Tag Archives: make

For Sale – REDUCED – Apple Magic Trackpad 2, Magic Mouse 2, AirPort Extreme & Twelve South Magic Wand

Like others, I’m having an Apple clear out to make way for my recent purchases on here

I’ve tried to get on with both but have given up, the mouse especially but I’ve just recently bought a Logitech MX Master 2S mouse which does all I need. No remaining warranty, box or lightning cable with either.

Magic Trackpad 2 – Perfect condition on the top and all ends. On the rear are a couple of marks. One is a single faint scratch towards the top but no matter what I do, I cant capture it. The other is as shown. Obviously neither affect use and aren’t seen anyway! Works perfectly.

Magic Mouse 2 – This is in perfect condition and works perfectly.

Both will come fully charged and will be securely packaged. I’ve used/mislaid the lightning cables so I’m sure you’ll have your own for recharging.

Will consider offers/deals for combinations…

Cheers!

Price and currency: £75, £50, £83 & £23
Delivery: Delivery cost is not included
Payment method: PPG, BT or cash on collection if you’re local
Location: Saffron Walden
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple Magic Trackpad 2, Magic Mouse 2, AirPort Extreme & Twelve South Magic Wand

Like others, I’m having an Apple clear out to make way for my recent purchases on here

I’ve tried to get on with both but have given up, the mouse especially but I’ve just recently bought a Logitech MX Master 2S mouse which does all I need. No remaining warranty, box or lightning cable with either.

Magic Trackpad 2 – Perfect condition on the top and all ends. On the rear are a couple of marks. One is a single faint scratch towards the top but no matter what I do, I cant capture it. The other is as shown. Obviously neither affect use and aren’t seen anyway! Works perfectly.

Magic Mouse 2 – This is in perfect condition and works perfectly.

Both will come fully charged and will be securely packaged. I’ve used/mislaid the lightning cables so I’m sure you’ll have your own for recharging.

Will consider offers/deals for combinations…

Cheers!

Price and currency: £80, £55, £85 & £25
Delivery: Delivery cost is not included
Payment method: PPG, BT or cash on collection if you’re local
Location: Saffron Walden
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple Magic Trackpad 2, Magic Mouse 2, AirPort Extreme & Twelve South Magic Wand

Like others, I’m having an Apple clear out to make way for my recent purchases on here

I’ve tried to get on with both but have given up, the mouse especially but I’ve just recently bought a Logitech MX Master 2S mouse which does all I need. No remaining warranty, box or lightning cable with either.

Magic Trackpad 2 – Perfect condition on the top and all ends. On the rear are a couple of marks. One is a single faint scratch towards the top but no matter what I do, I cant capture it. The other is as shown. Obviously neither affect use and aren’t seen anyway! Works perfectly.

Magic Mouse 2 – This is in perfect condition and works perfectly.

Both will come fully charged and will be securely packaged. I’ve used the lightning cables so Im sure you’ll have your own for recharging.

Will consider offers/deals for combinations…

Cheers!

Price and currency: £80, £55, £85 & £25
Delivery: Delivery cost is not included
Payment method: PPG, BT or cash on collection if you’re local
Location: Saffron Walden
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Apple Magic Trackpad 2, Magic Mouse 2, AirPort Extreme & Twelve South Magic Wand

Like others, I’m having an Apple clear out to make way for my recent purchases on here

I’ve tried to get on with both but have given up, the mouse especially but I’ve just recently bought a Logitech MX Master 2S mouse which does all I need. No remaining warranty, box or lightning cable with either.

Magic Trackpad 2 – Perfect condition on the top and all ends. On the rear are a couple of marks. One is a single faint scratch towards the top but no matter what I do, I cant capture it. The other is as shown. Obviously neither affect use and aren’t seen anyway! Works perfectly.

Magic Mouse 2 – This is in perfect condition and works perfectly.

Both will come fully charged and will be securely packaged. I’ve used the lightning cables so Im sure you’ll have your own for recharging.

Will consider offers/deals for combinations…

Cheers!

