Enterprise Resource Planning (ERP) = Business Software

Enterprises (aka large businesses) use software to run their business. This software is called "Enterprise Resource Planning", or ERP. Sounds fancier than "business software", no? So what is ERP, and how does it work? Let's create an imaginary company "ACME" that designs, manufactures, and sells its AeroGadget.

ACME, an Apple Wannabe 

ACME wants to be the next Apple. So like Apple, it wants to control the entire life cycle of its products. From design to manufacturing to marketing to sales. Meaning ACME owns the entire lifecycle of AeroGadget. ACME will 1) Design 2) Procure 3) Supply Chain Management 4) Manufacture 5) Market 6) Sell 7) Service to keep customers happy. 

ERP used in ACME 

The creation of the mechanical AeroWidget—a complex assembly of brass gears, engraved plates, and precision-tuned springs—requires more than just skilled craftsmanship. For ACME to successfully bring this gadget to market, it must employ a comprehensive Enterprise Resource Planning (ERP) system that unifies every department, from the workshop floor to the executive back office.

Engineering, Manufacturing, and Quality Control

The "soul" of the AeroWidget lies in its mechanical intricacy. The ERP system serves as the central nervous system for these physical processes:

Design & PLM: Product Lifecycle Management (PLM) modules manage the technical blueprints and gear-ratio schematics, ensuring that every design iteration is tracked.

BOM & Procurement: The system automates the Bill of Materials (BOM), coordinating the sourcing of raw brass, wood, and specialized gears from global suppliers.

Manufacturing & Quality: As units move through production, the ERP tracks real-time assembly progress and triggers "Engraving Tests" to ensure the high-fidelity aesthetic of the gadget meets ACME's standards.

Marketing, Sales, and Logistics

Turning a masterpiece into a product requires seamless market integration:

CRM & Sales: Customer Relationship Management (CRM) tools allow ACME to target collectors of luxury mechanical goods while managing incoming orders to prevent over-promising on stock.

Warehouse & Shipping: The ERP manages the delicate inventory and optimizes "Track & Trace" logistics, ensuring that the fragile glass-and-brass units are delivered safely via specialized transport.

The Back-Office Foundation: HR, Finance, and Accounting

While the gears turn in the widget, the ERP ensures the business gears turn behind the scenes:

Human Resource Management: The "Talent Pipeline" and "Workforce Management" modules ensure that ACME recruits and retains the specialized master horologists and engineers required for such a unique product.

Finance & Accounting: These modules provide "Capital Management" and "Ledger Control," balancing the high cost of raw materials against revenue. This ensures that every brass screw is accounted for in the company’s financial plans.

Service & Analytics: Finally, the system manages "Calibration Schedules" for field service and uses cross-functional data analytics to refine future production runs based on customer feedback.

Conclusion:

ERP is business software used by enterprises to run their business. ERP encompasses all business software - such as design, planning, supply chain, marketing, sales, human resource, finance, accounting.  By integrating these disparate functions into a single "ERP Flow," ACME can transform a complex mechanical challenge into a sustainable, scalable, and highly efficient luxury brand.

Why Do We Need SASE In Modern IT?

 Secure Access Service Edge (SASE)

• Before I begin, let’s start with the basic definitions. Zero Trust is a concept of never trusting anyone, always verify, even if they are in the house. SASE is architecture. So all devices that need to access the corporate network will go to the cloud first to have the user verified. SD-WAN is an implementation of SD-WAN.

• Ok on to SASE Secure Access Service Edge!

• SASE in a nutshell : SASE is short for Secure Access Service Edge. In the olden days, to secure access to a company network, you had to go into the office to connect to the company network. But modern digital life means you can be anywhere, using any device, at any time. So a new, safe environment that is beyond the office walls is needed. Introducing SASE. With SASE, the office network reach is now global. The security guard now follows the worker - instead of the workers going to the office guarded by a security guard.

• Top networking IT vendors that sell SASE solutions that is sold as SD-WAN include compaies such as Cisco SD-WAN, Aruba EdgeConnect, Juniper AI-Native WAN.

