Grey Matter Issue 70 | Winter 2016

Building on 33 years of software know how Silicon brainpower Artificial intelligence - the new frontier for software development

Ready for business How well do Apple devices stack up?

Stay safe Protect yourself against the latest security threats

See page 8 WIN! for details RAD Studio 10.1 Berlin

The fastest way to develop cross-platform and broad IoT connectivity.

“RAD Studio is the ultimate and most complete IDE for IoT development. No other product has the flexibility, capability or completeness” Harris Vrahimis Computernetics Corporation

Find out more about RAD Studio® 10.1 Berlin by visiting Findgreymatter.com/hc/Embarcadero out more about RAD Studio®10.1 or call Berlin one by of visitingour grey matter Embarcaderowww.greymatter.com/hc/Embarcadero specialists on +44 (0)1364 655123 software know how or call one of our Embarcadero specialists on 01364 655123 Contents

Editorial Editor:...... Matt Nicholson Technical editors:... Sean Wilson, Paul Edwards Editorial advisor:...... Julia Hopkins News editor:...... Paul Stephens Publisher:...... Andrew King Contributors:...... Tim Anderson, Simon Bisson, Mary Branscombe, Kay Ewbank, Jon Silicon brainpower Cognitive Services Honeyball, Graham Keitch, Paul Stephens 10 20 Design and layout:...... Jason Stanley Artificial intelligence is the new frontier Microsoft bundles its AI know-how into Illustration:...... Sholto Walker for software development. a new set of . Web Design:...... Jason Stanley

Advertising & Circulation Software News Marketing:...... Leanne Bevan Editor’s Intro 4 Barracuda, Flexera, Microsoft, Sophos, In February 2009, in an effort to demonstrate exactly how far we VMware and more. Tel: 01364 654100 are willing to obey a seductive voice emanating from a plastic box, Email: [email protected] the driver of a 50-foot articulated lorry wedged his vehicle so News in brief HardCopy is edited for Grey Matter three thoroughly into a hair-pin bend in the tiny Cotswold village of Syde 6 and latest competition winner. times a year by Matt Publishing. It is printed that it took five days to extricate. In the light of this and other such by Pepper Communications in Plymouth. examples, I am heartened by the news that Google, Amazon, Copyright © 2016 Grey Matter Ltd. All rights Facebook, Microsoft and IBM have announced the Partnership on Competition reserved. No part of this publication may be Artificial Intelligence to Benefit People and Society in order to look 8 Win a Linx tablet! reproduced in any form without prior consent of the copyright holder. into the ethical and societal implications of such technologies. All trademarks acknowledged. Many of these implications stem from the lack of human HardCopy is a trademark and Grey Matter a involvement in the decisions that such technologies are Ready for business registered trademark owned by Grey Matter 15 increasingly making. Driverless cars are almost upon us, and by How well do Apple devices stack up in Limited. While all reasonable attempts are a Windows environment? made to ensure accuracy, Grey Matter and most accounts orders of magnitude safer than human drivers, Matt Publishing disclaim any liability particularly in cities where they can communicate with each other whatsoever for any use of information to better understand the dangers ahead. However, on 7 May this Stay safe herein. Prices exclude VAT unless specified. 24 year a Model S Tesla in driverless mode smashed at high speed into How you can protect yourself against the latest security threats. Cover Images: Jason Stanley an 18-wheel truck and trailer, killing the ‘driver’ instantly. It looks as feelplus/Shutterstock though the car was unable to distinguish the white truck and Djem/Shutterstock Inside Data echo3005/Shutterstock trailer against the bright Florida sky behind, something that most 29 How Oracle Mobile Cloud Service can human drivers would be able to do ‘without thinking’. It is this that help you integrate mobile devices. Advertisers Index makes such accidents seem ‘inhuman’. Or there’s the customer who rings up wondering why the 2 Embarcadero Straight talking insurance premium you quoted him is twice that of his neighbour, 7 Microsoft Azure 30 Tim Anderson on why Windows Server 9 Grey Matter Cloud Services whose circumstances appear pretty much identical. You have no 2016 is significant for developers. 12 Intel Parallel Studio XE idea because you have no way of understanding how the algorithm that your company uses arrived at that decision, and 14 Parallels RAS And Another Thing 17 ISV Cloud Assure neither does anyone else. Does the customer have a right to be 32 Jon Honeyball expands on the full 18 Adobe told? In other words, does the software have to provide some sort implications of AI. 22 Bing Event of audit trail? Maybe, but in the meatime, companies are understandably reluctant to divulge their use of such things. 27 SonicWALL Short Cuts 28 365 AI is already with us and, as our cover features make clear, 34 Views from the edge. 33 GFI already capable of extraordinary feats. However it’s only too easy to 35 Intel Media Studio anthropomorphise. It is conceivable that, some time in the not too 36 Windows Server 2016 distant future, some sort of conscious awareness may prove to be the most logical way for such machines to manage and comprehend the world in which they find themselves. However that is a long way from the establishment of a conscience, Register Now! Grey Matter Limited whatever that may be, and even then it seems unlikely that an HardCopy magazine is published three times a year. Prigg Meadow, intelligence made of silicon and metal will have any understanding Don’t miss out by registering or updating your Ashburton, of emotions or feelings, or anything resembling empathy for the details at www.greymatter.com/hc/subscribe Devon, TQ13 7DF, UK strange organic creatures whose lives they will, by then, dominate. [email protected] While there is an obvious agenda to promote their shiny new services, the coming together of these companies at such an early Read HardCopy online grey matter stage does at least suggest they accept a degree of responsibility. To view read articles on the web go to HardCopy software know how Matt Nicholson, Editor, HardCopy online at www.greymatter.com/hc/hardcopy

Grey Matter • 01364 654100 • HardCopy 3 News | Read more online at www.greymatter.com/hc/news Software News Microsoft launches Windows Server 2016 as ‘cloud-ready OS’ Microsoft • www.greymatter.com/microsoft/

Microsoft has officially released application platform as its major themes. New Machines protect tenanted VMs in hosting and Windows Server 2016 with shipping features include an ultra-lighweight Nano cloud environments. In the software-defined scheduled for mid-October, alongside System Server installation option, application datacentre, new Storage Spaces Direct allows Center 2016 and Technical Preview 2 of its containers, major updates to Active Directory high availability storage pools to be created on Azure Stack private cloud platform. Microsoft and new Storage Replica and QoS capabilities. low-cost local drives, while Storage Replica describes WS2016 as a ‘cloud-ready OS’, citing Nano Servers are remotely-administered provides block-level synchronous and advanced multi-layer security, software-defined WS2016 installations without GUI or 32-bit app asynchronous replication between servers and datacentre capabilities and a cloud-ready support, but with 93 percent lower VHD (Virtual clusters, and Storage QoS allows you to apply Hard Disk) size and, crucially, 92 percent fewer Quality of Service policies to Hyper-V virtual critical security advisories than a ‘full fat’ system. disk drives. Suggested uses include running Internet WS2016 brings Azure-style flexibility to the Information Server (now in version 10 with on-premises datacentre via software-defined HTTP/2 support) and Hyper-V. WS2016 networking. Features include dynamically application containers come in either Windows configurable Virtual LANs, distributed and Server (shared kernel) or Hyper-V format, and virtualised firewalls, and automatic load there’s also a free copy of Docker for those who balancing. Like its predecessor, Windows Server prefer a third-party route. PowerShell 5.0 now 2016 will be sold in Essentials, Standard and supports user-defined classes. Datacenter editions, plus specialised academic Security upgrades include ‘Just Enough’ and OEM versions. The release sees a switch Administration, which allows specific from processor- to core-based licensing with a PowerShell tasks to be delegated to non-admin minimum of eight cores per installation, users, and Credential Guard, which isolates although Microsoft says there will be no impact Windows Server 2016 features improved, cloud-friendly secret information to prevent ‘Pass-the-Hash’ on price when compared to Windows Server application support, storage and security. attacks. Guarded fabric and Shielded Virtual 2012 R2.

Barracuda heads for the cloud with F-Series firewalls Barracuda Networks • www.greymatter.com/barracuda-networks-inc/

It’s been a busy year for Californian integration, especially with Microsoft Azure and Other new features include IPv6 VPN security vendor Barracuda Networks as Amazon’s AWS. support, high availability clusters in AWS and a the company pursues its mission to transform Barracuda F Series 7.0 is aimed at Rest API for application integration. Also the firewall from a relatively simple, port-based “customers operating dispersed network supported are a NAT information view, and SSL blocking device to a ‘distributed security environments and leveraging public cloud and VPN tunnelled web and native apps, connected solution’ that includes web and email filtering, Infrastructure-as-a-Service platforms.” It’s via Barracuda’s CudaLaunch 2.0 secure remote application profiling and network performance offered for native deployment by Azure and access provider for mobiles. optimisation. AWS, with unlimited deployments within an In late 2015 the company rebranded its Azure tenant and configuration cluster, and SMB-targeted Barracuda Firewall product line control from a single dashboard. The new as the NextGen Firewall X Series, while its version uses Barracuda’s global threat distributed-enterprise Barracuda NG line intelligence framework and new ‘DNS Sinkhole’ became the NextGen Firewall F Series, with four technology to prevent data exfiltration from new low-cost appliances in the range. March botnets, spyware and macro-enabled saw the launch of the S Series, aimed at IoT documents. It also supports connection of networks with high-volume endpoints. Now on-premises and cloud networks via multiple Barracuda has updated the F Series to version uplinks with dynamic failover, traffic balancing 7.0, with the emphasis placed on cloud and WAN optimisation.

4 Winter 2016 • Issue 70 • HardCopy InstallShield 2016 bridges the gap to Windows 10 Flexera • www.greymatter.com/flexera-software-ltd/

In September Microsoft officially Server 2016. opened the Desktop Bridge (formerly InstallShield 2016 can build both UWP Project Centennial), which allows Win 32 (AppX) and traditional Windows Installer (MSI) applications to be automatically repackaged as packages from existing InstallShield projects, allowing installations to be developed in Windows 10-compatible UWP (Universal providing an instant upgrade to multiple modules, plus new mapped MSI Table Windows Platform) apps and sold in the deployment scenarios. The same applies with relationships, which give developers insight Windows Store. The company provides a free WSA packages, which also use AppX installation into the effects of manual table editing. command-line Desktop App Converter, but a files. Flexera says its compatibility scanner saves Meanwhile custom Windows 10 Tiles make more developer-friendly solution is available in hours of investigative work by automatically applications pop up on the Windows 10 Start the shape of Flexera Software’s new InstallShield identifying compatibility issues between screen with “vibrant tiles for increased user 2016, which does the conversion automatically, applications and the Desktop Bridge/WSA engagement.” InstallShield 2016 is available in along with compatibility testing. The suite can packages. Express, Professional and Premier editions, with also create Windows Server App (WSA) Other new features include the ability to Desktop Bridge features available in packages, used with Nano Servers and Windows combine multiple UWP app packages into one, Professional and Premier.

Sophos’s Intercept X looks out for bad behaviour Sophos • www.greymatter.com/sophos/

Oxford-based anti-malware vendor recovery, Root Cause Analytics and Sophos which replaces infected Windows system files Sophos has launched Intercept X, a new Clean malware cleanser. Threat Detection with safe originals. endpoint security suite for Windows based on currently watches for 24 known malicious Although Sophos bills Intercept X as “a technology acquired through its purchase of behaviours, protecting against malware that’s completely new approach to endpoint security”, Netherlands-based SurfRight in late 2015. The not yet logged in anti-virus databases, while it does bear similarities to SurfRight’s package, which uses behavioural analysis rather CryptoGuard blocks unauthorised encryption signature-less, ‘second opinion’ HitMan Pro than signatures and file scanning, protects activity and makes hidden copies of under- product, which has been on sale since 2008. against zero-day malware, ransomware, threat files, which it can roll back after Unlike HitMan, however, Intercept X integrates unknown exploits and stealth attacks, and is intercepting ransomware attacks. Root Cause with Sophos’s Security Heartbeat system, designed to be installed alongside existing Analysis performs forensic analysis of attack sharing status and event information with other security software. sources and their infection paths, with advice Sophos products, and can be managed via the Sophos Intercept X has four main on how to protect against further attacks, while Sophos Central unified console. The package components: Signatureless Threat Detection, Sophos Clean is both a signatureless ‘second can also run alongside other vendors’ CryptoGuard for ransomware blocking and opinion’ anti-virus scanner, and a deep cleanser anti-malware systems.