Price and currency: £80, £55, £85 & £25
Delivery: Delivery cost is not included
Payment method: PPG, BT or cash on collection if you’re local
Location: Saffron Walden
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Explore the Cubic congestion control provider for Windows

Administrators may not be familiar with the Cubic congestion control provider, but Microsoft’s move to make this the default setting in the Windows networking stack means IT will need to learn how it works and how to manage it.

When Microsoft released Windows Server version 1709 in its Semi-Annual Channel, the company introduced a number of features, such as support for data deduplication in the Resilient File System and support for virtual network encryption.

Microsoft also made the Cubic algorithm the default congestion control provider for that version of Windows Server. The most recent preview builds of Windows 10 and Windows Server 2019 (Long-Term Servicing Channel) also enable Cubic by default.

Microsoft added Cubic to Windows Server 2016, as well, but it calls this implementation an experimental feature. Due to this disclaimer, administrators should learn how to manage Cubic if unexpected behavior occurs.

Why Cubic matters in today’s data centers

Congestion control mechanisms improve performance by monitoring packet loss and latency and making adjustments accordingly. TCP/IP limits the size of the congestion window and then gradually increases the window size over time. This process stops when the maximum receive window size is reached or packet loss occurs. However, this method hasn’t aged well with the advent of high-bandwidth networks.

For the last several years, Windows has used Compound TCP as its standard congestion control provider. Compound TCP increases the size of the receive window and the volume of data sent.

Cubic, which has been the default congestion provider for Linux since 2006, is a protocol that improves traffic flow by keeping track of congestion events and dynamically adjusting the congestion window.

A Microsoft blog on the networking features in Windows Server 2019 said Cubic performs better over a high-speed, long-distance network because it accelerates to optimal speed more quickly than Compound TCP.

Enable and disable Cubic with netsh commands

Microsoft added Cubic to later builds of Windows Server 2016. You can use the following PowerShell command to see if Cubic is in your build:

Get-NetTCPSetting| Select-Object SettingName, CcongestionProvider

Technically, Cubic is a TCP/IP add-on. Because PowerShell does not support Cubic yet, admins must enable it in Windows Server 2016 from the command line with the netsh command from an elevated command prompt.

Netsh uses the concepts of contexts and subcontexts to configure many aspects of Windows Server’s networking stack. A context is similar to a mode. For example, the netsh firewall command places netsh in a firewall context, which means that the utility will accept firewall-related commands.

Microsoft added Cubic-related functionality into the netsh interface context. The interface context — abbreviated as INT in some Microsoft documentation — provides commands to manage the TCP/IP protocol.

Prior to Windows Server 2012, admins could make global changes to the TCP/IP stack by referencing the desired setting directly. For example, if an administrator wanted to use the Compound TCP congestion control provider — which was the congestion control provider since Windows Vista and Windows Server 2008 — they could use the following command:

netsh int tcp set global congestionprovider=ctcp

Newer versions of Windows Server use netsh and the interface context, but Microsoft made some syntax changes in Windows Server 2012 that carried over to Windows Server 2016. Rather than setting values directly, Windows Server 2012 and Windows Server 2016 use supplemental templates.

In this example, we enable Cubic in Windows Server 2016:

netsh int tcp set supplemental template=internet congestionprovider=cubic

This command launches netsh, switches to the interface context, loads the Internet CongestionProvider template and sets the congestion control provider to Cubic. Similarly, we can switch from the Cubic provider to the default Compound congestion provider with the following command:

netsh int tcp set supplemental template=internet congestionprovider=compound

How bias in AI happens — and what IT pros can do about it

Artificial intelligence systems are getting better and smarter, but are they ready to make impartial predictions, recommendations or decisions for us? Not quite, Gartner research vice president Darin Stewart said at the 2018 Gartner Catalyst event in San Diego.

Just like in our society, bias in AI is ubiquitous, Stewart said. These AI biases tend to arise from the priorities that the developer and the designer set when developing the algorithm and training the model.

