Instagram Tries Clamping Down on Misinformation

Source: https://www.nytimes.com/2020/10/30/technology/instagram-tries-clamping-down-on-misinformation.html
October 30, 2020 at 09:23PM

The photo-sharing site said it would temporarily remove its “recent” tab to slow the spread of harmful content before Tuesday’s election.

What Went Viral This Week

Source: https://www.nytimes.com/2020/10/30/technology/what-went-viral-this-week.html
October 30, 2020 at 09:16PM

Halloween decorations, Harry Styles and a QAnon-adjacent missing children story broke up a wall of pre-election political news.

Newsroom: US Holiday Ecommerce Sales Will Surge 35.8% to $190.47 Billion, Offsetting Brick-and-Mortar Declines

Source: https://www.emarketer.com/newsroom/index.php/us-holiday-ecommerce-sales-will-surge-35-8-to-190-47-billion-offsetting-brick-and-mortar-declines/
October 28, 2020 at 07:01AM

Black Friday and Cyber Monday Will Both Surpass $10 Billion in Ecommerce Sales     Retailers are bracing for a softer holiday season due to the pandemic. They will see, however, a major shift to ecommerce this holiday season. US […]

Amazon and Google’s True Advantage

Source: https://www.nytimes.com/2020/10/30/technology/amazon-google-earnings.html
October 30, 2020 at 07:13PM

These companies have mastered spending big to stay Big Tech.

17 Players in Five States, Composing Over the Internet

Source: https://www.nytimes.com/2020/10/30/arts/music/tyshawn-sorey-alarm-will-sound-music.html
October 30, 2020 at 07:08PM

Alarm Will Sound used multiple videoconferencing tools to master the ambiguities of Tyshawn Sorey’s “Autoschediasms.”

How Three Election-Related Falsehoods Spread

Source: https://www.nytimes.com/2020/10/30/technology/how-three-election-related-falsehoods-spread.html
October 30, 2020 at 01:00PM

The lies took off so rapidly on Facebook and Twitter that local election officials could not contain them.

Twitter Bots Poised to Spread Disinformation Before Election

Source: https://www.nytimes.com/2020/10/29/technology/twitter-bots-poised-to-spread-disinformation-before-election.html
October 30, 2020 at 12:00AM

Researchers found that bots have helped spread falsehoods related to the coronavirus and far-right conspiracy theories such QAnon and “pizzagate.”

Newsroom: US Holiday Ecommerce Sales Will Surge 35.8% to $190.47 Billion, Offsetting Brick-and-Mortar Declines

Source: https://www.emarketer.com/newsroom/index.php/us-holiday-ecommerce-sales-will-surge-35-8-to-190-47-billion-offsetting-brick-and-mortar-declines/
October 28, 2020 at 07:01AM

Black Friday and Cyber Monday Will Both Surpass $10 Billion in Ecommerce Sales     Retailers are bracing for a softer holiday season due to the pandemic. They will see, however, a major shift to ecommerce this holiday season. US […]

Newsroom: US Holiday Ecommerce Sales Will Surge 35.8% to $190.47 Billion, Offsetting Brick-and-Mortar Declines

Source: https://www.emarketer.com/newsroom/index.php/us-holiday-ecommerce-sales-will-surge-35-8-to-190-47-billion-offsetting-brick-and-mortar-declines/
October 28, 2020 at 07:01AM

Black Friday and Cyber Monday Will Both Surpass $10 Billion in Ecommerce Sales     Retailers are bracing for a softer holiday season due to the pandemic. They will see, however, a major shift to ecommerce this holiday season. US […]

Dan Bongino Has No Idea Why Facebook Loves Him

Source: https://www.nytimes.com/2020/10/29/technology/dan-bongino-has-no-idea-why-facebook-loves-him.html
October 30, 2020 at 02:58AM

The right-wing commentator, whose page performs better than those of major news organizations, is perplexed by his social media success.

Big Tech Continues Its Surge Ahead of the Rest of the Economy

Source: https://www.nytimes.com/2020/10/29/technology/apple-alphabet-facebook-amazon-google-earnings.html
October 30, 2020 at 01:56AM

Amazon, Apple, Facebook and Alphabet reported the latest in a string of enormous quarterly profits on Thursday.

Lights Out: Why Your Next Data Center May Be Hands-Free

Source: https://gigaom.com/2020/10/27/lights-out-why-your-next-data-center-may-be-hands-free/
October 27, 2020 at 08:58PM

Could we be entering an era of hands-free data centers, where remote software and robotics handle tasks that until now have fallen to human technicians? That prospect may not be as far off as you think, according to a recent InformationWeek article by John Edwards that explores the push to make data centers autonomous. As Edwards reports, the COVID-19 pandemic has helped force the issue, with data centers worldwide operating at sharply reduced headcount.

GigaOm Analyst Ned Bellavance was cited in the article. He urged IT managers to establish the proper foundation for an automation effort, cautioning that existing data center deployments may be difficult to transition to full hands-free operation. He stressed that a homogeneous and standardized environment is important to achieving success.

As a case in point, Bellavance singles out Microsoft’s Project Natick, an effort to develop enclosed data centers that can be deployed in coastal waters on the seafloor. Microsoft in 2018 deployed a 240kW data center with 12 racks and 864 servers off the coast of Scotland as part of its Phase 2 testing. As Bellavance quips:

“If you want to know what [a] true lights-out [data center] looks like, check out Project Natick from Microsoft. It’s pretty hard to send a tech undersea.”

Figure 1: Microsoft techs slide a rack of data center servers and infrastructure into an undersea container for deployment to the seafloor off the coast of Scotland. (Photo by Frank Betermin)

Ambitious projects aside, Bellavance cautioned that achieving a hands-free, lights-out data center is no small task.

“The fact is, it is incredibly hard to put all the necessary pieces together for a truly lights-out data center. You are looking at a lot of disparate systems that may have their own proprietary format and protocol,” he says.

The good news? Bellavance says progress is being made to establish helpful standards, such as Redfish for out-of-band management of servers, networking, and power management. These efforts are especially important, he explains, because a single tool is unlikely to manage every aspect of the data center.

“For that reason, I would look for management software that does a great job in a specific area and has API hooks for an orchestration layer to grab onto,” Bellavance says.

So how can IT organizations prepare themselves for a bold future full of flying cars and self-driving data centers? Bellavance, who has authored recent GigaOm reports about edge infrastructure and edge colocation, offers a few words of advice:

• Pick a side: Either standardize on a single vendor and platform, Bellavance says, or embrace an open standard for management.
• Get skilled: Hone your automation and orchestration skills, especially around working with RESTful APIs.
• Start small: Begin automating common tasks now and try to find ways you can eliminate trips to the datacenter.
• Keep count: Make a list of common hands-on tasks and prioritize them by frequency and complexity.
• Get redundant: Invest in hardware with a high level of redundancy and a low mean time to failure.
• Fail gracefully: Accept that failures will happen and plan to handle them in a hands-off fashion through proper design and architecture.
• Consider AI: AIOps tools (see GigaOm Radar report) promise intelligent anomaly detection and even automated response. It’s worth keeping an eye on these tools, Bellavance says, but be wary of fantastic claims.

When Is a DevSecOps Vendor Not a DevSecOps Vendor?

Source: https://gigaom.com/2020/10/26/when-is-a-devsecops-vendor-not-a-devsecops-vendor/
October 26, 2020 at 09:18PM

DevOps’ general aim is to enable a more efficient process for producing software and technology solutions and bringing stakeholders together to speed up delivery. But we know from experience that this inherently creative, outcome-driven approach often forgets about one thing until too late in the process—security. Too often, security is brought into the timeline just before deployment, risking last minute headaches and major delays. The security team is pushed into being the Greek chorus of the process, “ruining everyone’s fun” by demanding changes and slowing things down.

But as we know, in the complex, multi-cloud and containerized environment we find ourselves in, security is becoming more important and challenging than ever. And the costs of security failure are not only measured in slower deployment, but in compliance breaches and reputational damage.

The term “DevSecOps” has been coined to characterize how security needs to be at the heart of the DevOps process. This is in part principle and part tools. As a principle, DevSecOps fits with the concept of “shifting left,” that is, ensuring that security is treated as early as possible in the development process. So far, so simple.

