BrandPost: Assess Your Organization’s DevOps Maturity

Portions of this post were originally posted on the Puppet blog, and republished here with Puppet's permission.DevOps practices and cultural norms positively impact IT and organizational performance. Our annual State of DevOps Report demonstrates how DevOp improves operational efficiency, creates space for innovation and increases employee engagement.To read this article in full or to leave a comment, please click here

Protect your privacy with surveillance-defeating sunglasses

Have you done something for yourself lately? If you end up with holiday money to spare, then you might consider buying yourself a cool pair of shades that would help protect your privacy while you are out in public.I saw Reflectacles on Kickstarter a few weeks ago, but since this is likely my last article of 2016, then I wanted to make sure you know about these surveillance-defeating glasses as well.The glasses are the brainchild of Scott Urban who claims that wearing Reflectables “ensure you’re noticed and anonymous at the same time.” The anonymous portion is due to light-reflecting frames which can end up looking like a big, shiny blur when captured by CCTV. Since the wearer’s face can’t be seen in any detail behind the bright glare of the glasses, it renders facial recognition tech useless.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Lax IoT device security threatens to pollute the internet

DVRs, IP cameras and other smart products could become the next wave of pollutants that threaten how we live if the security issues around Internet of Things (IoT) devices aren’t addressed.We’ve already seen that too much IoT pollution can wreck our computing environment. The October DDoS attack that brought down Twitter, Netflix and other major websites for a large portion of the U.S. was launched by a botnet comprised of Web cameras, printers and other IoT devices.+ Also on Network World: 2017 security predictions + And while having those sites offline was an inconvenience, the results of that attack weren’t devastating. But future DDoS attacks that throw terabits of data at servers could have more disastrous results. Instead of going after an internet traffic management company, the attackers could target a hospital or a utility provider. Not being able to binge-watch Netflix shows pales in seriousness when compared to cities not having electricity or a doctor being unable to access electronic medical records.To read this article in full or to leave a comment, please click here

IDG Contributor Network: This holiday, design your cloud for data

It’s that time of the year. Ready, set, shop. Whether it's an iPad, a new car or a big egg with a light-up bird inside—like this year’s Hatchimals—every holiday season is filled with the must-have gifts that send consumers into a shopping frenzy.For retailers, the good news is consumers are in the mood to spend during the holiday season. The challenge is meeting consumer demands and battling intensifying competition.The National Retail Federation (NRF) expects retail sales in November and December (excluding autos, gas and restaurants) to reach $655.8 billion. Online sales are forecasted to reach $117 billion this season. And, of course, Cyber Monday plays a huge role in online sales.To read this article in full or to leave a comment, please click here

Worth Reading: The spillover effect

At the same time that default and end-to-end encryption enables dissidents to communicate, it also enables terrorists and other criminals to plot and plan without fear of detection. It means that even when a judge signs off on a warrant based on probable cause to believe that a particular device or account contains evidence of a crime that has been or is about to be committed, law enforcement cannot unlock the smartphone or obtain the relevant data in readable form. The concern is that criminals may go free, and dangerous plots may be left undetected. Comey and other law enforcement officials want US-based companies to provide sought-after data in readable form and to maintain the technological capacity to do so. But the approach is controversial; a powerful coalition of companies, civil liberties groups, and many others decries such efforts at mandated access as undercutting security for us all. —The Hoover Institution

LinkedInTwitterGoogle+Facebook

The post Worth Reading: The spillover effect appeared first on 'net work.

VMware removes hard-coded root access key from vSphere Data Protection

VMware has released a hotfix for vSphere Data Protection (VDP) to change a hard-coded SSH key that could allow remote attackers to gain root access to the virtual appliance.VDP is a disk-based backup and recovery product that runs as an open virtual appliance (OVA). It integrates with the VMware vCenter Server and provides centralized management of backup jobs for up to 100 virtual machines.According to a VMware support article, the vSphere Data Protection (VDP) appliance contains a static SSH private key with a known password. This key allows interoperability with EMC Avamar, a deduplication backup and recovery software solution, and is pre-configured on the VDP as an AuthorizedKey.To read this article in full or to leave a comment, please click here

Microsoft launches a Windows error code troubleshooting site

If you have used Windows for any length of time, you've undoubtedly been hit with an error code during an Update that told you absolutely nothing. "Error code: 0x80070422?" What the hell does that mean? If you were industrious, you could Google the code and maybe find a post on a Microsoft forum or elsewhere that offered some kind of clue as to what the error was and perhaps a solution. Now Microsoft has given us something a little more official. It’s a web page on the company’s support site called Fix Windows Update Errors that aims to help Windows users resolve update-related errors.To read this article in full or to leave a comment, please click here

A Very WebP New Year from Cloudflare

A Very WebP New Year from Cloudflare

Cloudflare has an automatic image optimization feature called Polish, available to customers on paid plans. It recompresses images and removes unnecessary data so that they are delivered to browsers more quickly.