Direct bias in AI arises when the model makes predictions, recommendations and decisions based on sensitive or prohibited attributes — aspects like race, gender, sexual orientation and religion. Fortunately, with the right tools and processes in place, direct bias can be “pretty easy to detect and prevent,” Stewart said.

According to Stewart, preventing bias requires situational testing on the inputs, turning off each of the sensitive attributes as you’re training the model and then measuring the impact on the output. The problem is that one of machine learning’s fundamental characteristics is to compensate for missing data. Therefore, nonsensitive attributes that are strongly correlated with the sensitive attributes are going to be weighted more strongly to compensate. This introduces — or at least reinforces — indirect bias in AI systems.

AI bias in criminal sentencing

A distressing real-life example of this indirect bias reinforcement is in criminal justice, as an AI sentencing solution called Compas is currently being used in several U.S. states, Stewart said. The system takes a profile of a defendant and generates a risk score based on how likely a defendant is to reoffend and be considered a risk to the community. Judges then take these risk scores into account when sentencing.

A study looked at several thousand different verdicts associated with the AI system and found that African-Americans were 77% more likely than white defendants to be incorrectly classified as high risk. Conversely, white defendants were 40% more likely to be misclassified as low risk, then go on to reoffend.

Even though it is not part of the underlying data set, Compas’ predictions are highly correlated with race because more weight is given to related nonsensitive attributes like geography and education level.

If you omit all of the sensitive attributes, yes, you’re eliminating direct bias, but you’re reintroducing and reinforcing indirect bias.
Darin Stewartresearch vice president, Gartner

“You’re kind of in a Catch 22,” Stewart said. “If you omit all of the sensitive attributes, yes, you’re eliminating direct bias, but you’re reintroducing and reinforcing indirect bias. And if you have separate classifiers for each of the sensitive attributes, then you’re reintroducing direct bias.”

One of the best ways IT pros can combat this, Stewart said, is to determine at the outset what the threshold of acceptable differentiation should be and then measure each value against it. If it exceeds your threshold, it’s excluded from the model. If it’s under the limit, it’s included in the model.

“You should use those thresholds, those measures of fairness, as constraints on the training process itself,” Stewart said.

If you are creating an AI system that is going to “materially impact someone’s life,” you also need to have a human in the loop who understands why decisions are being made, he added.

Context is key

Stewart also warned IT practitioners to be wary when training an AI system on historical records. AI systems are optimized to match previous decisions — and previous biases. He points to the racist practice of “redlining” in Portland, Ore., — which was legal in the city from 1856 until 1990 — that prevented people of color from purchasing homes in certain neighborhoods for decades. AI systems used in real estate could potentially reinstate this practice, Stewart said.

“Even though the laws change and those bias practices are no longer allowed, there’s 144 years of precedent data and a lot of financial activity-based management solutions are trained on those historical records,” Stewart said.

To avoid perpetuating that type of bias in AI, Stewart said it’s critical that IT pros pay close attention to the context surrounding their training data.

“This goes beyond basic data hygiene,” Stewart said. “You’re not just looking for corrupted and duplicate values, you’re looking for patterns. You’re looking for context.”

If IT pros are using unstructured data, text analytics is their best friend, Stewart said. It can help them uncover patterns they wouldn’t find otherwise. Ideally, IT pros will also have a master list of “don’t-go-there” items they check against when searching for bias.

“Develop a list of suspect results so that if something unusual started popping out of the model, it would be a red flag that needs further investigation,” Stewart said.

Intentionally inserting bias in AI

Is there ever a case where IT pros would want to inject bias into an AI system? With all the talk about the dangers of perpetuating AI bias, it may seem odd to even consider the possibility. But if one is injecting that bias to correct a past inequity, Stewart’s advice was to go for it.

“That is perfectly acceptable if it is a legitimate and ethical target,” he said. “There are legitimate cases where a big disparity between two groups is the correct outcome, but if you see something that isn’t right or that isn’t reflected in the natural process, you can inject bias into the algorithm and optimize it to maximize [a certain] outcome. “

Inserting bias in AI systems could, for instance, be used to correct gender disparities in certain industries, he said. The only proviso he would put on the practice of purposefully inserting bias into an AI algorithm is to document it and be transparent about what you’re doing.