From a tooling perspective, however, things get more complicated, not least because the market has seen a number of platforms marketing themselves as DevSecOps. As we have been writing our Key Criteria report on the subject, we have learned that not all DevSecOps vendors are necessarily DevSecOps vendors. Specifically, we have learned to distinguish capabilities that directly enable the goals of DevSecOps from a process perspective, from those designed to support DevSecOps practices. We could define them as: “Those that do, and those that help.”

This is how to tell the two types of vendor apart and how to use them.

Vendors Enabling DevSecOps: “Tools That Do”

A number of tools work to facilitate the DevSecOps process -– let’s bite the bullet and call them DevSecOps tools. They help teams set out each stage of software development, bringing siloed teams together behind a unified vision that allows fast, high-quality development, with security considerations at its core. DevSecOps tools work across the development process, for example:

• Create: Help to set and implement policy
• Develop: Apply guidance to the process and aid its implementation
• Test: Facilitate and guide security testing procedures
• Deploy: Provide reports to assure confidence to deploy the application

The key element that sets these tool sets apart is the ability to automate and reduce friction within the development process. They will prompt action, stop a team from moving from one stage to another if the process has not adequately addressed security concerns, and guide the roadmap for the development from start to finish.

Supporting DevSecOps: “Tools That Help”

In this category we place those tools which aid the execution, and monitoring, of good DevSecOps principles. Security scanning and application/infrastructure hardening tools are a key element of these processes: Software composition analysis (SCA) forms a part of the development stage, static/dynamic application security testing (SAST/DAST) is integral to the test stage and runtime app protection (RASP) is a key to the Deploy stage.

Tools like this are a vital part of the security layer of security tooling, especially just before deployment – and they often come with APIs so they can be plugged into the CI/CD process. However, while these capabilities are very important to DevSecOps, they can be seen in more of a supporting role, rather than being DevSecOps tools per se.

DevSecOps-washing is not a good idea for the enterprise

While one might argue that security should never have been shifted right, DevSecOps exists to ensure that security best practices take place across the development lifecycle. A corollary exists to the idea of “tools that help,” namely that organizations implementing these tools are not “doing DevSecOps,” any more than vendors providing these tools are DevSecOps vendors.

The only way to “do” DevSecOps is to fully embrace security at a process management and governance level: This means assessing risk, defining policy, setting review gates, and disallowing progress for insecure deliverables. Organizations that embrace DevSecOps can get help from what we are calling DevSecOps tools, as well as from scanning and hardening tools that help support its goals.

At the end of the day, all security and governance boils down to risk: If you buy a scanning tool so you can check a box that says “DevSecOps,” you are potentially adding to your risk posture, rather than mitigating it. So, get your DevSecOps strategy fixed first, then consider how you can add automation, visibility, and control using “tools that do,” as well as benefit from “tools that help.”

You (YOU!) Can Stop Election Rumors

Source: https://www.nytimes.com/2020/10/29/technology/election-rumors-misinformation.html
October 29, 2020 at 07:44PM

As Americans vote amid a pandemic, misleading election information seems to be everywhere.

‘South Park’ Creators Break Down 'Sassy Justice,' Their Deepfake Video

Source: https://www.nytimes.com/2020/10/29/arts/television/sassy-justice-south-park-deepfake.html
October 29, 2020 at 07:02PM

In an interview, Trey Parker, Matt Stone and their collaborator Peter Serafinowicz discuss the back story of “Sassy Justice,” their deepfake video that used images of President Trump and others.

‘Tsunamis of Misinformation’ Overwhelm Local Election Officials

Source: https://www.nytimes.com/2020/10/29/technology/misinformation-local-election-officials.html
October 29, 2020 at 12:00PM

From Philadelphia to Sonoma County, Calif., election officials said they were working marathon hours to fight a flood of falsehoods.

Lights Out: Why Your Next Data Center May Be Hands-Free

Source: https://gigaom.com/2020/10/27/lights-out-why-your-next-data-center-may-be-hands-free/
October 27, 2020 at 08:58PM

Could we be entering an era of hands-free data centers, where remote software and robotics handle tasks that until now have fallen to human technicians? That prospect may not be as far off as you think, according to a recent InformationWeek article by John Edwards that explores the push to make data centers autonomous. As Edwards reports, the COVID-19 pandemic has helped force the issue, with data centers worldwide operating at sharply reduced headcount.

GigaOm Analyst Ned Bellavance was cited in the article. He urged IT managers to establish the proper foundation for an automation effort, cautioning that existing data center deployments may be difficult to transition to full hands-free operation. He stressed that a homogeneous and standardized environment is important to achieving success.

As a case in point, Bellavance singles out Microsoft’s Project Natick, an effort to develop enclosed data centers that can be deployed in coastal waters on the seafloor. Microsoft in 2018 deployed a 240kW data center with 12 racks and 864 servers off the coast of Scotland as part of its Phase 2 testing. As Bellavance quips:

“If you want to know what [a] true lights-out [data center] looks like, check out Project Natick from Microsoft. It’s pretty hard to send a tech undersea.”

Figure 1: Microsoft techs slide a rack of data center servers and infrastructure into an undersea container for deployment to the seafloor off the coast of Scotland. (Photo by Frank Betermin)

Ambitious projects aside, Bellavance cautioned that achieving a hands-free, lights-out data center is no small task.

“The fact is, it is incredibly hard to put all the necessary pieces together for a truly lights-out data center. You are looking at a lot of disparate systems that may have their own proprietary format and protocol,” he says.

The good news? Bellavance says progress is being made to establish helpful standards, such as Redfish for out-of-band management of servers, networking, and power management. These efforts are especially important, he explains, because a single tool is unlikely to manage every aspect of the data center.

“For that reason, I would look for management software that does a great job in a specific area and has API hooks for an orchestration layer to grab onto,” Bellavance says.

So how can IT organizations prepare themselves for a bold future full of flying cars and self-driving data centers? Bellavance, who has authored recent GigaOm reports about edge infrastructure and edge colocation, offers a few words of advice:

• Pick a side: Either standardize on a single vendor and platform, Bellavance says, or embrace an open standard for management.
• Get skilled: Hone your automation and orchestration skills, especially around working with RESTful APIs.
• Start small: Begin automating common tasks now and try to find ways you can eliminate trips to the datacenter.
• Keep count: Make a list of common hands-on tasks and prioritize them by frequency and complexity.
• Get redundant: Invest in hardware with a high level of redundancy and a low mean time to failure.
• Fail gracefully: Accept that failures will happen and plan to handle them in a hands-off fashion through proper design and architecture.
• Consider AI: AIOps tools (see GigaOm Radar report) promise intelligent anomaly detection and even automated response. It’s worth keeping an eye on these tools, Bellavance says, but be wary of fantastic claims.

When Is a DevSecOps Vendor Not a DevSecOps Vendor?

Source: https://gigaom.com/2020/10/26/when-is-a-devsecops-vendor-not-a-devsecops-vendor/
October 26, 2020 at 09:18PM

DevOps’ general aim is to enable a more efficient process for producing software and technology solutions and bringing stakeholders together to speed up delivery. But we know from experience that this inherently creative, outcome-driven approach often forgets about one thing until too late in the process—security. Too often, security is brought into the timeline just before deployment, risking last minute headaches and major delays. The security team is pushed into being the Greek chorus of the process, “ruining everyone’s fun” by demanding changes and slowing things down.

But as we know, in the complex, multi-cloud and containerized environment we find ourselves in, security is becoming more important and challenging than ever. And the costs of security failure are not only measured in slower deployment, but in compliance breaches and reputational damage.

The term “DevSecOps” has been coined to characterize how security needs to be at the heart of the DevOps process. This is in part principle and part tools. As a principle, DevSecOps fits with the concept of “shifting left,” that is, ensuring that security is treated as early as possible in the development process. So far, so simple.

From a tooling perspective, however, things get more complicated, not least because the market has seen a number of platforms marketing themselves as DevSecOps. As we have been writing our Key Criteria report on the subject, we have learned that not all DevSecOps vendors are necessarily DevSecOps vendors. Specifically, we have learned to distinguish capabilities that directly enable the goals of DevSecOps from a process perspective, from those designed to support DevSecOps practices. We could define them as: “Those that do, and those that help.”

This is how to tell the two types of vendor apart and how to use them.

