How Docker can transform your development teams

Waiting for the right build has been a historical problem with test environments, while differences between development, test and production have caused defects to escape in production. Virtual Machines solve these problems by sharing a copy of system data, but they can be slow and take gigabytes of disk space. Enter Docker, a lightweight, fast virtualization tool for Linux. The opportunity Docker presents  First, anyone on a technical staff can create a test environment on the local machine in a few seconds. The new process hooks into the existing operating system, so it does not need to “boot.” With a previous build stored locally, Docker is smart enough to only load the difference between the two builds. To read this article in full or to leave a comment, please click here

CSO burnout biggest factor in infosec talent shortage

The real cause of the talent shortage in the information security field isn't a lack of new people entering the profession, but retention and churn at the highest levels, according to a new report by IDC. "It's a fairly common theme to suggest that we have better training in colleges, certificate courses, and all that sort of thing for entry-level folks," said IDC analyst and report author Pete Lindstrom. But in fact, at the entry level, expectations are basic and companies are willing to be flexible, are open to diverse backgrounds, and can train new hires. Jobs that require less than five years of experience are filled within just three months 85 percent of the time, and 99 percent are filled within six months, according to the IDC survey of senior infosec executives.To read this article in full or to leave a comment, please click here

Cyber sharing bill shares too much, critics say

According to '70s hippie comics Cheech & Chong, “Everybody shares stuff, man.”Maybe if it’s weed. But, apparently not if it’s cyber threat information.Supposedly, creation of a federal framework for that kind of sharing among industries and government has been a priority for years for all parties involved – President Obama Congress and private sector enterprises that are under constant, ever-more-sophisticated attacks.But after years of proposals, there are still no results. And if privacy and civil liberties advocates prevail in the current dustup, there won’t be any results this year either.The latest effort – several bills on both the House and Senate side – have had varied success. Two House bills – the Protecting Cyber Networks Act, or PCNA (H.R. 1560) and the National Cybersecurity Protection Advancement Act of 2015, or NCPAA (H.R. 1731) – easily passed and were combined into one labeled H.R. 1560.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Ready or not, ultra HD is here

As women's soccer teams took the field for the final match of FIFA Women's World Cup Canada 2015 this summer, some fans enjoyed the games via 8K video - the most technologically advanced high-definition video technology on the market. Fox Sports and NHK, Japan's national public broadcasting organization, offered invitation-only 8K demos of the Japan vs. Cameroon game, and the U.S. vs. Nigeria match at the Fox Studio lot in Los Angeles. To top it off, FIFA and NHK produced the championship game in ultra-HD 8K and presented in live viewings in Japan, as well. Viewer response was positive, to say the least.To read this article in full or to leave a comment, please click here

Worth Reading: Open Source

It can be argued that the biggest change — the change that has led to an explosion of open source software — isn’t the availability of open source software, nor the process of developing open source software, but the commercialization of open source software. We’ve always had an open source software community. What’s new is we have people who are commercializing the open source model. via network computing

The post Worth Reading: Open Source appeared first on 'net work.

PlantUML – Making Complicated Diagrams Simpler

plantuml-title

A colleague at work recently told me that I should check out PlantUML. His advice is usually good, and this is no exception.

PlantUML uses a relatively simple text language to describe the desired diagram, then makes generation of the image as simple as processing the UML file. It’s easy to try online at http://plantuml.com/ where there is a text editor with real time image updates as you add more content.

Sequence Diagrams

Sequence diagrams are probably the simplest to build, and are absurdly fast to create. Here’s a simple example of a TCP exchange:

plantuml-tcpTo create this, I used the following PlantUML:

@startuml
title : TCP Exchange
HostA -> HostB : SYN
HostB -> HostA : SYN+ACK
HostA -> HostB : ACK
HostA -> HostB : Data
HostB -> HostA : ACK
HostB -> HostA : FIN
HostA -> HostB : ACK
HostA -> HostB : FIN
HostB -> HostA : ACK
@enduml

You’re not limited to two endpoints, of course:

plantuml-gossip

Use Case Diagrams

Here’s a simple use case with Fred and Joe again:

plantuml-reprimandThe PlantUML to generate this was:

