At-Home DNA Tests and Growing Privacy Concerns

Written by Brooks Canavesi on . Posted in Blog, Software & App Sales, Technology Tips & Tricks

Direct to consumer genetic testing companies, such as 23andMe, AncestryDNA, MyHeritage DNA, and Living DNA, have convinced millions of people to place their genetic material, typically a saliva sample, in an envelope and send it for analysis. In 2017, the genetic testing market was worth approximately $99 million in 2017, and it’s estimated that it will be worth $310 by 2022.

However, not everyone is as thrilled about the growing popularity of direct to consumer genetic testing as the companies that profit from it. “The key thing about your genetic data…it is uniquely yours. It identifies you, so if you are going to entrust it to a company, you should try to understand what the consequences are,” said Jennifer King, director of consumer privacy at Stanford Law School’s Center for Internet and Society.

While genetic testing companies have plenty good reasons to protect the genetic data of their customers—their business depends on consumer trust, after all—cybercriminals are experts at finding ways how to circumvent even the most state-of-the-art cyber defenses.

This was demonstrated by an unknown hacker on October 26, 2017, which was the date when MyHeritage, an online genealogy service that was first developed and popularized by the Israeli company MyHeritage in 2003, was breached, leaking email addresses and hashed passwords of more than 92 million users who signed up for the services until the date of the breach.

The company didn’t disclose the breach until June 4, 2018, and it did so only after a security researcher reported finding a file that contained email addresses and hashed passwords on a private server. “Our Information Security Team received the file from the security researcher, reviewed it, and confirmed that its contents originated from MyHeritage and included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords,” said MyHeritage in its statement.

“We determined that the file was legitimate and included the email addresses and hashed passwords of 92,283,889 users who had signed up to MyHeritage up to and including Oct 26, 2017 which is the date of the breach. MyHeritage does not store user passwords, but rather a one-way hash of each password, in which the hash key differs for each customer. This means that anyone gaining access to the hashed passwords does not have the actual passwords.”

The breach of MyHeritage has served as a powerful reminder of the fact that consumers are not focusing on privacy nearly as much as they should be. The next data breach could be far more serious, and there are many ways how genetic data could be exploited. For instance, insurance companies could use it to deny health insurance coverage for consumers with genetic predispositions to certain medical conditions.

To prevent this from happening, genetic testing companies must ensure that a data breach similar to the one that affected MyHeritage won’t happen again, and consumers must educate themselves on the privacy implications of sharing their genetic data with genetic testing companies and their partners.

TOP 10 OPEN SOURCE TOOLS FOR IOT APPLICATION DEVELOPMENT

Written by Brooks Canavesi on . Posted in Blog, Mobile App Development, Technology Tips & Tricks, Technology trends

Predictions from Gartner paint a clear picture of a future that relies on countless interconnected smart devices just as much as we do on computers and smartphones. According to their predictions, there will be 26 billion Internet of Things devices installed in 2020, generating $300 billion in revenue for manufacturers and service providers and making a $1.9 trillion impact on the global economy.

This article gives an overview of top 10 open source tools for IoT application development. These tools represent a great entry point into this exciting field, which hides a tremendous amount of opportunities for those who are not afraid to learn new things and challenge the current way of life.

1. Arduino Ethernet Shield

The popular open-source electronic prototyping platform used in conjunction with Arduino Ethernet Shield is the perfect hardware combination for simple IoT projects and even more sophisticated applications. All that users have to do in order to control their creations from anywhere in the world is to connect the Arduino board to the Internet with an RJ45 cable and complete a basic setup procedure.

Compared to some heavyweight representatives of the IoT-ready single-board computers, such as the Raspberry Pi or BeagleBone, Arduino is very inexpensive, available virtually anywhere in the world, and used by thousands of enthusiastic users, who love to share their creations with others. Documentation is plentiful and so is the inspiration to turn this wonderful device into something of a great use.

