February 24, 2015

Technical Debt: A Repayment Plan
Just as how we plan to pay back known technical debt we can also build into our project plan a buffer with which to address bit rot each sprint. Though the specific tasks that fill this buffer may not be known at the time, having the buffer there gives us a dedicated space with which we can payback those unplanned issues such as bugs, minor refactorings that must be handled immediately, or small pieces of system maintenance that make themselves known as our codebase naturally ages and decays. But what about the larger issues that can’t be handled in a few hours of development time? Perhaps there are more systemic problems plaguing our system such as a failing infrastructure or aging architecture that no longer fits the shape of our business.


Many attackers lurk undetected for months, then pounce
One of the main problems is that attackers are moving away from using malware that can be quickly detected. Instead, they're stealing authentication credentials and using them to log into systems remotely. In that way, they look like legitimate users logging into systems, which becomes difficult to detect. In two of the largest payment card data breaches, affecting Target and Home Depot, attackers obtained credentials used by third-parties to access those retailers' networks, allowing them to gain a foothold that eventually enabled attacks on their point-of-sale systems.


Memory Deep Dive - Optimizing for Performance
The two primary measurements for performance in storage and memory are latency and throughput. Part 2 covered the relation between bandwidth and frequency. It is interesting to see how the memory components and the how the DIMMs are populated on the server board impact performance. Let’s use the same type of processor used in the previous example’s the Intel Xeon E5 2600 v2. The Haswell edition (v3) uses DDR4, which is covered in part 5. ... Populating the memory channels equally allows the CPU to leverage its multiple memory controllers. When all four channels are populated the CPU interleaves memory access across the multiple memory channels. This configuration has the largest impact on performance and especially on throughput.


Security is CIOs' worst nightmare
"Disaster recovery and continuity are two things you just can't cut from your budgets, and I feel they're some of the most underappreciated vendors we work with. So much of budget planning for these services comes down to trust between a CIO and a CEO and others in the C-suite. There must be open and honest communication between all the parties involved so when we go to other executives they understand the absolute necessity of these services, and that we as CIOs are accurately representing the risks involved if budgets must be cut," says Jones. Downtime is more than just an inconvenience, says Martha Poulter, CIO at Starwood Hotels, it can greatly impact an organization's capability to generate revenue and grow business in the long-term, too, especially in a market such as hospitality.


Reaping global business benefits from software-defined data center
Columbia Sportswear has been going through a global business transformation. We’ve been refreshing our enterprise resource planning (ERP). We had a green-field implementation of SAP. We just went live with North America in April of this year, and it was a very successful go-live. We’re 100 percent virtualized on VMware products and we’re looking to expand that into Asia and Europe as well. So, with our global business transformation, also comes our consumer experience, on the retail side as well as wholesale. IT is looking to deliver service to the business, so they can become more agile and focused on engineering better products and better design and get that out to the consumer.


How Businesses Can Avoid Legal Risks of Social Media Usage
Ford says employers should answer a few questions before implementing social media for business purposes: what is the platform, how does it work, and why am I using it? “Just because you can use social media doesn’t mean it is building business, so use it in a way to build your business.” After answering those questions, employers should create a social media policy that addresses two audiences: employees who work on social media for the company and general employees—complementing other company policies, such as those addressing harassment or ethics.


Q&A with Matthew Carver on The Responsive Web
Bandwidth and memory exist in a budget and in order to accomplish tasks you must spend that budget. Developers might over spend in those budgets for a myriad of reasons but it's not a valid reason to dismiss responsive design as a whole. That's just silly. There's this old saying "A shoddy carpenter blames his tools". Responsive design is a tool to solving the problem of device parity on the web. Device fragmentation is a reality on the web and just because responsive design isn't perfect doesn't mean it's worth abandoning.


Welcome to the Age of Constant Attack
The perspectives on how best to address cyber security threats have gone through their own evolution. Headlines suggest that in the case of a threat like DDoS the challenge is simply having enough capacity to handle volumetric attacks. We know from experience that it just isn’t that simple. What’s needed to solve the problem of DDoS is based on three core characteristics of attacks: number of vectors, volume of attack, and finally, duration of attack. Escalations of all three present their own unique challenges, and the best approach will be one that balances a focus on preparation and response.


Creating a Simple Collection Class
No matter what limited set of features you intend to provide, if you're building a collection there are some features that you must provide. At the very least, for example, your collection will need to support processing all of its items with a For…Each loop. In addition, it's very unusual a collection doesn't support retrieving individual items in the collection by position (an indexer). In practice, if you don't supply those two features, then developers might not regard what you've created as a collection at all.


Teen hacks car with $15 worth of parts
Markey's office issued a report on vehicle security and privacy earlier this month, noting that automakers are developing fleets with fully adopted wireless technologies like Bluetooth and wireless Internet access, but aren't addressing "the real possibilities of hacker infiltration into vehicle systems. "Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected," Markey, a member of the Commerce, Science and Transportation Committee, said in a statement. "We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21st century American drivers."



Quote for the day:

"Take time to deliberate; but when the time for action arrives, stop thinking and go in." -- Andrew Jackson