Vendors Enabling DevSecOps: “Tools That Do”

A number of tools work to facilitate the DevSecOps process -– let’s bite the bullet and call them DevSecOps tools. They help teams set out each stage of software development, bringing siloed teams together behind a unified vision that allows fast, high-quality development, with security considerations at its core. DevSecOps tools work across the development process, for example:

• Create: Help to set and implement policy
• Develop: Apply guidance to the process and aid its implementation
• Test: Facilitate and guide security testing procedures
• Deploy: Provide reports to assure confidence to deploy the application

The key element that sets these tool sets apart is the ability to automate and reduce friction within the development process. They will prompt action, stop a team from moving from one stage to another if the process has not adequately addressed security concerns, and guide the roadmap for the development from start to finish.

Supporting DevSecOps: “Tools That Help”

In this category we place those tools which aid the execution, and monitoring, of good DevSecOps principles. Security scanning and application/infrastructure hardening tools are a key element of these processes: Software composition analysis (SCA) forms a part of the development stage, static/dynamic application security testing (SAST/DAST) is integral to the test stage and runtime app protection (RASP) is a key to the Deploy stage.

Tools like this are a vital part of the security layer of security tooling, especially just before deployment – and they often come with APIs so they can be plugged into the CI/CD process. However, while these capabilities are very important to DevSecOps, they can be seen in more of a supporting role, rather than being DevSecOps tools per se.

DevSecOps-washing is not a good idea for the enterprise

While one might argue that security should never have been shifted right, DevSecOps exists to ensure that security best practices take place across the development lifecycle. A corollary exists to the idea of “tools that help,” namely that organizations implementing these tools are not “doing DevSecOps,” any more than vendors providing these tools are DevSecOps vendors.

The only way to “do” DevSecOps is to fully embrace security at a process management and governance level: This means assessing risk, defining policy, setting review gates, and disallowing progress for insecure deliverables. Organizations that embrace DevSecOps can get help from what we are calling DevSecOps tools, as well as from scanning and hardening tools that help support its goals.

At the end of the day, all security and governance boils down to risk: If you buy a scanning tool so you can check a box that says “DevSecOps,” you are potentially adding to your risk posture, rather than mitigating it. So, get your DevSecOps strategy fixed first, then consider how you can add automation, visibility, and control using “tools that do,” as well as benefit from “tools that help.”

Officials Warn of Cyberattacks on Hospitals as Virus Cases Spike

Source: https://www.nytimes.com/2020/10/28/us/hospitals-cyberattacks-coronavirus.html
October 29, 2020 at 04:41AM

Government officials warned that hackers were seeking to hold American hospitals’ data hostage in exchange for ransom payments.

‘Perception Hacks’ and Other Potential Threats to the Election

Source: https://www.nytimes.com/2020/10/28/us/politics/2020-election-hacking.html
October 29, 2020 at 03:58AM

In the final days of voting, election officials and cybersecurity experts are keeping a close eye on a range of possible ways foreign governments and other hackers could interfere.

Disinformation Moves From Social Networks to Texts

Source: https://www.nytimes.com/2020/10/28/technology/disinformation-moves-from-social-networks-to-texts.html
October 29, 2020 at 01:56AM

Republicans Blast Social Media C.E.O.s While Democrats Deride Hearing

Source: https://www.nytimes.com/2020/10/28/technology/senate-tech-hearing-section-230.html
October 28, 2020 at 11:05PM

Republican senators accused the leaders of Twitter, Facebook and Google of censorship. Democrats denounced that as posturing.

Facebook Removes Trump and Biden Ads, Saying They Could Mislead Voters

Source: https://www.nytimes.com/2020/10/27/technology/facebook-removes-trump-and-biden-ads-saying-they-could-mislead-voters.html
October 28, 2020 at 05:32AM

We Need Policy, Not WrestleMania

Source: https://www.nytimes.com/2020/10/28/technology/section-230-hearing.html
October 28, 2020 at 07:55PM

Lawmakers could debate an important law that affects speech on the internet. Or they could yell.

Facebook, Google and Twitter C.E.O.s return to Washington to defend their content moderation.

Source: https://www.nytimes.com/2020/10/28/technology/facebook-google-and-twitter-ceos-return-to-washington-to-defend-their-content-moderation.html
October 28, 2020 at 06:03PM

Tech chiefs plan a vigorous defense of speech on their sites.

Source: https://www.nytimes.com/2020/10/28/technology/tech-chiefs-plan-a-vigorous-defense-of-speech-on-their-sites.html
October 28, 2020 at 04:30PM

In their prepared remarks, the leaders of Facebook, Twitter and Google detailed why they supported Section 230.

Big Tech’s chief executives are becoming regulars on Capitol Hill.

Source: https://www.nytimes.com/2020/10/28/technology/big-techs-chief-executives-are-becoming-regulars-on-capitol-hill.html
October 28, 2020 at 04:00PM

Evidence of anti-conservative bias by platforms remains anecdotal.

Source: https://www.nytimes.com/2020/10/28/technology/evidence-of-anti-conservative-bias-by-platforms-remains-anecdotal.html
October 28, 2020 at 03:00PM

Republicans and Democrats have similar goals. They will make different arguments.

Source: https://www.nytimes.com/2020/10/28/technology/republicans-and-democrats-have-similar-goals-they-will-make-different-arguments.html
October 28, 2020 at 02:00PM

Zuckerberg, Dorsey and Pichai Head Back to Washington: Live Updates

Source: https://www.nytimes.com/live/2020/10/28/technology/tech-hearing
October 28, 2020 at 04:20PM

To Do Politics or Not Do Politics? Tech Start-Ups Are Divided

Source: https://www.nytimes.com/2020/10/28/technology/politics-tech-start-ups-culture-war.html
October 28, 2020 at 12:00PM

Coinbase, Expensify, Soylent, Clubhouse and others are embroiled in a culture war over politics and the workplace.

Trump Campaign Website Is Defaced by Hackers

Source: https://www.nytimes.com/2020/10/27/technology/trump-campaign-website-defaced-hackers.html
October 28, 2020 at 04:27AM

The defacement lasted less than 30 minutes, and the hackers appeared to be looking to generate cryptocurrency.

Lights Out: Why Your Next Data Center May Be Hands-Free

Source: https://gigaom.com/2020/10/27/lights-out-why-your-next-data-center-may-be-hands-free/
October 27, 2020 at 08:58PM

Could we be entering an era of hands-free data centers, where remote software and robotics handle tasks that until now have fallen to human technicians? That prospect may not be as far off as you think, according to a recent InformationWeek article by John Edwards that explores the push to make data centers autonomous. As Edwards reports, the COVID-19 pandemic has helped force the issue, with data centers worldwide operating at sharply reduced headcount.

GigaOm Analyst Ned Bellavance was cited in the article. He urged IT managers to establish the proper foundation for an automation effort, cautioning that existing data center deployments may be difficult to transition to full hands-free operation. He stressed that a homogeneous and standardized environment is important to achieving success.

As a case in point, Bellavance singles out Microsoft’s Project Natick, an effort to develop enclosed data centers that can be deployed in coastal waters on the seafloor. Microsoft in 2018 deployed a 240kW data center with 12 racks and 864 servers off the coast of Scotland as part of its Phase 2 testing. As Bellavance quips:

“If you want to know what [a] true lights-out [data center] looks like, check out Project Natick from Microsoft. It’s pretty hard to send a tech undersea.”

Figure 1: Microsoft techs slide a rack of data center servers and infrastructure into an undersea container for deployment to the seafloor off the coast of Scotland. (Photo by Frank Betermin)

Ambitious projects aside, Bellavance cautioned that achieving a hands-free, lights-out data center is no small task.

“The fact is, it is incredibly hard to put all the necessary pieces together for a truly lights-out data center. You are looking at a lot of disparate systems that may have their own proprietary format and protocol,” he says.

The good news? Bellavance says progress is being made to establish helpful standards, such as Redfish for out-of-band management of servers, networking, and power management. These efforts are especially important, he explains, because a single tool is unlikely to manage every aspect of the data center.

“For that reason, I would look for management software that does a great job in a specific area and has API hooks for an orchestration layer to grab onto,” Bellavance says.

