drawbacks is that they don't operate when not connected to a network.

So the ability to run Web apps offline will be critical given that, at least for the foreseeable future, many users will not have constant access to network connections.

"The Web is always available, except when it is not," Bracha said. "It isn't always available in a way that you can always rely on it. You may have a network that is slow or flaky, or someone may want to charge you."

Therefore any Web programming language, and its associated ecosystem, must have some way of storing a program for offline use, Bracha said. The Web programming language in the future must also make it easier for the programmer to build and test applications.

The chief language used today for the Web is JavaScript, which is deficient in a number of ways, such as support for offline usage of apps. And this may remain the case for a while: JavaScript is based on the ECMAScript standard, which can take years to be updated. "It should be easier to do these things," Bracha said.

There are other programming languages being built for the Web but very few are viable -- meaning they aren't well-engineered, lack key features and don't operate efficiently, Bracha said.

One of the reasons that Google started work on the Dart programming language, which Bracha helped author, is to provide the Web with an industrial-strength programming language.

Google did not design Dart "to replace JavaScript, but to give you options," Bracha said.

Bracha pointed to some other lesser-known and still experimental languages that show promise as well.

One was Elm, a functional programming language for building GUIs (graphical user interfaces). He demonstrated how only a few lines of Elm could allow the end user to draw a circle in a browser window using only a mouse.

Elm is designed in such a way that once the code is placed into its Web editor, the results show up immediately in a preview screen, eliminating the need to save the code and run the program in a separate window.

"Try this in Swing," Bracha said, referring to the Java GUI widget toolkit that can be cumbersome to use. Bracha also co-authored the Java Language Specification, so he has some experience in that language as well.

Bracha also demonstrated Lively.

Lively is even more responsive than Elm. The developer, when viewing a draft of their program in the browser, can simply click on any part of the application on the screen and Lively will bring up to the screen the specific object code that rendered the object.

Even the Lively code editor is an object that can be manipulated, allowing the developer to move and manipulate any of the controls.

This approach is far easier to work with than, say, using a standard IDE (integrated developer environment) such as Eclipse, which would require the user to scan through thousands of lines of code to find the section that needed to be modified.

Bracha showed off other responsive languages, Leisure and Newspeak, the latter of which Bracha created.

"Hopefully, this will give you an idea of the wonderful variety of stuff that is out there," Bracha told the audience. "Competition is good for everyone."


Source: http://www.infoworld.com/d/application-development/google-engineer-we-need-more-web-programming-languages-244164?page=0,0
0 Comments

Microsoft pushes out massive security update for Internet Explorer

6/9/2014

0 Comments

 
Six down, six to go. Today is the Microsoft Patch Tuesday for June, and it comes with seven new security bulletins. The good news is that five of the seven are only rated as Important, but one of the two Critical security bulletins—the cumulative update for Internet Explorer—is huge.

In all, the seven security bulletins address a total of 66 specific vulnerabilities. The Cumulative Security Update for Internet Explorer (MS14-035) accounts for 59 of them—a record for a single Microsoft security bulletin.

Microsoft issued fixes for flaws in remote desktop, Lync Server, XML Core Services, Word, the TCP protocol, and the Microsoft Graphics Component that affect a range of products and services including versions of Windows and Office. The impact of a successful exploit ranges from denial of service, to information disclosure, to remote code execution, but the “star” of the show is Internet Explorer.

“Last month, IE saw a lot of activity, first with the out-of-band patch released on May 1, a point fix released as part of May’s Patch Tuesday, and a vulnerability that was publicly disclosed by the Zero-Day Initiative on May 21,” says Russ Ernst, director of product management for Lumension.

The cumulative update from Microsoft includes a fix for the vulnerability reported to ZDI. Thankfully, none of the vulnerabilities fixed by this update are actively under attack as far as we know. Even the two flaws that are already publicly disclosed are not facing any known active attacks.

That said, with 59 separate vulnerabilities in the most widely-used browser, it is an absolute certainty that malware developers will be working diligently to reverse-engineer the patches and craft exploits to target those flaws. It is absolutely imperative that you apply the patch for MS14-035 as soon as possible.

The other Critical security bulletin this month—MS14-036—addresses a couple vulnerabilities in Microsoft Graphics component that could enable remote code execution if successfully exploited. The list of affected applications is extensive, including all versions of Windows and Office.

Tyler Reguly, manager of security research for Tripwire, stresses that upgrading to more current operating systems and applications has perks from a security perspective. “MS14-034, which affects only Office 2007, is a reminder that Microsoft's Security Development Lifecycle really does work," he says. "It would be nice to see them shorten their support Windows, forcing consumers and enterprises to upgrade more frequently. This would remove older, more vulnerable software from the picture.”

Review the security bulletins from Microsoft and figure out which ones apply to you. I recommend you install all applicable updates to fix vulnerabilities before malware developers figure out how to exploit them. Start with the two Critical updates—MS14-035 and MS14-036—but then move as quickly as possible to implement the rest of the updates as well.