VMware lays a Foundation for the hybrid cloud VMware • www.greymatter.com/vmware/

VMware made its fortune creating networking systems into a ‘natively integrated’ migration. VMware lists Amazon’s AWS, virtual environments on physical ones, stack for use on-premises in private clouds or as Microsoft Azure, IBM Cloud, Google Cloud and now it’s following a similar path with the a service from multiple public clouds. VMware Platform and its own vCloud Air among cloud, pursuing a lead role in Hybrid Cloud and says the package, which also has a new SDDC supported public clouds for the new packages, Software-Defined Data Center (SDDC) Manager deployment and lifecycle with IBM the initial partner and Oracle Cloud a technology. At its September VMworld management tool, ‘drastically simplifies’ the conspicuous absentee. Prices have yet to be set conference in Las Vegas it unveiled its Cross path to the hybrid cloud, with a claimed six to for VMware Cloud Foundation as a service, but Cloud Architecture, based on a new VMware eight times reduction in time-to-market and a VMware says they will take customers’ existing Cloud Foundation SDDC platform and 30 to 40 percent reduction in total cost of vSphere, VSAN and VSX licences into account. Cross-Cloud Services management tools, and ownership (TCO). Other announcements at VMworld designed to span private and public clouds. Still in Technical Preview at VMworld, included vCloud Availability, a new suite of VMware Cloud Foundation is a repackaging Cross-Cloud Services is an SaaS offering disaster recovery tools for vCloud Air, and an of the company’s vSphere cloud virtualisation providing tools for discovery and analytics, updated Hybrid Cloud Manager tool for platform, VSAN virtual storage and NSX virtual compliance and security and deployment and zero-downtime migration to vCloud Air.

Grey Matter • 01364 654100 • HardCopy 5 News | Read more online at www.greymatter.com/hc/news News in brief

Intel adds Python to Parallel Studio 2017 Intel has released Parallel Studio 2017, the latest edition of its Fortran/C++ Competition Winner parallel development suite for Windows, Linux and OSX. New features First prize of an AR Drone 2.0 goes include Intel’s Anaconda-based Distribution for Python 2017, support for to the winner of the issue 69 competition, Xeon E6 v4 (Broadwell) and Xeon Phi (Knights Landing) processors in all Jeremy Langford of Amphenol Thermometrics components, Lustre file system compatibility and improved support for UK. Congratulations also go to our runners-up Rob C11, C++14 and OpenMP standards. The Data Analytics Library gains Martin of RDM Technology, Graeme McAteer of Targetfour neural networks functionality, while the Math Kernel Library includes and Stephen Moon from the British Museum who each receive a LAPACK v3.6 enhancements and Performance Primitives gains image FitBit Charge wristband. processing and computer vision functions. Parallel Studio 2017 is available in Composer, Professional and Cluster editions. system is initially supporting Microsoft’s Azure customer cloud and Office 365 SaaS products, with Dynamics CRM Online due in mid 2017. Early JetBrains sharpens ReSharper with ASP.NET Core 1.0 support customers include the Ministry of Defence, Aston Martin and the UK’s Ever-agile tools developer JetBrains has released version 2016.2 of its largest NHS mental health trust. Microsoft says it’s the first global cloud ReSharper code-polishing Visual Studio extension, with initial support for provider to offer a UK-only cloud service. Microsoft’s cross-platform ASP.NET Core heading the feature list. Also new are TypeScript 2.0 support, assembly dependency diagrams, a Process Facebook pays big bug bounties as breaches reach epidemic levels Explorer, CSS custom properties support and JSON code completion. Want to earn $16,000? That’s what Indian researcher Arun Sureshkumar did Editing assistance is improved with cross-file text searches and structural when he warned Facebook of a vulnerability in its Business Manager tool navigation within statement elements, and there are also more C# typing which allowed hackers to create fake accounts then edit the setup assistants, quick-fixes and context actions. ASP.NET Core support doesn’t parameters to give them control of other peoples’ pages. Arun told stretch to running .NET Core unit tests yet, but JetBrains says that will be securityweek.com that this wasn’t his first payout from Facebook’s bug in the next release. bounty program, either – he also received $10,000 for finding an earlier takeover vulnerability. Facebook has reportedly paid out more than $4.3 Kony adds Objects to MobileFabric back-end million since the program launched in 2011. Texan mobility platform vendors Kony has released MobileFabric 7, a new Meanwhile infosecurity-magazine.com reports that over 4.8 billion version of its combined Mobile Application Development Platform private data records were stolen in the first half of 2016, with the UK (MADP) and Mobile Backend as a Service (MBaaS) offering. According to second in the table behind the USA – just like the Olympics. the company, MobileFabric 7’s new Microservices and Object Services Technology provide modular app assembly capabilities which allow • Chip-maker Intel has bought Movidius, a builder of low-power System developers to achieve “unprecedented speed and cost saving” through on a Chip (SoC) units specialising in computer vision. The move will boost reusability, standardised architecture and the flexibility to move between Intel’s RealSense technology in applications such as drones and driverless internal IT and third-party vendors. Research firm Gartner evidently cars. Movidius previously collaborated on Google’s Project Tango agrees – it named Kony as a ‘Leader’ in its June 2016 MDAP Magic augmented reality venture, and is based in California, Ireland and Romania.

• Microsoft has open-sourced the algorithm that drives its Bing search engine. The BitFunnel full-text search system, described as “a probabilistic algorithm that identifies and ranks documents according to queries involving keywords, phrases and mathematical expressions”, is now on GitHub, along with Bing’s WorkBench text editor and nativeJIT, a C++ routine which transforms C data structures into optimised assembly code.

• Microsoft has released Visual Studio “15” Preview 4. Updates include a new exception helper, preliminary support for C++ 17, TypeScript 2.0 support, XAML diagnostics, improved Apache Cordova compatibility, new Universal Windows Platform (UWP) tools and support for “the majority” of C# 7.0 features. There’s also support for the latest features in Azure SQL Quadrant. Database and SQL Server 2016.

Microsoft opens UK-only cloud • 93 percent of large European businesses have suffered a data breach in Microsoft has opened its UK-only cloud infrastructure, first announced by the past five years, according to a survey commissioned by Lloyds CEO Satya Nadella late last year. The service is hosted at multiple locations insurance market. Of the 346 senior decision makers polled at €250m-plus around the country, and guarantees that all data remains physically in the companies, 57 percent said they knew “little” or “nothing” about the EU UK, enabling users to meet compliance and policy requirements. The General Data Protection Regulation that’s due for implementation in 2018.

6 Winter 2016 • Issue 70 • HardCopy

Competition

WIN a Linx 1010 32GB 10-inch tablet courtesy of Grey Matter!

The Linx 1010 is driven by a quad-core Intel ATOM Keyboard Dock (included). It comes with 2GB of RAM processor and comes with the 10 and 32GB internal memory which can be expanded Home running on its 10.1-inch display. The via MicroSD, and is fitted with 2MP cameras front device can be used standalone or docked with the Linx 1010 and back, plus both HDMI and USB sockets.

Enter our HardCopy Readership Survey:

We are asking for a few moments of your time to share your thoughts about HardCopy magazine. We want to make sure we hear your opinions and suggestions so HardCopy magazine can best serve your interests. The survey will take less than 10 minutes to complete, and as a thank you for your time, your name will go into a draw for the chance to win a Linx tablet.

Complete our online survey and be entered into our prize draw by visiting: greymatter.com/hc/reader-survey

TERMS AND CONDITIONS OF ENTRY 1. No purchase necessary for entry to this competition. 7. The winner will be announced on Monday 7 December 2016 and notified either by 2. The prize is one Linx 1010 32GB 10-inch tablet with keyboard and antivirus software (colour may vary email or by telephone. from that shown above). There is no cash alternative. 8. The judges’ decision must be accepted as final and no correspondence will be entered 3. Completed entries must be received by Friday 4 December 2016. into regarding the decision. 4. Only entries submitted online at www.greymatter.com/hc/reader-survey will be accepted. 9. Employees of organisations connected with this competition are not eligible for entry. 5. Only one entry will be accepted per person. 10. Grey Matter reserve the right to use winner’s names in promotional materials. 6. The winner is chosen at random from completed entries received by the closing date. The competition promoter is Grey Matter Ltd, Prigg Meadow, Ashburton, Devon TQ13 7DF.

8 Winter 2016 • Issue 70 • HardCopy

Business Silicon brainpower Artificial Intelligence is the new frontier for software development. Simon Bisson checks out the state of the art.

If there’s one lesson to be learnt from Windows XP Tablet Edition far more accurately. for different tasks. Some, like machine learning, SIMON the last few years, it’s that we’re in the What changed? The answer was simple: build on familiar rules-based approaches and BISSON early stages of a new industrial revolution, one computers were more powerful, and we had statistical analysis, while others use neural where we’ll finally be able to deliver on many of much more data we could use to train those networks to find patterns in an almost intuitive Simon is a freelance IT writer and technology the promises of artificial intelligence (AI). But algorithms. That was 13 years ago, and today’s fashion. consultant who has this isn’t science fictional AI, where we’re computer systems are even more powerful, The key to much modern AI is the worked on large scale building robots that will end up replacing us; with the resources of the cloud to power a new combination of powerful computer hardware Web architectures, mobile Web projects instead it’s much more mundane, a world generation of machine learning algorithms. with large amounts of data. Today’s deep and XML solutions where highly-focused machines handle Similarly, we’ve been able to take advantage of learning systems take a statistical approach to for clients in both complex and repetitive tasks, or fill in for us the arrays of computing engines in GPUs to working with data, taking advantage of cloud the private and public sector. where they can save time and effort. build massively parallel neural network systems. scale to process and build knowledge maps. It’s Yes, that’s going to mean changes in what We’ve also got access to even more data, along an approach that works well with natural simonb@ jobs are available, but it’s also going to mean with the tools and storage needed to use it to language processing, and is being used to hardcopymag.com more time for creative work, for exploring new train our new AI systems. handle machine translation in near real time. ideas and trying out new things. Some aspects, And then there’s the lessons we’ve learned One intriguing result is that deep learning has like self-driving cars, are going to change the building hyper-scale search engines. The been able to find links between words in way we live, while others, like prediction Googles and Bings of the world aren’t just huge different languages, for example linking ‘man’ engines, will make the world less risky. databases of content and links; they’re massive and ‘woman’ to ‘king’ and ‘queen’ without being Just a few years ago, AI seemed to be one machine learning systems that aim to given direct definitions. of those things, like nuclear fusion, that was understand document relevance so they can Neural networks take a different approach, always thirty years away. In reality, of course, give you the best answers to your search training networks to respond to specific inputs, each new breakthrough rapidly became part of queries, by using your context (what you’re and using the outputs as a basis of a control the day-to-day fabric of computing. Apple’s doing, where you are and so forth) to refine system. Newer techniques, such as deep Newton used machine learning-based their output. feedforward networks, take advantage of handwriting recognition in the mid-1990s. It convolutional neural networks to model wasn’t successful, but just a few years later the Underlying technologies non-linear relationships, and provide much of same underlying tools were powering the Modern AI is not just one technology: it’s a the basis of recent improvements in image handwriting engine used by Microsoft’s range of different approaches that are suitable recognition. They are also being used to

