July 21, 2014

Translating network policy in SDN isn't a one-protocol show
It's better to define how a three-tiered web application is designed, enabling the middle-tier app server to talk to the web servers and the back-end database tier, but to prevent the web servers from talking directly to the database tier. In that scenario, an imperative model would have required specific definitions of ACLs, which would be defined specifically for the infrastructure in the deployment -- i.e. switch commands using IOS or NX-OS -- which only makes sense for the network administrators and is a notion that's distant from the concerns of the application owners and architects.


Forensic scientist identifies suspicious 'back doors' running on every iOS device
Zdziarski, better known as the hacker "NerveGas" in the iPhone development community, worked as dev-team member on many of the early iOS jailbreaks and is the author of five iOS-related O’Reilly books including "Hacking and Securing iOS Applications." In December 2013, an NSA program dubbed DROPOUTJEEP was reveled by security researcher Jacob Appelbaum that reportedly gave the agency almost complete access to the iPhone. The leaked document, dated 2008, noted that the malware required "implant via close access methods" but ominously noted that "a remote installation capability will be pursued for a future release."


Julia King: We're all data scientists now
"As front-line workers have their capabilities augmented by digital technologies, they are emboldened to make informed, real-time decisions and encouraged to become more engaged with the organization," notes a recent report by McKinsey Global Institute. But these workers must know how to deal with all of the data coming their way if it's to yield the flabbergasting productivity gains McKinsey predicts. In the manufacturing sector alone, the business consultancy maintains that big data and analytics can yield improvements in production, supply chain and R&D amounting to something between $125 billion and $270 billion.


Our Cloud Disaster Recovery Story
We took the "small jump, medium jump, high jump" approach. In this case, we deployed one low-risk server using the startup vendor's methodology. Then we moved to one mid-risk server. Then a mid-risk n-tier application. Armageddon didn't ensue. In terms of permission, our IT organization has earned credibility with other business units in our city. We offer a high level of uptime. If we screw up, we admit it and communicate about it. Although we must enforce policy, we aren't the No Police. And we recognize that we aren’t the owners of systems; we're the custodians.


Data integration as a business opportunity
A significant fraction of IT professional services industry revenue comes from data integration. But as a software business, data integration has been more problematic. Informatica, the largest independent data integration software vendor, does $1 billion in revenue. INFA’s enterprise value (market capitalization after adjusting for cash and debt) is $3 billion, which puts it way short of other category leaders such as VMware, and even sits behind Tableau.* When I talk with data integration startups, I ask questions such as “What fraction of Informatica’s revenue are you shooting for?” and, as a follow-up, “Why would that be grounds for excitement?”


13 ways to optimize your Android smartphone
Listen up, Android users: It's time for a smartphone tuneup. Don't get me wrong, most Android devices work fine out of the box. But with a few minutes of manipulation and a few helpful apps, you can optimize your phone to make it more powerful, useful, and efficient. Isn't that what technology's all about? Let's get to it, then. Here are 13 quick tweaks that'll improve your Android experience.


Chinese hackers break into US federal government employee database
Speaking at a news conference in Beijing Thursday, Kerry said of the breach, “At this point in time, it does not appear to have compromised any sensitive material.” But he also condemned China’s cyber spying in unusually harsh language, saying it “harmed our business and threatened our nation's competitiveness." Department of Homeland Security officials confirmed that they were aware of an attempt to hack into the Office of Personnel Management (OPM), which houses the personnel files of federal employees, including those applying for top-security clearance.


Why Bankers will Rely More on ‘Tablet Banking’
Tablets used today to help a customer get an experience – saves time by up to 10 folds. Those are going to grow up in popularity, and people will begin to trust them as a main form of communication. So in future, customers will interact with their banks seamlessly with tablets without a lag. Intel is strengthening its tablet market – focusing on industry verticals like banking, financial services and insurance, education etc. For that, Intel may soon, in partnership with various OEMs, offer these tablets across those industry verticals. Tablet banking allows for great user experience, especially with the rich interface tablets offer, which is nearly unlimited.


Government-grade malware in hacker hands
Gyges was discovered in March this year by Sentinel Labs Research Lab, as detailed within the company's latest intelligence report (.PDF). According to the report, the malware probably originated from Russia, and "is virtually invisible and capable of operating undetected for long periods of time." "It comes to us as no surprise that this type of intelligence agency-grade malware would eventually fall into cybercriminals’ hands," Sentinel Labs states. "Gyges is an early example of how advanced techniques and code developed by governments for espionage are effectively being repurposed, modularized and coupled with other malware to commit cybercrime."


Why is SaaS testing harder than traditional testing?
SaaS testing tends to require executing a greater number of test types. Service-level agreement (SLA) adherence, failover/disaster recovery and deployment are examples of SaaS tests that are typically not part of traditional Web application testing. These may be tested in standard Web applications, but they generally are not deemed critical. In SaaS, SLA adherence is required in order to avoid business disruption. Failover and disaster recovery are essential in order to verify the SaaS is solid and responds appropriately if a release or server fails.



Quote for the day:

"Really great people make you feel that you, too, can become great" -- Mark Twain