So how can IT organizations prepare themselves for a bold future full of flying cars and self-driving data centers? Bellavance, who has authored recent GigaOm reports about edge infrastructure and edge colocation, offers a few words of advice:

• Pick a side: Either standardize on a single vendor and platform, Bellavance says, or embrace an open standard for management.
• Get skilled: Hone your automation and orchestration skills, especially around working with RESTful APIs.
• Start small: Begin automating common tasks now and try to find ways you can eliminate trips to the datacenter.
• Keep count: Make a list of common hands-on tasks and prioritize them by frequency and complexity.
• Get redundant: Invest in hardware with a high level of redundancy and a low mean time to failure.
• Fail gracefully: Accept that failures will happen and plan to handle them in a hands-off fashion through proper design and architecture.
• Consider AI: AIOps tools (see GigaOm Radar report) promise intelligent anomaly detection and even automated response. It’s worth keeping an eye on these tools, Bellavance says, but be wary of fantastic claims.

When Is a DevSecOps Vendor Not a DevSecOps Vendor?

Source: https://gigaom.com/2020/10/26/when-is-a-devsecops-vendor-not-a-devsecops-vendor/
October 26, 2020 at 09:18PM

DevOps’ general aim is to enable a more efficient process for producing software and technology solutions and bringing stakeholders together to speed up delivery. But we know from experience that this inherently creative, outcome-driven approach often forgets about one thing until too late in the process—security. Too often, security is brought into the timeline just before deployment, risking last minute headaches and major delays. The security team is pushed into being the Greek chorus of the process, “ruining everyone’s fun” by demanding changes and slowing things down.

But as we know, in the complex, multi-cloud and containerized environment we find ourselves in, security is becoming more important and challenging than ever. And the costs of security failure are not only measured in slower deployment, but in compliance breaches and reputational damage.

The term “DevSecOps” has been coined to characterize how security needs to be at the heart of the DevOps process. This is in part principle and part tools. As a principle, DevSecOps fits with the concept of “shifting left,” that is, ensuring that security is treated as early as possible in the development process. So far, so simple.

From a tooling perspective, however, things get more complicated, not least because the market has seen a number of platforms marketing themselves as DevSecOps. As we have been writing our Key Criteria report on the subject, we have learned that not all DevSecOps vendors are necessarily DevSecOps vendors. Specifically, we have learned to distinguish capabilities that directly enable the goals of DevSecOps from a process perspective, from those designed to support DevSecOps practices. We could define them as: “Those that do, and those that help.”

This is how to tell the two types of vendor apart and how to use them.

Vendors Enabling DevSecOps: “Tools That Do”

A number of tools work to facilitate the DevSecOps process -– let’s bite the bullet and call them DevSecOps tools. They help teams set out each stage of software development, bringing siloed teams together behind a unified vision that allows fast, high-quality development, with security considerations at its core. DevSecOps tools work across the development process, for example:

• Create: Help to set and implement policy
• Develop: Apply guidance to the process and aid its implementation
• Test: Facilitate and guide security testing procedures
• Deploy: Provide reports to assure confidence to deploy the application

The key element that sets these tool sets apart is the ability to automate and reduce friction within the development process. They will prompt action, stop a team from moving from one stage to another if the process has not adequately addressed security concerns, and guide the roadmap for the development from start to finish.

Supporting DevSecOps: “Tools That Help”

In this category we place those tools which aid the execution, and monitoring, of good DevSecOps principles. Security scanning and application/infrastructure hardening tools are a key element of these processes: Software composition analysis (SCA) forms a part of the development stage, static/dynamic application security testing (SAST/DAST) is integral to the test stage and runtime app protection (RASP) is a key to the Deploy stage.

Tools like this are a vital part of the security layer of security tooling, especially just before deployment – and they often come with APIs so they can be plugged into the CI/CD process. However, while these capabilities are very important to DevSecOps, they can be seen in more of a supporting role, rather than being DevSecOps tools per se.

DevSecOps-washing is not a good idea for the enterprise

While one might argue that security should never have been shifted right, DevSecOps exists to ensure that security best practices take place across the development lifecycle. A corollary exists to the idea of “tools that help,” namely that organizations implementing these tools are not “doing DevSecOps,” any more than vendors providing these tools are DevSecOps vendors.

The only way to “do” DevSecOps is to fully embrace security at a process management and governance level: This means assessing risk, defining policy, setting review gates, and disallowing progress for insecure deliverables. Organizations that embrace DevSecOps can get help from what we are calling DevSecOps tools, as well as from scanning and hardening tools that help support its goals.

At the end of the day, all security and governance boils down to risk: If you buy a scanning tool so you can check a box that says “DevSecOps,” you are potentially adding to your risk posture, rather than mitigating it. So, get your DevSecOps strategy fixed first, then consider how you can add automation, visibility, and control using “tools that do,” as well as benefit from “tools that help.”

Courting Visibility: Value Stream Management

Source: https://gigaom.com/2020/10/23/courting-visibility-value-stream-management/
October 23, 2020 at 04:29PM

“If you can’t measure it, you can’t manage it.”

It’s an old management saw, but one rooted in truth, especially in the arena of software development where establishing a common vision and language of success can be so important. DevOps practices have for years given organizations a model for linking and streamlining processes, enabling both continuous integration (CI) and continuous delivery (CD). But as GigaOm VP of Research Jon Collins explains, businesses still struggle with understanding the actual value derived from these processes.

In his recent Strategy Considerations report, “Driving Value Through Visibility,” Jon emphasizes that delivering on innovation requires more than moving from a project to a product mindset. It hinges on the ability to measure success, across both the products you create and the processes you use to create them.

“Across organizations today, we’re seeing DevOps have to up the ante—to move beyond simply doing things faster and towards enabling software-based innovation to take place in a managed, well-governed way,” Jon explains in an interview. “Value Stream Management (VSM) is an essential tool in the DevOps governance tool chest, helping deliver both more efficient pipelines and higher-value results.”

At the core of VSM is the concept of visibility, which makes it possible for organizations to apply the right process to the right goals. In the report, Jon points out that visibility confers the insight needed for managers to set goals and prioritize activities, for process owners to identify bottlenecks and address their causes, and for all stakeholders to gain a common basis on which to collaborate. Within the context of VSM, visibility does two things:

• Ensure efficiency (“doing things right”): This is about minimizing wasteful activity and maximizing both productivity and job satisfaction.
• Ensure effectiveness (“doing the right thing”): This involves delivering results of maximum value to the business, making best practices repeatable, and replicating success across teams.

Figure 1: VSM Considers Both Efficiency and Effectiveness

This isn’t about process efficiency—well, it is, but that’s more a means than an end when it comes to achieving business goals. Rather, developing visibility is about ensuring that your delivery cycles work in lockstep with the needs of business leaders to yield positive outcomes and maximize your innovation process. In short, it becomes the link between IT and the business—two entities that too often stand at opposite ends of a chasm.

Learn more about Collins’ Strategy Considerations Report, “Driving Value Through Visibility.”

Trump Allies Amp Up Fight Over Tech’s Legal Shield Before Election

Source: https://www.nytimes.com/2020/10/27/technology/social-media-senate-hearing.html
October 28, 2020 at 02:02AM

Their animosity is likely to be on full display at a hearing on Wednesday with the leaders of Facebook, Google and Twitter.

The Year in Misinformation, So Far

Source: https://www.nytimes.com/2020/10/27/technology/the-year-in-misinformation-so-far.html
October 28, 2020 at 01:16AM

Dubious stories about George Soros, Ukraine and vote-by-mail have spread widely on social media this year, and we may just be warming up.

Jon Stewart Returns With a Series for Apple TV+

Source: https://www.nytimes.com/2020/10/27/business/media/jon-stewart-apple-tv.html
October 28, 2020 at 12:34AM

On his new program, the former “Daily Show” host will “explore topics that are currently part of the national conversation and his advocacy work,” Apple said.

Lights Out: Why Your Next Data Center May Be Hands-Free

Source: https://gigaom.com/2020/10/27/lights-out-why-your-next-data-center-may-be-hands-free/
October 27, 2020 at 08:58PM

Could we be entering an era of hands-free data centers, where remote software and robotics handle tasks that until now have fallen to human technicians? That prospect may not be as far off as you think, according to a recent InformationWeek article by John Edwards that explores the push to make data centers autonomous. As Edwards reports, the COVID-19 pandemic has helped force the issue, with data centers worldwide operating at sharply reduced headcount.