10 Winter 2016 • Issue 70 • HardCopy Business

with the aim of gaining lower cost and lower Low level AI risk convoys of trucks. Using prizes such as the More complex AI problems can be addressed using the deep learning and neural networking DARPA Grand Challenge, self-driving vehicles algorithms that are coming out of research labs at Microsoft, Google, and Facebook. These quickly moved from rough desert roads to tools aren’t for the faint of heart: they’re complex engines that need a lot of compute power, simulated streets and on to the open road. You either in your own high performance computing cluster or in the cloud. don’t need to be in a fully autonomous vehicle has been working on many approaches to AI. One is the to take advantage of machine learning; many Computational Network Toolkit (CNTK) which is designed to give you a set of tools for building driver-assist systems, like automatic braking, various neural networks using a series of training tools, running on both CPUs and GPUs. You take advantage of neural networks – enough can download a VM or a container ready to run, or work with the source code using Github. A for NVIDIA to deliver GPU-based chipsets series of prebuilt solutions can help you get started, but be warned, this is at heart a research intended for use in car sensor suites. tool and gives you extremely low level access the neural networks you’re building. The results of this set of changes are Google’s Tensor Flow takes a different approach, with a data flow graph connecting significant: it’s become cheaper and cheaper to mathematical operations. Nodes can run on CPU and GPUs, using Python to link existing add AI to applications and devices thanks to operators and C++ to add new data operators. The result is flexible and powerful, and models widely available algorithms, relatively cheap can move from development laptops to hyper-scale cloud systems and GPU arrays without off-the-shelf hardware such as NVIDIA’s needing any code changes. GPU-derived chipsets, and publicly accessible Tools like CNTK and Tensor Flow have quickly become important resources for AI datasets that can help train machine learning researchers, overshadowing more specialised tooling like Facebook’s Lua-based Torch and the systems. academic CAFFE deep learning framework. One area where AI is key is in the development of chatbots: conversational examine complex pattern spaces, an approach low probability of the card being stolen (your interfaces to applications and services. What’s recently used by Google DeepMind’s AlphaGo first transaction after you get off a plane) or most important here is understanding just what to beat a human Go player for the first time. blocking a card when there’s a sudden unusual a user wants; a requirement that means a bot Other neural network approaches have been purchase (such as buying an airline ticket will need some form of natural language used to improve speech recognition. between two suspicious locations). processing coupled with some way of Combining different techniques can result Much of the recent AI hype has been delivering an appropriate response. That’s in major leaps forward. Tying together a neural around self-driving vehicles. Here developers where AI comes in, offering deep-learning network-powered speech recognition system have taken advantage of several advances in powered natural language tooling, followed by with a deep learning-driven translator gives you machine learning, using image recognition to machine learning decision trees to deliver the something like Microsoft’s Skype Translator, locate a car on a map and on a road in relation result. A demo at Microsoft’s BUILD 2016 event which takes speech in one language and gives to the rest of the cars around it. Prediction showed an AI-powered chatbot parsing pizza you near-real time translated subtitles at both algorithms are also used to determine how orders, and being trained to understand slang ends of the conversation. other vehicles are going to behave, while other and colloquialisms in tandem with a human call tools interpret radar signals to give a 3D view of centre operative. Using modern AI the space around a vehicle which can be used The chatbot future is one where low-skilled Much of the AI around at the moment is as a framework for the rest of the car’s sensor call centre tasks are handled by machines, mundane. Predictive text used to be built up suite. It’s a set of complex problems that leaving humans handling exceptions and from Markov chains of likely words, held in a couldn’t be handled without machine learning, escalations. That’s one part of tomorrow’s local database. Now, however, it’s a machine coupled with the years of training and research AI-powered world, where humans aren’t learning service. Microsoft-owned Swiftkey that have gone into building autonomous directly replaced by machines so much as recently switched its Android swipe keyboard to driving control systems. having the machine handle the boring parts of one that uses a neural net to predict the next Like much deep AI work, the sponsors of their jobs. That said it is a future we’re going to word – or even the next phrase – you’re likely to early self-driving car research were the military, have to find our way into carefully, with an use, learning from both your own social media postings, and from a large corpus of data collected from users all over the world. Similarly, machine learning systems sit at the heart of credit card fraud detection systems, aiming to identify patterns of unusual usage. Perhaps a transaction is impossible, based on distance, or perhaps there’s a pattern of small transactions that indicate someone is trying to see if a card has been reported compromised and blocked. Using context from current transactions, and patterns that are linked to stolen accounts, machine learning systems can quickly respond in a predefined manner – sending messages to registered phone numbers to get additional authentication where there’s a The world as seen through the sensors of a Google self-driving car.

Grey Matter • 01364 654100 • HardCopy 11 ACCELERATE CREATE FASTER CODE—FASTER. GET THE NEW DATA ANALYSIS TOOLS. Intel® Parallel Studio XE

Getting more out of your hardware has never been easier with the new Intel® Parallel Studio XE suite of developer tools. Crunch more data on the same node with the Intel® Data Analytics Acceleration Library (Intel® DAAL), and take advantage of wide vector registers in your processor to make your code run faster with the new Vectorization Advisor tool. Upgrade today.

C pplication Performance oost on indows inu sin Intel C Compiler ier i etter loatin Point Inteer 1.51 1.51 1 1.30 1 1.24 1 1

l l

a a l l l l e e e e u u t t t t i i n n n n I I I I indo inu indo inu Etiated SPE®rateae Etiated SPEint®rateae elatie eoean erorane SPE rate enar

Choose the edition that suits your needs: • Composer Edition: Build faster code with industry-leading Intel® C/C++ and Fortran compilers and libraries, including the new Intel® Data Analytics Acceleration Library. • Professional Edition: Get everything in Composer Edition, plus analysis tools to write, tune, and debug parallel code. • Cluster Edition: Includes everything in Professional Edition, plus MPI cluster development tools to create faster cluster applications.

Get the new Intel Parallel Studio XE today > Contact us for more information. Phone: 01364 654100 Email: [email protected] Visit: greymatter.com/hc/ipsxe-2016 Get it today >

Copyright © 2016, Intel Corporation. All rights reserved. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. Business

understanding of the disruptions our software can cause. Image recognition tools are another area where modern AI techniques have significant advantages over older technologies. It used to be difficult to tell a puppy from a kitten; now we’re able to identify individual breeds of dog. What’s changed is the scale of the data we have to train our neural networks. Services like Flickr and Google Photos have collected millions of tagged images, and we’ve been able to use this content to train a new class of image recognition tools. Train a neural network across The Mimicker Alarm app uses Microsoft Cognitive Services to force you to prove a big enough set of data, and it’s possible to you’re awake before you can dismiss the alarm. start building cross-links that make it easier to recognise content and to use user-confirmation systems using graphical expression builders and feed a machine learning algorithm with data to reinforce links. You may have noticed that workflow engines. While it’s important to have a that’s already a set of outliers, so you don’t services like OneDrive are already automatically large initial training set of data, it’s also overload a server with data. classifying images, and the same techniques are important to have a set of your own test data so being used to process hand-written cheques you can determine the statistical significance of Risky business and to read road signs and to interpret road outputs, tuning your machine learning system So the future seems bright, but we can’t look at conditions. to give you an acceptable level of false positives AI without considering some of the possible and false negatives. issues. And while the issue of machines Using AI toolkits One key use case for these services is replacing people may be the most obvious, it’s The best way to start with modern AI is to pick a handling data generated by Internet of Things not the most important. toolkit and start training it with your data. (IoT) sensors. While you may want to record Perhaps the biggest risk coming from the Relatively high level tooling, like Google’s Cloud historic data, you’re also going to need new wave of machine-learning driven AI is its Prediction API or Microsoft’s Azure ML, build on actionable information about significant lack of transparency. Why did a machine refuse the research work already carried out by the big outliers. Training a machine learning system to a credit card transaction? Why did it slow down search engines. You can use these tools with spot likely failures can help reduce costs by your car and let another in front? Why is your own data to train your own choice of letting you schedule pre-emptive maintenance another refusing to let an aircraft fly until an algorithms, before hooking a service’s RESTful before any failure occurs. That’s likely to be apparently perfectly serviceable engine is API into your application or workflow. critically important if you’re, for example, GE replaced? At the highest level you’ll find tooling that monitoring jet engines on a 777, or Thyssen What we’re doing is putting trust in offers basic pre-trained machine learning. Here Krupp monitoring lifts and escalators. algorithms that have been generated from big services like Microsoft’s Cognitive Services APIs That’s why Microsoft is now offering Azure data. While it’s data we’re reasonably sure is can be used to quickly add some of the benefits ML as part of its Azure IoT platform, working accurate, the resulting decision loops and of AI to an application. These APIs are often with partners to deliver starter kits that include weightings can be almost impossible to task-based, delivering tools like face and speech IoT devices and sensors to help you learn how document – and the more data we use to train recognition, as well as helping interpret user to use machine learning with data streams. By a machine learning system, the more complex text input and offering machine-powered combining a kit with familiar Arduino hardware the resulting algorithm can become. translations. with a trial cloud Azure ML service, you can Nevertheless, modern AI is a powerful tool Such high level services simplify the quickly pick up any new skills before using them that can help solve many problems that only a process of building and using AI in your on a full scale project. few years ago were seen as near impossible, but applications. With APIs like these, all you need is These are subscription services so you pay are now within the reach of any developer. a REST package with the data you want to per transaction, something that you need to While the underlying technologies are a huge process, and a subscription. You can then use bear in mind if you’re using a machine learning topic in foundational computer science, tools variants of the same tools used to translate service in conjunction with an IoT data stream. like Azure ML mean you don’t need to be a Skype messages in your own applications, or to Another thing to watch out for is the machine post-doctoral researcher to keep up with the parse natural language to understand user learning algorithm you choose; all the main state of the art – and to build it into your sentiment and context. Other options allow cloud providers offer several different machine software and your services. your software to recognise faces, and even learning models which support different use understand just what that expression might cases and different types of data. If you don’t i mean. get the results you think you need, it’s worth Find out more Lower level, tools from Azure, Google, and applying a different algorithm to your training Amazon Web Services allow you to use machine data – you may well be surprised by new For further details on Microsoft Cognitive Services, see our article on learning to process large scale data from a range outputs. Another option is preprocessing data page 20. To find out more about the AI and machine learning of sources. Big data and algorithms derived from using statistical tools and languages, including services that are available to you, call 01364 654100 or email the tools used to build and run search engines R (the specialist language for statistical [email protected]. mean you can train and test machine learning computing and graphics). That way you can

Grey Matter • 01364 654100 • HardCopy 13

Development

Ready for business Integrating the Apple Macintosh into a Windows network need not cause headaches, as Tim Anderson discovers.

