Google just blew up its all-in strategy for productivity software

For a very long time, Google has focused on building its own productivity software to serve everyone from consumers to massive enterprises, and then locking people into its core experience. That all changed on Wednesday. The company announced that it's partnering with Box to let users of the enterprise cloud storage and content services platform edit documents with Google Docs, Sheets and Slides, but keep them stored inside Box. It's a vast departure from the company's previous direction, which required people to store files edited with Docs inside Google Drive. Google said that the company is working on turning its Docs productivity suite into an open platform, and is open to working with other storage providers in a similar way.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Building an insider threat program that works – Part I

The consequences of failure range from failed security audits and interruptions of service or product deliveries to more significant degradation of ongoing operations, monetary losses and lasting reputational damage. In extreme scenarios, there is even the potential for bodily injury and loss of life.In response, many corporate and government leaders have invested heavily over the past few years in controls designed to mitigate the likelihood and consequences of a damaging insider event. Policy and procedural controls naturally have played a big part in these nascent insider threat programs, but so have a number of emerging technologies grouped under the umbrella of Security Analytics.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Building an insider threat program that works – Part I

The consequences of failure range from failed security audits and interruptions of service or product deliveries to more significant degradation of ongoing operations, monetary losses and lasting reputational damage. In extreme scenarios, there is even the potential for bodily injury and loss of life.In response, many corporate and government leaders have invested heavily over the past few years in controls designed to mitigate the likelihood and consequences of a damaging insider event. Policy and procedural controls naturally have played a big part in these nascent insider threat programs, but so have a number of emerging technologies grouped under the umbrella of Security Analytics.To read this article in full or to leave a comment, please click here

Security firm faces lawsuit with stock tanking tactic

One security firm’s controversial approach to pointing out flaws in products is facing legal action. On Wednesday, the firm MedSec was hit with a lawsuit after trying to tank a company’s stock. The company, St. Jude Medical, has filed the legal action against MedSec for making false accusations about its products and for conspiring to manipulate its stock. Two weeks ago, MedSec ignited an ethical firestorm when it publicized allegations that pacemakers and other devices from St. Jude Medical were insecure and open to hacks. Pointing out flaws is nothing new in the security industry. But MedSec took the unusual step of trying to profit from the research by betting against St. Jude Medical. To do so, it partnered with investment firm Muddy Waters Capital to short the stock.To read this article in full or to leave a comment, please click here

Security firm faces lawsuit with stock tanking tactic

One security firm’s controversial approach to pointing out flaws in products is facing legal action. On Wednesday, the firm MedSec was hit with a lawsuit after trying to tank a company’s stock.The company, St. Jude Medical, has filed the legal action against MedSec for making false accusations about its products and for conspiring to manipulate its stock.Two weeks ago, MedSec ignited an ethical firestorm when it publicized allegations that pacemakers and other devices from St. Jude Medical were insecure and open to hacks.Pointing out flaws is nothing new in the security industry. But MedSec took the unusual step of trying to profit from the research by betting against St. Jude Medical. To do so, it partnered with investment firm Muddy Waters Capital to short the stock.To read this article in full or to leave a comment, please click here

Is Microsoft building a Slack killer?

A few months ago, rumors circulated that Microsoft considered buying the cloud-based team collaboration tool Slack for a generous $8 billion. Overpaying again, it seems, as Slack's last known valuation was $2.8 billion.Now it seems that Microsoft has decided to build rather than buy, using its own Skype messaging service as the basis for a new product. According to the site MSPoweruser, Microsoft is coming for the Slack market with a product called Skype Teams. To read this article in full or to leave a comment, please click here

DC Fabric Segment Routing Use Case (5)

In this, the last post on DC fabrics as a Segment Routing use case, I mostly want to tie up some final loose ends. I will probably return to SR in the future to discuss other ideas and technical details.

Anycast

Anyone who keeps up with LinkedIn knows anycast plays a major role in many parts of the infrastructure. This isn’t unique to LinkedIn, though; most DNS implementations and/or providers, as well as just about every large scale public facing web application, also uses anycast. Which leads to an obvious question—how would SR work with anycast? The answer turns out to be much simpler than it might appear. The small diagram below might be helpful—

anycast-01

Assume A and B have two copies of a single service running on them, and we want hosts behind F to use one service or the other, just depending on which the routing system happens to route towards first. This isn’t quite the classical case for anycast, as anycast normally involves choosing the closest service, and both of the services in this example are equal distance from the hosts—but this is going to be the case more often than not in a data center. In Continue reading

Half of network management systems vulnerable to injection attacks

Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these vulnerabilities, according to a report released today.It all comes down to input validation, or lack of it, said Deral Heiland, research lead at Boston-based Rapid7, Inc. and one of the authors of the report.Network management systems are in regular communication with the devices on a company's network. But, because the communications are machine-to-machine people sometimes forget that the inputs still need to be checked to make sure there's nothing weird or malicious in there.To read this article in full or to leave a comment, please click here