GigaOm Analyst Ned Bellavance was cited in the article. He urged IT managers to establish the proper foundation for an automation effort, cautioning that existing data center deployments may be difficult to transition to full hands-free operation. He stressed that a homogeneous and standardized environment is important to achieving success.

As a case in point, Bellavance singles out Microsoft’s Project Natick, an effort to develop enclosed data centers that can be deployed in coastal waters on the seafloor. Microsoft in 2018 deployed a 240kW data center with 12 racks and 864 servers off the coast of Scotland as part of its Phase 2 testing. As Bellavance quips:

“If you want to know what [a] true lights-out [data center] looks like, check out Project Natick from Microsoft. It’s pretty hard to send a tech undersea.”

Figure 1: Microsoft techs slide a rack of data center servers and infrastructure into an undersea container for deployment to the seafloor off the coast of Scotland. (Photo by Frank Betermin)

Ambitious projects aside, Bellavance cautioned that achieving a hands-free, lights-out data center is no small task.

“The fact is, it is incredibly hard to put all the necessary pieces together for a truly lights-out data center. You are looking at a lot of disparate systems that may have their own proprietary format and protocol,” he says.

The good news? Bellavance says progress is being made to establish helpful standards, such as Redfish for out-of-band management of servers, networking, and power management. These efforts are especially important, he explains, because a single tool is unlikely to manage every aspect of the data center.

“For that reason, I would look for management software that does a great job in a specific area and has API hooks for an orchestration layer to grab onto,” Bellavance says.

So how can IT organizations prepare themselves for a bold future full of flying cars and self-driving data centers? Bellavance, who has authored recent GigaOm reports about edge infrastructure and edge colocation, offers a few words of advice:

• Pick a side: Either standardize on a single vendor and platform, Bellavance says, or embrace an open standard for management.
• Get skilled: Hone your automation and orchestration skills, especially around working with RESTful APIs.
• Start small: Begin automating common tasks now and try to find ways you can eliminate trips to the datacenter.
• Keep count: Make a list of common hands-on tasks and prioritize them by frequency and complexity.
• Get redundant: Invest in hardware with a high level of redundancy and a low mean time to failure.
• Fail gracefully: Accept that failures will happen and plan to handle them in a hands-off fashion through proper design and architecture.
• Consider AI: AIOps tools (see GigaOm Radar report) promise intelligent anomaly detection and even automated response. It’s worth keeping an eye on these tools, Bellavance says, but be wary of fantastic claims.

Don’t Even Try Paying Cash in China

Source: https://www.nytimes.com/2020/10/27/technology/alipay-china.html
October 27, 2020 at 08:29PM

How two apps created new kinds of commerce in China, and what a cashless future might look like.

Airbnb Fights Its ‘Party House Problem’

Source: https://www.nytimes.com/2020/10/27/business/airbnb-party-house-coronavirus.html
October 27, 2020 at 07:13PM

Noise. Damages. Safety questions. Airbnb is racing to address the risks posed by partying guests before it goes public.

A.M.D. Agrees to Buy Xilinx for $35 Billion in Stock

Source: https://www.nytimes.com/2020/10/27/technology/amd-xilinx-35-billion-stock-deal.html
October 27, 2020 at 03:03PM

The deal would broaden A.M.D.’s business into chips for markets like 5G communications and automotive electronics.

When Is a DevSecOps Vendor Not a DevSecOps Vendor?

Source: https://gigaom.com/2020/10/26/when-is-a-devsecops-vendor-not-a-devsecops-vendor/
October 26, 2020 at 09:18PM

DevOps’ general aim is to enable a more efficient process for producing software and technology solutions and bringing stakeholders together to speed up delivery. But we know from experience that this inherently creative, outcome-driven approach often forgets about one thing until too late in the process—security. Too often, security is brought into the timeline just before deployment, risking last minute headaches and major delays. The security team is pushed into being the Greek chorus of the process, “ruining everyone’s fun” by demanding changes and slowing things down.

But as we know, in the complex, multi-cloud and containerized environment we find ourselves in, security is becoming more important and challenging than ever. And the costs of security failure are not only measured in slower deployment, but in compliance breaches and reputational damage.

The term “DevSecOps” has been coined to characterize how security needs to be at the heart of the DevOps process. This is in part principle and part tools. As a principle, DevSecOps fits with the concept of “shifting left,” that is, ensuring that security is treated as early as possible in the development process. So far, so simple.

From a tooling perspective, however, things get more complicated, not least because the market has seen a number of platforms marketing themselves as DevSecOps. As we have been writing our Key Criteria report on the subject, we have learned that not all DevSecOps vendors are necessarily DevSecOps vendors. Specifically, we have learned to distinguish capabilities that directly enable the goals of DevSecOps from a process perspective, from those designed to support DevSecOps practices. We could define them as: “Those that do, and those that help.”

This is how to tell the two types of vendor apart and how to use them.

Vendors Enabling DevSecOps: “Tools That Do”

A number of tools work to facilitate the DevSecOps process -– let’s bite the bullet and call them DevSecOps tools. They help teams set out each stage of software development, bringing siloed teams together behind a unified vision that allows fast, high-quality development, with security considerations at its core. DevSecOps tools work across the development process, for example:

• Create: Help to set and implement policy
• Develop: Apply guidance to the process and aid its implementation
• Test: Facilitate and guide security testing procedures
• Deploy: Provide reports to assure confidence to deploy the application

The key element that sets these tool sets apart is the ability to automate and reduce friction within the development process. They will prompt action, stop a team from moving from one stage to another if the process has not adequately addressed security concerns, and guide the roadmap for the development from start to finish.

Supporting DevSecOps: “Tools That Help”

In this category we place those tools which aid the execution, and monitoring, of good DevSecOps principles. Security scanning and application/infrastructure hardening tools are a key element of these processes: Software composition analysis (SCA) forms a part of the development stage, static/dynamic application security testing (SAST/DAST) is integral to the test stage and runtime app protection (RASP) is a key to the Deploy stage.

Tools like this are a vital part of the security layer of security tooling, especially just before deployment – and they often come with APIs so they can be plugged into the CI/CD process. However, while these capabilities are very important to DevSecOps, they can be seen in more of a supporting role, rather than being DevSecOps tools per se.

DevSecOps-washing is not a good idea for the enterprise

While one might argue that security should never have been shifted right, DevSecOps exists to ensure that security best practices take place across the development lifecycle. A corollary exists to the idea of “tools that help,” namely that organizations implementing these tools are not “doing DevSecOps,” any more than vendors providing these tools are DevSecOps vendors.

The only way to “do” DevSecOps is to fully embrace security at a process management and governance level: This means assessing risk, defining policy, setting review gates, and disallowing progress for insecure deliverables. Organizations that embrace DevSecOps can get help from what we are calling DevSecOps tools, as well as from scanning and hardening tools that help support its goals.

At the end of the day, all security and governance boils down to risk: If you buy a scanning tool so you can check a box that says “DevSecOps,” you are potentially adding to your risk posture, rather than mitigating it. So, get your DevSecOps strategy fixed first, then consider how you can add automation, visibility, and control using “tools that do,” as well as benefit from “tools that help.”

Courting Visibility: Value Stream Management

Source: https://gigaom.com/2020/10/23/courting-visibility-value-stream-management/
October 23, 2020 at 04:29PM

“If you can’t measure it, you can’t manage it.”

It’s an old management saw, but one rooted in truth, especially in the arena of software development where establishing a common vision and language of success can be so important. DevOps practices have for years given organizations a model for linking and streamlining processes, enabling both continuous integration (CI) and continuous delivery (CD). But as GigaOm VP of Research Jon Collins explains, businesses still struggle with understanding the actual value derived from these processes.

In his recent Strategy Considerations report, “Driving Value Through Visibility,” Jon emphasizes that delivering on innovation requires more than moving from a project to a product mindset. It hinges on the ability to measure success, across both the products you create and the processes you use to create them.

“Across organizations today, we’re seeing DevOps have to up the ante—to move beyond simply doing things faster and towards enabling software-based innovation to take place in a managed, well-governed way,” Jon explains in an interview. “Value Stream Management (VSM) is an essential tool in the DevOps governance tool chest, helping deliver both more efficient pipelines and higher-value results.”

