The truth about bug finders: They’re essentially useless

Today's popular bug finders catch only about two percent of the vulnerabilities lurking in software code, researchers have found, despite the millions of dollars companies spend on them each year.Bug finders are commonly used by software engineers to root out problems in code that could turn into vulnerabilities. They'll typically report back how many bugs they found -- what you don't know is how many were missed, leaving success rates an open mystery.So researchers at New York University's Tandon School of Engineering in collaboration with the MIT Lincoln Laboratory and Northeastern University decided to find out how much they are missing.To read this article in full or to leave a comment, please click here

I’ll See You At Cisco Live 2016 Las Vegas

I will be at Cisco Live 2016 in Las Vegas. So far, my calendar has me scheduled to attend some Tech Field Day presentations, visit with vendors, hang out in the Social Media Hub, and host a CloudGenix SD-WAN mixer event (free food and drink for all, plus fellow nerds to network with, just register). I hope to see you at CLUS. Come up and say "hi."

OpenPower Developers Primed for Big Wins at IBM Hackathon

IBM has created a virtual hackathon for all you lovely developers to test drive your data-intensive applications on the OpenPOWER server, GPU and accelerator platform. And there’s $27,000 worth of prizes on the table. Want to give it a go? Check out the competition rules and register for the OpenPOWER Developer Challenge.

The closing deadline is September 1 and already 277 individuals have signed up. So don’t dilly dally: tear down those hardware performance barriers and submit your entry. Choose which track is the one for you and connect with the experts ‘round the clock on Slack to get

OpenPower Developers Primed for Big Wins at IBM Hackathon was written by Nicole Hemsoth at The Next Platform.

Polycom accepts Siris Capital’s $2B offer, cancels Mitel merger

The technology industry is never short of intrigue and drama. There are always rumors of who might buy whom, which executive left to go where and what new product a certain vendor might come out with.The fate of Polycom has been one of the storylines industry watchers have been keeping an eye on. Earlier this year, Mitel announced it agreed to acquire Polycom for $1.96 billion. But alas, all things aren’t meant to be. In Hollywood, Bennifer broke up, and now Mitelocom will, too.On the eve of the deal being finalized, Siris Capital came in, upped the offer to a cool $2 billion and broke up the proposed joint company. Like all things in life, there are some definite pros and cons to this announcement.To read this article in full or to leave a comment, please click here

Live Debugging with Docker

During the DockerCon 2016 keynote, I demonstrated a development workflow with Docker for Mac, going from a fresh laptop to a running app in no time. The especially cool part was when I live-debugged a Node.js app running inside a container from my IDE, despite having no Node.js runtime installed on my laptop. Here I’m going to show you how to do it yourself.

Here’s what you’ll need:

  1. Docker: I recommend Docker for Mac or Windows, which are in public beta.
  2. An IDE which supports Node.js remote debugging: I used Visual Studio Code.
  3. A Node.js application: I’ll create a simple one as part of this tutorial.

 

Example Application

Create a directory to work from:

$ mkdir node-example
$ cd node-example

To get our app running, we’ll need 5 files:

  • A JavaScript file to contain the actual app code
  • A package.json to define the npm dependencies
  • An HTML template
  • A Dockerfile to package the whole app in a container
  • A Compose file to set up a development environment. (The Compose file will also come in very handy if the app ever grows beyond a single container, but we won’t bother with that today.)

Create Continue reading

Worth Reading: You don’t know as much as you think you do

We live in a world that requires people to know a lot of information. Depending on role we are required to know to varying depths. Shallow and wide or deep and narrow. No matter the combination the teams we are placed in have overlap in skills, knowledge and each person brings something of value. The simple reality is that no one knows everything. If you have an eidetic memory then kudos to you but the mere mortals amongst us do not. -Network Inferno

LinkedInTwitterGoogle+Facebook

The post Worth Reading: You don’t know as much as you think you do appeared first on 'net work.

