January 19, 2017 brianradio2016

If you’ve been sitting on the sidelines, waiting for the unpaid beta testers to finish their jobs running down the bad parts of the latest Windows patches, your wait’s over. It’s time to get everything brought up to snuff.

In the Windows 7 and 8.1 world, Microsoft didn’t release any new nonsecurity patches in the past month and only one fairly innocuous security patch for Win7. There was absolutely nothing, zilch, for Win 8.1. For Win10 users, there’s been a cumulative update with one well-documented bug. Office patches have been relatively benign.

Office patches

One of the December Office patches, the KB 3128008 Security patch for Excel 2013, broke the Send as PDF and Send as XPS functions in Excel. If you installed the patch at the end of December, you had to work around the problem. It was solved on Jan. 10, with KB 3141475, so if you install the latest bunch of Office patches, you’ll be in good shape.

There’s one odd patch: KB 3141490 is a last-ditch patch for Word Viewer 2003 before Microsoft abandons the Word Viewer in November. If it appears, you want it.

January 19, 2017 brianradio2016

Facebook’s AI research team has released a Python package for GPU-accelerated deep neural network programming that can complement or partly replace existing Python packages for math and stats, such as NumPy.

A Python implementation of the Torch machine learning framework, PyTorch has enjoyed broad uptake at Twitter, Carnegie Mellon University, Salesforce, and Facebook.

Torch was originally implemented in C with a wrapper in the Lua scripting language, but PyTorch wraps the core Torch binaries in Python and provides GPU acceleration for many functions.

Torch is a tensor library for manipulating multidimensional matrices of data employed in machine learning and many other math-intensive applications. PyTorch provides libraries for basic tensor manipulation on CPUs or GPUs, a built-in neural network library, model training utilities, and a multiprocessing library that can work with shared memory, “useful for data loading and hogwild training,” as PyTorch’s developers put it.

January 19, 2017 brianradio2016

Starting in April, Oracle will treat JAR files signed with the MD5 hashing algorithm as if they were unsigned, which means modern releases of the Java Runtime Environment (JRE) will block those JAR files from running. The shift is long overdue, as MD5’s security weaknesses are well-known, and more secure algorithms should be used for code signing instead.

“Starting with the April Critical Patch Update releases, planned for April 18, 2017, all JRE versions will treat JARs signed with MD5 as unsigned,” Oracle wrote on its Java download page.

Code-signing JAR files bundled with Java libraries and applets is a basic security practice as it lets users know who actually wrote the code, and it has not been altered or corrupted since it was written. In recent years, Oracle has been beefing up Java’s security model to better protect systems from external exploits and to allow only signed code to execute certain types of operations. An application without a valid certificate is potentially unsafe.

Newer versions of Java now require all JAR files to be signed with a valid code-signing key, and starting with Java 7 Update 51, unsigned or self-signed applications are blocked from running.

January 19, 2017 brianradio2016

Stratoscale is a small company with a very big ambition: to turn your datacenter into an Amazon Web Services (AWS) region. Forget OpenStack, forget VMware. Stratoscale aims to help IT shops get beyond device-level virtualization and deliver the same app-friendly building blocks AWS provides. In the process, the company promises to cut the cost of operating datacenters by more than 80 percent.

Founder and CEO Ariel Maislos, who cashed in big in selling an earlier flash memory startup to Apple, says CIOs don’t want to build out bigger VMware-based datacenters. Instead, they want to build Amazon-like datacenters, and Stratoscale has the best solution for those hybrid public/private AWS ambitions. In this installment of the IDG CEO Interview Series, Maislos spoke with Chief Content Officer John Gallant about why longtime VMware customers would gamble on his emerging company and exactly what it means to turn your datacenter into an AWS region using what is essentially Stratoscale’s datacenter operating system. Maislos also talked about why OpenStack – which he dubbed a ‘nightmare’ – isn’t the answer for the dynamic datacenter.

IDGE: Why was Stratoscale founded? What problem did you set out to solve?

January 19, 2017 brianradio2016

Natural relationships between data contain a gold mine of insights for business users. Unfortunately, traditional databases have long stored data in ways that break these relationships, hiding what could be valuable insight. Although databases that focus on the relational aspect of data analytics abound, few are as effective at revealing the hidden valuable insights as a graph database.

A graph database is designed from the ground up to help the user understand and extrapolate nuanced insight from large, complex networks of interrelated data. Highly visual graph databases represent discrete data points as “vertices” or “nodes.” The relationships between these vertices are depicted as connections called “edges.” Metadata, or “properties” of vertices and edges, are also stored within the graph database to provide more in-depth knowledge of each object. Traversal allows users to move between all the data points and find the specific insights the user seeks.

To better explain how graph databases work, I will use IBM Graph, a technology that I helped to build and am excited to teach new users about. Let’s dive in.

Intro to IBM Graph

Based on the Apache TinkerPop framework for building high-performance graph applications, IBM Graph is built to enable and work with powerful applications through a fully managed graph database service. In turn, the service provides users with simplified HTTP APIs, an Apache TinkerPop v3 compatible API, and the full Apache TinkerPop v3 query language. The goal of this type of database is to make it easier to discover and explore the relationships in a property graph with index-free adjacency using nodes, edges, and properties. In other words, every element in the graph is directly connected to adjoining elements, eliminating the need for index lookups to traverse a graph. 

January 19, 2017 brianradio2016


A prank text can freeze your iPhone.

Apple has another odd iOS bug to fix after someone found that iPhones running iOS 10 will crash upon receiving a text with just three characters, including waving white flag and rainbow emoji.

