September 30, 2014

DevOps in Telecoms – Is It Possible?
Unlike IT and Internet platforms, they don't create a virtual service to be deployed somewhere in the cloud, nor can it be “continuously” patched in an Agile manner. They deliver hardware that may cost millions to commission and is maintained over years with strict SLA's. So on a technical level, by using OpenStack, Puppet, Chef, Salt or other technologies DevOps isn't going to do anything for the Telco guys. When I first asked my former colleagues from my time working in SaaS in 2012 what DevOps actually was, the confusing answer by advocates was:


6 Key Defenses Against Shellshock Attacks
Security vendor Cloudflare reported Monday that it has counted more 1.5 million distributed-denial-of-service attacks against the Shellshock flaw daily on its network. Web application firewall vendor Incapsula reported Monday that over the four days since Shellshock was made public Sept. 25, it has deflected more than 217,000 exploit attempts on over 4,115 domains. Incapsula has documented attacks originating from more than 890 IP addresses worldwide. So, what should companies do to defend against attackers? Experts from the SANS Institute, which provides data, network and cyber security training, offer the following advice:


Why Great CEOs Often Work Less to Achieve More
We are endlessly told that hard work creates more profit. Work harder to create more profit in your new business. Does more work really mean more profit? Do we have to put in ludicrously long hours to be successful? We have been brought up to believe that working more equates to being more successful. More input equates to more output. Well, I am not sure I agree. I think the logic (and many of the assumptions behind it) is flawed.  Sure, if you are a one-person-business, charging per unit of time, then more units equals more money. But most businesses try to grow by employing people to spread the workload. Or, maybe you should simply charge more per unit of time!


Is the cloud instable and what can we do about it?
Like many of the web-scale applications using cloud-based infrastructure today, enterprise applications need to rethink their architecture. If the assumption is that infrastructure will fail, how will that impact architectural decisions? When leveraging cloud-based infrastructure services from Amazon or Rackspace, this paradigm plays out well. If you lose the infrastructure, the application keeps humming away. Take out a data center, and users are still not impacted. Are we there yet? Nowhere close. But that is the direction we must take.


"Upgrading" Pair Programming
Pair Programming it is a highly effective practices, but the remaining question if has enough coverage to describe the needed cooperative work inside the team. Unfortunately, the practice name it is interpreted too literally, only for direct coding activities. Yes, Agile has restore the importance of the coding in the overall development, but let think a little: what is the meaning of “Programming” from XP name? In fact it is “Development”, where the effective programming/coding it is, of course, very important. An XP programmer it is, in fact, a multi-role developer involved also in planning, requirements, architecture, and design, coding and testing. A much better term could be then “Pair Development”.


Enterprise Cloud Architecture: 3 Questions You Should Ask to Determine the Right Approach
Looking to minimize capital expenditures and convert to an OpEx-based model? Then a third-party cloud solution should probably be part of your equation. Want to move to the cloud but constrained by data storage regulations? A private cloud solution or a public cloud offering that meets your compliance requirements might be more up your alley. Have some apps that would easily convert to the cloud, as well as other legacy apps that wouldn’t be quite so easy to virtualize? A hybrid approach could be the right answer. As with many things in life and in business, the answer to the cloud computing architecture question is, “It depends.”


Through microservices, a renewed push for simplicity and IT minimalism
So what are microservices, and is there anything new about them? It feels like deja vu all over again. Microservices are, in essence, finely grained services, deployed without middleware or brokers -- such as an enterprise service bus. There are shades of Jim Webber's "Guerrilla SOA," which he advocated a number of years back as a way to quickly build and deploy services for tactical quick hits. APIs and RESTful services also fit this mold. Gruman and Morrison suggest that MSA is all of these things, with an emphasis on taking a minimalist approach to services:


Service model driving cyber crime, says Europol report
"The inherently transnational nature of cyber crime, with its growing commercialisation and sophistication of attack capabilities, is the main trend identified in the IOCTA,” said Rob Wainwright, director or Europol. “It means issues concerning attribution, the abuse of legitimate services, and inadequate or inconsistent legislation are among the most important challenges facing law enforcement today," he said. EU home affairs commissioner Cecilia Malmström said the fact that almost anyone can become a cyber criminal is putting ever-increasing pressure on law enforcement authorities.


Report: Crime-as-a-Service tools and anonymization help any idiot be a cyber-criminal
Almost any idiot with malicious intentions can jump into the cybercrime arena thanks to 'Crime-as-a-Service' tools that lower the entry barriers into cybercrime; wannabe cyber-criminals who lack technical expertise can simply buy the tools and skills needed. In fact, “Crime-as-a-Service business models” and anonymization have helped many traditional organized crime groups move to cybercrime, according to the 2014 Internet Organized Crime Threat Assessment (iOCTA) published today.


Trust in cloud security at all-time low: Execs still betting on the cloud
BT says this trust drop (82 percent in the US, 76 percent globally) is "a substantial increase of 10 percent globally from previous research in 2012." With recent news of serious cloud security breaches, such as the Xen bug forcing Amazon to reboot its EC2 instances, and Xen making Rackspace do the same this weekend, plus consumer fears fanned by the "celebrity nudes iCloud hack" -- it's no wonder IT is losing its faith. But with cloud security trust as rock bottom, is enterprise IT nuts for putting its data security into cloud and SaaS?



Quote for the day:

“If we did all the things we were capable of, we would literally astound ourselves.” -- Thomas A. Edison