Google+ Followers

Wednesday, June 4, 2014

A Strategic Technology Adoption Framework

Click below to watch the video

Strategic adoption of technologies, especially bringing in new ones as they become viable, is key to the success of every organization whether it’s delivering pizzas or launching a spaceship. It’s important to have a framework that enables the CTO or chief technologist to monitor and guide, what I call, the “technology intake” -- how new technology is identified, piloted, and brought into operational use in a slow, but steady manner. I call it a strategic framework for technology adoption.

To give you a concrete example of such a framework, let’s go with the pizza delivery business.  I am not an expert on pizza delivery, but I’d start by laying out a high-level view of the pizza ordering --> cooking --> delivery --> driver management processes, as you can see in the figure -- (if you stop and think about it, you can draw such a high-level process diagram for whatever happens to be the core business of your organization and it’s scalable from mom-and-pop operations to huge, multinational chains (just that the number of process areas may be more in a bigger organization).



Next I jot down the key technologies currently in operational use -- there is usually the information technology (IT) back-end systems and databases that span all process areas and then there are other technologies that are specific to the tasks being performed in each area. Most of these technologies also integrate with the back-end IT.

Finally, I lay out a technology timeline that goes through the sequence from (1) identifying new technologies, (2) exploring their use, (3) piloting the promising ones, and (4) putting into operation the ones that work.

As you may have guessed by now, the idea is to keep an eye on the technology landscape, relevant to your business, pick promising ones for piloting and implement those that are successfully piloted.

You can use the framework for allocating and managing the technology budget as well. You can look at budget allocated to each of the process areas.

On the “technology intake” side, you’d expect bulk of the overall budget to be dedicated to running current operations. Identifying and exploring relevant technologies should be a continuous, low-cost effort. Piloting will need some funds, and putting a new technology into operational use would cost even more.

Although it’s a simple framework, it can help you with the never-ending process of refreshing the technologies, including IT, that help run your business and keep it competitive.

Friday, May 16, 2014

How Bitcoin works?


No need to read, just watch this video :-)



Bitcoin is virtual money, but without any central bank or authority to maintain or vouch for your account. Instead it’s all done in a decentralized manner using cryptography.



It’s traditional to explain anything involving cryptography using Bob and Alice, so I’ll do the same. To send or receive bitcoins, both Bob and Alice will run a bitcoin client software on their computer and they will create bitcoin wallets -- each wallet is a collection of bitcoin addresses and each bitcoin address can hold some bitcoins.


Each bitcoin address is a unique public key that’s paired with its private key and you can create a bitcoin address for each transaction or use an existing address.


For Alice to pay Bob some bitcoin, Bob will send Alice a bitcoin address and Alice will use her bitcoin client to initiate a transfer from one of her bitcoin addresses to Bob’s. The client uses the private key associated with Alice’s bitcoin address to sign the transaction and sends it out to all the bitcoin miners on the network.


The bitcoin miners uses Alice’s public key to verify that the transaction is coming from a legitimate owner. They bundle this transaction with many others occurring within a 10-minute timeframe and try to add this new block of transactions to a public ledger, called “block chain”


.This step requires the software running on the miner’s computers to compute what is called a “hash” of the transaction block along with a number (called a “nonce”) so that the hash starts with a certain number of zeros. The more the number of zeros, the tougher the problem because the miners have to keep trying many, many “nonces” until they get a hash with the required number of zeros up front, that then has to be accepted by majority of the miners. As a reward for successfully adding a block of transactions to the blockchain, the block includes a transaction giving the winning miner a number of bitcoins (currently 25, but this will reduce over time).

Once a block of transactions is added to the block chain it’s computationally too time-consuming to alter it, which ensures that no one can double-spend bitcoins.

So, that in a nutshell, is how bitcoin works.

Here's some more information to help you...