The PC remains the computer most much closer to its Windows counterpart than select one or more users with that right. Once a commonly used in business. Reasons earlier versions, while keeping Mac-native network user has logged in, you can also give TIM include the strength of Microsoft’s enterprise features like the OS X menu bar. In August 2016, them local admin rights, by using the Users & ANDERSON management tools, the abundance of business Microsoft released a 64-bit version of Office Groups options and entering the credentials of A freelance journalist applications on the Windows platform, and the 2016, which is now the default. Mac users still an existing local admin when requested. You since 1992, Tim competitive pricing of PC hardware. That said, miss out on the Access database manager, but can also give an AD group admin rights. Anderson covers a wide range of Apple Macs have a steadily growing market Word, Excel, PowerPoint, Outlook and OneNote One thing to be aware of is that Macs do technical topics and share, and the old assumption that only the now work well on Apple’s operating system. not allow local users with the same username is well versed in design department needs Macs has long gone. The manageability of Windows networks as AD users, so when you set up a Mac, be modern programming tools, techniques Times have changed at Microsoft as well. The depends on Active Directory and the ability to careful not to create naming conflicts. and technologies. company’s focus is now as much on cloud join PCs to a domain. Can you join a Mac to a Having Mac users log in with AD His recent work services as on Windows; and that means new Windows domain? In fact you can, and though it credentials has some advantages. They can has appeared in publications including efforts to give Macs (as well as iOS and Android) is not quite the same thing, it does come close. connect to Windows file shares without having Guardian Technology, first-class support, so that users can take full You can bind a Mac to Active Directory (AD) and to enter credentials, for example, using ‘Connect The Register, advantage of Office 365, Azure and other log in using AD accounts. To do this, add a to Server …’ in Finder’s Go menu. Another Computer Weekly, HardCopy, IT Expert, Microsoft services. Network Account Server in the Users & Groups advantage is that if you need to disable the vnunet.com and Office for the Mac, for example, improved section of System Preferences. You can allow all account, you can do so centrally. ITJOBLOG, as well as greatly with the release of Office 2016, which is network users to log in to a specific Mac, or PCs in a Windows domain can be managed his own popular blog at www.itwriting.com. through Group Policy, with further options like software deployment or system re-imaging available through System Center Configuration Manager. On a Mac, you can control settings centrally using either the older MCX (Managed Client for OS X) or, more commonly today, the more recent system of Configuration Profiles. MCX settings can be set in AD by extending the AD schema, but Configuration Profiles are easier to manage, though with fewer settings available. They are supported on iOS as well as on Macs, and are designed for use with MDM (Mobile Device Management) tools. The advantage of managing Macs from System Center is that you can use the same tool as for PCs, at no additional cost. However System Center’s out-of-the-box capabilities are limited compared to dedicated third-party tools, and Microsoft typically takes a while to support new versions of OS X such as the recently released OS X Sierra. One option that gives you the best of both worlds is the Parallels Mac Management plug-in for System Center Configuration Manager, which uses Configuration Profiles and its own Tools like Parallels Mac Management for System Center Configuration Manager let you agent to extend the management features control many aspects of Mac configuration centrally. administrators are used to using with PCs to

Grey Matter • 01364 654100 • HardCopy 15 Development

cover Macs as well, including key features majority of features are supported on both for vector graphics, InDesign for desktop lacking in System Center such as automatic Mac versions. For a detailed table of what is missing, publishing, Acrobat Pro DC for creating, editing enrolment, the ability to deploy OS X system see the post at http://blog.parallels. and signing PDF documents, Premiere Pro for images, OS X patch management, and built-in com/2016/01/21/differences-microsoft- video editing, Animate (formerly Flash remote assistance via VNC (a remote desktop office-mac/ written by a former member of the Professional) for creating interactive web system) and SSH. Mac Office team, now working at Parallels. animations, Dreamweaver for web design, and Other dedicated tools available include the The most common source of problems is Audition for audio editing. Developers can use Casper Suite from Jamf Software (which also with extensions and add-ins. Office 2016 for the either PhoneGap or Flash Builder to create has System Center integration), ADmitMac from Mac supports both Visual Basic for Applications mobile or desktop applications. There are Thursby, and Centrify Identity Service. (VBA) and web-based add-ins, though the built- additional applications as well as cloud services in VBA IDE is highly simplified compared to the for collaboration, image sourcing, fonts and Doing business on a Mac Windows version, and Microsoft suggests colour schemes, making this a near-essential Will Mac users be disadvantaged when it comes developing VBA macros on Windows. Some subscription for professionals in design, to business applications? The answer of course VBA keywords are not available on the Mac multimedia and web development. is “it depends”. What is true is that Mac support though. Further, if you have a solution that uses Nuance Dragon Naturally Speaking is a in general has greatly improved over the last COM add-ins, including those developed using range of speech recognition products which few years. Software vendors have responded to Visual Studio Tools for Office, it will not work on have remarkable accuracy. Historically the pressure to extend support beyond Windows, the Mac. COM automation, a common Windows versions have been more advanced not only to Macs but also to tablets and mobile technique for applications that create Office than their Mac cousins, but recently released for devices, though that may mean web documents, is a Windows-only technology. On the Mac is Dragon Professional version 6, applications that work cross-platform. the Mac you can automate Office using updated to support Microsoft Office 2016. This Microsoft Office, as mentioned above, is AppleScript or create workflows using the has outstanding voice recognition, powered by now very good on a Mac, though there may still Automator application, so a developer may be advances in machine learning, as well as be issues. Outlook on Windows, for example, able to create a Mac version of an application, additional features such as opening and uses Word as the email editor and has many but a Windows-based Office solution will not controlling applications through voice, and more formatting options than Outlook on the ‘just work’. Any Office add-in that calls into transcribing voice recordings automatically. Mac, including table editing. There are also native code will not function on the Mac Mindjet’s MindManager is another extra features in Outlook for Windows including without porting work. application that supports both Windows and voting buttons, message recall and read Microsoft has not ported Access, Visio, Mac, though unfortunately the Mac version is receipts. Project or Publisher to the Mac. not the equal of its Windows cousin. Word 2016 on the Mac does not support Adobe’s Creative Cloud is cross-platform MindManager lets you create charts and real-time co-authoring, unless you use the on Windows and Mac. Adobe maintains a diagrams representing business projects or browser-based version. Excel 2016 on the Mac similar user interface look and feel on both processes. The Mac version supports lacks a few features including the Watch platforms, which means that its applications organisation charts, information maps, tree window for formulas, PivotCharts, and the work in the same way, and the features on offer diagrams, presentations either standalone or ability to customise shortcuts. However the are nearly identical. via export to PowerPoint, and basic project The key applications in planning. On Windows you get many more Creative Cloud are Photoshop features, such as guided brainstorming, for image editing, Illustrator calculations and formulae, task dependencies, and import and export from Microsoft Project. That said, the key features are there on both versions. What about security? Comparisons with Windows are difficult. Most malware targets Windows, and Microsoft’s operating system still suffers from a history of badly behaved applications which make it hard to lock down, though the company has made huge progress in making Window more secure. Apple’s OS X is based on the Unix-derived BSD which separates applications and data. Nevertheless, OS X does have vulnerabilities, and the security industry has responded with software to protect it. Note too that OS X supports File Vault encryption, a technology similar to BitLocker on Windows. File Vault 2, introduced with OS X 10.7 (Lion), encrypts entire volumes rather than just user directories, with an option to store the key with Apple for recovery. Photoshop, part of Adobe’s Creative Cloud, is equally feature-rich on both Mac and Windows. Norton Security covers the current and

16 Winter 2016 • Issue 70 • HardCopy Today, the cloud is making the once ‘impossible’, possible, with developments in business mobility, next-gen security, augmented and virtual reality, the Internet of Things, cognitive systems, robotics, and more.

Development

previous two versions of OS X, as does the needs careful configuration. business-oriented Symantec Endpoint Another option is to run Protection, with the latter including a single Windows in a virtual machine management console across Windows and Mac, (VM) on the Mac itself. This solves as well as remote deployment and client the mobility issue, provided that management. the Mac is sufficiently well Kaspersky Internet Security for the Mac specified to run a second includes anti-malware protection, anti-phishing operating system. The main features, network attack blocking and more. pressure is on RAM, with 8GB a Endpoint Security for Business includes sensible minimum. centralised management, file server protection, There are several options for and the ability to defend any combination of running VMs on a Mac, including Mac, Windows and Linux desktops and laptops. Oracle’s open source Virtual Box, BitDefender is another anti-virus product VMware’s Fusion product, and with strong Mac support, including Time Parallels Desktop, now at version Machine Protection which is designed to ensure 12. The fact that Macs run on A Parallels virtual machine is a complete and deeply integrated solution to Time Machine recovery still works in the Intel CPUs, including VT running Windows software on a Mac. aftermath of a ransomware attack. The (Virtualisation Extensions) company’s GravityZone Security for Endpoints is support, allows these to perform a business version which supports Mac, well. You can install Windows, join it to a the project is to make large JavaScript Windows and Linux managed from a central domain, and generally run all the same software programs more robust and maintainable. A console. that you would on a desktop machine, but further benefit is that it makes an easier remember that from Microsoft’s point of view it transition for C# or Java developers. TypeScript When only Windows works is a separate PC and must be licensed in the is cross-platform and works well with Cordova. No matter how well a Mac integrates with normal way. Version 2.0 of TypeScript has just been released. Windows PCs, there are still times when users Differentiation between VM solutions The Xamarin option is especially attractive have to run PC software. There are essentially comes in performance, the level of integration for Microsoft-platform developers since you can three reasons: between Mac and Windows, and in a business continue to work with C# or F# and .NET. A Mac 1. The required software does not exist on context, the management tools. Integration is required for development, with the IDE being the Mac. The long-standing dominance of using Parallels Desktop 12, for example, is Xamarin Studio rather than Visual Studio. the PC in business means that many remarkable, going far beyond clipboard Xamarin’s recommended approach is to build applications have no Mac version support. You can have Safari on the Mac open the user interface in Apple’s Xcode and available, including Microsoft’s Access, when you click links in Windows, for example, or Interface Builder, while sharing non-visual code Visio and Project as mentioned above. have Internet Explorer open when you click across Mac and Windows. 2. The Windows version has additional links on the Mac. Windows applications appear If you need a greater level of code sharing, features or works better than the Mac in the Mac dock and applications menu. You can another option is Mono Winforms, which equivalent. If the application was born on store and manage passwords in the Mac replicates the .NET Windows Forms 2.0 API on PCs, vendors may not always port all the keychain across both Windows and Mac. Display the Mac using custom drawing. Applications features, or it may integrate with other support includes smart resizing, so resolution have a Windows look and feel, but if the goal is Windows software. changes automatically as you resize the simply getting an essential business application 3. There may be custom line-of-business Windows application from the Mac desktop. to run, this is a good solution. Windows applications. These are often the These features are optional, so if for some Another option is the open source XWT hardest to work around, since they are reason you need a more isolated Windows project, which uses Gtk# alongside native likely to be critical to your business and environment you can configure this as well. Windows and Mac GUI frameworks in order to the organisation may lack the resources present a unified API across both platforms, necessary to port them, or not want to Cross-platform coding while still using native controls in order to get invest in recreating software that already Businesses creating new applications should the correct look and feel for each platform. works well. consider a cross-platform approach, particularly Xamarin Studio is licensed with Visual in cases where there is extensive Mac and/or Studio, so if you purchase Visual Studio In these cases, Mac users will need to run mobile use. Microsoft’s Visual Studio is now a Professional or Enterprise edition, you get Windows. There are several approaches. One is one-stop solution for cross-platform coding, full use of Xamarin Studio as well. to use remote sessions to Windows, either following the company’s acquisition and running on a desktop PC or using a server-based bundling of Xamarin tools. Other options solution like Microsoft’s Remote Desktop include Java; using web technologies on the i Services. This is technically an excellent solution, desktop via tools like Adobe Phonegap or its Find out more since users can stay in the Mac environment open source version, Apache Cordova; or while still running the software they need, but building web applications. To find out more about integrating the Macintosh into your business, has some disadvantages. It requires the PC or Microsoft’s open source TypeScript project see the Grey Matter website at www.greymatter.com/parallels/. server to be accessible over the network, which is a superset of JavaScript which adds static Alternatively call 01364 654100 or email [email protected]. can be inconvenient for remote users, and typing and other features. The thinking behind

Grey Matter • 01364 654100 • HardCopy 19 Development Microsoft Cognitive Services Microsoft has bundled its AI services into a set of APIs known as Microsoft Cognitive Services. Mary Branscombe talks to principal program manager Ryan Galgon.