At the core of VSM is the concept of visibility, which makes it possible for organizations to apply the right process to the right goals. In the report, Jon points out that visibility confers the insight needed for managers to set goals and prioritize activities, for process owners to identify bottlenecks and address their causes, and for all stakeholders to gain a common basis on which to collaborate. Within the context of VSM, visibility does two things:

• Ensure efficiency (“doing things right”): This is about minimizing wasteful activity and maximizing both productivity and job satisfaction.
• Ensure effectiveness (“doing the right thing”): This involves delivering results of maximum value to the business, making best practices repeatable, and replicating success across teams.

Figure 1: VSM Considers Both Efficiency and Effectiveness

This isn’t about process efficiency—well, it is, but that’s more a means than an end when it comes to achieving business goals. Rather, developing visibility is about ensuring that your delivery cycles work in lockstep with the needs of business leaders to yield positive outcomes and maximize your innovation process. In short, it becomes the link between IT and the business—two entities that too often stand at opposite ends of a chasm.

Learn more about Collins’ Strategy Considerations Report, “Driving Value Through Visibility.”

5 Lessons on Voter Misinformation From Kentucky’s Election in 2019

Source: https://www.nytimes.com/2020/10/26/technology/5-lessons-on-voter-misinformation-from-kentuckys-election-in-2019.html
October 27, 2020 at 12:11AM

The incumbent governor and some of his allies argued, without showing any evidence, that there were voting irregularities and fraud.

Twitter to Highlight Accurate Voting Information

Source: https://www.nytimes.com/2020/10/26/technology/twitter-to-highlight-accurate-voting-information.html
October 26, 2020 at 10:34PM

The effort is meant to preemptively debunk some false and misleading information about the election.

When Is a DevSecOps Vendor Not a DevSecOps Vendor?

Source: https://gigaom.com/2020/10/26/when-is-a-devsecops-vendor-not-a-devsecops-vendor/
October 26, 2020 at 09:18PM

DevOps’ general aim is to enable a more efficient process for producing software and technology solutions and bringing stakeholders together to speed up delivery. But we know from experience that this inherently creative, outcome-driven approach often forgets about one thing until too late in the process—security. Too often, security is brought into the timeline just before deployment, risking last minute headaches and major delays. The security team is pushed into being the Greek chorus of the process, “ruining everyone’s fun” by demanding changes and slowing things down.

But as we know, in the complex, multi-cloud and containerized environment we find ourselves in, security is becoming more important and challenging than ever. And the costs of security failure are not only measured in slower deployment, but in compliance breaches and reputational damage.

The term “DevSecOps” has been coined to characterize how security needs to be at the heart of the DevOps process. This is in part principle and part tools. As a principle, DevSecOps fits with the concept of “shifting left,” that is, ensuring that security is treated as early as possible in the development process. So far, so simple.

From a tooling perspective, however, things get more complicated, not least because the market has seen a number of platforms marketing themselves as DevSecOps. As we have been writing our Key Criteria report on the subject, we have learned that not all DevSecOps vendors are necessarily DevSecOps vendors. Specifically, we have learned to distinguish capabilities that directly enable the goals of DevSecOps from a process perspective, from those designed to support DevSecOps practices. We could define them as: “Those that do, and those that help.”

This is how to tell the two types of vendor apart and how to use them.

Vendors Enabling DevSecOps: “Tools That Do”

A number of tools work to facilitate the DevSecOps process -– let’s bite the bullet and call them DevSecOps tools. They help teams set out each stage of software development, bringing siloed teams together behind a unified vision that allows fast, high-quality development, with security considerations at its core. DevSecOps tools work across the development process, for example:

• Create: Help to set and implement policy
• Develop: Apply guidance to the process and aid its implementation
• Test: Facilitate and guide security testing procedures
• Deploy: Provide reports to assure confidence to deploy the application

The key element that sets these tool sets apart is the ability to automate and reduce friction within the development process. They will prompt action, stop a team from moving from one stage to another if the process has not adequately addressed security concerns, and guide the roadmap for the development from start to finish.

Supporting DevSecOps: “Tools That Help”

In this category we place those tools which aid the execution, and monitoring, of good DevSecOps principles. Security scanning and application/infrastructure hardening tools are a key element of these processes: Software composition analysis (SCA) forms a part of the development stage, static/dynamic application security testing (SAST/DAST) is integral to the test stage and runtime app protection (RASP) is a key to the Deploy stage.

Tools like this are a vital part of the security layer of security tooling, especially just before deployment – and they often come with APIs so they can be plugged into the CI/CD process. However, while these capabilities are very important to DevSecOps, they can be seen in more of a supporting role, rather than being DevSecOps tools per se.

DevSecOps-washing is not a good idea for the enterprise

While one might argue that security should never have been shifted right, DevSecOps exists to ensure that security best practices take place across the development lifecycle. A corollary exists to the idea of “tools that help,” namely that organizations implementing these tools are not “doing DevSecOps,” any more than vendors providing these tools are DevSecOps vendors.

The only way to “do” DevSecOps is to fully embrace security at a process management and governance level: This means assessing risk, defining policy, setting review gates, and disallowing progress for insecure deliverables. Organizations that embrace DevSecOps can get help from what we are calling DevSecOps tools, as well as from scanning and hardening tools that help support its goals.

At the end of the day, all security and governance boils down to risk: If you buy a scanning tool so you can check a box that says “DevSecOps,” you are potentially adding to your risk posture, rather than mitigating it. So, get your DevSecOps strategy fixed first, then consider how you can add automation, visibility, and control using “tools that do,” as well as benefit from “tools that help.”

Driverless Cars Go Humble to Get Real

Source: https://www.nytimes.com/2020/10/26/technology/driverless-cars.html
October 26, 2020 at 07:14PM

Recent developments point to promise for driverless car technology, if we stay realistic.

Ant Challenged Beijing and Prospered. Now It Toes the Line.

Source: https://www.nytimes.com/2020/10/26/technology/ant-group-ipo-china.html
October 26, 2020 at 05:29PM

The tech giant, which is preparing for a mega I.P.O., has transformed personal finance in China. Regulators have taken notice.

All About Ant Group, the Next Big Tech I.P.O.

Source: https://www.nytimes.com/2020/10/26/technology/ant-group-ipo-explained.html
October 26, 2020 at 03:38PM

The tech giant’s coming share sale will be among the largest ever. But the company has made most of its impact in just one country: China.

Ant Group Set to Raise $34 Billion in World’s Biggest I.P.O.

Source: https://www.nytimes.com/2020/10/26/technology/ant-group-ipo-valuation.html
October 26, 2020 at 02:53PM

The Alibaba online finance spinoff, which offers people in China a one-stop shop for loans, investments and more, will list shares in Hong Kong and Shanghai.

Schools Clamored for Seesaw. That Was the Good News, and the Bad News.

Source: https://www.nytimes.com/2020/10/25/technology/seesaw-school-app.html
October 25, 2020 at 10:57PM

It wasn’t simple to become a do-it-all education tool almost overnight.

Courting Visibility: Value Stream Management

Source: https://gigaom.com/2020/10/23/courting-visibility-value-stream-management/
October 23, 2020 at 04:29PM

“If you can’t measure it, you can’t manage it.”

It’s an old management saw, but one rooted in truth, especially in the arena of software development where establishing a common vision and language of success can be so important. DevOps practices have for years given organizations a model for linking and streamlining processes, enabling both continuous integration (CI) and continuous delivery (CD). But as GigaOm VP of Research Jon Collins explains, businesses still struggle with understanding the actual value derived from these processes.

In his recent Strategy Considerations report, “Driving Value Through Visibility,” Jon emphasizes that delivering on innovation requires more than moving from a project to a product mindset. It hinges on the ability to measure success, across both the products you create and the processes you use to create them.

“Across organizations today, we’re seeing DevOps have to up the ante—to move beyond simply doing things faster and towards enabling software-based innovation to take place in a managed, well-governed way,” Jon explains in an interview. “Value Stream Management (VSM) is an essential tool in the DevOps governance tool chest, helping deliver both more efficient pipelines and higher-value results.”

At the core of VSM is the concept of visibility, which makes it possible for organizations to apply the right process to the right goals. In the report, Jon points out that visibility confers the insight needed for managers to set goals and prioritize activities, for process owners to identify bottlenecks and address their causes, and for all stakeholders to gain a common basis on which to collaborate. Within the context of VSM, visibility does two things:

• Ensure efficiency (“doing things right”): This is about minimizing wasteful activity and maximizing both productivity and job satisfaction.
• Ensure effectiveness (“doing the right thing”): This involves delivering results of maximum value to the business, making best practices repeatable, and replicating success across teams.