2. Eclipse IoT Project

Eclipse IoT strives to simplify IoT development by implementing IoT standards like MQTT, CoAP, LWM2M, and oneM2M. MQTT is a machine-to-machine (M2M)/”Internet of Things” connectivity protocol and the base for the Eclipse Paho project, which provides open-source client implementations of MQTT and MQTT-SN messaging protocols aimed at new, existing, and emerging applications for M2M and IoT.

CoAP stands for The Constrained Application Protocol, and it is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Internet of Things. Lightweight M2M (LWM2M) and oneM2M were created to ensure the most efficient deployment of M2M communications systems.

Together, these standards and tools represent a comprehensive toolkit for any Java programmer who would like to branch out from his or her daily routine.

3. OpenHAB

This vendor- and hardware-neutral open source automation software is designed to let smart devices talk to one another and allow users to add new features to them. openHAB is developed in Java, which makes it possible to run it on any device that is capable of running a JVM. It comes with different web-based UIs as well as native UIs for iOS and Android, and provides APIs for being integrated into other systems.

Creators of OpenHAB recognized that proprietary smart devices quickly become obsolete, incompatible, and unable to meet security requirements of modern-day users. Their solution leverages data from all available subsystems and integrates them into one cohesive package. The tool received a People’s Choice Winner at the Postscapes IoT Awards 2014/15 and the Duke’s Choice Award 2013.

4. RIOT OS

RIOT is an open-source operating system developed by a grassroots community to power various Internet of Things solution. When compared to regular Linux or other IoT operating systems, such as Tiny OS and Contiki, RIOT supports both C and C++, comes with multi-threading with ultra-low threading overhead (<25 bytes per thread), real-time capability due to ultra-low interrupt latency (~50 clock cycles) and priority-based scheduling, and excellent modularity.

There’s even a native port of RIOT that allows developers who are not familiar with embedded programming to run RIOT inside a process on Linux or Mac OS. All code is hosted on GitHub and the provided wiki contains plenty of useful information to get started with RIOT.

5. Thinger.io

Thinger.io provides a ready to go scalable cloud infrastructure that can be controlled with their easy to use admin console, or integrated into a business logic with REST API. The entire project is open-source and completely hardware agnostic. The ready-to-use scalable cloud infrastructure allows for easy deployment of your own infrastructure, both in local machines or in the cloud.

As such, Thinger.io essentially eliminates the need to select a compatible vendor hardware and use bloated software to accomplish very simple things.

6. OpenIoT

OpenIoT is a joint effort of prominent open source contributors who want to provide support for cloud-based and utility-based sensing services. This middleware will support flexible configuration and deployment of algorithms for collection, and filtering information streams stemming from the internet-connected objects, while at the same time generating and processing important business/applications events, according to OpenIoT’s GitHub page.

The entire architecture consists of three main planes: the Utility/Application Plane, the Virtualized Plane and the Physical Plane. Each plane includes several elements, such as the Request Definition, Request Presentation and Configuration and Monitoring components. OpenIoT comes with a built-in Scheduler, Cloud Data Storage, and even Service Delivery & Utility Manager.

7. IoTSyS

OpenIoT is not the only integration middleware for the Internet of Things in existence; there is also IoTSyS, which provides a communication stack for embedded devices based on IPv6, Web services and oBIX to provide interoperable interfaces for smart objects. The main objective of IoTSyS is to leverage the power of existing automation systems and sensors and use it easily create and deploy a new solution, while addressing security, discovery, and scalability issues.

8. Freeboard

Not to be mistaken with the unique skateboard, Freeboard is an elegant dashboard for the IoT. It allows anyone to quickly build real-time, interactive dashboards and visualizations using the intuitive drag & drop interface. The dashboard stands on top of a secure, high-performance, enterprise-class cloud system and the entire project is open-source and publically hosted on GitHub.