Machine learning is the hot new ways that are very easy to use and very easy to MARY technique for accomplishing everything consume. We want to make these capabilities BRANSCOMBE from recognising speech to o ering available online regardless of what platform

Mary is a freelance IT recommendations on web stores to checking if someone is on or what language they’re using, writer who’s worked that email from your boss is really a wire fraud so we make sample code available in as many on both sides of the phishing scam. Building machine learning languages as we can, including Python, C#, fence, from writing manuals to develop- systems is still complicated, but you can take Objective C, Swift and so forth. When we say ing a technology area advantage of machine learning algorithms with ‘articial intelligence capabilities’, we’re talking for a major online a minimum of code by calling the many APIs about things in the eld of computer vision, service. She was also launch editor of IT o ered by Microsoft Cognitive Services. These speech, natural language, knowledge Expert magazine. cover vision, speech, language, knowledge and representation and search. It’s a collection we search, and provide functionality that can help keep adding to over time; not only new maryb@ hardcopymag.com with object recognition, emotion detection, capabilities, but we improve and ship updates facial identication, speech understanding, to capabilities we already have in the services sentiment analysis and text analytics. and we try and do it in such a way that Want to tag the contents of photos so you developers don’t need to update code in order Ryan Galgon is principal program can search for them later? Or extract the text to get new and improved results.” manager for Microsoft Cognitive Services. from a credit card receipt so it can drop straight into an expense claim? Want to nd out if the From Bing to code videos, even the Bing search suggestions,” says people stopping at your stand at a trade show What’s now Cognitive Services started in 2015 Galgon. That’s not just about embedding search are surprised or bored by your products? Want as Project Oxford which provided four APIs for queries; you get to piggyback on the your support chatbot to be able to deal with a speech recognition, facial recognition, object knowledge graph Bing uses to represent all the wide range of language rather than just a few recognition and language understanding, entities in the world, which you might know as keywords? How about something ambitious drawing on the work that Bing and other Satori. That’s how Bing knows that movies have like describing the world or reading a menu to a Microsoft teams had been doing to build AI directors and actors and posters and release blind person? Cognitive Services has an API for features into their products. It’s now a dates and sound tracks and script writers and all of these and more. Your app can work with commercial service with some 22 APIs at the lming locations, while restaurants have menus natural and spoken language. time of writing, and the original services have and opening hours and special o ers. For news As principal program manager Ryan been improved and expanded as well. stories, it means you can specify a topic; for Galgon explains, “Microsoft Cognitive Services That includes the Bing search APIs. “You images, you can get machine-generated is a collection of cross-platform, online APIs for can pull in all of Bing’s knowledge of the web captions, or a selection of images that are developers to be able to access Microsoft into any application; you can get access to Bing visually similar. articial intelligence capabilities in, we hope, news results, Bing web results, images and Some of the APIs are quite specialised. The

20 Winter 2016 • Issue 70 • HardCopy Development

terms that the app can work with. If you’re Services are the new components writing a bot to take pizza orders, for example, Image captioning and sentiment analysis aren’t the only features you can get as web services. you can expect addresses to show up in a Want to add text messages or phone calls to your app? Call one of Twilio’s REST APIs from your limited number of formats, and having Bing’s code. Need maps and routing in the software you’re writing? Bing Maps has an API that can expertise behind it means LUIS can understand give you address checking, location maps and driving directions. Need to generate an invoice date and time, ordinals, numbers, temperature, or send a receipt? Plug in the SendGrid service. As long as your app is going to be connected, distances and proper nouns. However, you also you can increasingly call services through RESTful APIs to provide key functionality, instead of want to handle phrases that are more speci c writing it yourself or buying plug-in components or products. to your application, so your customers might For example, Uber’s app uses Google Maps for directions, Twilio for the text messages that say “send me a pizza” or “get me a pizza” or passengers exchange with drivers, Braintree for payments, SendGrid for receipts and Box for “deliver a big pepperoni”, or dozens of other storing content. Uber is also using Microsoft Cognitive Services for its new Real-Time ID Check, variants. which uses the Face API to check driver sel es to make sure that it’s the right person behind Developers can pair that level of the wheel. functionality with sentiment analysis and even Even platforms like Salesforce and products like SendGrid and JIRA let you retrieve image recognition. As Galgon puts it, “I might information and send events through APIs so that you can build them directly into your own want my bot to be aware of a sentence that is tools. Indeed it’s typical for more than half the tra c on cloud services to go through their APIs delivered with a strongly positive or strongly rather than their web interface. negative sentiment, or I might want to let the In many cases, the services you can now call o er features you wouldn’t have been able to bot understand an image that’s been sent to it.” get from a packaged product, and even if you could it would have been hard to bundle them Even traditional features like spell checking into your own app. If you used Microsoft MapPoint to generate mapping and routing, you get better with machine learning, because could only call that from apps running on your own network, for example. And because these language changes. You need the basics, are cloud services, they can keep adding new features while the APIs you use remain stable because if someone is typing a question to a – although you might want to check for deprecation policies and API lifecycles before you bot, you don’t want the fact that they typed become dependent on a particular service. But if a new credit card becomes popular, Stripe ‘hicago’ instead of Chicago to confuse the bot. and Braintree can start supporting it without you needing to do extra work. If Twilio switches But this API goes a lot further than traditional from one cellular network to another for better connectivity, you won’t need to change the spell checking. “Even when you’re looking up way your app sends and receives SMS. static words in a dictionary the challenges are To get the most from these services, look for functionality that would be hard for you to not having the context of the sentence or the deliver yourself, and make sure you know what the costs are for di erent transactions levels. paragraph [to make sense of it]. The bigger problem is not adapting over time when new phrases get coined or when a new startup Academic Knowledge API, for example, can to converting speech to text, identifying and becomes popular; all of a sudden ‘lift’ can be create a graph of citations by year for an author. authenticating people by their voice, detecting Lyft - which is a valid word now but wasn’t a Others are more broadly applicable. The faces (including celebrities) and emotions, to year or two ago,” Galgon explains. “And the nice Recommendations API is a fast way to get actually understanding the content of an image. thing about making it a web service is that suggestions for an ecommerce site, so it can The Language Understanding Intelligence when we have new words and models we show products that are often bought together, Service (LUIS) looks at text to understand the update those in the back end and developers and personalise that list based on what a visitor topic and intent of what someone is asking, so get better results for free.” has bought to recommend what they might “Tell me about  ight delays” gets parsed as a You can also tweak speech recognition speci cally like. You can also use it to analyse news query for the topic ‘ ight delays’. This using the Custom Recognition Intelligence tra c to see how easy it is to  nd products on makes it much easier for developers to model Service (CRIS), which helps you build an your site. the mapping of the full range of language that adaptive audio model for your applications. This works by building a machine learning people use when they’re talking or typing onto Speech recognition has mainly been trained model from your site catalogue and transactions. Knowing what alternatives other customers buying a product chose could be useful when a buyer calls up to arrange a return, and knowing the patterns of your sales could help you manage inventory more e ciently. Microsoft Dynamics already has some of those tools, but because this is an API, you can use it with whatever CRM or ERP system your business employs, as well as using it to show suggestions on your website. The majority of the Cognitive Services APIs deal with services that are more obviously ‘arti cial intelligence’ in that they work with language, speech and vision. That’s everything Microsoft’s Seeing AI project interprets the world for blind employee Saqib Shaikh, from understanding text and checking spelling such as telling him how colleagues are reacting to his presentation.

Grey Matter • 01364 654100 • HardCopy 21

Development

How clever is clever? Learning to use Cognitive Services isn’t just about signing up and calling the APIs; it’s also important for developers to understand that what you get with a lot of the services isn’t a ‘yes’ or a ‘no’, but a probability score. “Instead of saying this face is 100 percent happy with no other emotion, we’re often saying we think it’s happiness with a 73 percent probability but also anger with a 20 percent probability, and there’s a few other emotions mixed in.” But as Galgon points out, that’s what you should expect when dealing with human interactions. “This is a space where there is not always a cut and dried answer. No-one has yet come up with a fool-proof sarcasm detector – I There are code samples that demonstrate many of the Cognitive Services APIs in action. sometimes struggle myself when I’m reading an email to get the emotion of the person who with samples from adults working in an office or demand from developers who would like more wrote it. Think about what you might see in an a conference room. If you want to recognise services that can work with video as well as with image that you’re looking at, versus me versus children or older people, or people who speak still images. your work colleagues…” English as a second language, you’ll get better The same is true for accuracy: “The results if you use a custom language model. Intelligence for peanuts computer is not some magic oracle that gets CRIS also lets you build an acoustic model from You can sign up to Cognitive Services with a free things right 100 percent of the time. If it’s uploaded samples of audio recorded on subscription, which you can use even in a speech to text and it’s incredibly noisy in the location, along with transcriptions, which will commercial app. When you need to make more background, you or I are going to have trouble help your app cope with running from a kiosk in calls to the API than are covered in the free tier, understanding it, and so is the computer.” a shopping centre with lots of background pricing is based on how much you use the Thinking about ‘how good is a person going to noise, or in the echoing lobby of a large service. “The free tiers cover the vast majority of be at this task’ can help set expectations. For building. developers who are building services,” says identifying a very specific breed of dog, image The Cognitive Services APIs are designed to Galgon. “For the face detection API, for example, recognition routinely beats the average person, be simple to get started with, and to allow you that’s 30,000 API calls a month for free, so if all but if it’s recognising someone’s face in a to get more sophisticated as you gain you’re doing is trying to detect faces in an brightly back-lit room, a human is likely to beat experience. As Galgon explains, “For the vision image, that’s 30,000 images that can be sent the computer. But as Galgon notes, “these are APIs, where we offer the capability to describe each month.” weaknesses we’re aware of and we’re working what’s going on in an image, it’s as simple as Once you exceed 30,000 calls a month, the to improve the APIs.” sending a photo to the API and we return a face detection API costs $1.50 per 1,000 calls. Usually, developers are surprised by how response like ‘that shows a man playing in a field However, you also need to consider throughput: powerful the Cognitive Services APIs are. “One and a woman riding a bicycle’.” And you can get “The free tiers throttle how often calls can be of the things we see is when someone comes in more detail if you need it. Send a photo to the sent, so a developer might choose to move to and starts playing with the APIs it tends to spark facial detection API and it returns age, gender, the paid tier to get higher throughput for many their interest. They start out by saying ‘I didn’t head pose, smile, facial hair information, the simultaneous transactions.” think this was possible, now I see it is – and facial bounding box and 27 landmarks for every “When you’re getting started, you’re talking what about this next set of things I want to try face in the image. Emotion isn’t just happy or cents to dollars in costs, although it depends on and do. This is great, I didn’t think it would even sad; it can recognise anger, contempt, fear, your use case,” Galgon explains. “Some apps use work today – so when can you add your next disgust, happiness, neutral, sadness or surprise. five APIs for every action and some apps use 10,000 categories for image classification, when So you could stick with the speech APIs as you only one.” are you going to have the next ten languages start building your app, then move to using CRIS If you’re creating thumbnails for images for LUIS model support?’ They’re saying it’s when you need the custom models. and you want to crop into the most interesting something they can start using today, but we’re CRIS is currently a private preview, area of the photograph automatically rather always getting wish lists of the next set of although Galgon notes that “we’re letting than just shrinking the whole image, for things they’d love to see us do!” people in to the preview pretty frequently”, and example, you could combine object it will be a public preview soon. More APIs are recognition, facial detection and OCR and use i on the way, and existing APIs get regular that to decide what to highlight. If it’s a picture Find out more improvements, such as adding the caption of a person, then you want to keep their face in service for images and extending the number of shot; if there’s text in the image, that’s what you To find out more about the AI and machine learning services categories of objects the vision service can want to show on the thumbnail; if it’s a picture that are available to you, call 01364 654100 or email recognise, as well as extending LUIS to of a bicycle in a street, you want to be able to [email protected]. understands languages. There’s also a lot of zoom in to the bike.

Grey Matter • 01364 654100 • HardCopy 23 IT Stay Safe Kay Ewbank investigates the new landscape of security threats and finds out what you can do to protect yourself.