Screens that fold and roll will arrive as early as next year

Displays that can be folded and rolled up have been shown in prototype smartphones, wearables and other devices -- but when will such products be available?Advances in technology suggest they aren't too far off in the future. Such devices could start showing up as early as next year or 2018, said Jerry Kang, senior principal analyst for emerging display technologies and OLED at IHS.Manufacturers are trying to launch them in devices like tablets that can fold into a smartphone-size device. It's possible to use these displays in wearable devices, but reliability, weight and battery life need to be considered, Kang said.To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For July 8th, 2016

Hey, it's HighScalability time:


Juno: 165,000mph, 1.7 billion miles, missed orbit by 10 miles. Dang buggy software. 

 

If you like this sort of Stuff then please support me on Patreon.
  • $3B: damages awarded to HP from Oracle; 37%: when to stop looking through your search period; 70%: observed Annualized Failure Rate (AFR) in production datacenters for some models of SSDs; 

  • Quotable Quotes:
    • spacerodent: After Christmas there was this huge excess capacity and that is when I first learned of the EC2 project. It was my belief EC2 came out of a need to utilize those extra Gurupa servers during the off season:)
    • bcantrill: That said, I think Sun's problem was pretty simple: we thought we were a hardware company long after it should have been clear that we were a systems company. As a result, we made overpriced, underperforming (and, it kills me to say, unreliable) hardware. And because we were hardware-fixated, we did not understand the economic disruptive force of either Intel or open source until it was too late. 
    • @cmeik: I am not convinced the blockchain and CRDTs *work.*
    • daly: Managers make decisions. Only go to management with your Continue reading

A CIO’s guide to understanding analytics

Wherever you turn, businesses are putting analytics into action. Retailer American Eagle outfitters, for example, uses an algorithm to figure out how best to fulfill online orders with products shipped from physical stores. Insurance company Allstate calculates premiums using an algorithm that weights different risk factors. Even beverage maker Minute Maid is applying algorithms to its orange juice, taking into account not just consumer preferences but its supply chain.To read this article in full or to leave a comment, please click here(Insider Story)

Confusion over cyber insurance leads to coverage gaps

Assessing damage after a major cybersecurity breach is one of the most harrowing things a CIO or CISO can face. There is plenty of blame to go around but rarely enough people to accept it evenly. And when it comes to recouping money from cyber insurance claims, this blame game is further complicated by confusion.A typical corporate cyber insurance discussion goes like this: The CEO or board chairman calls the CISO into the room and tells him that their insurers is going to pay out only 38 percent of a claim because "you didn't implement encryption on the affected applications."The CISO says: "First, I didn't know we had cyber insurance. Second, the impacted apps are running our ATM machines and if we would have encrypted them you would have fired me because our customers wouldn't have been able to access them. I wish you would have talked to me before you implemented these policies."To read this article in full or to leave a comment, please click here

IDG Contributor Network: We need a better Private Browsing Mode

Many web browsers have some variation of “private” browsing mode. In that mode, websites shouldn't be able to read cookies stored on your computer, nor should they  be able to place permanent cookies onto your computer. (They think they can place cookies, but those cookies are deleted at the end of the session.)Normally, you have two ways to use those modes: Deliberately decide to start a private session. On Firefox for the Mac, it’s File -> New Private Window. Ditto for Safari for the Mac. In Chrome for the Mac, it’s File -> New Incognito Window. The process is similar for Windows, and it is somewhat different on phones and tablets. The problem is that if you click a link in, say, an email, it will open in a regular, non-private window. Set a default that every browser session will be private/incognito. (The method varies widely based on browser and operating system.) This method will handle external link requests by opening them in private/incognito mode. But since everything else will open that way too, you’ll have to manually log into every website you visit. That is a real nuisance. (You can set browsers to block cookies, but that’s bigger nuisance because Continue reading

Microsoft lets AI experiments loose in world of Minecraft

Microsoft has published the source code for its Project Malmo, allowing anyone to conduct artificial intelligence experiments in the world of Minecraft with a little programming.It unveiled the project, then known as AIX, back in March, but at the time only a few academics had access to the code. On Thursday the company made good on its promise to open up the source code by publishing it on Github.Minecraft, the blocky world-building game that Microsoft paid US$2.5 billion for two years ago, is an ideal place to test how artificial intelligences will interact with one another and with humans.To read this article in full or to leave a comment, please click here

Three Things You Don’t Want To Miss At AnsibleFest San Francisco

ansible-fest-sf16-blogheader-2x.png

AnsibleFest is returning to San Francisco on Thursday, July 28th, 2016 at the Westin St. Francis in Union Square. It's going to be a great opportunity to meet and connect with passionate Ansible users, developers and industry partners. Whether you're an experienced user or are just getting started, AnsibleFest is for you.