“That way, people know what’s going on inside the algorithm and if suddenly things shift to the other extreme, you know how to dial it back,” Stewart said.

Box Activity Stream embeds Salesforce, Slack in Box viewer

SAN FRANCISCO — With Box Activity Stream, the content management software vendor is bidding to make its cloud platform a collaboration hub for all Box users’ daily communications by integrating with popular third-party apps like Slack, Salesforce and DocuSign.

Unveiled at the BoxWorks 2018 conference here, Box Activity Stream enables users to use apps in the file preview pane of the Box user interface, where users tag each other about file sharing and exchange messages.

As well as giving users the ability to share and post links on non-Box apps, the new feature also recommends apps for people to use in conjunction with a file they are working on in Box. The app recommendations are customized according to how often a user chooses them, their popularity in the company, and the file type with which they are most frequently associated.

Announcement-beta cycle

Box Activity Stream is expected to see beta release next year, following a pattern of Box product releases being announced the year before they are available in beta.

Analysts familiar with Box Activity Stream said the technology is a useful addition to the Box platform, but that it also puts Box in the position of competing with a host of software platforms to be the go-to hub for enterprise users, and could also lead to notification overload.

“It helps Box go from cloud file storage to being an interactive user experience that involves content. It makes it a more collaborative workspace,” said Alan Lepofsky, an analyst at Constellation Research.

Vendors vying to be digital hub

“In theory, it’s a great concept,” Lepofsky added. “But everyone wants to be the digital hub. Everyone wants to fight for everybody’s attention and eyeballs and to do that they want to bring in all the other products.”

Everyone wants to be the digital hub.
Alan Lepofskyanalyst, Constellation Research

Meanwhile, the company views Box Activity Stream as a key part of its digital workplace strategy to redefine content management, workflow and services as digital first, said Faizan Buzdar, senior director of product management at Box.

While modern SaaS enterprise applications have accelerated time-to-market and time-to-adoption rates, they have also created a sort of scattering of content, Buzdar said.

“It’s an awesome trend, but at the same time it creates a challenge. How do I know what’s happening, how do I know where all that content lives?” he said.

Box Activity Stream enables users to, say, create a document in response to an email, send it to a collaborator for editing, send it to someone else over Slack and then attach it to an account in Salesforce or NetSuite.

With that process, Buzdar said, “our goal is to avoid content fragmentation and segmentation and let enterprises apply the same security and compliance layers across all their content from the perspective of the touch points that their end users have.”

Buzdar said Box has seen demand for this kind of capability among users in CRM, sales and ERP.

Screenshot of new Box Activity Stream feature
Box Activity Stream showing integrations with Slack, Salesforce and DocuSign

Google integrations

In addition to Box Activity Stream, Box on the first day of the conference said its previously announced Box for G Suite and Gmail integrations are now available for public beta use.

Box enterprise users have been calling for Google integrations more and more, Buzdar said.

“We love Google. We work closely with Google,” Buzdar said. “Customers are coming in who are basically deciding to standardize on Google. If you’re a big company, say with 100,000 employees, somewhere in the organization you have Google.”

The company also said Box Feed, which was announced at BoxWorks 2017, will also now go into public beta. The machine learning feature provides personalized updates, activities and recommended Box content.

A primitive precursor to Box Activity Stream was rolled out in 2011 when Box added a collaboration feature to its then mostly cloud document storage-focused platform, which it termed “activity streams.”

Mobile and desktop screenshots of Box Feed system
Box Feed displaying content trends, activity

Possible confusion, more engagement

As for Box Feed, Karen Hobert, a Gartner analyst, said with Box Activity Stream, Box runs the risk of confusion between the two.

“One would think a user might want them combined as long as they could control the experience. But maybe the different UI experiences — Activity Stream in viewers, Feed in Box UI — will mitigate any confusion,” Hobert said.

But Hobert said she sees value in Box Activity Stream in terms of smoothing what can be a sometimes disjointed experience toggling between apps and Box.