It’s no secret that if a computer can law and need to pay a fine. advertisements from a number of clients and KAY access emails or the Internet, it’s at risk At the top end of the viciousness scale are placing them on websites. This allows people to EWBANK of external attack. What’s less easy to those ransomwares that encrypt your files so create an innocent looking advertisement that Kay is a database understand is how you can be sure you can you can’t open them, unless you pay the contains either malware, or a link to a site that is consultant prevent such attacks being successful. One ransom demanded. malicious. The most aggressive type of malvert specialising in EIS, reason for this is that there are just so many In general, the way you guard against is pre-click malware that contains malicious financial analysis and GIS systems. While ways a computer can be attacked, from the ransomware is to be cautious. Don’t visit code embedded in the main script of a much of her work basic sending of spam, through dangers such websites that might be unsafe; don’t open webpage. One such campaign placed ads on is based in London, as ransomware, all the way to targeted email attachments that are suspicious; and Google, Yahoo and YouTube along with many being a consultant gives her the freedom cybercrime. Knowing what threats you face, don’t click on links in social media posts. other reputable websites. to sail, travel and help and how to guard from them, is key to staying Unfortunately, people tend to be taken in by all out as a part-time safe. We’ll assume you don’t connect to the these options, so as a system administrator your SPIT and SPIM sheep farmer. wider world without using a firewall, and that main guard against ransomware is to make sure Most of us are all too familiar with spam emails, kaye@ you have good anti-virus and anti-spam you can recover from it if machines are affected. but SPIT and SPIM can be equally annoying and hardcopymag.com measures in place. So what other threats do you This means you need strong backups and good harder to deal with. Your email provider, server face and how can you mitigate against them? disaster recovery software. and/or client will have ways to help you deal For home users the same thing is true, with spam, but when the spam is delivered as Ransomware though in some cases you can get around the unwanted advertising in your instant messages, Ransomware is a form of software that, once problem by doing a System Restore to return it’s a lot harder to avoid. There is also VoIP Spam installed, stops you using your computer and your computer to an earlier state – so long as or SPIT which appears as unsolicited calls using then demands you pay a ransom before you are you’ve enabled System Restore before the the Voice over Internet Protocol. The spammer allowed to use your PC again. The harsh truth is problem occurs. The message is, back up your sets off many thousands of voice calls, and if that paying up is no guarantee that you’ll data files regularly, enable System Restore, someone answers, plays a pre-recorded actually regain use of your PC. make sure you are cautious about visiting message. There are several ways in which dodgy websites and clicking on links in emails, ransomware can stop you using your PC. The and use anti-virus and anti-malware programs. Cybercrime-as-a-Service most common is sometimes called scareware. The growth of Cybercrime-as-a-Service means This appears as fake anti-virus or system Malvertising that would-be cybercriminals no longer need to clean-up tools that pop up on your screen with It may be that you’re patting yourself on the know how to set up a cyber fraud or a messages telling you that your PC has a variety back because you have followed all the advice cyber-attack; instead they can pay someone of problems, and that paying up (possibly by above, never ever visit ‘dodgy’ websites, and else to do it for them. It’s possible to find buying the full version of the fake software) will have good compliance policies in place to offerings including Attacks-as-a-Service, solve these problems. You’ll continue getting prevent your more naïve users from straying Malware-as-a-Service and Fraud-as-a-Service. alerts and pop-ups but will most likely still be into dangerous territory. Sadly, this doesn’t Such ‘products’ provide everything the able to use your computer. necessarily protect you from malvertising, customer needs, including the malicious code Other varieties stop various applications, which involves placing malicious and the wherewithal to conduct the attack. This such as your web browser, from running. These advertisements on otherwise quite innocent might come in the form of very secure hosted merge into the lock-screen variety, where a and reputable websites. servers, or through renting the use of full-screen window is displayed whenever your Most online sites don’t deal directly with compromised machines that have been formed machine is started, usually displaying a specific advertisers. Instead, they take blocks of into a botnet. Most Cybercrime-as-a-Service message claiming to be from some government frequently changing advertisements from an companies offer downloaders to get malware department, telling you you’ve broken some advertising network that acts as a broker, taking onto machines, keyloggers to capture what

24 Winter 2016 • Issue 70 • HardCopy IT

compromised users are typing, and tools to hide the malware from the victim’s security software. So how do you keep your computer network safe? The only guaranteed solution is a computer that has no connections whatsoever to the outside world, but that’s not really a workable solution in today’s connected world, so the name of the game is threat reduction, mitigation and management. Step one is to ensure your precious data is backed up, preferably to disconnected storage, and your systems have some form of disaster recovery. Next, you need to keep systems patched and up-to-date. While cyber criminals do spend a lot of time looking for unknown weaknesses in your operating system, web browser, database software or whatever, it’s a lot easier for them to Monitor and manage how your users access the web using the Sophos Web Appliance. compromise your systems if you leave open weaknesses that have already been identified. Sophos Web Gateway your original machine, or alternatively you can Finally, you need to consider investing in a Most malware arrives via the web, which is restore your backup to a Microsoft or VMware range of protection measures that go beyond where Sophos Web Gateway comes in. It is virtual machine. the conventional firewalls and anti-virus designed to protect against phishing attacks, solutions that most of us rely on. drive-by downloads and malvertising. The Microsoft EMS gateway works by scanning all web traffic to It’s little use locking down your desktop devices Specialist Firewalls check that it meets your security policies for only to have your business users connect their While any firewall is better than nothing, some PCs, tablets and mobile phones. mobile devices in an unsecure way. Microsoft offer significant extra features. The gateway provides web filtering, Enterprise Mobility Suite (EMS) is designed to The firewall components of Dell SonicWall anti-malware and SSL scanning. This is a let enterprise customers manage mobile Unified Threat Management combine intrusion completely cloud-based service: you simply devices including iOS, Android, and Windows prevention, anti-malware, content and URL deploy a thin agent which runs in the Phone, particularly where people want to use filtering and application control. Fixed and background on your endpoint devices. The their own personal device on a corporate mobile devices are supported, including cloud-based nature of the service means that network. It includes features from Azure Active laptops, smartphones and tablets. Mobile policies are enforced and threat protection is Directory for identity rights management, devices are often among the more vulnerable active no matter where your users are working. Intune for mobile device management, and connections on a corporate network, so The gateway benefits from using the security Azure Rights Management for document and SonicWall provides native SSL VPN secure research of SophosLabs, so ensuring the data security. From a security viewpoint, mobile access. You can also set up multiple protection is up-to-date on the most recent identity management means administrators zones of access for both wired and wireless threats. The web protection engine scans web can manage external devices and make use of users that control which assets are accessible to content and blocks threats for HTTP, HTTPS, single sign-on. specific groups of users. IMAP, SMTP, UDP and DNS traffic. Devices are managed from a company Another set of firewalls worth considering portal where users can install applications, view are those from Barracuda Networks. The StorageCraft and manage devices, and set up company was the first Microsoft Azure Certified StorageCraft ShadowProtect is a combination of synchronisation of data. Devices can be Security Solution Provider, and its products backup and disaster recovery, data protection, specified as either corporate or personal, and include Barracuda Web Application Firewall and and managed migration of Windows and Linux then managed according to the appropriate NextGen Firewall F-Series. These firewalls are systems to both virtual and physical machines. compliance settings. If a device doesn’t meet designed to secure connections between You create snapshot disk images which you can the required level of security then it can be offices, VNets, datacentres and clouds. The use to restore a compromised system, or to removed from the system or even selectively benefit the Barracuda devices offer is that they recover individual files and folders. Fans of wiped if necessary. are designed to fill the gap in security between ShadowProtect say they like it because it is very the cloud infrastructure security and your local flexible if you need to recover files, and Bomgar security. They offer protection at the point unobtrusive during the backup phase. You can One weakness in many security systems is the where your application and data reside, acting create incremental backups across a network or need for external contractors to connect across as though it were a physical device bridging to a remote site, then have them verified to the company firewall to systems that run within connections between application servers in a make sure they’re viable. the corporate network. Here Bomgar offers a network DMZ and your ISP’s router. One problem with some backup and solution in its secure remote access and support The Azure support offered by Barracuda is recovery software is an insistence on recovering software. one of its selling points, allowing you to to the same hardware, which is not always an Essentially, the software allows an establish both site-to-site and client-to-site option. ShadowProtect lets you restore from administrator within the firewall to establish an connections to Azure cloud services. bare metal on hardware that isn’t the same as encrypted outbound connection to the

Grey Matter • 01364 654100 • HardCopy 25 IT

a browser window. The server integrates with removable storage media. EU Data Protection Regulations Active Directory or LDAP to manage user and Becrypt also offers Becrypt tVolution, a group access. More traditional clients are also locked down, customisable Linux operating Keeping the data in your organisation safe matters not just from a available if greater access is required. system that can be installed onto a laptop or corporate perspective; it’s also your legal responsibility. The revised Administrators are notified when sessions are desktop and remotely managed using Becrypt data protection laws, known as the General Data Protection commenced, and the sessions are recorded. Enterprise Manager. The technology is also Regulation (GDPR), will take effect in May 2018, and the regulations available on a locked down Android device are designed to ensure data stays secure. Under the new regulations, Nuix called the tVolution Mini that provides users companies that don’t comply will face fines of up to 4 per cent of their If a security breach does occur, it’s important to with access to virtualised applications on Citrix, global revenue for the previous year, or €20 million (£15.8m) find out how bad it is and what data has been VMware and Microsoft, and to cloud resources. depending on which is greater. compromised. Nuix has a range of digital As there’s no way of installing any software, Important aspects of the regulations include the appointment of forensic investigation software that system administrators can use this to allow a special data protection officer if your company handles significant administrators can use to collect, analyse and external contractors or partners to work on amounts of sensitive data, or if you monitor the behaviour of report on digital data to investigate security corporate resources without providing too consumers. Companies will need to show they audit the storage of breaches and problems. much access. personal data, and must notify those affected within 72 hours if a Nuix Insight Adaptive Security is a security breach occurs that compromises data. collection of six security technologies accessed ESET Endpoint Security Where a company is collecting, storing and sharing personal from one lightweight agent. There’s a Digital Endpoint Security from ESET is a suite of information, they must notify those whose data is being collected. Behaviour Recorder that runs whether or not a protection facilities that can be used to secure From a consumer perspective, the regulations mean that if an security breach has occurred. This monitors and and protect Windows, Mac, Linux and mobile individual doesn’t want their data to be processed, they can ask the records activity including users, processes, devices from viruses and spyware, while also company to erase it, provided there are no legitimate reasons for Windows Registry changes, user sessions, DNS providing a firewall, spam protection, web retaining it. This right includes internet companies that store personal queries, file system information, Netflow filtering and device control. You can also use it data, so you could, for example, ask Facebook to erase your profile communications, removable media and print to enforce security policies. It is popular if you along with all the data that it has gathered while you were using the jobs. A real-time detection module identifies have a of older and newer devices as it service. malicious activity, and protection options works with them all. You can also use it to Consumers will also have a right to ‘data portability’ to make it include whitelisting, blacklisting, application remotely manage Microsoft SQL Server, MySQL, easier to switch between service providers. For example, you should in control, and behavioural blocking. Oracle, Microsoft Access and VMware. the future be able to switch between email providers without losing If a security breach occurs, there’s a range Threats are identified using ESET’s contacts or previous emails. of options for searching the data sets, and a ThreatSense heuristic malware detection remediation module that can be used to technology, which has techniques for detecting terminate malicious processes based on their both known and zero-day threats. It has a good external contractor’s machine so that you don’t process identifier (PID), and to delete malicious virus and spyware scanning engine, and comes have to open any ports or provide any files and Windows Registry keys. with integrated spam filters. You can configure permissions across your firewall. You can use it to automatically scan removable media on Active Directory and LDAPS to manage Becrypt insertion, and it has a Host-based Intrusion authentication, insist on multi-factor Business executives can be travelling with Prevention System (HIPS) that protects against authentication, and set up a range of gigabytes or even terabytes of company data unauthorised changes to the system registry, permissions for technicians and privileged on their laptops, presenting a real security risk if processes, applications and files. One nice users. An audit log captures details of all remote the device is stolen. Becrypt’s Data Protection touch is its Trusted Network Detection which connections. Suite protects devices using a combination of offers a stricter level of protection when a client A related product is Bomgar Privileged full disk encryption, port control and media connects to a new or unauthorised Account Management and Vault. This is an encryption. It can also be used to protect network. agentless, proxy-based appliance that combines privileged session management with a secure password vault. What this means is that the privileged account passwords stay under your control and can’t be compromised because of poor security on the part of the user. The system is deployed as an application proxy server that provides access to systems through

i Find out more

For further help with any of the issues or products discussed here, see the Grey Matter website at www.greymatter.com/corporate/ showcase/security-solutions/. Alternatively call 01364 654100 or The ESET Remote Administrator allows you to manage your system from anywhere in email [email protected]. the world through a standard web interface.

26 Winter 2016 • Issue 70 • HardCopy

Opinion Inside Data Oracle Mobile Cloud Service can help you integrate mobile devices into your business systems, as Graham Keitch reports.