Source: http://www.pcworld.com/article/2361507/microsoft-pushes-out-massive-security-update-for-internet-explorer.html
0 Comments

Her name is Cortana. Her attitude is almost human.

6/3/2014

0 Comments

 
She was modeled after real-life personal assistants. She is the product of two years of work, and a large team of scientists and product managers. She has video game origins. She is Microsoft's response to Siri and Google Now. She is Artificial Intelligence and proud of it. She is Cortana.

It seems odd to refer to smartphone software as a "she," but that human element is exactlywhat Microsoft is after with its new Windows Phone digital assistant. Cortana, named after her fictional counterpart in the video game series Halo, takes notes, dictates messages and offers up calendar alerts and reminders. But her real standout characteristic, and the one Microsoft's betting heavily on, is the ability to strike up casual conversations with users; what Microsoft calls "chitchat." Next to Apple's Siri, Cortana is the only other smartphone assistant to come with a baked-in personality. And it's hard not to see the parallels between Cortana and the affable, Scarlett Johansson-voiced AI in Spike Jonze's film Her.

Confident, caring, competent, loyal; helpful, but not bossy: These are just some of the words Susan Hendrich, the project manager in charge of overseeing Cortana's personality, used to describe the program's most significant character traits. "She's eager to learn and can be downright funny, peppering her answers with banter or a comeback," Hendrich said. "She seeks familiarity, but her job is to be a personal assistant." With that kind of list, it sure sounds like Hendrich's describing a human. Which is precisely what she and her team set out to do during Cortana's development; create an AI with human-like qualities.

Microsoft's decision to infuse Cortana with a personality stemmed from one end goal: user attachment. "We did some research and found that people are more likely to interact with [AI] when it feels more human," said Hendrich. To illustrate that desired human-machine dynamic, Hendrich pointed to her grandmother's experience with a Roomba vacuum: "She gave a name and a personality to an inanimate object, and it brought her joy." That sense of familiarity is exactly what Microsoft wants Window Phone users to feel when interacting with Cortana on their own devices.

Because the bulk of Cortana's primary functions mirror that of a personal assistant (e.g., make calls, set appointment reminders, etc.), the team decided to take the development process even further and add an extra layer of authenticity. To that end, they interviewed real-life assistants to learn what that job actually entails, and what attributes they exhibit; how they interact with their bosses and what makes them successful. "[It] helped us understand how humans take on that role [of a personal assistant]," Hendrich said. These interviews were also captured on video, a resource the team uses to this day as a reference point for any new situations that may arise.

Beyond relating to users in a naturalistic way, Microsoft realized that Cortana also needed to be fun. In fact, the company's research shows that around 40 percent of all AI interactions involve chitchat. As Hendrich explained: "If you had a personal assistant and you walked into the office, you'd engage in chitchat with them first. You don't go straight into the highest-priority emails and lay out your day."

"Chitchat" with Cortana can range from witty banter to casual chatter. Ask her to tell you a joke and she could reply with this: "Two antennas got married. The ceremony dragged on, but the reception was excellent." If you ask her how old she is, she'll say, "I'm not sure how to carbon date the internet." Microsoft's even snuck in an Easter egg related to Clippy, the helpful, animated paper clip from its Word software. Although these playful responses may strike some as nothing more than cheap tricks on Microsoft's part, they do help users build a rapport with Cortana. If she can make you laugh or smile, you're more likely to continue using the program again and again. At least, that's what Microsoft hopes will happen.

If Cortana sounds familiar, that's because she's partially voiced by Jen Taylor, the original talent behind Halo's Cortana. Microsoft currently synthesizes multiple voices for the program, but Taylor's lines account for a huge percentage of the chitchat you hear, and that amount is only going to increase over time. Though Cortana's current voice doesn't sound quite as natural as say that of Samantha's in Her, the addition of Taylor's human tone does help imbue the program with a more realistic feel.


Read more: http://www.engadget.com/2014/06/04/cortana-microsoft-windows-phone/
0 Comments

Apple pitch to programmers shows threat from Google

6/3/2014

0 Comments

 
Apple's pitch to developers at its annual conference this week shows how Chief Executive Officer Tim Cook is ramping up efforts to keep programmers from switching loyalties to Google and others.

With Google trying to lure coders and designers to create more for its Android mobile software, Apple used its event to introduce new features to keep them in the fold. The iPhone maker showed improved methods for customers to find apps to download, a new programming language to create apps more quickly, and tools so the programs can work seamlessly together.

The announcements represent Apple's most comprehensive set of enhancements for developers since the company debuted its App Store nearly six years ago. For much of that period, the world's most valuable company had a near lock on programmers as iPhones and iPads proliferated, giving developers a vast audience who could download their games and other widgets. Yet Google's Android has since seized market share and others such as Facebook have rolled out tools to cater to developers.