This year AnsibleFest will not be one to miss, featuring the latest and greatest updates on Ansible and Ansible Tower as well as use cases, technical deep dives and best practices.

As AnsibleFest continues to grow so does its offerings. For those who have never attended and for those wanting to know more, here are three things you won't want to miss:

1) Informative General Session

Kicking off AnsibleFest, this session will feature company updates, product roadmap and new directions as well as a featured customer presentation.  Attendees can:

  • Hear from Ansible leadership about company overivew and key areas of focus 
  • Discover more about the Ansible and Ansible Tower product roadmaps
  • Learn about the latest advancements in using Ansible for networking
  • Get up to speed on the Ansible Container project and see where it's heading in the future
  • Learn from our customer and master software engineer, Chris Weaver Continue reading

10 reasons why you shouldn’t upgrade to Windows 10

An offer you can refuseThe clock is ticking, folks. If you want to upgrade to Windows 10 for free, you only have until July 29, 2016 to do so. And most people should! Windows 10 is the best Windows yet, chock full of handy new features, sleek under-the-hood improvements, and headache-killing extras.To read this article in full or to leave a comment, please click here

How IT outsourcing customers should prepare for HPE-CSC

How the recently announced “spin-merger” between HPE’s spun-off enterprise services unit and CSC to create a $26 billion global services giant (the third largest in the U.S) will actually shake out once its completed next spring is uncertain. What is clear is that the two service businesses had been struggling for some time.[ Related: HPE to spin out its huge services business, merge it with CSC ]To read this article in full or to leave a comment, please click here

IDG Contributor Network: The Wi-Fi network edge leads in an SDN world

Two decades ago, the core was the place to be in campus networking. The networking battles of the 1990s concluded with the edge specialists humbled and assimilated by core product lines. Control the core, we declared, and the edge will fall into place.But now the edge is fruitful, and the core is sterile—and for two reasons. First, the wireless interface adds mobility and complexity to the edge. Second, the new architectures of software-defined networking (SDN) and IoT are based on centralized models that take sensed information, manipulate a software representation of the network, then send control signals back to network nodes. Nodes are peers under the controller. Their importance is based on the quantity and quality of the information they can report, as well as the sophistication of the control they can apply.To read this article in full or to leave a comment, please click here

IDG Contributor Network: The Wi-Fi network edge leads in an SDN world

Two decades ago, the core was the place to be in campus networking. The networking battles of the 1990s concluded with the edge specialists humbled and assimilated by core product lines. Control the core, we declared, and the edge will fall into place.But now the edge is fruitful, and the core is sterile—and for two reasons. First, the wireless interface adds mobility and complexity to the edge. Second, the new architectures of software-defined networking (SDN) and IoT are based on centralized models that take sensed information, manipulate a software representation of the network, then send control signals back to network nodes. Nodes are peers under the controller. Their importance is based on the quantity and quality of the information they can report, as well as the sophistication of the control they can apply.To read this article in full or to leave a comment, please click here

EU prepares to raise Privacy Shield over data transfers to U.S.

European Union officials are set to give final approval to a new EU-U.S. data transfer agreement early next week, after member states gave their approval to an updated text on Friday.Privacy Shield is intended to replace the Safe Harbor Agreement as a means to legalize the transfer of EU citizens' personal information to the U.S. while still respecting EU privacy laws.A new deal is needed because the Court of Justice of the EU invalidated the Safe Harbor Agreement last October, concerned that it provided Europeans with insufficient protection from state surveillance when companies exported their personal data to the U.S. for processing.The first draft of Privacy Shield agreement presented by the European Commission in January lacked key assurances from U.S. officials on the same matters that had concerned the CJEU about Safe Harbor.To read this article in full or to leave a comment, please click here

1 2,834 2,835 2,836 2,837 2,838 3,840