The ability to interact with departmental easily maintained development environment. browser console. You can use the console to systems on the move has become a The customised APIs are implemented with preview the application with live data without prerequisite for many businesses seeking Node.js which opens up the possibility of having to use device simulators. Scanning the competitive advantage. Most systems extending them with open source modules. Quick Response (QR) code from your mobile modernisation projects today are either The platform provides a variety of other device triggers the application download completely or partially driven by mobile services, too. Data can be stored in a ‘collection’ process. requirements. Mobile devices generally act as which allows it to be moved back into the For the professional developer, support for thin-clients in an n-tier environment on account database server where it belongs while Java and JavaScript is provided by the Oracle of screen size, other hardware limitations and remaining accessible to the client. Other data Mobile Application Framework (MAF) and the constraints of being on the move. Their main related services include two-way JavaScript Extension Toolkit (JET) respectively. task is to host the presentation layer which synchronisation with conflict detection and There are also SDKs for native iOS, Android and handles the input and output screens, and other resolution rules that can be customised. Push Windows, and a JavaScript SDK that supports GUI features. They rely on backend servers to Notifications allow you to communicate event any JS framework. Developers may use the IDE execute most of the business logic, data changes to the client and Location Services of their choice and work with Mobile Cloud handling, BI, geospatial and other distributed provide contextual location information. Service exclusively through a web browser. services for which the cloud is an ideal platform. Server-side authentication using the Mobile Backend acts as a container for the APIs A mature and flexible set of cloud backend security credentials of users and client and other resources needed for a group of services for mobile applications needs to applications which makes them easier to address the development and operational manage throughout the lifecycle. challenges faced by today’s IT departments. In The completeness of the Oracle stack for most cases, the application needs to mimic the cloud, on-premises and hybrid environments desktop variant to provide a consistent user opens up opportunities for developers to experience. Developing code for more than one extend and enhance their mobile solutions. platform has been a problem since the earliest Oracle Mobile Cloud Service is tightly days of mobile computing. Mobile also raises integrated with other Oracle Cloud offerings issues around connectivity, synchronisation and such as Document Cloud Storage, IoT Cloud security. Oracle Mobile Cloud Service acts as an Service and Process Cloud Service to name but Oracle Mobile Cloud Service is a abstraction layer that solves these issues a few that are self-explanatory. Mobile solutions backend hub for providing services to through a set of backend services. can also be developed to extend Oracle mobile applications. Systems in general are becoming more Applications. granular and distributed across multiple applications helps achieve built in end-to-end Subscriptions to Oracle Mobile Cloud platforms driven by the increasing use of security. A number of methods are available to Service are based on the number of API calls application programming interfaces (APIs). define roles and realms, and to configure role made and the amount of storage used. Oracle These have been around for decades but have based access to API endpoints with the provides the development portal and runtime recently become the de facto standard that backend. Mobile users can also login using their environment and most customers subscribe helps remove the need to code for a variety of enterprise credentials or via social networks. separately to a development, staging and target devices. By leveraging a catalogue of Analytics Service can yield valuable insight into production environment for greater mobile REST/JSON APIs, developers need adoption rates, features used and other metrics control and flexibility. concern themselves less about handling data which help ISVs and other developers storage and retrieval. Authentication and understand how and when customers are using i security can also be implemented more easily. an application. Find out more Oracle Mobile Cloud Service exposes APIs Tools are also provided for a class of that can be called directly from client developers which Oracle refers to as ‘citizen Graham Keitch is the database pre-sales specialist at applications using REST calls or client SDKs. In developers’, allowing them to create on-device Grey Matter and has worked in IT for over 25 years. For addition to out-of-the-box services, you can mobile solutions without writing code. This is further information and advice about Oracle Mobile create new APIs which can be called from the the Mobile Application (MAX), a Cloud Service, call him or one of his colleagues on mobile client application via standardised REST browser-based tool which allows you to edit, 01364 654100, or email [email protected]. calls. This helps maintain a uniform and more test and publish mobile applications from a

Grey Matter • 01364 654100 • HardCopy 29 Opinion Straight talking Tim Anderson reports back from Microsoft’s Ignite event, and tells us why Windows Server 2016 is still relevant to software developers.

Microsoft has released Windows Server and storage management. but the truth is that Server 2016 is designed for 2016. Should developers care? 5. Security enhancements that enable a large-scale cloud deployments, whether that is There are two reasons why they should. One is degree of fine-grained control that has not a private cloud in a datacentre, or a public cloud because the design of Windows Server 2016 been seen before in the Windows world. such as Microsoft Azure. In fact, Microsoft itself speaks volumes about Microsoft’s general This includes Shielded VMs, which address is probably the biggest single customer for direction. The other is that this release has a big the risk of a hacker getting access to your Windows Server, bearing in mind its huge new feature aimed at developers, namely Hyper-V host. In earlier versions, access to investment in Azure and Office 365. In these Docker and Windows Server containers. the host meant access to all the VMs it environments, the ability to make better use of First, a quick look at Microsoft’s direction. hosted, but that is not so with Shielded hardware through the denser deployments The company is gradually tilting away from its VMs, which are encrypted and cannot be enabled by Nano Server and containers is a traditional role as a software supplier towards run on any other host. You can also now huge advantage. More secure VMs, nested being a cloud platform and services vendor. The manage administrator privileges, using virtualisation, more scalable VMs, better new release of Windows Server illustrates this temporary accounts and restricted software defined networking and storage with its focus on cloud-oriented features. Here PowerShell sessions so that the risks management: all play well on cloud platforms. is the headline summary of what is new: involved in having global administrative This then is a cloud-oriented release, and 1. Much improved Hyper-V virtualisation. rights are much reduced. you can conclude that a top priority for Some 40 new features include nested Microsoft is improving its cloud platform in virtualisation – the ability to run VMs All this sounds good, but one thing that struck order to compete with Amazon Web Services (Virtual Machines) within VMs – security me when installing the release build of and to improve the foundation of Office 365, enhancements such as virtual TPM (Trusted Windows Server 2016 is that there is not much Dynamics Online and its other cloud services. Platform Module) enabling Bitlocker here for small guys, the businesses that have It is also making the necessary investments encryption within a VM, and massive just a few servers in a room at the office. The in physical infrastructure to run these services. scalability improvements. You can now new security features are impressive, but Microsoft now has over a million servers across create a VM with up to 12TB RAM and 240 require a substantial overhead of infrastructure over 100 datacentres supporting its global virtual processors, while the host can and administration to manage. cloud infrastructure, and is building more. support up to 24TB RAM and 512 logical The enhancements to Hyper-V will be In September 2016, at the Ignite event in processors. There is also runtime memory useful for anyone using virtualisation, of course, Atlanta, CEO Satya Nadella stated that AI resizing, hot add and remove of virtual network cards, production-supported checkpoints, faster networking and more. 2. A new edition of Windows Server, called Nano Server, which is designed as a lightweight Hyper-V or container host, or to run in a VM that is running application workloads. Nano Server has no command prompt when you boot it up; you have to manage it remotely with PowerShell. 3. Containers, lightweight cousins of VMs, which are designed to be replaced rather than updated when you rebuild your application. Server 2016 supports two kinds, standard containers and Hyper-V containers. Hyper-V containers are better isolated and run their own copy of the Windows kernel, but both are managed the same way, using the Docker engine and tools. Running Docker on Windows Server 2016, using a Nano Server base image to execute a 4. Big improvements in virtual networking Hello World .NET Core application.

30 Winter 2016 • Issue 70 • HardCopy Opinion

(Artificial Intelligence) is at the heart of application using a script that is called a other version of Windows Server. Microsoft’s vision of the future. The link with the Dockerfile, and then running it. The Dockerfile There are a few caveats. Docker is mature cloud is obvious, since it provides both the data can do things like copying files to the container on Linux, but brand new on Windows. The fact and the processing power to analyse it. There image, running commands - which can include that the vast majority of Docker images, tools was even a demonstration, though sadly only a PowerShell scripts, setup files or adding features and documentation out there are for Linux is a ‘what-if’ one, of applying Azure’s entire set of with DISM (Deployment Image Servicing and source of considerable confusion, especially as FPGA cards (Field Programmable Gate Arrays) to Management tool) – and defining what most resources describing ‘Docker on Windows’ a translation task and achieving a billion billion happens when the container is deployed, such refer to running Linux Docker using VMs. operations per second. This is an Exaflop, a goal as starting an application. Another issue is that Nano Server does not run which supercomputers do not expect to reach Docker images are binary files, which you the full .NET Framework but only the until 2020. store in public or private repositories, but a cross-platform .NET Core, which means that Dockerfile is just text that can be version existing ASP.NET applications will not run. Everyday development controlled like any other code. Docker also requires a change of mind-set But what has this to do with everyday software What this means is that using containers is for developers. For example, a container is development? Nadella’s idea is that all of us another path to infrastructure as code, the essentially stateless; you can store files on it, but should start writing bot applications, calling ability to define not only the instructions that they will be gone next time you deploy the cloud services to create next-generation user forms your application, but also the platform on container. If you need persistent storage, the interfaces based on natural language parsing: which it runs, in text files that are managed and answer is to mount a shared drive, or use web “Every business is going to build a bot interface.” versioned. And using containers is more storage like Azure Blob storage, or use a Another obvious use case is analysing IoT lightweight and accessible than other forms of database server instead. data, and Microsoft is ready for you with its infrastructure, such as code, which means that The tools for Windows are also in their Azure IoT hub. any developer can take advantage. infancy. The Docker engine is there, but All of this though is still rather remote from You can also see why Microsoft has been so Microsoft needs to bake support into Visual what most developers work on every day. That keen to reduce the minimum footprint of Studio so that building an application and said, the container support in Server 2016 is a Windows Server. Small editions like Server Core deploying with Docker is fully integrated. No big deal for Windows developers working at and Nano Server are well suited to packaging as doubt this will come soon. almost any scale, not only because of its container images, especially Nano Server. At the The bottom line though: despite scalability and reliability advantages, but also time of writing, the microsoft/nanoserver image Microsoft’s cloud obsession, containers and because it is so amenable to automation. is just 652MB, whereas the microsoft/iis image Nano Server are a big step forward for Windows If there is one word that defines modern (Server Core with IIS) is 7.58 GB. Nano Server is developers at any scale, and well worth development trends it is not Agile; it is better suited to container deployment than any investigating. automation. Gone are the days when you would build up to a new release by listing and prioritising bugs and feature requests, then roll Licensing Windows Server 2016 out alpha and beta builds for testing, before Windows Server has moved to a licensing structure based on the number of physical cores finally deploying a new release with a fanfare of rather than the number of processors it will run on, in a fashion similar to that already adopted trumpets. In today’s world you amend code and for SQL Server. However, unlike SQL Server where client access is included within the cost of deploy a new build little and often, with core licensing, Windows Server requires you to buy Client Access Licences (CALs) as well. As automated tests before and after checking in with SQL Server, Windows Server 2016 is licensed in twin-core packs, but with a minimum of changes, automated build, and automated eight cores which requires you to purchase at least four packs. deployment – a model known as ‘continuous The virtualisation rights associated with each edition initially remain unchanged. However, delivery’. If a problem is discovered, the answer there are a few key points to consider that fall in line with the technology advancements: is a quick rollback to an earlier version. 1. Standard Edition allows you to run up to two Virtual Operating System Environments Admittedly this model does not work for all (VOSEs) or Hyper-V Containers. Multiple licences can be assigned to the same cores for kinds of software, and there may be marketing additional virtualisation rights, where required. The Datacenter edition allows for an reasons for version upgrades and trumpet unlimited amount of VOSEs and Hyper-V Containers. fanfares. It does make sense for custom business 2. Hyper-Threading is no longer accounted for in Windows Server 2016, so you only need to software though, as well as for web applications, cover the physical cores and can ignore virtual cores. or subscription software where users expect 3. If a processor is disabled for use by Windows, the cores on that processor do not need to be frequent small upgrades. licensed. Disabling hyper-threading or core-utilisation for specific applications does not Containers are not essential for automated alleviate the licensing. deployment, but they are a great enabler. In 4. External Connectors are still licensed per-server and should be applied to each server that Server 2016, the official tool for managing is being accessed, regardless of the number of users or devices. containers is Docker, and a commercially 5. Nano Server is a deployment option within Windows Server 2016. It is included as part of supported version of the Docker engine is free the edition that is deployed and is not licensed uniquely or separately. for anyone to install, thanks to an agreement 6. ‘Nesting’ of VMs (running one Virtual Machine inside another) is considered separately and between Microsoft and Docker, though you will so licensed according to the number of VMs utilised. In other words, embedding one VM need PowerShell to install it. inside another counts as a Primary and a Secondary Embedded. In such scenarios the The way you use Docker is by downloading Datacenter edition would work better as it has no cap on virtualisation rights. or creating a base image, modifying it for your

Grey Matter • 01364 654100 • HardCopy 31 Opinion …and another thing

Jon Honeyball ponders the full implications of AI, and what companies need to do if they are to reassure the end-user.