Unfortunately, there’s nothing iPhone owners can do to prevent a contact sending the malicious text, which trips up the iPhone and causes a temporary crash or, in technical terms, a denial of service.

The YouTube channel EverythingApplePro demonstrates how to copy and send the message, which in some cases can cause the sender’s device to crash also.

The bug was discovered by a computer science student with the Twitter handle @preston159, who explains the message will freeze an iPhone when that string of characters arrives via iMessage and is displayed as a banner notification.

While the recipient sees a flag emoji, a zero, and a rainbow emoji, the zero is actually a Unicode-based instruction for emoji and other characters — called a variation selector — which iOS 10 can’t process. As noted by EverythingApplePro, the emoji string doesn’t crash iOS 9, likely because it doesn’t support emoji.

“What you see in the text is the waving white flag emoji, a zero, and the rainbow emoji. The rainbow flag emoji isn’t an emoji in itself, it’s made of three characters: waving white flag, a character called variation selector 16 (VS16 for short), and the rainbow,” says Preston 159 in a writeup of the bug.

“What VS16 does in this case essentially is tells the device to combine the two surrounding characters into one emoji, yielding the rainbow flag (this is similar to how skin tone modifiers work, but not exactly the same). The text you’re copying is actually waving white flag, VS16, zero, rainbow emoji.

“What I’m assuming is happening is that the phone tries to combine the waving white flag and the zero into an emoji, but this obviously can’t be done. Usually the phone wouldn’t try to do this, but it notices that the rainbow emoji is also there, and knows that it can combine the white flag and rainbow emoji, so it tries.”

As noted by Preston159, there are multiple ways to trigger this bug in iOS, including by sending a contact file from from an Android device. The bug affects iOS 10 through to the latest iOS 10.2.

Apple had not responded to a request for comment at the time of publication.

January 18, 2017 brianradio2016

Slack, the popular work chat app, has launched one of the features that users have been clamoring for over its entire lifetime: Threaded messages.

On Wednesday, the company began the process of rolling out the update to all of its users, which will allow them to keep conversations about a particular topic corralled into a single thread. The feature is designed to keep conversations on a particular topic out of the main flow of a chat channel, the company said in a blog post.

Starting a thread just requires users to hover over a message, click the “Start a Thread” button, and type their response. Replies will be grouped into a sidebar thread, and a small link will appear below the original message showing who has replied to a thread and how many replies it has garnered.

Users have been requesting threaded replies for years as a way to help deal with crowded chat channels where multiple conversations are going on at once. Slack allows users in a channel to talk with one another in a single, uninterrupted flow, which means it can be difficult when folks are discussing two or more different topics. This feature should help with that, along with assisting in reducing clutter from ancillary discussions.

January 18, 2017 brianradio2016

Blockchains, AI, internet of things (IoT), and other emergent technologies are all going to be major forces in the coming year, notes IT industry analyst firm CompTIA in its IT Industry Outlook 2017 report.

But these new-school technologies are hemmed in by some of the industry’s oldest and most pervasive problems: Lack of qualified people to make the most of them, laggardly approaches to security, and whether or not they represent solutions still looking for a good problem.

What do we do with this?

In CompTIA’s eyes, the emergent technologies of the coming year include software-defined components (the enablers of “hyperconverged infrastructure”), blockchain technology, and machine learning/artificial intelligence. As with the cloud environments most of these will prosper in, they’re “primarily focused on the back end, and [we] will see initial adoption at the enterprise level before moving downstream into the SMB space.”

The hard part will be figuring out where they’re genuinely useful. Blockchain’s original name-brand application, bitcoin, has turned out to be only one of many possible uses for the tech, with automated contracts or tamper-proof databases on the list as well. Right now it’s the biggest of the boys, the likes of IBM and Microsoft, that are making blockchain useful; when this trickles down to small businesses, it’ll likely be through tech those companies are already familiar with — such as databases — and not necessarily entirely new applications.

January 18, 2017 brianradio2016

October’s major overhaul of Windows 7 and 8.1 patching – I call it the patchocalypse – brought a new grouping of patches and a new cadence to patching. The methods have changed a bit since October, with the latest change announced a week ago. At this point, here’s what you should expect:

First Tuesday: All Office patches (typically there are many), both security and nonsecurity, appear on the first Tuesday of each month. The patches are for Office 2010, 2013, 2016, and their various components, plus the Office Viewers. Folks using Office Click-to-Run usually get updated on the first Tuesday as well, although the channels and build numbers can get confusing.

Second Tuesday: All of the current versions of Windows 10 (right now that’s “1507,” 1511, and 1607) get cumulative updates, which include both security and nonsecurity patches. Windows 7 and 8.1 each get two patches: the Security-only update, and the Monthly Rollup. Those of you who want to stay current with all of Microsoft’s patches (I call that Group A) should install the Monthly Rollup. Those of you who want to avoid everything except the security patches (Group B) should install the Security-only update. The Monthly Rollup is cumulative through October 2016 and includes the Security-only patches.

If you aren’t confused, you aren’t following along.

January 18, 2017 brianradio2016

IoT device vendors now have a very powerful and flexible board at their disposal. The Raspberry Pi foundation has launched the much-awaited Compute Module 3.

There are clear advantages of using the Compute Module instead of non-standard custom boards that are expensive to design and manufacture.  In addition to lowering hardware cost, it also reduced the load of software development.

The software is the core component of any smart device, and writing custom software for their own SoC poses many challenges for companies. They have to not only write but also maintain the software, and bugs remain undetected and exploited. As these companies move to newer versions of hardware, they have to write new custom software for those new versions of hardware, which leaves older devices unmaintained and unpatched. There is way too much custom software to be maintained.

In a nutshell: it’s a nightmare.