Half of network management systems vulnerable to injection attacks

Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these vulnerabilities, according to a report released today.It all comes down to input validation, or lack of it, said Deral Heiland, research lead at Boston-based Rapid7, Inc. and one of the authors of the report.Network management systems are in regular communication with the devices on a company's network. But, because the communications are machine-to-machine people sometimes forget that the inputs still need to be checked to make sure there's nothing weird or malicious in there.To read this article in full or to leave a comment, please click here

Half of network management systems vulnerable to injection attacks

Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these vulnerabilities, according to a report released today.It all comes down to input validation, or lack of it, said Deral Heiland, research lead at Boston-based Rapid7, Inc. and one of the authors of the report.Network management systems are in regular communication with the devices on a company's network. But, because the communications are machine-to-machine people sometimes forget that the inputs still need to be checked to make sure there's nothing weird or malicious in there.To read this article in full or to leave a comment, please click here

The new Dell Technologies: 6 things you need to know

Dell and EMC have completed their US$67 billion merger to create Dell Technologies, the world's largest privately held technology company. It's a historic day, far from the PC company that sponsored the "Dude, I've bought a Dell" campaign.The new company will sell PCs, servers, storage, networking and software products. It has an impressive list of assets including Dell's PC and servers, EMC storage, VMWare, RSA, Wyse, Force10, and the Pivotal software and Boomi cloud services.Work has started for the autonomous units to work in unison, but there are also new priorities for the company. Here's what you need to know.Dell Technologies is thinking like Alphabet/Google Dell Technologies will be a mix of independent units tethered to each other. That's similar to Alphabet, which has a bunch of independent units led by Google working closely with each other. The Dell Technologies units will continue to function independently, but also work together to offer integrated products like hyperconverged systems that mix Dell's servers, EMC's storage, VMWare virtualization, and private-public cloud assets.To read this article in full or to leave a comment, please click here

IDG Contributor Network: HashiCorp slurps up cash to deliver DevOps goodness

Seemingly every company under the sun is now a DevOps leader—even ones that, while purporting to be about a new way of doing things, continue to market legacy, monolithic products and services.  So, it’s nice to see some genuine players achieve success and recognition in this space. A good example of this is HashiCorp—an important, but little-known DevOps vendor. The company manages a host of open-source tools, all of which tick of different parts of the application and infrastructure lifecycle. + Also on Network World: The shift to DevOps requires a new approach to security +To read this article in full or to leave a comment, please click here

IDG Contributor Network: HashiCorp slurps up cash to deliver DevOps goodness

Seemingly every company under the sun is now a DevOps leader—even ones that, while purporting to be about a new way of doing things, continue to market legacy, monolithic products and services.  So, it’s nice to see some genuine players achieve success and recognition in this space. A good example of this is HashiCorp—an important, but little-known DevOps vendor. The company manages a host of open-source tools, all of which tick of different parts of the application and infrastructure lifecycle. + Also on Network World: The shift to DevOps requires a new approach to security +To read this article in full or to leave a comment, please click here

VMware NSX gains traction as a security tool

In July of 2012, VMware shocked the world when it shelled out $1.26 billion to purchase software-defined networking (SDN) startup Nicira. The acquisition changed the face of VMware, as it created a big rift between itself and long-time data center partner Cisco. The product, now known as NSX, put VMware squarely in the next-generation network market with one of the top start-ups.+ Also on Network World: NSX, and its new chief, take center stage at VMWorld +To read this article in full or to leave a comment, please click here

Code Generation: The Inner Sanctum of Database Performance

This is guest post by Drew Paroski, architect and engineering manager at MemSQL. Previously he worked at Facebook and developed HHVM, the popular real-time PHP compiler used across the company’s web scale application.

Achieving maximum software efficiency through native code generation can bring superior scaling and performance to any database. And making code generation a first-class citizen of the database, from the beginning, enables a rich set of speed improvements that provide benefits throughout the software architecture and end-user experience.

If you decide to build a code generation system you need to clearly understand the costs and benefits, which we detail in this article. If you are willing to go all the way in the name of performance, we also detail an approach to save you time leveraging existing compiler tools and frameworks such as LLVM in a proven and robust way.

Code Generation Basics

The Vast Potential For VMware’s OpenStack Cloud

While hyperscalers and HPC centers like the bleeding edge – their very existence commands that they be on it – enterprises are a more conservative lot. No IT supplier ever went broke counting on enterprises to be risk adverse, but plenty of companies have gone the way of all flesh by not innovating enough and not seeing market inflections when they exist.

VMware, the virtualization division of the new Dell Technologies empire that formally comes into being this week, does not want to miss such changes and very much wants to continue to extract revenues and profits from its impressively

The Vast Potential For VMware’s OpenStack Cloud was written by Timothy Prickett Morgan at The Next Platform.

1 2,656 2,657 2,658 2,659 2,660 3,808