@startuml
title : Result of Gossip
Fred --> (HR) : complaint
(Legal) -> (HR) : advice
(HR) ->  Continue reading

Linux Foundation’s security checklist can help sysadmins harden workstations

If you're a Linux user, especially a systems administrator, the Linux Foundation has some security tips to share with you, and they're quite good. Konstantin Ryabitsev, the Foundation's director of collaborative IT services, published the security checklist that the organization uses to harden the laptops of its remote sysadmins against attacks. The recommendations aim to balance security decisions with usability and are accompanied by explanations of why they were considered. They also have different severity levels: critical, moderate, low and paranoid.To read this article in full or to leave a comment, please click here

Simplicity – the art of automation

SimplicityWhen I was a young lad I had my heart set of being a car designer when I grew up. This dream carried on into my teens, then for some reason it vanished. Around the same time I discovered I could 'work' computers, and that I quite enjoyed it.

Fast forward a great many years and I am looking back at over two decades of experience as an IT engineer. But my interest in design has never really waned - I still find great pleasure in things that have been designed well.

Just over six years ago I discovered the furniture manufacturer, Vitsœ. Although they started life as a Danish/German partnership they are now very much a British company - based in the UK with an Englishman at the helm. They produce a shelving system, called the 606, and I invested in some for my home office.

The 606 is extremely flexible in its usage, it can form an office space...

Office

or somewhere to keep a record collection...

Records

or even a kitchen...

Kitchen

Impressively, it also scales; from a small start...

Small

to massive installations...

Massive

But the most impressive thing about this bespoke shelving system is that it's not bespoke at all. Continue reading

The Silo of Focus

FocusHow often, in our careers, are we told to focus on one thing at a time? I would guess I see some message about this, such as the image to the left in this post, at least once a week, if not once a day.

In general, I agree with the sentiment. If you really want to get something done, do it, rather than doing a lot of things at once. The reason for this, I think, is because multitasked work tends to result in half-work, which is something to be avoided at all costs.

Avoid half-work more than anything. Do not imitate those people who sit long at their desks but let their minds wander. It is better to shorten the time and use it intensely, to increase its value, which is all that counts. Do something, or do nothing at all. Do ardently whatever you decide to do; do it with your might; and let the whole of your activity be a series of vigorous fresh starts. Half-work, which is half-rest, is good neither for rest nor for work. via Sertillanges, The Intellectual Life

But there is another side to focus we need to be wary of as Continue reading

Boeing’s laser hunts for drones

Boeing's portable drone-destroying laser system is one step closer to the battlefield after a recent test. Earlier this month in California, Boeing's second-generation, compact-laser weapons system disabled a moving, untethered drone. That's important as enemies can easily acquire commercially available drones -- also known as unmanned aerial vehicles (UAVs) -- and use them to deliver explosives or perform reconnaissance. To read this article in full or to leave a comment, please click here

The disaster-recovery lessons we learned after Katrina

A decade ago New Orleans and the Gulf Coast of the United States were devastated by the sixth strongest Atlantic hurricane ever recorded. The National Oceanic and Atmospheric Administration claims Hurricane Katrina was the most destructive storm to ever strike the United States.The destruction from the hurricane itself, and the subsequent flooding that put most of New Orleans underwater knocked many businesses out of commission—and more than a few completely out of existence. Thankfully, we have learned a lot of hard lessons in the wake of Hurricane Katrina that businesses can use to be better-prepared for the next major disaster.An article from USA Today in 2007—two years after Hurricane Katrina—estimates that 7,900 businesses in New Orleans and southeast Louisiana went out of existence as a result of Katrina. Some of those businesses failed as a result of lost revenue resulting from nearly half a million people displaced from the region, but many of those businesses failed as a direct result of the destruction and impact the storm had on their ability to continue operating.To read this article in full or to leave a comment, please click here