The original paper by Satoshi Nakamoto: Bitcoin: A Peer-to-Peer Electronic Cash System

Dec 2013 Chicago Fed letter on Bitcoin: Bitcoin: A primer

To get started with using Bitcoin:Getting started with Bitcoin

To get started with Bitcoin mining: Getting Started from bitcoinmining.com


Sunday, February 9, 2014

Wedding toast in English and Spanish (Un brindis de boda)

Note: This is a toast -- in Enlglish and then in Spanish -- to my daughter Ivy and son-in-law Arnau at their wedding reception in Barcelona at meeatings23   It was a great reception with friends and family and excellent food cooked by a chef in the kitchen next door to the room where we celebrated. By the way, my prepared text, shown below, does not fully match the video because I improvised :-)

English version

Good evening everyone. We are very happy to gather here today with our families and friends to celebrate the marriage of Ivy and Arnau.

I feel proud as the father of the bride to admire our beautiful daughter with her handsome husband.  

I remember as if it were only yesterday... when Ivy was 4 years old, one day she started reading a storybook to us and we were shocked because we didn't know how and when Ivy learned to read.  Ivy always loved reading and writing. When she was in elementary school, she liked to write stories and poems that I sent to the local newspaper where they would publish them. She is also very good with languages, which is coming in handy, now that she is learning Catalan and she already speaks Spanish quite well.

Ivy is extremely smart, creative, and talented, but what she lacked was confidence in herself. All that changed when she met Arnau during his visit the United States in 2011. After they got together, Ivy has blossomed into a mature, confident artist.

Which is why, we think Arnau is great for Ivy. He’s very considerate and thoughtful-- not to mention, extremely artistic and smart. Ivy and Arnau have been together now for over two years. They have embarked on a promising musical journey* together. 

With their love and friendship Ivy and Arnau can face anything that life may throw at them. And, if there are any problems, we’ll all be right there to help them through any difficult times.
---------
* Anòmia -- a platform created by Arnau Sala and Ivy Barkakati in 2012 in Barcelona

En español:

Buenas noches! Gracias por venir aquí para celebrar la boda de Ivy y Arnau.

Me siento muy feliz mirar a nuestra linda hija y guapo yerno. Recuerdo como si hubiera sido ayer cuando Ivy tenía cuatro años y ella empezó a leernos un libro de cuentos. Nos ha sorprendido mucho porque no sabía cómo y cuándo Ivy aprendió a leer. A Ivy siempre le gustaba leer y escribir cuando era niña. Escribía pequeñas historias y poesías y los enviaba a un periódico donde los publicaban.

Ivy tenía mucha habilidad de aprender idiomas. Es bueno porque ahora está aprendiendo catalán y tiene mucha fluidez en español.

Ivy es muy inteligente, creativa y talentosa, pero lo que le faltaba era confianza en sí misma. Todo eso cambió cuando conoció a Arnau durante su visita a los Estados Unidos en 2011. Después se llegaron juntos, Ivy se ha transformado en una artista madura y segura.  

Por eso creemos que Arnau es genial para Ivy. Arnau es muy amable y atento, no por mencionar, muy artístico y inteligente también. Ivy y Arnau han estado juntos durante más de dos años ahora. Juntos han embarcado en un viaje musical** con un futuro prometedor.

Con su amor y amistad Ivy y Arnau pueden superar cualquier problema que les depara la vida. Y, si hay algún problema, todos estaremos ahí para ayudarles a través de cualquier tiempo difícil.
----
** Anòmia es una plataforma creada por Arnau Sala y Ivy Barkakati en el año 2012 en Barcelona

Toast -- Brindis:

Antes de terminar, quisiera proponer un brindis por la pareja más importante esta noche... si por favor me acompañad…
Before I close, may I propose a toast to the most important couple tonight... if you’d please join me...

Ladies and Gentlemen, here’s to a long and happy marriage life for Ivy and Arnau!

Damas y caballeros, brindemos por la felicidad y una larga vida juntos de Ivy y Arnau.