Up until now, Polish has not changed image types when optimizing (even if, for example, a PNG might sometimes have been smaller than the equivalent JPEG). But a new feature in Polish allows us to swap out an image for an equivalent image compressed using Google’s WebP format when the browser is capable of handling WebP and delivering that type of image would be quicker.

A Very WebP New Year from Cloudflare CC-BY 2.0 image by John Stratford

What is WebP?

The main image formats used on the web haven’t changed much since the early days (apart from the SVG vector format, PNG was the last one to establish itself, almost two decades ago).

WebP is a newer image format for the web, proposed by Google. It takes advantage of progress in image compression techniques since formats such as JPEG and PNG were designed. It is often able to compress the images into a significantly smaller amount of data than the older formats.

WebP is versatile and able to replace the three main Continue reading

What India’s Banking Industry Breach Can Teach Us About the Importance of Collaboration

Towards the end of October 2016, several Indian banks announced they would be recalling millions of debit cards in the wake of a data breach that affected the backend of software that powered an ATM network there.

It was a situation that could have been better mitigated; a government-sponsored organization tasked with sharing information about data breaches completely missed the warning signs that a breach was taking place. As a result, no one connected the dots until millions of fraud cases had been detected.

Rachel Levy-Sarfin

Dan Geer Revisits 2014 BlackHat Recommendations: More Industry Recognition of the Problem, Much Left To Do

Computer security analyst and risk management specialist Dan Geer used his keynote at the Black Hat conference in 2014 to make 10 policy recommendations for increasing the state of cybersecurity. Among his suggestions: mandatory reporting of cybersecurity failures, product liability for Internet service providers and software companies, and off-the-grid alternative control mechanisms for increasingly Internet-reliant networks like utility grids and government databases.

I caught up with Geer for an update on his proposals, and his views on the current state of cybersecurity.

Jeri Clausing

Princeton’s “War of The Lights” – The Pitfalls of Enterprise-Level IoT Projects

The stadium lights ripped the darkness over an empty field.

They weren’t supposed to be on. The lights at Princeton University’s stadium, recently upgraded, should have followed an automated cycle, reducing the need for human oversight.

Instead, the lights went to war.

That’s how Jay Dominick, the vice president for information technology and the chief information officer for the Office of the Vice President for Information Technology at Princeton University, described to me what happened when I followed-up with him after he spoke at the Conference on Security and Privacy for the Internet of Things, held Oct. 16, 2016 at Princeton University.

Ann Miller

How Microsoft rebounded to outshine Apple

Microsoft claims that more people are switching to Surface devices from Macs than ever before. That's a concept that would have been hard to picture when Microsoft first released the Microsoft Surface RT and Surface Pro in 2012 and 2013, respectively. The Surface RT suffered from a watered-down version of the new -- and generally disliked -- Windows 8 operating system and, while the Surface Pro featured the full desktop version, it came with hardware limitations and a high price tag.To read this article in full or to leave a comment, please click here

Which mobile data provider is best?

That thing you carry in your pocket may be called a smartphone, but its main purpose isn’t to talk to other people — it’s a tiny computer you use to connect to the internet, get information and find and use apps. So, for the fourth year in a row we’ve gone on a mission to find out which mobile service provider gives you the most comprehensive and reliable data network coverage, the fastest upload and download speeds, and the most bang for the buck.To do it, we turned to the experts — you and other Computerworld readers. We conducted an 8-week-long online survey this summer asking smartphone users to rate providers in multiple categories: average upload speeds, average download speeds, availability of connection, reliability of connection, performance relative to cost, technical support, selection of phone models, customer service/billing and more.To read this article in full or to leave a comment, please click here

1 2,386 2,387 2,388 2,389 2,390 3,790