Figure 1: VSM Considers Both Efficiency and Effectiveness

This isn’t about process efficiency—well, it is, but that’s more a means than an end when it comes to achieving business goals. Rather, developing visibility is about ensuring that your delivery cycles work in lockstep with the needs of business leaders to yield positive outcomes and maximize your innovation process. In short, it becomes the link between IT and the business—two entities that too often stand at opposite ends of a chasm.

Learn more about Collins’ Strategy Considerations Report, “Driving Value Through Visibility.”

With Vacation Rentals Empty, European Cities See a Chance to Reclaim Housing

Source: https://www.nytimes.com/2020/10/25/world/europe/airbnb-lisbon-housing.html
October 25, 2020 at 12:00PM

Platforms like Airbnb have been criticized for raising living costs in popular cities. Now, officials are trying to move properties aimed at tourists to long-term leases.

Apple, Google and a Deal That Controls the Internet

Source: https://www.nytimes.com/2020/10/25/technology/apple-google-search-antitrust.html
October 25, 2020 at 10:00AM

In a landmark antitrust complaint, the Justice Department is targeting a secretive partnership that is worth billions of dollars to both companies.

How The Epoch Times Created a Giant Influence Machine

Source: https://www.nytimes.com/2020/10/24/technology/epoch-times-influence-falun-gong.html
October 24, 2020 at 06:17PM

Since 2016, the Falun Gong-backed newspaper has used aggressive Facebook tactics and right-wing misinformation to create an anti-China, pro-Trump media empire.

Everyone Is Gay on TikTok

Source: https://www.nytimes.com/2020/10/24/style/tiktok-gay-homiesexuals.html
October 24, 2020 at 12:00PM

Straight young men on the app are posting suggestive videos with their buddies. It’s not just about the views.

Trump’s Claims About Hunter Biden Send Online Activity Soaring

Source: https://www.nytimes.com/2020/10/23/technology/trumps-claims-about-hunter-biden-send-online-activity-soaring.html
October 24, 2020 at 04:34AM

Google searches and Facebook posts about Joseph R. Biden Jr.’s son rose after President Trump’s misleading comments at Thursday’s debate.

U.S. Issues Sanctions on Russian Center Involved in Potentially Deadly Cyberattacks

Source: https://www.nytimes.com/2020/10/23/us/politics/russia-cyberattack-saudi-plant-sanctions.html
October 24, 2020 at 12:39AM

The penalties were aimed at a Russian research center that developed tools used in a cyberattack on a Saudi petrochemical plant, which took out the safety controls used to prevent an explosion.

What Went Viral This Week

Source: https://www.nytimes.com/2020/10/23/technology/what-went-viral-this-week.html
October 24, 2020 at 12:38AM

Stories about Pope Francis, separated children and 50 Cent’s Trump endorsement dominated engagement on social media this week.

Russians Who Pose Election Threat Have Hacked Nuclear Plants and Power Grid

Source: https://www.nytimes.com/2020/10/23/us/politics/energetic-bear-russian-hackers.html
October 24, 2020 at 12:09AM

The hacking group, Energetic Bear, is among Russia’s stealthiest. It appears to be casting a wide net to find useful targets ahead of the election, experts said.

Fox News Is Covering Hunter Biden Claims More Than 2016 WikiLeaks Emails

Source: https://www.nytimes.com/2020/10/23/technology/fox-news-hunter-biden.html
October 23, 2020 at 10:40PM

In contrast, CNN and MSNBC gave more airtime to the Podesta cache four years ago, according to the Atlantic Council’s Digital Forensic Research Lab.

Courting Visibility: Value Stream Management

Source: https://gigaom.com/2020/10/23/courting-visibility-value-stream-management/
October 23, 2020 at 04:29PM

“If you can’t measure it, you can’t manage it.”

It’s an old management saw, but one rooted in truth, especially in the arena of software development where establishing a common vision and language of success can be so important. DevOps practices have for years given organizations a model for linking and streamlining processes, enabling both continuous integration (CI) and continuous delivery (CD). But as GigaOm VP of Research Jon Collins explains, businesses still struggle with understanding the actual value derived from these processes.

In his recent Strategy Considerations report, “Driving Value Through Visibility,” Jon emphasizes that delivering on innovation requires more than moving from a project to a product mindset. It hinges on the ability to measure success, across both the products you create and the processes you use to create them.

“Across organizations today, we’re seeing DevOps have to up the ante—to move beyond simply doing things faster and towards enabling software-based innovation to take place in a managed, well-governed way,” Jon explains in an interview. “Value Stream Management (VSM) is an essential tool in the DevOps governance tool chest, helping deliver both more efficient pipelines and higher-value results.”

At the core of VSM is the concept of visibility, which makes it possible for organizations to apply the right process to the right goals. In the report, Jon points out that visibility confers the insight needed for managers to set goals and prioritize activities, for process owners to identify bottlenecks and address their causes, and for all stakeholders to gain a common basis on which to collaborate. Within the context of VSM, visibility does two things:

• Ensure efficiency (“doing things right”): This is about minimizing wasteful activity and maximizing both productivity and job satisfaction.
• Ensure effectiveness (“doing the right thing”): This involves delivering results of maximum value to the business, making best practices repeatable, and replicating success across teams.

Figure 1: VSM Considers Both Efficiency and Effectiveness

This isn’t about process efficiency—well, it is, but that’s more a means than an end when it comes to achieving business goals. Rather, developing visibility is about ensuring that your delivery cycles work in lockstep with the needs of business leaders to yield positive outcomes and maximize your innovation process. In short, it becomes the link between IT and the business—two entities that too often stand at opposite ends of a chasm.

Learn more about Collins’ Strategy Considerations Report, “Driving Value Through Visibility.”

Newsroom: US Ecommerce Channel Ad Spending Will Jump Nearly 40% This Year to More than $17 Billion

Source: https://www.emarketer.com/newsroom/index.php/us-ecommerce-channel-ad-spending-will-jump-nearly-40-this-year-to-more-than-17-billion/
October 22, 2020 at 07:01AM

Amazon will drive roughly three-quarters of the market, but another retail giant continues to gain share     Marketers will spend $17.37 billion on advertising on ecommerce sites and apps this year, according to eMarketer’s first-ever forecast of ecommerce channel ad spending. Ad […]

Why Washington Hates Big Tech

Source: https://www.nytimes.com/2020/10/23/technology/why-washington-hates-big-tech.html
October 23, 2020 at 07:16PM

American politicians are divided on almost everything. They agree on this: Big Tech must change.

It’s a Ballot Fight for Survival for Gig Companies Like Uber

Source: https://www.nytimes.com/2020/10/23/technology/uber-lyft-california-prop-22.html
October 23, 2020 at 12:00PM

A group that also includes Lyft and DoorDash has spent nearly $200 million to support a California proposition that could save them from a new labor law.

Newsroom: US Ecommerce Channel Ad Spending Will Jump Nearly 40% This Year to More than $17 Billion

Source: https://www.emarketer.com/newsroom/index.php/us-ecommerce-channel-ad-spending-will-jump-nearly-40-this-year-to-more-than-17-billion/
October 22, 2020 at 07:01AM

Amazon will drive roughly three-quarters of the market, but another retail giant continues to gain share     Marketers will spend $17.37 billion on advertising on ecommerce sites and apps this year, according to eMarketer’s first-ever forecast of ecommerce channel ad spending. Ad […]

Appeals Court Says Uber and Lyft Must Treat California Drivers as Employees

Source: https://www.nytimes.com/2020/10/22/technology/uber-lyft-california.html
October 23, 2020 at 04:10AM

The ruling adds new urgency to a ballot measure in the state that would exempt the companies from a new labor law intended to give gig workers more employment rights.

Thanks to Trump, Huawei’s Cool New Phones Might Be Limited Edition

Source: https://www.nytimes.com/2020/10/22/technology/huawei-mate-40-trump.html
October 22, 2020 at 04:35PM

The battered Chinese giant won’t say how many of its new handsets it can produce. U.S. restrictions may have curtailed access to essential components.

