May 15, 2014

RHEL 7 and Fedora 19 updates for simpler configuration and management
The firewalld daemon introduces a level of abstraction that makes setting up a Linux firewall simpler and more intuitive. Instead of writing firewall rules as iptables, firewalld uses firewall-config [graphical user interface] or firewall-cmd [command-line interface] to set up a firewall.  D-bus is an interprocess communication system -- also called a message bus system -- that allows applications and processes to communicate and request services over a bus. The d-bus service, which runs dbus-daemon, notifies processes of events, [such as] when a new device is added or when a user logs in.


Microsoft continues RC4 encryption phase-out plan with .NET security updates
"The use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions," Microsoft said in " a security advisory Tuesday. "A man-in-the-middle attack occurs when an attacker reroutes communication between two users through the attacker's computer without the knowledge of the two communicating users. Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all the while thinking they are communicating only with the intended user." While blocking RC4 is recommended, the company said that customers should plan and test the new settings prior to making this change in their environments.


Hybrid IT services in the cloud age: What CISOs should do now
With the convergence of symptoms and causes and independent of the intermingling of in-house and cloud resources, it is clear that triage is triage and initial problem identification is common across domains. To have consistent and robust security in a hybrid IT service environment, problems with externally sourced services have to be treated like problems with internally sourced ones during triage and identification. Ideally, then, there will be a converged operations staff with one team doing all initial diagnosis (and limited resolution) during the most mercurial phase of event response. The triage team will have broad, basic skills across all three domains: networks, applications and security.


How to Use OpenStack in Your Small Business
While all cloud services offer a service level agreement (SLA), it tends to be the same for all customers. In some instances, it's inadequate. In contrast, an abundance of OpenStack service providers theoretically makes it easier to find a suitable provider that offers adequate response time or predictability. A quick look at various cloud outages makes it clear that businesses can't control when they take place — and often remain in the dark as to the severity and exact status of restoration work. The final OpenStack advantage may be most intractable of all: Data privacy. Depending on the services offered, or the type of organization, certain data may be prohibited by law to be stored in public cloud infrastructure.


CloudBolt Software administers your IT, no matter where it runs
“We take an agnostic approach to customers’ IT infrastructure,” Justin Nemmers, CloudBolt’s EVP of marketing, said in an interview. The product works via connectors with popular configuration management tools including Puppet (see disclosure) and Chef, as well as management products from Hewlett Packard (HP Server Automation and Operations Orchestration) and VMware ( VMware vCenter Orchestrator.). The company, which is based in Rockville, Maryland and has a development office in Portland, Oregon, has 11 employees — several of whom come from Red Hat and Hewlett-Packard via Loudcloud/Opsware.


Female Directors and Their Impact on Strategic Change
The findings are consistent with the theory that to have a genuine influence in the business world, women must be granted real power, and simply appointing female directors when times are bad and choices are limited might not matter if they don’t have the capacity to induce change. When companies flounder, demographic differences might stand out most and simple disagreements might become exacerbated. On the other hand, the benefits of a fresh perspective can be more easily applied when firms are doing well and facing few threats.  Furthermore, the role of female directors may help explain why one company gains clear benefits from its gender-diverse boardroom while another treads water, depending on its performance record.


Reining in out-of-control security alerts
Software or appliances that fall under the product category of security information and event management (SIEM) generate most of the alerts triggered by anomalies detected in hardware and software on the corporate network. To contend with the alert flood, enterprises have the option of moving to a different model for detecting malware or learning to make better use of the SIEM systems they have, experts said Wednesday. Matthew Neeley, director of strategy initiatives for consulting firm SecureState, advises companies to do the latter to avoid the expense of ripping and replacing technology.


Hadoop security: Hortonworks buys XA Secure – and plans to turn it open source
The Hadoop software and services firm has acquired XA Secure, founded in January 2013, for an undisclosed sum and will open-source the Fremont CA-based company's Hadoop security layer, which offers role-based authorisation, auditing and governance. Hortonworks said the acquisition provides it with key technology and engineering expertise to deliver a single way to administer security across all Hadoop workloads. Ever since the introduction of the YARN resource-management tier last October, which allows multiple workloads to run on the Hadoop distributed big data platform, there has been an increased need for central security, according to Hortonworks VP product management Tim Hall.


An Internet of Things prediction for 2025 -- with caveats
Bob Briscoe, chief researcher in networking and infrastructure for British Telecom believed industrial and health IoT applications, not consumer ones, are the most likely to take off. "The most likely areas where the IoT will be realized will be in supply chain logistics and automating workforce administration -- i.e., dispensing healthcare, logging materials used in fitting and service of goods, vehicles, etc., as well as the administration of cleaning, catering, and hospitality tasks. Industrial and commercial applications are much more likely to have taken hold than these attention-grabbing consumer widgets, which have only superficial economic effect," wrote Briscoe.


Agile Research
Both academic research and the software development produce information-focused artifacts – either the logics captured in the computer code or the knowledge captured in the research publications, so similar principles may be applied to both endeavors. In this article, we have applied the Agile Principles to the field of the academic research, generating the first draft of the “Agile Research” principles; we have also presented practical guidelines for the application of these principles to the Grounded Theory qualitative research methodology, utilizing tools that are similar to those that are used in Agile.



Quote for the day:

"An idealist is a person who helps other people to be prosperous" -- Henry Ford