Amazon One Palm Reader Discontinued In Amazon Grocery Stores (Whole Foods) Starting June 2026

Amazon One is a contactless, palm-based biometric identity service. It announced in September 29, 2020 in this news release as being  available in Amazon Go mini-market stores. Later on March 28th, 2024 with this news release. Amazon One palm reader payment is used at Whole Foods grocery markets (owned by Amazon). During check out, a shopper just puts their palm on a palm reader to pay. No app. No card. No cash.

Roughly over just 2 years later, Amazon announced earlier in 2026 that Amazon One biometric authentication will be fully discontinued for retail customers on June 3, 2026. It’s officially the end of an era for the "palm wave" at checkout.   The decision to pull the plug on the technology—which uses a combination of surface-area imaging and subcutaneous vein patterns—comes down to a few key factors:

1. The "Adoption Gap"

Despite the initial hype, Amazon reported that customer adoption simply never reached the critical mass needed to justify the overhead. Most shoppers remained more comfortable with the muscle memory of tapping a credit card or using a digital wallet (Apple/Google Pay), which offered similar speed without the perceived "creep factor" of biometric scanning.  

2. Privacy and Trust Hurdles

Biometrics are a tough sell in the current privacy climate. While Amazon emphasized that the data was encrypted and stored in a specialized "One" cloud rather than on-device, privacy advocates and even some members of Congress voiced concerns about surveillance and data security. For many users, the convenience wasn't worth the perceived risk of handing over a "palm signature" to a retail giant.  

3. A Massive Retail Pivot

The discontinuation of Amazon One is part of a much larger strategic retreat. Amazon is simultaneously shuttering its Amazon Fresh and Amazon Go physical locations to refocus its grocery efforts on Whole Foods Market and same-day delivery. Since those experimental stores were the primary "homes" for palm readers, the infrastructure no longer fit the new business model.  

4. High Operational Costs

Maintaining the hardware and the complex backend (which required real-time cloud authentication and seamless integration with various payment processors) is expensive. Without the volume of users to offset these costs, the ROI wasn't there—especially compared to standard NFC payments.  

What Happens Now?

Data Deletion: Amazon has stated that all user data, including palm signatures and associated payment info, will be automatically deleted once the service is fully decommissioned in June.  

The Healthcare Exception: Interestingly, the technology isn't dying everywhere. It will reportedly remain active for patient check-ins at specific healthcare facilities (like NYU Langone) for the time being, where the "identity verification" use case still holds some value.  

Alternative Tech: Amazon is shifting its focus to Dash Carts (the smart shopping carts that track items as you go) and its broader Just Walk Out licensing for third-party venues like stadiums.

It seems the world wasn't quite ready to pay with a high-five. Given the current trend toward Zero Trust and enhanced data sovereignty, a centralized biometric database for snacks was always going to be a steep hill to climb.

Are you looking for a more secure alternative for your own workflows, or were you mostly concerned about the data privacy aspect of the shutdown?

Introduction to Microsoft Defender XDR

Windows Defender was originally a basic built-in antivirus that protected endpoints (namely PCs) running the Windows operating system. As endpoint attack vectors became more sophisticated, antivirus passively protecting an endpoint no longer sufficed. A holistic protection - including identities, emails, and infrastructure - was needed. This was when Windows Defender was rebranded to  Microsoft Defender.

 

Fast forward to today, Microsoft Defender is now the overarching brand that covers a series of related products that provide integrated threat protection across the entire digital estate, including endpoints, identities, email, applications, and multi-cloud infrastructure. Here are the products under the Microsoft Defender brand:

• Microsoft Defender XDR: This is the unified dashboard/suite that includes:
• Microsoft Defender for Endpoint 
• Microsoft Defender for Office 365
• Microsoft Defender for Identity
• Microsoft Defender for Cloud Apps
• Microsoft Defender for Cloud
• Microsoft Defender Vulnerability Management
• Microsoft Defender for IoT

What Is Microsoft Defender XDR

Microsoft Defender XDR (Extended Detection and Response) is an integrated suite of four security products, each providing a unique and needed defense against sophisticated attacks. Powered by AI, Microsoft Defender XDR  provides an always learning, adapting, and automated unified defense across your digital estate. The four included products in XDR are:

• Microsoft Defender for Endpoint: Protects physical devices (Windows, macOS, Linux, Android, iOS). It provides both preventative antivirus and EDR (Endpoint Detection and Response) for hunting advanced persistent threats. 
• Microsoft Defender for Identity: Uses your on-premises Active Directory or Entra ID (formerly Azure AD) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions.
• Microsoft Defender for Office 365: Safeguards your "collaboration" layer—protecting against malicious links (Safe Links) and attachments (Safe Attachments) in Outlook, Teams, SharePoint, and OneDrive.
• Microsoft Defender for Cloud Apps: A Cloud Access Security Broker (CASB) that gives you visibility into your SaaS apps, helping to identify "Shadow IT" and protect sensitive data moving in and out of the cloud.