F.T.C. Decision on Pursuing Facebook Antitrust Case Is Said to Be Near

Source: https://www.nytimes.com/2020/10/22/technology/facebook-antitrust-ftc.html
October 23, 2020 at 02:13AM

Any action would follow the Justice Department’s landmark suit this week against Google, as a bipartisan tech backlash ramps up.

Trump Still Miles Ahead of Biden in Social Media Engagement

Source: https://www.nytimes.com/2020/10/22/technology/trump-facebook.html
October 22, 2020 at 09:14PM

President Trump is behind in many swing-state polls, but his social media accounts are attracting as much attention as ever.

Why the 5G Pushiness? Because $$$.

Source: https://www.nytimes.com/2020/10/22/technology/5g-phone-companies.html
October 22, 2020 at 07:27PM

Selling 5G capability is a huge opportunity for phone companies. Be careful.

Newsroom: US Ecommerce Channel Ad Spending Will Jump Nearly 40% This Year to More than $17 Billion

Source: https://www.emarketer.com/newsroom/index.php/us-ecommerce-channel-ad-spending-will-jump-nearly-40-this-year-to-more-than-17-billion/
October 22, 2020 at 07:01AM

Amazon will drive roughly three-quarters of the market, but another retail giant continues to gain share     Marketers will spend $17.37 billion on advertising on ecommerce sites and apps this year, according to eMarketer’s first-ever forecast of ecommerce channel ad spending. Ad […]

Thanks to Trump, Huawei’s Cool New Phones Might Be Limited Edition

Source: https://www.nytimes.com/2020/10/22/technology/huawei-mate-40-trump.html
October 22, 2020 at 04:35PM

The battered Chinese giant won’t say how many of its new handsets it can produce. U.S. restrictions may have curtailed access to essential components.

An Electric Car With Swedish Roots, and a Rebellious Streak

Source: https://www.nytimes.com/2020/10/22/business/polestar-2-electric-cars.html
October 22, 2020 at 01:00PM

The Polestar 2 inherits some classic Scandinavian design elements from its Volvo lineage, but aims to be a little more free spirited.

Forget Antitrust Laws. To Limit Tech, Some Say a New Regulator Is Needed.

Source: https://www.nytimes.com/2020/10/22/technology/antitrust-laws-tech-new-regulator.html
October 22, 2020 at 12:00PM

Even as the Justice Department sued Google, some antitrust experts wondered whether a different government response would be more effective.

Top Investigator in Google Case Says There ‘Was Not a Rush’ to Sue

Source: https://www.nytimes.com/2020/10/22/technology/doj-google-jeffrey-rosen.html
October 22, 2020 at 12:00PM

Jeffrey A. Rosen, the deputy attorney general, said the Justice Department knew the company would use its many resources to fight the agency.

Art Auctions Embrace a Future of Socially Distant Bidding

Source: https://www.nytimes.com/2020/10/22/arts/auctions-technology.html
October 22, 2020 at 12:00PM

New tools, born of necessity, may be part of a lasting change.

In Hubbub Over New York Post Report, YouTube Stands Apart

Source: https://www.nytimes.com/2020/10/15/technology/youtube-hunter-biden.html
October 22, 2020 at 02:20AM

Facebook and Twitter clamped down on an unsubstantiated New York Post article about Hunter Biden. YouTube has gone a different route.

TikTok Cracks Down on QAnon and Hate Speech

Source: https://www.nytimes.com/2020/10/21/technology/tiktok-qanon.html
October 22, 2020 at 01:22AM

TikTok’s changes follow in the footsteps of its larger and more popular contemporaries.

Quibi, Short-Form Streaming Service, Quickly Shuts Down

Source: https://www.nytimes.com/2020/10/21/business/media/quibi-shutting-down.html
October 22, 2020 at 01:12AM

The company started by Jeffrey Katzenberg and Meg Whitman had a high-profile launch and megawatt Hollywood stars involved but failed to find an audience.

Misinformation in America Thrives in Two Languages

Source: https://www.nytimes.com/2020/10/21/technology/misinformation-in-america-thrives-in-two-languages.html
October 22, 2020 at 12:58AM

False and misleading information is being spread widely in Spanish, researchers say.

Big Tech’s Professional Opponents Strike at Google

Source: https://www.nytimes.com/2020/10/21/technology/big-tech-professional-opponents.html
October 22, 2020 at 12:25AM

An unlikely collection of lawyers, activists, economists and academics is fueling the tech backlash, armed with funding from billionaire sponsors.

A TV Station’s Mistake Highlights Fears of Election Night Misinformation

Source: https://www.nytimes.com/2020/10/20/technology/tv-station-mistake-arkansas.html
October 20, 2020 at 08:55PM

A graphic on an evening news broadcast in Arkansas showed President Trump winning the state three weeks before Election Day.

Trump Official’s Tweet, and Its Removal, Set Off Flurry of Anti-Mask Posts

Source: https://www.nytimes.com/2020/10/19/technology/trump-officials-tweet-and-its-removal-set-off-flurry-of-anti-mask-posts.html
October 20, 2020 at 01:09AM

The tweet, from Dr. Scott Atlas, one of the president’s top science advisers, was debunked by many experts and deleted by Twitter.

Police Can Open Your Phone. It’s OK

Source: https://www.nytimes.com/2020/10/21/technology/police-can-open-your-phone-its-ok.html
October 21, 2020 at 07:34PM

The police actually can unlock phones. And, no, it’s not the worst thing ever for cybersecurity.

Activists Turn Facial Recognition Tools Against the Police

Source: https://www.nytimes.com/2020/10/21/technology/facial-recognition-police.html
October 21, 2020 at 04:58PM

“We’re now approaching the technological threshold where the little guys can do it to the big guys,” one researcher said.

Application Modernization: A GigaOm Field Test

Source: https://gigaom.com/2020/10/20/application-modernization-a-gigaom-field-test/
October 20, 2020 at 04:47PM

So-called legacy software gets that name for a reason—it’s done enough for the organization over the years to earn a legacy enabling the business. But as GigaOm Analyst Ned Bellavance notes in a recently published GigaOm benchmark report (“Costs and Benefits of .NET Application Migration to the Cloud”), aging on-premises applications and infrastructure can work against businesses as they seek to scale, innovate, and grow.

A cloud modernization effort can change that. By migrating application logic and functionality to the cloud, enterprises avail themselves of the matchless scalability and managed services offered by major cloud providers. In the report, Bellevance lays out four options for organizations looking to cloudify their application portfolios.

Figure 1: Cloud Application Modernization Spectrum

• Rehost: “Lift-and-shift” virtual machines running on on-premises servers to cloud-based servers. Simple and quick.
• Replatform: Migrate application logic (say, ASP.NET apps) to a cloud-based Platform as a Service (PaaS) from an on-premises platform. Still simple and adds managed infrastructure, but requires minor code changes.
• Refactor: Review and restructure existing code to leverage cloud-based models and services. True cloud focus and deep PaaS integration comes at the cost of major code changes and re-architecting.
• Rewrite: Replace existing on-premises applications with cloud-native versions offering similar, if not enhanced functionality. Complex and time consuming, but the resulting cloud-native applications are loosely coupled and independently scalable.

Of these, replatforming offers considerable value and opportunity. Organizations avoid the cost and risk of new application development, while gaining access to powerful managed services and the raw scalability of the cloud.

In the report, Bellavance designed a series of benchmark tests designed to prove out real-world application performance across three, largely equivalent on-premises and cloud-based PaaS infrastructures:

• Windows VMs running on VMware
• Microsoft Azure using Azure App Service and Azure SQL Database
• AWS using Elastic Beanstalk, EC2, and Amazon RDS

His findings? Performance among the three options was roughly on par—unsurprising given that the test environment was designed for equivalency—but the costs varied markedly. The estimated cost of the tested on-premises infrastructure was $69,300, while the equivalent cost for AWS was $43,060. By contrast, for .NET shops moving to Azure, the cost was even lower—just $31,824.

The steep advantage versus AWS comes in large part from Azure Hybrid Benefit licensing, which enables Microsoft customers to apply their existing Windows Server and SQL Server licenses to Azure virtual machines and Azure SQL Database instances. And that can yield more than $10,000 in savings for an Azure migration compared to AWS.

Read the full GigaOm Report, “Costs and Benefits of .NET Application Migration to the Cloud.”