Amazon dumps Flash, and the Web is better off

Amazon will stop accepting Flash ads on its advertising network on Tuesday, and it will help make the entire Web more secure, security experts say. According to Amazon, the move was prompted by a recent update from Google Chrome that limited how Flash was displayed on Web pages. Mozilla Firefox and Apple Safari already had similar limitations in place. "his change ensures customers continue to have a positive, consistent experience on Amazon, and that ads displayed across the site function properly for optimal performance," the company said in its announcement. Bad, bad FlashTo read this article in full or to leave a comment, please click here

As energy push accelerates, battery costs set to plunge 60%

An energy storage study claims that prices for certain battery technologies will plunge by as much as 60% over the next five years. The report was prepared by Australian consultancy AECOM and published by the Australian Renewable Energy Agency (ARENA). The 130-page study, originally published last month, expects all battery technologies  to drop in price. However, the largest reductions are forecast for Li-ion and flow-battery technologies, which are expected to plummet by 60% and 40%, respectively by 2020.To read this article in full or to leave a comment, please click here

Qualcomm’s Snapdragon 820 processor gets technology to secure Android phones

Qualcomm is promising to improve security and privacy on high-end smartphones with Snapdragon Smart Protect, which uses on-device machine learning to help detect zero-day malware.The popularity of smartphones has started to catch the imagination of hackers, resulting in the need for better protection. Qualcomm’s latest contribution is Snapdragon Smart Protect, which the company announced on Monday.Smart Protect looks at what’s going on in the smartphone and warns about what it thinks are abnormal behaviors to protect users. At its most basic, that could be an application that takes a photo even though the display is off or an application sending an SMS without any user interaction. To read this article in full or to leave a comment, please click here

VMware NSX 6.2: Enterprise Automation, Security and Application Continuity

VMworld 2015 in San Francisco marks the two-year anniversary of the launch of VMware VMware NSX LogoNSX. Since we originally launched, we have taken the promise of NSX and turned it into a platform that customers around the world are using to transform the operations of their data center networks and security infrastructure – in fact, more than 700 customers have chosen NSX. We also have more than 100 production deployments, and more than 65 customers have invested more than $1M of their IT budgets in NSX. We’ve trained more than 3,500 people on NSX, and we have more than 20 interoperable partner solutions generally available and shipping today.

Perhaps what’s most exciting is that at this year’s show, we will have more than two dozen NSX customers represented in various forums throughout the event. Organizations such as Baystate Health, City of Avondale, ClearDATA, Columbia Sportswear, DirecTV, FireHost, George Washington University, Heartland Payment Systems, IBM, IlliniCloud, NovaMedia, Rent-A-Center, Telstra, Tribune Media, United Health Group, University of New Mexico…the list goes on.

And as the capstone, we get to debut VMware NSX 6.2 at the show. So let’s take a deeper look at what we’ve learned from our customers and what’s new Continue reading

Defending the White Elephant

Click here to download the full report that includes attack details, TTPs and indicators of compromise.   Myanmar is a country currently engaged in an important political process. A pro-democracy reform took place in 2011 which has helped the government create an atmopshere conducive to investor interest. The country is resource rich, with a variety of […]

Defending the White Elephant

Click here to download the full report that includes attack details, TTPs and indicators of compromise.  

white elephant

Myanmar is a country currently engaged in an important political process. A pro-democracy reform took place in 2011 which has helped the government create an atmopshere conducive to investor interest. The country is resource rich, with a variety of natural resources and a steady labor supply. Despite recent progress, the country is subject to ongoing conflict with ethnic rebels and an ongoing civil war. Analysts suggest that both China and the United States are vying for greater influence in Myanmar, with China in particular having geopolitical interest due to sea passages, port deals, and fuel pipelines that are important to its goals. Geopolitical analysts have suggested that the United States may have its own interests that involve thwarting Chinese ambitions in the region.

APT groups from multiple countries – including China – have been known to target organizations of strategic interest with aggressive malware-based espionage campaigns. One of the malware families used in such a scenario is the well-known Remote Access Trojan PlugX, also known as Korplug, that enables full access to the victim’s machine and network.

Multiple instances of PlugX and related downloader Continue reading

1 3,339 3,340 3,341 3,342 3,343 3,841