¡Por Ivy y Arnau!


Note: for more information on how I am learning to speak Spanish, please see:  http://nbtmv.blogspot.com/2011/12/nbtmv-step-3-of-learning-spanish-is-to.html


Friday, August 23, 2013

Why is 3D Printing important



As I explained in another video, 3D printing is essentially a way of constructing a 3-dimensional object by putting down thin layers of material. The 3D printer deposits the layers by using information from a computer file that describes the object’s 3-dimensional shape. So, in essence, you can create any object once you have a 3D printer, the material for the object, and the computer file that describes the object’s shape. This can really shake things up when it comes to manufacturing products, which is why 3D printing is so important and is getting so much attention.

For starters, you can now buy a desktop 3D printer and build complex (but small) products at home. This is like the early days of personal computing -- only, this time, it’s “personal manufacturing.” We’ll have to wait and see what the hobbyists achieve with 3D printing, but it’s exciting because “personal manufacturing” could shake things up just as personal computers did.

On the commercial side, engineers are now able to “3D print” fully functional metal parts using titanium and steel. If commercial manufacturing moves to 3D printing, you won’t need factories with assembly lines to make products, instead they can be built in one or more 3D printers. And a single 3D printing facility could print many different types of products. You would be able to “print” products on demand and at many different locations -- all you have to do is send over the data file for the product. It’d make sense to print products at locations near customers.

On the other hand, you need far fewer people to operate 3D printers than assembly lines. That could mean less jobs, but that could also be helpful for an aging society. If 3D printing is the way products are manufactured, then there won’t be any need to set up factories in countries with cheap labor. That’s something to think about.

Finally, 3D printing is not limited to just the types of products we currently know -- researchers are working on printing many different types of objects, including, for example, tissues and human organs. Who knows, someday in the future, there’d be 3D-printed artificial organs for people who need transplants!

Monday, August 19, 2013

What is 3D Printing



3D printing is a lot in technology news nowadays. It’s essentially a way of constructing a 3-dimensional object by putting down thin layers of material. You can understand it best by looking at an example (see my video for the details).


Suppose you needed an object of a certain shape for a project. In the past, you'd have started with a block of material and removed the parts you don't need to arrive at the desired shape. That's "subtractive manufacturing" where you create a shape by removing material. If you think about it, you could also create that object by putting down the material a layer at a time, each layer with the needed shape. That, in essence, is 3D printing -- the method of creating a 3D object by laying down material a layer at a time. It's also called "additive manufacturing" because you add material rather than remove material. As you can see, this approach is less wasteful because you end up using exactly the amount of material you need.

3D printers are already available for people to buy and use. Here is an example -- the Makerbot Replicator -- that costs around two to three thousand dollars. The situation with 3D Printers is similar to when the PCs first became widely available in early to mid 1980s. If you are into it, you can now buy a 3D Printer and experiment with it, as many are already doing.
These printers use plastic filaments that are melted and laid down layer by layer to create a 3D object from a computer file that describes the object. The printer takes the 3D description and keeps putting down material layer by layer until the whole shape is created. You can create objects of any complexity with this approach. For example, using the old "subtractive" approach, it's quite difficult to create an object with some complex cavity inside of it, but something like that is simple to do with 3D printers.

Although most consumer 3D printers use plastic as the material, there are industrial 3D printers that can "print" objects using metals and other materials. General Electric, for example, is printing jet engine parts using 3D printers and whole cars have been printed using industrial 3D printers.



The example I used in the video showed an object created from paper and guess what, The Economist magazine had an article in its Aug 10th-016th, 2013 issue that talks about a 3D printer that creates 3D objects using paper!

That's 3D Printing in simple terms. Later I'll discuss why it's such a big deal.