What Makes Microsoft Defender XDR Unique?

Microsoft Defender differentiates itself by moving beyond simple signature-based detection to behavioral AI and automation.

• AI : Uses machine learning and cloud-delivered intelligence to block malware in real-time, even if the threat has never been seen before (Zero-day).
• Attack Surface Reduction (ASR): A set of controls that prevent actions typically used by malware, such as launching executable files from email or blocking Office apps from creating child processes.
• Self-Healing (AIR): Short for Automated Investigation and Response. When an alert is triggered, Defender can automatically launch an investigation, determine if a file is malicious, and remediate it (e.g., quarantine a file or stop a process) without human intervention.
• Advanced Hunting: For security pros, this provides a powerful query language (Kusto Query Language or KQL) to search through 30 days of raw telemetry data to find hidden indicators of compromise.
• The "Agentless" Advantage: Because the sensors for Defender are built directly into the Windows operating system, there is no third-party agent to install or update. This reduces "agent sprawl," lowers CPU overhead, and prevents the common "security vs. performance" conflict.

Conclusion

Microsoft Defender XDR represents a paradigm shift from traditional, siloed security to a unified, AI-native ecosystem.  Unlike third-party solutions, it requires no additional software installation, which eliminates compatibility issues and ensures peak system performance by minimizing CPU overhead  By integrating defense across endpoints, identities, email, and cloud apps, Microsoft Defender XDR seamlessly correlates telemetry across endpoints, identities, and cloud applications to eliminate the silos that attackers exploit. 

Connecting Supply Chain Networks : When One Plus One Made Three

---

 

 

Once upon a time, in a bustling digital world, there lived two companies: Fulcra and Velos.

Fulcra specialized in logistics and inventory. It could track every package in real time, optimize delivery routes with satellite precision, and move goods faster than anyone else. But Fulcra didn’t know what to move — only how to move it.

Velos, on the other hand, was an e-commerce titan. Its storefronts were beautiful, its marketing sharp, and its customer base global. But when orders poured in, chaos followed. Warehouses ran out of stock. Deliveries arrived late. Refunds stacked up.

Each company excelled at what it did. Yet both suffered in silence.

One day, a young analyst named Rina, who had worked briefly at both companies, saw the problem clearly: “These systems don’t talk to each other.”

She proposed something radical: a real-time connection between Fulcra’s logistics engine and Velos’s e-commerce platform. Orders placed in Velos would instantly inform Fulcra’s inventory and routing. Fulcra’s supply chain insights would feed back into Velos’s product availability and delivery promises.

At first, both companies resisted. “It’s too risky,” said Fulcra’s CIO. “We’ll lose control of our data,” Velos’s head of tech argued.

But Rina persisted. She ran a simulation — and it showed that with full integration, customer satisfaction would increase 30%, delivery times would drop by 40%, and operational costs would shrink.

“One plus one doesn’t just equal two,” she said. “It equals three — or more — when the systems are connected.”

With cautious optimism, the two companies launched Project Converge. APIs were built. Dashboards redesigned. Silos torn down.

The results were immediate.

Customers now saw accurate delivery times before they hit "Buy." Warehouses preemptively stocked products in areas with rising demand. Returns plummeted. Profits soared. Fulcra and Velos, once strong but isolated, became unstoppable together.

And Rina? She was promoted to lead a new initiative: connecting more systems across the ecosystem. She understood a powerful truth most businesses forget:

In isolation, systems work.
In connection, systems create.
And when 1 + 1 = 3, that’s the power of integration.