“Basically, I see it as a way to keep employees engaged in Box throughout the day. Certainly users will like not having to bounce around from app to app,” she said. “Activity Stream clearly makes a more seamless experience with Box and content in other apps. In the end, Box wants to — and needs to — be a destination that users won’t live without.”

Hobert also questioned Box’s record on delivering on new systems and features, noting that there were “significant delays” in two earlier products, Box Relay and Box Sync, and that Box Feed and Box Skills, the company’s high-profile AI play that was announced nearly a year ago, are still in beta.

Lepofsky said he expected significant news at the conference about the much-touted Box Skills system.

“Otherwise, they’re going to look bad,” he said.

HiveIO seeks to create buzz in HCI market

Newcomer HiveIO Inc. is trying to make it in the already crowded hyper-converged infrastructure market by touting a software-only application that it claims uses AI for resource management.

HiveIO this week released Hive Fabric 7.0, its hyper-converged application. The vendor, based in Hoboken, N.J., has actually been around since 2015 and shipped its first version of Hive Fabric that same year, but has kept a low profile until now. HiveIO’s co-founders Kevin McNamara and Ofer Bezalel came out of JP Morgan Chase’s engineering team. HiveIO CTO McNamara said the goal was to create an infrastructure that consisted of one platform, was simple to use and was inexpensive.

“They thought about a single product, single vendor, hyper-converged fabric out of the box that just deploys and just works and reduces the complexity of the data center,” said HiveIO CEO Dan Newton, who joined HiveIO last April from Rackspace. “Our team comes from an operational background, and we’re focused on making our product operationally very easy, yet very stable. We try to make the technology work for the customers. We don’t want the customers to have to work to make it work.”

Newton said HiveIO has about 400 customers, including those it picked up by acquiring the assets of HCI software vendor Atlantis Computing in July 2017. HiveIO also inherited Atlantis’ OEM deal with Lenovo, which packaged Atlantis’ HCI software on its servers. However, HiveIO has no other hardware partnerships for Hive Fabric.

Newton said the goal is to provide HCI software that can deploy in 20 minutes on three nodes and requires little training to use.

We put the Message Bus into appliances and use machine learning to manage the appliances.
Kevin McNamaraCTO, HiveIO

HiveIO describes Hive Fabric as a “zero-layer, hardware-agnostic” hyper-converged platform that runs on any x86 server or in the cloud. Hive Fabric includes a free kernel-based virtual machine hypervisor, although it can also run with VMware and Microsoft hypervisors. Hive Fabric manages storage, compute, virtualization and networking across HCI clusters through its Message Bus. It includes a REST API and Universal Rest Interface to support third-party and customer applications.

McNamara called the artificial intelligence-driven Hive Fabric Message Bus “unique to the industry.” he said the Message Bus relies on AI and metadata to format data in real-time and provide predictive analytics to prevent potential performance and capacity problems.

“It’s all integrated into the stack,” McNamara said. “We can see everything in the hardware, everything in the stack, everything in the guest server and everything in the application layers. We put the Message Bus into appliances and use machine learning to manage the appliances. You can move workloads across appliances.”

Newton added, “Every piece of data point all comes through the Message Bus.”

HiveIO released Hive Fabric 7.0 this week, simplifying resource management through a Cluster Resource Scheduler (CRS). The CRS uses AI to monitor resource allocation across the cluster, and moves guest virtual machines between servers to improve operational efficiency. Hive Fabric 7.0 also allows customers to run multiple mixed-application workloads.

Hive Fabric 7 from HiveIO
HiveIO’s Hive Fabric 7 management dashboard.

Forrester Research senior analyst Naveen Chhabra said HiveIO will need to prove its AI capabilities to make it in an HCI field that includes at least 15 vendors.