Wednesday, August 14, 2013

Some defenses against Advanced Persistent Threats




Remember that Advanced Persistent Threats (APTs) take advantage of vulnerabilities in software such as the Web browser, Microsoft Office applications, or Adobe Acrobat to install malware (think of malware as bad software) -- usually a remote access tool (RAT) on your system that communicates with the attacker through command-and-control servers. As an individual, your best defense against these attacks is to make sure that you apply all available software updates. On Windows systems, you can set up automatic updates so that this happens routinely. If not, you should check manually by running Windows Update (or by looking for a "check for updates" option that's available in most software applications). The main point is that you need to make sure your system's software is up to date, so that at least the known vulnerabilities are patched up.

In addition to keeping up with software updates, you should also use some security software such as Microsoft Security Essential or any of the many commercial products. You need to deploy all currently available defenses even though it's impossible to fully defend against APTs because, in addition to known vulnerabilities, software often contains vulnerabilities that may have been discovered by the attackers, but not yet patched by the software vendor.

Additionally, you should use 2-factor authentication for sensitive transactions, including logging into social networking sites such as Google+, LinkedIn, and Facebook. For example, Google+ provides 2-factor authentication that works for logging into all services such as Gmail, Blogger, Google+, and others (see my previous video http://nbtmv.blogspot.com/2011/11/nbtmv-turn-on-2-step-verification-on.html for more information).

Organizations have more resources and can use more advanced defenses that are based on some key behavior of all APTs -- they install malware on the system, then periodically communicate to the command-control-server.

First, organizations should start with the existing defenses of firewall and usual patching and anti-virus regimen. Beyond that, there are security appliances (basically computers that inspect network traffic) available that can inspect email and web traffic to detect suspicious behavior and, potentially stop installation of malware. Third, organizations should collect event logs of various activities occurring in their systems and analyze those logs to detect any potential APT activities.

These are not perfect defenses, but they are a start. Unfortunately, it seems that APT attacks are bound to succeed, so organizations would just have to be prepared to deal with the aftermath.

As for individuals, I wish some low-cost security appliance were available to help us deal with the APT problem.

Note: There are some promising defenses based on running applications in a virtual environments where the activities of the malware could be contained before it causes damage, but this seems to be a cat-and-mouse game between the defenders and the attackers. Attackers are now designing malware that try to avoid being caught by looking for user activity such as mouse move or simply go to sleep for some time before initiating any contact with the remote command-and-control server.

Tuesday, August 13, 2013

What are Advanced Persistent Threats



Advanced Persistent Threat or APT is the latest buzzword for the newer cybersecurity attacks where some bad piece of code gets downloaded to your computer without your explicit knowledge and then it stays around to be used by a remote attacker to do whatever they want to do -- usually spread to other systems and to steal interesting information from your and your organization’s systems. Here’s how an APT typically work.



For a targeted attack, an attacker may gather information from public sources such as Facebook, Twitter, LinkedIn, etc and send you a targeted email, enticing you to open a document or perhaps click on a link. Once you do that, the malicious code embedded in the document or the web page will run (assuming your browser or the application such as Acrobat or Microsoft Word has the vulnerability that the malicious code can exploit). You won’t see anything unusual when this happens.

The malicious code would gather some basic information about your system and contact a command-and-control server to basically let the attacker know that it’s now in your system. The malicious code is usually a “remote access tool” or RAT through which the attacker can do various things on your system. Sometimes, the initial code may download the remote access tool and install it on your system in such a way that when you reboot your system, the RAT will run again. That’s how it’s “persistent.”

From this point on, the malicious remote access tool would periodically contact the command-and-control server and act on commands that it receives from the remote attacker. Some of these commands may be to scout your organization’s network and send out more emails to spread the remote access tool to other systems and also to get your data out to other servers from where the attacker can easily retrieve the information.

The existence of unknown vulnerabilities in software makes it hard to protect against such advanced persistent threat attacks, but they do have some common behavior that may help us detect and, perhaps, even stop an attack as it’s happening. More on that later.