 

---

Hosting Ruby on Rails On Heroku Cloud and Coding with Cloud9 IDE

Hosting Ruby on Rails
On Heroku Cloud

Albert Chiang

 
1.    Ruby, Rail

Ruby is an Object-Oriented Programming scripting language and Rails (the Model View Controller web app framework developed using the Ruby language).  The purpose of this document is to show how to deploy a Ruby on Rails production website to Heroku cloud.  This will be demonstrated via a “Thanksgiving Potluck Signup” app running on Heroku (a Platform-As-A-Service).
 
 
2.    How I did it & source code

2.1.    Concept of the “Thanksgiving Potluck App”

Every year, my dear friend Neil invites others and I to his house for a Thanksgiving dinner potluck.   Neil usually brines and bakes a turkey, but he needs help from his guests to bring other dishes. He also wanted a way for guests to sign up for dishes, but did not want the dishes to overlap.  He used Evite to manage the email list and track who is coming, but tracking who was bringing what dishes was not easy to use. And being able to access the list via web or mobile web instantly via its own URI will make the app much easier to use.
                        
                                                  
Figure 1 Thanksgiving Potluck at Neil's
 
2.2.    Development environment

My development was on Cloud9 cloud IDE, which basically allowed me to use my browser to development and run my Rails web app.  It was easy enough to use, so I gave up using a Linux terminal and my trusty vi editor. Below is a screen shof of development on Cloud9 Cloud IDE
 

 
2.3.    Initial data model

For Neil’s Thanksgiving potluck, Neil wanted a simple guest registration system for the guests to use to register themselves. He wanted it to be accessible on both web and mobile. For each guest, Neil wanted to know these about his guests:
1.    Name of guest
2.    What food is being brought by the guest
3.    Total number of people coming
4.    Email of the guest

Further more, Neil said that it would be nice if the registration system can check for overlap in food brought.
 
 
2.4.     Initial scaffold creation using Rails

Rails is a framework that eases web app development and testing. The framework was designed to bring order to a potentially messy process of developing and testing web apps. But the framework also potentially adds extra baggage, especially for simple web apps. One way Rails eases the creation of the framework is via automated scaffold generation.  A Rails scaffold creates the necessary directory structure and pre-populated files.


2.5.    Seeding the database 

Now that we have a web app running, the framework of what to show (guest information) and how to manage it (edit, destroy, show) is built in and ready to use. But now we would like to have data in this web app. What is the fastest way to pre-populate data into it? We can populate the web app with data by using seed.
                                       

2.6.    Data migration

The data model was created using Rails and resides in the db/migrate directory as a Ruby file. But the Rails framework eventually will interact with a MySQL database. Rails has one built-in called SQLite3. In order to “migrate” the Ruby version of the data into SQLite3, the “rake db:migrate” is invoked. To double check the output of the migration into an sqlite3 file, I used  SQLite Free – Datum.
 

 
2.7.    Customize the User Interface View 

The Rails scaffold command creates a basic look on the View. Neil wanted a bit more customization in the web app – which means changes to HTML and CSS. In Rails, HTML is produced from processing Embedded Ruby files (erb) and CSS is produced from processing Sassy CSS (SCSS) files.  
                        s.
                                  

2.8.    Validating the data model

Neil preferred that guests not bring duplicate food.  He wanted the web app to warn a guest if the food to be brought was already registered. This is easily done in Rail using the “validates” concept. Neil also want to limit the number of  total guests, so a limit of 4 per guest is imposed by Neil.

2.9.    Route configuration

Ruby on Rails uses a Models View Control (MVC) design pattern. Which means that web app requests from users are sent to the Controller. But in Rails, before the user request is sent to the Controller, it is first routed through a Rails router.
            
 
2.10.    App testing
Rails was design with test in mind. With Rails, tests are easy to write, easy to run, and offers powerful abilities for test automation.
    
 
3.    Deployment to The World - Using Heroku PAAS & Git
Now that we have developed and tested our web app on my Macbook Pro, it is time to let other use it – by pushing the web app to production. Which means Neil and his guests can starting using the app from any web browser. But in order to push my Ruby on Rails environment to production, I need a way to host my Ruby on Rails application. This is where Heroku can help.

3.1.    What is Git
Git is a source code revision control system. Which allows you to store your source code into a safe place – called a repository.  Git in itself is a great software development tool to keep backups of your project , as well as keep revision control so that you can revert to previous version of your project.  But must we use Git?
The answer is yes – because we are using Heroku to push our project to production.
 