The news that Microsoft has decided to product groups in Redmond, while some in cannot ask the question, “I was talking to Bob, take AI seriously is not something to be Redmond have argued that MSR should have or maybe it was Joe, about the concrete overlooked. It is of course a logical step when been the one with the eyes on the future just construction of that bridge in New York, some you consider the engine you have at your beyond the next product release. two weeks ago. Find me what we discussed.” disposal once you’ve built a cloud infrastructure Whatever the truth of the matter, and The mix of deep AI along with the concept of a that is farming almost impossibly large there will be endless discussions of this over time line is something that we have never really quantities of data belonging to you and me. almost unlimited quantities of beer, the reality had the opportunity of enjoying; and I don’t That the news is focused on Microsoft is that Microsoft missed the perfect storm of count local hard disk indexing engines as being rearranging MS Research is also a breath of ARM processor technology, touch screen glass anything other than the topmost millimetre of fresh air. MSR is one of those organisations that screens and emerging battery technology. This the toe-nail connected to the toe in the water was set up to do original thinking, with world is what led to the iPhone, a product which of real search. So much more needs to be done, class engineers based around the world, turned an industry on its head almost and deep AI is the engine that will allow this. including at such academic centres as overnight. Nothing Apple did was magical, When I look at my internet use, a truly Cambridge. And there is no question that MSR despite its oft-repeated claims to the contrary, frustrating part of it is simply looking up stuff has contributed significantly to the overall but it did have its eye on the ball of what was that I know something about already. The technological ecosystem at Microsoft, and possible in the near future, and pulled it all phone number of a restaurant I have previously within Microsoft products. together with great success. visited; or maybe I will be in York next week and To do AI well requires huge computing I want to find an interesting restaurant. I know power and access to vast databases that can be sort-of what I want, but I have to go through “So much more needs trawled to teach the engines. Anyone who has mechanical hoops to find it. An AI engine that to be done, and deep spent a boring hour of their life trying to train a had looked at my diary, noticed that I was voice recognition engine will know the almost staying in the Travelodge next to the University AI is the engine that futile effort required, and the results are often for the night, and had come up with a bunch of not pretty. However, pre-analyse thousands of restaurant suggestions which it could slip into will allow this” voice patterns and the training can be reduced my visible world for consideration, would be a to almost nothing. Indeed, on a modern game changer. Even better if it could phone the It could be argued that the influence has cloud-powered AI system, vocal training has all restaurant and make the booking, although I been more undercover than in plain sight, but but disappeared. Yesterday, I plugged my new guess going through a table-booking website that might have been for the best. Where the Amazon Echo system into my house. The first would be easier. relationship between MS and MSR failed, vocal command I gave was “Alexa, play me the When it comes to business data, the search according to some I have spoken to over the album A Walk Across The Rooftops by The Blue for the elusive two percent has always been the years, is in coming up with innovations in that Nile” and it knew exactly what it had to do. This Holy Grail. Finding that small but vital extraordinarily difficult area which is ‘just sort of AI is truly remarkable, and can be game competitive edge has kept many people around the corner’. In other words, the broader changing for the user. employed doing endless Excel worksheets, canvas which Microsoft ought to have kept a When it comes to mining data, there is an often tied to deep “SELECT * FROM …” type SQL closer eye on, but didn’t. Some have argued to almost unlimited amount of improvement that queries. Having cloud services that offer deep me that MSR saw that role as belonging to the can be made. It drives me to distraction that I learning and mining capabilities will be a game

32 Winter 2016 • Issue 70 • HardCopy Opinion

changer for many industries, including those immediately slips into the mundane and run of to predict. And therein lies the challenge: using who consolidate in the middle tier. For example, the mill. Such a step change has both ups and these engines, whether they are from Microsoft finding airline routes that fulfil a somewhat downs. Mining across global-sized data sets or Google or Amazon, or some other company more fuzzy set of criteria than just when and requires more than “SELECT * FROM”, and it has that has yet to arrive, in ways that delivers where could be worth looking at. to go considerably further than the sort of fuzzy seamless integration into people’s lives and yet There are several underlying problems to searching done by the likes of Google or Bing. doesn’t jeopardise the underlying trust required consider, though. Firstly, AI research into huge Secondly, does the user really know what to ensure that users, both personal and data sets can often uncover things we didn’t they are signing up to and agreeing to accept? business, are prepared to continue to know. In other words, answering the question It could be argued that, as an industry, the contribute. we had not yet asked. While this can be software industry has a pretty shoddy We know that the user is the product. It is a fascinating, or even game changing, it could reputation for hiding things away on the fine line between trust and abuse, and I am not easily lead to the unveiling of more than we bottom of page 79 of the licence agreement, sure the industry is, as a whole, in a comfortable wanted. For example, consider the relatively which you can scroll through only one quarter place on this right now. Just one look at the limited information that an insurance company of a page at a time. When are we going to see financial services industry will show you what currently has to work with in order to present much more openness and clarity about user happens when ubiquity and limited choice you with a policy pricing. Imagine what more it data, and how it might be used and processed combine with money to create a recipe that is could do when it could data mine your LinkedIn in this new AI world? What rights do I get as a often far from the best interests of the profile and your Facebook postings too. user to examine, limit, edit and ultimately delete customer, and yet the vendor is so big, so And therein lies a problem: how much such data? We cannot move forward on an powerful and so mighty that they transcend about ourselves are we prepared to reveal, and assumption that data slurp is just fine. The even government level oversight. This is why are we even aware that it is happening? Finding difference between micro and macro is already Macro Versus Micro is going to be a massively that last two percent in insurance premiums overstretched, and it is time for vendors of all important underlying issue here. How can we might mean noticing where you happen to persuasions, both large and small, to increase gain benefit for all (Macro) whilst still respecting drive, and weighting things based upon your clarity, not hide away behind licensing waffle. the needs, concerns, privacy, and simply human proximity to past accidents based on Despite all of this, the move to AI in cloud frailty of the individual (Micro). So far, we have geolocation and time. It might seem ludicrous services will be the next big step. From personal done a pretty bad job on this front. It’s time to now, until such an AI-driven data search computing to internet, from cloud and now to come clean, stay clean and start to build becomes possible, at which point it almost AI cloud, the benefits are both obvious and hard solid trust.

Gold

Partner

Partner Gold Grey Matter • 01364 654100 • HardCopy 33 Opinion Short cuts Paul Stephens takes a sideways look at IT in this month’s Special Hoax Issue

Unbelievable(-ish) membrane)? Take one large tube of superglue and one tube of silicone filler (buy good ones – no This issue’s coveted Short Cuts Meanest Thing Ever award has to raiding the pound shop!). Bring your tablet’s virtual keyboard on-screen, spread the superglue go to Taras Maksimuk, a Californian gentleman who published a over it and blend in the silicone filler. The mixture will absorb the on-screen keyboard, presenting YouTube video encouraging iPhone 7 owners to drill into their phone’s you with a neat, and very permanent, QWERTY layout. TIP - add more mixture to the upper area to casing and uncover a hidden 3.5mm headphone socket. create a slanted keyboard, and don’t forget the Function keys! Such was the hunger for old-style connectivity among iPhone 7 owners that a number of them did just that – or so they claimed, with • Convert your Toyota Prius to petrol-only operation. Forced to own a Prius for business reasons comments including “I did this to my moms iPhone now it no work you but sick of all this namby-pamby eco-electric hybrid nonsense? Take some industrial bolt-cutters **** idiot how **** stupid are you” and “**** you techrax, i did the same and some even more industrial rubber gloves. Locate the Prius’s traction battery (it’s under the & it doesn’t work, it broke my taptic [sic] engine & mic.” These may have back seat), find the power lines been hoaxes too, although Short Cuts suspects that some might not that connect it to the electric have been. After all the video was aimed at people who’d just paid £700 motor, and double-check that for a phone that’s not a whole lot different from the phone they paid you’re wearing the rubber gloves. £650 for a year or so ago except that it doesn’t have a headphone Now cut the lines using the bolt socket, so a degree of gullibility is not entirely out of the question. cutters, and cap the exposed Of course the key to any good hoax is an element of credibility, the wires with the superglue/silicone feeling that, although it seems unlikely, it could basically happen. In this mixture left over from your real tablet keyboard project. Your Prius will henceforth run on petrol only, allowing you to drive Toyota’s Prius – it doesn’t have to be this way! for Uber and still be a real man!

• Get a proper task bar on Windows 10. Are you a former XP/Vista user pining for the days when there was a proper, 3D-look task bar at the bottom of your screen, instead of a ‘modern’ one with confusing jump lists and drab, flat-look icons? Take a hacksaw (put your PC in standby mode before beginning) and make two full-width horizontal incisions across the lowest 1.5cm or so of your monitor or laptop display. Cut at the sides between the incisions, remove the section of display, and you’ll find the old Task Bar underneath. It’s 2005 all over again!

• Rescue your data from the Cloud using a GPS receiver and laser gun. Would Apple really be so mean as to hide a headphone socket (That’s enough hoaxes - Ed). behind a blanking plate? (https://youtu.be/5tqH-Un9SFU) Bing on the ball case the credibility test was whether people believed Apple really would For something that sounds like a hoax but isn’t, you can always rely on Microsoft. Its Bing search be bloody-minded enough to include a headphone socket then blank it engine has, apparently, turned football sage, predicting that Manchester City will win the Premier off just to prevent customers using their old headphones and force League this season with 94 points, followed by Man United (89) and Chelsea (83). Microsoft says Bing them to buy new, ridiculously expensive ones. Put that way, we have to uses ‘online search, social sentiment and past player performance’ to calculate probabilities, and admit that it’s a difficult call. boasts that it correctly predicted the outcome for all 15 knockout matches at the Brazilian World Cup in 2014, although it fared less well in predicting a home win for Chelsea on 16 September (Liverpool Bungs won 1-2), and also predicted a 55 percent win for Remain in the EU Referendum. More top The iPhone drilling video is just the first of a tidal wave of semi-credible predictions at bing.com/explore/predicts. instructional videos, as the Short Cuts investigative team, redeployed from their normal duties of offering bungs to football managers in hotel bars, discovered. Here are some shocking examples.

• Give your tablet computer a real keyboard. Fed up with your tablet’s on-screen ‘virtual’ keyboard, and longing for the days of real key travel with a satisfying click (OK, spludge of deformed rubber Bing predicts the relegation slots in this season’s Premier League table.

34 Winter 2016 • Issue 70 • HardCopy Streaming Results You Can Count On Intel® Video Pro Analyzer Part of the Intel® Media Server Studio Product Family

Improve video quality with the ability to inspect the entire decoding process with the new Intel® Video Pro Analyzer.

Analyse, compare, test, and debug streams in developing high-quality media encoders. Get deep video coding analysis for HEVC, VP9, AVC, and MPEG-2.

• Test/debug media encoders

• View and analyse, compare, and debug streams

• Innovate for the next-gen colour gamut supporting Ultra HD content

Intel® Video Pro Analyzer supports Microsoft Windows*, Linux*, and OS X*.

For more information, contact us. Phone: 01364 654100 Email: [email protected] Visit: greymatter.com/hc/imss-2016

Copyright © 2016, Intel Corporation. All rights reserved. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.