“A number of companies already have proven technology — including Nutanix, Cisco, Dell EMC, VMWare,” Chhabra said. “HiveIO can do the same, but they must deliver at least table stakes technology, and then find out what innovations they can come up with. They talk about the interconnect fabric with artificial intelligence. It’s a transport layer for sending bits and bytes from one node to another. What kind of artificial intelligence does it have? Is it artificial intelligence or just AI washing like you hear from other vendors? And they have to find a strong use case for that artificial intelligence, even if it’s just one use case.”

HiveIO executives claim their early customers’ workloads include general server virtualization, virtual desktops, databases, log analysis and test/dev.

Hive Fabric is sold as a monthly subscription based on the number of physical servers with no restrictions on memory, storage or cores.

HiveIO promises to support Atlantis Computing hyper-converged and virtual desktop infrastructure software through 2022. Newton said HiveIO will offer Atlantis customers an upgrade path to Hive Fabric. He said HiveIO hired some Atlantis employees but is not using its technology in Hive Fabric.

HiveIO has 30 employees in the U.S. and U.K. It has completed two funding rounds and lists El Dorado Ventures, Rally Ventures, Osage Venture Partners and Citrix as investors but does not disclose its total funding.

Google’s OEMConfig could propel Android in business

A new initiative from Google aims to make Android more appealing to the enterprise.

Currently, enterprise mobility management (EMM) providers build different APIs into their platforms for each Android OEM’s unique features, which creates a hassle to fully support all manufacturers. With OEMConfig, the manufacturers themselves will provide the APIs in an application that EMM providers can support. That means IT pros can more easily manage and update various Android devices through their EMM, and incorporate OEM-specific features for their users.

“This looks like an enormous step forward,” said Willem Bagchus, a messaging and collaboration specialist at United Bank based in Parkersburg, W.Va. “Google is more serious about getting a deeper penetration into the business marketplace, and I look forward to it.”

What needs to change

Each Android OEM builds different features into its devices through APIs that augment what Google builds into the OS, such as capabilities that optimize bandwidth for field service workers. Android Enterprise helped expand API standards for Android in business settings, but there are still plenty of OEM-specific APIs.

That means EMM and unified endpoint management (UEM) providers must write, test and maintain different sets of code for different APIs, and repeat that process each time the OEM updates the OS. It also means the EMM provider is forced to make choices about where to dedicate its resources to support OEMs.

“This put a huge burden on the UEM providers,” said Ojas Rege, chief strategy officer at MobileIron. “The APIs wouldn’t necessarily be supported by many of the providers. The model doesn’t scale, and it takes away the manufacturer’s practical ability to differentiate.”

Some IT shops jump through hoops to manage Android in business because of the OS’ many varieties.

United Bank has used Microsoft Intune for the past two years to manage Apple iOS and Android devices. Only tech services employees get Android devices, and they’re Google phones rather than another manufacturer because Google’s own devices receive OS updates most often, Bagchus said.

“The frequency of OS updates — it’s the Wild West,” he said. “Everybody has their own flavor of Android, which is good on the one hand, but it’s hard to have a standard management approach to it.”

How OEMConfig could help

With Android Enterprise and AppConfig, EMM and UEM providers can send configurations to an application on a device. OEMConfig, which Google announced at its Android Enterprise Summit for Partners in London in May, will extend this capability.

With OEMConfig, an OEM builds its APIs into a configuration app and makes that app available in the Google Play store. EMM providers then support the OEMConfig app in their platform, and customers distribute the app to end users’ devices through the EMM. The app then configures a device to take advantage of the specific features in that OEM’s version of Android.

The more value-add a device can bring to an enterprise, the more likely they are to be bought.
Jason Baytonconsultant, CWSI

“It’s going to speed up the time to market on any new functionality,” said Jason Bayton, senior enterprise mobility consultant at CWSI based in the U.K. “We no longer have to wait on the EMM. It’s in [the OEMs’] best interest really because the more value-add a device can bring to an enterprise, the more likely they are to be bought.”

An extra benefit for IT is that the OEMConfig app can provide more consistent updates through Google Play automatically, and push new features to devices as soon as they’re available, Bayton said. IT admins can send new, vendor-specific calls to devices as soon as the OEM updates the app, without waiting for the EMM provider to build custom code, according to a Google spokesperson.