It features seamless integration with dweet.io, or access any web-based API, the ability to select from a growing list of included widgets, and instant sharing via email, SMS, and social networks. Some notable examples include The Heising-330, which is a modern, internet-connected, and fully automated continuous still, built by and for the craft distillery and a prototype of air quality monitoring dashboard.

9. Interstacks

“Interstacks are snap-together electronic blocks and Stackbuilder visual authoring tool. In minutes, invent any smart devices you can imagine. Then connect them to each other and the internet. Interstacks empowers you to become master of your internet of things universe, according to the official website.

Getting started with Interstacks is made simple thanks to the modular approach and desktop applications for Windows and Mac built around the Phyton programming language. The holistic approach to prototyping allows users to configure their system of devices and internet services, build macros, and write rules to automate systems.  Maya Design created Interstacks & Stackbuilder products with decades of user interface / user experience (UI/UX – HCD) expertise guiding their innovative and intuitive approach.   The Stackbuilder interface is a visual authoring tool (drag-and-drop) that enables the user to build, test and tweak their stacks in a very intuitive fashion.  The concept of rapid prototyping lives at the core of this product line.

10. Zetta

Built on Node.js, Zetta is an open source platform for creating Internet of Things servers that run across geo-distributed computers and the cloud. Zetta achieves this by combining REST APIs, WebSockets and reactive programming.

Once installed, Zetta servers can run everywhere and have no problems communicating with Arduino, Spark Core, and other microcontrollers. Coding is simplified by a series of helpful abstractions that allow developers to focus on the big picture and not get too bogged down with insignificant details.

Conclusion

Even though these 10 tools cover everything from application development to middleware and home automation suite, we have barely scratched the surface of what’s currently available. The Internet of Things is going to be one of the several key technologies of the future and the knowledge of its common building blocks (no pun intended “interstacks”) is likely to prove extremely useful.

Enterprise Mobility: Security Risk or Worth It?

Written by Brooks Canavesi on . Posted in Blog, Mobile App Development, Sales Strategy, Technology Tips & Tricks, Technology trends

For the first time in computing history the enterprise is being influenced by its employees and consumers technology through IT consumerization.  IT consumerization is the blending of personal and business use of technology devices and applications.   Many companies have embraced a mobile-first strategy. But when employees are left to their own devices, InfoSec experts face unchartered territory. However, enterprise mobility can be and is in my opinion is absolutely a strategy enterprises cannot continue to ignore.

The trend towards enterprise mobility can indeed add to concerns over BYOD (bring your own device) security. And even though such systems are key to business operations, they’re not regularly maintained or tested for vulnerabilities, mainly due to availability concerns.

Enterprise mobility really is a double-edged sword: it helps provide broad data access along with communication capabilities for a great deal of the workforce, often at little to no direct cost. It also aids in opening up security issues that can range from vulnerable apps to security issues and employees accessing sensitive corporate data via unsecured networks.

Many CISOs and CIOs tend to realize that while security technologies and mobile device management do play a role, clear policies are essential to harnessing the benefits of BYOD. The aim of such policies needs to be to increase user productivity and satisfaction while ensuring compliance and the utmost security.

It Is A Risk Worth Taking 

So where do you start building a mobile security policy? Simple: start with what makes you uncomfortable. Devices need to meet “trusted device standards” in order to comply and employees should use VPN clients to gain access to the company network. What’s more, employee-owned devices should support security policies and frameworks that keep enterprise data secure at rest and in transit.

The trend towards enterprise mobility with critical systems and data can add to the concerns over BYOD security.  While some security policies are indeed standard procedure, you need to identify which functions, data and applications need protection most in order to understand how enterprise mobility could expose them. Some companies, such as Cisco and Oracle, use MDM (mobile device management) and MAM (mobile application management) to do application installs / removals, containerization and encryption of enterprise data, and in some cases remote wipe for loss prevention.

BYOD does bring many benefits when it comes to empowering your staff with timely information, offering flexibility and increasing productivity. Enterprise mobility also have many customer benefits such as improving consumer loyalty, streamlining customer support process and reducing support costs.  The benefits far outweigh the risks, but every company has unique situations and that’s where BYOD security technologies and policies should be focused.