 
3.2.    Pushing to Heroku

Heroku offers Platform As A Service (PAAS) to deploy applications. In order to productize my web app, I first applied for a free Heroku account. Once established, the Linux command line can be used to control interaction with the Heroku Command Line Interface (CLI).  
 

3.3.    Differences Between Development and Production - PostgreSQL instead of SQLite
During the development of our Rails web app on my Macbook Pro, SQLite3 was the default Relational Database System (RDB) used with Ruby on Rails. SQLite3 is an embedded RDB, in contrast to MySQL – a full RDB environment. MySQL is part of Oracle, which leaves the Open Source community a bit nervous because Oracle makes money from selling  its own Oracle Database.
For those looking for pure open source RDB, PostgreSQL is the popular choice. Moreover, PostgreSQL is a Object Relational Database. Hence it is not surprising that Heroku supports PostgreSQL over SQLite.
 
 
 
3.4.    Production Web View
 

4.    Conclusion

Ruby is an object oriented scripting language targeted for web applications. Rails add a framework around Ruby so that code with specification functionality has a nature home in the framework. Rails adopt the MVC design pattern.  Ruby on Rails provides a proven and robust framework for web app development, testing, and production. Within a few short Rails command, a full web app is created.  Heroku cloud was picked as the public cloud hosting platform.

Simple Cybersecurity Intro

Introduction to Cybersecurity

 

Businesses of today have migrated to all in on digital - relying on smart phones, laptops, networks, programs, and data to operate. Gone are the analog days where businesses use papers, faxes, and even telephones to operate.  Using just a laptop or smart phone, customers from the other side of the planet can be ordering products and services from you 24/7 without a human slowing down the  experience and transaction. But that same ease of use for the customer far away is the same mechanism that hackers can use to 1) shutdown your business by disrupting your IT 2) steal your company's intellectual property information 3) steal your customer information 4) lock your business out of its data and ask for a ransom to unlock it 5) plant bots that run secretly and quiet to launch more attacks to steal and disrupt.   Cybersecurity is the practice of protecting all of the above systems : smart phones, laptops, networks, programs, and data - from digital attacks. Here is a diagram of a business IT system.

 

 

In order for a business to protect its IT from cyberattacks, here are some basic protections to take.

 

1) Identify all attempts to use and login into your IT system : people, machines, and now with AI - AI Agents. Following the IdAAA framework, your cybersecurity system must 1) Identify the user - who are you?! 2) Authenticate the user - prove who you are with what you know, what you have, what your are 3) Authorize the user - once identified and authenticated, look up the permissions. You don't want an engineer accessing HR or Financial systems 4)  Accounting - log and track all interactions

 

2) Endpoint : this is the ENTRY POINT into your critical IT systems : the programs, the network, the data. Early days of antivirus were passive and one dimensional. Today's attack sophistication means that your endpoint protection needs to keep up with new and complex attack vectors. EDR (Endpoint Detect and Response) and XDR (Extended Detect and Response) are the bare minimum of today.  

 

3) Network security : Old generation IDS (Intrusion Detection System) and IPS (Intrusion Prevention Systems)  were static and not ready for today's AI and Quantum Compute attacks on network. Start at the very least with Next Gen Firewall (NGFW)

 

4) Server : These are hardware that runs everything in IT. Server hardening, including secure boot, patch management, continuous monitoring, strict access controls (don't share root password!), redundancy

5) Application : This is the direct interface to your customers and hackers. Secure your apps with passwordless & MFA. Leverage OpenID Connect & OAuth 2.0 instead of building your own login system, modern apps use established protocols to outsource authentication to trusted identity providers. Define and implment fine-Grained Authorization: Moving beyond simple "User" or "Admin" roles to Attribute-Based Access Control (ABAC), where access is granted based on time, location, and the specific sensitivity of the data.

6) Storage: This is where your data ultimately lies, and hence a target for ransomware. Make sure your business performs backup, snapshoting, fine grain partition, encryption of data at rest, access anomaly detection.

7) Database : Programs rely on database to provide searchable, indexed, reliable curated data. Authorization by programs, users, and now AI agents is critical to keep business safe (confidential, with integrity). Like storage, need to backup, snapshoting, fine grain partition, encryption of data at rest, access anomaly detection.