EMM providers will need to adjust their user interfaces to render OEMConfig’s more robust schema and properly display hardware management groupings for IT to configure, the spokesperson said.

The future of Android in business

OEMConfig mainly benefits smaller OEMs that don’t have support from all EMM vendors, experts said. That benefits IT at smaller businesses, which tend to have more mixed device environments than large enterprise organizations, said Eric Klein, director of mobile software at VDC Research.

“This can make EMM make a lot more sense for them because you’re going to be able to support any type of Android device,” he said. “It’s a way for Google to really make themselves a much more easily integrated platform.”

If OEMConfig simplifies EMM support and device updates, that’s a big reason for more highly regulated companies to adopt Android in business, Bagchus said.

“I think it will finally make Android devices more palatable,” he said. “We’re under a lot more scrutiny because of the regulators, which is why we had to steer clear of Android before.”

Still, Google will need OEMs and EMM providers to rally around this initiative to boost Android in business. Google has worked with hardware partner Zebra to develop the OEMConfig framework, and is “actively bringing our OEM and EMM partners together to incorporate OEMConfig into their solutions,” the Google spokesperson said, but declined to say when OEMConfig will be officially available.

EMM vendors likely will get on board in the last quarter of 2018, VDC’s Klein said.

MobileIron’s Rege said the company plans to support OEMConfig when it is available.

“It means that all these new capabilities can be supported by us without having to create custom code,” he said.

Netflix launches tool for monitoring AWS credentials

LAS VEGAS — A new open source tool looks to make monitoring AWS credentials easier and more effective for large organizations.

The tool, dubbed Trailblazer, was introduced during a session at Black Hat USA 2018 on Wednesday by William Bengtson, senior security engineer at Netflix, based in Los Gatos, Calif. During his session, Bengtson discussed how his security team took a different approach to reviewing AWS data in order to find signs of potentially compromised credentials.

Bengtson said Netflix’s methodology for monitoring AWS credentials was fairly simple and relied heavily on AWS’ own CloudTrail log monitoring tool. However, Netflix couldn’t rely solely on CloudTrail to effectively monitor credential activity; Bengtson said a different approach was required because of the sheer size of Netflix’s cloud environment, which is 100% AWS.

“At Netflix, we have hundreds of thousands of servers. They change constantly, and there are 4,000 or so deployments every day,” Bengtson told the audience. “I really wanted to know when a credential was being used outside of Netflix, not just AWS.”

That was crucial, Bengtson explained, because an unauthorized user could set up infrastructure within AWS, obtain a user’s AWS credentials and then log in using those credentials in order to “fly under the radar.”

However, monitoring credentials for usage outside of a specific corporate environment is difficult, he explained, because of the sheer volume of data regarding API calls. An organization with a cloud environment the size of Netflix’s could run into challenges with pagination for the data, as well as rate limiting for API calls — which AWS has put in place to prevent denial-of-service attacks.

“It can take up to an hour to describe a production environment due to our size,” he said.

To get around those obstacles, Bengtson and his team crafted a new methodology that didn’t require machine learning or any complex technology, but rather a “strong but reasonable assumption” about a crucial piece of data.

“The first call wins,” he explained, referring to when a temporary AWS credential makes an API call and grabs the first IP address that’s used. “As we see the first use of that temporary [session] credential, we’re going to grab that IP address and log it.”

The methodology, which is built into the Trailblazer tool, collects the first API call IP address and other related AWS data, such as the instance ID and assumed role records. The tool, which doesn’t require prior knowledge of an organization’s IP allocation in AWS, can quickly determine whether the calls for those AWS credentials are coming from outside the organization’s environment.

“[Trailblazer] will enumerate all of your API calls in your environment and associate that log with what is actually logged in CloudTrail,” Bengtson said. “Not only are you seeing that it’s logged, you’re seeing what it’s logged as.”

Bengtson said the only requirement for using Trailblazer is a high level of familiarity with AWS — specifically how AssumeRole calls are logged. The tool is currently available on GitHub.