"Apple is going the extra mile" to maintain developer loyalty, said Carolina Milanesi, who studies the mobile industry as research chief at Kantar Worldwide. She said the message Apple is sending is "we wouldn't be here if it weren't for you."

A healthy apps ecosystem is crucial for Apple, with mobile programs including productivity tools and games like Candy Crush helping to drive consumer interest in its devices. Spurred by such App Store downloads, people keep coming back to buy the latest iPhones and iPads, which generate more than 72 per cent of Apple's annual $171 billion in revenue.

Having developers on a company's side has long been a competitive advantage in the technology industry. Microsoft found that in the 1980s and 1990s when many programmers created for Windows and shunned Apple's Macintosh operating system for personal computers.

Microsoft has since seen the flipside, with fewer developers making apps for its Windows Phone software. That has left Windows Phone-based hardware trailing Apple's mobile devices and Google Android gadgets.

Apple worked to make it clear on Monday that it isn't taking developers for granted. The company started its event in San Francisco with a video praising the crowd of 6,000 developers, who cheered wildly at nearly every new feature showed by Apple executives.

"From all of Apple, thank you very much," Cook said during the keynote. The announcements are meant to help build apps on a "whole new level," he said.

Competition for developers in the $23 billion apps industry has intensified in the past few years as more companies strive to grab a piece of the mobile market. Google, which is holding its own developer conference in San Francisco later this month, has overhauled its Google Play apps store to make it more customer friendly and added tools to simplify the production of apps for Android devices.

Facebook also introduced its own set of software tools last month so makers of mobile apps would use its servers as a foundation for producing its programs.

The threat is clear for Apple. As of the end of last year, Android's worldwide market share was 78 per cent, up from 66 per cent in 2012, according to researcher Gartner. Apple's mobile software, iOS, had a 16 per cent share last year, down from 19 per cent in 2012.

The market shifts were enough to push startup WhoDoYou to begin its service on Android instead of the iPhone platform. The business recommendation service, which competes against Yelp and Angie's List, debuted earlier this year.

"We track the percentage of mobile users very carefully and have found that Android is growing more quickly than iPhone," CEO Yoav Schwartz wrote in an e-mail. "Our iPhone app will be coming out soon, so it's not a very strategic decision, but we thought it made sense for us to start on Android first."

Apple still enjoys a key advantage over its rivals: money. Applications make about 85 per cent more revenue on Apple devices than they do on Android, according to App Annie, which tracks the market.

With its newest software unveiled on Monday, Apple added features to address criticism from developers who are finding it harder for their programs to be discovered and make money amid a sea of software.

Apple rolled out new search tools to help customers find programs to download, as well as app bundles so they can buy a batch of apps at a discounted price. The company also added a testing feature so app makers can get people to try something in development, and previews so users can view short videos to see if it's something they want to download.

Apple also added ways for applications to work more closely with each other -- for example, a photo edited in one application can be quickly added to another one. The apps are currently isolated so data can't be shared with another tool.

Developers also will be able to take advantage of new software for health tracking and controlling home appliances. Apple debuted HealthKit to serve as a hub for the different programs now available that track fitness, including steps taken, food eaten or heart rate.

Apple also showed HomeKit, a set of tools for developers to make iPhones work with so-called smart homes by controlling things like a light bulb, door lock and garage door with a smartphone.

Another new feature allows coders to write programs that use Apple's TouchID fingerprint-authentication technology that's on the iPhone 5s. That had previously only been available for Apple services.

In addition to the developer announcements, Apple previewed new iPhone and iPad software, called iOS 8, and a redesigned Mac operating system, called Yosemite. Both will be released later this year.

The updates offer a glimpse of Apple's direction since the death of co-founder Steve Jobs in 2011. With iPhone and iPad sales no longer the source of growth they once were, Cook has been under pressure to deliver another hit. Last week, Eddy Cue, Apple's head of Internet services, said the company's product pipeline is the best it has been in 25 years.

The health-tracking software Apple unveiled on Monday is seen as Apple's first step toward introducing a wearable device later this year.

"It was a show for laying the foundation for the next structures that are going to be built," Horace Dediu, a mobile-industry analyst who runs Asymco, said at the conference.

- Bloomberg


Source: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=11267508
0 Comments
<<Previous
Forward>>

    Author

    NovaED

    Archives

    June 2014
    May 2014
    April 2014
    March 2014
    September 2013
    July 2013
    June 2013
    August 2012
    June 2012
    May 2012
    April 2012
    March 2012
    February 2012
    January 2012
    November 2011
    October 2011

    Categories

    All

    RSS Feed


©2012 NovaED IT Training Services, Inc. 21/F The Pearlbank Centre, 146 Valero Street, Salcedo Village, Makati City, Metro Manila 1227 Philippines. +63 (2) 478-7345