Take the First Step

Enterprise mobility necessitates partnership with business leader involvement coupled with the understanding that not all risks are bad. The first step should be to establish a committee of business and tech leaders to identify the data and critical systems that should be considered when formulating the BYOD policy. The next step should be to review policy and technical controls based on potential risks and threats to your current operations.

Based on this sort of analysis, security officers and CIOs will be able to determine how to enhance and enable their enterprise mobility programs to moderate business risks.

Learn more about Oracle’s Enterprise Mobility Management (EMM)

Looking for a partner to help your enterprise mobility needs, check out OpenArc.

GoPro Hero4 Session vs. Hero4 Silver Face-off

Written by Brooks Canavesi on . Posted in Technology Tips & Tricks

The GoPro Hero4 Session is set to hit the shelves in less than a week.  <sarcasm> This is extraordinary timing, since I bought my Hero4 Silver less than a week ago. </sarcasm>  Being the tech nerd that I am and in the mobile app development industry, I had to start digging into the content GoPro has put out on the new camera to see if I should return my Hero4 Silver to grab a Hero4 Session.

This is what I found out and my personal opinion on why I will be sticking with the Hero4 Silver.

GoPro Hero4 Session – PROS:

  • Small
  • Waterproof without a housing
  • Light weight – 35% lighter than a regular Hero4
  • Pivot mount (ball joint) – more versatility from single mount point
  • Internal gyroscope that auto-rotates video when mounted upside down
  • More aerodynamic / hydrodynamic shape
  • Two microphones

GoPro Hero4 Session – CONS:

  • Lens – the lens is not protected by an external housing; beware of scratches!  I tend to ski trees in deep pow, hit my camera all the time off branches and such.
  • Battery – internal battery; no extra batteries here 
  • Settings – can not change settings on camera w/o smartphone app or wifi remote (no onboard settings button)
  • Image Features – less resolutions and frame rates than regular Hero4
  • LCD – No preview / touch screen LCD
  • Image Quality – less image quality than Hero4 Silver when compared side by side
  • Lens – water droplets seem to stick to Hero4 Session lens more than regular Hero4 Silver

It came down to three (3) major factors on cons list that confirmed my decision to stick with my Hero4 Silver:

  1. Internal battery – if I run out of juice, I’m screwed the rest of the day.  I currently have three batteries for my Hero4 Silver
  2. Scratch potential for main lens.  I love the fact that I can scratch the main external waterproof housing for my Hero4 silver and just grab a new one pretty cheap.  If you scratch the lens on the Hero4 Session, you might be buying a new camera instead of a housing.
  3. Image quality.  The sensors seem more mature and better in the original form factor.  I imagine this will get better in future versions of the Hero4 Session thereby leveling the playing field a bit possibly for the second version of the Session (Hero5 session)

If you would like to see the Hero4 Silver vs the Hero4 Session reviewed on image quality, check out this video review on wired.comhttp://www.wired.com/2015/07/new-gopro/

I hope this was helpful for those caught in temporary GoPro envy.

This Ipad has not been backed up for two weeks

Written by Brooks Canavesi on . Posted in Blog, Technology Tips & Tricks

icloud backup message in ipad

Have you ever received this message on your ipad “Icloud Backup” “This Ipad has not been backed up for two weeks. Backup happens when ipad is plugged in, locked, and connected to wifi”

Two things you can do to solve your nagging message:

1.) Plug in your ipad, connect to wifi, go to: Settings >> iCloud >>Storage & Backup >>Click “Back Up Now”

OR

2) If the message still persists, which seems to be a bug on some iPads, then a reset should help. Tap and hold the Home button and the On/Off button at the same time for approximately 10-15 seconds, until the Apple logo appears. When the logo appears, release both buttons and await restart. No content will be affected.

Hope this helps those scratching their heads when your iPad nags you (in a good way).