March 01, 2016

Create maps in R in 10 (fairly) easy steps

There are many options for mapping. If you do this kind of thing often or want to create a map with lots of slick bells and whistles, it could make more sense to learn GIS software like Esri's ArcGIS or open-source QGIS. If you care only about well-used geographic areas such as cities, counties or zip codes, software like Tableau and Microsoft Power BI may have easier interfaces. ... But there are also advantages to using R -- a language designed for data analysis and visualization. It's open source, which means you don't have to worry about ever losing access to (or paying for) your tools. All your data stays local if you want it to. It's fully command-line scripted end-to-end, making an easily repeatable process in a single platform from data input and re-formatting through final visualization.

Infrastructure As Code

Using code to define the server configuration means that there is greater consistency between servers. With manual provisioning different interpretations of imprecise instructions (let alone errors) lead to snowflakes with subtly different configurations, which often leads to tricky faults that are hard to debug. Such difficulties are often made worse by inconsistent monitoring, and again using code ensures that monitoring is consistent too. Most importantly using configuration code makes changes safer, allowing upgrades of applications and system software with less risk. Faults can be found and fixed more quickly and at worst changes can be reverted to the last working configuration. Having your infrastructure defined as version-controlled code aids with compliance and audit. Every change to your configuration can be logged and isn't susceptible to faulty record keeping.

The Hybrid Cloud: Your Cloud, Your Way

No matter where the journey begins, one of the first realizations is that there is no one particular solution or one particular answer in how to best utilize cloud solutions. The journey typically evolves over time and requires multiple clouds with a combination of both public, private and possibly managed clouds- resulting in a hybrid cloud end state. Before deciding on a cloud approach, it is important to understand all of the possibilities that cloud technologies provide, and agree on business initiatives, priorities, and desired results required to support your business needs and intended outcomes. The decision should not focus entirely on which type of cloud to deploy – private, public, managed or hybrid – but rather focus on delivering the right cloud or clouds, at the right cost, with the right characteristics (i.e. agility, costs, compliance, security) to achieve your business objectives.

Skyhigh Networks Unveils Industry’s First Cloud Security Reference Architecture

The Skyhigh Cloud Security Reference Architecture recognizes the complexity of today’s modern enterprises, where users are mobile and work from a variety of locations, both on premises and remote, using a variety of devices, both managed and unmanaged, to access thousands of cloud services, both IT sanctioned and unsanctioned. It also advises on which use cases and environments are best suited for the most common CASB deployment modes. “As the first CASB player in the market with the most number, scale, breadth, and maturity of CASB deployments, Skyhigh continues its quest to help organizations securely adopt cloud services,” said Rajiv Gupta, “We hope the reference architecture helps organizations cut through the noise so they can leverage the power of cloud services using the most advanced security technologies on the market, both existing and new.”

International regulators take an interest in crypto-currencies & the blockchain

“… distributed ledger technology has the potential to revolutionise financial services … However, … there are a lot of regulatory and consumer issues … to be discussed as the technology evolves. For example, how individuals gain access to a distributed network and who controls this process, [and] what data security exists for users … Innovation can be an iterative process … During … development, it’s crucial that innovators are allowed the space to develop their solutions. The FCA continues to monitor … this technology but is yet to take a stance … In the meantime, we continue to work with firms … to ensure consumer protections are being factored in during the development phase … We are particularly interested in exploring whether block chain technology can help firms meet know your customer or anti-money laundering requirements more efficiently and effectively.

Most software already has a “golden key” backdoor: the system update

From an attacker perspective, each capability has some advantages. The former allows for passively-collected encrypted communications and other surreptitiously obtained encrypted data to be decrypted. The latter can only be used when the necessary conditions exist for an active attack to be executed, but when those conditions exist it allows for much more than mere access to already-obtained-but-encrypted data. Any data on the device can be exfiltrated, including encryption keys and new data which can be collected from attached microphones, cameras, or other peripherals. Many software projects have only begun attempting to verify the authenticity of their updates in recent years. But even among projects that have been trying to do it for decades, most still have single points of devastating failure.

ATMZombie: banking trojan in Israeli waters

The Trojan is dropped into the victim machine and starts the unpacking process. Once unpacked it stores certificates in common browsers (Opera, Firefox) and modifies their configurations to match a Man-In-The-Middle attack. It eliminates all possible proxies other than the malware’s and changes cache permissions to read-only. It than continues by changing registry entries with Base64 encoded strings that contain a path to the auto-configuration content (i.e. traffic capture conditions using CAP file syntax) and installs its own signed certificate into the root folder. Later it waits for the victim to login to their bank account and steals their credentials, logs in using their name and exploits the SMS feature to send money to the ATMZombie.

Hybrid Cloud Versus Hybrid IT: What’s the Hype?

The difference between hybrid cloud and hybrid IT is more than just semantics. The hybrid cloud model is embraced by those entities and startups that don’t need to worry about past capital investments. These newer companies have more flexibility in exploring newer operational options. Mature businesses, on the other hand, need to manage the transition to cloud without throwing away their valuable current infrastructure. They also deal more with organizational change management issues and possible employee skill set challenges. The new, bimodal IT model is also a concern for these enterprises, Forbes reported. This is a tricky dilemma because both hybrid cloud and hybrid IT have been known to deliver some pretty significant advantages. Some of the biggest benefits of moving to an updated cloud or IT environment include:

Millions of OpenSSL secured websites at risk of new DROWN attack

According to the researchers who found the flaw, that could amount to as many as 11.5 million servers. How bad is DROWN really? Some of Alexa's leading web sites are vulnerable to DROWN-based man-in-the-middle attacks, including Yahoo, Sina, and Alibaba. Thanks to its popularity, the open-source OpenSSL is the most obvious target for DROWNing, but it's not the only one. Obsolete Microsoft Internet Information Services (IIS) versions 7 and earlier are vulnerable, and editions of Network Security Services (NSS), a common cryptographic library built into many server products prior to 2012's 3.13 version, are also open to attack. You can find out if your site is vulnerable using the DROWN attack test site.

Ten server deployment checklist considerations

A comprehensive server deployment checklist involves a lot more than buying adequate computing resources at an attractive price. It takes talented IT administrators and other personnel to source, acquire, prepare, install, configure, manage and support a fleet of servers -- whether in the tens, hundreds or thousands -- in a data center. The emphasis on reducing data center hardware footprints and lights-out operations can sometimes cause IT staff to overlook important issues. These top 10 logistical considerations should factor into every rack-and-stack server deployment checklist.

Quote for the day:

"And the little screaming fact that sounds through all history: repression works only to strengthen and knit the repressed." -- John Steinbeck